12c593315Sopenharmony_ci/* 22c593315Sopenharmony_ci * nghttp2 - HTTP/2 C Library 32c593315Sopenharmony_ci * 42c593315Sopenharmony_ci * Copyright (c) 2012 Tatsuhiro Tsujikawa 52c593315Sopenharmony_ci * 62c593315Sopenharmony_ci * Permission is hereby granted, free of charge, to any person obtaining 72c593315Sopenharmony_ci * a copy of this software and associated documentation files (the 82c593315Sopenharmony_ci * "Software"), to deal in the Software without restriction, including 92c593315Sopenharmony_ci * without limitation the rights to use, copy, modify, merge, publish, 102c593315Sopenharmony_ci * distribute, sublicense, and/or sell copies of the Software, and to 112c593315Sopenharmony_ci * permit persons to whom the Software is furnished to do so, subject to 122c593315Sopenharmony_ci * the following conditions: 132c593315Sopenharmony_ci * 142c593315Sopenharmony_ci * The above copyright notice and this permission notice shall be 152c593315Sopenharmony_ci * included in all copies or substantial portions of the Software. 162c593315Sopenharmony_ci * 172c593315Sopenharmony_ci * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 182c593315Sopenharmony_ci * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 192c593315Sopenharmony_ci * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 202c593315Sopenharmony_ci * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 212c593315Sopenharmony_ci * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 222c593315Sopenharmony_ci * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 232c593315Sopenharmony_ci * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 242c593315Sopenharmony_ci */ 252c593315Sopenharmony_ci#ifndef SHRPX_CONFIG_H 262c593315Sopenharmony_ci#define SHRPX_CONFIG_H 272c593315Sopenharmony_ci 282c593315Sopenharmony_ci#include "shrpx.h" 292c593315Sopenharmony_ci 302c593315Sopenharmony_ci#include <sys/types.h> 312c593315Sopenharmony_ci#ifdef HAVE_SYS_SOCKET_H 322c593315Sopenharmony_ci# include <sys/socket.h> 332c593315Sopenharmony_ci#endif // HAVE_SYS_SOCKET_H 342c593315Sopenharmony_ci#include <sys/un.h> 352c593315Sopenharmony_ci#ifdef HAVE_NETINET_IN_H 362c593315Sopenharmony_ci# include <netinet/in.h> 372c593315Sopenharmony_ci#endif // HAVE_NETINET_IN_H 382c593315Sopenharmony_ci#ifdef HAVE_ARPA_INET_H 392c593315Sopenharmony_ci# include <arpa/inet.h> 402c593315Sopenharmony_ci#endif // HAVE_ARPA_INET_H 412c593315Sopenharmony_ci#include <cinttypes> 422c593315Sopenharmony_ci#include <cstdio> 432c593315Sopenharmony_ci#include <vector> 442c593315Sopenharmony_ci#include <memory> 452c593315Sopenharmony_ci#include <set> 462c593315Sopenharmony_ci#include <unordered_map> 472c593315Sopenharmony_ci 482c593315Sopenharmony_ci#include <openssl/ssl.h> 492c593315Sopenharmony_ci 502c593315Sopenharmony_ci#include <ev.h> 512c593315Sopenharmony_ci 522c593315Sopenharmony_ci#include <nghttp2/nghttp2.h> 532c593315Sopenharmony_ci 542c593315Sopenharmony_ci#include "shrpx_router.h" 552c593315Sopenharmony_ci#if ENABLE_HTTP3 562c593315Sopenharmony_ci# include "shrpx_quic.h" 572c593315Sopenharmony_ci#endif // ENABLE_HTTP3 582c593315Sopenharmony_ci#include "template.h" 592c593315Sopenharmony_ci#include "http2.h" 602c593315Sopenharmony_ci#include "network.h" 612c593315Sopenharmony_ci#include "allocator.h" 622c593315Sopenharmony_ci 632c593315Sopenharmony_ciusing namespace nghttp2; 642c593315Sopenharmony_ci 652c593315Sopenharmony_cinamespace shrpx { 662c593315Sopenharmony_ci 672c593315Sopenharmony_cistruct LogFragment; 682c593315Sopenharmony_ciclass ConnectBlocker; 692c593315Sopenharmony_ciclass Http2Session; 702c593315Sopenharmony_ci 712c593315Sopenharmony_cinamespace tls { 722c593315Sopenharmony_ci 732c593315Sopenharmony_ciclass CertLookupTree; 742c593315Sopenharmony_ci 752c593315Sopenharmony_ci} // namespace tls 762c593315Sopenharmony_ci 772c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_PRIVATE_KEY_FILE = 782c593315Sopenharmony_ci StringRef::from_lit("private-key-file"); 792c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE = 802c593315Sopenharmony_ci StringRef::from_lit("private-key-passwd-file"); 812c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CERTIFICATE_FILE = 822c593315Sopenharmony_ci StringRef::from_lit("certificate-file"); 832c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_DH_PARAM_FILE = StringRef::from_lit("dh-param-file"); 842c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_SUBCERT = StringRef::from_lit("subcert"); 852c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND = StringRef::from_lit("backend"); 862c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND = StringRef::from_lit("frontend"); 872c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WORKERS = StringRef::from_lit("workers"); 882c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS = 892c593315Sopenharmony_ci StringRef::from_lit("http2-max-concurrent-streams"); 902c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_LOG_LEVEL = StringRef::from_lit("log-level"); 912c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_DAEMON = StringRef::from_lit("daemon"); 922c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_HTTP2_PROXY = StringRef::from_lit("http2-proxy"); 932c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_HTTP2_BRIDGE = StringRef::from_lit("http2-bridge"); 942c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT_PROXY = StringRef::from_lit("client-proxy"); 952c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ADD_X_FORWARDED_FOR = 962c593315Sopenharmony_ci StringRef::from_lit("add-x-forwarded-for"); 972c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR = 982c593315Sopenharmony_ci StringRef::from_lit("strip-incoming-x-forwarded-for"); 992c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_VIA = StringRef::from_lit("no-via"); 1002c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT = 1012c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-read-timeout"); 1022c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_READ_TIMEOUT = 1032c593315Sopenharmony_ci StringRef::from_lit("frontend-read-timeout"); 1042c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_WRITE_TIMEOUT = 1052c593315Sopenharmony_ci StringRef::from_lit("frontend-write-timeout"); 1062c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_READ_TIMEOUT = 1072c593315Sopenharmony_ci StringRef::from_lit("backend-read-timeout"); 1082c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_WRITE_TIMEOUT = 1092c593315Sopenharmony_ci StringRef::from_lit("backend-write-timeout"); 1102c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_STREAM_READ_TIMEOUT = 1112c593315Sopenharmony_ci StringRef::from_lit("stream-read-timeout"); 1122c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_STREAM_WRITE_TIMEOUT = 1132c593315Sopenharmony_ci StringRef::from_lit("stream-write-timeout"); 1142c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ACCESSLOG_FILE = StringRef::from_lit("accesslog-file"); 1152c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ACCESSLOG_SYSLOG = 1162c593315Sopenharmony_ci StringRef::from_lit("accesslog-syslog"); 1172c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ACCESSLOG_FORMAT = 1182c593315Sopenharmony_ci StringRef::from_lit("accesslog-format"); 1192c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ERRORLOG_FILE = StringRef::from_lit("errorlog-file"); 1202c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ERRORLOG_SYSLOG = 1212c593315Sopenharmony_ci StringRef::from_lit("errorlog-syslog"); 1222c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_KEEP_ALIVE_TIMEOUT = 1232c593315Sopenharmony_ci StringRef::from_lit("backend-keep-alive-timeout"); 1242c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS = 1252c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-window-bits"); 1262c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS = 1272c593315Sopenharmony_ci StringRef::from_lit("backend-http2-window-bits"); 1282c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS = 1292c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-connection-window-bits"); 1302c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS = 1312c593315Sopenharmony_ci StringRef::from_lit("backend-http2-connection-window-bits"); 1322c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_NO_TLS = 1332c593315Sopenharmony_ci StringRef::from_lit("frontend-no-tls"); 1342c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_NO_TLS = StringRef::from_lit("backend-no-tls"); 1352c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_TLS_SNI_FIELD = 1362c593315Sopenharmony_ci StringRef::from_lit("backend-tls-sni-field"); 1372c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_PID_FILE = StringRef::from_lit("pid-file"); 1382c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_USER = StringRef::from_lit("user"); 1392c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_SYSLOG_FACILITY = 1402c593315Sopenharmony_ci StringRef::from_lit("syslog-facility"); 1412c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKLOG = StringRef::from_lit("backlog"); 1422c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CIPHERS = StringRef::from_lit("ciphers"); 1432c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT = StringRef::from_lit("client"); 1442c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_INSECURE = StringRef::from_lit("insecure"); 1452c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CACERT = StringRef::from_lit("cacert"); 1462c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_IPV4 = StringRef::from_lit("backend-ipv4"); 1472c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_IPV6 = StringRef::from_lit("backend-ipv6"); 1482c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP_PROXY_URI = 1492c593315Sopenharmony_ci StringRef::from_lit("backend-http-proxy-uri"); 1502c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_READ_RATE = StringRef::from_lit("read-rate"); 1512c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_READ_BURST = StringRef::from_lit("read-burst"); 1522c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WRITE_RATE = StringRef::from_lit("write-rate"); 1532c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WRITE_BURST = StringRef::from_lit("write-burst"); 1542c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WORKER_READ_RATE = 1552c593315Sopenharmony_ci StringRef::from_lit("worker-read-rate"); 1562c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WORKER_READ_BURST = 1572c593315Sopenharmony_ci StringRef::from_lit("worker-read-burst"); 1582c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WORKER_WRITE_RATE = 1592c593315Sopenharmony_ci StringRef::from_lit("worker-write-rate"); 1602c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WORKER_WRITE_BURST = 1612c593315Sopenharmony_ci StringRef::from_lit("worker-write-burst"); 1622c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NPN_LIST = StringRef::from_lit("npn-list"); 1632c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_PROTO_LIST = StringRef::from_lit("tls-proto-list"); 1642c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_VERIFY_CLIENT = StringRef::from_lit("verify-client"); 1652c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_VERIFY_CLIENT_CACERT = 1662c593315Sopenharmony_ci StringRef::from_lit("verify-client-cacert"); 1672c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE = 1682c593315Sopenharmony_ci StringRef::from_lit("client-private-key-file"); 1692c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT_CERT_FILE = 1702c593315Sopenharmony_ci StringRef::from_lit("client-cert-file"); 1712c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER = 1722c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-dump-request-header"); 1732c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER = 1742c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-dump-response-header"); 1752c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_HTTP2_NO_COOKIE_CRUMBLING = 1762c593315Sopenharmony_ci StringRef::from_lit("http2-no-cookie-crumbling"); 1772c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_FRAME_DEBUG = 1782c593315Sopenharmony_ci StringRef::from_lit("frontend-frame-debug"); 1792c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_PADDING = StringRef::from_lit("padding"); 1802c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ALTSVC = StringRef::from_lit("altsvc"); 1812c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ADD_REQUEST_HEADER = 1822c593315Sopenharmony_ci StringRef::from_lit("add-request-header"); 1832c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ADD_RESPONSE_HEADER = 1842c593315Sopenharmony_ci StringRef::from_lit("add-response-header"); 1852c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WORKER_FRONTEND_CONNECTIONS = 1862c593315Sopenharmony_ci StringRef::from_lit("worker-frontend-connections"); 1872c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_LOCATION_REWRITE = 1882c593315Sopenharmony_ci StringRef::from_lit("no-location-rewrite"); 1892c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_HOST_REWRITE = 1902c593315Sopenharmony_ci StringRef::from_lit("no-host-rewrite"); 1912c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_HOST = 1922c593315Sopenharmony_ci StringRef::from_lit("backend-http1-connections-per-host"); 1932c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_FRONTEND = 1942c593315Sopenharmony_ci StringRef::from_lit("backend-http1-connections-per-frontend"); 1952c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_LISTENER_DISABLE_TIMEOUT = 1962c593315Sopenharmony_ci StringRef::from_lit("listener-disable-timeout"); 1972c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_FILE = 1982c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-file"); 1992c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_RLIMIT_NOFILE = StringRef::from_lit("rlimit-nofile"); 2002c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_REQUEST_BUFFER = 2012c593315Sopenharmony_ci StringRef::from_lit("backend-request-buffer"); 2022c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_RESPONSE_BUFFER = 2032c593315Sopenharmony_ci StringRef::from_lit("backend-response-buffer"); 2042c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_SERVER_PUSH = StringRef::from_lit("no-server-push"); 2052c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_CONNECTIONS_PER_WORKER = 2062c593315Sopenharmony_ci StringRef::from_lit("backend-http2-connections-per-worker"); 2072c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FETCH_OCSP_RESPONSE_FILE = 2082c593315Sopenharmony_ci StringRef::from_lit("fetch-ocsp-response-file"); 2092c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_OCSP_UPDATE_INTERVAL = 2102c593315Sopenharmony_ci StringRef::from_lit("ocsp-update-interval"); 2112c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_OCSP = StringRef::from_lit("no-ocsp"); 2122c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_HEADER_FIELD_BUFFER = 2132c593315Sopenharmony_ci StringRef::from_lit("header-field-buffer"); 2142c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_MAX_HEADER_FIELDS = 2152c593315Sopenharmony_ci StringRef::from_lit("max-header-fields"); 2162c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_INCLUDE = StringRef::from_lit("include"); 2172c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_CIPHER = 2182c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-cipher"); 2192c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_HOST_REWRITE = StringRef::from_lit("host-rewrite"); 2202c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED = 2212c593315Sopenharmony_ci StringRef::from_lit("tls-session-cache-memcached"); 2222c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED = 2232c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached"); 2242c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL = 2252c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached-interval"); 2262c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY = 2272c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached-max-retry"); 2282c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL = 2292c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached-max-fail"); 2302c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_MRUBY_FILE = StringRef::from_lit("mruby-file"); 2312c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ACCEPT_PROXY_PROTOCOL = 2322c593315Sopenharmony_ci StringRef::from_lit("accept-proxy-protocol"); 2332c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FASTOPEN = StringRef::from_lit("fastopen"); 2342c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_DYN_REC_WARMUP_THRESHOLD = 2352c593315Sopenharmony_ci StringRef::from_lit("tls-dyn-rec-warmup-threshold"); 2362c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_DYN_REC_IDLE_TIMEOUT = 2372c593315Sopenharmony_ci StringRef::from_lit("tls-dyn-rec-idle-timeout"); 2382c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ADD_FORWARDED = StringRef::from_lit("add-forwarded"); 2392c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_STRIP_INCOMING_FORWARDED = 2402c593315Sopenharmony_ci StringRef::from_lit("strip-incoming-forwarded"); 2412c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FORWARDED_BY = StringRef::from_lit("forwarded-by"); 2422c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FORWARDED_FOR = StringRef::from_lit("forwarded-for"); 2432c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_REQUEST_HEADER_FIELD_BUFFER = 2442c593315Sopenharmony_ci StringRef::from_lit("request-header-field-buffer"); 2452c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_MAX_REQUEST_HEADER_FIELDS = 2462c593315Sopenharmony_ci StringRef::from_lit("max-request-header-fields"); 2472c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_RESPONSE_HEADER_FIELD_BUFFER = 2482c593315Sopenharmony_ci StringRef::from_lit("response-header-field-buffer"); 2492c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_MAX_RESPONSE_HEADER_FIELDS = 2502c593315Sopenharmony_ci StringRef::from_lit("max-response-header-fields"); 2512c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_HTTP2_CIPHER_BLOCK_LIST = 2522c593315Sopenharmony_ci StringRef::from_lit("no-http2-cipher-block-list"); 2532c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_HTTP2_CIPHER_BLACK_LIST = 2542c593315Sopenharmony_ci StringRef::from_lit("no-http2-cipher-black-list"); 2552c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP1_TLS = 2562c593315Sopenharmony_ci StringRef::from_lit("backend-http1-tls"); 2572c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_TLS = 2582c593315Sopenharmony_ci StringRef::from_lit("tls-session-cache-memcached-tls"); 2592c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE = 2602c593315Sopenharmony_ci StringRef::from_lit("tls-session-cache-memcached-cert-file"); 2612c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE = 2622c593315Sopenharmony_ci StringRef::from_lit("tls-session-cache-memcached-private-key-file"); 2632c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY = 2642c593315Sopenharmony_ci StringRef::from_lit("tls-session-cache-memcached-address-family"); 2652c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_TLS = 2662c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached-tls"); 2672c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_CERT_FILE = 2682c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached-cert-file"); 2692c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE = 2702c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached-private-key-file"); 2712c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY = 2722c593315Sopenharmony_ci StringRef::from_lit("tls-ticket-key-memcached-address-family"); 2732c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_ADDRESS_FAMILY = 2742c593315Sopenharmony_ci StringRef::from_lit("backend-address-family"); 2752c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_MAX_CONCURRENT_STREAMS = 2762c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-max-concurrent-streams"); 2772c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_MAX_CONCURRENT_STREAMS = 2782c593315Sopenharmony_ci StringRef::from_lit("backend-http2-max-concurrent-streams"); 2792c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_CONNECTIONS_PER_FRONTEND = 2802c593315Sopenharmony_ci StringRef::from_lit("backend-connections-per-frontend"); 2812c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_TLS = StringRef::from_lit("backend-tls"); 2822c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_CONNECTIONS_PER_HOST = 2832c593315Sopenharmony_ci StringRef::from_lit("backend-connections-per-host"); 2842c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ERROR_PAGE = StringRef::from_lit("error-page"); 2852c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_KQUEUE = StringRef::from_lit("no-kqueue"); 2862c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_SETTINGS_TIMEOUT = 2872c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-settings-timeout"); 2882c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_SETTINGS_TIMEOUT = 2892c593315Sopenharmony_ci StringRef::from_lit("backend-http2-settings-timeout"); 2902c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_API_MAX_REQUEST_BODY = 2912c593315Sopenharmony_ci StringRef::from_lit("api-max-request-body"); 2922c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_MAX_BACKOFF = 2932c593315Sopenharmony_ci StringRef::from_lit("backend-max-backoff"); 2942c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_SERVER_NAME = StringRef::from_lit("server-name"); 2952c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_SERVER_REWRITE = 2962c593315Sopenharmony_ci StringRef::from_lit("no-server-rewrite"); 2972c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_OPTIMIZE_WRITE_BUFFER_SIZE = 2982c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-optimize-write-buffer-size"); 2992c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_OPTIMIZE_WINDOW_SIZE = 3002c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-optimize-window-size"); 3012c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_WINDOW_SIZE = 3022c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-window-size"); 