summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlin Năstac <mrness@gentoo.org>2008-01-10 20:46:09 +0000
committerAlin Năstac <mrness@gentoo.org>2008-01-10 20:46:09 +0000
commitac2848dd54fa2d70e9aa8466dcb106ba340a5526 (patch)
tree0e3e5e1d0e5aa8b4967f0f3960840f34e3665e2a /net-proxy
parentstable x86, bug 205242 (diff)
downloadhistorical-ac2848dd54fa2d70e9aa8466dcb106ba340a5526.tar.gz
historical-ac2848dd54fa2d70e9aa8466dcb106ba340a5526.tar.bz2
historical-ac2848dd54fa2d70e9aa8466dcb106ba340a5526.zip
Version bump (#205240).
Package-Manager: portage-2.1.3.19
Diffstat (limited to 'net-proxy')
-rw-r--r--net-proxy/squid/ChangeLog12
-rw-r--r--net-proxy/squid/Manifest36
-rw-r--r--net-proxy/squid/files/digest-squid-2.6.183
-rw-r--r--net-proxy/squid/files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch216
-rw-r--r--net-proxy/squid/files/squid-2.6.18-gentoo.patch298
-rw-r--r--net-proxy/squid/files/squid-2.6.18-qos.patch322
-rw-r--r--net-proxy/squid/squid-2.6.18.ebuild184
7 files changed, 1061 insertions, 10 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index 05df18aa78a3..5b6bef7bac74 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-proxy/squid
-# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.173 2007/12/20 10:07:12 mrness Exp $
+# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.174 2008/01/10 20:46:09 mrness Exp $
+
+*squid-2.6.18 (10 Jan 2008)
+
+ 10 Jan 2008; Alin Năstac <mrness@gentoo.org>
+ +files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch,
+ +files/squid-2.6.18-gentoo.patch, +files/squid-2.6.18-qos.patch,
+ +squid-2.6.18.ebuild:
+ Version bump (#205240).
*squid-3.0.1 (20 Dec 2007)
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index 2b570167c2bd..2460c00d64ae 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -13,6 +13,18 @@ AUX squid-2.6.17-qos.patch 10046 RMD160 769bfe700a58cec631d5617ceab4a4a96a78ad16
MD5 3c24f7db84fc9b3945ce7ed8b18363e9 files/squid-2.6.17-qos.patch 10046
RMD160 769bfe700a58cec631d5617ceab4a4a96a78ad16 files/squid-2.6.17-qos.patch 10046
SHA256 e98147f5388d9c5fac55bbd7d746609d29d96fb78352ae9a673227a3c326104c files/squid-2.6.17-qos.patch 10046
+AUX squid-2.6.18-ToS_Hit_ToS_Preserve.patch 7810 RMD160 511f7c2eae9cb035b89c61adaf1e1d196b106485 SHA1 6e6394a7f9e148f6624c11d361decd2b0e111adc SHA256 1f91a353485d7a5ea176545d61ad0ec2a641e6304493a20b94522870988ecaf5
+MD5 94a774c29bbd6a88e33d8cd2ed558ddc files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch 7810
+RMD160 511f7c2eae9cb035b89c61adaf1e1d196b106485 files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch 7810
+SHA256 1f91a353485d7a5ea176545d61ad0ec2a641e6304493a20b94522870988ecaf5 files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch 7810
+AUX squid-2.6.18-gentoo.patch 11898 RMD160 fa0e48eda17897f1f37ec7708c15c34f46fca4ae SHA1 50ea047e42f9e60cf6c73de8760d44d96c1ba9ef SHA256 d4f0fda900356f790fe2010941f833f4b3fa2f01895c40c9af566f69bc5aa2d0
+MD5 5a078893d153ffbb52e27c487848e75a files/squid-2.6.18-gentoo.patch 11898
+RMD160 fa0e48eda17897f1f37ec7708c15c34f46fca4ae files/squid-2.6.18-gentoo.patch 11898
+SHA256 d4f0fda900356f790fe2010941f833f4b3fa2f01895c40c9af566f69bc5aa2d0 files/squid-2.6.18-gentoo.patch 11898
+AUX squid-2.6.18-qos.patch 10046 RMD160 e05e7ed05e94164e317a11e9204fa31ca729fae1 SHA1 374aa846c157d3238f867f47393d4a1ff18741a3 SHA256 1f070459498c0765787b3f1227f4e1881893e94315be7d3480d92400aeb94ed9
+MD5 addc1889324412a4e05444187df8ccb2 files/squid-2.6.18-qos.patch 10046
+RMD160 e05e7ed05e94164e317a11e9204fa31ca729fae1 files/squid-2.6.18-qos.patch 10046
+SHA256 1f070459498c0765787b3f1227f4e1881893e94315be7d3480d92400aeb94ed9 files/squid-2.6.18-qos.patch 10046
AUX squid-3.0.1-gentoo.patch 8934 RMD160 67177aa2318791b8b19b05a5dfb8a36124144178 SHA1 04ad3af94b1d1219e186eac76654343d20cdee71 SHA256 db85e799056743ec556036de384096b6f502f1e3e2a05eb9f3475f64f7f77307
MD5 66d7cd0fbbb71beccb170642e810b8ec files/squid-3.0.1-gentoo.patch 8934
RMD160 67177aa2318791b8b19b05a5dfb8a36124144178 files/squid-3.0.1-gentoo.patch 8934
@@ -42,19 +54,24 @@ MD5 4cdf88cc558177b8c7ff33cb876eb2de files/squid.pam 315
RMD160 afb3f1cc36ba5ef0015c40040b6d5c18485ec828 files/squid.pam 315
SHA256 68ef4282f9fb8506df710d0ae16e84e991e9b138c7f1d0af922682219c7a971f files/squid.pam 315
DIST squid-2.6.STABLE17.tar.gz 1724676 RMD160 8fadcf6a78c0f8ce20426ed9a78837e19a0a9af6 SHA1 e5022a9318e6547d4c2409c59f457f92de620401 SHA256 01231f7eb0a28faff41f3f279b949f32602ae4fce41d26f6190e9812fe2a360c
+DIST squid-2.6.STABLE18.tar.gz 1725660 RMD160 62542c607b2ab3630ce82879b17509b412029479 SHA1 b819e934f07ff421a633c27432d7e289fad3568f SHA256 51a85f2dae50a793a1ed38191676cbf9ab2ecdc059304fbf6de041d36692d634
DIST squid-3.0.STABLE1.tar.gz 2406601 RMD160 241524529c75f875fb6c760d023076d2c9f82d7b SHA1 057dd85a28b7123035aa6f7ad36ec0d985088943 SHA256 6b92f259ec89ecccabaf081e47fdf402d37a3d5d0ff93dd1b586f634fcdfb891
