Commit | Line | Data |
---|---|---|
9dcdc856 MW |
1 | /* -*-c-*- |
2 | * | |
bf4d9761 | 3 | * Discover the owner of a connection (Linux version) |
9dcdc856 MW |
4 | * |
5 | * (c) 2012 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Yet Another Ident Daemon (YAID). | |
11 | * | |
12 | * YAID is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License as published by | |
14 | * the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * YAID is distributed in the hope that it will be useful, | |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU General Public License | |
23 | * along with YAID; if not, write to the Free Software Foundation, | |
24 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | */ | |
26 | ||
27 | /*----- Header files ------------------------------------------------------*/ | |
28 | ||
9da480be | 29 | #include "yaid.h" |
9dcdc856 | 30 | |
c3794524 MW |
31 | #include <linux/netlink.h> |
32 | #include <linux/rtnetlink.h> | |
33 | ||
9dcdc856 MW |
34 | /*----- Static variables --------------------------------------------------*/ |
35 | ||
c3794524 | 36 | static FILE *natfp; /* File handle for NAT table */ |
56e93c83 MW |
37 | static int randfd; /* File descriptor for random data */ |
38 | ||
39 | /*----- Miscellaneous system services -------------------------------------*/ | |
40 | ||
41 | /* Fill the buffer at P with SZ random bytes. The buffer will be moderately | |
42 | * large: this is intended to be a low-level interface, not a general-purpose | |
43 | * utility. | |
44 | */ | |
45 | void fill_random(void *p, size_t sz) | |
46 | { | |
47 | ssize_t n; | |
48 | ||
49 | n = read(randfd, p, sz); | |
50 | if (n < 0) die(1, "error reading `/dev/urandom': %s", strerror(errno)); | |
51 | else if (n < sz) die(1, "unexpected short read from `/dev/urandom'"); | |
52 | } | |
b093b41d MW |
53 | |
54 | /*----- Address-type operations -------------------------------------------*/ | |
55 | ||
bf4d9761 MW |
56 | struct addrops_sys { |
57 | const char *procfile; | |
2a9b8d4a | 58 | const char *nfl3name; |
bf4d9761 | 59 | int (*parseaddr)(char **, union addr *); |
9dcdc856 MW |
60 | }; |
61 | ||
3b1bed1d | 62 | #define PROCFILE_IPV4 "/proc/net/tcp" |
2a9b8d4a | 63 | #define NFL3NAME_IPV4 "ipv4" |
3b1bed1d | 64 | |
bf4d9761 | 65 | static int parseaddr_ipv4(char **pp, union addr *a) |
9da480be | 66 | { a->ipv4.s_addr = strtoul(*pp, pp, 16); return (0); } |
9dcdc856 | 67 | |
3b1bed1d | 68 | #define PROCFILE_IPV6 "/proc/net/tcp6" |
2a9b8d4a | 69 | #define NFL3NAME_IPV6 "ipv6" |
9dcdc856 | 70 | |
bf4d9761 | 71 | static int parseaddr_ipv6(char **pp, union addr *a) |
9da480be MW |
72 | { |
73 | int i, j; | |
74 | unsigned long y; | |
75 | char *p = *pp; | |
76 | unsigned x; | |
77 | ||
c3794524 | 78 | /* The format is byteswapped in a really annoying way. */ |
9da480be MW |
79 | for (i = 0; i < 4; i++) { |
80 | y = 0; | |
81 | for (j = 0; j < 8; j++) { | |
82 | if ('0' <= *p && *p <= '9') x = *p - '0'; | |
e9c4f66d MW |
83 | else if ('a' <= *p && *p <= 'f') x = *p - 'a' + 10; |
84 | else if ('A' <= *p && *p <= 'F') x = *p - 'A' + 10; | |
9da480be MW |
85 | else return (-1); |
86 | y = (y << 4) | x; | |
87 | p++; | |
88 | } | |
89 | a->ipv6.s6_addr32[i] = y; | |
90 | } | |
91 | *pp = p; | |
92 | return (0); | |
93 | } | |
94 | ||
3b1bed1d MW |
