Index: src/client_side.c =================================================================== RCS file: /server/cvs-server/squid/squid/src/client_side.c,v retrieving revision 1.714 diff -u -r1.714 client_side.c --- src/client_side.c 12 Mar 2007 21:56:55 -0000 1.714 +++ src/client_side.c 13 Mar 2007 02:44:08 -0000 @@ -3415,8 +3415,32 @@ /* Parse the request line */ ret = httpMsgParseRequestLine(hmsg); - if (ret == -1) - return parseHttpRequestAbort(conn, "error:invalid-request"); + if (ret == -1) { + /* If this is a transparent request that has been natted, try converting + it to a CONNECT request */ + if(conn->port->transparent && clientNatLookup(conn) == 0) { + conn->transparent = 1; + + /* Create a dummy URL for the connect request */ + snprintf(url,MAX_URL-1,"%s:80",inet_ntoa(conn->me.sin_addr)); + + http = cbdataAlloc(clientHttpRequest); + http->conn = conn; + http->start = current_time; + http->req_sz = conn->in.offset; + http->uri = xstrdup(url); + http->range_iter.boundary = StringNull; + httpBuildVersion(&http->http_ver, 1, 0); + dlinkAdd(http, &http->active, &ClientActiveRequests); + + *method_p = METHOD_CONNECT; + *status = 0; + + return http; + } else { + return parseHttpRequestAbort(conn, "error:invalid-request"); + } + } if (ret == 0) { debug(33, 5) ("Incomplete request, waiting for end of request line\n"); *status = 0; Index: src/ssl.c =================================================================== RCS file: /server/cvs-server/squid/squid/src/ssl.c,v retrieving revision 1.136 diff -u -r1.136 ssl.c --- src/ssl.c 2 Feb 2007 12:22:16 -0000 1.136 +++ src/ssl.c 13 Mar 2007 02:44:08 -0000 @@ -34,6 +34,9 @@ */ #include "squid.h" +#if LINUX_TPROXY +#include +#endif typedef struct { char *url; @@ -52,6 +55,7 @@ delay_id delay_id; #endif int connected; + int transparent; } SslStateData; static const char *const conn_established = "HTTP/1.0 200 Connection established\r\n\r\n"; @@ -392,8 +396,10 @@ SslStateData *sslState = data; debug(26, 3) ("sslConnected: FD %d sslState=%p\n", fd, sslState); *sslState->status_ptr = HTTP_OK; - xstrncpy(sslState->server.buf, conn_established, SQUID_TCP_SO_RCVBUF); - sslState->server.len = strlen(conn_established); + if (!(sslState->transparent)) { + xstrncpy(sslState->server.buf, conn_established, SQUID_TCP_SO_RCVBUF); + sslState->server.len = strlen(conn_established); + } sslSetSelect(sslState); } @@ -539,6 +545,9 @@ sslState->delay_id = delayClient(http); delayRegisterDelayIdPtr(&sslState->delay_id); #endif + sslState->transparent = http->conn->transparent; + if (http->conn->transparent) + http->conn->in.offset += http->req_sz; sslState->url = xstrdup(url); sslState->request = requestLink(request); sslState->size_ptr = size_ptr; @@ -567,6 +576,33 @@ Config.Timeout.lifetime, sslTimeout, sslState); +#if LINUX_TPROXY + if(http->conn->port->tproxy) { + struct in_tproxy itp; + + itp.v.addr.faddr.s_addr = http->conn->peer.sin_addr.s_addr; + itp.v.addr.fport = 0; + + /* If these syscalls fail then we just fallback to connecting + * normally by simply ignoring the errors... + */ + itp.op = TPROXY_ASSIGN; + if (setsockopt(sslState->server.fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) { + debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN\n", + inet_ntoa(itp.v.addr.faddr), + itp.v.addr.faddr.s_addr, + itp.v.addr.fport); + } else { + itp.op = TPROXY_FLAGS; + itp.v.flags = ITP_CONNECT; + if (setsockopt(sslState->server.fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) { + debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT\n", + itp.v.addr.faddr.s_addr, + itp.v.addr.fport); + } + } + } +#endif sslSetSelect(sslState); peerSelect(request, NULL,