2 * $Id: IPInterception.h,v 1.7 2007/12/14 23:11:45 amosjeffries Exp $
4 * DEBUG: section 89 NAT / IP Interception
5 * AUTHOR: Robert Collins
6 * AUTHOR: Amos Jeffries
9 #ifndef SQUID_IPINTERCEPTION_H
10 #define SQUID_IPINTERCEPTION_H
15 #include "SquidTime.h"
18 \defgroup IPInterceptAPI IP Interception and Transparent Proxy API
19 \ingroup SquidComponent
21 * There is no formal state-machine for transparency and interception
22 * instead there is this neutral API which other connection state machines
23 * and the comm layer use to co-ordinate their own state for transparency.
28 IPIntercept() : transparent_active(0), intercept_active(0), last_reported(0) {};
31 /** Perform NAT lookups */
32 int NatLookup(int fd
, const IPAddress
&me
, const IPAddress
&peer
, IPAddress
&dst
);
35 // only relevant to TPROXY v2 connections.
36 // which require the address be set specifically post-connect.
37 int SetTproxy2OutgoingAddr(int fd
, const IPAddress
&src
);
41 \retval 0 Full transparency is disabled.
42 \retval 1 Full transparency is enabled and active.
44 inline int TransparentActive() { return transparent_active
; };
47 * Turn on fully Transparent-Proxy activities.
48 * This function should be called during parsing of the squid.conf
49 * When any option requiring full-transparency is encountered.
51 inline void StartTransparency() { transparent_active
=1; };
54 * Turn off fully Transparent-Proxy activities on all new connections.
55 * Existing transactions and connections are unaffected and will run
56 * to their natural completion.
57 \param str Reason for stopping. Will be logged to cache.log
59 void StopTransparency(const char *str
);
62 \retval 0 IP Interception is disabled.
63 \retval 1 IP Interception is enabled and active.
65 inline int InterceptActive() { return intercept_active
; };
68 * Turn on IP-Interception-Proxy activities.
69 * This function should be called during parsing of the squid.conf
70 * When any option requiring interception / NAT handling is encountered.
72 inline void StartInterception() { intercept_active
=1; };
75 * Turn off IP-Interception-Proxy activities on all new connections.
76 * Existing transactions and connections are unaffected and will run
77 * to their natural completion.
78 \param str Reason for stopping. Will be logged to cache.log
80 inline void StopInterception(const char *str
);
86 * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
88 \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
89 \retval 0 Successfuly located the new address.
90 \retval -1 An error occured during NAT lookups.
92 int NetfilterInterception(int fd
, const IPAddress
&me
, IPAddress
&dst
, int silent
);
95 * perform Lookups on Netfilter fully-transparent interception targets (TPROXY).
97 \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
98 \retval 0 Successfuly located the new address.
99 \retval -1 An error occured during NAT lookups.
101 int NetfilterTransparent(int fd
, const IPAddress
&me
, IPAddress
&dst
, int silent
);
104 * perform Lookups on IPFW interception.
106 \param silent[in] 0 if errors are to be displayed. 1 if errors are to be hidden.
107 \retval 0 Successfuly located the new address.
108 \retval -1 An error occured during NAT lookups.
110 int IPFWInterception(int fd
, const IPAddress
&me
, IPAddress
&dst
, int silent
);
113 int transparent_active
;
114 int intercept_active
;
115 time_t last_reported
; /**< Time of last error report. Throttles NAT error display to 1 per minute */
118 #if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
119 /// \ingroup IPInterceptAPI
120 #define IP_TRANSPARENT 19
124 \ingroup IPInterceptAPI
125 * Globally available instance of the IP Interception manager.
127 extern IPIntercept IPInterceptor
;
129 #endif /* SQUID_IPINTERCEPTION_H */