[thirdparty/squid.git] / src / comm / Connection.h

/*
 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 05    Socket Functions */

#ifndef SQUID_SRC_COMM_CONNECTION_H
#define SQUID_SRC_COMM_CONNECTION_H

#include "base/CodeContext.h"
#include "base/InstanceId.h"
#include "comm/forward.h"
#include "defines.h"
#if USE_SQUID_EUI
#include "eui/Eui48.h"
#include "eui/Eui64.h"
#endif
#include "hier_code.h"
#include "ip/Address.h"
#include "ip/forward.h"
#include "mem/forward.h"
#include "time/gadgets.h"

#include <iosfwd>
#include <ostream>

class CachePeer;

namespace Security
{
class NegotiationHistory;
};

namespace Comm
{

/* TODO: make these a struct of boolean flags members in the connection instead of a bitmap.
 * we can't do that until all non-comm code uses Commm::Connection objects to create FD
 * currently there is code still using comm_open() and comm_openex() synchronously!!
 */
#define COMM_UNSET              0x00
#define COMM_NONBLOCKING        0x01  // default flag.
#define COMM_NOCLOEXEC          0x02
#define COMM_REUSEADDR          0x04  // shared FD may be both accept()ing and read()ing
#define COMM_DOBIND             0x08  // requires a bind()
#define COMM_TRANSPARENT        0x10  // arrived via TPROXY
#define COMM_INTERCEPTION       0x20  // arrived via NAT
#define COMM_REUSEPORT          0x40 //< needs SO_REUSEPORT
/// not registered with Comm and not owned by any connection-closing code
#define COMM_ORPHANED           0x80
/// Internal Comm optimization: Keep the source port unassigned until connect(2)
#define COMM_DOBIND_PORT_LATER 0x100

/**
 * Store data about the physical and logical attributes of a connection.
 *
 * Some link state can be inferred from the data, however this is not an
 * object for state data. But a semantic equivalent for FD with easily
 * accessible cached properties not requiring repeated complex lookups.
 *
 * Connection properties may be changed until the connection is opened.
 * Properties should be considered read-only outside of the Comm layer
 * code once the connection is open.
 *
 * These objects should not be passed around directly,
 * but a Comm::ConnectionPointer should be passed instead.
 */
class Connection: public CodeContext
{
    MEMPROXY_CLASS(Comm::Connection);

public:
    Connection();

    /** Clear the connection properties and close any open socket. */
    ~Connection() override;

    /// To prevent accidental copying of Connection objects that we started to
    /// open or that are open, use cloneProfile() instead.
    Connection(const Connection &&) = delete;

    /// Create a new closed Connection with the same configuration as this one.
    ConnectionPointer cloneProfile() const;

    /// close the still-open connection when its last reference is gone
    void enterOrphanage() { flags |= COMM_ORPHANED; }
    /// resume relying on owner(s) to initiate an explicit connection closure
    void leaveOrphanage() { flags &= ~COMM_ORPHANED; }

    /** Close any open socket. */
    void close();

    /** Synchronize with Comm: Somebody closed our connection. */
    void noteClosure();

    /** determine whether this object describes an active connection or not. */
    bool isOpen() const { return (fd >= 0); }

    /** Alter the stored IP address pair.
     * WARNING: Does not ensure matching IPv4/IPv6 are supplied.
     */
    void setAddrs(const Ip::Address &aLocal, const Ip::Address &aRemote) {local = aLocal; remote = aRemote;}

    /** retrieve the CachePeer pointer for use.
     * The caller is responsible for all CBDATA operations regarding the
     * used of the pointer returned.
     */
    CachePeer * getPeer() const;

    /** alter the stored CachePeer pointer.
     * Perform appropriate CBDATA operations for locking the CachePeer pointer
     */
    void setPeer(CachePeer * p);

    /// whether this is a connection to a cache_peer that was removed during reconfiguration
    bool toGoneCachePeer() const;

    /** The time the connection started */
    time_t startTime() const {return startTime_;}

    /** The connection lifetime */
    time_t lifeTime() const {return squid_curtime - startTime_;}

    /** The time left for this connection*/
    time_t timeLeft(const time_t idleTimeout) const;

    /// Connection establishment timeout for callers that have already decided
    /// to connect(2), either for the first time or after checking
    /// EnoughTimeToReForward() during any re-forwarding attempts.
    /// \returns the time left for this connection to become connected
    /// \param fwdStart The start time of the peer selection/connection process.
    time_t connectTimeout(const time_t fwdStart) const;

    void noteStart() {startTime_ = squid_curtime;}

    Security::NegotiationHistory *tlsNegotiations();
    const Security::NegotiationHistory *hasTlsNegotiations() const {return tlsHistory;}

