On 12/01/11 23:11, Amos Jeffries wrote:
> On 11/01/11 11:56, Andrew Beverley wrote:
>> On Mon, 2011-01-10 at 22:37 +1300, Amos Jeffries wrote:
>>> On 10/01/11 19:58, Andrew Beverley wrote:
>>>> Hi all,
>>>>
>>>> I was recently caught out by my own patch when compiling Squid :-)
>>>> I compiled with netfilter marking enabled, but couldn't work out why
>>>> packets weren't being marked. It was only after turning on detailed
>>>> logging that I realised it was because Squid had been compiled without
>>>> libcap.
>>>>
>>>> Therefore, as it is not possible to get or set a netfilter mark without
>>>> libcap, please find attached a proposed patch which will disable
>>>> netfilter marking at compilation time if libcap is not available (in a
>>>> similar way to Linux transparent proxying).
>>>>
>>>> I also found a bug in the current configure.ac. You get the message
>>>> "SQUID_DEFINE_BOOL: unrecognized value for USE_LIBNETFILTERCONNTRACK:
>>>> 'auto'" if you haven't explicitly set with-netfilter-conntrack. This
>>>> patch fixes that.
>>>>
>>>> Finally, it was recommended by the netfilter guys that as
>>>> libnetfilter_conntrack offers .pc files, that PKG_CHECK_MODULES should
>>>> be used to check for its presence. However, having looked at the code
>>>> for the conntrack program, you'd have to first do a
>>>> AC_CHECK_PROG(HAVE_PKG_CONFIG). Any thoughts on this please? Should I
>>>> change the test to PKG_CHECK_MODULES?
>>>>
>>>> Thanks,
>>>>
>>>> Andy
>>>>
>>>
>>> On the patch:
>>>
>>> * "IFDEF: " entries in cf.data.pre needs matching entries/changes in
>>> cf_gen_defines to produce the documentation "Requires:" details.
>>
>> Added USE_LIBCAP to SO_MARK.
>>
>>> * the missing libcap support needs to be a hard MSG_ERROR if
>>> --with-netfilter-conntrack was specified (xyes) and a MSG_WARN if it was
>>> not defined (xauto).
>>> - this patch leaves missing libcap as warn and disable. which is the
>>> problem you attempt to solve.
>>
>> Fixed. I've had to add a new variable to the script though
>> (squid_opt_netfilterconntrack), as the normal variable
>> (with_netfilter_conntrack) is overwritten if it is auto.
>>
>> Please find attached updated patch.
>>
>> Thanks,
>>
>> Andy
>>
>
> Taking a closer look at the yes/no/auto logics and teh particular reason
> for changing it I think that is a bug in the SQUID_DEFINE_BOOL. I'm
> proposing a different simpler change in other discussion thread.
>
That bit is now has a simpler fix in trunk. You can remove the changes
to AC_SEARCH_LIBS and AC_CHECK_HEADERS from your patch.
The rest of it looks okay.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Wed Jan 12 2011 - 13:01:53 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 13 2011 - 12:00:04 MST