598 lines
24 KiB
HTML
598 lines
24 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
||
|
<HTML>
|
||
|
<HEAD>
|
||
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
|
||
|
<TITLE>Squid 3.4.10 release notes</TITLE>
|
||
|
</HEAD>
|
||
|
<BODY>
|
||
|
<H1>Squid 3.4.10 release notes</H1>
|
||
|
|
||
|
<H2>Squid Developers</H2>
|
||
|
<HR>
|
||
|
<EM>This document contains the release notes for version 3.4 of Squid.
|
||
|
Squid is a WWW Cache application developed by the National Laboratory
|
||
|
for Applied Network Research and members of the Web Caching community.</EM>
|
||
|
<HR>
|
||
|
<P>
|
||
|
<H2><A NAME="toc1">1.</A> <A HREF="#s1">Notice</A></H2>
|
||
|
|
||
|
<UL>
|
||
|
<LI><A NAME="toc1.1">1.1</A> <A HREF="#ss1.1">Known issues</A>
|
||
|
<LI><A NAME="toc1.2">1.2</A> <A HREF="#ss1.2">Changes since earlier releases of Squid-3.4</A>
|
||
|
</UL>
|
||
|
<P>
|
||
|
<H2><A NAME="toc2">2.</A> <A HREF="#s2">Major new features since Squid-3.3</A></H2>
|
||
|
|
||
|
<UL>
|
||
|
<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">Helper protocol extensions</A>
|
||
|
<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">SSL Server Certificate Validator</A>
|
||
|
<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">Store-ID</A>
|
||
|
<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</A>
|
||
|
<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Transaction Annotations</A>
|
||
|
<LI><A NAME="toc2.6">2.6</A> <A HREF="#ss2.6">Multicast DNS</A>
|
||
|
</UL>
|
||
|
<P>
|
||
|
<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.3</A></H2>
|
||
|
|
||
|
<UL>
|
||
|
<LI><A NAME="toc3.1">3.1</A> <A HREF="#ss3.1">New tags</A>
|
||
|
<LI><A NAME="toc3.2">3.2</A> <A HREF="#ss3.2">Changes to existing tags</A>
|
||
|
<LI><A NAME="toc3.3">3.3</A> <A HREF="#ss3.3">Removed tags</A>
|
||
|
</UL>
|
||
|
<P>
|
||
|
<H2><A NAME="toc4">4.</A> <A HREF="#s4">Changes to ./configure options since Squid-3.3</A></H2>
|
||
|
|
||
|
<UL>
|
||
|
<LI><A NAME="toc4.1">4.1</A> <A HREF="#ss4.1">New options</A>
|
||
|
<LI><A NAME="toc4.2">4.2</A> <A HREF="#ss4.2">Changes to existing options</A>
|
||
|
<LI><A NAME="toc4.3">4.3</A> <A HREF="#ss4.3">Removed options</A>
|
||
|
</UL>
|
||
|
<P>
|
||
|
<H2><A NAME="toc5">5.</A> <A HREF="#s5">Regressions since Squid-2.7</A></H2>
|
||
|
|
||
|
<UL>
|
||
|
<LI><A NAME="toc5.1">5.1</A> <A HREF="#ss5.1">Missing squid.conf options available in Squid-2.7</A>
|
||
|
</UL>
|
||
|
|
||
|
<HR>
|
||
|
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
|
||
|
|
||
|
<P>The Squid Team are pleased to announce the release of Squid-3.4.10 for testing.</P>
|
||
|
<P>This new release is available for download from
|
||
|
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/">http://www.squid-cache.org/Versions/v3/3.4/</A> or the
|
||
|
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
|
||
|
|
||
|
<P>Some interesting new features adding system flexibility have been added along with general improvements all around.
