On Mon, 10 May 2010 09:42:51 -0600, Alex Rousskov
<rousskov_at_measurement-factory.com> wrote:
> Hello,
>
> It looks like configure.in in trunk lost the code setting
> LINUX_NETFILTER. There are comments promising it will happen later in
> the code, but I do not see it happening. I am worried that this will
> break support for basic netfilter-based interception proxies (those
> working without libcap or TPROXY).
>
> I may be wrong, but the changes may have been introduced by
> autoconf-refactor:
>
>> revno: 10425
>> committer: Francesco Chemolli <kinkie_at_squid-cache.org>
>> branch nick: trunk
>> timestamp: Sun 2010-04-25 23:40:51 +0200
>> message:
>> Interim merge from autoconf-refactor feature-branch.
>
> Kinkie, could you please check that netfilter-based interception proxies
> are still supported?
>
>
> It would also be nice to get rid of libcap and TPROXY warnings when the
> user wants just netfilter-based interception proxy support and is
> willing to --disable the rest. In Squid v3.1, we now get these
> irrelevant (for the said configuration) warnings:
>
> configure: WARNING: Missing needed capabilities (libcap or libcap2) for
> TPROXY
> configure: WARNING: Linux Transparent Proxy support WILL NOT be enabled
> configure: WARNING: Reduced support to Interception Proxy
>
I was planning to propose this for 3.3, but it might as well happen now
for 3.2...
What I'm thinking is a shuffling of the transparent options like we just
shuffled the auth ones.
--enable/disable-transparent - disable all semantic (HTTP) transparent
stuff. This being TPROXY and other pass-thru stuff we add which makes Squid
semantically transparent.
Sub-options:
--with-tproxy
--enable-nat-intercept - disable/enable all NAT modules. the options
below to fine-tune which ones get built:
Sub-options:
--with-iptables
--with-pf
--with-ipf
--with-ipfw
...
Amos
Received on Mon May 10 2010 - 23:23:52 MDT
This archive was generated by hypermail 2.2.0 : Tue May 11 2010 - 12:00:08 MDT