EBUILD squid-2.6.17.ebuild 5733 RMD160 0e82971b5cd81a8062374b242c9ae66747395ebb SHA1 cc0b1c1dc3229a8c9e21449d5b200fae0945f8c6 SHA256 368f9eafd65feaa2232893441767a506e3eefd178ecb51c0339920895914a4c3
MD5 fc4c6155de38b5eb3f61c22bdc9d5219 squid-2.6.17.ebuild 5733
RMD160 0e82971b5cd81a8062374b242c9ae66747395ebb squid-2.6.17.ebuild 5733
SHA256 368f9eafd65feaa2232893441767a506e3eefd178ecb51c0339920895914a4c3 squid-2.6.17.ebuild 5733
+EBUILD squid-2.6.18.ebuild 5740 RMD160 eaf6cf416563904ea7367d1062ec068aa660e0ce SHA1 b1f7b1ca646070644df1eb9bd3afc606a800aaac SHA256 4c126c39f5fb88a4a602035c0cd4ca10fd35194bce17f345b0a6bda132f9a01f
+MD5 2a814a3562c8643020afb503038ddafe squid-2.6.18.ebuild 5740
+RMD160 eaf6cf416563904ea7367d1062ec068aa660e0ce squid-2.6.18.ebuild 5740
+SHA256 4c126c39f5fb88a4a602035c0cd4ca10fd35194bce17f345b0a6bda132f9a01f squid-2.6.18.ebuild 5740
EBUILD squid-3.0.1.ebuild 5592 RMD160 f6d70636cc6850c920950e0e950a7289bb768742 SHA1 b216f62a1dd663ce035cdb5339b775d7e15f84cb SHA256 1bcee6f665a5be35e93e87f57abfd7f640cbab0a3af6e9fd127e3cec6fc60daf
MD5 81d7b4fc05f0864454a082caff8f1619 squid-3.0.1.ebuild 5592
RMD160 f6d70636cc6850c920950e0e950a7289bb768742 squid-3.0.1.ebuild 5592
SHA256 1bcee6f665a5be35e93e87f57abfd7f640cbab0a3af6e9fd127e3cec6fc60daf squid-3.0.1.ebuild 5592
-MISC ChangeLog 40221 RMD160 4d80109f659353559d4047f9533049cfd84d7355 SHA1 7868cfdfa808e4ff44c42376b0d83d5b7d271a74 SHA256 f9f5de39c96b650aa10869682cb4eaa1aee75555e03f88fb4b274e8a92bccc4e
-MD5 dc9703bc32d93b691fc36a4bebf556d9 ChangeLog 40221
-RMD160 4d80109f659353559d4047f9533049cfd84d7355 ChangeLog 40221
-SHA256 f9f5de39c96b650aa10869682cb4eaa1aee75555e03f88fb4b274e8a92bccc4e ChangeLog 40221
+MISC ChangeLog 40466 RMD160 8f5cc1b913a4b1604d8dc1c5c48220afc5f174a1 SHA1 3e4b10d88a46789b086087e4eea27584439d5d61 SHA256 5e189424453541b88dc02f1db028230598f748aa943a53246534441af95a9471
+MD5 a1b0c2dfcb3059c7814a5913d931ee90 ChangeLog 40466
+RMD160 8f5cc1b913a4b1604d8dc1c5c48220afc5f174a1 ChangeLog 40466
+SHA256 5e189424453541b88dc02f1db028230598f748aa943a53246534441af95a9471 ChangeLog 40466
MISC metadata.xml 229 RMD160 3017fab68c82b875738f1df5bb414f46480f142f SHA1 975a764b9c2b956a744795d61a702bd3545bbfb9 SHA256 b986c2ccab6337ef434285c558ed764218d7ca79a82cb5ee3d2615cd03360e87
MD5 24a10e76803f4cc98cdc979586096c6f metadata.xml 229
RMD160 3017fab68c82b875738f1df5bb414f46480f142f metadata.xml 229
@@ -62,13 +79,16 @@ SHA256 b986c2ccab6337ef434285c558ed764218d7ca79a82cb5ee3d2615cd03360e87 metadata
MD5 b26f662fe98c598630825e6a64dd0649 files/digest-squid-2.6.17 259
RMD160 603296dc7a8f44da062c3204d855eaf1b680c2c9 files/digest-squid-2.6.17 259
SHA256 341e50e862da566f78fdf3e581c4b14e6eda8c00131234988cf67fe36b3350dd files/digest-squid-2.6.17 259
+MD5 d8ed3b833aae600a58fb50f8b8884b17 files/digest-squid-2.6.18 259
+RMD160 3d0bcf06abc5a5a7f3c31809e8ab091677384e78 files/digest-squid-2.6.18 259
+SHA256 1b452517e17df4b5d7b83de873a4ab1cfb88473032850785cbf676cf09b0597b files/digest-squid-2.6.18 259
MD5 5466d5c2cbb6936547bb6ad550448622 files/digest-squid-3.0.1 256
RMD160 9c5f7659459e3dae66edeaedc719212c9a4ae20f files/digest-squid-3.0.1 256
SHA256 bbccd358c592733f15d6c492a66db40b6eb2e9d3696a2bc30fd0864c7e00ce83 files/digest-squid-3.0.1 256
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.7 (GNU/Linux)
+Version: GnuPG v2.0.8 (GNU/Linux)
-iD8DBQFHaj7eVSA5X31g7/gRApAjAJ9By8EgqGoe5uzF18BkkxGOw6+W8gCfUXVi
-318e+C70KIdFgfFBrmwkHbY=
-=zfEm
+iEYEARECAAYFAkeGhBwACgkQ+fWpoTWIA9EVUQCaA0yGwgYzJBC1EBRNZrwrQOOh
+kkcAmgLbNzvjrwTXwog3DnQBrEdopdni
+=pUuG
-----END PGP SIGNATURE-----
diff --git a/net-proxy/squid/files/digest-squid-2.6.18 b/net-proxy/squid/files/digest-squid-2.6.18
new file mode 100644
index 000000000000..1a1f8ce8965d
--- /dev/null
+++ b/net-proxy/squid/files/digest-squid-2.6.18
@@ -0,0 +1,3 @@
+MD5 d7ff75f7b75ba7bc28ea453fe4b94434 squid-2.6.STABLE18.tar.gz 1725660
+RMD160 62542c607b2ab3630ce82879b17509b412029479 squid-2.6.STABLE18.tar.gz 1725660
+SHA256 51a85f2dae50a793a1ed38191676cbf9ab2ecdc059304fbf6de041d36692d634 squid-2.6.STABLE18.tar.gz 1725660
diff --git a/net-proxy/squid/files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch b/net-proxy/squid/files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch
new file mode 100644
index 000000000000..9a3b73a9946d
--- /dev/null
+++ b/net-proxy/squid/files/squid-2.6.18-ToS_Hit_ToS_Preserve.patch
@@ -0,0 +1,216 @@
+diff -Nru squid-2.6.STABLE18.orig/src/cf.data.pre squid-2.6.STABLE18/src/cf.data.pre
+--- squid-2.6.STABLE18.orig/src/cf.data.pre 2008-01-10 22:29:22.000000000 +0200
++++ squid-2.6.STABLE18/src/cf.data.pre 2008-01-10 22:33:03.000000000 +0200
+@@ -1181,6 +1181,64 @@
+ to off when using this directive in such configurations.