|
||
|
While this release is not fully bug-free we believe it is ready for use in production on many systems.</P>
|
||
|
|
||
|
<P>We welcome feedback and bug reports. If you find a bug, please see
|
||
|
<A HREF="http://wiki.squid-cache.org/SquidFaq/BugReporting">http://wiki.squid-cache.org/SquidFaq/BugReporting</A>
|
||
|
for how to submit a report with a stack trace.</P>
|
||
|
|
||
|
<H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">Known issues</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>Although this release is deemed good enough for use in many setups, please note the existence of
|
||
|
<A HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=3.4">open bugs against Squid-3.4</A>.</P>
|
||
|
|
||
|
<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">Changes since earlier releases of Squid-3.4</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>The 3.4 change history can be
|
||
|
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/changesets/">viewed here</A>.</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Major new features since Squid-3.3</A></H2>
|
||
|
|
||
|
<P>Squid 3.4 represents a new feature release above 3.3.</P>
|
||
|
|
||
|
<P>The most important of these new features are:
|
||
|
<UL>
|
||
|
<LI>Helper protocol extensions</LI>
|
||
|
<LI>SSL Server Certificate Validator</LI>
|
||
|
<LI>Store-ID</LI>
|
||
|
<LI>TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</LI>
|
||
|
<LI>Transaction Annotations</LI>
|
||
|
<LI>Multicast DNS</LI>
|
||
|
</UL>
|
||
|
</P>
|
||
|
<P>Most user-facing changes are reflected in squid.conf (see below).</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">Helper protocol extensions</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||
|
|
||
|
<P>The Squid helper protocol used to communicate with authenticators,
|
||
|
URL-rewriters, Redirectors, and External ACL helpers has been updated
|
||
|
and extended.</P>
|
||
|
|
||
|
<P><EM>BH</EM> status code is now accepted from all helpers to report
|
||
|
internal error events separate from <EM>ERR</EM> rejection code.
|
||
|
Permitting Squid to perform recovery operations specific to
|
||
|
helper failure instead of a blanket client rejection.</P>
|
||
|
|
||
|
<P>Arbitrary key-value pairs can be returned from any helper.
|
||
|
Allowing future helpers to be forward- and backward- compatible
|
||
|
with this and future versions of Squid.</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">SSL Server Certificate Validator</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/Features/SslServerCertValidator">http://wiki.squid-cache.org/Features/SslServerCertValidator</A>.</P>
|
||
|
|
||
|
<P>The helper consulted after the internal OpenSSL validation, regardless of the
|
||
|
validation results. The helper will receive:</P>
|
||
|
<P>
|
||
|
<UL>
|
||
|
<LI>the origin server certificate (chain),</LI>
|
||
|
<LI>the intended domain name, and</LI>
|
||
|
<LI>a list of OpenSSL validation errors (if any).</LI>
|
||
|
</UL>
|
||
|
</P>
|
||
|
|
||
|
<P>If the helper decides to honor an OpenSSL error or report another validation
|
||
|
error(s), the helper will return:</P>
|
||
|
<P>
|
||
|
<UL>
|
||
|
<LI>A list of certificates.</LI>
|
||
|
<LI>A list of items consists the the validation error name (see <EM>%err_name</EM>
|
||
|
error page macro and <EM>%err_details</EM> code for <EM>logformat</EM>), error reason
|
||
|
(<EM>%ssl_lib_error macro</EM>), and the offending certificate.</LI>
|
||
|
</UL>
|
||
|
</P>
|
||
|
|
||
|
<P>The returned information mimics what the internal OpenSSL-based validation code
|
||
|
collects now. Returned errors, if any, are fed to <EM>sslproxy_cert_error</EM>,
|
||
|
triggering the existing SSL error processing code.</P>
|
||
|
|
||
|
<P>The helper invocation controlled by the <EM>sslcrtvalidator_program</EM> and
|
||
|
<EM>sslcrtvalidator_children</EM> configurations options which are similar to the
|
||
|
<EM>ssl_crtd</EM> related options. </P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">Store-ID</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/Features/StoreID">http://wiki.squid-cache.org/Features/StoreID</A>.</P>
|
||
|
|
||
|
<P>This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.</P>
|
||
|
|
||
|
<P><EM>Notice</EM> that this is not a direct portage of the Squid-2.7 feature so behaviour
|
||
|
differences do exist. Although the new feature works in similar enough ways that the old
|
||
|
helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.</P>
|
||
|
|
||
|
<P>Squid traditionally uses the requested URL as an index key ID to locate objects in cache.
