class RequestFlags
{
public:
- RequestFlags():
- nocache(0), ims(0), auth(0), cachable(0),
- hierarchical(0), loopdetect(0), proxy_keepalive(0), proxying(0),
- refresh(0), redirected(0), need_validation(0),
- fail_on_validation_err(0), stale_if_hit(0), accelerated(0),
- ignore_cc(0), intercepted(0), hostVerified(0), spoof_client_ip(0),
- internal(0), internalclient(0), must_keepalive(0), pinned(0),
- canRePin(0), chunked_reply(0), stream_error(0), sslPeek(0),
- done_follow_x_forwarded_for(!FOLLOW_X_FORWARDED_FOR),
- sslBumped_(false), destinationIPLookedUp_(false), resetTCP_(false),
- isRanged_(false) {
-#if USE_HTTP_VIOLATIONS
- nocache_hack = 0;
-#endif
+ RequestFlags() {
+ memset(this,0,sizeof(RequestFlags));
}
- unsigned int nocache :1; ///< whether the response to this request may be READ from cache
- unsigned int ims :1;
- unsigned int auth :1;
- unsigned int cachable :1; ///< whether the response to thie request may be stored in the cache
- unsigned int hierarchical :1;
- unsigned int loopdetect :1;
- unsigned int proxy_keepalive :1;
- unsigned int proxying :1; /* this should be killed, also in httpstateflags */
- unsigned int refresh :1;
- unsigned int redirected :1;
- unsigned int need_validation :1;
- unsigned int fail_on_validation_err :1; ///< whether we should fail if validation fails
- unsigned int stale_if_hit :1; ///< reply is stale if it is a hit
+ bool nocache :1; ///< whether the response to this request may be READ from cache
+ bool ims :1;
+ bool auth :1;
+ bool cachable :1; ///< whether the response to thie request may be stored in the cache
+ bool hierarchical :1;
+ bool loopdetect :1;
+ bool proxy_keepalive :1;
+ bool proxying :1; /* this should be killed, also in httpstateflags */
+ bool refresh :1;
+ bool redirected :1;
+ bool need_validation :1;
+ bool fail_on_validation_err :1; ///< whether we should fail if validation fails
+ bool stale_if_hit :1; ///< reply is stale if it is a hit
#if USE_HTTP_VIOLATIONS
/* for changing/ignoring no-cache requests */
/* TODO: remove the conditional definition, move ifdef to setter */
- unsigned int nocache_hack :1;
+ bool nocache_hack :1;
#endif
- unsigned int accelerated :1;
- unsigned int ignore_cc :1;
- unsigned int intercepted :1; ///< intercepted request
- unsigned int hostVerified :1; ///< whether the Host: header passed verification
- unsigned int spoof_client_ip :1; /**< spoof client ip if possible */
- unsigned int internal :1;
- unsigned int internalclient :1;
- unsigned int must_keepalive :1;
- unsigned int connection_auth :1; /** Request wants connection oriented auth */
- unsigned int connection_auth_disabled :1; /** Connection oriented auth can not be supported */
- unsigned int connection_proxy_auth :1; /** Request wants connection oriented auth */
- unsigned int pinned :1; /* Request sent on a pinned connection */
- unsigned int canRePin :1; ///< OK to reopen a failed pinned connection
- unsigned int auth_sent :1; /* Authentication forwarded */
- unsigned int no_direct :1; /* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */
- unsigned int chunked_reply :1; /**< Reply with chunked transfer encoding */
- unsigned int stream_error :1; /**< Whether stream error has occured */
- unsigned int sslPeek :1; ///< internal ssl-bump request to get server cert
-
-#if FOLLOW_X_FORWARDED_FOR
- /* TODO: move from conditional definition to conditional setting */
-#endif /* FOLLOW_X_FORWARDED_FOR */
-
- // When adding new flags, please update cloneAdaptationImmune() as needed.
