#include <FilledChecklist.h>
Public Types | |
| using | MakingPointer = std::unique_ptr< ACLFilledChecklist > |
| using | AsyncStarter = void(ACLFilledChecklist &, const Acl::Node &) |
| a function that initiates asynchronous ACL checks; see goAsync() More... | |
Public Member Functions | |
| ACLFilledChecklist () | |
| ACLFilledChecklist (const acl_access *, HttpRequest *) | |
| ~ACLFilledChecklist () override | |
| void | setRequest (HttpRequest *) |
| configure client request-related fields for the first time More... | |
| void | updateAle (const AccessLogEntry::Pointer &) |
| ConnStateData * | conn () const |
| The client connection manager. More... | |
| int | fd () const |
| The client side fd. It uses conn() if available. More... | |
| void | setConn (ConnStateData *) |
| set either conn More... | |
| void | fd (int aDescriptor) |
| set the client side FD More... | |
| const HttpReply & | reply () const |
| void | updateReply (const HttpReply::Pointer &) |
| bool | destinationDomainChecked () const |
| void | markDestinationDomainChecked () |
| bool | sourceDomainChecked () const |
| void | markSourceDomainChecked () |
| bool | hasRequest () const override |
| bool | hasReply () const override |
| bool | hasAle () const override |
| void | syncAle (HttpRequest *adaptedRequest, const char *logUri) const override |
| assigns uninitialized adapted_request and url ALE components More... | |
| void | verifyAle () const override |
| warns if there are uninitialized ALE components and fills them More... | |
| const Acl::Answer & | fastCheck () |
| const Acl::Answer & | fastCheck (const ACLList *) |
| bool | goAsync (AsyncStarter, const Acl::Node &) |
| bool | matchChild (const Acl::InnerNode *parent, Acl::Nodes::const_iterator pos) |
| bool | keepMatching () const |
| Whether we should continue to match tree nodes or stop/pause. More... | |
| bool | finished () const |
| whether markFinished() was called More... | |
| bool | asyncInProgress () const |
| async call has been started and has not finished (or failed) yet More... | |
| void | markFinished (const Acl::Answer &newAnswer, const char *reason) |
| const Acl::Answer & | currentAnswer () const |
| bool | bannedAction (const Acl::Answer &action) const |
| whether the action is banned or not More... | |
| void | banAction (const Acl::Answer &action) |
| add action to the list of banned actions More... | |
| void | changeAcl (const acl_access *) |
| change the current ACL list More... | |
| void | setLastCheckedName (const SBuf &name) |
| remember the name of the last ACL being evaluated More... | |
| void | resumeNonBlockingCheck () |
Static Public Member Functions | |
| static MakingPointer | Make (const acl_access *a, HttpRequest *r) |
| static void | NonBlockingCheck (MakingPointer &&p, ACLCB *cb, void *data) |
Public Attributes | |
| Ip::Address | src_addr |
| Ip::Address | dst_addr |
| Ip::Address | my_addr |
| SBuf | dst_peer_name |
| char * | dst_rdns |
| HttpRequest::Pointer | request |
| Auth::UserRequest::Pointer | auth_user_request |
| char * | snmp_community |
| CbcPointer< Security::CertErrors > | sslErrors |
| Security::CertPointer | serverCert |
| AccessLogEntry::Pointer | al |
| info for the future access.log, and external ACL More... | |
| ExternalACLEntryPointer | extacl_entry |
| err_type | requestErrorType |
| ACLCB * | callback |
| void * | callback_data |
Protected Member Functions | |
| void | nonBlockingCheck (ACLCB *callback, void *callback_data) |
Private Types | |
| enum | NodeMatchingResult { nmrMatch, nmrMismatch, nmrFinished, nmrNeedsAsync } |
| possible outcomes when trying to match a single ACL node in a list More... | |
| enum | AsyncStage { asyncNone, asyncStarting, asyncRunning, asyncFailed } |
Private Member Functions | |
| CBDATA_CLASS_WITH_MAKE (ACLFilledChecklist) | |
| ACLFilledChecklist (const ACLFilledChecklist &) | |
| not implemented; will cause link failures if used More... | |
| ACLFilledChecklist & | operator= (const ACLFilledChecklist &) |
| not implemented; will cause link failures if used More... | |
| void | checkCallback (const char *abortReason) |
| void | matchAndFinish () |
| performs (or resumes) an ACL tree match and, if successful, sets the action More... | |
| Acl::TreePointer | swapAcl (const acl_access *) |
| change the current ACL list More... | |
| void | preCheck (const char *what) |
| prepare for checking ACLs; called once per check More... | |
| bool | prepNonBlocking () |
| common parts of nonBlockingCheck() and resumeNonBlockingCheck() More... | |
| void | completeNonBlocking () |
| void | calcImplicitAnswer () |
| bool | callerGone () |
Private Attributes | |
| ConnStateData * | conn_ |
| hack: client-to-Squid connection manager (if any) More... | |
| int | fd_ |
| HttpReply::Pointer | reply_ |
| response added by updateReply() or nil More... | |
| bool | destinationDomainChecked_ |
| bool | sourceDomainChecked_ |
| Acl::TreePointer | accessList |
| bool | asyncCaller_ |
| whether the caller supports async/slow ACLs More... | |
| bool | occupied_ |
| whether a check (fast or non-blocking) is in progress More... | |
| bool | finished_ |
| Acl::Answer | answer_ |
| AsyncStage | asyncStage_ |
| Breadcrumb | matchLoc_ |
| location of the node running matches() now More... | |
| Breadcrumb | asyncLoc_ |
| currentNode_ that called goAsync() More... | |
| unsigned | asyncLoopDepth_ |
| how many times the current async state has resumed More... | |
| std::stack< Breadcrumb > | matchPath |
| suspended (due to an async lookup) matches() in the ACL tree More... | |
| std::vector< Acl::Answer > | bannedActions_ |
| the list of actions which must ignored during acl checks More... | |
| std::optional< SBuf > | lastCheckedName_ |
| the name of the last evaluated ACL (if any ACLs were evaluated) More... | |
Detailed Description
ACLChecklist filled with specific data, representing Squid and transaction state for access checks along with some data-specific checking methods
Definition at line 33 of file FilledChecklist.h.