|
||
|
It is not the only key possible and the Store-ID feature exposes an API for external
|
||
|
helpers to provide Squid with an alternative key name for any URL.</P>
|
||
|
|
||
|
<P>When any client request is received which requires a cache lookup the URL is passed to
|
||
|
a helper specified with the <EM>store_id_program</EM> directive to check for an alternative
|
||
|
Store ID. This allows the helper to identify URLs which refer to duplicate resources and
|
||
|
de-duplicate the cache content. <EM>store_id_access</EM> is provided to allow ACL-based
|
||
|
tuning of which traffic gets sent to the helper and reduce overheads.</P>
|
||
|
|
||
|
<P>One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by
|
||
|
this feature is that <EM>refresh_pattern</EM> applies its regex argument against the Store
|
||
|
ID key and not the transaction URL. So using the Store-ID feature to alter the value
|
||
|
affects which <EM>refresh_pattern</EM> directive will be matched.</P>
|
||
|
|
||
|
<P>Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers
|
||
|
option which is added in this version. Currently there is a <EM>file</EM> helper
|
||
|
provided.</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf">http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf</A>.</P>
|
||
|
|
||
|
<P>The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception
|
||
|
using several very simple methods. One of which is the <EM>divert-to</EM> rule type
|
||
|
which acts as a simple routing diversion instead of performing NAT packet alterations.</P>
|
||
|
|
||
|
<P>The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.</P>
|
||
|
|
||
|
<P>This version of Squid adds support for these features through the ./configure
|
||
|
options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on
|
||
|
systems with the required support. No special extras are required to enable
|
||
|
<EM>http_port ... tproxy</EM> configuration to work.</P>
|
||
|
|
||
|
<P>NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind
|
||
|
<EM>./configure --enable-pf-transparent</EM> has been altered and is expected to
|
||
|
break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD
|
||
|
which do not yet support the getsockname() API.
|
||
|
These systems require <EM>--with-nat-devpf</EM> to enable /dev/pf support when using PF firewall.</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Transaction Annotations</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>Previously the only annotation methods available were ICAP/eCAP HTTP header insertions
|
||
|
or external ACL <EM>tag=</EM> result code. Each of which had only limited possibilities
|
||
|
for use and little or no correlation.</P>
|
||
|
|
||
|
<P>It is now possible to add annotations to a client transaction from several sources:
|
||
|
<UL>
|
||
|
<LI> Directly from squid.conf using the <EM>note</EM> directive with
|
||
|
ACL-based selection of which annotation is linked to any
|
||
|
particular transaction.
|
||
|
</LI>
|
||
|
<LI> By configured helper processes returning a key=value pair.
|
||
|
The key name becomes the annotation name.</LI>
|
||
|
</UL>
|
||
|
</P>
|
||
|
|
||
|
<P>Annotations on the transaction can be passed to ICAP services or eCAP modules using the
|
||
|
<EM>adaptation_meta</EM> directive to send them as headers.
|
||
|
They can also be logged using the <EM>%note</EM> log format code in custom logs. With
|
||
|
the new helper response syntax changes this means all helper response key=value details
|
||
|
such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.</P>
|
||
|
|
||
|
<P>Annotations which are already assigned to a transaction can be checked using an ACL test
|
||
|
of the new <EM>note</EM> ACL type. This can match a particular note by name and value,
|
||
|
of for any notes with a given name.</P>
|
||
|
|
||
|
<P>NOTE: not all helper interfaces are yet enabled to convert key=value into annotations
|
||
|
and the external ACL interface does not yet send annotations to the helper.</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="ss2.6">2.6</A> <A HREF="#toc2.6">Multicast DNS</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in
|
||
|
accordance with RFC 6762.</P>
|
||
|
|
||
|
<P>The <EM>dns_multicast_local</EM> directive must be set to <EM>on</EM> to enable this
|
||
|
feature.</P>
|
||
|
|
||
|
