]>
Commit | Line | Data |
---|---|---|
a89d601c AJ |
1 | <!doctype linuxdoc system> |
2 | <article> | |
0c49f10e | 3 | <title>Squid 3.1.0.1 release notes</title> |
a89d601c | 4 | <author>Squid Developers</author> |
a89d601c AJ |
5 | |
6 | <abstract> | |
7 | This document contains the release notes for version 3.1 of Squid. | |
8 | Squid is a WWW Cache application developed by the National Laboratory | |
9 | for Applied Network Research and members of the Web Caching community. | |
10 | </abstract> | |
11 | ||
12 | <toc> | |
13 | ||
14 | <sect>Notice | |
15 | <p> | |
0c49f10e | 16 | The Squid Team are pleased to announce the release of Squid-3.1.0.1 for testing. |
a89d601c AJ |
17 | |
18 | This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">. | |
19 | ||
20 | A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support. | |
21 | While this release is not deemed ready for production use, we believe it is ready for wider testing by the community. | |
22 | ||
23 | We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d"> for how to submit a report with a stack trace. | |
24 | ||
6a171502 | 25 | <sect1>Known issues |
a89d601c | 26 | <p> |
0c49f10e | 27 | Although this release is deemed good enough for use in many setups, please note the existence of <url url="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.1&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.1">. |
a89d601c | 28 | |
6a171502 | 29 | <sect1>Changes since earlier releases of Squid-3.1 |
a89d601c AJ |
30 | <p> |
31 | The 3.1 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.1/changesets/" name="viewed here">. | |
32 | ||
6a171502 | 33 | <sect>Major new features since Squid-3.0 |
a89d601c AJ |
34 | <p> |
35 | Squid 3.1 represents a new feature release above 3.0. | |
36 | ||
37 | The most important of these new features are: | |
38 | ||
39 | <itemize> | |
0c49f10e AJ |
40 | <item>New Version Numbering System |
41 | <item>Minimal squid.conf improvements | |
42 | <item>Native IPv6 Support | |
a89d601c | 43 | <item>Error Page Localization |
0c49f10e AJ |
44 | <item>Connection Pinning (for NTLM Auth Passthrough) |
45 | <item>Quality of Service (QoS) Flow support | |
46 | <item>SSL Bump (for HTTPS Filtering and Adaptation) | |
47 | <item>eCAP Adaptation Module support | |
a89d601c AJ |
48 | </itemize> |
49 | ||
50 | Most user-facing changes are reflected in squid.conf (see below). | |
51 | ||
d2fc0d01 | 52 | <sect1>New Version Numbering System |
0c49f10e AJ |
53 | |
54 | <p>Begining with 3.1 the Squid Developers are trialling a new release numbering system. | |
55 | ||
56 | <p>We have decided, based on input from interested users to drop the Squid-2 terminology of | |
57 | (DEVEL, PRE, RC, and STABLE) from the release package names. | |
4c988233 | 58 | These are replaced with a simpler 3-tier system based around the natural code development cycle. |
0c49f10e AJ |
59 | |
60 | <p>Daily generated snapshots of all current versions are provided as testing (old DEVEL) and bug-fix releases. | |
61 | These are numbered from their last release with a date appended. | |
4c988233 | 62 | Snapshots generated from 3.HEAD continue to be highly volatile. |
0c49f10e AJ |
63 | |
64 | <p>Regular feature releases from Squid-3 will be branched out as sub-versions. Such as this Squid-3.1. | |
65 | ||
4c988233 | 66 | <p>All this is previous policy you should be accustomed to. Now we get to the new numbering change. |
0c49f10e AJ |
67 | |
68 | <p>Initial branch packages will be generated with a 3.X.0.Z version as testing packages. | |
69 | Packages and Snapshots generated with these 3-dot numbers are expected to be relatively stable regarding feature behaviors. | |
4c988233 AJ |
70 | Suitable for testing, but without any guarantees under production loads. This replaces both the old PRE and RC packages. |
71 | ||
72 | <p>If a large number of bugs are found several *.0.Z packages may be attempted before any is considered production-ready. | |
0c49f10e AJ |
73 | |
74 | <p>When one of these Squid-3.X.0.Z packages passes our bug-free standards a 3.X.Y numbered release will be made. | |
4c988233 AJ |
75 | |
76 | <p>We can only hope enough testing has been done to consider these ready for production use. | |
0c49f10e AJ |
77 | As always we are fully dependent on people testing the previous packages and reporting all bugs. |
