vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-04 19:49:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Improve dns redirection for the self-check

Browse source
This commit is contained in:
Daniel 2021-11-17 15:43:21 +01:00
parent 7c6acbd4c6
commit 0cd069ac1a
2 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
firewall/interception.go
View file

@ -340,11 +340,19 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) {
// Set tunnel options. // Set tunnel options.
setCustomTunnelOptionsForPortmaster(conn) setCustomTunnelOptionsForPortmaster(conn)
// Redirect outbound DNS packests,
case pkt.IsOutbound() && case pkt.IsOutbound() &&
pkt.Info().DstPort == 53 && pkt.Info().DstPort == 53 &&
conn.Process().Pid != ownPID && // that don't match the address of our nameserver,
nameserverIPMatcherReady.IsSet() && nameserverIPMatcherReady.IsSet() &&
!nameserverIPMatcher(pkt.Info().Dst): !nameserverIPMatcher(pkt.Info().Dst) &&
// and are not broadcast queries by us.
// Context:
// - Unicast queries by the resolver are pre-authenticated.
// - Unicast qeries by the compat self-check should be redirected.
!(conn.Process().Pid == ownPID &&
conn.Entity.IPScope == netutils.LocalMulticast):
// Reroute rogue dns queries back to Portmaster. // Reroute rogue dns queries back to Portmaster.
conn.Verdict = network.VerdictRerouteToNameserver conn.Verdict = network.VerdictRerouteToNameserver
conn.Reason.Msg = "redirecting rogue dns query" conn.Reason.Msg = "redirecting rogue dns query"

4
resolver/resolver-mdns.go
View file

@ -9,11 +9,9 @@ import (
"sync" "sync"
"time" "time"
"github.com/safing/portmaster/network/netutils"
"github.com/miekg/dns" "github.com/miekg/dns"
"github.com/safing/portbase/log" "github.com/safing/portbase/log"
"github.com/safing/portmaster/network/netutils"
) )
// DNS Classes // DNS Classes