--- Lucia Di Occhi <saint_lucy@xxxxxxxxxxx> wrote:
> I am posting this on both dansguardian and squid
> lists so that it can help
> anyone with the x-forwarded-for patch.
>
> Download squid-2.5.STABLE9.tar.gz and
> follow_xff-2.5.STABLE5.patch on /tmp
> Extract the squid tar file with: tar xvfz
> squid-2.5.STABLE9.tar.gz
> copy follow_xff-2.5.STABLE5.patch to
> /tmp/squid-2.5.STABLE9
> cd to /tmp/squid-2.5.STABLE9 and execute: patch -p0
> <
> follow_xff-2.5.STABLE5.patch
>
> you should get the following errors:
>
> FedoraCore2[/tmp/squid-2.5.STABLE9]patch -p0 <
> follow_xff-2.5.STABLE5.patch
> patching file acconfig.h
> patching file bootstrap.sh
> Hunk #1 succeeded at 66 (offset 7 lines).
> patching file configure.in
> Hunk #1 succeeded at 1128 (offset 28 lines).
> patching file src/acl.c
> Hunk #1 succeeded at 2147 (offset 107 lines).
> patching file src/cf.data.pre
> Hunk #1 succeeded at 2144 (offset 29 lines).
> patching file src/client_side.c
> Hunk #2 succeeded at 185 (offset 2 lines).
> Hunk #4 succeeded at 3308 (offset 58 lines).
> patching file src/delay_pools.c
> patching file src/structs.h
> Hunk #1 FAILED at 594.
> Hunk #2 succeeded at 634 (offset 14 lines).
> Hunk #3 succeeded at 1621 (offset 2 lines).
> Hunk #4 succeeded at 1684 (offset 14 lines).
> Hunk #5 FAILED at 1697.
> 2 out of 5 hunks FAILED -- saving rejects to file
> src/structs.h.rej
>
> This means that two hunks (parts) of the patch
> failed to patch src/structs.h
> at around lines 594 and 1697. Now look at the
> src/structs.h.rej which
> should look like this:
>
> ***************
> *** 594,599 ****
> int pipeline_prefetch;
> int request_entities;
> int detect_broken_server_pconns;
> } onoff;
> acl *aclList;
> struct {
> --- 594,604 ----
> int pipeline_prefetch;
> int request_entities;
> int detect_broken_server_pconns;
> + #if FOLLOW_X_FORWARDED_FOR
> + int acl_uses_indirect_client;
> + int delay_pool_uses_indirect_client;
> + int log_uses_indirect_client;
> + #endif /* FOLLOW_X_FORWARDED_FOR */
> } onoff;
> acl *aclList;
> struct {
> ***************
> *** 1681,1686 ****
> char *peer_login; /* Configured peer
> login:password */
> time_t lastmod; /* Used on refreshes
> */
> const char *vary_headers; /* Used when varying
> entities are detected.
> Chan
> ges how the store key is calculated */
> };
>
> struct _cachemgr_passwd {
> --- 1697,1707 ----
> char *peer_login; /* Configured peer
> login:password */
> time_t lastmod; /* Used on refreshes
> */
> const char *vary_headers; /* Used when varying
> entities are detected.
> Chan
> ges how the store key is calculated */
> + #if FOLLOW_X_FORWARDED_FOR
> + /* XXX a list of IP addresses would be a
> better data structure
> + * than this String */
> + String x_forwarded_for_iterator;
> + #endif /* FOLLOW_X_FORWARDED_FOR */
> };
>
> struct _cachemgr_passwd {
>
> As you can see the patch has found some 'issues' on
> line 594 where it was
> expecting something that it did not find. No
> problem, just open
> src/structs.h with 'vi' and go to line 594 and
> locate the line:
>
> int detect_broken_server_pconns;
>
> which should be somewhere around there.
> now insert the following as described by the .rej
> file (remove the + which
> means ADD)
>
> #if FOLLOW_X_FORWARDED_FOR
> int acl_uses_indirect_client;
> int delay_pool_uses_indirect_client;
> int log_uses_indirect_client;
> #endif /* FOLLOW_X_FORWARDED_FOR */
>
> so around line 594 you should now have:
>
> int detect_broken_server_pconns;
> #if FOLLOW_X_FORWARDED_FOR
> int acl_uses_indirect_client;
> int delay_pool_uses_indirect_client;
> int log_uses_indirect_client;
> #endif /* FOLLOW_X_FORWARDED_FOR */
> int balance_on_multiple_ip;
> int relaxed_header_parser;
> int accel_uses_host_header;
> int accel_no_pmtu_disc;
> } onoff;
> acl *aclList;
>
> OK, let's now go to line 1697 (more or less since we
> have just added a few
> lines around 594)
> locate the line:
>
> const char *vary_headers; /* Used when varying
> entities are detected. Chan
> ges how the store key is calculated */
>
> which should be somewhere around there.
> now insert the following as described by the .rej
> file (remove the + which
> means ADD)
>
> #if FOLLOW_X_FORWARDED_FOR
> /* XXX a list of IP addresses would be a better
> data structure
> * than this String */
> String x_forwarded_for_iterator;
> #endif /* FOLLOW_X_FORWARDED_FOR */
>
> so around line 1697 you should now have:
>
> char *peer_login; /* Configured peer
> login:password */
> time_t lastmod; /* Used on refreshes
> */
> const char *vary_headers; /* Used when varying
> entities are detected.
> Changes how the store key is calculated */
> #if FOLLOW_X_FORWARDED_FOR
> /* XXX a list of IP addresses would be a better
> data structure
> * than this String */
> String x_forwarded_for_iterator;
> #endif /* FOLLOW_X_FORWARDED_FOR */
> BODY_HANDLER *body_reader;
> void *body_reader_data;
> };
>
> Alright, you are done fixing the broken patch! now
> go back to
> /tmp/squid-2.5.STABLE9 and execute
> 'bootstrap.sh'. Do not worry about any warnings or
> errors you may get.
> then run 'configure --help' and you should be able
> to see you new option
> --enable-follow-x-forwarded-for
>
> Just configure with your favourite options and run
> make.
>
> I hope this helps anyone with problems applying this
> patch. For the patch
> challenged ones I have attached the patch structs.h
>
> Enjoy.
Great. It works. Thanks for the detailed doc.
Sarav
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
