#include <Intercept.h>

Public Member Functions
	Intercept ()

	~Intercept ()

bool	LookupNat (const Comm::Connection &)

bool	ProbeForTproxy (Address &test)

int	TransparentActive ()

void	StartTransparency ()

void	StopTransparency (const char *str)

int	InterceptActive ()

void	StartInterception ()

Private Member Functions
bool	NetfilterInterception (const Comm::ConnectionPointer &newConn)

bool	IpfwInterception (const Comm::ConnectionPointer &newConn)

bool	IpfInterception (const Comm::ConnectionPointer &newConn)

bool	PfInterception (const Comm::ConnectionPointer &newConn)

bool	UseInterceptionAddressesLookedUpEarlier (const char *, const Comm::ConnectionPointer &)

Private Attributes
int	transparentActive_

int	interceptActive_

Detailed Description

Definition at line 29 of file Intercept.h.

Constructor & Destructor Documentation

◆ Intercept()

Ip::Intercept::Intercept ( )

inline

Definition at line 32 of file Intercept.h.

◆ ~Intercept()

Ip::Intercept::~Intercept ( )

inline

Definition at line 33 of file Intercept.h.

Member Function Documentation

◆ InterceptActive()

int Ip::Intercept::InterceptActive ( )

inline

Return values

0	IP Interception is disabled.
1	IP Interception is enabled and active.

Definition at line 77 of file Intercept.h.

References interceptActive_.

◆ IpfInterception()

bool Ip::Intercept::IpfInterception ( const Comm::ConnectionPointer & newConn )

private

perform Lookups on IPF interception.

Parameters

newConn Details known, to be updated where relevant.

Returns: Whether successfully located the new address.

Definition at line 213 of file Intercept.cc.

References DBG_CRITICAL, debugs, Ip::Address::getInAddr(), Ip::Address::isIPv6(), Comm::Connection::local, and Comm::Connection::remote.

◆ IpfwInterception()

bool Ip::Intercept::IpfwInterception ( const Comm::ConnectionPointer & newConn )

private

perform Lookups on IPFW interception.

Parameters

newConn Details known, to be updated where relevant.

Returns: Whether successfully located the new address.

Definition at line 183 of file Intercept.cc.

◆ LookupNat()

bool Ip::Intercept::LookupNat ( const Comm::Connection & aConn )

perform NAT lookups for the local address of the given connection

Returns: true to indicate a successful lookup; false on errors that do not warrant listening socket closure

Exceptions

exception on errors that warrant listening socket closure

Definition at line 391 of file Intercept.cc.

References assert, debugs, Comm::Connection::local, and Comm::Connection::remote.

◆ NetfilterInterception()

bool Ip::Intercept::NetfilterInterception ( const Comm::ConnectionPointer & newConn )

private

perform Lookups on Netfilter interception targets (REDIRECT, DNAT).

Parameters

newConn Details known, to be updated where relevant.

Returns: Whether successfully located the new address.

: Try NAT lookup for REDIRECT or DNAT targets.

Definition at line 125 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Comm::Connection::fd, Ip::Address::getSockAddr(), IP6T_SO_ORIGINAL_DST, Ip::Address::isIPv6(), Comm::Connection::local, xgetsockopt(), and xstrerr().

◆ PfInterception()

bool Ip::Intercept::PfInterception ( const Comm::ConnectionPointer & newConn )

private

perform Lookups on PF interception target (REDIRECT).

Parameters

newConn Details known, to be updated where relevant.

Returns: Whether successfully located the new address.

Definition at line 326 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Ip::Address::getInAddr(), Ip::Address::isIPv6(), Comm::Connection::local, Ip::Address::port(), Comm::Connection::remote, xclose(), xopen(), and xstrerr().

◆ ProbeForTproxy()

bool Ip::Intercept::ProbeForTproxy ( Ip::Address & test )

Test system networking calls for TPROXY support. Detects IPv6 and IPv4 level of support matches the address being listened on and if the compiled v2/v4 is usable as far down as a bind()ing.

Parameters

test	Address set on the squid.conf *_port being checked.

Return values

true	TPROXY is available.
false	TPROXY is not available.

Definition at line 402 of file Intercept.cc.

References DBG_CRITICAL, debugs, enter_suid(), Ip::Address::isIPv4(), Ip::Address::isIPv6(), leave_suid(), Ip::Address::port(), Ip::Address::setIPv4(), xbind(), xclose(), xsetsockopt(), and xsocket().

◆ StartInterception()

void Ip::Intercept::StartInterception ( )

: Turn on IP-Interception-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring interception / NAT handling is encountered.

Definition at line 169 of file Intercept.cc.

References Here.

◆ StartTransparency()

void Ip::Intercept::StartTransparency ( )

: Turn on fully Transparent-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring full-transparency is encountered.

Definition at line 154 of file Intercept.cc.

References Here.

◆ StopTransparency()

void Ip::Intercept::StopTransparency ( const char * str )

: Turn off fully Transparent-Proxy activities on all new connections. Existing transactions and connections are unaffected and will run to their natural completion.

Parameters

str	Reason for stopping. Will be logged to cache.log

Definition at line 116 of file Intercept.cc.

References DBG_IMPORTANT, debugs, and transparentActive_.

◆ TransparentActive()

int Ip::Intercept::TransparentActive ( )

inline

Return values

0	Full transparency is disabled.
1	Full transparency is enabled and active.

Definition at line 56 of file Intercept.h.

References transparentActive_.

◆ UseInterceptionAddressesLookedUpEarlier()

bool Ip::Intercept::UseInterceptionAddressesLookedUpEarlier	(	const char *	caller,
		const Comm::ConnectionPointer &	newConn
	)

private

Assume that getsockname() has been called already and provided the necessary TCP packet details. There is no way to identify whether they came from NAT. Trust the user configured properly.

Definition at line 197 of file Intercept.cc.

References debugs.

Member Data Documentation

◆ interceptActive_

int Ip::Intercept::interceptActive_

private

Definition at line 123 of file Intercept.h.

Referenced by InterceptActive().

◆ transparentActive_

int Ip::Intercept::transparentActive_

private

Definition at line 122 of file Intercept.h.

Referenced by StopTransparency(), and TransparentActive().

The documentation for this class was generated from the following files:

squid/src/ip/Intercept.h
squid/src/ip/Intercept.cc

Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ Intercept()

◆ ~Intercept()

Member Function Documentation

◆ InterceptActive()

◆ IpfInterception()

◆ IpfwInterception()

◆ LookupNat()

◆ NetfilterInterception()

◆ PfInterception()

◆ ProbeForTproxy()

◆ StartInterception()

◆ StartTransparency()

◆ StopTransparency()

◆ TransparentActive()

◆ UseInterceptionAddressesLookedUpEarlier()

Member Data Documentation

◆ interceptActive_

◆ transparentActive_