[people/ms/dnsmasq.git] / src / conntrack.c

/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 dated June, 1991, or
   (at your option) version 3 dated 29 June, 2007.
 
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
     
   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "dnsmasq.h"

#ifdef HAVE_CONNTRACK

#include <libnetfilter_conntrack/libnetfilter_conntrack.h>

static int gotit = 0; /* yuck */

static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data);

int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, int istcp, unsigned int *markp)
{
  struct nf_conntrack *ct;
  struct nfct_handle *h;
  
  gotit = 0;
  
  if ((ct = nfct_new())) 
    {
      nfct_set_attr_u8(ct, ATTR_L4PROTO, istcp ? IPPROTO_TCP : IPPROTO_UDP);
      nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(daemon->port));
      
#ifdef HAVE_IPV6
      if (peer_addr->sa.sa_family == AF_INET6)
	{
	  nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6);
	  nfct_set_attr(ct, ATTR_IPV6_SRC, peer_addr->in6.sin6_addr.s6_addr);
	  nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in6.sin6_port);
	  nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr);
	}
      else
#endif
	{
	  nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
	  nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr);
	  nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in.sin_port);
	  nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr.addr4.s_addr);
	}
      
      
      if ((h = nfct_open(CONNTRACK, 0))) 
	{
	  nfct_callback_register(h, NFCT_T_ALL, callback, (void *)markp);  
	  if (nfct_query(h, NFCT_Q_GET, ct) == -1)
	    {
	      static int warned = 0;
	      if (!warned)
		{
		  my_syslog(LOG_ERR, _("Conntrack connection mark retrieval failed: %s"), strerror(errno));
		  warned = 1;
		}
	    }
	  nfct_close(h);  
	}
      nfct_destroy(ct);
    }

  return gotit;
}

static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data)
{
  unsigned int *ret = (unsigned int *)data;
  *ret = nfct_get_attr_u32(ct, ATTR_MARK);
  (void)type; /* eliminate warning */
  gotit = 1;

  return NFCT_CB_CONTINUE;
}

#endif
Commit	Line	Data
aff33962	1	/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
7de060b0 SK	2
	3	This program is free software; you can redistribute it and/or modify
	4	it under the terms of the GNU General Public License as published by
	5	the Free Software Foundation; version 2 dated June, 1991, or
	6	(at your option) version 3 dated 29 June, 2007.
	7
	8	This program is distributed in the hope that it will be useful,
	9	but WITHOUT ANY WARRANTY; without even the implied warranty of
	10	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	11	GNU General Public License for more details.
	12
	13	You should have received a copy of the GNU General Public License
	14	along with this program. If not, see <http://www.gnu.org/licenses/>.
	15	*/
	16
	17	#include "dnsmasq.h"
	18
	19	#ifdef HAVE_CONNTRACK
	20
	21	#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
	22
	23	static int gotit = 0; /* yuck */
	24
	25	static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack ct, void data);
	26
	27	int get_incoming_mark(union mysockaddr peer_addr, struct all_addr local_addr, int istcp, unsigned int *markp)
	28	{
	29	struct nf_conntrack *ct;
	30	struct nfct_handle *h;
	31
	32	gotit = 0;
	33
	34	if ((ct = nfct_new()))
	35	{
	36	nfct_set_attr_u8(ct, ATTR_L4PROTO, istcp ? IPPROTO_TCP : IPPROTO_UDP);
	37	nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(daemon->port));
	38
	39	#ifdef HAVE_IPV6
	40	if (peer_addr->sa.sa_family == AF_INET6)
	41	{
	42	nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6);
	43	nfct_set_attr(ct, ATTR_IPV6_SRC, peer_addr->in6.sin6_addr.s6_addr);
	44	nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in6.sin6_port);
	45	nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr);
	46	}
	47	else
	48	#endif
	49	{
	50	nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
	51	nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr);
	52	nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in.sin_port);
	53	nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr.addr4.s_addr);
	54	}
	55
	56
	57	if ((h = nfct_open(CONNTRACK, 0)))
	58	{
	59	nfct_callback_register(h, NFCT_T_ALL, callback, (void *)markp);
	60	if (nfct_query(h, NFCT_Q_GET, ct) == -1)
	61	{
	62	static int warned = 0;
	63	if (!warned)
	64	{
	65	my_syslog(LOG_ERR, _("Conntrack connection mark retrieval failed: %s"), strerror(errno));
66	warned = 1;
67	}
68	}
69	nfct_close(h);
70	}
71	nfct_destroy(ct);
72	}
73
74	return gotit;
75	}
76
77	static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack ct, void data)
78	{
79	unsigned int ret = (unsigned int )data;
80	*ret = nfct_get_attr_u32(ct, ATTR_MARK);
81	(void)type; /* eliminate warning */
82	gotit = 1;
83
84	return NFCT_CB_CONTINUE;
85	}
86
87	#endif
88
89
90