/*
- * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#ifndef _SQUIDCONNECTIONDETAIL_H_
#define _SQUIDCONNECTIONDETAIL_H_
+#include "base/CodeContext.h"
+#include "base/InstanceId.h"
#include "comm/forward.h"
#include "defines.h"
-#include "hier_code.h"
-#include "ip/Address.h"
-#include "mem/forward.h"
-#include "typedefs.h"
#if USE_SQUID_EUI
#include "eui/Eui48.h"
#include "eui/Eui64.h"
#endif
+#include "hier_code.h"
+#include "ip/Address.h"
+#include "ip/forward.h"
+#include "mem/forward.h"
#include "SquidTime.h"
#include <iosfwd>
class CachePeer;
+namespace Security
+{
+class NegotiationHistory;
+};
+
namespace Comm
{
#define COMM_DOBIND 0x08 // requires a bind()
#define COMM_TRANSPARENT 0x10 // arrived via TPROXY
#define COMM_INTERCEPTION 0x20 // arrived via NAT
+#define COMM_REUSEPORT 0x40 //< needs SO_REUSEPORT
+/// not registered with Comm and not owned by any connection-closing code
+#define COMM_ORPHANED 0x40
/**
* Store data about the physical and logical attributes of a connection.
*
- * Some link state can be infered from the data, however this is not an
+ * Some link state can be inferred from the data, however this is not an
* object for state data. But a semantic equivalent for FD with easily
* accessible cached properties not requiring repeated complex lookups.
*
* These objects should not be passed around directly,
* but a Comm::ConnectionPointer should be passed instead.
*/
-class Connection : public RefCountable
+class Connection: public CodeContext
{
MEMPROXY_CLASS(Comm::Connection);
Connection();
/** Clear the connection properties and close any open socket. */
- ~Connection();
+ virtual ~Connection();
- /** Copy an existing connections IP and properties.
- * This excludes the FD. The new copy will be a closed connection.
- */
- ConnectionPointer copyDetails() const;
+ /// Create a new (closed) IDENT Connection object based on our from-Squid
+ /// connection properties.
+ ConnectionPointer cloneIdentDetails() const;
+
+ /// Create a new (closed) Connection object pointing to the same destination
+ /// as this from-Squid connection.
+ ConnectionPointer cloneDestinationDetails() const;
+
+ /// close the still-open connection when its last reference is gone
+ void enterOrphanage() { flags |= COMM_ORPHANED; }
+ /// resume relying on owner(s) to initiate an explicit connection closure
+ void leaveOrphanage() { flags &= ~COMM_ORPHANED; }
/** Close any open socket. */
void close();
/** The time left for this connection*/
time_t timeLeft(const time_t idleTimeout) const;
+ /// Connection establishment timeout for callers that have already decided
+ /// to connect(2), either for the first time or after checking
+ /// EnoughTimeToReForward() during any re-forwarding attempts.
+ /// \returns the time left for this connection to become connected
+ /// \param fwdStart The start time of the peer selection/connection process.
+ time_t connectTimeout(const time_t fwdStart) const;
+
void noteStart() {startTime_ = squid_curtime;}
+
+ Security::NegotiationHistory *tlsNegotiations();
+ const Security::NegotiationHistory *hasTlsNegotiations() const {return tlsHistory;}
+
+ /* CodeContext API */
+ virtual ScopedId codeContextGist() const override;
+ virtual std::ostream &detailCodeContext(std::ostream &os) const override;
+
private:
- /** These objects may not be exactly duplicated. Use copyDetails() instead. */
+ /** These objects may not be exactly duplicated. Use cloneIdentDetails() or
+ * cloneDestinationDetails() instead.
+ */
Connection(const Connection &c);
- /** These objects may not be exactly duplicated. Use copyDetails() instead. */
+ /** These objects may not be exactly duplicated. Use cloneIdentDetails() or
+ * cloneDestinationDetails() instead.
+ */
Connection & operator =(const Connection &c);
public:
/** Quality of Service TOS values currently sent on this connection */
tos_t tos;
- /** Netfilter MARK values currently sent on this connection */
+ /** Netfilter MARK values currently sent on this connection
+ * In case of FTP, the MARK will be sent on data connections as well.
+ */
nfmark_t nfmark;
+ /** Netfilter CONNMARK value previously retrieved from this connection
+ * In case of FTP, the CONNMARK will NOT be applied to data connections, for one main reason:
+ * the CONNMARK could be set by a third party like iptables and overwriting it in squid may
+ * cause side effects and break CONNMARK-based policy. In other words, data connection is
+ * related to control connection, but it's not the same.
+ */
+ nfmark_t nfConnmark = 0;
+
/** COMM flags set on this connection */
int flags;
Eui::Eui64 remoteEui64;
#endif
+ InstanceId<Connection, uint64_t> id;
+
private:
/** cache_peer data object (if any) */
CachePeer *peer_;
/** The time the connection object was created */
time_t startTime_;
+
+ /** TLS connection details*/
+ Security::NegotiationHistory *tlsHistory;
};
}; // namespace Comm
-// NP: Order and namespace here is very important.
-// * The second define inlines the first.
-// * Stream inheritance overloading is searched in the global scope first.
-
-inline std::ostream &
-operator << (std::ostream &os, const Comm::Connection &conn)
-{
- os << "local=" << conn.local << " remote=" << conn.remote;
- if (conn.fd >= 0)
- os << " FD " << conn.fd;
- if (conn.flags != COMM_UNSET)
- os << " flags=" << conn.flags;
-#if USE_IDENT
- if (*conn.rfc931)
- os << " IDENT::" << conn.rfc931;
-#endif
- return os;
-}
+std::ostream &operator << (std::ostream &os, const Comm::Connection &conn);
inline std::ostream &
operator << (std::ostream &os, const Comm::ConnectionPointer &conn)