From: Amos Jeffries Date: Fri, 9 Jan 2015 10:24:41 +0000 (-0800) Subject: Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers X-Git-Tag: SQUID_3_4_11~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c44f1a7df641f5fac0c282cab499ad6e61e7b5fd;p=thirdparty%2Fsquid.git Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers Solaris 10+ bundles IPFilter code natively, but the IPFilter headers contain a duplicate definition of minor_t which does not match the existing OS definition. The result is that no applications (such as Squid) will build on Solaris with the natively provided headers. Also, the upstream IPFilter code separate from Solaris contains the same minor_t definition so building against a separate install of IPFilter does not fix the issue. We must instead play fancy games #define'ing minor_t to a different real-name for the OS headers and its own name for the IPFilter headers. Thanks to Yuri Voinov for sponsoring the Solaris 10 machine and environment resources for this fix. --- diff --git a/acinclude/os-deps.m4 b/acinclude/os-deps.m4 index 8fb597e2c9..29ec3141b0 100644 --- a/acinclude/os-deps.m4 +++ b/acinclude/os-deps.m4 @@ -902,3 +902,86 @@ int main (int argc, char ** argv) { AC_DEFINE_UNQUOTED(RECV_ARG_TYPE,$squid_cv_recv_second_arg_type, [Base type of the second argument to recv(2)]) ]) + + +dnl check whether Solaris has broken IPFilter headers (Solaris 10 at least does) +AC_DEFUN([SQUID_CHECK_BROKEN_SOLARIS_IPFILTER],[ + if test "x$squid_cv_broken_ipfilter_minor_t" = "x"; then + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +# include +# include +# include + +# include +# include +# include + ]])],[ + AC_MSG_RESULT(no) + squid_cv_broken_ipfilter_minor_t=0 + ],[ + ## on fail, test the hack + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#define minor_t fubaar +# include +# include +# include +#undef minor_t +# include +# include +# include + ]])],[ + AC_MSG_RESULT(yes) + squid_cv_broken_ipfilter_minor_t=1 + ],[ + AC_MSG_RESULT(unable to make IPFilter work with netinet/ headers) + ]) + ]) + fi + + AC_DEFINE_UNQUOTED(USE_SOLARIS_IPFILTER_MINOR_T_HACK,$squid_cv_broken_ipfilter_minor_t, + [Workaround IPFilter minor_t breakage]) + +## check for IPFilter headers that require this hack +## (but first netinet/in.h and sys/ioccom.h which they depend on) + AC_CHECK_HEADERS( \ + netinet/in.h \ + sys/ioccom.h \ + ip_compat.h \ + ip_fil_compat.h \ + ip_fil.h \ + ip_nat.h \ + netinet/ip_compat.h \ + netinet/ip_fil_compat.h \ + netinet/ip_fil.h \ + netinet/ip_nat.h \ + ,,,[ +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#define minor_t fubar +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_SYS_IOCCOM_H +#include +#endif +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#undef minor_t +#endif +#if HAVE_IP_COMPAT_H +#include +#elif HAVE_NETINET_IP_COMPAT_H +#include +#endif +#if HAVE_IP_FIL_H +#include +#elif HAVE_NETINET_IP_FIL_H +#include +#endif +#if !defined(IPFILTER_VERSION) +#define IPFILTER_VERSION 5000004 +#endif + ]) +]) diff --git a/compat/compat.h b/compat/compat.h index e72ee189fe..8462990542 100644 --- a/compat/compat.h +++ b/compat/compat.h @@ -34,6 +34,17 @@ #endif #endif +/* Solaris 10 has a broken definition for minor_t in IPFilter compat. + * We must pre-define before doing anything with OS headers so the OS + * do not. Then un-define it before using the IPFilter *_compat.h headers. + */ +#if IPF_TRANSPARENT && USE_SOLARIS_IPFILTER_MINOR_T_HACK +/* But we only need do this nasty thing for src/ip/Intercept.cc */ +#if BUILDING_SQUID_IP_INTERCEPT_CC +#define minor_t solaris_minor_t_fubar +#endif +#endif + /*****************************************************/ /* FDSETSIZE is messy and needs