3032c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_SIZE = 3042c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-connection-window-size"); 3052c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_WINDOW_SIZE = 3062c593315Sopenharmony_ci StringRef::from_lit("backend-http2-window-size"); 3072c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_SIZE = 3082c593315Sopenharmony_ci StringRef::from_lit("backend-http2-connection-window-size"); 3092c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE = 3102c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-encoder-dynamic-table-size"); 3112c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE = 3122c593315Sopenharmony_ci StringRef::from_lit("frontend-http2-decoder-dynamic-table-size"); 3132c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE = 3142c593315Sopenharmony_ci StringRef::from_lit("backend-http2-encoder-dynamic-table-size"); 3152c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE = 3162c593315Sopenharmony_ci StringRef::from_lit("backend-http2-decoder-dynamic-table-size"); 3172c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ECDH_CURVES = StringRef::from_lit("ecdh-curves"); 3182c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_SCT_DIR = StringRef::from_lit("tls-sct-dir"); 3192c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_BACKEND_CONNECT_TIMEOUT = 3202c593315Sopenharmony_ci StringRef::from_lit("backend-connect-timeout"); 3212c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_DNS_CACHE_TIMEOUT = 3222c593315Sopenharmony_ci StringRef::from_lit("dns-cache-timeout"); 3232c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_DNS_LOOKUP_TIMEOUT = 3242c593315Sopenharmony_ci StringRef::from_lit("dns-lookup-timeout"); 3252c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_DNS_MAX_TRY = StringRef::from_lit("dns-max-try"); 3262c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT = 3272c593315Sopenharmony_ci StringRef::from_lit("frontend-keep-alive-timeout"); 3282c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_PSK_SECRETS = StringRef::from_lit("psk-secrets"); 3292c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT_PSK_SECRETS = 3302c593315Sopenharmony_ci StringRef::from_lit("client-psk-secrets"); 3312c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLOCK_LIST = 3322c593315Sopenharmony_ci StringRef::from_lit("client-no-http2-cipher-block-list"); 3332c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST = 3342c593315Sopenharmony_ci StringRef::from_lit("client-no-http2-cipher-black-list"); 3352c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_CLIENT_CIPHERS = StringRef::from_lit("client-ciphers"); 3362c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_ACCESSLOG_WRITE_EARLY = 3372c593315Sopenharmony_ci StringRef::from_lit("accesslog-write-early"); 3382c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_MIN_PROTO_VERSION = 3392c593315Sopenharmony_ci StringRef::from_lit("tls-min-proto-version"); 3402c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_MAX_PROTO_VERSION = 3412c593315Sopenharmony_ci StringRef::from_lit("tls-max-proto-version"); 3422c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_REDIRECT_HTTPS_PORT = 3432c593315Sopenharmony_ci StringRef::from_lit("redirect-https-port"); 3442c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_MAX_REQUESTS = 3452c593315Sopenharmony_ci StringRef::from_lit("frontend-max-requests"); 3462c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_SINGLE_THREAD = StringRef::from_lit("single-thread"); 3472c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_SINGLE_PROCESS = StringRef::from_lit("single-process"); 3482c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_ADD_X_FORWARDED_PROTO = 3492c593315Sopenharmony_ci StringRef::from_lit("no-add-x-forwarded-proto"); 3502c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_STRIP_INCOMING_X_FORWARDED_PROTO = 3512c593315Sopenharmony_ci StringRef::from_lit("no-strip-incoming-x-forwarded-proto"); 3522c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_OCSP_STARTUP = StringRef::from_lit("ocsp-startup"); 3532c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_VERIFY_OCSP = StringRef::from_lit("no-verify-ocsp"); 3542c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_VERIFY_CLIENT_TOLERATE_EXPIRED = 3552c593315Sopenharmony_ci StringRef::from_lit("verify-client-tolerate-expired"); 3562c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_IGNORE_PER_PATTERN_MRUBY_ERROR = 3572c593315Sopenharmony_ci StringRef::from_lit("ignore-per-pattern-mruby-error"); 3582c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_NO_POSTPONE_EARLY_DATA = 3592c593315Sopenharmony_ci StringRef::from_lit("tls-no-postpone-early-data"); 3602c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_MAX_EARLY_DATA = 3612c593315Sopenharmony_ci StringRef::from_lit("tls-max-early-data"); 3622c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS13_CIPHERS = StringRef::from_lit("tls13-ciphers"); 3632c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS13_CLIENT_CIPHERS = 3642c593315Sopenharmony_ci StringRef::from_lit("tls13-client-ciphers"); 3652c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_STRIP_INCOMING_EARLY_DATA = 3662c593315Sopenharmony_ci StringRef::from_lit("no-strip-incoming-early-data"); 3672c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_QUIC_BPF_PROGRAM_FILE = 3682c593315Sopenharmony_ci StringRef::from_lit("quic-bpf-program-file"); 3692c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_NO_QUIC_BPF = StringRef::from_lit("no-quic-bpf"); 3702c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_HTTP2_ALTSVC = StringRef::from_lit("http2-altsvc"); 3712c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP3_READ_TIMEOUT = 3722c593315Sopenharmony_ci StringRef::from_lit("frontend-http3-read-timeout"); 3732c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_IDLE_TIMEOUT = 3742c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-idle-timeout"); 3752c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_DEBUG_LOG = 3762c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-debug-log"); 3772c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP3_WINDOW_SIZE = 3782c593315Sopenharmony_ci StringRef::from_lit("frontend-http3-window-size"); 3792c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP3_CONNECTION_WINDOW_SIZE = 3802c593315Sopenharmony_ci StringRef::from_lit("frontend-http3-connection-window-size"); 3812c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP3_MAX_WINDOW_SIZE = 3822c593315Sopenharmony_ci StringRef::from_lit("frontend-http3-max-window-size"); 3832c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP3_MAX_CONNECTION_WINDOW_SIZE = 3842c593315Sopenharmony_ci StringRef::from_lit("frontend-http3-max-connection-window-size"); 3852c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_HTTP3_MAX_CONCURRENT_STREAMS = 3862c593315Sopenharmony_ci StringRef::from_lit("frontend-http3-max-concurrent-streams"); 3872c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_EARLY_DATA = 3882c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-early-data"); 3892c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_QLOG_DIR = 3902c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-qlog-dir"); 3912c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_REQUIRE_TOKEN = 3922c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-require-token"); 3932c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_CONGESTION_CONTROLLER = 3942c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-congestion-controller"); 3952c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_QUIC_SERVER_ID = StringRef::from_lit("quic-server-id"); 3962c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE = 3972c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-secret-file"); 3982c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_RLIMIT_MEMLOCK = StringRef::from_lit("rlimit-memlock"); 3992c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_MAX_WORKER_PROCESSES = 4002c593315Sopenharmony_ci StringRef::from_lit("max-worker-processes"); 4012c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_WORKER_PROCESS_GRACE_SHUTDOWN_PERIOD = 4022c593315Sopenharmony_ci StringRef::from_lit("worker-process-grace-shutdown-period"); 4032c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_FRONTEND_QUIC_INITIAL_RTT = 4042c593315Sopenharmony_ci StringRef::from_lit("frontend-quic-initial-rtt"); 4052c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_REQUIRE_HTTP_SCHEME = 4062c593315Sopenharmony_ci StringRef::from_lit("require-http-scheme"); 4072c593315Sopenharmony_ciconstexpr auto SHRPX_OPT_TLS_KTLS = StringRef::from_lit("tls-ktls"); 4082c593315Sopenharmony_ci 4092c593315Sopenharmony_ciconstexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8; 4102c593315Sopenharmony_ci 4112c593315Sopenharmony_ciconstexpr char DEFAULT_DOWNSTREAM_HOST[] = "127.0.0.1"; 4122c593315Sopenharmony_ciconstexpr int16_t DEFAULT_DOWNSTREAM_PORT = 80; 4132c593315Sopenharmony_ci 4142c593315Sopenharmony_cienum class Proto { 4152c593315Sopenharmony_ci NONE, 4162c593315Sopenharmony_ci HTTP1, 4172c593315Sopenharmony_ci HTTP2, 4182c593315Sopenharmony_ci HTTP3, 4192c593315Sopenharmony_ci MEMCACHED, 4202c593315Sopenharmony_ci}; 4212c593315Sopenharmony_ci 4222c593315Sopenharmony_cienum class SessionAffinity { 4232c593315Sopenharmony_ci // No session affinity 4242c593315Sopenharmony_ci NONE, 4252c593315Sopenharmony_ci // Client IP affinity 4262c593315Sopenharmony_ci IP, 4272c593315Sopenharmony_ci // Cookie based affinity 4282c593315Sopenharmony_ci COOKIE, 4292c593315Sopenharmony_ci}; 4302c593315Sopenharmony_ci 4312c593315Sopenharmony_cienum class SessionAffinityCookieSecure { 4322c593315Sopenharmony_ci // Secure attribute of session affinity cookie is determined by the 4332c593315Sopenharmony_ci // request scheme. 4342c593315Sopenharmony_ci AUTO, 4352c593315Sopenharmony_ci // Secure attribute of session affinity cookie is always set. 4362c593315Sopenharmony_ci YES, 4372c593315Sopenharmony_ci // Secure attribute of session affinity cookie is always unset. 4382c593315Sopenharmony_ci NO, 4392c593315Sopenharmony_ci}; 4402c593315Sopenharmony_ci 4412c593315Sopenharmony_cienum class SessionAffinityCookieStickiness { 4422c593315Sopenharmony_ci // Backend server might be changed when an existing backend server 4432c593315Sopenharmony_ci // is removed, or new backend server is added. 4442c593315Sopenharmony_ci LOOSE, 4452c593315Sopenharmony_ci // Backend server might be changed when a designated backend server 4462c593315Sopenharmony_ci // is removed, but adding new backend server does not cause 4472c593315Sopenharmony_ci // breakage. 4482c593315Sopenharmony_ci STRICT, 4492c593315Sopenharmony_ci}; 4502c593315Sopenharmony_ci 4512c593315Sopenharmony_cistruct AffinityConfig { 4522c593315Sopenharmony_ci // Type of session affinity. 