+ DOC_END
+
++NAME: zph_tos_local
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_local
++DOC_START
++ Allows you to select a TOS/Diffserv value to mark local hits. Read above
++ (tcp_outgoing_tos) for details/requirements about TOS.
++ Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_peer
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_peer
++DOC_START
++ Allows you to select a TOS/Diffserv value to mark peer hits. Read above
++ (tcp_outgoing_tos) for details/requirements about TOS.
++ Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_parent
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_tos_parent
++DEFAULT: on
++DOC_START
++ Set this to off if you want only sibling hits to be marked.
++ If set to on (default), parent hits are being marked too.
++DOC_END
++
++NAME: zph_preserve_miss_tos
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_preserve_miss_tos
++DEFAULT: on
++DOC_START
++ If set to on (default), any HTTP response towards clients will
++ have the TOS value of the response comming from the remote
++ server masked with the value of zph_preserve_miss_tos_mask.
++ For this to work correctly, you will need to patch your linux
++ kernel with the TOS preserving ZPH patch.
++ Has no effect under FreeBSD, works only under linux ZPH patched
++ kernels.
++DOC_END
++
++NAME: zph_preserve_miss_tos_mask
++TYPE: int
++DEFAULT: 255
++LOC: Config.zph_preserve_miss_tos_mask
++DOC_START
++ Allows you to mask certain bits in the TOS received from the
++ remote server, before copying the value to the TOS send towards
++ clients.
++ See zph_preserve_miss_tos for details.
++
++ Default: 255 (TOS from server is not changed).
++DOC_END
++
+ NAME: tcp_outgoing_address
+ TYPE: acl_address
+ DEFAULT: none
+diff -Nru squid-2.6.STABLE18.orig/src/client_side.c squid-2.6.STABLE18/src/client_side.c
+--- squid-2.6.STABLE18.orig/src/client_side.c 2008-01-10 22:29:22.000000000 +0200
++++ squid-2.6.STABLE18/src/client_side.c 2008-01-10 22:33:03.000000000 +0200
+@@ -2632,6 +2632,55 @@
+ return;
+ }
+ assert(http->out.offset == 0);
++
++ if ( Config.zph_tos_local || Config.zph_tos_peer ||
++ (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask) )
++ {
++ int need_change = 0;
++ int hit = 0;
++ int tos = 0;
++ int tos_old = 0;
++ int tos_len = sizeof(tos_old);
++ int res;
++
++ if (Config.zph_tos_local && isTcpHit(http->log_type)) { /* local hit */
++ hit = 1;
++ tos = Config.zph_tos_local;
++ } else if (Config.zph_tos_peer &&
++ (http->request->hier.code == SIBLING_HIT || /* sibling hit */
++ (Config.onoff.zph_tos_parent &&
++ http->request->hier.code == PARENT_HIT))) { /* parent hit */
++ hit = 1;
++ tos = Config.zph_tos_peer;
++ }
++ if (http->request->flags.proxy_keepalive) {
++ if (getsockopt(fd, IPPROTO_IP, IP_TOS, &tos_old, &tos_len) < 0) {
++ debug(33, 1) ("ZPH: getsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror());
++ } else if (hit && tos_old != tos) { /* HIT: 1-st request, or previous was MISS, */
++ need_change = 1; /* or local/parent hit change */
++ } else if (!hit && (tos_old || /* MISS: previous was HIT */
++ Config.onoff.zph_preserve_miss_tos)) { /* TOS copying is on */
++#if defined(_SQUID_LINUX_)
++ if ( Config.onoff.zph_preserve_miss_tos ) {
++ tos = (entry->mem_obj != NULL) ?
++ (entry->mem_obj->recvTOS & Config.zph_preserve_miss_tos_mask):0;
++ } else tos = 0;
++#else
++ tos = 0;
++#endif
++ need_change = 1;
++ }
++ } else if (hit) { /* no keepalive */
++ need_change = 1;
++ }
++ if (need_change) {
++ if (!hit) enter_suid(); /* Setting TOS bit6-7 is privilleged */
++ res = setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++ if (!hit) leave_suid(); /* Setting bit5-7 is privilleged */
++ if ( res < 0)
++ debug(33, 1) ("ZPH: setsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror());
++ }
++ }
+ rep = http->reply = clientBuildReply(http, buf, size);
+ if (!rep) {
+ /* Forward as HTTP/0.9 body with no reply */
+diff -Nru squid-2.6.STABLE18.orig/src/http.c squid-2.6.STABLE18/src/http.c
+--- squid-2.6.STABLE18.orig/src/http.c 2007-11-26 13:04:30.000000000 +0200
++++ squid-2.6.STABLE18/src/http.c 2008-01-10 22:33:03.000000000 +0200
+@@ -1393,6 +1393,53 @@
+ peer *p = httpState->peer;
+ CWCB *sendHeaderDone;
+ int fd = httpState->fd;
++
++#if defined(_SQUID_LINUX_)
++/* ZPH patch starts here (M.Stavrev 25-05-2005)
++ * Retrieve connection peer's TOS value (which its SYN_ACK TCP segment
++ * was encapsulated into an IP packet)
++ */
++ int tos, tos_len;
++ if ( entry && entry->mem_obj ) { // Is this check necessary ? Seems not, but
++ // have no time to investigate further.
++ entry->mem_obj->recvTOS = 0;
++ tos = 1;
++ tos_len = sizeof(tos);
++ if ( setsockopt(fd,SOL_IP, IP_RECVTOS, &tos, tos_len) == 0 ) {
++ unsigned char buf[128];
++ int len = 128;
++ if (getsockopt(fd, SOL_IP, IP_PKTOPTIONS, buf, &len) == 0)
++ {
++ /* Parse the PKTOPTIONS structure to locate the TOS data message
++ * prepared in the kernel by the ZPH incoming TCP TOS preserving
++ * patch. In 99,99% the TOS should be located at buf[12], but
++ * let's do it the right way.
