From 11298d0dfef134dec869139d680f72f773b404ac Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 18 Sep 2009 18:35:42 +1200
Subject: [PATCH] Remove 'NAT' lookup restrictions from TPROXY lookups.

Now that TPROXY can do v6 we only need to protect the real NAT lookups
behind protocol family tests.
---
 src/ip/IpIntercept.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ip/IpIntercept.cc b/src/ip/IpIntercept.cc
index 4bd3b8b156..604faa010d 100644
--- a/src/ip/IpIntercept.cc
+++ b/src/ip/IpIntercept.cc
@@ -369,9 +369,6 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
     client = me;
     dst = peer;
 
-    if ( !me.IsIPv4()   ) return -1;
-    if ( !peer.IsIPv4() ) return -1;
-
 #if 0
     // Crop interception errors down to one per minute.
     int silent = (squid_curtime - last_reported > 60 ? 0 : 1);
@@ -388,6 +385,10 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
         if ( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
     }
 
+    /* NAT is only available in IPv6 */
+    if ( !me.IsIPv4()   ) return -1;
+    if ( !peer.IsIPv4() ) return -1;
+
     if (intercept_active) {
         /* NAT methods that use sock-opts to return client address */
         if ( NetfilterInterception(fd, me, client, silent) == 0) return 0;
-- 
2.47.3