Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

Amos Jeffries Tue, 04 Oct 2016 03:56:53 -0700

On 4/10/2016 10:52 p.m., Egerváry Gergely wrote:
>> Is there another defined somewhere else? For some reason your Squid is
>> managing to build with just "nl_inip" (no 'addr') in the field name.
> 
> There's a copy in /usr/include/netinet, but it's the same:
> 
> typedef       struct  natlookup {
>       i6addr_t        nl_inipaddr;
>       i6addr_t        nl_outipaddr;
>       i6addr_t        nl_realipaddr;
>       int             nl_v;
>       int             nl_flags;
>       u_short         nl_inport;
>       u_short         nl_outport;
>       u_short         nl_realport;
> } natlookup_t;
> 
> #define       nl_inip         nl_inipaddr.in4
> #define       nl_outip        nl_outipaddr.in4
> #define       nl_realip       nl_realipaddr.in4
> #define       nl_inip6        nl_inipaddr.in6
> #define       nl_outip6       nl_outipaddr.in6
> #define       nl_realip6      nl_realipaddr.in6
> 
> ... so "nl_inip" is a simple #define to nl_inipaddr.in4
> 
> This is from Squid's Intercept.cc:
> 
>     natLookup.nl_inport = htons(newConn->local.port());
>     newConn->local.getInAddr(natLookup.nl_inip);
>     natLookup.nl_outport = htons(newConn->remote.port());
>     newConn->remote.getInAddr(natLookup.nl_outip);
> 
> Is this correct?
> Should we have this in the "else" section of
>   if (newConn->remote.isIPv6()) ... instead?
>


Aha. Damn macros.

There are a few changes needed, for both v4/v6 inputs and 'realip'
processing. This attached patch should be what you need for Squid-3.5 to
work.

Amos

=== modified file 'src/ip/Intercept.cc'
--- src/ip/Intercept.cc 2016-04-12 06:52:39 +0000
+++ src/ip/Intercept.cc 2016-10-04 10:35:52 +0000
@@ -207,16 +207,21 @@
         debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. 
Please upgrade to IPFilter v5.1");
         warningLevel = (warningLevel + 1) % 10;
         return false;
+    }
+    newConn->local.getInAddr(natLookup.nl_inip);
+    newConn->remote.getInAddr(natLookup.nl_outip);
 #else
         natLookup.nl_v = 6;
+        newConn->local.getInAddr(natLookup.nl_inipaddr.in6);
+        newConn->remote.getInAddr(natLookup.nl_outipaddr.in6);
     } else {
         natLookup.nl_v = 4;
+        newConn->local.getInAddr(natLookup.nl_inipaddr.in4);
+        newConn->remote.getInAddr(natLookup.nl_outipaddr.in4);
+    }
 #endif
-    }
     natLookup.nl_inport = htons(newConn->local.port());
-    newConn->local.getInAddr(natLookup.nl_inip);
     natLookup.nl_outport = htons(newConn->remote.port());
-    newConn->remote.getInAddr(natLookup.nl_outip);
     // ... and the TCP flag
     natLookup.nl_flags = IPN_TCP;
 
@@ -281,7 +286,14 @@
         debugs(89, 9, HERE << "address: " << newConn);
         return false;
     } else {
+#if IPFILTER_VERSION < 5000003
         newConn->local = natLookup.nl_realip;
+#else
+        if (newConn->remote.isIPv6())
+            newConn->local = natLookup.nl_realipaddr.in6;
+        else
+            newConn->local = natLookup.nl_realipaddr.in4;
+#endif
         newConn->local.port(ntohs(natLookup.nl_realport));
         debugs(89, 5, HERE << "address NAT: " << newConn);
         return true;

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

Reply via email to