95 | #define DEFOPSYS(ty, TY) \ |
96 | const struct addrops_sys addrops_sys_##ty = { \ | |
2a9b8d4a | 97 | PROCFILE_##TY, NFL3NAME_##TY, parseaddr_##ty \ |
3b1bed1d MW |
98 | }; |
99 | ADDRTYPES(DEFOPSYS) | |
100 | #undef DEFOPSYS | |
9dcdc856 MW |
101 | |
102 | /*----- Main code ---------------------------------------------------------*/ | |
103 | ||
c3794524 MW |
104 | /* Store in A the default gateway address for the given address family. |
105 | * Return zero on success, or nonzero on error. | |
106 | */ | |
77fb54ff | 107 | static int get_default_gw(int af, union addr *a) |
9dcdc856 | 108 | { |
9da480be MW |
109 | int fd; |
110 | char buf[32768]; | |
111 | struct nlmsghdr *nlmsg; | |
112 | struct rtgenmsg *rtgen; | |
113 | const struct rtattr *rta; | |
114 | const struct rtmsg *rtm; | |
115 | ssize_t n, nn; | |
c63b1d0a | 116 | int rc = -1; |
9da480be MW |
117 | static unsigned long seq = 0x48b4aec4; |
118 | ||
c3794524 | 119 | /* Open a netlink socket for interrogating the kernel. */ |
9da480be MW |
120 | if ((fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE)) < 0) |
121 | die(1, "failed to create netlink socket: %s", strerror(errno)); | |
122 | ||
c3794524 MW |
123 | /* We want to read the routing table. There doesn't seem to be a good way |
124 | * to do this without just crawling through the whole thing. | |
125 | */ | |
9da480be MW |
126 | nlmsg = (struct nlmsghdr *)buf; |
127 | assert(NLMSG_SPACE(sizeof(*rtgen)) < sizeof(buf)); | |
128 | nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(*rtgen)); | |
129 | nlmsg->nlmsg_type = RTM_GETROUTE; | |
130 | nlmsg->nlmsg_flags = NLM_F_REQUEST | NLM_F_ROOT; | |
131 | nlmsg->nlmsg_seq = ++seq; | |
132 | nlmsg->nlmsg_pid = 0; | |
133 | ||
134 | rtgen = (struct rtgenmsg *)NLMSG_DATA(nlmsg); | |
135 | rtgen->rtgen_family = af; | |
136 | ||
137 | if (write(fd, nlmsg, nlmsg->nlmsg_len) < 0) | |
138 | die(1, "failed to send RTM_GETROUTE request: %s", strerror(errno)); | |
9dcdc856 | 139 | |
c3794524 | 140 | /* Now we try to parse the answer. */ |
9da480be | 141 | for (;;) { |
c3794524 MW |
142 | |
143 | /* Not finished yet, so read another chunk of answer. */ | |
9da480be MW |
144 | if ((n = read(fd, buf, sizeof(buf))) < 0) |
145 | die(1, "failed to read RTM_GETROUTE response: %s", strerror(errno)); | |
c3794524 MW |
146 | |
147 | /* Start at the beginning of the response. */ | |
9da480be | 148 | nlmsg = (struct nlmsghdr *)buf; |
c3794524 MW |
149 | |
150 | /* Make sure this looks plausible. The precise rules don't appear to be | |
151 | * documented, so it seems advisable to fail messily if my understanding | |
152 | * is wrong. | |
153 | */ | |
9da480be MW |
154 | if (nlmsg->nlmsg_seq != seq) continue; |
155 | assert(nlmsg->nlmsg_flags & NLM_F_MULTI); | |
156 | ||
c3794524 | 157 | /* Work through all of the individual routes. */ |
9da480be MW |
158 | for (; NLMSG_OK(nlmsg, n); nlmsg = NLMSG_NEXT(nlmsg, n)) { |
159 | if (nlmsg->nlmsg_type == NLMSG_DONE) goto done; | |
160 | if (nlmsg->nlmsg_type != RTM_NEWROUTE) continue; | |
161 | rtm = (const struct rtmsg *)NLMSG_DATA(nlmsg); | |
162 | ||
c3794524 MW |
163 | /* If this record doesn't look interesting then skip it. */ |
164 | if (rtm->rtm_family != af || /* wrong address family */ | |
165 | rtm->rtm_dst_len > 0 || /* specific destination */ | |
166 | rtm->rtm_src_len > 0 || /* specific source */ | |
