1 /* 2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors 3 * 4 * Squid software is distributed under GPLv2+ license and includes 5 * contributions from numerous individuals and organizations. 6 * Please see the COPYING and CONTRIBUTORS files for details. 7 */ 8 9 #ifndef SQUID_SQUIDCONFIG_H_ 10 #define SQUID_SQUIDCONFIG_H_ 11 12 #include "acl/forward.h" 13 #include "base/RefCount.h" 14 #include "base/YesNoNone.h" 15 #include "ClientDelayConfig.h" 16 #include "DelayConfig.h" 17 #include "helper/ChildConfig.h" 18 #include "HttpHeaderTools.h" 19 #include "ip/Address.h" 20 #include "Notes.h" 21 #include "security/forward.h" 22 #include "SquidTime.h" 23 #if USE_OPENSSL 24 #include "ssl/support.h" 25 #endif 26 #include "store/Disk.h" 27 #include "store/forward.h" 28 29 #if USE_OPENSSL 30 class sslproxy_cert_sign; 31 class sslproxy_cert_adapt; 32 #endif 33 34 namespace Mgr 35 { 36 class ActionPasswordList; 37 } // namespace Mgr 38 class CachePeer; 39 class CustomLog; 40 class CpuAffinityMap; 41 class external_acl; 42 class HeaderManglers; 43 class RefreshPattern; 44 class RemovalPolicySettings; 45 46 namespace AnyP 47 { 48 class PortCfg; 49 } 50 51 namespace Store { 52 class DiskConfig { 53 public: DiskConfig()54 DiskConfig() { assert(swapDirs == nullptr); } ~DiskConfig()55 ~DiskConfig() { delete[] swapDirs; } 56 57 RefCount<SwapDir> *swapDirs = nullptr; 58 int n_allocated = 0; 59 int n_configured = 0; 60 /// number of disk processes required to support all cache_dirs 61 int n_strands = 0; 62 }; 63 #define INDEXSD(i) (Config.cacheSwap.swapDirs[i].getRaw()) 64 } 65 66 /// the representation of the configuration. POD. 67 class SquidConfig 68 { 69 public: 70 struct { 71 /* These should be for the Store::Root instance. 72 * this needs pluggable parsing to be done smoothly. 73 */ 74 int highWaterMark; 75 int lowWaterMark; 76 } Swap; 77 78 YesNoNone memShared; ///< whether the memory cache is shared among workers 79 YesNoNone shmLocking; ///< shared_memory_locking 80 size_t memMaxSize; 81 82 struct { 83 int64_t min; 84 int pct; 85 int64_t max; 86 } quickAbort; 87 int64_t readAheadGap; 88 RemovalPolicySettings *replPolicy; 89 RemovalPolicySettings *memPolicy; 90 #if USE_HTTP_VIOLATIONS 91 time_t negativeTtl; 92 #endif 93 time_t maxStale; 94 time_t negativeDnsTtl; 95 time_t positiveDnsTtl; 96 time_t shutdownLifetime; 97 time_t backgroundPingRate; 98 time_t hopelessKidRevivalDelay; ///< hopeless_kid_revival_delay 99 100 struct { 101 time_t read; 102 time_t write; 103 time_t lifetime; 104 time_t connect; 105 time_t forward; 106 time_t peer_connect; 107 time_t request; 108 time_t clientIdlePconn; 109 time_t serverIdlePconn; 110 time_t ftpClientIdle; 111 time_t pconnLifetime; ///< pconn_lifetime in squid.conf 112 time_t siteSelect; 113 time_t deadPeer; 114 time_t request_start_timeout; 115 int icp_query; /* msec */ 116 int icp_query_max; /* msec */ 117 int icp_query_min; /* msec */ 118 int mcast_icp_query; /* msec */ 119 time_msec_t idns_retransmit; 120 time_msec_t idns_query; 121 time_t urlRewrite; 122 } Timeout; 