[thirdparty/squid.git] / src / SquidConfig.h

/*
 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SQUIDCONFIG_H_
#define SQUID_SQUIDCONFIG_H_

#include "acl/forward.h"
#include "base/RefCount.h"
#include "base/YesNoNone.h"
#if USE_DELAY_POOLS
#include "ClientDelayConfig.h"
#include "DelayConfig.h"
#endif
#include "helper/ChildConfig.h"
#include "HttpHeaderTools.h"
#include "ip/Address.h"
#if USE_DELAY_POOLS
#include "MessageDelayPools.h"
#endif
#include "Notes.h"
#include "security/forward.h"
#include "SquidTime.h"
#if USE_OPENSSL
#include "ssl/support.h"
#endif
#include "store/Disk.h"
#include "store/forward.h"

#if USE_OPENSSL
class sslproxy_cert_sign;
class sslproxy_cert_adapt;
#endif

namespace Mgr
{
class ActionPasswordList;
} // namespace Mgr
class CachePeer;
class CustomLog;
class CpuAffinityMap;
class external_acl;
class HeaderManglers;
class RefreshPattern;
class RemovalPolicySettings;

namespace AnyP
{
class PortCfg;
}

namespace Store {
class DiskConfig {
public:
    DiskConfig() { assert(swapDirs == nullptr); }
    ~DiskConfig() { delete[] swapDirs; }

    RefCount<SwapDir> *swapDirs = nullptr;
    int n_allocated = 0;
    int n_configured = 0;
    /// number of disk processes required to support all cache_dirs
    int n_strands = 0;
};
#define INDEXSD(i) (Config.cacheSwap.swapDirs[i].getRaw())
}

/// the representation of the configuration. POD.
class SquidConfig
{
public:
    struct {
        /* These should be for the Store::Root instance.
        * this needs pluggable parsing to be done smoothly.
        */
        int highWaterMark;
        int lowWaterMark;
    } Swap;

    YesNoNone memShared; ///< whether the memory cache is shared among workers
    YesNoNone shmLocking; ///< shared_memory_locking
    size_t memMaxSize;

    struct {
        int64_t min;
        int pct;
        int64_t max;
    } quickAbort;
    int64_t readAheadGap;
    RemovalPolicySettings *replPolicy;
    RemovalPolicySettings *memPolicy;
#if USE_HTTP_VIOLATIONS
    time_t negativeTtl;
#endif
    time_t maxStale;
    time_t negativeDnsTtl;
    time_t positiveDnsTtl;
    time_t shutdownLifetime;
    time_t backgroundPingRate;
    time_t hopelessKidRevivalDelay; ///< hopeless_kid_revival_delay

    struct {
        time_t read;
        time_t write;
        time_t lifetime;
        time_t connect;
        time_t forward;
        time_t peer_connect;
        time_t request;
        time_t clientIdlePconn;
        time_t serverIdlePconn;
        time_t ftpClientIdle;
        time_t pconnLifetime; ///< pconn_lifetime in squid.conf
        time_t siteSelect;
        time_t deadPeer;
        time_t request_start_timeout;
        int icp_query;      /* msec */
        int icp_query_max;  /* msec */
        int icp_query_min;  /* msec */
        int mcast_icp_query;    /* msec */
        time_msec_t idns_retransmit;
        time_msec_t idns_query;
        time_t urlRewrite;
    } Timeout;
    size_t maxRequestHeaderSize;
    int64_t maxRequestBodySize;
    size_t maxRequestBufferSize;
    size_t maxReplyHeaderSize;
    AclSizeLimit *ReplyBodySize;

    struct {
        unsigned short icp;
#if USE_HTCP

        unsigned short htcp;
#endif
#if SQUID_SNMP

        unsigned short snmp;
#endif
    } Port;

#if SQUID_SNMP

    struct {
        char *configFile;
        char *agentInfo;
    } Snmp;
#endif
#if USE_WCCP

    struct {
        Ip::Address router;
        Ip::Address address;
        int version;
    } Wccp;
#endif
#if USE_WCCPv2

    struct {
        Ip::Address_list *router;
        Ip::Address address;
        int forwarding_method;
        int return_method;
        int assignment_method;
        int weight;
        int rebuildwait;
        void *info;
    } Wccp2;
#endif

    char *as_whois_server;

    struct {
        char *store;
        char *swap;
        CustomLog *accesslogs;
#if ICAP_CLIENT
        CustomLog *icaplogs;
#endif
        int rotateNumber;
    } Log;
    char *adminEmail;
    char *EmailFrom;
    char *EmailProgram;
    char *effectiveUser;
    char *visible_appname_string;
    char *effectiveGroup;

    struct {
        wordlist *redirect;
        wordlist *store_id;
#if USE_UNLINKD

        char *unlinkd;
#endif

        char *diskd;
#if USE_OPENSSL

        char *ssl_password;
#endif

    } Program;

