Squid 3.2.0.0 release notes

From: Amos Jeffries Date: Tue, 22 Dec 2009 00:36:22 +0000 (+1300) Subject: Updated release notes X-Git-Tag: SQUID_3_2_0_1~495 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6739cb105a7924121111e424968c8184389ab1e8;p=thirdparty%2Fsquid.git Updated release notes --- diff --git a/doc/release-notes/release-3.1.sgml b/doc/release-notes/release-3.1.sgml index 8fbd9cad5b..d121e1ffe9 100644 --- a/doc/release-notes/release-3.1.sgml +++ b/doc/release-notes/release-3.1.sgml @@ -327,182 +327,6 @@ While decrypted, the traffic can be inspected using ICAP. is only aware on an HTTP request. So the ACL will match HTTP. -Windows support -

This Squid version can run on Windows as a system service using the Cygwin emulation environment, -or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported. -On Windows 2000 and later the service is configured to use the Windows Service Recovery option -restarting automatically after 60 seconds. - -Usage - -

Some new command line options were added for the Windows service support: - -

The service installation is made with -i command line switch, it's possible to use -f switch at -the same time for specify a different config-file settings for the Squid Service that will be -stored on the Windows Registry. - -

A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. -So, to install the service, the syntax is: - -squid -i [-f file] [-n name] - -

Service uninstallation is made with -r command line switch with the appropriate -n switch. - -

The -k switch family must be used with the appropriate -f and -n switches, so the syntax is: - -squid -k command [-f file] -n service-name -where To use the Squid original command line, the new -O switch must be used ONCE, the syntax is: - -squid -O cmdline [-n service-name] -

If multiple service command line options must be specified, use quote. The -n switch is -needed only when a non default service name is in use. - -

Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are -specific to Windows services functionality and Squid is not designed for understand they. - -

In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130": - -squid -O "-D -u 3130" -n squidsvc - -PSAPI.DLL (Process Status Helper) Considerations - -

The process status helper functions make it easier for you to obtain information about -processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These -functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform -Software Development Kit (SDK). The same information is generally available through the -performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is -freely redistributable. - -

PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is -aware of this, and try to use it only on the right platform. - -

On Windows NT PSAPI.DLL can be found as component of many applications, if you need it, -you can find it on Windows NT Resource KIT. If you have problem, it can be -downloaded from here: - - -

On Windows 2000 and later it is available installing the Windows Support Tools, located on the -Support\Tools folder of the installation Windows CD-ROM. - -Registry DNS lookup - -

On Windows platforms, if no value is specified in the Compatibility Notes -

- -It's recommended to use '/' char in Squid paths instead of '\' -Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid -When using ACL like 'acl aclname acltype "file"' the file must be in DOS text -format (CR+LF) and the full Windows path must be specified, for example: - -acl blocklist url_regex -i "c:/squid/etc/blocked1.txt" - -The Windows equivalent of '/dev/null' is 'NUL' -Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd, -.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example: - -redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl -redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd -When Squid runs in command line mode, the launching user account must have administrative privilege on the system -"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used -On Windows Vista and later, User Account Control (UAC) must be disabled before running service installation - - - -Known Limitations -

- -Squid features not operational: - -DISKD: still needs to be ported -WCCP: cannot work because user space GRE support on Windows is missing -Transparent Proxy: missing Windows non commercial interception driver - -Some code sections can make blocking calls. -Some external helpers may not work. -File Descriptors number hard-limited to 2048 when building with MinGW. - - -Building Squid on Windows - -

