src/SquidConfig.h

   1 /*
   2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SQUIDCONFIG_H_
  10 #define SQUID_SQUIDCONFIG_H_
  11
  12 #include "acl/forward.h"
  13 #include "base/RefCount.h"
  14 #include "base/YesNoNone.h"
  15 #if USE_DELAY_POOLS
  16 #include "ClientDelayConfig.h"
  17 #include "DelayConfig.h"
  18 #endif
  19 #include "helper/ChildConfig.h"
  20 #include "HttpHeaderTools.h"
  21 #include "ip/Address.h"
  22 #if USE_DELAY_POOLS
  23 #include "MessageDelayPools.h"
  24 #endif
  25 #include "Notes.h"
  26 #include "security/forward.h"
  27 #include "SquidTime.h"
  28 #if USE_OPENSSL
  29 #include "ssl/support.h"
  30 #endif
  31 #include "store/Disk.h"
  32 #include "store/forward.h"
  33
  34 #include <chrono>
  35
  36 #if USE_OPENSSL
  37 class sslproxy_cert_sign;
  38 class sslproxy_cert_adapt;
  39 #endif
  40
  41 namespace Mgr
  42 {
  43 class ActionPasswordList;
  44 } // namespace Mgr
  45 class CachePeer;
  46 class CustomLog;
  47 class CpuAffinityMap;
  48 class external_acl;
  49 class HeaderManglers;
  50 class RefreshPattern;
  51 class RemovalPolicySettings;
  52 class HttpUpgradeProtocolAccess;
  53
  54 namespace AnyP
  55 {
  56 class PortCfg;
  57 }
  58
  59 namespace Store {
  60 class DiskConfig {
  61 public:
  62     DiskConfig() { assert(swapDirs == nullptr); }
  63     ~DiskConfig() { delete[] swapDirs; }
  64
  65     RefCount<SwapDir> *swapDirs = nullptr;
  66     int n_allocated = 0;
  67     int n_configured = 0;
  68     /// number of disk processes required to support all cache_dirs
  69     int n_strands = 0;
  70 };
  71 #define INDEXSD(i) (Config.cacheSwap.swapDirs[i].getRaw())
  72 }
  73
  74 /// the representation of the configuration. POD.
  75 class SquidConfig
  76 {
  77 public:
  78     struct {
  79         /* These should be for the Store::Root instance.
  80         * this needs pluggable parsing to be done smoothly.
  81         */
  82         int highWaterMark;
  83         int lowWaterMark;
  84     } Swap;
  85
  86     YesNoNone memShared; ///< whether the memory cache is shared among workers
  87     YesNoNone shmLocking; ///< shared_memory_locking
  88     size_t memMaxSize;
  89
  90     struct {
  91         int64_t min;
  92         int pct;
  93         int64_t max;
  94     } quickAbort;
  95     int64_t readAheadGap;
  96     RemovalPolicySettings *replPolicy;
  97     RemovalPolicySettings *memPolicy;
  98 #if USE_HTTP_VIOLATIONS
  99     time_t negativeTtl;
 100 #endif
 101     time_t maxStale;
 102     time_t negativeDnsTtl;
 103     time_t positiveDnsTtl;
 104     time_t shutdownLifetime;
 105     time_t backgroundPingRate;
 106     time_t hopelessKidRevivalDelay; ///< hopeless_kid_revival_delay
 107
 108     struct {
 109         time_t read;
 110         time_t write;
 111         time_t lifetime;
 112         time_t connect;
 113         time_t forward;
 114         time_t peer_connect;
 115         time_t request;
 116         time_t clientIdlePconn;
 117         time_t serverIdlePconn;
 118         time_t ftpClientIdle;
 119         time_t pconnLifetime; ///< pconn_lifetime in squid.conf
 120         time_t siteSelect;
 121         time_t deadPeer;
 122         time_t request_start_timeout;
 123         int icp_query;      /* msec */
 124         int icp_query_max;  /* msec */
 125         int icp_query_min;  /* msec */
 126         int mcast_icp_query;    /* msec */
 127         time_msec_t idns_retransmit;
 128         time_msec_t idns_query;
 129         time_t urlRewrite;
