# Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: andy@andybev.com-20100731220533-vfdiehk6tplxcpio # target_branch: file:///home/andrew/squid-repo/trunk/ # testament_sha1: feb94d9d6fa4acfcb0d195c816049f70d0c466a6 # timestamp: 2010-07-31 23:05:40 +0100 # base_revision_id: squid3@treenet.co.nz-20100731141830-\ # 60bm8quxdd78f5rz # # Begin patch === modified file 'configure.in' --- configure.in 2010-07-31 14:18:30 +0000 +++ configure.in 2010-07-31 22:05:33 +0000 @@ -1302,14 +1302,19 @@ #will be AC_DEFINEd later, after checking for appropriate infrastructure AC_MSG_NOTICE([PF-based transparent proxying requested: ${enable_pf_transparent:=auto}]) +# Tell people the enable-linux-netfilter option has been renamed +AC_ARG_ENABLE(linux-netfilter, , [ + AC_MSG_ERROR(--enable-linux-netfilter has been renamed to --enable-nf-transparent.) +]) + # Linux Netfilter Transparent Proxy -AC_ARG_ENABLE(linux-netfilter, - AS_HELP_STRING([--enable-linux-netfilter], +AC_ARG_ENABLE(nf-transparent, + AS_HELP_STRING([--enable-nf-transparent], [Enable Transparent Proxy support for Linux (Netfilter)]), [ SQUID_YESNO([$enableval], - [unrecognized argument to --enable-linux-netfilter: $enableval]) + [unrecognized argument to --enable-nf-transparent: $enableval]) ]) -AC_MSG_NOTICE([Linux Netfilter support requested: ${enable_linux_netfilter:=auto}]) +AC_MSG_NOTICE([Netfilter based transparent proxying requested: ${enable_nf_transparent:=auto}]) #will be AC_DEFINEd later, after checking for appropriate infrastructure dnl Enable Large file support @@ -3116,25 +3121,25 @@ SQUID_DEFINE_BOOL(PF_TRANSPARENT,$enable_pf_transparent, [Enable support for PF-style transparent proxying]) -if test "$enable_linux_netfilter" != "no" ; then +if test "$enable_nf_transparent" != "no" ; then if test "$ac_cv_header_linux_netfilter_ipv4_h" = "yes"; then - if test "$enable_linux_netfilter" = "auto" ; then - enable_linux_netfilter=yes + if test "$enable_nf_transparent" = "auto" ; then + enable_nf_transparent=yes fi else - if test "$enable_linux_netfilter" = "auto" ; then - enable_linux_netfilter=no + if test "$enable_nf_transparent" = "auto" ; then + enable_nf_transparent=no else - AC_MSG_ERROR([Linux Netfilter support requested but needed headers not found]) + AC_MSG_ERROR([Netfilter based transparent proxying requested but needed headers not found]) fi fi fi -SQUID_DEFINE_BOOL(LINUX_NETFILTER,$enable_linux_netfilter, +SQUID_DEFINE_BOOL(NF_TRANSPARENT,$enable_nf_transparent, [Enable