.connects++;
+if(Config.onoff.tproxy && src != NULL && src->sin_addr.s_addr != 0 &&
+ ((ntohl(src->sin_addr.s_addr) >> 24) & 0xFF) != 0x7F)
+do_tproxy(sock, src, address);
+
x = connect(sock, (struct sockaddr *) address, sizeof(*address));
if (x < 0)
diff --fast -Ndpru squid-3.0.PRE4-20060727~/src/forward.cc
squid-3.0.PRE4-20060727/src/forward.cc
--- squid-3.0.PRE4-20060727~/src/forward.cc 2006-06-20 00:49:59.0
+0200
+++ squid-3.0.PRE4-20060727/src/forward.cc 2006-07-28 15:56:59.629577000
+0200
@@ -811,7 +811,7 @@ FwdState::connectStart()
else
hierarchyNote(&request->hier, fs->code, request->host);
-commConnectStart(fd, host, port, fwdConnectDoneWrapper, this);
+commConnectStart2(fd, host, port, fwdConnectDoneWrapper, this);
}
void
diff --fast -Ndpru squid-3.0.PRE4-20060727~/src/ip_tproxy.h
squid-3.0.PRE4-20060727/src/ip_tproxy.h
--- squid-3.0.PRE4-20060727~/src/ip_tproxy.h1970-01-01 01:00:00.0
+0100
+++ squid-3.0.PRE4-20060727/src/ip_tproxy.h 2006-07-28 15:56:59.639577000
+0200
@@ -0,0 +1,78 @@
+/*
+ * Transparent proxy support for Linux/iptables
+ *
+ * Copyright (c) 2002-2004 BalaBit IT Ltd.
+ * Author: Balzs Scheidler
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ */
+
+#ifndef _IP_TPROXY_H
+#define _IP_TPROXY_H
+
+#ifdef __KERNEL__
+#include
+#include
+#else
+#include
+#ifndef IP_RECVORIGADDRS
+#define IP_RECVORIGADDRS 11273
+#define IP_ORIGADDRS IP_RECVORIGADDRS
+struct in_origaddrs {
+struct in_addr ioa_srcaddr;
+struct in_addr ioa_dstaddr;
+unsigned short int ioa_srcport;
+unsigned short int ioa_dstport;
+};
+#endif
+#endif
+
+/*
+ * used in setsockopt(SOL_IP, IP_TPROXY) should not collide
+ * with values in
+ */
+
+#define IP_TPROXY 11274
+
+/* tproxy operations */
+enum {
+ TPROXY_VERSION = 0,
+ TPROXY_ASSIGN,
+ TPROXY_UNASSIGN,
+ TPROXY_QUERY,
+ TPROXY_FLAGS,
+ TPROXY_ALLOC,
+ TPROXY_CONNECT
+};
+
+/* bitfields in IP_TPROXY_FLAGS */
+#define ITP_CONNECT 0x0001
+#define ITP_LISTEN 0x0002
+#define ITP_ESTABLISHED 0x0004
+
+#define ITP_ONCE0x0001
+#define ITP_MARK0x0002
+#define ITP_APPLIED 0x0004
+#define ITP_UNIDIR 0x0008
+
+struct in_tproxy_addr{
+ struct in_addr faddr;
+ u_int16_t fport;
+};
+
+struct in_tproxy {
+ /* fixed part, should not change between versions */
+ u_int32_t op;
+ /* extensible part */
+ union _in_args {
+ u_int32_t version;
+ struct in_tproxy_addr addr;
+ u_int32_t flags;
+ } v;
+};
+
+#endif
+
diff --fast -Ndpru squid-3.0.PRE4-20060727~/src/protos.h
squid-3.0.PRE4-20060727/src/protos.h
--- squid-3.0.PRE4-20060727~/src/protos.h 2006-07-02 18:53:46.0
+0200
+++ squid-3.0.PRE4-20060727/src/protos.h2006-07-28 15:57:02.299577000
+0200
@@ -132,8 +132,10 @@ SQUIDCEXTERN void comm_reset_close(int f
SQUIDCEXTERN void comm_lingering_close(int fd);
#endif
SQUIDCEXTERN void commConnectStart(int fd, const char *, u_short, CNCB *, void
*);
+class FwdState;
+SQUIDCEXTERN void commConnectStart2(int, const char *, u_short, CNCB *,
FwdState *);
-SQUIDCEXTERN int comm_connect_addr(int sock, const struct sockaddr_in *);
+SQUIDCEXTERN int comm_connect_addr(int sock, const struct sockaddr_in *, const
struct sockaddr_in * = NULL);
SQUIDCEXTERN void comm_init(void);
SQUIDCEXTERN int comm_open(int, int, struct IN_ADDR, u_short port, int, const
char *note);
@@ -256,7 +258,6 @@ SQUIDCEXTERN void fqdncache_restart(void
SQUIDCEXTERN EVH fqdncache_purgelru;
SQUIDCEXTERN void fqdncacheAddEntryFromHosts(char *addr, wordlist * hostnames);
-class FwdState;
SQUIDCEXTERN void ftpStart(FwdState *);
SQUIDCEXTERN char *ftpUrlWith2f(const HttpRequest *);
diff --fast -Ndpru squid-3.0.PRE4-20060727~/src/structs.h
squid-3.0.PRE4-20060727/src/structs.h
--- squid-3.0.PRE4-20060727~/src/structs.h 2006-07-02 18:53:47.0
+0200
+++ squid-3.0.PRE4-20060727/src/structs.h 2006-07-28 15:57:02.309577000
+0200
@@ -559,6 +559,7 @@ struct _SquidConfig
int emailErrData;
int httpd_suppress_version_string;
int global_internal_static;
+int tproxy;
}
onoff;
#<>
Jan Engelhardt
--