File 10817.patch of Package squid-beta

---------------------
PatchSet 10817 
Date: 2007/05/20 04:22:43
Author: adrian
Branch: HEAD
Tag: (none) 
Log:

Implement FreeBSD ipfw based ip transparent interception using
the getsockname() syscall. This returns the original destination
IP rather than the local server IP.

This behaviour existed in Squid-2 in the past; but was removed for some
reason.

Members: 
	configure.in:1.454->1.455 
	include/autoconf.h.in:1.167->1.168 
	src/IPInterception.cc:1.16->1.17 

Index: squid3/configure.in
===================================================================
RCS file: /cvsroot/squid/squid3/configure.in,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -r1.454 -r1.455
--- squid3/configure.in	13 May 2007 10:57:41 -0000	1.454
+++ squid3/configure.in	20 May 2007 04:22:43 -0000	1.455
@@ -1140,6 +1140,18 @@
     AC_DEFINE(HTTP_VIOLATIONS, 0)
 fi
 
+dnl Enable IPFW Transparent Proxy
+AC_ARG_ENABLE(ipfw-transparent,
+[  --enable-ipfw-transparent
+                          Enable Transparent Proxy support for systems
+                          using FreeBSD IPFW style redirection.],
+[ if test "$enableval" = "yes" ; then
+	echo "IPFW Transparent Proxy enabled"
+	AC_DEFINE(IPFW_TRANSPARENT,1,[Enable support for Transparent Proxy on systems using FreeBSD IPFW address redirection.])
+	IPFW_TRANSPARENT="yes"
+  fi
+])
+
 dnl Enable IP-Filter Transparent Proxy
 AC_ARG_ENABLE(ipf-transparent,
 [  --enable-ipf-transparent
Index: squid3/include/autoconf.h.in
===================================================================
RCS file: /cvsroot/squid/squid3/include/autoconf.h.in,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- squid3/include/autoconf.h.in	15 Apr 2007 14:49:55 -0000	1.167
+++ squid3/include/autoconf.h.in	20 May 2007 04:22:44 -0000	1.168
@@ -725,6 +725,10 @@
 /* Enable ICAP client features in Squid */
 #undef ICAP_CLIENT
 
+/* Enable support for Transparent Proxy on systems using FreeBSD IPFW address
+   redirection. */
+#undef IPFW_TRANSPARENT
+
 /* Enable support for Transparent Proxy on systems using IP-Filter address
    redirection. This provides "masquerading" support for non Linux system. */
 #undef IPF_TRANSPARENT
Index: squid3/src/IPInterception.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/IPInterception.cc,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- squid3/src/IPInterception.cc	28 Apr 2007 22:26:37 -0000	1.16
+++ squid3/src/IPInterception.cc	20 May 2007 04:22:45 -0000	1.17
@@ -1,6 +1,6 @@
 
 /*
- * $Id: IPInterception.cc,v 1.16 2007/04/28 22:26:37 hno Exp $
+ * $Id: IPInterception.cc,v 1.17 2007/05/20 04:22:45 adrian Exp $
  *
  * DEBUG: section 89    NAT / IP Interception 
  * AUTHOR: Robert Collins
@@ -282,14 +282,29 @@
     }
 }
 
-#else
+#elif IPFW_TRANSPARENT
 int
-
 clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct sockaddr_in *dst)
 {
-    debugs(89, 1, "WARNING: transparent proxying not supported");
-    return -1;
+	int ret;
+	struct sockaddr_in s;
+	int slen = sizeof(struct sockaddr_in);
+
+	ret = getsockname(fd, (struct sockaddr *) &s, (socklen_t * )&slen);
+	if (ret < 0) {
+		debugs(89, 1, "clientNatLookup: getpeername failed (fd " << fd << "), errstr " << xstrerror());
+		return -1;
+	}
+	*dst = s;
+	return 0;
 }
 
+#else
+int
+clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct sockaddr_in *dst)
+{
+	debugs(89, 1, "WARNING: transparent proxying not supported");
+	return -1;
+}
 #endif