A reasonably recent release of or is needed. -The usage of the Cygwin environment is very similar to other Unix/Linux environments, and -devel version of libraries must be installed. -For the MinGW environment, the packages MSYS, MinGW and msysDTK must be installed. Some additional libraries and tools must be downloaded separately: -OpenSSL: -libcrypt: -db-1.85: -When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors. - -New configure options: - ---enable-win32-service - -Updated configure options: - ---enable-arp-acl ---enable-default-hostsfile - -Unsupported configure options: - ---enable-coss-aio-ops: On Windows Posix AIO is not available ---with-large-files: No suitable build environment is available on both Cygwin and MinGW, but --enable-large-cache-files works fine - -Recommended configure minimal options for Windows: - ---prefix=c:/squid --disable-wccp --disable-wccpv2 --enable-win32-service --enable-default-hostsfile=none - - - -Before build Squid with SSL support, some operations are needed (in the following example OpenSSL is installed in C:\OpenSSL and MinGW in C:\MinGW): - -Copy C:\OpenSSL\lib\MinGW content to C:\MinGW\lib -Copy C:\OpenSSL\include\openssl content to C:\MinGW\include\openssl -Rename C:\MinGW\lib\ssleay32.a to C:\MinGW\lib\libssleay32.a - - -Using cache manager on Windows: -

On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache. -Some specific configuration could be needed: - -IIS 6 (Windows 2003): - -On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed: - -Create a cgi-bin Directory -Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS -permissions, ASP scripts are not needed. This automatically defines a -cgi-bin IIS web application -Copy cachemgr.cgi into cgi-bin directory and look to file permissions: -the IIS system account and SYSTEM must be able to read and execute the file -In IIS manager go to Web Service extensions and add a new Web Service -Extension called - -Apache: - -On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed - to pass the TMP and TEMP Windows environment variables to CGI applications: - -ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/" -<Location /squid/cgi-bin/cachemgr.cgi> - PassEnv TMP TEMP - Order allow,deny - Allow from workstation.example.com -</Location> - - - - - Changes to squid.conf since Squid-3.0

There have been changes to Squid's configuration file since Squid-3.0. diff --git a/doc/release-notes/release-3.2.html b/doc/release-notes/release-3.2.html index 004593c5a5..57c7e85d7d 100644 --- a/doc/release-notes/release-3.2.html +++ b/doc/release-notes/release-3.2.html @@ -1,7 +1,7 @@ - + Squid 3.2.0.0 release notes @@ -24,8 +24,9 @@ for Applied Network Research and members of the Web Caching community.

2. Major new features since Squid-3.1

-
2.1 Multi-Lingual manuals -
2.2 Solaris 10 pthreads Support (Experimental) +
2.1 Helper Name Changes +
2.2 Multi-Lingual manuals +
2.3 Solaris 10 pthreads Support (Experimental)

3. Windows support
@@ -97,16 +98,77 @@ for Applied Network Research and members of the Web Caching community.
2. Major new features since Squid-3.1

Squid 3.2 represents a new feature release above 3.1.
-
The most important of these new features are:
-
+ +
The most important of these new features are:
+
Helper Name Changes

Multi-Lingual manuals

Solaris 10 pthreads Support (Experimental)

Most user-facing changes are reflected in squid.conf (see below).
-
2.1 Multi-Lingual manuals +
2.1 Helper Name Changes +
+ +
To improve the understanding of what each helper does and where it should be used the helper binaries +which are bundled with Squid have undergone a naming change in this release.
+ +
Below is a list of the old helper names and what their names have changed to.
+ +
Basic Authentication protocol helpers
+ +
+
+
squid_db_auth - basic_db_auth - Retrieve authentication details from a simple SQL database table.
+
getpwnam_auth - basic_getpwname_auth - Authenticate with local system user accounts.
+
squid_ldap_auth - basic_ldap_auth - Authenticate with LDAP user accounts.
+
ncsa_auth - basic_ncsa_auth - Authenticate with NCSA httpd-style password file.
+
+
+ +
Digest Authentication protocol helpers
+ +
+
+
(none yet converted)
+
+
+ +
External ACL helpers
+ +
+
+
(none yet converted)
+
+
+ +
Negotiate Authentication protocol helpers
+ +
+
+
squid_kerb_auth - negotiate_kerberos_auth - Authenticate with Kerberos servers.
+
+
+ +
NTLM Authentication protocol helpers
+ +
+
+
ntlm_auth - ntlm_smb_lm_auth - Perform SMB LanManager domain-less authentication over NTLM protocol.
+
+
+ +
URL re-write helpers
+ +
This group of helpers have been bundled to demonstrate how to code URL re-writers: +
+
url_fake_rewrite - Accept various url_rewrite details and log the input.
+
+
+ + +
2.2 Multi-Lingual manuals

