/*
- * DEBUG: section 05 Socket Functions
- * AUTHOR: Amos Jeffries
- * AUTHOR: Robert Collins
+ * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
*
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- *
- *
- * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
- * Copyright (c) 2010, Amos Jeffries <amosjeffries@squid-cache.org>
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 05 Socket Functions */
+
#ifndef _SQUIDCONNECTIONDETAIL_H_
#define _SQUIDCONNECTIONDETAIL_H_
-#include "config.h"
#include "comm/forward.h"
+#include "defines.h"
+#if USE_SQUID_EUI
+#include "eui/Eui48.h"
+#include "eui/Eui64.h"
+#endif
#include "hier_code.h"
#include "ip/Address.h"
-#include "RefCount.h"
-#include "typedefs.h"
+#include "ip/forward.h"
+#include "mem/forward.h"
+#include "SquidTime.h"
-#if HAVE_IOSFWD
#include <iosfwd>
-#endif
-#if HAVE_OSTREAM
#include <ostream>
-#endif
-struct peer;
+class CachePeer;
-namespace Comm {
+namespace Security
+{
+class NegotiationHistory;
+};
+
+namespace Comm
+{
/* TODO: make these a struct of boolean flags members in the connection instead of a bitmap.
* we can't do that until all non-comm code uses Commm::Connection objects to create FD
* currently there is code still using comm_open() and comm_openex() synchronously!!
*/
#define COMM_UNSET 0x00
-#define COMM_NONBLOCKING 0x01
+#define COMM_NONBLOCKING 0x01 // default flag.
#define COMM_NOCLOEXEC 0x02
-#define COMM_REUSEADDR 0x04
-#define COMM_TRANSPARENT 0x08
-#define COMM_DOBIND 0x10
+#define COMM_REUSEADDR 0x04 // shared FD may be both accept()ing and read()ing
+#define COMM_DOBIND 0x08 // requires a bind()
+#define COMM_TRANSPARENT 0x10 // arrived via TPROXY
+#define COMM_INTERCEPTION 0x20 // arrived via NAT
/**
* Store data about the physical and logical attributes of a connection.
* object for state data. But a semantic equivalent for FD with easily
* accessible cached properties not requiring repeated complex lookups.
*
- * While the properties may be changed, this is for teh purpose of creating
- * potential connection descriptors which may be opened. Properties should
- * be considered read-only outside of the Comm layer code once the connection
- * is open.
+ * Connection properties may be changed until the connection is opened.
+ * Properties should be considered read-only outside of the Comm layer
+ * code once the connection is open.
*
- * These objects must not be passed around directly,
- * but a Comm::ConnectionPointer must be passed instead.
+ * These objects should not be passed around directly,
+ * but a Comm::ConnectionPointer should be passed instead.
*/
class Connection : public RefCountable
{
+ MEMPROXY_CLASS(Comm::Connection);
+
public:
- /** standard empty connection creation */
Connection();
/** Clear the connection properties and close any open socket. */
/** Close any open socket. */
void close();
+ /** Synchronize with Comm: Somebody closed our connection. */
+ void noteClosure();
+
/** determine whether this object describes an active connection or not. */
bool isOpen() const { return (fd >= 0); }
- /** retrieve the peer pointer for use.
+ /** Alter the stored IP address pair.
+ * WARNING: Does not ensure matching IPv4/IPv6 are supplied.
+ */
+ void setAddrs(const Ip::Address &aLocal, const Ip::Address &aRemote) {local = aLocal; remote = aRemote;}
+
+ /** retrieve the CachePeer pointer for use.
* The caller is responsible for all CBDATA operations regarding the
* used of the pointer returned.
*/
- peer * const getPeer() const;
+ CachePeer * getPeer() const;
- /** alter the stored peer pointer.
- * Perform appropriate CBDATA operations for locking the peer pointer
+ /** alter the stored CachePeer pointer.
+ * Perform appropriate CBDATA operations for locking the CachePeer pointer
*/
- void setPeer(peer * p);
+ void setPeer(CachePeer * p);
+
+ /** The time the connection started */
+ time_t startTime() const {return startTime_;}
+
+ /** The connection lifetime */
+ time_t lifeTime() const {return squid_curtime - startTime_;}
+
+ /** The time left for this connection*/
+ time_t timeLeft(const time_t idleTimeout) const;
+
+ /// Connection establishment timeout for callers that have already decided
+ /// to connect(2), either for the first time or after checking
+ /// EnoughTimeToReForward() during any re-forwarding attempts.
+ /// \returns the time left for this connection to become connected
+ /// \param fwdStart The start time of the peer selection/connection process.
+ time_t connectTimeout(const time_t fwdStart) const;
+
+ void noteStart() {startTime_ = squid_curtime;}
+
+ Security::NegotiationHistory *tlsNegotiations();
+ const Security::NegotiationHistory *hasTlsNegotiations() const {return tlsHistory;}
private:
/** These objects may not be exactly duplicated. Use copyDetails() instead. */
/** Hierarchy code for this connection link */
hier_code peerType;
- /** Socket used by this connection. -1 if no socket has been opened. */
+ /** Socket used by this connection. Negative if not open. */
int fd;
/** Quality of Service TOS values currently sent on this connection */
tos_t tos;
- /** Netfilter MARK values currently sent on this connection */
+ /** Netfilter MARK values currently sent on this connection
+ * In case of FTP, the MARK will be sent on data connections as well.
+ */
nfmark_t nfmark;
+ /** Netfilter CONNMARK value previously retrieved from this connection
+ * In case of FTP, the CONNMARK will NOT be applied to data connections, for one main reason:
+ * the CONNMARK could be set by a third party like iptables and overwriting it in squid may
+ * cause side effects and break CONNMARK-based policy. In other words, data connection is
+ * related to control connection, but it's not the same.
+ */
+ nfmark_t nfConnmark = 0;
+
/** COMM flags set on this connection */
int flags;
char rfc931[USER_IDENT_SZ];
-private:
- // XXX: we need to call this member peer_ but the struct peer_ global type
- // behind peer* clashes despite our private Comm:: namespace
- // (it being global gets inherited here too).
+#if USE_SQUID_EUI
+ Eui::Eui48 remoteEui48;
+ Eui::Eui64 remoteEui64;
+#endif
+private:
/** cache_peer data object (if any) */
- peer *_peer;
-};
+ CachePeer *peer_;
-}; // namespace Comm
+ /** The time the connection object was created */
+ time_t startTime_;
+ /** TLS connection details*/
+ Security::NegotiationHistory *tlsHistory;
+};
-// NP: Order and namespace here is very important.
-// * The second define inlines the first.
-// * Stream inheritance overloading is searched in the global scope first.
+}; // namespace Comm
-inline std::ostream &
-operator << (std::ostream &os, const Comm::Connection &conn)
-{
- os << "FD " << conn.fd << " local=" << conn.local <<
- " remote=" << conn.remote << " flags=" << conn.flags;
-#if USE_IDENT
- os << " IDENT::" << conn.rfc931;
-#endif
- return os;
-}
+std::ostream &operator << (std::ostream &os, const Comm::Connection &conn);
inline std::ostream &
operator << (std::ostream &os, const Comm::ConnectionPointer &conn)
}
#endif
+
projects / thirdparty / squid.git / blobdiff