Index: Makefile =================================================================== RCS file: /home/pcvs/ports/www/squid26/Makefile,v retrieving revision 1.191 diff -u -r1.191 Makefile --- Makefile 10 Jul 2006 20:07:00 -0000 1.191 +++ Makefile 6 Aug 2006 21:37:09 -0000 @@ -75,8 +75,7 @@ # Enable experimental multicast notification of cachemisses. PORTNAME= squid -PORTVERSION= 2.6.1 -PORTREVISION= 1 +PORTVERSION= 2.6.2 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://archive.progeny.com/squid/%SUBDIR%/ \ @@ -88,7 +87,7 @@ ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,} MASTER_SITE_SUBDIR= squid-2/STABLE -DISTNAME= squid-2.6.STABLE1 +DISTNAME= squid-2.6.STABLE2 DIST_SUBDIR= squid2.6 PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ @@ -101,7 +100,6 @@ http://www1.jp.squid-cache.org/%SUBDIR%/ \ http://www1.tw.squid-cache.org/%SUBDIR%/ PATCH_SITE_SUBDIR= Versions/v2/2.6/changesets/ -PATCHFILES= 10799.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -144,7 +142,6 @@ SQUID_ARP_ACL "Enable ACLs based on ethernet address" off \ SQUID_PF "Enable transparent proxying with PF" off \ SQUID_IPFILTER "Enable transp. proxying with IPFilter" off \ - SQUID_IPFW "Enable transparent proxying with IPFW" off \ SQUID_FOLLOW_XFF "Follow X-Forwarded-For headers" off \ SQUID_ICAP "Enable ICAP client functionality" off \ SQUID_AUFS "Enable the aufs storage scheme" off \ @@ -331,9 +328,6 @@ CONFIGURE_ARGS+= --enable-ipf-transparent .endif .endif -.if defined(WITH_SQUID_IPFW) -CFLAGS+= -DIPFW_TRANSPARENT -.endif .if defined(WITH_SQUID_FOLLOW_XFF) CONFIGURE_ARGS+= --enable-follow-x-forwarded-for .endif Index: distinfo =================================================================== RCS file: /home/pcvs/ports/www/squid26/distinfo,v retrieving revision 1.149 diff -u -r1.149 distinfo --- distinfo 10 Jul 2006 19:57:12 -0000 1.149 +++ distinfo 6 Aug 2006 21:37:09 -0000 @@ -1,6 +1,3 @@ -MD5 (squid2.6/squid-2.6.STABLE1.tar.bz2) = d6bb23a67b0475cca11d4af8d574d054 -SHA256 (squid2.6/squid-2.6.STABLE1.tar.bz2) = a9efea26f1c3966dff69f80c271a73562afed5c65929d69dab713308dd402ba9 -SIZE (squid2.6/squid-2.6.STABLE1.tar.bz2) = 1212556 -MD5 (squid2.6/10799.patch) = 3a3d941b0d256a1da9ad8f2430da4e2b -SHA256 (squid2.6/10799.patch) = 0f010962faae226a21761996df7c487ed6ca2d51458e6941a9f2a5b69aa3e6c3 -SIZE (squid2.6/10799.patch) = 1288 +MD5 (squid2.6/squid-2.6.STABLE2.tar.bz2) = 838492f95de0964e31e633bfa07a0682 +SHA256 (squid2.6/squid-2.6.STABLE2.tar.bz2) = 8ceb890161648f26b3c16f07e2e1beecad2b0de0f3f1793142a32b5aa25ef8e6 +SIZE (squid2.6/squid-2.6.STABLE2.tar.bz2) = 1222355 Index: files/patch-changeset.10801 =================================================================== RCS file: files/patch-changeset.10801 diff -N files/patch-changeset.10801 --- files/patch-changeset.10801 10 Jul 2006 19:57:12 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,284 +0,0 @@ ---------------------- -PatchSet 10801 -Date: 2006/07/04 21:51:15 -Author: hno -Branch: HEAD -Tag: (none) -Log: -Bug #1650: transparent interception "Unable to forward this request at this time" - -this patch clears up some confusion between accelerated and transparently -intercepted requests, clearly separating the two cases. - -With this patch the --enable-auth-on-acceleration is removed again as it -no longer serves any purpose as there no longer is any conflict between -the processing accelerated and transparently intercepted requests. - -Members: - configure:1.388->1.389 - configure.in:1.384->1.385 - include/autoconf.h.in:1.153->1.154 - src/acl.c:1.303->1.304 - src/client_side.c:1.657->1.658 - src/structs.h:1.489->1.490 - -Index: squid/configure -=================================================================== -RCS file: /cvsroot/squid/squid/configure,v -retrieving revision 1.388 -retrieving revision 1.389 -diff -u -r1.388 -r1.389 ---- configure 1 Jul 2006 18:42:04 -0000 1.388 -+++ configure 4 Jul 2006 21:51:15 -0000 1.389 -@@ -907,8 +907,6 @@ - --enable-forw-via-db Enable Forw/Via database - --enable-cache-digests Use Cache Digests - see http://www.squid-cache.org/FAQ/FAQ-16.html -- --enable-auth-on-acceleration -- Enable authentication in accelerators - --enable-default-err-language=lang - Select default