    Helper::ChildConfig redirectChildren;
    Helper::ChildConfig storeIdChildren;

    struct {
        char *surrogate_id;
    } Accel;
    char *appendDomain;
    size_t appendDomainLen;
    char *pidFilename;
    char *netdbFilename;
    char *mimeTablePathname;
    char *etcHostsPath;
    char *visibleHostname;
    char *uniqueHostname;
    wordlist *hostnameAliases;
    char *errHtmlText;

    struct {
        char *host;
        char *file;
        time_t period;
        unsigned short port;
    } Announce;

    struct {

        Ip::Address udp_incoming;
        Ip::Address udp_outgoing;
#if SQUID_SNMP
        Ip::Address snmp_incoming;
        Ip::Address snmp_outgoing;
#endif
        /* FIXME INET6 : this should really be a CIDR value */
        Ip::Address client_netmask;
    } Addrs;
    size_t tcpRcvBufsz;
    size_t udpMaxHitObjsz;
    wordlist *mcast_group_list;
    CachePeer *peers;
    int npeers;

    struct {
        int size;
        int low;
        int high;
    } ipcache;

    struct {
        int size;
    } fqdncache;
    int minDirectHops;
    int minDirectRtt;
    Mgr::ActionPasswordList *passwd_list;

    struct {
        int objectsPerBucket;
        int64_t avgObjectSize;
        int64_t maxObjectSize;
        int64_t minObjectSize;
        size_t maxInMemObjSize;
    } Store;

    struct {
        int high;
        int low;
        time_t period;
    } Netdb;

    struct {
        int log_udp;
        int res_defnames;
        int anonymizer;
        int client_db;
        int query_icmp;
        int icp_hit_stale;
        int buffered_logs;
        int common_log;
        int log_mime_hdrs;
        int log_fqdn;
        int announce;
        int mem_pools;
        int test_reachability;
        int half_closed_clients;
        int refresh_all_ims;
#if USE_HTTP_VIOLATIONS

        int reload_into_ims;
#endif

        int offline;
        int redir_rewrites_host;
        int prefer_direct;
        int nonhierarchical_direct;
        int strip_query_terms;
        int redirector_bypass;
        int store_id_bypass;
        int ignore_unknown_nameservers;
        int client_pconns;
        int server_pconns;
        int error_pconns;
#if USE_CACHE_DIGESTS

        int digest_generation;
#endif

        int vary_ignore_expire;
        int surrogate_is_remote;
        int request_entities;
        int detect_broken_server_pconns;
        int relaxed_header_parser;
        int check_hostnames;
        int allow_underscore;
        int via;
        int cache_miss_revalidate;
        int emailErrData;
        int httpd_suppress_version_string;
        int global_internal_static;
        int collapsed_forwarding;

#if FOLLOW_X_FORWARDED_FOR
        int acl_uses_indirect_client;
        int delay_pool_uses_indirect_client;
        int log_uses_indirect_client;
#if LINUX_NETFILTER
        int tproxy_uses_indirect_client;
#endif
#endif /* FOLLOW_X_FORWARDED_FOR */

        int WIN32_IpAddrChangeMonitor;
        int memory_cache_first;
        int memory_cache_disk;
        int hostStrictVerify;
        int client_dst_passthru;
        int dns_mdns;
#if USE_OPENSSL
        bool logTlsServerHelloDetails;
#endif
    } onoff;

    int64_t shared_transient_entries_limit;

    int pipeline_max_prefetch;

    int forward_max_tries;
    int connect_retries;

    class ACL *aclList;

    struct {
        acl_access *http;
        acl_access *adapted_http;
        acl_access *icp;
        acl_access *miss;
        acl_access *NeverDirect;
        acl_access *AlwaysDirect;
        acl_access *ASlists;
        acl_access *noCache;
        acl_access *sendHit;
        acl_access *storeMiss;
        acl_access *stats_collection;
#if SQUID_SNMP

        acl_access *snmp;
#endif
#if USE_HTTP_VIOLATIONS
        acl_access *brokenPosts;
#endif
        acl_access *redirector;
        acl_access *store_id;
        acl_access *reply;
        Acl::Address *outgoing_address;
#if USE_HTCP

        acl_access *htcp;
        acl_access *htcp_clr;
#endif

#if USE_OPENSSL
        acl_access *ssl_bump;
#endif
#if FOLLOW_X_FORWARDED_FOR
        acl_access *followXFF;
#endif /* FOLLOW_X_FORWARDED_FOR */

