<!doctype linuxdoc system>
<article>
-<title>Squid 3.1.0.18 release notes</title>
+<title>Squid 3.1.1 release notes</title>
<author>Squid Developers</author>
<abstract>
<sect>Notice
<p>
-The Squid Team are pleased to announce the release of Squid-3.1.0.18 for testing.
+The Squid Team are pleased to announce the release of Squid-3.1.1.
This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.
-While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
+While this release is not fully bug-free we believe it is ready for use in production on many systems.
-We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d"> for how to submit a report with a stack trace.
+We welcome feedback and bug reports. If you find a new bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting"> for how to submit a report with a stack trace and other required details. Additional information is also very welcome on other open bugs.
<sect1>Known issues
<p>
-Although this release is deemed good enough for use in many setups, please note the existence of <url url="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.1&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.1">.
+Although this release is deemed good enough for use in many setups, please note the existence of <url url="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&target_milestone=3.1&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&cmdtype=doit&order=bugs.bug_severity" name="open bugs against Squid-3.1">.
+
+<p>Some issues to note as currently known in this release which are not able to be fixed in this 3.1 series are:
+
+<itemize>
+ <item>The lack of some features available in Squid-2.x series. See the regression sections below for full details.
+ <item>The lack of IPv6 split-stack support for MacOSX, OpenBSD and maybe others.
+</itemize>
+
+<p>Currently known issues which only depends on available developer time and may still be resolved in a future 3.1 release are:
+
+<itemize>
+ <item>IPv4 fall-back occasionally failing on dual IPv4/IPv6 websites.
+ <item>An ongoing slow FD leak introduced somewhere during the Squid-3.0 cycle.
+ <item>Windows support is still largely missing.
+ <item>Build status for the 3.x series is still largely unknown for Unix based OS and other less popular systems.
+</itemize>
+
<sect1>Changes since earlier releases of Squid-3.1
<p>
<sect1>New Version Numbering System
-<p>Begining with 3.1 the Squid Developers are trialling a new release numbering system.
+<p>Begining with 3.1 the Squid Developers are using a new release numbering system.
<p>We have decided, based on input from interested users to drop the Squid-2 terminology of
(DEVEL, PRE, RC, and STABLE) from the release package names.
<p>squid.conf has undergone a facelift.
<p>Don't worry, few operational changes have been made.
-Older configs from are still expected to run in 3.1 with only the usual minor
+Older configs from Squdi 2.x and 3.0 are still expected to run in 3.1 with only the usual minor
changes seen between major release. Details on those are listed below.
-<p>New users will be relieved to see a short 32-line or less squid.conf on clean installs.
+<p>New users will be relieved to see a very short squid.conf on clean installs.
Many of the options have reasonable defaults but had previously needed them explicitly configured!
These are now proper built-in defaults and no longer need to be in squid.conf unless changed.
<p>All of the option documentation has been offloaded to another file <em>squid.conf.documented</em> which
-contains a fully documented set of options previously cluttering up squid.conf itself.
+contains a fully documented set of available options previously cluttering up squid.conf itself.
<p>Package maintainers are provided with a second file squid.conf.default which as always contains the default
config options provided on a clean install.
+<p>We are also providing online copies of configuration documentation.
+ Updated live to match the latest release of each Squid series, and a combined global version.
+ This is available on <url url="http://www.squid-cache.org/Doc/config/" name="the Squid website">
+
<sect1>Internet Protocol version 6 (IPv6)
<p>Pinger has been upgraded to perform both ICMP and ICMPv6 as required.
As a result of this and due to a change in the binary protocol format between them,
- new builds of squid are no longer backwards-compatible with old pinger binaries.
- You will need to perform "make install-pinger" again after installing squid.
+ new builds of Squid are no longer backwards-compatible with old pinger binaries.
+ You will need to perform "make install-pinger" again after installing Squid.
<p>Peer and Client SNMP tables have been altered to handle IPv6 addresses.
As a side effect of this the long-missing fix to show seperate named peers on one IP
The table structure change is identical for both IPv4-only and Dual modes but with
IPv4-only simply not including any IPv6 entries. This means any third-party SNMP
software which hard coded the MIB paths needs to be upgraded for this Squid release.
