Re: /bzr/squid3/trunk/ r9985: Remove 'NAT' lookup restrictions from TPROXY lookups.

2009-09-18 Thread Amos Jeffries 

Henrik Nordstrom wrote:

fre 2009-09-18 klockan 18:35 +1200 skrev Amos Jeffries:


+/* NAT is only available in IPv6 */
+if ( !me.IsIPv4()   ) return -1;
+if ( !peer.IsIPv4() ) return -1;
+



Code & comment does not seem to match to me...

Regards
Henrik



LOL. Doh!

hanks.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
  Current Beta Squid 3.1.0.13

Hudson build is back to normal: 3.HEAD-amd64-CentOS-5.3 #101

2009-09-18 Thread noc 
See

Build failed in Hudson: 3.HEAD-amd64-CentOS-5.3 #100

2009-09-18 Thread noc 
See 

Changes:

[Henrik Nordstrom ] Author:  Philippe Lantin 

Bug #2624: Invalid response for IMS request

Squid forgot to verify the client provided If-Modified-Since when
seeing a 304 from upstream.

[Amos Jeffries ] Remove 'NAT' lookup restrictions from 
TPROXY lookups.

Now that TPROXY can do v6 we only need to protect the real NAT lookups
behind protocol family tests.

--
[...truncated 5802 lines...]
make[1]: Leaving directory 
`
make[1]: Entering directory 
`
Making uninstall in compat
make[2]: Entering directory 
`
make[2]: Nothing to be done for `uninstall'.
make[2]: Leaving directory 
`
Making uninstall in lib
make[2]: Entering directory 
`
make[3]: Entering directory 
`
make[3]: Nothing to be done for `uninstall-am'.
make[3]: Leaving directory 
`
make[2]: Leaving directory 
`
Making uninstall in snmplib
make[2]: Entering directory 
`
make[2]: Nothing to be done for `uninstall'.
make[2]: Leaving directory 
`
Making uninstall in scripts
make[2]: Entering directory 
`
 rm -f 
'
 rm -f 
'
make[2]: Leaving directory 
`
Making uninstall in src
make[2]: Entering directory 
`
Making uninstall in base
make[3]: Entering directory 
`
make[3]: Nothing to be done for `uninstall'.
make[3]: Leaving directory 
`
Making uninstall in acl
make[3]: Entering directory 
`
make[3]: Nothing to be done for `uninstall'.
make[3]: Leaving directory 
`
Making uninstall in fs
make[3]: Entering directory 
`
make[3]: Nothing to be done for `uninstall'.
make[3]: Leaving directory 
`
Making uninstall in repl
make[3]: Entering directory 
`
make[3]: Nothing to be done for `uninstall'.
make[3]: Leaving directory 
`
Making uninstall in auth
make[3]: Entering directory 
`
make[3]: Nothing to be done for `uninstall'.
make[3]: Leaving directory 
`
Making uninstall in ip
make[3]: Entering directory 
`
make[3]: Nothing to be done for `uninstall'.
make[3]: Leaving directory 
`

Re: /bzr/squid3/trunk/ r9985: Remove 'NAT' lookup restrictions from TPROXY lookups.

2009-09-18 Thread Henrik Nordstrom 
fre 2009-09-18 klockan 18:35 +1200 skrev Amos Jeffries:

> +/* NAT is only available in IPv6 */
> +if ( !me.IsIPv4()   ) return -1;
> +if ( !peer.IsIPv4() ) return -1;
> +


Code & comment does not seem to match to me...

Regards
Henrik

Re: myport and myip differences between Squid 2.7 and 3.1 when running in intercept mode

2009-09-18 Thread Henrik Nordstrom 
fre 2009-09-18 klockan 11:13 +1000 skrev James Brotchie:

> On Squid 2.7 the "intercepted" acl matches whilst in 3.1 it doesn't.

In 2.7 the myport and myip acls are very unreliable in interception
mode. Depends on the request received if these are the local endpoint or
the original destination enpoint..

> Digging deeper into the Squid 3.1 source it seems that if a http_port
> is set to intercept then the "me" member of ConnStateData, which is
> normally the proxy's ip and listening port, is replaced by the pre-NAT
> destination ip and port.

And in 2.7 it just sometimes are, i.e. when the original destnation is
required to resolve the request.

And on some OS:es it always are replaced, depends on how the original
destination information is given to Squid.

Regards
Henrik