167 | rtm->rtm_type != RTN_UNICAST || /* not for unicast */ | |
168 | rtm->rtm_scope != RT_SCOPE_UNIVERSE || /* wrong scope */ | |
169 | rtm->rtm_tos != 0) /* specific type of service */ | |
9da480be | 170 | continue; |
9dcdc856 | 171 | |
c3794524 | 172 | /* Trundle through the attributes and find the gateway address. */ |
9da480be MW |
173 | for (rta = RTM_RTA(rtm), nn = RTM_PAYLOAD(nlmsg); |
174 | RTA_OK(rta, nn); rta = RTA_NEXT(rta, nn)) { | |
c3794524 MW |
175 | |
176 | /* Got one. We're all done. Except that we should carry on reading | |
177 | * to the end, or something bad will happen. | |
178 | */ | |
9da480be MW |
179 | if (rta->rta_type == RTA_GATEWAY) { |
180 | assert(RTA_PAYLOAD(rta) <= sizeof(*a)); | |
181 | memcpy(a, RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
c63b1d0a | 182 | rc = 0; |
9da480be MW |
183 | } |
184 | } | |
185 | } | |
186 | } | |
9dcdc856 | 187 | |
9da480be MW |
188 | done: |
189 | close(fd); | |
190 | return (rc); | |
9dcdc856 MW |
191 | } |
192 | ||
c3794524 MW |
193 | /* Find out who is responsible for the connection described in the query Q. |
194 | * Write the answer to Q. Errors are logged and reported via the query | |
195 | * structure. | |
196 | */ | |
9da480be | 197 | void identify(struct query *q) |
9dcdc856 | 198 | { |
9dcdc856 MW |
199 | FILE *fp = 0; |
200 | dstr d = DSTR_INIT; | |
201 | char *p, *pp; | |
202 | struct socket s[4]; | |
203 | int i; | |
9da480be | 204 | int gwp = 0; |
9dcdc856 MW |
205 | unsigned fl; |
206 | #define F_SADDR 1u | |
207 | #define F_SPORT 2u | |
208 | #define F_DADDR 4u | |
209 | #define F_DPORT 8u | |
210 | #define F_ALL (F_SADDR | F_SPORT | F_DADDR | F_DPORT) | |
211 | #define F_ESTAB 16u | |
212 | uid_t uid; | |
213 | enum { LOC, REM, ST, UID, NFIELD }; | |
214 | int f, ff[NFIELD]; | |
215 | ||
c3794524 MW |
216 | /* If we have a default gateway, and it matches the remote address then |
217 | * this may be a proxy connection from our NAT, so remember this, and don't | |
218 | * inspect the remote addresses in the TCP tables. | |
219 | */ | |
c63b1d0a | 220 | if (!get_default_gw(q->ao->af, &s[0].addr) && |
bf4d9761 | 221 | q->ao->addreq(&s[0].addr, &q->s[R].addr)) |
9da480be MW |
222 | gwp = 1; |
223 | ||
c3794524 | 224 | /* Open the relevant TCP connection table. */ |
bf4d9761 | 225 | if ((fp = fopen(q->ao->sys->procfile, "r")) == 0) { |
9dcdc856 | 226 | logmsg(q, LOG_ERR, "failed to open `%s' for reading: %s", |
bf4d9761 | 227 | q->ao->sys->procfile, strerror(errno)); |
9dcdc856 MW |
228 | goto err_unk; |
229 | } | |
230 | ||
c3794524 MW |
231 | /* Initially, PP points into a string containing whitespace-separated |
232 | * fields. Point P to the next field, null-terminate it, and advance PP | |
233 | * so that we can read the next field in the next call. | |
234 | */ | |
9dcdc856 MW |
235 | #define NEXTFIELD do { \ |
236 | for (p = pp; isspace((unsigned char)*p); p++); \ | |
237 | for (pp = p; *pp && !isspace((unsigned char)*pp); pp++); \ | |
238 | if (*pp) *pp++ = 0; \ | |
239 | } while (0) | |
240 | ||
c3794524 | 241 | /* Read the header line from the file. */ |
9dcdc856 MW |
242 | if (dstr_putline(&d, fp) == EOF) { |
243 | logmsg(q, LOG_ERR, "failed to read header line from `%s': %s", | |
bf4d9761 MW |
244 | q->ao->sys->procfile, |
