Andrew Beverley wrote:
> I'd like to propose the attached patch, to rename the build option
> --enable-linux-netfilter to --enable-nf-transparent. This is for 2
> reasons:
>
> 1. It is consistent with the remainder of the transparent proxy options
> (ifpw-transparent, ipf-transparent, pf-transparent).
>
> 2. It causes less confusion with my proposed netfilter marking patch,
> which also relies on netfilter libraries, but different ones.
> --enable-linux-netfilter implies the whole of the netfilter libraries
> are being included, when in actual fact it is only one for the purposes
> of transparent proxying.
>
> Netfilter marking patch to follow soon...
>
> Regards,
>
> Andy
>
>
I'm not sure its fully worth doing this.
* the "transparent" options are all due for a naming upgrade or
removal in the next major release anyway.
* linux-netfilter in fact enables both NAT (intercept) and TPROXY
(transparent) capture methods. And is documented so far as applying to
all supported netfilter targets. So naming for one specific of the two
(or three now that MARK is being added) is not reducing the confusion.
As for the patch, if people still want to go ahead with this just for 3.2...
* please place "USE_" as the prefix for all new/altered #if macros
that come from ./configure options. ie USE_NF_TRANSPARENT
* please remove this change. The documentation was neutral enough not
to cause confusion. The change itself is adding some.
- AC_MSG_ERROR([Linux Netfilter support requested but needed
headers not found])
+ AC_MSG_ERROR([Netfilter based transparent proxying requested but
needed headers not found])
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.5Received on Sun Aug 01 2010 - 05:43:41 MDT
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 12:01:06 MDT