Running configure --enable-ipf-transparent on an HP Tru64 5.1B system with ipfilter 4.x installed, the following error can occur:
@@ -172,31 +219,7 @@
-In addition there is a set of limitations in this version of Squid which we hope to correct later
-
-
-- Bug
-#1059
mime.conf and referenced icons must be within chroot
-- Bug
-#692
tcp_outgoing_address using an ident ACL does not work
-- Bug
-#581
acl max_user_ip and multiple authentication schemes
-- Bug
-#528
miss_access fails on "slow" acl types such as dst.
-- Bug
-#513
squid -F is starting server sockets to early
-- Bug
-#457
does not handle swap.state corruption properly
-- Bug
-#410
unstable if runs out of disk space
-- Bug
-#355
diskd may appear slow on low loads
-- Bug
-#219
delay_pools stops working on -k reconfigure
-
-
-
-
+
This Squid version can run on Windows as a system service using the Cygwin environment.
Windows NT 4 and later are supported.
diff -ruN squid-2.6.RC2/configure squid-2.6.STABLE1/configure
--- squid-2.6.RC2/configure Sun Jun 25 13:39:21 2006
+++ squid-2.6.STABLE1/configure Sat Jul 1 12:42:47 2006
@@ -1,7 +1,7 @@
#! /bin/sh
-# From configure.in Revision: 1.380 .
+# From configure.in Revision: 1.384 .
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for Squid Web Proxy 2.6.RC2.
+# Generated by GNU Autoconf 2.59 for Squid Web Proxy 2.6.STABLE1.
#
# Report bugs to .
#
@@ -270,8 +270,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='2.6.RC2'
-PACKAGE_STRING='Squid Web Proxy 2.6.RC2'
+PACKAGE_VERSION='2.6.STABLE1'
+PACKAGE_STRING='Squid Web Proxy 2.6.STABLE1'
PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
ac_default_prefix=/usr/local/squid
@@ -781,7 +781,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 2.6.RC2 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 2.6.STABLE1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -847,7 +847,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 2.6.RC2:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE1:";;
esac
cat <<\_ACEOF
@@ -860,33 +860,33 @@
--enable-dependency-tracking do not reject slow dependency extractors
--enable-dlmalloc=LIB Compile & use the malloc package by Doug Lea
--enable-gnuregex Compile GNUregex. Unless you have reason to use this
- option, you should not enable it. This library file
- is usually only required on Windows and very old
- Unix boxes which do not have their own regex library
- built in.
+ option, you should not enable it. This library file
+ is usually only required on Windows and very old
+ Unix boxes which do not have their own regex library
+ built in.
--enable-mempool-debug Include MemPool debug verifications
--enable-xmalloc-statistics
- Show malloc statistics in status page
+ Show malloc statistics in status page
--disable-carp Disable CARP support
--enable-async-io=N_THREADS
- Shorthand for
- --with-aufs-threads=N_THREADS
- --with-pthreads
- --enable-storeio=ufs,aufs
- --enable-storeio=\"list of modules\"
- Build support for the list of store I/O modules.
- The default is only to build the "ufs" module.
- See src/fs for a list of available modules, or
- Programmers Guide section
- for details on how to build your custom store module
+ Shorthand for
+ --with-aufs-threads=N_THREADS
+ --with-pthreads
+ --enable-storeio=ufs,aufs
+ --enable-storeio="list of modules"
+ Build support for the list of store I/O modules.
+ The default is only to build the "ufs" module.
+ See src/fs for a list of available modules, or
+ Programmers Guide section
+ for details on how to build your custom store module
--enable-heap-replacement
- Backwards compatibility option. Please use the
+ Backwards compatibility option. Please use the
new --enable-removal-policies directive instead.
- --enable-removal-policies=\"list of policies\"
- Build support for the list of removal policies.
- The default is only to build the "lru" module.
- See src/repl for a list of available modules, or
- Programmers Guide section 9.9 for details on how
+ --enable-removal-policies="list of policies"
+ Build support for the list of removal policies.
+ The default is only to build the "lru" module.
+ See src/repl for a list of available modules, or
+ Programmers Guide section 9.9 for details on how
to build your custom policy
--enable-icmp Enable ICMP pinging
--enable-delay-pools Enable delay pools to limit bandwidth usage
@@ -895,159 +895,159 @@
--disable-wccp Disable Web Cache Coordination V1 Protocol
--disable-wccpv2 Disable Web Cache Coordination V2 Protocol
--enable-kill-parent-hack
- Kill parent on shutdown
+ Kill parent on shutdown
--enable-forward-log Enable experimental forward_log directive
--enable-multicast-miss Enable experimental multicast notification of cachemisses
--enable-snmp Enable SNMP monitoring
--enable-cachemgr-hostname=hostname
- Make cachemgr.cgi default to this host
+ Make cachemgr.cgi default to this host
--enable-arp-acl Enable use of ARP ACL lists (ether address)
--enable-htcp Enable HTCP protocol
--enable-ssl Enable ssl gatewaying support using OpenSSL
--enable-forw-via-db Enable Forw/Via database
--enable-cache-digests Use Cache Digests
- see http://www.squid-cache.org/FAQ/FAQ-16.html
+ see http://www.squid-cache.org/FAQ/FAQ-16.html
--enable-auth-on-acceleration
- Enable authentication in accelerators
+ Enable authentication in accelerators
--enable-default-err-language=lang
- Select default language for Error pages (see
- errors directory)
+ Select default language for Error pages (see
+ errors directory)
--enable-err-languages=\"lang1 lang2..\"
- Select languages to be installed. (All will be
- installed by default)
+ Select languages to be installed. (All will be
+ installed by default)
--enable-coss-aio-ops Enable COSS I/O with Posix AIO (default is aufs I/O)
--enable-select Enable select() support.
--disable-select Disable select() support.
--enable-poll Enable poll() instead of select(). Normally poll
- is preferred over select, but configure knows poll
- is broken on some platforms. If you think you are
- smarter than the configure script, you may enable
- poll with this option.
+ is preferred over select, but configure knows poll
+ is broken on some platforms. If you think you are
+ smarter than the configure script, you may enable
+ poll with this option.
--disable-poll Disable the use of poll().
--enable-epoll Enable epoll() instead of poll() or select().
- epoll() is best where available, but must be
- explicitly set at the moment.
- --disable-epoll Disable the use of epoll().
+ epoll() is best where available, but must be
+ explicitly set at the moment.
+ --disable-epoll Disable the use of epoll().
--enable-kqueue Enable kqueue support.
--disable-kqueue Disable kqueue support.
--disable-http-violations
- This allows you to remove code which is known to
- violate the HTTP protocol specification.
+ This allows you to remove code which is known to
+ violate the HTTP protocol specification.
--enable-ipf-transparent
- Enable Transparent Proxy support for systems
- using IP-Filter network address redirection.
+ Enable Transparent Proxy support for systems
+ using IP-Filter network address redirection.
--enable-pf-transparent
- Enable Transparent Proxy support for systems
- using PF network address redirection.
+ Enable Transparent Proxy support for systems
+ using PF network address redirection.
--enable-linux-netfilter
- Enable Transparent Proxy support for Linux (Netfilter) systems.
+ Enable Transparent Proxy support for Linux 2.4 and later
--enable-large-cache-files
- Enable support for large cache files (>2GB).
- WARNING: on-disk cache format is changed by this option
+ Enable support for large cache files (>2GB).
+ WARNING: on-disk cache format is changed by this option
--enable-linux-tproxy
- Enable real Transparent Proxy support for Netfilter TPROXY.
+ Enable real Transparent Proxy support for Netfilter TPROXY.
--enable-leakfinder
- Enable Leak Finding code. Enabling this alone
- does nothing; you also have to modify the source
+ Enable Leak Finding code. Enabling this alone
+ does nothing; you also have to modify the source
code to use the leak finding functions. Probably
Useful for hackers only.
--disable-ident-lookups
- This allows you to remove code that performs
- Ident (RFC 931) lookups.
+ This allows you to remove code that performs
+ Ident (RFC 931) lookups.
--disable-internal-dns This prevents Squid from directly sending and
- receiving DNS messages, and instead enables the
- old external 'dnsserver' processes.
+ receiving DNS messages, and instead enables the
+ old external 'dnsserver' processes.
--enable-truncate This uses truncate() instead of unlink() when
- removing cache files. Truncate gives a little
- performance improvement, but may cause problems
- when used with async I/O. Truncate uses more
- filesystem inodes than unlink..
+ removing cache files. Truncate gives a little
+ performance improvement, but may cause problems
+ when used with async I/O. Truncate uses more
+ filesystem inodes than unlink..
--enable-default-hostsfile=path
- Select default location for hosts file.
- See hosts_file directive in squid.conf for details
+ Select default location for hosts file.
+ See hosts_file directive in squid.conf for details
--enable-win32-service Compile Squid as a WIN32 Service
- Works only on Windows NT and Windows 2000 Platforms.
- --enable-auth=\"list of auth scheme modules\"
- Build support for the list of authentication schemes.
- The default is to build support for the Basic scheme.
- See src/auth for a list of available modules, or
- Programmers Guide section authentication schemes
- for details on how to build your custom auth scheme
- module
- --enable-basic-auth-helpers=\"list of helpers\"
- This option selects which basic scheme proxy_auth
- helpers to build and install as part of the normal
- build process. For a list of available
- helpers see the helpers/basic_auth directory.
- --enable-ntlm-auth-helpers=\"list of helpers\"
- This option selects which proxy_auth ntlm helpers
- to build and install as part of the normal build
- process. For a list of available helpers see
- the helpers/ntlm_auth directory.
- --enable-digest-auth-helpers=\"list of helpers\"
- This option selects which digest scheme authentication
- helpers to build and install as part of the normal build
- process. For a list of available helpers see the
- helpers/digest_auth directory.
- --enable-negotiate-auth-helpers=\"list of helpers\"
- This option selects which negotiate scheme authentication
- helpers to build and install as part of the normal build
- process. For a list of available helpers see the
- helpers/negotiate_auth directory.
+ Works only on Windows NT and Windows 2000 Platforms.
+ --enable-auth="list of auth scheme modules"
+ Build support for the list of authentication schemes.
+ The default is to build support for the Basic scheme.
+ See src/auth for a list of available modules, or
+ Programmers Guide section authentication schemes
+ for details on how to build your custom auth scheme
+ module
+ --enable-basic-auth-helpers="list of helpers"
+ This option selects which basic scheme proxy_auth
+ helpers to build and install as part of the normal
+ build process. For a list of available
+ helpers see the helpers/basic_auth directory.
+ --enable-ntlm-auth-helpers="list of helpers"
+ This option selects which proxy_auth ntlm helpers
+ to build and install as part of the normal build
+ process. For a list of available helpers see
+ the helpers/ntlm_auth directory.
+ --enable-digest-auth-helpers="list of helpers"
+ This option selects which digest scheme proxy_auth
+ helpers to build and install as part of the normal
+ build process. For a list of available helpers see the
+ helpers/digest_auth directory.
+ --enable-negotiate-auth-helpers="list of helpers"
+ This option selects which negotiate scheme authentication
+ helpers to build and install as part of the normal build
+ process. For a list of available helpers see the
+ helpers/negotiate_auth directory.
--enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one of the
- Authentication steps can allow squid to still authenticate
- the user.
- --enable-external-acl-helpers=\"list of helpers\"
- This option selects which external_acl helpers to
- build and install as part of the normal build
- process. For a list of available helpers see the
- helpers/external_acl directory.
+ Authentication steps can allow squid to still authenticate
+ the user.
+ --enable-external-acl-helpers="list of helpers"
+ This option selects which external_acl helpers to
+ build and install as part of the normal build
+ process. For a list of available helpers see the
+ helpers/external_acl directory.
--disable-unlinkd Do not use unlinkd
--enable-stacktraces Enable automatic call backtrace on fatal errors
--enable-x-accelerator-vary
- Enable support for the X-Accelerator-Vary
- HTTP header. Can be used to indicate
- variance within an accelerator setup.
- Typically used together with other code
- that adds custom HTTP headers to the requests.
+ Enable support for the X-Accelerator-Vary
+ HTTP header. Can be used to indicate
+ variance within an accelerator setup.
+ Typically used together with other code
+ that adds custom HTTP headers to the requests.
--enable-follow-x-forwarded-for
- Enable support for following the X-Forwarded-For
- HTTP header to try to find the IP address of the
- original or indirect client when a request has
- been forwarded through other proxies.
+ Enable support for following the X-Forwarded-For
+ HTTP header to try to find the IP address of the
+ original or indirect client when a request has
+ been forwarded through other proxies.
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-valgrind-debug Include debug instrumentation for use with valgrind
--with-aufs-threads=N_THREADS
- Tune the number of worker threads for the aufs object
- store.
+ Tune the number of worker threads for the aufs object
+ store.
--with-pthreads Use POSIX Threads
--with-aio Use POSIX AIO
--with-dl Use dynamic linking
--with-openssl=prefix
- Compile with the OpenSSL libraries. The path to
+ Compile with the OpenSSL libraries. The path to
the OpenSSL development libraries and headers
installation can be specified if outside of the
system standard directories
--with-coss-membuf-size COSS membuf size (default 1048576 bytes)
--with-large-files Enable support for large files (logs etc).
--with-build-environment=model
- The build environment to use. Normally one of
- POSIX_V6_ILP32_OFF32 32 bits
- POSIX_V6_ILP32_OFFBIG 32 bits with large file support
- POSIX_V6_LP64_OFF64 64 bits
- POSIX_V6_LPBIG_OFFBIG large pointers and files
- XBS5_ILP32_OFF32 32 bits (legacy)
- XBS5_ILP32_OFFBIG 32 bits with large file support (legacy)
- XBS5_LP64_OFF64 64 bits (legacy)
- XBS5_LPBIG_OFFBIG large pointers and files (legacy)
- default The default for your OS
+ The build environment to use. Normally one of
+ POSIX_V6_ILP32_OFF32 32 bits
+ POSIX_V6_ILP32_OFFBIG 32 bits with large file support
+ POSIX_V6_LP64_OFF64 64 bits
+ POSIX_V6_LPBIG_OFFBIG large pointers and files
+ XBS5_ILP32_OFF32 32 bits (legacy)
+ XBS5_ILP32_OFFBIG 32 bits with large file support (legacy)
+ XBS5_LP64_OFF64 64 bits (legacy)
+ XBS5_LPBIG_OFFBIG large pointers and files (legacy)
+ default The default for your OS
--with-maxfd=N Override maximum number of filedescriptors. Useful
- if you build as another user who is not privileged
- to use the number of filedescriptors you want the
- resulting binary to support
+ if you build as another user who is not privileged
+ to use the number of filedescriptors you want the
+ resulting binary to support
Some influential environment variables:
CC C compiler command
@@ -1157,7 +1157,7 @@
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 2.6.RC2
+Squid Web Proxy configure 2.6.STABLE1
generated by GNU Autoconf 2.59
Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1171,7 +1171,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 2.6.RC2, which was
+It was created by Squid Web Proxy $as_me 2.6.STABLE1, which was
generated by GNU Autoconf 2.59. Invocation command line was
$ $0 $@
@@ -1817,7 +1817,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='2.6.RC2'
+ VERSION='2.6.STABLE1'
cat >>confdefs.h <<_ACEOF
@@ -1977,7 +1977,7 @@
PRESET_LDFLAGS="$LDFLAGS"
if test -z "$LDFLAGS"; then
- LDFLAGS="-g"
+ LDFLAGS="-g"
fi
ac_ext=c
@@ -3366,21 +3366,21 @@
if test -z "$PRESET_CFLAGS"; then
if test "$GCC" = "yes"; then
- case "$host" in
+ case "$host" in
*-sun-sunos*)
- # sunos has too many warnings for this to be useful
+ # sunos has too many warnings for this to be useful
# motorola too
- ;;
+ ;;
*m88k*-openbsd*)
;;
*m88k*)
# Motorola cc/ld does not like -02 but is ok on -O
CFLAGS=`echo $CFLAGS | sed -e 's/-O0-9/-O/'`
;;
- *)
- CFLAGS="-Wall $CFLAGS"
- ;;
- esac
+ *)
+ CFLAGS="-Wall $CFLAGS"
+ ;;
+ esac
else
case "$host" in
*mips-sgi-irix6.*)
@@ -3403,19 +3403,19 @@
if test -z "$PRESET_LDFLAGS"; then
if test "$GCC" = "yes"; then
- case "$host" in
+ case "$host" in
*mips-sgi-irix6.*)
# Silence Linker warnings 84, 85 and 134
- LDFLAGS="-Wl,-woff,85 -Wl,-woff,84 -Wl,-woff,134 $LDFLAGS"
- ;;
- *)
- # nothing
+ LDFLAGS="-Wl,-woff,85 -Wl,-woff,84 -Wl,-woff,134 $LDFLAGS"
+ ;;
+ *)
+ # nothing
;;
- esac
+ esac
else
case "$host" in
- *)
- # nothing
+ *)
+ # nothing
;;
esac
fi
@@ -3522,9 +3522,9 @@
;;
no)
valgrind=
- ;;
+ ;;
*)
- CPPFLAGS="$CPPFLAGS -I${enableval}/include"
+ CPPFLAGS="$CPPFLAGS -I${enableval}/include"
valgrind=1
;;
esac
@@ -3597,7 +3597,7 @@
no)
;;
*)
- aufs_io_threads=$enableval
+ aufs_io_threads=$enableval
with_pthreads="yes"
STORE_MODULES="ufs aufs"
;;
@@ -3676,9 +3676,9 @@
;;
esac
done
- ;;
+ ;;
no)
- ;;
+ ;;
*) STORE_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`"
;;
esac
@@ -3756,9 +3756,9 @@
;;
esac
done
- ;;
+ ;;
no)
- ;;
+ ;;
*) REPL_POLICIES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`"
;;
esac
@@ -4031,10 +4031,10 @@
*-freebsd*)
;;
*-cygwin*)
- LIBS="$LIBS -liphlpapi"
+ LIBS="$LIBS -liphlpapi"
;;
*-mingw*)
- LIBS="$LIBS -liphlpapi"
+ LIBS="$LIBS -liphlpapi"
;;
*)
echo "WARNING: ARP ACL support probably won't work on $host."