245 | ferror(fp) ? strerror(errno) : "unexpected EOF"); | |
9dcdc856 MW |
246 | goto err_unk; |
247 | } | |
248 | ||
c3794524 MW |
249 | /* Now scan the header line to identify which columns the various |
250 | * interesting fields are in. Store these in the map `ff'. Problems: | |
251 | * `tx_queue rx_queue' and `tr tm->when' are both really single columns in | |
252 | * disguise; and the remote address column has a different heading | |
253 | * depending on which address family we're using. Rather than dispatch, | |
254 | * just recognize both of them. | |
255 | */ | |
9dcdc856 MW |
256 | for (i = 0; i < NFIELD; i++) ff[i] = -1; |
257 | pp = d.buf; | |
258 | for (f = 0;; f++) { | |
259 | NEXTFIELD; if (!*p) break; | |
260 | if (strcmp(p, "local_address") == 0) | |
261 | ff[LOC] = f; | |
262 | else if (strcmp(p, "rem_address") == 0 || | |
263 | strcmp(p, "remote_address") == 0) | |
264 | ff[REM] = f; | |
265 | else if (strcmp(p, "uid") == 0) | |
266 | ff[UID] = f; | |
267 | else if (strcmp(p, "st") == 0) | |
268 | ff[ST] = f; | |
269 | else if (strcmp(p, "rx_queue") == 0 || | |
270 | strcmp(p, "tm->when") == 0) | |
271 | f--; | |
272 | } | |
c3794524 MW |
273 | |
274 | /* Make sure that we found all of the fields we actually want. */ | |
9dcdc856 MW |
275 | for (i = 0; i < NFIELD; i++) { |
276 | if (ff[i] < 0) { | |
277 | logmsg(q, LOG_ERR, "failed to find required fields in `%s'", | |
bf4d9761 | 278 | q->ao->sys->procfile); |
9dcdc856 MW |
279 | goto err_unk; |
280 | } | |
281 | } | |
282 | ||
c3794524 | 283 | /* Work through the lines in the file. */ |
9dcdc856 | 284 | for (;;) { |
c3794524 MW |
285 | |
286 | /* Read a line, and prepare to scan the fields. */ | |
9dcdc856 MW |
287 | DRESET(&d); |
288 | if (dstr_putline(&d, fp) == EOF) break; | |
289 | pp = d.buf; | |
290 | uid = -1; | |
c3794524 MW |
291 | |
292 | /* Work through the fields. If an address field fails to match then we | |
293 | * skip this record. If the state field isn't 1 (`ESTABLISHED') then | |
294 | * skip the record. If it's the UID, then remember it: if we get all the | |
295 | * way to the end then we've won. | |
296 | */ | |
9dcdc856 MW |
297 | for (f = 0;; f++) { |
298 | NEXTFIELD; if (!*p) break; | |
299 | if (f == ff[LOC]) { i = L; goto compare; } | |
300 | else if (f == ff[REM]) { i = R; goto compare; } | |
301 | else if (f == ff[UID]) uid = atoi(p); | |
302 | else if (f == ff[ST]) { | |
303 | if (strtol(p, 0, 16) != 1) goto next_row; | |
304 | } | |
305 | continue; | |
306 | ||
307 | compare: | |
c3794524 MW |
308 | /* Compare an address (in the current field) with the local or remote |
309 | * address in the query, as indicated by `i'. The address field looks | |
310 | * like `ADDR:PORT', where the ADDR is in some mad format which | |
311 | * `sys->parseaddr' knows how to unpick. If the remote address in the | |
312 | * query is our gateway then don't check the remote address in the | |
313 | * field (but do check the port number). | |
314 | */ | |
223e3e2b | 315 | if (q->ao->sys->parseaddr(&p, &s[i].addr)) goto next_row; |
9dcdc856 | 316 | if (*p != ':') break; p++; |
223e3e2b | 317 | s[i].port = strtoul(p, 0, 16); |
c3794524 | 318 | if ((i == R && gwp) ? |
223e3e2b MW |
319 | q->s[R].port != s[i].port : |
320 | !sockeq(q->ao, &q->s[i], &s[i])) | |
9da480be | 321 | goto next_row; |
9dcdc856 | 322 | } |
