]>
Commit | Line | Data |
---|---|---|
c8be6d7b | 1 | /* |
cc192b50 | 2 | * $Id: IPInterception.h,v 1.7 2007/12/14 23:11:45 amosjeffries Exp $ |
c8be6d7b | 3 | * |
04f87469 AJ |
4 | * DEBUG: section 89 NAT / IP Interception |
5 | * AUTHOR: Robert Collins | |
6 | * AUTHOR: Amos Jeffries | |
c8be6d7b | 7 | * |
8 | */ | |
c8be6d7b | 9 | #ifndef SQUID_IPINTERCEPTION_H |
10 | #define SQUID_IPINTERCEPTION_H | |
11 | ||
0fc2952e | 12 | class IPAddress; |
62e76326 | 13 | |
0fc2952e AJ |
14 | /** |
15 | \defgroup IPInterceptAPI IP Interception and Transparent Proxy API | |
16 | \ingroup SquidComponent | |
17 | \par | |
18 | * There is no formal state-machine for transparency and interception | |
19 | * instead there is this neutral API which other connection state machines | |
20 | * and the comm layer use to co-ordinate their own state for transparency. | |
21 | */ | |
22 | class IPIntercept | |
23 | { | |
24 | public: | |
ca477988 | 25 | IPIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {}; |
04f87469 AJ |
26 | ~IPIntercept() {}; |
27 | ||
7b0a0d1f | 28 | /** Perform NAT lookups */ |
0fc2952e | 29 | int NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &dst); |
34ec5c62 AJ |
30 | |
31 | #if LINUX_TPROXY2 | |
32 | // only relevant to TPROXY v2 connections. | |
33 | // which require the address be set specifically post-connect. | |
34 | int SetTproxy2OutgoingAddr(int fd, const IPAddress &src); | |
35 | #endif | |
04f87469 AJ |
36 | |
37 | /** | |
38 | \retval 0 Full transparency is disabled. | |
39 | \retval 1 Full transparency is enabled and active. | |
40 | */ | |
41 | inline int TransparentActive() { return transparent_active; }; | |
42 | ||
43 | /** \par | |
44 | * Turn on fully Transparent-Proxy activities. | |
45 | * This function should be called during parsing of the squid.conf | |
46 | * When any option requiring full-transparency is encountered. | |
47 | */ | |
48 | inline void StartTransparency() { transparent_active=1; }; | |
49 | ||
50 | /** \par | |
51 | * Turn off fully Transparent-Proxy activities on all new connections. | |
52 | * Existing transactions and connections are unaffected and will run | |
53 | * to their natural completion. | |
54 | \param str Reason for stopping. Will be logged to cache.log | |
55 | */ | |
56 | void StopTransparency(const char *str); | |
57 | ||
58 | /** | |
59 | \retval 0 IP Interception is disabled. | |
60 | \retval 1 IP Interception is enabled and active. | |
61 | */ | |
62 | inline int InterceptActive() { return intercept_active; }; | |
63 | ||
64 | /** \par | |
65 | * Turn on IP-Interception-Proxy activities. | |
66 | * This function should be called during parsing of the squid.conf | |
67 | * When any option requiring interception / NAT handling is encountered. | |
68 | */ | |
69 | inline void StartInterception() { intercept_active=1; }; | |
70 | ||
71 | /** \par | |
72 | * Turn off IP-Interception-Proxy activities on all new connections. | |
73 | * Existing transactions and connections are unaffected and will run | |
74 | * to their natural completion. | |
75 | \param str Reason for stopping. Will be logged to cache.log | |
76 | */ | |
77 | inline void StopInterception(const char *str); | |
78 | ||
7b0a0d1f | 79 | |
04f87469 | 80 | private: |
7b0a0d1f AJ |
81 | |
82 | /** | |
83 | * perform Lookups on Netfilter interception targets (REDIRECT, DNAT). | |
84 | * | |
85 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
86 | \retval 0 Successfuly located the new address. | |
87 | \retval -1 An error occured during NAT lookups. | |
88 | */ | |
ca45fe65 | 89 | int NetfilterInterception(int fd, const IPAddress &me, IPAddress &dst, int silent); |
7b0a0d1f AJ |
90 | |
91 | /** | |
92 | * perform Lookups on Netfilter fully-transparent interception targets (TPROXY). | |
93 | * | |
94 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
95 | \retval 0 Successfuly located the new address. | |
96 | \retval -1 An error occured during NAT lookups. | |
97 | */ | |
ca45fe65 | 98 | int NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent); |
7b0a0d1f AJ |
99 | |
100 | /** | |
101 | * perform Lookups on IPFW interception. | |
102 | * | |
103 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
104 | \retval 0 Successfuly located the new address. | |
105 | \retval -1 An error occured during NAT lookups. | |
106 | */ | |
ca45fe65 | 107 | int IPFWInterception(int fd, const IPAddress &me, IPAddress &dst, int silent); |
7b0a0d1f AJ |
108 | |
109 | ||
04f87469 AJ |
110 | int transparent_active; |
111 | int intercept_active; | |
ca477988 | 112 | time_t last_reported; /**< Time of last error report. Throttles NAT error display to 1 per minute */ |
04f87469 | 113 | }; |
0fc2952e | 114 | |
7b0a0d1f | 115 | #if LINUX_NETFILTER && !defined(IP_TRANSPARENT) |
0fc2952e | 116 | /// \ingroup IPInterceptAPI |
f1e0717c AJ |
117 | #define IP_TRANSPARENT 19 |
118 | #endif | |
119 | ||
0fc2952e AJ |
120 | /** |
121 | \ingroup IPInterceptAPI | |
122 | * Globally available instance of the IP Interception manager. | |
123 | */ | |
124 | extern IPIntercept IPInterceptor; | |
c8be6d7b | 125 | |
126 | #endif /* SQUID_IPINTERCEPTION_H */ |