1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2 Final//EN">
4 <META NAME=
"GENERATOR" CONTENT=
"LinuxDoc-Tools 0.9.21">
5 <TITLE>Squid
3.1.PRE1 release notes
</TITLE>
8 <H1>Squid
3.1.PRE1 release notes
</H1>
10 <H2>Squid Developers
</H2>$Id: release-
3.1.html,v
1.5 2008/
01/
17 10:
09:
05 hno Exp $
12 <EM>This document contains the release notes for version
3.1 of Squid.
13 Squid is a WWW Cache application developed by the National Laboratory
14 for Applied Network Research and members of the Web Caching community.
</EM>
16 <H2><A NAME=
"s1">1. Notice
</A></H2>
18 <P>The Squid Team are pleased to announce the release of Squid-
3.1.PRE1 for pre-release testing.
</P>
19 <P>This new release is available for download from
20 <A HREF=
"http://www.squid-cache.org/Versions/v3/3.1/">http://www.squid-cache.org/Versions/v3/
3.1/
</A> or the
21 <A HREF=
"http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors
</A>.
</P>
22 <P>A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.
23 While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
</P>
24 <P>We welcome feedback and bug reports. If you find a bug, please see
25 <A HREF=
"http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d">http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-
7067fc0034ce967e67911becaabb8c95a34d576d
</A> for how to submit a report with a stack trace.
</P>
27 <H2><A NAME=
"s2">2. Known issues
</A></H2>
29 <P>Although this release is deemed good enough for testing in many setups, please note the existence of
30 <A HREF=
"http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.1&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=">open bugs against Squid-
3.1</A>.
</P>
32 <H2><A NAME=
"s3">3. Changes since earlier PRE releases of Squid-
3.1</A></H2>
34 <P>The
3.1 change history can be
35 <A HREF=
"http://www.squid-cache.org/Versions/v3/3.1/changesets/">viewed here
</A>.
</P>
37 <H2><A NAME=
"s4">4. Changes since Squid-
3.0</A></H2>
39 <H2><A NAME=
"ss4.1">4.1 Major new features
</A>
42 <P>Squid
3.1 represents a new feature release above
3.0.
</P>
43 <P>The most important of these new features are:
</P>
49 <P>Most user-facing changes are reflected in squid.conf (see below).
</P>
51 <H3>Internet Protocol version
6 (IPv6)
</H3>
53 <P>Squid
3.1 supports IPv6. To enable IPv6 support, use the ./configure --enable-ipv6 option
</P>
55 <H3>New Features for IPv6
</H3>
57 <P>Squid handles localhost values seperately. For the purpose of ACLs and also external
58 connections ::
1 is considered a seperate IP from
127.0.0.1. This means all ACL which
59 define behaviour for localhost may need ::
1/
128 included.
</P>
61 <P>--with-localhost-ipv6 option is provided for Pure-IPv6 setups who do not want to be
62 bothered by the localhost vagaries. It will enable logics to map all localhost traffic
63 through ::
1 unless an IPv4-only link is required.
</P>
65 <P>Additional ./configure --with-ipv4-mapped option is provided for OS that require a socket setting
66 to accept IPv4 addresses on IPv6 sockets, squid performs v4-mapping on these addresses
67 It is intended primarily to be used for Windows Vista builds.
</P>
69 <P>Pinger has been upgraded to perform both ICMP and ICMPv6 as required.
70 As a result of this and due to a change in the binary protocol format between them,
71 new builds of squid are no longer backwards-compatible with old pinger binaries.
72 You will need to perform
"make install-pinger" again after installing squid.
</P>
74 <P>Peer and Client SNMP tables have been altered to handle IPv6 addresses.
75 As a side effect of this the long-missing fix to show seperate named peers on one IP
76 has been integrated. Making the SNMP peer table now produce correct output.
77 The table structure change is identical for both IPv4-only and Dual modes but with
78 IPv4-only simply not including any IP6 entries. This means any third-party SNMP
79 software which hard coded the MIB paths needs to be upgraded for this Squid release.
</P>
82 <H3>Limitations of IPv6 Support
</H3>
84 <P>Specify a specific tcp_outgoing_address and the clients who match its ACL are limited
85 to the IPv4 or IPv6 network that address belongs to. They are not permitted over the
86 IPv4-IPv6 boundary. Some ACL voodoo can however be applied to explicitly route the
87 IPv6/IPv4 bound traffic out an appropriate interface.
90 tcp_outgoing_address
2001::
1 toIP6
91 tcp_outgoing_address
10.0.0.1 !toIP6
95 <P>WCCP is not available (neither version
1 or
2). It remains built into squid for use with IPv4 traffic but IPv6 cannot use it.