c3794524 MW |
323 | |
324 | /* We got to the end, and everything matched. If we found a UID then | |
223e3e2b MW |
325 | * we're done. If the apparent remote address is our gateway then copy |
326 | * the true one into the query structure. | |
c3794524 | 327 | */ |
9dcdc856 | 328 | if (uid != -1) { |
9da480be MW |
329 | q->resp = R_UID; |
330 | q->u.uid = uid; | |
223e3e2b | 331 | if (gwp) q->s[R].addr = s[i].addr; |
9dcdc856 MW |
332 | goto done; |
333 | } | |
334 | next_row:; | |
335 | } | |
336 | ||
c3794524 | 337 | /* We got to the end of the file and didn't find anything. */ |
9dcdc856 | 338 | if (ferror(fp)) { |
b093b41d MW |
339 | logmsg(q, LOG_ERR, "failed to read connection table `%s': %s", |
340 | q->ao->sys->procfile, strerror(errno)); | |
9dcdc856 MW |
341 | goto err_unk; |
342 | } | |
343 | ||
c3794524 MW |
344 | /* If we opened the NAT table file, and we're using IPv4, then check to see |
345 | * whether we should proxy the connection. At least the addresses in this | |
346 | * file aren't crazy. | |
347 | */ | |
2a9b8d4a | 348 | if (natfp) { |
c3794524 MW |
349 | |
350 | /* Start again from the beginning. */ | |
b093b41d | 351 | rewind(natfp); |
9dcdc856 | 352 | |
c3794524 | 353 | /* Read a line at a time. */ |
9dcdc856 | 354 | for (;;) { |
c3794524 MW |
355 | |
356 | /* Read the line. */ | |
9dcdc856 | 357 | DRESET(&d); |
b093b41d | 358 | if (dstr_putline(&d, natfp) == EOF) break; |
9dcdc856 | 359 | pp = d.buf; |
2a9b8d4a | 360 | |
c3794524 | 361 | /* Check that this is for the right protocol. */ |
2a9b8d4a MW |
362 | NEXTFIELD; if (!*p) break; |
363 | if (strcmp(p, q->ao->sys->nfl3name)) continue; | |
364 | NEXTFIELD; if (!*p) break; | |
9dcdc856 MW |
365 | NEXTFIELD; if (!*p) break; |
366 | if (strcmp(p, "tcp") != 0) continue; | |
c3794524 MW |
367 | |
368 | /* Parse the other fields. Each line has two src/dst pairs, for the | |
369 | * outgoing and incoming directions. Depending on exactly what kind of | |
370 | * NAT is in use, either the outgoing source or the incoming | |
371 | * destination might be the client we're after. Collect all of the | |
372 | * addresses and sort out the mess later. | |
373 | */ | |
9dcdc856 MW |
374 | i = 0; |
375 | fl = 0; | |
376 | for (;;) { | |
377 | NEXTFIELD; if (!*p) break; | |
378 | if (strcmp(p, "ESTABLISHED") == 0) | |
379 | fl |= F_ESTAB; | |
380 | else if (strncmp(p, "src=", 4) == 0) { | |
2a9b8d4a | 381 | inet_pton(q->ao->af, p + 4, &s[i].addr); |
9dcdc856 MW |
382 | fl |= F_SADDR; |
383 | } else if (strncmp(p, "dst=", 4) == 0) { | |
2a9b8d4a | 384 | inet_pton(q->ao->af, p + 4, &s[i + 1].addr); |
9dcdc856 MW |
385 | fl |= F_DADDR; |
386 | } else if (strncmp(p, "sport=", 6) == 0) { | |
387 | s[i].port = atoi(p + 6); | |
388 | fl |= F_SPORT; | |
389 | } else if (strncmp(p, "dport=", 6) == 0) { | |
390 | s[i + 1].port = atoi(p + 6); | |
391 | fl |= F_DPORT; | |
392 | } | |
393 | if ((fl & F_ALL) == F_ALL) { | |
394 | fl &= ~F_ALL; | |
395 | if (i < 4) i += 2; | |
396 | else break; | |
397 | } | |
398 | } | |
399 | ||
2abfa393 | 400 | #ifdef DEBUG |
9dcdc856 | 401 | { |
c3794524 | 402 | /* Print the record we found. */ |
9dcdc856 MW |
403 | dstr dd = DSTR_INIT; |
404 | dstr_putf(&dd, "%sestab ", (fl & F_ESTAB) ? " " : "!"); | |
bf4d9761 | 405 | dputsock(&dd, q->ao, &s[0]); |
9dcdc856 | 406 | dstr_puts(&dd, "<->"); |
