#include <Intercept.h>

Collaboration diagram for Ip::Intercept:

Public Member Functions

 Intercept ()
 
 ~Intercept ()
 
bool LookupNat (const Comm::Connection &)
 perform NAT lookups for the local address of the given connection More...
 
bool ProbeForTproxy (Address &test)
 
int TransparentActive ()
 
void StartTransparency ()
 
void StopTransparency (const char *str)
 
int InterceptActive ()
 
void StartInterception ()
 

Private Member Functions

bool NetfilterInterception (const Comm::ConnectionPointer &newConn)
 
bool IpfwInterception (const Comm::ConnectionPointer &newConn)
 
bool IpfInterception (const Comm::ConnectionPointer &newConn)
 
bool PfInterception (const Comm::ConnectionPointer &newConn)
 

Private Attributes

int transparentActive_
 
int interceptActive_
 

Detailed Description

Definition at line 29 of file Intercept.h.

Constructor & Destructor Documentation

◆ Intercept()

Ip::Intercept::Intercept ( )
inline

Definition at line 32 of file Intercept.h.

◆ ~Intercept()

Ip::Intercept::~Intercept ( )
inline

Definition at line 33 of file Intercept.h.

Member Function Documentation

◆ InterceptActive()

int Ip::Intercept::InterceptActive ( )
inline
Return values
0IP Interception is disabled.
1IP Interception is enabled and active.

Definition at line 74 of file Intercept.h.

References interceptActive_.

◆ IpfInterception()

bool Ip::Intercept::IpfInterception ( const Comm::ConnectionPointer newConn)
private

perform Lookups on IPF interception.

Parameters
newConnDetails known, to be updated where relevant.
Returns
Whether successfully located the new address.

Definition at line 197 of file Intercept.cc.

References DBG_CRITICAL, debugs, Ip::Address::getInAddr(), Ip::Address::isIPv6(), Comm::Connection::local, and Comm::Connection::remote.

◆ IpfwInterception()

bool Ip::Intercept::IpfwInterception ( const Comm::ConnectionPointer newConn)
private

perform Lookups on IPFW interception.

Parameters
newConnDetails known, to be updated where relevant.
Returns
Whether successfully located the new address.

Definition at line 181 of file Intercept.cc.

References debugs.

◆ LookupNat()

bool Ip::Intercept::LookupNat ( const Comm::Connection aConn)

Definition at line 382 of file Intercept.cc.

References assert, debugs, Comm::Connection::local, and Comm::Connection::remote.

◆ NetfilterInterception()

bool Ip::Intercept::NetfilterInterception ( const Comm::ConnectionPointer newConn)
private

perform Lookups on Netfilter interception targets (REDIRECT, DNAT).

Parameters
newConnDetails known, to be updated where relevant.
Returns
Whether successfully located the new address.
Try NAT lookup for REDIRECT or DNAT targets.

Definition at line 123 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Comm::Connection::fd, Ip::Address::getSockAddr(), IP6T_SO_ORIGINAL_DST, Ip::Address::isIPv6(), Comm::Connection::local, and xstrerr().

◆ PfInterception()

bool Ip::Intercept::PfInterception ( const Comm::ConnectionPointer newConn)
private

perform Lookups on PF interception target (REDIRECT).

Parameters
newConnDetails known, to be updated where relevant.
Returns
Whether successfully located the new address.

Definition at line 310 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Ip::Address::getInAddr(), Ip::Address::isIPv6(), Comm::Connection::local, Ip::Address::port(), Comm::Connection::remote, and xstrerr().

◆ ProbeForTproxy()

bool Ip::Intercept::ProbeForTproxy ( Ip::Address test)

Test system networking calls for TPROXY support. Detects IPv6 and IPv4 level of support matches the address being listened on and if the compiled v2/v4 is usable as far down as a bind()ing.

Parameters
testAddress set on the squid.conf *_port being checked.
Return values
trueTPROXY is available.
falseTPROXY is not available.

Definition at line 393 of file Intercept.cc.

References DBG_CRITICAL, debugs, enter_suid(), Ip::Address::isIPv4(), Ip::Address::isIPv6(), leave_suid(), Ip::Address::port(), and Ip::Address::setIPv4().

◆ StartInterception()

void Ip::Intercept::StartInterception ( )
Turn on IP-Interception-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring interception / NAT handling is encountered.

Definition at line 167 of file Intercept.cc.

References Here.

◆ StartTransparency()

void Ip::Intercept::StartTransparency ( )
Turn on fully Transparent-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring full-transparency is encountered.

Definition at line 152 of file Intercept.cc.

References Here.

◆ StopTransparency()

void Ip::Intercept::StopTransparency ( const char *  str)
Turn off fully Transparent-Proxy activities on all new connections. Existing transactions and connections are unaffected and will run to their natural completion.
Parameters
strReason for stopping. Will be logged to cache.log

Definition at line 114 of file Intercept.cc.

References DBG_IMPORTANT, debugs, and transparentActive_.

◆ TransparentActive()

int Ip::Intercept::TransparentActive ( )
inline
Return values
0Full transparency is disabled.
1Full transparency is enabled and active.

Definition at line 53 of file Intercept.h.

References transparentActive_.

Member Data Documentation

◆ interceptActive_

int Ip::Intercept::interceptActive_
private

Definition at line 118 of file Intercept.h.

Referenced by InterceptActive().

◆ transparentActive_

int Ip::Intercept::transparentActive_
private

Definition at line 117 of file Intercept.h.

Referenced by StopTransparency(), and TransparentActive().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors