aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2012-04-20 02:12:12 -0300
committermarcelloc <marcellocoutinho@gmail.com>2012-04-20 02:12:12 -0300
commit37681fd565cebf04d2feee3c5a37bb93fcbf1ba0 (patch)
treed175d06ade531a3bdf532fba6170935cbfeffa5e
parentdca1b0e0ba28991164bb25c3e1cc3784582e5ebf (diff)
downloadpfsense-packages-37681fd565cebf04d2feee3c5a37bb93fcbf1ba0.tar.gz
pfsense-packages-37681fd565cebf04d2feee3c5a37bb93fcbf1ba0.tar.bz2
pfsense-packages-37681fd565cebf04d2feee3c5a37bb93fcbf1ba0.zip
squid3 - version 2.0.4 with bug fixes and remote peer improvements
-rw-r--r--config/squid-reverse/squid.inc86
-rw-r--r--config/squid-reverse/squid.xml7
-rw-r--r--config/squid-reverse/squid_auth.xml8
-rw-r--r--config/squid-reverse/squid_cache.xml8
-rw-r--r--config/squid-reverse/squid_nac.xml8
-rw-r--r--config/squid-reverse/squid_reverse.inc2
-rw-r--r--config/squid-reverse/squid_reverse_general.xml6
-rw-r--r--config/squid-reverse/squid_reverse_peer.xml6
-rwxr-xr-xconfig/squid-reverse/squid_reverse_sync.xml6
-rw-r--r--config/squid-reverse/squid_reverse_uri.xml6
-rwxr-xr-xconfig/squid-reverse/squid_sync.xml6
-rw-r--r--config/squid-reverse/squid_traffic.xml8
-rw-r--r--config/squid-reverse/squid_upstream.xml242
-rw-r--r--config/squid-reverse/squid_users.xml8
-rw-r--r--pkg_config.8.xml4
-rw-r--r--pkg_config.8.xml.amd644
16 files changed, 318 insertions, 97 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 3828476e..847d6a35 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -411,8 +411,8 @@ function squid_validate_general($post, $input_errors) {
}
function squid_validate_upstream($post, $input_errors) {
- if ($post['proxy_forwarding'] == 'on') {
- $addr = trim($post['proxy_addr']);
+ if ($post['enabled'] == 'on') {
+ $addr = trim($post['proxyaddr']);
if (empty($addr))
$input_errors[] = 'The field \'Hostname\' is required';
else {
@@ -420,7 +420,7 @@ function squid_validate_upstream($post, $input_errors) {
$input_errors[] = 'You must enter a valid IP address or host name in the \'Proxy hostname\' field';
}
- foreach (array('proxy_port' => 'TCP port', 'icp_port' => 'ICP port') as $field => $name) {
+ foreach (array('proxyport' => 'TCP port', 'icpport' => 'ICP port') as $field => $name) {
$port = trim($post[$field]);
if (empty($port))
$input_errors[] = "The field '$name' is required";
@@ -865,42 +865,45 @@ EOC;
}
if(preg_match('/windows/',$settings['refresh_patterns'])){
$conf.=<<<EOC
+
+# Windows Update refresh_pattern
range_offset_limit -1
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
+
EOC;
}
-if(preg_match('/symantec/',$settings['refresh_patterns'])){
+if(preg_match('/symantec/',$settings['refresh_patters'])){
$conf.=<<<EOC
+
+# Symantec refresh_pattern
range_offset_limit -1
refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
+
EOC;
}
-if(preg_match('/avast/',$settings['refresh_patterns'])){
+if(preg_match('/avast/',$settings['refresh_patters'])){
$conf.=<<<EOC
+
+# Avast refresh_pattern
range_offset_limit -1
refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims
+
EOC;
}
-if(preg_match('/avira/',$settings['refresh_patterns'])){
+if(preg_match('/avira/',$settings['refresh_patters'])){
$conf.=<<<EOC
+
+# Avira refresh_pattern
range_offset_limit -1
refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims
+
EOC;
- }
-
- $refresh_conf=<<<EOC
-# Add any of your own refresh_pattern entries above these.
