1 files changed, 382 insertions, 0 deletions

diff --git a/netwerk/base/nsISocketTransport.idl b/netwerk/base/nsISocketTransport.idl
new file mode 100644
index 0000000000..58b869203e
--- /dev/null
+++ b/netwerk/base/nsISocketTransport.idl
@@ -0,0 +1,382 @@
+/* -*- Mode: IDL; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsITransport.idl"
+#include "nsIRequest.idl"
+#include "nsITRRSkipReason.idl"
+
+interface nsIInterfaceRequestor;
+interface nsINetAddr;
+interface nsITLSSocketControl;
+
+%{ C++
+#include "mozilla/BasePrincipal.h"
+namespace mozilla {
+namespace net {
+union NetAddr;
+}
+}
+%}
+native NetAddr(mozilla::net::NetAddr);
+[ptr] native NetAddrPtr(mozilla::net::NetAddr);
+native OriginAttributes(mozilla::OriginAttributes);
+[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+
+/**
+ * nsISocketTransport
+ *
+ * NOTE: Connection setup is triggered by opening an input or output stream,
+ * it does not start on its own. Completion of the connection setup is
+ * indicated by a STATUS_CONNECTED_TO notification to the event sink (if set).
+ *
+ * NOTE: This is a free-threaded interface, meaning that the methods on
+ * this interface may be called from any thread.
+ */
+[scriptable, builtinclass, uuid(79221831-85e2-43a8-8152-05d77d6fde31)]
+interface nsISocketTransport : nsITransport
+{
+    /**
+     * Get the peer's host for the underlying socket connection.
+     * For Unix domain sockets, this is a pathname, or the empty string for
+     * unnamed and abstract socket addresses.
+     */
+    readonly attribute AUTF8String host;
+
+    /**
+     * Get the port for the underlying socket connection.
+     * For Unix domain sockets, this is zero.
+     */
+    readonly attribute long port;
+
+    /**
+     * The origin attributes are used to create sockets.  The first party domain
+     * will eventually be used to isolate OCSP cache and is only non-empty when
+     * "privacy.firstparty.isolate" is enabled.  Setting this is the only way to
+     * carry origin attributes down to NSPR layers which are final consumers.
+     * It must be set before the socket transport is built.
+     */
+    [implicit_jscontext, binaryname(ScriptableOriginAttributes)]
+    attribute jsval originAttributes;
+
+    [noscript, nostdcall, binaryname(GetOriginAttributes)]
+    OriginAttributes binaryGetOriginAttributes();
+
+    [noscript, nostdcall, binaryname(SetOriginAttributes)]
+    void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs);
+
+    /**
+     * Returns the IP address of the socket connection peer. This
+     * attribute is defined only once a connection has been established.
+     */
+    [noscript] NetAddr getPeerAddr();
+
+    /**
+     * Returns the IP address of the initiating end. This attribute
+     * is defined only once a connection has been established.
+     */
+    [noscript] NetAddr getSelfAddr();
+
+    /**
+     * Bind to a specific local address.
+     */
+    [noscript] void bind(in NetAddrPtr aLocalAddr);
+
+    /**
+     * Returns a scriptable version of getPeerAddr. This attribute is defined
+     * only once a connection has been established.
+     */
+    nsINetAddr getScriptablePeerAddr();
+
+    /**
+     * Returns a scriptable version of getSelfAddr. This attribute is defined
+     * only once a connection has been established.
+     */
+    nsINetAddr getScriptableSelfAddr();
+
+    /**
+     * TLS socket control object. This attribute is only available once the
+     * socket is connected.
+     */
+    readonly attribute nsITLSSocketControl tlsSocketControl;
+
+    /**
+     * Security notification callbacks passed to the secure socket provider
+     * via nsITLSSocketControl at socket creation time.
+     *
+     * NOTE: this attribute cannot be changed once a stream has been opened.
+     */
+    attribute nsIInterfaceRequestor securityCallbacks;
+
+    /**
+     * Test if this socket transport is (still) connected.
+     */
+    boolean isAlive();
+
+    /**
+     * Socket timeouts in seconds.  To specify no timeout, pass UINT32_MAX
+     * as aValue to setTimeout.  The implementation may truncate timeout values
+     * to a smaller range of values (e.g., 0 to 0xFFFF).
+     */
+    unsigned long getTimeout(in unsigned long aType);
+    void          setTimeout(in unsigned long aType, in unsigned long aValue);
+
+    /**
+     * Sets the SO_LINGER option with the specified values for the l_onoff and
+     * l_linger parameters. This applies PR_SockOpt_Linger before PR_Close and
+     * can be used with a timeout of zero to send an RST packet when closing.
