1 files changed, 145 insertions, 0 deletions

diff --git a/netwerk/socket/nsISocketProvider.idl b/netwerk/socket/nsISocketProvider.idl
new file mode 100644
index 0000000000..1f19b932f9
--- /dev/null
+++ b/netwerk/socket/nsISocketProvider.idl
@@ -0,0 +1,145 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIProxyInfo;
+interface nsITLSSocketControl;
+[ptr] native PRFileDescStar(struct PRFileDesc);
+native OriginAttributes(mozilla::OriginAttributes);
+[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+
+%{ C++
+#include "mozilla/BasePrincipal.h"
+%}
+
+/**
+ * nsISocketProvider
+ */
+[scriptable, uuid(508d5469-9e1e-4a08-b5b0-7cfebba1e51a)]
+interface nsISocketProvider : nsISupports
+{
+    /**
+     * newSocket
+     *
+     * @param aFamily
+     *        The address family for this socket (PR_AF_INET or PR_AF_INET6).
+     * @param aHost
+     *        The origin hostname for this connection.
+     * @param aPort
+     *        The origin port for this connection.
+     * @param aProxyHost
+     *        If non-null, the proxy hostname for this connection.
+     * @param aProxyPort
+     *        The proxy port for this connection.
+     * @param aFlags
+     *        Control flags that govern this connection (see below.)
+     * @param aTlsFlags
+     *        An opaque flags for non-standard behavior of the TLS system.
+     *        It is unlikely this will need to be set outside of telemetry
+     *        studies relating to the TLS implementation.
+     * @param aFileDesc
+     *        The resulting PRFileDesc.
+     * @param aTLSSocketControl
+     *        TLS socket control object that should be associated with
+     *        aFileDesc, if applicable.
+     */
+    [noscript]
+    void newSocket(in long                      aFamily,
+                   in string                    aHost,
+                   in long                      aPort,
+                   in nsIProxyInfo              aProxy,
+                   in const_OriginAttributesRef aOriginAttributes,
+                   in unsigned long             aFlags,
+                   in unsigned long             aTlsFlags,
+                   out PRFileDescStar           aFileDesc,
+                   out nsITLSSocketControl      aTLSSocketControl);
+
+    /**
+     * addToSocket
+     *
+     * This function is called to allow the socket provider to layer a
+     * PRFileDesc on top of another PRFileDesc.  For example, SSL via a SOCKS
+     * proxy.
+     *
+     * Parameters are the same as newSocket with the exception of aFileDesc,
+     * which is an in-param instead.
+     */
+    [noscript]
+    void addToSocket(in long                      aFamily,
+                     in string                    aHost,
+                     in long                      aPort,
+                     in nsIProxyInfo              aProxy,
+                     in const_OriginAttributesRef aOriginAttributes,
+                     in unsigned long             aFlags,
+                     in unsigned long             aTlsFlags,
+                     in PRFileDescStar            aFileDesc,
+                     out nsITLSSocketControl      aTLSSocketControl);
+
+    /**
+     * PROXY_RESOLVES_HOST
+     *
+     * This flag is set if the proxy is to perform hostname resolution instead
+     * of the client.  When set, the hostname parameter passed when in this
+     * interface will be used instead of the address structure passed for a
+     * later connect et al. request.
+     */
+    const long PROXY_RESOLVES_HOST = 1 << 0;
+
+    /**
+     * When setting this flag, the socket will not apply any
+     * credentials when establishing a connection. For example,
+     * an SSL connection would not send any client-certificates
+     * if this flag is set.
+     */
+    const long ANONYMOUS_CONNECT = 1 << 1;
+
+    /**
+     * If set, indicates that the connection was initiated from a source
+     * defined as being private in the sense of Private Browsing. Generally,
+     * there should be no state shared between connections that are private
+     * and those that are not; it is OK for multiple private connections
+     * to share state with each other, and it is OK for multiple non-private
+     * connections to share state with each other.
+     */
+    const unsigned long NO_PERMANENT_STORAGE = 1 << 2;
+
+    /**
+     * If set, do not use newer protocol features that might have interop problems
+     * on the Internet. Intended only for use with critical infra like the updater.
+     * default is false.
+     */
+    const unsigned long BE_CONSERVATIVE = 1 << 3;
+
+    /**
+     * This is used for a temporary workaround for a web-compat issue. The flag is
+     * only set on CORS preflight request to allowed sending client certificates
+     * on a connection for an anonymous request.
+     */
+    const long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = 1 << 4;
+
+    /**
+     * If set, indicates that this is a speculative connection.
+     */
+    const unsigned long IS_SPECULATIVE_CONNECTION = 1 << 5;
+
+    /**
+     * If set, do not send an ECH extension (whether GREASE or 'real').
+     * Currently false by default and is set when retrying failed connections.
+     */
+    const unsigned long DONT_TRY_ECH = (1 << 10);
+
+    /**
+     *  If set, indicates that the connection is a retry.
+     */
+    const unsigned long IS_RETRY = (1 << 11);
+
+    /**
+     * If set, indicates that the connection used a privacy-preserving DNS
+     * transport such as DoH, DoQ or similar. Currently this field is
+     * set only when DoH is used via the TRR.
+     */
+    const unsigned long USED_PRIVATE_DNS = (1 << 12);
+};