src/RequestFlags.h

   1 /*
   2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 73    HTTP Request */
  10
  11 #ifndef SQUID_REQUESTFLAGS_H_
  12 #define SQUID_REQUESTFLAGS_H_
  13
  14 #include "base/SupportOrVeto.h"
  15
  16 /** request-related flags
  17  *
  18  * Contains both flags marking a request's current state,
  19  * and flags requesting some processing to be done at a later stage.
  20  * TODO: better distinguish the two cases.
  21  */
  22 class RequestFlags
  23 {
  24 public:
  25     /** true if the response to this request may not be READ from cache */
  26     bool noCache = false;
  27     /** request is if-modified-since */
  28     bool ims = false;
  29     /** request is authenticated */
  30     bool auth = false;
  31     /** do not use keytabs for peer Kerberos authentication */
  32     bool auth_no_keytab = false;
  33
  34     /// whether the response may be stored in the cache
  35     SupportOrVeto cachable;
  36
  37     /** the request can be forwarded through the hierarchy */
  38     bool hierarchical = false;
  39     /** a loop was detected on this request */
  40     bool loopDetected = false;
  41     /** the connection can be kept alive */
  42     bool proxyKeepalive = false;
  43     /** content has expired, need to refresh it */
  44     bool refresh = false;
  45     /** request was redirected by redirectors */
  46     bool redirected = false;
  47     /** the requested object needs to be validated. See client_side_reply.cc
  48      * for further information.
  49      */
  50     bool needValidation = false;
  51     /** whether we should fail if validation fails */
  52     bool failOnValidationError = false;
  53     /** reply is stale if it is a hit */
  54     bool staleIfHit = false;
  55     /** request to override no-cache directives
  56      *
  57      * always use noCacheHack() for reading.
  58      * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
  59      */
  60     bool nocacheHack = false;
  61     /** this request is accelerated (reverse-proxy) */
  62     bool accelerated = false;
  63     /** if set, ignore Cache-Control headers */
  64     bool ignoreCc = false;
  65     /** set for intercepted requests */
  66     bool intercepted = false;
  67     /** set if the Host: header passed verification */
  68     bool hostVerified = false;
  69     /// Set for requests handled by a "tproxy" port.
  70     bool interceptTproxy = false;
  71     /// The client IP address should be spoofed when connecting to the web server.
  72     /// This applies to TPROXY traffic that has not had spoofing disabled through
  73     /// the spoof_client_ip squid.conf ACL.
  74     bool spoofClientIp = false;
  75
  76     /// whether the request targets a /squid-internal- resource (e.g., a MIME
  77     /// icon or a cache manager page) served by this Squid instance
  78     /// \sa ClientHttpRequest::flags.internal
  79     /// TODO: Rename to avoid a false implication that this flag is true for
  80     /// requests for /squid-internal- resources served by other Squid instances.
  81     bool internal = false;
  82
  83     /** if set, request to try very hard to keep the connection alive */
  84     bool mustKeepalive = false;
  85     /** set if the request wants connection oriented auth */
  86     bool connectionAuth = false;
  87     /** set if connection oriented auth can not be supported */
  88     bool connectionAuthDisabled = false;
  89     // XXX This is set in clientCheckPinning but never tested
  90     /** Request wants connection oriented auth */
  91     bool connectionProxyAuth = false;
  92     /** set if the request was sent on a pinned connection */
  93     bool pinned = false;
  94     /** Authentication was already sent upstream (e.g. due tcp-level auth) */
  95     bool authSent = false;
  96     /** Deny direct forwarding unless overridden by always_direct
  97      * Used in accelerator mode */
  98     bool noDirect = false;
  99     /** Reply with chunked transfer encoding */
 100     bool chunkedReply = false;
 101     /** set if stream error has occurred */
 102     bool streamError = false;
 103     /** internal ssl-bump request to get server cert */
 104     bool sslPeek = false;
 105     /** set if X-Forwarded-For checking is complete
 106      *
 107      * do not read directly; use doneFollowXff for reading
 108      */
 109     bool done_follow_x_forwarded_for = false;
 110     /** set for ssl-bumped requests */
 111     bool sslBumped = false;
 112     /// carries a representation of an FTP command [received on ftp_port]
 113     bool ftpNative = false;
 114     bool destinationIpLookedUp = false;
 115     /** request to reset the TCP stream */
 116     bool resetTcp = false;
 117     /** set if the request is ranged */
 118     bool isRanged = false;
 119
 120     /// whether to forward via TunnelStateData (instead of FwdState)
 121     bool forceTunnel = false;
 122
 123     /** clone the flags, resetting to default those which are not safe in
 124      *  a related (e.g. ICAP-adapted) request.
 125      */
 126     RequestFlags cloneAdaptationImmune() const;
 127
 128     // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
 129     bool doneFollowXff() const {
 130         return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR;
 131     }
 132
 133     // if USE_HTTP_VIOLATIONS is not set, never allow this
 134     bool noCacheHack() const {
 135         return USE_HTTP_VIOLATIONS && nocacheHack;
 136     }
 137
 138     /// ban satisfying the request from the cache and ban storing the response
 139     /// in the cache
 140     /// \param reason summarizes the marking decision context (for debugging)
 141     void disableCacheUse(const char *reason);
 142 };
 143
 144 #endif /* SQUID_REQUESTFLAGS_H_ */
 145