]>
Commit | Line | Data |
---|---|---|
aff33962 | 1 | /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley |
7de060b0 SK |
2 | |
3 | This program is free software; you can redistribute it and/or modify | |
4 | it under the terms of the GNU General Public License as published by | |
5 | the Free Software Foundation; version 2 dated June, 1991, or | |
6 | (at your option) version 3 dated 29 June, 2007. | |
7 | ||
8 | This program is distributed in the hope that it will be useful, | |
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
11 | GNU General Public License for more details. | |
12 | ||
13 | You should have received a copy of the GNU General Public License | |
14 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
15 | */ | |
16 | ||
17 | #include "dnsmasq.h" | |
18 | ||
19 | #ifdef HAVE_CONNTRACK | |
20 | ||
21 | #include <libnetfilter_conntrack/libnetfilter_conntrack.h> | |
22 | ||
23 | static int gotit = 0; /* yuck */ | |
24 | ||
25 | static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data); | |
26 | ||
27 | int get_incoming_mark(union mysockaddr *peer_addr, struct all_addr *local_addr, int istcp, unsigned int *markp) | |
28 | { | |
29 | struct nf_conntrack *ct; | |
30 | struct nfct_handle *h; | |
31 | ||
32 | gotit = 0; | |
33 | ||
34 | if ((ct = nfct_new())) | |
35 | { | |
36 | nfct_set_attr_u8(ct, ATTR_L4PROTO, istcp ? IPPROTO_TCP : IPPROTO_UDP); | |
37 | nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(daemon->port)); | |
38 | ||
39 | #ifdef HAVE_IPV6 | |
40 | if (peer_addr->sa.sa_family == AF_INET6) | |
41 | { | |
42 | nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6); | |
43 | nfct_set_attr(ct, ATTR_IPV6_SRC, peer_addr->in6.sin6_addr.s6_addr); | |
44 | nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in6.sin6_port); | |
45 | nfct_set_attr(ct, ATTR_IPV6_DST, local_addr->addr.addr6.s6_addr); | |
46 | } | |
47 | else | |
48 | #endif | |
49 | { | |
50 | nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); | |
51 | nfct_set_attr_u32(ct, ATTR_IPV4_SRC, peer_addr->in.sin_addr.s_addr); | |
52 | nfct_set_attr_u16(ct, ATTR_PORT_SRC, peer_addr->in.sin_port); | |
53 | nfct_set_attr_u32(ct, ATTR_IPV4_DST, local_addr->addr.addr4.s_addr); | |
54 | } | |
55 | ||
56 | ||
57 | if ((h = nfct_open(CONNTRACK, 0))) | |
58 | { | |
59 | nfct_callback_register(h, NFCT_T_ALL, callback, (void *)markp); | |
60 | if (nfct_query(h, NFCT_Q_GET, ct) == -1) | |
61 | { | |
62 | static int warned = 0; | |
63 | if (!warned) | |
64 | { | |
65 | my_syslog(LOG_ERR, _("Conntrack connection mark retrieval failed: %s"), strerror(errno)); | |
66 | warned = 1; | |
67 | } | |
68 | } | |
69 | nfct_close(h); | |
70 | } | |
71 | nfct_destroy(ct); | |
72 | } | |
73 | ||
74 | return gotit; | |
75 | } | |
76 | ||
77 | static int callback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data) | |
78 | { | |
79 | unsigned int *ret = (unsigned int *)data; | |
80 | *ret = nfct_get_attr_u32(ct, ATTR_MARK); | |
81 | (void)type; /* eliminate warning */ | |
82 | gotit = 1; | |
83 | ||
84 | return NFCT_CB_CONTINUE; | |
85 | } | |
86 | ||
87 | #endif | |
88 | ||
89 | ||
90 |