<P>The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set
|
||
|
of available DNS resolvers and used automatically for domain names ending in <EM>.local</EM>
|
||
|
and reverse-DNS lookups before attempting a secondary resolution on the configured
|
||
|
resolvers. Domains without <EM>.local</EM> are resolved using only the configured resolvers.</P>
|
||
|
|
||
|
<P>Statistics for multicast DNS resolution can be found on the <EM>idns</EM> cache manager
|
||
|
report.</P>
|
||
|
|
||
|
<P><EM>NOTE</EM> that the external DNS helper interface is now deprecated and has been
|
||
|
removed from future Squid versions. Any installations still using it for local hostname
|
||
|
resolution need to upgrade to mDNS resolution with this Squid version.</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes to squid.conf since Squid-3.3</A></H2>
|
||
|
|
||
|
<P>There have been changes to Squid's configuration file since Squid-3.3.</P>
|
||
|
|
||
|
<P>Squid supports reading configuration option parameters from external
|
||
|
files using the syntax <EM>parameters("/path/filename")</EM>. For example:
|
||
|
<PRE>
|
||
|
acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
|
||
|
</PRE>
|
||
|
</P>
|
||
|
|
||
|
<P>There have also been changes to individual directives in the config file.</P>
|
||
|
<P>This section gives a thorough account of those changes in three categories:</P>
|
||
|
<P>
|
||
|
<UL>
|
||
|
<LI>
|
||
|
<A HREF="#newtags">New tags</A></LI>
|
||
|
<LI>
|
||
|
<A HREF="#modifiedtags">Changes to existing tags</A></LI>
|
||
|
<LI>
|
||
|
<A HREF="#removedtags">Removed tags</A></LI>
|
||
|
</UL>
|
||
|
</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="newtags"></A> <A NAME="ss3.1">3.1</A> <A HREF="#toc3.1">New tags</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>
|
||
|
<DL>
|
||
|
<DT><B>configuration_includes_quoted_values</B><DD>
|
||
|
<P>Whether Squid supports directive parameters with spaces, quotes, and other
|
||
|
special characters. Surround such parameters with "double quotes" and
|
||
|
also set this directive on/off around the relevant squid.conf line(s)
|
||
|
making use of such quoting.</P>
|
||
|
|
||
|
<DT><B>dns_multicast_local</B><DD>
|
||
|
<P>Use multicast DNS for <EM>.local</EM> domains and reverse-DNS resolution.</P>
|
||
|
|
||
|
<DT><B>note</B><DD>
|
||
|
<P>Use ACLs to annotate a transaction with customized annotations
|
||
|
which can be logged in access.log</P>
|
||
|
|
||
|
<DT><B>spoof_client_ip</B><DD>
|
||
|
<P>Access control to determine whether to disable the TPROXY spoofing on upstream traffic.</P>
|
||
|
|
||
|
<DT><B>sslcrtvalidator_children</B><DD>
|
||
|
<P>Specifies the settings for how many SSL server certificate
|
||
|
validator helpers are run and when they are started.</P>
|
||
|
|
||
|
<DT><B>sslcrtvalidator_program</B><DD>
|
||
|
<P>Specifies the location of a SSL server certificate validator helper.</P>
|
||
|
|
||
|
<DT><B>store_id_access</B><DD>
|
||
|
<P>Whether the URL for a given request is passed to the Store-ID helper process.
|
||
|
Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.</P>
|
||
|
<P>Ported equivalent to <EM>storeurl_access</EM> from 2.7</P>
|
||
|
|
||
|
<DT><B>store_id_bypass</B><DD>
|
||
|
<P>Whether the StoreID helper may be bypassed when overloaded.</P>
|
||
|
|
||
|
<DT><B>store_id_children</B><DD>
|
||
|
<P>Controls the number of StoreID helper processes.</P>
|
||
|
<P>Options <EM>startup=N</EM>, <EM>idle=N</EM>, <EM>concurrency=N</EM>
|
||
|
<UL>
|
||
|
<LI>startup=N allow finer tuning of how many helpers are started initially.</LI>
|
||
|
<LI>idle=N allow fine tuning of how many helper to retain as buffer against sudden traffic loads.</LI>
|
||
|
<LI>concurrency=N was previously called url_rewrite_concurrency as a distinct directive.</LI>
|
||
|
</UL>
|
||
|
</P>
|
||
|
|
||
|
<DT><B>store_id_rewrite_program</B><DD>
|
||
|
<P>A helper program to provide cache storage internal key ID value for a request.</P>
|
||
|
<P>Ported equivalent to <EM>storeurl_rewrite_program</EM> from 2.7</P>
|
||
|
|
||
|
</DL>
|
||
|
</P>
|
||
|
|
||
|
<H2><A NAME="modifiedtags"></A> <A NAME="ss3.2">3.2</A> <A HREF="#toc3.2">Changes to existing tags</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>
|
||
|
<DL>
|
||
|
<DT><B>access_log</B><DD>
|
||
|
<P>Configuration syntax extended to support name=value options.
