diff -uNr squid-2.6.STABLE13.orig/src/cf.data.pre squid-2.6.STABLE13/src/cf.data.pre --- squid-2.6.STABLE13.orig/src/cf.data.pre 2007-04-24 23:30:03.000000000 +0200 +++ squid-2.6.STABLE13/src/cf.data.pre 2007-06-22 18:46:24.174880872 +0200 @@ -2933,6 +2933,42 @@ direct client address in the access log. DOC_END +NAME: outgoing_tos_uses_indirect_client +COMMENT: on|off +TYPE: onoff +IFDEF: FOLLOW_X_FORWARDED_FOR +DEFAULT: on +LOC: Config.onoff.outgoing_tos_uses_indirect_client +DOC_START + Controls whether the indirect client address + (see follow_x_forwarded_for) is used instead of the + direct client address in the tcp_outgoing_tos. +DOC_END + +NAME: outgoing_address_uses_indirect_client +COMMENT: on|off +TYPE: onoff +IFDEF: FOLLOW_X_FORWARDED_FOR +DEFAULT: on +LOC: Config.onoff.outgoing_address_uses_indirect_client +DOC_START + Controls whether the indirect client address + (see follow_x_forwarded_for) is used instead of the + direct client address in the tcp_outgoing_address. +DOC_END + +NAME: tproxy_uses_indirect_client +COMMENT: on|off +TYPE: onoff +IFDEF: FOLLOW_X_FORWARDED_FOR && LINUX_TPROXY +DEFAULT: on +LOC: Config.onoff.tproxy_uses_indirect_client +DOC_START + Controls whether the indirect client address + (see follow_x_forwarded_for) is used instead of the + direct client address for spoofing tproxy address. +DOC_END + NAME: http_access TYPE: acl_access LOC: Config.accessList.http diff -uNr squid-2.6.STABLE13.orig/src/forward.c squid-2.6.STABLE13/src/forward.c --- squid-2.6.STABLE13.orig/src/forward.c 2007-04-17 11:35:17.000000000 +0200 +++ squid-2.6.STABLE13/src/forward.c 2007-06-22 18:51:01.275836354 +0200 @@ -424,6 +424,11 @@ aclCheck_t ch; memset(&ch, '\0', sizeof(aclCheck_t)); if (request) { +#if FOLLOW_X_FORWARDED_FOR + if (Config.onoff.outgoing_address_uses_indirect_client) + ch.src_addr = request->indirect_client_addr; + else +#endif /* FOLLOW_X_FORWARDED_FOR */ ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; ch.my_port = request->my_port; @@ -438,6 +443,11 @@ aclCheck_t ch; memset(&ch, '\0', sizeof(aclCheck_t)); if (request) { +#if FOLLOW_X_FORWARDED_FOR + if (Config.onoff.outgoing_tos_uses_indirect_client) + ch.src_addr = request->indirect_client_addr; + else +#endif /* FOLLOW_X_FORWARDED_FOR */ ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; ch.my_port = request->my_port; @@ -590,6 +600,11 @@ #if LINUX_TPROXY if (fwdState->request->flags.tproxy) { +#if FOLLOW_X_FORWARDED_FOR + if (Config.onoff.tproxy_uses_indirect_client) + itp.v.addr.faddr = fwdState->request->indirect_client_addr; + else +#endif /* FOLLOW_X_FORWARDED_FOR */ itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr; itp.v.addr.fport = 0; diff -uNr squid-2.6.STABLE13.orig/src/structs.h squid-2.6.STABLE13/src/structs.h --- squid-2.6.STABLE13.orig/src/structs.h 2007-04-27 01:11:51.000000000 +0200 +++ squid-2.6.STABLE13/src/structs.h 2007-06-22 18:46:24.178213976 +0200 @@ -678,6 +678,11 @@ int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; + int outgoing_tos_uses_indirect_client; + int outgoing_address_uses_indirect_client; +#if LINUX_TPROXY + int tproxy_uses_indirect_client; +#endif #endif } onoff; acl *aclList;