From 450fe1cb6394694a53d3c55f4bf7aa03b7785c68 Mon Sep 17 00:00:00 2001 From: Francesco Chemolli Date: Wed, 19 Sep 2012 19:16:56 +0200 Subject: [PATCH] Improved documentation and standardized names for RequestFlags --- src/HttpRequest.cc | 2 +- src/RequestFlags.cc | 3 + src/RequestFlags.h | 129 +++++++++++++++++++-------- src/acl/Asn.cc | 2 +- src/acl/DestinationIp.cc | 6 +- src/auth/Acl.cc | 4 +- src/auth/negotiate/UserRequest.cc | 4 +- src/auth/negotiate/auth_negotiate.cc | 6 +- src/auth/ntlm/UserRequest.cc | 4 +- src/auth/ntlm/auth_ntlm.cc | 6 +- src/client_side.cc | 36 ++++---- src/client_side_reply.cc | 79 ++++++++-------- src/client_side_request.cc | 42 ++++----- src/errorpage.cc | 2 +- src/format/Format.cc | 2 +- src/forward.cc | 8 +- src/http.cc | 22 ++--- src/icmp/net_db.cc | 2 +- src/neighbors.cc | 8 +- src/peer_select.cc | 8 +- src/refresh.cc | 16 ++-- src/store.cc | 2 +- src/tunnel.cc | 2 +- 23 files changed, 220 insertions(+), 175 deletions(-) diff --git a/src/HttpRequest.cc b/src/HttpRequest.cc index e91c2240b3..2556e514c1 100644 --- a/src/HttpRequest.cc +++ b/src/HttpRequest.cc @@ -581,7 +581,7 @@ HttpRequest::cacheable() const // Because it failed verification, or someone bypassed the security tests // we cannot cache the reponse for sharing between clients. // TODO: update cache to store for particular clients only (going to same Host: and destination IP) - if (!flags.hostVerified && (flags.intercepted || flags.spoof_client_ip)) + if (!flags.hostVerified && (flags.intercepted || flags.spoofClientIp)) return false; if (protocol == AnyP::PROTO_HTTP) diff --git a/src/RequestFlags.cc b/src/RequestFlags.cc index 630a38290c..43a1e7e3cb 100644 --- a/src/RequestFlags.cc +++ b/src/RequestFlags.cc @@ -34,6 +34,9 @@ #include "RequestFlags.h" +// When adding new flags, please update cloneAdaptationImmune() as needed. +// returns a partial copy of the flags that includes only those flags +// that are safe for a related (e.g., ICAP-adapted) request to inherit RequestFlags RequestFlags::cloneAdaptationImmune() const { diff --git a/src/RequestFlags.h b/src/RequestFlags.h index 75f19e93c2..d0c0774aeb 100644 --- a/src/RequestFlags.h +++ b/src/RequestFlags.h @@ -32,6 +32,12 @@ * */ +/** request-related flags + * + * The bit-field contains both flags marking a request's current state, + * and flags requesting some processing to be done at a later stage. + * TODO: better distinguish the two cases. + */ class RequestFlags { public: @@ -39,61 +45,106 @@ public: memset(this,0,sizeof(RequestFlags)); } - bool nocache :1; ///< whether the response to this request may be READ from cache + /** true if the response to this request may not be READ from cache */ + bool noCache :1; + /** request is if-modified-since */ bool ims :1; + /** request is authenticated */ bool auth :1; - bool cachable :1; ///< whether the response to thie request may be stored in the cache + /** he response to the request may be stored in the cache */ + bool cachable :1; + /** the request can be forwarded through the hierarchy */ bool hierarchical :1; - bool loopdetect :1; - bool proxy_keepalive :1; - bool proxying :1; /* this should be killed, also in httpstateflags */ + /** a loop was detected on this request */ + bool loopDetected :1; + /** the connection can be kept alive */ + bool proxyKeepalive :1; + /* this should be killed, also in httpstateflags */ + bool proxying :1; + /** content has expired, need to refresh it */ bool refresh :1; + /** request was redirected by redirectors */ bool redirected :1; - bool need_validation :1; - bool fail_on_validation_err :1; ///< whether we should fail if validation fails - bool stale_if_hit :1; ///< reply is stale if it is a hit -#if USE_HTTP_VIOLATIONS - /* for changing/ignoring no-cache requests */ - /* TODO: remove the conditional definition, move ifdef to setter */ - bool nocache_hack :1; -#endif + /** the requested object needs to be validated. See client_side_reply.cc + * for further information. + */ + bool needValidation :1; + /** whether we should fail if validation fails */ + bool failOnValidationError :1; + /** reply is stale if it is a hit */ + bool staleIfHit :1; + /** request to override no-cache directives + * + * always use noCacheHack() for reading. + * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time + */ + bool nocacheHack :1; + /** this request is accelerated (reverse-proxy) */ bool accelerated :1; - bool ignore_cc :1; - bool intercepted :1; ///< intercepted request - bool hostVerified :1; ///< whether the Host: header passed verification - bool spoof_client_ip :1; /**< spoof client ip if possible */ + /** if set, ignore Cache-Control headers */ + bool ignoreCc :1; + /** set for intercepted requests */ + bool intercepted :1; + /** set if the Host: header passed verification */ + bool hostVerified :1; + /** request to spoof the client ip */ + bool spoofClientIp :1; + /** set if the request is internal (\see ClientHttpRequest::flags.internal)*/ bool internal :1; - bool internalclient :1; - bool must_keepalive :1; - bool connection_auth :1; /** Request wants connection oriented auth */ - bool connection_auth_disabled :1; /** Connection oriented auth can not be supported */ - bool connection_proxy_auth :1; /** Request wants connection oriented auth */ - bool pinned :1; /* Request sent on a pinned connection */ - bool canRePin :1; ///< OK to reopen a failed pinned connection - bool auth_sent :1; /* Authentication forwarded */ - bool no_direct :1; /* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */ - bool chunked_reply :1; /**< Reply with chunked transfer encoding */ - bool stream_error :1; /**< Whether stream error has occured */ - bool sslPeek :1; ///< internal ssl-bump request to get server cert - /* done_follow_x_forwarded_for set by default to the opposite of - * compilation option FOLLOW_X_FORWARDED_FOR (so that it returns - * always "done" if the build option is disabled. + /** set for internally-generated requests */ + //XXX this is set in in clientBeginRequest, but never tested. + bool internalClient :1; + /** if set, request to try very hard to keep the connection alive */ + bool mustKeepalive :1; + /** set if the rquest wants connection oriented auth */ + bool connectionAuth :1; + /** set if connection oriented auth can not be supported */ + bool connectionAuthDisabled :1; + /** Request wants connection oriented auth */ + // XXX This is set in clientCheckPinning but never tested + bool connectionProxyAuth :1; + /** set if the request was sent on a pinned connection */ + bool pinned :1; + /** OK to reopen a failed pinned connection */ + bool canRePin :1; + /** Authentication was already sent upstream (e.g. due tcp-level auth) */ + bool authSent :1; + /** Deny direct forwarding unless overriden by always_direct + * Used in accelerator mode */ + bool noDirect :1; + /** Reply with chunked transfer encoding */ + bool chunkedReply :1; + /** set if stream error has occured */ + bool streamError :1; + /** internal ssl-bump request to get server cert */ + bool sslPeek :1; + /** set if X-Forwarded-For checking is complete + * + * do not read directly; use doneFollowXff for reading */ bool done_follow_x_forwarded_for :1; - bool sslBumped_ :1; /**< ssl-bumped request*/ - bool destinationIPLookedUp_:1; - bool resetTCP_:1; ///< request to reset the TCP stream - bool isRanged_ :1; + /** set for ssl-bumped requests */ + bool sslBumped :1; + bool destinationIpLookedUp:1; + /** request to reset the TCP stream */ + bool resetTcp:1; + /** set if the request is ranged */ + bool isRanged :1; - // When adding new flags, please update cloneAdaptationImmune() as needed. - // returns a partial copy of the flags that includes only those flags - // that are safe for a related (e.g., ICAP-adapted) request to inherit + /** clone the flags, resetting to default those which are not safe in + * a related (e.g. ICAP-adapted) request. + */ RequestFlags cloneAdaptationImmune() const; // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done". bool doneFollowXff() const { return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR; } + + // if USE_HTTP_VIOLATIONS is not set, never allow this + bool noCacheHack() const { + return USE_HTTP_VIOLATIONS && nocacheHack; + } }; #endif /* SQUID_REQUESTFLAGS_H_ */ diff --git a/src/acl/Asn.cc b/src/acl/Asn.cc index bfed5102c8..f53420b440 100644 --- a/src/acl/Asn.cc +++ b/src/acl/Asn.cc @@ -641,7 +641,7 @@ ACLDestinationASNStrategy::match (ACLData * &data, ACLFilledChecklist return 0; - } else if (!checklist->request->flags.destinationIPLookedUp_) { + } else if (!checklist->request->flags.destinationIpLookedUp) { /* No entry in cache, lookup not attempted */ /* XXX FIXME: allow accessing the acl name here */ debugs(28, 3, "asnMatchAcl: Can't yet compare '" << "unknown" /*name*/ << "' ACL for '" << checklist->request->GetHost() << "'"); diff --git a/src/acl/DestinationIp.cc b/src/acl/DestinationIp.cc index d3faa875bc..101dcf3fb1 100644 --- a/src/acl/DestinationIp.cc +++ b/src/acl/DestinationIp.cc @@ -56,7 +56,7 @@ ACLDestinationIP::match(ACLChecklist *cl) // To resolve this we will force DIRECT and only to the original client destination. // In which case, we also need this ACL to accurately match the destination if (Config.onoff.client_dst_passthru && checklist->request && - (checklist->request->flags.intercepted || checklist->request->flags.spoof_client_ip)) { + (checklist->request->flags.intercepted || checklist->request->flags.spoofClientIp)) { assert(checklist->conn() && checklist->conn()->clientConnection != NULL); return ACLIP::match(checklist->conn()->clientConnection->local); } @@ -72,7 +72,7 @@ ACLDestinationIP::match(ACLChecklist *cl) } return 0; - } else if (!checklist->request->flags.destinationIPLookedUp_) { + } else if (!checklist->request->flags.destinationIpLookedUp) { /* No entry in cache, lookup not attempted */ debugs(28, 3, "aclMatchAcl: Can't yet compare '" << name << "' ACL for '" << checklist->request->GetHost() << "'"); checklist->changeState (DestinationIPLookup::Instance()); @@ -103,7 +103,7 @@ DestinationIPLookup::LookupDone(const ipcache_addrs *, const DnsLookupDetails &d { ACLFilledChecklist *checklist = Filled((ACLChecklist*)data); assert (checklist->asyncState() == DestinationIPLookup::Instance()); - checklist->request->flags.destinationIPLookedUp_=true; + checklist->request->flags.destinationIpLookedUp=true; checklist->request->recordLookup(details); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); diff --git a/src/auth/Acl.cc b/src/auth/Acl.cc index f219cc4350..6ab23c354b 100644 --- a/src/auth/Acl.cc +++ b/src/auth/Acl.cc @@ -24,7 +24,7 @@ AuthenticateAcl(ACLChecklist *ch) if (NULL == request) { fatal ("requiresRequest SHOULD have been true for this ACL!!"); return ACCESS_DENIED; - } else if (request->flags.sslBumped_) { + } else if (request->flags.sslBumped) { debugs(28, 5, "SslBumped request: It is an encapsulated request do not authenticate"); checklist->auth_user_request = checklist->conn() != NULL ? checklist->conn()->auth_user_request : request->auth_user_request; if (checklist->auth_user_request != NULL) @@ -34,7 +34,7 @@ AuthenticateAcl(ACLChecklist *ch) } else if (request->flags.accelerated) { /* WWW authorization on accelerated requests */ headertype = HDR_AUTHORIZATION; - } else if (request->flags.intercepted || request->flags.spoof_client_ip) { + } else if (request->flags.intercepted || request->flags.spoofClientIp) { debugs(28, DBG_IMPORTANT, "NOTICE: Authentication not applicable on intercepted requests."); return ACCESS_DENIED; } else { diff --git a/src/auth/negotiate/UserRequest.cc b/src/auth/negotiate/UserRequest.cc index ac4e71cc59..c93e70375a 100644 --- a/src/auth/negotiate/UserRequest.cc +++ b/src/auth/negotiate/UserRequest.cc @@ -286,8 +286,8 @@ Auth::Negotiate::UserRequest::HandleReply(void *data, void *lastserver, char *re ++arg; } safe_free(lm_request->server_blob); - lm_request->request->flags.must_keepalive = 1; - if (lm_request->request->flags.proxy_keepalive) { + lm_request->request->flags.mustKeepalive = 1; + if (lm_request->request->flags.proxyKeepalive) { lm_request->server_blob = xstrdup(blob); auth_user_request->user()->credentials(Auth::Handshake); auth_user_request->denyMessage("Authentication in progress"); diff --git a/src/auth/negotiate/auth_negotiate.cc b/src/auth/negotiate/auth_negotiate.cc index 556f9c072c..c40bb0818d 100644 --- a/src/auth/negotiate/auth_negotiate.cc +++ b/src/auth/negotiate/auth_negotiate.cc @@ -218,7 +218,7 @@ Auth::Negotiate::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, return; /* Need keep-alive */ - if (!request->flags.proxy_keepalive && request->flags.must_keepalive) + if (!request->flags.proxyKeepalive && request->flags.mustKeepalive) return; /* New request, no user details */ @@ -229,7 +229,7 @@ Auth::Negotiate::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, if (!keep_alive) { /* drop the connection */ rep->header.delByName("keep-alive"); - request->flags.proxy_keepalive = 0; + request->flags.proxyKeepalive = 0; } } else { Auth::Negotiate::UserRequest *negotiate_request = dynamic_cast(auth_user_request.getRaw()); @@ -241,7 +241,7 @@ Auth::Negotiate::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, /* here it makes sense to drop the connection, as auth is * tied to it, even if MAYBE the client could handle it - Kinkie */ rep->header.delByName("keep-alive"); - request->flags.proxy_keepalive = 0; + request->flags.proxyKeepalive = 0; /* fall through */ case Auth::Ok: diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc index bd2b4ffe13..3648d51feb 100644 --- a/src/auth/ntlm/UserRequest.cc +++ b/src/auth/ntlm/UserRequest.cc @@ -269,8 +269,8 @@ Auth::Ntlm::UserRequest::HandleReply(void *data, void *lastserver, char *reply) if (strncasecmp(reply, "TT ", 3) == 0) { /* we have been given a blob to send to the client */ safe_free(lm_request->server_blob); - lm_request->request->flags.must_keepalive = 1; - if (lm_request->request->flags.proxy_keepalive) { + lm_request->request->flags.mustKeepalive = 1; + if (lm_request->request->flags.proxyKeepalive) { lm_request->server_blob = xstrdup(blob); auth_user_request->user()->credentials(Auth::Handshake); auth_user_request->denyMessage("Authentication in progress"); diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc index 8282cc3c3d..a25f726abf 100644 --- a/src/auth/ntlm/auth_ntlm.cc +++ b/src/auth/ntlm/auth_ntlm.cc @@ -205,7 +205,7 @@ Auth::Ntlm::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, Http return; /* Need keep-alive */ - if (!request->flags.proxy_keepalive && request->flags.must_keepalive) + if (!request->flags.proxyKeepalive && request->flags.mustKeepalive) return; /* New request, no user details */ @@ -215,7 +215,7 @@ Auth::Ntlm::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, Http if (!keep_alive) { /* drop the connection */ - request->flags.proxy_keepalive = 0; + request->flags.proxyKeepalive = 0; } } else { Auth::Ntlm::UserRequest *ntlm_request = dynamic_cast(auth_user_request.getRaw()); @@ -226,7 +226,7 @@ Auth::Ntlm::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, Http case Auth::Failed: /* here it makes sense to drop the connection, as auth is * tied to it, even if MAYBE the client could handle it - Kinkie */ - request->flags.proxy_keepalive = 0; + request->flags.proxyKeepalive = 0; /* fall through */ case Auth::Ok: diff --git a/src/client_side.cc b/src/client_side.cc index cbcea7e97d..e0a280230a 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -833,7 +833,7 @@ ConnStateData::~ConnStateData() } /** - * clientSetKeepaliveFlag() sets request->flags.proxy_keepalive. + * clientSetKeepaliveFlag() sets request->flags.proxyKeepalive. * This is the client-side persistent connection flag. We need * to set this relatively early in the request processing * to handle hacks for broken servers and clients. @@ -849,7 +849,7 @@ clientSetKeepaliveFlag(ClientHttpRequest * http) RequestMethodStr(request->method)); // TODO: move to HttpRequest::hdrCacheInit, just like HttpReply. - request->flags.proxy_keepalive = request->persistent() ? 1 : 0; + request->flags.proxyKeepalive = request->persistent() ? 1 : 0; } static int @@ -985,7 +985,7 @@ ClientSocketContext::sendBody(HttpReply * rep, StoreIOBuffer bodyData) { assert(rep == NULL); - if (!multipartRangeRequest() && !http->request->flags.chunked_reply) { + if (!multipartRangeRequest() && !http->request->flags.chunkedReply) { size_t length = lengthToSend(bodyData.range()); noteSentBodyBytes (length); AsyncCall::Pointer call = commCbCall(33, 5, "clientWriteBodyComplete", @@ -1394,7 +1394,7 @@ ClientSocketContext::sendStartOfMessage(HttpReply * rep, StoreIOBuffer bodyData) if (bodyData.data && bodyData.length) { if (multipartRangeRequest()) packRange(bodyData, mb); - else if (http->request->flags.chunked_reply) { + else if (http->request->flags.chunkedReply) { packChunk(bodyData, *mb); } else { size_t length = lengthToSend(bodyData.range()); @@ -1449,8 +1449,8 @@ clientSocketRecipient(clientStreamNode * node, ClientHttpRequest * http, // After sending Transfer-Encoding: chunked (at least), always send // the last-chunk if there was no error, ignoring responseFinishedOrFailed. - const bool mustSendLastChunk = http->request->flags.chunked_reply && - !http->request->flags.stream_error && !context->startOfOutput(); + const bool mustSendLastChunk = http->request->flags.chunkedReply && + !http->request->flags.streamError && !context->startOfOutput(); if (responseFinishedOrFailed(rep, receivedData) && !mustSendLastChunk) { context->writeComplete(context->clientConnection, NULL, 0, COMM_OK); PROF_stop(clientSocketRecipient); @@ -1738,7 +1738,7 @@ ClientSocketContext::socketState() debugs(33, 5, HERE << "Range request at end of returnable " << "range sequence on " << clientConnection); - if (http->request->flags.proxy_keepalive) + if (http->request->flags.proxyKeepalive) return STREAM_COMPLETE; else return STREAM_UNPLANNED_COMPLETE; @@ -1755,7 +1755,7 @@ ClientSocketContext::socketState() // did we get at least what we expected, based on range specs? if (bytesSent == bytesExpected) { // got everything - if (http->request->flags.proxy_keepalive) + if (http->request->flags.proxyKeepalive) return STREAM_COMPLETE; else return STREAM_UNPLANNED_COMPLETE; @@ -1765,7 +1765,7 @@ ClientSocketContext::socketState() // expected why would persistency matter? Should not this // always be an error? if (bytesSent > bytesExpected) { // got extra - if (http->request->flags.proxy_keepalive) + if (http->request->flags.proxyKeepalive) return STREAM_COMPLETE; else return STREAM_UNPLANNED_COMPLETE; @@ -2471,7 +2471,7 @@ ConnStateData::quitAfterError(HttpRequest *request) // at the client-side, but