@@ -4120,10 +4120,10 @@
case "$host_os" in
mingw|mingw32)
- SSLLIB='-lssl -lcrypto -lgdi32'
- ;;
+ SSLLIB='-lssl -lcrypto -lgdi32'
+ ;;
*)
- SSLLIB='-lssl -lcrypto'
+ SSLLIB='-lssl -lcrypto'
;;
esac
USE_OPENSSL=1
@@ -4255,7 +4255,7 @@
enableval="$enable_err_languages"
for l in $enableval; do
- if test -d $srcdir/errors/$l; then :; else
+ if test -d $srcdir/errors/$l; then :; else
echo "ERROR! Unknown language $$l, see errors/"
exit 1
fi
@@ -4266,8 +4266,8 @@
ERR_LANGUAGES=
for l in $srcdir/errors/*; do
- if test -f $l/ERR_ACCESS_DENIED; then
- ERR_LANGUAGES="$ERR_LANGUAGES `basename $l`"
+ if test -f $l/ERR_ACCESS_DENIED; then
+ ERR_LANGUAGES="$ERR_LANGUAGES `basename $l`"
fi
done
@@ -4522,15 +4522,15 @@
LDFLAGS="`getconf ${buildmodel}_LDFLAGS` $LDFLAGS"
case "$host" in
*-solaris*)
- if test "$GCC" = "yes"; then
+ if test "$GCC" = "yes"; then
echo "Removing -Xa for gcc on $host"
CFLAGS="`echo $CFLAGS | sed -e 's/-Xa//'`"
fi
- echo "Removing -Usun on $host"
+ echo "Removing -Usun on $host"
CFLAGS="`echo $CFLAGS | sed -e 's/-Usun//'`"
;;
*-sgi-irix6.*)
- if test "$GCC" = "yes"; then
+ if test "$GCC" = "yes"; then
CFLAGS="`echo $CFLAGS | sed -e 's/-n32/-mabi=n32/'`"
LDFLAGS="`echo $LDFLAGS | sed -e 's/-n32//'`"
CFLAGS="`echo $CFLAGS | sed -e 's/-64/-mabi=64/'`"
@@ -4538,7 +4538,7 @@
fi
;;
*)
- ;;
+ ;;
esac
fi
@@ -4667,9 +4667,9 @@
enableval="$enable_default_hostsfile"
if test "$enableval" != "none" ; then
- if test -f $enableval; then
+ if test -f $enableval; then
OPT_DEFAULT_HOSTS=$enableval
- else
+ else
echo "Warning Unable to find $enableval"
sleep 5
fi
@@ -4715,11 +4715,11 @@
;;
esac
done
- ;;
+ ;;
no)
- ;;
+ ;;
*) AUTH_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`"
- ;;
+ ;;
esac
else
@@ -14191,18 +14191,18 @@
CFLAGS="$CFLAGS -D_REENTRANT"
case "$host" in
i386-unknown-freebsd*)
- if test "$GCC" = "yes" ; then
- if test -z "$PRESET_LDFLAGS"; then
- LDFLAGS="$LDFLAGS -pthread"
- fi
- fi
+ if test "$GCC" = "yes" ; then
+ if test -z "$PRESET_LDFLAGS"; then
+ LDFLAGS="$LDFLAGS -pthread"
+ fi
+ fi
;;
*-solaris2.*)
- if test "$GCC" = "yes" ; then
+ if test "$GCC" = "yes" ; then
CFLAGS="$CFLAGS -pthreads"
else
CFLAGS="$CFLAGS -mt"
- fi
+ fi
;;
esac
@@ -14728,16 +14728,16 @@
case "$host" in
i386-*-solaris2.*)
- if test "$GCC" = "yes"; then
+ if test "$GCC" = "yes"; then
echo "Removing -O for gcc on $host"
CFLAGS="`echo $CFLAGS | sed -e 's/-O[0-9]*//'`"
fi
;;
*-sgi-irix*)
- echo "Removing -lsocket for IRIX..."
- LIBS=`echo $LIBS | sed -e s/-lsocket//`
- echo "Removing -lnsl for IRIX..."
- LIBS=`echo $LIBS | sed -e s/-lnsl//`
+ echo "Removing -lsocket for IRIX..."
+ LIBS=`echo $LIBS | sed -e s/-lsocket//`
+ echo "Removing -lnsl for IRIX..."
+ LIBS=`echo $LIBS | sed -e s/-lnsl//`
ac_cv_lib_nsl_main=no
echo "Removing -lbsd for IRIX..."
LIBS=`echo $LIBS | sed -e s/-lbsd//`
@@ -15159,7 +15159,7 @@
LIBS="$SAVED_LIBS"
-if test ac_cv_func_epoll_ctl = yes; then
+if test $ac_cv_func_epoll_ctl = yes; then
echo "$as_me:$LINENO: checking if epoll works" >&5
echo $ECHO_N "checking if epoll works... $ECHO_C" >&6
if test "${ac_cv_epoll_works+set}" = set; then
@@ -15180,6 +15180,8 @@
/* end confdefs.h. */
#include
+#include
+#include
int main(int argc, char **argv)
{
int fd = epoll_create(256);
@@ -15202,7 +15204,7 @@
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
- ac_cv_epoll_works=yes; ac_cv_func_epol_ctl=no
+ ac_cv_epoll_works=yes
else
echo "$as_me: program exited with status $ac_status" >&5
echo "$as_me: failed program was:" >&5
@@ -15228,25 +15230,25 @@
if test -n "$SELECT_TYPE"; then
: # Nothing to do
-elif test "$ac_cv_func_epoll_ctl" = "yes" ; then
- SELECT_TYPE="epoll"
+elif test "$ac_cv_epoll_works" = "yes" ; then
+ SELECT_TYPE="epoll"
elif test "$ac_cv_func_kqueue" = "yes" ; then
- SELECT_TYPE="kqueue"
+ SELECT_TYPE="kqueue"
elif test "$ac_cv_func_poll" = "yes" ; then
- SELECT_TYPE="poll"
+ SELECT_TYPE="poll"
elif test "$ac_cv_func_select" = "yes" ; then
case "$host_os" in
mingw|mingw32)
- SELECT_TYPE="select_win32"
+ SELECT_TYPE="select_win32"
;;
*)
- SELECT_TYPE="select"
+ SELECT_TYPE="select"
;;
esac
else
- echo "Eep! Can't find poll, epoll, kqueue or select!"
- echo "I'll try select and hope for the best."
- SELECT_TYPE="select"
+ echo "Eep! Can't find poll, epoll, kqueue or select!"
+ echo "I'll try select and hope for the best."
+ SELECT_TYPE="select"
fi
case "$SELECT_TYPE" in
@@ -15256,7 +15258,7 @@
#define USE_EPOLL 1
_ACEOF
- echo "$as_me:$LINENO: checking for epoll_create in -lepoll" >&5
+ echo "$as_me:$LINENO: checking for epoll_create in -lepoll" >&5
echo $ECHO_N "checking for epoll_create in -lepoll... $ECHO_C" >&6
if test "${ac_cv_lib_epoll_epoll_create+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -15541,16 +15543,16 @@
#include
void f (int i, ...) {
- va_list args1, args2;
- va_start (args1, i);
- va_copy (args2, args1);
- if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
- exit (1);
- va_end (args1); va_end (args2);
+ va_list args1, args2;
+ va_start (args1, i);
+ va_copy (args2, args1);
+ if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+ exit (1);
+ va_end (args1); va_end (args2);
}
int main() {
- f (0, 42);
- return 0;
+ f (0, 42);
+ return 0;
}
_ACEOF
@@ -15609,16 +15611,16 @@
#include
void f (int i, ...) {
- va_list args1, args2;
- va_start (args1, i);
- __va_copy (args2, args1);
- if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
- exit (1);
- va_end (args1); va_end (args2);
+ va_list args1, args2;
+ va_start (args1, i);
+ __va_copy (args2, args1);
+ if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+ exit (1);
+ va_end (args1); va_end (args2);
}
int main() {
- f (0, 42);
- return 0;
+ f (0, 42);
+ return 0;
}
_ACEOF
@@ -15661,31 +15663,31 @@
echo $ECHO_N "checking if IP-Filter header files are installed... $ECHO_C" >&6
# hold on to your hats...
if test "$ac_cv_header_ip_compat_h" = "yes" ||
- test "$ac_cv_header_ip_fil_compat_h" = "yes" ||
- test "$ac_cv_header_netinet_ip_compat_h" = "yes" ||
- test "$ac_cv_header_netinet_ip_fil_compat_h" = "yes" ; then
- have_ipfilter_compat_header="yes"
+ test "$ac_cv_header_ip_fil_compat_h" = "yes" ||
+ test "$ac_cv_header_netinet_ip_compat_h" = "yes" ||
+ test "$ac_cv_header_netinet_ip_fil_compat_h" = "yes" ; then
+ have_ipfilter_compat_header="yes"
fi
if test "x$have_ipfilter_compat_header" = "xyes" &&
test "$ac_cv_header_ip_fil_h" = "yes" &&
test "$ac_cv_header_ip_nat_h" = "yes" ; then
- IPF_TRANSPARENT="yes"
+ IPF_TRANSPARENT="yes"
cat >>confdefs.h <<\_ACEOF
#define IPF_TRANSPARENT 1
_ACEOF
elif test "$have_ipfilter_compat_header" = "yes" &&
- test "$ac_cv_header_netinet_ip_fil_h" = "yes" &&
- test "$ac_cv_header_netinet_ip_nat_h" = "yes" ; then
- IPF_TRANSPARENT="yes"
+ test "$ac_cv_header_netinet_ip_fil_h" = "yes" &&
+ test "$ac_cv_header_netinet_ip_nat_h" = "yes" ; then
+ IPF_TRANSPARENT="yes"
cat >>confdefs.h <<\_ACEOF
#define IPF_TRANSPARENT 1
_ACEOF
else
- IPF_TRANSPARENT="no"
+ IPF_TRANSPARENT="no"
cat >>confdefs.h <<\_ACEOF
#define IPF_TRANSPARENT 0
@@ -15706,14 +15708,14 @@
echo $ECHO_N "checking if PF header file is installed... $ECHO_C" >&6
# hold on to your hats...
if test "$ac_cv_header_net_pfvar_h" = "yes"; then
- PF_TRANSPARENT="yes"
+ PF_TRANSPARENT="yes"
cat >>confdefs.h <<\_ACEOF
#define PF_TRANSPARENT 1
_ACEOF
else
- PF_TRANSPARENT="no"
+ PF_TRANSPARENT="no"
cat >>confdefs.h <<\_ACEOF
#define PF_TRANSPARENT 0
@@ -15734,14 +15736,14 @@
echo $ECHO_N "checking if Linux 2.4 or newer kernel header files are installed... $ECHO_C" >&6
# hold on to your hats...
if test "$ac_cv_header_linux_netfilter_ipv4_h" = "yes"; then
- LINUX_NETFILTER="yes"
+ LINUX_NETFILTER="yes"
cat >>confdefs.h <<\_ACEOF
#define LINUX_NETFILTER 1
_ACEOF
else
- LINUX_NETFILTER="no"
+ LINUX_NETFILTER="no"
cat >>confdefs.h <<\_ACEOF
#define LINUX_NETFILTER 0
@@ -15762,14 +15764,14 @@
echo $ECHO_N "checking if TPROXY header files are installed... $ECHO_C" >&6
# hold on to your hats...
if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes"; then
- LINUX_TPROXY="yes"
+ LINUX_TPROXY="yes"
cat >>confdefs.h <<\_ACEOF
#define LINUX_TPROXY 1
_ACEOF
else
- LINUX_TPROXY="no"
+ LINUX_TPROXY="no"
cat >>confdefs.h <<\_ACEOF
#define LINUX_TPROXY 0
@@ -16105,37 +16107,37 @@
struct rlimit rl;
#if defined(RLIMIT_NOFILE)
if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
- perror("getrlimit: RLIMIT_NOFILE");
+ perror("getrlimit: RLIMIT_NOFILE");
} else {
- rl.rlim_cur = rl.rlim_max; /* set it to the max */
- if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {
- perror("setrlimit: RLIMIT_NOFILE");
- }
+ rl.rlim_cur = rl.rlim_max; /* set it to the max */
+ if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {
+ perror("setrlimit: RLIMIT_NOFILE");
+ }
}
#elif defined(RLIMIT_OFILE)
if (getrlimit(RLIMIT_OFILE, &rl) < 0) {
- perror("getrlimit: RLIMIT_OFILE");
+ perror("getrlimit: RLIMIT_OFILE");
} else {
- rl.rlim_cur = rl.rlim_max; /* set it to the max */
- if (setrlimit(RLIMIT_OFILE, &rl) < 0) {
- perror("setrlimit: RLIMIT_OFILE");
- }
+ rl.rlim_cur = rl.rlim_max; /* set it to the max */
+ if (setrlimit(RLIMIT_OFILE, &rl) < 0) {
+ perror("setrlimit: RLIMIT_OFILE");
+ }
}
#endif /* RLIMIT_NOFILE */
#endif /* HAVE_SETRLIMIT */
/* by starting at 2^14, we will never get higher
than 2^15 for SQUID_MAXFD */
- i = j = 1<<14;
- while (j) {
- j >>= 1;
- if (dup2(0, i) < 0) {
- i -= j;
- } else {
- close(i);
- i += j;
- }
- }
- i++;
+ i = j = 1<<14;
+ while (j) {
+ j >>= 1;
+ if (dup2(0, i) < 0) {
+ i -= j;
+ } else {
+ close(i);
+ i += j;
+ }
+ }
+ i++;
#endif /* IF !DEF CYGWIN */
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", i & ~0x3F);
@@ -16202,12 +16204,12 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
if (val<=0) exit(1);
- fp = fopen("conftestval", "w");
- fprintf (fp, "%d\n", val);
+ fp = fopen("conftestval", "w");
+ fprintf (fp, "%d\n", val);
exit(0);
}
@@ -16262,9 +16264,9 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
if (val <= 0) exit(1);
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", val);
@@ -16322,9 +16324,9 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
if (val <= 0) exit(1);
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", val);
@@ -16386,9 +16388,9 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
if (val <= 0) exit(1);
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", val);
@@ -17416,7 +17418,7 @@
} >&5
cat >&5 <<_CSEOF
-This file was extended by Squid Web Proxy $as_me 2.6.RC2, which was
+This file was extended by Squid Web Proxy $as_me 2.6.STABLE1, which was
generated by GNU Autoconf 2.59. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17479,7 +17481,7 @@
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-Squid Web Proxy config.status 2.6.RC2
+Squid Web Proxy config.status 2.6.STABLE1
configured by $0, generated by GNU Autoconf 2.59,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
diff -ruN squid-2.6.RC2/configure.in squid-2.6.STABLE1/configure.in
--- squid-2.6.RC2/configure.in Sun Jun 25 13:39:21 2006
+++ squid-2.6.STABLE1/configure.in Sat Jul 1 12:42:47 2006
@@ -1,16 +1,16 @@
dnl
dnl Configuration input file for Squid
dnl
-dnl $Id: configure.in,v 1.380 2006/06/25 19:38:25 hno Exp $
+dnl $Id: configure.in,v 1.384 2006/07/01 18:41:21 hno Exp $
dnl
dnl
dnl
-AC_INIT(Squid Web Proxy, 2.6.RC2, http://www.squid-cache.org/bugs/, squid)
+AC_INIT(Squid Web Proxy, 2.6.STABLE1, http://www.squid-cache.org/bugs/, squid)
AC_PREREQ(2.52)
AM_CONFIG_HEADER(include/autoconf.h)
AC_CONFIG_AUX_DIR(cfgaux)
AM_INIT_AUTOMAKE
-AC_REVISION($Revision: 1.380 $)dnl
+AC_REVISION($Revision: 1.384 $)dnl
AC_PREFIX_DEFAULT(/usr/local/squid)
AM_MAINTAINER_MODE
@@ -19,7 +19,7 @@
dnl Set default LDFLAGS
if test -z "$LDFLAGS"; then
- LDFLAGS="-g"
+ LDFLAGS="-g"
fi
dnl Check for GNU cc
@@ -51,7 +51,7 @@
dnl (adding an option like --enable-cygwin-support doesn't make sense :]) - R Collins 2001
case "$host_os" in
mingw|mingw32|cygwin|cygwin32)
- AM_CONDITIONAL(ENABLE_WIN32SPECIFIC, true)
+ AM_CONDITIONAL(ENABLE_WIN32SPECIFIC, true)
;;
*)
AM_CONDITIONAL(ENABLE_WIN32SPECIFIC, false)
@@ -85,21 +85,21 @@
dnl Set Default CFLAGS
if test -z "$PRESET_CFLAGS"; then
if test "$GCC" = "yes"; then
- case "$host" in
+ case "$host" in
*-sun-sunos*)
- # sunos has too many warnings for this to be useful
+ # sunos has too many warnings for this to be useful
# motorola too
- ;;
+ ;;
*m88k*-openbsd*)
;;
*m88k*)
# Motorola cc/ld does not like -02 but is ok on -O
CFLAGS=`echo $CFLAGS | sed -e 's/-O[0-9]/-O/'`
;;
- *)
- CFLAGS="-Wall $CFLAGS"
- ;;
- esac
+ *)
+ CFLAGS="-Wall $CFLAGS"
+ ;;
+ esac
else
case "$host" in
*mips-sgi-irix6.*)
@@ -123,19 +123,19 @@
dnl Set LDFLAGS
if test -z "$PRESET_LDFLAGS"; then
if test "$GCC" = "yes"; then
- case "$host" in
+ case "$host" in
*mips-sgi-irix6.*)
# Silence Linker warnings 84, 85 and 134
- LDFLAGS="-Wl,-woff,85 -Wl,-woff,84 -Wl,-woff,134 $LDFLAGS"
- ;;
- *)
- # nothing
+ LDFLAGS="-Wl,-woff,85 -Wl,-woff,84 -Wl,-woff,134 $LDFLAGS"
+ ;;
+ *)
+ # nothing
;;
- esac
+ esac
else
case "$host" in
- *)
- # nothing
+ *)
+ # nothing
;;
esac
fi
@@ -224,10 +224,10 @@
AC_ARG_ENABLE(gnuregex,
[ --enable-gnuregex Compile GNUregex. Unless you have reason to use this
- option, you should not enable it. This library file
- is usually only required on Windows and very old
- Unix boxes which do not have their own regex library
- built in.],
+ option, you should not enable it. This library file
+ is usually only required on Windows and very old
+ Unix boxes which do not have their own regex library
+ built in.],
[USE_GNUREGEX=$enableval])
dnl This is a developer only option.. developers know how to set defines
@@ -261,9 +261,9 @@
;;
no)
valgrind=
- ;;
+ ;;
*)
- CPPFLAGS="$CPPFLAGS -I${enableval}/include"
+ CPPFLAGS="$CPPFLAGS -I${enableval}/include"
valgrind=1
;;
esac
@@ -283,7 +283,7 @@
AC_ARG_ENABLE(xmalloc-statistics,
[ --enable-xmalloc-statistics
- Show malloc statistics in status page],
+ Show malloc statistics in status page],
[ if test "$enableval" = "yes" ; then
echo "Malloc statistics enabled"
AC_DEFINE(XMALLOC_STATISTICS, 1, [Define to have malloc statistics])
@@ -304,10 +304,10 @@
AC_ARG_ENABLE(async-io,
[ --enable-async-io[=N_THREADS]
- Shorthand for
- --with-aufs-threads=N_THREADS
- --with-pthreads
- --enable-storeio=ufs,aufs],
+ Shorthand for
+ --with-aufs-threads=N_THREADS
+ --with-pthreads
+ --enable-storeio=ufs,aufs],
[ case $enableval in
yes)
with_pthreads="yes"
@@ -316,7 +316,7 @@
no)
;;
*)
- aufs_io_threads=$enableval
+ aufs_io_threads=$enableval
with_pthreads="yes"
STORE_MODULES="ufs aufs"
;;
@@ -325,8 +325,8 @@
AC_ARG_WITH(aufs-threads,
[ --with-aufs-threads=N_THREADS
- Tune the number of worker threads for the aufs object
- store.],
+ Tune the number of worker threads for the aufs object
+ store.],
[ case $withval in
[[0-9]]*)
aufs_io_threads=$withval
@@ -361,12 +361,12 @@
fi
AC_ARG_ENABLE(storeio,
-[ --enable-storeio=\"list of modules\"
- Build support for the list of store I/O modules.
