-#ifndef SQUID_REQUESTFLAGS_H_
-#define SQUID_REQUESTFLAGS_H_
/*
- * DEBUG: section 73 HTTP Request
- * AUTHOR: Duane Wessels
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
-class RequestFlags {
-public:
- RequestFlags():
- nocache(0), ims(0), auth(0), cachable(0),
- hierarchical(0), loopdetect(0), proxy_keepalive(0), proxying(0),
- refresh(0), redirected(0), need_validation(0),
- fail_on_validation_err(0), stale_if_hit(0), accelerated(0),
- ignore_cc(0), intercepted(0), hostVerified(0), spoof_client_ip(0),
- internal(0), internalclient(0), must_keepalive(0), pinned(0),
- canRePin(0), chunked_reply(0), stream_error(0), sslPeek(0),
- done_follow_x_forwarded_for(!FOLLOW_X_FORWARDED_FOR),
- sslBumped_(false), destinationIPLookedUp_(false), resetTCP_(false),
- isRanged_(false) {
-#if USE_HTTP_VIOLATIONS
- nocache_hack = 0;
-#endif
- }
-
- unsigned int nocache :1; ///< whether the response to this request may be READ from cache
- unsigned int ims :1;
- unsigned int auth :1;
- unsigned int cachable :1; ///< whether the response to thie request may be stored in the cache
- unsigned int hierarchical :1;
- unsigned int loopdetect :1;
- unsigned int proxy_keepalive :1;
- unsigned int proxying :1; /* this should be killed, also in httpstateflags */
- unsigned int refresh :1;
- unsigned int redirected :1;
- unsigned int need_validation :1;
- unsigned int fail_on_validation_err :1; ///< whether we should fail if validation fails
- unsigned int stale_if_hit :1; ///< reply is stale if it is a hit
-#if USE_HTTP_VIOLATIONS
- /* for changing/ignoring no-cache requests */
- /* TODO: remove the conditional definition, move ifdef to setter */
- unsigned int nocache_hack :1;
-#endif
- unsigned int accelerated :1;
- unsigned int ignore_cc :1;
- unsigned int intercepted :1; ///< intercepted request
- unsigned int hostVerified :1; ///< whether the Host: header passed verification
- unsigned int spoof_client_ip :1; /**< spoof client ip if possible */
- unsigned int internal :1;
- unsigned int internalclient :1;
- unsigned int must_keepalive :1;
- unsigned int connection_auth :1; /** Request wants connection oriented auth */
- unsigned int connection_auth_disabled :1; /** Connection oriented auth can not be supported */
- unsigned int connection_proxy_auth :1; /** Request wants connection oriented auth */
- unsigned int pinned :1; /* Request sent on a pinned connection */
- unsigned int canRePin :1; ///< OK to reopen a failed pinned connection
- unsigned int auth_sent :1; /* Authentication forwarded */
- unsigned int no_direct :1; /* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */
- unsigned int chunked_reply :1; /**< Reply with chunked transfer encoding */
- unsigned int stream_error :1; /**< Whether stream error has occured */
- unsigned int sslPeek :1; ///< internal ssl-bump request to get server cert
+/* DEBUG: section 73 HTTP Request */
-#if FOLLOW_X_FORWARDED_FOR
- /* TODO: move from conditional definition to conditional setting */
-#endif /* FOLLOW_X_FORWARDED_FOR */
+#ifndef SQUID_REQUESTFLAGS_H_
+#define SQUID_REQUESTFLAGS_H_
- // When adding new flags, please update cloneAdaptationImmune() as needed.
- bool resetTCP() const;
- void setResetTCP();
- void clearResetTCP();
- void destinationIPLookupCompleted();
- bool destinationIPLookedUp() const;
- // returns a partial copy of the flags that includes only those flags
- // that are safe for a related (e.g., ICAP-adapted) request to inherit
- RequestFlags cloneAdaptationImmune() const;
+/** request-related flags
+ *
+ * Contains both flags marking a request's current state,
+ * and flags requesting some processing to be done at a later stage.
+ * TODO: better distinguish the two cases.
+ */
+class RequestFlags
+{
+public:
+ /** true if the response to this request may not be READ from cache */
+ bool noCache = false;
+ /** request is if-modified-since */
+ bool ims = false;
+ /** request is authenticated */
+ bool auth = false;
+ /** do not use keytabs for peer Kerberos authentication */
+ bool auth_no_keytab = false;
+ /** he response to the request may be stored in the cache */
+ bool cachable = false;
+ /** the request can be forwarded through the hierarchy */
+ bool hierarchical = false;
+ /** a loop was detected on this request */
+ bool loopDetected = false;
+ /** the connection can be kept alive */
+ bool proxyKeepalive = false;
+ /* this should be killed, also in httpstateflags */
+ bool proxying = false;
+ /** content has expired, need to refresh it */
+ bool refresh = false;
+ /** request was redirected by redirectors */
+ bool redirected = false;
+ /** the requested object needs to be validated. See client_side_reply.cc
+ * for further information.