|
||
|
<EM>New Syntax:</EM> access_log module:place [option ...] [acl ...]</P>
|
||
|
<P>New option <EM>logformat=</EM> to specify the logging format name.</P>
|
||
|
<P>New option <EM>buffer-size=</EM> to specify how large the log buffer
|
||
|
for this log is to be when <EM>buffered_logs</EM> is enabled.</P>
|
||
|
<P>New option <EM>on-error=</EM> to specify what handling is to be done
|
||
|
if the logging module encounters a non-recoverable error writing logs.
|
||
|
With the value <EM>die</EM> (the default) Squid halts operation.
|
||
|
With the value <EM>drop</EM> Squid drops log lines and continue running.</P>
|
||
|
|
||
|
<DT><B>acl</B><DD>
|
||
|
<P>New test type <EM>server_cert_fingerprint</EM> to match against
|
||
|
server SSL certificate fingerprint.</P>
|
||
|
<P>New test type <EM>note</EM> to match against transaction annotations
|
||
|
by name and value, or just by name.</P>
|
||
|
<P>New test type <EM>any-of</EM> to match if any one of a set of named ACLs.</P>
|
||
|
<P>New test type <EM>all-of</EM> to match against all of a set of named ACLs.</P>
|
||
|
|
||
|
<DT><B>auth_param</B><DD>
|
||
|
<P>New result code <EM>BH</EM> to signal helper internal errors
|
||
|
available in all authentication schemes.</P>
|
||
|
<P>New key <EM>message=</EM> for error message details in all authentication schemes.</P>
|
||
|
<P>New result code <EM>OK</EM> and key <EM>ha1=</EM> in Digest authentication.</P>
|
||
|
<P>New result codes <EM>OK</EM>, <EM>ERR</EM> replace result codes <EM>AF</EM>,
|
||
|
and <EM>NA</EM> in NTLM and Negotiate authentication.</P>
|
||
|
<P>New key <EM>token=</EM> for NTLM and Negotiate authentication <EM>OK</EM> responses.</P>
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||
|
|
||
|
<DT><B>external_acl_type</B><DD>
|
||
|
<P>Deprecated <EM>protocol=3.0</EM> option. No longer necessary.</P>
|
||
|
<P>New result code <EM>BH</EM> to signal helper internal errors</P>
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||
|
|
||
|
<DT><B>http_port</B><DD>
|
||
|
<P>Support IPv6 for <EM>intercept</EM> mode. Requires ip6tables support on Linux,
|
||
|
PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain
|
||
|
about misconfiguration if IPv6 support is missing, we now rely on the firewall
|
||
|
tools reporting misconfiguration when the NAT rules are created.</P>
|
||
|
<P>Support <EM>tproxy</EM> mode traffic on BSD systems with BINDANY support
|
||
|
(OpenBSD 5+, FreeBSD 9+ so far).</P>
|
||
|
<P>Changed build options behind <EM>intercept</EM> traffic mode handling on BSD.
|
||
|
see <EM>--enable-pf-transparent</EM> for more details.</P>
|
||
|
|
||
|
<DT><B>logformat</B><DD>
|
||
|
<P>New format code <EM>%note</EM> to log a transaction annotation linked to the
|
||
|
transaction by ICAP, eCAP, a helper, or the <EM>note</EM> squid.conf directive.</P>
|
||
|
<P>New format code <EM>%>qos</EM> to log client connection TOS/DSCP value set by Squid.</P>
|
||
|
<P>New format code <EM>%<qos</EM> to log server connection TOS/DSCP value set by Squid.</P>
|
||
|
<P>New format code <EM>%>nfmark</EM> to log client connection netfilter mark set by Squid.</P>
|
||
|
<P>New format code <EM>%<nfmark</EM> to log server connection netfilter mark set by Squid.</P>
|
||
|
|
||
|
<DT><B>pipeline_prefetch</B><DD>
|
||
|
<P>Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.</P>
|
||
|
|
||
|
<DT><B>refresh_pattern</B><DD>
|
||
|
<P><EM>NOTE:</EM> the regular expression pattern operates on the cache Store-ID value.