4532c593315Sopenharmony_ci SessionAffinity type; 4542c593315Sopenharmony_ci struct { 4552c593315Sopenharmony_ci // Name of a cookie to use. 4562c593315Sopenharmony_ci StringRef name; 4572c593315Sopenharmony_ci // Path which a cookie is applied to. 4582c593315Sopenharmony_ci StringRef path; 4592c593315Sopenharmony_ci // Secure attribute 4602c593315Sopenharmony_ci SessionAffinityCookieSecure secure; 4612c593315Sopenharmony_ci // Affinity Stickiness 4622c593315Sopenharmony_ci SessionAffinityCookieStickiness stickiness; 4632c593315Sopenharmony_ci } cookie; 4642c593315Sopenharmony_ci}; 4652c593315Sopenharmony_ci 4662c593315Sopenharmony_cienum shrpx_forwarded_param { 4672c593315Sopenharmony_ci FORWARDED_NONE = 0, 4682c593315Sopenharmony_ci FORWARDED_BY = 0x1, 4692c593315Sopenharmony_ci FORWARDED_FOR = 0x2, 4702c593315Sopenharmony_ci FORWARDED_HOST = 0x4, 4712c593315Sopenharmony_ci FORWARDED_PROTO = 0x8, 4722c593315Sopenharmony_ci}; 4732c593315Sopenharmony_ci 4742c593315Sopenharmony_cienum class ForwardedNode { 4752c593315Sopenharmony_ci OBFUSCATED, 4762c593315Sopenharmony_ci IP, 4772c593315Sopenharmony_ci}; 4782c593315Sopenharmony_ci 4792c593315Sopenharmony_cistruct AltSvc { 4802c593315Sopenharmony_ci StringRef protocol_id, host, origin, service, params; 4812c593315Sopenharmony_ci 4822c593315Sopenharmony_ci uint16_t port; 4832c593315Sopenharmony_ci}; 4842c593315Sopenharmony_ci 4852c593315Sopenharmony_cienum class UpstreamAltMode { 4862c593315Sopenharmony_ci // No alternative mode 4872c593315Sopenharmony_ci NONE, 4882c593315Sopenharmony_ci // API processing mode 4892c593315Sopenharmony_ci API, 4902c593315Sopenharmony_ci // Health monitor mode 4912c593315Sopenharmony_ci HEALTHMON, 4922c593315Sopenharmony_ci}; 4932c593315Sopenharmony_ci 4942c593315Sopenharmony_cistruct UpstreamAddr { 4952c593315Sopenharmony_ci // The unique index of this address. 4962c593315Sopenharmony_ci size_t index; 4972c593315Sopenharmony_ci // The frontend address (e.g., FQDN, hostname, IP address). If 4982c593315Sopenharmony_ci // |host_unix| is true, this is UNIX domain socket path. This must 4992c593315Sopenharmony_ci // be NULL terminated string. 5002c593315Sopenharmony_ci StringRef host; 5012c593315Sopenharmony_ci // For TCP socket, this is <IP address>:<PORT>. For IPv6 address, 5022c593315Sopenharmony_ci // address is surrounded by square brackets. If socket is UNIX 5032c593315Sopenharmony_ci // domain socket, this is "localhost". 5042c593315Sopenharmony_ci StringRef hostport; 5052c593315Sopenharmony_ci // frontend port. 0 if |host_unix| is true. 5062c593315Sopenharmony_ci uint16_t port; 5072c593315Sopenharmony_ci // For TCP socket, this is either AF_INET or AF_INET6. For UNIX 5082c593315Sopenharmony_ci // domain socket, this is 0. 5092c593315Sopenharmony_ci int family; 5102c593315Sopenharmony_ci // Alternate mode 5112c593315Sopenharmony_ci UpstreamAltMode alt_mode; 5122c593315Sopenharmony_ci // true if |host| contains UNIX domain socket path. 5132c593315Sopenharmony_ci bool host_unix; 5142c593315Sopenharmony_ci // true if TLS is enabled. 5152c593315Sopenharmony_ci bool tls; 5162c593315Sopenharmony_ci // true if SNI host should be used as a host when selecting backend 5172c593315Sopenharmony_ci // server. 5182c593315Sopenharmony_ci bool sni_fwd; 5192c593315Sopenharmony_ci // true if client is supposed to send PROXY protocol v1 header. 5202c593315Sopenharmony_ci bool accept_proxy_protocol; 5212c593315Sopenharmony_ci bool quic; 5222c593315Sopenharmony_ci int fd; 5232c593315Sopenharmony_ci}; 5242c593315Sopenharmony_ci 5252c593315Sopenharmony_cistruct DownstreamAddrConfig { 5262c593315Sopenharmony_ci // Resolved address if |dns| is false 5272c593315Sopenharmony_ci Address addr; 5282c593315Sopenharmony_ci // backend address. If |host_unix| is true, this is UNIX domain 5292c593315Sopenharmony_ci // socket path. This must be NULL terminated string. 5302c593315Sopenharmony_ci StringRef host; 5312c593315Sopenharmony_ci // <HOST>:<PORT>. This does not treat 80 and 443 specially. If 5322c593315Sopenharmony_ci // |host_unix| is true, this is "localhost". 5332c593315Sopenharmony_ci StringRef hostport; 5342c593315Sopenharmony_ci // hostname sent as SNI field 5352c593315Sopenharmony_ci StringRef sni; 5362c593315Sopenharmony_ci // name of group which this address belongs to. 5372c593315Sopenharmony_ci StringRef group; 5382c593315Sopenharmony_ci size_t fall; 5392c593315Sopenharmony_ci size_t rise; 5402c593315Sopenharmony_ci // weight of this address inside a weight group. Its range is [1, 5412c593315Sopenharmony_ci // 256], inclusive. 5422c593315Sopenharmony_ci uint32_t weight; 5432c593315Sopenharmony_ci // weight of the weight group. Its range is [1, 256], inclusive. 5442c593315Sopenharmony_ci uint32_t group_weight; 5452c593315Sopenharmony_ci // affinity hash for this address. It is assigned when strict 5462c593315Sopenharmony_ci // stickiness is enabled. 5472c593315Sopenharmony_ci uint32_t affinity_hash; 5482c593315Sopenharmony_ci // Application protocol used in this group 5492c593315Sopenharmony_ci Proto proto; 5502c593315Sopenharmony_ci // backend port. 0 if |host_unix| is true. 5512c593315Sopenharmony_ci uint16_t port; 5522c593315Sopenharmony_ci // true if |host| contains UNIX domain socket path. 5532c593315Sopenharmony_ci bool host_unix; 5542c593315Sopenharmony_ci bool tls; 5552c593315Sopenharmony_ci // true if dynamic DNS is enabled 5562c593315Sopenharmony_ci bool dns; 5572c593315Sopenharmony_ci // true if :scheme pseudo header field should be upgraded to secure 5582c593315Sopenharmony_ci // variant (e.g., "https") when forwarding request to a backend 5592c593315Sopenharmony_ci // connected by TLS connection. 5602c593315Sopenharmony_ci bool upgrade_scheme; 5612c593315Sopenharmony_ci // true if a request should not be forwarded to a backend. 5622c593315Sopenharmony_ci bool dnf; 5632c593315Sopenharmony_ci}; 5642c593315Sopenharmony_ci 5652c593315Sopenharmony_ci// Mapping hash to idx which is an index into 5662c593315Sopenharmony_ci// DownstreamAddrGroupConfig::addrs. 5672c593315Sopenharmony_cistruct AffinityHash { 5682c593315Sopenharmony_ci AffinityHash(size_t idx, uint32_t hash) : idx(idx), hash(hash) {} 5692c593315Sopenharmony_ci 5702c593315Sopenharmony_ci size_t idx; 5712c593315Sopenharmony_ci uint32_t hash; 5722c593315Sopenharmony_ci}; 5732c593315Sopenharmony_ci 5742c593315Sopenharmony_cistruct DownstreamAddrGroupConfig { 5752c593315Sopenharmony_ci DownstreamAddrGroupConfig(const StringRef &pattern) 5762c593315Sopenharmony_ci : pattern(pattern), 5772c593315Sopenharmony_ci affinity{SessionAffinity::NONE}, 5782c593315Sopenharmony_ci redirect_if_not_tls(false), 5792c593315Sopenharmony_ci dnf{false}, 5802c593315Sopenharmony_ci timeout{} {} 5812c593315Sopenharmony_ci 5822c593315Sopenharmony_ci StringRef pattern; 5832c593315Sopenharmony_ci StringRef mruby_file; 5842c593315Sopenharmony_ci std::vector<DownstreamAddrConfig> addrs; 5852c593315Sopenharmony_ci // Bunch of session affinity hash. Only used if affinity == 5862c593315Sopenharmony_ci // SessionAffinity::IP. 5872c593315Sopenharmony_ci std::vector<AffinityHash> affinity_hash; 5882c593315Sopenharmony_ci // Maps affinity hash of each DownstreamAddrConfig to its index in 5892c593315Sopenharmony_ci // addrs. It is only assigned when strict stickiness is enabled. 5902c593315Sopenharmony_ci std::unordered_map<uint32_t, size_t> affinity_hash_map; 5912c593315Sopenharmony_ci // Cookie based session affinity configuration. 5922c593315Sopenharmony_ci AffinityConfig affinity; 5932c593315Sopenharmony_ci // true if this group requires that client connection must be TLS, 5942c593315Sopenharmony_ci // and the request must be redirected to https URI. 5952c593315Sopenharmony_ci bool redirect_if_not_tls; 5962c593315Sopenharmony_ci // true if a request should not be forwarded to a backend. 5972c593315Sopenharmony_ci bool dnf; 5982c593315Sopenharmony_ci // Timeouts for backend connection. 5992c593315Sopenharmony_ci struct { 6002c593315Sopenharmony_ci ev_tstamp read; 6012c593315Sopenharmony_ci ev_tstamp write; 6022c593315Sopenharmony_ci } timeout; 6032c593315Sopenharmony_ci}; 6042c593315Sopenharmony_ci 6052c593315Sopenharmony_cistruct TicketKey { 6062c593315Sopenharmony_ci const EVP_CIPHER *cipher; 6072c593315Sopenharmony_ci const EVP_MD *hmac; 6082c593315Sopenharmony_ci size_t hmac_keylen; 6092c593315Sopenharmony_ci struct { 6102c593315Sopenharmony_ci // name of this ticket configuration 6112c593315Sopenharmony_ci std::array<uint8_t, 16> name; 6122c593315Sopenharmony_ci // encryption key for |cipher| 6132c593315Sopenharmony_ci std::array<uint8_t, 32> enc_key; 6142c593315Sopenharmony_ci // hmac key for |hmac| 6152c593315Sopenharmony_ci std::array<uint8_t, 32> hmac_key; 6162c593315Sopenharmony_ci } data; 6172c593315Sopenharmony_ci}; 6182c593315Sopenharmony_ci 6192c593315Sopenharmony_cistruct TicketKeys { 6202c593315Sopenharmony_ci ~TicketKeys(); 6212c593315Sopenharmony_ci std::vector<TicketKey> keys; 6222c593315Sopenharmony_ci}; 6232c593315Sopenharmony_ci 6242c593315Sopenharmony_cistruct TLSCertificate { 6252c593315Sopenharmony_ci TLSCertificate(StringRef private_key_file, StringRef cert_file, 6262c593315Sopenharmony_ci std::vector<uint8_t> sct_data) 6272c593315Sopenharmony_ci : private_key_file(std::move(private_key_file)), 6282c593315Sopenharmony_ci cert_file(std::move(cert_file)), 6292c593315Sopenharmony_ci sct_data(std::move(sct_data)) {} 6302c593315Sopenharmony_ci 6312c593315Sopenharmony_ci StringRef private_key_file; 6322c593315Sopenharmony_ci StringRef cert_file; 6332c593315Sopenharmony_ci std::vector<uint8_t> sct_data; 6342c593315Sopenharmony_ci}; 6352c593315Sopenharmony_ci 6362c593315Sopenharmony_ci#ifdef ENABLE_HTTP3 6372c593315Sopenharmony_cistruct QUICKeyingMaterial { 6382c593315Sopenharmony_ci std::array<uint8_t, SHRPX_QUIC_SECRET_RESERVEDLEN> reserved; 6392c593315Sopenharmony_ci std::array<uint8_t, SHRPX_QUIC_SECRETLEN> secret; 6402c593315Sopenharmony_ci std::array<uint8_t, SHRPX_QUIC_SALTLEN> salt; 6412c593315Sopenharmony_ci std::array<uint8_t, SHRPX_QUIC_CID_ENCRYPTION_KEYLEN> cid_encryption_key; 6422c593315Sopenharmony_ci // Identifier of this keying material. Only the first 2 bits are 6432c593315Sopenharmony_ci // used. 6442c593315Sopenharmony_ci uint8_t id; 6452c593315Sopenharmony_ci}; 6462c593315Sopenharmony_ci 6472c593315Sopenharmony_cistruct QUICKeyingMaterials { 6482c593315Sopenharmony_ci std::vector<QUICKeyingMaterial> keying_materials; 6492c593315Sopenharmony_ci}; 6502c593315Sopenharmony_ci#endif // ENABLE_HTTP3 6512c593315Sopenharmony_ci 6522c593315Sopenharmony_cistruct HttpProxy { 6532c593315Sopenharmony_ci Address addr; 6542c593315Sopenharmony_ci // host in http proxy URI 6552c593315Sopenharmony_ci StringRef host; 6562c593315Sopenharmony_ci // userinfo in http proxy URI, not percent-encoded form 6572c593315Sopenharmony_ci StringRef userinfo; 6582c593315Sopenharmony_ci // port in http proxy URI 6592c593315Sopenharmony_ci uint16_t port; 6602c593315Sopenharmony_ci}; 6612c593315Sopenharmony_ci 6622c593315Sopenharmony_cistruct TLSConfig { 6632c593315Sopenharmony_ci // RFC 5077 Session ticket related configurations 6642c593315Sopenharmony_ci struct { 6652c593315Sopenharmony_ci struct { 6662c593315Sopenharmony_ci Address addr; 6672c593315Sopenharmony_ci uint16_t port; 6682c593315Sopenharmony_ci // Hostname of memcached server. This is also used as SNI field 6692c593315Sopenharmony_ci // if TLS is enabled. 