+     */
+    void setLinger(in boolean aPolarity, in short aTimeout);
+
+    /**
+     * True to set addr and port reuse socket options.
+     */
+    void setReuseAddrPort(in bool reuseAddrPort);
+
+    /**
+     * Values for the aType parameter passed to get/setTimeout.
+     */
+    const unsigned long TIMEOUT_CONNECT    = 0;
+    const unsigned long TIMEOUT_READ_WRITE = 1;
+
+    /**
+     * nsITransportEventSink status codes.
+     *
+     * Although these look like XPCOM error codes and are passed in an nsresult
+     * variable, they are *not* error codes.  Note that while they *do* overlap
+     * with existing error codes in Necko, these status codes are confined
+     * within a very limited context where no error codes may appear, so there
+     * is no ambiguity.
+     *
+     * The values of these status codes must never change.
+     *
+     * The status codes appear in near-chronological order (not in numeric
+     * order).  STATUS_RESOLVING may be skipped if the host does not need to be
+     * resolved.  STATUS_WAITING_FOR is an optional status code, which the impl
+     * of this interface may choose not to generate.
+     *
+     * In C++, these constants have a type of uint32_t, so C++ callers must use
+     * the NS_NET_STATUS_* constants defined below, which have a type of
+     * nsresult.
+     */
+    const unsigned long STATUS_RESOLVING      = 0x4b0003;
+    const unsigned long STATUS_RESOLVED       = 0x4b000b;
+    const unsigned long STATUS_CONNECTING_TO  = 0x4b0007;
+    const unsigned long STATUS_CONNECTED_TO   = 0x4b0004;
+    const unsigned long STATUS_SENDING_TO     = 0x4b0005;
+    const unsigned long STATUS_WAITING_FOR    = 0x4b000a;
+    const unsigned long STATUS_RECEIVING_FROM = 0x4b0006;
+    const unsigned long STATUS_TLS_HANDSHAKE_STARTING = 0x4b000c;
+    const unsigned long STATUS_TLS_HANDSHAKE_ENDED    = 0x4b000d;
+
+    /**
+     * connectionFlags is a bitmask that can be used to modify underlying
+     * behavior of the socket connection. See the flags below.
+     */
+    attribute unsigned long connectionFlags;
+
+    /**
+     * Values for the connectionFlags
+     *
+     * When making a new connection BYPASS_CACHE will force the Necko DNS
+     * cache entry to be refreshed with a new call to NSPR if it is set before
+     * opening the new stream.
+     */
+    const unsigned long BYPASS_CACHE = (1 << 0);
+
+    /**
+     * When setting this flag, the socket will not apply any
+     * credentials when establishing a connection. For example,
+     * an SSL connection would not send any client-certificates
+     * if this flag is set.
+     */
+    const unsigned long ANONYMOUS_CONNECT = (1 << 1);
+
+    /**
+     * If set, we will skip all IPv6 addresses the host may have and only
+     * connect to IPv4 ones.
+     */
+    const unsigned long DISABLE_IPV6 = (1 << 2);
+
+    /**
+     * If set, indicates that the connection was initiated from a source
+     * defined as being private in the sense of Private Browsing. Generally,
+     * there should be no state shared between connections that are private
+     * and those that are not; it is OK for multiple private connections
+     * to share state with each other, and it is OK for multiple non-private
+     * connections to share state with each other.
+     */
+    const unsigned long NO_PERMANENT_STORAGE = (1 << 3);
+
+    /**
+     * If set, we will skip all IPv4 addresses the host may have and only
+     * connect to IPv6 ones.
+     */
+    const unsigned long DISABLE_IPV4 = (1 << 4);
+
+    /**
+     * If set, indicates that the socket should not connect if the hostname
+     * resolves to an RFC1918 address or IPv6 equivalent.
+     */
+    const unsigned long DISABLE_RFC1918 = (1 << 5);
+
+    /**
+     * If set, do not use newer protocol features that might have interop problems
+     * on the Internet. Intended only for use with critical infra like the updater.
+     * default is false.
+     */
+    const unsigned long BE_CONSERVATIVE = (1 << 6);
+
+    /**
+     * If set, do not use TRR for resolving the host name. Intended only for
+     * retries or other scenarios when TRR is deemed likely to have returned a
+     * wrong adddress.
+     */
+    const unsigned long DISABLE_TRR = (1 << 7);
+
+    /**
+     * Values for the connectionFlags
+     *
+     * When using BYPASS_CACHE, setting this bit will invalidate the existing
+     * cached entry immediately while the new resolve is being done to avoid
+     * other users from using stale content in the mean time.
+     */
+    const unsigned long REFRESH_CACHE = (1 << 8);
+
+    /**
+     * If this flag is set then it means that if connecting the preferred ip
+     * family has failed, retry with the oppsite one once more.
