------------------------------------------------------------ revno: 13711 revision-id: squid3@treenet.co.nz-20150105134816-rpx1wgmvdvlkezv6 parent: squid3@treenet.co.nz-20150102035512-p8u1l322gyb6wvqs fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3754 committer: Amos Jeffries branch nick: 3.5 timestamp: Mon 2015-01-05 05:48:16 -0800 message: Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers Solaris 10+ bundles IPFilter code natively, but the IPFilter headers contain a duplicate definition of minor_t which does not match the existing OS definition. The result is that no applications (such as Squid) will build on Solaris with the natively provided headers. Also, the upstream IPFilter code separate from Solaris contains the same minor_t definition so building against a separate install of IPFilter does not fix the issue. We must instead play fancy games #define'ing minor_t to a different real-name for the OS headers and its own name for the IPFilter headers. Thanks to Yuri Voinov for sponsoring the Solaris 10 machine and environment resources for this fix. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20150105134816-rpx1wgmvdvlkezv6 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # testament_sha1: 5b5663a50d3089b03dc9c5501e96299c65ec98f3 # timestamp: 2015-01-05 13:50:57 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # base_revision_id: squid3@treenet.co.nz-20150102035512-\ # p8u1l322gyb6wvqs # # Begin patch === modified file 'acinclude/os-deps.m4' --- acinclude/os-deps.m4 2014-10-02 12:07:26 +0000 +++ acinclude/os-deps.m4 2015-01-05 13:48:16 +0000 @@ -881,3 +881,86 @@ AC_DEFINE_UNQUOTED(RECV_ARG_TYPE,$squid_cv_recv_second_arg_type, [Base type of the second argument to recv(2)]) ]) + + +dnl check whether Solaris has broken IPFilter headers (Solaris 10 at least does) +AC_DEFUN([SQUID_CHECK_BROKEN_SOLARIS_IPFILTER],[ + if test "x$squid_cv_broken_ipfilter_minor_t" = "x"; then + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +# include +# include +# include + +# include +# include +# include + ]])],[ + AC_MSG_RESULT(no) + squid_cv_broken_ipfilter_minor_t=0 + ],[ + ## on fail, test the hack + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#define minor_t fubaar +# include +# include +# include +#undef minor_t +# include +# include +# include + ]])],[ + AC_MSG_RESULT(yes) + squid_cv_broken_ipfilter_minor_t=1 + ],[ + AC_MSG_RESULT(unable to make IPFilter work with netinet/ headers) + ]) + ]) + fi + + AC_DEFINE_UNQUOTED(USE_SOLARIS_IPFILTER_MINOR_T_HACK,$squid_cv_broken_ipfilter_minor_t, + [Workaround IPFilter minor_t breakage]) + +## check for IPFilter headers that require this hack +## (but first netinet/in.h and sys/ioccom.h which they depend on) + AC_CHECK_HEADERS( \ + netinet/in.h \ + sys/ioccom.h \ + ip_compat.h \ + ip_fil_compat.h \ + ip_fil.h \ + ip_nat.h \ + netinet/ip_compat.h \ + netinet/ip_fil_compat.h \ + netinet/ip_fil.h \ + netinet/ip_nat.h \ + ,,,[ +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#define minor_t fubar +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_SYS_IOCCOM_H +#include +#endif +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#undef minor_t +#endif +#if HAVE_IP_COMPAT_H +#include +#elif HAVE_NETINET_IP_COMPAT_H +#include +#endif +#if HAVE_IP_FIL_H +#include +#elif HAVE_NETINET_IP_FIL_H +#include +#endif +#if !defined(IPFILTER_VERSION) +#define IPFILTER_VERSION 5000004 +#endif + ]) +]) === modified file 'compat/compat.h' --- compat/compat.h 2014-12-29 01:27:04 +0000 +++ compat/compat.h 2015-01-05 13:48:16 +0000 @@ -42,6 +42,17 @@ #endif #endif +/* Solaris 10 has a broken definition for minor_t in IPFilter compat. + * We must pre-define before doing anything with OS headers so the OS + * do not. Then un-define it before using the IPFilter *_compat.h