6702c593315Sopenharmony_ci StringRef host; 6712c593315Sopenharmony_ci // Client private key and certificate for authentication 6722c593315Sopenharmony_ci StringRef private_key_file; 6732c593315Sopenharmony_ci StringRef cert_file; 6742c593315Sopenharmony_ci ev_tstamp interval; 6752c593315Sopenharmony_ci // Maximum number of retries when getting TLS ticket key from 6762c593315Sopenharmony_ci // mamcached, due to network error. 6772c593315Sopenharmony_ci size_t max_retry; 6782c593315Sopenharmony_ci // Maximum number of consecutive error from memcached, when this 6792c593315Sopenharmony_ci // limit reached, TLS ticket is disabled. 6802c593315Sopenharmony_ci size_t max_fail; 6812c593315Sopenharmony_ci // Address family of memcached connection. One of either 6822c593315Sopenharmony_ci // AF_INET, AF_INET6 or AF_UNSPEC. 6832c593315Sopenharmony_ci int family; 6842c593315Sopenharmony_ci bool tls; 6852c593315Sopenharmony_ci } memcached; 6862c593315Sopenharmony_ci std::vector<StringRef> files; 6872c593315Sopenharmony_ci const EVP_CIPHER *cipher; 6882c593315Sopenharmony_ci // true if --tls-ticket-key-cipher is used 6892c593315Sopenharmony_ci bool cipher_given; 6902c593315Sopenharmony_ci } ticket; 6912c593315Sopenharmony_ci 6922c593315Sopenharmony_ci // Session cache related configurations 6932c593315Sopenharmony_ci struct { 6942c593315Sopenharmony_ci struct { 6952c593315Sopenharmony_ci Address addr; 6962c593315Sopenharmony_ci uint16_t port; 6972c593315Sopenharmony_ci // Hostname of memcached server. This is also used as SNI field 6982c593315Sopenharmony_ci // if TLS is enabled. 6992c593315Sopenharmony_ci StringRef host; 7002c593315Sopenharmony_ci // Client private key and certificate for authentication 7012c593315Sopenharmony_ci StringRef private_key_file; 7022c593315Sopenharmony_ci StringRef cert_file; 7032c593315Sopenharmony_ci // Address family of memcached connection. One of either 7042c593315Sopenharmony_ci // AF_INET, AF_INET6 or AF_UNSPEC. 7052c593315Sopenharmony_ci int family; 7062c593315Sopenharmony_ci bool tls; 7072c593315Sopenharmony_ci } memcached; 7082c593315Sopenharmony_ci } session_cache; 7092c593315Sopenharmony_ci 7102c593315Sopenharmony_ci // Dynamic record sizing configurations 7112c593315Sopenharmony_ci struct { 7122c593315Sopenharmony_ci size_t warmup_threshold; 7132c593315Sopenharmony_ci ev_tstamp idle_timeout; 7142c593315Sopenharmony_ci } dyn_rec; 7152c593315Sopenharmony_ci 7162c593315Sopenharmony_ci // OCSP related configurations 7172c593315Sopenharmony_ci struct { 7182c593315Sopenharmony_ci ev_tstamp update_interval; 7192c593315Sopenharmony_ci StringRef fetch_ocsp_response_file; 7202c593315Sopenharmony_ci bool disabled; 7212c593315Sopenharmony_ci bool startup; 7222c593315Sopenharmony_ci bool no_verify; 7232c593315Sopenharmony_ci } ocsp; 7242c593315Sopenharmony_ci 7252c593315Sopenharmony_ci // Client verification configurations 7262c593315Sopenharmony_ci struct { 7272c593315Sopenharmony_ci // Path to file containing CA certificate solely used for client 7282c593315Sopenharmony_ci // certificate validation 7292c593315Sopenharmony_ci StringRef cacert; 7302c593315Sopenharmony_ci bool enabled; 7312c593315Sopenharmony_ci // true if we accept an expired client certificate. 7322c593315Sopenharmony_ci bool tolerate_expired; 7332c593315Sopenharmony_ci } client_verify; 7342c593315Sopenharmony_ci 7352c593315Sopenharmony_ci // Client (backend connection) TLS configuration. 7362c593315Sopenharmony_ci struct { 7372c593315Sopenharmony_ci // Client PSK configuration 7382c593315Sopenharmony_ci struct { 7392c593315Sopenharmony_ci // identity must be NULL terminated string. 7402c593315Sopenharmony_ci StringRef identity; 7412c593315Sopenharmony_ci StringRef secret; 7422c593315Sopenharmony_ci } psk; 7432c593315Sopenharmony_ci StringRef private_key_file; 7442c593315Sopenharmony_ci StringRef cert_file; 7452c593315Sopenharmony_ci StringRef ciphers; 7462c593315Sopenharmony_ci StringRef tls13_ciphers; 7472c593315Sopenharmony_ci bool no_http2_cipher_block_list; 7482c593315Sopenharmony_ci } client; 7492c593315Sopenharmony_ci 7502c593315Sopenharmony_ci // PSK secrets. The key is identity, and the associated value is 7512c593315Sopenharmony_ci // its secret. 7522c593315Sopenharmony_ci std::map<StringRef, StringRef> psk_secrets; 7532c593315Sopenharmony_ci // The list of additional TLS certificate pair 7542c593315Sopenharmony_ci std::vector<TLSCertificate> subcerts; 7552c593315Sopenharmony_ci std::vector<unsigned char> alpn_prefs; 7562c593315Sopenharmony_ci // list of supported NPN/ALPN protocol strings in the order of 7572c593315Sopenharmony_ci // preference. 7582c593315Sopenharmony_ci std::vector<StringRef> npn_list; 7592c593315Sopenharmony_ci // list of supported SSL/TLS protocol strings. 7602c593315Sopenharmony_ci std::vector<StringRef> tls_proto_list; 7612c593315Sopenharmony_ci std::vector<uint8_t> sct_data; 7622c593315Sopenharmony_ci BIO_METHOD *bio_method; 7632c593315Sopenharmony_ci // Bit mask to disable SSL/TLS protocol versions. This will be 7642c593315Sopenharmony_ci // passed to SSL_CTX_set_options(). 7652c593315Sopenharmony_ci long int tls_proto_mask; 7662c593315Sopenharmony_ci StringRef backend_sni_name; 7672c593315Sopenharmony_ci std::chrono::seconds session_timeout; 7682c593315Sopenharmony_ci StringRef private_key_file; 7692c593315Sopenharmony_ci StringRef private_key_passwd; 7702c593315Sopenharmony_ci StringRef cert_file; 7712c593315Sopenharmony_ci StringRef dh_param_file; 7722c593315Sopenharmony_ci StringRef ciphers; 7732c593315Sopenharmony_ci StringRef tls13_ciphers; 7742c593315Sopenharmony_ci StringRef ecdh_curves; 7752c593315Sopenharmony_ci StringRef cacert; 7762c593315Sopenharmony_ci // The maximum amount of 0-RTT data that server accepts. 7772c593315Sopenharmony_ci uint32_t max_early_data; 7782c593315Sopenharmony_ci // The minimum and maximum TLS version. These values are defined in 7792c593315Sopenharmony_ci // OpenSSL header file. 7802c593315Sopenharmony_ci int min_proto_version; 7812c593315Sopenharmony_ci int max_proto_version; 7822c593315Sopenharmony_ci bool insecure; 7832c593315Sopenharmony_ci bool no_http2_cipher_block_list; 7842c593315Sopenharmony_ci // true if forwarding requests included in TLS early data should not 7852c593315Sopenharmony_ci // be postponed until TLS handshake finishes. 7862c593315Sopenharmony_ci bool no_postpone_early_data; 7872c593315Sopenharmony_ci bool ktls; 7882c593315Sopenharmony_ci}; 7892c593315Sopenharmony_ci 7902c593315Sopenharmony_ci#ifdef ENABLE_HTTP3 7912c593315Sopenharmony_cistruct QUICConfig { 7922c593315Sopenharmony_ci struct { 7932c593315Sopenharmony_ci struct { 7942c593315Sopenharmony_ci ev_tstamp idle; 7952c593315Sopenharmony_ci } timeout; 7962c593315Sopenharmony_ci struct { 7972c593315Sopenharmony_ci bool log; 7982c593315Sopenharmony_ci } debug; 7992c593315Sopenharmony_ci struct { 8002c593315Sopenharmony_ci StringRef dir; 8012c593315Sopenharmony_ci } qlog; 8022c593315Sopenharmony_ci ngtcp2_cc_algo congestion_controller; 8032c593315Sopenharmony_ci bool early_data; 8042c593315Sopenharmony_ci bool require_token; 8052c593315Sopenharmony_ci StringRef secret_file; 8062c593315Sopenharmony_ci ev_tstamp initial_rtt; 8072c593315Sopenharmony_ci } upstream; 8082c593315Sopenharmony_ci struct { 8092c593315Sopenharmony_ci StringRef prog_file; 8102c593315Sopenharmony_ci bool disabled; 8112c593315Sopenharmony_ci } bpf; 8122c593315Sopenharmony_ci std::array<uint8_t, SHRPX_QUIC_SERVER_IDLEN> server_id; 8132c593315Sopenharmony_ci}; 8142c593315Sopenharmony_ci 8152c593315Sopenharmony_cistruct Http3Config { 8162c593315Sopenharmony_ci struct { 8172c593315Sopenharmony_ci size_t max_concurrent_streams; 8182c593315Sopenharmony_ci int32_t window_size; 8192c593315Sopenharmony_ci int32_t connection_window_size; 8202c593315Sopenharmony_ci int32_t max_window_size; 8212c593315Sopenharmony_ci int32_t max_connection_window_size; 8222c593315Sopenharmony_ci } upstream; 8232c593315Sopenharmony_ci}; 8242c593315Sopenharmony_ci#endif // ENABLE_HTTP3 8252c593315Sopenharmony_ci 8262c593315Sopenharmony_ci// custom error page 8272c593315Sopenharmony_cistruct ErrorPage { 8282c593315Sopenharmony_ci // not NULL-terminated 8292c593315Sopenharmony_ci std::vector<uint8_t> content; 8302c593315Sopenharmony_ci // 0 is special value, and it matches all HTTP status code. 8312c593315Sopenharmony_ci unsigned int http_status; 8322c593315Sopenharmony_ci}; 8332c593315Sopenharmony_ci 8342c593315Sopenharmony_cistruct HttpConfig { 8352c593315Sopenharmony_ci struct { 8362c593315Sopenharmony_ci // obfuscated value used in "by" parameter of Forwarded header 8372c593315Sopenharmony_ci // field. This is only used when user defined static obfuscated 8382c593315Sopenharmony_ci // string is provided. 8392c593315Sopenharmony_ci StringRef by_obfuscated; 8402c593315Sopenharmony_ci // bitwise-OR of one or more of shrpx_forwarded_param values. 8412c593315Sopenharmony_ci uint32_t params; 8422c593315Sopenharmony_ci // type of value recorded in "by" parameter of Forwarded header 8432c593315Sopenharmony_ci // field. 8442c593315Sopenharmony_ci ForwardedNode by_node_type; 8452c593315Sopenharmony_ci // type of value recorded in "for" parameter of Forwarded header 8462c593315Sopenharmony_ci // field. 8472c593315Sopenharmony_ci ForwardedNode for_node_type; 8482c593315Sopenharmony_ci bool strip_incoming; 8492c593315Sopenharmony_ci } forwarded; 8502c593315Sopenharmony_ci struct { 8512c593315Sopenharmony_ci bool add; 8522c593315Sopenharmony_ci bool strip_incoming; 8532c593315Sopenharmony_ci } xff; 8542c593315Sopenharmony_ci struct { 8552c593315Sopenharmony_ci bool add; 8562c593315Sopenharmony_ci bool strip_incoming; 8572c593315Sopenharmony_ci } xfp; 8582c593315Sopenharmony_ci struct { 8592c593315Sopenharmony_ci bool strip_incoming; 8602c593315Sopenharmony_ci } early_data; 8612c593315Sopenharmony_ci std::vector<AltSvc> altsvcs; 8622c593315Sopenharmony_ci // altsvcs serialized in a wire format. 8632c593315Sopenharmony_ci StringRef altsvc_header_value; 8642c593315Sopenharmony_ci std::vector<AltSvc> http2_altsvcs; 8652c593315Sopenharmony_ci // http2_altsvcs serialized in a wire format. 