-refresh_pattern ^ftp: 1440 20% 10080
-refresh_pattern ^gopher: 1440 0% 1440
-refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
-refresh_pattern . 0 20% 4320
-EOC;
-
}
+}
$conf .= <<<EOD
cache_mem $memory_cache_size MB
@@ -930,22 +933,33 @@ EOD;
function squid_resync_upstream() {
global $config;
- $settings = $config['installedpackages']['squidupstream']['config'][0];
-
- $conf = '';
- if ($settings['proxy_forwarding'] == 'on') {
- $conf .= "cache_peer {$settings['proxy_addr']} parent {$settings['proxy_port']} ";
- if ($settings['icp_port'] == '7')
- $conf .= "{$settings['icp_port']} no-query";
- else
- $conf .= "{$settings['icp_port']}";
-
- if (!empty($settings['username']))
- $conf .= " login={$settings['username']}";
- if (!empty($settings['password']))
- $conf .= ":{$settings['password']}";
- }
-
+ $conf = "\n#Remote proxies\n";
+ foreach ($config['installedpackages']['squidremote']['config'] as $settings){
+ if ($settings['enable'] == 'on') {
+ $conf .= "cache_peer {$settings['proxyaddr']} {$settings['hierarchy']} {$settings['proxyport']} ";
+ if ($settings['icpport'] == '7')
+ $conf .= "{$settings['icpport']} {$settings['icpoptions']} {$settings['peermethod']} {$settings['allowmiss']} ";
+ else
+ $conf .= "{$settings['icpport']} ";
+ #auth settings
+ if (!empty($settings['username']) && !empty($settings['password'])){
+ $conf .= " login={$settings['username']}:{$settings['password']}";
+ }
+ else{
+ $conf .= "{$settings['authoption']} ";
+ }
+ #other options settings
+ if (!empty($settings['weight']))
+ $conf .= "weight={$settings['weight']} ";
+ if (!empty($settings['basetime']))
+ $conf .= "basetime={$settings['basetime']} ";
+ if (!empty($settings['ttl']))
+ $conf .= "ttl={$settings['ttl']} ";
+ if (!empty($settings['nodelay']))
+ $conf .= "no-delay";
+ }
+ $conf .= "\n";
+ }
return $conf;
}
@@ -1316,6 +1330,7 @@ function squid_resync() {
make_dirs($dir);
chown($dir, 'proxy');
chgrp($dir, 'proxy');
+ squid_chown_recursive($dir, 'proxy', 'proxy');
}
$conf = squid_resync_general() . "\n";
$conf .= squid_resync_cache() . "\n";
@@ -1333,13 +1348,6 @@ function squid_resync() {
if(file_exists("/usr/local/libexec/squid/pinger"))
exec("chmod a+x /usr/local/libexec/squid/pinger");
- foreach (array( SQUID_CONFBASE,
- SQUID_ACLDIR,
- SQUID_BASE ) as $dir) {
- make_dirs($dir);
- squid_chown_recursive($dir, 'proxy', 'proxy');
- }
-
file_put_contents(SQUID_CONFBASE . '/squid.conf', $conf);
$log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/';
diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml
index 1c003a27..981c256c 100644
--- a/config/squid-reverse/squid.xml
+++ b/config/squid-reverse/squid.xml
@@ -10,6 +10,7 @@
authng.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2007 to whom it may belong
+ Copyright (C) 2012 Marcello Coutinho
All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
@@ -74,11 +75,11 @@
<active/>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
diff --git a/config/squid-reverse/squid_auth.xml b/config/squid-reverse/squid_auth.xml
index e04dbfba..43cbe7ea 100644
--- a/config/squid-reverse/squid_auth.xml
+++ b/config/squid-reverse/squid_auth.xml
@@ -48,18 +48,18 @@
<name>squidauth</name>
<version>none</version>
<title>Proxy server: Authentication</title>
- <include_file>squid.inc</include_file>
+ <include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
<tab>
<text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
diff --git a/config/squid-reverse/squid_cache.xml b/config/squid-reverse/squid_cache.xml
index 01ea7da6..4144a7bc 100644
--- a/config/squid-reverse/squid_cache.xml
+++ b/config/squid-reverse/squid_cache.xml
@@ -48,18 +48,18 @@
<name>squidcache</name>
<version>none</version>
<title>Proxy server: Cache management</title>
- <include_file>squid.inc</include_file>
+ <include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
<tab>
<text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
<active/>
</tab>
diff --git a/config/squid-reverse/squid_nac.xml b/config/squid-reverse/squid_nac.xml
index cb986f2b..c951b6f3 100644
--- a/config/squid-reverse/squid_nac.xml
+++ b/config/squid-reverse/squid_nac.xml
@@ -48,18 +48,18 @@
<name>squidnac</name>
<version>none</version>
<title>Proxy server: Access control</title>
