Ip::Intercept Class Reference

#include <Intercept.h>

Collaboration diagram for Ip::Intercept:

Public Member Functions
	Intercept ()
	~Intercept ()
bool	LookupNat (const Comm::Connection &)
	perform NAT lookups for the local address of the given connection More...
bool	ProbeForTproxy (Address &test)
int	TransparentActive ()
void	StartTransparency ()
void	StopTransparency (const char *str)
int	InterceptActive ()
void	StartInterception ()

Private Member Functions
bool	NetfilterInterception (const Comm::ConnectionPointer &newConn)
bool	IpfwInterception (const Comm::ConnectionPointer &newConn)
bool	IpfInterception (const Comm::ConnectionPointer &newConn)
bool	PfInterception (const Comm::ConnectionPointer &newConn)

Private Attributes
int	transparentActive_
int	interceptActive_

Detailed Description

Definition at line 29 of file Intercept.h.

Constructor & Destructor Documentation

Intercept()

Ip::Intercept::Intercept ( )

inline

Definition at line 32 of file Intercept.h.

~Intercept()

Ip::Intercept::~Intercept ( )

inline

Definition at line 33 of file Intercept.h.

Member Function Documentation

InterceptActive()

int Ip::Intercept::InterceptActive ( )

inline

Return values

0	IP Interception is disabled.
1	IP Interception is enabled and active.

Definition at line 74 of file Intercept.h.

References interceptActive_.

IpfInterception()

bool Ip::Intercept::IpfInterception ( const Comm::ConnectionPointer &  newConn )

private

perform Lookups on IPF interception.

Parameters

newConn

Details known, to be updated where relevant.

Returns

Whether successfully located the new address.

Definition at line 197 of file Intercept.cc.

References DBG_CRITICAL, debugs, Ip::Address::getInAddr(), Ip::Address::isIPv6(), Comm::Connection::local, and Comm::Connection::remote.

IpfwInterception()

bool Ip::Intercept::IpfwInterception ( const Comm::ConnectionPointer &  newConn )

private

perform Lookups on IPFW interception.

Parameters

newConn

Details known, to be updated where relevant.

Returns

Whether successfully located the new address.

Definition at line 181 of file Intercept.cc.

References debugs.

LookupNat()

bool Ip::Intercept::LookupNat

(

const Comm::Connection &

aConn

)

Definition at line 382 of file Intercept.cc.

References assert, debugs, Comm::Connection::local, and Comm::Connection::remote.

NetfilterInterception()

bool Ip::Intercept::NetfilterInterception ( const Comm::ConnectionPointer &  newConn )

private

perform Lookups on Netfilter interception targets (REDIRECT, DNAT).

Parameters

newConn

Details known, to be updated where relevant.

Returns

Whether successfully located the new address.

Try NAT lookup for REDIRECT or DNAT targets.

Definition at line 123 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Comm::Connection::fd, Ip::Address::getSockAddr(), IP6T_SO_ORIGINAL_DST, Ip::Address::isIPv6(), Comm::Connection::local, and xstrerr().

PfInterception()

bool Ip::Intercept::PfInterception ( const Comm::ConnectionPointer &  newConn )

private

perform Lookups on PF interception target (REDIRECT).

Parameters

newConn

Details known, to be updated where relevant.

Returns

Whether successfully located the new address.

Definition at line 310 of file Intercept.cc.

References DBG_IMPORTANT, debugs, Ip::Address::getInAddr(), Ip::Address::isIPv6(), Comm::Connection::local, Ip::Address::port(), Comm::Connection::remote, and xstrerr().

ProbeForTproxy()

bool Ip::Intercept::ProbeForTproxy

(

Ip::Address &

test

)

Test system networking calls for TPROXY support. Detects IPv6 and IPv4 level of support matches the address being listened on and if the compiled v2/v4 is usable as far down as a bind()ing.

Parameters

test	Address set on the squid.conf *_port being checked.

Return values

true	TPROXY is available.
false	TPROXY is not available.

Definition at line 393 of file Intercept.cc.

References DBG_CRITICAL, debugs, enter_suid(), Ip::Address::isIPv4(), Ip::Address::isIPv6(), leave_suid(), Ip::Address::port(), and Ip::Address::setIPv4().

StartInterception()

void Ip::Intercept::StartInterception

(

)

Turn on IP-Interception-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring interception / NAT handling is encountered.

Definition at line 167 of file Intercept.cc.

References Here.

StartTransparency()

void Ip::Intercept::StartTransparency

(

)

Turn on fully Transparent-Proxy activities. This function should be called during parsing of the squid.conf When any option requiring full-transparency is encountered.

Definition at line 152 of file Intercept.cc.

References Here.

StopTransparency()

void Ip::Intercept::StopTransparency

(

const char *

str

)

Turn off fully Transparent-Proxy activities on all new connections. Existing transactions and connections are unaffected and will run to their natural completion.

Parameters

str	Reason for stopping. Will be logged to cache.log

Definition at line 114 of file Intercept.cc.

References DBG_IMPORTANT, debugs, and transparentActive_.

TransparentActive()

int Ip::Intercept::TransparentActive ( )

inline

Return values

0	Full transparency is disabled.
1	Full transparency is enabled and active.

Definition at line 53 of file Intercept.h.

References transparentActive_.

Member Data Documentation

interceptActive_

int Ip::Intercept::interceptActive_

private

Definition at line 118 of file Intercept.h.

Referenced by InterceptActive().

transparentActive_

int Ip::Intercept::transparentActive_

private

Definition at line 117 of file Intercept.h.

Referenced by StopTransparency(), and TransparentActive().

---

The documentation for this class was generated from the following files:

• src/ip/Intercept.h
• src/ip/Intercept.cc