        /// acceptible PROXY protocol clients
        acl_access *proxyProtocol;

        /// spoof_client_ip squid.conf acl.
        /// nil unless configured
        acl_access* spoof_client_ip;
        acl_access *on_unsupported_protocol;

        acl_access *ftp_epsv;

        acl_access *forceRequestBodyContinuation;
        acl_access *serverPconnForNonretriable;
        acl_access *collapsedForwardingAccess;
    } accessList;
    AclDenyInfoList *denyInfoList;

    struct {
        size_t list_width;
        int list_wrap;
        char *anon_user;
        int passive;
        int epsv_all;
        int epsv;
        int eprt;
        int sanitycheck;
        int telnet;
    } Ftp;
    RefreshPattern *Refresh;

    Store::DiskConfig cacheSwap;

    struct {
        char *directory;
        int use_short_names;
    } icons;
    char *errorDirectory;
#if USE_ERR_LOCALES
    char *errorDefaultLanguage;
    int errorLogMissingLanguages;
#endif
    char *errorStylesheet;

    struct {
        int onerror;
    } retry;

    struct {
        int64_t limit;
    } MemPools;
#if USE_DELAY_POOLS

    DelayConfig Delay;
    ClientDelayConfig ClientDelay;
    MessageDelayConfig MessageDelay;
#endif

    struct {
        struct {
            int average;
            int min_poll;
        } dns, udp, tcp;
    } comm_incoming;
    int max_open_disk_fds;
    int uri_whitespace;
    AclSizeLimit *rangeOffsetLimit;
#if MULTICAST_MISS_STREAM

    struct {

        Ip::Address addr;
        int ttl;
        unsigned short port;
        char *encode_key;
    } mcast_miss;
#endif

    /// request_header_access and request_header_replace
    HeaderManglers *request_header_access;
    /// reply_header_access and reply_header_replace
    HeaderManglers *reply_header_access;
    ///request_header_add access list
    HeaderWithAclList *request_header_add;
    ///reply_header_add access list
    HeaderWithAclList *reply_header_add;
    ///note
    Notes notes;
    char *coredump_dir;
    char *chroot_dir;
#if USE_CACHE_DIGESTS

    struct {
        int bits_per_entry;
        time_t rebuild_period;
        time_t rewrite_period;
        size_t swapout_chunk_size;
        int rebuild_chunk_percentage;
    } digest;
#endif
#if USE_OPENSSL

    struct {
        int unclean_shutdown;
        char *ssl_engine;
        int session_ttl;
        size_t sessionCacheSize;
        char *certSignHash;
    } SSL;
#endif

    struct {
        int high_rptm;
        int high_pf;
        size_t high_memory;
    } warnings;
    char *store_dir_select_algorithm;
    int sleep_after_fork;   /* microseconds */
    time_t minimum_expiry_time; /* seconds */
    external_acl *externalAclHelperList;

    struct {
        Security::ContextPointer sslContext;
#if USE_OPENSSL
        char *foreignIntermediateCertsPath;
        acl_access *cert_error;
        sslproxy_cert_sign *cert_sign;
        sslproxy_cert_adapt *cert_adapt;
#endif
    } ssl_client;

    char *accept_filter;
    int umask;
    int max_filedescriptors;
    int workers;
    CpuAffinityMap *cpuAffinityMap;

#if USE_LOADABLE_MODULES
    wordlist *loadable_module_names;
#endif

    int client_ip_max_connections;

    char *redirector_extras;

    struct UrlHelperTimeout {
        int action;
        char *response;
    } onUrlRewriteTimeout;

    char *storeId_extras;

    struct {
        SBufList nameservers;
        int v4_first;       ///< Place IPv4 first in the order of DNS results.
        ssize_t packet_max; ///< maximum size EDNS advertised for DNS replies.
    } dns;

    struct {
        int connect_limit;
        int connect_gap;
        int connect_timeout;
    } happyEyeballs;
};

extern SquidConfig Config;

class SquidConfig2
{
public:
    void clear() {
        *this = SquidConfig2();
    }

    struct {
        int enable_purge = 0;
    } onoff;
    uid_t effectiveUserID = 0;
    gid_t effectiveGroupID = 0;
};

extern SquidConfig2 Config2;

