[thirdparty/squid.git] / src / IPInterception.h

/*
 * $Id: IPInterception.h,v 1.7 2007/12/14 23:11:45 amosjeffries Exp $
 *
 * DEBUG: section 89    NAT / IP Interception
 * AUTHOR: Robert Collins
 * AUTHOR: Amos Jeffries
 *
 */
#ifndef SQUID_IPINTERCEPTION_H
#define SQUID_IPINTERCEPTION_H

class IPAddress;

/**
 \defgroup IPInterceptAPI IP Interception and Transparent Proxy API
 \ingroup SquidComponent
 \par
 * There is no formal state-machine for transparency and interception
 * instead there is this neutral API which other connection state machines
 * and the comm layer use to co-ordinate their own state for transparency.
 */
class IPIntercept
{
public:
    IPIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {};
    ~IPIntercept() {};

    /** Perform NAT lookups */
    int NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &dst);

#if LINUX_TPROXY2
    // only relevant to TPROXY v2 connections.
    // which require the address be set specifically post-connect.
    int SetTproxy2OutgoingAddr(int fd, const IPAddress &src);
#endif

    /**
     \retval 0	Full transparency is disabled.
     \retval 1  Full transparency is enabled and active.
     */
    inline int TransparentActive() { return transparent_active; };

    /** \par
     * Turn on fully Transparent-Proxy activities.
     * This function should be called during parsing of the squid.conf
     * When any option requiring full-transparency is encountered.
     */
    inline void StartTransparency() { transparent_active=1; };

    /** \par
     * Turn off fully Transparent-Proxy activities on all new connections.
     * Existing transactions and connections are unaffected and will run
     * to their natural completion.
     \param str    Reason for stopping. Will be logged to cache.log
     */
    void StopTransparency(const char *str);

    /**
     \retval 0	IP Interception is disabled.
     \retval 1  IP Interception is enabled and active.
     */
    inline int InterceptActive() { return intercept_active; };

    /** \par
     * Turn on IP-Interception-Proxy activities.
     * This function should be called during parsing of the squid.conf
     * When any option requiring interception / NAT handling is encountered.
     */
    inline void StartInterception() { intercept_active=1; };

    /** \par
     * Turn off IP-Interception-Proxy activities on all new connections.
     * Existing transactions and connections are unaffected and will run
     * to their natural completion.
     \param str    Reason for stopping. Will be logged to cache.log
     */
    inline void StopInterception(const char *str);


private:

    /**
     * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
     *
     \param silent[in]   0 if errors are to be displayed. 1 if errors are to be hidden.
     \retval 0     Successfuly located the new address.
     \retval -1    An error occured during NAT lookups.
     */
    int NetfilterInterception(int fd, const IPAddress &me, IPAddress &dst, int silent);

    /**
     * perform Lookups on Netfilter fully-transparent interception targets (TPROXY).
     *
     \param silent[in]   0 if errors are to be displayed. 1 if errors are to be hidden.
     \retval 0     Successfuly located the new address.
     \retval -1    An error occured during NAT lookups.
     */
    int NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent);

    /**
     * perform Lookups on IPFW interception.
     *
     \param silent[in]   0 if errors are to be displayed. 1 if errors are to be hidden.
     \retval 0     Successfuly located the new address.
     \retval -1    An error occured during NAT lookups.
     */
    int IPFWInterception(int fd, const IPAddress &me, IPAddress &dst, int silent);


    int transparent_active;
    int intercept_active;
    time_t last_reported; /**< Time of last error report. Throttles NAT error display to 1 per minute */
};

#if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
/// \ingroup IPInterceptAPI
#define IP_TRANSPARENT 19
#endif

/**
 \ingroup IPInterceptAPI
 * Globally available instance of the IP Interception manager.
 */
extern IPIntercept IPInterceptor;

