]>
Commit | Line | Data |
---|---|---|
c8be6d7b | 1 | /* |
04f87469 AJ |
2 | * DEBUG: section 89 NAT / IP Interception |
3 | * AUTHOR: Robert Collins | |
4 | * AUTHOR: Amos Jeffries | |
c8be6d7b | 5 | * |
6 | */ | |
c8be6d7b | 7 | #ifndef SQUID_IPINTERCEPTION_H |
8 | #define SQUID_IPINTERCEPTION_H | |
9 | ||
565b233e | 10 | class IpAddress; |
62e76326 | 11 | |
fc27cd70 AJ |
12 | /* for time_t */ |
13 | #include "SquidTime.h" | |
14 | ||
0fc2952e | 15 | /** |
85944c1c | 16 | \defgroup IpInterceptAPI IP Interception and Transparent Proxy API |
0fc2952e AJ |
17 | \ingroup SquidComponent |
18 | \par | |
19 | * There is no formal state-machine for transparency and interception | |
20 | * instead there is this neutral API which other connection state machines | |
21 | * and the comm layer use to co-ordinate their own state for transparency. | |
22 | */ | |
85944c1c | 23 | class IpIntercept |
0fc2952e AJ |
24 | { |
25 | public: | |
85944c1c AJ |
26 | IpIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {}; |
27 | ~IpIntercept() {}; | |
04f87469 | 28 | |
7b0a0d1f | 29 | /** Perform NAT lookups */ |
9fb4efad | 30 | int NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAddress &client, IpAddress &dst); |
34ec5c62 AJ |
31 | |
32 | #if LINUX_TPROXY2 | |
33 | // only relevant to TPROXY v2 connections. | |
34 | // which require the address be set specifically post-connect. | |
565b233e | 35 | int SetTproxy2OutgoingAddr(int fd, const IpAddress &src); |
34ec5c62 | 36 | #endif |
04f87469 AJ |
37 | |
38 | /** | |
39 | \retval 0 Full transparency is disabled. | |
40 | \retval 1 Full transparency is enabled and active. | |
41 | */ | |
42 | inline int TransparentActive() { return transparent_active; }; | |
43 | ||
44 | /** \par | |
45 | * Turn on fully Transparent-Proxy activities. | |
46 | * This function should be called during parsing of the squid.conf | |
47 | * When any option requiring full-transparency is encountered. | |
48 | */ | |
49 | inline void StartTransparency() { transparent_active=1; }; | |
50 | ||
51 | /** \par | |
52 | * Turn off fully Transparent-Proxy activities on all new connections. | |
53 | * Existing transactions and connections are unaffected and will run | |
54 | * to their natural completion. | |
55 | \param str Reason for stopping. Will be logged to cache.log | |
56 | */ | |
57 | void StopTransparency(const char *str); | |
58 | ||
59 | /** | |
60 | \retval 0 IP Interception is disabled. | |
61 | \retval 1 IP Interception is enabled and active. | |
62 | */ | |
63 | inline int InterceptActive() { return intercept_active; }; | |
64 | ||
65 | /** \par | |
66 | * Turn on IP-Interception-Proxy activities. | |
67 | * This function should be called during parsing of the squid.conf | |
68 | * When any option requiring interception / NAT handling is encountered. | |
69 | */ | |
70 | inline void StartInterception() { intercept_active=1; }; | |
71 | ||
72 | /** \par | |
73 | * Turn off IP-Interception-Proxy activities on all new connections. | |
74 | * Existing transactions and connections are unaffected and will run | |
75 | * to their natural completion. | |
76 | \param str Reason for stopping. Will be logged to cache.log | |
77 | */ | |
78 | inline void StopInterception(const char *str); | |
79 | ||
7b0a0d1f | 80 | |
04f87469 | 81 | private: |
7b0a0d1f AJ |
82 | |
83 | /** | |
84 | * perform Lookups on Netfilter interception targets (REDIRECT, DNAT). | |
85 | * | |
86 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
87 | \retval 0 Successfuly located the new address. | |
88 | \retval -1 An error occured during NAT lookups. | |
89 | */ | |
23f6a720 | 90 | int NetfilterInterception(int fd, const IpAddress &me, IpAddress &client, int silent); |
7b0a0d1f AJ |
91 | |
92 | /** | |
93 | * perform Lookups on Netfilter fully-transparent interception targets (TPROXY). | |
94 | * | |
95 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
96 | \retval 0 Successfuly located the new address. | |
97 | \retval -1 An error occured during NAT lookups. | |
98 | */ | |
23f6a720 | 99 | int NetfilterTransparent(int fd, const IpAddress &me, IpAddress &dst, int silent); |
7b0a0d1f AJ |
100 | |
101 | /** | |
102 | * perform Lookups on IPFW interception. | |
103 | * | |
104 | \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden. | |
105 | \retval 0 Successfuly located the new address. | |
106 | \retval -1 An error occured during NAT lookups. | |
107 | */ | |
23f6a720 | 108 | int IpfwInterception(int fd, const IpAddress &me, IpAddress &client, int silent); |
7b0a0d1f AJ |
109 | |
110 | ||
04f87469 AJ |
111 | int transparent_active; |
112 | int intercept_active; | |
ca477988 | 113 | time_t last_reported; /**< Time of last error report. Throttles NAT error display to 1 per minute */ |
04f87469 | 114 | }; |
0fc2952e | 115 | |
7b0a0d1f | 116 | #if LINUX_NETFILTER && !defined(IP_TRANSPARENT) |
85944c1c | 117 | /// \ingroup IpInterceptAPI |
f1e0717c AJ |
118 | #define IP_TRANSPARENT 19 |
119 | #endif | |
120 | ||
0fc2952e | 121 | /** |
85944c1c | 122 | \ingroup IpInterceptAPI |
0fc2952e AJ |
123 | * Globally available instance of the IP Interception manager. |
124 | */ | |
85944c1c | 125 | extern IpIntercept IpInterceptor; |
c8be6d7b | 126 | |
127 | #endif /* SQUID_IPINTERCEPTION_H */ |