78 | ||
4c988233 | 79 | <p>In support of all this are several squid-dev process changes which have been worked out over the last year. |
0c49f10e AJ |
80 | |
81 | <itemize> | |
82 | <item>We no longer accept new features into branches. | |
83 | Those are reserved for the next feature release. | |
4c988233 AJ |
84 | The cycle for major releases is hoped to be fast enough to suit some peoples needs for new features |
85 | and others need for stability in the branched releases. | |
0c49f10e AJ |
86 | |
87 | <item>We now audit and vote on all feature and major code additions. | |
88 | Requiring at least two sets of developer eyes on any new features before they are committed to 3.HEAD. | |
89 | Vastly reducing the number of bugs in all code. | |
90 | ||
91 | <item>We have implemented and continue to add more testing infrastructure. | |
4c988233 | 92 | </itemize> |
0c49f10e AJ |
93 | |
94 | ||
d2fc0d01 | 95 | <sect1>Minimal squid.conf improvements |
0c49f10e AJ |
96 | |
97 | <p>squid.conf has undergone a facelift. | |
98 | ||
4c988233 | 99 | <p>Don't worry, few operational changes have been made. |
0c49f10e AJ |
100 | Older configs from are still expected to run in 3.1 with only the usual minor |
101 | changes seen between major release. Details on those are listed below. | |
102 | ||
4c988233 | 103 | <p>New users will be relieved to see a short 32-line or less squid.conf on clean installs. |
0c49f10e AJ |
104 | Many of the options have reasonable defaults but had previously needed them explicitly configured! |
105 | These are now proper built-in defaults and no longer need to be in squid.conf unless changed. | |
106 | ||
4c988233 AJ |
107 | <p>All of the option documentation has been offloaded to another file <em>squid.conf.documented</em> which |
108 | contains a fully documented set of options previously cluttering up squid.conf itself. | |
0c49f10e AJ |
109 | |
110 | <p>Package maintainers are provided with a second file squid.conf.default which as always contains the default | |
111 | config options provided on a clean install. | |
112 | ||
113 | ||
d2fc0d01 | 114 | <sect1>Internet Protocol version 6 (IPv6) |
a89d601c | 115 | |
d2fc0d01 AJ |
116 | <p>Squid 3.1 supports IPv6. |
117 | Details in <url url="http://wiki.squid-cache.org/Features/IPv6" name="The Squid wiki"> | |
0c49f10e | 118 | |
d2fc0d01 | 119 | <sect2>New Features for IPv6 |
a89d601c AJ |
120 | |
121 | <p>Squid handles localhost values seperately. For the purpose of ACLs and also external | |
122 | connections ::1 is considered a seperate IP from 127.0.0.1. This means all ACL which | |
123 | define behaviour for localhost may need ::1/128 included. | |
124 | ||
a89d601c AJ |
125 | <p>Pinger has been upgraded to perform both ICMP and ICMPv6 as required. |
126 | As a result of this and due to a change in the binary protocol format between them, | |
127 | new builds of squid are no longer backwards-compatible with old pinger binaries. | |
128 | You will need to perform "make install-pinger" again after installing squid. | |
129 | ||
130 | <p>Peer and Client SNMP tables have been altered to handle IPv6 addresses. | |
131 | As a side effect of this the long-missing fix to show seperate named peers on one IP | |
132 | has been integrated. Making the SNMP peer table now produce correct output. | |
133 | The table structure change is identical for both IPv4-only and Dual modes but with | |
0c49f10e | 134 | IPv4-only simply not including any IPv6 entries. This means any third-party SNMP |
a89d601c AJ |
135 | software which hard coded the MIB paths needs to be upgraded for this Squid release. |
136 | ||
137 | ||
d2fc0d01 | 138 | <sect2>Limitations of IPv6 Support |
a89d601c AJ |
139 | |
140 | <p>Specify a specific tcp_outgoing_address and the clients who match its ACL are limited | |
141 | to the IPv4 or IPv6 network that address belongs to. They are not permitted over the | |
142 | IPv4-IPv6 boundary. Some ACL voodoo can however be applied to explicitly route the | |
0c49f10e | 143 | IPv6/IPv4 bound traffic (DIRECT access) out an appropriate interface. |
a89d601c AJ |
144 | <verb> |
145 | acl toIP6 dst ipv6 | |
146 | tcp_outgoing_address 2001::1 toIP6 | |
147 | tcp_outgoing_address 10.0.0.1 !toIP6 | |
148 | </verb> | |
149 | ||
