Re: synchronizing cf.data.pre files between 2.6 and 3.0 releases

Have applied most of your suggested changes. See below.

Regards
Henrik

tor 2007-05-24 klockan 12:26 +0200 skrev Emilio Casbas:
> I have done two patches in order to synchronize the language and
> formatting of the cf.data.pre file in the 2.6 and 3.0 releases.
> This is intended to see if this is the correct way to go ahead with this
> files synchronizing.

> --- squid-2.6.STABLE13/src/cf.data.pre 2007-05-17 09:40:09.000000000 +0000
> +++ squid-2.6.STABLE13-MOD/src/cf.data.pre 2007-05-24 09:52:36.000000000
> +0000
> @@ -82,10 +82,10 @@

>
> You may specify multiple socket addresses on multiple lines.
>
> - options are:
> + Options:
>
> transparent Support for transparent interception of
> - outgoing requests without browser settings
> + outgoing requests without browser settings.
>
> accel Accelerator mode. Also needs at least one
> of vhost/vport/defaultsite.
> @@ -93,21 +93,20 @@
> defaultsite= Main web site name for accelerators. Implies
> accel.
>
> - vhost Accelerator using the Host header for
> + vhost Accelerator mode using the Host header for
> virtual domain support. Implies accel.
>
> vport Accelerator with IP based virtual host support.
> Implies accel.
>
> - vport= As above, but uses specified port number
> - rather than the http_port number. Implies accel.
> + vport=NN As above, but uses specified port number rather
> + than the http_port number. Implies accel.
>
> - urlgroup= Default urlgroup to mark requests
> - with (see also acl urlgroup and
> - url_rewrite_program)
> + urlgroup= Default urlgroup to mark requests with (see
> + also acl urlgroup and url_rewrite_program)
>
> - protocol= Protocol to reconstruct accelerated
> - requests with. Defaults to http.
> + protocol= Protocol to reconstruct accelerated requests with.
> + Defaults to http.
>
> no-connection-auth
> Prevent forwarding of Microsoft

Applied.

> @@ -125,7 +124,7 @@
>
> NOCOMMENT_START
> # Squid normally listens to port 3128
> -http_port 3128
> +http_port @DEFAULT_HTTP_PORT@
> NOCOMMENT_END
> DOC_END
>

Already done.

> @@ -155,16 +154,14 @@
> defaultsite= The name of the https site presented on
> this port. Implies accel.
>
> - vhost Domain based virtual host support. Useful
> - in combination with a wildcard certificate or
> - other certificates valid for more than one domain.
> - Implies accel.
> + vhost Accelerator mode using Host header ford virtual
> + domain support. Implies accel.

Applied but keeping the wildcard certificate text.

> urlgroup= Default urlgroup to mark requests with (see
> also acl urlgroup and url_rewrite_program)
>
> - protocol= Protocol to reconstruct accelerated requests
> - with. Defaults to https.
> + protocol= Protocol to reconstruct accelerated requests with.
> + Defaults to https.
>
> cert= Path to SSL certificate (PEM format)
>

Applied.

> @@ -301,6 +298,8 @@
> LOC: Config.ssl_client.cafile
> TYPE: string
> DOC_START
> + file containing CA certificates to use when verifying server
> + certificates while proxying https:// URLs
> DOC_END
>
> NAME: sslproxy_capath
> @@ -309,6 +308,8 @@
> LOC: Config.ssl_client.capath
> TYPE: string
> DOC_START
> + directory containing CA certificates to use when verifying
> + server certificates while proxying https:// URLs
> DOC_END
>
> NAME: sslproxy_flags
> @@ -317,6 +318,11 @@
> LOC: Config.ssl_client.flags
> TYPE: string
> DOC_START
> + Various flags modifying the use of SSL while proxying https:// URLs:
> + DONT_VERIFY_PEER Accept certificates even if they fail to
> + verify.
> + NO_DEFAULT_CA Don't use the default CA list built in
> + to OpenSSL.
> DOC_END

All above applied.

>
> NAME: sslpassword_program
> @@ -385,23 +391,24 @@
> TYPE: address
> LOC:Config.Addrs.udp_incoming
> DEFAULT: 0.0.0.0
> -DOC_NONE
> +DOC_START
> + udp_incoming_address is used for the ICP socket receiving packets
> + from other caches.
> +
> + A udp_incoming_address value of 0.0.0.0 indicates Squid
> + should listen for UDP messages on all available interfaces.
> +DOC_END
>
> NAME: udp_outgoing_address
> TYPE: address
> LOC: Config.Addrs.udp_outgoing
> DEFAULT: 255.255.255.255
> DOC_START
> - udp_incoming_address is used for the ICP socket receiving packets
> - from other caches.
> udp_outgoing_address is used for ICP packets sent out to other
> caches.
>
> The default behavior is to not bind to any specific address.
>
> - A udp_incoming_address value of 0.0.0.0 indicates Squid
> - should listen for UDP messages on all available interfaces.
> -
> If udp_outgoing_address is set to 255.255.255.255 (the default)
> it will use the same socket as udp_incoming_address. Only
> change this if you want to have ICP queries sent using another

Not applied. Those two directives is intentionally documented together.

> --- squid-3.0.PRE6/src/cf.data.pre 2007-04-16 22:10:49.000000000 +0000
> +++ squid-3.0.PRE6-MOD/src/cf.data.pre 2007-05-24 10:07:14.000000000 +0000
> @@ -71,6 +71,8 @@
> option. Most likely, you do not need to bind to a specific
> address, so you can use the port number alone.
>
> + The default port number is 3128.
> +
> If you are running Squid in accelerator mode, you
> probably want to listen on port 80 also, or instead.