- The default is only to build the "ufs" module.
- See src/fs for a list of available modules, or
- Programmers Guide section
- for details on how to build your custom store module],
+[ --enable-storeio="list of modules"
+ Build support for the list of store I/O modules.
+ The default is only to build the "ufs" module.
+ See src/fs for a list of available modules, or
+ Programmers Guide section
+ for details on how to build your custom store module],
[ case $enableval in
yes)
for module in $srcdir/src/fs/*; do
@@ -381,9 +381,9 @@
;;
esac
done
- ;;
+ ;;
no)
- ;;
+ ;;
*) STORE_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`"
;;
esac
@@ -425,7 +425,7 @@
dnl --enable-heap-replacement compatibility option
AC_ARG_ENABLE(heap-replacement,
[ --enable-heap-replacement
- Backwards compatibility option. Please use the
+ Backwards compatibility option. Please use the
new --enable-removal-policies directive instead.],
[ if test "$enableval" = "yes" ; then
echo "--enable-heap-replacement is obsolete. please use the new"
@@ -436,11 +436,11 @@
])
AC_ARG_ENABLE(removal-policies,
-[ --enable-removal-policies=\"list of policies\"
- Build support for the list of removal policies.
- The default is only to build the "lru" module.
- See src/repl for a list of available modules, or
- Programmers Guide section 9.9 for details on how
+[ --enable-removal-policies="list of policies"
+ Build support for the list of removal policies.
+ The default is only to build the "lru" module.
+ See src/repl for a list of available modules, or
+ Programmers Guide section 9.9 for details on how
to build your custom policy],
[ case $enableval in
yes)
@@ -456,9 +456,9 @@
;;
esac
done
- ;;
+ ;;
no)
- ;;
+ ;;
*) REPL_POLICIES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`"
;;
esac
@@ -556,7 +556,7 @@
AC_ARG_ENABLE(kill-parent-hack,
[ --enable-kill-parent-hack
- Kill parent on shutdown],
+ Kill parent on shutdown],
[ if test "$enableval" = "yes" ; then
echo "Kill parent on shutdown"
AC_DEFINE(KILL_PARENT_OPT, 1, [A dangerous feature which causes Squid to kill its parent process
@@ -597,7 +597,7 @@
AC_ARG_ENABLE(cachemgr-hostname,
[ --enable-cachemgr-hostname[=hostname]
- Make cachemgr.cgi default to this host],
+ Make cachemgr.cgi default to this host],
[ case $enableval in
yes)
AC_DEFINE(CACHEMGR_HOSTNAME, [getfullhostname()], [If you are upset that the cachemgr.cgi form comes up with the hostname
@@ -627,10 +627,10 @@
*-freebsd*)
;;
*-cygwin*)
- LIBS="$LIBS -liphlpapi"
+ LIBS="$LIBS -liphlpapi"
;;
*-mingw*)
- LIBS="$LIBS -liphlpapi"
+ LIBS="$LIBS -liphlpapi"
;;
*)
echo "WARNING: ARP ACL support probably won't work on $host."
@@ -666,10 +666,10 @@
AM_CONDITIONAL(ENABLE_SSL, true)
case "$host_os" in
mingw|mingw32)
- SSLLIB='-lssl -lcrypto -lgdi32'
- ;;
+ SSLLIB='-lssl -lcrypto -lgdi32'
+ ;;
*)
- SSLLIB='-lssl -lcrypto'
+ SSLLIB='-lssl -lcrypto'
;;
esac
USE_OPENSSL=1
@@ -680,7 +680,7 @@
AC_ARG_WITH(openssl,
[ --with-openssl[=prefix]
- Compile with the OpenSSL libraries. The path to
+ Compile with the OpenSSL libraries. The path to
the OpenSSL development libraries and headers
installation can be specified if outside of the
system standard directories],
@@ -728,7 +728,7 @@
AC_ARG_ENABLE(cache-digests,
[ --enable-cache-digests Use Cache Digests
- see http://www.squid-cache.org/FAQ/FAQ-16.html],
+ see http://www.squid-cache.org/FAQ/FAQ-16.html],
[ if test "$enableval" = "yes" ; then
echo "USE_CACHE_DIGESTS enabled"
AC_DEFINE(USE_CACHE_DIGESTS, 1, [Use Cache Digests for locating objects in neighbor caches. This
@@ -738,7 +738,7 @@
AC_ARG_ENABLE(auth-on-acceleration,
[ --enable-auth-on-acceleration
- Enable authentication in accelerators],
+ Enable authentication in accelerators],
[ if test "$enableval" = "yes" ; then
echo "AUTH_ON_ACCELERATION enabled"
AC_DEFINE(AUTH_ON_ACCELERATION, 1, [Enable authentication support in accelerators])
@@ -748,8 +748,8 @@
dnl Select Default Error language
AC_ARG_ENABLE(default-err-language,
[ --enable-default-err-language=lang
- Select default language for Error pages (see
- errors directory) ],
+ Select default language for Error pages (see
+ errors directory) ],
[
if test -d $srcdir/errors/$enableval; then
ERR_DEFAULT_LANGUAGE=$enableval
@@ -763,11 +763,11 @@
dnl Select languages to be installed
AC_ARG_ENABLE(err-languages,
[ --enable-err-languages=\"lang1 lang2..\"
- Select languages to be installed. (All will be
- installed by default) ],
+ Select languages to be installed. (All will be
+ installed by default) ],
[
for l in $enableval; do
- if test -d $srcdir/errors/$l; then :; else
+ if test -d $srcdir/errors/$l; then :; else
echo "ERROR! Unknown language $$l, see errors/"
exit 1
fi
@@ -776,8 +776,8 @@
],[
ERR_LANGUAGES=
for l in $srcdir/errors/*; do
- if test -f $l/ERR_ACCESS_DENIED; then
- ERR_LANGUAGES="$ERR_LANGUAGES `basename $l`"
+ if test -f $l/ERR_ACCESS_DENIED; then
+ ERR_LANGUAGES="$ERR_LANGUAGES `basename $l`"
fi
done
])
@@ -798,10 +798,10 @@
if test "$enable_coss_aio_ops" = "yes"; then
echo "Using Posix AIO method for COSS disk I/O"
AC_DEFINE(USE_AUFSOPS, 0, [ Define this if you would like to use the aufs I/O method for
- disk I/O instead of the POSIX AIO method.])
+ disk I/O instead of the POSIX AIO method.])
else
AC_DEFINE(USE_AUFSOPS, 1, [ Define this if you would like to use the aufs I/O method for
- disk I/O instead of the POSIX AIO method.])
+ disk I/O instead of the POSIX AIO method.])
fi
dnl Enable select()
@@ -826,10 +826,10 @@
dnl Enable poll()
AC_ARG_ENABLE(poll,
[ --enable-poll Enable poll() instead of select(). Normally poll
- is preferred over select, but configure knows poll
- is broken on some platforms. If you think you are
- smarter than the configure script, you may enable
- poll with this option.
+ is preferred over select, but configure knows poll
+ is broken on some platforms. If you think you are
+ smarter than the configure script, you may enable
+ poll with this option.
--disable-poll Disable the use of poll().],
[
case "$enableval" in
@@ -848,9 +848,9 @@
dnl Enable epoll()
AC_ARG_ENABLE(epoll,
[ --enable-epoll Enable epoll() instead of poll() or select().
- epoll() is best where available, but must be
- explicitly set at the moment.
- --disable-epoll Disable the use of epoll().],
+ epoll() is best where available, but must be
+ explicitly set at the moment.
+ --disable-epoll Disable the use of epoll().],
[
case "$enableval" in
yes)
@@ -888,8 +888,8 @@
HTTP_VIOLATIONS=1
AC_ARG_ENABLE(http-violations,
[ --disable-http-violations
- This allows you to remove code which is known to
- violate the HTTP protocol specification.],
+ This allows you to remove code which is known to
+ violate the HTTP protocol specification.],
[ if test "$enableval" = "no" ; then
echo "Disabling HTTP Violations"
HTTP_VIOLATIONS=0
@@ -902,8 +902,8 @@
dnl Enable IP-Filter Transparent Proxy
AC_ARG_ENABLE(ipf-transparent,
[ --enable-ipf-transparent
- Enable Transparent Proxy support for systems
- using IP-Filter network address redirection.],
+ Enable Transparent Proxy support for systems
+ using IP-Filter network address redirection.],
[ if test "$enableval" = "yes" ; then
echo "IP-Filter Transparent Proxy enabled"
AC_DEFINE(IPF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using IP-Filter
@@ -927,8 +927,8 @@
dnl Enable PF Transparent Proxy
AC_ARG_ENABLE(pf-transparent,
[ --enable-pf-transparent
- Enable Transparent Proxy support for systems
- using PF network address redirection.],
+ Enable Transparent Proxy support for systems
+ using PF network address redirection.],
[ if test "$enableval" = "yes" ; then
echo "PF Transparent Proxy enabled"
AC_DEFINE(PF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using PF address
@@ -940,10 +940,10 @@
dnl Enable Linux Netfilter Transparent Proxy
AC_ARG_ENABLE(linux-netfilter,
[ --enable-linux-netfilter
- Enable Transparent Proxy support for Linux (Netfilter) systems.],
+ Enable Transparent Proxy support for Linux 2.4 and later],
[ if test "$enableval" = "yes" ; then
echo "Linux-Netfilter Transparent Proxy enabled"
- AC_DEFINE(LINUX_NETFILTER, 1, [Enable support for Transparent Proxy on Linux (Netfilter) systems])
+ AC_DEFINE(LINUX_NETFILTER, 1, [Enable support for Transparent Proxy on Linux 2.4 and later])
LINUX_NETFILTER="yes"
fi
])
@@ -961,8 +961,8 @@
AC_ARG_ENABLE(large-cache-files,
[ --enable-large-cache-files
- Enable support for large cache files (>2GB).
- WARNING: on-disk cache format is changed by this option],
+ Enable support for large cache files (>2GB).
+ WARNING: on-disk cache format is changed by this option],
[ if test "$enableval" = "yes" ; then
echo "Large cache file support enabled"
AC_DEFINE(LARGE_CACHE_FILES, 1, [Support large cache files > 2GB])
@@ -973,16 +973,16 @@
dnl UNIX Build environment
AC_ARG_WITH(build-environment,
[ --with-build-environment=model
- The build environment to use. Normally one of
- POSIX_V6_ILP32_OFF32 32 bits
- POSIX_V6_ILP32_OFFBIG 32 bits with large file support
- POSIX_V6_LP64_OFF64 64 bits
- POSIX_V6_LPBIG_OFFBIG large pointers and files
- XBS5_ILP32_OFF32 32 bits (legacy)
- XBS5_ILP32_OFFBIG 32 bits with large file support (legacy)
- XBS5_LP64_OFF64 64 bits (legacy)
- XBS5_LPBIG_OFFBIG large pointers and files (legacy)
- default The default for your OS],
+ The build environment to use. Normally one of
+ POSIX_V6_ILP32_OFF32 32 bits
+ POSIX_V6_ILP32_OFFBIG 32 bits with large file support
+ POSIX_V6_LP64_OFF64 64 bits
+ POSIX_V6_LPBIG_OFFBIG large pointers and files
+ XBS5_ILP32_OFF32 32 bits (legacy)
+ XBS5_ILP32_OFFBIG 32 bits with large file support (legacy)
+ XBS5_LP64_OFF64 64 bits (legacy)
+ XBS5_LPBIG_OFFBIG large pointers and files (legacy)
+ default The default for your OS],
[ case "$withval" in
yes|no)
echo "--with-build-environment expects a build environment string as used by getconf"
@@ -1024,11 +1024,11 @@
dnl -Xa is supported only by Sun cc, so we need to remove it when using gcc
dnl The 'sun' define is needed by ipfilter includes, so we must remove -Usun
*-solaris*)
- if test "$GCC" = "yes"; then
+ if test "$GCC" = "yes"; then
echo "Removing -Xa for gcc on $host"
CFLAGS="`echo $CFLAGS | sed -e 's/-Xa//'`"
fi
- echo "Removing -Usun on $host"
+ echo "Removing -Usun on $host"
CFLAGS="`echo $CFLAGS | sed -e 's/-Usun//'`"
;;
dnl
@@ -1039,7 +1039,7 @@
dnl On Irix 6.x 64 bit we must replace "-64" with "-mabi=64" in CFLAGS and remove
dnl "-64" from LDFLAGS
*-sgi-irix6.*)
- if test "$GCC" = "yes"; then
+ if test "$GCC" = "yes"; then
CFLAGS="`echo $CFLAGS | sed -e 's/-n32/-mabi=n32/'`"
LDFLAGS="`echo $LDFLAGS | sed -e 's/-n32//'`"
CFLAGS="`echo $CFLAGS | sed -e 's/-64/-mabi=64/'`"
@@ -1047,14 +1047,14 @@
fi
;;
*)
- ;;
+ ;;
esac
fi
dnl Enable Linux transparent proxy support
AC_ARG_ENABLE(linux-tproxy,
[ --enable-linux-tproxy
- Enable real Transparent Proxy support for Netfilter TPROXY.],
+ Enable real Transparent Proxy support for Netfilter TPROXY.],
[ if test "$enableval" = "yes" ; then
echo "Linux Netfilter/TPROXY enabled"
AC_DEFINE(LINUX_TPROXY, 1, [Enable real Transparent Proxy support for Netfilter TPROXY.])
