[thirdparty/squid.git] / src / RequestFlags.h

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 73    HTTP Request */

#ifndef SQUID_REQUESTFLAGS_H_
#define SQUID_REQUESTFLAGS_H_

/** request-related flags
 *
 * Contains both flags marking a request's current state,
 * and flags requesting some processing to be done at a later stage.
 * TODO: better distinguish the two cases.
 */
class RequestFlags
{
public:
    /** true if the response to this request may not be READ from cache */
    bool noCache = false;
    /** request is if-modified-since */
    bool ims = false;
    /** request is authenticated */
    bool auth = false;
    /** do not use keytabs for peer Kerberos authentication */
    bool auth_no_keytab = false;
    /** he response to the request may be stored in the cache */
    bool cachable = false;
    /** the request can be forwarded through the hierarchy */
    bool hierarchical = false;
    /** a loop was detected on this request */
    bool loopDetected = false;
    /** the connection can be kept alive */
    bool proxyKeepalive = false;
    /* this should be killed, also in httpstateflags */
    bool proxying = false;
    /** content has expired, need to refresh it */
    bool refresh = false;
    /** request was redirected by redirectors */
    bool redirected = false;
    /** the requested object needs to be validated. See client_side_reply.cc
     * for further information.
     */
    bool needValidation = false;
    /** whether we should fail if validation fails */
    bool failOnValidationError = false;
    /** reply is stale if it is a hit */
    bool staleIfHit = false;
    /** request to override no-cache directives
     *
     * always use noCacheHack() for reading.
     * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
     */
    bool nocacheHack = false;
    /** this request is accelerated (reverse-proxy) */
    bool accelerated = false;
    /** if set, ignore Cache-Control headers */
    bool ignoreCc = false;
    /** set for intercepted requests */
    bool intercepted = false;
    /** set if the Host: header passed verification */
    bool hostVerified = false;
    /// Set for requests handled by a "tproxy" port.
    bool interceptTproxy = false;
    /// The client IP address should be spoofed when connecting to the web server.
    /// This applies to TPROXY traffic that has not had spoofing disabled through
    /// the spoof_client_ip squid.conf ACL.
    bool spoofClientIp = false;
    /** set if the request is internal (\see ClientHttpRequest::flags.internal)*/
    bool internal = false;
    //XXX this is set in in clientBeginRequest, but never tested.
    /** set for internally-generated requests */
    bool internalClient = false;
    /** if set, request to try very hard to keep the connection alive */
    bool mustKeepalive = false;
    /** set if the rquest wants connection oriented auth */
    bool connectionAuth = false;
    /** set if connection oriented auth can not be supported */
    bool connectionAuthDisabled = false;
    // XXX This is set in clientCheckPinning but never tested
    /** Request wants connection oriented auth */
    bool connectionProxyAuth = false;
    /** set if the request was sent on a pinned connection */
    bool pinned = false;
    /** Authentication was already sent upstream (e.g. due tcp-level auth) */
    bool authSent = false;
    /** Deny direct forwarding unless overriden by always_direct
     * Used in accelerator mode */
    bool noDirect = false;
    /** Reply with chunked transfer encoding */
    bool chunkedReply = false;
    /** set if stream error has occured */
    bool streamError = false;
    /** internal ssl-bump request to get server cert */
    bool sslPeek = false;
    /** set if X-Forwarded-For checking is complete
     *
     * do not read directly; use doneFollowXff for reading
     */
    bool done_follow_x_forwarded_for = false;
    /** set for ssl-bumped requests */
    bool sslBumped = false;
    /// carries a representation of an FTP command [received on ftp_port]
    bool ftpNative = false;
    bool destinationIpLookedUp = false;
    /** request to reset the TCP stream */
    bool resetTcp = false;
    /** set if the request is ranged */
    bool isRanged = false;

    /// whether to forward via TunnelStateData (instead of FwdState)
    bool forceTunnel = false;

    /** clone the flags, resetting to default those which are not safe in
     *  a related (e.g. ICAP-adapted) request.
     */
    RequestFlags cloneAdaptationImmune() const;

    // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
    bool doneFollowXff() const {
        return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR;
    }

    // if USE_HTTP_VIOLATIONS is not set, never allow this
    bool noCacheHack() const {
        return USE_HTTP_VIOLATIONS && nocacheHack;
    }
};