-
+ Details can be found in the wiki <url url="http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs" name="SNMP feature page">.
<sect2>Limitations of IPv6 Support
+<p>In this release there is no split-stack support. This means that OS which do not provide
+ IP stacks based on the KAME stack with Hybrid extensions to do IPv4-mapping cannot use IPv6
+ with Squid.
+
<p>Specify a specific tcp_outgoing_address and the clients who match its ACL are limited
to the IPv4 or IPv6 network that address belongs to. They are not permitted over the
IPv4-IPv6 boundary. Some ACL voodoo can however be applied to explicitly route the
<p>WCCP is not available (neither version 1 or 2).
It remains built into squid for use with IPv4 traffic but IPv6 cannot use it.
-<p>Transparent Interception is done via NAT at the OS level and is not available in IPv6.
- Squid will ensure that any port set with transparent, intercept, or tproxy options be an IPv4-only
+<p>Pseudo-Transparent Interception is done via NAT at the OS level and is not available in IPv6.
+ Squid will ensure that any port set with transparent or intercept options be an IPv4-only
listening address. Wildcard can still be used but will not open as an IPv6.
To ensure that squid can accept IPv6 traffic on its default port, an alternative should
be chosen to handle transparently intercepted traffic.
http_port 8080 intercept
</verb>
+<p>Real transparent Interception (TPROXY) may be able to perform IPv6 interception.
+ However this currently still needs kernel patching with experimental patches to enable IPv6.
+ Squid will attempt to discover support on startup and may permit or deny IPv6 wildcard for
+ tproxy flagged ports depending on your system.
+
<p>The bundled NTLM Auth helper is IPv4-native between itself and the NTLM server.
A new one will be needed for IPv6 traffic between the helper and server.
<p>The error_directory option in squid.conf needs to be removed.
<p>For best coverage of languages, using the latest language pack of error files is recommended.
-Updates can be downloaded from <url url="http://www.squid-cahch.org/Versions/langpack/" name="www.squid-cache.org/Versions/langpack/">
+Updates can be downloaded from <url url="http://www.squid-cache.org/Versions/langpack/" name="www.squid-cache.org/Versions/langpack/">
<p>The squid developers are interested in making squid available in a wide variety of languages.
Contribution of new languages is encouraged.
</itemize>
<sect2>Squid Configuration
-<p>Squid 3.1 needs to be configured with --enable-zph-qos for the ZPH QoS controls to be available.
+<p>Squid 3.1 needs to be configured with <em>--enable-zph-qos</em> for the ZPH QoS controls to be available.
-<p>The configuration options for 2.7 and 3.1 are based on different ZPH patches.
-The two releases configuration differs and only the TOS mode settings are directly translatable.
+<p>The configuration options for Squid 2.7 and 3.1 are based on different ZPH patches.
+ The two releases configuration differs and only the TOS mode settings are directly translatable.
<itemize>
<item><em>qos_flows local-hit=0xff</em> Responses found as a HIT in the local cache
<item><em>qos_flows parent-hit=0xff</em> Responses found as a HIT in a parent peer
</itemize>
-<p>The lines above are spearated for documentation. qos_flows may be configured with all options on one line, or separated as shown.
-Also options may be repeated as many times as desired. Only the final configured value for any option will be used.
+<p>The lines above are separated for documentation. qos_flows may be configured with all options on one line, or separated as shown.
+ Also options may be repeated as many times as desired. Only the final configured value for any option will be used.
<p>The legacy <em>Option</em> and <em>Priority</em> modes available in Squid-2.7 are no longer supported.
<p>Details in <url url="http://wiki.squid-cache.org/Features/SslBump" name="The Squid wiki">
-<p>Squid-in-the-middle decryption and encryption of straight CONNECT and transparently redirected SSL traffic,
-using configurable client- and server-side certificates.
-While decrypted, the traffic can be inspected using ICAP.
+<p>Squid-in-the-middle decryption and encryption of CONNECT tunneled SSL traffic,
+ using configurable client- and server-side certificates.
+ While decrypted, the traffic can be inspected using ICAP.