support for Transparent Proxy on Linux via Netfilter]) dnl Netfilter TPROXY depends on libcap but the NAT parts can still work. -AC_MSG_NOTICE([Support for Netfilter-based interception proxy requested: $enable_linux_netfilter]) -if test "$enable_linux_netfilter" = "yes" && test "$use_libcap" != "yes" ; then +AC_MSG_NOTICE([Support for Netfilter-based interception proxy requested: $enable_nf_transparent]) +if test "$enable_nf_transparent" = "yes" && test "$use_libcap" != "yes" ; then AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY]) AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled]) AC_MSG_WARN([Reduced support to Interception Proxy]) === modified file 'src/cf.data.pre' --- src/cf.data.pre 2010-07-29 13:04:44 +0000 +++ src/cf.data.pre 2010-07-31 22:05:33 +0000 @@ -904,7 +904,7 @@ NAME: tproxy_uses_indirect_client COMMENT: on|off TYPE: onoff -IFDEF: FOLLOW_X_FORWARDED_FOR&&LINUX_NETFILTER +IFDEF: FOLLOW_X_FORWARDED_FOR&&NF_TRANSPARENT DEFAULT: off LOC: Config.onoff.tproxy_uses_indirect_client DOC_START === modified file 'src/cf_gen_defines' --- src/cf_gen_defines 2010-05-25 11:12:20 +0000 +++ src/cf_gen_defines 2010-07-31 22:05:33 +0000 @@ -9,7 +9,7 @@ define["FOLLOW_X_FORWARDED_FOR"]="--enable-follow-x-forwarded-for" define["FOLLOW_X_FORWARDED_FOR&&DELAY_POOLS"]="--enable-follow-x-forwarded-for and --enable-delay-pools" define["FOLLOW_X_FORWARDED_FOR&&ICAP_CLIENT"]="--enable-follow-x-forwarded-for and --enable-icap-client" - define["FOLLOW_X_FORWARDED_FOR&&LINUX_NETFILTER"]="--enable-follow-x-forwarded-for and --enable-linux-netfilter" + define["FOLLOW_X_FORWARDED_FOR&&NF_TRANSPARENT"]="--enable-follow-x-forwarded-for and --enable-nf-transparent" define["HTTP_VIOLATIONS"]="--enable-http-violations" define["ICAP_CLIENT"]="--enable-icap-client" define["SQUID_SNMP"]="--enable-snmp" === modified file 'src/forward.cc' --- src/forward.cc 2010-07-13 16:49:48 +0000 +++ src/forward.cc 2010-07-31 22:05:33 +0000 @@ -1347,7 +1347,7 @@ { if (request && request->flags.spoof_client_ip) { if (!dst_peer || !dst_peer->options.no_tproxy) { -#if FOLLOW_X_FORWARDED_FOR && LINUX_NETFILTER +#if FOLLOW_X_FORWARDED_FOR && NF_TRANSPARENT if (Config.onoff.tproxy_uses_indirect_client) return request->indirect_client_addr; else === modified file 'src/ip/Intercept.cc' --- src/ip/Intercept.cc 2010-07-25 08:10:12 +0000 +++ src/ip/Intercept.cc 