8662c593315Sopenharmony_ci StringRef http2_altsvc_header_value; 8672c593315Sopenharmony_ci std::vector<ErrorPage> error_pages; 8682c593315Sopenharmony_ci HeaderRefs add_request_headers; 8692c593315Sopenharmony_ci HeaderRefs add_response_headers; 8702c593315Sopenharmony_ci StringRef server_name; 8712c593315Sopenharmony_ci // Port number which appears in Location header field when https 8722c593315Sopenharmony_ci // redirect is made. 8732c593315Sopenharmony_ci StringRef redirect_https_port; 8742c593315Sopenharmony_ci size_t request_header_field_buffer; 8752c593315Sopenharmony_ci size_t max_request_header_fields; 8762c593315Sopenharmony_ci size_t response_header_field_buffer; 8772c593315Sopenharmony_ci size_t max_response_header_fields; 8782c593315Sopenharmony_ci size_t max_requests; 8792c593315Sopenharmony_ci bool no_via; 8802c593315Sopenharmony_ci bool no_location_rewrite; 8812c593315Sopenharmony_ci bool no_host_rewrite; 8822c593315Sopenharmony_ci bool no_server_rewrite; 8832c593315Sopenharmony_ci bool require_http_scheme; 8842c593315Sopenharmony_ci}; 8852c593315Sopenharmony_ci 8862c593315Sopenharmony_cistruct Http2Config { 8872c593315Sopenharmony_ci struct { 8882c593315Sopenharmony_ci struct { 8892c593315Sopenharmony_ci struct { 8902c593315Sopenharmony_ci StringRef request_header_file; 8912c593315Sopenharmony_ci StringRef response_header_file; 8922c593315Sopenharmony_ci FILE *request_header; 8932c593315Sopenharmony_ci FILE *response_header; 8942c593315Sopenharmony_ci } dump; 8952c593315Sopenharmony_ci bool frame_debug; 8962c593315Sopenharmony_ci } debug; 8972c593315Sopenharmony_ci struct { 8982c593315Sopenharmony_ci ev_tstamp settings; 8992c593315Sopenharmony_ci } timeout; 9002c593315Sopenharmony_ci nghttp2_option *option; 9012c593315Sopenharmony_ci nghttp2_option *alt_mode_option; 9022c593315Sopenharmony_ci nghttp2_session_callbacks *callbacks; 9032c593315Sopenharmony_ci size_t max_concurrent_streams; 9042c593315Sopenharmony_ci size_t encoder_dynamic_table_size; 9052c593315Sopenharmony_ci size_t decoder_dynamic_table_size; 9062c593315Sopenharmony_ci int32_t window_size; 9072c593315Sopenharmony_ci int32_t connection_window_size; 9082c593315Sopenharmony_ci bool optimize_write_buffer_size; 9092c593315Sopenharmony_ci bool optimize_window_size; 9102c593315Sopenharmony_ci } upstream; 9112c593315Sopenharmony_ci struct { 9122c593315Sopenharmony_ci struct { 9132c593315Sopenharmony_ci ev_tstamp settings; 9142c593315Sopenharmony_ci } timeout; 9152c593315Sopenharmony_ci nghttp2_option *option; 9162c593315Sopenharmony_ci nghttp2_session_callbacks *callbacks; 9172c593315Sopenharmony_ci size_t encoder_dynamic_table_size; 9182c593315Sopenharmony_ci size_t decoder_dynamic_table_size; 9192c593315Sopenharmony_ci int32_t window_size; 9202c593315Sopenharmony_ci int32_t connection_window_size; 9212c593315Sopenharmony_ci size_t max_concurrent_streams; 9222c593315Sopenharmony_ci } downstream; 9232c593315Sopenharmony_ci struct { 9242c593315Sopenharmony_ci ev_tstamp stream_read; 9252c593315Sopenharmony_ci ev_tstamp stream_write; 9262c593315Sopenharmony_ci } timeout; 9272c593315Sopenharmony_ci bool no_cookie_crumbling; 9282c593315Sopenharmony_ci bool no_server_push; 9292c593315Sopenharmony_ci}; 9302c593315Sopenharmony_ci 9312c593315Sopenharmony_cistruct LoggingConfig { 9322c593315Sopenharmony_ci struct { 9332c593315Sopenharmony_ci std::vector<LogFragment> format; 9342c593315Sopenharmony_ci StringRef file; 9352c593315Sopenharmony_ci // Send accesslog to syslog, ignoring accesslog_file. 9362c593315Sopenharmony_ci bool syslog; 9372c593315Sopenharmony_ci // Write accesslog when response headers are received from 9382c593315Sopenharmony_ci // backend, rather than response body is received and sent. 9392c593315Sopenharmony_ci bool write_early; 9402c593315Sopenharmony_ci } access; 9412c593315Sopenharmony_ci struct { 9422c593315Sopenharmony_ci StringRef file; 9432c593315Sopenharmony_ci // Send errorlog to syslog, ignoring errorlog_file. 9442c593315Sopenharmony_ci bool syslog; 9452c593315Sopenharmony_ci } error; 9462c593315Sopenharmony_ci int syslog_facility; 9472c593315Sopenharmony_ci int severity; 9482c593315Sopenharmony_ci}; 9492c593315Sopenharmony_ci 9502c593315Sopenharmony_cistruct RateLimitConfig { 9512c593315Sopenharmony_ci size_t rate; 9522c593315Sopenharmony_ci size_t burst; 9532c593315Sopenharmony_ci}; 9542c593315Sopenharmony_ci 9552c593315Sopenharmony_ci// Wildcard host pattern routing. We strips left most '*' from host 9562c593315Sopenharmony_ci// field. router includes all path patterns sharing the same wildcard 9572c593315Sopenharmony_ci// host. 9582c593315Sopenharmony_cistruct WildcardPattern { 9592c593315Sopenharmony_ci WildcardPattern(const StringRef &host) : host(host) {} 9602c593315Sopenharmony_ci 9612c593315Sopenharmony_ci // This might not be NULL terminated. Currently it is only used for 9622c593315Sopenharmony_ci // comparison. 9632c593315Sopenharmony_ci StringRef host; 9642c593315Sopenharmony_ci Router router; 9652c593315Sopenharmony_ci}; 9662c593315Sopenharmony_ci 9672c593315Sopenharmony_ci// Configuration to select backend to forward request 9682c593315Sopenharmony_cistruct RouterConfig { 9692c593315Sopenharmony_ci Router router; 9702c593315Sopenharmony_ci // Router for reversed wildcard hosts. Since this router has 9712c593315Sopenharmony_ci // wildcard hosts reversed without '*', one should call match() 9722c593315Sopenharmony_ci // function with reversed host stripping last character. This is 9732c593315Sopenharmony_ci // because we require at least one character must match for '*'. 9742c593315Sopenharmony_ci // The index stored in this router is index of wildcard_patterns. 9752c593315Sopenharmony_ci Router rev_wildcard_router; 9762c593315Sopenharmony_ci std::vector<WildcardPattern> wildcard_patterns; 9772c593315Sopenharmony_ci}; 9782c593315Sopenharmony_ci 9792c593315Sopenharmony_cistruct DownstreamConfig { 9802c593315Sopenharmony_ci DownstreamConfig() 9812c593315Sopenharmony_ci : balloc(1024, 1024), 9822c593315Sopenharmony_ci timeout{}, 9832c593315Sopenharmony_ci addr_group_catch_all{0}, 9842c593315Sopenharmony_ci connections_per_host{0}, 9852c593315Sopenharmony_ci connections_per_frontend{0}, 9862c593315Sopenharmony_ci request_buffer_size{0}, 9872c593315Sopenharmony_ci response_buffer_size{0}, 9882c593315Sopenharmony_ci family{0} {} 9892c593315Sopenharmony_ci 9902c593315Sopenharmony_ci DownstreamConfig(const DownstreamConfig &) = delete; 9912c593315Sopenharmony_ci DownstreamConfig(DownstreamConfig &&) = delete; 9922c593315Sopenharmony_ci DownstreamConfig &operator=(const DownstreamConfig &) = delete; 9932c593315Sopenharmony_ci DownstreamConfig &operator=(DownstreamConfig &&) = delete; 9942c593315Sopenharmony_ci 9952c593315Sopenharmony_ci // Allocator to allocate memory for Downstream configuration. Since 9962c593315Sopenharmony_ci // we may swap around DownstreamConfig in arbitrary times with API 9972c593315Sopenharmony_ci // calls, we should use their own allocator instead of per Config 9982c593315Sopenharmony_ci // allocator. 9992c593315Sopenharmony_ci BlockAllocator balloc; 10002c593315Sopenharmony_ci struct { 10012c593315Sopenharmony_ci ev_tstamp read; 10022c593315Sopenharmony_ci ev_tstamp write; 10032c593315Sopenharmony_ci ev_tstamp idle_read; 10042c593315Sopenharmony_ci ev_tstamp connect; 10052c593315Sopenharmony_ci // The maximum backoff while checking health check for offline 10062c593315Sopenharmony_ci // backend or while detaching failed backend from load balancing 10072c593315Sopenharmony_ci // group temporarily. 10082c593315Sopenharmony_ci ev_tstamp max_backoff; 10092c593315Sopenharmony_ci } timeout; 10102c593315Sopenharmony_ci RouterConfig router; 10112c593315Sopenharmony_ci std::vector<DownstreamAddrGroupConfig> addr_groups; 10122c593315Sopenharmony_ci // The index of catch-all group in downstream_addr_groups. 10132c593315Sopenharmony_ci size_t addr_group_catch_all; 10142c593315Sopenharmony_ci size_t connections_per_host; 10152c593315Sopenharmony_ci size_t connections_per_frontend; 10162c593315Sopenharmony_ci size_t request_buffer_size; 10172c593315Sopenharmony_ci size_t response_buffer_size; 10182c593315Sopenharmony_ci // Address family of backend connection. One of either AF_INET, 10192c593315Sopenharmony_ci // AF_INET6 or AF_UNSPEC. This is ignored if backend connection 10202c593315Sopenharmony_ci // is made via Unix domain socket. 10212c593315Sopenharmony_ci int family; 10222c593315Sopenharmony_ci}; 10232c593315Sopenharmony_ci 10242c593315Sopenharmony_cistruct ConnectionConfig { 10252c593315Sopenharmony_ci struct { 10262c593315Sopenharmony_ci struct { 10272c593315Sopenharmony_ci ev_tstamp sleep; 10282c593315Sopenharmony_ci } timeout; 10292c593315Sopenharmony_ci // address of frontend acceptors 10302c593315Sopenharmony_ci std::vector<UpstreamAddr> addrs; 10312c593315Sopenharmony_ci int backlog; 10322c593315Sopenharmony_ci // TCP fastopen. If this is positive, it is passed to 10332c593315Sopenharmony_ci // setsockopt() along with TCP_FASTOPEN. 10342c593315Sopenharmony_ci int fastopen; 10352c593315Sopenharmony_ci } listener; 10362c593315Sopenharmony_ci 10372c593315Sopenharmony_ci#ifdef ENABLE_HTTP3 10382c593315Sopenharmony_ci struct { 10392c593315Sopenharmony_ci std::vector<UpstreamAddr> addrs; 10402c593315Sopenharmony_ci } quic_listener; 10412c593315Sopenharmony_ci#endif // ENABLE_HTTP3 10422c593315Sopenharmony_ci 10432c593315Sopenharmony_ci struct { 10442c593315Sopenharmony_ci struct { 10452c593315Sopenharmony_ci ev_tstamp http2_read; 10462c593315Sopenharmony_ci ev_tstamp http3_read; 10472c593315Sopenharmony_ci ev_tstamp read; 10482c593315Sopenharmony_ci ev_tstamp write; 10492c593315Sopenharmony_ci ev_tstamp idle_read; 10502c593315Sopenharmony_ci } timeout; 10512c593315Sopenharmony_ci struct { 10522c593315Sopenharmony_ci RateLimitConfig read; 10532c593315Sopenharmony_ci RateLimitConfig write; 10542c593315Sopenharmony_ci } ratelimit; 10552c593315Sopenharmony_ci size_t worker_connections; 10562c593315Sopenharmony_ci // Deprecated. See UpstreamAddr.accept_proxy_protocol. 10572c593315Sopenharmony_ci bool accept_proxy_protocol; 10582c593315Sopenharmony_ci } upstream; 10592c593315Sopenharmony_ci 10602c593315Sopenharmony_ci std::shared_ptr<DownstreamConfig> downstream; 10612c593315Sopenharmony_ci}; 10622c593315Sopenharmony_ci 10632c593315Sopenharmony_cistruct APIConfig { 10642c593315Sopenharmony_ci // Maximum request body size for one API request 10652c593315Sopenharmony_ci size_t max_request_body; 10662c593315Sopenharmony_ci // true if at least one of UpstreamAddr has api enabled 10672c593315Sopenharmony_ci bool enabled; 10682c593315Sopenharmony_ci}; 10692c593315Sopenharmony_ci 10702c593315Sopenharmony_cistruct DNSConfig { 10712c593315Sopenharmony_ci struct { 10722c593315Sopenharmony_ci ev_tstamp cache; 10732c593315Sopenharmony_ci ev_tstamp lookup; 10742c593315Sopenharmony_ci } timeout; 10752c593315Sopenharmony_ci // The number of tries name resolver makes before abandoning 10762c593315Sopenharmony_ci // request. 10772c593315Sopenharmony_ci size_t max_try; 10782c593315Sopenharmony_ci}; 10792c593315Sopenharmony_ci 10802c593315Sopenharmony_cistruct Config { 10812c593315Sopenharmony_ci Config() 10822c593315Sopenharmony_ci : balloc(4096, 4096), 10832c593315Sopenharmony_ci downstream_http_proxy{}, 10842c593315Sopenharmony_ci http{}, 10852c593315Sopenharmony_ci http2{}, 10862c593315Sopenharmony_ci tls{}, 10872c593315Sopenharmony_ci#ifdef ENABLE_HTTP3 10882c593315Sopenharmony_ci quic{}, 10892c593315Sopenharmony_ci#endif // ENABLE_HTTP3 10902c593315Sopenharmony_ci logging{}, 10912c593315Sopenharmony_ci conn{}, 10922c593315Sopenharmony_ci api{}, 10932c593315Sopenharmony_ci dns{}, 10942c593315Sopenharmony_ci config_revision{0}, 10952c593315Sopenharmony_ci num_worker{0}, 10962c593315Sopenharmony_ci padding{0}, 10972c593315Sopenharmony_ci rlimit_nofile{0}, 10982c593315Sopenharmony_ci rlimit_memlock{0}, 10992c593315Sopenharmony_ci uid{0}, 11002c593315Sopenharmony_ci gid{0}, 11012c593315Sopenharmony_ci pid{0}, 11022c593315Sopenharmony_ci verbose{false}, 11032c593315Sopenharmony_ci daemon{false}, 11042c593315Sopenharmony_ci http2_proxy{false}, 11052c593315Sopenharmony_ci single_process{false}, 11062c593315Sopenharmony_ci single_thread{false}, 11072c593315Sopenharmony_ci ignore_per_pattern_mruby_error{false}, 11082c593315Sopenharmony_ci ev_loop_flags{0}, 11092c593315Sopenharmony_ci max_worker_processes{0}, 11102c593315Sopenharmony_ci worker_process_grace_shutdown_period{0.