/*
- * DEBUG: section 05 Socket Functions
- * AUTHOR: Amos Jeffries
- * AUTHOR: Robert Collins
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- *
- *
- * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
- * Copyright (c) 2010, Amos Jeffries <amosjeffries@squid-cache.org>
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 05 Socket Functions */
+
#ifndef _SQUIDCONNECTIONDETAIL_H_
#define _SQUIDCONNECTIONDETAIL_H_
-#include "config.h"
+#include "base/CodeContext.h"
+#include "base/InstanceId.h"
#include "comm/forward.h"
-#include "hier_code.h"
-#include "ip/Address.h"
-#include "MemPool.h"
-#include "RefCount.h"
-#include "typedefs.h"
+#include "defines.h"
#if USE_SQUID_EUI
#include "eui/Eui48.h"
#include "eui/Eui64.h"
#endif
+#include "hier_code.h"
+#include "ip/Address.h"
+#include "ip/forward.h"
+#include "mem/forward.h"
+#include "SquidTime.h"
-#if HAVE_IOSFWD
#include <iosfwd>
-#endif
-#if HAVE_OSTREAM
#include <ostream>
-#endif
-struct peer;
+class CachePeer;
-namespace Comm {
+namespace Security
+{
+class NegotiationHistory;
+};
+
+namespace Comm
+{
/* TODO: make these a struct of boolean flags members in the connection instead of a bitmap.
* we can't do that until all non-comm code uses Commm::Connection objects to create FD
#define COMM_DOBIND 0x08 // requires a bind()
#define COMM_TRANSPARENT 0x10 // arrived via TPROXY
#define COMM_INTERCEPTION 0x20 // arrived via NAT
+#define COMM_REUSEPORT 0x40 //< needs SO_REUSEPORT
+/// not registered with Comm and not owned by any connection-closing code
+#define COMM_ORPHANED 0x40
/**
* Store data about the physical and logical attributes of a connection.
*
- * Some link state can be infered from the data, however this is not an
+ * Some link state can be inferred from the data, however this is not an
* object for state data. But a semantic equivalent for FD with easily
* accessible cached properties not requiring repeated complex lookups.
*
* Properties should be considered read-only outside of the Comm layer
* code once the connection is open.
*
- * These objects must not be passed around directly,
- * but a Comm::ConnectionPointer must be passed instead.
+ * These objects should not be passed around directly,
+ * but a Comm::ConnectionPointer should be passed instead.
*/
-class Connection : public RefCountable
+class Connection: public CodeContext
{
-public:
MEMPROXY_CLASS(Comm::Connection);
+public:
Connection();
/** Clear the connection properties and close any open socket. */
- ~Connection();
+ virtual ~Connection();
- /** Copy an existing connections IP and properties.
- * This excludes the FD. The new copy will be a closed connection.
- */
- ConnectionPointer copyDetails() const;
+ /// Create a new (closed) IDENT Connection object based on our from-Squid
+ /// connection properties.
+ ConnectionPointer cloneIdentDetails() const;
+
+ /// Create a new (closed) Connection object pointing to the same destination
+ /// as this from-Squid connection.
+ ConnectionPointer cloneDestinationDetails() const;
+
+ /// close the still-open connection when its last reference is gone
+ void enterOrphanage() { flags |= COMM_ORPHANED; }
+ /// resume relying on owner(s) to initiate an explicit connection closure
+ void leaveOrphanage() { flags &= ~COMM_ORPHANED; }
/** Close any open socket. */
void close();
+ /** Synchronize with Comm: Somebody closed our connection. */
+ void noteClosure();
+
/** determine whether this object describes an active connection or not. */
bool isOpen() const { return (fd >= 0); }
- /** retrieve the peer pointer for use.
+ /** Alter the stored IP address pair.
+ * WARNING: Does not ensure matching IPv4/IPv6 are supplied.
+ */
+ void setAddrs(const Ip::Address &aLocal, const Ip::Address &aRemote) {local = aLocal; remote = aRemote;}
+
+ /** retrieve the CachePeer pointer for use.
* The caller is responsible for all CBDATA operations regarding the
* used of the pointer returned.
