[yaid] / linux.c

/* -*-c-*-
 *
 * Discover the owner of a connection (Linux version)
 *
 * (c) 2012 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Yet Another Ident Daemon (YAID).
 *
 * YAID is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * YAID is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with YAID; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include "yaid.h"

/*----- Static variables --------------------------------------------------*/

static FILE *natfp;

/*----- Address-type operations -------------------------------------------*/

struct addrops_sys {
  const char *procfile;
  const char *nfl3name;
  int (*parseaddr)(char **, union addr *);
};

#define PROCFILE_IPV4 "/proc/net/tcp"
#define NFL3NAME_IPV4 "ipv4"

static int parseaddr_ipv4(char **pp, union addr *a)
  { a->ipv4.s_addr = strtoul(*pp, pp, 16); return (0); }

#define PROCFILE_IPV6 "/proc/net/tcp6"
#define NFL3NAME_IPV6 "ipv6"

static int parseaddr_ipv6(char **pp, union addr *a)
{
  int i, j;
  unsigned long y;
  char *p = *pp;
  unsigned x;

  for (i = 0; i < 4; i++) {
    y = 0;
    for (j = 0; j < 8; j++) {
      if ('0' <= *p && *p <= '9') x = *p - '0';
      else if ('a' <= *p && *p <= 'f') x = *p - 'a'+ 10;
      else if ('A' <= *p && *p <= 'F') x = *p - 'A'+ 10;
      else return (-1);
      y = (y << 4) | x;
      p++;
    }
    a->ipv6.s6_addr32[i] = y;
  }
  *pp = p;
  return (0);
}

#define DEFOPSYS(ty, TY)						\
  const struct addrops_sys addrops_sys_##ty = {				\
    PROCFILE_##TY, NFL3NAME_##TY, parseaddr_##ty			\
  };
ADDRTYPES(DEFOPSYS)
#undef DEFOPSYS

/*----- Main code ---------------------------------------------------------*/

static int get_default_gw(int af, union addr *a)
{
  int fd;
  char buf[32768];
  struct nlmsghdr *nlmsg;
  struct rtgenmsg *rtgen;
  const struct rtattr *rta;
  const struct rtmsg *rtm;
  ssize_t n, nn;
  int rc = 0;
  static unsigned long seq = 0x48b4aec4;

  if ((fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE)) < 0)
    die(1, "failed to create netlink socket: %s", strerror(errno));

  nlmsg = (struct nlmsghdr *)buf;
  assert(NLMSG_SPACE(sizeof(*rtgen)) < sizeof(buf));
  nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(*rtgen));
  nlmsg->nlmsg_type = RTM_GETROUTE;
  nlmsg->nlmsg_flags = NLM_F_REQUEST | NLM_F_ROOT;
  nlmsg->nlmsg_seq = ++seq;
  nlmsg->nlmsg_pid = 0;

  rtgen = (struct rtgenmsg *)NLMSG_DATA(nlmsg);
  rtgen->rtgen_family = af;

  if (write(fd, nlmsg, nlmsg->nlmsg_len) < 0)
    die(1, "failed to send RTM_GETROUTE request: %s", strerror(errno));

  for (;;) {
    if ((n = read(fd, buf, sizeof(buf))) < 0)
      die(1, "failed to read RTM_GETROUTE response: %s", strerror(errno));
    nlmsg = (struct nlmsghdr *)buf;
    if (nlmsg->nlmsg_seq != seq) continue;
    assert(nlmsg->nlmsg_flags & NLM_F_MULTI);

    for (; NLMSG_OK(nlmsg, n); nlmsg = NLMSG_NEXT(nlmsg, n)) {
      if (nlmsg->nlmsg_type == NLMSG_DONE) goto done;
      if (nlmsg->nlmsg_type != RTM_NEWROUTE) continue;
      rtm = (const struct rtmsg *)NLMSG_DATA(nlmsg);

