From: Amos Jeffries Date: Sat, 8 Oct 2016 20:37:35 +0000 (+1300) Subject: Bug 4302 pt2: IPFilter v5 transparent interception X-Git-Tag: SQUID_3_5_22~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b9a3383af5662aef26a8621885edb4876f14c453;p=thirdparty%2Fsquid.git Bug 4302 pt2: IPFilter v5 transparent interception --- diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc index bbce67104b..c188752b45 100644 --- a/src/ip/Intercept.cc +++ b/src/ip/Intercept.cc @@ -207,16 +207,21 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); warningLevel = (warningLevel + 1) % 10; return false; + } + newConn->local.getInAddr(natLookup.nl_inip); + newConn->remote.getInAddr(natLookup.nl_outip); #else natLookup.nl_v = 6; + newConn->local.getInAddr(natLookup.nl_inipaddr.in6); + newConn->remote.getInAddr(natLookup.nl_outipaddr.in6); } else { natLookup.nl_v = 4; -#endif + newConn->local.getInAddr(natLookup.nl_inipaddr.in4); + newConn->remote.getInAddr(natLookup.nl_outipaddr.in4); } +#endif natLookup.nl_inport = htons(newConn->local.port()); - newConn->local.getInAddr(natLookup.nl_inip); natLookup.nl_outport = htons(newConn->remote.port()); - newConn->remote.getInAddr(natLookup.nl_outip); // ... and the TCP flag natLookup.nl_flags = IPN_TCP; @@ -281,7 +286,14 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen debugs(89, 9, HERE << "address: " << newConn); return false; } else { +#if IPFILTER_VERSION < 5000003 newConn->local = natLookup.nl_realip; +#else + if (newConn->remote.isIPv6()) + newConn->local = natLookup.nl_realipaddr.in6; + else + newConn->local = natLookup.nl_realipaddr.in4; +#endif newConn->local.port(ntohs(natLookup.nl_realport)); debugs(89, 5, HERE << "address NAT: " << newConn); return true;