- bool resetTCP() const;
- void setResetTCP();
- void clearResetTCP();
- void destinationIPLookupCompleted();
- bool destinationIPLookedUp() const;
- // returns a partial copy of the flags that includes only those flags
- // that are safe for a related (e.g., ICAP-adapted) request to inherit
- RequestFlags cloneAdaptationImmune() const;
-
- bool isRanged() const;
- void setRanged();
- void clearRanged();
-
- bool sslBumped() const { return sslBumped_; }
- void setSslBumped(bool newValue=true) { sslBumped_=newValue; }
- void clearSslBumpeD() { sslBumped_=false; }
-
- bool doneFollowXFF() const { return done_follow_x_forwarded_for; }
- void setDoneFollowXFF() {
- done_follow_x_forwarded_for = true;
- }
- void clearDoneFollowXFF() {
- /* do not allow clearing if FOLLOW_X_FORWARDED_FOR is unset */
- done_follow_x_forwarded_for = false || !FOLLOW_X_FORWARDED_FOR;
- }
-private:
-
+ bool accelerated :1;
+ bool ignore_cc :1;
+ bool intercepted :1; ///< intercepted request
+ bool hostVerified :1; ///< whether the Host: header passed verification
+ bool spoof_client_ip :1; /**< spoof client ip if possible */
+ bool internal :1;
+ bool internalclient :1;
+ bool must_keepalive :1;
+ bool connection_auth :1; /** Request wants connection oriented auth */
+ bool connection_auth_disabled :1; /** Connection oriented auth can not be supported */
+ bool connection_proxy_auth :1; /** Request wants connection oriented auth */
+ bool pinned :1; /* Request sent on a pinned connection */
+ bool canRePin :1; ///< OK to reopen a failed pinned connection
+ bool auth_sent :1; /* Authentication forwarded */
+ bool no_direct :1; /* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */
+ bool chunked_reply :1; /**< Reply with chunked transfer encoding */
+ bool stream_error :1; /**< Whether stream error has occured */
+ bool sslPeek :1; ///< internal ssl-bump request to get server cert
/* done_follow_x_forwarded_for set by default to the opposite of
* compilation option FOLLOW_X_FORWARDED_FOR (so that it returns
* always "done" if the build option is disabled.
bool destinationIPLookedUp_:1;
bool resetTCP_:1; ///< request to reset the TCP stream
bool isRanged_ :1;
+
+ // When adding new flags, please update cloneAdaptationImmune() as needed.
+ // returns a partial copy of the flags that includes only those flags
+ // that are safe for a related (e.g., ICAP-adapted) request to inherit
+ RequestFlags cloneAdaptationImmune() const;
+
+ // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
+ bool doneFollowXff() const {
+ return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR;
+ }
};
#endif /* SQUID_REQUESTFLAGS_H_ */
request->clientConnectionManager = conn;
request->flags.accelerated = http->flags.accel;
- request->flags.setSslBumped(conn->switchedToHttps());
- request->flags.canRePin = request->flags.sslBumped() && conn->pinning.pinned;
+ request->flags.setSslBumped_=conn->switchedToHttps();
+ request->flags.canRePin = request->flags.sslBumped_ && conn->pinning.pinned;
request->flags.ignore_cc = conn->port->ignore_cc;
// TODO: decouple http->flags.accel from request->flags.sslBumped
- request->flags.no_direct = (request->flags.accelerated && !request->flags.sslBumped()) ?
+ request->flags.no_direct = (request->flags.accelerated && !request->flags.sslBumped_) ?
!conn->port->allow_direct : 0;
#if USE_AUTH
- if (request->flags.sslBumped()) {
+ if (request->flags.sslBumped_) {
if (conn->auth_user_request != NULL)
request->auth_user_request = conn->auth_user_request;
}
* be freed and the above connNoteUseOfBuffer() would hit an
* assertion, not to mention that we were accessing freed memory.
*/
- if (request && request->flags.resetTCP() && Comm::IsConnOpen(conn->clientConnection)) {
+ if (request && request->flags.resetTCP_ && Comm::IsConnOpen(conn->clientConnection)) {
debugs(33, 3, HERE << "Sending TCP RST on " << conn->clientConnection);
conn->flags.readMore = false;
comm_reset_close(conn->clientConnection);
conn->log_addr = request->indirect_client_addr;
}
request->x_forwarded_for_iterator.clean();
- request->flags.setDoneFollowXFF();
+ request->flags.done_follow_x_forwarded_for=true;
if (answer != ACCESS_ALLOWED && answer != ACCESS_DENIED) {
debugs(28, DBG_CRITICAL, "ERROR: Processing X-Forwarded-For. Stopping at IP address: " << request->indirect_client_addr );
ClientRequestContext::clientAccessCheck()
{
#if FOLLOW_X_FORWARDED_FOR
- if (!http->request->flags.doneFollowXFF() &&
+ if (!http->request->flags.doneFollowXff() &&
Config.accessList.followXFF &&
http->request->header.has(HDR_X_FORWARDED_FOR)) {
if (auth_challenge) {
#if USE_AUTH
- if (http->request->flags.sslBumped()) {
+ if (http->request->flags.sslBumped) {
/*SSL Bumped request, authentication is not possible*/
status = HTTP_FORBIDDEN;
} else if (!http->flags.accel) {
request->range = req_hdr->getRange();
if (request->range) {
- request->flags.setRanged();
+ request->flags.isRanged_=true;
clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->data;
/* XXX: This is suboptimal. We should give the stream the range set,
* and thereby let the top of the stream set the offset when the
projects / thirdparty / squid.git / commitdiff