#endif /* SQUID_SQUIDCONFIG_H_ */
Commit	Line	Data
	1	/*
	2	* Copyright (C) 1996-2020 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	#ifndef SQUID_SQUIDCONFIG_H_
	10	#define SQUID_SQUIDCONFIG_H_
	11
	12	#include "acl/forward.h"
	13	#include "base/RefCount.h"
	14	#include "base/YesNoNone.h"
	15	#if USE_DELAY_POOLS
	16	#include "ClientDelayConfig.h"
	17	#include "DelayConfig.h"
	18	#endif
	19	#include "helper/ChildConfig.h"
	20	#include "HttpHeaderTools.h"
	21	#include "ip/Address.h"
	22	#if USE_DELAY_POOLS
	23	#include "MessageDelayPools.h"
	24	#endif
	25	#include "Notes.h"
	26	#include "security/forward.h"
	27	#include "SquidTime.h"
	28	#if USE_OPENSSL
	29	#include "ssl/support.h"
	30	#endif
	31	#include "store/Disk.h"
	32	#include "store/forward.h"
	33
	34	#if USE_OPENSSL
	35	class sslproxy_cert_sign;
	36	class sslproxy_cert_adapt;
	37	#endif
	38
	39	namespace Mgr
	40	{
	41	class ActionPasswordList;
	42	} // namespace Mgr
	43	class CachePeer;
	44	class CustomLog;
	45	class CpuAffinityMap;
	46	class external_acl;
	47	class HeaderManglers;
	48	class RefreshPattern;
	49	class RemovalPolicySettings;
	50
	51	namespace AnyP
	52	{
	53	class PortCfg;
	54	}
	55
	56	namespace Store {
	57	class DiskConfig {
	58	public:
	59	DiskConfig() { assert(swapDirs == nullptr); }
	60	~DiskConfig() { delete[] swapDirs; }
	61
	62	RefCount<SwapDir> *swapDirs = nullptr;
	63	int n_allocated = 0;
	64	int n_configured = 0;
	65	/// number of disk processes required to support all cache_dirs
	66	int n_strands = 0;
	67	};
	68	#define INDEXSD(i) (Config.cacheSwap.swapDirs[i].getRaw())
	69	}
	70
	71	/// the representation of the configuration. POD.
	72	class SquidConfig
	73	{
	74	public:
	75	struct {
	76	/* These should be for the Store::Root instance.
	77	* this needs pluggable parsing to be done smoothly.
	78	*/
	79	int highWaterMark;
	80	int lowWaterMark;
	81	} Swap;
	82
	83	YesNoNone memShared; ///< whether the memory cache is shared among workers
	84	YesNoNone shmLocking; ///< shared_memory_locking
	85	size_t memMaxSize;
	86
	87	struct {
	88	int64_t min;
	89	int pct;
	90	int64_t max;
	91	} quickAbort;
	92	int64_t readAheadGap;
	93	RemovalPolicySettings *replPolicy;
	94	RemovalPolicySettings *memPolicy;
	95	#if USE_HTTP_VIOLATIONS
	96	time_t negativeTtl;
	97	#endif
	98	time_t maxStale;
	99	time_t negativeDnsTtl;
	100	time_t positiveDnsTtl;
	101	time_t shutdownLifetime;
	102	time_t backgroundPingRate;
	103	time_t hopelessKidRevivalDelay; ///< hopeless_kid_revival_delay
	104
	105	struct {
	106	time_t read;
	107	time_t write;
	108	time_t lifetime;
	109	time_t connect;
	110	time_t forward;
	111	time_t peer_connect;
	112	time_t request;
	113	time_t clientIdlePconn;
	114	time_t serverIdlePconn;
	115	time_t ftpClientIdle;
	116	time_t pconnLifetime; ///< pconn_lifetime in squid.conf
	117	time_t siteSelect;
	118	time_t deadPeer;
	119	time_t request_start_timeout;
	120	int icp_query; /* msec */
	121	int icp_query_max; /* msec */
	122	int icp_query_min; /* msec */
	123	int mcast_icp_query; /* msec */
	124	time_msec_t idns_retransmit;
	125	time_msec_t idns_query;
	126	time_t urlRewrite;
	127	} Timeout;
	128	size_t maxRequestHeaderSize;
	129	int64_t maxRequestBodySize;