} { 11112c593315Sopenharmony_ci } 11122c593315Sopenharmony_ci ~Config(); 11132c593315Sopenharmony_ci 11142c593315Sopenharmony_ci Config(Config &&) = delete; 11152c593315Sopenharmony_ci Config(const Config &&) = delete; 11162c593315Sopenharmony_ci Config &operator=(Config &&) = delete; 11172c593315Sopenharmony_ci Config &operator=(const Config &&) = delete; 11182c593315Sopenharmony_ci 11192c593315Sopenharmony_ci // Allocator to allocate memory for this object except for 11202c593315Sopenharmony_ci // DownstreamConfig. Currently, it is used to allocate memory for 11212c593315Sopenharmony_ci // strings. 11222c593315Sopenharmony_ci BlockAllocator balloc; 11232c593315Sopenharmony_ci HttpProxy downstream_http_proxy; 11242c593315Sopenharmony_ci HttpConfig http; 11252c593315Sopenharmony_ci Http2Config http2; 11262c593315Sopenharmony_ci TLSConfig tls; 11272c593315Sopenharmony_ci#ifdef ENABLE_HTTP3 11282c593315Sopenharmony_ci QUICConfig quic; 11292c593315Sopenharmony_ci Http3Config http3; 11302c593315Sopenharmony_ci#endif // ENABLE_HTTP3 11312c593315Sopenharmony_ci LoggingConfig logging; 11322c593315Sopenharmony_ci ConnectionConfig conn; 11332c593315Sopenharmony_ci APIConfig api; 11342c593315Sopenharmony_ci DNSConfig dns; 11352c593315Sopenharmony_ci StringRef pid_file; 11362c593315Sopenharmony_ci StringRef conf_path; 11372c593315Sopenharmony_ci StringRef user; 11382c593315Sopenharmony_ci StringRef mruby_file; 11392c593315Sopenharmony_ci // The revision of configuration which is opaque string, and changes 11402c593315Sopenharmony_ci // on each configuration reloading. This does not change on 11412c593315Sopenharmony_ci // backendconfig API call. This value is returned in health check 11422c593315Sopenharmony_ci // as "nghttpx-conf-rev" response header field. The external 11432c593315Sopenharmony_ci // program can check this value to know whether reloading has 11442c593315Sopenharmony_ci // completed or not. 11452c593315Sopenharmony_ci uint64_t config_revision; 11462c593315Sopenharmony_ci size_t num_worker; 11472c593315Sopenharmony_ci size_t padding; 11482c593315Sopenharmony_ci size_t rlimit_nofile; 11492c593315Sopenharmony_ci size_t rlimit_memlock; 11502c593315Sopenharmony_ci uid_t uid; 11512c593315Sopenharmony_ci gid_t gid; 11522c593315Sopenharmony_ci pid_t pid; 11532c593315Sopenharmony_ci bool verbose; 11542c593315Sopenharmony_ci bool daemon; 11552c593315Sopenharmony_ci bool http2_proxy; 11562c593315Sopenharmony_ci // Run nghttpx in single process mode. With this mode, signal 11572c593315Sopenharmony_ci // handling is omitted. 11582c593315Sopenharmony_ci bool single_process; 11592c593315Sopenharmony_ci bool single_thread; 11602c593315Sopenharmony_ci // Ignore mruby compile error for per-pattern mruby script. 11612c593315Sopenharmony_ci bool ignore_per_pattern_mruby_error; 11622c593315Sopenharmony_ci // flags passed to ev_default_loop() and ev_loop_new() 11632c593315Sopenharmony_ci int ev_loop_flags; 11642c593315Sopenharmony_ci size_t max_worker_processes; 11652c593315Sopenharmony_ci ev_tstamp worker_process_grace_shutdown_period; 11662c593315Sopenharmony_ci}; 11672c593315Sopenharmony_ci 11682c593315Sopenharmony_ciconst Config *get_config(); 11692c593315Sopenharmony_ciConfig *mod_config(); 11702c593315Sopenharmony_ci// Replaces the current config with given |new_config|. The old config is 11712c593315Sopenharmony_ci// returned. 11722c593315Sopenharmony_cistd::unique_ptr<Config> replace_config(std::unique_ptr<Config> new_config); 11732c593315Sopenharmony_civoid create_config(); 11742c593315Sopenharmony_ci 11752c593315Sopenharmony_ci// generated by gennghttpxfun.py 11762c593315Sopenharmony_cienum { 11772c593315Sopenharmony_ci SHRPX_OPTID_ACCEPT_PROXY_PROTOCOL, 11782c593315Sopenharmony_ci SHRPX_OPTID_ACCESSLOG_FILE, 11792c593315Sopenharmony_ci SHRPX_OPTID_ACCESSLOG_FORMAT, 11802c593315Sopenharmony_ci SHRPX_OPTID_ACCESSLOG_SYSLOG, 11812c593315Sopenharmony_ci SHRPX_OPTID_ACCESSLOG_WRITE_EARLY, 11822c593315Sopenharmony_ci SHRPX_OPTID_ADD_FORWARDED, 11832c593315Sopenharmony_ci SHRPX_OPTID_ADD_REQUEST_HEADER, 11842c593315Sopenharmony_ci SHRPX_OPTID_ADD_RESPONSE_HEADER, 11852c593315Sopenharmony_ci SHRPX_OPTID_ADD_X_FORWARDED_FOR, 11862c593315Sopenharmony_ci SHRPX_OPTID_ALTSVC, 11872c593315Sopenharmony_ci SHRPX_OPTID_API_MAX_REQUEST_BODY, 11882c593315Sopenharmony_ci SHRPX_OPTID_BACKEND, 11892c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_ADDRESS_FAMILY, 11902c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_CONNECT_TIMEOUT, 11912c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_CONNECTIONS_PER_FRONTEND, 11922c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_CONNECTIONS_PER_HOST, 11932c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP_PROXY_URI, 11942c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_FRONTEND, 11952c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST, 11962c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP1_TLS, 11972c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_CONNECTION_WINDOW_BITS, 11982c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_CONNECTION_WINDOW_SIZE, 11992c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_CONNECTIONS_PER_WORKER, 12002c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE, 12012c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE, 12022c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_MAX_CONCURRENT_STREAMS, 12032c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_SETTINGS_TIMEOUT, 12042c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_WINDOW_BITS, 12052c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_HTTP2_WINDOW_SIZE, 12062c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_IPV4, 12072c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_IPV6, 12082c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_KEEP_ALIVE_TIMEOUT, 12092c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_MAX_BACKOFF, 12102c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_NO_TLS, 12112c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_READ_TIMEOUT, 12122c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_REQUEST_BUFFER, 12132c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_RESPONSE_BUFFER, 12142c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_TLS, 12152c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_TLS_SNI_FIELD, 12162c593315Sopenharmony_ci SHRPX_OPTID_BACKEND_WRITE_TIMEOUT, 12172c593315Sopenharmony_ci SHRPX_OPTID_BACKLOG, 12182c593315Sopenharmony_ci SHRPX_OPTID_CACERT, 12192c593315Sopenharmony_ci SHRPX_OPTID_CERTIFICATE_FILE, 12202c593315Sopenharmony_ci SHRPX_OPTID_CIPHERS, 12212c593315Sopenharmony_ci SHRPX_OPTID_CLIENT, 12222c593315Sopenharmony_ci SHRPX_OPTID_CLIENT_CERT_FILE, 12232c593315Sopenharmony_ci SHRPX_OPTID_CLIENT_CIPHERS, 12242c593315Sopenharmony_ci SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST, 12252c593315Sopenharmony_ci SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLOCK_LIST, 12262c593315Sopenharmony_ci SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE, 12272c593315Sopenharmony_ci SHRPX_OPTID_CLIENT_PROXY, 12282c593315Sopenharmony_ci SHRPX_OPTID_CLIENT_PSK_SECRETS, 12292c593315Sopenharmony_ci SHRPX_OPTID_CONF, 12302c593315Sopenharmony_ci SHRPX_OPTID_DAEMON, 12312c593315Sopenharmony_ci SHRPX_OPTID_DH_PARAM_FILE, 12322c593315Sopenharmony_ci SHRPX_OPTID_DNS_CACHE_TIMEOUT, 12332c593315Sopenharmony_ci SHRPX_OPTID_DNS_LOOKUP_TIMEOUT, 12342c593315Sopenharmony_ci SHRPX_OPTID_DNS_MAX_TRY, 12352c593315Sopenharmony_ci SHRPX_OPTID_ECDH_CURVES, 12362c593315Sopenharmony_ci SHRPX_OPTID_ERROR_PAGE, 12372c593315Sopenharmony_ci SHRPX_OPTID_ERRORLOG_FILE, 12382c593315Sopenharmony_ci SHRPX_OPTID_ERRORLOG_SYSLOG, 12392c593315Sopenharmony_ci SHRPX_OPTID_FASTOPEN, 12402c593315Sopenharmony_ci SHRPX_OPTID_FETCH_OCSP_RESPONSE_FILE, 12412c593315Sopenharmony_ci SHRPX_OPTID_FORWARDED_BY, 12422c593315Sopenharmony_ci SHRPX_OPTID_FORWARDED_FOR, 12432c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND, 12442c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_FRAME_DEBUG, 12452c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS, 12462c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_CONNECTION_WINDOW_SIZE, 12472c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE, 12482c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_DUMP_REQUEST_HEADER, 12492c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER, 12502c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE, 12512c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_MAX_CONCURRENT_STREAMS, 12522c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_OPTIMIZE_WINDOW_SIZE, 12532c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_OPTIMIZE_WRITE_BUFFER_SIZE, 12542c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_READ_TIMEOUT, 12552c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_SETTINGS_TIMEOUT, 12562c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_WINDOW_BITS, 12572c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP2_WINDOW_SIZE, 12582c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP3_CONNECTION_WINDOW_SIZE, 12592c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP3_MAX_CONCURRENT_STREAMS, 12602c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP3_MAX_CONNECTION_WINDOW_SIZE, 12612c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP3_MAX_WINDOW_SIZE, 12622c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP3_READ_TIMEOUT, 12632c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_HTTP3_WINDOW_SIZE, 12642c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT, 12652c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_MAX_REQUESTS, 12662c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_NO_TLS, 12672c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_CONGESTION_CONTROLLER, 12682c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_DEBUG_LOG, 12692c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_EARLY_DATA, 12702c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_IDLE_TIMEOUT, 12712c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_INITIAL_RTT, 12722c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_QLOG_DIR, 12732c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_REQUIRE_TOKEN, 12742c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_QUIC_SECRET_FILE, 12752c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_READ_TIMEOUT, 