[thirdparty/squid.git] / src / IPInterception.h

/*
 * $Id: IPInterception.h,v 1.7 2007/12/14 23:11:45 amosjeffries Exp $
 *
 * DEBUG: section 89    NAT / IP Interception
 * AUTHOR: Robert Collins
 * AUTHOR: Amos Jeffries
 *
 */
#ifndef SQUID_IPINTERCEPTION_H
#define SQUID_IPINTERCEPTION_H

class IPAddress;

/* for time_t */
#include "SquidTime.h"

/**
 \defgroup IPInterceptAPI IP Interception and Transparent Proxy API
 \ingroup SquidComponent
 \par
 * There is no formal state-machine for transparency and interception
 * instead there is this neutral API which other connection state machines
 * and the comm layer use to co-ordinate their own state for transparency.
 */
class IPIntercept
{
public:
    IPIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {};
    ~IPIntercept() {};

    /** Perform NAT lookups */
    int NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &client, IPAddress &dst);

#if LINUX_TPROXY2
    // only relevant to TPROXY v2 connections.
    // which require the address be set specifically post-connect.
    int SetTproxy2OutgoingAddr(int fd, const IPAddress &src);
#endif

    /**
     \retval 0	Full transparency is disabled.
     \retval 1  Full transparency is enabled and active.
     */
    inline int TransparentActive() { return transparent_active; };

    /** \par
     * Turn on fully Transparent-Proxy activities.
     * This function should be called during parsing of the squid.conf
     * When any option requiring full-transparency is encountered.
     */
    inline void StartTransparency() { transparent_active=1; };

    /** \par
     * Turn off fully Transparent-Proxy activities on all new connections.
     * Existing transactions and connections are unaffected and will run
     * to their natural completion.
     \param str    Reason for stopping. Will be logged to cache.log
     */
    void StopTransparency(const char *str);

    /**
     \retval 0	IP Interception is disabled.
     \retval 1  IP Interception is enabled and active.
     */
    inline int InterceptActive() { return intercept_active; };

    /** \par
     * Turn on IP-Interception-Proxy activities.
     * This function should be called during parsing of the squid.conf
     * When any option requiring interception / NAT handling is encountered.
     */
    inline void StartInterception() { intercept_active=1; };

    /** \par
     * Turn off IP-Interception-Proxy activities on all new connections.
     * Existing transactions and connections are unaffected and will run
     * to their natural completion.
     \param str    Reason for stopping. Will be logged to cache.log
     */
    inline void StopInterception(const char *str);


private:

    /**
     * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
     *
     \param silent[in]   0 if errors are to be displayed. 1 if errors are to be hidden.
     \retval 0     Successfuly located the new address.
     \retval -1    An error occured during NAT lookups.
     */
    int NetfilterInterception(int fd, const IPAddress &me, IPAddress &client, int silent);

    /**
     * perform Lookups on Netfilter fully-transparent interception targets (TPROXY).
     *
     \param silent[in]   0 if errors are to be displayed. 1 if errors are to be hidden.
     \retval 0     Successfuly located the new address.
     \retval -1    An error occured during NAT lookups.
     */
    int NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent);

    /**
     * perform Lookups on IPFW interception.
     *
     \param silent[in]   0 if errors are to be displayed. 1 if errors are to be hidden.
     \retval 0     Successfuly located the new address.
     \retval -1    An error occured during NAT lookups.
     */
    int IPFWInterception(int fd, const IPAddress &me, IPAddress &client, int silent);


    int transparent_active;
    int intercept_active;
    time_t last_reported; /**< Time of last error report. Throttles NAT error display to 1 per minute */
};

#if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
/// \ingroup IPInterceptAPI
#define IP_TRANSPARENT 19
#endif

/**
 \ingroup IPInterceptAPI
 * Globally available instance of the IP Interception manager.
 */
extern IPIntercept IPInterceptor;