	130	size_t maxRequestBufferSize;
	131	size_t maxReplyHeaderSize;
	132	AclSizeLimit *ReplyBodySize;
	133
	134	struct {
	135	unsigned short icp;
	136	#if USE_HTCP
	137
	138	unsigned short htcp;
	139	#endif
	140	#if SQUID_SNMP
	141
	142	unsigned short snmp;
	143	#endif
	144	} Port;
	145
	146	#if SQUID_SNMP
	147
	148	struct {
	149	char *configFile;
	150	char *agentInfo;
	151	} Snmp;
	152	#endif
	153	#if USE_WCCP
	154
	155	struct {
	156	Ip::Address router;
	157	Ip::Address address;
	158	int version;
	159	} Wccp;
	160	#endif
	161	#if USE_WCCPv2
	162
	163	struct {
	164	Ip::Address_list *router;
	165	Ip::Address address;
	166	int forwarding_method;
	167	int return_method;
	168	int assignment_method;
	169	int weight;
	170	int rebuildwait;
	171	void *info;
	172	} Wccp2;
	173	#endif
	174
	175	char *as_whois_server;
	176
	177	struct {
	178	char *store;
	179	char *swap;
	180	CustomLog *accesslogs;
	181	#if ICAP_CLIENT
	182	CustomLog *icaplogs;
	183	#endif
	184	int rotateNumber;
	185	} Log;
	186	char *adminEmail;
	187	char *EmailFrom;
	188	char *EmailProgram;
	189	char *effectiveUser;
	190	char *visible_appname_string;
	191	char *effectiveGroup;
	192
	193	struct {
	194	wordlist *redirect;
	195	wordlist *store_id;
	196	#if USE_UNLINKD
	197
	198	char *unlinkd;
	199	#endif
	200
	201	char *diskd;
	202	#if USE_OPENSSL
	203
	204	char *ssl_password;
	205	#endif
	206
	207	} Program;
	208
	209	Helper::ChildConfig redirectChildren;
	210	Helper::ChildConfig storeIdChildren;
	211
	212	struct {
	213	char *surrogate_id;
	214	} Accel;
	215	char *appendDomain;
	216	size_t appendDomainLen;
	217	char *pidFilename;
	218	char *netdbFilename;
	219	char *mimeTablePathname;
	220	char *etcHostsPath;
	221	char *visibleHostname;
	222	char *uniqueHostname;
	223	wordlist *hostnameAliases;
	224	char *errHtmlText;
	225
	226	struct {
	227	char *host;
	228	char *file;
	229	time_t period;
	230	unsigned short port;
	231	} Announce;
	232
	233	struct {
	234
	235	Ip::Address udp_incoming;
	236	Ip::Address udp_outgoing;
	237	#if SQUID_SNMP
	238	Ip::Address snmp_incoming;
	239	Ip::Address snmp_outgoing;
	240	#endif
	241	/* FIXME INET6 : this should really be a CIDR value */
	242	Ip::Address client_netmask;
	243	} Addrs;
	244	size_t tcpRcvBufsz;
	245	size_t udpMaxHitObjsz;
	246	wordlist *mcast_group_list;
	247	CachePeer *peers;
	248	int npeers;
	249
	250	struct {
	251	int size;
	252	int low;
	253	int high;
	254	} ipcache;
	255
	256	struct {
	257	int size;
	258	} fqdncache;
	259	int minDirectHops;
	260	int minDirectRtt;
	261	Mgr::ActionPasswordList *passwd_list;
	262
	263	struct {
	264	int objectsPerBucket;
	265	int64_t avgObjectSize;
	266	int64_t maxObjectSize;
	267	int64_t minObjectSize;
	268	size_t maxInMemObjSize;
	269	} Store;
	270
	271	struct {
	272	int high;
	273	int low;
	274	time_t period;
	275	} Netdb;
	276
	277	struct {
	278	int log_udp;
	279	int res_defnames;
	280	int anonymizer;
	281	int client_db;
	282	int query_icmp;
	283	int icp_hit_stale;
	284	int buffered_logs;
	285	int common_log;
	286	int log_mime_hdrs;
	287	int log_fqdn;
	288	int announce;
	289	int mem_pools;
	290	int test_reachability;
	291	int half_closed_clients;
	292	int refresh_all_ims;
	293	#if USE_HTTP_VIOLATIONS
	294