|
||
|
Which by default is identical to the requested URL, but may differ for some
|
||
|
objects if the Store-ID feature is in use.</P>
|
||
|
|
||
|
<DT><B>unlinkd_program</B><DD>
|
||
|
<P>New helper response format utilizing result codes <EM>OK</EM> and <EM>BH</EM>,
|
||
|
to signal helper lookup results. Also, key-value response values to return
|
||
|
multiple values to Squid.</P>
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||
|
|
||
|
<DT><B>url_rewrite_program</B><DD>
|
||
|
<P>New helper response format utilizing result codes <EM>OK</EM>, <EM>ERR</EM>,
|
||
|
and <EM>BH</EM> to signal helper lookup results. Also, key-value response
|
||
|
values to return multiple values to Squid.</P>
|
||
|
<P>Details at
|
||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||
|
|
||
|
</DL>
|
||
|
</P>
|
||
|
|
||
|
<H2><A NAME="removedtags"></A> <A NAME="ss3.3">3.3</A> <A HREF="#toc3.3">Removed tags</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>
|
||
|
<DL>
|
||
|
<DT><B>storeurl_access</B><DD>
|
||
|
<P>Replaced by <EM>store_id_access</EM>.</P>
|
||
|
|
||
|
<DT><B>storeurl_rewrite_children</B><DD>
|
||
|
<P>Replaced by <EM>store_id_children</EM>.</P>
|
||
|
|
||
|
<DT><B>storeurl_rewrite_concurrency</B><DD>
|
||
|
<P>Replaced by <EM>store_id_children</EM> with <EM>concurrency=N</EM> option.</P>
|
||
|
|
||
|
<DT><B>storeurl_rewrite_program</B><DD>
|
||
|
<P>Replaced by <EM>store_id_program</EM>.</P>
|
||
|
|
||
|
</DL>
|
||
|
</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="s4">4.</A> <A HREF="#toc4">Changes to ./configure options since Squid-3.3</A></H2>
|
||
|
|
||
|
<P>There have been some changes to Squid's build configuration since Squid-3.3.</P>
|
||
|
<P>This section gives an account of those changes in three categories:</P>
|
||
|
<P>
|
||
|
<UL>
|
||
|
<LI>
|
||
|
<A HREF="#newoptions">New options</A></LI>
|
||
|
<LI>
|
||
|
<A HREF="#modifiedoptions">Changes to existing options</A></LI>
|
||
|
<LI>
|
||
|
<A HREF="#removedoptions">Removed options</A></LI>
|
||
|
</UL>
|
||
|
</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="newoptions"></A> <A NAME="ss4.1">4.1</A> <A HREF="#toc4.1">New options</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>
|
||
|
<DL>
|
||
|
<DT><B>--enable-storeid-rewrite-helpers</B><DD>
|
||
|
<P>New option to control which Store-ID helpers are built. As with other
|
||
|
helper options use --disable-* to prevent any helpers building and
|
||
|
omit to get all helper auto-detected.</P>
|
||
|
<P>Currenly only a helper using <EM>file</EM> for backend is provided.</P>
|
||
|
|
||
|
<DT><B>--disable-arch-native</B><DD>
|
||
|
<P>New option to disable use of -march=native compiler flag.</P>
|
||
|
<P>The new flag auto-enables CPU-specific optimizations in GCC and is
|
||
|
required by Clang++ v3.2 for correct 64-bit environment detection.
|
||
|
It does not always work well however, so this build option is provided
|
||
|
to remove it when necessary.</P>
|
||
|
|
||
|
<DT><B>--with-nat-devpf</B><DD>
|
||
|
<P>New option to alter the behaviour of <EM>http_port ... intercept</EM> option
|
||
|
in squid.conf.</P>
|
||
|
<P>When this option is used Squid performs the /dev/pf lookups required to
|
||
|
support PF <EM>rdr-to</EM> rules. Otherwise Squid will perform perform the
|
||
|
getsockname() API calls to support PF <EM>divert-to</EM> rules.</P>
|
||
|
<P>NOTE: systems such as NetBSD and FreeBSD which do not yet support
|
||
|
the getsockname() API in recent PF versions require this option.</P>
|
||
|
|
||
|
</DL>
|
||
|
</P>
|
||
|
|
||
|
<H2><A NAME="modifiedoptions"></A> <A NAME="ss4.2">4.2</A> <A HREF="#toc4.2">Changes to existing options</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>
|
||
|
<DL>
|
||
|
<DT><B>--enable-pf-transparent</B><DD>
|
||
|
<P>NAT table support updated to use the getsockname() API provided by the
|
||
|
latest PF versions <EM>divert-to</EM>. This allows <EM>http_port</EM>
|
||
|
in squid.conf to support both <EM>intercept</EM> and <EM>tproxy</EM> traffic
|
||
|
and to silence NAT lookup failure messages on recent BSD.</P>
|
||
|
<P>NOTE: systems such as NetBSD and FreeBSD which do not yet support
|
||
|
the getsockname() API in recent PF versions require <EM>--with-nat-devpf</EM>
|
||
|
to re-enable /dev/pf support when using PF firewall.</P>
|
||
|
|
||
|
<DT><B>--disable-translation</B><DD>
|
||
|
<P>Default changed to prevent translating error page templates during build.