    /* CodeContext API */
    ScopedId codeContextGist() const override;
    std::ostream &detailCodeContext(std::ostream &os) const override;

public:
    /** Address/Port for the Squid end of a TCP link. */
    Ip::Address local;

    /** Address for the Remote end of a TCP link. */
    Ip::Address remote;

    /** Hierarchy code for this connection link */
    hier_code peerType;

    /** Socket used by this connection. Negative if not open. */
    int fd;

    /** Quality of Service TOS values currently sent on this connection */
    tos_t tos;

    /** Netfilter MARK values currently sent on this connection
     * In case of FTP, the MARK will be sent on data connections as well.
     */
    nfmark_t nfmark;

    /** Netfilter CONNMARK value previously retrieved from this connection
     * In case of FTP, the CONNMARK will NOT be applied to data connections, for one main reason:
     * the CONNMARK could be set by a third party like iptables and overwriting it in squid may
     * cause side effects and break CONNMARK-based policy. In other words, data connection is
     * related to control connection, but it's not the same.
     */
    nfmark_t nfConnmark = 0;

    /** COMM flags set on this connection */
    int flags;

#if USE_SQUID_EUI
    Eui::Eui48 remoteEui48;
    Eui::Eui64 remoteEui64;
#endif

    InstanceId<Connection, uint64_t> id;

private:
    /** cache_peer data object (if any) */
    CachePeer *peer_;

    /** The time the connection object was created */
    time_t startTime_;

    /** TLS connection details*/
    Security::NegotiationHistory *tlsHistory;
};

std::ostream &operator <<(std::ostream &, const Connection &);

inline std::ostream &
operator <<(std::ostream &os, const ConnectionPointer &conn)
{
    if (conn != nullptr)
        os << *conn;
    return os;
}