- <include_file>squid.inc</include_file>
+ <include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
<tab>
<text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
diff --git a/config/squid-reverse/squid_reverse.inc b/config/squid-reverse/squid_reverse.inc
index 7c0025ba..b208b7b1 100644
--- a/config/squid-reverse/squid_reverse.inc
+++ b/config/squid-reverse/squid_reverse.inc
@@ -58,7 +58,7 @@ function squid_resync_reverse() {
}
if (!empty($settings['reverse_int_ca']))
- file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decodedecode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX);
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX);
$ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
$real_ifaces = array();
diff --git a/config/squid-reverse/squid_reverse_general.xml b/config/squid-reverse/squid_reverse_general.xml
index 00c8d4a5..ff74b9d5 100644
--- a/config/squid-reverse/squid_reverse_general.xml
+++ b/config/squid-reverse/squid_reverse_general.xml
@@ -57,15 +57,15 @@
</tab>
<tab>
<text>Web Servers</text>
- <url>/pkg.php?xml=squid_reverse_peer.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_peer.xml</url>
</tab>
<tab>
<text>Mappings</text>
- <url>/pkg.php?xml=squid_reverse_uri.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_uri.xml</url>
</tab>
<tab>
<text>Sync</text>
- <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url>
+ <url>/pkg_edit.php?xml=squid_reverse_sync.xml&amp;id=0</url>
</tab>
</tabs>
<fields>
diff --git a/config/squid-reverse/squid_reverse_peer.xml b/config/squid-reverse/squid_reverse_peer.xml
index e32e1973..fb853eb3 100644
--- a/config/squid-reverse/squid_reverse_peer.xml
+++ b/config/squid-reverse/squid_reverse_peer.xml
@@ -56,16 +56,16 @@
</tab>
<tab>
<text>Web Servers</text>
- <url>/pkg.php?xml=squid_reverse_peer.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_peer.xml</url>
<active/>
</tab>
<tab>
<text>Mappings</text>
- <url>/pkg.php?xml=squid_reverse_uri.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_uri.xml</url>
</tab>
<tab>
<text>Sync</text>
- <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url>
+ <url>/pkg_edit.php?xml=squid_reverse_sync.xml&amp;id=0</url>
</tab>
</tabs>
<adddeleteeditpagefields>
diff --git a/config/squid-reverse/squid_reverse_sync.xml b/config/squid-reverse/squid_reverse_sync.xml
index 9395f6d7..d666d4e8 100755
--- a/config/squid-reverse/squid_reverse_sync.xml
+++ b/config/squid-reverse/squid_reverse_sync.xml
@@ -52,15 +52,15 @@
</tab>
<tab>
<text>Web Servers</text>
- <url>/pkg.php?xml=squid_reverse_peer.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_peer.xml</url>
</tab>
<tab>
<text>Mappings</text>
- <url>/pkg.php?xml=squid_reverse_uri.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_uri.xml</url>
</tab>
<tab>
<text>Sync</text>
- <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url>
+ <url>/pkg_edit.php?xml=squid_reverse_sync.xml&amp;id=0</url>
<active/>
</tab>
</tabs>
diff --git a/config/squid-reverse/squid_reverse_uri.xml b/config/squid-reverse/squid_reverse_uri.xml
index 57ce5832..a7a5a6d6 100644
--- a/config/squid-reverse/squid_reverse_uri.xml
+++ b/config/squid-reverse/squid_reverse_uri.xml
@@ -56,16 +56,16 @@
</tab>
<tab>
<text>Web Servers</text>
- <url>/pkg.php?xml=squid_reverse_peer.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_peer.xml</url>
</tab>
<tab>
<text>Mappings</text>
- <url>/pkg.php?xml=squid_reverse_uri.xml&amp;id=0</url>
+ <url>/pkg.php?xml=squid_reverse_uri.xml</url>
<active/>
</tab>
<tab>
<text>Sync</text>
- <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url>
+ <url>/pkg_edit.php?xml=squid_reverse_sync.xml&amp;id=0</url>
</tab>
</tabs>
<adddeleteeditpagefields>
diff --git a/config/squid-reverse/squid_sync.xml b/config/squid-reverse/squid_sync.xml
index 5af26a7a..c581d2c5 100755
--- a/config/squid-reverse/squid_sync.xml
+++ b/config/squid-reverse/squid_sync.xml
@@ -51,11 +51,11 @@
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
diff --git a/config/squid-reverse/squid_traffic.xml b/config/squid-reverse/squid_traffic.xml
index 40e8eb97..b1799cce 100644
--- a/config/squid-reverse/squid_traffic.xml
+++ b/config/squid-reverse/squid_traffic.xml
@@ -48,18 +48,18 @@
<name>squidtraffic</name>
<version>none</version>
