-#ifndef SQUID_REQUESTFLAGS_H_
-#define SQUID_REQUESTFLAGS_H_
/*
- * DEBUG: section 73 HTTP Request
- * AUTHOR: Duane Wessels
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
-class RequestFlags {
-public:
- RequestFlags():
- nocache(0), ims(0), auth(0), cachable(0),
- hierarchical(0), loopdetect(0), proxy_keepalive(0), proxying(0),
- refresh(0), redirected(0), need_validation(0),
- fail_on_validation_err(0), stale_if_hit(0), nocache_hack(false), accelerated_(false),
- ignore_cc(false), intercepted_(false), hostVerified_(false), spoof_client_ip(false),
- internal(false), internalclient(false), must_keepalive(false), connection_auth_wanted(false), connection_auth_disabled(false), connection_proxy_auth(false), pinned_(false),
- canRePin_(false), authSent_(false), noDirect_(false), chunkedReply_(false),
- streamError_(false), sslPeek_(false),
- doneFollowXForwardedFor(!FOLLOW_X_FORWARDED_FOR),
- sslBumped_(false), destinationIPLookedUp_(false), resetTCP_(false),
- isRanged_(false)
- {}
+/* DEBUG: section 73 HTTP Request */
- unsigned int nocache :1; ///< whether the response to this request may be READ from cache
- unsigned int ims :1;
- unsigned int auth :1;
- unsigned int cachable :1; ///< whether the response to thie request may be stored in the cache
- unsigned int hierarchical :1;
- unsigned int loopdetect :1;
- unsigned int proxy_keepalive :1;
- unsigned int proxying :1; /* this should be killed, also in httpstateflags */
- unsigned int refresh :1;
- unsigned int redirected :1;
- unsigned int need_validation :1;
- unsigned int fail_on_validation_err :1; ///< whether we should fail if validation fails
- unsigned int stale_if_hit :1; ///< reply is stale if it is a hit
- /* for changing/ignoring no-cache requests. Unused unless USE_HTTP_VIOLATIONS */
+#ifndef SQUID_REQUESTFLAGS_H_
+#define SQUID_REQUESTFLAGS_H_
- // When adding new flags, please update cloneAdaptationImmune() as needed.
- bool resetTCP() const;
- void setResetTCP();
- void clearResetTCP();
- void destinationIPLookupCompleted();
- bool destinationIPLookedUp() const;
- // returns a partial copy of the flags that includes only those flags
- // that are safe for a related (e.g., ICAP-adapted) request to inherit
+/** request-related flags
+ *
+ * Contains both flags marking a request's current state,
+ * and flags requesting some processing to be done at a later stage.
+ * TODO: better distinguish the two cases.
+ */
+class RequestFlags
+{
+public:
+ /** true if the response to this request may not be READ from cache */
+ bool noCache = false;
+ /** request is if-modified-since */
+ bool ims = false;
+ /** request is authenticated */
+ bool auth = false;
+ /** do not use keytabs for peer Kerberos authentication */
+ bool auth_no_keytab = false;
+ /** he response to the request may be stored in the cache */
+ bool cachable = false;
+ /** the request can be forwarded through the hierarchy */
+ bool hierarchical = false;
+ /** a loop was detected on this request */
+ bool loopDetected = false;
+ /** the connection can be kept alive */
+ bool proxyKeepalive = false;
+ /** content has expired, need to refresh it */
+ bool refresh = false;
+ /** request was redirected by redirectors */
+ bool redirected = false;
+ /** the requested object needs to be validated. See client_side_reply.cc
+ * for further information.
+ */
+ bool needValidation = false;
+ /** whether we should fail if validation fails */
+ bool failOnValidationError = false;
+ /** reply is stale if it is a hit */
+ bool staleIfHit = false;
+ /** request to override no-cache directives
+ *
+ * always use noCacheHack() for reading.
+ * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
+ */
+ bool nocacheHack = false;
+ /** this request is accelerated (reverse-proxy) */
+ bool accelerated = false;
+ /** if set, ignore Cache-Control headers */
+ bool ignoreCc = false;
+ /** set for intercepted requests */
+ bool intercepted = false;
+ /** set if the Host: header passed verification */
+ bool hostVerified = false;
+ /// Set for requests handled by a "tproxy" port.
+ bool interceptTproxy = false;
+ /// The client IP address should be spoofed when connecting to the web server.
+ /// This applies to TPROXY traffic that has not had spoofing disabled through
+ /// the spoof_client_ip squid.conf ACL.
+ bool spoofClientIp = false;
+ /** set if the request is internal (\see ClientHttpRequest::flags.internal)*/
+ bool internal = false;
+ /** if set, request to try very hard to keep the connection alive */
+ bool mustKeepalive = false;
+ /** set if the request wants connection oriented auth */
+ bool connectionAuth = false;
+ /** set if connection oriented auth can not be supported */
+ bool connectionAuthDisabled = false;
+ // XXX This is set in clientCheckPinning but never tested
+ /** Request wants connection oriented auth */
+ bool connectionProxyAuth = false;
+ /** set if the request was sent on a pinned connection */
+ bool pinned = false;
+ /** Authentication was already sent upstream (e.g. due tcp-level auth) */
+ bool authSent = false;
+ /** Deny direct forwarding unless overridden by always_direct
+ * Used in accelerator mode */
+ bool noDirect = false;
+ /** Reply with chunked transfer encoding */
+ bool chunkedReply = false;
+ /** set if stream error has occurred */
+ bool streamError = false;
+ /** internal ssl-bump request to get server cert */
+ bool sslPeek = false;
+ /** set if X-Forwarded-For checking is complete
+ *
+ * do not read directly; use doneFollowXff for reading
+ */
+ bool done_follow_x_forwarded_for = false;
+ /** set for ssl-bumped requests */
+ bool sslBumped = false;
+ /// carries a representation of an FTP command [received on ftp_port]
+ bool ftpNative = false;
+ bool destinationIpLookedUp = false;
+ /** request to reset the TCP stream */
+ bool resetTcp = false;
+ /** set if the request is ranged */
+ bool isRanged = false;
+
+ /// whether to forward via TunnelStateData (instead of FwdState)
+ bool forceTunnel = false;
+
+ /** clone the flags, resetting to default those which are not safe in
+ * a related (e.g. ICAP-adapted) request.
+ */
RequestFlags cloneAdaptationImmune() const;
- bool isRanged() const;
- void setRanged();
- void clearRanged();
-
- bool sslBumped() const { return sslBumped_; }
- void setSslBumped(bool newValue=true) { sslBumped_=newValue; }
- void clearSslBumpeD() { sslBumped_=false; }
-
- bool doneFollowXFF() const { return doneFollowXForwardedFor; }
- void setDoneFollowXFF() {
- doneFollowXForwardedFor = true;
+ // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
+ bool doneFollowXff() const {
+ return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR;
}
- void clearDoneFollowXFF() {
- /* do not allow clearing if FOLLOW_X_FORWARDED_FOR is unset */
- doneFollowXForwardedFor = false || !FOLLOW_X_FORWARDED_FOR;
- }
-
- bool sslPeek() const { return sslPeek_; }
- void setSslPeek() { sslPeek_=true; }
- void clearSslPeek() { sslPeek_=false; }
- bool hadStreamError() const { return streamError_; }
- void setStreamError() { streamError_ = true; }
- void clearStreamError() { streamError_ = false; }
-
- bool isReplyChunked() const { return chunkedReply_; }
- void markReplyChunked() { chunkedReply_ = true; }
-
- void setNoDirect() { noDirect_=true; }
- bool noDirect() const{ return noDirect_; }
-
- bool authSent() const { return authSent_; }
- void markAuthSent() { authSent_=true;}
-
- bool canRePin() const { return canRePin_; }
- void allowRepinning() { canRePin_=true; }
-
- void markPinned() { pinned_ = true; }
- void clearPinned() { pinned_ = false; }
- bool pinned() const { return pinned_; }
-
- //XXX: oddly this is set in client_side_request.cc, but never checked.
