Date: Mon, 16 Apr 2001 10:17:34 +0600 (YEKST) From: serg@tmn.ru To: FreeBSD-gnats-submit@freebsd.org Subject: ports/26607: squid-2.2(2.3) IPF_TRANSPARENT & ipfilter 3.4.x problems Message-ID: <200104160417.f3G4HXm29076@sv.tech.sibitex.tmn.ru>
next in thread | raw e-mail | index | archive | help
>Number: 26607
>Category: ports
>Synopsis: squid port don't work corretly when compiled with IPF_TRANSPARENT option
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Apr 15 21:20:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Sergey N. Voronkov
>Release: FreeBSD 4.3-RC i386
>Organization:
Sibitex
>Environment:
System: FreeBSD xxxxxxxxx 4.3-RC FreeBSD 4.3-RC #11: Thu Apr 12 22:04:01 YEKST 2001 serg@sv.tech.sibitex.tmn.ru:/usr/obj/usr/src/sys/SV i386
ports tree dated 2001-04-13
>Description:
ioctl interface has been changed in ipfilter 3.4.x, but it isn't
reflected in squid source tree.
>How-To-Repeat:
Compile squid22/squid23 port with IPF_TRANSPARENT enabled. Telnet to
running squid using redirection and type somthing like that:
$telnet -K www.freebsd.org 80
[....]
GET / HTTP/1.0
And you get "NAT lookup failed" message into your cache.log.
>Fix:
(Patch idea taken from ipfilter mailing list and oops sources)
squid-2.2.diff:
--- src/client_side.c.orig Mon Apr 16 09:39:26 2001
+++ src/client_side.c Mon Apr 16 09:51:08 2001
@@ -1938,6 +1938,7 @@
clientHttpRequest *http = NULL;
#if IPF_TRANSPARENT
struct natlookup natLookup;
+ natlookup_t *nlp = &natLookup;
static int natfd = -1;
#endif
@@ -2089,7 +2090,14 @@
xstrerror());
return parseHttpRequestAbort(conn, "error:nat-open-failed");
}
- if (ioctl(natfd, SIOCGNATL, &natLookup) < 0) {
+
+#define NEWSIOCGNATLCMD _IOWR('r', 63, struct natlookup *)
+ if ( SIOCGNATL == NEWSIOCGNATLCMD)
+ r = ioctl(natfd, SIOCGNATL, &nlp);
+ else
+ r = ioctl(natfd, SIOCGNATL, &natLookup);
+#undef NEWSIOCGNATLCMD
+ if ( r < 0 ) {
if (errno != ESRCH) {
debug(50, 1) ("parseHttpRequest: NAT lookup failed: ioctl(SIOCGNATL)\n");
close(natfd);
squid-2.3.diff:
--- src/client_side.c.orig Mon Apr 16 09:54:24 2001
+++ src/client_side.c Mon Apr 16 09:57:50 2001
@@ -2101,6 +2101,7 @@
clientHttpRequest *http = NULL;
#if IPF_TRANSPARENT
struct natlookup natLookup;
+ natlookup_t *nlp = &natLookup;
static int natfd = -1;
#endif
@@ -2263,7 +2264,14 @@
xstrerror());
return parseHttpRequestAbort(conn, "error:nat-open-failed");
}
- if (ioctl(natfd, SIOCGNATL, &natLookup) < 0) {
+
+#define NEWSIOCGNATLCMD _IOWR('r', 63, struct natlookup *)
+ if ( SIOCGNATL == NEWSIOCGNATLCMD)
+ r = ioctl(natfd, SIOCGNATL, &nlp);
+ else
+ r = ioctl(natfd, SIOCGNATL, &natLookup);
+#undef NEWSIOCGNATLCMD
+ if ( r < 0 ) {
if (errno != ESRCH) {
debug(50, 1) ("parseHttpRequest: NAT lookup failed: ioctl(SIOCGNATL)\n");
close(natfd);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104160417.f3G4HXm29076>