By the way, it seems that there is a bug in ip/Address.cc for the =
operator overloading for sockaddr_storage.
The memcpy() for AF_INET6 is using a length of sizeof(sockaddr_in) instead
of sizeof(sockaddr_in6), so squid was trying to connect to truncatured IPv6
addresses with strange ports.
I've joined a patch which fixes this :)
Alexis
On Sat, Jun 22, 2013 at 7:00 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 21/06/2013 7:08 p.m., Alexis Robert wrote:
>
>> Hi,
>>
>> Thanks for your reply and your comments.
>>
>> I've joined a patch which include your remarks.
>>
>> Alexis
>>
>>
> +1. Thank you that looks fine to me now.
>
> The only issue remaining is that iptables header problem. Am questioning
> netfilter about it but suspect we will have to add some nasty #if macros to
> autodetect working systems in the formal commit. I can handle that part.
>
> Cheers
> Amos
>
>
>
> On Thu, Jun 20, 2013 at 4:08 PM, Amos Jeffries <squid3_at_treenet.co.nz<mailto:
>> squid3_at_treenet.co.nz>> wrote:
>>
>> On 20/06/2013 9:20 p.m., Alexis Robert wrote:
>>
>> Hi,
>>
>> As NAT support has been included for IPv6 in Linux 3.7 (along
>> with REDIRECT/DNAT rules), as well as IP6T_SO_ORIGINAL_DST in
>> Linux 3.8, I wrote a little patch to add support for
>> transparent proxies over IPv6.
>>
>> It's my first patch for Squid, I hope I've done it correctly
>> :) The patch is based on the bzr repository.
>>
>>
>> It looks better than most first submissions. Thank you.
>>
>>
>> The only thing I see which can cause trouble is a bug with
>> linux/netfilter_ipv6/ip6_**tables.h on C++ compilers, the bug
>> report and the patch to fix it are here :
>> https://lkml.org/lkml/2012/9/**30/146<https://lkml.org/lkml/2012/9/30/146>.
>> It's only used for the
>> constant IP6T_SO_ORIGINAL_DST. Maybe there is a better (and
>> clean) way to do so it doesn't force users to update their
>> header file, but I've haven't found it yet.
>>
>> Have a nice day,
>>
>> Alexis
>>
>>
>> Audit results:
>>
>> When we are manipulating a sockaddr which may be either
>> sockaddr_in /sockaddr_in6 type it is preferrable to use the
>> sockaddr_storage or addrinfo types.
>>
>> * please just change the type of "lookup" to sockaddr_storage.
>> That and passing AF_UNSPEC as the second parameter to
>> local.getSockAddr() will take care of the IPv4/IPv6 differences
>> without needing most of the new if-statements.
>>
>> * in the debugs() statement removing the "SO_" so that the text
>> just says "getsockopt(ORIGINAL_DST)" should be sufficient to
>> remove the remaining if-statement. It will be clear from the
>> printed socket IP:port details which option is in use.
>>
>> * please remove the new empty line before the return statement.
>>
>>
>> Amos
>>
>>
>>
>
This archive was generated by hypermail 2.2.0 : Mon Jun 24 2013 - 12:00:08 MDT