ports/60700: squid cannot be built with transparent-ipf support

Hidenori Ishikawa hideishi at magisystem.net
Mon Dec 29 19:00:27 UTC 2003 

>Number:         60700
>Category:       ports
>Synopsis:       squid cannot be built with transparent-ipf support
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 29 11:00:24 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Hidenori Ishikawa
>Release:        FreeBSD 4.9-RELEASE i386
>Organization:
Chiba *BSD Users Group
>Environment:
System: FreeBSD melchior.magisystem.net 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Sat Nov 1 16:58:29 JST 2003 root at melchior.magisystem.net:/work/obj/usr/src/sys/SMP-4.9-MAGISYSTEM i386


	
>Description:
	squid port (www/squid) cannot be built with transparent-ipf support
	which is enabled by uncommenting the following lines.

#  - Enable Transparent Proxy support for IP-Filter systems (incl 3.0)
#CONFIGURE_ARGS+= --enable-ipf-transparent

	The port build may proceed although header problem occurs,
	but you should see the following warning from configure script.

checking if IP-Filter header files are installed... no
WARNING: Cannot find necessary IP-Filter header files
         Transparent Proxy support WILL NOT be enabled

	Because, configure script cannot find the ipf headers,
	transparent-ipf is disabled even though it is specified by
	CONFIGURE_ARGS, hence compiled squid lacks transparent-ipf support.

>How-To-Repeat:
	Uncomment the lines above (in other words, add --enable-ipf-tranparent
	to CONFIGURE_ARGS) and make the port.

	*IMPORTANT*
	This port build must be done on a freshly installed FreeBSD machine
	(4.8-RELEASE or later possibly).
	On a machine in which FreeBSD was installed many days ago (such as
	4.1-RELEASE or 4.0-RELEASE and the make world to proceeding releases),
	squid port can be successfully built.
	This is the core of the problem.
	
>Fix:
	The reason to the build failure is that the ipf headers, 
	ip_compat.h, ip_fil.h and ip_nat.h are no longer installed on
	recent FreeBSD releases.
	They used to be install in old times. (I was able to build squid
	with transtarent-ipf support on a 4.1-RELEASE machine at that time.)
	I figured out this problem when I replaced my old proxy-box with
	new machine and completely fresh installed 4.8-RELEASE.
	I'm not sure, when the FreeBSD core team has changed their policy
	about ipf headers, and suddenly changed "NOT" to install them.
	These headers of course exist in the kernel source tree
	/usr/src/sys/contrib/ipfilter/
	but only used at kernel and kernel modules compile time.
	In order to fix, there two solutions.
	1. Ask FreeBSD core team (may be kernel maintainer) to re-enable
	the installation of ipf headers to proper place (/usr/include).
	2. Some how  make a simbolyc link to /usr/src/sys/contrib/ipfilter/*.h
	at squid port build time.

	My workaround is copying ipf headers from kernel source tree to
	/usr/include everytime when make a new make world, but this is 
	very odd. I suppose port system should utilize those headers
	by itself.
	


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list