From 69403394b4c87cbb6d622ad7a310d9c1330025b98e17236550edc0ab8e298737 Mon Sep 17 00:00:00 2001
From: Christian Wittmer
+
+
+
+
+ The Squid Team are pleased to announce the release of Squid-3.4.10 for testing. This new release is available for download from
+http://www.squid-cache.org/Versions/v3/3.4/ or the
+mirrors. Some interesting new features adding system flexibility have been added along with general improvements all around.
+While this release is not fully bug-free we believe it is ready for use in production on many systems. We welcome feedback and bug reports. If you find a bug, please see
+http://wiki.squid-cache.org/SquidFaq/BugReporting
+for how to submit a report with a stack trace. Although this release is deemed good enough for use in many setups, please note the existence of
+open bugs against Squid-3.4. The 3.4 change history can be
+viewed here. Squid 3.4 represents a new feature release above 3.3. The most important of these new features are:
+Squid 3.4.10 release notes
+
+Squid Developers
+
+This document contains the release notes for version 3.4 of Squid.
+Squid is a WWW Cache application developed by the National Laboratory
+for Applied Network Research and members of the Web Caching community.
+
+1. Notice
+
+
+2. Major new features since Squid-3.3
+
+
+
+3. Changes to squid.conf since Squid-3.3
+
+
+4. Changes to ./configure options since Squid-3.3
+
+
+5. Regressions since Squid-2.7
+
+
+
+
+1. Notice
+
+1.1 Known issues
+
+
+1.2 Changes since earlier releases of Squid-3.4
+
+
+2. Major new features since Squid-3.3
+
+
+
+
Most user-facing changes are reflected in squid.conf (see below).
+ + +Details at +http://wiki.squid-cache.org/Features/AddonHelpers.
+ +The Squid helper protocol used to communicate with authenticators, +URL-rewriters, Redirectors, and External ACL helpers has been updated +and extended.
+ +BH status code is now accepted from all helpers to report +internal error events separate from ERR rejection code. +Permitting Squid to perform recovery operations specific to +helper failure instead of a blanket client rejection.
+ +Arbitrary key-value pairs can be returned from any helper. +Allowing future helpers to be forward- and backward- compatible +with this and future versions of Squid.
+ + +Details at +http://wiki.squid-cache.org/Features/SslServerCertValidator.
+ +The helper consulted after the internal OpenSSL validation, regardless of the +validation results. The helper will receive:
++
If the helper decides to honor an OpenSSL error or report another validation +error(s), the helper will return:
++
The returned information mimics what the internal OpenSSL-based validation code +collects now. Returned errors, if any, are fed to sslproxy_cert_error, +triggering the existing SSL error processing code.
+ +The helper invocation controlled by the sslcrtvalidator_program and +sslcrtvalidator_children configurations options which are similar to the +ssl_crtd related options.
+ + +Details at +http://wiki.squid-cache.org/Features/StoreID.
+ +This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.
+ +Notice that this is not a direct portage of the Squid-2.7 feature so behaviour +differences do exist. Although the new feature works in similar enough ways that the old +helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.
+ +Squid traditionally uses the requested URL as an index key ID to locate objects in cache. +It is not the only key possible and the Store-ID feature exposes an API for external +helpers to provide Squid with an alternative key name for any URL.
+ +When any client request is received which requires a cache lookup the URL is passed to +a helper specified with the store_id_program directive to check for an alternative +Store ID. This allows the helper to identify URLs which refer to duplicate resources and +de-duplicate the cache content. store_id_access is provided to allow ACL-based +tuning of which traffic gets sent to the helper and reduce overheads.
+ +One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by +this feature is that refresh_pattern applies its regex argument against the Store +ID key and not the transaction URL. So using the Store-ID feature to alter the value +affects which refresh_pattern directive will be matched.
+ +Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers +option which is added in this version. Currently there is a file helper +provided.
+ + +Details at +http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf.
+ +The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception +using several very simple methods. One of which is the divert-to rule type +which acts as a simple routing diversion instead of performing NAT packet alterations.
+ +The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.
