libc.h \
libgen.h \
limits.h \
+ linux/types.h \
machine/byte_swap.h \
malloc.h \
math.h \
inttypes.h \
grp.h \
db.h \
- db_185.h \
- sys/capability.h
+ db_185.h
)
AC_CHECK_HEADERS(
#include <stddef.h>
#endif])
+dnl Check for libcap header (assume its not broken unless
+use_caps=yes
+AC_ARG_ENABLE(caps, AS_HELP_STRING([--disable-caps],[disable usage of Linux capabilities library to control privileges]),
+[ if test "x$enableval" = "xyes" ; then
+ AC_MSG_RESULT(forced yes)
+ else
+ AC_MSG_RESULT(no)
+ use_caps=no
+ fi
+],[AC_MSG_RESULT(yes)])
+if test "x$use_caps" = "xyes"; then
+ dnl Check for libcap1 breakage or libcap2 fixed (assume broken unless found working)
+ libcap_broken=1
+ AC_CHECK_HEADERS(sys/capability.h)
+ AC_CACHE_CHECK([for operational libcap2], $libcap_broken,
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/capability.h>]], [[
+ capget(NULL, NULL);
+ capset(NULL, NULL);
+ ]])],[libcap_broken=0],[])
+ )
+ AC_DEFINE_UNQUOTED([LIBCAP_BROKEN],$libcap_broken,[if libcap2 is available and not clashing with libc])
+fi
+
AC_CHECK_TYPE(mtyp_t,AC_DEFINE(HAVE_MTYP_T,1,[mtyp_t is defined by the system headers]),,[#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>])
AC_DEFINE(LINUX_NETFILTER, 0)
fi
AC_MSG_RESULT($LINUX_NETFILTER)
-fi
+fi
if test "$LINUX_NETFILTER" = "no" ; then
AC_MSG_WARN([Cannot find necessary Linux kernel (Netfilter) header files])
AC_MSG_WARN([Linux Transparent and Intercepting Proxy support WILL NOT be enabled])
sleep 10
fi
+dnl Netfilter TPROXY depends on libcap but the NAT parts can still work.
+if test "$LINUX_NETFILTER" = "yes" && test "$use_caps" != "yes" ; then
+ AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY])
+ AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled])
+ AC_MSG_WARN([Reduced support to Interception Proxy])
+ sleep 10
+fi
dnl Linux Netfilter/TPROXYv2 support requires some specific header files
-dnl Shamelessly copied from shamelessly copied from above
-if test "$LINUX_TPROXY2" ; then
+dnl Shamelessly copied from above
+if test "$LINUX_TPROXY2"; then
+ if test "$use_caps" = "yes"; then
AC_MSG_CHECKING(if TPROXYv2 header files are installed)
# hold on to your hats...
if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes" && test "$LINUX_NETFILTER" = "yes"; then
AC_MSG_WARN([Or select the '--enable-linux-netfilter' option instead for Netfilter support.])
sleep 10
fi
+ else
+ AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY v2])
+ AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled])
+ sleep 10
+ fi
fi
AC_ARG_ENABLE(gnuregex,
<P>Disable error page localization for visitors.</P>
<P>error_directory option is required if this option is used.</P>
+<DT><B>--disable-caps</B><DD>
+<P>Build without libcap support. The default is to auto-detect system capabilities
+and enable support when possible.</P>
+<P>NOTE: Disabling this or building without libcap support will break TPROXY support.</P>
+
<DT><B>--disable-ipv6</B><DD>
<P>Build without IPv6 support. The default is to auto-detect system capabilities
and build with IPv6 when possible.</P>
<p>Disable error page localization for visitors.
<p>error_directory option is required if this option is used.
+ <tag>--disable-caps</tag>
+ <p>Build without libcap support. The default is to auto-detect system capabilities
+ and enable support when possible.
+ <p>NOTE: Disabling this or building without libcap support will break TPROXY support.
+
<tag>--disable-ipv6</tag>
<p>Build without IPv6 support. The default is to auto-detect system capabilities
and build with IPv6 when possible.
projects / thirdparty / squid.git / commitdiff