123 size_t maxRequestHeaderSize; 124 int64_t maxRequestBodySize; 125 size_t maxRequestBufferSize; 126 size_t maxReplyHeaderSize; 127 AclSizeLimit *ReplyBodySize; 128 129 struct { 130 unsigned short icp; 131 #if USE_HTCP 132 133 unsigned short htcp; 134 #endif 135 #if SQUID_SNMP 136 137 unsigned short snmp; 138 #endif 139 } Port; 140 141 #if SQUID_SNMP 142 143 struct { 144 char *configFile; 145 char *agentInfo; 146 } Snmp; 147 #endif 148 #if USE_WCCP 149 150 struct { 151 Ip::Address router; 152 Ip::Address address; 153 int version; 154 } Wccp; 155 #endif 156 #if USE_WCCPv2 157 158 struct { 159 Ip::Address_list *router; 160 Ip::Address address; 161 int forwarding_method; 162 int return_method; 163 int assignment_method; 164 int weight; 165 int rebuildwait; 166 void *info; 167 } Wccp2; 168 #endif 169 170 char *as_whois_server; 171 172 struct { 173 char *store; 174 char *swap; 175 CustomLog *accesslogs; 176 #if ICAP_CLIENT 177 CustomLog *icaplogs; 178 #endif 179 int rotateNumber; 180 } Log; 181 char *adminEmail; 182 char *EmailFrom; 183 char *EmailProgram; 184 char *effectiveUser; 185 char *visible_appname_string; 186 char *effectiveGroup; 187 188 struct { 189 wordlist *redirect; 190 wordlist *store_id; 191 #if USE_UNLINKD 192 193 char *unlinkd; 194 #endif 195 196 char *diskd; 197 #if USE_OPENSSL 198 199 char *ssl_password; 200 #endif 201 202 } Program; 203 204 Helper::ChildConfig redirectChildren; 205 Helper::ChildConfig storeIdChildren; 206 time_t authenticateGCInterval; 207 time_t authenticateTTL; 208 time_t authenticateIpTTL; 209 210 struct { 211 char *surrogate_id; 212 } Accel; 213 char *appendDomain; 214 size_t appendDomainLen; 215 char *pidFilename; 216 char *netdbFilename; 217 char *mimeTablePathname; 218 char *etcHostsPath; 219 char *visibleHostname; 220 char *uniqueHostname; 221 wordlist *hostnameAliases; 222 char *errHtmlText; 223 224 struct { 225 char *host; 226 char *file; 227 time_t period; 228 unsigned short port; 229 } Announce; 230 231 struct { 232 233 Ip::Address udp_incoming; 234 Ip::Address udp_outgoing; 235 #if SQUID_SNMP 236 Ip::Address snmp_incoming; 237 Ip::Address snmp_outgoing; 238 #endif 239 /* FIXME INET6 : this should really be a CIDR value */ 240 Ip::Address client_netmask; 241 } Addrs; 242 size_t tcpRcvBufsz; 243 size_t udpMaxHitObjsz; 244 wordlist *mcast_group_list; 245 wordlist *dns_nameservers; 246 CachePeer *peers; 247 int npeers; 248 249 struct { 250 int size; 251 int low; 252 int high; 253 } ipcache; 254 255 struct { 256 int size; 257 } fqdncache; 258 int minDirectHops; 259 int minDirectRtt; 260 Mgr::ActionPasswordList *passwd_list; 261 262 struct { 263 int objectsPerBucket; 264 int64_t avgObjectSize; 265 int64_t maxObjectSize; 266 int64_t minObjectSize; 267 size_t maxInMemObjSize; 268 } Store; 269 270 struct { 271 int high; 272 int low; 273 time_t period; 274 } Netdb; 275 276 struct { 277 int log_udp; 278 int res_defnames; 279 int anonymizer; 280 int client_db; 281 int query_icmp; 282 int icp_hit_stale; 283 int buffered_logs; 284 int common_log; 285 int log_mime_hdrs; 