src/comm/Connection.h

   1 /*
   2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 05    Socket Functions */
  10
  11 #ifndef _SQUIDCONNECTIONDETAIL_H_
  12 #define _SQUIDCONNECTIONDETAIL_H_
  13
  14 #include "base/CodeContext.h"
  15 #include "base/InstanceId.h"
  16 #include "comm/forward.h"
  17 #include "defines.h"
  18 #if USE_SQUID_EUI
  19 #include "eui/Eui48.h"
  20 #include "eui/Eui64.h"
  21 #endif
  22 #include "hier_code.h"
  23 #include "ip/Address.h"
  24 #include "ip/forward.h"
  25 #include "mem/forward.h"
  26 #include "SquidTime.h"
  27
  28 #include <iosfwd>
  29 #include <ostream>
  30
  31 class CachePeer;
  32
  33 namespace Security
  34 {
  35 class NegotiationHistory;
  36 };
  37
  38 namespace Comm
  39 {
  40
  41 /* TODO: make these a struct of boolean flags members in the connection instead of a bitmap.
  42  * we can't do that until all non-comm code uses Commm::Connection objects to create FD
  43  * currently there is code still using comm_open() and comm_openex() synchronously!!
  44  */
  45 #define COMM_UNSET              0x00
  46 #define COMM_NONBLOCKING        0x01  // default flag.
  47 #define COMM_NOCLOEXEC          0x02
  48 #define COMM_REUSEADDR          0x04  // shared FD may be both accept()ing and read()ing
  49 #define COMM_DOBIND             0x08  // requires a bind()
  50 #define COMM_TRANSPARENT        0x10  // arrived via TPROXY
  51 #define COMM_INTERCEPTION       0x20  // arrived via NAT
  52 #define COMM_REUSEPORT          0x40 //< needs SO_REUSEPORT
  53 /// not registered with Comm and not owned by any connection-closing code
  54 #define COMM_ORPHANED           0x40
  55
  56 /**
  57  * Store data about the physical and logical attributes of a connection.
  58  *
  59  * Some link state can be inferred from the data, however this is not an
  60  * object for state data. But a semantic equivalent for FD with easily
  61  * accessible cached properties not requiring repeated complex lookups.
  62  *
  63  * Connection properties may be changed until the connection is opened.
  64  * Properties should be considered read-only outside of the Comm layer
  65  * code once the connection is open.
  66  *
  67  * These objects should not be passed around directly,
  68  * but a Comm::ConnectionPointer should be passed instead.
  69  */
  70 class Connection: public CodeContext
  71 {
  72     MEMPROXY_CLASS(Comm::Connection);
  73
  74 public:
  75     Connection();
  76
  77     /** Clear the connection properties and close any open socket. */
  78     virtual ~Connection();
  79
  80     /// Create a new (closed) IDENT Connection object based on our from-Squid
  81     /// connection properties.
  82     ConnectionPointer cloneIdentDetails() const;
  83
  84     /// Create a new (closed) Connection object pointing to the same destination
  85     /// as this from-Squid connection.
  86     ConnectionPointer cloneDestinationDetails() const;
  87
  88     /// close the still-open connection when its last reference is gone
  89     void enterOrphanage() { flags |= COMM_ORPHANED; }
  90     /// resume relying on owner(s) to initiate an explicit connection closure
  91     void leaveOrphanage() { flags &= ~COMM_ORPHANED; }
  92
  93     /** Close any open socket. */
  94     void close();
  95
  96     /** Synchronize with Comm: Somebody closed our connection. */
  97     void noteClosure();
  98
  99     /** determine whether this object describes an active connection or not. */
 100     bool isOpen() const { return (fd >= 0); }
 101
 102     /** Alter the stored IP address pair.
 103      * WARNING: Does not ensure matching IPv4/IPv6 are supplied.
 104      */
 105     void setAddrs(const Ip::Address &aLocal, const Ip::Address &aRemote) {local = aLocal; remote = aRemote;}
 106
 107     /** retrieve the CachePeer pointer for use.
