refresh(0), redirected(0), need_validation(0),
fail_on_validation_err(0), stale_if_hit(0), accelerated(0),
ignore_cc(0), intercepted(0), hostVerified(0), spoof_client_ip(0),
- internal(0), internalclient(0), must_keepalive(0), pinned(0),
- canRePin(0), no_direct(false), chunked_reply(false),
- stream_error(false), sslPeek_(false),
- done_follow_x_forwarded_for(!FOLLOW_X_FORWARDED_FOR),
+ internal(0), internalclient(0), must_keepalive(0), pinned(false),
+ canRePin_(false), authSent_(false), noDirect_(false), chunkedReply_(false),
+ streamError_(false), sslPeek_(false),
+ doneFollowXForwardedFor(!FOLLOW_X_FORWARDED_FOR),
sslBumped_(false), destinationIPLookedUp_(false), resetTCP_(false),
isRanged_(false)
{
unsigned int connection_auth :1; /** Request wants connection oriented auth */
unsigned int connection_auth_disabled :1; /** Connection oriented auth can not be supported */
unsigned int connection_proxy_auth :1; /** Request wants connection oriented auth */
- unsigned int pinned :1; /* Request sent on a pinned connection */
- unsigned int canRePin :1; ///< OK to reopen a failed pinned connection
- unsigned int auth_sent :1; /* Authentication forwarded */
// When adding new flags, please update cloneAdaptationImmune() as needed.
bool resetTCP() const;
void setSslBumped(bool newValue=true) { sslBumped_=newValue; }
void clearSslBumpeD() { sslBumped_=false; }
- bool doneFollowXFF() const { return done_follow_x_forwarded_for; }
+ bool doneFollowXFF() const { return doneFollowXForwardedFor; }
void setDoneFollowXFF() {
- done_follow_x_forwarded_for = true;
+ doneFollowXForwardedFor = true;
}
void clearDoneFollowXFF() {
/* do not allow clearing if FOLLOW_X_FORWARDED_FOR is unset */
- done_follow_x_forwarded_for = false || !FOLLOW_X_FORWARDED_FOR;
+ doneFollowXForwardedFor = false || !FOLLOW_X_FORWARDED_FOR;
}
bool sslPeek() const { return sslPeek_; }
void setSslPeek() { sslPeek_=true; }
void clearSslPeek() { sslPeek_=false; }
- bool hadStreamError() const { return stream_error; }
- void setStreamError() { stream_error = true; }
- void clearStreamError() { stream_error = false; }
+ bool hadStreamError() const { return streamError_; }
+ void setStreamError() { streamError_ = true; }
+ void clearStreamError() { streamError_ = false; }
- bool isReplyChunked() const { return chunked_reply; }
- void markReplyChunked() { chunked_reply = true; }
+ bool isReplyChunked() const { return chunkedReply_; }
+ void markReplyChunked() { chunkedReply_ = true; }
- void setNoDirect() { no_direct=true; }
- bool noDirect() { return no_direct; }
+ void setNoDirect() { noDirect_=true; }
+ bool noDirect() const{ return noDirect_; }
+ bool authSent() const { return authSent_; }
+ void markAuthSent() { authSent_=true;}
+
+ bool canRePin() const { return canRePin_; }
+ void allowRepinning() { canRePin_=true; }
+
+ void markPinned() { pinned = true; }
+ void clearPinned() { pinned = false; }
+ bool connPinned() const { return pinned; }
private:
+ bool pinned :1; ///< Request sent on a pinned connection
+ bool canRePin_ :1; ///< OK to reopen a failed pinned connection
+ bool authSent_ :1; ///< Authentication was forwarded
/** Deny direct forwarding unless overriden by always_direct.
