By the way, it seems that there is a bug in ip/Address.cc for the = operator overloading for sockaddr_storage.
The memcpy() for AF_INET6 is using a length of sizeof(sockaddr_in) instead of sizeof(sockaddr_in6), so squid was trying to connect to truncatured IPv6 addresses with strange ports. I've joined a patch which fixes this :) Alexis On Sat, Jun 22, 2013 at 7:00 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 21/06/2013 7:08 p.m., Alexis Robert wrote: > >> Hi, >> >> Thanks for your reply and your comments. >> >> I've joined a patch which include your remarks. >> >> Alexis >> >> > +1. Thank you that looks fine to me now. > > The only issue remaining is that iptables header problem. Am questioning > netfilter about it but suspect we will have to add some nasty #if macros to > autodetect working systems in the formal commit. I can handle that part. > > Cheers > Amos > > > > On Thu, Jun 20, 2013 at 4:08 PM, Amos Jeffries <squ...@treenet.co.nz<mailto: >> squ...@treenet.co.nz>> wrote: >> >> On 20/06/2013 9:20 p.m., Alexis Robert wrote: >> >> Hi, >> >> As NAT support has been included for IPv6 in Linux 3.7 (along >> with REDIRECT/DNAT rules), as well as IP6T_SO_ORIGINAL_DST in >> Linux 3.8, I wrote a little patch to add support for >> transparent proxies over IPv6. >> >> It's my first patch for Squid, I hope I've done it correctly >> :) The patch is based on the bzr repository. >> >> >> It looks better than most first submissions. Thank you. >> >> >> The only thing I see which can cause trouble is a bug with >> linux/netfilter_ipv6/ip6_**tables.h on C++ compilers, the bug >> report and the patch to fix it are here : >> >> https://lkml.org/lkml/2012/9/**30/146<https://lkml.org/lkml/2012/9/30/146>. >> It's only used for the >> constant IP6T_SO_ORIGINAL_DST. Maybe there is a better (and >> clean) way to do so it doesn't force users to update their >> header file, but I've haven't found it yet. >> >> Have a nice day, >> >> Alexis >> >> >> Audit results: >> >> When we are manipulating a sockaddr which may be either >> sockaddr_in /sockaddr_in6 type it is preferrable to use the >> sockaddr_storage or addrinfo types. >> >> * please just change the type of "lookup" to sockaddr_storage. >> That and passing AF_UNSPEC as the second parameter to >> local.getSockAddr() will take care of the IPv4/IPv6 differences >> without needing most of the new if-statements. >> >> * in the debugs() statement removing the "SO_" so that the text >> just says "getsockopt(ORIGINAL_DST)" should be sufficient to >> remove the remaining if-statement. It will be clear from the >> printed socket IP:port details which option is in use. >> >> * please remove the new empty line before the return statement. >> >> >> Amos >> >> >> >
002-fix-IPv6-equal-operator-Address.diff
Description: Binary data
