------------------------------------------------------------
revno: 14092
revision-id: squid3@treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy
parent: squid3@treenet.co.nz-20160924223605-2xa0er35fx3dc8jg
fixes bugs: http://bugs.squid-cache.org/show_bug.cgi?id=4302 http://bugs.squid-cache.org/show_bug.cgi?id=2842
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-10-09 09:37:35 +1300
message:
  Bug 4302 pt2: IPFilter v5 transparent interception
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 03c7ec8b1506681d8b3889bf31ace737dd0271ad
# timestamp: 2016-10-08 20:51:07 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160924223605-\
#   2xa0er35fx3dc8jg
# 
# Begin patch
=== modified file 'src/ip/Intercept.cc'
--- src/ip/Intercept.cc	2016-04-12 06:52:39 +0000
+++ src/ip/Intercept.cc	2016-10-08 20:37:35 +0000
@@ -207,16 +207,21 @@
         debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
         warningLevel = (warningLevel + 1) % 10;
         return false;
+    }
+    newConn->local.getInAddr(natLookup.nl_inip);
+    newConn->remote.getInAddr(natLookup.nl_outip);
 #else
         natLookup.nl_v = 6;
+        newConn->local.getInAddr(natLookup.nl_inipaddr.in6);
+        newConn->remote.getInAddr(natLookup.nl_outipaddr.in6);
     } else {
         natLookup.nl_v = 4;
+        newConn->local.getInAddr(natLookup.nl_inipaddr.in4);
+        newConn->remote.getInAddr(natLookup.nl_outipaddr.in4);
+    }
 #endif
-    }
     natLookup.nl_inport = htons(newConn->local.port());
-    newConn->local.getInAddr(natLookup.nl_inip);
     natLookup.nl_outport = htons(newConn->remote.port());
-    newConn->remote.getInAddr(natLookup.nl_outip);
     // ... and the TCP flag
     natLookup.nl_flags = IPN_TCP;
 
@@ -281,7 +286,14 @@
         debugs(89, 9, HERE << "address: " << newConn);
         return false;
     } else {
+#if IPFILTER_VERSION < 5000003
         newConn->local = natLookup.nl_realip;
+#else
+        if (newConn->remote.isIPv6())
+            newConn->local = natLookup.nl_realipaddr.in6;
+        else
+            newConn->local = natLookup.nl_realipaddr.in4;
+#endif
         newConn->local.port(ntohs(natLookup.nl_realport));
         debugs(89, 5, HERE << "address NAT: " << newConn);
         return true;