Member Typedef Documentation
◆ AsyncStarter
|
inherited |
Definition at line 36 of file Checklist.h.
◆ MakingPointer
| using ACLFilledChecklist::MakingPointer = std::unique_ptr<ACLFilledChecklist> |
Unlike regular Foo::Pointer types, this smart pointer is meant for use during checklist configuration only, when it provides exception safety. Any other/long-term checklist storage requires CbcPointer or equivalent.
Definition at line 41 of file FilledChecklist.h.
Member Enumeration Documentation
◆ AsyncStage
|
privateinherited |
| Enumerator | |
|---|---|
| asyncNone | |
| asyncStarting | |
| asyncRunning | |
| asyncFailed | |
Definition at line 204 of file Checklist.h.
◆ NodeMatchingResult
|
privateinherited |
| Enumerator | |
|---|---|
| nmrMatch | |
| nmrMismatch | |
| nmrFinished | |
| nmrNeedsAsync | |
Definition at line 190 of file Checklist.h.
Constructor & Destructor Documentation
◆ ACLFilledChecklist() [1/3]
| ACLFilledChecklist::ACLFilledChecklist | ( | ) |
Definition at line 27 of file FilledChecklist.cc.
References dst_addr, my_addr, Ip::Address::setEmpty(), and src_addr.
Referenced by Make().
◆ ACLFilledChecklist() [2/3]
| ACLFilledChecklist::ACLFilledChecklist | ( | const acl_access * | A, |
| HttpRequest * | http_request | ||
| ) |
Definition at line 201 of file FilledChecklist.cc.
References A, ACLChecklist::changeAcl(), dst_addr, my_addr, Ip::Address::setEmpty(), setRequest(), and src_addr.
◆ ~ACLFilledChecklist()
|
override |
Definition at line 46 of file FilledChecklist.cc.
References assert, ACLChecklist::asyncInProgress(), cbdataReferenceDone, conn_, debugs, dst_rdns, and safe_free.
◆ ACLFilledChecklist() [3/3]
|
private |
Member Function Documentation
◆ asyncInProgress()
|
inlineinherited |
Definition at line 101 of file Checklist.h.
References ACLChecklist::asyncNone, and ACLChecklist::asyncStage_.
Referenced by ACLChecklist::completeNonBlocking(), ACLChecklist::goAsync(), ACLChecklist::keepMatching(), ACLChecklist::markFinished(), ACLChecklist::matchChild(), Acl::Node::matches(), ACLChecklist::nonBlockingCheck(), Acl::InnerNode::resumeMatchingAt(), ACLChecklist::resumeNonBlockingCheck(), ACLChecklist::~ACLChecklist(), and ~ACLFilledChecklist().
◆ banAction()
|
inherited |
Definition at line 358 of file Checklist.cc.
References ACLChecklist::bannedActions_.
◆ bannedAction()
|
inherited |
Definition at line 350 of file Checklist.cc.
References ACLChecklist::bannedActions_, debugs, and Acl::Answer::kind.
Referenced by Acl::Tree::bannedAction().
◆ calcImplicitAnswer()
|
privateinherited |
When no rules matched, the answer is the inversion of the last rule action (or ACCESS_DUNNO if the reversal is not possible).
Definition at line 326 of file Checklist.cc.
References ACCESS_ALLOWED, ACCESS_DENIED, ACCESS_DUNNO, ACLChecklist::accessList, debugs, Acl::Tree::lastAction(), and ACLChecklist::markFinished().
Referenced by ACLChecklist::completeNonBlocking(), and ACLChecklist::fastCheck().
◆ callerGone()
|
privateinherited |
Definition at line 344 of file Checklist.cc.
References ACLChecklist::callback_data, and cbdataReferenceValid().