to be done before */ /* sys/types.h are defined. */ diff --git a/configure.ac b/configure.ac index 06cbaa7123..b345ba0180 100644 --- a/configure.ac +++ b/configure.ac @@ -2239,10 +2239,6 @@ AC_CHECK_HEADERS( \ iostream \ fstream \ climits \ - ip_compat.h \ - ip_fil_compat.h \ - ip_fil.h \ - ip_nat.h \ ipl.h \ lber.h \ ldap.h \ @@ -2260,7 +2256,6 @@ AC_CHECK_HEADERS( \ netdb.h \ netinet/in.h \ netinet/in_systm.h \ - netinet/ip_fil_compat.h \ openssl/err.h \ openssl/md5.h \ openssl/opensslv.h \ @@ -2348,12 +2343,8 @@ AC_CHECK_HEADERS( \ netinet/in.h \ netinet/ip.h \ netinet/ip6.h \ - netinet/ip_compat.h\ - netinet/ip_fil_compat.h\ - netinet/ip_fil.h\ netinet/ip_icmp.h \ netinet/ipl.h \ - netinet/ip_nat.h\ net/pf/pfvar.h \ net/pfvar.h \ sys/mount.h\ @@ -3238,10 +3229,10 @@ SQUID_CHECK_FUNC_STRNSTR SQUID_CHECK_FUNC_VACOPY SQUID_CHECK_FUNC___VACOPY - dnl IP-Filter support requires ipf header files. These aren't dnl installed by default, so we need to check for them if test "x$enable_ipf_transparent" != "xno" ; then + SQUID_CHECK_BROKEN_SOLARIS_IPFILTER AC_MSG_CHECKING(for availability of IP-Filter header files) # hold on to your hats... if test "x$ac_cv_header_ip_compat_h" = "xyes" -o \ @@ -3249,8 +3240,8 @@ if test "x$enable_ipf_transparent" != "xno" ; then "x$ac_cv_header_netinet_ip_compat_h" = "xyes" -o \ "x$ac_cv_header_netinet_ip_fil_compat_h" = "xyes" ; then have_ipfilter_compat_header="yes" - fi - if test "x$have_ipfilter_compat_header" = "xyes" -a \ + fi + if test "x$have_ipfilter_compat_header" = "xyes" -a \ "x$ac_cv_header_ip_fil_h" = "xyes" -a \ "x$ac_cv_header_ip_nat_h" = "xyes" ; then enable_ipf_transparent="yes" @@ -3262,19 +3253,20 @@ if test "x$enable_ipf_transparent" != "xno" ; then enable_ipf_transparent="no" fi AC_MSG_RESULT($IPF_TRANSPARENT) + +## On Solaris Ipfilter includes expect that SOLARIS2 is defined with the +## Solaris minor version (8, 9, 10, ...) + if test "x$enable_ipf_transparent" = "xyes" -a "x$squid_host_os" = "xsolaris" ; then + solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'` + CFLAGS="-DSOLARIS2=$solrev $CFLAGS" + CXXFLAGS="-DSOLARIS2=$solrev $CXXFLAGS" + fi + fi AC_MSG_NOTICE([IPF-based transparent proxying enabled: $enable_ipf_transparent]) SQUID_DEFINE_BOOL(IPF_TRANSPARENT,$enable_ipf_transparent, [Enable support for IPF-style transparent proxying]) -if test "x$enable_ipf_transparent" = "xyes" -a "x$squid_host_os" = "xsolaris" ; then -dnl On Solaris Ipfilter includes expect that SOLARIS2 is defined with the -dnl Solaris minor version (8, 9, 10, ...) - solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'` - CFLAGS="-DSOLARIS2=$solrev $CFLAGS" - CXXFLAGS="-DSOLARIS2=$solrev $CXXFLAGS" -fi - dnl PF /dev/pf support requires a header file. if test "x$with_nat_devpf" != "xno" ; then if test "x$ac_cv_header_net_pfvar_h" = "xyes" -o \ diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc index 0bf0d7a569..2ea8e3f3c6 100644 --- a/src/ip/Intercept.cc +++ b/src/ip/Intercept.cc @@ -30,6 +30,10 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * */ + +// Enable hack to workaround Solaris 10 IPFilter breakage +#define BUILDING_SQUID_IP_INTERCEPT_CC 1 + #include "squid.h" #include "comm/Connection.h" #include "ip/Intercept.h" @@ -38,9 +42,19 @@ #if IPF_TRANSPARENT +#if !defined(IPFILTER_VERSION) +#define IPFILTER_VERSION 5000004 +#endif + +#if HAVE_SYS_IOCCOM_H +#include +#endif #if HAVE_SYS_IOCTL_H #include #endif +#if HAVE_NETINET_IP6_H +#include +#endif #if HAVE_NETINET_TCP_H #include #endif @@ -52,6 +66,9 @@ #elif HAVE_NETINET_IPL_H #include #endif +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#undef minor_t +#endif #if HAVE_IP_FIL_COMPAT_H #include #elif HAVE_NETINET_IP_FIL_COMPAT_H