headers. + */ +#if IPF_TRANSPARENT && USE_SOLARIS_IPFILTER_MINOR_T_HACK +/* But we only need do this nasty thing for src/ip/Intercept.cc */ +#if BUILDING_SQUID_IP_INTERCEPT_CC +#define minor_t solaris_minor_t_fubar +#endif +#endif + /*****************************************************/ /* FDSETSIZE is messy and needs to be done before */ /* sys/types.h are defined. */ === modified file 'configure.ac' --- configure.ac 2015-01-02 03:43:56 +0000 +++ configure.ac 2015-01-05 13:48:16 +0000 @@ -2753,10 +2753,6 @@ glob.h \ gnumalloc.h \ grp.h \ - ip_compat.h \ - ip_fil_compat.h \ - ip_fil.h \ - ip_nat.h \ ipl.h \ lber.h \ ldap.h \ @@ -2771,7 +2767,6 @@ netdb.h \ netinet/in.h \ netinet/in_systm.h \ - netinet/ip_fil_compat.h \ netinet/tcp.h \ paths.h \ poll.h \ @@ -2846,12 +2841,8 @@ netinet/in.h \ netinet/ip.h \ netinet/ip6.h \ - netinet/ip_compat.h\ - netinet/ip_fil_compat.h\ - netinet/ip_fil.h\ netinet/ip_icmp.h \ netinet/ipl.h \ - netinet/ip_nat.h\ net/pf/pfvar.h \ net/pfvar.h \ sys/mount.h\ @@ -3511,10 +3502,10 @@ SQUID_CHECK_FUNC_VACOPY SQUID_CHECK_FUNC___VACOPY - dnl IP-Filter support requires ipf header files. These aren't dnl installed by default, so we need to check for them if test "x$enable_ipf_transparent" != "xno" ; then + SQUID_CHECK_BROKEN_SOLARIS_IPFILTER AC_MSG_CHECKING(for availability of IP-Filter header files) # hold on to your hats... if test "x$ac_cv_header_ip_compat_h" = "xyes" -o \ @@ -3522,8 +3513,8 @@ "x$ac_cv_header_netinet_ip_compat_h" = "xyes" -o \ "x$ac_cv_header_netinet_ip_fil_compat_h" = "xyes" ; then have_ipfilter_compat_header="yes" - fi - if test "x$have_ipfilter_compat_header" = "xyes" -a \ + fi + if test "x$have_ipfilter_compat_header" = "xyes" -a \ "x$ac_cv_header_ip_fil_h" = "xyes" -a \ "x$ac_cv_header_ip_nat_h" = "xyes" ; then enable_ipf_transparent="yes" @@ -3535,19 +3526,20 @@ enable_ipf_transparent="no" fi AC_MSG_RESULT($IPF_TRANSPARENT) + +## On Solaris Ipfilter includes expect that SOLARIS2 is defined with the +## Solaris minor version (8, 9, 10, ...) + if test "x$enable_ipf_transparent" = "xyes" -a "x$squid_host_os" = "xsolaris" ; then + solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'` + CFLAGS="-DSOLARIS2=$solrev $CFLAGS" + CXXFLAGS="-DSOLARIS2=$solrev $CXXFLAGS" + fi + fi AC_MSG_NOTICE([IPF-based transparent proxying enabled: $enable_ipf_transparent]) SQUID_DEFINE_BOOL(IPF_TRANSPARENT,$enable_ipf_transparent, [Enable support for IPF-style transparent proxying]) -if test "x$enable_ipf_transparent" = "xyes" -a "x$squid_host_os" = "xsolaris" ; then -dnl On Solaris Ipfilter includes expect that SOLARIS2 is defined with the -dnl Solaris minor version (8, 9, 10, ...) - solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'` - CFLAGS="-DSOLARIS2=$solrev $CFLAGS" - CXXFLAGS="-DSOLARIS2=$solrev $CXXFLAGS" -fi - dnl PF /dev/pf support requires a header file. if test "x$with_nat_devpf" != "xno" ; then if test "x$ac_cv_header_net_pfvar_h" = "xyes" -o \ === modified file 'src/ip/Intercept.cc' --- src/ip/Intercept.cc 2014-12-20 18:14:00 +0000 +++ src/ip/Intercept.cc 2015-01-05 13:48:16 +0000 @@ -8,6 +8,9 @@ /* DEBUG: section 89 NAT / IP Interception */ +// Enable hack to workaround Solaris 10 IPFilter breakage +#define BUILDING_SQUID_IP_INTERCEPT_CC 1 + #include "squid.h" #include "comm/Connection.h" #include "fde.h" @@ -18,9 +21,19 @@ #if IPF_TRANSPARENT +#if !defined(IPFILTER_VERSION) +#define IPFILTER_VERSION 5000004 +#endif + +#if HAVE_SYS_IOCCOM_H +#include +#endif #if HAVE_SYS_IOCTL_H #include #endif +#if HAVE_NETINET_IP6_H +#include +#endif #if HAVE_NETINET_TCP_H #include #endif @@ -32,6 +45,9 @@ #elif HAVE_NETINET_IPL_H #include #endif +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#undef minor_t +#endif #if HAVE_IP_FIL_COMPAT_H #include #elif HAVE_NETINET_IP_FIL_COMPAT_H