2010-07-31 22:05:33 +0000 @@ -86,7 +86,7 @@ #endif /* HAVE_NET_PFVAR_H */ #endif /* PF_TRANSPARENT required headers */ -#if LINUX_NETFILTER +#if NF_TRANSPARENT #include #endif @@ -114,7 +114,7 @@ int Ip::Intercept::NetfilterInterception(int fd, const Ip::Address &me, Ip::Address &dst, int silent) { -#if LINUX_NETFILTER +#if NF_TRANSPARENT struct addrinfo *lookup = NULL; dst.GetAddrInfo(lookup,AF_INET); @@ -145,7 +145,7 @@ int Ip::Intercept::NetfilterTransparent(int fd, const Ip::Address &me, Ip::Address &client, int silent) { -#if LINUX_NETFILTER +#if NF_TRANSPARENT /* Trust the user configured properly. If not no harm done. * We will simply attempt a bind outgoing on our own IP. @@ -349,11 +349,11 @@ int Ip::Intercept::NatLookup(int fd, const Ip::Address &me, const Ip::Address &peer, Ip::Address &client, Ip::Address &dst) { - /* --enable-linux-netfilter */ + /* --enable-nf-transparent */ /* --enable-ipfw-transparent */ /* --enable-ipf-transparent */ /* --enable-pf-transparent */ -#if IPF_TRANSPARENT || LINUX_NETFILTER || IPFW_TRANSPARENT || PF_TRANSPARENT +#if IPF_TRANSPARENT || NF_TRANSPARENT || IPFW_TRANSPARENT || PF_TRANSPARENT client = me; dst = peer; === modified file 'src/ip/Intercept.h' --- src/ip/Intercept.h 2010-05-02 19:32:42 +0000 +++ src/ip/Intercept.h 2010-07-31 22:05:33 +0000 @@ -170,7 +170,7 @@ time_t last_reported; /**< Time of last error report. Throttles NAT error display to 1 per minute */ }; -#if LINUX_NETFILTER && !defined(IP_TRANSPARENT) +#if NF_TRANSPARENT && !defined(IP_TRANSPARENT) /// \ingroup IpInterceptAPI #define IP_TRANSPARENT 19 #endif === modified file 'src/structs.h' --- src/structs.h 2010-07-29 13:04:44 +0000 +++ src/structs.h 2010-07-31 22:05:33 +0000 @@ -432,7 +432,7 @@ int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; -#if LINUX_NETFILTER +#if NF_TRANSPARENT int tproxy_uses_indirect_client; #endif #endif /* FOLLOW_X_FORWARDED_FOR */ === modified file 'test-suite/buildtests/layer-01-minimal.opts' --- test-suite/buildtests/layer-01-minimal.opts 2010-04-20 15:37:43 +0000 +++ test-suite/buildtests/layer-01-minimal.opts 2010-07-31 22:05:33 +0000 @@ -62,7 +62,7 @@ --disable-ipfw-transparent \ --disable-ipf-transparent \ --disable-pf-transparent \ - --disable-linux-netfilter \ + --disable-nf-transparent \ --disable-linux-tproxy \ --disable-leakfinder \ --disable-follow-x-forwarded-for \ === modified file 