Re: cvs commit: squid/src client_side.c

In message <20050613223233.12642.qmail@squid-cache.org>
        on 13 Jun 2005 22:32:33 -0000,
        hno@squid-cache.org wrote:
> hno 2005/06/13 16:32:33 MDT
>
> Modified files: (Branch: SQUID_2_5)
> src client_side.c
> Log:
> Bug #1313: Core dump with STABLE10 and --ipf-transparent-proxy with
> FreeBSD 5.3 /5.4
>
> This corrects a crash if built with --ipf-transparent-proxy and opening
> the NAT device failed.
This problem existed on NetBSD, too. And there are some patches to
fix really --ipf-transparent-proxy support with IP Filter 4.x.

Attached patch includes a little more than theses changes and
essential changes are:

configure: check existence of <netinet/ipl.h>; this header should be
           installed IP Filter 4.0alpha27 and later.

include/autoconf.h.in: Add HAVE_NETINET_IPL_H.

src/client_side.c:
        - Include <netinet/ipl.h> if it exists.
        - Use ipfobj structure for IP Filter 4.0alpha27 and later.

Best regards.

-- 
Takahiro Kambe <taca@back-street.net>
----------------------------------------------------------------
$NetBSD: patch-an,v 1.7 2005/06/07 14:19:10 taca Exp $
--- configure.in.orig	2005-05-17 07:41:14.000000000 +0900
+++ configure.in
@@ -493,7 +493,7 @@ AC_ARG_ENABLE(snmp,
 [ if test "$enableval" = "yes" ; then
     echo "SNMP monitoring enabled"
     AC_DEFINE(SQUID_SNMP)
-    SNMPLIB='-L../snmplib -lsnmp'
+    SNMPLIB='../snmplib/libsnmp.a'
     AM_CONDITIONAL(USE_SNMP, true)
     SNMP_MAKEFILE=./snmplib/Makefile
     makesnmplib=snmplib
@@ -1282,6 +1282,7 @@ AC_CHECK_HEADERS( \
 	libc.h \
 	limits.h \
 	linux/netfilter_ipv4.h \
+	machine/byte_swap.h \
 	malloc.h \
 	math.h \
 	memory.h \
@@ -1296,6 +1297,7 @@ AC_CHECK_HEADERS( \
 	netinet/ip_fil_compat.h \
 	netinet/ip_fil.h \
 	netinet/ip_nat.h \
+	netinet/ipl.h \
 	openssl/err.h \
 	openssl/md5.h \
 	openssl/ssl.h \
@@ -1507,8 +1509,17 @@ AC_CHECK_TYPE(pid_t, int)
 AC_CHECK_TYPE(size_t, unsigned int)
 AC_CHECK_TYPE(ssize_t, int)
 AC_CHECK_TYPE(off_t, int)
-AC_CHECK_TYPE(mode_t, u_short)
-AC_CHECK_TYPE(fd_mask, int)
+AC_CHECK_TYPE(mode_t, unsigned short)
+
+dnl Check for type fd_mask
+AC_CACHE_CHECK(for fd_set,ac_cv_have_fd_mask, [
+  AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/unistd.h>],
+    [fd_mask fds;],
+    ac_cv_have_fd_mask="yes",
+    ac_cv_have_fd_mask="no")
+])
 
 AC_CHECK_SIZEOF_SYSTYPE(off_t, 4)
 AC_CHECK_SIZEOF_SYSTYPE(size_t, 4)
@@ -1716,8 +1727,8 @@ if test "$GCC" = "yes"; then
 	GCCVER=`$CC -v 2>&1 | awk '$2 ==  "version" {print $3}'`
 	case "$GCCVER" in
 	[2.95.[123]])
-		echo "Removing -O for gcc on $host with GCC $GCCVER"
-		CFLAGS="`echo $CFLAGS | sed -e 's/-O[[0-9]]*//'`"
+		echo "Making -O\[[2-9\]] to -O for gcc on $host with GCC $GCCVER"
+		CFLAGS="`echo $CFLAGS | sed -e 's/-O[[0-9]]*/-O/'`"
 		;;
 	esac
 fi
----------------------------------------------------------------
$NetBSD: patch-bb,v 1.6 2005/06/07 14:19:10 taca Exp $
--- include/autoconf.h.in.orig	2005-04-23 10:32:27.000000000 +0900
+++ include/autoconf.h.in
@@ -665,6 +665,9 @@
 /* Define if you have the <linux/netfilter_ipv4.h> header file.  */
 #undef HAVE_LINUX_NETFILTER_IPV4_H
 
