On 10/01/11 19:58, Andrew Beverley wrote:
> Hi all,
>
> I was recently caught out by my own patch when compiling Squid :-)
> I compiled with netfilter marking enabled, but couldn't work out why
> packets weren't being marked. It was only after turning on detailed
> logging that I realised it was because Squid had been compiled without
> libcap.
>
> Therefore, as it is not possible to get or set a netfilter mark without
> libcap, please find attached a proposed patch which will disable
> netfilter marking at compilation time if libcap is not available (in a
> similar way to Linux transparent proxying).
>
> I also found a bug in the current configure.ac. You get the message
> "SQUID_DEFINE_BOOL: unrecognized value for USE_LIBNETFILTERCONNTRACK:
> 'auto'" if you haven't explicitly set with-netfilter-conntrack. This
> patch fixes that.
>
> Finally, it was recommended by the netfilter guys that as
> libnetfilter_conntrack offers .pc files, that PKG_CHECK_MODULES should
> be used to check for its presence. However, having looked at the code
> for the conntrack program, you'd have to first do a
> AC_CHECK_PROG(HAVE_PKG_CONFIG). Any thoughts on this please? Should I
> change the test to PKG_CHECK_MODULES?
>
> Thanks,
>
> Andy
>
On the patch:
* "IFDEF: " entries in cf.data.pre needs matching entries/changes in
cf_gen_defines to produce the documentation "Requires:" details.
* the missing libcap support needs to be a hard MSG_ERROR if
--with-netfilter-conntrack was specified (xyes) and a MSG_WARN if it was
not defined (xauto).
- this patch leaves missing libcap as warn and disable. which is the
problem you attempt to solve.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Mon Jan 10 2011 - 09:37:19 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 11 2011 - 12:00:06 MST