[thirdparty/squid.git] / src / anyp / PortCfg.h

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_ANYP_PORTCFG_H
#define SQUID_ANYP_PORTCFG_H

#include "anyp/forward.h"
#include "anyp/ProtocolVersion.h"
#include "anyp/TrafficMode.h"
#include "comm/Connection.h"
#include "sbuf/SBuf.h"
#include "security/ServerOptions.h"

#if USE_OPENSSL
#include "ssl/gadgets.h"
#endif

namespace AnyP
{

class PortCfg : public RefCountable
{
public:
    PortCfg();
    ~PortCfg();
    AnyP::PortCfgPointer clone() const;
#if USE_OPENSSL
    /// creates, configures, and validates SSL context and related port options
    void configureSslServerContext();
#endif

    PortCfgPointer next;

    Ip::Address s;
    AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port
    char *name;                /* visible name */
    char *defaultsite;         /* default web site */

    TrafficMode flags;  ///< flags indicating what type of traffic to expect via this port.

    bool allow_direct;       ///< Allow direct forwarding in accelerator mode
    bool vhost;              ///< uses host header
    bool actAsOrigin;        ///< update replies to conform with RFC 2616
    bool ignore_cc;          ///< Ignore request Cache-Control directives

    bool connection_auth_disabled; ///< Don't support connection oriented auth

    bool ftp_track_dirs; ///< whether transactions should track FTP directories

    int vport;               ///< virtual port support. -1 if dynamic, >0 static
    int disable_pmtu_discovery;

    struct {
        unsigned int idle;
        unsigned int interval;
        unsigned int timeout;
        bool enabled;
    } tcp_keepalive;

    /**
     * The listening socket details.
     * If Comm::ConnIsOpen() we are actively listening for client requests.
     * use listenConn->close() to stop.
     */
    Comm::ConnectionPointer listenConn;

    /// TLS configuration options for this listening port
    Security::ServerOptions secure;

#if USE_OPENSSL
    char *clientca;
    char *sslContextSessionId; ///< "session id context" for secure.staticSslContext
    bool generateHostCertificates; ///< dynamically make host cert for sslBump
    size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache

    Security::CertPointer signingCert; ///< x509 certificate for signing generated certificates
    Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates
    Ssl::X509_STACK_Pointer certsToChain; ///<  x509 certificates to send with the generated cert
    Security::CertPointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates
    Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates

    Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
#endif
};

} // namespace AnyP

/// list of Squid http(s)_port configured
extern AnyP::PortCfgPointer HttpPortList;

/// list of Squid ftp_port configured
extern AnyP::PortCfgPointer FtpPortList;

#if !defined(MAXTCPLISTENPORTS)
// Max number of TCP listening ports
#define MAXTCPLISTENPORTS 128
#endif

// TODO: kill this global array. Need to check performance of array vs list though.
extern int NHttpSockets;
extern int HttpSockets[MAXTCPLISTENPORTS];