      if (rtm->rtm_family != af ||
	  rtm->rtm_dst_len > 0 ||
	  rtm->rtm_src_len > 0 ||
	  rtm->rtm_type != RTN_UNICAST ||
	  rtm->rtm_scope != RT_SCOPE_UNIVERSE ||
	  rtm->rtm_tos != 0)
	continue;

      for (rta = RTM_RTA(rtm), nn = RTM_PAYLOAD(nlmsg);
	   RTA_OK(rta, nn); rta = RTA_NEXT(rta, nn)) {
	if (rta->rta_type == RTA_GATEWAY) {
	  assert(RTA_PAYLOAD(rta) <= sizeof(*a));
	  memcpy(a, RTA_DATA(rta), RTA_PAYLOAD(rta));
	  rc = 1;
	}
      }
    }
  }

done:
  close(fd);
  return (rc);
}

void identify(struct query *q)
{
  FILE *fp = 0;
  dstr d = DSTR_INIT;
  char *p, *pp;
  struct socket s[4];
  int i;
  int gwp = 0;
  unsigned fl;
#define F_SADDR 1u
#define F_SPORT 2u
#define F_DADDR 4u
#define F_DPORT 8u
#define F_ALL (F_SADDR | F_SPORT | F_DADDR | F_DPORT)
#define F_ESTAB 16u
  uid_t uid;
  enum { LOC, REM, ST, UID, NFIELD };
  int f, ff[NFIELD];

  if (get_default_gw(q->ao->af, &s[0].addr) &&
      q->ao->addreq(&s[0].addr, &q->s[R].addr))
    gwp = 1;

  if ((fp = fopen(q->ao->sys->procfile, "r")) == 0) {
    logmsg(q, LOG_ERR, "failed to open `%s' for reading: %s",
	   q->ao->sys->procfile, strerror(errno));
    goto err_unk;
  }

#define NEXTFIELD do {							\
  for (p = pp; isspace((unsigned char)*p); p++);			\
  for (pp = p; *pp && !isspace((unsigned char)*pp); pp++);		\
  if (*pp) *pp++ = 0;							\
} while (0)

  if (dstr_putline(&d, fp) == EOF) {
    logmsg(q, LOG_ERR, "failed to read header line from `%s': %s",
	   q->ao->sys->procfile,
	   ferror(fp) ? strerror(errno) : "unexpected EOF");
    goto err_unk;
  }

  for (i = 0; i < NFIELD; i++) ff[i] = -1;
  pp = d.buf;
  for (f = 0;; f++) {
    NEXTFIELD; if (!*p) break;
    if (strcmp(p, "local_address") == 0)
      ff[LOC] = f;
    else if (strcmp(p, "rem_address") == 0 ||
	     strcmp(p, "remote_address") == 0)
      ff[REM] = f;
    else if (strcmp(p, "uid") == 0)
      ff[UID] = f;
    else if (strcmp(p, "st") == 0)
      ff[ST] = f;
    else if (strcmp(p, "rx_queue") == 0 ||
	     strcmp(p, "tm->when") == 0)
      f--;
  }
  for (i = 0; i < NFIELD; i++) {
    if (ff[i] < 0) {
      logmsg(q, LOG_ERR, "failed to find required fields in `%s'",
	     q->ao->sys->procfile);
      goto err_unk;
    }
  }

  for (;;) {
    DRESET(&d);
    if (dstr_putline(&d, fp) == EOF) break;
    pp = d.buf;
    uid = -1;
    for (f = 0;; f++) {
      NEXTFIELD; if (!*p) break;
      if (f == ff[LOC]) { i = L; goto compare; }
      else if (f == ff[REM]) { i = R; goto compare; }
      else if (f == ff[UID]) uid = atoi(p);
      else if (f == ff[ST]) {
	if (strtol(p, 0, 16) != 1) goto next_row;
      }
      continue;

    compare:
      if (q->ao->sys->parseaddr(&p, &s[0].addr)) goto next_row;
      if (*p != ':') break; p++;
      s[0].port = strtoul(p, 0, 16);
      if (!sockeq(q->ao, &q->s[i], &s[0]) &&
	  (i != R || !gwp || q->s[R].port != s[0].port))
	goto next_row;
    }
    if (uid != -1) {
      q->resp = R_UID;
      q->u.uid = uid;
      goto done;
    }
  next_row:;
  }

  if (ferror(fp)) {
    logmsg(q, LOG_ERR, "failed to read connection table `%s': %s",
	   q->ao->sys->procfile, strerror(errno));
    goto err_unk;
  }

  if (natfp) {
    rewind(natfp);

    for (;;) {
      DRESET(&d);
      if (dstr_putline(&d, natfp) == EOF) break;
      pp = d.buf;