'test-suite/buildtests/os-debian.opts' --- test-suite/buildtests/os-debian.opts 2010-04-23 14:34:23 +0000 +++ test-suite/buildtests/os-debian.opts 2010-07-31 22:05:33 +0000 @@ -46,7 +46,7 @@ --enable-external-acl-helpers="ip_user,ldap_group,session,unix_group,wbinfo_group" \ --with-filedescriptors=65536 \ --enable-epoll \ - --enable-linux-netfilter \ + --enable-nf-transparent \ " # Debian for some reason builds using explicit 'cc' instead of 'gcc' or automatic === modified file 'test-suite/buildtests/os-ubuntu.opts' --- test-suite/buildtests/os-ubuntu.opts 2010-04-23 14:34:23 +0000 +++ test-suite/buildtests/os-ubuntu.opts 2010-07-31 22:05:33 +0000 @@ -45,7 +45,7 @@ --enable-external-acl-helpers="ip_user,ldap_group,session,unix_group,wbinfo_group" \ --with-filedescriptors=65536 \ --enable-epoll \ - --enable-linux-netfilter \ + --enable-nf-transparent \ " # Ubuntu for some reason built using 'cc' instead of gcc # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWc4qNAIAB8rfgHAwfXf//3/n /s6////+YAzu+bLa2t9rFAAAABmHstHK02M62tBDbRW4SKTImqbNU9NoKfpojU0ZlGTCepoaABpo 0aANAkpSe0GqflT0j0myCBoGgBGAaADRGAAOMmTRoDRpiMjQxDAmjTEGI0GEABg00QKnkjQ0ekDN E9QAAANAAAAAEUpo00mITRPTRPEp4JH6FNMTQaMg09QGJkehAkiAgAI1NCno0wgTUNpDT0gABoaA 0JVpVkBUBMFTyStxzWZZ59Gt7LNjJdJRG1D5dXTNPHPEXkkojWNwrdwcNnkOZSDMDerWGRA+dUHQ ymVU9FE7JRjq8jiHIBKzgue50+lr2XNK6Eq0pOdKzvlEtaVrRhRo2PdOys7wE6+1hdR6YI9iPNdX ynhz8ufWSEe4RfENtDYNpNoG2MbG27egQqbK7MmNCxNJ9mDseZchVDFIzqkiIF5QliIEPInKmE6C LNC+dBweHFxmMGV6q4yZQpR6waUYM8zRVSxi4sndQftrKfros64GZhD8vv241HKzdIfMzMRLqvwz VotBEbIkBH2zkMf1q0kjIM3BF/0hfZc54LknD3r2aTbK2rhFECJJTIi6RKlrMk9agq4khEYSqQa+ AjHL1RYndKWqPMEV9zq5gURhAzCGPYB0DRMQdqa1EB5fb65vUTs+iuvFzQ5NcNBuU3OW/5YzDWKe qm2KZ1VmbSzCRSBUIiIYQFQUMFQDNGgk358MiggAtIZVqIVNsZdBl/Z0CklqCrz0DQVYKP7hj7SS YVmEwig3ge4+HwEY2AKR8XuaD4LAdFfuQbmVzYYOnwp8K/HBUVFg/6/b5+cS3LMS4TObDOV2wpEK TFYzIwoYNoCDIslKdleMbKQ2QFtCRBAzW4gAKlO45jbtrRCxxKuQsFZUqK45lISPn+RMqnHPIWxe YWFDS4BWMQJbVkMmHLWByCTEkCHL3O4xKUsSag4VLxF6YuVpzHYzMCYRJFS47zG0lOuBgVLDEjUc FF0hfStJAlcEQxCUi6IrEml9k90TIoQV+UbDuOXTI+uaUxuNh0oQS2uIxzkZhwRHkOX4PEbJj90J sgXaxs2sZlMdp7dISpKccbLFAYkwZM/AmvgpFg5E1Oma5gmmDKSaZuOnMiR7d8K0xKa2Cywa8K5D lTCLUTmR28EYFAs1+axZxuIHWCY3EcjmSNdDpZf17yK9qOZHtI5Z7ohsnyYpqM0p8PCkawhByAkK FIoAtBhijinCTxZAoHpS4JigLSgUFaXFmQRnpZ2mVjldy85kJyLzOLjSLmH0Buu2UyZLoAwxaaFf A68kUQug3kFxgNLQvp5ZkLKT0XOWbNzlB+ReJwFq1ZBUYoWi8yo5aFHGcBME6uK0krRr6OK5nsAU HhYTT6OYZRGuLhSImZg5IvMu2JG1znInljeVeBkVXrS6zNFRzoUNi4zOhqaEz7uEreRaTs2w0dpE