#endif /* SQUID_REQUESTFLAGS_H_ */
Commit	Line	Data
f206b652	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
f206b652	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
f206b652 FC	7	*/
f206b652 FC	8
bbc27441 AJ	9	/* DEBUG: section 73 HTTP Request */
	10
	11	#ifndef SQUID_REQUESTFLAGS_H_
	12	#define SQUID_REQUESTFLAGS_H_
	13
450fe1cb FC	14	/** request-related flags
450fe1cb FC	15	*
bad9c5e4	16	* Contains both flags marking a request's current state,
450fe1cb FC	17	* and flags requesting some processing to be done at a later stage.
	18	* TODO: better distinguish the two cases.
	19	*/
1b2f0924 FC	20	class RequestFlags
1b2f0924 FC	21	{
f206b652	22	public:
450fe1cb	23	/** true if the response to this request may not be READ from cache */
bad9c5e4	24	bool noCache = false;
450fe1cb	25	/** request is if-modified-since */
bad9c5e4	26	bool ims = false;
450fe1cb	27	/** request is authenticated */
bad9c5e4	28	bool auth = false;
9825b398	29	/** do not use keytabs for peer Kerberos authentication */
bad9c5e4	30	bool auth_no_keytab = false;
450fe1cb	31	/** he response to the request may be stored in the cache */
bad9c5e4	32	bool cachable = false;
450fe1cb	33	/** the request can be forwarded through the hierarchy */
bad9c5e4	34	bool hierarchical = false;
450fe1cb	35	/** a loop was detected on this request */
bad9c5e4	36	bool loopDetected = false;
450fe1cb	37	/** the connection can be kept alive */
bad9c5e4	38	bool proxyKeepalive = false;
450fe1cb	39	/* this should be killed, also in httpstateflags */
bad9c5e4	40	bool proxying = false;
450fe1cb	41	/** content has expired, need to refresh it */
bad9c5e4	42	bool refresh = false;
450fe1cb	43	/** request was redirected by redirectors */
bad9c5e4	44	bool redirected = false;
450fe1cb FC	45	/** the requested object needs to be validated. See client_side_reply.cc
	46	* for further information.
	47	*/
bad9c5e4	48	bool needValidation = false;
450fe1cb	49	/** whether we should fail if validation fails */
bad9c5e4	50	bool failOnValidationError = false;
450fe1cb	51	/** reply is stale if it is a hit */
bad9c5e4	52	bool staleIfHit = false;
450fe1cb FC	53	/** request to override no-cache directives
	54	*
	55	* always use noCacheHack() for reading.
	56	* \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
	57	*/
bad9c5e4	58	bool nocacheHack = false;
450fe1cb	59	/** this request is accelerated (reverse-proxy) */
bad9c5e4	60	bool accelerated = false;
450fe1cb	61	/** if set, ignore Cache-Control headers */
bad9c5e4	62	bool ignoreCc = false;
450fe1cb	63	/** set for intercepted requests */
bad9c5e4	64	bool intercepted = false;
450fe1cb	65	/** set if the Host: header passed verification */
bad9c5e4	66	bool hostVerified = false;
0d901ef4	67	/// Set for requests handled by a "tproxy" port.
bad9c5e4	68	bool interceptTproxy = false;
0d901ef4 SH	69	/// The client IP address should be spoofed when connecting to the web server.
	70	/// This applies to TPROXY traffic that has not had spoofing disabled through
	71	/// the spoof_client_ip squid.conf ACL.
bad9c5e4	72	bool spoofClientIp = false;
450fe1cb	73	/** set if the request is internal (\see ClientHttpRequest::flags.internal)*/
bad9c5e4	74	bool internal = false;
450fe1cb	75	//XXX this is set in in clientBeginRequest, but never tested.
bad9c5e4 AJ	76	/** set for internally-generated requests */
bad9c5e4 AJ	77	bool internalClient = false;
450fe1cb	78	/** if set, request to try very hard to keep the connection alive */
bad9c5e4	79	bool mustKeepalive = false;
450fe1cb	80	/** set if the rquest wants connection oriented auth */
bad9c5e4	81	bool connectionAuth = false;
450fe1cb	82	/** set if connection oriented auth can not be supported */
bad9c5e4	83	bool connectionAuthDisabled = false;
450fe1cb	84	// XXX This is set in clientCheckPinning but never tested
bad9c5e4 AJ	85	/** Request wants connection oriented auth */
bad9c5e4 AJ	86	bool connectionProxyAuth = false;
450fe1cb	87	/** set if the request was sent on a pinned connection */
bad9c5e4	88	bool pinned = false;
450fe1cb	89	/** Authentication was already sent upstream (e.g. due tcp-level auth) */
bad9c5e4	90	bool authSent = false;
450fe1cb FC	91	/** Deny direct forwarding unless overriden by always_direct
450fe1cb FC	92	* Used in accelerator mode */
bad9c5e4	93	bool noDirect = false;
450fe1cb	94	/** Reply with chunked transfer encoding */
bad9c5e4	95	bool chunkedReply = false;
450fe1cb	96	/** set if stream error has occured */
bad9c5e4	97	bool streamError = false;
450fe1cb	98	/** internal ssl-bump request to get server cert */
bad9c5e4	99	bool sslPeek = false;
450fe1cb FC	100	/** set if X-Forwarded-For checking is complete
	101	*
	102	* do not read directly; use doneFollowXff for reading
823e6f98	103	*/
bad9c5e4	104	bool done_follow_x_forwarded_for = false;
450fe1cb	105	/** set for ssl-bumped requests */
bad9c5e4	106	bool sslBumped = false;
92ae4c86	107	/// carries a representation of an FTP command [received on ftp_port]
bad9c5e4 AJ	108	bool ftpNative = false;
bad9c5e4 AJ	109	bool destinationIpLookedUp = false;
450fe1cb	110	/** request to reset the TCP stream */
bad9c5e4	111	bool resetTcp = false;
450fe1cb	112	/** set if the request is ranged */
bad9c5e4	113	bool isRanged = false;
f1a1f20a	114
6b2b6cfe	115	/// whether to forward via TunnelStateData (instead of FwdState)
bad9c5e4	116	bool forceTunnel = false;
6b2b6cfe	117
450fe1cb FC	118	/** clone the flags, resetting to default those which are not safe in
	119	* a related (e.g. ICAP-adapted) request.
	120	*/
f1a1f20a FC	121	RequestFlags cloneAdaptationImmune() const;
	122
	123	// if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
	124	bool doneFollowXff() const {
	125	return done_follow_x_forwarded_for \|\| !FOLLOW_X_FORWARDED_FOR;
	126	}
450fe1cb FC	127
	128	// if USE_HTTP_VIOLATIONS is not set, never allow this
	129	bool noCacheHack() const {
	130	return USE_HTTP_VIOLATIONS && nocacheHack;
	131	}
f206b652 FC	132	};
	133
	134	#endif /* SQUID_REQUESTFLAGS_H_ */
f53969cc	135