++ */
++ unsigned char * p = buf;
++ while ( p-buf < len ) {
++ struct cmsghdr * o = (struct cmsghdr*)p;
++ if ( o->cmsg_len <= 0 || o->cmsg_len > 52 )
++ break;
++ if ( o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS ) {
++ entry->mem_obj->recvTOS = (unsigned char)(*(int*)
++ (p + sizeof(struct cmsghdr)));
++ debug(11, 5) ("ZPH: Incomming TOS=%d on FD %d\n",
++ entry->mem_obj->recvTOS, fd );
++ break;
++ }
++ p += o->cmsg_len;
++ }
++ } else {
++ debug(11, 5) ("ZPH: getsockopt(IP_PKTOPTIONS) on FD %d: %s\n",
++ fd, xstrerror());
++ }
++ } else {
++ debug(11, 5) ("ZPH: setsockopt(IP_RECVTOS) on FD %d: %s\n",
++ fd, xstrerror());
++ }
++ }
++/* ZPH patch ends here */
++#endif
+
+ debug(11, 5) ("httpSendRequest: FD %d: httpState %p.\n", fd, httpState);
+
+diff -Nru squid-2.6.STABLE18.orig/src/structs.h squid-2.6.STABLE18/src/structs.h
+--- squid-2.6.STABLE18.orig/src/structs.h 2007-09-06 00:28:34.000000000 +0300
++++ squid-2.6.STABLE18/src/structs.h 2008-01-10 22:33:03.000000000 +0200
+@@ -669,6 +669,8 @@
+ int relaxed_header_parser;
+ int accel_no_pmtu_disc;
+ int global_internal_static;
++ int zph_tos_parent;
++ int zph_preserve_miss_tos;
+ int httpd_suppress_version_string;
+ int via;
+ int check_hostnames;
+@@ -793,6 +795,9 @@
+ int sleep_after_fork; /* microseconds */
+ time_t minimum_expiry_time; /* seconds */
+ external_acl *externalAclHelperList;
++ int zph_tos_local;
++ int zph_tos_peer;
++ int zph_preserve_miss_tos_mask;
+ errormap *errorMapList;
+ #if USE_SSL
+ struct {
+@@ -1724,6 +1729,9 @@
+ const char *vary_encoding;
+ StoreEntry *ims_entry;
+ time_t refresh_timestamp;
++#if defined(_SQUID_LINUX_)
++ unsigned char recvTOS; /* ZPH patch - stores remote server's TOS */
++#endif
+ };
+
+ struct _StoreEntry {
diff --git a/net-proxy/squid/files/squid-2.6.18-gentoo.patch b/net-proxy/squid/files/squid-2.6.18-gentoo.patch
new file mode 100644
index 000000000000..975bb21fca8b
--- /dev/null
+++ b/net-proxy/squid/files/squid-2.6.18-gentoo.patch
@@ -0,0 +1,298 @@
+diff -Nru squid-2.6.STABLE18.orig/helpers/basic_auth/MSNT/confload.c squid-2.6.STABLE18/helpers/basic_auth/MSNT/confload.c
+--- squid-2.6.STABLE18.orig/helpers/basic_auth/MSNT/confload.c 2002-06-26 22:09:48.000000000 +0300
++++ squid-2.6.STABLE18/helpers/basic_auth/MSNT/confload.c 2008-01-10 22:28:29.000000000 +0200
+@@ -24,7 +24,7 @@
+
+ /* Path to configuration file */
+ #ifndef SYSCONFDIR
+-#define SYSCONFDIR "/usr/local/squid/etc"
++#define SYSCONFDIR "/etc/squid"
+ #endif
+ #define CONFIGFILE SYSCONFDIR "/msntauth.conf"
+
+diff -Nru squid-2.6.STABLE18.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-2.6.STABLE18/helpers/basic_auth/MSNT/msntauth.conf.default
+--- squid-2.6.STABLE18.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2002-06-26 21:44:28.000000000 +0300
++++ squid-2.6.STABLE18/helpers/basic_auth/MSNT/msntauth.conf.default 2008-01-10 22:28:29.000000000 +0200
+@@ -8,6 +8,6 @@
+ server other_PDC other_BDC otherdomain
+
+ # Denied and allowed users. Comment these if not needed.
+-#denyusers /usr/local/squid/etc/msntauth.denyusers
+-#allowusers /usr/local/squid/etc/msntauth.allowusers
++#denyusers /etc/squid/msntauth.denyusers
++#allowusers /etc/squid/msntauth.allowusers
+
+diff -Nru squid-2.6.STABLE18.orig/helpers/basic_auth/SMB/Makefile.am squid-2.6.STABLE18/helpers/basic_auth/SMB/Makefile.am
+--- squid-2.6.STABLE18.orig/helpers/basic_auth/SMB/Makefile.am 2005-05-17 19:56:26.000000000 +0300
++++ squid-2.6.STABLE18/helpers/basic_auth/SMB/Makefile.am 2008-01-10 22:28:29.000000000 +0200
+@@ -14,7 +14,7 @@
+ ## FIXME: autoconf should test for the samba path.
+
+ SMB_AUTH_HELPER = smb_auth.sh
+-SAMBAPREFIX=/usr/local/samba
++SAMBAPREFIX=/usr
+ SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
+
+ libexec_SCRIPTS = $(SMB_AUTH_HELPER)
+diff -Nru squid-2.6.STABLE18.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.6.STABLE18/helpers/basic_auth/SMB/smb_auth.sh
+--- squid-2.6.STABLE18.orig/helpers/basic_auth/SMB/smb_auth.sh 2001-01-08 01:36:46.000000000 +0200
++++ squid-2.6.STABLE18/helpers/basic_auth/SMB/smb_auth.sh 2008-01-10 22:28:29.000000000 +0200
+@@ -24,7 +24,7 @@
+ read AUTHSHARE
+ read AUTHFILE
+ read SMBUSER
+-read SMBPASS
++read -r SMBPASS
+
+ # Find domain controller
+ echo "Domain name: $DOMAINNAME"
+@@ -47,7 +47,7 @@
+ addropt=""
+ fi
+ echo "Query address options: $addropt"
+-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
+ echo "Domain controller IP address: $dcip"
+ [ -n "$dcip" ] || exit 1
+
+diff -Nru squid-2.6.STABLE18.orig/helpers/external_acl/session/squid_session.8 squid-2.6.STABLE18/helpers/external_acl/session/squid_session.8
+--- squid-2.6.STABLE18.orig/helpers/external_acl/session/squid_session.8 2007-01-06 19:28:35.000000000 +0200
++++ squid-2.6.STABLE18/helpers/external_acl/session/squid_session.8 2008-01-10 22:28:29.000000000 +0200
+@@ -35,7 +35,7 @@
+ .P
+ Configuration example using the default automatic mode
+ .IP
+-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session
++external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session
+ .IP
+ acl session external session
+ .IP
+diff -Nru squid-2.6.STABLE18.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-2.6.STABLE18/helpers/external_acl/unix_group/squid_unix_group.8
+--- squid-2.6.STABLE18.orig/helpers/external_acl/unix_group/squid_unix_group.8 2006-05-14 18:07:24.000000000 +0300
++++ squid-2.6.STABLE18/helpers/external_acl/unix_group/squid_unix_group.8 2008-01-10 22:28:29.000000000 +0200
+@@ -27,7 +27,7 @@
+ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
+ matches users in group2 or group3
+ .IP
+-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p
++external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p
+ .IP
+ acl usergroup1 external unix_group group1
+ .IP
+diff -Nru squid-2.6.STABLE18.orig/src/access_log.c squid-2.6.STABLE18/src/access_log.c
+--- squid-2.6.STABLE18.orig/src/access_log.c 2007-06-03 03:40:32.000000000 +0300
++++ squid-2.6.STABLE18/src/access_log.c 2008-01-10 22:28:29.000000000 +0200
+@@ -1225,7 +1225,7 @@
+ LogfileStatus = LOG_ENABLE;
+ }
+ #if HEADERS_LOG
+- headerslog = logfileOpen("/usr/local/squid/logs/headers.log", MAX_URL << 1, 0);
++ headerslog = logfileOpen("/var/log/squid/headers.log", MAX_URL << 1, 0);
+ assert(NULL != headerslog);
+ #endif
+ #if FORW_VIA_DB
+diff -Nru squid-2.6.STABLE18.orig/src/cf.data.pre squid-2.6.STABLE18/src/cf.data.pre
+--- squid-2.6.STABLE18.orig/src/cf.data.pre 2007-11-26 13:03:45.000000000 +0200
++++ squid-2.6.STABLE18/src/cf.data.pre 2008-01-10 22:28:29.000000000 +0200
+@@ -640,6 +640,8 @@
+ acl Safe_ports port 488 # gss-http
+ acl Safe_ports port 591 # filemaker
+ acl Safe_ports port 777 # multiling http
++acl Safe_ports port 901 # SWAT
++acl purge method PURGE
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -673,6 +675,9 @@
+ # Only allow cachemgr access from localhost
+ http_access allow manager localhost
+ http_access deny manager
++# Only allow purge requests from localhost
++http_access allow purge localhost
++http_access deny purge
+ # Deny requests to unknown ports
+ http_access deny !Safe_ports
+ # Deny CONNECT to other than SSL ports
+@@ -691,6 +696,9 @@
+ #acl our_networks src 192.168.1.0/24 192.168.2.0/24
+ #http_access allow our_networks
+
++# Allow the localhost to have access by default
++http_access allow localhost
++
+ # And finally deny all other access to this proxy
+ http_access deny all
+ NOCOMMENT_END
+@@ -3356,11 +3364,11 @@
+
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ Email-address of local cache manager who will receive
+- mail if the cache dies. The default is "webmaster".
