[Dnsmasq-discuss] [PATCH 1/1] Set conntrack mark before connect() call.
Karl Vogel
karl.vogel at gmail.com
Tue Sep 30 13:50:17 BST 2014
SO_MARK has to be done before issuing the connect() call on the
TCP socket.
---
src/forward.c | 35 ++++++++++++++++++-----------------
1 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/src/forward.c b/src/forward.c
index 4895efe..c9dedc3 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1796,6 +1796,24 @@ unsigned char *tcp_request(int confd, time_t now,
if ((last_server->tcpfd = socket(last_server->addr.sa.sa_family, SOCK_STREAM, 0)) == -1)
continue;
+#ifdef HAVE_CONNTRACK
+ /* Copy connection mark of incoming query to outgoing connection. */
+ if (option_bool(OPT_CONNTRACK))
+ {
+ unsigned int mark;
+ struct all_addr local;
+#ifdef HAVE_IPV6
+ if (local_addr->sa.sa_family == AF_INET6)
+ local.addr.addr6 = local_addr->in6.sin6_addr;
+ else
+#endif
+ local.addr.addr4 = local_addr->in.sin_addr;
+
+ if (get_incoming_mark(&peer_addr, &local, 1, &mark))
+ setsockopt(last_server->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
+ }
+#endif
+
if ((!local_bind(last_server->tcpfd, &last_server->source_addr, last_server->interface, 1) ||
connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1))
{
@@ -1821,23 +1839,6 @@ unsigned char *tcp_request(int confd, time_t now,
}
#endif
-#ifdef HAVE_CONNTRACK
- /* Copy connection mark of incoming query to outgoing connection. */
- if (option_bool(OPT_CONNTRACK))
- {
- unsigned int mark;
- struct all_addr local;
-#ifdef HAVE_IPV6
- if (local_addr->sa.sa_family == AF_INET6)
- local.addr.addr6 = local_addr->in6.sin6_addr;
- else
-#endif
- local.addr.addr4 = local_addr->in.sin_addr;
-
- if (get_incoming_mark(&peer_addr, &local, 1, &mark))
- setsockopt(last_server->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
- }
-#endif
}
*length = htons(size);
--
1.7.1
More information about the Dnsmasq-discuss
mailing list