Referenced by ACLChecklist::prepNonBlocking().
◆ CBDATA_CLASS_WITH_MAKE()
|
private |
◆ changeAcl()
|
inherited |
Definition at line 187 of file Checklist.cc.
References ACLChecklist::accessList.
Referenced by ACLFilledChecklist(), ACLChecklist::fastCheck(), HttpStateData::forwardUpgrade(), ACLChecklist::swapAcl(), and ConnStateData::whenClientIpKnown().
◆ checkCallback()
|
privateinherited |
Calls non-blocking check callback with the answer and destroys self. If abortReason is provided, sets the final answer to ACCESS_DUNNO.
Definition at line 146 of file Checklist.cc.
References ACCESS_DUNNO, Assure, ACLChecklist::callback, ACLChecklist::callback_data, cbdataReferenceValidDone, ACLChecklist::currentAnswer(), ACLChecklist::finished(), ACLChecklist::markFinished(), and ACLChecklist::occupied_.
Referenced by ACLChecklist::completeNonBlocking(), ACLChecklist::nonBlockingCheck(), and ACLChecklist::prepNonBlocking().
◆ completeNonBlocking()
|
privateinherited |
Definition at line 34 of file Checklist.cc.
References assert, ACLChecklist::asyncInProgress(), ACLChecklist::calcImplicitAnswer(), ACLChecklist::checkCallback(), and ACLChecklist::finished().
Referenced by ACLChecklist::nonBlockingCheck(), and ACLChecklist::resumeNonBlockingCheck().
◆ conn()
| ConnStateData * ACLFilledChecklist::conn | ( | ) | const |
Definition at line 123 of file FilledChecklist.cc.
References cbdataReferenceValid(), and conn_.
Referenced by AuthenticateAcl(), fd(), ConnStateData::fillConnectionLevelDetails(), ACLProxyAuth::LookupDone(), ACLDestinationIP::match(), and verifyAle().
◆ currentAnswer()
|
inlineinherited |
Definition at line 106 of file Checklist.h.
References ACLChecklist::answer_.
Referenced by ACLChecklist::checkCallback(), ACLChecklist::fastCheck(), and FwdState::Start().
◆ destinationDomainChecked()
| bool ACLFilledChecklist::destinationDomainChecked | ( | ) | const |
Definition at line 161 of file FilledChecklist.cc.
References destinationDomainChecked_.
Referenced by markDestinationDomainChecked().
◆ fastCheck() [1/2]
|
inherited |
Perform a blocking (immediate) check for a list of allow/deny rules. Each rule comes with a list of ACLs.
The first rule where all ACLs match wins. If there is such a rule, the result becomes that rule keyword (ACCESS_ALLOWED or ACCESS_DENIED).
If there are rules but all ACL lists mismatch, an implicit rule is used Its result is the negation of the keyword of the last seen rule.
Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.
Some ACLs may require an async lookup which is prohibited by this method. In this case, the exceptional check result of ACCESS_DUNNO is immediately returned.
If there are no rules to check at all, the result becomes ACCESS_DUNNO.
Definition at line 298 of file Checklist.cc.
References ACLChecklist::accessList, ACLChecklist::asyncCaller_, ACLChecklist::calcImplicitAnswer(), ACLChecklist::currentAnswer(), debugs, ACLChecklist::finished(), ACLChecklist::matchAndFinish(), ACLChecklist::occupied_, and ACLChecklist::preCheck().
Referenced by accessLogLogTo(), aclFindNfMarkConfig(), aclMapTOS(), Client::blockCaching(), clientReplyContext::blockedHit(), ConnStateData::buildSslCertGenerationParams(), HttpReply::calcMaxBodySize(), Adaptation::Icap::Launcher::canRepeat(), FwdState::connectStart(), DelayId::DelayClient(), HttpStateData::finishingBrokenPost(), HttpStateData::forwardUpgrade(), getOutgoingAddress(), HttpRequest::getRangeOffsetLimit(), HttpStateData::handle1xx(), Ftp::Server::handleUploadRequest(), htcpAccessAllowed(), httpHdrAdd(), httpHdrMangle(), icpAccessAllowed(), ClientHttpRequest::logRequest(), HttpRequest::manager(), Note::match(), StoreClient::onCollapsingPath(), peerAllowedToUse(), Http::One::Server::processParsedRequest(), ConnStateData::proxyProtocolValidateClient(), schemesConfig(), Ftp::Client::sendPassive(), Http::Stream::sendStartOfMessage(), ConnStateData::serveDelayedError(), Security::KeyLogger::shouldLog(), snmpDecodePacket(), ssl_verify_cb(), FwdState::Start(), ConnStateData::tunnelOnError(), tunnelStart(), and ConnStateData::whenClientIpKnown().
◆ fastCheck() [2/2]
|
inherited |
Perform a blocking (immediate) check whether a list of ACLs matches. This method is meant to be used with squid.conf ACL-driven options that lack allow/deny keywords and are tested one ACL list at a time. Whether the checks for other occurrences of the same option continue after this call is up to the caller and option semantics.