#endif /* SQUID_ANYP_PORTCFG_H */
Commit	Line	Data
bbc27441	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
bbc27441 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
65d448bc AJ	9	#ifndef SQUID_ANYP_PORTCFG_H
65d448bc AJ	10	#define SQUID_ANYP_PORTCFG_H
1b26be8f	11
9082b58f	12	#include "anyp/forward.h"
eb6ac808	13	#include "anyp/ProtocolVersion.h"
6a25a046	14	#include "anyp/TrafficMode.h"
00406b24	15	#include "comm/Connection.h"
65e41a45	16	#include "sbuf/SBuf.h"
474f076e	17	#include "security/ServerOptions.h"
1b26be8f	18
cb4f4424	19	#if USE_OPENSSL
95d2589c CT	20	#include "ssl/gadgets.h"
	21	#endif
	22
65d448bc AJ	23	namespace AnyP
	24	{
	25
fa720bfb	26	class PortCfg : public RefCountable
5fed1735 AJ	27	{
5fed1735 AJ	28	public:
eb6ac808	29	PortCfg();
65d448bc	30	~PortCfg();
fa720bfb	31	AnyP::PortCfgPointer clone() const;
cb4f4424	32	#if USE_OPENSSL
7a957a93	33	/// creates, configures, and validates SSL context and related port options
f4e4d4d6 CT	34	void configureSslServerContext();
f4e4d4d6 CT	35	#endif
1b26be8f	36
fa720bfb	37	PortCfgPointer next;
1b26be8f	38
b7ac5457	39	Ip::Address s;
eb6ac808	40	AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port
1b26be8f	41	char name; / visible name */
	42	char defaultsite; / default web site */
	43
6a25a046 FC	44	TrafficMode flags; ///< flags indicating what type of traffic to expect via this port.
6a25a046 FC	45
86ab7a90 FC	46	bool allow_direct; ///< Allow direct forwarding in accelerator mode
	47	bool vhost; ///< uses host header
	48	bool actAsOrigin; ///< update replies to conform with RFC 2616
	49	bool ignore_cc; ///< Ignore request Cache-Control directives
1b26be8f	50
86ab7a90 FC	51	bool connection_auth_disabled; ///< Don't support connection oriented auth
86ab7a90 FC	52
e7ce227f AR	53	bool ftp_track_dirs; ///< whether transactions should track FTP directories
e7ce227f AR	54
86ab7a90	55	int vport; ///< virtual port support. -1 if dynamic, >0 static
1b26be8f	56	int disable_pmtu_discovery;
f1e0717c	57
1b26be8f	58	struct {
26ac0430 AJ	59	unsigned int idle;
	60	unsigned int interval;
	61	unsigned int timeout;
86ab7a90	62	bool enabled;
1b26be8f	63	} tcp_keepalive;
1b26be8f	64
04f55905	65	/**
8bbb16e3 AJ	66	* The listening socket details.
	67	* If Comm::ConnIsOpen() we are actively listening for client requests.
	68	* use listenConn->close() to stop.
04f55905	69	*/
8bbb16e3	70	Comm::ConnectionPointer listenConn;
04f55905	71
9a622f3e	72	/// TLS configuration options for this listening port
474f076e	73	Security::ServerOptions secure;
9a622f3e	74
cb4f4424	75	#if USE_OPENSSL
1b26be8f	76	char *clientca;
80b5995a	77	char *sslContextSessionId; ///< "session id context" for secure.staticSslContext
95d2589c CT	78	bool generateHostCertificates; ///< dynamically make host cert for sslBump
	79	size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache
	80
f97700a0	81	Security::CertPointer signingCert; ///< x509 certificate for signing generated certificates
95d2589c	82	Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates
a594dbfa	83	Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert
f97700a0	84	Security::CertPointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates
95588170	85	Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates
86660d64	86
86660d64	87	Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
1b26be8f	88	#endif
1b26be8f	89	};
1b26be8f	90
65d448bc AJ	91	} // namespace AnyP
65d448bc AJ	92
339e4d7a	93	/// list of Squid http(s)_port configured
fa720bfb AJ	94	extern AnyP::PortCfgPointer HttpPortList;
fa720bfb AJ	95
8ea0d847 AR	96	/// list of Squid ftp_port configured
	97	extern AnyP::PortCfgPointer FtpPortList;
	98
29fd5407	99	#if !defined(MAXTCPLISTENPORTS)
65d448bc AJ	100	// Max number of TCP listening ports
65d448bc AJ	101	#define MAXTCPLISTENPORTS 128
29fd5407	102	#endif
65d448bc AJ	103
	104	// TODO: kill this global array. Need to check performance of array vs list though.
	105	extern int NHttpSockets;
	106	extern int HttpSockets[MAXTCPLISTENPORTS];
	107
	108	#endif /* SQUID_ANYP_PORTCFG_H */
f53969cc	109