 108      * The caller is responsible for all CBDATA operations regarding the
 109      * used of the pointer returned.
 110      */
 111     CachePeer * getPeer() const;
 112
 113     /** alter the stored CachePeer pointer.
 114      * Perform appropriate CBDATA operations for locking the CachePeer pointer
 115      */
 116     void setPeer(CachePeer * p);
 117
 118     /** The time the connection started */
 119     time_t startTime() const {return startTime_;}
 120
 121     /** The connection lifetime */
 122     time_t lifeTime() const {return squid_curtime - startTime_;}
 123
 124     /** The time left for this connection*/
 125     time_t timeLeft(const time_t idleTimeout) const;
 126
 127     /// Connection establishment timeout for callers that have already decided
 128     /// to connect(2), either for the first time or after checking
 129     /// EnoughTimeToReForward() during any re-forwarding attempts.
 130     /// \returns the time left for this connection to become connected
 131     /// \param fwdStart The start time of the peer selection/connection process.
 132     time_t connectTimeout(const time_t fwdStart) const;
 133
 134     void noteStart() {startTime_ = squid_curtime;}
 135
 136     Security::NegotiationHistory *tlsNegotiations();
 137     const Security::NegotiationHistory *hasTlsNegotiations() const {return tlsHistory;}
 138
 139     /* CodeContext API */
 140     virtual ScopedId codeContextGist() const override;
 141     virtual std::ostream &detailCodeContext(std::ostream &os) const override;
 142
 143 private:
 144     /** These objects may not be exactly duplicated. Use cloneIdentDetails() or
 145      * cloneDestinationDetails() instead.
 146      */
 147     Connection(const Connection &c);
 148
 149     /** These objects may not be exactly duplicated. Use cloneIdentDetails() or
 150      * cloneDestinationDetails() instead.
 151      */
 152     Connection & operator =(const Connection &c);
 153
 154 public:
 155     /** Address/Port for the Squid end of a TCP link. */
 156     Ip::Address local;
 157
 158     /** Address for the Remote end of a TCP link. */
 159     Ip::Address remote;
 160
 161     /** Hierarchy code for this connection link */
 162     hier_code peerType;
 163
 164     /** Socket used by this connection. Negative if not open. */
 165     int fd;
 166
 167     /** Quality of Service TOS values currently sent on this connection */
 168     tos_t tos;
 169
 170     /** Netfilter MARK values currently sent on this connection
 171      * In case of FTP, the MARK will be sent on data connections as well.
 172      */
 173     nfmark_t nfmark;
 174
 175     /** Netfilter CONNMARK value previously retrieved from this connection
 176      * In case of FTP, the CONNMARK will NOT be applied to data connections, for one main reason:
 177      * the CONNMARK could be set by a third party like iptables and overwriting it in squid may
 178      * cause side effects and break CONNMARK-based policy. In other words, data connection is
 179      * related to control connection, but it's not the same.
 180      */
 181     nfmark_t nfConnmark = 0;
 182
 183     /** COMM flags set on this connection */
 184     int flags;
 185
 186     char rfc931[USER_IDENT_SZ];
 187
 188 #if USE_SQUID_EUI
 189     Eui::Eui48 remoteEui48;
 190     Eui::Eui64 remoteEui64;
 191 #endif
 192
 193     InstanceId<Connection, uint64_t> id;
 194
 195 private:
 196     /** cache_peer data object (if any) */
 197     CachePeer *peer_;
 198
 199     /** The time the connection object was created */
 200     time_t startTime_;
 201
 202     /** TLS connection details*/
 203     Security::NegotiationHistory *tlsHistory;
 204 };
 205
 206 }; // namespace Comm
 207
 208 std::ostream &operator << (std::ostream &os, const Comm::Connection &conn);
 209
 210 inline std::ostream &
 211 operator << (std::ostream &os, const Comm::ConnectionPointer &conn)
 212 {
 213     if (conn != NULL)
 214         os << *conn;
 215     return os;
 216 }
 217
 218 #endif
 219