+ */
+ bool needValidation = false;
+ /** whether we should fail if validation fails */
+ bool failOnValidationError = false;
+ /** reply is stale if it is a hit */
+ bool staleIfHit = false;
+ /** request to override no-cache directives
+ *
+ * always use noCacheHack() for reading.
+ * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
+ */
+ bool nocacheHack = false;
+ /** this request is accelerated (reverse-proxy) */
+ bool accelerated = false;
+ /** if set, ignore Cache-Control headers */
+ bool ignoreCc = false;
+ /** set for intercepted requests */
+ bool intercepted = false;
+ /** set if the Host: header passed verification */
+ bool hostVerified = false;
+ /// Set for requests handled by a "tproxy" port.
+ bool interceptTproxy = false;
+ /// The client IP address should be spoofed when connecting to the web server.
+ /// This applies to TPROXY traffic that has not had spoofing disabled through
+ /// the spoof_client_ip squid.conf ACL.
+ bool spoofClientIp = false;
+ /** set if the request is internal (\see ClientHttpRequest::flags.internal)*/
+ bool internal = false;
+ //XXX this is set in in clientBeginRequest, but never tested.
+ /** set for internally-generated requests */
+ bool internalClient = false;
+ /** if set, request to try very hard to keep the connection alive */
+ bool mustKeepalive = false;
+ /** set if the rquest wants connection oriented auth */
+ bool connectionAuth = false;
+ /** set if connection oriented auth can not be supported */
+ bool connectionAuthDisabled = false;
+ // XXX This is set in clientCheckPinning but never tested
+ /** Request wants connection oriented auth */
+ bool connectionProxyAuth = false;
+ /** set if the request was sent on a pinned connection */
+ bool pinned = false;
+ /** Authentication was already sent upstream (e.g. due tcp-level auth) */
+ bool authSent = false;
+ /** Deny direct forwarding unless overriden by always_direct
+ * Used in accelerator mode */
+ bool noDirect = false;
+ /** Reply with chunked transfer encoding */
+ bool chunkedReply = false;
+ /** set if stream error has occured */
+ bool streamError = false;
+ /** internal ssl-bump request to get server cert */
+ bool sslPeek = false;
+ /** set if X-Forwarded-For checking is complete
+ *
+ * do not read directly; use doneFollowXff for reading
+ */
+ bool done_follow_x_forwarded_for = false;
+ /** set for ssl-bumped requests */
+ bool sslBumped = false;
+ /// carries a representation of an FTP command [received on ftp_port]
+ bool ftpNative = false;
+ bool destinationIpLookedUp = false;
+ /** request to reset the TCP stream */
+ bool resetTcp = false;
+ /** set if the request is ranged */
+ bool isRanged = false;
- bool isRanged() const;
- void setRanged();
- void clearRanged();
+ /// whether to forward via TunnelStateData (instead of FwdState)
+ bool forceTunnel = false;
- bool sslBumped() const { return sslBumped_; }
- void setSslBumped(bool newValue=true) { sslBumped_=newValue; }
- void clearSslBumpeD() { sslBumped_=false; }
+ /** clone the flags, resetting to default those which are not safe in
+ * a related (e.g. ICAP-adapted) request.
+ */
+ RequestFlags cloneAdaptationImmune() const;
- bool doneFollowXFF() const { return done_follow_x_forwarded_for; }
- void setDoneFollowXFF() {
- done_follow_x_forwarded_for = true;
- }
- void clearDoneFollowXFF() {
- /* do not allow clearing if FOLLOW_X_FORWARDED_FOR is unset */
- done_follow_x_forwarded_for = false || !FOLLOW_X_FORWARDED_FOR;
+ // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
+ bool doneFollowXff() const {
+ return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR;
}
-private:
- /* done_follow_x_forwarded_for set by default to the opposite of
- * compilation option FOLLOW_X_FORWARDED_FOR (so that it returns
- * always "done" if the build option is disabled.
- */
- bool done_follow_x_forwarded_for :1;
- bool sslBumped_ :1; /**< ssl-bumped request*/
- bool destinationIPLookedUp_:1;
- bool resetTCP_:1; ///< request to reset the TCP stream
- bool isRanged_ :1;
+ // if USE_HTTP_VIOLATIONS is not set, never allow this
+ bool noCacheHack() const {
+ return USE_HTTP_VIOLATIONS && nocacheHack;
+ }
};
#endif /* SQUID_REQUESTFLAGS_H_ */
+