From: Amos Jeffries Date: Wed, 12 Aug 2009 09:38:36 +0000 (+1200) Subject: Author: Alin Nastac X-Git-Tag: SQUID_3_2_0_1~798 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b50f1b2bd086f310aa6e670b39dd74943acc73d0;p=thirdparty%2Fsquid.git Author: Alin Nastac Add --disable-caps option Gentoo requires this to pull in libcap dependencies via --enable-caps which is a non-operation. Using it to disable libcap usage will explicitly prevent TPROXY which depends on it from operating while netfilter NAT support remains. NP: The TPROXY v2 configure tests will not even run with caps disabled. --- diff --git a/configure.in b/configure.in index 78ef4e4498..27fc8ab765 100644 --- a/configure.in +++ b/configure.in @@ -2438,16 +2438,28 @@ AC_CHECK_TYPE(socklen_t,AC_DEFINE(HAVE_SOCKLEN_T,1,[socklen_t is defined by the #include #endif]) -dnl Check for libcap1 breakage or libcap2 fixed -AC_CHECK_HEADERS(sys/capability.h) -libcap_broken=1 -AC_CACHE_CHECK([for operational libcap2], $libcap_broken, - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ - capget(NULL, NULL); - capset(NULL, NULL); - ]])],[libcap_broken=0],[]) -) -AC_DEFINE_UNQUOTED([LIBCAP_BROKEN],$libcap_broken,[if libcap2 is available and not clashing with libc]) +dnl Check for libcap header (assume its not broken unless +use_caps=yes +AC_ARG_ENABLE(caps, AS_HELP_STRING([--disable-caps],[disable usage of Linux capabilities library to control privileges]), +[ if test "x$enableval" = "xyes" ; then + AC_MSG_RESULT(forced yes) + else + AC_MSG_RESULT(no) + use_caps=no + fi +],[AC_MSG_RESULT(yes)]) +if test "x$use_caps" = "xyes"; then + dnl Check for libcap1 breakage or libcap2 fixed (assume broken unless found working) + libcap_broken=1 + AC_CHECK_HEADERS(sys/capability.h) + AC_CACHE_CHECK([for operational libcap2], $libcap_broken, + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ + capget(NULL, NULL); + capset(NULL, NULL); + ]])],[libcap_broken=0],[]) + ) + AC_DEFINE_UNQUOTED([LIBCAP_BROKEN],$libcap_broken,[if libcap2 is available and not clashing with libc]) +fi AC_CHECK_TYPE(mtyp_t,AC_DEFINE(HAVE_MTYP_T,1,[mtyp_t is defined by the system headers]),,[#include #include @@ -3177,16 +3189,24 @@ if test "$LINUX_NETFILTER" ; then AC_DEFINE(LINUX_NETFILTER, 0) fi AC_MSG_RESULT($LINUX_NETFILTER) -fi +fi if test "$LINUX_NETFILTER" = "no" ; then AC_MSG_WARN([Cannot find necessary Linux kernel (Netfilter) header files]) AC_MSG_WARN([Linux Transparent and Intercepting Proxy support WILL NOT be enabled]) sleep 10 fi +dnl Netfilter TPROXY depends on libcap but the NAT parts can still work. +if test "$LINUX_NETFILTER" = "yes" && test "$use_caps" != "yes" ; then + AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY]) + AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled]) + AC_MSG_WARN([Reduced support to Interception Proxy]) + sleep 10 +fi dnl Linux Netfilter/TPROXYv2 support requires some specific header files -dnl Shamelessly copied from shamelessly copied from above -if test "$LINUX_TPROXY2" ; then +dnl Shamelessly copied from above +if test "$LINUX_TPROXY2"; then + if test "$use_caps" = "yes"; then AC_MSG_CHECKING(if TPROXYv2 header files are installed) # hold on to your hats... if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes" && test "$LINUX_NETFILTER" = "yes"; then @@ -3204,6 +3224,11 @@ if test "$LINUX_TPROXY2" ; then AC_MSG_WARN([Or select the '--enable-linux-netfilter' option instead for Netfilter support.]) sleep 10 fi + else + AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY v2]) + AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled]) + sleep 10 + fi fi AC_ARG_ENABLE(gnuregex,