On Mon, 10 May 2010 09:42:51 -0600, Alex Rousskov <rouss...@measurement-factory.com> wrote: > Hello, > > It looks like configure.in in trunk lost the code setting > LINUX_NETFILTER. There are comments promising it will happen later in > the code, but I do not see it happening. I am worried that this will > break support for basic netfilter-based interception proxies (those > working without libcap or TPROXY). > > I may be wrong, but the changes may have been introduced by > autoconf-refactor: > >> revno: 10425 >> committer: Francesco Chemolli <kin...@squid-cache.org> >> branch nick: trunk >> timestamp: Sun 2010-04-25 23:40:51 +0200 >> message: >> Interim merge from autoconf-refactor feature-branch. > > Kinkie, could you please check that netfilter-based interception proxies > are still supported? > > > It would also be nice to get rid of libcap and TPROXY warnings when the > user wants just netfilter-based interception proxy support and is > willing to --disable the rest. In Squid v3.1, we now get these > irrelevant (for the said configuration) warnings: > > configure: WARNING: Missing needed capabilities (libcap or libcap2) for > TPROXY > configure: WARNING: Linux Transparent Proxy support WILL NOT be enabled > configure: WARNING: Reduced support to Interception Proxy >
I was planning to propose this for 3.3, but it might as well happen now for 3.2... What I'm thinking is a shuffling of the transparent options like we just shuffled the auth ones. --enable/disable-transparent - disable all semantic (HTTP) transparent stuff. This being TPROXY and other pass-thru stuff we add which makes Squid semantically transparent. Sub-options: --with-tproxy --enable-nat-intercept - disable/enable all NAT modules. the options below to fine-tune which ones get built: Sub-options: --with-iptables --with-pf --with-ipf --with-ipfw ... Amos