+     */
+    const unsigned long RETRY_WITH_DIFFERENT_IP_FAMILY = (1 << 9);
+
+    /**
+     * If we know that a server speaks only tls <1.3 there is no need to try
+     * to use ech.
+     */
+    const unsigned long DONT_TRY_ECH = (1 << 10);
+
+    /**
+     * These two bits encode the TRR mode of the request.
+     * Use the static helper methods convert between the TRR mode and flags.
+     */
+    const unsigned long TRR_MODE_FLAGS = (1 << 11) | (1 << 12);
+
+%{C++
+
+    static uint32_t GetFlagsFromTRRMode(nsIRequest::TRRMode aMode) {
+        return static_cast<uint32_t>(aMode) << 11;
+    }
+
+    static nsIRequest::TRRMode GetTRRModeFromFlags(uint32_t aFlags) {
+        return static_cast<nsIRequest::TRRMode>((aFlags & TRR_MODE_FLAGS) >> 11);
+    }
+%}
+
+    /**
+     * If set, we will use IP hint addresses to connect to the host.
+     */
+    const unsigned long USE_IP_HINT_ADDRESS = (1 << 13);
+
+    /**
+     * This is used for a temporary workaround for a web-compat issue. The flag is
+     * only set on CORS preflight request to allowed sending client certificates
+     * on a connection for an anonymous request.
+     */
+    const unsigned long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = (1 << 14);
+
+    /**
+     * If set, we've retrying after a failed connection attempt.
+     */
+    const unsigned long IS_RETRY = (1 << 15);
+
+    /**
+     * If set, this is a speculative connection.
+     */
+    const unsigned long IS_SPECULATIVE_CONNECTION = (1 << 16);
+
+    /**
+     * An opaque flags for non-standard behavior of the TLS system.
+     * It is unlikely this will need to be set outside of telemetry studies
+     * relating to the TLS implementation.
+     */
+    attribute unsigned long tlsFlags;
+
+    /**
+     * Socket QoS/ToS markings. Valid values are IPTOS_DSCP_AFxx or
+     * IPTOS_CLASS_CSx (or IPTOS_DSCP_EF, but currently no supported
+     * services require expedited-forwarding).
+     * Not setting this value will leave the socket with the default
+     * ToS value, which on most systems if IPTOS_CLASS_CS0 (formerly
+     * IPTOS_PREC_ROUTINE).
+     */
+    attribute octet QoSBits;
+
+    /**
+     * TCP send and receive buffer sizes. A value of 0 means OS level
+     * auto-tuning is in effect.
+     */
+    attribute unsigned long recvBufferSize;
+    attribute unsigned long sendBufferSize;
+
+    /**
+     * TCP keepalive configuration (support varies by platform).
+     * Note that the attribute as well as the setter can only accessed
+     * in the socket thread.
+     */
+    attribute boolean keepaliveEnabled;
+    void setKeepaliveVals(in long keepaliveIdleTime,
+                          in long keepaliveRetryInterval);
+
+    /**
+     * If true, this socket transport has found out the prefered family
+     * according it's connection flags could not be used to establish
+     * connections any more.  Hence, the preference should be reset.
+     */
+    readonly attribute boolean resetIPFamilyPreference;
+
+    /**
+     * This attribute holds information whether echConfig has been used.
+     * The value is set after PR_Connect is called.
+     */
+   readonly attribute boolean echConfigUsed;
+
+    /**
+     * Called to set the echConfig to the securityInfo object.
+     */
+    void setEchConfig(in ACString echConfig);
+
+    /**
+     * IP address resolved using TRR.
+     */
+    bool resolvedByTRR();
+
+    /**
+     * Returns the effectiveTRRMode used for the DNS resolution.
+     */
+    readonly attribute nsIRequest_TRRMode effectiveTRRMode;
+
+    /**
+     * Returns the TRR skip reason used for the DNS resolution.
+     */
+    readonly attribute nsITRRSkipReason_value trrSkipReason;
+
+    /**
+     * Indicate whether this socket is created from a private window. If yes,
+     * this socket will be closed when the last private window is closed.
+     */
+    [noscript] void setIsPrivate(in boolean isPrivate);
+
+    /**
+     * If DNS is performed externally, this flag informs the caller that it may
+     * retry connecting with a different DNS configuration (e.g. different IP
+     * family preference). The flag is set only if a network error is encounder,
+     * e.g. NS_ERROR_CONNECTION_REFUSED, NS_ERROR_RESET, etc.
+     */
+    readonly attribute boolean retryDnsIfPossible;
+
+    /**
+     * Return the current status of the socket.
+     */
+    [noscript] readonly attribute nsresult status;
+};