</P>
97 <P>Transparent/Interception is done via NAT at the OS level and is not available in IPv6.
98 Squid will ensure that any port set with transparent or tproxy options be an IPv4-only
99 listening address. Wildcard can still be used but will not open as an IPv6.
100 To ensure that squid can accept IPv6 traffic on its default port, an alternative should
101 be chosen to handle transparent traffic.
104 http_port
8080 transparent
108 <P>The bundled NTLM Auth helper is IPv4-native between itself and the NTLM server.
109 A new one will be needed for IPv6 traffic between the helper and server.
</P>
111 <P>The bundled RADIUS Auth helper is IPv4-native, both in traffic between and data storage
112 with the RADIUS server. A new helper will be needed for IPv6 RADIUS protocol.
</P>
115 <H2><A NAME=
"ss4.2">4.2 Changes to squid.conf
</A>
118 <P>There have been changes to Squid's configuration file since Squid-
3.0.
</P>
119 <P>This section gives a thorough account of those changes in three categories:
</P>
123 <A HREF=
"#newtags">New tags
</A></LI>
125 <A HREF=
"#modifiedtags">Changes to existing tags
</A></LI>
127 <A HREF=
"#removedtags">Removed tags
</A></LI>
134 <H3><A NAME=
"newtags"></A> New tags
</H3>
138 <DT><B>pinger_enable
</B><DD><P>New option to enable/disable the ICMP pinger helper with a reconfigure instead of a full rebuild.
140 Control whether the pinger is active at run-time.
141 Enables turning ICMP pinger on and off with a simple squid -k reconfigure.
142 default is on when --enable-icmp is compiled in.
147 <DT><B>dns_v4_fallback
</B><DD><P>New option to prevent squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
148 Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
150 Standard practice with DNS is to lookup either A or AAAA records
151 and use the results if it succeeds. Only looking up the other if
152 the first attempt fails or otherwise produces no results.
154 That policy however will cause squid to produce error pages for some
155 servers that advertise AAAA but are unreachable over IPv6.
157 If this is ON squid will always lookup both AAAA and A, using both.
158 If this is OFF squid will lookup AAAA and only try A if none found.
160 WARNING: There are some possibly unwanted side-effects with this on:
161 *) Doubles the load placed by squid on the DNS network.
162 *) May negatively impact connection delay times.
167 <DT><B>include
</B><DD><P>New option to import entire secondary configuration files into squid.conf.
169 Squid will follow the files immediately and insert all their content
170 as if it was at that position in squid.conf. As per squid.conf some
171 options are order-specific within the config as a whole.
173 A few layers of include are allowed, but too many are confusing and
174 squid will enforce an include depth of
16 files.
177 include /path/to/file1 /path/to/file2
185 <H3><A NAME=
"modifiedtags"></A> Changes to existing tags
</H3>
189 <DT><B>acl dst ipvs
</B><DD><P>New preset content - ipv6 - available as a preset type in the src and dst ACL matching all of the public IPv6 network space.
196 <DT><B>http(s)_port name= option
</B><DD><P>New port option to assign internal names to listening ports
198 name= Specifies a internal name for the port. Defaults to
199 the port specification (port or addr:port)
204 <DT><B>acl myportname
</B><DD><P>New acl type myportname, matching the name of the http(s)_port where the request was accepted
206 acl aclname myportname
3128 ... # http(s)_port name
212 <DT><B>external_acl_type
</B><DD><P>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between squid and its helpers.
213 Please be aware of some limits to these options. These options only affet the transport protocol used
214 to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6
215 format, so all helpers will need to be checked and converted to cope with such information cleanly.
217 ipv4 / ipv6 IP-mode used to communicate to this helper.
218 For compatability with older configurations and helpers
219 'ipv4' is the default unless --with-localhost-ipv6 is used.
220 --with-localhost-ipv6 changes the default to 'ipv6'.
221 SPECIAL NOTE: explicit use of these options override --with-localhost-ipv6
226 <DT><B>tcp_outgoing_address
</B><DD><P>This option causes some problems when bridging IPv4 and IPv6. A workaround has been provided.
