[squid-dev] [PATCH] OSX transparent-proxy using pfctl

[Shively, Gregory]

Hello,

I had discussed with Amos a couple weeks back on the user mailing list with regards to getting a transparent proxy setup on an OSX machine. I'm having some issues running the test-builds.sh, but they all look like they are associated with compiling on OSX with deprecated APIs that are erroring the compile. I'm not sure if I should continue down the road to get the test-builds.sh running on OSX for this patch. But including the patch anyway.

Apple doesn't publicly expose the ioctl on /dev/pf(USE_NAT_DEVPF) nor return the forwarding information on the getsockname(!USE_NAT_DEVPF) and the code path attempts to use the getsockname(), which ends up with a forwarding loop. The patch adds, under _SQUID_APPLE conditional compilation as per request by Amos, calls /sbin/pfctl to get the redirect state information, similar to the method that mitmproxy does on OSX. I've been using this on 3.5.20 that I patched from a source bundle, with an embedded device off the wifi and Internet Sharing for a couple of weeks w/o issue. But the patch was slightly modified to compile on trunk (xstrerror => xstrerr).

Let me know if I should continue down the road on getting test-builds.sh running on OSX.

Greg Shively
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160926/be6abe03/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid-3.5.20-osx-devpf-transparent.patch
Type: application/octet-stream
Size: 4139 bytes
Desc: squid-3.5.20-osx-devpf-transparent.patch
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160926/be6abe03/attachment.obj>