+ +This version of Squid adds support for these features through the ./configure +options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on +systems with the required support. No special extras are required to enable +http_port ... tproxy configuration to work.
+ +NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind +./configure --enable-pf-transparent has been altered and is expected to +break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD +which do not yet support the getsockname() API. +These systems require --with-nat-devpf to enable /dev/pf support when using PF firewall.
+ + +Previously the only annotation methods available were ICAP/eCAP HTTP header insertions +or external ACL tag= result code. Each of which had only limited possibilities +for use and little or no correlation.
+ +It is now possible to add annotations to a client transaction from several sources: +
Annotations on the transaction can be passed to ICAP services or eCAP modules using the +adaptation_meta directive to send them as headers. +They can also be logged using the %note log format code in custom logs. With +the new helper response syntax changes this means all helper response key=value details +such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.
+ +Annotations which are already assigned to a transaction can be checked using an ACL test +of the new note ACL type. This can match a particular note by name and value, +of for any notes with a given name.
+ +NOTE: not all helper interfaces are yet enabled to convert key=value into annotations +and the external ACL interface does not yet send annotations to the helper.
+ + +The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in +accordance with RFC 6762.
+ +The dns_multicast_local directive must be set to on to enable this +feature.
+ +The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set +of available DNS resolvers and used automatically for domain names ending in .local +and reverse-DNS lookups before attempting a secondary resolution on the configured +resolvers. Domains without .local are resolved using only the configured resolvers.
+ +Statistics for multicast DNS resolution can be found on the idns cache manager +report.
+ +NOTE that the external DNS helper interface is now deprecated and has been +removed from future Squid versions. Any installations still using it for local hostname +resolution need to upgrade to mDNS resolution with this Squid version.
+ + +There have been changes to Squid's configuration file since Squid-3.3.
+ +Squid supports reading configuration option parameters from external +files using the syntax parameters("/path/filename"). For example: +
+ acl whitelist dstdomain parameters("/etc/squid/whitelist.txt") ++ + +
There have also been changes to individual directives in the config file.
+This section gives a thorough account of those changes in three categories:
++
+
Whether Squid supports directive parameters with spaces, quotes, and other +special characters. Surround such parameters with "double quotes" and +also set this directive on/off around the relevant squid.conf line(s) +making use of such quoting.
+ +Use multicast DNS for .local domains and reverse-DNS resolution.
+ +Use ACLs to annotate a transaction with customized annotations +which can be logged in access.log
+ +Access control to determine whether to disable the TPROXY spoofing on upstream traffic.
+ +Specifies the settings for how many SSL server certificate +validator helpers are run and when they are started.
+ +Specifies the location of a SSL server certificate validator helper.
+ +Whether the URL for a given request is passed to the Store-ID helper process. +Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.
+Ported equivalent to storeurl_access from 2.7
+ +Whether the StoreID helper may be bypassed when overloaded.
+ +Controls the number of StoreID helper processes.
+Options startup=N, idle=N, concurrency=N +
A helper program to provide cache storage internal key ID value for a request.
+Ported equivalent to storeurl_rewrite_program from 2.7
+ ++
Configuration syntax extended to support name=value options. +New Syntax: access_log module:place [option ...] [acl ...]
+New option logformat= to specify the logging format name.
+New option buffer-size= to specify how large the log buffer +for this log is to be when buffered_logs is enabled.
+New option on-error= to specify what handling is to be done +if the logging module encounters a non-recoverable error writing logs. +With the value die (the default) Squid halts operation. +With the value drop Squid drops log lines and continue running.
+ +New test type server_cert_fingerprint to match against +server SSL certificate fingerprint.
+New test type note to match against transaction annotations +by name and value, or just by name.
+New test type any-of to match if any one of a set of named ACLs.
+New test type all-of to match against all of a set of named ACLs.
+ +New result code BH to signal helper internal errors +available in all authentication schemes.
+New key message= for error message details in all authentication schemes.
+New result code OK and key ha1= in Digest authentication.
+New result codes OK, ERR replace result codes AF, +and NA in NTLM and Negotiate authentication.
+New key token= for NTLM and Negotiate authentication OK responses.
+Details at +http://wiki.squid-cache.org/Features/AddonHelpers.