@@ -1066,8 +1066,8 @@
dnl Enable Leak Finding Functions
AC_ARG_ENABLE(leakfinder,
[ --enable-leakfinder
- Enable Leak Finding code. Enabling this alone
- does nothing; you also have to modify the source
+ Enable Leak Finding code. Enabling this alone
+ does nothing; you also have to modify the source
code to use the leak finding functions. Probably
Useful for hackers only.],
[ if test "$enableval" = "yes" ; then
@@ -1081,8 +1081,8 @@
USE_IDENT=1
AC_ARG_ENABLE(ident-lookups,
[ --disable-ident-lookups
- This allows you to remove code that performs
- Ident (RFC 931) lookups.],
+ This allows you to remove code that performs
+ Ident (RFC 931) lookups.],
[ if test "$enableval" = "no" ; then
echo "Disabling Ident Lookups"
USE_IDENT=0
@@ -1096,8 +1096,8 @@
use_dnsserver=
AC_ARG_ENABLE(internal-dns,
[ --disable-internal-dns This prevents Squid from directly sending and
- receiving DNS messages, and instead enables the
- old external 'dnsserver' processes.],
+ receiving DNS messages, and instead enables the
+ old external 'dnsserver' processes.],
[ if test "$enableval" = "no" ; then
echo "Disabling Internal DNS queries"
use_dnsserver="yes"
@@ -1111,10 +1111,10 @@
AC_ARG_ENABLE(truncate,
[ --enable-truncate This uses truncate() instead of unlink() when
- removing cache files. Truncate gives a little
- performance improvement, but may cause problems
- when used with async I/O. Truncate uses more
- filesystem inodes than unlink..],
+ removing cache files. Truncate gives a little
+ performance improvement, but may cause problems
+ when used with async I/O. Truncate uses more
+ filesystem inodes than unlink..],
[ if test "$enableval" = "yes" ; then
echo "Enabling truncate instead of unlink"
AC_DEFINE(USE_TRUNCATE, 1, [Do we want to use truncate(2) or unlink(2)?])
@@ -1124,13 +1124,13 @@
dnl Select Default hosts file location
AC_ARG_ENABLE(default-hostsfile,
[ --enable-default-hostsfile=path
- Select default location for hosts file.
- See hosts_file directive in squid.conf for details],
+ Select default location for hosts file.
+ See hosts_file directive in squid.conf for details],
[
if test "$enableval" != "none" ; then
- if test -f $enableval; then
+ if test -f $enableval; then
OPT_DEFAULT_HOSTS=$enableval
- else
+ else
echo "Warning Unable to find $enableval"
sleep 5
fi
@@ -1145,7 +1145,7 @@
dnl Enable WIN32 Service compile mode
AC_ARG_ENABLE(win32-service,
[ --enable-win32-service Compile Squid as a WIN32 Service
- Works only on Windows NT and Windows 2000 Platforms.],
+ Works only on Windows NT and Windows 2000 Platforms.],
[ if test "$enableval" = "yes" ; then
echo "Enabling WIN32 run service mode"
AC_DEFINE(USE_WIN32_SERVICE,1,[Define Windows NT & Windows 2000 run service mode])
@@ -1154,13 +1154,13 @@
dnl Select auth schemes modules to build
AC_ARG_ENABLE(auth,
-[ --enable-auth=\"list of auth scheme modules\"
- Build support for the list of authentication schemes.
- The default is to build support for the Basic scheme.
- See src/auth for a list of available modules, or
- Programmers Guide section authentication schemes
- for details on how to build your custom auth scheme
- module],
+[ --enable-auth="list of auth scheme modules"
+ Build support for the list of authentication schemes.
+ The default is to build support for the Basic scheme.
+ See src/auth for a list of available modules, or
+ Programmers Guide section authentication schemes
+ for details on how to build your custom auth scheme
+ module],
[ case $enableval in
yes)
for module in $srcdir/src/auth/*; do
@@ -1175,11 +1175,11 @@
;;
esac
done
- ;;
+ ;;
no)
- ;;
+ ;;
*) AUTH_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`"
- ;;
+ ;;
esac
],
[ if test -z "$AUTH_MODULES"; then
@@ -1198,11 +1198,11 @@
AC_SUBST(AUTH_LIBS)
AC_ARG_ENABLE(basic-auth-helpers,
-[ --enable-basic-auth-helpers=\"list of helpers\"
- This option selects which basic scheme proxy_auth
- helpers to build and install as part of the normal
- build process. For a list of available
- helpers see the helpers/basic_auth directory.],
+[ --enable-basic-auth-helpers="list of helpers"
+ This option selects which basic scheme proxy_auth
+ helpers to build and install as part of the normal
+ build process. For a list of available
+ helpers see the helpers/basic_auth directory.],
[ case "$enableval" in
yes)
echo "ERROR: --enable-basic-auth-helpers requires an argument"
@@ -1232,11 +1232,11 @@
dnl Select ntlm auth helpers to build
NTLM_AUTH_HELPERS=
AC_ARG_ENABLE(ntlm-auth-helpers,
-[ --enable-ntlm-auth-helpers=\"list of helpers\"
- This option selects which proxy_auth ntlm helpers
- to build and install as part of the normal build
- process. For a list of available helpers see
- the helpers/ntlm_auth directory.],
+[ --enable-ntlm-auth-helpers="list of helpers"
+ This option selects which proxy_auth ntlm helpers
+ to build and install as part of the normal build
+ process. For a list of available helpers see
+ the helpers/ntlm_auth directory.],
[ case "$enableval" in
yes)
echo "ERROR: --enable-ntlm-auth-helpers requires an argument"
@@ -1264,11 +1264,11 @@
dnl Select digest auth scheme helpers to build
DIGEST_AUTH_HELPERS=
AC_ARG_ENABLE(digest-auth-helpers,
-[ --enable-digest-auth-helpers=\"list of helpers\"
- This option selects which digest scheme authentication
- helpers to build and install as part of the normal build
- process. For a list of available helpers see the
- helpers/digest_auth directory.],
+[ --enable-digest-auth-helpers="list of helpers"
+ This option selects which digest scheme proxy_auth
+ helpers to build and install as part of the normal
+ build process. For a list of available helpers see the
+ helpers/digest_auth directory.],
[ case "$enableval" in
yes)
echo "ERROR: --enable-digest-auth-helpers requires an argument"
@@ -1296,11 +1296,11 @@
dnl Select negotiate auth scheme helpers to build
NEGOTIATE_AUTH_HELPERS=
AC_ARG_ENABLE(negotiate-auth-helpers,
-[ --enable-negotiate-auth-helpers=\"list of helpers\"
- This option selects which negotiate scheme authentication
- helpers to build and install as part of the normal build
- process. For a list of available helpers see the
- helpers/negotiate_auth directory.],
+[ --enable-negotiate-auth-helpers="list of helpers"
+ This option selects which negotiate scheme authentication
+ helpers to build and install as part of the normal build
+ process. For a list of available helpers see the
+ helpers/negotiate_auth directory.],
[ case "$enableval" in
yes)
echo "ERROR: --enable-negotiate-auth-helpers requires an argument"
@@ -1328,8 +1328,8 @@
dnl Enable "NTLM fail open"
AC_ARG_ENABLE(ntlm-fail-open,
[ --enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one of the
- Authentication steps can allow squid to still authenticate
- the user.],
+ Authentication steps can allow squid to still authenticate
+ the user.],
[ if test "$enableval" = "yes" ; then
AC_DEFINE(NTLM_FAIL_OPEN, 1, [Define if NTLM is allowed to fail gracefully when a helper has problems])
fi
@@ -1338,11 +1338,11 @@
dnl Select external_acl helpers to build
EXTERNAL_ACL_HELPERS=
AC_ARG_ENABLE(external-acl-helpers,
-[ --enable-external-acl-helpers=\"list of helpers\"
- This option selects which external_acl helpers to
- build and install as part of the normal build
- process. For a list of available helpers see the
- helpers/external_acl directory.],
+[ --enable-external-acl-helpers="list of helpers"
+ This option selects which external_acl helpers to
+ build and install as part of the normal build
+ process. For a list of available helpers see the
+ helpers/external_acl directory.],
[ case "$enableval" in
yes)
echo "ERROR: --enable-external-acl-helpers requires an argument"
@@ -1424,11 +1424,11 @@
dnl Enable X-Accelerator-Vary for Vary support within an accelerator setup
AC_ARG_ENABLE(x_accelerator_vary,
[ --enable-x-accelerator-vary
- Enable support for the X-Accelerator-Vary
- HTTP header. Can be used to indicate
- variance within an accelerator setup.
- Typically used together with other code
- that adds custom HTTP headers to the requests.],
+ Enable support for the X-Accelerator-Vary
+ HTTP header. Can be used to indicate
+ variance within an accelerator setup.
+ Typically used together with other code
+ that adds custom HTTP headers to the requests.],
[ if test "$enableval" = "yes" ; then
echo "Enabling support for X-Accelerator-Vary"
AC_DEFINE(X_ACCELERATOR_VARY, 1, [Enable support for the X-Accelerator-Vary HTTP header])
@@ -1437,10 +1437,10 @@
AC_ARG_ENABLE(follow-x-forwarded-for,
[ --enable-follow-x-forwarded-for
- Enable support for following the X-Forwarded-For
- HTTP header to try to find the IP address of the
- original or indirect client when a request has
- been forwarded through other proxies.],
+ Enable support for following the X-Forwarded-For
+ HTTP header to try to find the IP address of the
+ original or indirect client when a request has
+ been forwarded through other proxies.],
[ if test "$enableval" = "yes" ; then
echo "follow X-Forwarded-For enabled"
AC_DEFINE(FOLLOW_X_FORWARDED_FOR, 1, [Enable following X-Forwarded-For headers])
@@ -1934,7 +1934,7 @@
struct sockaddr_un sunaddr;
sunaddr.sun_family = AF_UNIX;
],
- squid_cv_unixsocket=yes,squid_cv_unixsocket=no)])
+ squid_cv_unixsocket=yes,squid_cv_unixsocket=no)])
if test x"$squid_cv_unixsocket" = x"yes"; then
AC_DEFINE(HAVE_UNIXSOCKET, 1, [Do we have unix sockets? (required for the winbind ntlm helper])
fi
@@ -1994,18 +1994,18 @@
CFLAGS="$CFLAGS -D_REENTRANT"
case "$host" in
i386-unknown-freebsd*)
- if test "$GCC" = "yes" ; then
- if test -z "$PRESET_LDFLAGS"; then
- LDFLAGS="$LDFLAGS -pthread"
- fi
- fi
+ if test "$GCC" = "yes" ; then
+ if test -z "$PRESET_LDFLAGS"; then
+ LDFLAGS="$LDFLAGS -pthread"
+ fi
+ fi
;;
*-solaris2.*)
- if test "$GCC" = "yes" ; then
+ if test "$GCC" = "yes" ; then
CFLAGS="$CFLAGS -pthreads"
else
CFLAGS="$CFLAGS -mt"
- fi
+ fi
;;
esac
AC_CHECK_LIB(pthread, main)
@@ -2079,16 +2079,16 @@
dnl
case "$host" in
i386-*-solaris2.*)
- if test "$GCC" = "yes"; then
+ if test "$GCC" = "yes"; then
echo "Removing -O for gcc on $host"
CFLAGS="`echo $CFLAGS | sed -e 's/-O[[0-9]]*//'`"
fi
;;
*-sgi-irix*)
- echo "Removing -lsocket for IRIX..."
- LIBS=`echo $LIBS | sed -e s/-lsocket//`
- echo "Removing -lnsl for IRIX..."
- LIBS=`echo $LIBS | sed -e s/-lnsl//`
+ echo "Removing -lsocket for IRIX..."
+ LIBS=`echo $LIBS | sed -e s/-lsocket//`
+ echo "Removing -lnsl for IRIX..."
+ LIBS=`echo $LIBS | sed -e s/-lnsl//`
ac_cv_lib_nsl_main=no
echo "Removing -lbsd for IRIX..."
LIBS=`echo $LIBS | sed -e s/-lbsd//`
@@ -2252,10 +2252,12 @@
LIBS="$SAVED_LIBS"
dnl Verify that epoll really works
-if test ac_cv_func_epoll_ctl = yes; then
+if test $ac_cv_func_epoll_ctl = yes; then
AC_CACHE_CHECK(if epoll works, ac_cv_epoll_works,
AC_TRY_RUN([
#include
+#include
+#include
int main(int argc, char **argv)
{
int fd = epoll_create(256);
@@ -2265,7 +2267,7 @@
}
exit(0);
}
- ], [ac_cv_epoll_works=yes; ac_cv_func_epol_ctl=no], [ac_cv_epoll_works=no]))
+ ], [ac_cv_epoll_works=yes], [ac_cv_epoll_works=no]))
if test ac_cv_epoll_works = no && test ac_force_epoll = yes; then
echo "Error - no epoll found";
echo "Try running 'sh ./scripts/get_epoll-lib.sh'";
@@ -2282,44 +2284,44 @@
if test -n "$SELECT_TYPE"; then
: # Nothing to do
-elif test "$ac_cv_func_epoll_ctl" = "yes" ; then
- SELECT_TYPE="epoll"
+elif test "$ac_cv_epoll_works" = "yes" ; then
+ SELECT_TYPE="epoll"
elif test "$ac_cv_func_kqueue" = "yes" ; then
- SELECT_TYPE="kqueue"
+ SELECT_TYPE="kqueue"
elif test "$ac_cv_func_poll" = "yes" ; then
- SELECT_TYPE="poll"
+ SELECT_TYPE="poll"
elif test "$ac_cv_func_select" = "yes" ; then
case "$host_os" in
mingw|mingw32)
- SELECT_TYPE="select_win32"
+ SELECT_TYPE="select_win32"
;;
*)
- SELECT_TYPE="select"
+ SELECT_TYPE="select"
;;
esac
else
- echo "Eep! Can't find poll, epoll, kqueue or select!"
- echo "I'll try select and hope for the best."
- SELECT_TYPE="select"
+ echo "Eep! Can't find poll, epoll, kqueue or select!"
+ echo "I'll try select and hope for the best."
+ SELECT_TYPE="select"
fi
case "$SELECT_TYPE" in
epoll)
- AC_DEFINE(USE_EPOLL,1,[Use epoll() for the IO loop])
- AC_CHECK_LIB(epoll, epoll_create, [EPOLL_LIBS="-lepoll"])
- AC_SUBST(EPOLL_LIBS)
+ AC_DEFINE(USE_EPOLL,1,[Use epoll() for the IO loop])
+ AC_CHECK_LIB(epoll, epoll_create, [EPOLL_LIBS="-lepoll"])
+ AC_SUBST(EPOLL_LIBS)
;;
poll)
- AC_DEFINE(USE_POLL,1,[Use poll() for the IO loop])
+ AC_DEFINE(USE_POLL,1,[Use poll() for the IO loop])
;;
select)
- AC_DEFINE(USE_SELECT,1,[Use select() for the IO loop])
+ AC_DEFINE(USE_SELECT,1,[Use select() for the IO loop])
;;
select_win32)
AC_DEFINE(USE_SELECT_WIN32,1,[Use Winsock select() for the IO loop])
;;
kqueue)
- AC_DEFINE(USE_KQUEUE,1,[Use kqueue() for the IO loop])
+ AC_DEFINE(USE_KQUEUE,1,[Use kqueue() for the IO loop])
;;
*)
echo "ERROR: Unknown IO loop type '$SELECT_TYPE'"
@@ -2372,16 +2374,16 @@
AC_TRY_RUN([
#include
void f (int i, ...) {
- va_list args1, args2;
- va_start (args1, i);
- va_copy (args2, args1);
- if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
- exit (1);
- va_end (args1); va_end (args2);
+ va_list args1, args2;
+ va_start (args1, i);
+ va_copy (args2, args1);
+ if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+ exit (1);
+ va_end (args1); va_end (args2);
}
int main() {
- f (0, 42);
- return 0;
+ f (0, 42);
+ return 0;
}
],ac_cv_func_va_copy="yes",ac_cv_func_va_copy="no")
)
@@ -2396,16 +2398,16 @@
AC_TRY_RUN([
#include
void f (int i, ...) {
- va_list args1, args2;
- va_start (args1, i);
- __va_copy (args2, args1);
- if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
- exit (1);
- va_end (args1); va_end (args2);
+ va_list args1, args2;
+ va_start (args1, i);
+ __va_copy (args2, args1);
+ if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+ exit (1);
+ va_end (args1); va_end (args2);
}
int main() {
- f (0, 42);
- return 0;
+ f (0, 42);
+ return 0;
}
],ac_cv_func___va_copy="yes",ac_cv_func___va_copy="no")
)
@@ -2419,28 +2421,28 @@
AC_MSG_CHECKING(if IP-Filter header files are installed)
# hold on to your hats...
if test "$ac_cv_header_ip_compat_h" = "yes" ||
- test "$ac_cv_header_ip_fil_compat_h" = "yes" ||
- test "$ac_cv_header_netinet_ip_compat_h" = "yes" ||
- test "$ac_cv_header_netinet_ip_fil_compat_h" = "yes" ; then
- have_ipfilter_compat_header="yes"
+ test "$ac_cv_header_ip_fil_compat_h" = "yes" ||
+ test "$ac_cv_header_netinet_ip_compat_h" = "yes" ||
+ test "$ac_cv_header_netinet_ip_fil_compat_h" = "yes" ; then
+ have_ipfilter_compat_header="yes"
fi
if test "x$have_ipfilter_compat_header" = "xyes" &&
test "$ac_cv_header_ip_fil_h" = "yes" &&
test "$ac_cv_header_ip_nat_h" = "yes" ; then
- IPF_TRANSPARENT="yes"
- AC_DEFINE(IPF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using IP-Filter
+ IPF_TRANSPARENT="yes"
+ AC_DEFINE(IPF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using IP-Filter
address redirection. This provides "masquerading" support for non
Linux system.])