language for Error pages (see - errors directory) -@@ -4220,20 +4218,6 @@ - - fi; - --# Check whether --enable-auth-on-acceleration or --disable-auth-on-acceleration was given. --if test "${enable_auth_on_acceleration+set}" = set; then -- enableval="$enable_auth_on_acceleration" -- if test "$enableval" = "yes" ; then -- echo "AUTH_ON_ACCELERATION enabled" -- --cat >>confdefs.h <<\_ACEOF --#define AUTH_ON_ACCELERATION 1 --_ACEOF -- -- fi -- --fi; -- - # Check whether --enable-default-err-language or --disable-default-err-language was given. - if test "${enable_default_err_language+set}" = set; then - enableval="$enable_default_err_language" -Index: squid/configure.in -=================================================================== -RCS file: /cvsroot/squid/squid/configure.in,v -retrieving revision 1.384 -retrieving revision 1.385 -diff -u -r1.384 -r1.385 ---- configure.in 1 Jul 2006 18:41:21 -0000 1.384 -+++ configure.in 4 Jul 2006 21:51:15 -0000 1.385 -@@ -736,15 +736,6 @@ - fi - ]) - --AC_ARG_ENABLE(auth-on-acceleration, --[ --enable-auth-on-acceleration -- Enable authentication in accelerators], --[ if test "$enableval" = "yes" ; then -- echo "AUTH_ON_ACCELERATION enabled" -- AC_DEFINE(AUTH_ON_ACCELERATION, 1, [Enable authentication support in accelerators]) -- fi --]) -- - dnl Select Default Error language - AC_ARG_ENABLE(default-err-language, - [ --enable-default-err-language=lang -Index: squid/include/autoconf.h.in -=================================================================== -RCS file: /cvsroot/squid/squid/include/autoconf.h.in,v -retrieving revision 1.153 -retrieving revision 1.154 -diff -u -r1.153 -r1.154 ---- include/autoconf.h.in 21 Jun 2006 20:33:46 -0000 1.153 -+++ include/autoconf.h.in 4 Jul 2006 21:51:16 -0000 1.154 -@@ -3,9 +3,6 @@ - /* Defines how many threads aufs uses for I/O */ - #undef AUFS_IO_THREADS - --/* Enable authentication support in accelerators */ --#undef AUTH_ON_ACCELERATION -- - /* If you are upset that the cachemgr.cgi form comes up with the hostname - field blank, then define this to getfullhostname() */ - #undef CACHEMGR_HOSTNAME -Index: squid/src/acl.c -=================================================================== -RCS file: /cvsroot/squid/squid/src/acl.c,v -retrieving revision 1.303 -retrieving revision 1.304 -diff -u -r1.303 -r1.304 ---- src/acl.c 17 Jun 2006 23:31:03 -0000 1.303 -+++ src/acl.c 4 Jul 2006 21:51:16 -0000 1.304 -@@ -400,6 +400,10 @@ - type->accelerated = 1; - continue; - } -+ if (strcmp(t, "transparent") == 0) { -+ type->transparent = 1; -+ continue; -+ } - if (strcmp(t, "internal") == 0) { - type->internal = 1; - continue; -@@ -1679,6 +1683,8 @@ - { - if (type->accelerated && request->flags.accelerated) - return 1; -+ if (type->transparent && request->flags.transparent) -+ return 1; - if (type->internal && request->flags.internal) - return 1; - return 0; -@@ -1691,20 +1697,15 @@ - http_hdr_type headertype; - if (NULL == r) { - return -1; -- } else if (!r->flags.accelerated) { -- /* Proxy authorization on proxy requests */ -- headertype = HDR_PROXY_AUTHORIZATION; -- } else if (r->flags.internal) { -- /* WWW authorization on accelerated internal requests */ -- headertype = HDR_AUTHORIZATION; -- } else { --#if AUTH_ON_ACCELERATION -+ } else if (r->flags.accelerated) { - /* WWW authorization on accelerated requests */ - headertype = HDR_AUTHORIZATION; --#else -- debug(28, 1) ("aclAuthenticated: authentication not applicable on accelerated requests.\n"); -+ } else if (r->flags.transparent) { -+ debug(28, 1) ("aclAuthenticated: authentication not applicable on transparently intercepted requests.