Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 353403

Summary: =net-proxy/squid-2.7.9[caps,tproxy] - doesn't result in TPROXY support actually being enabled
Product: Gentoo Linux Reporter: Jaco Kroon <jaco>
Component: [OLD] ServerAssignee: Eray Aslan <eras>
Status: RESOLVED OBSOLETE    
Severity: normal CC: kevin, net-proxy+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: squid-2.7.9-tproxy.patch
squid-2.7.9.ebuild

Description Jaco Kroon 2011-02-01 13:59:41 UTC 
I've emerged <net-proxy/squid-3.0 (too many unresolved issues port 3.0) with the caps and tproxy USE flags expecting to get a binary where I can use tproxy, this doesn't actually happen.  I found the following in the ./configure output:

libcap forced disabled

and I presume this is what results in:

checking if TPROXY header files are installed... no
configure: WARNING: Missing needed capabilities (libcap or libcap2) for TPROXY

Looking at the ./configure line portage passes --without-libcap, so I proceeded to edit the ebuild (@ line 141) and updated $(use_with libcap) to $(use_with caps libcap), this fixes:

 * QA Notice: USE Flag 'libcap' not in IUSE for net-proxy/squid-2.7.9

_and_ results in ./configure being given --with-libcap.

Still doesn't work for me after this, and I get:

checking if TPROXY header files are installed... no
WARNING: Cannot find TPROXY headers, you need to patch your kernel with the
tproxy package from:
 - lynx http://www.balabit.com/downloads/files/tproxy/

However, I'm running a 2.6.37 kernel which (afaik) has this patch merged into mainline and I'm able to actually set up the appropriate TPROXY redirects in mangle.

My complete USE flags follows:

[ebuild   R   ] net-proxy/squid-2.7.9  USE="caps epoll logrotate mysql pam samba ssl tproxy (-ipf-transparent) -kerberos (-kqueue) -ldap -nis (-pf-transparent) -postgres -sasl (-selinux) -snmp -sqlite -zero-penalty-hit" 0 kB

Reproducible: Always

Steps to Reproduce:
Comment 1 Jaco Kroon 2011-02-01 20:21:19 UTC 
Some of the header files has changed for TPROXY support.

The required patch is available at http://www.visolve.com/squid/tproxy4/squid-2.7s9-tproxy-4.patch - info at http://www.visolve.com/squid/squid-tproxy.php

My testing (applying the patch directly after unpack) of the patch shows a successful installation.
Comment 2 Jaco Kroon 2012-08-17 00:32:01 UTC 
Created attachment 321530 [details, diff]
squid-2.7.9-tproxy.patch
Comment 3 Jaco Kroon 2012-08-17 00:33:14 UTC 
Created attachment 321532 [details]
squid-2.7.9.ebuild

Updated squid-2.7.9 ebuild fixing tproxy support.  Of course this will break again for people using 2.2 kernels but fix it for everybody else.
Comment 4 Eray Aslan gentoo-dev 2012-12-21 08:16:13 UTC 
Closing.  Squid-2* versions are no longer in the tree.