From: Francesco Chemolli Date: Tue, 18 Sep 2012 21:33:54 +0000 (+0200) Subject: removed all RequestFlags setters/getters except for doneXff X-Git-Tag: SQUID_3_3_0_1~33^2~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1a1f20a42f642597a3cecfd7fc4d188df12fe82;p=thirdparty%2Fsquid.git removed all RequestFlags setters/getters except for doneXff --- diff --git a/src/RequestFlags.h b/src/RequestFlags.h index 9c5acd25f5..75f19e93c2 100644 --- a/src/RequestFlags.h +++ b/src/RequestFlags.h @@ -35,91 +35,46 @@ class RequestFlags { public: - RequestFlags(): - nocache(0), ims(0), auth(0), cachable(0), - hierarchical(0), loopdetect(0), proxy_keepalive(0), proxying(0), - refresh(0), redirected(0), need_validation(0), - fail_on_validation_err(0), stale_if_hit(0), accelerated(0), - ignore_cc(0), intercepted(0), hostVerified(0), spoof_client_ip(0), - internal(0), internalclient(0), must_keepalive(0), pinned(0), - canRePin(0), chunked_reply(0), stream_error(0), sslPeek(0), - done_follow_x_forwarded_for(!FOLLOW_X_FORWARDED_FOR), - sslBumped_(false), destinationIPLookedUp_(false), resetTCP_(false), - isRanged_(false) { -#if USE_HTTP_VIOLATIONS - nocache_hack = 0; -#endif + RequestFlags() { + memset(this,0,sizeof(RequestFlags)); } - unsigned int nocache :1; ///< whether the response to this request may be READ from cache - unsigned int ims :1; - unsigned int auth :1; - unsigned int cachable :1; ///< whether the response to thie request may be stored in the cache - unsigned int hierarchical :1; - unsigned int loopdetect :1; - unsigned int proxy_keepalive :1; - unsigned int proxying :1; /* this should be killed, also in httpstateflags */ - unsigned int refresh :1; - unsigned int redirected :1; - unsigned int need_validation :1; - unsigned int fail_on_validation_err :1; ///< whether we should fail if validation fails - unsigned int stale_if_hit :1; ///< reply is stale if it is a hit + bool nocache :1; ///< whether the response to this request may be READ from cache + bool ims :1; + bool auth :1; + bool cachable :1; ///< whether the response to thie request may be stored in the cache + bool hierarchical :1; + bool loopdetect :1; + bool proxy_keepalive :1; + bool proxying :1; /* this should be killed, also in httpstateflags */ + bool refresh :1; + bool redirected :1; + bool need_validation :1; + bool fail_on_validation_err :1; ///< whether we should fail if validation fails + bool stale_if_hit :1; ///< reply is stale if it is a hit #if USE_HTTP_VIOLATIONS /* for changing/ignoring no-cache requests */ /* TODO: remove the conditional definition, move ifdef to setter */ - unsigned int nocache_hack :1; + bool nocache_hack :1; #endif - unsigned int accelerated :1; - unsigned int ignore_cc :1; - unsigned int intercepted :1; ///< intercepted request - unsigned int hostVerified :1; ///< whether the Host: header passed verification - unsigned int spoof_client_ip :1; /**< spoof client ip if possible */ - unsigned int internal :1; - unsigned int internalclient :1; - unsigned int must_keepalive :1; - unsigned int connection_auth :1; /** Request wants connection oriented auth */ - unsigned int connection_auth_disabled :1; /** Connection oriented auth can not be supported */ - unsigned int connection_proxy_auth :1; /** Request wants connection oriented auth */ - unsigned int pinned :1; /* Request sent on a pinned connection */ - unsigned int canRePin :1; ///< OK to reopen a failed pinned connection - unsigned int auth_sent :1; /* Authentication forwarded */ - unsigned int no_direct :1; /* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */ - unsigned int chunked_reply :1; /**< Reply with chunked transfer encoding */ - unsigned int stream_error :1; /**< Whether stream error has occured */ - unsigned int sslPeek :1; ///< internal ssl-bump request to get server cert - -#if FOLLOW_X_FORWARDED_FOR - /* TODO: move from conditional definition to conditional setting */ -#endif /* FOLLOW_X_FORWARDED_FOR */ - - // When adding new flags, please update cloneAdaptationImmune() as needed. - bool resetTCP() const; - void setResetTCP(); - void clearResetTCP(); - void destinationIPLookupCompleted(); - bool destinationIPLookedUp() const; - // returns a partial copy of the flags that includes only those flags - // that are safe for a related (e.g., ICAP-adapted) request to inherit - RequestFlags cloneAdaptationImmune() const; - - bool isRanged() const; - void setRanged(); - void clearRanged(); - - bool sslBumped() const { return sslBumped_; } - void setSslBumped(bool newValue=true) { sslBumped_=newValue; } - void clearSslBumpeD() { sslBumped_=false; } - - bool doneFollowXFF() const { return done_follow_x_forwarded_for; } - void setDoneFollowXFF() { - done_follow_x_forwarded_for = true; - } - void clearDoneFollowXFF() { - /* do not allow clearing if FOLLOW_X_FORWARDED_FOR is unset */ - done_follow_x_forwarded_for = false || !FOLLOW_X_FORWARDED_FOR; - } -private: - + bool accelerated :1; + bool ignore_cc :1; + bool intercepted :1; ///< intercepted request + bool hostVerified :1; ///< whether the Host: header passed verification + bool spoof_client_ip :1; /**< spoof client ip if possible */ + bool internal :1; + bool internalclient :1; + bool must_keepalive :1; + bool connection_auth :1; /** Request wants connection oriented auth */ + bool connection_auth_disabled :1; /** Connection oriented auth can not be supported */ + bool connection_proxy_auth :1; /** Request wants connection oriented auth */ + bool pinned :1; /* Request sent on a pinned connection */ + bool canRePin :1; ///< OK to reopen a failed pinned connection + bool auth_sent :1; /* Authentication forwarded */ + bool no_direct :1; /* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */ + bool chunked_reply :1; /**< Reply with chunked transfer encoding */ + bool stream_error :1; /**< Whether stream error has occured */ + bool sslPeek :1; ///< internal ssl-bump request to get server cert /* done_follow_x_forwarded_for set by default to the opposite of * compilation option FOLLOW_X_FORWARDED_FOR (so that it returns * always "done" if the build option is disabled. @@ -129,6 +84,16 @@ private: bool destinationIPLookedUp_:1; bool resetTCP_:1; ///< request to reset the TCP stream bool isRanged_ :1; + + // When adding new flags, please update cloneAdaptationImmune() as needed. + // returns a partial copy of the flags that includes only those flags + // that are safe for a related (e.g., ICAP-adapted) request to inherit + RequestFlags cloneAdaptationImmune() const; + + // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done". + bool doneFollowXff() const { + return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR; + } }; #endif /* SQUID_REQUESTFLAGS_H_ */ diff --git a/src/acl/Asn.cc b/src/acl/Asn.cc index c0b94d7d65..bfed5102c8 100644 --- a/src/acl/Asn.cc +++ b/src/acl/Asn.cc @@ -641,7 +641,7 @@ ACLDestinationASNStrategy::match (ACLData * &data, ACLFilledChecklist return 0; - } else if (!checklist->request->flags.destinationIPLookedUp()) { + } else if (!checklist->request->flags.destinationIPLookedUp_) { /* No entry in cache, lookup not attempted */ /* XXX FIXME: allow accessing the acl name here */ debugs(28, 3, "asnMatchAcl: Can't yet compare '" << "unknown" /*name*/ << "' ACL for '" << checklist->request->GetHost() << "'"); diff --git a/src/acl/DestinationIp.cc