286 int log_fqdn; 287 int announce; 288 int mem_pools; 289 int test_reachability; 290 int half_closed_clients; 291 int refresh_all_ims; 292 #if USE_HTTP_VIOLATIONS 293 294 int reload_into_ims; 295 #endif 296 297 int offline; 298 int redir_rewrites_host; 299 int prefer_direct; 300 int nonhierarchical_direct; 301 int strip_query_terms; 302 int redirector_bypass; 303 int store_id_bypass; 304 int ignore_unknown_nameservers; 305 int client_pconns; 306 int server_pconns; 307 int error_pconns; 308 #if USE_CACHE_DIGESTS 309 310 int digest_generation; 311 #endif 312 313 int vary_ignore_expire; 314 int surrogate_is_remote; 315 int request_entities; 316 int detect_broken_server_pconns; 317 int relaxed_header_parser; 318 int check_hostnames; 319 int allow_underscore; 320 int via; 321 int cache_miss_revalidate; 322 int emailErrData; 323 int httpd_suppress_version_string; 324 int global_internal_static; 325 int collapsed_forwarding; 326 327 #if FOLLOW_X_FORWARDED_FOR 328 int acl_uses_indirect_client; 329 int delay_pool_uses_indirect_client; 330 int log_uses_indirect_client; 331 #if LINUX_NETFILTER 332 int tproxy_uses_indirect_client; 333 #endif 334 #endif /* FOLLOW_X_FORWARDED_FOR */ 335 336 int WIN32_IpAddrChangeMonitor; 337 int memory_cache_first; 338 int memory_cache_disk; 339 int hostStrictVerify; 340 int client_dst_passthru; 341 int dns_mdns; 342 #if USE_OPENSSL 343 bool logTlsServerHelloDetails; 344 #endif 345 } onoff; 346 347 int64_t collapsed_forwarding_shared_entries_limit; 348 349 int pipeline_max_prefetch; 350 351 int forward_max_tries; 352 int connect_retries; 353 354 class ACL *aclList; 355 356 struct { 357 acl_access *http; 358 acl_access *adapted_http; 359 acl_access *icp; 360 acl_access *miss; 361 acl_access *NeverDirect; 362 acl_access *AlwaysDirect; 363 acl_access *ASlists; 364 acl_access *noCache; 365 acl_access *sendHit; 366 acl_access *storeMiss; 367 acl_access *stats_collection; 368 #if SQUID_SNMP 369 370 acl_access *snmp; 371 #endif 372 #if USE_HTTP_VIOLATIONS 373 acl_access *brokenPosts; 374 #endif 375 acl_access *redirector; 376 acl_access *store_id; 377 acl_access *reply; 378 Acl::Address *outgoing_address; 379 #if USE_HTCP 380 381 acl_access *htcp; 382 acl_access *htcp_clr; 383 #endif 384 385 #if USE_OPENSSL 386 acl_access *ssl_bump; 387 #endif 388 #if FOLLOW_X_FORWARDED_FOR 389 acl_access *followXFF; 390 #endif /* FOLLOW_X_FORWARDED_FOR */ 391 392 /// acceptible PROXY protocol clients 393 acl_access *proxyProtocol; 394 395 /// spoof_client_ip squid.conf acl. 396 /// nil unless configured 397 acl_access* spoof_client_ip; 398 acl_access *on_unsupported_protocol; 399 400 acl_access *ftp_epsv; 401 402 acl_access *forceRequestBodyContinuation; 403 acl_access *serverPconnForNonretriable; 404 } accessList; 405 AclDenyInfoList *denyInfoList; 406 407 struct { 408 size_t list_width; 409 int list_wrap; 410 char *anon_user; 411 int passive; 412 int epsv_all; 413 int epsv; 414 int eprt; 415 int sanitycheck; 416 int telnet; 417 } Ftp; 418 RefreshPattern *Refresh; 419 420 Store::DiskConfig cacheSwap; 