150 | <p>WCCP is not available (neither version 1 or 2). It remains built into squid for use with IPv4 traffic but IPv6 cannot use it. | |
151 | ||
0c49f10e AJ |
152 | <p>Transparent Interception is done via NAT at the OS level and is not available in IPv6. |
153 | Squid will ensure that any port set with transparent, intercept, or tproxy options be an IPv4-only | |
a89d601c AJ |
154 | listening address. Wildcard can still be used but will not open as an IPv6. |
155 | To ensure that squid can accept IPv6 traffic on its default port, an alternative should | |
0c49f10e | 156 | be chosen to handle transparently intercepted traffic. |
a89d601c AJ |
157 | <verb> |
158 | http_port 3128 | |
0c49f10e | 159 | http_port 8080 intercept |
a89d601c AJ |
160 | </verb> |
161 | ||
162 | <p>The bundled NTLM Auth helper is IPv4-native between itself and the NTLM server. | |
163 | A new one will be needed for IPv6 traffic between the helper and server. | |
164 | ||
165 | <p>The bundled RADIUS Auth helper is IPv4-native, both in traffic between and data storage | |
166 | with the RADIUS server. A new helper will be needed for IPv6 RADIUS protocol. | |
167 | ||
168 | ||
d2fc0d01 | 169 | <sect1>Error Page Localization |
0c49f10e | 170 | |
4c988233 | 171 | <p>Details in <url url="http://wiki.squid-cache.org/Translations" name="The Squid wiki"> |
0c49f10e | 172 | |
af4cd9a0 AJ |
173 | <sect2>Localization |
174 | ||
0c49f10e | 175 | <p>The error pages presented by squid may now be localized per-request to match the visitors local preferred language. |
a89d601c | 176 | |
d2fc0d01 | 177 | <p>The error_directory option in squid.conf needs to be removed. |
a89d601c AJ |
178 | |
179 | <p>For best coverage of languages, using the latest language pack of error files is recommended. | |
180 | Updates can be downloaded from <url url="http://www.squid-cahch.org/Versions/langpack/" name="www.squid-cache.org/Versions/langpack/"> | |
181 | ||
182 | <p>The squid developers are interested in making squid available in a wide variety of languages. | |
4c988233 | 183 | Contribution of new languages is encouraged. |
0c49f10e | 184 | |
af4cd9a0 AJ |
185 | <sect2>CSS Stylesheet controls |
186 | ||
187 | <p>To further enhance the visitor experience all new translations have embeded CSS hooks for scalable per-site localization of the display. | |
188 | ||
189 | <p>CSS display is controlled by updating the errorpage.css file installed into Squids configuration directory | |
190 | or the <em>err_page_stylesheet</em> option in squid.conf. | |
191 | ||
192 | <p>Custom error pages can also embed the CSS content by adding the <em>%l</em> tag to their headers. | |
193 | ||
0c49f10e | 194 | |
d2fc0d01 | 195 | <sect1>Connection Pinning (for NTLM Auth Passthrough) |
0c49f10e | 196 | |
4c988233 AJ |
197 | <p>Details in <url url="http://wiki.squid-cache.org/Features/ConnPinn" name="The Squid wiki"> |
198 | ||
0c49f10e AJ |
199 | <p>Squid 3.1 includes the much asked for Connection Pinning feature from Squid 2.6. |
200 | ||
201 | <p>This feature is often called 'NTLM Passthru' since it is a giant workaround which permits Web servers to use | |
202 | Microsoft NTLM Authentication instead of HTTP standard authentication through a web proxy. | |
203 | ||
0c49f10e | 204 | |
d2fc0d01 | 205 | <sect1>Quality of Service (QoS) Flow support |
0c49f10e | 206 | |
4c988233 | 207 | <p>Details in <url url="http://wiki.squid-cache.org/Features/QualityOfService" name="The Squid wiki"> |
0c49f10e AJ |
208 | |
209 | <p>Zero Penalty Hit created a patch to set QoS markers on outgoing traffic. | |
210 | ||
211 | <itemize> | |
212 | <item>Allows you to select a TOS/Diffserv value to mark local hits. | |
213 | <item>Allows you to select a TOS/Diffserv value to mark peer hits. | |
214 | <item>Allows you to selectively set only sibling or sibling+parent requests | |
215 | <item>Allows any HTTP response towards clients will have the TOS value of the response coming from | |
216 | the remote server masked with the value of zph_preserve_miss_tos_mask. | |
217 | For this to work correctly, you will need to patch your linux kernel with the TOS preserving ZPH patch. | |
4c988233 | 218 | The kernel patch can be downloaded from <url url="http://zph.bratcheda.org" name="http://zph.bratcheda.org"> |
0c49f10e AJ |
219 | <item>Allows you to mask certain bits in the TOS received from the remote server, |
