From b2fb6c8a7608bbdab04cd51d0315cc3d1f32e996 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 16 Aug 2015 00:56:20 -0700
Subject: [PATCH] Bug 4302: IPFilter v5 transparent interception

---
 src/ip/Intercept.cc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc
index 9e5f188005..1cd5ceac3b 100644
--- a/src/ip/Intercept.cc
+++ b/src/ip/Intercept.cc
@@ -200,6 +200,19 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen
     // all fields must be set to 0
     memset(&natLookup, 0, sizeof(natLookup));
     // for NAT lookup set local and remote IP:port's
+    if (newConn->remote.isIPv6()) {
+#if IPFILTER_VERSION < 5000003
+        // warn once every 10 at critical level, then push down a level each repeated event
+        static int warningLevel = DBG_CRITICAL;
+        debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
+        warningLevel = ++warningLevel % 10;
+        return false;
+#else
+        natLookup.nl_v = 6;
+    } else {
+        natLookup.nl_v = 4;
+#endif
+    }
     natLookup.nl_inport = htons(newConn->local.port());
     newConn->local.getInAddr(natLookup.nl_inip);
     natLookup.nl_outport = htons(newConn->remote.port());
-- 
2.47.3