Date: Tue, 30 Dec 2003 03:50:04 +0900 (JST) From: Hidenori Ishikawa <hideishi@magisystem.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: hideishi@magisystem.net Subject: ports/60700: squid cannot be built with transparent-ipf support Message-ID: <200312291850.hBTIo4G17250@melchior.magisystem.net> Resent-Message-ID: <200312291900.hBTJ0OqZ039932@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 60700
>Category: ports
>Synopsis: squid cannot be built with transparent-ipf support
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 29 11:00:24 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Hidenori Ishikawa
>Release: FreeBSD 4.9-RELEASE i386
>Organization:
Chiba *BSD Users Group
>Environment:
System: FreeBSD melchior.magisystem.net 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Sat Nov 1 16:58:29 JST 2003 root@melchior.magisystem.net:/work/obj/usr/src/sys/SMP-4.9-MAGISYSTEM i386
>Description:
squid port (www/squid) cannot be built with transparent-ipf support
which is enabled by uncommenting the following lines.
# - Enable Transparent Proxy support for IP-Filter systems (incl 3.0)
#CONFIGURE_ARGS+= --enable-ipf-transparent
The port build may proceed although header problem occurs,
but you should see the following warning from configure script.
checking if IP-Filter header files are installed... no
WARNING: Cannot find necessary IP-Filter header files
Transparent Proxy support WILL NOT be enabled
Because, configure script cannot find the ipf headers,
transparent-ipf is disabled even though it is specified by
CONFIGURE_ARGS, hence compiled squid lacks transparent-ipf support.
>How-To-Repeat:
Uncomment the lines above (in other words, add --enable-ipf-tranparent
to CONFIGURE_ARGS) and make the port.
*IMPORTANT*
This port build must be done on a freshly installed FreeBSD machine
(4.8-RELEASE or later possibly).
On a machine in which FreeBSD was installed many days ago (such as
4.1-RELEASE or 4.0-RELEASE and the make world to proceeding releases),
squid port can be successfully built.
This is the core of the problem.
>Fix:
The reason to the build failure is that the ipf headers,
ip_compat.h, ip_fil.h and ip_nat.h are no longer installed on
recent FreeBSD releases.
They used to be install in old times. (I was able to build squid
with transtarent-ipf support on a 4.1-RELEASE machine at that time.)
I figured out this problem when I replaced my old proxy-box with
new machine and completely fresh installed 4.8-RELEASE.
I'm not sure, when the FreeBSD core team has changed their policy
about ipf headers, and suddenly changed "NOT" to install them.
These headers of course exist in the kernel source tree
/usr/src/sys/contrib/ipfilter/
but only used at kernel and kernel modules compile time.
In order to fix, there two solutions.
1. Ask FreeBSD core team (may be kernel maintainer) to re-enable
the installation of ipf headers to proper place (/usr/include).
2. Some how make a simbolyc link to /usr/src/sys/contrib/ipfilter/*.h
at squid port build time.
My workaround is copying ipf headers from kernel source tree to
/usr/include everytime when make a new make world, but this is
very odd. I suppose port system should utilize those headers
by itself.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312291850.hBTIo4G17250>