228 Squid is built with a capability of bridging the IPv4 and IPv6 internets.
229 tcp_outgoing_address as previously used breaks this bridging by forcing
230 all outbound traffic through a certain IPv4 which may be on the wrong
231 side of the IPv4/IPv6 boundary.
233 To operate with tcp_outgoing_address and keep the bridging benefits
234 an additional ACL needs to be used which ensures the IPv6-bound traffic
235 is never forced or permitted out the IPv4 interface.
238 tcp_outgoing_address
2002::c001 good_service_net to_ipv6
239 tcp_outgoing_address
10.0.0.2 good_service_net !to_ipv6
241 tcp_outgoing_address
2002::beef normal_service_net to_ipv6
242 tcp_outgoing_address
10.0.0.1 normal_service_net !to_ipv6
244 tcp_outgoing_address
2002::
1 to_ipv6
245 tcp_outgoing_address
10.0.0.3 !to_ipv6
250 <DT><B>balance_on_multiple_ip
</B><DD><P>The previous default behavour (rotate per-request) of this setting causes failover clashes with IPv6 built-in mechanisms.
251 It has thus been turned off by default. Making the 'best choice' IP continue in use for any hostname until it encounters a connection failure and failover drops to the next known IP.
253 Modern IP resolvers in squid sort lookup results by preferred access.
254 By default squid will use these IP in order and only rotates to
255 the next listed when the most preffered fails.
257 Some load balancing servers based on round robin DNS have been
258 found not to preserve user session state across requests
259 to different IP addresses.
261 Enabling this directive Squid rotates IP's per request.
270 <H3><A NAME=
"removedtags"></A> Removed tags
</H3>
279 <H2><A NAME=
"ss4.3">4.3 Changes to ./configure Options
</A>
282 <P>There have been some changes to Squid's build configuration since Squid-
3.0.
</P>
283 <P>This section gives an account of those changes in three categories:
</P>
287 <A HREF=
"#newoptions">New options
</A></LI>
289 <A HREF=
"#modifiedoptions">Changes to existing options
</A></LI>
291 <A HREF=
"#notportedoptions">Not yet available options
</A></LI>
293 <A HREF=
"#removedoptions">Removed options
</A></LI>
299 <H3><A NAME=
"newoptions"></A> New options
</H3>
303 <DT><B>--enable-ipv6
</B><DD><P>Buildwith IPv6 support. The default is to build without.
</P>
305 <DT><B>--with-localhost-ipv6
</B><DD><P>Build support for squid to map all
127.0.0.1 traffic onto ::
1.
306 The default is to build with
127.0.0.1 and ::
1 being considered seperate IP.
307 see the IPv6 details above for a better description.
</P>
309 <DT><B>--with-ipv6-split-stack
</B><DD><P>Enable special additions for IPv6 support in Windows XP.
310 see the IPv6 details above for a better description.
</P>
312 <DT><B>--with-ipv4-mapped
</B><DD><P>Enable special additions for IPv6 support in Windows Vista.
313 see the IPv6 details above for a better description.
</P>
315 <DT><B>--with-dns-cname
</B><DD><P>Enable CNAME recursion within the Internal DNS resolver stub squid uses.
316 This has no effect on the external DNS helper.
317 Please note this extension is still experimental and may encounter problems.
318 To see if it is actually needed you can run squid without it for a period and
319 check the CNAME-Only Requests statistics squid maintains.
320 If it produces ongoing serious problems the external helper may be needed
321 but please report the bugs anyway.
</P>
325 <H3><A NAME=
"modifiedoptions"></A> Changes to existing options
</H3>
329 <DT><B>--disable-internl-dns
</B><DD><P>Better support for Linux using the external DNS helper.
330 The helper will compile and work with dns_nameservers on more variants of Linux than previously.
</P>
334 <H3><A NAME=
"notportedoptions"></A> Not yet available options
</H3>
336 <P>These configure options have not yet been ported to Squid-
3. If you need something to do then
337 porting one of these from Squid-
2 to Squid-
3 is most welcome.
</P>
340 <DT><B>--enable-devpoll
</B><DD><P>Support for Solaris /dev/poll
</P>
342 <DT><B>--enable-select-simple
</B><DD><P>Basic POSIX select() loop without any binary fd_set optimizations.
</P>
344 <DT><B>--enable-follow-x-forwarded-for
</B><DD><P>Support following the X-Forwarded-For HTTP header for determining the
345 client IP address
</P>
349 <H3><A NAME=
"removedoptions"></A> Removed options
</H3>
351 <P>The following configure options have been removed.
</P>