On Mon, 2011-01-10 at 22:26 +1300, Amos Jeffries wrote: > On 10/01/11 19:58, Andrew Beverley wrote: > > Hi all, > > > > I was recently caught out by my own patch when compiling Squid :-) > > I compiled with netfilter marking enabled, but couldn't work out why > > packets weren't being marked. It was only after turning on detailed > > logging that I realised it was because Squid had been compiled without > > libcap. > > > > Therefore, as it is not possible to get or set a netfilter mark without > > libcap, please find attached a proposed patch which will disable > > netfilter marking at compilation time if libcap is not available (in a > > similar way to Linux transparent proxying). > > > > I also found a bug in the current configure.ac. You get the message > > "SQUID_DEFINE_BOOL: unrecognized value for USE_LIBNETFILTERCONNTRACK: > > 'auto'" if you haven't explicitly set with-netfilter-conntrack. This > > patch fixes that. > > > > Finally, it was recommended by the netfilter guys that as > > libnetfilter_conntrack offers .pc files, that PKG_CHECK_MODULES should > > be used to check for its presence. However, having looked at the code > > for the conntrack program, you'd have to first do a > > AC_CHECK_PROG(HAVE_PKG_CONFIG). Any thoughts on this please? Should I > > change the test to PKG_CHECK_MODULES? > > I spent a day or so looking into it when Jan suggested it. > > Several of us (myself, Henrik, Robert) have expressed a desire to use > pkg-check in the past. However the state of pkg-check availability is > not clear, so we are not able to convert to it as wanted just yet. > > Squid is expected to build on a number of OS including old Linux > versions which were released before pkg-check became common. I've had no > feedback from anyone using those OS to say it can be ported. So for now > we are being a bit conservative and making do without it.
Thanks, I thought that might be the case. Do you mind if I drop your thoughts back to the netfilter-dev mailing list (in answer to Jan's comments), as I feel a bit rude having not replied and not done anything since his email! Thanks, Andy