elif test "$have_ipfilter_compat_header" = "yes" &&
- test "$ac_cv_header_netinet_ip_fil_h" = "yes" &&
- test "$ac_cv_header_netinet_ip_nat_h" = "yes" ; then
- IPF_TRANSPARENT="yes"
- AC_DEFINE(IPF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using IP-Filter
+ test "$ac_cv_header_netinet_ip_fil_h" = "yes" &&
+ test "$ac_cv_header_netinet_ip_nat_h" = "yes" ; then
+ IPF_TRANSPARENT="yes"
+ AC_DEFINE(IPF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using IP-Filter
address redirection. This provides "masquerading" support for non
Linux system.])
else
- IPF_TRANSPARENT="no"
- AC_DEFINE(IPF_TRANSPARENT, 0, [Enable support for Transparent Proxy on systems using IP-Filter
+ IPF_TRANSPARENT="no"
+ AC_DEFINE(IPF_TRANSPARENT, 0, [Enable support for Transparent Proxy on systems using IP-Filter
address redirection. This provides "masquerading" support for non
Linux system.])
fi
@@ -2457,12 +2459,12 @@
AC_MSG_CHECKING(if PF header file is installed)
# hold on to your hats...
if test "$ac_cv_header_net_pfvar_h" = "yes"; then
- PF_TRANSPARENT="yes"
- AC_DEFINE(PF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using PF address
+ PF_TRANSPARENT="yes"
+ AC_DEFINE(PF_TRANSPARENT, 1, [Enable support for Transparent Proxy on systems using PF address
redirection. This provides "masquerading" support for OpenBSD.])
else
- PF_TRANSPARENT="no"
- AC_DEFINE(PF_TRANSPARENT, 0, [Enable support for Transparent Proxy on systems using PF address
+ PF_TRANSPARENT="no"
+ AC_DEFINE(PF_TRANSPARENT, 0, [Enable support for Transparent Proxy on systems using PF address
redirection. This provides "masquerading" support for OpenBSD.])
fi
AC_MSG_RESULT($PF_TRANSPARENT)
@@ -2479,11 +2481,11 @@
AC_MSG_CHECKING(if Linux 2.4 or newer kernel header files are installed)
# hold on to your hats...
if test "$ac_cv_header_linux_netfilter_ipv4_h" = "yes"; then
- LINUX_NETFILTER="yes"
- AC_DEFINE(LINUX_NETFILTER, 1, [Enable support for Transparent Proxy on Linux (Netfilter) systems])
+ LINUX_NETFILTER="yes"
+ AC_DEFINE(LINUX_NETFILTER, 1, [Enable support for Transparent Proxy on Linux (Netfilter) systems])
else
- LINUX_NETFILTER="no"
- AC_DEFINE(LINUX_NETFILTER, 0, [Enable support for Transparent Proxy on Linux (Netfilter) systems])
+ LINUX_NETFILTER="no"
+ AC_DEFINE(LINUX_NETFILTER, 0, [Enable support for Transparent Proxy on Linux (Netfilter) systems])
fi
AC_MSG_RESULT($LINUX_NETFILTER)
fi
@@ -2499,11 +2501,11 @@
AC_MSG_CHECKING(if TPROXY header files are installed)
# hold on to your hats...
if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes"; then
- LINUX_TPROXY="yes"
- AC_DEFINE(LINUX_TPROXY, 1, [Enable real Transparent Proxy support for Netfilter TPROXY.])
+ LINUX_TPROXY="yes"
+ AC_DEFINE(LINUX_TPROXY, 1, [Enable real Transparent Proxy support for Netfilter TPROXY.])
else
- LINUX_TPROXY="no"
- AC_DEFINE(LINUX_TPROXY, 0, [Enable real Transparent Proxy support for Netfilter TPROXY.])
+ LINUX_TPROXY="no"
+ AC_DEFINE(LINUX_TPROXY, 0, [Enable real Transparent Proxy support for Netfilter TPROXY.])
fi
AC_MSG_RESULT($LINUX_TPROXY)
fi
@@ -2583,9 +2585,9 @@
AC_ARG_WITH(maxfd,
[ --with-maxfd=N Override maximum number of filedescriptors. Useful
- if you build as another user who is not privileged
- to use the number of filedescriptors you want the
- resulting binary to support],
+ if you build as another user who is not privileged
+ to use the number of filedescriptors you want the
+ resulting binary to support],
[ case $withval in
[[0-9]]*)
SQUID_MAXFD=$withval
@@ -2629,37 +2631,37 @@
struct rlimit rl;
#if defined(RLIMIT_NOFILE)
if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
- perror("getrlimit: RLIMIT_NOFILE");
+ perror("getrlimit: RLIMIT_NOFILE");
} else {
- rl.rlim_cur = rl.rlim_max; /* set it to the max */
- if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {
- perror("setrlimit: RLIMIT_NOFILE");
- }
+ rl.rlim_cur = rl.rlim_max; /* set it to the max */
+ if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {
+ perror("setrlimit: RLIMIT_NOFILE");
+ }
}
#elif defined(RLIMIT_OFILE)
if (getrlimit(RLIMIT_OFILE, &rl) < 0) {
- perror("getrlimit: RLIMIT_OFILE");
+ perror("getrlimit: RLIMIT_OFILE");
} else {
- rl.rlim_cur = rl.rlim_max; /* set it to the max */
- if (setrlimit(RLIMIT_OFILE, &rl) < 0) {
- perror("setrlimit: RLIMIT_OFILE");
- }
+ rl.rlim_cur = rl.rlim_max; /* set it to the max */
+ if (setrlimit(RLIMIT_OFILE, &rl) < 0) {
+ perror("setrlimit: RLIMIT_OFILE");
+ }
}
#endif /* RLIMIT_NOFILE */
#endif /* HAVE_SETRLIMIT */
/* by starting at 2^14, we will never get higher
than 2^15 for SQUID_MAXFD */
- i = j = 1<<14;
- while (j) {
- j >>= 1;
- if (dup2(0, i) < 0) {
- i -= j;
- } else {
- close(i);
- i += j;
- }
- }
- i++;
+ i = j = 1<<14;
+ while (j) {
+ j >>= 1;
+ if (dup2(0, i) < 0) {
+ i -= j;
+ } else {
+ close(i);
+ i += j;
+ }
+ }
+ i++;
#endif /* IF !DEF CYGWIN */
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", i & ~0x3F);
@@ -2692,12 +2694,12 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
if (val<=0) exit(1);
- fp = fopen("conftestval", "w");
- fprintf (fp, "%d\n", val);
+ fp = fopen("conftestval", "w");
+ fprintf (fp, "%d\n", val);
exit(0);
}
],
@@ -2718,9 +2720,9 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
if (val <= 0) exit(1);
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", val);
@@ -2744,9 +2746,9 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) exit(1);
if (val <= 0) exit(1);
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", val);
@@ -2774,9 +2776,9 @@
main ()
{
FILE *fp;
- int fd,val=0,len=sizeof(int);
+ int fd,val=0,len=sizeof(int);
if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit(1);
- if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
+ if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) exit(1);
if (val <= 0) exit(1);
fp = fopen("conftestval", "w");
fprintf (fp, "%d\n", val);
diff -ruN squid-2.6.RC2/include/version.h squid-2.6.STABLE1/include/version.h
--- squid-2.6.RC2/include/version.h Sun Jun 25 13:39:21 2006
+++ squid-2.6.STABLE1/include/version.h Sat Jul 1 12:42:47 2006
@@ -9,5 +9,5 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1151264358
+#define SQUID_RELEASE_TIME 1151779363
#endif
diff -ruN squid-2.6.RC2/lib/util.c squid-2.6.STABLE1/lib/util.c
--- squid-2.6.RC2/lib/util.c Fri Jun 2 11:32:44 2006
+++ squid-2.6.STABLE1/lib/util.c Mon Jun 26 09:01:59 2006
@@ -1,6 +1,6 @@
/*
- * $Id: util.c,v 1.91 2006/06/02 17:32:44 serassio Exp $
+ * $Id: util.c,v 1.92 2006/06/26 15:01:59 hno Exp $
*
* DEBUG:
* AUTHOR: Harvest Derived
@@ -623,14 +623,14 @@
xstrerror(void)
{
static char xstrerror_buf[BUFSIZ];
- static char strerror_buf[BUFSIZ];
+ const char *errmsg;
- snprintf(strerror_buf, BUFSIZ, "%s", strerror(errno));
+ errmsg = strerror(errno);
- if (strerror_buf)
- snprintf(xstrerror_buf, BUFSIZ, "(%d) %s", errno, strerror_buf);
- else
- snprintf(xstrerror_buf, BUFSIZ, "(%d) Unknown", errno);
+ if (!errmsg || !*errmsg)
+ errmsg = "Unknown error";
+
+ snprintf(xstrerror_buf, BUFSIZ, "(%d) %s", errno, errmsg);
return xstrerror_buf;
}
diff -ruN squid-2.6.RC2/src/CacheDigest.c squid-2.6.STABLE1/src/CacheDigest.c
--- squid-2.6.RC2/src/CacheDigest.c Tue May 17 10:56:37 2005
+++ squid-2.6.STABLE1/src/CacheDigest.c Wed Jun 28 04:31:56 2006
@@ -1,6 +1,6 @@
/*
- * $Id: CacheDigest.c,v 1.34 2005/05/17 16:56:37 hno Exp $
+ * $Id: CacheDigest.c,v 1.35 2006/06/28 10:31:56 hno Exp $
*
* DEBUG: section 70 Cache Digest
* AUTHOR: Alex Rousskov
@@ -194,7 +194,7 @@
assert(stats);
memset(stats, 0, sizeof(*stats));
while (pos-- > 0) {
- const int is_on = 0 != CBIT_TEST(cd->mask, pos);
+ const int is_on = CBIT_TEST(cd->mask, pos);
if (is_on)
on_count++;
if (is_on != cur_seq_type || !pos) {
diff -ruN squid-2.6.RC2/src/MemPool.c squid-2.6.STABLE1/src/MemPool.c
--- squid-2.6.RC2/src/MemPool.c Tue Jun 6 11:43:08 2006
+++ squid-2.6.STABLE1/src/MemPool.c Mon Jun 26 09:01:59 2006
@@ -1,6 +1,6 @@
/*
- * $Id: MemPool.c,v 1.37 2006/06/06 17:43:08 hno Exp $
+ * $Id: MemPool.c,v 1.38 2006/06/26 15:01:59 hno Exp $
*
* DEBUG: section 63 Low Level Memory Pool Management
* AUTHOR: Alex Rousskov
@@ -145,7 +145,6 @@
{
size_t start_limit = TheMeter.idle.level;
int i;
- assert(start_limit >= 0 && new_limit >= 0);
debug(63, 1) ("memShrink: started with %ld KB goal: %ld KB\n",
(long int) toKB(TheMeter.idle.level), (long int) toKB(new_limit));
/* first phase: cut proportionally to the pool idle size */
@@ -337,7 +336,6 @@
memPoolShrink(MemPool * pool, size_t new_limit)
{
assert(pool);
- assert(new_limit >= 0);
while (pool->meter.idle.level > new_limit && pool->pstack.count > 0) {
memMeterDec(pool->meter.alloc);
memMeterDec(pool->meter.idle);
diff -ruN squid-2.6.RC2/src/cache_cf.c squid-2.6.STABLE1/src/cache_cf.c
--- squid-2.6.RC2/src/cache_cf.c Thu Jun 22 20:13:33 2006
+++ squid-2.6.STABLE1/src/cache_cf.c Fri Jun 30 15:23:04 2006
@@ -1,6 +1,6 @@
/*
- * $Id: cache_cf.c,v 1.448 2006/06/23 02:13:33 hno Exp $
+ * $Id: cache_cf.c,v 1.449 2006/06/30 21:23:04 hno Exp $
*
* DEBUG: section 3 Configuration File Parsing
* AUTHOR: Harvest Derived
@@ -2718,6 +2718,11 @@
s->urlgroup = xstrdup(token + 9);
} else if (strncmp(token, "protocol=", 9) == 0) {
s->protocol = xstrdup(token + 9);
+#if LINUX_TPROXY
+ } else if (strcmp(token, "tproxy") == 0) {
+ s->tproxy = 1;
+ need_linux_tproxy = 1;
+#endif
} else {
self_destruct();
}
diff -ruN squid-2.6.RC2/src/cf.data.pre squid-2.6.STABLE1/src/cf.data.pre
--- squid-2.6.RC2/src/cf.data.pre Thu Jun 22 20:10:01 2006
+++ squid-2.6.STABLE1/src/cf.data.pre Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
#
-# $Id: cf.data.pre,v 1.349 2006/06/23 02:10:01 hno Exp $
+# $Id: cf.data.pre,v 1.355 2006/06/30 21:23:05 hno Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
@@ -98,7 +98,9 @@
Prevent forwarding of Microsoft
connection oriented authentication
(NTLM, Negotiate and Kerberos)
-
+ tproxy Support Linux TPROXY for spoofing
+ outgoing connections using the client
+ IP address.
If you run Squid on a dual-homed machine with an internal
and an external interface we recommend you to specify the
@@ -117,14 +119,14 @@
DEFAULT: none
LOC: Config.Sockaddr.https
DOC_START
- Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
+ Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
- The socket address where Squid will listen for HTTPS client
- requests.
+ The socket address where Squid will listen for HTTPS client
+ requests.
- This is really only useful for situations where you are running
- squid in accelerator mode and you want to do the SSL work at the
- accelerator level.
+ This is really only useful for situations where you are running
+ squid in accelerator mode and you want to do the SSL work at the
+ accelerator level.
You may specify multiple socket addresses on multiple lines,
each with their own SSL certificate and/or options.
@@ -176,7 +178,7 @@
and CRL lists to use when verifying client certificates
crlfile= File of additional CRL lists to use when verifying
- the client certificate, in addition to CRLs stored in
+ the client certificate, in addition to CRLs stored in
the capath. Implies VERIFY_CRL flag below.
dhparams= File containing DH parameters for temporary/ephemeral
@@ -612,7 +614,7 @@
4 = TLS v1 only
use sslcipher=... to specify the list of valid SSL ciphers
- to use when connecting to this peer
+ to use when connecting to this peer.
use ssloptions=... to specify various SSL engine options:
NO_SSLv2 Disallow the use of SSLv2
@@ -621,11 +623,16 @@
See src/ssl_support.c or the OpenSSL documentation for
a more complete list.
- use cafile=... to specify a file containing additional
- CA certificates to use when verifying the peer certificate
+ use sslcafile=... to specify a file containing
+ additional CA certificates to use when verifying the
+ peer certificate.
+
+ use sslcapath=... to specify a directory containing
+ additional CA certificates to use when verifying the
+ peer certificate.
- use capath=... to specify a directory containing additional
- CA certificates to use when verifying the peer certificate
+ use sslcrlfile=... to specify a certificate revocation
+ list file to use when verifying the peer certificate.
use sslflags=... to specify various flags modifying the
SSL implementation:
@@ -636,7 +643,7 @@
Don't use the default CA list built in
to OpenSSL.
- use sslname= to specify the peer name as advertised
+ use ssldomain= to specify the peer name as advertised
in it's certificate. Used for verifying the correctness
of the received peer certificate. If not specified the
peer hostname will be used.
@@ -652,7 +659,7 @@
not support Microsoft connection oriented authentication,
and any such challenges received from there should be
ignored. Default is auto to automatically determine the
- status of the peer peer.
+ status of the peer.
NOTE: non-ICP/HTCP neighbors must be specified as 'parent'.
DOC_END
@@ -835,7 +842,7 @@
NOCOMMENT_START
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
-acl Apache rep_header Server ^Apache
+acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
NOCOMMENT_END
DOC_END
@@ -944,10 +951,10 @@
DEFAULT: 8 KB
LOC: Config.Store.maxInMemObjSize
DOC_START
- Objects greater than this size will not be attempted to kept in
- the memory cache. This should be set high enough to keep objects
- accessed frequently in memory to improve performance whilst low
- enough to keep larger objects from hoarding cache_mem.
+ Objects greater than this size will not be attempted to kept in
+ the memory cache. This should be set high enough to keep objects
+ accessed frequently in memory to improve performance whilst low
+ enough to keep larger objects from hoarding cache_mem.
DOC_END
NAME: ipcache_size
@@ -1555,10 +1562,10 @@
DEFAULT: off
LOC: Config.onoff.res_defnames
DOC_START
- Normally the RES_DEFNAMES resolver option is disabled
- (see res_init(3)). This prevents caches in a hierarchy
+ Normally the RES_DEFNAMES resolver option is disabled
+ (see res_init(3)). This prevents caches in a hierarchy
from interpreting single-component hostnames locally. To allow
- Squid to handle single-component names, enable this option.