<title>Proxy server: Traffic management</title>
- <include_file>squid.inc</include_file>
+ <include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
<tab>
<text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
diff --git a/config/squid-reverse/squid_upstream.xml b/config/squid-reverse/squid_upstream.xml
index d3c10771..126a0710 100644
--- a/config/squid-reverse/squid_upstream.xml
+++ b/config/squid-reverse/squid_upstream.xml
@@ -7,9 +7,10 @@
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
+ squid_upstream.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2007 to whom it may belong
+ Copyright (C) 2012 Marcello Coutinho
All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
@@ -45,22 +46,22 @@
<description>Describe your package here</description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
- <name>squidupstream</name>
+ <name>squidremote</name>
<version>none</version>
- <title>Proxy server: Upstream proxy settings</title>
- <include_file>squid.inc</include_file>
+ <title>Proxy server: Remote proxy settings</title>
+ <include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
<tab>
<text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
<active/>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
@@ -84,42 +85,220 @@
<url>/pkg_edit.php?xml=squid_sync.xml</url>
</tab>
</tabs>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fielddescr>Status</fielddescr>
+ <fieldname>enable</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>name</fielddescr>
+ <fieldname>proxyaddr</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Port</fielddescr>
+ <fieldname>proxyport</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>ICP</fielddescr>
+ <fieldname>icpport</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Peer type</fielddescr>
+ <fieldname>hierarchy</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Method</fielddescr>
+ <fieldname>peermethod</fieldname>
+ </columnitem>
+ </adddeleteeditpagefields>
+
<fields>
<field>
- <name>Upstream proxy settings</name>
+ <name>General Settings</name>
<type>listtopic</type>
</field>
<field>
- <fielddescr>Enable forwarding</fielddescr>
- <fieldname>proxy_forwarding</fieldname>
- <description>This option enables the proxy server to forward requests to an upstream server.</description>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>enable</fieldname>
+ <description>This option enables the proxy server to forward requests to an upstream/neighbor server.</description>
<type>checkbox</type>
- <enablefields>proxy_addr,proxy_port,icp_port,username,password</enablefields>
<required/>
</field>
<field>
<fielddescr>Hostname</fielddescr>
- <fieldname>proxy_addr</fieldname>
+ <fieldname>proxyaddr</fieldname>
<description>Enter here the IP address or host name of the upstream proxy.</description>
<type>input</type>
+ <size>35</size>
+ <required/>
+ </field>
+ <field>
+ <fielddescr>Name</fielddescr>
+ <fieldname>proxyname</fieldname>
+ <description>Unique name for the peer.Required if you have multiple peers on the same host but different ports.</description>
+ <type>input</type>
+ <size>35</size>
+ <required/>
</field>
<field>
<fielddescr>TCP port</fielddescr>
- <fieldname>proxy_port</fieldname>
+ <fieldname>proxyport</fieldname>
<description>Enter the port to use to connect to the upstream proxy.</description>
<type>input</type>
<size>5</size>
<default_value>3128</default_value>
+ <required/>
+ </field>
+ <field>
+ <fielddescr>Timeout</fielddescr>
+ <fieldname>connecttimeout</fieldname>
+ <description>A peer-specific connect timeout. Also see the peer_connect_timeout directive.</description>
+ <type>input</type>
+ <size>5</size>
+ </field>
+ <field>
+ <fielddescr>Fail Limit</fielddescr>
+ <fieldname>connectfailLimit</fieldname>
+ <description>How many times connecting to a peer must fail before it is marked as down. Default is 10.</description>
+ <type>input</type>
+ <size>5</size>
+ <default_value>10</default_value>
+ </field>
+ <field>
+ <fielddescr>Max</fielddescr>
+ <fieldname>maxconn</fieldname>
+ <description>Limit the amount of connections Squid may open to this peer.</description>
+ <type>input</type>
+ <size>5</size>
+ </field>
+ <field>
+ <fielddescr>Allow Miss</fielddescr>
+ <fieldname>allowmiss</fieldname>