++ mail if the cache dies. The default is "root".
+ DOC_END
+
+ NAME: mail_from
+@@ -3389,12 +3397,12 @@
+
+ NAME: cache_effective_user
+ TYPE: string
+-DEFAULT: nobody
++DEFAULT: squid
+ LOC: Config.effectiveUser
+ DOC_START
+ If you start Squid as root, it will change its effective/real
+ UID/GID to the user specified below. The default is to change
+- to UID to nobody. If you define cache_effective_user, but not
++ to UID to squid. If you define cache_effective_user, but not
+ cache_effective_group, Squid sets the GID to the effective
+ user's default group ID (taken from the password file) and
+ supplementary group list from the from groups membership of
+@@ -4031,12 +4039,12 @@
+ NAME: snmp_port
+ TYPE: ushort
+ LOC: Config.Port.snmp
+-DEFAULT: 3401
++DEFAULT: 0
+ IFDEF: SQUID_SNMP
+ DOC_START
+ Squid can now serve statistics and status information via SNMP.
+- By default it listens to port 3401 on the machine. If you don't
+- wish to use SNMP, set this to "0".
++ By default snmp_port is disabled. If you wish to use SNMP,
++ set this to "3401" (or any other number you like).
+ DOC_END
+
+ NAME: snmp_access
+@@ -4107,12 +4115,12 @@
+ NAME: htcp_port
+ IFDEF: USE_HTCP
+ TYPE: ushort
+-DEFAULT: 4827
++DEFAULT: 0
+ LOC: Config.Port.htcp
+ DOC_START
+ The port number where Squid sends and receives HTCP queries to
+- and from neighbor caches. Default is 4827. To disable use
+- "0".
++ and from neighbor caches. To turn it on you want to set it to
++ 4827. By default it is set to "0" (disabled).
+ DOC_END
+
+ NAME: log_icp_queries
+@@ -4964,6 +4972,9 @@
+ If you disable this, it will appear as
+
+ X-Forwarded-For: unknown
++NOCOMMENT_START
++forwarded_for off
++NOCOMMENT_END
+ DOC_END
+
+ NAME: cachemgr_passwd
+diff -Nru squid-2.6.STABLE18.orig/src/client_side.c squid-2.6.STABLE18/src/client_side.c
+--- squid-2.6.STABLE18.orig/src/client_side.c 2007-09-03 16:13:36.000000000 +0300
++++ squid-2.6.STABLE18/src/client_side.c 2008-01-10 22:28:29.000000000 +0200
+@@ -4597,14 +4597,7 @@
+ debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+ } else {
+ if (do_debug(83, 4)) {
+- /* Write out the SSL session details.. actually the call below, but
+- * OpenSSL headers do strange typecasts confusing GCC.. */
+- /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */
+-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L
+- PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#else
+ PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#endif
+ /* Note: This does not automatically fflush the log file.. */
+ }
+ debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+diff -Nru squid-2.6.STABLE18.orig/src/defines.h squid-2.6.STABLE18/src/defines.h
+--- squid-2.6.STABLE18.orig/src/defines.h 2007-02-04 00:58:20.000000000 +0200
++++ squid-2.6.STABLE18/src/defines.h 2008-01-10 22:28:29.000000000 +0200
+@@ -259,7 +259,7 @@
+
+ /* were to look for errors if config path fails */
+ #ifndef DEFAULT_SQUID_ERROR_DIR
+-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
++#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English"
+ #endif
+
+ /* gb_type operations */
+diff -Nru squid-2.6.STABLE18.orig/src/main.c squid-2.6.STABLE18/src/main.c
+--- squid-2.6.STABLE18.orig/src/main.c 2007-11-26 12:47:23.000000000 +0200
++++ squid-2.6.STABLE18/src/main.c 2008-01-10 22:28:29.000000000 +0200
+@@ -372,6 +372,22 @@
+ asnFreeMemory();
+ }
+
++#if USE_UNLINKD
++static int
++needUnlinkd(void)
++{
++ int i;
++ int r = 0;
++ for (i = 0; i < Config.cacheSwap.n_configured; i++) {
++ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 ||
++ strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 ||
++ strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0)
++ r++;
++ }
++ return r;
++}
++#endif
++
+ static void
+ mainReconfigure(void)
+ {
+@@ -395,6 +411,7 @@
+ locationRewriteShutdown();
+ authenticateShutdown();
+ externalAclShutdown();
++ unlinkdClose();
+ storeDirCloseSwapLogs();
+ storeLogClose();
+ accessLogClose();
+@@ -430,6 +447,9 @@
+ #if USE_WCCPv2
+ wccp2Init();
+ #endif
++#if USE_UNLINKD
++ if (needUnlinkd()) unlinkdInit();
++#endif
+ serverConnectionsOpen();
+ neighbors_init();
+ storeDirOpenSwapLogs();
+@@ -593,7 +613,7 @@
+
+ if (!configured_once) {
+ #if USE_UNLINKD
+- unlinkdInit();
++ if (needUnlinkd()) unlinkdInit();
+ #endif
+ urlInitialize();
+ cachemgrInit();