} // namespace Comm

#endif /* SQUID_SRC_COMM_CONNECTION_H */
Commit	Line	Data
	1	/*
	2	* Copyright (C) 1996-2025 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	/* DEBUG: section 05 Socket Functions */
	10
	11	#ifndef SQUID_SRC_COMM_CONNECTION_H
	12	#define SQUID_SRC_COMM_CONNECTION_H
	13
	14	#include "base/CodeContext.h"
	15	#include "base/InstanceId.h"
	16	#include "comm/forward.h"
	17	#include "defines.h"
	18	#if USE_SQUID_EUI
	19	#include "eui/Eui48.h"
	20	#include "eui/Eui64.h"
	21	#endif
	22	#include "hier_code.h"
	23	#include "ip/Address.h"
	24	#include "ip/forward.h"
	25	#include "mem/forward.h"
	26	#include "time/gadgets.h"
	27
	28	#include <iosfwd>
	29	#include <ostream>
	30
	31	class CachePeer;
	32
	33	namespace Security
	34	{
	35	class NegotiationHistory;
	36	};
	37
	38	namespace Comm
	39	{
	40
	41	/* TODO: make these a struct of boolean flags members in the connection instead of a bitmap.
	42	* we can't do that until all non-comm code uses Commm::Connection objects to create FD
	43	* currently there is code still using comm_open() and comm_openex() synchronously!!
	44	*/
	45	#define COMM_UNSET 0x00
	46	#define COMM_NONBLOCKING 0x01 // default flag.
	47	#define COMM_NOCLOEXEC 0x02
	48	#define COMM_REUSEADDR 0x04 // shared FD may be both accept()ing and read()ing
	49	#define COMM_DOBIND 0x08 // requires a bind()
	50	#define COMM_TRANSPARENT 0x10 // arrived via TPROXY
	51	#define COMM_INTERCEPTION 0x20 // arrived via NAT
	52	#define COMM_REUSEPORT 0x40 //< needs SO_REUSEPORT
	53	/// not registered with Comm and not owned by any connection-closing code
	54	#define COMM_ORPHANED 0x80
	55	/// Internal Comm optimization: Keep the source port unassigned until connect(2)
	56	#define COMM_DOBIND_PORT_LATER 0x100
	57
	58	/**
	59	* Store data about the physical and logical attributes of a connection.
	60	*
	61	* Some link state can be inferred from the data, however this is not an
	62	* object for state data. But a semantic equivalent for FD with easily
	63	* accessible cached properties not requiring repeated complex lookups.
	64	*
	65	* Connection properties may be changed until the connection is opened.
	66	* Properties should be considered read-only outside of the Comm layer
	67	* code once the connection is open.
	68	*
	69	* These objects should not be passed around directly,
	70	* but a Comm::ConnectionPointer should be passed instead.
	71	*/
	72	class Connection: public CodeContext
	73	{
	74	MEMPROXY_CLASS(Comm::Connection);
	75
	76	public:
	77	Connection();
	78
	79	/** Clear the connection properties and close any open socket. */
	80	~Connection() override;
	81
	82	/// To prevent accidental copying of Connection objects that we started to
	83	/// open or that are open, use cloneProfile() instead.
	84	Connection(const Connection &&) = delete;
	85
	86	/// Create a new closed Connection with the same configuration as this one.
	87	ConnectionPointer cloneProfile() const;
	88
	89	/// close the still-open connection when its last reference is gone
	90	void enterOrphanage() { flags \|= COMM_ORPHANED; }
	91	/// resume relying on owner(s) to initiate an explicit connection closure
	92	void leaveOrphanage() { flags &= ~COMM_ORPHANED; }
	93
	94	/** Close any open socket. */
	95	void close();
	96
	97	/** Synchronize with Comm: Somebody closed our connection. */
	98	void noteClosure();
	99
	100	/** determine whether this object describes an active connection or not. */
	101	bool isOpen() const { return (fd >= 0); }
	102
	103	/** Alter the stored IP address pair.
	104	* WARNING: Does not ensure matching IPv4/IPv6 are supplied.
	105	*/
	106	void setAddrs(const Ip::Address &aLocal, const Ip::Address &aRemote) {local = aLocal; remote = aRemote;}
	107
	108	/** retrieve the CachePeer pointer for use.
	109	* The caller is responsible for all CBDATA operations regarding the
	110	* used of the pointer returned.
	111	*/
	112	CachePeer * getPeer() const;
	113
	114	/** alter the stored CachePeer pointer.
	115	* Perform appropriate CBDATA operations for locking the CachePeer pointer
	116	*/
	117	void setPeer(CachePeer * p);
	118
	119	/// whether this is a connection to a cache_peer that was removed during reconfiguration
	120	bool toGoneCachePeer() const;
	121
	122	/** The time the connection started */
	123	time_t startTime() const {return startTime_;}
	124
	125	/** The connection lifetime */
	126	time_t lifeTime() const {return squid_curtime - startTime_;}
	127
	128	/** The time left for this connection*/
	129	time_t timeLeft(const time_t idleTimeout) const;
	130
	131	/// Connection establishment timeout for callers that have already decided
	132	/// to connect(2), either for the first time or after checking
	133	/// EnoughTimeToReForward() during any re-forwarding attempts.
	134	/// \returns the time left for this connection to become connected
	135	/// \param fwdStart The start time of the peer selection/connection process.
	136	time_t connectTimeout(const time_t fwdStart) const;
	137
	138	void noteStart() {startTime_ = squid_curtime;}
	139
	140	Security::NegotiationHistory *tlsNegotiations();
	141	const Security::NegotiationHistory *hasTlsNegotiations() const {return tlsHistory;}
	142
	143	/* CodeContext API */
	144	ScopedId codeContextGist() const override;
	145	std::ostream &detailCodeContext(std::ostream &os) const override;
	146
	147	public:
	148	/** Address/Port for the Squid end of a TCP link. */
	149	Ip::Address local;
	150
	151	/** Address for the Remote end of a TCP link. */
	152	Ip::Address remote;
	153
	154	/** Hierarchy code for this connection link */
	155	hier_code peerType;
	156
	157	/** Socket used by this connection. Negative if not open. */
	158	int fd;
	159
	160	/** Quality of Service TOS values currently sent on this connection */
	161	tos_t tos;
	162
	163	/** Netfilter MARK values currently sent on this connection
	164	* In case of FTP, the MARK will be sent on data connections as well.
	165	*/
	166	nfmark_t nfmark;
	167
	168	/** Netfilter CONNMARK value previously retrieved from this connection
	169	* In case of FTP, the CONNMARK will NOT be applied to data connections, for one main reason:
	170	* the CONNMARK could be set by a third party like iptables and overwriting it in squid may
	171	* cause side effects and break CONNMARK-based policy. In other words, data connection is
	172	* related to control connection, but it's not the same.
	173	*/
	174	nfmark_t nfConnmark = 0;
	175
	176	/** COMM flags set on this connection */
	177	int flags;
	178
	179	#if USE_SQUID_EUI
	180	Eui::Eui48 remoteEui48;
	181	Eui::Eui64 remoteEui64;
	182	#endif
	183
	184	InstanceId<Connection, uint64_t> id;
	185
	186	private:
	187	/** cache_peer data object (if any) */
	188	CachePeer *peer_;
	189
	190	/** The time the connection object was created */
	191	time_t startTime_;
	192
	193	/** TLS connection details*/
	194	Security::NegotiationHistory *tlsHistory;
	195	};
	196
	197	std::ostream &operator <<(std::ostream &, const Connection &);
	198
	199	inline std::ostream &
	200	operator <<(std::ostream &os, const ConnectionPointer &conn)
	201	{
	202	if (conn != nullptr)
	203	os << *conn;
	204	return os;
	205	}
	206
	207	} // namespace Comm
	208
	209	#endif /* SQUID_SRC_COMM_CONNECTION_H */
	210