+ <description><![CDATA[<strong>allow-miss</strong> - Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by the sibling.<br><br>
+ <strong>no-tproxy</strong> - Do not use the client-spoof TPROXY support when forwarding requests to this peer. Use normal address selection instead.<br><br>
+ <strong>proxy-only</strong> - Objects fetched from the peer will not be stored locally.]]></description>
+ <type>select</type>
+ <default_value>allow-miss</default_value>
+ <options>
+ <option><name>Allow Miss</name><value>allow-miss</value></option>
+ <option><name>No Tproxy</name><value>no-tproxy</value></option>
+ <option><name>Proxy Only</name><value>proxy-only</value></option>
+ </options>
+ <multiple/>
+ <size>4</size>
+ </field>
+ <field>
+ <name>Peer settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Hierarchy</fielddescr>
+ <fieldname>hierarchy</fieldname>
+ <description>Specify remote caches hierarchy.</description>
+ <type>select</type>
+ <default_value>parent</default_value>
+ <options>
+ <option><name>parent</name><value>parent</value></option>
+ <option><name>sibling</name><value>sibling</value></option>
+ <option><name>multicast</name><value>multicast</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Select method</fielddescr>
+ <fieldname>peermethod</fieldname>
+ <description><![CDATA[The default peer selection method is ICP, with the first responding peer being used as source. These options can be used for better load balancing.<br><br>
+ <strong>default</strong> - This is a parent cache which can be used as a "last-resort" if a peer cannot be located by any of the peer-selection methods.<br>
+ If specified more than once, only the first is used.<br><br>
+ <strong>round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion in the absence of any ICP queries.<br>weight=N can be used to add bias.<br><br>
+ <strong>weighted-round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion with the frequency of each parent being based on the round trip time.<br>
+ Closer parents are used more often. Usually used for background-ping parents. weight=N can be used to add bias.<br><br>
+ <strong>carp</strong> - Load-Balance parents which should be used as a CARP array. The requests will be distributed among the parents based on the CARP load balancing hash function based on their weight.<br><br>
+ <strong>userhash</strong> - Load-balance parents based on the client proxy_auth or ident username.<br><br>
+ <strong>sourcehash</strong> - Load-balance parents based on the client source IP.<br><br>
+ <strong>multicast-siblings</strong> - To be used only for cache peers of type "multicast".<br>
+ ALL members of this multicast group have "sibling" relationship with it, not "parent". This is to a multicast group when the requested object would be fetched only from a "parent" cache, anyway.<br>
+ It's useful, e.g., when configuring a pool of redundant Squid proxies, being members of the same multicast group.]]></description>
+ <type>select</type>
+ <default_value>round-robin</default_value>
+ <options>
+ <option><name>round-robin</name><value>round-robin</value></option>
+ <option><name>default</name><value>default</value></option>
+ <option><name>weighted-round-robin</name><value>weighted-round-robin</value></option>
+ <option><name>carp</name><value>carp</value></option>
+ <option><name>userhash</name><value>userhash</value></option>
+ <option><name>sourcehash</name><value>sourcehash</value></option>
+ <option><name>multicast-sibling</name><value>multicast-sibling</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>weight</fielddescr>
+ <fieldname>weight</fieldname>
+ <description>Use to affect the selection of a peer during any weighted peer-selection mechanisms. The weight must be an integer; default is 1,larger weights are favored more.</description>
+ <type>input</type>
+ <size>5</size>
+ <default>1</default>
+ </field>
+ <field>
+ <fielddescr>basetime</fielddescr>
+ <fieldname>basetime</fieldname>
+ <description><![CDATA[Specify a base amount to be subtracted from round trip times of parents.<br>
+ It is subtracted before division by weight in calculating which parent to fectch from. If the rtt is less than the base time the rtt is set to a minimal value.]]></description>
+ <type>input</type>