	295	int reload_into_ims;
	296	#endif
	297
	298	int offline;
	299	int redir_rewrites_host;
	300	int prefer_direct;
	301	int nonhierarchical_direct;
	302	int strip_query_terms;
	303	int redirector_bypass;
	304	int store_id_bypass;
	305	int ignore_unknown_nameservers;
	306	int client_pconns;
	307	int server_pconns;
	308	int error_pconns;
	309	#if USE_CACHE_DIGESTS
	310
	311	int digest_generation;
	312	#endif
	313
	314	int vary_ignore_expire;
	315	int surrogate_is_remote;
	316	int request_entities;
	317	int detect_broken_server_pconns;
	318	int relaxed_header_parser;
	319	int check_hostnames;
	320	int allow_underscore;
	321	int via;
	322	int cache_miss_revalidate;
	323	int emailErrData;
	324	int httpd_suppress_version_string;
	325	int global_internal_static;
	326	int collapsed_forwarding;
	327
	328	#if FOLLOW_X_FORWARDED_FOR
	329	int acl_uses_indirect_client;
	330	int delay_pool_uses_indirect_client;
	331	int log_uses_indirect_client;
	332	#if LINUX_NETFILTER
	333	int tproxy_uses_indirect_client;
	334	#endif
	335	#endif /* FOLLOW_X_FORWARDED_FOR */
	336
	337	int WIN32_IpAddrChangeMonitor;
	338	int memory_cache_first;
	339	int memory_cache_disk;
	340	int hostStrictVerify;
	341	int client_dst_passthru;
	342	int dns_mdns;
	343	#if USE_OPENSSL
	344	bool logTlsServerHelloDetails;
	345	#endif
	346	} onoff;
	347
	348	int64_t shared_transient_entries_limit;
	349
	350	int pipeline_max_prefetch;
	351
	352	int forward_max_tries;
	353	int connect_retries;
	354
	355	class ACL *aclList;
	356
	357	struct {
	358	acl_access *http;
	359	acl_access *adapted_http;
	360	acl_access *icp;
	361	acl_access *miss;
	362	acl_access *NeverDirect;
	363	acl_access *AlwaysDirect;
	364	acl_access *ASlists;
	365	acl_access *noCache;
	366	acl_access *sendHit;
	367	acl_access *storeMiss;
	368	acl_access *stats_collection;
	369	#if SQUID_SNMP
	370
	371	acl_access *snmp;
	372	#endif
	373	#if USE_HTTP_VIOLATIONS
	374	acl_access *brokenPosts;
	375	#endif
	376	acl_access *redirector;
	377	acl_access *store_id;
	378	acl_access *reply;
	379	Acl::Address *outgoing_address;
	380	#if USE_HTCP
	381
	382	acl_access *htcp;
	383	acl_access *htcp_clr;
	384	#endif
	385
	386	#if USE_OPENSSL
	387	acl_access *ssl_bump;
	388	#endif
	389	#if FOLLOW_X_FORWARDED_FOR
	390	acl_access *followXFF;
	391	#endif /* FOLLOW_X_FORWARDED_FOR */
	392
	393	/// acceptible PROXY protocol clients
	394	acl_access *proxyProtocol;
	395
	396	/// spoof_client_ip squid.conf acl.
	397	/// nil unless configured
	398	acl_access* spoof_client_ip;
	399	acl_access *on_unsupported_protocol;
	400
	401	acl_access *ftp_epsv;
	402
	403	acl_access *forceRequestBodyContinuation;
	404	acl_access *serverPconnForNonretriable;
	405	acl_access *collapsedForwardingAccess;
	406	} accessList;
	407	AclDenyInfoList *denyInfoList;
	408
	409	struct {
	410	size_t list_width;
	411	int list_wrap;
	412	char *anon_user;
	413	int passive;
	414	int epsv_all;
	415	int epsv;
	416	int eprt;
	417	int sanitycheck;
	418	int telnet;
	419	} Ftp;
	420	RefreshPattern *Refresh;
	421
	422	Store::DiskConfig cacheSwap;
	423
	424	struct {
	425	char *directory;
	426	int use_short_names;
	427	} icons;
	428	char *errorDirectory;
	429	#if USE_ERR_LOCALES
	430	char *errorDefaultLanguage;
