Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 353403 - =net-proxy/squid-2.7.9[caps,tproxy] - doesn't result in TPROXY support actually being enabled
Summary: =net-proxy/squid-2.7.9[caps,tproxy] - doesn't result in TPROXY support actual...
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Eray Aslan
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-01 13:59 UTC by Jaco Kroon
Modified: 2012-12-21 08:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
squid-2.7.9-tproxy.patch (squid-2.7.9-tproxy.patch,17.40 KB, patch)
2012-08-17 00:32 UTC, Jaco Kroon 		Details | Diff
squid-2.7.9.ebuild (squid-2.7.9.ebuild,5.87 KB, text/plain)
2012-08-17 00:33 UTC, Jaco Kroon 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jaco Kroon 2011-02-01 13:59:41 UTC 
I've emerged <net-proxy/squid-3.0 (too many unresolved issues port 3.0) with the caps and tproxy USE flags expecting to get a binary where I can use tproxy, this doesn't actually happen.  I found the following in the ./configure output:

libcap forced disabled

and I presume this is what results in:

checking if TPROXY header files are installed... no
configure: WARNING: Missing needed capabilities (libcap or libcap2) for TPROXY

Looking at the ./configure line portage passes --without-libcap, so I proceeded to edit the ebuild (@ line 141) and updated $(use_with libcap) to $(use_with caps libcap), this fixes:

 * QA Notice: USE Flag 'libcap' not in IUSE for net-proxy/squid-2.7.9

_and_ results in ./configure being given --with-libcap.

Still doesn't work for me after this, and I get:

checking if TPROXY header files are installed... no
WARNING: Cannot find TPROXY headers, you need to patch your kernel with the
tproxy package from:
 - lynx http://www.balabit.com/downloads/files/tproxy/

However, I'm running a 2.6.37 kernel which (afaik) has this patch merged into mainline and I'm able to actually set up the appropriate TPROXY redirects in mangle.

My complete USE flags follows:

[ebuild   R   ] net-proxy/squid-2.7.9  USE="caps epoll logrotate mysql pam samba ssl tproxy (-ipf-transparent) -kerberos (-kqueue) -ldap -nis (-pf-transparent) -postgres -sasl (-selinux) -snmp -sqlite -zero-penalty-hit" 0 kB

Reproducible: Always

Steps to Reproduce:
Comment 1 Jaco Kroon 2011-02-01 20:21:19 UTC 
Some of the header files has changed for TPROXY support.

The required patch is available at http://www.visolve.com/squid/tproxy4/squid-2.7s9-tproxy-4.patch - info at http://www.visolve.com/squid/squid-tproxy.php

My testing (applying the patch directly after unpack) of the patch shows a successful installation.
Comment 2 Jaco Kroon 2012-08-17 00:32:01 UTC 
Created attachment 321530 [details, diff]
squid-2.7.9-tproxy.patch
Comment 3 Jaco Kroon 2012-08-17 00:33:14 UTC 
Created attachment 321532 [details]
squid-2.7.9.ebuild

Updated squid-2.7.9 ebuild fixing tproxy support.  Of course this will break again for people using 2.2 kernels but fix it for everybody else.
Comment 4 Eray Aslan gentoo-dev 2012-12-21 08:16:13 UTC 
Closing.  Squid-2* versions are no longer in the tree.