*/
- peer * const getPeer() const;
+ CachePeer * getPeer() const;
- /** alter the stored peer pointer.
- * Perform appropriate CBDATA operations for locking the peer pointer
+ /** alter the stored CachePeer pointer.
+ * Perform appropriate CBDATA operations for locking the CachePeer pointer
*/
- void setPeer(peer * p);
+ void setPeer(CachePeer * p);
+
+ /** The time the connection started */
+ time_t startTime() const {return startTime_;}
+
+ /** The connection lifetime */
+ time_t lifeTime() const {return squid_curtime - startTime_;}
+
+ /** The time left for this connection*/
+ time_t timeLeft(const time_t idleTimeout) const;
+
+ /// Connection establishment timeout for callers that have already decided
+ /// to connect(2), either for the first time or after checking
+ /// EnoughTimeToReForward() during any re-forwarding attempts.
+ /// \returns the time left for this connection to become connected
+ /// \param fwdStart The start time of the peer selection/connection process.
+ time_t connectTimeout(const time_t fwdStart) const;
+
+ void noteStart() {startTime_ = squid_curtime;}
+
+ Security::NegotiationHistory *tlsNegotiations();
+ const Security::NegotiationHistory *hasTlsNegotiations() const {return tlsHistory;}
+
+ /* CodeContext API */
+ virtual ScopedId codeContextGist() const override;
+ virtual std::ostream &detailCodeContext(std::ostream &os) const override;
private:
- /** These objects may not be exactly duplicated. Use copyDetails() instead. */
+ /** These objects may not be exactly duplicated. Use cloneIdentDetails() or
+ * cloneDestinationDetails() instead.
+ */
Connection(const Connection &c);
- /** These objects may not be exactly duplicated. Use copyDetails() instead. */
+ /** These objects may not be exactly duplicated. Use cloneIdentDetails() or
+ * cloneDestinationDetails() instead.
+ */
Connection & operator =(const Connection &c);
public:
/** Quality of Service TOS values currently sent on this connection */
tos_t tos;
- /** Netfilter MARK values currently sent on this connection */
+ /** Netfilter MARK values currently sent on this connection
+ * In case of FTP, the MARK will be sent on data connections as well.
+ */
nfmark_t nfmark;
+ /** Netfilter CONNMARK value previously retrieved from this connection
+ * In case of FTP, the CONNMARK will NOT be applied to data connections, for one main reason:
+ * the CONNMARK could be set by a third party like iptables and overwriting it in squid may
+ * cause side effects and break CONNMARK-based policy. In other words, data connection is
+ * related to control connection, but it's not the same.
+ */
+ nfmark_t nfConnmark = 0;
+
/** COMM flags set on this connection */
int flags;
Eui::Eui64 remoteEui64;
#endif
-private:
- // XXX: we need to call this member peer_ but the struct peer_ global type
- // behind peer* clashes despite our private Comm:: namespace
- // (it being global gets inherited here too).
+ InstanceId<Connection, uint64_t> id;
+private:
/** cache_peer data object (if any) */
- peer *_peer;
-};
-
-MEMPROXY_CLASS_INLINE(Connection);
+ CachePeer *peer_;
-}; // namespace Comm
+ /** The time the connection object was created */
+ time_t startTime_;
+ /** TLS connection details*/
+ Security::NegotiationHistory *tlsHistory;
+};
-// NP: Order and namespace here is very important.
-// * The second define inlines the first.
-// * Stream inheritance overloading is searched in the global scope first.
+}; // namespace Comm
-inline std::ostream &
-operator << (std::ostream &os, const Comm::Connection &conn)
-{
- os << "local=" << conn.local << " remote=" << conn.remote;
- if (conn.fd >= 0)
- os << " FD " << conn.fd;
- if (conn.flags != COMM_UNSET)
- os << " flags=" << conn.flags;
-#if USE_IDENT
- if (*conn.rfc931)
- os << " IDENT::" << conn.rfc931;
-#endif
- return os;
-}
+std::ostream &operator << (std::ostream &os, const Comm::Connection &conn);
inline std::ostream &
operator << (std::ostream &os, const Comm::ConnectionPointer &conn)
}
#endif
+