From: Francesco Chemolli Date: Fri, 25 Dec 2009 10:52:31 +0000 (+0100) Subject: Unraveled the netfilter-tproxy mess X-Git-Tag: SQUID_3_2_0_1~310^2~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96f08e2d43cd6325f35f04178a2609c96c789637;p=thirdparty%2Fsquid.git Unraveled the netfilter-tproxy mess Fixed bug with using detected PERL in helpers/basic_auth/DB --- 96f08e2d43cd6325f35f04178a2609c96c789637 diff --cc configure.in index 4a436dcbe6,544257bb37..133578f5ce --- a/configure.in +++ b/configure.in @@@ -1333,27 -1354,26 +1333,25 @@@ AC_ARG_ENABLE(pf-transparent fi ]) --dnl Enable Linux Netfilter Transparent Proxy --squid_opt_linux_netfilter="no" ++# Enable Linux Netfilter Transparent Proxy ++squid_opt_linux_netfilter="auto" AH_TEMPLATE(LINUX_NETFILTER,[Enable support for Transparent Proxy on Linux via Netfilter]) AC_ARG_ENABLE(linux-netfilter, AS_HELP_STRING([--enable-linux-netfilter], -- [Enable Transparent Proxy support for Linux (Netfilter)]), [ --if test "$enableval" = "yes" ; then -- AC_MSG_NOTICE([Linux (Netfilter) Transparent Proxy enabled]) -- squid_opt_linux_netfilter="yes" -- #will be AC_DEFINE'd later, after checking for appropriate infrastructure --fi ++ [Enable Transparent Proxy support for Linux (Netfilter)]), [ ++squid_opt_linux_netfilter=$enableval ++AC_MSG_NOTICE([Linux Transparent Proxy (Netfilter) support requested: $squid_opt_linux_netfilter]) ++#will be AC_DEFINE'd later, after checking for appropriate infrastructure ]) -# Enable Large file support -# -squid_opt_enable_large_files="no" +dnl Enable Large file support +buildmodel="" +squid_opt_enable_large_files=no + AC_ARG_WITH(large-files, AS_HELP_STRING([--with-large-files],[Enable support for large files (logs etc).]), -[ if test "$withval" = "yes"; then - squid_opt_enable_large_files="yes" +[ if test "x$withval" = "xyes"; then + squid_opt_enable_large_files=yes fi ]) @@@ -1433,22 -1453,22 +1431,17 @@@ default|"" fi esac -# Enable Linux transparent proxy support for obsolete TPROXY +dnl Enable Linux transparent proxy support for obsolete TPROXY AH_TEMPLATE(LINUX_TPROXY2,[Enable real Transparent Proxy support for Netfilter TPROXY v2]) ++squid_opt_linux_tproxy2="no" AC_ARG_ENABLE(linux-tproxy, AS_HELP_STRING([--enable-linux-tproxy], -- [Enable real Transparent Proxy support for Netfilter TPROXY (version 2).]), --[ if test "$enableval" = "yes" ; then -- AC_MSG_NOTICE([Linux Netfilter/TPROXY v2 enabled]) -- AC_DEFINE(LINUX_TPROXY2, 1) -- LINUX_TPROXY2="yes" -- if test -z "$squid_opt_linux_netfilter"; then -- AC_MSG_NOTICE([Linux-Netfilter Transparent Proxy automatically enabled]) -- squid_opt_linux_netfilter="yes" -- fi -- else -- AC_DEFINE(LINUX_TPROXY2, 0) ++ [Enable real Transparent Proxy support for Netfilter TPROXY (version 2).]), [ ++ if test "$enableval" = "yes" ; then ++ squid_opt_linux_tproxy2="yes" ++ AC_MSG_NOTICE([Linux Transparent Proxy (TPROXY) requested]) fi ++ #AC_DEFINE will be handled later ]) AM_CONDITIONAL(MAKE_LEAKFINDER, false) @@@ -3400,12 -3420,12 +3393,24 @@@ if test "$squid_opt_pf_transparent" = " AC_MSG_WARN([Transparent Proxy support WILL NOT be enabled]) fi ++<<<<<<< TREE + # Linux-Netfilter support requires Linux 2.4 kernel header files. ++if test "$squid_opt_linux_netfilter" = "auto" -a "$squid_opt_linux_tproxy2" = "yes" ; then ++ squid_opt_linux_netfilter="yes" ++ AC_MSG_NOTICE([Linux TPROXY support requested, Netfilter not specified. Also enabling netfilter]) ++fi ++if test "$squid_opt_linux_netfilter" = "no" -a "$squid_opt_linux_tproxy2" = "yes" ; then ++ AC_MSG_WARN([Linux Netfilter is explicitly disabled, also disabling TPROXY]) ++ squid_opt_linux_tproxy2="no" ++ # AC_DEFINE'd later ++fi ++======= +dnl Linux-Netfilter support requires Linux 2.4 kernel header files. ++>>>>>>> MERGE-SOURCE if test "$squid_opt_linux_netfilter" != "no" ; then AC_MSG_CHECKING(if Linux (Netfilter) kernel header files are installed) # hold on to your hats... if test "$ac_cv_header_linux_netfilter_ipv4_h" = "yes"; then -- squid_opt_linux_netfilter="yes" AC_DEFINE(LINUX_NETFILTER, 1) else squid_opt_linux_netfilter="no" @@@ -3416,48 -3436,48 +3421,59 @@@ AC_MSG_RESULT($squid_opt_linux_netfilter) fi --if test "$squid_opt_linux_netfilter" = "no" ; then -- LINUX_TPROXY2="no" -- AC_DEFINE(LINUX_TPROXY2, 0, -- [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) --fi ++<<<<<<< TREE + # Netfilter TPROXY depends on libcap but the NAT parts can still work. ++======= +dnl Netfilter TPROXY depends on libcap but the NAT parts can still work. ++>>>>>>> MERGE-SOURCE if test "$squid_opt_linux_netfilter" = "yes" && test "$use_libcap" != "yes" ; then AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY]) AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled]) AC_MSG_WARN([Reduced support to Interception Proxy]) -- LINUX_TPROXY2="no" -- AC_DEFINE(LINUX_TPROXY2, 0, [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) --fi -- -# Linux Netfilter/TPROXYv2 support requires some specific header files -dnl Shamelessly copied from above -if test "$LINUX_TPROXY2"; then - if test "$use_libcap" = "yes"; then - AC_MSG_CHECKING(if TPROXYv2 header files are installed) - # hold on to your hats... - if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes" && test "$squid_opt_linux_netfilter" = "yes"; then - LINUX_TPROXY2="yes" - AC_DEFINE(LINUX_TPROXY2, 1, [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) - else - LINUX_TPROXY2="no" - AC_DEFINE(LINUX_TPROXY2, 0, [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) - fi - AC_MSG_RESULT($LINUX_TPROXY2) - if test "$LINUX_TPROXY2" = "no" && test "$squid_opt_linux_netfilter" = "yes"; then - AC_MSG_WARN([Cannot find TPROXY v2 headers, you need to patch the kernel with ]) - AC_MSG_WARN([tproxy package from:]) - AC_MSG_WARN([ - lynx http://www.balabit.com/downloads/files/tproxy/]) - AC_MSG_WARN([Or select the '--enable-linux-netfilter' option instead for Netfilter support.]) - fi ++<<<<<<< TREE ++ squid_opt_linux_tproxy2="no" ++ # AC_DEFINE'd later ++fi ++ ++# Linux Netfilter/TPROXYv2 support requires some specific header files and ++# support infrastructure (netfilter and libcap) ++if test "$squid_opt_linux_tproxy2" = "yes" -a "$use_libcap" != "yes" ; then ++ AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY]) ++ AC_MSG_WARN([Disabling Linux TPROXY v2 support]) ++ AC_MSG_WARN([Interception proxy will still work]) ++ squid_opt_linux_tproxy2="no" ++fi ++if test "$squid_opt_linux_tproxy2" = "yes" ; then ++ # we already checked that $use_libcap2=yes ++ if test "$squid_opt_linux_netfilter" = "no" ; then ++ squid_opt_linux_netfilter="yes" ++ AC_MSG_NOTICE([Enabling Linux Netfilter support needed by Linux TPROXY v2]) ++ fi ++ AC_MSG_CHECKING([if TPROXYv2 header files are installed]) ++ if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" != "yes" ; then ++ squid_opt_linux_tproxy2="no" ++ dnl need to output before next lines ++ AC_MSG_RESULT($squid_opt_linux_tproxy2) ++ ++ AC_MSG_WARN([Cannot find TPROXY v2 headers, you need to patch the kernel with ]) ++ AC_MSG_WARN([tproxy package from: http://www.balabit.com/downloads/files/tproxy/]) ++ AC_MSG_WARN([or use '--enable-linux-netfilter' option instead for Netfilter support.]) ++======= +dnl Linux Netfilter/TPROXYv2 support requires some specific header files - dnl Shamelessly copied from above - if test "$LINUX_TPROXY2"; then - if test "$use_libcap" = "yes"; then - AC_MSG_CHECKING(if TPROXYv2 header files are installed) - # hold on to your hats... - if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes" && test "$squid_opt_linux_netfilter" = "yes"; then - LINUX_TPROXY2="yes" - AC_DEFINE(LINUX_TPROXY2, 1, [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) - else - LINUX_TPROXY2="no" - AC_DEFINE(LINUX_TPROXY2, 0, [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) - fi - AC_MSG_RESULT($LINUX_TPROXY2) - if test "$LINUX_TPROXY2" = "no" && test "$squid_opt_linux_netfilter" = "yes"; then - AC_MSG_WARN([Cannot find TPROXY v2 headers, you need to patch the kernel with ]) - AC_MSG_WARN([tproxy package from:]) - AC_MSG_WARN([ - lynx http://www.balabit.com/downloads/files/tproxy/]) - AC_MSG_WARN([Or select the '--enable-linux-netfilter' option instead for Netfilter support.]) - fi ++>>>>>>> MERGE-SOURCE else -- AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY v2]) -- AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled]) -- LINUX_TPROXY2="no" -- AC_DEFINE(LINUX_TPROXY2, 0, [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) ++ AC_MSG_RESULT($squid_opt_linux_tproxy2) fi fi ++dnl at the end of it all.. ++if test "$squid_opt_linux_tproxy2" = "yes" ; then ++ AC_DEFINE(LINUX_TPROXY2, 1) ++else ++ AC_DEFINE(LINUX_TPROXY2, 0) ++fi ++ ++ AC_ARG_ENABLE(gnuregex, AS_HELP_STRING([--enable-gnuregex],[Compile GNUregex. Unless you have reason to use this option, you should not enable it. diff --cc helpers/basic_auth/DB/config.test index c72b3db687,c72b3db687..5821ae589f --- a/helpers/basic_auth/DB/config.test +++ b/helpers/basic_auth/DB/config.test @@@ -2,6 -2,6 +2,6 @@@ ## Test: do we have perl to build the helper scripts? ## Test: do we have pod2man to build the manual? --$(PERL) --version >/dev/null 2>&1 && $(POD2MAN) --help >/dev/null 2>&1 ++${PERL} --version >/dev/null 2>&1 && $(POD2MAN) --help >/dev/null 2>&1 exit $?