+ <size>5</size>
+ <default>1</default>
+ </field>
+ <field>
+ <fielddescr>ttl</fielddescr>
+ <fieldname>ttl</fieldname>
+ <description><![CDATA[Specify a TTL to use when sending multicast ICP queries to this address<br>
+ Only useful when sending to a multicast group. Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option.]]></description>
+ <type>input</type>
+ <size>5</size>
+ <default>1</default>
+ </field>
+ <field>
+ <fielddescr>no-delay</fielddescr>
+ <fieldname>nodelay</fieldname>
+ <description><![CDATA[To prevent access to this neighbor from influencing the delay pools.]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <name>ICP settings</name>
+ <type>listtopic</type>
</field>
<field>
<fielddescr>ICP port</fielddescr>
- <fieldname>icp_port</fieldname>
+ <fieldname>icpport</fieldname>
<description>Enter the port to connect to the upstream proxy for the ICP protocol. Use port number 7 to disable ICP communication between the proxies.</description>
<type>input</type>
<size>5</size>
<default_value>7</default_value>
</field>
<field>
+ <fielddescr>ICP Options</fielddescr>
+ <fieldname>icpoptions</fieldname>
+ <description><![CDATA[You MUST also set icp_port and icp_access explicitly when using these options.<br>
+ The defaults will prevent peer traffic using ICP<br><br>
+ <strong>no-query</strong> - Disable ICP queries to this neighbor.<br><br>
+ <strong>multicast-responder</strong> -Indicates the named peer is a member of a multicast group.<br>
+ ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.<br><br>
+ <strong>closest-only</strong> - Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.<br><br>
+ <strong>background-ping</strong> - To only send ICP queries to this neighbor infrequently.<br>
+ This is used to keep the neighbor round trip time updated and is usually used in conjunction with weighted-round-robin.]]></description>
+ <type>select</type>
+ <default_value>no-query</default_value>
+ <options>
+ <option><name>no-query</name><value>no-query</value></option>
+ <option><name>multicast-responder</name><value>multicast-responder</value></option>
+ <option><name>closest-only</name><value>closest-only</value></option>
+ <option><name>background-ping</name><value>background-ping</value></option>
+ </options>
+ </field>
+ <field>
+ <name>Auth settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
<fielddescr>Username</fielddescr>
<fieldname>username</fieldname>
<description>If the upstream proxy requires a username, specify it here.</description>
@@ -131,6 +310,39 @@
<description>If the upstream proxy requires a password, specify it here.</description>
<type>password</type>
</field>
+ <field>
+ <fielddescr>Authentication options</fielddescr>
+ <fieldname>authoption</fieldname>
+ <description><![CDATA[<br><strong>login=user:password</strong> - If this is a personal/workgroup proxy and your parent requires proxy authentication.<br><br>
+ <strong>login=PASSTHRU</strong> - Send login details received from client to this peer. Authentication is not required by Squid for this to work.<br>
+ This will pass any form of authentication but only Basic auth will work through a proxy unless the connection-auth options are also used.<br><br>
+ <strong>login=PASS</strong> - Send login details received from client to this peer.Authentication is not required by this option.<br>
+ To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for a single login (one for proxy, one for origin server).<br>
+ Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION<br><br>
+ <strong>login=*:password</strong> - Send the username to the upstream cache, but with a fixed password. This is meant to be used when the peer is in another administrative domain, but it is still needed to identify each user.<br><br>
+ <strong>login=NEGOTIATE</strong> - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br>
+ The first principal from the default keytab or defined by the environment variable KRB5_KTNAME will be used.<br>
+ WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br>
+ <strong>login=NEGOTIATE:principal_name</strong>If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br>
+ The principal principal_name from the default keytab or defined by the environment variable KRB5_KTNAME will be used.
+ WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br>
+ <strong>connection-auth=on</strong> - Tell Squid that this peer does support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br>
+ Default is auto to automatically determine the status of the peer.<br><br>
+ <strong>connection-auth=off</strong> - Tell Squid that this peer does not support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br>
+ Default is auto to automatically determine the status of the peer.]]></description>
+ <type>select</type>
+ <default_value>login=*:password</default_value>
+ <options>
+ <option><name>login=*:password</name><value>login=*:password</value></option>
+ <option><name>login=user:password</name><value>login=user:password</value></option>
+ <option><name>login=PASSTHRU</name><value>login=PASSTHRU</value></option>
+ <option><name>login=PASS</name><value>login=PASS</value></option>
+ <option><name>login=NEGOTIATE</name><value>login=NEGOTIATE</value></option>
+ <option><name>login=NEGOTIATE:principal_name</name><value>login=NEGOTIATE:principal_name</value></option>
+ <option><name>connection-auth=on</name><value>connection-auth=on</value></option>
+ <option><name>connection-auth=off</name><value>connection-auth=off</value></option>
+ </options>
+ </field>
</fields>
<custom_php_validation_command>
squid_validate_upstream($_POST, &amp;$input_errors);
diff --git a/config/squid-reverse/squid_users.xml b/config/squid-reverse/squid_users.xml
index d51a5f87..295ce4fa 100644
--- a/config/squid-reverse/squid_users.xml
+++ b/config/squid-reverse/squid_users.xml
@@ -48,7 +48,7 @@
<name>squidusers</name>
<version>none</version>
<title>Proxy server: Local users</title>
- <include_file>squid.inc</include_file>
+ <include_file>/usr/local/pkg/squid.inc</include_file>
<delete_string>A proxy server user has been deleted.</delete_string>
<addedit_string>A proxy server user has been created/modified.</addedit_string>
<tabs>
@@ -57,11 +57,11 @@
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream</text>
- <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ <text>Remote Cache</text>
+ <url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
- <text>Cache</text>
+ <text>Local Cache</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 6d38aa6b..8f7a1090 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1010,11 +1010,11 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>3.1.19 pkg 2.0.3</version>
+ <version>3.1.19 pkg 2.0.4</version>
<status>RC1</status>
<required_version>2.0</required_version>
<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
- <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
+ <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/8/All/</depends_on_package_base_url>
<depends_on_package>squid-3.1.19.tbz</depends_on_package>
<!-- use build ports from squid 2.0 -->
<build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITH_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITHOUT_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITH_SQUID_AUFS=true WITH_SQUID_COSS=true WITH_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true</build_options>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 4c7c6fce..9743a3b2 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -118,11 +118,11 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>3.1.19 pkg 2.0.3</version>
+ <version>3.1.19 pkg 2.0.4</version>
<status>Stable</status>
<required_version>2.0</required_version>
<maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
- <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
+ <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/amd64/8/All/</depends_on_package_base_url>
<depends_on_package>squid-3.1.19.tbz</depends_on_package>
<!-- use build ports from squid 2.0 -->
<build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITH_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITHOUT_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITH_SQUID_AUFS=true WITH_SQUID_COSS=true WITH_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true</build_options>