+ Squid to handle single-component names, enable this option.
DOC_END
NAME: dns_nameservers
@@ -1587,11 +1594,11 @@
default locations:
- Un*X & Linux: /etc/hosts
- Windows NT/2000: %SystemRoot%\system32\drivers\etc\hosts
- (%SystemRoot% value install default is c:\winnt)
+ (%SystemRoot% value install default is c:\winnt)
- Windows XP/2003: %SystemRoot%\system32\drivers\etc\hosts
- (%SystemRoot% value install default is c:\windows)
+ (%SystemRoot% value install default is c:\windows)
- Windows 9x/Me: %windir%\hosts
- (%windir% value is usually c:\windows)
+ (%windir% value is usually c:\windows)
- Cygwin: /etc/hosts
The file contains newline-separated definitions, in the
@@ -1871,8 +1878,8 @@
If you want to use a digest authenticator, jump over to the
helpers/digest_auth/ directory and choose the authenticator to use.
It it's directory type
- % make
- % make install
+ % make
+ % make install
Then, set this line to something like
@@ -1922,7 +1929,7 @@
"post_workaround" on|off
This is a workaround to certain buggy browsers who sends an incorrect
request digest in POST requests when reusing the same nonce as acquired
- earlier in response to a GET request.
+ earlier in response to a GET request.
auth_param digest post_workaround off
=== NTLM scheme options follow ===
@@ -2057,19 +2064,19 @@
Options:
ttl=n TTL in seconds for cached results (defaults to 3600
- for 1 hour)
+ for 1 hour)
negative_ttl=n
- TTL for cached negative lookups (default same
- as ttl)
+ TTL for cached negative lookups (default same
+ as ttl)
children=n number of processes spawn to service external acl
lookups of this type.
Note: see compatibility note below
concurrency=n concurrency level per process. Use 0 for simple helpers
who can only process a single request at a time.
cache=n result cache size, 0 is unbounded (default)
- grace= Percentage remaining of TTL where a refresh of a
- cached entry should be initiated without needing to
- wait for a new reply. (default 0 for no grace period)
+ grace= Percentage remaining of TTL where a refresh of a
+ cached entry should be initiated without needing to
+ wait for a new reply. (default 0 for no grace period)
protocol=2.5 Compatibility mode for Squid-2.5 external acl helpers
FORMAT specifications
@@ -2085,19 +2092,19 @@
%MYADDR Squid interface address
%MYPORT Squid http_port number
%PATH Requested URL-path (including query-string if any)
- %USER_CERT SSL User certificate in PEM format
- %USER_CERTCHAIN SSL User certificate chain in PEM format
- %USER_CERT_xx SSL User certificate subject attribute xx
- %USER_CA_xx SSL User certificate issuer attribute xx
+ %USER_CERT SSL User certificate in PEM format
+ %USER_CERTCHAIN SSL User certificate chain in PEM format
+ %USER_CERT_xx SSL User certificate subject attribute xx
+ %USER_CA_xx SSL User certificate issuer attribute xx
%{Header} HTTP request header
%{Hdr:member} HTTP request header list member
%{Hdr:;member}
- HTTP request header list member using ; as
- list separator. ; can be any non-alphanumeric
+ HTTP request header list member using ; as
+ list separator. ; can be any non-alphanumeric
character.
%ACL The ACL name
%DATA The ACL arguments. If not used then any arguments
- is automatically added at the end
+ is automatically added at the end
In addition, any string specified in the referencing acl will
also be included in the helper request line, after the specified
@@ -2117,7 +2124,7 @@
user= The users name (login also understood)
password= The users password (for PROXYPASS login= cache_peer)
message= Error message or similar used as %o in error messages
- (error also understood)
+ (error also understood)
log= String to be logged in access.log. Available as
%ea in logformat specifications
@@ -2234,18 +2241,18 @@
this feature could make you liable for problems which
it causes.
- ignore-no-cache ignores any ``Pragma: no-cache'' and
+ ignore-no-cache ignores any ``Pragma: no-cache'' and
``Cache-control: no-cache'' headers received from a server.
The HTTP RFC never allows the use of this (Pragma) header
from a server, only a client, though plenty of servers
send it anyway.
- ignore-private ignores any ``Cache-control: private''
- headers received from a server. Doing this VIOLATES
+ ignore-private ignores any ``Cache-control: private''
+ headers received from a server. Doing this VIOLATES
the HTTP standard. Enabling this feature could make you
liable for problems which it causes.
- ignore-auth caches responses to requests with authorization,
+ ignore-auth caches responses to requests with authorization,
irrespective of ``Cache-control'' headers received from
a server. Doing this VIOLATES the HTTP standard. Enabling
this feature could make you liable for problems which
@@ -2629,9 +2636,9 @@
acl aclname method GET POST ...
acl aclname browser [-i] regexp ...
# pattern match on User-Agent header (see also req_header below)
- acl aclname referer_regex [-i] regexp ...
- # pattern match on Referer header
- # Referer is highly unreliable, so use with care
+ acl aclname referer_regex [-i] regexp ...
+ # pattern match on Referer header
+ # Referer is highly unreliable, so use with care
acl aclname ident username ...
acl aclname ident_regex [-i] pattern ...
# string match on ident output.
@@ -2914,16 +2921,16 @@
DEFAULT: none
DEFAULT_IF_NONE: allow all
DOC_START
- Allow replies to client requests. This is complementary to http_access.
+ Allow replies to client requests. This is complementary to http_access.
- http_reply_access allow|deny [!] aclname ...
+ http_reply_access allow|deny [!] aclname ...
- NOTE: if there are no access lines present, the default is to allow
+ NOTE: if there are no access lines present, the default is to allow
all replies
- If none of the access lines cause a match the opposite of the
- last line will apply. Thus it is good practice to end the rules
- with an "allow all" or "deny all" entry.
+ If none of the access lines cause a match the opposite of the
+ last line will apply. Thus it is good practice to end the rules
+ with an "allow all" or "deny all" entry.
NOCOMMENT_START
#Recommended minimum configuration:
@@ -3148,7 +3155,7 @@
DEFAULT_IF_NONE: 0 allow all
LOC: Config.ReplyBodySize
DOC_START
- This option specifies the maximum size of a reply body in bytes.
+ This option specifies the maximum size of a reply body in bytes.
It can be used to prevent users from downloading very large files,
such as MP3's and movies. When the reply headers are received,
the reply_body_max_size lines are processed, and the first line with
@@ -3176,9 +3183,9 @@
DEFAULT: none
COMMENT: allow|deny acl acl...
DOC_START
- This options allows you to control which requests gets logged
- to access.log (see cache_access_log directive). Requests denied
- for logging will also not be accounted for in performance counters.
+ This options allows you to control which requests gets logged
+ to access.log (see access_log directive). Requests denied for
+ logging will also not be accounted for in performance counters.
DOC_END
COMMENT_START
@@ -4298,7 +4305,7 @@
Use this option if you require WCCP to use a specific
interface address.
- The default behavior is to not bind to any specific address.
+ The default behavior is to not bind to any specific address.
DOC_END
@@ -4364,11 +4371,11 @@
This is used to determine which delay pool a request falls into.
delay_access is sorted per pool and the matching starts with pool 1,
- then pool 2, ..., and finally pool N. The first delay pool where the
- request is allowed is selected for the request. If it does not allow
+ then pool 2, ..., and finally pool N. The first delay pool where the
+ request is allowed is selected for the request. If it does not allow
the request to any pool then the request is not delayed (default).
- For example, if you want some_big_clients in delay
+ For example, if you want some_big_clients in delay
pool 1 and lotsa_little_clients in delay pool 2:
Example:
@@ -4992,48 +4999,6 @@
If set to "off" then such HTTP errors will cause the request
or response to be rejected.
-DOC_END
-
-NAME: linux_tproxy
-IFDEF: LINUX_TPROXY
-COMMENT: on|off
-TYPE: onoff
-LOC: Config.onoff.linux_tproxy
-DEFAULT: off
-DOC_START
- If you have a Linux 2.4 or newer system with Netfilter TPROXY support,
- and you have compiled squid with the correct options, then you can
- enable this option to allow squid to spoof the source address of
- this option to allow squid to spoof the source address of
- outgoing connections to servers so that they see connections from
- the original client IP addresses. Enable this only if you know
- what you are doing. You will need to set a valid
- tcp_outgoing_address.
-DOC_END
-
-NAME: tproxy_port
-IFDEF: LINUX_TPROXY
-TYPE: ushort
-LOC: Config.tproxy_port
-DEFAULT: 0
-DOC_START
- If you have enabled the linux_tproxy option, this will decide when
- squid will spoof the source IP address. If this option is set to
- "0" (default), then squid will spoof the source address for every
- connection. If this option is set to any other value, then squid
- will only spoof the client address if the connection to the proxy
- server is made on the specified port.
-
- If you have an iptables rule as follows:
-
- iptables -t tproxy -A PREROUTING -m tcp --dport 80 \
- -j TPROXY --on-port 90
-
- Then setting this option to 90 will allow the transparent
- connections made to squid's port 90 to have the source IP address
- spoofed. If a client has specified their proxy settings and are
- using another port on the squid server (eg 3128) then squid will
- not spoof the source address.
DOC_END
EOF
diff -ruN squid-2.6.RC2/src/client_side.c squid-2.6.STABLE1/src/client_side.c
--- squid-2.6.RC2/src/client_side.c Thu Jun 22 20:10:01 2006
+++ squid-2.6.STABLE1/src/client_side.c Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
/*
- * $Id: client_side.c,v 1.651 2006/06/23 02:10:01 hno Exp $
+ * $Id: client_side.c,v 1.656 2006/06/30 21:23:05 hno Exp $
*
* DEBUG: section 33 Client-side Routines
* AUTHOR: Duane Wessels
@@ -679,10 +679,6 @@
if (mem->reply) {
const char *etag = httpHeaderGetStr(&mem->reply->header, HDR_ETAG);
if (etag) {
- if (request->vary && request->vary->broken_encoding && strBuf(request->vary_encoding)) {
- request->vary_encoding = httpHeaderGetStrOrList(&request->header, HDR_CONTENT_ENCODING);
- strCat(request->vary_encoding, "");
- }
storeAddVary(mem->url, mem->log_url, mem->method, NULL, httpHeaderGetStr(&mem->reply->header, HDR_ETAG), request->vary_hdr, request->vary_headers, strBuf(request->vary_encoding));
}
}
@@ -1474,34 +1470,56 @@
if (request->range)
request->flags.range = 1;
}
- if (httpHeaderHas(req_hdr, HDR_AUTHORIZATION) || httpHeaderHas(req_hdr, HDR_PROXY_AUTHORIZATION)) {
+ if (httpHeaderHas(req_hdr, HDR_AUTHORIZATION))
+ request->flags.auth = 1;
+ else if (request->login[0] != '\0')
+ request->flags.auth = 1;
+ if (request->flags.no_connection_auth) {
+ /* nothing special to do here.. */
+ } else if (http->conn->pinning.fd != -1) {
+ if (http->conn->pinning.auth) {
+ request->flags.connection_auth = 1;
+ request->flags.auth = 1;
+ } else {
+ request->flags.connection_proxy_auth = 1;
+ }
+ request->pinned_connection = http->conn;
+ cbdataLock(request->pinned_connection);
+ }
+ /* check if connection auth is used, and flag as candidate for pinning
+ * in such case.
+ * Note: we may need to set flags.connection_auth even if the connection
+ * is already pinned if it was pinned earlier due to proxy auth
+ */
+ if (request->flags.connection_auth) {
+ /* already taken care of above */
+ } else if (httpHeaderHas(req_hdr, HDR_AUTHORIZATION) || httpHeaderHas(req_hdr, HDR_PROXY_AUTHORIZATION)) {
HttpHeaderPos pos = HttpHeaderInitPos;
HttpHeaderEntry *e;
- request->flags.auth = 1;
- if (!request->flags.no_connection_auth) {
- while ((e = httpHeaderGetEntry(req_hdr, &pos))) {
- if (e->id == HDR_AUTHORIZATION || e->id == HDR_PROXY_AUTHORIZATION) {
- const char *value = strBuf(e->value);
- if (strncasecmp(value, "NTLM ", 5) == 0
- ||
- strncasecmp(value, "Negotiate ", 10) == 0
- ||
- strncasecmp(value, "Kerberos ", 9) == 0) {
+ int may_pin = 0;
+ while ((e = httpHeaderGetEntry(req_hdr, &pos))) {
+ if (e->id == HDR_AUTHORIZATION || e->id == HDR_PROXY_AUTHORIZATION) {
+ const char *value = strBuf(e->value);
+ if (strncasecmp(value, "NTLM ", 5) == 0
+ ||
+ strncasecmp(value, "Negotiate ", 10) == 0
+ ||
+ strncasecmp(value, "Kerberos ", 9) == 0) {
+ if (e->id == HDR_AUTHORIZATION) {
request->flags.connection_auth = 1;
- request->flags.must_keepalive = 1;
- /* the pinned connection is set below */
- break;
+ may_pin = 1;
+ } else {
+ request->flags.connection_proxy_auth = 1;
+ may_pin = 1;
}
}
}
}
+ if (may_pin && !request->pinned_connection) {
+ request->pinned_connection = http->conn;
+ cbdataLock(request->pinned_connection);
+ }
}
- if (request->flags.connection_auth || http->conn->pinning.fd != -1) {
- request->flags.auth = 1;
- request->pinned_connection = http->conn;
- cbdataLock(request->pinned_connection);
- } else if (request->login[0] != '\0')
- request->flags.auth = 1;
if (httpHeaderHas(req_hdr, HDR_VIA)) {
String s = httpHeaderGetList(req_hdr, HDR_VIA);
/*
@@ -2150,7 +2168,7 @@
* rely on the http structure for this...
*/
http->sc = NULL;
- storeLocateVary(e, e->mem_obj->reply->hdr_sz, r->vary_headers, httpHeaderGetStrOrList(&r->header, HDR_ACCEPT_ENCODING), clientProcessVary, http);
+ storeLocateVary(e, e->mem_obj->reply->hdr_sz, r->vary_headers, r->vary_encoding, clientProcessVary, http);
storeClientUnregister(sc, e, http);
storeUnlockObject(e);
/* Note: varyEvalyateMatch updates the request with vary information
@@ -2435,7 +2453,7 @@
/*
* paranoid check
*/
- assert(*size >= 0 && i->debt_size >= 0);
+ assert(i->debt_size >= 0);
}
/* returns true if there is still data available to pack more ranges
@@ -2462,7 +2480,7 @@
HttpHdrRangeIter *i = &http->range_iter;
/* offset in range specs does not count the prefix of an http msg */
squid_off_t body_off = http->out.offset - i->prefix_size;
- assert(size >= 0);
+
/* check: reply was parsed and range iterator was initialized */
assert(i->prefix_size > 0);
/* filter out data according to range specs */
@@ -3889,8 +3907,8 @@
safe_free(prefix);
if (http) {
assert(http->req_sz > 0);
+ assert(conn->in.offset >= http->req_sz);
conn->in.offset -= http->req_sz;
- assert(conn->in.offset >= 0);
debug(33, 5) ("conn->in.offset = %d\n", (int) conn->in.offset);
/*
* If we read past the end of this request, move the remaining
@@ -3965,6 +3983,9 @@
}
if (conn->port->urlgroup)
request->urlgroup = xstrdup(conn->port->urlgroup);
+#if LINUX_TPROXY
+ request->flags.tproxy = conn->port->tproxy;
+#endif
request->flags.accelerated = http->flags.accel;
/*
* cache the Content-length value in request_t.