The man(8) and man(1) pages bundled with Squid are now provided online for all @@ -118,7 +180,7 @@ versions and beginning with 3.2 they are available in languages other than engli
3.1 began the Internationalization of Squid with the public facing error pages. This move begins the Localization of the internal administrator facing manuals.
-
2.2 Solaris 10 pthreads Support (Experimental) +
2.3 Solaris 10 pthreads Support (Experimental)

Automatic detection and use of the pthreads library available from Solaris 10
@@ -369,6 +431,9 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"

+
eui_lookup
+
Whether to lookup the EUI or MAC address of a connected client.
+
memory_cache_mode

Controls which objects to keep in the memory cache (cache_mem)
@@ -383,6 +448,8 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"

+
logfile_daemon
+
Ported from 2.7

@@ -392,9 +459,43 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"

+
acl random
+
New type random. Pseudo-randomly match requests based on a configured probability.
+ +
auth_param
+
New options for Basic, Digest, NTLM, Negotiate children settings. +startup=N determins minimum number of helper processes used. +idle=N determines how many helper to retain as buffer against sudden traffic loads. +concurrency=N previously called auth_param ... concurrency as a separate option.
+
Removed Basic, Digest, NTLM, Negotiate auth_param ... concurrency setting option.
+ +
deny_info
+
Support URL format tags. For dynamically generated URL in denial redirect.
+ +
external_acl_type
+
New format tags and option parameters:
+
%SRCEUI48 EUI-48 / MAC address of client from ARP lookup.
+
%SRCEUI64 EUI-64 of clients with SLAAC address.
+
children-max=N determins maximum number of helper processes used.
+
children-startup=N determins minimum number of helper processes used.
+
children-idle=N determines how many helper to retain as buffer against sudden traffic loads.
+
Deprecated children=N in favor of children-max=N.
+ +
logformat
+
%sn Unique sequence number per log line. Ported from 2.7
+
%>eui EUI logging (EUI-48 / MAC address for IPv4, EUI-64 for IPv6) +Both EUI forms are logged in the same field. Type can be identified by length or byte delimiter.
+
windows_ipaddrchangemonitor

Now only available to be set in Windows builds.
+
url_rewrite_children
+ +
New options startup=N, idle=N, concurrency=N
+
startup=N allow finer tuning of how many helpers are started initially.
+
idle=N allow fine tuning of how many helper to retain as buffer against sudden traffic loads.
+
concurrency=N was previously called url_rewrite_concurrency as a distinct directive.
+

@@ -404,14 +505,11 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"

+
ftp_list_width
+
Obsolete.
-
???alphabetical list???
-
??? -
- relevant quote directly from cf.data.pre - -
-
+
url_rewrite_concurrency
+
Replaced by url_rewrite_children ... concurrency=N option.

@@ -438,9 +536,16 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"

+
--enable-eui
+
Enable Support for handling EUI operations. +This includes ARP lookups for MAC (EUI-48) addresses and the ACL arp type tests.
-
???alphabetical list within group ordered: enable, disable, with, without) ???
-
???explain??
+
--enable-url-rewrite-helpers
+
Build helpers for some basic URL-rewrite actions. For use by url_rewrite_program. +If omitted or set to =all then all bundled helpers that are able to build will be built. +If set to a specific list of helpers then only those helpers will build. +Currently one demo helper fake is provided in shell and C++ forms to demonstrate +the helper protocol usage and provide exemplar code.

@@ -452,6 +557,7 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"

???alphabetical list within group ordered: enable, disable, with, without) ???