      NEXTFIELD; if (!*p) break;
      if (strcmp(p, q->ao->sys->nfl3name)) continue;
      NEXTFIELD; if (!*p) break;
      NEXTFIELD; if (!*p) break;
      if (strcmp(p, "tcp") != 0) continue;
      i = 0;
      fl = 0;
      for (;;) {
	NEXTFIELD; if (!*p) break;
	if (strcmp(p, "ESTABLISHED") == 0)
	  fl |= F_ESTAB;
	else if (strncmp(p, "src=", 4) == 0) {
	  inet_pton(q->ao->af, p + 4, &s[i].addr);
	  fl |= F_SADDR;
	} else if (strncmp(p, "dst=", 4) == 0) {
	  inet_pton(q->ao->af, p + 4, &s[i + 1].addr);
	  fl |= F_DADDR;
	} else if (strncmp(p, "sport=", 6) == 0) {
	  s[i].port = atoi(p + 6);
	  fl |= F_SPORT;
	} else if (strncmp(p, "dport=", 6) == 0) {
	  s[i + 1].port = atoi(p + 6);
	  fl |= F_DPORT;
	}
	if ((fl & F_ALL) == F_ALL) {
	  fl &= ~F_ALL;
	  if (i < 4) i += 2;
	  else break;
	}
      }

#ifdef notdef
      {
	dstr dd = DSTR_INIT;
	dstr_putf(&dd, "%sestab ", (fl & F_ESTAB) ? " " : "!");
	dputsock(&dd, q->ao, &s[0]);
	dstr_puts(&dd, "<->");
	dputsock(&dd, q->ao, &s[1]);
	dstr_puts(&dd, " | ");
	dputsock(&dd, q->ao, &s[2]);
	dstr_puts(&dd, "<->");
	dputsock(&dd, q->ao, &s[3]);
	printf("parsed: %s\n", dd.buf);
	dstr_destroy(&dd);
      }
#endif

      if (!(fl & F_ESTAB)) continue;

      for (i = 0; i < 4; i++)
	if (sockeq(q->ao, &s[i], &q->s[L])) goto found_local;
      continue;
      putchar('.');
    found_local:
      if (!sockeq(q->ao, &s[i^1], &s[i^2]) ||
	  !sockeq(q->ao, &s[i^1], &q->s[R]))
	continue;
      q->resp = R_NAT;
      q->u.nat = s[i^3];
      goto done;
    }

    /* Reached the end of the NAT file. */
    if (ferror(natfp)) {
      logmsg(q, LOG_ERR, "failed to read `/proc/net/nf_conntrack': %s",
	     strerror(errno));
      goto err_unk;
    }
  }

#undef NEXTFIELD

  logmsg(q, LOG_NOTICE, "connection not found");
  q->resp = R_ERROR;
  q->u.error = E_NOUSER;
  goto done;
err_unk:
  q->resp = R_ERROR;
  q->u.error = E_UNKNOWN;
done:
  dstr_destroy(&d);
  if (fp) fclose(fp);
}

