1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIProxyInfo;
interface nsITLSSocketControl;
[ptr] native PRFileDescStar(struct PRFileDesc);
native OriginAttributes(mozilla::OriginAttributes);
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
%{ C++
#include "mozilla/BasePrincipal.h"
%}
/**
* nsISocketProvider
*/
[scriptable, uuid(508d5469-9e1e-4a08-b5b0-7cfebba1e51a)]
interface nsISocketProvider : nsISupports
{
/**
* newSocket
*
* @param aFamily
* The address family for this socket (PR_AF_INET or PR_AF_INET6).
* @param aHost
* The origin hostname for this connection.
* @param aPort
* The origin port for this connection.
* @param aProxyHost
* If non-null, the proxy hostname for this connection.
* @param aProxyPort
* The proxy port for this connection.
* @param aFlags
* Control flags that govern this connection (see below.)
* @param aTlsFlags
* An opaque flags for non-standard behavior of the TLS system.
* It is unlikely this will need to be set outside of telemetry
* studies relating to the TLS implementation.
* @param aFileDesc
* The resulting PRFileDesc.
* @param aTLSSocketControl
* TLS socket control object that should be associated with
* aFileDesc, if applicable.
*/
[noscript]
void newSocket(in long aFamily,
in string aHost,
in long aPort,
in nsIProxyInfo aProxy,
in const_OriginAttributesRef aOriginAttributes,
in unsigned long aFlags,
in unsigned long aTlsFlags,
out PRFileDescStar aFileDesc,
out nsITLSSocketControl aTLSSocketControl);
/**
* addToSocket
*
* This function is called to allow the socket provider to layer a
* PRFileDesc on top of another PRFileDesc. For example, SSL via a SOCKS
* proxy.
*
* Parameters are the same as newSocket with the exception of aFileDesc,
* which is an in-param instead.
*/
[noscript]
void addToSocket(in long aFamily,
in string aHost,
in long aPort,
in nsIProxyInfo aProxy,
in const_OriginAttributesRef aOriginAttributes,
in unsigned long aFlags,
in unsigned long aTlsFlags,
in PRFileDescStar aFileDesc,
out nsITLSSocketControl aTLSSocketControl);
/**
* PROXY_RESOLVES_HOST
*
* This flag is set if the proxy is to perform hostname resolution instead
* of the client. When set, the hostname parameter passed when in this
* interface will be used instead of the address structure passed for a
* later connect et al. request.
*/
const long PROXY_RESOLVES_HOST = 1 << 0;
/**
* When setting this flag, the socket will not apply any
* credentials when establishing a connection. For example,
* an SSL connection would not send any client-certificates
* if this flag is set.
*/
const long ANONYMOUS_CONNECT = 1 << 1;
/**
* If set, indicates that the connection was initiated from a source
* defined as being private in the sense of Private Browsing. Generally,
* there should be no state shared between connections that are private
* and those that are not; it is OK for multiple private connections
* to share state with each other, and it is OK for multiple non-private
* connections to share state with each other.
*/
const unsigned long NO_PERMANENT_STORAGE = 1 << 2;
/**
* If set, do not use newer protocol features that might have interop problems
* on the Internet. Intended only for use with critical infra like the updater.
* default is false.
*/
const unsigned long BE_CONSERVATIVE = 1 << 3;
/**
* This is used for a temporary workaround for a web-compat issue. The flag is
* only set on CORS preflight request to allowed sending client certificates
* on a connection for an anonymous request.
*/
const long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = 1 << 4;
/**
* If set, indicates that this is a speculative connection.
*/
const unsigned long IS_SPECULATIVE_CONNECTION = 1 << 5;
/**
* If set, do not send an ECH extension (whether GREASE or 'real').
* Currently false by default and is set when retrying failed connections.
*/
const unsigned long DONT_TRY_ECH = (1 << 10);
/**
* If set, indicates that the connection is a retry.
*/
const unsigned long IS_RETRY = (1 << 11);
/**
* If set, indicates that the connection used a privacy-preserving DNS
* transport such as DoH, DoQ or similar. Currently this field is
* set only when DoH is used via the TRR.
*/
const unsigned long USED_PRIVATE_DNS = (1 << 12);
};
|