421 422 struct { 423 char *directory; 424 int use_short_names; 425 } icons; 426 char *errorDirectory; 427 #if USE_ERR_LOCALES 428 char *errorDefaultLanguage; 429 int errorLogMissingLanguages; 430 #endif 431 char *errorStylesheet; 432 433 struct { 434 int onerror; 435 } retry; 436 437 struct { 438 int64_t limit; 439 } MemPools; 440 #if USE_DELAY_POOLS 441 442 DelayConfig Delay; 443 ClientDelayConfig ClientDelay; 444 #endif 445 446 struct { 447 struct { 448 int average; 449 int min_poll; 450 } dns, udp, tcp; 451 } comm_incoming; 452 int max_open_disk_fds; 453 int uri_whitespace; 454 AclSizeLimit *rangeOffsetLimit; 455 #if MULTICAST_MISS_STREAM 456 457 struct { 458 459 Ip::Address addr; 460 int ttl; 461 unsigned short port; 462 char *encode_key; 463 } mcast_miss; 464 #endif 465 466 /// request_header_access and request_header_replace 467 HeaderManglers *request_header_access; 468 /// reply_header_access and reply_header_replace 469 HeaderManglers *reply_header_access; 470 ///request_header_add access list 471 HeaderWithAclList *request_header_add; 472 ///reply_header_add access list 473 HeaderWithAclList *reply_header_add; 474 ///note 475 Notes notes; 476 char *coredump_dir; 477 char *chroot_dir; 478 #if USE_CACHE_DIGESTS 479 480 struct { 481 int bits_per_entry; 482 time_t rebuild_period; 483 time_t rewrite_period; 484 size_t swapout_chunk_size; 485 int rebuild_chunk_percentage; 486 } digest; 487 #endif 488 #if USE_OPENSSL 489 490 struct { 491 int unclean_shutdown; 492 char *ssl_engine; 493 int session_ttl; 494 size_t sessionCacheSize; 495 char *certSignHash; 496 } SSL; 497 #endif 498 499 struct { 500 int high_rptm; 501 int high_pf; 502 size_t high_memory; 503 } warnings; 504 char *store_dir_select_algorithm; 505 int sleep_after_fork; /* microseconds */ 506 time_t minimum_expiry_time; /* seconds */ 507 external_acl *externalAclHelperList; 508 509 struct { 510 Security::ContextPointer sslContext; 511 #if USE_OPENSSL 512 char *foreignIntermediateCertsPath; 513 acl_access *cert_error; 514 sslproxy_cert_sign *cert_sign; 515 sslproxy_cert_adapt *cert_adapt; 516 #endif 517 } ssl_client; 518 519 char *accept_filter; 520 int umask; 521 int max_filedescriptors; 522 int workers; 523 CpuAffinityMap *cpuAffinityMap; 524 525 #if USE_LOADABLE_MODULES 526 wordlist *loadable_module_names; 527 #endif 528 529 int client_ip_max_connections; 530 531 char *redirector_extras; 532 533 struct UrlHelperTimeout { 534 int action; 535 char *response; 536 } onUrlRewriteTimeout; 537 538 char *storeId_extras; 539 540 struct { 541 int v4_first; ///< Place IPv4 first in the order of DNS results. 542 ssize_t packet_max; ///< maximum size EDNS advertised for DNS replies. 543 } dns; 544 545 }; 546 547 extern SquidConfig Config; 548 549 class SquidConfig2 550 { 551 public: clear()552 void clear() { 553 *this = SquidConfig2(); 554 } 555 556 struct { 557 int enable_purge = 0; 558 } onoff; 559 uid_t effectiveUserID = 0; 560 gid_t effectiveGroupID = 0; 561 }; 562 563 extern SquidConfig2 Config2; 564 565 #endif /* SQUID_SQUIDCONFIG_H_ */ 566 567