void init_sys(void)
{
  if ((natfp = fopen("/proc/net/nf_conntrack", "r")) == 0 &&
      errno != ENOENT) {
    die(1, "failed to open `/proc/net/nf_conntrack' for reading: %s",
	strerror(errno));
  }
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
9dcdc856 MW	1	/* --c--
9dcdc856 MW	2	*
bf4d9761	3	* Discover the owner of a connection (Linux version)
9dcdc856 MW	4	*
	5	* (c) 2012 Straylight/Edgeware
	6	*/
	7
	8	/----- Licensing notice --------------------------------------------------
	9	*
	10	* This file is part of Yet Another Ident Daemon (YAID).
	11	*
	12	* YAID is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU General Public License as published by
	14	* the Free Software Foundation; either version 2 of the License, or
	15	* (at your option) any later version.
	16	*
	17	* YAID is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU General Public License for more details.
	21	*
	22	* You should have received a copy of the GNU General Public License
	23	* along with YAID; if not, write to the Free Software Foundation,
	24	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25	*/
	26
	27	/----- Header files ------------------------------------------------------/
	28
9da480be	29	#include "yaid.h"
9dcdc856 MW	30
	31	/----- Static variables --------------------------------------------------/
	32
b093b41d MW	33	static FILE *natfp;
	34
	35	/----- Address-type operations -------------------------------------------/
	36
bf4d9761 MW	37	struct addrops_sys {
bf4d9761 MW	38	const char *procfile;
2a9b8d4a	39	const char *nfl3name;
bf4d9761	40	int (parseaddr)(char , union addr );
9dcdc856 MW	41	};
9dcdc856 MW	42
3b1bed1d	43	#define PROCFILE_IPV4 "/proc/net/tcp"
2a9b8d4a	44	#define NFL3NAME_IPV4 "ipv4"
3b1bed1d	45
bf4d9761	46	static int parseaddr_ipv4(char *pp, union addr a)
9da480be	47	{ a->ipv4.s_addr = strtoul(*pp, pp, 16); return (0); }
9dcdc856	48
3b1bed1d	49	#define PROCFILE_IPV6 "/proc/net/tcp6"
2a9b8d4a	50	#define NFL3NAME_IPV6 "ipv6"
9dcdc856	51
bf4d9761	52	static int parseaddr_ipv6(char *pp, union addr a)
9da480be MW	53	{
	54	int i, j;
	55	unsigned long y;
	56	char p = pp;
	57	unsigned x;
	58
	59	for (i = 0; i < 4; i++) {
	60	y = 0;
	61	for (j = 0; j < 8; j++) {
	62	if ('0' <= p && p <= '9') x = *p - '0';
	63	else if ('a' <= p && p <= 'f') x = *p - 'a'+ 10;
	64	else if ('A' <= p && p <= 'F') x = *p - 'A'+ 10;
	65	else return (-1);
	66	y = (y << 4) \| x;
	67	p++;
	68	}
	69	a->ipv6.s6_addr32[i] = y;
	70	}
	71	*pp = p;
	72	return (0);
	73	}
	74
3b1bed1d MW	75	#define DEFOPSYS(ty, TY) \
3b1bed1d MW	76	const struct addrops_sys addrops_sys_##ty = { \
2a9b8d4a	77	PROCFILE_##TY, NFL3NAME_##TY, parseaddr_##ty \
3b1bed1d MW	78	};
	79	ADDRTYPES(DEFOPSYS)
	80	#undef DEFOPSYS
9dcdc856 MW	81
	82	/----- Main code ---------------------------------------------------------/
	83