+/* Define if you have the <machine/byte_swap.h> header file.  */
+#undef HAVE_MACHINE_BYTE_SWAP_H
+
 /* Define if you have the <malloc.h> header file.  */
 #undef HAVE_MALLOC_H
 
@@ -707,6 +710,9 @@
 /* Define if you have the <netinet/ip_nat.h> header file.  */
 #undef HAVE_NETINET_IP_NAT_H
 
+/* Define if you have the <netinet/ipl.h> header file.  */
+#undef HAVE_NETINET_IPL_H
+
 /* Define if you have the <netinet/tcp.h> header file.  */
 #undef HAVE_NETINET_TCP_H
 
----------------------------------------------------------------
$NetBSD: patch-cd,v 1.9 2005/06/07 14:19:10 taca Exp $
--- src/client_side.c.orig	2005-04-21 06:46:06.000000000 +0900
+++ src/client_side.c
@@ -41,6 +41,9 @@
 #endif
 #include <netinet/tcp.h>
 #include <net/if.h>
+#if HAVE_NETINET_IPL_H
+#include <netinet/ipl.h>
+#endif
 #if HAVE_IP_FIL_COMPAT_H
 #include <ip_fil_compat.h>
 #elif HAVE_NETINET_IP_FIL_COMPAT_H
@@ -2589,6 +2592,9 @@ parseHttpRequest(ConnStateData * conn, m
     static int natfd = -1;
     static int siocgnatl_cmd = SIOCGNATL & 0xff;
     int x;
+#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
+    struct ipfobj obj;
+#endif
 #endif
 #if PF_TRANSPARENT
     struct pfioc_natlook nl;
@@ -2731,6 +2737,13 @@ parseHttpRequest(ConnStateData * conn, m
 	int vport;
 	if (vhost_mode) {
 #if IPF_TRANSPARENT
+#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
+	    obj.ipfo_rev = IPFILTER_VERSION;
+	    obj.ipfo_size = sizeof(natLookup);
+	    obj.ipfo_ptr = &natLookup;
+	    obj.ipfo_type = IPFOBJ_NATLOOKUP;
+	    obj.ipfo_offset = 0;
+#endif
 	    natLookup.nl_inport = http->conn->me.sin_port;
 	    natLookup.nl_outport = http->conn->peer.sin_port;
 	    natLookup.nl_inip = http->conn->me.sin_addr;
@@ -2739,8 +2752,8 @@ parseHttpRequest(ConnStateData * conn, m
 	    if (natfd < 0) {
 		int save_errno;
 		enter_suid();
-#ifdef IPL_NAME
-		natfd = open(IPL_NAME, O_RDONLY, 0);
+#ifdef IPNAT_NAME
+		natfd = open(IPNAT_NAME, O_RDONLY, 0);
 #else
 		natfd = open(IPL_NAT, O_RDONLY, 0);
 #endif
@@ -2756,6 +2769,9 @@ parseHttpRequest(ConnStateData * conn, m
 		cbdataFree(http);
 		xfree(inbuf);
 	    } else {
+#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
+		x = ioctl(natfd, SIOCGNATL, &obj);
+#else
 		/*
 		 * IP-Filter changed the type for SIOCGNATL between
 		 * 3.3 and 3.4.  It also changed the cmd value for
@@ -2769,6 +2785,7 @@ parseHttpRequest(ConnStateData * conn, m
 		} else {
 		    x = ioctl(natfd, SIOCGNATL, &natLookup);
 		}
+#endif
 		if (x < 0) {
 		    if (errno != ESRCH) {
 			debug(50, 1) ("parseHttpRequest: NAT lookup failed: ioctl(SIOCGNATL)\n");