bf4d9761 | 407 | dputsock(&dd, q->ao, &s[1]); |
9dcdc856 | 408 | dstr_puts(&dd, " | "); |
bf4d9761 | 409 | dputsock(&dd, q->ao, &s[2]); |
9dcdc856 | 410 | dstr_puts(&dd, "<->"); |
bf4d9761 | 411 | dputsock(&dd, q->ao, &s[3]); |
9dcdc856 MW |
412 | printf("parsed: %s\n", dd.buf); |
413 | dstr_destroy(&dd); | |
414 | } | |
415 | #endif | |
416 | ||
c3794524 | 417 | /* If the connection isn't ESTABLISHED then skip it. */ |
9dcdc856 MW |
418 | if (!(fl & F_ESTAB)) continue; |
419 | ||
c3794524 MW |
420 | /* Now we try to piece together what's going on. One of these |
421 | * addresses will be us. So let's just try to find it. | |
422 | */ | |
9dcdc856 | 423 | for (i = 0; i < 4; i++) |
bf4d9761 | 424 | if (sockeq(q->ao, &s[i], &q->s[L])) goto found_local; |
9dcdc856 | 425 | continue; |
c3794524 | 426 | |
9dcdc856 | 427 | found_local: |
c3794524 MW |
428 | /* So address `i' is us. In that case, we expect the other address in |
429 | * the same direction, and the same address in the opposite direction, | |
430 | * to match each other and be the remote address in the query. | |
431 | */ | |
bf4d9761 MW |
432 | if (!sockeq(q->ao, &s[i^1], &s[i^2]) || |
433 | !sockeq(q->ao, &s[i^1], &q->s[R])) | |
9dcdc856 | 434 | continue; |
c3794524 MW |
435 | |
436 | /* We win. The remaining address must be the client host. We should | |
437 | * proxy this query. | |
438 | */ | |
9da480be MW |
439 | q->resp = R_NAT; |
440 | q->u.nat = s[i^3]; | |
9dcdc856 MW |
441 | goto done; |
442 | } | |
443 | ||
2a9b8d4a | 444 | /* Reached the end of the NAT file. */ |
b093b41d | 445 | if (ferror(natfp)) { |
2a9b8d4a | 446 | logmsg(q, LOG_ERR, "failed to read `/proc/net/nf_conntrack': %s", |
9dcdc856 MW |
447 | strerror(errno)); |
448 | goto err_unk; | |
449 | } | |
450 | } | |
451 | ||
452 | #undef NEXTFIELD | |
453 | ||
c3794524 | 454 | /* We didn't find a match anywhere. How unfortunate. */ |
b093b41d | 455 | logmsg(q, LOG_NOTICE, "connection not found"); |
9da480be MW |
456 | q->resp = R_ERROR; |
457 | q->u.error = E_NOUSER; | |
9dcdc856 | 458 | goto done; |
c3794524 | 459 | |
9dcdc856 | 460 | err_unk: |
c3794524 MW |
461 | /* Something went wrong and the protocol can't express what. We should |
462 | * have logged what the problem actually was. | |
463 | */ | |
9da480be MW |
464 | q->resp = R_ERROR; |
465 | q->u.error = E_UNKNOWN; | |
c3794524 | 466 | |
9dcdc856 | 467 | done: |
c3794524 | 468 | /* All done. */ |
9dcdc856 | 469 | dstr_destroy(&d); |
60150b4c | 470 | if (fp) fclose(fp); |
9dcdc856 MW |
471 | } |
472 | ||
c3794524 | 473 | /* Initialize the system-specific code. */ |
b093b41d MW |
474 | void init_sys(void) |
475 | { | |
af7ed5c7 | 476 | /* Open the NAT connection map. */ |
2a9b8d4a | 477 | if ((natfp = fopen("/proc/net/nf_conntrack", "r")) == 0 && |
b093b41d | 478 | errno != ENOENT) { |
2a9b8d4a | 479 | die(1, "failed to open `/proc/net/nf_conntrack' for reading: %s", |
b093b41d MW |
480 | strerror(errno)); |
481 | } | |
56e93c83 MW |
482 | |
483 | /* Open the random data source. */ | |
484 | if ((randfd = open("/dev/urandom", O_RDONLY)) < 0) { | |
485 | die(1, "failed to open `/dev/urandom' for reading: %s", | |
486 | strerror(errno)); | |
487 | } | |
b093b41d MW |
488 | } |
489 | ||
9dcdc856 | 490 | /*----- That's all, folks -------------------------------------------------*/ |