#endif /* SQUID_IPINTERCEPTION_H */
Commit	Line	Data
c8be6d7b	1	/*
cc192b50	2	* $Id: IPInterception.h,v 1.7 2007/12/14 23:11:45 amosjeffries Exp $
c8be6d7b	3	*
04f87469 AJ	4	* DEBUG: section 89 NAT / IP Interception
	5	* AUTHOR: Robert Collins
	6	* AUTHOR: Amos Jeffries
c8be6d7b	7	*
c8be6d7b	8	*/
c8be6d7b	9	#ifndef SQUID_IPINTERCEPTION_H
	10	#define SQUID_IPINTERCEPTION_H
	11
0fc2952e	12	class IPAddress;
62e76326	13
fc27cd70 AJ	14	/* for time_t */
	15	#include "SquidTime.h"
	16
0fc2952e AJ	17	/**
	18	\defgroup IPInterceptAPI IP Interception and Transparent Proxy API
	19	\ingroup SquidComponent
	20	\par
	21	* There is no formal state-machine for transparency and interception
	22	* instead there is this neutral API which other connection state machines
	23	* and the comm layer use to co-ordinate their own state for transparency.
	24	*/
	25	class IPIntercept
	26	{
	27	public:
ca477988	28	IPIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {};
04f87469 AJ	29	~IPIntercept() {};
04f87469 AJ	30
7b0a0d1f	31	/** Perform NAT lookups */
58cfe9fe	32	int NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &client, IPAddress &dst);
34ec5c62 AJ	33
	34	#if LINUX_TPROXY2
	35	// only relevant to TPROXY v2 connections.
	36	// which require the address be set specifically post-connect.
	37	int SetTproxy2OutgoingAddr(int fd, const IPAddress &src);
	38	#endif
04f87469 AJ	39
	40	/**
	41	\retval 0 Full transparency is disabled.
	42	\retval 1 Full transparency is enabled and active.
	43	*/
	44	inline int TransparentActive() { return transparent_active; };
	45
	46	/** \par
	47	* Turn on fully Transparent-Proxy activities.
	48	* This function should be called during parsing of the squid.conf
	49	* When any option requiring full-transparency is encountered.
	50	*/
	51	inline void StartTransparency() { transparent_active=1; };
	52
	53	/** \par
	54	* Turn off fully Transparent-Proxy activities on all new connections.
	55	* Existing transactions and connections are unaffected and will run
	56	* to their natural completion.
	57	\param str Reason for stopping. Will be logged to cache.log
	58	*/
	59	void StopTransparency(const char *str);
	60
	61	/**
	62	\retval 0 IP Interception is disabled.
	63	\retval 1 IP Interception is enabled and active.
	64	*/
	65	inline int InterceptActive() { return intercept_active; };
	66
	67	/** \par
	68	* Turn on IP-Interception-Proxy activities.
	69	* This function should be called during parsing of the squid.conf
	70	* When any option requiring interception / NAT handling is encountered.
	71	*/
	72	inline void StartInterception() { intercept_active=1; };
	73
	74	/** \par
	75	* Turn off IP-Interception-Proxy activities on all new connections.
	76	* Existing transactions and connections are unaffected and will run
	77	* to their natural completion.
	78	\param str Reason for stopping. Will be logged to cache.log
	79	*/
	80	inline void StopInterception(const char *str);
	81
7b0a0d1f	82
04f87469	83	private:
7b0a0d1f AJ	84
	85	/**
	86	* perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
	87	*
	88	\param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
	89	\retval 0 Successfuly located the new address.
	90	\retval -1 An error occured during NAT lookups.
	91	*/
58cfe9fe	92	int NetfilterInterception(int fd, const IPAddress &me, IPAddress &client, int silent);
7b0a0d1f AJ	93
	94	/**
	95	* perform Lookups on Netfilter fully-transparent interception targets (TPROXY).
	96	*
	97	\param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
	98	\retval 0 Successfuly located the new address.
	99	\retval -1 An error occured during NAT lookups.
	100	*/
ca45fe65	101	int NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent);
7b0a0d1f AJ	102
	103	/**
	104	* perform Lookups on IPFW interception.
	105	*
	106	\param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
	107	\retval 0 Successfuly located the new address.
	108	\retval -1 An error occured during NAT lookups.
	109	*/
58cfe9fe	110	int IPFWInterception(int fd, const IPAddress &me, IPAddress &client, int silent);
7b0a0d1f AJ	111
7b0a0d1f AJ	112
04f87469 AJ	113	int transparent_active;
04f87469 AJ	114	int intercept_active;
ca477988	115	time_t last_reported; /*< Time of last error report. Throttles NAT error display to 1 per minute /
04f87469	116	};
0fc2952e	117
7b0a0d1f	118	#if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
0fc2952e	119	/// \ingroup IPInterceptAPI
f1e0717c AJ	120	#define IP_TRANSPARENT 19
	121	#endif
	122
0fc2952e AJ	123	/**
	124	\ingroup IPInterceptAPI
	125	* Globally available instance of the IP Interception manager.
	126	*/
	127	extern IPIntercept IPInterceptor;
c8be6d7b	128
c8be6d7b	129	#endif /* SQUID_IPINTERCEPTION_H */