@@ -4694,6 +4715,7 @@
connState->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
connState->me = me;
connState->fd = fd;
+ connState->pinning.fd = -1;
connState->in.buf = memAllocBuf(CLIENT_REQ_BUF_SZ, &connState->in.size);
/* transparent on SSL does not really make sense, but what the heck */
if (connState->port->transparent)
@@ -5002,8 +5024,10 @@
}
void
-clientPinConnection(ConnStateData * conn, int fd, const request_t * request, peer * peer)
+clientPinConnection(ConnStateData * conn, int fd, const request_t * request, peer * peer, int auth)
{
+ fde *f;
+ LOCAL_ARRAY(char, desc, FD_DESC_SZ);
const char *host = request->host;
const int port = request->port;
if (!cbdataValid(conn))
@@ -5019,6 +5043,11 @@
conn->pinning.peer = peer;
if (peer)
cbdataLock(conn->pinning.peer);
+ conn->pinning.auth = auth;
+ f = &fd_table[conn->fd];
+ snprintf(desc, FD_DESC_SZ, "%s pinned connection for %s:%d (%d)",
+ (auth || !peer) ? host : peer->name, f->ipaddr, (int) f->remote_port, conn->fd);
+ fd_note(fd, desc);
comm_add_close_handler(fd, clientPinnedConnectionClosed, conn);
}
@@ -5030,7 +5059,7 @@
if (fd < 0)
return -1;
- if (request && strcasecmp(conn->pinning.host, request->host) != 0) {
+ if (conn->pinning.auth && request && strcasecmp(conn->pinning.host, request->host) != 0) {
err:
comm_close(fd);
return -1;
@@ -5044,18 +5073,19 @@
}
int
-clientGetPinnedConnection(ConnStateData * conn, const request_t * request, const peer * peer)
+clientGetPinnedConnection(ConnStateData * conn, const request_t * request, const peer * peer, int *auth)
{
int fd = conn->pinning.fd;
if (fd < 0)
return -1;
- if (request && strcasecmp(conn->pinning.host, request->host) != 0) {
+ if (conn->pinning.auth && request && strcasecmp(conn->pinning.host, request->host) != 0) {
err:
comm_close(fd);
return -1;
}
+ *auth = conn->pinning.auth;
if (peer != conn->pinning.peer)
goto err;
cbdataUnlock(conn->pinning.peer);
diff -ruN squid-2.6.RC2/src/comm.c squid-2.6.STABLE1/src/comm.c
--- squid-2.6.RC2/src/comm.c Sun Jun 25 09:53:14 2006
+++ squid-2.6.STABLE1/src/comm.c Tue Jun 27 05:14:22 2006
@@ -1,6 +1,6 @@
/*
- * $Id: comm.c,v 1.352 2006/06/25 15:53:14 serassio Exp $
+ * $Id: comm.c,v 1.353 2006/06/27 11:14:22 hno Exp $
*
* DEBUG: section 5 Socket Functions
* AUTHOR: Harvest Derived
@@ -796,7 +796,7 @@
assert(F->flags.open);
if (F->read_handler
- && !F->backoff
+ && !F->flags.backoff
) {
switch (F->read_pending) {
case COMM_PENDING_NORMAL:
diff -ruN squid-2.6.RC2/src/comm_epoll.c squid-2.6.STABLE1/src/comm_epoll.c
--- squid-2.6.RC2/src/comm_epoll.c Sun Jun 25 09:53:14 2006
+++ squid-2.6.STABLE1/src/comm_epoll.c Tue Jun 27 07:09:43 2006
@@ -1,6 +1,6 @@
/*
- * $Id: comm_epoll.c,v 1.23 2006/06/25 15:53:14 serassio Exp $
+ * $Id: comm_epoll.c,v 1.24 2006/06/27 13:09:43 hno Exp $
*
* DEBUG: section 5 Socket Functions
*
@@ -69,12 +69,11 @@
comm_select_init()
{
kdpfd = epoll_create(Squid_MaxFD);
+ if (kdpfd < 0)
+ fatalf("comm_select_init: epoll_create(): %s\n", xstrerror());
fd_open(kdpfd, FD_UNKNOWN, "epoll ctl");
commSetCloseOnExec(kdpfd);
- if (kdpfd < 0) {
- fatalf("comm_select_init: epoll_create(): %s\n", xstrerror());
- }
epoll_state = xcalloc(Squid_MaxFD, sizeof(*epoll_state));
}
diff -ruN squid-2.6.RC2/src/comm_generic.c squid-2.6.STABLE1/src/comm_generic.c
--- squid-2.6.RC2/src/comm_generic.c Thu Jun 8 17:14:22 2006
+++ squid-2.6.STABLE1/src/comm_generic.c Tue Jun 27 05:14:22 2006
@@ -1,6 +1,6 @@
/*
- * $Id: comm_generic.c,v 1.3 2006/06/08 23:14:22 hno Exp $
+ * $Id: comm_generic.c,v 1.5 2006/06/27 11:14:22 hno Exp $
*
* DEBUG: section 5 Socket Functions
*
@@ -48,10 +48,10 @@
assert(fd >= 0);
assert(F->flags.open);
- if (F->backoff)
+ if (F->flags.backoff)
return;
- F->backoff = 1;
+ F->flags.backoff = 1;
commUpdateEvents(fd);
}
@@ -62,12 +62,16 @@
fde *F = &fd_table[fd];
assert(fd >= 0);
- assert(F->flags.open);
- if (!F->backoff)
+ if (!F->flags.open) {
+ debug(5, 1) ("commResumeFD: fd %d is closed. Ignoring\n", fd);
+ F->flags.backoff = 0;
+ return;
+ }
+ if (!F->flags.backoff)
return;
- F->backoff = 0;
+ F->flags.backoff = 0;
commUpdateEvents(fd);
}
@@ -106,7 +110,7 @@
/* If the descriptor is meant to be deferred, don't handle */
switch (commDeferRead(fd)) {
case 1:
- if (!(F->backoff)) {
+ if (!(F->flags.backoff)) {
debug(5, 1) ("comm_call_handlers(): WARNING defer handler for fd=%d (desc=%s) does not call commDeferFD() - backing off manually\n", fd, F->desc);
commDeferFD(fd);
}
@@ -173,7 +177,7 @@
F = &fd_table[fd];
if (!F->flags.open)
continue;
- if (F->backoff)
+ if (F->flags.backoff)
commResumeFD(fd);
if (F->timeout == 0)
continue;
diff -ruN squid-2.6.RC2/src/comm_kqueue.c squid-2.6.STABLE1/src/comm_kqueue.c
--- squid-2.6.RC2/src/comm_kqueue.c Sun Jun 25 09:53:14 2006
+++ squid-2.6.STABLE1/src/comm_kqueue.c Tue Jun 27 07:09:43 2006
@@ -1,6 +1,6 @@
/*
- * $Id: comm_kqueue.c,v 1.6 2006/06/25 15:53:14 serassio Exp $
+ * $Id: comm_kqueue.c,v 1.7 2006/06/27 13:09:43 hno Exp $
*
* DEBUG: section 5 Socket Functions
*
@@ -54,12 +54,10 @@
comm_select_init()
{
kq = kqueue();
+ if (kq < 0)
+ fatalf("comm_select_init: kqueue(): %s\n", xstrerror());
fd_open(kq, FD_UNKNOWN, "kqueue ctl");
commSetCloseOnExec(kq);
-
- if (kq < 0) {
- fatalf("comm_select_init: kqueue(): %s\n", xstrerror());
- }
kqmax = getdtablesize();
kqlst = xmalloc(sizeof(*kqlst) * kqmax);
kqueue_state = xcalloc(Squid_MaxFD, sizeof(*kqueue_state));
diff -ruN squid-2.6.RC2/src/defines.h squid-2.6.STABLE1/src/defines.h
--- squid-2.6.RC2/src/defines.h Sun Jun 25 09:07:31 2006
+++ squid-2.6.STABLE1/src/defines.h Wed Jun 28 04:31:56 2006
@@ -1,6 +1,6 @@
/*
- * $Id: defines.h,v 1.117 2006/06/25 15:07:31 serassio Exp $
+ * $Id: defines.h,v 1.118 2006/06/28 10:31:56 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
@@ -158,7 +158,7 @@
#define CBIT_BIN(mask, bit) (mask)[(bit)>>3]
#define CBIT_SET(mask, bit) ((void)(CBIT_BIN(mask, bit) |= CBIT_BIT(bit)))
#define CBIT_CLR(mask, bit) ((void)(CBIT_BIN(mask, bit) &= ~CBIT_BIT(bit)))
-#define CBIT_TEST(mask, bit) (CBIT_BIN(mask, bit) & CBIT_BIT(bit))
+#define CBIT_TEST(mask, bit) ((CBIT_BIN(mask, bit) & CBIT_BIT(bit)) != 0)
#define MAX_FILES_PER_DIR (1<<20)
diff -ruN squid-2.6.RC2/src/dns_internal.c squid-2.6.STABLE1/src/dns_internal.c
--- squid-2.6.RC2/src/dns_internal.c Wed May 31 05:01:41 2006
+++ squid-2.6.STABLE1/src/dns_internal.c Mon Jun 26 09:01:59 2006
@@ -1,6 +1,6 @@
/*
- * $Id: dns_internal.c,v 1.57 2006/05/31 11:01:41 serassio Exp $
+ * $Id: dns_internal.c,v 1.58 2006/06/26 15:01:59 hno Exp $
*
* DEBUG: section 78 DNS lookups; interacts with lib/rfc1035.c
* AUTHOR: Duane Wessels
@@ -93,7 +93,7 @@
char buf[RESOLV_BUFSZ];
char name[NS_MAXDNAME + 1];
char orig[NS_MAXDNAME + 1];
- size_t sz;
+ ssize_t sz;
unsigned short id;
int nsends;
struct timeval start_t;
diff -ruN squid-2.6.RC2/src/forward.c squid-2.6.STABLE1/src/forward.c
--- squid-2.6.RC2/src/forward.c Thu Jun 22 15:52:29 2006
+++ squid-2.6.STABLE1/src/forward.c Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
/*
- * $Id: forward.c,v 1.112 2006/06/22 21:52:29 hno Exp $
+ * $Id: forward.c,v 1.115 2006/06/30 21:23:05 hno Exp $
*
* DEBUG: section 17 Request Forwarding
* AUTHOR: Duane Wessels
@@ -152,8 +152,6 @@
return 0;
if (fwdState->request->flags.body_sent)
return 0;
- if (fwdState->request->pinned_connection)
- return 0;
return 1;
}
@@ -365,7 +363,7 @@
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
fd_note(server_fd, storeUrl(fwdState->entry));
fd_table[server_fd].uses++;
- if (fs->peer)
+ if (fd_table[server_fd].uses == 1 && fs->peer)
peerConnectSucceded(fs->peer);
#if USE_SSL
if ((fs->peer && fs->peer->use_ssl) ||
@@ -495,8 +493,10 @@
ftimeout = 5;
if (ftimeout < ctimeout)
ctimeout = ftimeout;
+ fwdState->request->flags.pinned = 0;
if (fs->code == PINNED) {
- fd = clientGetPinnedConnection(fwdState->request->pinned_connection, fwdState->request, fs->peer);
+ int auth;
+ fd = clientGetPinnedConnection(fwdState->request->pinned_connection, fwdState->request, fs->peer, &auth);
if (fd >= 0) {
#if 0
if (!fs->peer)
@@ -504,9 +504,9 @@
#endif
fwdState->server_fd = fd;
fwdState->n_tries++;
- fwdState->request->flags.auth = 1;
- fwdState->request->flags.connection_auth = 1;
- fwdState->request->flags.must_keepalive = 1;
+ fwdState->request->flags.pinned = 1;
+ if (auth)
+ fwdState->request->flags.auth = 1;
comm_add_close_handler(fd, fwdServerClosed, fwdState);
fwdConnectDone(fd, COMM_OK, fwdState);
return;
@@ -520,8 +520,7 @@
return;
}
#if LINUX_TPROXY
- if (fd == -1 && (Config.onoff.linux_tproxy) &&
- ((fwdState->request->my_port == Config.tproxy_port) || (Config.tproxy_port == 0)))
+ if (fd == -1 && fwdState->request->flags.tproxy)
fd = pconnPop(name, port, domain, &fwdState->request->client_addr, 0);
#endif
if (fd == -1)
@@ -540,7 +539,7 @@
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
else
hierarchyNote(&fwdState->request->hier, fs->code, name);
- fwdDispatch(fwdState);
+ fwdConnectDone(fd, COMM_OK, fwdState);
return;
} else {
/* Discard the persistent connection to not cause
@@ -596,8 +595,7 @@
hierarchyNote(&fwdState->request->hier, fs->code, fs->peer->host);
} else {
#if LINUX_TPROXY
- if (Config.onoff.linux_tproxy &&
- ((fwdState->request->my_port == Config.tproxy_port) || (Config.tproxy_port == 0))) {
+ if (fwdState->request->flags.tproxy) {
itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
itp.v.addr.fport = 0;
diff -ruN squid-2.6.RC2/src/globals.h squid-2.6.STABLE1/src/globals.h
--- squid-2.6.RC2/src/globals.h Wed May 24 11:27:13 2006
+++ squid-2.6.STABLE1/src/globals.h Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
/*
- * $Id: globals.h,v 1.119 2006/05/24 17:27:13 serassio Exp $
+ * $Id: globals.h,v 1.120 2006/06/30 21:23:05 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
@@ -173,5 +173,8 @@
#endif
extern int opt_send_signal; /* -1 */
extern int opt_no_daemon; /* 0 */
+#if LINUX_TPROXY
+extern int need_linux_tproxy; /* 0 */
+#endif
#endif /* SQUID_GLOBALS_H */
diff -ruN squid-2.6.RC2/src/http.c squid-2.6.STABLE1/src/http.c
--- squid-2.6.RC2/src/http.c Thu Jun 22 15:52:29 2006
+++ squid-2.6.STABLE1/src/http.c Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
/*
- * $Id: http.c,v 1.411 2006/06/22 21:52:29 hno Exp $
+ * $Id: http.c,v 1.415 2006/06/30 21:23:05 hno Exp $
*
* DEBUG: section 11 Hypertext Transfer Protocol (HTTP)
* AUTHOR: Harvest Derived
@@ -242,7 +242,7 @@
return 0;
if (EBIT_TEST(cc_mask, CC_NO_STORE))
return 0;
- if (httpState->request->flags.auth) {
+ if (httpState->request->flags.auth_sent) {
/*
* Responses to requests with authorization may be cached
* only if a Cache-Control: public reply header is present.
@@ -371,7 +371,7 @@
memset(&checklist, 0, sizeof(checklist));
checklist.request = request;
checklist.reply = reply;
- if (aclCheckFast(Config.accessList.vary_encoding, &checklist)) {
+ if (Config.accessList.vary_encoding && aclCheckFast(Config.accessList.vary_encoding, &checklist)) {
stringClean(&request->vary_encoding);
request->vary_encoding = httpHeaderGetStrOrList(&request->header, HDR_ACCEPT_ENCODING);
strCat(request->vary_encoding, "");
@@ -581,7 +581,7 @@
{
const HttpReply *rep = httpState->entry->mem_obj->reply;
const HttpHeader *hdr = &rep->header;
- const request_t *req = httpState->orig_request;
+ const request_t *req = httpState->request;
int rc;
String header;
@@ -600,9 +600,8 @@
if (httpState->peer->options.originserver)
return 1;
- if (req->pinned_connection)
- if (req->pinned_connection->pinning.host)
- return 1;
+ if (req->flags.pinned)
+ return 1;
if (!httpHeaderHas(hdr, HDR_PROXY_SUPPORT))
return 0;
@@ -798,9 +797,9 @@
}
}
if (keep_alive) {
+ int pinned = 0;
#if LINUX_TPROXY
- if ((Config.onoff.linux_tproxy) &&
- ((httpState->request->my_port == Config.tproxy_port) || (Config.tproxy_port == 0))) {
+ if (orig_request->flags.tproxy) {
client_addr = &httpState->request->client_addr;
}
#endif
@@ -813,8 +812,13 @@
#endif
comm_remove_close_handler(fd, httpStateFree, httpState);
fwdUnregister(fd, httpState->fwd);
- if (orig_request->pinned_connection && !orig_request->flags.no_connection_auth) {
- clientPinConnection(orig_request->pinned_connection, fd, orig_request, httpState->peer);
+ if (request->flags.pinned) {
+ pinned = 1;
+ } else if (request->flags.connection_auth && request->flags.auth_sent) {
+ pinned = 1;
+ }
+ if (orig_request->pinned_connection && pinned) {
+ clientPinConnection(orig_request->pinned_connection, fd, orig_request, httpState->peer, request->flags.connection_auth);
} else if (httpState->peer) {
if (httpState->peer->options.originserver)
pconnPush(fd, httpState->peer->name, httpState->peer->http_port, httpState->orig_request->host, client_addr, client_port);
@@ -944,7 +948,7 @@
we_do_ranges = 0;
else if (!orig_request->flags.cachable)
we_do_ranges = 0;
- else if (orig_request->flags.connection_auth)
+ else if (orig_request->flags.auth)
we_do_ranges = 0;
else if (httpHdrRangeOffsetLimit(orig_request->range))
we_do_ranges = 0;
@@ -969,6 +973,8 @@
*/
if (flags.proxying && orig_request->peer_login && strcmp(orig_request->peer_login, "PASS") == 0) {
httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
+ if (request->flags.connection_proxy_auth)
+ request->flags.pinned = 1;
}
break;
case HDR_AUTHORIZATION:
@@ -976,12 +982,16 @@
*/
if (!flags.originpeer) {
httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
+ if (orig_request->flags.connection_auth)
+ orig_request->flags.pinned = 1;
} else {
/* In accelerators, only forward authentication if enabled
* (see also below for proxy->server authentication)
*/
if (orig_request->peer_login && (strcmp(orig_request->peer_login, "PASS") == 0 || strcmp(orig_request->peer_login, "PROXYPASS") == 0)) {
httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
+ if (orig_request->flags.connection_auth)
+ orig_request->flags.pinned = 1;
}
}
break;
@@ -1135,6 +1145,8 @@
const char *auth = httpHeaderGetStr(hdr_in, HDR_PROXY_AUTHORIZATION);
if (auth && strncasecmp(auth, "basic ", 6) == 0) {
httpHeaderPutStr(hdr_out, HDR_AUTHORIZATION, auth);
+ if (orig_request->flags.connection_auth)
+ orig_request->flags.pinned = 1;
} else if (orig_request->extacl_user && orig_request->extacl_passwd) {
char loginbuf[256];
snprintf(loginbuf, sizeof(loginbuf), "%s:%s", orig_request->extacl_user, orig_request->extacl_passwd);
@@ -1179,7 +1191,7 @@
httpHdrCcDestroy(cc);
}
/* maybe append Connection: keep-alive */
- if (flags.keepalive) {
+ if (flags.keepalive || request->flags.pinned) {
if (flags.proxying) {
httpHeaderPutStr(hdr_out, HDR_PROXY_CONNECTION, "keep-alive");
} else {
@@ -1214,6 +1226,10 @@
HttpHeader hdr;
Packer p;
httpBuildRequestHeader(request, orig_request, entry, &hdr, flags);
+ if (request->flags.pinned && request->flags.connection_auth)
+ request->flags.auth_sent = 1;
+ else
+ request->flags.auth_sent = httpHeaderHas(&hdr, HDR_AUTHORIZATION);
packerToMemInit(&p, mb);
httpHeaderPackInto(&hdr, &p);
httpHeaderClean(&hdr);
@@ -1257,9 +1273,7 @@
/*
* Is keep-alive okay for all request methods?