???explain??
+

5.3 Removed options @@ -459,8 +565,8 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"

-
???alphabetical list within group ordered: enable, disable, with, without) ???
-
???explain??
+
--enable-arp-acl
+
Replaced by --enable-eui

@@ -498,6 +604,9 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
redirector_bypass

Replaced by url_rewrite_bypass
+
upgrade_http0.9
+
Obsolete.
+
zph_local

Replaced by qos_flows local-hit=
@@ -599,9 +708,6 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
urllogin option not yet ported from 2.6

urlgroup option not yet ported from 2.6
-
auth_param digest
-
concurrency option not yet ported from Squid-2
-
authenticate_ip_shortcircuit_access

Not yet ported from 2.7
@@ -670,12 +776,8 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
location_rewrite_program

Not yet ported from 2.6
-
logfile_daemon
-
Not yet ported from 2.7
-
logformat

%oa tag not yet ported from 2.7
-
%sn tag not yet ported from 2.7

max_filedescriptors

Not yet ported from 2.7
@@ -710,9 +812,6 @@ ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
update_headers

Not yet ported from 2.7
-
upgrade_http0.9
-
Not yet ported from 2.7
-
zero_buffers

Not yet ported from 2.7
diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml index 76335e9599..5f6ac08c12 100644 --- a/doc/release-notes/release-3.2.sgml +++ b/doc/release-notes/release-3.2.sgml @@ -30,11 +30,9 @@ Although this release is deemed good enough for use in many setups, please note The 3.2 change history can be . Major new features since Squid-3.1 -
-Squid 3.2 represents a new feature release above 3.1. - -The most important of these new features are: +
Squid 3.2 represents a new feature release above 3.1. +
The most important of these new features are: Helper Name Changes Multi-Lingual manuals @@ -51,7 +49,7 @@ Most user-facing changes are reflected in squid.conf (see below).
Below is a list of the old helper names and what their names have changed to. Basic Authentication protocol helpers - +
squid_db_auth - basic_db_auth - Retrieve authentication details from a simple SQL database table. getpwnam_auth - basic_getpwname_auth - Authenticate with local system user accounts. squid_ldap_auth - basic_ldap_auth - Authenticate with LDAP user accounts. @@ -59,28 +57,27 @@ Most user-facing changes are reflected in squid.conf (see below). Digest Authentication protocol helpers - +
(none yet converted) External ACL helpers - +
(none yet converted) Negotiate Authentication protocol helpers - +
squid_kerb_auth - negotiate_kerberos_auth - Authenticate with Kerberos servers. NTLM Authentication protocol helpers - +
ntlm_auth - ntlm_smb_lm_auth - Perform SMB LanManager domain-less authentication over NTLM protocol. URL re-write helpers
This group of helpers have been bundled to demonstrate how to code URL re-writers: - url_fake_rewrite - Accept various url_rewrite details and log the input. @@ -100,183 +97,6 @@ Most user-facing changes are reflected in squid.conf (see below).
Automatic detection and use of the pthreads library available from Solaris 10 - -Windows support -
This Squid version can run on Windows as a system service using the Cygwin emulation environment, -or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported. -On Windows 2000 and later the service is configured to use the Windows Service Recovery option -restarting automatically after 60 seconds. - -Usage - -
Some new command line options were added for the Windows service support: - -
The service installation is made with -i command line switch, it's possible to use -f switch at -the same time for specify a different config-file settings for the Squid Service that will be -stored on the Windows Registry. - -
A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. -So, to install the service, the syntax is: - -squid -i [-f file] [-n name] - -
Service uninstallation is made with -r command line switch with the appropriate -n switch. - -
The -k switch family must be used with the appropriate -f and -n switches, so the syntax is: - -squid -k command [-f file] -n service-name -where To use the Squid original command line, the new -O switch must be used ONCE, the syntax is: - -squid -O cmdline [-n service-name] -
If multiple service command line options must be specified, use quote. The -n switch is -needed only when a non default service name is in use. - -
Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are -specific to Windows services functionality and Squid is not designed for understand they. - -
In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130": - -squid -O "-u 3130" -n squidsvc - -PSAPI.DLL (Process Status Helper) Considerations - -
The process status helper functions make it easier for you to obtain information about -processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These -functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform -Software Development Kit (SDK). The same information is generally available through the -performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is -freely redistributable. - -
PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is -aware of this, and try to use it only on the right platform. - -
