]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/ip/Intercept.h
2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 89 NAT / IP Interception */
11 #ifndef SQUID_IP_IPINTERCEPT_H
12 #define SQUID_IP_IPINTERCEPT_H
15 #include "SquidTime.h"
23 \defgroup IpInterceptAPI IP Interception and Transparent Proxy API
24 \ingroup SquidComponent
26 * There is no formal state-machine for transparency and interception
27 * instead there is this neutral API which other connection state machines
28 * and the comm layer use to co-ordinate their own state for transparency.
33 Intercept() : transparentActive_(0), interceptActive_(0), lastReported_(0) {};
36 /** Perform NAT lookups */
37 bool Lookup(const Comm::ConnectionPointer
&newConn
, const Comm::ConnectionPointer
&listenConn
);
40 * Test system networking calls for TPROXY support.
41 * Detects IPv6 and IPv4 level of support matches the address being listened on
42 * and if the compiled v2/v4 is usable as far down as a bind()ing.
44 * \param test Address set on the squid.conf *_port being checked.
45 * \retval true TPROXY is available.
46 * \retval false TPROXY is not available.
48 bool ProbeForTproxy(Address
&test
);
51 \retval 0 Full transparency is disabled.
52 \retval 1 Full transparency is enabled and active.
54 inline int TransparentActive() { return transparentActive_
; };
57 * Turn on fully Transparent-Proxy activities.
58 * This function should be called during parsing of the squid.conf
59 * When any option requiring full-transparency is encountered.
61 inline void StartTransparency() { transparentActive_
=1; };
64 * Turn off fully Transparent-Proxy activities on all new connections.
65 * Existing transactions and connections are unaffected and will run
66 * to their natural completion.
67 \param str Reason for stopping. Will be logged to cache.log
69 void StopTransparency(const char *str
);
72 \retval 0 IP Interception is disabled.
73 \retval 1 IP Interception is enabled and active.
75 inline int InterceptActive() { return interceptActive_
; };
78 * Turn on IP-Interception-Proxy activities.
79 * This function should be called during parsing of the squid.conf
80 * When any option requiring interception / NAT handling is encountered.
82 inline void StartInterception() { interceptActive_
=1; };
85 * Turn off IP-Interception-Proxy activities on all new connections.
86 * Existing transactions and connections are unaffected and will run
87 * to their natural completion.
88 \param str Reason for stopping. Will be logged to cache.log
90 inline void StopInterception(const char *str
);
95 * perform Lookups on fully-transparent interception targets (TPROXY).
96 * Supports Netfilter, PF and IPFW.
98 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
99 * \param newConn Details known, to be updated where relevant.
100 * \return Whether successfuly located the new address.
102 bool TproxyTransparent(const Comm::ConnectionPointer
&newConn
, int silent
);
105 * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
107 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
108 * \param newConn Details known, to be updated where relevant.
109 * \return Whether successfuly located the new address.
111 bool NetfilterInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
114 * perform Lookups on IPFW interception.
116 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
117 * \param newConn Details known, to be updated where relevant.
118 * \return Whether successfuly located the new address.
120 bool IpfwInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
123 * perform Lookups on IPF interception.
125 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
126 * \param newConn Details known, to be updated where relevant.
127 * \return Whether successfuly located the new address.
129 bool IpfInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
132 * perform Lookups on PF interception target (REDIRECT).
134 * \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
135 * \param newConn Details known, to be updated where relevant.
136 * \return Whether successfuly located the new address.
138 bool PfInterception(const Comm::ConnectionPointer
&newConn
, int silent
);
140 int transparentActive_
;
141 int interceptActive_
;
142 time_t lastReported_
; /**< Time of last error report. Throttles NAT error display to 1 per minute */
145 #if LINUX_NETFILTER && !defined(IP_TRANSPARENT)
146 /// \ingroup IpInterceptAPI
147 #define IP_TRANSPARENT 19
151 \ingroup IpInterceptAPI
152 * Globally available instance of the IP Interception manager.
154 extern Intercept Interceptor
;
158 #endif /* SQUID_IP_IPINTERCEPT_H */