Hi all,
I was recently caught out by my own patch when compiling Squid :-)
I compiled with netfilter marking enabled, but couldn't work out why
packets weren't being marked. It was only after turning on detailed
logging that I realised it was because Squid had been compiled without
libcap.
Therefore, as it is not possible to get or set a netfilter mark without
libcap, please find attached a proposed patch which will disable
netfilter marking at compilation time if libcap is not available (in a
similar way to Linux transparent proxying).
I also found a bug in the current configure.ac. You get the message
"SQUID_DEFINE_BOOL: unrecognized value for USE_LIBNETFILTERCONNTRACK:
'auto'" if you haven't explicitly set with-netfilter-conntrack. This
patch fixes that.
Finally, it was recommended by the netfilter guys that as
libnetfilter_conntrack offers .pc files, that PKG_CHECK_MODULES should
be used to check for its presence. However, having looked at the code
for the conntrack program, you'd have to first do a
AC_CHECK_PROG(HAVE_PKG_CONFIG). Any thoughts on this please? Should I
change the test to PKG_CHECK_MODULES?
Thanks,
Andy
This archive was generated by hypermail 2.2.0 : Mon Jan 10 2011 - 12:00:05 MST