77fb54ff	84	static int get_default_gw(int af, union addr *a)
9dcdc856	85	{
9da480be MW	86	int fd;
	87	char buf[32768];
	88	struct nlmsghdr *nlmsg;
	89	struct rtgenmsg *rtgen;
	90	const struct rtattr *rta;
	91	const struct rtmsg *rtm;
	92	ssize_t n, nn;
	93	int rc = 0;
	94	static unsigned long seq = 0x48b4aec4;
	95
	96	if ((fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE)) < 0)
	97	die(1, "failed to create netlink socket: %s", strerror(errno));
	98
	99	nlmsg = (struct nlmsghdr *)buf;
	100	assert(NLMSG_SPACE(sizeof(*rtgen)) < sizeof(buf));
	101	nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(*rtgen));
	102	nlmsg->nlmsg_type = RTM_GETROUTE;
	103	nlmsg->nlmsg_flags = NLM_F_REQUEST \| NLM_F_ROOT;
	104	nlmsg->nlmsg_seq = ++seq;
	105	nlmsg->nlmsg_pid = 0;
	106
	107	rtgen = (struct rtgenmsg *)NLMSG_DATA(nlmsg);
	108	rtgen->rtgen_family = af;
	109
	110	if (write(fd, nlmsg, nlmsg->nlmsg_len) < 0)
	111	die(1, "failed to send RTM_GETROUTE request: %s", strerror(errno));
9dcdc856	112
9da480be MW	113	for (;;) {
	114	if ((n = read(fd, buf, sizeof(buf))) < 0)
	115	die(1, "failed to read RTM_GETROUTE response: %s", strerror(errno));
	116	nlmsg = (struct nlmsghdr *)buf;
	117	if (nlmsg->nlmsg_seq != seq) continue;
	118	assert(nlmsg->nlmsg_flags & NLM_F_MULTI);
	119
	120	for (; NLMSG_OK(nlmsg, n); nlmsg = NLMSG_NEXT(nlmsg, n)) {
	121	if (nlmsg->nlmsg_type == NLMSG_DONE) goto done;
	122	if (nlmsg->nlmsg_type != RTM_NEWROUTE) continue;
	123	rtm = (const struct rtmsg *)NLMSG_DATA(nlmsg);
	124
	125	if (rtm->rtm_family != af \|\|
	126	rtm->rtm_dst_len > 0 \|\|
	127	rtm->rtm_src_len > 0 \|\|
	128	rtm->rtm_type != RTN_UNICAST \|\|
	129	rtm->rtm_scope != RT_SCOPE_UNIVERSE \|\|
	130	rtm->rtm_tos != 0)
	131	continue;
9dcdc856	132
9da480be MW	133	for (rta = RTM_RTA(rtm), nn = RTM_PAYLOAD(nlmsg);
	134	RTA_OK(rta, nn); rta = RTA_NEXT(rta, nn)) {
	135	if (rta->rta_type == RTA_GATEWAY) {
	136	assert(RTA_PAYLOAD(rta) <= sizeof(*a));
	137	memcpy(a, RTA_DATA(rta), RTA_PAYLOAD(rta));
	138	rc = 1;
	139	}
	140	}
	141	}
	142	}
9dcdc856	143
9da480be MW	144	done:
	145	close(fd);
	146	return (rc);
9dcdc856 MW	147	}
9dcdc856 MW	148
9da480be	149	void identify(struct query *q)
9dcdc856	150	{
9dcdc856 MW	151	FILE *fp = 0;
	152	dstr d = DSTR_INIT;
	153	char p, pp;
	154	struct socket s[4];
	155	int i;
9da480be	156	int gwp = 0;
9dcdc856 MW	157	unsigned fl;
	158	#define F_SADDR 1u
	159	#define F_SPORT 2u
	160	#define F_DADDR 4u
	161	#define F_DPORT 8u
	162	#define F_ALL (F_SADDR \| F_SPORT \| F_DADDR \| F_DPORT)
	163	#define F_ESTAB 16u
	164	uid_t uid;
	165	enum { LOC, REM, ST, UID, NFIELD };
	166	int f, ff[NFIELD];
	167
bf4d9761 MW	168	if (get_default_gw(q->ao->af, &s[0].addr) &&
bf4d9761 MW	169	q->ao->addreq(&s[0].addr, &q->s[R].addr))
9da480be MW	170	gwp = 1;
9da480be MW	171
bf4d9761	172	if ((fp = fopen(q->ao->sys->procfile, "r")) == 0) {