+ +Deprecated protocol=3.0 option. No longer necessary.
+New result code BH to signal helper internal errors
+Details at +http://wiki.squid-cache.org/Features/AddonHelpers.
+ +Support IPv6 for intercept mode. Requires ip6tables support on Linux, +PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain +about misconfiguration if IPv6 support is missing, we now rely on the firewall +tools reporting misconfiguration when the NAT rules are created.
+Support tproxy mode traffic on BSD systems with BINDANY support +(OpenBSD 5+, FreeBSD 9+ so far).
+Changed build options behind intercept traffic mode handling on BSD. +see --enable-pf-transparent for more details.
+ +New format code %note to log a transaction annotation linked to the +transaction by ICAP, eCAP, a helper, or the note squid.conf directive.
+New format code %>qos to log client connection TOS/DSCP value set by Squid.
+New format code %<qos to log server connection TOS/DSCP value set by Squid.
+New format code %>nfmark to log client connection netfilter mark set by Squid.
+New format code %<nfmark to log server connection netfilter mark set by Squid.
+ +Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.
+ +NOTE: the regular expression pattern operates on the cache Store-ID value. +Which by default is identical to the requested URL, but may differ for some +objects if the Store-ID feature is in use.
+ +New helper response format utilizing result codes OK and BH, +to signal helper lookup results. Also, key-value response values to return +multiple values to Squid.
+Details at +http://wiki.squid-cache.org/Features/AddonHelpers.
+ +New helper response format utilizing result codes OK, ERR, +and BH to signal helper lookup results. Also, key-value response +values to return multiple values to Squid.
+Details at +http://wiki.squid-cache.org/Features/AddonHelpers.
+ ++
Replaced by store_id_access.
+ +Replaced by store_id_children.
+ +Replaced by store_id_children with concurrency=N option.
+ +Replaced by store_id_program.
+ +There have been some changes to Squid's build configuration since Squid-3.3.
+This section gives an account of those changes in three categories:
++
+ + + ++
New option to control which Store-ID helpers are built. As with other +helper options use --disable-* to prevent any helpers building and +omit to get all helper auto-detected.
+Currenly only a helper using file for backend is provided.
+ +New option to disable use of -march=native compiler flag.
+The new flag auto-enables CPU-specific optimizations in GCC and is +required by Clang++ v3.2 for correct 64-bit environment detection. +It does not always work well however, so this build option is provided +to remove it when necessary.
+ +New option to alter the behaviour of http_port ... intercept option +in squid.conf.
+When this option is used Squid performs the /dev/pf lookups required to +support PF rdr-to rules. Otherwise Squid will perform perform the +getsockname() API calls to support PF divert-to rules.
+NOTE: systems such as NetBSD and FreeBSD which do not yet support +the getsockname() API in recent PF versions require this option.
+ ++
NAT table support updated to use the getsockname() API provided by the +latest PF versions divert-to. This allows http_port +in squid.conf to support both intercept and tproxy traffic +and to silence NAT lookup failure messages on recent BSD.
+NOTE: systems such as NetBSD and FreeBSD which do not yet support +the getsockname() API in recent PF versions require --with-nat-devpf +to re-enable /dev/pf support when using PF firewall.
+ +Default changed to prevent translating error page templates during build. +Use --enable-translation to explicitly build and install the templates.
+The latest pre-translated templates can be downloaded from +http://www.squid-cache.org/Versions/langpack/
+ ++
There are no removed ./configure options in Squid-3.4.
+ +Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4
+ +If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
+ ++
Not yet ported from 2.6
+ +COSS storage type is lacking stability fixes from 2.6
+COSS overwrite-percent= option not yet ported from 2.6
+COSS max-stripe-waste= option not yet ported from 2.6
+COSS membufs= option not yet ported from 2.6
+COSS maxfullbufs= option not yet ported from 2.6
+ +idle= not yet ported from 2.7
+monitorinterval= not yet ported from 2.6
+monitorsize= not yet ported from 2.6
+monitortimeout= not yet ported from 2.6
+monitorurl= not yet ported from 2.6
+ +Not yet ported from 2.6
+ +Not yet ported from 2.6
+ +Not yet ported from 2.6
+ +Not yet ported from 2.7
+ +Not yet ported from 2.6
+ +Not yet ported from 2.6
+ +Not yet ported from 2.6
+ +Not yet ported from 2.6
+ +stale-while-revalidate= not yet ported from 2.7
+ignore-stale-while-revalidate= not yet ported from 2.7
+negative-ttl= not yet ported from 2.7
+ +Not yet ported from 2.7
+ +Not yet ported from 2.7
+ +-
-
-
-
-
The Squid Team are pleased to announce the release of Squid-3.4.10 for testing.