many such errors do require closure and the // client-side code is bad at handling errors so we play it safe. if (request) - request->flags.proxy_keepalive = 0; + request->flags.proxyKeepalive = 0; flags.readMore = false; debugs(33,4, HERE << "Will close after error: " << clientConnection); } @@ -2652,14 +2652,14 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c request->clientConnectionManager = conn; request->flags.accelerated = http->flags.accel; - request->flags.sslBumped_=conn->switchedToHttps(); - request->flags.canRePin = request->flags.sslBumped_ && conn->pinning.pinned; - request->flags.ignore_cc = conn->port->ignore_cc; + request->flags.sslBumped=conn->switchedToHttps(); + request->flags.canRePin = request->flags.sslBumped && conn->pinning.pinned; + request->flags.ignoreCc = conn->port->ignore_cc; // TODO: decouple http->flags.accel from request->flags.sslBumped - request->flags.no_direct = (request->flags.accelerated && !request->flags.sslBumped_) ? + request->flags.noDirect = (request->flags.accelerated && !request->flags.sslBumped) ? !conn->port->allow_direct : 0; #if USE_AUTH - if (request->flags.sslBumped_) { + if (request->flags.sslBumped) { if (conn->auth_user_request != NULL) request->auth_user_request = conn->auth_user_request; } @@ -2671,7 +2671,7 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c */ if (http->clientConnection != NULL) { request->flags.intercepted = ((http->clientConnection->flags & COMM_INTERCEPTION) != 0); - request->flags.spoof_client_ip = ((http->clientConnection->flags & COMM_TRANSPARENT) != 0 ) ; + request->flags.spoofClientIp = ((http->clientConnection->flags & COMM_TRANSPARENT) != 0 ) ; } if (internalCheck(request->urlpath.termedBuf())) { @@ -2823,7 +2823,7 @@ finish: * be freed and the above connNoteUseOfBuffer() would hit an * assertion, not to mention that we were accessing freed memory. */ - if (request && request->flags.resetTCP_ && Comm::IsConnOpen(conn->clientConnection)) { + if (request && request->flags.resetTcp && Comm::IsConnOpen(conn->clientConnection)) { debugs(33, 3, HERE << "Sending TCP RST on " << conn->clientConnection); conn->flags.readMore = false; comm_reset_close(conn->clientConnection); @@ -3580,7 +3580,7 @@ httpsEstablish(ConnStateData *connState, SSL_CTX *sslContext, Ssl::BumpMode bum fakeRequest->indirect_client_addr = connState->clientConnection->remote; #endif fakeRequest->my_addr = connState->clientConnection->local; - fakeRequest->flags.spoof_client_ip = ((connState->clientConnection->flags & COMM_TRANSPARENT) != 0 ) ; + fakeRequest->flags.spoofClientIp = ((connState->clientConnection->flags & COMM_TRANSPARENT) != 0 ) ; fakeRequest->flags.intercepted = ((connState->clientConnection->flags & COMM_INTERCEPTION) != 0); debugs(33, 4, HERE << details << " try to generate a Dynamic SSL CTX"); connState->switchToHttps(fakeRequest, bumpMode); diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index 9c56dde145..4080026a75 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -129,7 +129,7 @@ void clientReplyContext::setReplyToError(const HttpRequestMethod& method, ErrorS { if (errstate->httpStatus == HTTP_NOT_IMPLEMENTED && http->request) /* prevent confusion over whether we default to persistent or not */ - http->request->flags.proxy_keepalive = 0; + http->request->flags.proxyKeepalive = 0; http->al->http.code = errstate->httpStatus; @@ -390,7 +390,7 @@ clientReplyContext::handleIMSReply(StoreIOBuffer result) // origin replied 304 if (status == HTTP_NOT_MODIFIED) { http->logType = LOG_TCP_REFRESH_UNMODIFIED; - http->request->flags.stale_if_hit = 0; // old_entry is no longer stale + http->request->flags.staleIfHit = 0; // old_entry is no longer stale // update headers on existing entry old_rep->updateOnNotModified(http->storeEntry()->getReply()); @@ -419,7 +419,7 @@ clientReplyContext::handleIMSReply(StoreIOBuffer result) } // origin replied with an error - else if (http->request->flags.fail_on_validation_err) { + else if (http->request->flags.failOnValidationError) { http->logType = LOG_TCP_REFRESH_FAIL_ERR; debugs(88, 3, "handleIMSReply: origin replied with error " << status << ", forwarding to client due to fail_on_validation_err"); @@ -542,9 +542,7 @@ clientReplyContext::cacheHit(StoreIOBuffer result) } if (e->checkNegativeHit() -#if USE_HTTP_VIOLATIONS - && !r->flags.nocache_hack -#endif + && !r->flags.noCacheHack() ) { http->logType = LOG_TCP_NEGATIVE_HIT; sendMoreData(result); @@ -554,13 +552,13 @@ clientReplyContext::cacheHit(StoreIOBuffer result) * We hold a stale copy; it needs to be validated */ /* - * The 'need_validation' flag is used to prevent forwarding + * The 'needValidation' flag is used to prevent forwarding * loops between siblings. If our copy of the object is stale, * then we should probably only use parents for the validation * request. Otherwise two siblings could generate a loop if * both have a stale version of the object. */ - r->flags.need_validation = 1; + r->flags.needValidation = 1; if (e->lastmod < 0) { /* @@ -569,7 +567,7 @@ clientReplyContext::cacheHit(StoreIOBuffer result) */ http->logType = LOG_TCP_MISS; processMiss(); - } else if (r->flags.nocache) { + } else if (r->flags.noCache) { /* * This did not match a refresh pattern that overrides no-cache * we should honour the client no-cache header. @@ -654,7 +652,7 @@ clientReplyContext::processMiss() } /// Deny loops - if (r->flags.loopdetect) { + if (r->flags.loopDetected) { http->al->http.code = HTTP_FORBIDDEN; err = clientBuildError(ERR_ACCESS_DENIED, HTTP_FORBIDDEN, NULL, http->getConn()->clientConnection->remote, http->request); createStoreEntry(r->method, RequestFlags()); @@ -1042,7 +1040,7 @@ clientReplyContext::checkTransferDone() if (http->flags.done_copying) return 1; - if (http->request->flags.chunked_reply && !flags.complete) { + if (http->request->flags.chunkedReply && !flags.complete) { // last-chunk was not sent return 0; } @@ -1186,7 +1184,7 @@ clientReplyContext::replyStatus() const int64_t expectedBodySize = http->storeEntry()->getReply()->bodySize(http->request->method); - if (!http->request->flags.proxy_keepalive && expectedBodySize < 0) { + if (!http->request->flags.proxyKeepalive && expectedBodySize < 0) { debugs(88, 5, "clientReplyStatus: closing, content_length < 0"); return STREAM_FAILED; } @@ -1201,7 +1199,7 @@ clientReplyContext::replyStatus() return STREAM_UNPLANNED_COMPLETE; } - if (http->request->flags.proxy_keepalive) { + if (http->request->flags.proxyKeepalive) { debugs(88, 5, "clientReplyStatus: stream complete and can keepalive"); return STREAM_COMPLETE; } @@ -1376,9 +1374,9 @@ clientReplyContext::buildReplyHeader() } // add Warnings required by RFC 2616 if serving a stale hit - if (http->request->flags.stale_if_hit && logTypeIsATcpHit(http->logType)) { + if (http->request->flags.staleIfHit && logTypeIsATcpHit(http->logType)) { hdr->putWarning(110, "Response is stale"); - if (http->request->flags.need_validation) + if (http->request->flags.needValidation) hdr->putWarning(111, "Revalidation failed"); } @@ -1401,11 +1399,11 @@ clientReplyContext::buildReplyHeader() || (strncasecmp(value, "Kerberos", 8) == 0 && (value[8] == '\0' || value[8] == ' '))) { - if (request->flags.connection_auth_disabled) { + if (request->flags.connectionAuthDisabled) { hdr->delAt(pos, connection_auth_blocked); continue; } - request->flags.must_keepalive = 1; + request->flags.mustKeepalive = 1; if (!request->flags.accelerated && !request->flags.intercepted) { httpHeaderPutStrf(hdr, HDR_PROXY_SUPPORT, "Session-Based-Authentication"); /* @@ -1459,36 +1457,36 @@ clientReplyContext::buildReplyHeader() (request->http_ver >= HttpVersion(1, 1)); /* Check whether we should send keep-alive */ - if (!Config.onoff.error_pconns && reply->sline.status >= 400 && !request->flags.must_keepalive) { + if (!Config.onoff.error_pconns && reply->sline.status >= 400 && !request->flags.mustKeepalive) { debugs(33, 3, "clientBuildReplyHeader: Error, don't keep-alive"); - request->flags.proxy_keepalive = 0; - } else if (!Config.onoff.client_pconns && !request->flags.must_keepalive) { + request->flags.proxyKeepalive = 0; + } else if (!Config.onoff.client_pconns && !request->flags.mustKeepalive) { debugs(33, 2, "clientBuildReplyHeader: Connection Keep-Alive not requested by admin or client"); - request->flags.proxy_keepalive = 0; - } else if (request->flags.proxy_keepalive && shutting_down) { + request->flags.proxyKeepalive = 0; + } else if (request->flags.proxyKeepalive && shutting_down) { debugs(88, 3, "clientBuildReplyHeader: Shutting down, don't keep-alive."); - request->flags.proxy_keepalive = 0; - } else if (request->flags.connection_auth && !reply->keep_alive) { + request->flags.proxyKeepalive = 0; + } else if (request->flags.connectionAuth && !reply->keep_alive) { debugs(33, 2, "clientBuildReplyHeader: Connection oriented auth but server side non-persistent"); - request->flags.proxy_keepalive = 0; + request->flags.proxyKeepalive = 0; } else if (reply->bodySize(request->method) < 0 && !maySendChunkedReply) { debugs(88, 3, "clientBuildReplyHeader: can't keep-alive, unknown body size" ); - request->flags.proxy_keepalive = 0; - } else if (fdUsageHigh()&& !request->flags.must_keepalive) { + request->flags.proxyKeepalive = 0; + } else if (fdUsageHigh()&& !request->flags.mustKeepalive) { debugs(88, 3, "clientBuildReplyHeader: Not many unused FDs, can't keep-alive"); - request->flags.proxy_keepalive = 0; - } else if (request->flags.sslBumped_ && !reply->persistent()) { + request->flags.proxyKeepalive = 0; + } else if (request->flags.sslBumped && !reply->persistent()) { // We do not really have to close, but we pretend we are a tunnel. debugs(88, 3, "clientBuildReplyHeader: bumped reply forces close"); - request->flags.proxy_keepalive = 0; + request->flags.proxyKeepalive = 0; } // Decide if we send chunked reply if (maySendChunkedReply && - request->flags.proxy_keepalive && + request->flags.proxyKeepalive && reply->bodySize(request->method) < 0) { debugs(88, 3, "clientBuildReplyHeader: chunked reply"); - request->flags.chunked_reply = 1; + request->flags.chunkedReply = 1; hdr->putStr(HDR_TRANSFER_ENCODING, "chunked"); } @@ -1506,7 +1504,7 @@ clientReplyContext::buildReplyHeader() hdr->putStr(HDR_VIA, strVia.termedBuf()); } /* Signal keep-alive or close explicitly */ - hdr->putStr(HDR_CONNECTION, request->flags.proxy_keepalive ? "keep-alive" : "close"); + hdr->putStr(HDR_CONNECTION, request->flags.proxyKeepalive ? "keep-alive" : "close"); #if ADD_X_REQUEST_URI /* @@ -1585,7 +1583,7 @@ clientReplyContext::identifyFoundObject(StoreEntry *newEntry) /** \li If the request has no-cache flag set or some no_cache HACK in operation we * 'invalidate' the cached IP entries for this request ??? */ - if (r->flags.nocache) { + if (r->flags.noCache) { #if USE_DNSHELPER ipcacheInvalidate(r->GetHost()); @@ -1593,11 +1591,7 @@ clientReplyContext::identifyFoundObject(StoreEntry *newEntry) ipcacheInvalidateNegative(r->GetHost()); #endif /* USE_DNSHELPER */ - } - -#if USE_HTTP_VIOLATIONS - - else if (r->flags.nocache_hack) { + } else if (r->flags.noCacheHack()) { #if USE_DNSHELPER ipcacheInvalidate(r->GetHost()); @@ -1607,11 +1601,8 @@ clientReplyContext::identifyFoundObject(StoreEntry *newEntry) } -#endif /* USE_HTTP_VIOLATIONS */ #if USE_CACHE_DIGESTS - lookup_type = http->storeEntry() ? "HIT" : "MISS"; - #endif if (NULL == http->storeEntry()) { @@ -1655,7 +1646,7 @@ clientReplyContext::identifyFoundObject(StoreEntry *newEntry) return; } - if (r->flags.nocache) { + if (r->flags.noCache) { debugs(85, 3, "clientProcessRequest2: no-cache REFRESH MISS"); http->storeEntry(NULL); http->logType = LOG_TCP_CLIENT_REFRESH_MISS; @@ -1825,7 +1816,7 @@ clientReplyContext::sendStreamError(StoreIOBuffer const &result) debugs(88, 5, "clientReplyContext::sendStreamError: A stream error has occured, marking as complete and sending no data."); StoreIOBuffer localTempBuffer; flags.complete = 1; - http->request->flags.stream_error = 1; + http->request->flags.streamError = 1; localTempBuffer.flags.error = result.flags.error; clientStreamCallback((clientStreamNode*)http->client_stream.head->data, http, NULL, localTempBuffer); diff --git a/src/client_side_request.cc b/src/client_side_request.cc index eb3be5c3e4..593e4114fa 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -389,7 +389,7 @@ clientBeginRequest(const HttpRequestMethod& method, char const *url, CSCB * stre */ request->flags.accelerated = http->flags.accel; - request->flags.internalclient = 1; + request->flags.internalClient = 1; /* this is an internally created * request, not subject to acceleration @@ -585,7 +585,7 @@ ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B) debugs(85, 3, "SECURITY ALERT: Host header forgery detected on " << http->getConn()->clientConnection << " (" << A << " does not match " << B << ") on URL: " << urlCanonical(http->request)); - // NP: it is tempting to use 'flags.nocache' but that is all about READing cache data. + // NP: it is tempting to use 'flags.noCache' but that is all about READing cache data. // The problems here are about WRITE for new cache content, which means flags.cachable http->request->flags.cachable = 0; // MUST NOT cache (for now) // XXX: when we have updated the cache key to base on raw-IP + URI this cacheable limit can go. @@ -664,7 +664,7 @@ ClientRequestContext::hostHeaderVerify() } debugs(85, 3, HERE << "validate host=" << host << ", port=" << port << ", portStr=" << (portStr?portStr:"NULL")); - if (http->request->flags.intercepted || http->request->flags.spoof_client_ip) { + if (http->request->flags.intercepted || http->request->flags.spoofClientIp) { // verify the Host: port (if any) matches the apparent destination if (portStr && port != http->getConn()->clientConnection->local.GetPort()) { debugs(85, 3, HERE << "FAIL on validate port " << http->getConn()->clientConnection->local.GetPort() << @@ -810,7 +810,7 @@ ClientRequestContext::clientAccessCheckDone(const allow_t &answer) if (auth_challenge) { #if USE_AUTH - if (http->request->flags.sslBumped_) { + if (http->request->flags.sslBumped) { /*SSL Bumped request, authentication is not possible*/ status = HTTP_FORBIDDEN; } else if (!http->flags.accel) { @@ -924,7 +924,7 @@ clientHierarchical(ClientHttpRequest * http) const wordlist *p = NULL; // intercepted requests MUST NOT (yet) be sent to peers unless verified - if (!request->flags.hostVerified && (request->flags.intercepted || request->flags.spoof_client_ip)) + if (!request->flags.hostVerified && (request->flags.intercepted || request->flags.spoofClientIp)) return 0; /* @@ -953,7 +953,7 @@ clientHierarchical(ClientHttpRequest * http) if (strstr(url, p->key)) return 0; - if (request->flags.loopdetect) + if (request->flags.loopDetected) return 0; if (request->protocol == AnyP::PROTO_HTTP) @@ -981,14 +981,14 @@ clientCheckPinning(ClientHttpRequest * http) if (!http_conn) return; - request->flags.connection_auth_disabled = http_conn->port->connection_auth_disabled; - if (!request->flags.connection_auth_disabled) { + request->flags.connectionAuthDisabled = http_conn->port->connection_auth_disabled; + if (!request->flags.connectionAuthDisabled) { if (Comm::IsConnOpen(http_conn->pinning.serverConnection)) { if (http_conn->pinning.auth) { - request->flags.connection_auth = 1; + request->flags.connectionAuth = 1; request->flags.auth = 1; } else { - request->flags.connection_proxy_auth = 1; + request->flags.connectionProxyAuth = 1; } // These should already be linked correctly. assert(request->clientConnectionManager == http_conn); @@ -997,10 +997,10 @@ clientCheckPinning(ClientHttpRequest * http) /* check if connection auth is used, and flag as candidate for pinning * in such case. - * Note: we may need to set flags.connection_auth even if the connection + * Note: we may need to set flags.connectionAuth even if the connection * is already pinned if it was pinned earlier due to proxy auth */ - if (!request->flags.connection_auth) { + if (!request->flags.connectionAuth) { if (req_hdr->has(HDR_AUTHORIZATION) || req_hdr->has(HDR_PROXY_AUTHORIZATION)) { HttpHeaderPos pos = HttpHeaderInitPos; HttpHeaderEntry *e; @@ -1014,10 +1014,10 @@ clientCheckPinning(ClientHttpRequest * http) || strncasecmp(value, "Kerberos ", 9) == 0) { if (e->id == HDR_AUTHORIZATION) { - request->flags.connection_auth = 1; + request->flags.connectionAuth = 1; may_pin = 1; } else { - request->flags.connection_proxy_auth = 1; + request->flags.connectionProxyAuth = 1; may_pin = 1; } } @@ -1045,7 +1045,7 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) if (request->ims > 0) request->flags.ims = 1; - if (!request->flags.ignore_cc) { + if (!request->flags.ignoreCc) { if (req_hdr->has(HDR_PRAGMA)) { String s = req_hdr->getList(HDR_PRAGMA); @@ -1090,13 +1090,13 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) #if USE_HTTP_VIOLATIONS if (Config.onoff.reload_into_ims) - request->flags.nocache_hack = 1; + request->flags.nocacheHack = 1; else if (refresh_nocache_hack) - request->flags.nocache_hack = 1; + request->flags.nocacheHack = 1; else #endif - request->flags.nocache = 1; + request->flags.noCache = 1; } /* ignore range header in non-GETs or non-HEADs */ @@ -1106,7 +1106,7 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) request->range = req_hdr->getRange(); if (request->range) { - request->flags.isRanged_=true; + request->flags.isRanged=true; clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->data; /* XXX: This is suboptimal. We should give the stream the range set, * and thereby let the top of the stream set the offset when the @@ -1150,7 +1150,7 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) if (strListIsSubstr(&s, ThisCache2, ',')) { debugObj(33, 1, "WARNING: Forwarding loop detected for:\n", request, (ObjPackMethod) & httpRequestPack); - request->flags.loopdetect = 1; + request->flags.loopDetected = 1; } #if USE_FORW_VIA_DB @@ -1177,7 +1177,7 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) request->flags.hierarchical = 1; debugs(85, 5, "clientInterpretRequestHeaders: REQ_NOCACHE = " << - (request->flags.nocache ? "SET" : "NOT SET")); + (request->flags.noCache ? "SET" : "NOT SET")); debugs(85, 5, "clientInterpretRequestHeaders: REQ_CACHABLE = " << (request->flags.cachable ? "SET" : "NOT SET")); debugs(85, 5, "clientInterpretRequestHeaders: REQ_HIERARCHICAL = " << diff --git a/src/errorpage.cc b/src/errorpage.cc index 84fdce32f6..aeb3e299a7 100644 --- a/src/errorpage.cc +++ b/src/errorpage.cc @@ -631,7 +631,7 @@ errorAppendEntry(StoreEntry * entry, ErrorState * err) if (err->page_id == TCP_RESET) { if (err->request) { debugs(4, 2, "RSTing this reply"); - err->request->flags.resetTCP_=true; + err->request->flags.resetTcp=true; } } diff --git a/src/format/Format.cc b/src/format/Format.cc index aa88160bf2..260c02fdae 100644 --- a/src/format/Format.cc +++ b/src/format/Format.cc @@ -383,7 +383,7 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS case LFT_LOCAL_LISTENING_IP: { // avoid logging a dash if we have reliable info const bool interceptedAtKnownPort = al->request ? - (al->request->flags.spoof_client_ip || + (al->request->flags.spoofClientIp || al->request->flags.intercepted) && al->cache.port : false; if (interceptedAtKnownPort) { diff --git a/src/forward.cc b/src/forward.cc index 5d1f8dacf3..35c0670a45 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -147,7 +147,7 @@ void FwdState::start(Pointer aSelf) // Bug 3243: CVE 2009-0801 // Bypass of browser same-origin access control in intercepted communication // To resolve this we must force DIRECT and only to the original client destination. - const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.spoof_client_ip); + const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.spoofClientIp); const bool useOriginalDst = Config.onoff.client_dst_passthru || (request && !request->flags.hostVerified); if (isIntercepted && useOriginalDst) { selectPeerForIntercepted(); @@ -953,7 +953,7 @@ FwdState::connectStart() if (ftimeout < ctimeout) ctimeout = ftimeout; - if (serverDestinations[0]->getPeer() && request->flags.sslBumped_) { + if (serverDestinations[0]->getPeer() && request->flags.sslBumped) { debugs(50, 4, "fwdConnectStart: Ssl bumped connections through parrent proxy are not allowed"); ErrorState *anErr = new ErrorState(ERR_CANNOT_FORWARD, HTTP_SERVICE_UNAVAILABLE, request); fail(anErr); @@ -1251,7 +1251,7 @@ FwdState::reforward() ErrorState * FwdState::makeConnectingError(const err_type type) const { - return new ErrorState(type, request->flags.need_validation ? + return new ErrorState(type, request->flags.needValidation ? HTTP_GATEWAY_TIMEOUT : HTTP_SERVICE_UNAVAILABLE, request); } @@ -1397,7 +1397,7 @@ getOutgoingAddress(HttpRequest * request, Comm::ConnectionPointer conn) conn->local.SetIPv4(); // maybe use TPROXY client address - if (request && request->flags.spoof_client_ip) { + if (request && request->flags.spoofClientIp) { if (!conn->getPeer() || !conn->getPeer()->options.no_tproxy) { #if FOLLOW_X_FORWARDED_FOR && LINUX_NETFILTER if (Config.onoff.tproxy_uses_indirect_client) diff --git a/src/http.cc b/src/http.cc index bec7ea56e7..da06ef7576 100644 --- a/src/http.cc +++ b/src/http.cc @@ -379,7 +379,7 @@ HttpStateData::cacheableReply() } } - if (request->flags.auth || request->flags.auth_sent) { + if (request->flags.auth || request->flags.authSent) { /* * Responses to requests with authorization may be cached * only if a Cache-Control: public reply header is present. @@ -716,7 +716,7 @@ HttpStateData::processReplyHeader() } if (!peerSupportsConnectionPinning()) - request->flags.connection_auth_disabled = 1; + request->flags.connectionAuthDisabled = 1; HttpReply *vrep = setVirginReply(newrep); flags.headers_parsed = 1; @@ -1386,18 +1386,18 @@ HttpStateData::processReplyBody() closeHandler = NULL; fwd->unregister(serverConnection); - if (request->flags.spoof_client_ip) + if (request->flags.spoofClientIp) client_addr = request->client_addr; if (request->flags.pinned) { ispinned = true; - } else if (request->flags.connection_auth && request->flags.auth_sent) { + } else if (request->flags.connectionAuth && request->flags.authSent) { ispinned = true; } if (request->pinnedConnection() && ispinned) { request->pinnedConnection()->pinConnection(serverConnection, request, _peer, - (request->flags.connection_auth != 0)); + (request->flags.connectionAuth != 0)); } else { fwd->pconnPush(serverConnection, request->peer_host ? request->peer_host : request->GetHost()); } @@ -1652,7 +1652,7 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request, /* pretend it's not a range request */ delete request->range; request->range = NULL; - request->flags.isRanged_=false; + request->flags.isRanged=false; } /* append Via */ @@ -1988,7 +1988,7 @@ HttpStateData::decideIfWeDoRanges (HttpRequest * request) int64_t roffLimit = request->getRangeOffsetLimit(); if (NULL == request->range || !request->flags.cachable - || request->range->offsetLimitExceeded(roffLimit) || request->flags.connection_auth) + || request->range->offsetLimitExceeded(roffLimit) || request->flags.connectionAuth) result = false; debugs(11, 8, "decideIfWeDoRanges: range specs: " << @@ -2021,10 +2021,10 @@ HttpStateData::buildRequestPrefix(MemBuf * mb) Packer p; httpBuildRequestHeader(request, entry, fwd->al, &hdr, flags); - if (request->flags.pinned && request->flags.connection_auth) - request->flags.auth_sent = 1; + if (request->flags.pinned && request->flags.connectionAuth) + request->flags.authSent = 1; else if (hdr.has(HDR_AUTHORIZATION)) - request->flags.auth_sent = 1; + request->flags.authSent = 1; packerToMemInit(&p, mb); hdr.packInto(&p); @@ -2091,7 +2091,7 @@ HttpStateData::sendRequest() /* * Is keep-alive okay for all request methods? */ - if (request->flags.must_keepalive) + if (request->flags.mustKeepalive) flags.keepalive = 1; else if (!Config.onoff.server_pconns) flags.keepalive = 0; diff --git a/src/icmp/net_db.cc b/src/icmp/net_db.cc index 8d199d1542..195c888101 100644 --- a/src/icmp/net_db.cc +++ b/src/icmp/net_db.cc @@ -1344,7 +1344,7 @@ netdbExchangeStart(void *data) tempBuffer.data = ex->buf; storeClientCopy(ex->sc, ex->e, tempBuffer, netdbExchangeHandleReply, ex); - ex->r->flags.loopdetect = 1; /* cheat! -- force direct */ + ex->r->flags.loopDetected = 1; /* cheat! -- force direct */ if (p->login) xstrncpy(ex->r->login, p->login, MAX_LOGIN_SZ); diff --git a/src/neighbors.cc b/src/neighbors.cc index 3677cf4353..3a9245786b 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -161,19 +161,19 @@ peerAllowedToUse(const CachePeer * p, HttpRequest * request) if (neighborType(p, request) == PEER_SIBLING) { #if PEER_MULTICAST_SIBLINGS if (p->type == PEER_MULTICAST && p->options.mcast_siblings && - (request->flags.nocache || request->flags.refresh || request->flags.loopdetect || request->flags.need_validation)) + (request->flags.noCache || request->flags.refresh || request->flags.loopDetected || request->flags.needValidation)) debugs(15, 