 130     } Timeout;
 131     size_t maxRequestHeaderSize;
 132     int64_t maxRequestBodySize;
 133     size_t maxRequestBufferSize;
 134     size_t maxReplyHeaderSize;
 135     AclSizeLimit *ReplyBodySize;
 136
 137     struct {
 138         unsigned short icp;
 139 #if USE_HTCP
 140
 141         unsigned short htcp;
 142 #endif
 143 #if SQUID_SNMP
 144
 145         unsigned short snmp;
 146 #endif
 147     } Port;
 148
 149 #if SQUID_SNMP
 150
 151     struct {
 152         char *configFile;
 153         char *agentInfo;
 154     } Snmp;
 155 #endif
 156 #if USE_WCCP
 157
 158     struct {
 159         Ip::Address router;
 160         Ip::Address address;
 161         int version;
 162     } Wccp;
 163 #endif
 164 #if USE_WCCPv2
 165
 166     struct {
 167         Ip::Address_list *router;
 168         Ip::Address address;
 169         int forwarding_method;
 170         int return_method;
 171         int assignment_method;
 172         int weight;
 173         int rebuildwait;
 174         void *info;
 175     } Wccp2;
 176 #endif
 177
 178     char *as_whois_server;
 179
 180     struct {
 181         char *store;
 182         char *swap;
 183         CustomLog *accesslogs;
 184 #if ICAP_CLIENT
 185         CustomLog *icaplogs;
 186 #endif
 187         int rotateNumber;
 188     } Log;
 189     char *adminEmail;
 190     char *EmailFrom;
 191     char *EmailProgram;
 192     char *effectiveUser;
 193     char *visible_appname_string;
 194     char *effectiveGroup;
 195
 196     struct {
 197         wordlist *redirect;
 198         wordlist *store_id;
 199 #if USE_UNLINKD
 200
 201         char *unlinkd;
 202 #endif
 203
 204         char *diskd;
 205 #if USE_OPENSSL
 206
 207         char *ssl_password;
 208 #endif
 209
 210     } Program;
 211
 212     Helper::ChildConfig redirectChildren;
 213     Helper::ChildConfig storeIdChildren;
 214
 215     struct {
 216         char *surrogate_id;
 217     } Accel;
 218     char *appendDomain;
 219     size_t appendDomainLen;
 220     char *pidFilename;
 221     char *netdbFilename;
 222     char *mimeTablePathname;
 223     char *etcHostsPath;
 224     char *visibleHostname;
 225     char *uniqueHostname;
 226     wordlist *hostnameAliases;
 227     char *errHtmlText;
 228
 229     struct {
 230         char *host;
 231         char *file;
 232         time_t period;
 233         unsigned short port;
 234     } Announce;
 235
 236     struct {
 237
 238         Ip::Address udp_incoming;
 239         Ip::Address udp_outgoing;
 240 #if SQUID_SNMP
 241         Ip::Address snmp_incoming;
 242         Ip::Address snmp_outgoing;
 243 #endif
 244         /* FIXME INET6 : this should really be a CIDR value */
 245         Ip::Address client_netmask;
 246     } Addrs;
 247     size_t tcpRcvBufsz;
 248     size_t udpMaxHitObjsz;
 249     wordlist *mcast_group_list;
 250     CachePeer *peers;
 251     int npeers;
 252
 253     struct {
 254         int size;
 255         int low;
 256         int high;
 257     } ipcache;
 258
 259     struct {
 260         int size;
 261     } fqdncache;
 262     int minDirectHops;
 263     int minDirectRtt;
 264     Mgr::ActionPasswordList *passwd_list;
 265
 266     struct {
 267         int objectsPerBucket;
 268         int64_t avgObjectSize;
 269         int64_t maxObjectSize;
 270         int64_t minObjectSize;
 271         size_t maxInMemObjSize;
 272     } Store;
 273
 274     struct {
 275         int high;
 276         int low;
 277         time_t period;
 278     } Netdb;
 279
