[thirdparty/squid.git] / src / anyp / PortCfg.h

#ifndef SQUID_ANYP_PORTCFG_H
#define SQUID_ANYP_PORTCFG_H

#include "anyp/TrafficMode.h"
#include "cbdata.h"
#include "comm/Connection.h"

#if USE_SSL
#include "ssl/gadgets.h"
#endif

namespace AnyP
{

class PortCfg
{
public:
    PortCfg(const char *aProtocol);
    ~PortCfg();
    AnyP::PortCfg *clone() const;
#if USE_SSL
    /// creates, configures, and validates SSL context and related port options
    void configureSslServerContext();
#endif

    PortCfg *next;

    Ip::Address s;
    char *protocol;            /* protocol name */
    char *name;                /* visible name */
    char *defaultsite;         /* default web site */

    TrafficMode flags;  ///< flags indicating what type of traffic to expect via this port.

    bool allow_direct;       ///< Allow direct forwarding in accelerator mode
    bool vhost;              ///< uses host header
    bool actAsOrigin;        ///< update replies to conform with RFC 2616
    bool ignore_cc;          ///< Ignore request Cache-Control directives

    bool connection_auth_disabled; ///< Don't support connection oriented auth

    int vport;               ///< virtual port support. -1 if dynamic, >0 static
    int disable_pmtu_discovery;

    struct {
        unsigned int idle;
        unsigned int interval;
        unsigned int timeout;
        bool enabled;
    } tcp_keepalive;

    /**
     * The listening socket details.
     * If Comm::ConnIsOpen() we are actively listening for client requests.
     * use listenConn->close() to stop.
     */
    Comm::ConnectionPointer listenConn;

#if USE_SSL
    char *cert;
    char *key;
    int version;
    char *cipher;
    char *options;
    char *clientca;
    char *cafile;
    char *capath;
    char *crlfile;
    char *dhfile;
    char *sslflags;
    char *sslContextSessionId; ///< "session id context" for staticSslContext
    bool generateHostCertificates; ///< dynamically make host cert for sslBump
    size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache

    Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump
    Ssl::X509_Pointer signingCert; ///< x509 certificate for signing generated certificates
    Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates
    Ssl::X509_STACK_Pointer certsToChain; ///<  x509 certificates to send with the generated cert
    Ssl::X509_Pointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates
    Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates

    Ssl::X509_CRL_STACK_Pointer clientVerifyCrls; ///< additional CRL lists to use when verifying the client certificate
    Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
    Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
    Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates
    long sslContextFlags; ///< flags modifying the use of SSL
    long sslOptions; ///< SSL engine options
#endif

    CBDATA_CLASS2(PortCfg); // namespaced
};

} // namespace AnyP

// Max number of TCP listening ports
#define MAXTCPLISTENPORTS 128

// TODO: kill this global array. Need to check performance of array vs list though.
extern int NHttpSockets;
extern int HttpSockets[MAXTCPLISTENPORTS];

#endif /* SQUID_ANYP_PORTCFG_H */
Commit	Line	Data
65d448bc AJ	1	#ifndef SQUID_ANYP_PORTCFG_H
65d448bc AJ	2	#define SQUID_ANYP_PORTCFG_H
1b26be8f	3
6a25a046	4	#include "anyp/TrafficMode.h"
1b26be8f	5	#include "cbdata.h"
00406b24	6	#include "comm/Connection.h"
1b26be8f	7
95d2589c CT	8	#if USE_SSL
	9	#include "ssl/gadgets.h"
	10	#endif
	11
65d448bc AJ	12	namespace AnyP
	13	{
	14
5fed1735 AJ	15	class PortCfg
	16	{
	17	public:
65d448bc AJ	18	PortCfg(const char *aProtocol);
	19	~PortCfg();
	20	AnyP::PortCfg *clone() const;
f4e4d4d6	21	#if USE_SSL
7a957a93	22	/// creates, configures, and validates SSL context and related port options
f4e4d4d6 CT	23	void configureSslServerContext();
f4e4d4d6 CT	24	#endif
1b26be8f	25
65d448bc	26	PortCfg *next;
1b26be8f	27
b7ac5457	28	Ip::Address s;
1b26be8f	29	char protocol; / protocol name */
	30	char name; / visible name */
	31	char defaultsite; / default web site */
	32
6a25a046 FC	33	TrafficMode flags; ///< flags indicating what type of traffic to expect via this port.
6a25a046 FC	34
86ab7a90 FC	35	bool allow_direct; ///< Allow direct forwarding in accelerator mode
	36	bool vhost; ///< uses host header
	37	bool actAsOrigin; ///< update replies to conform with RFC 2616
	38	bool ignore_cc; ///< Ignore request Cache-Control directives
1b26be8f	39
86ab7a90 FC	40	bool connection_auth_disabled; ///< Don't support connection oriented auth
	41
	42	int vport; ///< virtual port support. -1 if dynamic, >0 static
1b26be8f	43	int disable_pmtu_discovery;
f1e0717c	44
1b26be8f	45	struct {
26ac0430 AJ	46	unsigned int idle;
	47	unsigned int interval;
	48	unsigned int timeout;
86ab7a90	49	bool enabled;
1b26be8f	50	} tcp_keepalive;
1b26be8f	51
04f55905	52	/**
8bbb16e3 AJ	53	* The listening socket details.
	54	* If Comm::ConnIsOpen() we are actively listening for client requests.
	55	* use listenConn->close() to stop.
04f55905	56	*/
8bbb16e3	57	Comm::ConnectionPointer listenConn;
04f55905	58
1b26be8f	59	#if USE_SSL
1b26be8f	60	char *cert;
	61	char *key;
	62	int version;
	63	char *cipher;
	64	char *options;
	65	char *clientca;
	66	char *cafile;
	67	char *capath;
	68	char *crlfile;
	69	char *dhfile;
	70	char *sslflags;
95d2589c CT	71	char *sslContextSessionId; ///< "session id context" for staticSslContext
	72	bool generateHostCertificates; ///< dynamically make host cert for sslBump
	73	size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache
	74
	75	Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump
	76	Ssl::X509_Pointer signingCert; ///< x509 certificate for signing generated certificates
	77	Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates
a594dbfa	78	Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert
95588170 CT	79	Ssl::X509_Pointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates
95588170 CT	80	Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates
86660d64 CT	81
	82	Ssl::X509_CRL_STACK_Pointer clientVerifyCrls; ///< additional CRL lists to use when verifying the client certificate
	83	Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
	84	Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
	85	Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates
	86	long sslContextFlags; ///< flags modifying the use of SSL
	87	long sslOptions; ///< SSL engine options
1b26be8f	88	#endif
1b26be8f	89
65d448bc	90	CBDATA_CLASS2(PortCfg); // namespaced
1b26be8f	91	};
1b26be8f	92
65d448bc AJ	93	} // namespace AnyP
	94
	95	// Max number of TCP listening ports
	96	#define MAXTCPLISTENPORTS 128
	97
	98	// TODO: kill this global array. Need to check performance of array vs list though.
	99	extern int NHttpSockets;
	100	extern int HttpSockets[MAXTCPLISTENPORTS];
	101
	102	#endif /* SQUID_ANYP_PORTCFG_H */