]> git.ipfire.org Git - thirdparty/squid.git/blob - src/ip/Intercept.h
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SourceFormat Enforcement
[thirdparty/squid.git] / src / ip / Intercept.h
1 /*
2 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 89 NAT / IP Interception */
10
11 #ifndef SQUID_IP_IPINTERCEPT_H
12 #define SQUID_IP_IPINTERCEPT_H
13
14 /* for time_t */
15 #include "SquidTime.h"
16
17 namespace Ip
18 {
19
20 class Address;
21
22 /**
23 \defgroup IpInterceptAPI IP Interception and Transparent Proxy API
24 \ingroup SquidComponent
25 \par
26 * There is no formal state-machine for transparency and interception
27 * instead there is this neutral API which other connection state machines
28 * and the comm layer use to co-ordinate their own state for transparency.
29 */
30 class Intercept
31 {
32 public:
33 Intercept() : transparentActive_(0), interceptActive_(0), lastReported_(0) {};
34 ~Intercept() {};
35
36 /** Perform NAT lookups */
37 bool Lookup(const Comm::ConnectionPointer &newConn, const Comm::ConnectionPointer &listenConn);
38
39 /**
40 * Test system networking calls for TPROXY support.
41 * Detects IPv6 and IPv4 level of support matches the address being listened on
42 * and if the compiled v2/v4 is usable as far down as a bind()ing.
43 *
44 * \param test Address set on the squid.conf *_port being checked.
45 * \retval true TPROXY is available.
46 * \retval false TPROXY is not available.
47 */
48 bool ProbeForTproxy(Address &test);
49
50 /**
51 \retval 0 Full transparency is disabled.
52 \retval 1 Full transparency is enabled and active.
53 */
54 inline int TransparentActive() { return transparentActive_; };
55
56 /** \par
57 * Turn on fully Transparent-Proxy activities.
58 * This function should be called during parsing of the squid.conf
59 * When any option requiring full-transparency is encountered.
60 */
61 inline void StartTransparency() { transparentActive_=1; };
62
63 /** \par
64 * Turn off fully Transparent-Proxy activities on all new connections.
65 * Existing transactions and connections are unaffected and will run
66 * to their natural completion.
67 \param str Reason for stopping. Will be logged to cache.log
68 */
69 void StopTransparency(const char *str);
70
71 /**
72 \retval 0 IP Interception is disabled.
73 \retval 1 IP Interception is enabled and active.
74 */
75 inline int InterceptActive() { return interceptActive_; };
76
77 /** \par
78 * Turn on IP-Interception-Proxy activities.
79 * This function should be called during parsing of the squid.conf
80 * When any option requiring interception / NAT handling is encountered.
81 */
82 inline void StartInterception() { interceptActive_=1; };
83
84 /** \par
85 * Turn off IP-Interception-Proxy activities on all new connections.
86 * Existing transactions and connections are unaffected and will run
87 * to their natural completion.
88 \param str Reason for stopping. Will be logged to cache.log
89 */
90 inline void StopInterception(const char *str);
91
92 private:
93
94 /**
95 * perform Lookups on fully-transparent interception targets (TPROXY).
96 * Supports Netfilter, PF and IPFW.
97 *
98 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
99 * \param newConn Details known, to be updated where relevant.
100 * \return Whether successfuly located the new address.
101 */
102 bool TproxyTransparent(const Comm::ConnectionPointer &newConn, int silent);
103
104 /**
105 * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
106 *
107 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
108 * \param newConn Details known, to be updated where relevant.
109 * \return Whether successfuly located the new address.
110 */
111 bool NetfilterInterception(const Comm::ConnectionPointer &newConn, int silent);
112
113 /**
114 * perform Lookups on IPFW interception.
115 *
116 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
117 * \param newConn Details known, to be updated where relevant.
118 * \return Whether successfuly located the new address.
119 */
120 bool IpfwInterception(const Comm::ConnectionPointer &newConn, int silent);
121
122 /**
123 * perform Lookups on IPF interception.
124 *
125 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
126 * \param newConn Details known, to be updated where relevant.
127 * \return Whether successfuly located the new address.
128 */
129 bool IpfInterception(const Comm::ConnectionPointer &newConn, int silent);
130
131 /**
132 * perform Lookups on PF interception target (REDIRECT).
133 *
134 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
135 * \param newConn Details known, to be updated where relevant.
136 * \return Whether successfuly located the new address.
137 */
138 bool PfInterception(const Comm::ConnectionPointer &newConn, int silent);
139
140 int transparentActive_;
141 int interceptActive_;
142 time_t lastReported_; /**< Time of last error report. Throttles NAT error display to 1 per minute */
143 };
144
145 #if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
146 /// \ingroup IpInterceptAPI
147 #define IP_TRANSPARENT 19
148 #endif
149
150 /**
151 \ingroup IpInterceptAPI
152 * Globally available instance of the IP Interception manager.
153 */
154 extern Intercept Interceptor;
155
156 } // namespace Ip
157
158 #endif /* SQUID_IP_IPINTERCEPT_H */
159
Mirror of https://github.com/squid-cache/squid.git