 280     struct {
 281         int log_udp;
 282         int res_defnames;
 283         int anonymizer;
 284         int client_db;
 285         int query_icmp;
 286         int icp_hit_stale;
 287         int buffered_logs;
 288         int common_log;
 289         int log_mime_hdrs;
 290         int log_fqdn;
 291         int announce;
 292         int mem_pools;
 293         int test_reachability;
 294         int half_closed_clients;
 295         int refresh_all_ims;
 296 #if USE_HTTP_VIOLATIONS
 297
 298         int reload_into_ims;
 299 #endif
 300
 301         int offline;
 302         int redir_rewrites_host;
 303         int prefer_direct;
 304         int nonhierarchical_direct;
 305         int strip_query_terms;
 306         int redirector_bypass;
 307         int store_id_bypass;
 308         int ignore_unknown_nameservers;
 309         int client_pconns;
 310         int server_pconns;
 311         int error_pconns;
 312 #if USE_CACHE_DIGESTS
 313
 314         int digest_generation;
 315 #endif
 316
 317         int vary_ignore_expire;
 318         int surrogate_is_remote;
 319         int request_entities;
 320         int detect_broken_server_pconns;
 321         int relaxed_header_parser;
 322         int check_hostnames;
 323         int allow_underscore;
 324         int via;
 325         int cache_miss_revalidate;
 326         int emailErrData;
 327         int httpd_suppress_version_string;
 328         int global_internal_static;
 329         int collapsed_forwarding;
 330
 331 #if FOLLOW_X_FORWARDED_FOR
 332         int acl_uses_indirect_client;
 333         int delay_pool_uses_indirect_client;
 334         int log_uses_indirect_client;
 335 #if LINUX_NETFILTER
 336         int tproxy_uses_indirect_client;
 337 #endif
 338 #endif /* FOLLOW_X_FORWARDED_FOR */
 339
 340         int WIN32_IpAddrChangeMonitor;
 341         int memory_cache_first;
 342         int memory_cache_disk;
 343         int hostStrictVerify;
 344         int client_dst_passthru;
 345         int dns_mdns;
 346 #if USE_OPENSSL
 347         bool logTlsServerHelloDetails;
 348 #endif
 349     } onoff;
 350
 351     int64_t shared_transient_entries_limit;
 352
 353     int pipeline_max_prefetch;
 354
 355     int forward_max_tries;
 356     int connect_retries;
 357
 358     std::chrono::nanoseconds paranoid_hit_validation;
 359
 360     class ACL *aclList;
 361
 362     struct {
 363         acl_access *http;
 364         acl_access *adapted_http;
 365         acl_access *icp;
 366         acl_access *miss;
 367         acl_access *NeverDirect;
 368         acl_access *AlwaysDirect;
 369         acl_access *ASlists;
 370         acl_access *noCache;
 371         acl_access *sendHit;
 372         acl_access *storeMiss;
 373         acl_access *stats_collection;
 374 #if SQUID_SNMP
 375
 376         acl_access *snmp;
 377 #endif
 378 #if USE_HTTP_VIOLATIONS
 379         acl_access *brokenPosts;
 380 #endif
 381         acl_access *redirector;
 382         acl_access *store_id;
 383         acl_access *reply;
 384         Acl::Address *outgoing_address;
 385 #if USE_HTCP
 386
 387         acl_access *htcp;
 388         acl_access *htcp_clr;
 389 #endif
 390
 391 #if USE_OPENSSL
 392         acl_access *ssl_bump;
 393 #endif
 394 #if FOLLOW_X_FORWARDED_FOR
 395         acl_access *followXFF;
 396 #endif /* FOLLOW_X_FORWARDED_FOR */
 397
 398         /// acceptable PROXY protocol clients
 399         acl_access *proxyProtocol;
 400
 401         /// spoof_client_ip squid.conf acl.
