/*
- * DEBUG: section 89 NAT / IP Interception
- * AUTHOR: Robert Collins
- * AUTHOR: Amos Jeffries
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+
+/* DEBUG: section 89 NAT / IP Interception */
+
#ifndef SQUID_IP_IPINTERCEPT_H
#define SQUID_IP_IPINTERCEPT_H
* Detects IPv6 and IPv4 level of support matches the address being listened on
* and if the compiled v2/v4 is usable as far down as a bind()ing.
*
- * \param test Address set on the http(s)_port being checked.
+ * \param test Address set on the squid.conf *_port being checked.
* \retval true TPROXY is available.
* \retval false TPROXY is not available.
*/
bool ProbeForTproxy(Address &test);
/**
- \retval 0 Full transparency is disabled.
+ \retval 0 Full transparency is disabled.
\retval 1 Full transparency is enabled and active.
*/
inline int TransparentActive() { return transparentActive_; };
void StopTransparency(const char *str);
/**
- \retval 0 IP Interception is disabled.
+ \retval 0 IP Interception is disabled.
\retval 1 IP Interception is enabled and active.
*/
inline int InterceptActive() { return interceptActive_; };
*/
inline void StopInterception(const char *str);
-
private:
/**
- * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
+ * perform Lookups on fully-transparent interception targets (TPROXY).
+ * Supports Netfilter, PF and IPFW.
*
* \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
* \param newConn Details known, to be updated where relevant.
* \return Whether successfuly located the new address.
*/
- bool NetfilterInterception(const Comm::ConnectionPointer &newConn, int silent);
+ bool TproxyTransparent(const Comm::ConnectionPointer &newConn, int silent);
/**
- * perform Lookups on Netfilter fully-transparent interception targets (TPROXY).
+ * perform Lookups on Netfilter interception targets (REDIRECT, DNAT).
*
* \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
* \param newConn Details known, to be updated where relevant.
* \return Whether successfuly located the new address.
*/
- bool NetfilterTransparent(const Comm::ConnectionPointer &newConn, int silent);
+ bool NetfilterInterception(const Comm::ConnectionPointer &newConn, int silent);
/**
* perform Lookups on IPFW interception.
bool IpfInterception(const Comm::ConnectionPointer &newConn, int silent);
/**
- * perform Lookups on PF interception.
+ * perform Lookups on PF interception target (REDIRECT).
*
* \param silent 0 if errors are to be displayed. 1 if errors are to be hidden.
* \param newConn Details known, to be updated where relevant.
*/
bool PfInterception(const Comm::ConnectionPointer &newConn, int silent);
-
int transparentActive_;
int interceptActive_;
time_t lastReported_; /**< Time of last error report. Throttles NAT error display to 1 per minute */
} // namespace Ip
#endif /* SQUID_IP_IPINTERCEPT_H */
+