|
||
|
Use --enable-translation to explicitly build and install the templates.</P>
|
||
|
<P>The latest pre-translated templates can be downloaded from
|
||
|
<A HREF="http://www.squid-cache.org/Versions/langpack/">http://www.squid-cache.org/Versions/langpack/</A></P>
|
||
|
|
||
|
</DL>
|
||
|
</P>
|
||
|
<H2><A NAME="removedoptions"></A> <A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Removed options</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>
|
||
|
<DL>
|
||
|
<P><EM>There are no removed ./configure options in Squid-3.4.</EM></P>
|
||
|
|
||
|
</DL>
|
||
|
</P>
|
||
|
|
||
|
|
||
|
<H2><A NAME="s5">5.</A> <A HREF="#toc5">Regressions since Squid-2.7</A></H2>
|
||
|
|
||
|
<P>Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4</P>
|
||
|
|
||
|
<P>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.</P>
|
||
|
|
||
|
<H2><A NAME="ss5.1">5.1</A> <A HREF="#toc5.1">Missing squid.conf options available in Squid-2.7</A>
|
||
|
</H2>
|
||
|
|
||
|
<P>
|
||
|
<DL>
|
||
|
<DT><B>broken_vary_encoding</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>cache_dir</B><DD>
|
||
|
<P><EM>COSS</EM> storage type is lacking stability fixes from 2.6</P>
|
||
|
<P>COSS <EM>overwrite-percent=</EM> option not yet ported from 2.6</P>
|
||
|
<P>COSS <EM>max-stripe-waste=</EM> option not yet ported from 2.6</P>
|
||
|
<P>COSS <EM>membufs=</EM> option not yet ported from 2.6</P>
|
||
|
<P>COSS <EM>maxfullbufs=</EM> option not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>cache_peer</B><DD>
|
||
|
<P><EM>idle=</EM> not yet ported from 2.7</P>
|
||
|
<P><EM>monitorinterval=</EM> not yet ported from 2.6</P>
|
||
|
<P><EM>monitorsize=</EM> not yet ported from 2.6</P>
|
||
|
<P><EM>monitortimeout=</EM> not yet ported from 2.6</P>
|
||
|
<P><EM>monitorurl=</EM> not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>cache_vary</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>collapsed_forwarding</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>error_map</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>external_refresh_check</B><DD>
|
||
|
<P>Not yet ported from 2.7</P>
|
||
|
|
||
|
<DT><B>location_rewrite_access</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>location_rewrite_children</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>location_rewrite_concurrency</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>location_rewrite_program</B><DD>
|
||
|
<P>Not yet ported from 2.6</P>
|
||
|
|
||
|
<DT><B>refresh_pattern</B><DD>
|
||
|
<P><EM>stale-while-revalidate=</EM> not yet ported from 2.7</P>
|
||
|
<P><EM>ignore-stale-while-revalidate=</EM> not yet ported from 2.7</P>
|
||
|
<P><EM>negative-ttl=</EM> not yet ported from 2.7</P>
|
||
|
|
||
|
<DT><B>refresh_stale_hit</B><DD>
|
||
|
<P>Not yet ported from 2.7</P>
|
||
|
|
||
|
<DT><B>update_headers</B><DD>
|
||
|
<P>Not yet ported from 2.7</P>
|
||
|
|
||
|
</DL>
|
||
|
</P>
|
||
|
|
||
|
</BODY>
|
||
|
</HTML>
|