github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Improve dns redirection for the self-check

Browse Source
This commit is contained in:
Daniel
2021-11-17 15:43:21 +01:00
parent 7c6acbd4c6
commit 0cd069ac1a
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
firewall/interception.go
View File

@@ -340,11 +340,19 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) {
// Set tunnel options.
setCustomTunnelOptionsForPortmaster(conn)
// Redirect outbound DNS packests,
case pkt.IsOutbound() &&
pkt.Info().DstPort == 53 &&
conn.Process().Pid != ownPID &&
// that don't match the address of our nameserver,
nameserverIPMatcherReady.IsSet() &&
!nameserverIPMatcher(pkt.Info().Dst):
!nameserverIPMatcher(pkt.Info().Dst) &&
// and are not broadcast queries by us.
// Context:
// - Unicast queries by the resolver are pre-authenticated.
// - Unicast qeries by the compat self-check should be redirected.
!(conn.Process().Pid == ownPID &&
conn.Entity.IPScope == netutils.LocalMulticast):
// Reroute rogue dns queries back to Portmaster.
conn.Verdict = network.VerdictRerouteToNameserver
conn.Reason.Msg = "redirecting rogue dns query"