#endif /* SQUID_IPINTERCEPTION_H */
Commit	Line	Data
c8be6d7b	1	/*
cc192b50	2	* $Id: IPInterception.h,v 1.7 2007/12/14 23:11:45 amosjeffries Exp $
c8be6d7b	3	*
04f87469 AJ	4	* DEBUG: section 89 NAT / IP Interception
	5	* AUTHOR: Robert Collins
	6	* AUTHOR: Amos Jeffries
c8be6d7b	7	*
c8be6d7b	8	*/
c8be6d7b	9	#ifndef SQUID_IPINTERCEPTION_H
	10	#define SQUID_IPINTERCEPTION_H
	11
0fc2952e	12	class IPAddress;
62e76326	13
0fc2952e AJ	14	/**
	15	\defgroup IPInterceptAPI IP Interception and Transparent Proxy API
	16	\ingroup SquidComponent
	17	\par
	18	* There is no formal state-machine for transparency and interception
	19	* instead there is this neutral API which other connection state machines
	20	* and the comm layer use to co-ordinate their own state for transparency.
	21	*/
	22	class IPIntercept
	23	{
	24	public:
ca477988	25	IPIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {};
04f87469 AJ	26	~IPIntercept() {};
04f87469 AJ	27
7b0a0d1f	28	/** Perform NAT lookups */
0fc2952e	29	int NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &dst);
34ec5c62 AJ	30
	31	#if LINUX_TPROXY2
	32	// only relevant to TPROXY v2 connections.
	33	// which require the address be set specifically post-connect.
	34	int SetTproxy2OutgoingAddr(int fd, const IPAddress &src);
	35	#endif
04f87469 AJ	36
	37	/**
	38	\retval 0 Full transparency is disabled.
	39	\retval 1 Full transparency is enabled and active.
	40	*/
	41	inline int TransparentActive() { return transparent_active; };
	42
	43	/** \par
	44	* Turn on fully Transparent-Proxy activities.
	45	* This function should be called during parsing of the squid.conf
	46	* When any option requiring full-transparency is encountered.
	47	*/
	48	inline void StartTransparency() { transparent_active=1; };
	49
	50	/** \par
	51	* Turn off fully Transparent-Proxy activities on all new connections.
	52	* Existing transactions and connections are unaffected and will run
	53	* to their natural completion.
	54	\param str Reason for stopping. Will be logged to cache.log
	55	*/
	56	void StopTransparency(const char *str);
	57
	58	/**
	59	\retval 0 IP Interception is disabled.
	60	\retval 1 IP Interception is enabled and active.
	61	*/
	62	inline int InterceptActive() { return intercept_active; };
	63
	64	/** \par
	65	* Turn on IP-Interception-Proxy activities.
	66	* This function should be called during parsing of the squid.conf
	67	* When any option requiring interception / NAT handling is encountered.
	68	*/
	69	inline void StartInterception() { intercept_active=1; };
	70
	71	/** \par
	72	* Turn off IP-Interception-Proxy activities on all new connections.
	73	* Existing transactions and connections are unaffected and will run
	74	* to their natural completion.
	75	\param str Reason for stopping. Will be logged to cache.log
	76	*/
	77	inline void StopInterception(const char *str);
	78
7b0a0d1f	79
04f87469	80	private:
7b0a0d1f AJ	81
	82	/**
	83	* perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
	84	*
	85	\param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
	86	\retval 0 Successfuly located the new address.
	87	\retval -1 An error occured during NAT lookups.
	88	*/
ca45fe65	89	int NetfilterInterception(int fd, const IPAddress &me, IPAddress &dst, int silent);
7b0a0d1f AJ	90
	91	/**
	92	* perform Lookups on Netfilter fully-transparent interception targets (TPROXY).
	93	*
	94	\param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
	95	\retval 0 Successfuly located the new address.
	96	\retval -1 An error occured during NAT lookups.
	97	*/
ca45fe65	98	int NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent);
7b0a0d1f AJ	99
	100	/**
	101	* perform Lookups on IPFW interception.
	102	*
	103	\param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
	104	\retval 0 Successfuly located the new address.
	105	\retval -1 An error occured during NAT lookups.
	106	*/
ca45fe65	107	int IPFWInterception(int fd, const IPAddress &me, IPAddress &dst, int silent);
7b0a0d1f AJ	108
7b0a0d1f AJ	109
04f87469 AJ	110	int transparent_active;
04f87469 AJ	111	int intercept_active;
ca477988	112	time_t last_reported; /*< Time of last error report. Throttles NAT error display to 1 per minute /
04f87469	113	};
0fc2952e	114
7b0a0d1f	115	#if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
0fc2952e	116	/// \ingroup IPInterceptAPI
f1e0717c AJ	117	#define IP_TRANSPARENT 19
	118	#endif
	119
0fc2952e AJ	120	/**
	121	\ingroup IPInterceptAPI
	122	* Globally available instance of the IP Interception manager.
	123	*/
	124	extern IPIntercept IPInterceptor;
c8be6d7b	125
c8be6d7b	126	#endif /* SQUID_IPINTERCEPTION_H */