From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 20 Sep 2008 05:17:55 +0000 (+1200)
Subject: Allow random outgoing ports and fix reset debugs
X-Git-Tag: SQUID_3_1_0_1~49^2~18^2~3
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=68d57d849b54fddb6a236a5ebcf2a209ebf574ed;p=thirdparty%2Fsquid.git

Allow random outgoing ports and fix reset debugs

We only need to spoof the address. Set port so OS can randomly assign
a new one for use that will not clash with existing spoofs.

Also fix teh debug message on ResetFD failure to bind so we can see which
FD and which address:port were attempted when it failed.
---

diff --git a/src/IPInterception.cc b/src/IPInterception.cc
index 43cdd35404..c51a8e21ab 100644
--- a/src/IPInterception.cc
+++ b/src/IPInterception.cc
@@ -161,12 +161,13 @@ IPIntercept::NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, i
 
     /* Trust the user configured properly. If not no harm done.
      * We will simply attempt a bind outgoing on our own IP.
-     * Maybe a port clash which will show them the problem.
      */
-    return (fd_table[fd].flags.transparent ? 0 : -1);
-#else
-    return -1;
+    if(fd_table[fd].flags.transparent) {
+        dst.SetPort(0); // allow random outgoing port to prevent address clashes
+        return 0;
+    }
 #endif
+    return -1;
 }
 
 int
diff --git a/src/comm.cc b/src/comm.cc
index df6fca5473..403f67cb01 100644
--- a/src/comm.cc
+++ b/src/comm.cc
@@ -1008,7 +1008,7 @@ ConnectStateData::commResetFD()
     F->local_addr.GetAddrInfo(AI);
 
     if (commBind(fd, *AI) != COMM_OK) {
-        debugs(5, 0, HERE << "bind: " << xstrerror());
+        debugs(5, DBG_CRITICAL, "WARNING: Reset of FD " << fd << " for " << F->local_addr << " failed to bind: " << xstrerror());
         F->local_addr.FreeAddrInfo(AI);
         return 0;
     }