+diff -Nru squid-2.6.STABLE18.orig/src/Makefile.am squid-2.6.STABLE18/src/Makefile.am
+--- squid-2.6.STABLE18.orig/src/Makefile.am 2007-09-06 00:50:15.000000000 +0300
++++ squid-2.6.STABLE18/src/Makefile.am 2008-01-10 22:28:29.000000000 +0200
+@@ -325,12 +325,12 @@
+ DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf
+ DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf
+ DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
+-DEFAULT_LOG_PREFIX = $(localstatedir)/logs
++DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid
+ DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log
+ DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log
+ DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log
+-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid
+-DEFAULT_SWAP_DIR = $(localstatedir)/cache
++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid
++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid
+ DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_DISKD = $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
diff --git a/net-proxy/squid/files/squid-2.6.18-qos.patch b/net-proxy/squid/files/squid-2.6.18-qos.patch
new file mode 100644
index 000000000000..81fba8e94ef2
--- /dev/null
+++ b/net-proxy/squid/files/squid-2.6.18-qos.patch
@@ -0,0 +1,322 @@
+diff -Nru squid-2.6.STABLE18.orig/src/cache_cf.c squid-2.6.STABLE18/src/cache_cf.c
+--- squid-2.6.STABLE18.orig/src/cache_cf.c 2007-08-31 16:49:54.000000000 +0300
++++ squid-2.6.STABLE18/src/cache_cf.c 2008-01-10 22:33:54.000000000 +0200
+@@ -891,6 +891,65 @@
+ }
+ }
+
++CBDATA_TYPE(acl_priority);
++
++static void
++dump_acl_priority(StoreEntry * entry, const char *name, acl_priority * head)
++{
++ acl_priority *l;
++ for (l = head; l; l = l->next) {
++ if (l->priority > 0)
++ storeAppendPrintf(entry, "%s %04X:%04X", name,
++ l->priority >> 16, l->priority & 0xFFFF);
++ else
++ storeAppendPrintf(entry, "%s none", name);
++ dump_acl_list(entry, l->acl_list);
++ storeAppendPrintf(entry, "\n");
++ }
++}
++
++static void
++freed_acl_priority(void *data)
++{
++ acl_priority *l = data;
++ aclDestroyAclList(&l->acl_list);
++}
++
++static void
++parse_acl_priority(acl_priority ** head)
++{
++ acl_priority *l;
++ acl_priority **tail = head; /* sane name below */
++ unsigned long priority, t1, t2;
++ char junk;
++ char *token = strtok(NULL, w_space);
++ if (!token)
++ self_destruct();
++ if (sscanf(token, "%x:%x%c", &t1, &t2, &junk) != 2)
++ self_destruct();
++ if (t1 < 0 || t1 > 0xFFFF || t2 < 0 || t2 > 0xFFFF)
++ self_destruct();
++ priority = t1 << 16 | t2;
++ CBDATA_INIT_TYPE_FREECB(acl_priority, freed_acl_priority);
++ l = cbdataAlloc(acl_priority);
++ l->priority = priority;
++ aclParseAclList(&l->acl_list);
++ while (*tail)
++ tail = &(*tail)->next;
++ *tail = l;
++}
++
++static void
++free_acl_priority(acl_priority ** head)
++{
++ while (*head) {
++ acl_priority *l = *head;
++ *head = l->next;
++ l->next = NULL;
++ cbdataFree(l);
++ }
++}
++
+ #if DELAY_POOLS
+
+ /* do nothing - free_delay_pool_count is the magic free function.
+diff -Nru squid-2.6.STABLE18.orig/src/cf.data.depend squid-2.6.STABLE18/src/cf.data.depend
+--- squid-2.6.STABLE18.orig/src/cf.data.depend 2007-09-06 00:50:15.000000000 +0300
++++ squid-2.6.STABLE18/src/cf.data.depend 2008-01-10 22:33:54.000000000 +0200
+@@ -5,6 +5,7 @@
+ acl_address acl
+ acl_b_size_t acl
+ acl_tos acl
++acl_priority acl
+ address
+ authparam
+ b_int64_t
+diff -Nru squid-2.6.STABLE18.orig/src/cf.data.pre squid-2.6.STABLE18/src/cf.data.pre
+--- squid-2.6.STABLE18.orig/src/cf.data.pre 2008-01-10 22:33:35.000000000 +0200
++++ squid-2.6.STABLE18/src/cf.data.pre 2008-01-10 22:33:54.000000000 +0200
+@@ -1239,6 +1239,27 @@
+ Default: 255 (TOS from server is not changed).
+ DOC_END
+
++NAME: tcp_outgoing_priority
++TYPE: acl_priority
++DEFAULT: none
++LOC: Config.accessList.outgoing_priority
++DOC_START
++ Allows you to select the priority of the outgoing connection,
++ based on the username or source address making the request. The
++ priority can be used by Linux QoS Qdiscs for classification.
++
++ tcp_outgoing_priority priority [!]aclname ...
++
++ Example where requests from special_service_net are assigned
++ priority 10:100
++
++ acl special_service_net src 10.0.0.0/255.255.255.0
++ tcp_outgoing_priority 10:100 special_service_net
++
++ Processing proceeds in the order specified, and stops at first fully
++ matching line.