 402         /// nil unless configured
 403         acl_access* spoof_client_ip;
 404         acl_access *on_unsupported_protocol;
 405
 406         acl_access *ftp_epsv;
 407
 408         acl_access *forceRequestBodyContinuation;
 409         acl_access *serverPconnForNonretriable;
 410         acl_access *collapsedForwardingAccess;
 411     } accessList;
 412     AclDenyInfoList *denyInfoList;
 413
 414     struct {
 415         size_t list_width;
 416         int list_wrap;
 417         char *anon_user;
 418         int passive;
 419         int epsv_all;
 420         int epsv;
 421         int eprt;
 422         int sanitycheck;
 423         int telnet;
 424     } Ftp;
 425     RefreshPattern *Refresh;
 426
 427     Store::DiskConfig cacheSwap;
 428
 429     struct {
 430         char *directory;
 431         int use_short_names;
 432     } icons;
 433     char *errorDirectory;
 434 #if USE_ERR_LOCALES
 435     char *errorDefaultLanguage;
 436     int errorLogMissingLanguages;
 437 #endif
 438     char *errorStylesheet;
 439
 440     struct {
 441         int onerror;
 442     } retry;
 443
 444     struct {
 445         int64_t limit;
 446     } MemPools;
 447 #if USE_DELAY_POOLS
 448
 449     DelayConfig Delay;
 450     ClientDelayConfig ClientDelay;
 451     MessageDelayConfig MessageDelay;
 452 #endif
 453
 454     struct {
 455         struct {
 456             int average;
 457             int min_poll;
 458         } dns, udp, tcp;
 459     } comm_incoming;
 460     int max_open_disk_fds;
 461     int uri_whitespace;
 462     AclSizeLimit *rangeOffsetLimit;
 463 #if MULTICAST_MISS_STREAM
 464
 465     struct {
 466
 467         Ip::Address addr;
 468         int ttl;
 469         unsigned short port;
 470         char *encode_key;
 471     } mcast_miss;
 472 #endif
 473
 474     /// request_header_access and request_header_replace
 475     HeaderManglers *request_header_access;
 476     /// reply_header_access and reply_header_replace
 477     HeaderManglers *reply_header_access;
 478     ///request_header_add access list
 479     HeaderWithAclList *request_header_add;
 480     ///reply_header_add access list
 481     HeaderWithAclList *reply_header_add;
 482     /// http_upgrade_request_protocols
 483     HttpUpgradeProtocolAccess *http_upgrade_request_protocols;
 484     ///note
 485     Notes notes;
 486     char *coredump_dir;
 487     char *chroot_dir;
 488 #if USE_CACHE_DIGESTS
 489
 490     struct {
 491         int bits_per_entry;
 492         time_t rebuild_period;
 493         time_t rewrite_period;
 494         size_t swapout_chunk_size;
 495         int rebuild_chunk_percentage;
 496     } digest;
 497 #endif
 498 #if USE_OPENSSL
 499
 500     struct {
 501         int unclean_shutdown;
 502         char *ssl_engine;
 503         int session_ttl;
 504         size_t sessionCacheSize;
 505         char *certSignHash;
 506     } SSL;
 507 #endif
 508
 509     struct {
 510         int high_rptm;
 511         int high_pf;
 512         size_t high_memory;
 513     } warnings;
 514     char *store_dir_select_algorithm;
 515     int sleep_after_fork;   /* microseconds */
 516     time_t minimum_expiry_time; /* seconds */
 517     external_acl *externalAclHelperList;
 518
 519     struct {
 520         Security::ContextPointer sslContext;
 521 #if USE_OPENSSL
 522         char *foreignIntermediateCertsPath;
 523         acl_access *cert_error;
 524         sslproxy_cert_sign *cert_sign;
 525         sslproxy_cert_adapt *cert_adapt;
 526 #endif
 527     } ssl_client;
 528
 529     char *accept_filter;
 530     int umask;
 531     int max_filedescriptors;
 532     int workers;
 533     CpuAffinityMap *cpuAffinityMap;
 534
 535 #if USE_LOADABLE_MODULES
 536     wordlist *loadable_module_names;
 537 #endif
 538
 539     int client_ip_max_connections;
 540
 541     char *redirector_extras;
 542
 543     struct UrlHelperTimeout {
 544         int action;
 545         char *response;
 546     } onUrlRewriteTimeout;
 547
 548     char *storeId_extras;
 549
 550     struct {
 551         SBufList nameservers;
 552         int v4_first;       ///< Place IPv4 first in the order of DNS results.
 553         ssize_t packet_max; ///< maximum size EDNS advertised for DNS replies.
 554     } dns;
 555
 556     struct {
 557         int connect_limit;
 558         int connect_gap;
 559         int connect_timeout;
 560     } happyEyeballs;
 561 };
 562
 563 extern SquidConfig Config;
 564
 565 class SquidConfig2
 566 {
 567 public:
 568     void clear() {
 569         *this = SquidConfig2();
 570     }
 571
 572     struct {
 573         int enable_purge = 0;
 574     } onoff;
 575     uid_t effectiveUserID = 0;
 576     gid_t effectiveGroupID = 0;
 577 };
 578
 579 extern SquidConfig2 Config2;
 580
 581 #endif /* SQUID_SQUIDCONFIG_H_ */
 582