220 | before copying the value to the TOS send towards clients. | |
221 | </itemize> | |
222 | ||
d2fc0d01 | 223 | <sect2>Squid Configuration |
4c988233 | 224 | <p>Squid 3.1 needs to be configured with --enable-zph-qos for the ZPH QoS controls to be available. |
0c49f10e AJ |
225 | |
226 | <p>The configuration options for 2.7 and 3.1 are based on different ZPH patches. | |
227 | The two releases configuration differs and is not at this point directly translatable. | |
228 | ||
229 | <itemize> | |
230 | <item><em>zph_tos_local</em> Responses found as a HIT in the local cache | |
231 | <item><em>zph_tos_peer</em> Responses found as a HIT on peer caches. | |
232 | <item><em>zph_tos_parent</em> Qos to Sibling caches only or all peers. | |
233 | <item><em>zph_preserve_miss_tos</em> Use the same ToS settings received by Squid from the remote server, | |
234 | on the client connection. Requires a kernel patch. | |
235 | </itemize> | |
236 | ||
237 | ||
d2fc0d01 | 238 | <sect1>SSL Bump (for HTTPS Filtering and Adaptation) |
0c49f10e | 239 | |
4c988233 | 240 | <p>Details in <url url="http://wiki.squid-cache.org/Features/SslBump" name="The Squid wiki"> |
0c49f10e AJ |
241 | |
242 | <p>Squid-in-the-middle decryption and encryption of straight CONNECT and transparently redirected SSL traffic, | |
243 | using configurable client- and server-side certificates. | |
244 | While decrypted, the traffic can be inspected using ICAP. | |
245 | ||
246 | ||
d2fc0d01 | 247 | <sect1>eCAP Adaptation Module support |
0c49f10e | 248 | |
4c988233 | 249 | <p>Details in <url url="http://wiki.squid-cache.org/Features/eCAP" name="The Squid wiki"> |
0c49f10e | 250 | |
a89d601c AJ |
251 | |
252 | <sect>Windows support | |
45fb607a AJ |
253 | <P>This Squid version can run on Windows as a system service using the Cygwin emulation environment, |
254 | or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.<newline> | |
a89d601c AJ |
255 | On Windows 2000 and later the service is configured to use the Windows Service Recovery option |
256 | restarting automatically after 60 seconds. | |
257 | ||
6a171502 | 258 | <sect1>Usage |
a89d601c | 259 | |
6a171502 | 260 | <p>Some new command line options were added for the Windows service support:<newline> |
a89d601c | 261 | |
6a171502 | 262 | <p>The service installation is made with -i command line switch, it's possible to use -f switch at |
a89d601c AJ |
263 | the same time for specify a different config-file settings for the Squid Service that will be |
264 | stored on the Windows Registry. | |
265 | ||
6a171502 | 266 | <p>A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. |
a89d601c AJ |
267 | <em/"Squid"/ is the default when the switch is not used. |
268 | ||
6a171502 | 269 | <p>So, to install the service, the syntax is: |
a89d601c | 270 | |
45fb607a | 271 | <verb>squid -i [-f file] [-n name]</verb> |
a89d601c | 272 | |
6a171502 | 273 | <p>Service uninstallation is made with -r command line switch with the appropriate -n switch. |
a89d601c | 274 | |
6a171502 | 275 | <p>The -k switch family must be used with the appropriate -f and -n switches, so the syntax is: |
a89d601c AJ |
276 | |
277 | <verb>squid -k command [-f file] -n service-name</verb> | |
278 | where <em/service-name/ is the name specified with -n options at service install time. | |
279 | ||
6a171502 | 280 | <p>To use the Squid original command line, the new -O switch must be used ONCE, the syntax is: |
a89d601c AJ |
281 | |
282 | <verb>squid -O cmdline [-n service-name]</verb> | |
6a171502 | 283 | <p>If multiple service command line options must be specified, use quote. The -n switch is |
a89d601c AJ |
284 | needed only when a non default service name is in use. |
285 | ||
6a171502 | 286 | <p>Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are |
a89d601c AJ |
287 | specific to Windows services functionality and Squid is not designed for understand they. |
288 | ||
6a171502 | 289 | <p>In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130": |
a89d601c AJ |
290 | |
291 | <verb>squid -O "-D -u 3130" -n squidsvc</verb> | |
292 | ||
6a171502 | 293 | <sect1>PSAPI.DLL (Process Status Helper) Considerations |
a89d601c | 294 | |
6a171502 | 295 | <p>The process status helper functions make it easier for you to obtain information about |
a89d601c AJ |
296 |