On Windows NT PSAPI.DLL can be found as component of many applications, if you need it, -you can find it on Windows NT Resource KIT. If you have problem, it can be -downloaded from here: - - -
On Windows 2000 and later it is available installing the Windows Support Tools, located on the -Support\Tools folder of the installation Windows CD-ROM. - -Registry DNS lookup - -
On Windows platforms, if no value is specified in the Compatibility Notes -
- -It's recommended to use '/' char in Squid paths instead of '\' -Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid -When using ACL like 'acl aclname acltype "file"' the file must be in DOS text -format (CR+LF) and the full Windows path must be specified, for example: - -acl blocklist url_regex -i "c:/squid/etc/blocked1.txt" - -The Windows equivalent of '/dev/null' is 'NUL' -Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd, -.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example: - -redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl -redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd -When Squid runs in command line mode, the launching user account must have administrative privilege on the system -"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used -On Windows Vista and later, User Account Control (UAC) must be disabled before running service installation - - - -Known Limitations -
- -Squid features not operational: - -DISKD: still needs to be ported -WCCP: cannot work because user space GRE support on Windows is missing -Transparent Proxy: missing Windows non commercial interception driver - -Some code sections can make blocking calls. -Some external helpers may not work. -File Descriptors number hard-limited to 2048 when building with MinGW. - - -Building Squid on Windows - -
A reasonably recent release of or is needed. -The usage of the Cygwin environment is very similar to other Unix/Linux environments, and -devel version of libraries must be installed. -For the MinGW environment, the packages MSYS, MinGW and msysDTK must be installed. Some additional libraries and tools must be downloaded separately: -OpenSSL: -libcrypt: -db-1.85: -When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors. - -New configure options: - ---enable-win32-service - -Updated configure options: - ---enable-arp-acl ---enable-default-hostsfile - -Unsupported configure options: - ---enable-coss-aio-ops: On Windows Posix AIO is not available ---with-large-files: No suitable build environment is available on both Cygwin and MinGW, but --enable-large-files works fine - -Recommended configure minimal options for Windows: - ---prefix=c:/squid --disable-wccp --disable-wccpv2 --enable-win32-service --enable-default-hostsfile=none - - - -Before build Squid with SSL support, some operations are needed (in the following example OpenSSL is installed in C:\OpenSSL and MinGW in C:\MinGW): - -Copy C:\OpenSSL\lib\MinGW content to C:\MinGW\lib -Copy C:\OpenSSL\include\openssl content to C:\MinGW\include\openssl -Rename C:\MinGW\lib\ssleay32.a to C:\MinGW\lib\libssleay32.a - - -Using cache manager on Windows: -
On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache. -Some specific configuration could be needed: - -IIS 6 (Windows 2003): - -On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed: - -Create a cgi-bin Directory -Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS -permissions, ASP scripts are not needed. This automatically defines a -cgi-bin IIS web application -Copy cachemgr.cgi into cgi-bin directory and look to file permissions: -the IIS system account and SYSTEM must be able to read and execute the file -In IIS manager go to Web Service extensions and add a new Web Service -Extension called - -Apache: - -On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed - to pass the TMP and TEMP Windows environment variables to CGI applications: - -ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/" -<Location /squid/cgi-bin/cachemgr.cgi> - PassEnv TMP TEMP - Order allow,deny - Allow from workstation.example.com -</Location> - - - - - Changes to squid.conf since Squid-3.1
There have been changes to Squid's configuration file since Squid-3.1. @@ -324,6 +144,8 @@ This section gives a thorough account of those changes in three categories:
New options for Basic, Digest, NTLM, Negotiate children settings. startup=N determins minimum number of helper processes used. idle=N determines how many helper to retain as buffer against sudden traffic loads. + concurrency=N previously called auth_param ... concurrency as a separate option. +
Removed Basic, Digest, NTLM, Negotiate auth_param ... concurrency setting option. deny_info
Support URL format tags. For dynamically generated URL in denial redirect. @@ -400,6 +222,7 @@ This section gives an account of those changes in three categories: ???alphabetical list within group ordered: enable, disable, with, without) ???
???explain?? +
@@ -537,9 +360,6 @@ This section gives an account of those changes in three categories:
urllogin option not yet ported from 2.6
urlgroup option not yet ported from 2.6 - auth_param digest -
concurrency option not yet ported from Squid-2 - authenticate_ip_shortcircuit_access
Not yet ported from 2.7