2, "peerAllowedToUse(" << p->name << ", " << request->GetHost() << ") : multicast-siblings optimization match"); #endif - if (request->flags.nocache) + if (request->flags.noCache) return false; if (request->flags.refresh) return false; - if (request->flags.loopdetect) + if (request->flags.loopDetected) return false; - if (request->flags.need_validation) + if (request->flags.needValidation) return false; } diff --git a/src/peer_select.cc b/src/peer_select.cc index ae61be4faf..8b1c8e9254 100644 --- a/src/peer_select.cc +++ b/src/peer_select.cc @@ -234,7 +234,7 @@ peerSelectDnsPaths(ps_state *psstate) // on intercepted traffic which failed Host verification const HttpRequest *req = psstate->request; const bool isIntercepted = !req->flags.redirected && - (req->flags.intercepted || req->flags.spoof_client_ip); + (req->flags.intercepted || req->flags.spoofClientIp); const bool useOriginalDst = Config.onoff.client_dst_passthru || !req->flags.hostVerified; const bool choseDirect = fs && fs->code == HIER_DIRECT; if (isIntercepted && useOriginalDst && choseDirect) { @@ -339,7 +339,7 @@ peerSelectDnsResults(const ipcache_addrs *ia, const DnsLookupDetails &details, v break; // for TPROXY we must skip unusable addresses. - if (psstate->request->flags.spoof_client_ip && !(fs->_peer && fs->_peer->options.no_tproxy) ) { + if (psstate->request->flags.spoofClientIp && !(fs->_peer && fs->_peer->options.no_tproxy) ) { if (ia->in_addrs[n].IsIPv4() != psstate->request->client_addr.IsIPv4()) { // we CAN'T spoof the address on this link. find another. continue; @@ -443,11 +443,11 @@ peerSelectFoo(ps_state * ps) ps->acl_checklist = new ACLFilledChecklist(Config.accessList.NeverDirect, request, NULL); ps->acl_checklist->nonBlockingCheck(peerCheckNeverDirectDone, ps); return; - } else if (request->flags.no_direct) { + } else if (request->flags.noDirect) { /** if we are accelerating, direct is not an option. */ ps->direct = DIRECT_NO; debugs(44, 3, "peerSelectFoo: direct = " << DirectStr[ps->direct] << " (forced non-direct)"); - } else if (request->flags.loopdetect) { + } else if (request->flags.loopDetected) { /** if we are in a forwarding-loop, direct is not an option. */ ps->direct = DIRECT_YES; debugs(44, 3, "peerSelectFoo: direct = " << DirectStr[ps->direct] << " (forwarding loop detected)"); diff --git a/src/refresh.cc b/src/refresh.cc index be36c73de3..fe92ca6705 100644 --- a/src/refresh.cc +++ b/src/refresh.cc @@ -267,7 +267,7 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta) debugs(22, 3, "\tentry->timestamp:\t" << mkrfc1123(entry->timestamp)); - if (request && !request->flags.ignore_cc) { + if (request && !request->flags.ignoreCc) { const HttpHdrCc *const cc = request->cache_control; if (cc && cc->hasMinFresh()) { const int32_t minFresh=cc->minFresh(); @@ -293,7 +293,7 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta) entry->mem_obj->getReply()->cache_control->staleIfError() < staleness) { debugs(22, 3, "refreshCheck: stale-if-error period expired."); - request->flags.fail_on_validation_err = 1; + request->flags.failOnValidationError = 1; } if (EBIT_TEST(entry->flags, ENTRY_REVALIDATE) && staleness > -1 @@ -303,12 +303,12 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta) ) { debugs(22, 3, "refreshCheck: YES: Must revalidate stale response"); if (request) - request->flags.fail_on_validation_err = 1; + request->flags.failOnValidationError = 1; return STALE_MUST_REVALIDATE; } /* request-specific checks */ - if (request && !request->flags.ignore_cc) { + if (request && !request->flags.ignoreCc) { HttpHdrCc *cc = request->cache_control; if (request->flags.ims && (R->flags.refresh_ims || Config.onoff.refresh_all_ims)) { @@ -319,7 +319,7 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta) #if USE_HTTP_VIOLATIONS - if (!request->flags.nocache_hack) { + if (!request->flags.noCacheHack()) { (void) 0; } else if (R->flags.ignore_reload) { /* The clients no-cache header is ignored */ @@ -331,7 +331,7 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta) } else { /* The clients no-cache header is not overridden on this request */ debugs(22, 3, "refreshCheck: YES: client reload"); - request->flags.nocache = 1; + request->flags.noCache = 1; return STALE_FORCED_RELOAD; } @@ -398,7 +398,7 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta) if ( max_stale >= 0 && staleness > max_stale) { debugs(22, 3, "refreshCheck: YES: max-stale limit"); if (request) - request->flags.fail_on_validation_err = 1; + request->flags.failOnValidationError = 1; return STALE_MAX_STALE; } @@ -494,7 +494,7 @@ refreshCheckHTTP(const StoreEntry * entry, HttpRequest * request) int reason = refreshCheck(entry, request, 0); ++ refreshCounts[rcHTTP].total; ++ refreshCounts[rcHTTP].status[reason]; - request->flags.stale_if_hit = refreshIsStaleIfHit(reason); + request->flags.staleIfHit = refreshIsStaleIfHit(reason); return (Config.onoff.offline || reason < 200) ? 0 : 1; } diff --git a/src/store.cc b/src/store.cc index b504695f2f..cb415f1fc4 100644 --- a/src/store.cc +++ b/src/store.cc @@ -1967,7 +1967,7 @@ StoreEntry::hasIfNoneMatchEtag(const HttpRequest &request) const { const String reqETags = request.header.getList(HDR_IF_NONE_MATCH); // weak comparison is allowed only for HEAD or full-body GET requests - const bool allowWeakMatch = !request.flags.isRanged_ && + const bool allowWeakMatch = !request.flags.isRanged && (request.method == METHOD_GET || request.method == METHOD_HEAD); return hasOneOfEtags(reqETags, allowWeakMatch); } diff --git a/src/tunnel.cc b/src/tunnel.cc index 7ddf0df8f8..248081f809 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -531,7 +531,7 @@ tunnelConnected(const Comm::ConnectionPointer &server, void *data) TunnelStateData *tunnelState = (TunnelStateData *)data; debugs(26, 3, HERE << server << ", tunnelState=" << tunnelState); - if (tunnelState->request && (tunnelState->request->flags.spoof_client_ip || tunnelState->request->flags.intercepted)) + if (tunnelState->request && (tunnelState->request->flags.spoofClientIp || tunnelState->request->flags.intercepted)) tunnelStartShoveling(tunnelState); // ssl-bumped connection, be quiet else { AsyncCall::Pointer call = commCbCall(5,5, "tunnelConnectedWriteDone", -- 2.47.2