diff options
author | Lorenzo Colitti <lorenzo@google.com> | 2014-08-26 14:06:34 -0700 |
---|---|---|
committer | Lorenzo Colitti <lorenzo@google.com> | 2014-08-27 18:36:13 -0700 |
commit | 68eff53e7ed9df06f194478930f39b31c7a32458 (patch) | |
tree | 664d70327bd2e2c7c4af566bfc8989333b3aa586 /src/dnsmasq.h | |
parent | d1b102a58056b842bf81e0846b2d4a21e7c964eb (diff) | |
download | android_external_dnsmasq-68eff53e7ed9df06f194478930f39b31c7a32458.tar.gz android_external_dnsmasq-68eff53e7ed9df06f194478930f39b31c7a32458.tar.bz2 android_external_dnsmasq-68eff53e7ed9df06f194478930f39b31c7a32458.zip |
Allow configuring a socket mark for DNS packets.
This allows dnsmasq to send DNS queries on a non-default network
(e.g., the DUN APN). We add support for a mark instead of using
existing code to bind DNS servers to interfaces because:
1. Marks are more flexible, and we use them elsewhere.
2. The existing code to bind DNS servers to interfaces causes
the DNS socket to be bound to a constant port, which exposes
us to a Kaminsky attack.
Bug: 16357676
Change-Id: I8933b6de198a92c2aaf0291931ace8966ddba275
Diffstat (limited to 'src/dnsmasq.h')
-rwxr-xr-x | src/dnsmasq.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/dnsmasq.h b/src/dnsmasq.h index c4fda28..0b9dbd2 100755 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -321,6 +321,7 @@ struct serverfd { union mysockaddr source_addr; char interface[IF_NAMESIZE+1]; struct serverfd *next; + uint32_t mark; }; struct randfd { @@ -335,6 +336,7 @@ struct server { char *domain; /* set if this server only handles a domain. */ int flags, tcpfd; unsigned int queries, failed_queries; + uint32_t mark; struct server *next; }; @@ -775,7 +777,7 @@ struct frec *get_new_frec(time_t now, int *wait); /* network.c */ int indextoname(int fd, int index, char *name); -int local_bind(int fd, union mysockaddr *addr, char *intname, int is_tcp); +int local_bind(int fd, union mysockaddr *addr, char *intname, uint32_t mark, int is_tcp); int random_sock(int family); void pre_allocate_sfds(void); int reload_servers(char *fname); |