File 10817.patch of Package squid-beta
---------------------
PatchSet 10817
Date: 2007/05/20 04:22:43
Author: adrian
Branch: HEAD
Tag: (none)
Log:
Implement FreeBSD ipfw based ip transparent interception using
the getsockname() syscall. This returns the original destination
IP rather than the local server IP.
This behaviour existed in Squid-2 in the past; but was removed for some
reason.
Members:
configure.in:1.454->1.455
include/autoconf.h.in:1.167->1.168
src/IPInterception.cc:1.16->1.17
Index: squid3/configure.in
===================================================================
RCS file: /cvsroot/squid/squid3/configure.in,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -r1.454 -r1.455
--- squid3/configure.in 13 May 2007 10:57:41 -0000 1.454
+++ squid3/configure.in 20 May 2007 04:22:43 -0000 1.455
@@ -1140,6 +1140,18 @@
AC_DEFINE(HTTP_VIOLATIONS, 0)
fi
+dnl Enable IPFW Transparent Proxy
+AC_ARG_ENABLE(ipfw-transparent,
+[ --enable-ipfw-transparent
+ Enable Transparent Proxy support for systems
+ using FreeBSD IPFW style redirection.],
+[ if test "$enableval" = "yes" ; then
+ echo "IPFW Transparent Proxy enabled"
+ AC_DEFINE(IPFW_TRANSPARENT,1,[Enable support for Transparent Proxy on systems using FreeBSD IPFW address redirection.])
+ IPFW_TRANSPARENT="yes"
+ fi
+])
+
dnl Enable IP-Filter Transparent Proxy
AC_ARG_ENABLE(ipf-transparent,
[ --enable-ipf-transparent
Index: squid3/include/autoconf.h.in
===================================================================
RCS file: /cvsroot/squid/squid3/include/autoconf.h.in,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- squid3/include/autoconf.h.in 15 Apr 2007 14:49:55 -0000 1.167
+++ squid3/include/autoconf.h.in 20 May 2007 04:22:44 -0000 1.168
@@ -725,6 +725,10 @@
/* Enable ICAP client features in Squid */
#undef ICAP_CLIENT
+/* Enable support for Transparent Proxy on systems using FreeBSD IPFW address
+ redirection. */
+#undef IPFW_TRANSPARENT
+
/* Enable support for Transparent Proxy on systems using IP-Filter address
redirection. This provides "masquerading" support for non Linux system. */
#undef IPF_TRANSPARENT
Index: squid3/src/IPInterception.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/IPInterception.cc,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- squid3/src/IPInterception.cc 28 Apr 2007 22:26:37 -0000 1.16
+++ squid3/src/IPInterception.cc 20 May 2007 04:22:45 -0000 1.17
@@ -1,6 +1,6 @@
/*
- * $Id: IPInterception.cc,v 1.16 2007/04/28 22:26:37 hno Exp $
+ * $Id: IPInterception.cc,v 1.17 2007/05/20 04:22:45 adrian Exp $
*
* DEBUG: section 89 NAT / IP Interception
* AUTHOR: Robert Collins
@@ -282,14 +282,29 @@
}
}
-#else
+#elif IPFW_TRANSPARENT
int
-
clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct sockaddr_in *dst)
{
- debugs(89, 1, "WARNING: transparent proxying not supported");
- return -1;
+ int ret;
+ struct sockaddr_in s;
+ int slen = sizeof(struct sockaddr_in);
+
+ ret = getsockname(fd, (struct sockaddr *) &s, (socklen_t * )&slen);
+ if (ret < 0) {
+ debugs(89, 1, "clientNatLookup: getpeername failed (fd " << fd << "), errstr " << xstrerror());
+ return -1;
+ }
+ *dst = s;
+ return 0;
}
+#else
+int
+clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct sockaddr_in *dst)
+{
+ debugs(89, 1, "WARNING: transparent proxying not supported");
+ return -1;
+}
#endif
