Allow random outgoing ports and fix reset debugs

We only need to spoof the address. Set port so OS can randomly assign
a new one for use that will not clash with existing spoofs.

Also fix teh debug message on ResetFD failure to bind so we can see which
FD and which address:port were attempted when it failed.

diff --git a/src/IPInterception.cc b/src/IPInterception.cc
index 43cdd354042176315ff1bc01d1af307bb9a90781..c51a8e21abeb747ff30a45ce087d97c275a0e4d0 100644 (file)
--- a/src/IPInterception.cc
+++ b/src/IPInterception.cc
@@ -161,12 +161,13 @@ IPIntercept::NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, i
 
     /* Trust the user configured properly. If not no harm done.
      * We will simply attempt a bind outgoing on our own IP.
-     * Maybe a port clash which will show them the problem.
      */
-    return (fd_table[fd].flags.transparent ? 0 : -1);
-#else
-    return -1;
+    if(fd_table[fd].flags.transparent) {
+        dst.SetPort(0); // allow random outgoing port to prevent address clashes
+        return 0;
+    }
 #endif
+    return -1;
 }
 
 int

diff --git a/src/comm.cc b/src/comm.cc
index df6fca547382772ba8e1386831570f573b62370d..403f67cb01f0d9c83b9963d5bd016e7283a82314 100644 (file)
--- a/src/comm.cc
+++ b/src/comm.cc
@@ -1008,7 +1008,7 @@ ConnectStateData::commResetFD()
     F->local_addr.GetAddrInfo(AI);
 
     if (commBind(fd, *AI) != COMM_OK) {
-        debugs(5, 0, HERE << "bind: " << xstrerror());
+        debugs(5, DBG_CRITICAL, "WARNING: Reset of FD " << fd << " for " << F->local_addr << " failed to bind: " << xstrerror());
         F->local_addr.FreeAddrInfo(AI);
         return 0;
     }