On 11/01/11 11:56, Andrew Beverley wrote:
On Mon, 2011-01-10 at 22:37 +1300, Amos Jeffries wrote:
On 10/01/11 19:58, Andrew Beverley wrote:
Hi all,
I was recently caught out by my own patch when compiling Squid :-)
I compiled with netfilter marking enabled, but couldn't work out why
packets weren't being marked. It was only after turning on detailed
logging that I realised it was because Squid had been compiled without
libcap.
Therefore, as it is not possible to get or set a netfilter mark without
libcap, please find attached a proposed patch which will disable
netfilter marking at compilation time if libcap is not available (in a
similar way to Linux transparent proxying).
I also found a bug in the current configure.ac. You get the message
"SQUID_DEFINE_BOOL: unrecognized value for USE_LIBNETFILTERCONNTRACK:
'auto'" if you haven't explicitly set with-netfilter-conntrack. This
patch fixes that.
Finally, it was recommended by the netfilter guys that as
libnetfilter_conntrack offers .pc files, that PKG_CHECK_MODULES should
be used to check for its presence. However, having looked at the code
for the conntrack program, you'd have to first do a
AC_CHECK_PROG(HAVE_PKG_CONFIG). Any thoughts on this please? Should I
change the test to PKG_CHECK_MODULES?
Thanks,
Andy
On the patch:
* "IFDEF: " entries in cf.data.pre needs matching entries/changes in
cf_gen_defines to produce the documentation "Requires:" details.
Added USE_LIBCAP to SO_MARK.
* the missing libcap support needs to be a hard MSG_ERROR if
--with-netfilter-conntrack was specified (xyes) and a MSG_WARN if it was
not defined (xauto).
- this patch leaves missing libcap as warn and disable. which is the
problem you attempt to solve.
Fixed. I've had to add a new variable to the script though
(squid_opt_netfilterconntrack), as the normal variable
(with_netfilter_conntrack) is overwritten if it is auto.
Please find attached updated patch.
Thanks,
Andy
Taking a closer look at the yes/no/auto logics and teh particular reason
for changing it I think that is a bug in the SQUID_DEFINE_BOOL. I'm
proposing a different simpler change in other discussion thread.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