-This new release is available for download from -http://www.squid-cache.org/Versions/v3/3.4/ or the -mirrors.
- -Some interesting new features adding system flexibility have been added along with general improvements all around. -While this release is not fully bug-free we believe it is ready for use in production on many systems.
- -We welcome feedback and bug reports. If you find a bug, please see -http://wiki.squid-cache.org/SquidFaq/BugReporting -for how to submit a report with a stack trace.
- -Although this release is deemed good enough for use in many setups, please note the existence of -open bugs against Squid-3.4.
- -The 3.4 change history can be -viewed here.
- - -Squid 3.4 represents a new feature release above 3.3.
- -The most important of these new features are: -
Most user-facing changes are reflected in squid.conf (see below).
- - -Details at -http://wiki.squid-cache.org/Features/AddonHelpers.
- -The Squid helper protocol used to communicate with authenticators, -URL-rewriters, Redirectors, and External ACL helpers has been updated -and extended.
- -BH status code is now accepted from all helpers to report -internal error events separate from ERR rejection code. -Permitting Squid to perform recovery operations specific to -helper failure instead of a blanket client rejection.
- -Arbitrary key-value pairs can be returned from any helper. -Allowing future helpers to be forward- and backward- compatible -with this and future versions of Squid.
- - -Details at -http://wiki.squid-cache.org/Features/SslServerCertValidator.
- -The helper consulted after the internal OpenSSL validation, regardless of the -validation results. The helper will receive:
--
If the helper decides to honor an OpenSSL error or report another validation -error(s), the helper will return:
--
The returned information mimics what the internal OpenSSL-based validation code -collects now. Returned errors, if any, are fed to sslproxy_cert_error, -triggering the existing SSL error processing code.
- -The helper invocation controlled by the sslcrtvalidator_program and -sslcrtvalidator_children configurations options which are similar to the -ssl_crtd related options.
- - -Details at -http://wiki.squid-cache.org/Features/StoreID.
- -This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.
- -Notice that this is not a direct portage of the Squid-2.7 feature so behaviour -differences do exist. Although the new feature works in similar enough ways that the old -helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.
- -Squid traditionally uses the requested URL as an index key ID to locate objects in cache. -It is not the only key possible and the Store-ID feature exposes an API for external -helpers to provide Squid with an alternative key name for any URL.
- -When any client request is received which requires a cache lookup the URL is passed to -a helper specified with the store_id_program directive to check for an alternative -Store ID. This allows the helper to identify URLs which refer to duplicate resources and -de-duplicate the cache content. store_id_access is provided to allow ACL-based -tuning of which traffic gets sent to the helper and reduce overheads.
- -One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by -this feature is that refresh_pattern applies its regex argument against the Store -ID key and not the transaction URL. So using the Store-ID feature to alter the value -affects which refresh_pattern directive will be matched.
- -Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers -option which is added in this version. Currently there is a file helper -provided.
- - -Details at -http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf.
- -The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception -using several very simple methods. One of which is the divert-to rule type -which acts as a simple routing diversion instead of performing NAT packet alterations.
- -The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.
- -This version of Squid adds support for these features through the ./configure -options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on -systems with the required support. No special extras are required to enable -http_port ... tproxy configuration to work.
- -NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind -./configure --enable-pf-transparent has been altered and is expected to -break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD -which do not yet support the getsockname() API. -These systems require --with-nat-devpf to enable /dev/pf support when using PF firewall.
