File Reference
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "acl/Gadgets.h"
#include "anyp/PortCfg.h"
#include "base/AsyncJobCalls.h"
#include "client_side.h"
#include "client_side_reply.h"
#include "client_side_request.h"
#include "ClientRequestContext.h"
#include "clientStream.h"
#include "comm/Connection.h"
#include "comm/Write.h"
#include "err_detail_type.h"
#include "errorpage.h"
#include "fd.h"
#include "fde.h"
#include "format/Token.h"
#include "gopher.h"
#include "helper.h"
#include "helper/Reply.h"
#include "http.h"
#include "http/Stream.h"
#include "HttpHdrCc.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "ip/NfMarkConfig.h"
#include "ip/QosConfig.h"
#include "ipcache.h"
#include "log/access_log.h"
#include "MemObject.h"
#include "Parsing.h"
#include "profiler/Profiler.h"
#include "proxyp/Header.h"
#include "redirect.h"
#include "rfc1738.h"
#include "SquidConfig.h"
#include "SquidTime.h"
#include "Store.h"
#include "StrList.h"
#include "tools.h"
#include "wordlist.h"
#include "auth/UserRequest.h"
#include "adaptation/AccessCheck.h"
#include "adaptation/Answer.h"
#include "adaptation/Iterator.h"
#include "adaptation/Service.h"
#include "adaptation/icap/History.h"
#include "ssl/ServerBump.h"
#include "ssl/support.h"
Include dependency graph for

Go to the source code of this file.


#define FAILURE_MODE_TIME   300


static void clientFollowXForwardedForCheck (allow_t answer, void *data)
ErrorStateclientBuildError (err_type, Http::StatusCode, char const *url, Ip::Address &, HttpRequest *, const AccessLogEntry::Pointer &)
static void clientAccessCheckDoneWrapper (allow_t, void *)
static void sslBumpAccessCheckDoneWrapper (allow_t, void *)
static int clientHierarchical (ClientHttpRequest *http)
static void clientInterpretRequestHeaders (ClientHttpRequest *http)
static void checkNoCacheDoneWrapper (allow_t, void *)
static void checkFailureRatio (err_type, hier_code)
int clientBeginRequest (const HttpRequestMethod &method, char const *url, CSCB *streamcallback, CSD *streamdetach, ClientStreamData streamdata, HttpHeader const *header, char *tailbuf, size_t taillen, const MasterXaction::Pointer &mx)
static void hostHeaderIpVerifyWrapper (const ipcache_addrs *ia, const Dns::LookupDetails &dns, void *data)
static void clientRedirectAccessCheckDone (allow_t answer, void *data)
static void clientStoreIdAccessCheckDone (allow_t answer, void *data)
static void clientCheckPinning (ClientHttpRequest *http)
void clientRedirectDoneWrapper (void *data, const Helper::Reply &result)
void clientStoreIdDoneWrapper (void *data, const Helper::Reply &result)
static void SslBumpEstablish (const Comm::ConnectionPointer &, char *, size_t, Comm::Flag errflag, int, void *data)
tos_t aclMapTOS (acl_tos *head, ACLChecklist *ch)
 Checks for a TOS value to apply depending on the ACL. More...
Ip::NfMarkConfig aclFindNfMarkConfig (acl_nfmark *head, ACLChecklist *ch)
 Checks for a netfilter mark value to apply depending on the ACL. More...


static const char *const crlf = "\r\n"
static HLPCB clientRedirectDoneWrapper
static HLPCB clientStoreIdDoneWrapper
SQUIDCEXTERN CSS clientReplyStatus
SQUIDCEXTERN CSD clientReplyDetach

Macro Definition Documentation


#define FAILURE_MODE_TIME   300

Referenced by checkFailureRatio().

