From: Amos Jeffries Date: Mon, 15 Sep 2008 15:58:29 +0000 (+1200) Subject: TPROXY lookup experiment X-Git-Tag: SQUID_3_1_0_1~49^2~18^2~9 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=891de1fe1fba579cf3602e487b653c1199cfb3eb;p=thirdparty%2Fsquid.git TPROXY lookup experiment Plus compile errors. --- diff --git a/src/IPInterception.cc b/src/IPInterception.cc index 4787e05bd3..4a8031f41f 100644 --- a/src/IPInterception.cc +++ b/src/IPInterception.cc @@ -158,69 +158,26 @@ int IPIntercept::NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent) { #if LINUX_NETFILTER - struct addrinfo *lookup = NULL; - - if( ! fd_table[fd].flags.transparent) return -1; - - dst.GetAddrInfo(lookup,AF_INET); /** \par * Try lookup for TPROXY targets. BUT, only if the FD is flagged for transparent operations. */ - if(getsockopt(fd, SOL_IP, IP_TRANSPARENT, lookup->ai_addr, &lookup->ai_addrlen) != 0) { + if(getsockopt(fd, SOL_IP, IP_TRANSPARENT, NULL, 0) != 0) { if(!silent) { debugs(89, DBG_IMPORTANT, HERE << " NF getsockopt(IP_TRANSPARENT) failed on FD " << fd << ": " << xstrerror()); last_reported = squid_curtime; } + return -1; } else { - dst = *lookup; - } - - dst.FreeAddrInfo(lookup); - - if(me != dst) { - debugs(89, 5, HERE << "address: " << dst); - return 0; - } - - debugs(89, 9, HERE << "address: me= " << me << ", dst= " << dst); -#endif - return -1; -} - -int -IPIntercept::IPFWInterception(int fd, const IPAddress &me, IPAddress &dst, int silent) -{ -#if IPFW_TRANSPARENT - struct addrinfo *lookup = NULL; - - dst.GetAddrInfo(lookup,AF_INET); - - /** \par - * Try lookup for IPFW interception. */ - if( getsockname(fd, lookup->ai_addr, &lookup->ai_addrlen) != 0 ) { - if( !silent ) { - debugs(89, DBG_IMPORTANT, HERE << " IPFW getsockname(...) failed on FD " << fd << ": " << xstrerror()); - last_reported = squid_curtime; - } - } - else { - dst = *lookup; - } - - dst.FreeAddrInfo(lookup); - - if(me != dst) { - debugs(89, 5, HERE << "address: " << dst); + // mark the socket for preservation of IP_TRANSPARENT + fd_table[fd].flags.transparent = 1; return 0; } - debugs(89, 9, HERE << "address: me= " << me << ", dst= " << dst); #endif return -1; } - // TODO split this one call into one per transparency method // with specific switching at run-time ?? @@ -355,11 +312,6 @@ IPIntercept::NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAdd #endif if(intercept_active) { - -#if TO_SILENCE_ALL_NAT_IF_TPROXY_IS_RUNNING - silent |= fd_table[fd].flags.transparent; -#endif - if( NetfilterInterception(fd, me, dst, silent) == 0) return 0; if( IPFWInterception(fd, me, dst, silent) == 0) return 0; } diff --git a/src/client_side.cc b/src/client_side.cc index 9df6382588..a27f6676b1 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -2016,8 +2016,8 @@ parseHttpRequest(ConnStateData *conn, HttpParser *hp, HttpRequestMethod * method */ if (conn->transparent()) { /* intercept or transparent mode, properly working with no failures */ - http->flags.intercepted = conn->port.flags.intercepted; - http->flags.spoof_client_ip = conn->port.flags.spoof_client_ip; + http->flags.intercepted = conn->port->intercepted; + http->flags.spoof_client_ip = conn->port->spoof_client_ip; prepareTransparentURL(conn, http, url, req_hdr); } else if (conn->port->intercepted || conn->port->spoof_client_ip) { diff --git a/src/comm.cc b/src/comm.cc index 3652667ac4..f640948943 100644 --- a/src/comm.cc +++ b/src/comm.cc @@ -1401,11 +1401,14 @@ comm_old_accept(int fd, ConnectionDetail &details) commSetNonBlocking(sock); +#if 0 +// AYJ: 2008-09-16 - might be a bad idea to pass this down from here. +// if KK is right, this flag should be set on successful NatLookup + if(fd_table[fd].flags.transparent == 1) { - /* AYJ: do we actually need to set this again on every accept? */ - //comm_set_transparent(sock); F->flags.transparent = 1; } +#endif PROF_stop(comm_accept); return sock;