Bug 4302: IPFilter v5 transparent interception

author Amos Jeffries <squid3@treenet.co.nz>

Thu, 20 Aug 2015 13:48:55 +0000 (06:48 -0700)

committer Amos Jeffries <squid3@treenet.co.nz>

Thu, 20 Aug 2015 13:48:55 +0000 (06:48 -0700)
author Amos Jeffries <squid3@treenet.co.nz>
Thu, 20 Aug 2015 13:48:55 +0000 (06:48 -0700)
committer Amos Jeffries <squid3@treenet.co.nz>
Thu, 20 Aug 2015 13:48:55 +0000 (06:48 -0700)
diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc

index 795f83f474a2cc16cf1579f0422f0f9f4eae0812..f7ececf19685e73906d5a0803ed6962ac519ded2 100644 (file)
--- a/src/ip/Intercept.cc
+++ b/src/ip/Intercept.cc
@@ -200,6 +200,19 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen
      // all fields must be set to 0
      memset(&natLookup, 0, sizeof(natLookup));
      // for NAT lookup set local and remote IP:port's
+    if (newConn->remote.isIPv6()) {
+#if IPFILTER_VERSION < 5000003
+        // warn once every 10 at critical level, then push down a level each repeated event
+        static int warningLevel = DBG_CRITICAL;
+        debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
+        warningLevel = ++warningLevel % 10;
+        return false;
+#else
+        natLookup.nl_v = 6;
+    } else {
+        natLookup.nl_v = 4;
+#endif
+    }
      natLookup.nl_inport = htons(newConn->local.port());
      newConn->local.getInAddr(natLookup.nl_inip);
      natLookup.nl_outport = htons(newConn->remote.port());
author	Amos Jeffries <squid3@treenet.co.nz>
	Thu, 20 Aug 2015 13:48:55 +0000 (06:48 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Thu, 20 Aug 2015 13:48:55 +0000 (06:48 -0700)