]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/anyp/TrafficMode.h
2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_ANYP_TRAFFIC_MODE_H
10 #define SQUID_ANYP_TRAFFIC_MODE_H
16 * Set of 'mode' flags defining types of trafic which can be received.
18 * Use to determine the processing steps which need to be applied
19 * to this traffic under any special circumstances which may apply.
24 TrafficMode() : accelSurrogate(false), proxySurrogate(false), natIntercept(false), tproxyIntercept(false), tunnelSslBumping(false) {}
25 TrafficMode(const TrafficMode
&rhs
) { operator =(rhs
); }
26 TrafficMode
&operator =(const TrafficMode
&rhs
) { memcpy(this, &rhs
, sizeof(TrafficMode
)); return *this; }
28 /** marks HTTP accelerator (reverse/surrogate proxy) traffic
30 * Indicating the following are required:
31 * - URL translation from relative to absolute form
32 * - restriction to origin peer relay recommended
36 /** marks ports receiving PROXY protocol traffic
38 * Indicating the following are required:
39 * - PROXY protocol magic header
40 * - src/dst IP retrieved from magic PROXY header
41 * - indirect client IP trust verification is mandatory
42 * - TLS is not supported
46 /** marks NAT intercepted traffic
48 * Indicating the following are required:
50 * - URL translation from relative to absolute form
51 * - Same-Origin verification is mandatory
52 * - destination pinning is recommended
53 * - authentication prohibited
57 /** marks TPROXY intercepted traffic
59 * Indicating the following are required:
60 * - src/dst IP inversion must be performed
61 * - client IP should be spoofed if possible
62 * - URL translation from relative to absolute form
63 * - Same-Origin verification is mandatory
64 * - destination pinning is recommended
65 * - authentication prohibited
69 /** marks intercept and decryption of CONNECT (tunnel) SSL traffic
71 * Indicating the following are required:
72 * - decryption of CONNECT request
73 * - URL translation from relative to absolute form
74 * - authentication prohibited on unwrapped requests (only on the CONNECT tunnel)
75 * - encrypted outbound server connections
76 * - peer relay prohibited. TODO: re-encrypt and re-wrap with CONNECT
78 bool tunnelSslBumping
;
80 /** true if the traffic is in any way intercepted
83 bool isIntercepted() { return natIntercept
||tproxyIntercept
;}