projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| c8be6d7b | 1 | /* |
| 04f87469 AJ |
2 | * DEBUG: section 89 NAT / IP Interception |
| 3 | * AUTHOR: Robert Collins | |
| 4 | * AUTHOR: Amos Jeffries | |
| c8be6d7b | 5 | * |
| 6 | */ | |
| c8be6d7b | 7 | #ifndef SQUID_IPINTERCEPTION_H |
| 8 | #define SQUID_IPINTERCEPTION_H | |
| 9 | ||
| 565b233e | 10 | class IpAddress; |
| 62e76326 | 11 | |
| fc27cd70 AJ |
12 | /* for time_t */ |
| 13 | #include "SquidTime.h" | |
| 14 | ||
| 0fc2952e | 15 | /** |
| 85944c1c | 16 | \defgroup IpInterceptAPI IP Interception and Transparent Proxy API |
| 0fc2952e AJ |
17 | \ingroup SquidComponent |
| 18 | \par | |
| 19 | * There is no formal state-machine for transparency and interception | |
| 20 | * instead there is this neutral API which other connection state machines | |
| 21 | * and the comm layer use to co-ordinate their own state for transparency. | |
| 22 | */ | |
| 85944c1c | 23 | class IpIntercept |
| 0fc2952e AJ |
24 | { |
| 25 | public: | |
| 85944c1c AJ |
26 | IpIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {}; |
| 27 | ~IpIntercept() {}; | |
| 04f87469 | 28 | |
| 7b0a0d1f | 29 | /** Perform NAT lookups */ |
| 9fb4efad | 30 | int NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAddress &client, IpAddress &dst); |
| 34ec5c62 AJ |
31 | |
| 32 | #if LINUX_TPROXY2 | |
| 33 | // only relevant to TPROXY v2 connections. | |
| 34 | // which require the address be set specifically post-connect. | |
| 565b233e | 35 | int SetTproxy2OutgoingAddr(int fd, const IpAddress &src); |
| 34ec5c62 | 36 | #endif |
| 04f87469 AJ |
37 | |
| 38 | /** | |
| 39 | \retval 0 Full transparency is disabled. | |
| 40 | \retval 1 Full transparency is enabled and active. | |
| 41 | */ | |
| 42 | inline int TransparentActive() { return transparent_active; }; | |
| 43 | ||
| 44 | /** \par | |
| 45 | * Turn on fully Transparent-Proxy activities. | |
| 46 | * This function should be called during parsing of the squid.conf | |
| 47 | * When any option requiring full-transparency is encountered. | |
| 48 | */ | |
| 49 | inline void StartTransparency() { transparent_active=1; }; | |
| 50 | ||
| 51 | /** \par | |
| 52 | * Turn off fully Transparent-Proxy activities on all new connections. | |
| 53 | * Existing transactions and connections are unaffected and will run | |
| 54 | * to their natural completion. | |
| 55 | \param str Reason for stopping. Will be logged to cache.log | |
| 56 | */ | |
| 57 | void StopTransparency(const char *str); | |
| 58 | ||
| 59 | /** | |
| 60 | \retval 0 IP Interception is disabled. | |
| 61 | \retval 1 IP Interception is enabled and active. | |
| 62 | */ | |
| 63 | inline int InterceptActive() { return intercept_active; }; | |
| 64 | ||
| 65 | /** \par | |
| 66 | * Turn on IP-Interception-Proxy activities. | |
| 67 | * This function should be called during parsing of the squid.conf | |
| 68 | * When any option requiring interception / NAT handling is encountered. | |
| 69 | */ | |
| 70 | inline void StartInterception() { intercept_active=1; }; | |
| 71 | ||
| 72 | /** \par | |
| 73 | * Turn off IP-Interception-Proxy activities on all new connections. | |
| 74 | * Existing transactions and connections are unaffected and will run | |
| 75 | * to their natural completion. | |
| 76 | \param str Reason for stopping. Will be logged to cache.log | |
| 77 | */ | |
| 78 | inline void StopInterception(const char *str); | |
| 79 | ||
| 7b0a0d1f | 80 | |
| 04f87469 | 81 | private: |
| 7b0a0d1f AJ |
82 | |
| 83 | /** | |
| 84 | * perform Lookups on Netfilter interception targets (REDIRECT, DNAT). | |
| 85 | * | |
| 86 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
| 87 | \retval 0 Successfuly located the new address. | |
| 88 | \retval -1 An error occured during NAT lookups. | |
| 89 | */ | |
| 23f6a720 | 90 | int NetfilterInterception(int fd, const IpAddress &me, IpAddress &client, int silent); |
| 7b0a0d1f AJ |
91 | |
| 92 | /** | |
| 93 | * perform Lookups on Netfilter fully-transparent interception targets (TPROXY). | |
| 94 | * | |
| 95 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
| 96 | \retval 0 Successfuly located the new address. | |
| 97 | \retval -1 An error occured during NAT lookups. | |
| 98 | */ | |
| 23f6a720 | 99 | int NetfilterTransparent(int fd, const IpAddress &me, IpAddress &dst, int silent); |
| 7b0a0d1f AJ |
100 | |
| 101 | /** | |
| 102 | * perform Lookups on IPFW interception. | |
| 103 | * | |
| 104 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
| 105 | \retval 0 Successfuly located the new address. | |
| 106 | \retval -1 An error occured during NAT lookups. | |
| 107 | */ | |
| 23f6a720 | 108 | int IpfwInterception(int fd, const IpAddress &me, IpAddress &client, int silent); |
| 7b0a0d1f AJ |
109 | |
| 110 | ||
| 04f87469 AJ |
111 | int transparent_active; |
| 112 | int intercept_active; | |
| ca477988 | 113 | time_t last_reported; /**< Time of last error report. Throttles NAT error display to 1 per minute */ |
| 04f87469 | 114 | }; |
| 0fc2952e | 115 | |
| 7b0a0d1f | 116 | #if LINUX_NETFILTER && !defined(IP_TRANSPARENT) |
| 85944c1c | 117 | /// \ingroup IpInterceptAPI |
| f1e0717c AJ |
118 | #define IP_TRANSPARENT 19 |
| 119 | #endif | |
| 120 | ||
| 0fc2952e | 121 | /** |
| 85944c1c | 122 | \ingroup IpInterceptAPI |
| 0fc2952e AJ |
123 | * Globally available instance of the IP Interception manager. |
| 124 | */ | |
| 85944c1c | 125 | extern IpIntercept IpInterceptor; |
| c8be6d7b | 126 | |
| 127 | #endif /* SQUID_IPINTERCEPTION_H */ |