If all ACLs match, the result becomes ACCESS_ALLOWED.
If all ACLs mismatch, the result becomes ACCESS_DENIED.
Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.
Some ACLs may require an async lookup which is prohibited by this method. In this case, the exceptional check result of ACCESS_DUNNO is immediately returned.
If there are no ACLs to check at all, the result becomes ACCESS_ALLOWED.
Definition at line 273 of file Checklist.cc.
References ACCESS_DENIED, ACLChecklist::accessList, ACLChecklist::asyncCaller_, ACLChecklist::changeAcl(), ACLChecklist::currentAnswer(), ACLChecklist::finished(), ACLChecklist::markFinished(), ACLChecklist::matchAndFinish(), ACLChecklist::occupied_, ACLChecklist::preCheck(), and ACLChecklist::swapAcl().
◆ fd() [1/2]
| int ACLFilledChecklist::fd | ( | ) | const |
Definition at line 146 of file FilledChecklist.cc.
◆ fd() [2/2]
| void ACLFilledChecklist::fd | ( | int | aDescriptor | ) |
Definition at line 153 of file FilledChecklist.cc.
◆ finished()
|
inlineinherited |
Definition at line 99 of file Checklist.h.
References ACLChecklist::finished_.
Referenced by ACLChecklist::checkCallback(), ACLChecklist::completeNonBlocking(), ACLChecklist::fastCheck(), ACLChecklist::keepMatching(), markDestinationDomainChecked(), ACLChecklist::markFinished(), markSourceDomainChecked(), and ACLChecklist::resumeNonBlockingCheck().
◆ goAsync()
|
inherited |
If slow lookups are allowed, switches into "async in progress" state. Otherwise, returns false; the caller is expected to handle the failure.
Definition at line 104 of file Checklist.cc.
References assert, ACLChecklist::asyncCaller_, ACLChecklist::asyncFailed, ACLChecklist::asyncInProgress(), ACLChecklist::asyncLoc_, ACLChecklist::asyncLoopDepth_, ACLChecklist::asyncNone, ACLChecklist::asyncRunning, ACLChecklist::asyncStage_, ACLChecklist::asyncStarting, debugs, Filled(), ACLChecklist::matchLoc_, and ACLChecklist::Breadcrumb::parent.
Referenced by ACLExternal::aclMatchExternal(), AuthenticateAcl(), and ACLDestinationIP::match().
◆ hasAle()
|
inlineoverridevirtual |
◆ hasReply()
|
inlineoverridevirtual |
Implements ACLChecklist.
Definition at line 91 of file FilledChecklist.h.
References reply_.
Referenced by Acl::ConnectionsEncrypted::match(), and verifyAle().
◆ hasRequest()
|
inlineoverridevirtual |
◆ keepMatching()
|
inlineinherited |
Definition at line 96 of file Checklist.h.
References ACLChecklist::asyncInProgress(), and ACLChecklist::finished().
Referenced by Acl::AllOf::doMatch(), Acl::NotNode::doMatch(), Acl::AndNode::doMatch(), Acl::OrNode::doMatch(), ACLMaxUserIP::match(), ACLExternal::match(), and ACLProxyAuth::match().
◆ Make()
|
inlinestatic |
Creates an ACLFilledChecklist object with given constructor arguments. Callers are expected to eventually proceed with NonBlockingCheck().
Definition at line 49 of file FilledChecklist.h.
References ACLFilledChecklist().
Referenced by Adaptation::AccessCheck::checkCandidates(), Ssl::PeekingPeerConnector::checkForPeekAndSplice(), clientAclChecklistCreate(), Security::PeerConnector::initialize(), ConnStateData::postHttpsAccept(), PeerSelector::selectMore(), and ConnStateData::startPeekAndSplice().
◆ markDestinationDomainChecked()
| void ACLFilledChecklist::markDestinationDomainChecked | ( | ) |
Definition at line 167 of file FilledChecklist.cc.
References assert, destinationDomainChecked(), destinationDomainChecked_, and ACLChecklist::finished().
Referenced by LookupDone().
◆ markFinished()
|
inherited |
called when no more ACLs should be checked; sets the final answer and prints a debugging message explaining the reason for that answer
Definition at line 45 of file Checklist.cc.
References ACLChecklist::answer_, assert, ACLChecklist::asyncInProgress(), debugs, ACLChecklist::finished(), ACLChecklist::finished_, Acl::Answer::lastCheckedName, and ACLChecklist::lastCheckedName_.
Referenced by ACLChecklist::calcImplicitAnswer(), ACLChecklist::checkCallback(), ACLChecklist::fastCheck(), ACLMaxUserIP::match(), ACLExternal::match(), ACLProxyAuth::match(), and ACLChecklist::matchAndFinish().
◆ markSourceDomainChecked()
| void ACLFilledChecklist::markSourceDomainChecked | ( | ) |
Definition at line 180 of file FilledChecklist.cc.