* Used in accelerator mode */
- bool no_direct :1;
- bool chunked_reply :1; /**< Reply with chunked transfer encoding */
- bool stream_error :1; /**< Whether stream error has occured */
+ bool noDirect_ :1;
+ bool chunkedReply_ :1; ///< Reply with chunked transfer encoding
+ bool streamError_ :1; ///< Whether stream error has occured
bool sslPeek_ :1; ///< internal ssl-bump request to get server cert
- /* done_follow_x_forwarded_for is set by default to the opposite of
+ /* doneFollowXForwardedFor is set by default to the opposite of
* compilation option FOLLOW_X_FORWARDED_FOR (so that it returns
* always "done" if the build option is disabled).
*/
- bool done_follow_x_forwarded_for :1;
+ bool doneFollowXForwardedFor :1;
bool sslBumped_ :1; /**< ssl-bumped request*/
bool destinationIPLookedUp_:1;
bool resetTCP_:1; ///< request to reset the TCP stream
peerConnectSucceded(serverConnection()->getPeer());
// some requests benefit from pinning but do not require it and can "repin"
- const bool rePin = request->flags.canRePin &&
+ const bool rePin = request->flags.canRePin() &&
request->clientConnectionManager.valid();
if (rePin) {
debugs(17, 3, HERE << "repinning " << serverConn);
request->clientConnectionManager->pinConnection(serverConn,
request, serverConn->getPeer(), request->flags.auth);
- request->flags.pinned = 1;
+ request->flags.markPinned();
}
#if USE_SSL
- if (!request->flags.pinned || rePin) {
+ if (!request->flags.connPinned() || rePin) {
if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) ||
(!serverConnection()->getPeer() && request->protocol == AnyP::PROTO_HTTPS) ||
request->flags.sslPeek()) {
return;
}
- request->flags.pinned = 0; // XXX: what if the ConnStateData set this to flag existing credentials?
+ request->flags.clearPinned(); // XXX: what if the ConnStateData set this to flag existing credentials?
// XXX: answer: the peer selection *should* catch it and give us only the pinned peer. so we reverse the =0 step below.
// XXX: also, logs will now lie if pinning is broken and leads to an error message.
if (serverDestinations[0]->peerType == PINNED) {
serverConn->peerType = HIER_DIRECT;
#endif
++n_tries;
- request->flags.pinned = 1;
+ request->flags.markPinned();
if (pinned_connection->pinnedAuth())
request->flags.auth = 1;
comm_add_close_handler(serverConn->fd, fwdServerClosedWrapper, this);
}
/* Failure. Fall back on next path unless we can re-pin */
debugs(17,2,HERE << "Pinned connection failed: " << pinned_connection);
- if (pconnRace != raceHappened || !request->flags.canRePin) {
+ if (pconnRace != raceHappened || !request->flags.canRePin()) {
serverDestinations.shift();
pconnRace = raceImpossible;
startConnectionOrFail();
}
}
- if (request->flags.auth || request->flags.auth_sent) {
+ if (request->flags.auth || request->flags.authSent()) {
/*
* Responses to requests with authorization may be cached
* only if a Cache-Control: public reply header is present.
return true;
/*if the connections it is already pinned it is OK*/
- if (request->flags.pinned)
+ if (request->flags.connPinned())
return true;
/*Allow pinned connections only if the Proxy-support header exists in
if (request->flags.spoof_client_ip)
client_addr = request->client_addr;
- if (request->flags.pinned) {
+ if (request->flags.connPinned()) {
ispinned = true;
- } else if (request->flags.connection_auth && request->flags.auth_sent) {
+ } else if (request->flags.connection_auth && request->flags.authSent()) {
ispinned = true;
}
Packer p;
httpBuildRequestHeader(request, entry, fwd->al, &hdr, flags);
- if (request->flags.pinned && request->flags.connection_auth)
- request->flags.auth_sent = 1;
+ if (request->flags.connPinned() && request->flags.connection_auth)
+ request->flags.markAuthSent();
else if (hdr.has(HDR_AUTHORIZATION))
- request->flags.auth_sent = 1;
+ request->flags.markAuthSent();
packerToMemInit(&p, mb);
hdr.packInto(&p);
projects / thirdparty / squid.git / commitdiff
