#include <Intercept.h>

Collaboration diagram for Ip::Intercept:

Public Member Functions

 Intercept ()
 
 ~Intercept ()
 
bool Lookup (const Comm::ConnectionPointer &newConn, const Comm::ConnectionPointer &listenConn)
 
bool ProbeForTproxy (Address &test)
 
int TransparentActive ()
 
void StartTransparency ()
 
void StopTransparency (const char *str)
 
int InterceptActive ()
 
void StartInterception ()
 
void StopInterception (const char *str)
 

Private Member Functions

bool TproxyTransparent (const Comm::ConnectionPointer &newConn, int silent)
 
bool NetfilterInterception (const Comm::ConnectionPointer &newConn, int silent)
 
bool IpfwInterception (const Comm::ConnectionPointer &newConn, int silent)
 
bool IpfInterception (const Comm::ConnectionPointer &newConn, int silent)
 
bool PfInterception (const Comm::ConnectionPointer &newConn, int silent)
 

Private Attributes

int transparentActive_
 
int interceptActive_
 
time_t lastReported_
 

Detailed Description

Definition at line 30 of file Intercept.h.

Constructor & Destructor Documentation

Ip::Intercept::Intercept ( )
inline

Definition at line 33 of file Intercept.h.

Ip::Intercept::~Intercept ( )
inline

Definition at line 34 of file Intercept.h.

Member Function Documentation

int Ip::Intercept::InterceptActive ( )
inline
Return values
0IP Interception is disabled.
1IP Interception is enabled and active.

Definition at line 75 of file Intercept.h.

References interceptActive_.

bool Ip::Intercept::IpfInterception ( const Comm::ConnectionPointer newConn,
int  silent 
)
private

perform Lookups on IPF interception.

Parameters
silent0 if errors are to be displayed. 1 if errors are to be hidden.
newConnDetails known, to be updated where relevant.
Returns
Whether successfuly located the new address.

Definition at line 196 of file Intercept.cc.

References DBG_CRITICAL, debugs, Ip::Address::getInAddr(), Ip::Address::isIPv6(), Comm::Connection::local, and Comm::Connection::remote.

bool Ip::Intercept::IpfwInterception ( const Comm::ConnectionPointer newConn,
int  silent 
)
private

perform Lookups on IPFW interception.

Parameters
silent0 if errors are to be displayed. 1 if errors are to be hidden.
newConnDetails known, to be updated where relevant.
Returns
Whether successfuly located the new address.

Definition at line 181 of file Intercept.cc.

References debugs, and HERE().

bool Ip::Intercept::Lookup ( const Comm::ConnectionPointer newConn,
const Comm::ConnectionPointer listenConn 
)
bool Ip::Intercept::NetfilterInterception ( const Comm::ConnectionPointer newConn,
int  silent 
)
private

perform Lookups on Netfilter interception targets (REDIRECT, DNAT).

Parameters
silent0 if errors are to be displayed. 1 if errors are to be hidden.
newConnDetails known, to be updated where relevant.
Returns
Whether successfuly located the new address.
Try NAT lookup for REDIRECT or DNAT targets.

Definition at line 132 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Comm::Connection::fd, Ip::Address::getSockAddr(), IP6T_SO_ORIGINAL_DST, Ip::Address::isIPv6(), len, Comm::Connection::local, squid_curtime, and xstrerr().

bool Ip::Intercept::PfInterception ( const Comm::ConnectionPointer newConn,
int  silent 
)
private

perform Lookups on PF interception target (REDIRECT).

Parameters
silent0 if errors are to be displayed. 1 if errors are to be hidden.
newConnDetails known, to be updated where relevant.
Returns
Whether successfuly located the new address.

Definition at line 314 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Ip::Address::getInAddr(), HERE(), Ip::Address::isIPv6(), Comm::Connection::local, MYNAME, Ip::Address::port(), Comm::Connection::remote, squid_curtime, and xstrerr().

bool Ip::Intercept::ProbeForTproxy ( Ip::Address test)

Test system networking calls for TPROXY support. Detects IPv6 and IPv4 level of support matches the address being listened on and if the compiled v2/v4 is usable as far down as a bind()ing.

Parameters
testAddress set on the squid.conf *_port being checked.
Return values
trueTPROXY is available.
falseTPROXY is not available.

Definition at line 433 of file Intercept.cc.

References DBG_CRITICAL, debugs, enter_suid(), Ip::Address::isIPv4(), Ip::Address::isIPv6(), leave_suid(), Ip::Address::port(), and Ip::Address::setIPv4().

void Ip::Intercept::StartInterception ( )
inline
Turn on IP-Interception-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring interception / NAT handling is encountered.

Definition at line 82 of file Intercept.h.

References interceptActive_.

Referenced by parse_port_option().

void Ip::Intercept::StartTransparency ( )
inline
Turn on fully Transparent-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring full-transparency is encountered.

Definition at line 61 of file Intercept.h.

References transparentActive_.

Referenced by parse_port_option().

void Ip::Intercept::StopInterception ( const char *  str)
inline
Turn off IP-Interception-Proxy activities on all new connections. Existing transactions and connections are unaffected and will run to their natural completion.
Parameters
strReason for stopping. Will be logged to cache.log

Definition at line 123 of file Intercept.cc.

References DBG_IMPORTANT, and debugs.

void Ip::Intercept::StopTransparency ( const char *  str)
Turn off fully Transparent-Proxy activities on all new connections. Existing transactions and connections are unaffected and will run to their natural completion.
Parameters
strReason for stopping. Will be logged to cache.log

Definition at line 114 of file Intercept.cc.

References DBG_IMPORTANT, debugs, and transparentActive_.

Referenced by keepCapabilities(), and restoreCapabilities().

bool Ip::Intercept::TproxyTransparent ( const Comm::ConnectionPointer newConn,
int  silent 
)
private

perform Lookups on fully-transparent interception targets (TPROXY). Supports Netfilter, PF and IPFW.

Parameters
silent0 if errors are to be displayed. 1 if errors are to be hidden.
newConnDetails known, to be updated where relevant.
Returns
Whether successfuly located the new address.

Definition at line 163 of file Intercept.cc.

References debugs, HERE(), Ip::Address::port(), and Comm::Connection::remote.

int Ip::Intercept::TransparentActive ( )
inline
Return values
0Full transparency is disabled.
1Full transparency is enabled and active.

Definition at line 54 of file Intercept.h.

References transparentActive_.

Member Data Documentation

int Ip::Intercept::interceptActive_
private

Definition at line 141 of file Intercept.h.

Referenced by InterceptActive(), and StartInterception().

time_t Ip::Intercept::lastReported_
private

Time of last error report. Throttles NAT error display to 1 per minute

Definition at line 142 of file Intercept.h.

int Ip::Intercept::transparentActive_
private

Definition at line 140 of file Intercept.h.

Referenced by StartTransparency(), StopTransparency(), and TransparentActive().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors