]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/ip/Intercept.h
2 * DEBUG: section 89 NAT / IP Interception
3 * AUTHOR: Robert Collins
4 * AUTHOR: Amos Jeffries
7 #ifndef SQUID_IP_IPINTERCEPT_H
8 #define SQUID_IP_IPINTERCEPT_H
11 #include "SquidTime.h"
19 \defgroup IpInterceptAPI IP Interception and Transparent Proxy API
20 \ingroup SquidComponent
22 * There is no formal state-machine for transparency and interception
23 * instead there is this neutral API which other connection state machines
24 * and the comm layer use to co-ordinate their own state for transparency.
29 Intercept() : transparentActive_(0), interceptActive_(0), lastReported_(0) {};
32 /** Perform NAT lookups */
33 bool Lookup(const Comm::ConnectionPointer
&newConn
, const Comm::ConnectionPointer
&listenConn
);
36 * Test system networking calls for TPROXY support.
37 * Detects IPv6 and IPv4 level of support matches the address being listened on
38 * and if the compiled v2/v4 is usable as far down as a bind()ing.
40 * \param test Address set on the http(s)_port being checked.
41 * \retval true TPROXY is available.
42 * \retval false TPROXY is not available.
44 bool ProbeForTproxy(Address
&test
);
47 \retval 0 Full transparency is disabled.
48 \retval 1 Full transparency is enabled and active.
50 inline int TransparentActive() { return transparentActive_
; };
53 * Turn on fully Transparent-Proxy activities.
54 * This function should be called during parsing of the squid.conf
55 * When any option requiring full-transparency is encountered.
57 inline void StartTransparency() { transparentActive_
=1; };
60 * Turn off fully Transparent-Proxy activities on all new connections.
61 * Existing transactions and connections are unaffected and will run
62 * to their natural completion.
63 \param str Reason for stopping. Will be logged to cache.log
65 void StopTransparency(const char *str
);
68 \retval 0 IP Interception is disabled.
69 \retval 1 IP Interception is enabled and active.
71 inline int InterceptActive() { return interceptActive_
; };
74 * Turn on IP-Interception-Proxy activities.
75 * This function should be called during parsing of the squid.conf
76 * When any option requiring interception / NAT handling is encountered.
78 inline void StartInterception() { interceptActive_
=1; };
81 * Turn off IP-Interception-Proxy activities on all new connections.
82 * Existing transactions and connections are unaffected and will run
83 * to their natural completion.
84 \param str Reason for stopping. Will be logged to cache.log
86 inline void StopInterception(const char *str
);
92 * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
94 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
95 * \param newConn Details known, to be updated where relevant.
96 * \return Whether successfuly located the new address.
98 bool NetfilterInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
101 * perform Lookups on Netfilter fully-transparent interception targets (TPROXY).
103 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
104 * \param newConn Details known, to be updated where relevant.
105 * \return Whether successfuly located the new address.
107 bool NetfilterTransparent(const Comm::ConnectionPointer
&newConn
, int silent
);
110 * perform Lookups on IPFW interception.
112 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
113 * \param newConn Details known, to be updated where relevant.
114 * \return Whether successfuly located the new address.
116 bool IpfwInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
119 * perform Lookups on IPF interception.
121 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
122 * \param newConn Details known, to be updated where relevant.
123 * \return Whether successfuly located the new address.
125 bool IpfInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
128 * perform Lookups on PF interception.
130 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
131 * \param newConn Details known, to be updated where relevant.
132 * \return Whether successfuly located the new address.
134 bool PfInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
137 int transparentActive_
;
138 int interceptActive_
;
139 time_t lastReported_
; /**< Time of last error report. Throttles NAT error display to 1 per minute */
142 #if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
143 /// \ingroup IpInterceptAPI
144 #define IP_TRANSPARENT 19
148 \ingroup IpInterceptAPI
149 * Globally available instance of the IP Interception manager.
151 extern Intercept Interceptor
;
155 #endif /* SQUID_IP_IPINTERCEPT_H */