Function Documentation

◆ aclFindNfMarkConfig()

◆ aclMapTOS()

◆ checkFailureRatio()

static void checkFailureRatio ( err_type  etype,
hier_code  hcode 

This function is designed to serve a fairly specific purpose. Occasionally our vBNS-connected caches can talk to each other, but not the rest of the world. Here we try to detect frequent failures which make the cache unusable (e.g. DNS lookup and connect() failures). If the failure:success ratio goes above 1.0 then we go into "hit only" mode where we only return UDP_HIT or UDP_MISS_NOFETCH. Neighbors will only fetch HITs from us if they are using the ICP protocol. We stay in this mode for 5 minutes.

Duane W., Sept 16, 1996

Definition at line 213 of file

References Config, DBG_CRITICAL, debugs, ERR_CONNECT_FAIL, ERR_DNS_FAIL, ERR_READ_ERROR, ERR_SECURE_CONNECT_FAIL, FAILURE_MODE_TIME, HIER_NONE, hit_only_mode_until, SquidConfig::icp, SquidConfig::Port, request_failure_ratio, and squid_curtime.

Referenced by ClientHttpRequest::~ClientHttpRequest().

◆ checkNoCacheDoneWrapper()

static void checkNoCacheDoneWrapper ( allow_t  answer,
void *  data 

◆ clientAccessCheckDoneWrapper()

◆ clientBeginRequest()

int clientBeginRequest ( const HttpRequestMethod method,
char const *  url,
CSCB streamcallback,
CSD streamdetach,
ClientStreamData  streamdata,
HttpHeader const *  header,
char *  tailbuf,
size_t  taillen,
const MasterXaction::Pointer mx 

◆ clientBuildError()

ErrorState* clientBuildError ( err_type  ,
Http::StatusCode  ,
char const *  url,
Ip::Address ,
HttpRequest ,
const AccessLogEntry::Pointer  

◆ clientCheckPinning()

◆ clientFollowXForwardedForCheck()

static void clientFollowXForwardedForCheck ( allow_t  answer,
void *  data 

clientFollowXForwardedForCheck() checks the content of X-Forwarded-For: against the followXFF ACL, or cleans up and passes control to clientAccessCheck().

The trust model here is a little ambiguous. So to clarify the logic:

  • we may always use the direct client address as the client IP.
  • these trust tests merey tell whether we trust given IP enough to believe the IP string which it appended to the X-Forwarded-For: header.
  • if at any point we don't trust what an IP adds we stop looking.
  • at that point the current contents of indirect_client_addr are the value set by the last previously trusted IP. ++ indirect_client_addr contains the remote direct client from the trusted peers viewpoint.

Definition at line 440 of file

References SquidConfig::accessList, ClientRequestContext::acl_checklist, SquidConfig::acl_uses_indirect_client, addr, ClientHttpRequest::al, allow_t::allowed(), AccessLogEntry::cache, AccessLogEntry::CacheDetails::caddr, ClientHttpRequest::calloutContext, String::clean(), ClientRequestContext::clientAccessCheck(), clientAclChecklistCreate(), Config, allow_t::conflicted(), conn, String::cut(), DBG_CRITICAL, debugs, RequestFlags::done_follow_x_forwarded_for, Filled(), HttpRequest::flags, SquidConfig::followXFF, ClientHttpRequest::getConn(), ClientRequestContext::http, ClientRequestContext::httpStateIsValid(), HttpRequest::indirect_client_addr, SquidConfig::log_uses_indirect_client, ACLChecklist::nonBlockingCheck(), SquidConfig::onoff, p, ClientHttpRequest::request, String::size(), ACLFilledChecklist::src_addr, String::termedBuf(), HttpRequest::x_forwarded_for_iterator, and xisspace.

Referenced by ClientRequestContext::clientAccessCheck().