zRQ1GHBb9j63A0i0HIgPb2XjhPY50GKHiYlC6nnecy2Qd92hEvYtEyiwxzp1YSJkiebESmY8cnZR vSOQMFt5EvMDLIyMj7j0C7D3pX557X2xfHV3cmNRxya7zTM2eVHXF0RivkhoAMAmIMbj8pKc53jE oHcSiS9MJFpkZlC4iMRGLsjE4Jl4cdMy8v9WmweAvM9JaXPtls40cmd5TXrGCZg4t4G6mD9NK1Oo sJjFpncWQGxDCITbChMgVH4nS3g2LDuL9bSpoYELTFgXovHMOAewsMC0eZM5HqOVwCxORnyu5M8X aAQUi4IGxJxEihiTKykw4wJeqhiVWZcRgUIGasNA59lpM5SBYkTgwNBjx4MSZ78xdetkA1vuaBq0 GpALcyOo5BUJbpDjusSJv4/MKpeT7oG9QceJabFxefNQqam1BjswKFRi81OLrurE226CgXHBYWyM BzY1DYgF54BIoT21oYW2wvzd+yLTAdKlWoMXFSJMJ0HHIGww4dUSyL2mBttc7+gzVUtxZDmN7QIh AtGHNzIkORBYblpwbllpAzND0XdTfzjLJBJxwwbG574tyC9MkRgCcJ4zNIuCCeh5EeZIZ729d2+G w2202wZ2YZxEINTNtttDbGJvtSLOURs76Dz/Jc9DtT2Gg0dtR5he59wvwJ6L7YiIAhYhj1Fnon7S scjzTrm+w/Myf20g9tCQsG9QujA4rBzzYhIhtO4K/Se/RvTyH6Xnd4yHfc2AQZ6J+8EXSsNIsxe0 tuxb8amCGWgxdAuFIlErE0C4MMAGQcQGqr4B4lRJNXiSJGJhEJUPn+YLHkUibZhC9Mnr/2nSVbRi 2ukGutVyCJLbwCO24OC31zK7BqsGNDBgLe55gRJA1xnCYCJISOQ8ZIGkZGcZFujDYN86iUtaeAwH NyGSlYYkoTziwVqxMWSwPQZS78kfN9z5vyyi6HXJt3ec0qQJP4fFBmiUV+rCFIJGLeJ0sJdVVgpT HmQem0uW2ZajyyYvFYeZgwixbVk0hxnjhmcSmE7jEL40LtsvlQwvRjyY7yYlNJAqByx0kNDIaULx Uu8kIqLGeFYLQ42JQjqcuhM2GN7CZ1HQmQNzqFM595f9gqzSy3WqXL1sM3Q8O1xMkzYlyMmELspV veAtzELcE8cxiB4mQWoGvdzqrRrXBwmF0iKbhjAq5fzAgCjEqVNC5CJWkCpudFErAqcwwMZnPUu5 f2+z63QaTYZAHSpf0nOtR9HDqy2XhufXMQensrUttGHQmUROI8jg6y+Bp2S7Mp6bS9bx7ztPd6aF 5cVMDxOs6g9hYSMBHAjRWehl5Mk/XwI0Qu90HQmnIKotxY0G3HNYPiaSkKsRsllzI6R6Ki2nosAJ 2umWMvvqO2/gCRpeQ6yFj4p/3rKj03NEuKh4YWIUOxgHwa15yTrHxRBq2SA23V3TeJ4wwokXtTWP aQEbUHl8mYWaJKlylBM7rOXlIO8bg2iRPJw8/YcyJFas1yvQVPaQ9LkBj43SwLT2mIC1MCCRaapG ixX1CPoEeIjhKSJaxZjT4/S0Y8BgqVlyktFJLwHCJcSoJHE61rNoYW2nKZTkjqEjcvOkRbRgD/Va dYCyOxAEyFkfUvF+tLp60jXqRI7/sdQDRx965vcRYpyMy9qRDBod7vt6KSKd83VFT8Ac+EN62mQC umdgwW6bzb3DDqQ5ua0TgyzPKdhum6ixeld0eI8A/eSkA9WL0I6mHiX53L2BBCg5oMR58NVC6etC cEMI8ML13WW7OvhzXrGADWI8xkHEJTcW9TqhyYb8zYZOoq1F9wWqToFLCoqaksY8OTwyEmxCp0iQ 9i27SLkafzIQZFtKnquTBDVAcSE2bKHXD59fVflvMUSBA9RRKmIBral6DMnN2VnWygqU4kgTZFVk IMoJKHlqZGTG5C0ojdIZPKMEQzPFu5O9OexS9/B1ZvoXe0qb5+aF3sk4hnBRmkRwqG4Ce4Balpsr arc+NXQyDvOrOJ8DA6EFqkfD4hqSCYXFA5MgZ0L2boRaEkpBLdbrroh9jegJDp/c6RtYLvJ/Ev8O xYEKLAlVealJuidQA4gj2DPAkmmgkNapJXiSjjrkV2m/JxpCmUSiMCTaXBvQBnROsaJzBjgyCCFS Pg0VaSx4PnuwRF1rS+Aj7xa65uhu0jIlz57TJAvoBKnCsJVNfSvBUutJsAleK1JTLm0GI2OUwRvN sS5gHjCZHEkMBBxJOgXMMDc31g8cNXQb7dQzm/NyG8c4vG8ZybsJ/1Nt/XCib5Un5mS1CwOxAsQy 8RWR+iifnyAToXt4enpOEKFxsudoeJcTOcoDWGCJ0GMyCWGMMHkPCLObaBcDQLSWLj7xSXivbKwy IhcxX1lSG8ESQNAzfpX1T+i7kinChIZxUaAQ