cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
670c14f805
openbsd-ports/www/squid/patches/patch-src_client_side_c
brad 53133d4b10 upgrade to Squid 2.5.PRE4 
- The port now runs as uid/gid of nobody:nobody instead of www:www
- This needs some testing, especially the transparent proxy support for PF
2002-02-20 01:17:03 +00:00

69 lines
2.0 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-src_client_side_c,v 1.1 2002/02/20 01:17:03 brad Exp $
--- src/client_side.c.orig Wed Feb 6 20:36:22 2002
+++ src/client_side.c Wed Feb 6 21:07:26 2002
@@ -62,6 +62,16 @@
#endif
#endif
+#if PF_TRANSPARENT
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/fcntl.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <net/pfvar.h>
+#endif
+
#if LINUX_NETFILTER
#include <linux/netfilter_ipv4.h>
#endif
@@ -2438,6 +2448,10 @@ parseHttpRequest(ConnStateData * conn, m
static int siocgnatl_cmd = SIOCGNATL & 0xff;
int x;
#endif
+#if PF_TRANSPARENT
+ struct pfioc_natlook nl;
+ static int pffd = -1;
+#endif
#if LINUX_NETFILTER
size_t sock_sz = sizeof(conn->me);
#endif
@@ -2668,6 +2682,36 @@ parseHttpRequest(ConnStateData * conn, m
inet_ntoa(natLookup.nl_realip),
vport, url);
}
+#elif PF_TRANSPARENT
+ if (pffd < 0)
+ pffd = open("/dev/pf", O_RDWR);
+ if (pffd < 0) {
+ debug(50, 1) ("parseHttpRequest: PF open failed: %s\n",
+ xstrerror());
+ return parseHttpRequestAbort(conn, "error:pf-open-failed");
+ }
+ memset(&nl, 0, sizeof(struct pfioc_natlook));
+ nl.saddr.v4.s_addr = http->conn->peer.sin_addr.s_addr;
+ nl.sport = http->conn->peer.sin_port;
+ nl.daddr.v4.s_addr = http->conn->me.sin_addr.s_addr;
+ nl.dport = http->conn->me.sin_port;
+ nl.af = AF_INET;
+ nl.proto = IPPROTO_TCP;
+ nl.direction = PF_OUT;
+ if (ioctl(pffd, DIOCNATLOOK, &nl)) {
+ if (errno != ENOENT) {
+ debug(50, 1) ("parseHttpRequest: PF lookup failed: ioctl(DIOCNATLOOK)\n");
+ close(pffd);
+ pffd = -1;
+ return parseHttpRequestAbort(conn, "error:pf-lookup-failed");
+ } else
+ snprintf(http->uri, url_sz, "http://%s:%d%s",
+ inet_ntoa(http->conn->me.sin_addr),
+ vport, url);
+ } else
+ snprintf(http->uri, url_sz, "http://%s:%d%s",
+ inet_ntoa(nl.rdaddr.v4),
+ ntohs(nl.rdport), url);
#else
#if LINUX_NETFILTER
/* If the call fails the address structure will be unchanged */
Reference in New Issue View Git Blame Copy Permalink