References assert, ACLChecklist::finished(), sourceDomainChecked(), and sourceDomainChecked_.
Referenced by LookupDone().
◆ matchAndFinish()
|
privateinherited |
Definition at line 257 of file Checklist.cc.
References ACLChecklist::accessList, ACLChecklist::markFinished(), Acl::Node::matches(), ACLChecklist::matchPath, ACLChecklist::Breadcrumb::parent, ACLChecklist::Breadcrumb::position, Acl::InnerNode::resumeMatchingAt(), and Acl::Tree::winningAction().
Referenced by ACLChecklist::fastCheck(), ACLChecklist::nonBlockingCheck(), and ACLChecklist::resumeNonBlockingCheck().
◆ matchChild()
|
inherited |
Matches (or resumes matching of) a child node at pos while maintaining resumption breadcrumbs if a [grand]child node goes async.
Definition at line 70 of file Checklist.cc.
References assert, ACLChecklist::asyncInProgress(), ACLChecklist::asyncLoc_, ACLChecklist::asyncLoopDepth_, ACLChecklist::Breadcrumb::clear(), ACLChecklist::matchLoc_, ACLChecklist::matchPath, ACLChecklist::Breadcrumb::parent, ACLChecklist::Breadcrumb::position, and Acl::InnerNode::resumeMatchingAt().
Referenced by Acl::AllOf::doMatch(), Acl::NotNode::doMatch(), Acl::AndNode::doMatch(), and Acl::OrNode::doMatch().
◆ nonBlockingCheck()
|
protectedinherited |
Start a non-blocking (async) check for a list of allow/deny rules. Each rule comes with a list of ACLs.
The callback specified will be called with the result of the check.
The first rule where all ACLs match wins. If there is such a rule, the result becomes that rule keyword (ACCESS_ALLOWED or ACCESS_DENIED).
If there are rules but all ACL lists mismatch, an implicit rule is used. Its result is the negation of the keyword of the last seen rule.
Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.
If there are no rules to check at all, the result becomes ACCESS_DUNNO. Calling this method with no rules to check wastes a lot of CPU cycles and will result in a DBG_CRITICAL debugging message.
Kick off a non-blocking (slow) ACL access list test
NP: this should probably be made Async now.
The ACL list should NEVER be NULL when calling this method. Always caller should check for NULL and handle appropriate to its needs first. We cannot select a sensible default for all callers here.
Definition at line 206 of file Checklist.cc.
References ACLChecklist::accessList, ACLChecklist::asyncCaller_, ACLChecklist::asyncInProgress(), ACLChecklist::callback, ACLChecklist::callback_data, cbdataReference, ACLChecklist::checkCallback(), ACLChecklist::completeNonBlocking(), DBG_CRITICAL, debugs, ACLChecklist::matchAndFinish(), ACLChecklist::preCheck(), and ACLChecklist::prepNonBlocking().
◆ NonBlockingCheck()
|
inlinestatic |
Start a non-blocking (async) check for a list of allow/deny rules. Each rule comes with a list of ACLs.
The callback specified will be called with the result of the check.
The first rule where all ACLs match wins. If there is such a rule, the result becomes that rule keyword (ACCESS_ALLOWED or ACCESS_DENIED).
If there are rules but all ACL lists mismatch, an implicit rule is used. Its result is the negation of the keyword of the last seen rule.
Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.
If there are no rules to check at all, the result becomes ACCESS_DUNNO. Calling this method with no rules to check wastes a lot of CPU cycles and will result in a DBG_CRITICAL debugging message.
Kick off a non-blocking (slow) ACL access list test
NP: this should probably be made Async now. This public nonBlockingCheck() wrapper should be paired with Make(). The pair prevents exception-caused Checklist memory leaks in caller code.
Definition at line 54 of file FilledChecklist.h.
Referenced by Adaptation::AccessCheck::checkCandidates(), Ssl::PeekingPeerConnector::checkForPeekAndSplice(), ClientRequestContext::checkNoCache(), ClientRequestContext::clientAccessCheck(), ClientRequestContext::clientAccessCheck2(), clientFollowXForwardedForCheck(), ClientRequestContext::clientRedirectStart(), ClientRequestContext::clientStoreIdStart(), ConnStateData::postHttpsAccept(), clientReplyContext::processReplyAccess(), PeerSelector::selectMore(), ClientRequestContext::sslBumpAccessCheck(), and ConnStateData::startPeekAndSplice().
◆ operator=()
|
private |
◆ preCheck()
|
privateinherited |
Called first (and once) by all checks to initialize their state.
Definition at line 56 of file Checklist.cc.
References assert, ACLChecklist::asyncLoopDepth_, debugs, ACLChecklist::finished_, ACLChecklist::lastCheckedName_, and ACLChecklist::occupied_.
Referenced by ACLChecklist::fastCheck(), and ACLChecklist::nonBlockingCheck().
◆ prepNonBlocking()
|
privateinherited |
Definition at line 21 of file Checklist.cc.
References ACLChecklist::accessList, assert, ACLChecklist::callerGone(), and ACLChecklist::checkCallback().
Referenced by ACLChecklist::nonBlockingCheck(), and ACLChecklist::resumeNonBlockingCheck().
◆ reply()
|
inline |
response added by updateReply() \prec hasReply()
Definition at line 78 of file FilledChecklist.h.
References reply_.
Referenced by Acl::ConnectionsEncrypted::match().
◆ resumeNonBlockingCheck()
|
inherited |
Resumes non-blocking check started by nonBlockingCheck() and suspended until some async operation updated Squid state.
Definition at line 230 of file Checklist.cc.
References assert, ACLChecklist::asyncFailed, ACLChecklist::asyncInProgress(), ACLChecklist::asyncNone, ACLChecklist::asyncRunning, ACLChecklist::asyncStage_, ACLChecklist::asyncStarting, ACLChecklist::completeNonBlocking(), ACLChecklist::finished(), ACLChecklist::matchAndFinish(), ACLChecklist::matchPath, and ACLChecklist::prepNonBlocking().
Referenced by LookupDone(), ACLDestinationIP::LookupDone(), ACLProxyAuth::LookupDone(), and ACLExternal::LookupDone().
◆ setConn()
| void ACLFilledChecklist::setConn | ( | ConnStateData * | aConn | ) |
Definition at line 129 of file FilledChecklist.cc.
References assert, cbdataReference, conn_, and ConnStateData::fillConnectionLevelDetails().
Referenced by clientAclChecklistFill(), ConnStateData::fillChecklist(), and setRequest().
◆ setLastCheckedName()
|
inlineinherited |
Definition at line 128 of file Checklist.h.
References ACLChecklist::lastCheckedName_.
Referenced by Acl::Node::matches().
◆ setRequest()
| void ACLFilledChecklist::setRequest | ( | HttpRequest * | httpRequest | ) |
Definition at line 223 of file FilledChecklist.cc.
References SquidConfig::acl_uses_indirect_client, assert, HttpRequest::client_addr, HttpRequest::clientConnectionManager, Config, CbcPointer< Cbc >::get(), HttpRequest::indirect_client_addr, my_addr, HttpRequest::my_addr, SquidConfig::onoff, request, setConn(), and src_addr.
Referenced by ACLFilledChecklist(), clientAclChecklistFill(), UrnState::fillChecklist(), ICPState::fillChecklist(), htcpSpecifier::fillChecklist(), and updateAle().
◆ sourceDomainChecked()
| bool ACLFilledChecklist::sourceDomainChecked | ( | ) | const |
Definition at line 174 of file FilledChecklist.cc.
References sourceDomainChecked_.
Referenced by markSourceDomainChecked().
◆ swapAcl()
|
privateinherited |
- Returns
- old accessList pointer (that may be nil)
Definition at line 193 of file Checklist.cc.
References ACLChecklist::accessList, and ACLChecklist::changeAcl().
Referenced by ACLChecklist::fastCheck().
◆ syncAle()
|
overridevirtual |
Implements ACLChecklist.
Definition at line 110 of file FilledChecklist.cc.
References AccessLogEntry::adapted_request, al, HTTPMSGLOCK(), SBuf::isEmpty(), and AccessLogEntry::url.
Referenced by clientAclChecklistFill(), FwdState::connectStart(), ClientHttpRequest::doCallouts(), Security::PeerConnector::fillChecklist(), HttpStateData::finishingBrokenPost(), HttpStateData::handle1xx(), Ftp::Server::handleUploadRequest(), HttpRequest::manager(), Note::match(), peerAllowedToUse(), Http::One::Server::processParsedRequest(), FwdState::Start(), and tunnelStart().
◆ updateAle()
| void ACLFilledChecklist::updateAle | ( | const AccessLogEntry::Pointer & | a | ) |
Remembers the given ALE (if it is not nil) or does nothing (otherwise). When (and only when) remembering ALE, populates other still-unset fields with ALE-derived information, so that the caller does not have to.
Definition at line 242 of file FilledChecklist.cc.
References al, AccessLogEntry::reply, request, AccessLogEntry::request, setRequest(), and updateReply().
Referenced by Client::blockCaching(), clientAclChecklistFill(), HttpStateData::handle1xx(), httpHdrAdd(), httpHdrMangle(), icapLogLog(), ClientHttpRequest::logRequest(), Note::match(), and peerAllowedToUse().
◆ updateReply()
| void ACLFilledChecklist::updateReply | ( | const HttpReply::Pointer & | r | ) |
Remembers the given response (if it is not nil) or does nothing (otherwise).
Definition at line 254 of file FilledChecklist.cc.
References reply_.
Referenced by Client::blockCaching(), clientReplyContext::blockedHit(), HttpReply::calcMaxBodySize(), Adaptation::Icap::Launcher::canRepeat(), DelayId::DelayClient(), HttpStateData::handle1xx(), Note::match(), schemesConfig(), Http::Stream::sendStartOfMessage(), and updateAle().