\n"); - return -1; --#endif -+ } else { -+ /* Proxy authorization on proxy requests */ -+ headertype = HDR_PROXY_AUTHORIZATION; - } - /* get authed here */ - /* Note: this fills in checklist->auth_user_request when applicable (auth incomplete) */ -@@ -2911,6 +2912,8 @@ - wordlistAdd(&W, "accelerated"); - if (type->internal) - wordlistAdd(&W, "internal"); -+ if (type->transparent) -+ wordlistAdd(&W, "transparent"); - return W; - } - -Index: squid/src/client_side.c -=================================================================== -RCS file: /cvsroot/squid/squid/src/client_side.c,v -retrieving revision 1.657 -retrieving revision 1.658 -diff -u -r1.657 -r1.658 ---- src/client_side.c 4 Jul 2006 00:06:11 -0000 1.657 -+++ src/client_side.c 4 Jul 2006 21:51:17 -0000 1.658 -@@ -3482,7 +3482,7 @@ - /* - * Deny loops when running in accelerator/transproxy mode. - */ -- if (http->flags.accel && r->flags.loopdetect) { -+ if (r->flags.loopdetect && (http->flags.accel || http->flags.transparent)) { - http->al.http.code = HTTP_FORBIDDEN; - err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN); - err->request = requestLink(http->orig_request); -@@ -3684,15 +3684,19 @@ - if (method == METHOD_CONNECT) { - if (http_ver.major < 1) - goto invalid_request; -+ if (conn->port->accel) -+ goto invalid_request; - } else if (*url == '/') - accel:{ - int vhost = conn->port->vhost || conn->port->transparent; -- int vport = conn->port->vport || conn->transparent; -+ int vport = conn->port->vport; -+ int accel = conn->port->accel; -+ if (!vport && conn->transparent) -+ vport = ntohs(conn->me.sin_port); - if (Config.onoff.global_internal_static && conn->port->accel && internalCheck(url)) { - /* prepend our name & port */ - http->uri = xstrdup(internalStoreUri("", url)); - http->flags.internal = 1; -- http->flags.accel = 1; - debug(33, 5) ("INTERNAL REWRITE: '%s'\n", http->uri); - } else if (vhost && (t = mime_get_header(req_hdr, "Host"))) { - url_sz = strlen(url) + 32 + Config.appendDomainLen + -@@ -3724,14 +3728,14 @@ - /* prepend our name & port */ - http->uri = xstrdup(internalStoreUri("", url)); - http->flags.internal = 1; -- http->flags.accel = 1; - debug(33, 5) ("INTERNAL REWRITE: '%s'\n", http->uri); - } else { - goto invalid_request; - } -- http->flags.accel = 1; -- } else if (conn->transparent) { -- http->flags.accel = 1; -+ if (accel) -+ http->flags.accel = 1; -+ else if (conn->port->transparent) -+ http->flags.transparent = 1; - } else if (conn->port->accel) { - http->flags.accel = 1; - if (!conn->port->vhost) { -@@ -3743,9 +3747,6 @@ - url = (char *) "/"; - goto accel; - } -- } else { -- /* Proxy request */ -- http->flags.accel = 0; - } - if (!http->uri) { - /* No special rewrites have been applied above, use the -@@ -3753,7 +3754,6 @@ - url_sz = strlen(url) + Config.appendDomainLen + 5; - http->uri = xcalloc(url_sz, 1); - strcpy(http->uri, url); -- http->flags.accel = 0; - } - if (!stringHasCntl(http->uri)) - http->log_uri = xstrndup(http->uri, MAX_URL); -@@ -3989,6 +3989,7 @@ - request->flags.tproxy = conn->port->tproxy; - #endif - request->flags.accelerated = http->flags.accel; -+ request->flags.transparent = http->flags.transparent; - /* - * cache the Content-length value in request_t. - */ -Index: squid/src/structs.h -=================================================================== -RCS file: /cvsroot/squid/squid/src/structs.h,v -retrieving revision 1.489 -retrieving revision 1.490 -diff -u -r1.489 -r1.490 ---- src/structs.h 30 Jun 2006 21:23:05 -0000 1.489 -+++ src/structs.h 4 Jul 2006 21:51:18 -0000 1.490 -@@ -346,6 +346,7 @@ - - struct _acl_request_type { - unsigned int accelerated:1; -+ unsigned int transparent:1; - unsigned int internal:1; - }; - -@@ -1190,6 +1191,7 @@ - AccessLogEntry al; - struct { - unsigned int accel:1; -+ unsigned int transparent:1; - unsigned int internal:1; - unsigned int done_copying:1; - unsigned int purging:1; -@@ -1785,6 +1787,7 @@ - unsigned int nocache_hack:1; /* for changing/ignoring no-cache requests */ - #endif - unsigned int accelerated:1; -+ unsigned int transparent:1; - unsigned int internal:1; - unsigned int body_sent:1; - unsigned int reset_tcp:1; Index: files/patch-src-client_side.c =================================================================== RCS file: files/patch-src-client_side.c diff -N files/patch-src-client_side.c --- files/patch-src-client_side.c 10 Jul 2006 19:57:12 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,16 +0,0 @@ ---- ./src/client_side.c.orig Thu Jul 6 11:44:18 2006 -+++ ./src/client_side.c Thu Jul 6 11:52:07 2006 -@@ -4490,6 +4490,13 @@ - return -1; - } - } -+#elif IPFW_TRANSPARENT -+static int inline -+clientNatLookup(ConnStateData * conn) -+{ -+ static time_t last_reported = 0; -+ return 0; -+} - #else - static int inline - clientNatLookup(ConnStateData * conn)