++DOC_END
++
+ NAME: tcp_outgoing_address
+ TYPE: acl_address
+ DEFAULT: none
+diff -Nru squid-2.6.STABLE18.orig/src/comm.c squid-2.6.STABLE18/src/comm.c
+--- squid-2.6.STABLE18.orig/src/comm.c 2007-04-17 12:39:56.000000000 +0300
++++ squid-2.6.STABLE18/src/comm.c 2008-01-10 22:33:54.000000000 +0200
+@@ -162,7 +162,7 @@
+ int flags,
+ const char *note)
+ {
+- return comm_openex(sock_type, proto, addr, port, flags, 0, note);
++ return comm_openex(sock_type, proto, addr, port, flags, 0, 0, note);
+ }
+
+
+@@ -175,10 +175,12 @@
+ u_short port,
+ int flags,
+ unsigned char TOS,
++ unsigned long PRIORITY,
+ const char *note)
+ {
+ int new_socket;
+ int tos = 0;
++ unsigned long priority = 0;
+ fde *F = NULL;
+
+ /* Create socket for accepting new connections. */
+@@ -209,12 +211,25 @@
+ debug(5, 0) ("comm_open: setsockopt(IP_TOS) not supported on this platform\n");
+ #endif
+ }
++ if (PRIORITY) {
++#ifdef SO_PRIORITY
++ priority = PRIORITY;
++ enter_suid();
++ if (setsockopt(new_socket, SOL_SOCKET, SO_PRIORITY, (char *) &priority, sizeof(unsigned long)) < 0)
++ debug(50, 1) ("comm_open: setsockopt(SO_PRIORITY) on FD %d: %s\n",
++ new_socket, xstrerror());
++ leave_suid();
++#else
++ debug(50, 0) ("comm_open: setsockopt(SO_PRIORITY) not supported on this platform\n");
++#endif
++ }
+ /* update fdstat */
+ debug(5, 5) ("comm_open: FD %d is a new socket\n", new_socket);
+ fd_open(new_socket, FD_SOCKET, note);
+ F = &fd_table[new_socket];
+ F->local_addr = addr;
+ F->tos = tos;
++ F->priority = priority;
+ if (!(flags & COMM_NOCLOEXEC))
+ commSetCloseOnExec(new_socket);
+ if ((flags & COMM_REUSEADDR))
+@@ -382,6 +397,15 @@
+ debug(5, 1) ("commResetFD: setsockopt(IP_TOS) on FD %d: %s\n", cs->fd, xstrerror());
+ }
+ #endif
++#ifdef SO_PRIORITY
++ if (F->priority) {
++ unsigned long priority = F->priority;
++ enter_suid();
++ if (setsockopt(cs->fd, SOL_SOCKET, SO_PRIORITY, (char *)&priority, sizeof(unsigned long)) < 0)
++ debug(50, 1) ("commResetFD: setsockopt(SO_PRIORITY) on FD %d: %s\n", cs->fd, xstrerror());
++ leave_suid();
++ }
++#endif
+ if (F->flags.close_on_exec)
+ commSetCloseOnExec(cs->fd);
+ if (F->flags.nonblocking)
+diff -Nru squid-2.6.STABLE18.orig/src/forward.c squid-2.6.STABLE18/src/forward.c
+--- squid-2.6.STABLE18.orig/src/forward.c 2007-09-06 00:28:34.000000000 +0300
++++ squid-2.6.STABLE18/src/forward.c 2008-01-10 22:33:54.000000000 +0200
+@@ -418,6 +418,17 @@
+ return 0;
+ }
+
++static unsigned long
++aclMapPriority(acl_priority * head, aclCheck_t * ch)
++{
++ acl_priority *l;
++ for (l = head; l; l = l->next) {
++ if (aclMatchAclList(l->acl_list, ch))
++ return l->priority;
++ }
++ return 0;
++}
++
+ struct in_addr
+ getOutgoingAddr(request_t * request)
+ {
+@@ -446,6 +457,20 @@
+ return aclMapTOS(Config.accessList.outgoing_tos, &ch);
+ }
+
++unsigned long
++getOutgoingPriority(request_t * request)
++{
++ aclCheck_t ch;
++ memset(&ch, '\0', sizeof(aclCheck_t));
++ if (request) {
++ ch.src_addr = request->client_addr;
++ ch.my_addr = request->my_addr;
++ ch.my_port = request->my_port;
++ ch.request = request;
++ }
++ return aclMapPriority(Config.accessList.outgoing_priority, &ch);
++}
++
+ static void
+ fwdConnectStart(void *data)
+ {
+@@ -462,6 +487,7 @@
+ int ftimeout = Config.Timeout.forward - (squid_curtime - fwdState->start);
+ struct in_addr outgoing;
+ unsigned short tos;
++ unsigned long priority;
+ #if LINUX_TPROXY
+ struct in_tproxy itp;
+ #endif
+@@ -547,15 +573,17 @@
+ #endif
+ outgoing = getOutgoingAddr(fwdState->request);
+ tos = getOutgoingTOS(fwdState->request);
++ priority = getOutgoingPriority(fwdState->request);
+
+- debug(17, 3) ("fwdConnectStart: got addr %s, tos %d\n",
+- inet_ntoa(outgoing), tos);
++ debug(17, 3) ("fwdConnectStart: got addr %s, tos %d, priority %lu\n",
++ inet_ntoa(outgoing), tos, priority);
+ fd = comm_openex(SOCK_STREAM,
+ IPPROTO_TCP,
+ outgoing,
+ 0,
+ COMM_NONBLOCKING,
+ tos,
++ priority,
+ url);
+ if (fd < 0) {
+ debug(50, 4) ("fwdConnectStart: %s\n", xstrerror());
+diff -Nru squid-2.6.STABLE18.orig/src/protos.h squid-2.6.STABLE18/src/protos.h
+--- squid-2.6.STABLE18.orig/src/protos.h 2007-07-15 12:52:17.000000000 +0300
++++ squid-2.6.STABLE18/src/protos.h 2008-01-10 22:33:54.000000000 +0200
+@@ -160,7 +160,7 @@
+ extern void comm_init(void);
+ extern int comm_listen(int sock);
+ extern int comm_open(int, int, struct in_addr, u_short port, int, const char *note);
+-extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, const char *);
++extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, unsigned long PRIORITY, const char *);
+ extern u_short comm_local_port(int fd);
+
+ extern void commDeferFD(int fd);
+@@ -735,6 +735,7 @@
+ #endif
+ struct in_addr getOutgoingAddr(request_t * request);
+ unsigned long getOutgoingTOS(request_t * request);
++unsigned long getOutgoingPriority(request_t * request);
+
+ extern void urnStart(request_t *, StoreEntry *);
+
+diff -Nru squid-2.6.STABLE18.orig/src/ssl.c squid-2.6.STABLE18/src/ssl.c
+--- squid-2.6.STABLE18.orig/src/ssl.c 2007-02-03 23:53:38.000000000 +0200
++++ squid-2.6.STABLE18/src/ssl.c 2008-01-10 22:33:54.000000000 +0200
+@@ -524,6 +524,7 @@
+ 0,
+ COMM_NONBLOCKING,
+ getOutgoingTOS(request),
+++ getOutgoingPriority(request),
+ url);
+ if (sock == COMM_ERROR) {
+ debug(26, 4) ("sslStart: Failed because we're out of sockets.\n");
+diff -Nru squid-2.6.STABLE18.orig/src/structs.h squid-2.6.STABLE18/src/structs.h
+--- squid-2.6.STABLE18.orig/src/structs.h 2008-01-10 22:33:35.000000000 +0200
++++ squid-2.6.STABLE18/src/structs.h 2008-01-10 22:33:54.000000000 +0200
+@@ -296,6 +296,12 @@
+ int tos;
+ };
+
++struct _acl_priority {
++ acl_priority *next;
++ acl_list *acl_list;
++ unsigned long priority;
++};
++
+ struct _aclCheck_t {
+ const acl_access *access_list;
+ struct in_addr src_addr;
+@@ -705,6 +711,7 @@
+ acl_access *reply;
+ acl_address *outgoing_address;
+ acl_tos *outgoing_tos;
++ acl_priority *outgoing_priority;
+ #if USE_HTCP
+ acl_access *htcp;
+ acl_access *htcp_clr;
+@@ -876,6 +883,7 @@
+ u_short remote_port;
+ struct in_addr local_addr;
+ unsigned char tos;
++ unsigned long priority;
+ char ipaddr[16]; /* dotted decimal address of peer */
+ char desc[FD_DESC_SZ];
+ struct {
+diff -Nru squid-2.6.STABLE18.orig/src/typedefs.h squid-2.6.STABLE18/src/typedefs.h
+--- squid-2.6.STABLE18.orig/src/typedefs.h 2006-09-02 17:08:42.000000000 +0300
++++ squid-2.6.STABLE18/src/typedefs.h 2008-01-10 22:33:54.000000000 +0200
+@@ -102,6 +102,7 @@
+ typedef struct _acl_access acl_access;
+ typedef struct _acl_address acl_address;
+ typedef struct _acl_tos acl_tos;
++typedef struct _acl_priority acl_priority;
+ typedef struct _aclCheck_t aclCheck_t;
+ typedef struct _wordlist wordlist;
+ typedef struct _intlist intlist;
diff --git a/net-proxy/squid/squid-2.6.18.ebuild b/net-proxy/squid/squid-2.6.18.ebuild
new file mode 100644
index 000000000000..34ece6b43b49
--- /dev/null
+++ b/net-proxy/squid/squid-2.6.18.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.6.18.ebuild,v 1.1 2008/01/10 20:46:09 mrness Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+
+inherit eutils pam toolchain-funcs flag-o-matic autotools linux-info
+
+#lame archive versioning scheme..