b/src/acl/DestinationIp.cc index 8826080472..d3faa875bc 100644 --- a/src/acl/DestinationIp.cc +++ b/src/acl/DestinationIp.cc @@ -72,7 +72,7 @@ ACLDestinationIP::match(ACLChecklist *cl) } return 0; - } else if (!checklist->request->flags.destinationIPLookedUp()) { + } else if (!checklist->request->flags.destinationIPLookedUp_) { /* No entry in cache, lookup not attempted */ debugs(28, 3, "aclMatchAcl: Can't yet compare '" << name << "' ACL for '" << checklist->request->GetHost() << "'"); checklist->changeState (DestinationIPLookup::Instance()); @@ -103,7 +103,7 @@ DestinationIPLookup::LookupDone(const ipcache_addrs *, const DnsLookupDetails &d { ACLFilledChecklist *checklist = Filled((ACLChecklist*)data); assert (checklist->asyncState() == DestinationIPLookup::Instance()); - checklist->request->flags.destinationIPLookupCompleted(); + checklist->request->flags.destinationIPLookedUp_=true; checklist->request->recordLookup(details); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); diff --git a/src/auth/Acl.cc b/src/auth/Acl.cc index cc5de7b2c0..f219cc4350 100644 --- a/src/auth/Acl.cc +++ b/src/auth/Acl.cc @@ -24,7 +24,7 @@ AuthenticateAcl(ACLChecklist *ch) if (NULL == request) { fatal ("requiresRequest SHOULD have been true for this ACL!!"); return ACCESS_DENIED; - } else if (request->flags.sslBumped()) { + } else if (request->flags.sslBumped_) { debugs(28, 5, "SslBumped request: It is an encapsulated request do not authenticate"); checklist->auth_user_request = checklist->conn() != NULL ? checklist->conn()->auth_user_request : request->auth_user_request; if (checklist->auth_user_request != NULL) diff --git a/src/client_side.cc b/src/client_side.cc index f6514f1467..cf62bbf0c8 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -2652,14 +2652,14 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c request->clientConnectionManager = conn; request->flags.accelerated = http->flags.accel; - request->flags.setSslBumped(conn->switchedToHttps()); - request->flags.canRePin = request->flags.sslBumped() && conn->pinning.pinned; + request->flags.setSslBumped_=conn->switchedToHttps(); + request->flags.canRePin = request->flags.sslBumped_ && conn->pinning.pinned; request->flags.ignore_cc = conn->port->ignore_cc; // TODO: decouple http->flags.accel from request->flags.sslBumped - request->flags.no_direct = (request->flags.accelerated && !request->flags.sslBumped()) ? + request->flags.no_direct = (request->flags.accelerated && !request->flags.sslBumped_) ? !conn->port->allow_direct : 0; #if USE_AUTH - if (request->flags.sslBumped()) { + if (request->flags.sslBumped_) { if (conn->auth_user_request != NULL) request->auth_user_request = conn->auth_user_request; } @@ -2823,7 +2823,7 @@ finish: * be freed and the above connNoteUseOfBuffer() would hit an * assertion, not to mention that we were accessing freed memory. */ - if (request && request->flags.resetTCP() && Comm::IsConnOpen(conn->clientConnection)) { + if (request && request->flags.resetTCP_ && Comm::IsConnOpen(conn->clientConnection)) { debugs(33, 3, HERE << "Sending TCP RST on " << conn->clientConnection); conn->flags.readMore = false; comm_reset_close(conn->clientConnection); diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index 64fd47d9f8..9c56dde145 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -1477,7 +1477,7 @@ clientReplyContext::buildReplyHeader() } else if (fdUsageHigh()&& !request->flags.must_keepalive) { debugs(88, 3, "clientBuildReplyHeader: Not many unused FDs, can't keep-alive"); request->flags.proxy_keepalive = 0; - } else if (request->flags.sslBumped() && !reply->persistent()) { + } else if (request->flags.sslBumped_ && !reply->persistent()) { // We do not really have to close, but we pretend we are a tunnel. debugs(88, 3, "clientBuildReplyHeader: bumped reply forces close"); request->flags.proxy_keepalive = 0; diff --git a/src/client_side_request.cc b/src/client_side_request.cc index 05fbc1bc74..f1788caf39 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -534,7 +534,7 @@ clientFollowXForwardedForCheck(allow_t answer, void *data) conn->log_addr = request->indirect_client_addr; } request->x_forwarded_for_iterator.clean(); - request->flags.setDoneFollowXFF(); + request->flags.done_follow_x_forwarded_for=true; if (answer != ACCESS_ALLOWED && answer != ACCESS_DENIED) { debugs(28, DBG_CRITICAL, "ERROR: Processing X-Forwarded-For. Stopping at IP address: " << request->indirect_client_addr ); @@ -710,7 +710,7 @@ void ClientRequestContext::clientAccessCheck() { #if FOLLOW_X_FORWARDED_FOR - if (!http->request->flags.doneFollowXFF() && + if (!http->request->flags.doneFollowXff() && Config.accessList.followXFF && http->request->header.has(HDR_X_FORWARDED_FOR)) { @@ -810,7 +810,7 @@ ClientRequestContext::clientAccessCheckDone(const allow_t &answer) if (auth_challenge) { #if USE_AUTH - if (http->request->flags.sslBumped()) { + if (http->request->flags.sslBumped) { /*SSL Bumped request, authentication is not possible*/ status = HTTP_FORBIDDEN; } else if (!http->flags.accel) { @@ -1106,7 +1106,7 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) request->range = req_hdr->getRange(); if (request->range) { - request->flags.setRanged(); + request->flags.isRanged_=true; clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->data; /* XXX: This is suboptimal. We should give the stream the range set, * and thereby let the top of the stream set the offset when the diff --git a/src/errorpage.cc b/src/errorpage.cc index d4445a29b9..1e4ed0c30b 100644 --- a/src/errorpage.cc +++ b/src/errorpage.cc @@ -631,7 +631,7 @@ errorAppendEntry(StoreEntry * entry, ErrorState * err) if (err->page_id == TCP_RESET) { if (err->request) { debugs(4, 2, "RSTing this reply"); - err->request->flags.setResetTCP(); + err->request->flags.setResetTCP_=true; } } diff --git a/src/forward.cc b/src/forward.cc index 10f11b81e1..5d1f8dacf3 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -953,7 +953,7 @@ FwdState::connectStart() if (ftimeout < ctimeout) ctimeout = ftimeout; - if (serverDestinations[0]->getPeer() && request->flags.sslBumped() == true) { + if (serverDestinations[0]->getPeer() && request->flags.sslBumped_) { debugs(50, 4, "fwdConnectStart: Ssl bumped connections through parrent proxy are not allowed"); ErrorState *anErr = new ErrorState(ERR_CANNOT_FORWARD, HTTP_SERVICE_UNAVAILABLE, request); fail(anErr); diff --git a/src/http.cc b/src/http.cc index 6d0ed19a77..bec7ea56e7 100644 --- a/src/http.cc +++ b/src/http.cc @@ -1652,7 +1652,7 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request, /* pretend it's not a range request */ delete request->range; request->range = NULL; - request->flags.clearRanged(); + request->flags.isRanged_=false; } /* append Via */ diff --git a/src/store.cc b/src/store.cc index 941c2c0054..b504695f2f 100644 --- a/src/store.cc +++ b/src/store.cc @@ -1967,7 +1967,7 @@ StoreEntry::hasIfNoneMatchEtag(const HttpRequest &request) const { const String reqETags = request.header.getList(HDR_IF_NONE_MATCH); // weak comparison is allowed only for HEAD or full-body GET requests - const bool allowWeakMatch = !request.flags.isRanged() && + const bool allowWeakMatch = !request.flags.isRanged_ && (request.method == METHOD_GET || request.method == METHOD_HEAD); return hasOneOfEtags(reqETags, allowWeakMatch); }