-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/01/2015 4:56 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 18:42, Amos Jeffries <squid3@xxxxxxxxxxxxx> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 24/01/2015 4:29 a.m., Odhiambo Washington wrote: >>> On 23 January 2015 at 17:33, Amos Jeffries >>> <squid3@xxxxxxxxxxxxx> wrote: >> >> <snip> >> >> >>> And the good news is that squid-3.5.1 is now allowing client >>> PCs to browse. Thank you for that. >>> >> >> Horray! >> > > THANK YOU once again:) > > >> >>> I still have issues to raise (though my small brain is now so >>> saturated): >>> >>> >>> Here is what I use: >>> >>> ./configure --prefix=/opt/squid35 \ >>> --enable-removal-policies="lru heap" \ --disable-epoll \ >>> --enable-auth \ --enable-auth-basic="DB NCSA PAM PAM POP3 SSPI" >>> \ --enable-external-acl-helpers="session unix_group >>> file_userip" \ --enable-auth-negotiate="kerberos" \ >>> --with-pthreads \ --enable-storeio="ufs diskd rock aufs" \ >>> --enable-delay-pools \ --enable-snmp \ --with-openssl=/usr \ >>> --enable-forw-via-db \ --enable-cache-digests \ --enable-wccpv2 >>> \ --enable-follow-x-forwarded-for \ --with-large-files \ >>> --enable-large-cache-files \ --enable-esi \ --enable-kqueue \ >>> --enable-icap-client \ --enable-kill-parent-hack \ --enable-ssl >>> \ --enable-leakfinder \ --enable-ssl-crtd \ >>> --enable-url-rewrite-helpers \ --enable-xmalloc-statistics \ >>> --enable-stacktraces \ --enable-zph-qos \ --enable-eui \ >>> --with-nat-devpf \ --enable-pf-transparent \ >>> --enable-ipf-transparent >>> >>> >>> It seems I have to remove --enable-ipf-transparent otherwise >>> the build fails. I was thinking I could have both of >>> --enable-ipf-transparent and --enable-ipf-transparent so that I >>> can be able to use either PF or IPFilter - whichever I want. >>> >>> >>> Are those two mutually exclusive? >> >> Thats a maybe. The original design was to enable that, but doing >> so may repeat the issue you just resolved. From what I can tell >> those two firewalls should be okay together on FreeBSD at this >> point. >> >>> When I have the two, the build fails with: >>> >>> root@mail:/usr/home/wash/squid-3.5.1-20150120-r13736 # gmake >>> Making all in compat gmake[1]: Entering directory >>> '/usr/home/wash/squid-3.5.1-20150120-r13736/compat' >>> depbase=`echo assert.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\ >>> /bin/sh ../libtool --tag=CXX --mode=compile clang++ >>> -DHAVE_CONFIG_H -I.. -I../include -I../lib -I../src >>> -I../include -I/usr/include -I/usr/include -I../libltdl >>> -I/usr/include -I/usr/local/include/libxml2 >>> -I/usr/local/include/libxml2 -Werror -Qunused-arguments >>> -D_REENTRANT -g -O2 -march=native -I/usr/local/include -MT >>> assert.lo -MD -MP -MF $depbase.Tpo -c -o assert.lo assert.cc >>> &&\ mv -f $depbase.Tpo $depbase.Plo libtool: compile: clang++ >>> -DHAVE_CONFIG_H -I.. -I../include -I../lib -I../src >>> -I../include -I/usr/include -I/usr/include -I../libltdl >>> -I/usr/include -I/usr/local/include/libxml2 >>> -I/usr/local/include/libxml2 -Werror -Qunused-arguments >>> -D_REENTRANT -g -O2 -march=native -I/usr/local/include -MT >>> assert.lo -MD -MP -MF .deps/assert.Tpo -c assert.cc -fPIC >>> -DPIC -o .libs/assert.o In file included from assert.cc:9: In >>> file included from ../include/squid.h:43: >>> ../compat/compat.h:49:57: error: expected value in expression >>> #if IPF_TRANSPARENT && USE_SOLARIS_IPFILTER_MINOR_T_HACK ^ >> >> Seems to be a bug in the autoconf detections. You can workaround >> it for now by adding this to your option list: >> >> CXXFLAGS="-DUSE_SOLARIS_IPFILTER_MINOR_T_HACK=0" >> >> (or if you unluckily hit build errors mentioning minor_t >> re-definition try setting it to =1). >> >> > I could be getting it all wrong, but there is where I end: > > > > root@mail:/usr/home/wash/ILI/Squid/3.5/squid-3.5.1-20150120-r13736 > # env > > <cut> CC=clang CXX=clang++ > CXXFLAGS=-DUSE_SOLARIS_IPFILTER_MINOR_T_HACK=0 </cut> > > root@mail:/usr/home/wash/ILI/Squid/3.5/squid-3.5.1-20150120-r13736 > # gmake Making all in compat gmake[1]: Entering directory > '/usr/home/wash/ILI/Squid/3.5/squid-3.5.1-20150120-r13736/compat' > depbase=`echo assert.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\ > /bin/sh ../libtool --tag=CXX --mode=compile clang++ > -DHAVE_CONFIG_H -I.. -I../include -I../lib -I../src -I../include > -I/usr/include -I/usr/include -I../libltdl -I/usr/include > -I/usr/local/include/libxml2 -I/usr/local/include/libxml2 -Werror > -Qunused-arguments -D_REENTRANT > -DUSE_SOLARIS_IPFILTER_MINOR_T_HACK=0 -march=native > -I/usr/local/include -MT assert.lo -MD -MP -MF $depbase.Tpo -c -o > assert.lo assert.cc &&\ mv -f $depbase.Tpo $depbase.Plo libtool: > compile: clang++ -DHAVE_CONFIG_H -I.. -I../include -I../lib > -I../src -I../include -I/usr/include -I/usr/include -I../libltdl > -I/usr/include -I/usr/local/include/libxml2 > -I/usr/local/include/libxml2 -Werror -Qunused-arguments > -D_REENTRANT -DUSE_SOLARIS_IPFILTER_MINOR_T_HACK=0 -march=native > -I/usr/local/include -MT assert.lo -MD -MP -MF .deps/assert.Tpo -c > assert.cc -fPIC -DPIC -o .libs/assert.o In file included from > assert.cc:9: In file included from ../include/squid.h:12: > ../include/autoconf.h:1431:9: error: > 'USE_SOLARIS_IPFILTER_MINOR_T_HACK' macro redefined [-Werror] > #define USE_SOLARIS_IPFILTER_MINOR_T_HACK ^ <command line>:3:9: > note: previous definition is here #define > USE_SOLARIS_IPFILTER_MINOR_T_HACK 0 ^ (mutters) > In file included from assert.cc:9: In file included from > ../include/squid.h:43: ../compat/compat.h:49:57: error: expected > value in expression #if IPF_TRANSPARENT && > USE_SOLARIS_IPFILTER_MINOR_T_HACK ^ 2 errors generated. > Makefile:921: recipe for target 'assert.lo' failed gmake[1]: *** > [assert.lo] Error 1 gmake[1]: Leaving directory > '/usr/home/wash/ILI/Squid/3.5/squid-3.5.1-20150120-r13736/compat' > Makefile:567: recipe for target 'all-recursive' failed gmake: *** > [all-recursive] Error 1 > > > > > > Plus I still have to ask: > > --with-pf-transparent --with-nat-devpf works now as expected. > > How about if I only had --enable-ipf-transparent ?? It means I > would be stuck still? Given the state of that macro definition, yes. There are some other things on Solaris I had to fix for Yuri (who is sponsoring those build fixes). I will put this on my list of thing to check out and hopefully be able to point you at a new snapshot to work with in a few days. > > Is there a workaround for IPFilter on FreeBSD not to cause the > loop? The cause of the loop was wrong NAT lookup being done for PF. The OpenBSD style PF which you were accidentally building used a different system API which always returns wrong results on FreeBSD. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUwnIUAAoJELJo5wb/XPRjQ1IIANnYk+6frClJG+YG8mdGqAn9 LDzDOqJXz2JPt8IM6mi66Q6+ykv/W00aQllq3VmA6oTqGs/fH6A6r6TrLXAnkv/n 77zKMo3VDO6z7It5w+IuK9X6FWSGOCVrNKZQWnwGstEpk6jpxE/wIyYHlUEJqdJi d9Gnnek2/aZDdDYjmgdbJOu78qyuA2eXO2dzBluNgWlnRjdBCWGwlIDUKQky5Wf6 3HH+/n9eQ86EEsHL9gsfB6bJTIPBxcge9hkQWsYIapfBXj2+ynBDrVxnmPVc4y2/ xs204HYAvTO3KuNj2cJnYBl1IiJ+QnVHg43srVyeNNjpp3XQF0R3sLyJKe2Q6oU= =G+4T -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
