Re: /bzr/squid3/trunk/ r9898: Author: Alin Nastac <mrness@gentoo.org>

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 13 Aug 2009 23:59:06 +1200

Henrik Nordstrom wrote:
> This looks wrong to me.. Netfilter is not TPROXY and does not require
> libcap.

No its right. Netfilter provides the REDIRECT + DNAT + TPROXY (v4)
targets now.

This first shout out is just a warning that the TPROXY v4 abilities will
not be available without libcap (first use/fail of restoreCapabilities
will turn it all off). As the message says _transparent_ is disabled but
_interception_ remains active. The distinction between the two is now a
clear boundary in the config options to http_port as well.

>
> The libcap requirement test for TPROXY is further down I think, or at
> least it looked so from the rest of the diff..

The TPROXY v2 requirement is fully dependent to libcap and is wrapped in
the dependency later.

>
> ons 2009-08-12 klockan 21:38 +1200 skrev Amos Jeffries:
>
>> +dnl Netfilter TPROXY depends on libcap but the NAT parts can still work.
>> +if test "$LINUX_NETFILTER" = "yes" && test "$use_caps" != "yes" ; then
>> + AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY])
>> + AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled])
>> + AC_MSG_WARN([Reduced support to Interception Proxy])
>> + sleep 10
>> +fi
>
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Thu Aug 13 2009 - 11:59:14 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 13 2009 - 12:00:04 MDT