- - -Previously the only annotation methods available were ICAP/eCAP HTTP header insertions -or external ACL tag= result code. Each of which had only limited possibilities -for use and little or no correlation.
- -It is now possible to add annotations to a client transaction from several sources: -
Annotations on the transaction can be passed to ICAP services or eCAP modules using the -adaptation_meta directive to send them as headers. -They can also be logged using the %note log format code in custom logs. With -the new helper response syntax changes this means all helper response key=value details -such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.
- -Annotations which are already assigned to a transaction can be checked using an ACL test -of the new note ACL type. This can match a particular note by name and value, -of for any notes with a given name.
- -NOTE: not all helper interfaces are yet enabled to convert key=value into annotations -and the external ACL interface does not yet send annotations to the helper.
- - -The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in -accordance with RFC 6762.
- -The dns_multicast_local directive must be set to on to enable this -feature.
- -The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set -of available DNS resolvers and used automatically for domain names ending in .local -and reverse-DNS lookups before attempting a secondary resolution on the configured -resolvers. Domains without .local are resolved using only the configured resolvers.
- -Statistics for multicast DNS resolution can be found on the idns cache manager -report.
- -NOTE that the external DNS helper interface is now deprecated and has been -removed from future Squid versions. Any installations still using it for local hostname -resolution need to upgrade to mDNS resolution with this Squid version.
- - -There have been changes to Squid's configuration file since Squid-3.3.
- -Squid supports reading configuration option parameters from external -files using the syntax parameters("/path/filename"). For example: -
- acl whitelist dstdomain parameters("/etc/squid/whitelist.txt") -- - -
There have also been changes to individual directives in the config file.
-This section gives a thorough account of those changes in three categories:
--
-
Whether Squid supports directive parameters with spaces, quotes, and other -special characters. Surround such parameters with "double quotes" and -also set this directive on/off around the relevant squid.conf line(s) -making use of such quoting.
- -Use multicast DNS for .local domains and reverse-DNS resolution.
- -Use ACLs to annotate a transaction with customized annotations -which can be logged in access.log
- -Access control to determine whether to disable the TPROXY spoofing on upstream traffic.
- -Specifies the settings for how many SSL server certificate -validator helpers are run and when they are started.
- -Specifies the location of a SSL server certificate validator helper.
- -Whether the URL for a given request is passed to the Store-ID helper process. -Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.
-Ported equivalent to storeurl_access from 2.7
- -Whether the StoreID helper may be bypassed when overloaded.
- -Controls the number of StoreID helper processes.
-Options startup=N, idle=N, concurrency=N -
A helper program to provide cache storage internal key ID value for a request.
-Ported equivalent to storeurl_rewrite_program from 2.7
- --
Configuration syntax extended to support name=value options. -New Syntax: access_log module:place [option ...] [acl ...]
-New option logformat= to specify the logging format name.
-New option buffer-size= to specify how large the log buffer -for this log is to be when buffered_logs is enabled.
-New option on-error= to specify what handling is to be done -if the logging module encounters a non-recoverable error writing logs. -With the value die (the default) Squid halts operation. -With the value drop Squid drops log lines and continue running.
- -New test type server_cert_fingerprint to match against -server SSL certificate fingerprint.
-New test type note to match against transaction annotations -by name and value, or just by name.
-New test type any-of to match if any one of a set of named ACLs.
-New test type all-of to match against all of a set of named ACLs.
- -New result code BH to signal helper internal errors -available in all authentication schemes.
-New key message= for error message details in all authentication schemes.
-New result code OK and key ha1= in Digest authentication.
-New result codes OK, ERR replace result codes AF, -and NA in NTLM and Negotiate authentication.
-New key token= for NTLM and Negotiate authentication OK responses.
-Details at -http://wiki.squid-cache.org/Features/AddonHelpers.
- -Deprecated protocol=3.0 option. No longer necessary.
-New result code BH to signal helper internal errors
-Details at -http://wiki.squid-cache.org/Features/AddonHelpers.
- -Support IPv6 for intercept mode. Requires ip6tables support on Linux, -PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain -about misconfiguration if IPv6 support is missing, we now rely on the firewall -tools reporting misconfiguration when the NAT rules are created.