Not applied. There is no default.

> @@ -82,34 +84,40 @@
>
> Options:
>
> - transparent Support for transparent proxies
> -
> - accel Accelerator mode. Also set implicit by the other
> - accelerator directives
> -
> - vhost Accelerator mode using Host header for virtual
> - domain support
> -
> - vport Accelerator with IP based virtual host support
> -
> - vport=NN As above, but uses specified port number rather
> - than the http_port number
> -
> - defaultsite= Main web site name for accelerators
> -
> - protocol= Protocol to reconstruct accelerated requests with.
> - Defaults to http
> -
> - tproxy Support Linux TPROXY for spoofing
> - outgoing connections using the client
> - IP address.
> -
> - disable-pmtu-discovery=
> - Control Path-MTU discovery usage:
> - off lets OS decide on what to do (default).
> - transparent disable PMTU discovery when transparent
> - support is enabled.
> - always disable always PMTU discovery.
> + transparent Support for transparent interception of
> + outgoing requests without browser settings.
> +
> + accel Accelerator mode. Also needs at least one
> + of vhost/vport/defaultsite.
> +
> + defaultsite= Main web site name for accelerators. Implies
> + accel.
> +
> + vhost Accelerator mode using the Host header for
> + virtual domain support. Implies accel.
> +
> + vport Accelerator with IP based virtual host support.
> + Implies accel.
> +
> + vport=NN As above, but uses specified port number rather
> + than the http_port number. Implies accel.
> +
> + urlgroup= Default urlgroup to mark requests with (see
> + also acl urlgroup and url_rewrite_program)
> +
> + protocol= Protocol to reconstruct accelerated requests with.
> + Defaults to http.
> +
> + tproxy Support Linux TPROXY for spoofing
> + outgoing connections using the client
> + IP address.
> +
> + disable-pmtu-discovery=
> + Control Path-MTU discovery usage:
> + off lets OS decide on what to do (default).
> + transparent disable PMTU discovery when transparent
> + support is enabled.
> + always disable always PMTU discovery.

Not applied. Prefer the Squid-3 formatting. Squid-2 should perhaps be
formatted in the same manner.

> In many setups of transparently intercepting proxies Path-MTU
> discovery can not work on traffic towards the clients. This is
> @@ -123,6 +131,7 @@
> and an external interface we recommend you to specify the
> internal address:port in http_port. This way Squid will only be
> visible on the internal address.
> +
> NOCOMMENT_START
> # Squid normally listens to port 3128
> http_port @DEFAULT_HTTP_PORT@

Already done.

> @@ -149,11 +158,17 @@
>
> Options:
>
> + accel Accelerator mode. Also needs at least one of
> + defaultsite or vhost.
> +
> defaultsite= The name of the https site presented on
> - this port
> + this port. Implies accel.
>
> - protocol= Protocol to reconstruct accelerated requests
> - with. Defaults to https
> + vhost Accelerator mode using Host header for virtual
> + domain support. Implies accel.
> +
> + protocol= Protocol to reconstruct accelerated requests with.
> + Defaults to https.
>
> cert= Path to SSL certificate (PEM format)
>
> @@ -185,7 +200,7 @@
>
> cafile= File containing additional CA certificates to
> use when verifying client certificates. If unset
> - clientca will be used
> + clientca will be used.
>
> capath= Directory containing additional CA certificates
> and CRL lists to use when verifying client certificates
> @@ -217,16 +232,10 @@
>
> sslcontext= SSL session ID context identifier.
>
> - accel Accelerator mode. Also set implicit by the other
> - accelerator directives
> -
> - vhost Accelerator mode using Host header for virtual
> - domain support
> -
> vport Accelerator with IP based virtual host support
>
> vport=NN As above, but uses specified port number rather
> - than the https_port number
> + than the https_port number. Implies accel
>
> DOC_END

Applied.

>
> @@ -246,7 +255,7 @@
> LOC: Config.SSL.ssl_engine
> DEFAULT: none
> DOC_START
> - The openssl engine to use. You will need to set this if you
> + The OpenSSL engine to use. You will need to set this if you
> would like to use hardware SSL acceleration for example.
> DOC_END
>

Applied.

> @@ -397,23 +406,24 @@
> TYPE: address
> LOC:Config.Addrs.udp_incoming
> DEFAULT: 0.0.0.0
> -DOC_NONE
> +DOC_START
> + udp_incoming_address is used for the ICP socket receiving
> packets
> + from other caches.
> +
> + A udp_incoming_address value of 0.0.0.0 indicates Squid
> + should listen for UDP messages on all available interfaces.
> +DOC_END
>
> NAME: udp_outgoing_address
> TYPE: address
> LOC: Config.Addrs.udp_outgoing
> DEFAULT: 255.255.255.255
> DOC_START
> - udp_incoming_address is used for the ICP socket receiving packets
> - from other caches.
> udp_outgoing_address is used for ICP packets sent out to other
> caches.
>
> The default behavior is to not bind to any specific address.
>
> - A udp_incoming_address value of 0.0.0.0 indicates Squid
> - should listen for UDP messages on all available interfaces.
> -
> If udp_outgoing_address is set to 255.255.255.255 (the default)
> it will use the same socket as udp_incoming_address. Only
> change this if you want to have ICP queries sent using another

Not applied. These two directives is intentionally documented together
as one.