◆ verifyAle()
|
overridevirtual |
Implements ACLChecklist.
Definition at line 69 of file FilledChecklist.cc.
References AccessLogEntry::adapted_request, al, AccessLogEntry::cache, conn(), HttpRequest::effectiveRequestUri(), RefCount< C >::getRaw(), hasReply(), HTTPMSGLOCK(), SBuf::isEmpty(), ConnStateData::port, AccessLogEntry::CacheDetails::port, AccessLogEntry::reply, reply_, request, AccessLogEntry::request, showDebugWarning(), and AccessLogEntry::url.
Member Data Documentation
◆ accessList
|
privateinherited |
Definition at line 164 of file Checklist.h.
Referenced by ACLChecklist::calcImplicitAnswer(), ACLChecklist::changeAcl(), ACLChecklist::fastCheck(), ACLChecklist::matchAndFinish(), ACLChecklist::nonBlockingCheck(), ACLChecklist::prepNonBlocking(), and ACLChecklist::swapAcl().
◆ al
| AccessLogEntry::Pointer ACLFilledChecklist::al |
Definition at line 124 of file FilledChecklist.h.
Referenced by AuthenticateAcl(), clientAclChecklistFill(), FwdState::connectStart(), ClientHttpRequest::doCallouts(), UrnState::fillChecklist(), Security::PeerConnector::fillChecklist(), ICPState::fillChecklist(), htcpSpecifier::fillChecklist(), HttpStateData::finishingBrokenPost(), HttpStateData::forwardUpgrade(), Ftp::Server::handleUploadRequest(), hasAle(), ACLExternal::makeExternalAclKey(), HttpRequest::manager(), Http::One::Server::processParsedRequest(), FwdState::Start(), ACLProxyAuth::StartLookup(), syncAle(), tunnelStart(), updateAle(), and verifyAle().
◆ answer_
|
privateinherited |
Definition at line 202 of file Checklist.h.
Referenced by ACLChecklist::currentAnswer(), and ACLChecklist::markFinished().
◆ asyncCaller_
|
privateinherited |
Definition at line 199 of file Checklist.h.
Referenced by ACLChecklist::fastCheck(), ACLChecklist::goAsync(), and ACLChecklist::nonBlockingCheck().
◆ asyncLoc_
|
privateinherited |
Definition at line 207 of file Checklist.h.
Referenced by ACLChecklist::goAsync(), and ACLChecklist::matchChild().
◆ asyncLoopDepth_
|
privateinherited |
Definition at line 208 of file Checklist.h.
Referenced by ACLChecklist::goAsync(), ACLChecklist::matchChild(), and ACLChecklist::preCheck().
◆ asyncStage_
|
privateinherited |
Definition at line 205 of file Checklist.h.
Referenced by ACLChecklist::asyncInProgress(), ACLChecklist::goAsync(), and ACLChecklist::resumeNonBlockingCheck().
◆ auth_user_request
| Auth::UserRequest::Pointer ACLFilledChecklist::auth_user_request |
Definition at line 106 of file FilledChecklist.h.
Referenced by AuthenticateAcl(), ACLProxyAuth::LookupDone(), ACLMaxUserIP::match(), ACLProxyAuth::matchForCache(), ACLProxyAuth::matchProxyAuth(), and ACLProxyAuth::StartLookup().
◆ bannedActions_
|
privateinherited |
Definition at line 215 of file Checklist.h.
Referenced by ACLChecklist::banAction(), and ACLChecklist::bannedAction().
◆ callback
|
inherited |
Definition at line 168 of file Checklist.h.
Referenced by ACLChecklist::checkCallback(), and ACLChecklist::nonBlockingCheck().
◆ callback_data
|
inherited |
Definition at line 169 of file Checklist.h.
Referenced by ACLChecklist::callerGone(), ACLChecklist::checkCallback(), and ACLChecklist::nonBlockingCheck().
◆ conn_
|
private |
Definition at line 131 of file FilledChecklist.h.
Referenced by conn(), setConn(), and ~ACLFilledChecklist().
◆ destinationDomainChecked_
|
private |
Definition at line 136 of file FilledChecklist.h.
Referenced by destinationDomainChecked(), and markDestinationDomainChecked().
◆ dst_addr
| Ip::Address ACLFilledChecklist::dst_addr |
Definition at line 98 of file FilledChecklist.h.
Referenced by ACLFilledChecklist(), GetNfmarkToServer(), getOutgoingAddress(), GetTosToServer(), ACLDestinationIP::match(), and StartLookup().
◆ dst_peer_name
| SBuf ACLFilledChecklist::dst_peer_name |
Definition at line 100 of file FilledChecklist.h.
Referenced by Ssl::IcapPeerConnector::fillChecklist(), GetNfmarkToServer(), getOutgoingAddress(), and GetTosToServer().
◆ dst_rdns
| char* ACLFilledChecklist::dst_rdns |
Definition at line 101 of file FilledChecklist.h.