◆ clientHierarchical()

◆ clientInterpretRequestHeaders()

static void clientInterpretRequestHeaders ( ClientHttpRequest http)

Definition at line 1036 of file

References RequestFlags::auth, Http::AUTHORIZATION, HttpHdrRange::begin(), RequestFlags::cachable, Http::Message::cache_control, String::clean(), ClientHttpRequest::client_stream, clientCheckPinning(), clientHierarchical(), Config, dlink_node::data, debugObj(), debugs, HttpHeader::delById(), HttpHdrRange::end(), HttpHdrRangeIter::end, HttpRequest::flags, fvdbCountForw(), fvdbCountVia(), HttpHeader::getList(), HttpHeader::getRange(), HttpHeader::getTime(), HttpHeader::has(), HttpHeader::hasListMember(), HttpHdrCc::hasNoCache(), Http::Message::header, RequestFlags::hierarchical, httpRequestPack(), Http::IF_MODIFIED_SINCE, RequestFlags::ignoreCc, HttpRequest::ignoreRange(), RequestFlags::ims, HttpRequest::ims, HttpRequest::imslen, RequestFlags::isRanged, RequestFlags::loopDetected, HttpHdrRange::lowestOffset(), HttpRequest::maybeCacheable(), HttpRequest::method, Http::METHOD_GET, Http::METHOD_HEAD, Http::METHOD_OTHER, RequestFlags::noCache, RequestFlags::nocacheHack, StoreIOBuffer::offset, SquidConfig::onoff, HttpHdrRangeIter::pos, Http::PRAGMA, Http::RANGE, HttpRequest::range, ClientHttpRequest::range_iter, clientStreamNode::readBuffer, refresh_nocache_hack, SquidConfig::reload_into_ims, ClientHttpRequest::request, Http::REQUEST_RANGE, strListIsSubstr(), dlink_list::tail, String::termedBuf(), ThisCache2, HttpRequest::url, AnyP::Uri::userInfo(), HttpHdrRangeIter::valid, Http::VIA, and Http::X_FORWARDED_FOR.

Referenced by ClientHttpRequest::doCallouts().

◆ clientRedirectAccessCheckDone()

◆ clientRedirectDoneWrapper()

void clientRedirectDoneWrapper ( void *  data,
const Helper::Reply result 

◆ clientStoreIdAccessCheckDone()

static void clientStoreIdAccessCheckDone ( allow_t  answer,
void *  data 

This methods handles Access checks result of StoreId access list. Will handle as "ERR" (no change) in a case Access is not allowed.

Definition at line 894 of file

References ClientRequestContext::acl_checklist, allow_t::allowed(), ClientRequestContext::clientStoreIdDone(), clientStoreIdDoneWrapper, data, debugs, Helper::Error, ClientRequestContext::http, NULL, and storeIdStart().

Referenced by ClientRequestContext::clientStoreIdStart().

◆ clientStoreIdDoneWrapper()

void clientStoreIdDoneWrapper ( void *  data,
const Helper::Reply result 

◆ hostHeaderIpVerifyWrapper()

static void hostHeaderIpVerifyWrapper ( const ipcache_addrs ia,
const Dns::LookupDetails dns,
void *  data 

◆ sslBumpAccessCheckDoneWrapper()

static void sslBumpAccessCheckDoneWrapper ( allow_t  answer,
void *  data 

◆ SslBumpEstablish()

static void SslBumpEstablish ( const Comm::ConnectionPointer ,
char *  ,
size_t  ,
Comm::Flag  errflag,
int  ,
void *  data 

Variable Documentation

◆ clientGetMoreData


◆ clientRedirectDoneWrapper

HLPCB clientRedirectDoneWrapper

◆ clientReplyDetach

SQUIDCEXTERN CSD clientReplyDetach

Definition at line 104 of file

Referenced by clientBeginRequest().

◆ clientReplyStatus

SQUIDCEXTERN CSS clientReplyStatus

Definition at line 103 of file

Referenced by clientBeginRequest().

◆ clientStoreIdDoneWrapper

HLPCB clientStoreIdDoneWrapper

◆ crlf

const char* const crlf = "\r\n"

Definition at line 81 of file






Web Site Translations