12762c593315Sopenharmony_ci SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT, 12772c593315Sopenharmony_ci SHRPX_OPTID_HEADER_FIELD_BUFFER, 12782c593315Sopenharmony_ci SHRPX_OPTID_HOST_REWRITE, 12792c593315Sopenharmony_ci SHRPX_OPTID_HTTP2_ALTSVC, 12802c593315Sopenharmony_ci SHRPX_OPTID_HTTP2_BRIDGE, 12812c593315Sopenharmony_ci SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS, 12822c593315Sopenharmony_ci SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING, 12832c593315Sopenharmony_ci SHRPX_OPTID_HTTP2_PROXY, 12842c593315Sopenharmony_ci SHRPX_OPTID_IGNORE_PER_PATTERN_MRUBY_ERROR, 12852c593315Sopenharmony_ci SHRPX_OPTID_INCLUDE, 12862c593315Sopenharmony_ci SHRPX_OPTID_INSECURE, 12872c593315Sopenharmony_ci SHRPX_OPTID_LISTENER_DISABLE_TIMEOUT, 12882c593315Sopenharmony_ci SHRPX_OPTID_LOG_LEVEL, 12892c593315Sopenharmony_ci SHRPX_OPTID_MAX_HEADER_FIELDS, 12902c593315Sopenharmony_ci SHRPX_OPTID_MAX_REQUEST_HEADER_FIELDS, 12912c593315Sopenharmony_ci SHRPX_OPTID_MAX_RESPONSE_HEADER_FIELDS, 12922c593315Sopenharmony_ci SHRPX_OPTID_MAX_WORKER_PROCESSES, 12932c593315Sopenharmony_ci SHRPX_OPTID_MRUBY_FILE, 12942c593315Sopenharmony_ci SHRPX_OPTID_NO_ADD_X_FORWARDED_PROTO, 12952c593315Sopenharmony_ci SHRPX_OPTID_NO_HOST_REWRITE, 12962c593315Sopenharmony_ci SHRPX_OPTID_NO_HTTP2_CIPHER_BLACK_LIST, 12972c593315Sopenharmony_ci SHRPX_OPTID_NO_HTTP2_CIPHER_BLOCK_LIST, 12982c593315Sopenharmony_ci SHRPX_OPTID_NO_KQUEUE, 12992c593315Sopenharmony_ci SHRPX_OPTID_NO_LOCATION_REWRITE, 13002c593315Sopenharmony_ci SHRPX_OPTID_NO_OCSP, 13012c593315Sopenharmony_ci SHRPX_OPTID_NO_QUIC_BPF, 13022c593315Sopenharmony_ci SHRPX_OPTID_NO_SERVER_PUSH, 13032c593315Sopenharmony_ci SHRPX_OPTID_NO_SERVER_REWRITE, 13042c593315Sopenharmony_ci SHRPX_OPTID_NO_STRIP_INCOMING_EARLY_DATA, 13052c593315Sopenharmony_ci SHRPX_OPTID_NO_STRIP_INCOMING_X_FORWARDED_PROTO, 13062c593315Sopenharmony_ci SHRPX_OPTID_NO_VERIFY_OCSP, 13072c593315Sopenharmony_ci SHRPX_OPTID_NO_VIA, 13082c593315Sopenharmony_ci SHRPX_OPTID_NPN_LIST, 13092c593315Sopenharmony_ci SHRPX_OPTID_OCSP_STARTUP, 13102c593315Sopenharmony_ci SHRPX_OPTID_OCSP_UPDATE_INTERVAL, 13112c593315Sopenharmony_ci SHRPX_OPTID_PADDING, 13122c593315Sopenharmony_ci SHRPX_OPTID_PID_FILE, 13132c593315Sopenharmony_ci SHRPX_OPTID_PRIVATE_KEY_FILE, 13142c593315Sopenharmony_ci SHRPX_OPTID_PRIVATE_KEY_PASSWD_FILE, 13152c593315Sopenharmony_ci SHRPX_OPTID_PSK_SECRETS, 13162c593315Sopenharmony_ci SHRPX_OPTID_QUIC_BPF_PROGRAM_FILE, 13172c593315Sopenharmony_ci SHRPX_OPTID_QUIC_SERVER_ID, 13182c593315Sopenharmony_ci SHRPX_OPTID_READ_BURST, 13192c593315Sopenharmony_ci SHRPX_OPTID_READ_RATE, 13202c593315Sopenharmony_ci SHRPX_OPTID_REDIRECT_HTTPS_PORT, 13212c593315Sopenharmony_ci SHRPX_OPTID_REQUEST_HEADER_FIELD_BUFFER, 13222c593315Sopenharmony_ci SHRPX_OPTID_REQUIRE_HTTP_SCHEME, 13232c593315Sopenharmony_ci SHRPX_OPTID_RESPONSE_HEADER_FIELD_BUFFER, 13242c593315Sopenharmony_ci SHRPX_OPTID_RLIMIT_MEMLOCK, 13252c593315Sopenharmony_ci SHRPX_OPTID_RLIMIT_NOFILE, 13262c593315Sopenharmony_ci SHRPX_OPTID_SERVER_NAME, 13272c593315Sopenharmony_ci SHRPX_OPTID_SINGLE_PROCESS, 13282c593315Sopenharmony_ci SHRPX_OPTID_SINGLE_THREAD, 13292c593315Sopenharmony_ci SHRPX_OPTID_STREAM_READ_TIMEOUT, 13302c593315Sopenharmony_ci SHRPX_OPTID_STREAM_WRITE_TIMEOUT, 13312c593315Sopenharmony_ci SHRPX_OPTID_STRIP_INCOMING_FORWARDED, 13322c593315Sopenharmony_ci SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_FOR, 13332c593315Sopenharmony_ci SHRPX_OPTID_SUBCERT, 13342c593315Sopenharmony_ci SHRPX_OPTID_SYSLOG_FACILITY, 13352c593315Sopenharmony_ci SHRPX_OPTID_TLS_DYN_REC_IDLE_TIMEOUT, 13362c593315Sopenharmony_ci SHRPX_OPTID_TLS_DYN_REC_WARMUP_THRESHOLD, 13372c593315Sopenharmony_ci SHRPX_OPTID_TLS_KTLS, 13382c593315Sopenharmony_ci SHRPX_OPTID_TLS_MAX_EARLY_DATA, 13392c593315Sopenharmony_ci SHRPX_OPTID_TLS_MAX_PROTO_VERSION, 13402c593315Sopenharmony_ci SHRPX_OPTID_TLS_MIN_PROTO_VERSION, 13412c593315Sopenharmony_ci SHRPX_OPTID_TLS_NO_POSTPONE_EARLY_DATA, 13422c593315Sopenharmony_ci SHRPX_OPTID_TLS_PROTO_LIST, 13432c593315Sopenharmony_ci SHRPX_OPTID_TLS_SCT_DIR, 13442c593315Sopenharmony_ci SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED, 13452c593315Sopenharmony_ci SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY, 13462c593315Sopenharmony_ci SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE, 13472c593315Sopenharmony_ci SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE, 13482c593315Sopenharmony_ci SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_TLS, 13492c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_CIPHER, 13502c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_FILE, 13512c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED, 13522c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY, 13532c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_CERT_FILE, 13542c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL, 13552c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL, 13562c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY, 13572c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE, 13582c593315Sopenharmony_ci SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_TLS, 13592c593315Sopenharmony_ci SHRPX_OPTID_TLS13_CIPHERS, 13602c593315Sopenharmony_ci SHRPX_OPTID_TLS13_CLIENT_CIPHERS, 13612c593315Sopenharmony_ci SHRPX_OPTID_USER, 13622c593315Sopenharmony_ci SHRPX_OPTID_VERIFY_CLIENT, 13632c593315Sopenharmony_ci SHRPX_OPTID_VERIFY_CLIENT_CACERT, 13642c593315Sopenharmony_ci SHRPX_OPTID_VERIFY_CLIENT_TOLERATE_EXPIRED, 13652c593315Sopenharmony_ci SHRPX_OPTID_WORKER_FRONTEND_CONNECTIONS, 13662c593315Sopenharmony_ci SHRPX_OPTID_WORKER_PROCESS_GRACE_SHUTDOWN_PERIOD, 13672c593315Sopenharmony_ci SHRPX_OPTID_WORKER_READ_BURST, 13682c593315Sopenharmony_ci SHRPX_OPTID_WORKER_READ_RATE, 13692c593315Sopenharmony_ci SHRPX_OPTID_WORKER_WRITE_BURST, 13702c593315Sopenharmony_ci SHRPX_OPTID_WORKER_WRITE_RATE, 13712c593315Sopenharmony_ci SHRPX_OPTID_WORKERS, 13722c593315Sopenharmony_ci SHRPX_OPTID_WRITE_BURST, 13732c593315Sopenharmony_ci SHRPX_OPTID_WRITE_RATE, 13742c593315Sopenharmony_ci SHRPX_OPTID_MAXIDX, 13752c593315Sopenharmony_ci}; 13762c593315Sopenharmony_ci 13772c593315Sopenharmony_ci// Looks up token for given option name |name| of length |namelen|. 13782c593315Sopenharmony_ciint option_lookup_token(const char *name, size_t namelen); 13792c593315Sopenharmony_ci 13802c593315Sopenharmony_ci// Parses option name |opt| and value |optarg|. The results are 13812c593315Sopenharmony_ci// stored into the object pointed by |config|. This function returns 0 13822c593315Sopenharmony_ci// if it succeeds, or -1. The |included_set| contains the all paths 13832c593315Sopenharmony_ci// already included while processing this configuration, to avoid loop 13842c593315Sopenharmony_ci// in --include option. The |pattern_addr_indexer| contains a pair of 13852c593315Sopenharmony_ci// pattern of backend, and its index in DownstreamConfig::addr_groups. 13862c593315Sopenharmony_ci// It is introduced to speed up loading configuration file with lots 13872c593315Sopenharmony_ci// of backends. 13882c593315Sopenharmony_ciint parse_config(Config *config, const StringRef &opt, const StringRef &optarg, 13892c593315Sopenharmony_ci std::set<StringRef> &included_set, 13902c593315Sopenharmony_ci std::map<StringRef, size_t> &pattern_addr_indexer); 13912c593315Sopenharmony_ci 13922c593315Sopenharmony_ci// Similar to parse_config() above, but additional |optid| which 13932c593315Sopenharmony_ci// should be the return value of option_lookup_token(opt). 13942c593315Sopenharmony_ciint parse_config(Config *config, int optid, const StringRef &opt, 13952c593315Sopenharmony_ci const StringRef &optarg, std::set<StringRef> &included_set, 13962c593315Sopenharmony_ci std::map<StringRef, size_t> &pattern_addr_indexer); 13972c593315Sopenharmony_ci 13982c593315Sopenharmony_ci// Loads configurations from |filename| and stores them in |config|. 13992c593315Sopenharmony_ci// This function returns 0 if it succeeds, or -1. See parse_config() 14002c593315Sopenharmony_ci// for |include_set|. 14012c593315Sopenharmony_ciint load_config(Config *config, const char *filename, 14022c593315Sopenharmony_ci std::set<StringRef> &include_set, 14032c593315Sopenharmony_ci std::map<StringRef, size_t> &pattern_addr_indexer); 14042c593315Sopenharmony_ci 14052c593315Sopenharmony_ci// Parses header field in |optarg|. We expect header field is formed 14062c593315Sopenharmony_ci// like "NAME: VALUE". We require that NAME is non empty string. ":" 14072c593315Sopenharmony_ci// is allowed at the start of the NAME, but NAME == ":" is not 14082c593315Sopenharmony_ci// allowed. This function returns pair of NAME and VALUE. 14092c593315Sopenharmony_ciHeaderRefs::value_type parse_header(BlockAllocator &balloc, 14102c593315Sopenharmony_ci const StringRef &optarg); 14112c593315Sopenharmony_ci 14122c593315Sopenharmony_cistd::vector<LogFragment> parse_log_format(BlockAllocator &balloc, 14132c593315Sopenharmony_ci const StringRef &optarg); 14142c593315Sopenharmony_ci 14152c593315Sopenharmony_ci// Returns string for syslog |facility|. 14162c593315Sopenharmony_ciStringRef str_syslog_facility(int facility); 14172c593315Sopenharmony_ci 14182c593315Sopenharmony_ci// Returns integer value of syslog |facility| string. 14192c593315Sopenharmony_ciint int_syslog_facility(const StringRef &strfacility); 14202c593315Sopenharmony_ci 14212c593315Sopenharmony_ciFILE *open_file_for_write(const char *filename); 14222c593315Sopenharmony_ci 14232c593315Sopenharmony_ci// Reads TLS ticket key file in |files| and returns TicketKey which 14242c593315Sopenharmony_ci// stores read key data. The given |cipher| and |hmac| determine the 14252c593315Sopenharmony_ci// expected file size. This function returns TicketKey if it 14262c593315Sopenharmony_ci// succeeds, or nullptr. 14272c593315Sopenharmony_cistd::unique_ptr<TicketKeys> 14282c593315Sopenharmony_ciread_tls_ticket_key_file(const std::vector<StringRef> &files, 14292c593315Sopenharmony_ci const EVP_CIPHER *cipher, const EVP_MD *hmac); 14302c593315Sopenharmony_ci 14312c593315Sopenharmony_ci#ifdef ENABLE_HTTP3 14322c593315Sopenharmony_cistd::shared_ptr<QUICKeyingMaterials> 14332c593315Sopenharmony_ciread_quic_secret_file(const StringRef &path); 14342c593315Sopenharmony_ci#endif // ENABLE_HTTP3 14352c593315Sopenharmony_ci 14362c593315Sopenharmony_ci// Returns string representation of |proto|. 14372c593315Sopenharmony_ciStringRef strproto(Proto proto); 14382c593315Sopenharmony_ci 14392c593315Sopenharmony_ciint configure_downstream_group(Config *config, bool http2_proxy, 14402c593315Sopenharmony_ci bool numeric_addr_only, 14412c593315Sopenharmony_ci const TLSConfig &tlsconf); 14422c593315Sopenharmony_ci 14432c593315Sopenharmony_ciint resolve_hostname(Address *addr, const char *hostname, uint16_t port, 14442c593315Sopenharmony_ci int family, int additional_flags = 0); 14452c593315Sopenharmony_ci 14462c593315Sopenharmony_ci} // namespace shrpx 14472c593315Sopenharmony_ci 14482c593315Sopenharmony_ci#endif // SHRPX_CONFIG_H 1449