]>
Commit | Line | Data |
---|---|---|
c8be6d7b | 1 | /* |
cc192b50 | 2 | * $Id: IPInterception.h,v 1.7 2007/12/14 23:11:45 amosjeffries Exp $ |
c8be6d7b | 3 | * |
04f87469 AJ |
4 | * DEBUG: section 89 NAT / IP Interception |
5 | * AUTHOR: Robert Collins | |
6 | * AUTHOR: Amos Jeffries | |
c8be6d7b | 7 | * |
8 | */ | |
c8be6d7b | 9 | #ifndef SQUID_IPINTERCEPTION_H |
10 | #define SQUID_IPINTERCEPTION_H | |
11 | ||
0fc2952e | 12 | class IPAddress; |
62e76326 | 13 | |
fc27cd70 AJ |
14 | /* for time_t */ |
15 | #include "SquidTime.h" | |
16 | ||
0fc2952e AJ |
17 | /** |
18 | \defgroup IPInterceptAPI IP Interception and Transparent Proxy API | |
19 | \ingroup SquidComponent | |
20 | \par | |
21 | * There is no formal state-machine for transparency and interception | |
22 | * instead there is this neutral API which other connection state machines | |
23 | * and the comm layer use to co-ordinate their own state for transparency. | |
24 | */ | |
25 | class IPIntercept | |
26 | { | |
27 | public: | |
ca477988 | 28 | IPIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {}; |
04f87469 AJ |
29 | ~IPIntercept() {}; |
30 | ||
7b0a0d1f | 31 | /** Perform NAT lookups */ |
58cfe9fe | 32 | int NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &client, IPAddress &dst); |
34ec5c62 AJ |
33 | |
34 | #if LINUX_TPROXY2 | |
35 | // only relevant to TPROXY v2 connections. | |
36 | // which require the address be set specifically post-connect. | |
37 | int SetTproxy2OutgoingAddr(int fd, const IPAddress &src); | |
38 | #endif | |
04f87469 AJ |
39 | |
40 | /** | |
41 | \retval 0 Full transparency is disabled. | |
42 | \retval 1 Full transparency is enabled and active. | |
43 | */ | |
44 | inline int TransparentActive() { return transparent_active; }; | |
45 | ||
46 | /** \par | |
47 | * Turn on fully Transparent-Proxy activities. | |
48 | * This function should be called during parsing of the squid.conf | |
49 | * When any option requiring full-transparency is encountered. | |
50 | */ | |
51 | inline void StartTransparency() { transparent_active=1; }; | |
52 | ||
53 | /** \par | |
54 | * Turn off fully Transparent-Proxy activities on all new connections. | |
55 | * Existing transactions and connections are unaffected and will run | |
56 | * to their natural completion. | |
57 | \param str Reason for stopping. Will be logged to cache.log | |
58 | */ | |
59 | void StopTransparency(const char *str); | |
60 | ||
61 | /** | |
62 | \retval 0 IP Interception is disabled. | |
63 | \retval 1 IP Interception is enabled and active. | |
64 | */ | |
65 | inline int InterceptActive() { return intercept_active; }; | |
66 | ||
67 | /** \par | |
68 | * Turn on IP-Interception-Proxy activities. | |
69 | * This function should be called during parsing of the squid.conf | |
70 | * When any option requiring interception / NAT handling is encountered. | |
71 | */ | |
72 | inline void StartInterception() { intercept_active=1; }; | |
73 | ||
74 | /** \par | |
75 | * Turn off IP-Interception-Proxy activities on all new connections. | |
76 | * Existing transactions and connections are unaffected and will run | |
77 | * to their natural completion. | |
78 | \param str Reason for stopping. Will be logged to cache.log | |
79 | */ | |
80 | inline void StopInterception(const char *str); | |
81 | ||
7b0a0d1f | 82 | |
04f87469 | 83 | private: |
7b0a0d1f AJ |
84 | |
85 | /** | |
86 | * perform Lookups on Netfilter interception targets (REDIRECT, DNAT). | |
87 | * | |
88 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
89 | \retval 0 Successfuly located the new address. | |
90 | \retval -1 An error occured during NAT lookups. | |
91 | */ | |
58cfe9fe | 92 | int NetfilterInterception(int fd, const IPAddress &me, IPAddress &client, int silent); |
7b0a0d1f AJ |
93 | |
94 | /** | |
95 | * perform Lookups on Netfilter fully-transparent interception targets (TPROXY). | |
96 | * | |
97 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
98 | \retval 0 Successfuly located the new address. | |
99 | \retval -1 An error occured during NAT lookups. | |
100 | */ | |
ca45fe65 | 101 | int NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent); |
7b0a0d1f AJ |
102 | |
103 | /** | |
104 | * perform Lookups on IPFW interception. | |
105 | * | |
106 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
107 | \retval 0 Successfuly located the new address. | |
108 | \retval -1 An error occured during NAT lookups. | |
109 | */ | |
58cfe9fe | 110 | int IPFWInterception(int fd, const IPAddress &me, IPAddress &client, int silent); |
7b0a0d1f AJ |
111 | |
112 | ||
04f87469 AJ |
113 | int transparent_active; |
114 | int intercept_active; | |
ca477988 | 115 | time_t last_reported; /**< Time of last error report. Throttles NAT error display to 1 per minute */ |
04f87469 | 116 | }; |
0fc2952e | 117 | |
7b0a0d1f | 118 | #if LINUX_NETFILTER && !defined(IP_TRANSPARENT) |
0fc2952e | 119 | /// \ingroup IPInterceptAPI |
f1e0717c AJ |
120 | #define IP_TRANSPARENT 19 |
121 | #endif | |
122 | ||
0fc2952e AJ |
123 | /** |
124 | \ingroup IPInterceptAPI | |
125 | * Globally available instance of the IP Interception manager. | |
126 | */ | |
127 | extern IPIntercept IPInterceptor; | |
c8be6d7b | 128 | |
129 | #endif /* SQUID_IPINTERCEPTION_H */ |