*/
- if (httpState->orig_request->flags.must_keepalive)
- httpState->flags.keepalive = 1;
- else if (!Config.onoff.server_pconns)
+ if (!Config.onoff.server_pconns)
httpState->flags.keepalive = 0;
else if (p == NULL)
httpState->flags.keepalive = 1;
@@ -1279,6 +1293,8 @@
entry,
&mb,
httpState->flags);
+ if (req->flags.pinned)
+ httpState->flags.keepalive = 1;
debug(11, 6) ("httpSendRequest: FD %d:\n%s\n", fd, mb.buf);
comm_write_mbuf(fd, mb, sendHeaderDone, httpState);
}
diff -ruN squid-2.6.RC2/src/main.c squid-2.6.STABLE1/src/main.c
--- squid-2.6.RC2/src/main.c Sun Jun 11 11:06:25 2006
+++ squid-2.6.STABLE1/src/main.c Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
/*
- * $Id: main.c,v 1.383 2006/06/11 17:06:25 serassio Exp $
+ * $Id: main.c,v 1.384 2006/06/30 21:23:05 hno Exp $
*
* DEBUG: section 1 Startup and Main Loop
* AUTHOR: Harvest Derived
@@ -481,7 +481,7 @@
setEffectiveUser(void)
{
#if LINUX_TPROXY
- if (Config.onoff.linux_tproxy) {
+ if (need_linux_tproxy) {
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
debug(0, 1) ("Error - tproxy support requires capability setting which has failed. Continuing without tproxy support\n");
}
diff -ruN squid-2.6.RC2/src/peer_select.c squid-2.6.STABLE1/src/peer_select.c
--- squid-2.6.RC2/src/peer_select.c Thu Jun 22 17:26:46 2006
+++ squid-2.6.STABLE1/src/peer_select.c Tue Jun 27 03:27:48 2006
@@ -1,6 +1,6 @@
/*
- * $Id: peer_select.c,v 1.129 2006/06/22 23:26:46 hno Exp $
+ * $Id: peer_select.c,v 1.130 2006/06/27 09:27:48 hno Exp $
*
* DEBUG: section 44 Peer Selection Algorithm
* AUTHOR: Duane Wessels
@@ -265,6 +265,8 @@
ps);
return;
} else if (ps->never_direct > 0) {
+ ps->direct = DIRECT_NO;
+ } else if (request->flags.accelerated) {
ps->direct = DIRECT_NO;
} else if (request->flags.loopdetect) {
ps->direct = DIRECT_YES;
diff -ruN squid-2.6.RC2/src/protos.h squid-2.6.STABLE1/src/protos.h
--- squid-2.6.RC2/src/protos.h Thu Jun 22 15:52:29 2006
+++ squid-2.6.STABLE1/src/protos.h Wed Jun 28 04:31:57 2006
@@ -1,6 +1,6 @@
/*
- * $Id: protos.h,v 1.501 2006/06/22 21:52:29 hno Exp $
+ * $Id: protos.h,v 1.502 2006/06/28 10:31:57 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
@@ -140,9 +140,9 @@
extern void clientOpenListenSockets(void);
extern void clientHttpConnectionsClose(void);
extern int isTcpHit(log_type);
-extern void clientPinConnection(ConnStateData * conn, int fd, const request_t * request, peer * peer);
+extern void clientPinConnection(ConnStateData * conn, int fd, const request_t * request, peer * peer, int auth);
extern int clientGetPinnedInfo(const ConnStateData * conn, const request_t * request, peer ** peer);
-extern int clientGetPinnedConnection(ConnStateData * conn, const request_t * request, const peer * peer);
+extern int clientGetPinnedConnection(ConnStateData * conn, const request_t * request, const peer * peer, int *auth);
extern int commSetNonBlocking(int fd);
extern int commUnsetNonBlocking(int fd);
diff -ruN squid-2.6.RC2/src/ssl_support.c squid-2.6.STABLE1/src/ssl_support.c
--- squid-2.6.RC2/src/ssl_support.c Wed May 31 04:57:49 2006
+++ squid-2.6.STABLE1/src/ssl_support.c Mon Jun 26 09:01:59 2006
@@ -1,6 +1,6 @@
/*
- * $Id: ssl_support.c,v 1.9 2006/05/31 10:57:49 serassio Exp $
+ * $Id: ssl_support.c,v 1.10 2006/06/26 15:01:59 hno Exp $
*
* AUTHOR: Benno Rice
* DEBUG: section 83 SSL accelerator support
@@ -803,7 +803,7 @@
}
int
-ssl_shutdown_method(fd)
+ssl_shutdown_method(int fd)
{
SSL *ssl = fd_table[fd].ssl;
int ret;
diff -ruN squid-2.6.RC2/src/store.c squid-2.6.STABLE1/src/store.c
--- squid-2.6.RC2/src/store.c Mon Jun 19 17:01:11 2006
+++ squid-2.6.STABLE1/src/store.c Fri Jun 30 09:05:38 2006
@@ -1,6 +1,6 @@
/*
- * $Id: store.c,v 1.558 2006/06/19 23:01:11 hno Exp $
+ * $Id: store.c,v 1.561 2006/06/30 15:05:38 hno Exp $
*
* DEBUG: section 20 Storage Manager
* AUTHOR: Harvest Derived
@@ -121,6 +121,7 @@
#endif
mem->log_url = xstrdup(log_url);
mem->object_sz = -1;
+ mem->serverfd = -1;
/* XXX account log_url */
debug(20, 3) ("new_MemObject: returning %p\n", mem);
return mem;
@@ -513,6 +514,18 @@
return 0;
}
+static int
+strncmpnull(const char *a, const char *b, size_t n)
+{
+ if (a && b)
+ return strncmp(a, b, n);
+ else if (a)
+ return 1;
+ else if (b)
+ return -1;
+ return 0;
+}
+
static void
storeAddVaryReadOld(void *data, char *buf, ssize_t size)
{
@@ -581,20 +594,22 @@
state->current.etag = xmalloc(l2 + 1);
memcpy(state->current.etag, p2, l2);
state->current.etag[l2] = '\0';
- if (state->etag && strcmp(state->current.etag, state->etag)) {
- if (strcmpnull(state->accept_encoding, state->current.accept_encoding) != 0) {
+ if (state->etag && strcmp(state->current.etag, state->etag) == 0) {
+ if (state->accept_encoding && strcmpnull(state->accept_encoding, state->current.accept_encoding) != 0) {
/* Skip this match. It's not ours */
} else if (!state->key) {
state->current.this_key = 1;
- } else {
+ } else if (!state->current.this_key) {
const cache_key *oldkey = storeKeyScan(state->current.key);
- if (strmatch(p2, state->key, l) != 0) {
- StoreEntry *old_e = storeGet(oldkey);
- if (old_e)
- storeRelease(old_e);
+ StoreEntry *old_e = storeGet(oldkey);
+ if (old_e)
+ storeRelease(old_e);
+ if (!state->done) {
safe_free(state->current.key);
state->current.key = xstrdup(state->key);
state->current.this_key = 1;
+ } else {
+ state->current.ignore = 1;
}
}
} else if (state->current.this_key) {
@@ -748,6 +763,7 @@
squid_off_t seen_offset;
struct {
int ignore;
+ int encoding_ok;
char *key;
char *etag;
} current;
@@ -813,11 +829,9 @@
p2 = p + 5;
l2 = e - p2;
safe_free(state->current.key);
- state->current.etag = NULL;
- safe_free(state->current.etag);
+ state->current.etag = NULL; /* saved in data.etags[] */
state->current.ignore = 0;
- state->data->broken_encoding = 0;
- memset(&state->current, 0, sizeof(state->current));
+ state->current.encoding_ok = !state->accept_encoding;
state->current.key = xmalloc(l2 + 1);
memcpy(state->current.key, p2, l2);
state->current.key[l2] = '\0';
@@ -827,14 +841,18 @@
} else if (strmatchbeg(p, "ETag: ", l) == 0) {
/* etag field */
char *etag;
- p2 = p + 6;
- l2 = e - p2;
- etag = xmalloc(l2 + 1);
- memcpy(etag, p2, l2);
- etag[l2] = '\0';
- state->current.etag = etag;
- arrayAppend(&state->data->etags, etag);
- debug(11, 3) ("storeLocateVaryRead: ETag: %s\n", etag);
+ if (state->current.encoding_ok) {
+ p2 = p + 6;
+ l2 = e - p2;
+ etag = xmalloc(l2 + 1);
+ memcpy(etag, p2, l2);
+ etag[l2] = '\0';
+ state->current.etag = etag;
+ arrayAppend(&state->data->etags, etag);
+ debug(11, 3) ("storeLocateVaryRead: ETag: %s\n", etag);
+ } else {
+ state->current.ignore = 1;
+ }
} else if (strmatchbeg(p, "VaryData: ", l) == 0) {
/* vary field */
p2 = p + 10;
@@ -849,12 +867,9 @@
} else if (strmatchbeg(p, "Accept-Encoding: ", l) == 0) {
p2 = p + 17;
l2 = e - p2;
- if (!state->accept_encoding)
- state->current.ignore = 1;
- else if (strncmp(state->accept_encoding, p2, l2) == 0 && !state->accept_encoding[l2])
- state->data->broken_encoding = 1;
- else
- state->current.ignore = 1;
+ if (strncmpnull(state->accept_encoding, p2, l2) == 0 && state->accept_encoding[l2] == '\0') {
+ state->current.encoding_ok = 1;
+ }
}
e += 1;
l -= e - p;
@@ -864,7 +879,10 @@
assert(l > 0);
assert(p < (buf + size));
}
- if (p == state->buf && size == state->buf_size) {
+ state->buf_offset = l;
+ if (l)
+ memmove(state->buf, p, l);
+ if (state->buf_offset == state->buf_size) {
/* Oops.. the buffer size is not sufficient. Grow */
if (state->buf_size < 65536) {
debug(11, 2) ("storeLocateVaryRead: Increasing entry buffer size to %d\n", (int) state->buf_size * 2);
@@ -876,9 +894,6 @@
return;
}
}
- state->buf_offset = l;
- if (l)
- memmove(state->buf, p, l);
debug(11, 3) ("storeLocateVaryRead: %p seen_offset=%" PRINTF_OFF_T " buf_offset=%d\n", data, state->seen_offset, (int) state->buf_offset);
storeClientCopy(state->sc, state->e,
state->seen_offset,
@@ -911,6 +926,13 @@
state->buf = memAllocBuf(4096, &state->buf_size);
state->sc = storeClientRegister(state->e, state);
state->seen_offset = offset;
+ if (strCmp(e->mem_obj->reply->content_type, "x-squid-internal/vary") != 0) {
+ /* This is not our Vary marker object. Bail out. */
+ debug(33, 1) ("storeLocateVary: Not our vary marker object, %s = '%s', '%s'/'%s'\n",
+ storeKeyText(e->hash.key), e->mem_obj->url, vary_data, strBuf(accept_encoding) ? strBuf(accept_encoding) : "-");
+ storeLocateVaryCallback(state);
+ return;
+ }
storeClientCopy(state->sc, state->e,
state->seen_offset,
state->seen_offset,
@@ -1940,9 +1962,9 @@
{
MemObject *mem = e->mem_obj;
EBIT_CLR(e->flags, ENTRY_DEFER_READ);
- if (mem->serverfd != 0) {
+ if (mem->serverfd != -1) {
commResumeFD(mem->serverfd);
- mem->serverfd = 0;
+ mem->serverfd = -1;
}
}
@@ -1952,5 +1974,5 @@
{
EBIT_CLR(e->flags, ENTRY_DEFER_READ);
if (e->mem_obj)
- e->mem_obj->serverfd = 0;
+ e->mem_obj->serverfd = -1;
}
diff -ruN squid-2.6.RC2/src/structs.h squid-2.6.STABLE1/src/structs.h
--- squid-2.6.RC2/src/structs.h Thu Jun 22 20:10:01 2006
+++ squid-2.6.STABLE1/src/structs.h Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
/*
- * $Id: structs.h,v 1.485 2006/06/23 02:10:01 hno Exp $
+ * $Id: structs.h,v 1.489 2006/06/30 21:23:05 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
@@ -366,6 +366,9 @@
unsigned int vhost; /* uses host header */
unsigned int vport; /* virtual port support */
unsigned int no_connection_auth; /* Don't support connection oriented auth */
+#if LINUX_TPROXY
+ unsigned int tproxy;
+#endif
};
#if USE_SSL
@@ -663,9 +666,6 @@
int global_internal_static;
int httpd_suppress_version_string;
int via;
-#if LINUX_NETFILTER
- int linux_tproxy;
-#endif
int check_hostnames;
int allow_underscore;
int cache_vary;
@@ -675,9 +675,6 @@
int log_uses_indirect_client;
#endif
} onoff;
-#if LINUX_TPROXY
- u_short tproxy_port;
-#endif
acl *aclList;
struct {
acl_access *http;
@@ -872,13 +869,13 @@
unsigned int called_connect:1;
unsigned int nodelay:1;
unsigned int close_on_exec:1;
+ unsigned int backoff:1; /* keep track of whether the fd is backed off */
} flags;
comm_pending read_pending;
comm_pending write_pending;
squid_off_t bytes_read;
squid_off_t bytes_written;
int uses; /* ie # req's over persistent conn */
- int backoff; /* keep track of whether the fd is backed off */
struct _fde_disk {
DWCB *wrt_handle;
void *wrt_handle_data;
@@ -1243,6 +1240,7 @@
char *host; /* host name of pinned connection */
int port; /* port of pinned connection */
int pinned; /* this connection was pinned */
+ int auth; /* pinned for www authentication */
peer *peer; /* peer the connection goes via */
} pinning;
};
@@ -1792,7 +1790,13 @@
unsigned int reset_tcp:1;
unsigned int must_keepalive:1;
unsigned int connection_auth:1; /* Request wants connection oriented auth */
+ unsigned int connection_proxy_auth:1; /* Request wants connection oriented auth */
unsigned int no_connection_auth:1; /* Connection oriented auth can not be supported */
+ unsigned int pinned:1; /* Request seont on a pinned connection */
+ unsigned int auth_sent:1; /* Authentication forwarded */
+#if LINUX_TPROXY
+ unsigned int tproxy:1;
+#endif
};
struct _link_list {
@@ -2454,7 +2458,6 @@
};
struct _VaryData {
- int broken_encoding:1;
char *key;
char *etag;
Array etags;
diff -ruN squid-2.6.RC2/src/tools.c squid-2.6.STABLE1/src/tools.c
--- squid-2.6.RC2/src/tools.c Fri Jun 9 08:22:38 2006
+++ squid-2.6.STABLE1/src/tools.c Fri Jun 30 15:23:05 2006
@@ -1,6 +1,6 @@
/*
- * $Id: tools.c,v 1.241 2006/06/09 14:22:38 hno Exp $
+ * $Id: tools.c,v 1.242 2006/06/30 21:23:05 hno Exp $
*
* DEBUG: section 21 Misc Functions
* AUTHOR: Harvest Derived
@@ -632,7 +632,7 @@
debug(50, 0) ("ALERT: setuid: %s\n", xstrerror());
#endif
#if LINUX_TPROXY
- if (Config.onoff.linux_tproxy) {
+ if (need_linux_tproxy) {
cap_user_header_t head = (cap_user_header_t) xcalloc(1, sizeof(cap_user_header_t));
cap_user_data_t cap = (cap_user_data_t) xcalloc(1, sizeof(cap_user_data_t));
diff -ruN squid-2.6.RC2/src/wccp.c squid-2.6.STABLE1/src/wccp.c
--- squid-2.6.RC2/src/wccp.c Sat Jun 10 18:11:48 2006
+++ squid-2.6.STABLE1/src/wccp.c Mon Jun 26 09:01:59 2006
@@ -1,6 +1,6 @@
/*
- * $Id: wccp.c,v 1.30 2006/06/11 00:11:48 hno Exp $
+ * $Id: wccp.c,v 1.31 2006/06/26 15:01:59 hno Exp $
*
* DEBUG: section 80 WCCP Support
* AUTHOR: Glenn Chisholm
@@ -212,7 +212,7 @@
return;
if (ntohl(wccp_i_see_you.type) != WCCP_I_SEE_YOU)
return;
- if (ntohl(wccp_i_see_you.number) > WCCP_ACTIVE_CACHES || ntohl(wccp_i_see_you.number) < 0) {
+ if (ntohl(wccp_i_see_you.number) > WCCP_ACTIVE_CACHES) {
debug(80, 1) ("Ignoring WCCP_I_SEE_YOU from %s with number of caches set to %d\n",
inet_ntoa(from.sin_addr), (int) ntohl(wccp_i_see_you.number));
return;