- bool wantConnectionProxyAuth() const { return connection_proxy_auth; }
- void requestConnectionProxyAuth() { connection_proxy_auth=true; }
-
- void disableConnectionAuth() { connection_auth_disabled=true; }
- bool connectionAuthDisabled() const { return connection_auth_disabled; }
-
- void wantConnectionAuth() { connection_auth_wanted=true; }
- bool connectionAuthWanted() const { return connection_auth_wanted; }
-
- void setMustKeepalive() { must_keepalive = true; }
- bool mustKeepalive() const { return must_keepalive; }
-
- //XXX: oddly this is set in client_side_request.cc but never checked.
- void setInternalClient() { internalclient=true;}
-
- void markInternal() { internal=true; }
- bool isInternal() const { return internal; }
-
- bool spoofClientIp() const { return spoof_client_ip; }
- void setSpoofClientIp() { spoof_client_ip = true; }
-
- bool hostVerified() const { return hostVerified_; }
- void markHostVerified() { hostVerified_=true; }
-
- bool intercepted() const { return intercepted_; }
- void markIntercepted() { intercepted_=true; }
-
- bool ignoringCacheControl() const { return ignore_cc; }
- void ignoreCacheControl() { ignore_cc=true; }
-
- bool accelerated() const { return accelerated_; }
- void markAccelerated() { accelerated_ = true; }
-
- /* nocache_hack is only enabled if USE_HTTP_VIOLATIONS is set at build-time.
- * Compilers will have an easy time optimizing to a NOP otherwise. */
- void hackNocache() { if (USE_HTTP_VIOLATIONS) nocache_hack=true; }
- bool noCacheHackEnabled() const { return USE_HTTP_VIOLATIONS && nocache_hack; }
-private:
- bool nocache_hack :1;
- bool accelerated_ :1; ///<request is accelerated
- bool ignore_cc :1; ///< ignore Cache-Control
- bool intercepted_ :1; ///< intercepted request
- bool hostVerified_ :1; ///< whether the Host: header passed verification
- bool spoof_client_ip :1; ///< spoof client ip if possible
- bool internal :1;
- bool internalclient :1;
- bool must_keepalive :1;
- bool connection_auth_wanted :1; /** Request wants connection oriented auth */
- bool connection_auth_disabled :1; ///< Connection oriented auth can't be supported
- bool connection_proxy_auth :1; ///< Request wants connection oriented auth
- bool pinned_ :1; ///< Request sent on a pinned connection
- bool canRePin_ :1; ///< OK to reopen a failed pinned connection
- bool authSent_ :1; ///< Authentication was forwarded
- /** Deny direct forwarding unless overriden by always_direct.
- * Used in accelerator mode */
- bool noDirect_ :1;
- bool chunkedReply_ :1; ///< Reply with chunked transfer encoding
- bool streamError_ :1; ///< Whether stream error has occured
- bool sslPeek_ :1; ///< internal ssl-bump request to get server cert
- /* doneFollowXForwardedFor is set by default to the opposite of
- * compilation option FOLLOW_X_FORWARDED_FOR (so that it returns
- * always "done" if the build option is disabled).
- */
- bool doneFollowXForwardedFor :1;
- bool sslBumped_ :1; /**< ssl-bumped request*/
- bool destinationIPLookedUp_:1;
- bool resetTCP_:1; ///< request to reset the TCP stream
- bool isRanged_ :1;
+ // if USE_HTTP_VIOLATIONS is not set, never allow this
+ bool noCacheHack() const {
+ return USE_HTTP_VIOLATIONS && nocacheHack;
+ }
};
#endif /* SQUID_REQUESTFLAGS_H_ */
+