From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 22 Dec 2011 07:31:30 +0000 (-0700)
Subject: Polish: better debugs for IPFilter NAT
X-Git-Tag: SQUID_3_2_0_15~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32c590b3a309056b26bb16f1e6e6f4f7e1e10387;p=thirdparty%2Fsquid.git

Polish: better debugs for IPFilter NAT
---

diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc
index 07fecda031..30ebd5d9d5 100644
--- a/src/ip/Intercept.cc
+++ b/src/ip/Intercept.cc
@@ -184,28 +184,18 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen
 {
 #if IPF_TRANSPARENT  /* --enable-ipf-transparent */
 
-#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
-    struct ipfobj obj;
-#else
-    static int siocgnatl_cmd = SIOCGNATL & 0xff;
-#endif
     struct natlookup natLookup;
     static int natfd = -1;
     int x;
 
-#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
-
-    obj.ipfo_rev = IPFILTER_VERSION;
-    obj.ipfo_size = sizeof(natLookup);
-    obj.ipfo_ptr = &natLookup;
-    obj.ipfo_type = IPFOBJ_NATLOOKUP;
-    obj.ipfo_offset = 0;
-#endif
-
+    // all fields must be set to 0
+    memset(natLookup, 0, sizeof(natLookup));
+    // for NAT lookup set local and remote IP:port's
     natLookup.nl_inport = htons(newConn->local.GetPort());
     newConn->local.GetInAddr(natLookup.nl_inip);
     natLookup.nl_outport = htons(newConn->remote.GetPort());
     newConn->remote.GetInAddr(natLookup.nl_outip);
+    // ... and the TCP flag
     natLookup.nl_flags = IPN_TCP;
 
     if (natfd < 0) {
@@ -223,13 +213,20 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen
 
     if (natfd < 0) {
         if (!silent) {
-            debugs(89, DBG_IMPORTANT, HERE << "NAT open failed: " << xstrerror());
+            debugs(89, DBG_IMPORTANT, "IPF (IPFilter) NAT open failed: " << xstrerror());
             lastReported_ = squid_curtime;
             return false;
         }
     }
 
 #if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
+    struct ipfobj obj;
+    memset(&obj, 0, sizeof(obj));
+    obj.ipfo_rev = IPFILTER_VERSION;
+    obj.ipfo_size = sizeof(natLookup);
+    obj.ipfo_ptr = &natLookup;
+    obj.ipfo_type = IPFOBJ_NATLOOKUP;
+
     x = ioctl(natfd, SIOCGNATL, &obj);
 #else
     /*
@@ -239,6 +236,7 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen
     * put something in configure and use ifdefs here, but
     * this seems simpler.
     */
+    static int siocgnatl_cmd = SIOCGNATL & 0xff;
     if (63 == siocgnatl_cmd) {
         struct natlookup *nlp = &natLookup;
         x = ioctl(natfd, SIOCGNATL, &nlp);
@@ -250,7 +248,7 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen
     if (x < 0) {
         if (errno != ESRCH) {
             if (!silent) {
-                debugs(89, DBG_IMPORTANT, HERE << "NAT lookup failed: ioctl(SIOCGNATL)");
+                debugs(89, DBG_IMPORTANT, "IPF (IPFilter) NAT lookup failed: ioctl(SIOCGNATL) (v=" << IPFILTER_VERSION << "): " << xstrerror());
                 lastReported_ = squid_curtime;
             }