Referenced by ~ACLFilledChecklist().
◆ extacl_entry
| ExternalACLEntryPointer ACLFilledChecklist::extacl_entry |
Definition at line 126 of file FilledChecklist.h.
Referenced by ACLExternal::aclMatchExternal(), and ACLExternal::LookupDone().
◆ fd_
|
private |
may be available when conn_ is not
Definition at line 132 of file FilledChecklist.h.
Referenced by fd().
◆ finished_
|
privateinherited |
Definition at line 201 of file Checklist.h.
Referenced by ACLChecklist::finished(), ACLChecklist::markFinished(), and ACLChecklist::preCheck().
◆ lastCheckedName_
|
privateinherited |
Definition at line 218 of file Checklist.h.
Referenced by ACLChecklist::markFinished(), ACLChecklist::preCheck(), and ACLChecklist::setLastCheckedName().
◆ matchLoc_
|
privateinherited |
Definition at line 206 of file Checklist.h.
Referenced by ACLChecklist::goAsync(), and ACLChecklist::matchChild().
◆ matchPath
|
privateinherited |
Definition at line 213 of file Checklist.h.
Referenced by ACLChecklist::matchAndFinish(), ACLChecklist::matchChild(), and ACLChecklist::resumeNonBlockingCheck().
◆ my_addr
| Ip::Address ACLFilledChecklist::my_addr |
Definition at line 99 of file FilledChecklist.h.
Referenced by ACLFilledChecklist(), ClientHttpRequest::doCallouts(), ConnStateData::fillConnectionLevelDetails(), HttpRequest::getRangeOffsetLimit(), htcpAccessAllowed(), icpAccessAllowed(), setRequest(), and tunnelStart().
◆ occupied_
|
privateinherited |
Definition at line 200 of file Checklist.h.
Referenced by ACLChecklist::checkCallback(), ACLChecklist::fastCheck(), and ACLChecklist::preCheck().
◆ reply_
|
private |
Definition at line 134 of file FilledChecklist.h.
Referenced by hasReply(), reply(), updateReply(), and verifyAle().
◆ request
| HttpRequest::Pointer ACLFilledChecklist::request |
Definition at line 103 of file FilledChecklist.h.
Referenced by ACLExternal::aclMatchExternal(), AuthenticateAcl(), clientAclChecklistFill(), ConnStateData::fillConnectionLevelDetails(), hasRequest(), ACLDestinationIP::LookupDone(), LookupDone(), ACLDestinationIP::match(), Acl::ConnectionsEncrypted::match(), ACLExtUser::match(), Acl::TransactionInitiator::match(), ACLProxyAuth::matchProxyAuth(), setRequest(), ACLDestinationIP::StartLookup(), ACLProxyAuth::StartLookup(), updateAle(), and verifyAle().
◆ requestErrorType
| err_type ACLFilledChecklist::requestErrorType |
Definition at line 128 of file FilledChecklist.h.
Referenced by ConnStateData::tunnelOnError().
◆ serverCert
| Security::CertPointer ACLFilledChecklist::serverCert |
Peer certificate being checked by ssl_verify_cb() and by Security::PeerConnector class. In other contexts, the peer certificate is retrieved via ALE or ConnStateData::serverBump.
Definition at line 122 of file FilledChecklist.h.
Referenced by Security::PeerConnector::fillChecklist(), and ssl_verify_cb().
◆ snmp_community
| char* ACLFilledChecklist::snmp_community |
Definition at line 109 of file FilledChecklist.h.
Referenced by snmpDecodePacket().
◆ sourceDomainChecked_
|
private |
Definition at line 137 of file FilledChecklist.h.
Referenced by markSourceDomainChecked(), and sourceDomainChecked().
◆ src_addr
| Ip::Address ACLFilledChecklist::src_addr |
Definition at line 97 of file FilledChecklist.h.
Referenced by ACLFilledChecklist(), AuthenticateAcl(), DelayId::DelayClient(), ClientHttpRequest::doCallouts(), ConnStateData::fillConnectionLevelDetails(), HttpRequest::getRangeOffsetLimit(), htcpAccessAllowed(), icpAccessAllowed(), Comm::TcpAcceptor::logAcceptError(), ACLMaxUserIP::match(), ACLEui64::match(), ACLARP::match(), setRequest(), snmpDecodePacket(), FwdState::Start(), StartLookup(), and tunnelStart().
◆ sslErrors
| CbcPointer<Security::CertErrors> ACLFilledChecklist::sslErrors |
TLS server [certificate validation] errors, in undefined order. The errors are accumulated as Squid goes through validation steps and server certificates. They are cleared on connection retries. For sslproxy_cert_error checks, contains just the current/last error.
Definition at line 117 of file FilledChecklist.h.
Referenced by ConnStateData::fillConnectionLevelDetails(), ConnStateData::serveDelayedError(), and ssl_verify_cb().
The documentation for this class was generated from the following files:
- src/acl/FilledChecklist.h
- src/acl/FilledChecklist.cc
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products