	431	int errorLogMissingLanguages;
	432	#endif
	433	char *errorStylesheet;
	434
	435	struct {
	436	int onerror;
	437	} retry;
	438
	439	struct {
	440	int64_t limit;
	441	} MemPools;
	442	#if USE_DELAY_POOLS
	443
	444	DelayConfig Delay;
	445	ClientDelayConfig ClientDelay;
	446	MessageDelayConfig MessageDelay;
	447	#endif
	448
	449	struct {
	450	struct {
	451	int average;
	452	int min_poll;
	453	} dns, udp, tcp;
	454	} comm_incoming;
	455	int max_open_disk_fds;
	456	int uri_whitespace;
	457	AclSizeLimit *rangeOffsetLimit;
	458	#if MULTICAST_MISS_STREAM
	459
	460	struct {
	461
	462	Ip::Address addr;
	463	int ttl;
	464	unsigned short port;
	465	char *encode_key;
	466	} mcast_miss;
	467	#endif
	468
	469	/// request_header_access and request_header_replace
	470	HeaderManglers *request_header_access;
	471	/// reply_header_access and reply_header_replace
	472	HeaderManglers *reply_header_access;
	473	///request_header_add access list
	474	HeaderWithAclList *request_header_add;
	475	///reply_header_add access list
	476	HeaderWithAclList *reply_header_add;
	477	///note
	478	Notes notes;
	479	char *coredump_dir;
	480	char *chroot_dir;
	481	#if USE_CACHE_DIGESTS
	482
	483	struct {
	484	int bits_per_entry;
	485	time_t rebuild_period;
	486	time_t rewrite_period;
	487	size_t swapout_chunk_size;
	488	int rebuild_chunk_percentage;
	489	} digest;
	490	#endif
	491	#if USE_OPENSSL
	492
	493	struct {
	494	int unclean_shutdown;
	495	char *ssl_engine;
	496	int session_ttl;
	497	size_t sessionCacheSize;
	498	char *certSignHash;
	499	} SSL;
	500	#endif
	501
	502	struct {
	503	int high_rptm;
	504	int high_pf;
	505	size_t high_memory;
	506	} warnings;
	507	char *store_dir_select_algorithm;
	508	int sleep_after_fork; /* microseconds */
	509	time_t minimum_expiry_time; /* seconds */
	510	external_acl *externalAclHelperList;
	511
	512	struct {
	513	Security::ContextPointer sslContext;
	514	#if USE_OPENSSL
	515	char *foreignIntermediateCertsPath;
	516	acl_access *cert_error;
	517	sslproxy_cert_sign *cert_sign;
	518	sslproxy_cert_adapt *cert_adapt;
	519	#endif
	520	} ssl_client;
	521
	522	char *accept_filter;
	523	int umask;
	524	int max_filedescriptors;
	525	int workers;
	526	CpuAffinityMap *cpuAffinityMap;
	527
	528	#if USE_LOADABLE_MODULES
	529	wordlist *loadable_module_names;
	530	#endif
	531
	532	int client_ip_max_connections;
	533
	534	char *redirector_extras;
	535
	536	struct UrlHelperTimeout {
	537	int action;
	538	char *response;
	539	} onUrlRewriteTimeout;
	540
	541	char *storeId_extras;
	542
	543	struct {
	544	SBufList nameservers;
	545	int v4_first; ///< Place IPv4 first in the order of DNS results.
	546	ssize_t packet_max; ///< maximum size EDNS advertised for DNS replies.
	547	} dns;
	548
	549	struct {
	550	int connect_limit;
	551	int connect_gap;
	552	int connect_timeout;
	553	} happyEyeballs;
	554	};
	555
	556	extern SquidConfig Config;
	557
	558	class SquidConfig2
	559	{
	560	public:
	561	void clear() {
	562	*this = SquidConfig2();
	563	}
	564
	565	struct {
	566	int enable_purge = 0;
	567	} onoff;
	568	uid_t effectiveUserID = 0;
	569	gid_t effectiveGroupID = 0;
	570	};
	571
	572	extern SquidConfig2 Config2;
	573
	574	#endif /* SQUID_SQUIDCONFIG_H_ */
	575