Allow configuring a socket mark for DNS packets.

This allows dnsmasq to send DNS queries on a non-default network
(e.g., the DUN APN). We add support for a mark instead of using
existing code to bind DNS servers to interfaces because:

1. Marks are more flexible, and we use them elsewhere.
2. The existing code to bind DNS servers to interfaces causes
   the DNS socket to be bound to a constant port, which exposes
   us to a Kaminsky attack.

Bug: 16357676
Change-Id: I8933b6de198a92c2aaf0291931ace8966ddba275

1 files changed, 3 insertions, 1 deletions

diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index c4fda28..0b9dbd2 100755
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -321,6 +321,7 @@ struct serverfd {
   union mysockaddr source_addr;
   char interface[IF_NAMESIZE+1];
   struct serverfd *next;
+  uint32_t mark;
 };
 
 struct randfd {
@@ -335,6 +336,7 @@ struct server {
   char *domain; /* set if this server only handles a domain. */ 
   int flags, tcpfd;
   unsigned int queries, failed_queries;
+  uint32_t mark;
   struct server *next; 
 };
 
@@ -775,7 +777,7 @@ struct frec *get_new_frec(time_t now, int *wait);
 
 /* network.c */
 int indextoname(int fd, int index, char *name);
-int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp);
+int local_bind(int fd, union mysockaddr *addr, char *intname, uint32_t mark, int is_tcp);
 int random_sock(int family);
 void pre_allocate_sfds(void);
 int reload_servers(char *fname);