+S_PMV="${PV%%.*}"
+S_PV="${PV%.*}"
+S_PL="${PV##*.}"
+S_PL="${S_PL/_rc/-RC}"
+S_PP="${PN}-${S_PV}.STABLE${S_PL}"
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="pam ldap samba sasl nis ssl snmp selinux logrotate qos zero-penalty-hit \
+ pf-transparent ipf-transparent \
+ elibc_uclibc kernel_linux"
+
+DEPEND="pam? ( virtual/pam )
+ ldap? ( >=net-nds/openldap-2.3.35 )
+ ssl? ( >=dev-libs/openssl-0.9.8d )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.22 )
+ selinux? ( sec-policy/selinux-squid )
+ !x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+ >=sys-libs/db-4
+ dev-lang/perl"
+RDEPEND="${DEPEND}
+ samba? ( net-fs/samba )"
+
+S="${WORKDIR}/${S_PP}"
+
+pkg_setup() {
+ enewgroup squid 31
+ enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_unpack() {
+ unpack ${A} || die "unpack failed"
+ cd "${S}" || die "dir ${S} not found"
+
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ use zero-penalty-hit && epatch "${FILESDIR}"/${P}-ToS_Hit_ToS_Preserve.patch
+ use qos && epatch "${FILESDIR}"/${P}-qos.patch
+
+ sed -i -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in
+
+ # disable lazy bindings on (some at least) suided basic auth programs
+ sed -i -e '$aAM_LDFLAGS = '$(bindnow-flags) \
+ helpers/basic_auth/*/Makefile.am
+
+ eautoreconf
+}
+
+src_compile() {
+ local basic_modules="getpwnam,NCSA,MSNT"
+ use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}"
+ use ldap && basic_modules="LDAP,${basic_modules}"
+ use pam && basic_modules="PAM,${basic_modules}"
+ use sasl && basic_modules="SASL,${basic_modules}"
+ use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}"
+
+ local ext_helpers="ip_user,session,unix_group"
+ use samba && ext_helpers="wbinfo_group,${ext_helpers}"
+ use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+ local ntlm_helpers="fakeauth"
+ use samba && ntlm_helpers="SMB,${ntlm_helpers}"
+
+ local myconf=""
+
+ # Support for uclibc #61175
+ if use elibc_uclibc; then
+ myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null"
+ myconf="${myconf} --disable-async-io"
+ else
+ myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null"
+ myconf="${myconf} --enable-async-io"
+ fi
+
+ if use kernel_linux; then
+ myconf="${myconf} --enable-linux-netfilter"
+ if kernel_is ge 2 6 && linux_chkconfig_present EPOLL ; then
+ myconf="${myconf} --enable-epoll"
+ fi
+ elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+ myconf="${myconf} --enable-kqueue"
+ if use pf-transparent; then
+ myconf="${myconf} --enable-pf-transparent"
+ elif use ipf-transparent; then
+ myconf="${myconf} --enable-ipf-transparent"
+ fi
+ fi
+
+ export CC=$(tc-getCC)
+
+ econf \
+ --sysconfdir=/etc/squid \
+ --libexecdir=/usr/libexec/squid \
+ --localstatedir=/var \
+ --datadir=/usr/share/squid \
+ --enable-auth="basic,digest,ntlm" \
+ --enable-removal-policies="lru,heap" \
+ --enable-digest-auth-helpers="password" \
+ --enable-basic-auth-helpers="${basic_modules}" \
+ --enable-external-acl-helpers="${ext_helpers}" \
+ --enable-ntlm-auth-helpers="${ntlm_helpers}" \
+ --enable-ident-lookups \
+ --enable-useragent-log \
+ --enable-cache-digests \
+ --enable-delay-pools \
+ --enable-referer-log \
+ --enable-arp-acl \
+ --with-pthreads \
+ --with-large-files \
+ --enable-htcp \
+ --enable-carp \
+ --enable-follow-x-forwarded-for \
+ --with-maxfd=8192 \
+ $(use_enable snmp) \
+ $(use_enable ssl) \
+ ${myconf} || die "econf failed"
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ make DESTDIR="${D}" install || die "make install failed"
+
+ # need suid root for looking into /etc/shadow
+ fowners root:squid /usr/libexec/squid/ncsa_auth
+ fowners root:squid /usr/libexec/squid/pam_auth
+ fperms 4750 /usr/libexec/squid/ncsa_auth
+ fperms 4750 /usr/libexec/squid/pam_auth
+
+ # some cleanups
+ rm -f "${D}"/usr/bin/Run*
+
+ dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \
+ helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+ newdoc helpers/basic_auth/SMB/README README.auth_smb
+ dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+ newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+ doman helpers/basic_auth/LDAP/*.8
+ dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+ newpamd "${FILESDIR}/squid.pam" squid
+ newconfd "${FILESDIR}/squid.confd" squid
+ if use logrotate; then
+ newinitd "${FILESDIR}/squid.initd-logrotate" squid
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/squid.logrotate" squid
+ else
+ newinitd "${FILESDIR}/squid.initd" squid
+ exeinto /etc/cron.weekly
+ newexe "${FILESDIR}/squid.cron" squid.cron
+ fi
+
+ rm -rf "${D}"/var
+ diropts -m0755 -o squid -g squid
+ keepdir /var/cache/squid /var/log/squid
+}
+
+pkg_postinst() {
+ echo
+ ewarn "Squid authentication helpers have been installed suid root."
+ ewarn "This allows shadow based authentication (see bug #52977 for more)."
+ echo
+ ewarn "Be careful what type of cache_dir you select!"
+ ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow"
+ ewarn "when there isn't sufficient traffic to keep squid reasonably busy."
+ ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'."
+ echo
+ ewarn "Squid can be configured to run in transparent mode like this:"
+ ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}"
+}