+
+<p>Squid 3.1 releases limit SSL Bump to CONNECT requests and requires that clients are
+ configured to explicitly use the proxy in their browser settings or via WPAD/PAC
+ configuration. Use of interception for port 443 is not officially supported, despite
+ being known to work under certain limited networking circumstances.
<sect1>eCAP Adaptation Module support
<p>Details in <url url="http://wiki.squid-cache.org/Features/eCAP" name="The Squid wiki">
+<p>eCAP provides a way to integrate CAP modules directly into Squid without the need for
+ a c-icap server wrapper. This enables faster processing.
+
+<p>Currently known and available eCAP modules are listed in the wiki feature page on eCAP.
+
+
<sect1>ICAP Bypass and Retry enhancements
<p>Details in <url url="http://wiki.squid-cache.org/Features/ICAP" name="The Squid wiki">
should be large enough to not require an explicit configuration in most
environments yet may be small enough to limit side-effects of loops.
+
<sect1>ICY streaming protocol support
<p>Squid-3.1 adds native support for streaming protocol ICY.
+ Also commonly known as SHOUTcast multimedia streams.
<p>This protocol uses port 80 and violates RFC 2616 by using an HTTP/1.1 compliant request and non-HTTP reply
to start the stream transaction. If the reply is handled according to HTTP/1.1 RFC-compliance requirements
<p>Squid-2 contained a hack using the <em>update_http0.9</em> squid.conf option to work around the
unusual replies. This option is now obsolete.
-<p>The proto ACL type matches <em>ICY</em> once the reply has been received, before that the processing
+<p>The <em>proto</em> ACL type matches <em>ICY</em> once the reply has been received, before that the processing
is only aware on an HTTP request. So the ACL will match <em>HTTP</em>.
<verb>
Control whether the pinger is active at run-time.
Enables turning ICMP pinger on and off with a simple squid -k reconfigure.
- default is on when --enable-icmp is compiled in.
+ default is off when --enable-icmp is compiled in.
</verb>
<tag>ssl_bump</tag>
is never forced or permitted out the IPv4 interface.
acl to_ipv6 dst ipv6
+ http_access allow to_ipv6 !all
+
tcp_outgoing_address 2002::c001 good_service_net to_ipv6
tcp_outgoing_address 10.0.0.2 good_service_net !to_ipv6
<p>Build without support for loadable modules.
<tag>--disable-strict-error-checking</tag>
- <p>Build Squid without advanced compiler error checking.
+ <p>Build Squid without advanced compiler error checking (without the -Werror option).
This only affects the building process, enabling it to complete despite some
possibly serious issues.
Please do not use lightly, and please report the build issues which make it needed
<tag>--disable-translation</tag>
<p>Prevent Squid generating localized error page templates and manuals.
Which is usually tried, but may not be needed.
- <p>This is a development optimization for building from VCS when localization is
- not needed. Has no effect on pre-translated source bundles.
+ <p>This is an optimization for building fast when localization is not needed
+ or localization tools are not available.
+ <p>A copy of the latest translated files can instead be downloaded from
+<url url="http://www.squid-cache.org/Versions/langpack/" name="http://www.squid-cache.org/Versions/langpack/">
<tag>--with-dns-cname</tag>
<p>Enable CNAME recursion within the Internal DNS resolver stub squid uses.
<tag>--enable-linux-tproxy</tag>
<p>Deprecated. Remains only to support old TPROXY version 2.2 installations.
+ Scheduled for complete removal in Squid 3.2
<tag>--enable-ntlm-auth-helpers</tag>
<p>Helper previously built by <em>SMB</em> is now built by <em>smb_lm</em>.
<tag>--disable-internl-dns</tag>
<p>Better support for Linux using the external DNS helper.
The helper will now compile and work with dns_nameservers on more variants of Linux than previously.
+ It is still deprecated however and use of this option should be avoided as much as possible.
<tag>--with-aio</tag>
<p>Deprecated. POSIX AIO is now auto-detected and enabled.
<p>Not yet ported from 2.6
<tag>logfile_daemon</tag>
- <p>Not yet ported from 2.7
+ <p>Not yet ported from 2.7.
<tag>logformat</tag>
<p><em>%oa</em> tag not yet ported from 2.7
projects / thirdparty / squid.git / commitdiff