-Support tproxy mode traffic on BSD systems with BINDANY support -(OpenBSD 5+, FreeBSD 9+ so far).
-Changed build options behind intercept traffic mode handling on BSD. -see --enable-pf-transparent for more details.
- -New format code %note to log a transaction annotation linked to the -transaction by ICAP, eCAP, a helper, or the note squid.conf directive.
-New format code %>qos to log client connection TOS/DSCP value set by Squid.
-New format code %<qos to log server connection TOS/DSCP value set by Squid.
-New format code %>nfmark to log client connection netfilter mark set by Squid.
-New format code %<nfmark to log server connection netfilter mark set by Squid.
- -Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.
- -NOTE: the regular expression pattern operates on the cache Store-ID value. -Which by default is identical to the requested URL, but may differ for some -objects if the Store-ID feature is in use.
- -New helper response format utilizing result codes OK and BH, -to signal helper lookup results. Also, key-value response values to return -multiple values to Squid.
-Details at -http://wiki.squid-cache.org/Features/AddonHelpers.
- -New helper response format utilizing result codes OK, ERR, -and BH to signal helper lookup results. Also, key-value response -values to return multiple values to Squid.
-Details at -http://wiki.squid-cache.org/Features/AddonHelpers.
- --
Replaced by store_id_access.
- -Replaced by store_id_children.
- -Replaced by store_id_children with concurrency=N option.
- -Replaced by store_id_program.
- -There have been some changes to Squid's build configuration since Squid-3.3.
-This section gives an account of those changes in three categories:
--
- - - --
New option to control which Store-ID helpers are built. As with other -helper options use --disable-* to prevent any helpers building and -omit to get all helper auto-detected.
-Currenly only a helper using file for backend is provided.
- -New option to disable use of -march=native compiler flag.
-The new flag auto-enables CPU-specific optimizations in GCC and is -required by Clang++ v3.2 for correct 64-bit environment detection. -It does not always work well however, so this build option is provided -to remove it when necessary.
- -New option to alter the behaviour of http_port ... intercept option -in squid.conf.
-When this option is used Squid performs the /dev/pf lookups required to -support PF rdr-to rules. Otherwise Squid will perform perform the -getsockname() API calls to support PF divert-to rules.
-NOTE: systems such as NetBSD and FreeBSD which do not yet support -the getsockname() API in recent PF versions require this option.
- --
NAT table support updated to use the getsockname() API provided by the -latest PF versions divert-to. This allows http_port -in squid.conf to support both intercept and tproxy traffic -and to silence NAT lookup failure messages on recent BSD.
-NOTE: systems such as NetBSD and FreeBSD which do not yet support -the getsockname() API in recent PF versions require --with-nat-devpf -to re-enable /dev/pf support when using PF firewall.
- -Default changed to prevent translating error page templates during build. -Use --enable-translation to explicitly build and install the templates.
-The latest pre-translated templates can be downloaded from -http://www.squid-cache.org/Versions/langpack/
- --
There are no removed ./configure options in Squid-3.4.
- -Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4
- -If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
- --
Not yet ported from 2.6
- -COSS storage type is lacking stability fixes from 2.6
-COSS overwrite-percent= option not yet ported from 2.6
-COSS max-stripe-waste= option not yet ported from 2.6
-COSS membufs= option not yet ported from 2.6
-COSS maxfullbufs= option not yet ported from 2.6
- -idle= not yet ported from 2.7
-monitorinterval= not yet ported from 2.6
-monitorsize= not yet ported from 2.6
-monitortimeout= not yet ported from 2.6
-monitorurl= not yet ported from 2.6
- -Not yet ported from 2.6
- -Not yet ported from 2.6
- -Not yet ported from 2.6
- -Not yet ported from 2.7
- -Not yet ported from 2.6
- -Not yet ported from 2.6
- -Not yet ported from 2.6
- -Not yet ported from 2.6
- -stale-while-revalidate= not yet ported from 2.7
-ignore-stale-while-revalidate= not yet ported from 2.7
-negative-ttl= not yet ported from 2.7
- -Not yet ported from 2.7
- -Not yet ported from 2.7
- -