9dcdc856	173	logmsg(q, LOG_ERR, "failed to open `%s' for reading: %s",
bf4d9761	174	q->ao->sys->procfile, strerror(errno));
9dcdc856 MW	175	goto err_unk;
	176	}
	177
	178	#define NEXTFIELD do { \
	179	for (p = pp; isspace((unsigned char)*p); p++); \
	180	for (pp = p; pp && !isspace((unsigned char)pp); pp++); \
	181	if (pp) pp++ = 0; \
	182	} while (0)
	183
	184	if (dstr_putline(&d, fp) == EOF) {
	185	logmsg(q, LOG_ERR, "failed to read header line from `%s': %s",
bf4d9761 MW	186	q->ao->sys->procfile,
bf4d9761 MW	187	ferror(fp) ? strerror(errno) : "unexpected EOF");
9dcdc856 MW	188	goto err_unk;
	189	}
	190
	191	for (i = 0; i < NFIELD; i++) ff[i] = -1;
	192	pp = d.buf;
	193	for (f = 0;; f++) {
	194	NEXTFIELD; if (!*p) break;
	195	if (strcmp(p, "local_address") == 0)
	196	ff[LOC] = f;
	197	else if (strcmp(p, "rem_address") == 0 \|\|
	198	strcmp(p, "remote_address") == 0)
	199	ff[REM] = f;
	200	else if (strcmp(p, "uid") == 0)
	201	ff[UID] = f;
	202	else if (strcmp(p, "st") == 0)
	203	ff[ST] = f;
	204	else if (strcmp(p, "rx_queue") == 0 \|\|
	205	strcmp(p, "tm->when") == 0)
	206	f--;
	207	}
	208	for (i = 0; i < NFIELD; i++) {
	209	if (ff[i] < 0) {
	210	logmsg(q, LOG_ERR, "failed to find required fields in `%s'",
bf4d9761	211	q->ao->sys->procfile);
9dcdc856 MW	212	goto err_unk;
	213	}
	214	}
	215
	216	for (;;) {
	217	DRESET(&d);
	218	if (dstr_putline(&d, fp) == EOF) break;
	219	pp = d.buf;
	220	uid = -1;
	221	for (f = 0;; f++) {
	222	NEXTFIELD; if (!*p) break;
	223	if (f == ff[LOC]) { i = L; goto compare; }
	224	else if (f == ff[REM]) { i = R; goto compare; }
	225	else if (f == ff[UID]) uid = atoi(p);
	226	else if (f == ff[ST]) {
	227	if (strtol(p, 0, 16) != 1) goto next_row;
	228	}
	229	continue;
	230
	231	compare:
bf4d9761	232	if (q->ao->sys->parseaddr(&p, &s[0].addr)) goto next_row;
9dcdc856 MW	233	if (*p != ':') break; p++;
9dcdc856 MW	234	s[0].port = strtoul(p, 0, 16);
bf4d9761	235	if (!sockeq(q->ao, &q->s[i], &s[0]) &&
9da480be MW	236	(i != R \|\| !gwp \|\| q->s[R].port != s[0].port))
9da480be MW	237	goto next_row;
9dcdc856 MW	238	}
9dcdc856 MW	239	if (uid != -1) {
9da480be MW	240	q->resp = R_UID;
9da480be MW	241	q->u.uid = uid;
9dcdc856 MW	242	goto done;
	243	}
	244	next_row:;
	245	}
	246
	247	if (ferror(fp)) {
b093b41d MW	248	logmsg(q, LOG_ERR, "failed to read connection table `%s': %s",
b093b41d MW	249	q->ao->sys->procfile, strerror(errno));
9dcdc856 MW	250	goto err_unk;
	251	}
	252
2a9b8d4a	253	if (natfp) {
b093b41d	254	rewind(natfp);
9dcdc856 MW	255
	256	for (;;) {
	257	DRESET(&d);
b093b41d	258	if (dstr_putline(&d, natfp) == EOF) break;
9dcdc856	259	pp = d.buf;
2a9b8d4a MW	260
	261	NEXTFIELD; if (!*p) break;
	262	if (strcmp(p, q->ao->sys->nfl3name)) continue;
	263	NEXTFIELD; if (!*p) break;
9dcdc856 MW	264	NEXTFIELD; if (!*p) break;
	265	if (strcmp(p, "tcp") != 0) continue;
	266	i = 0;
	267	fl = 0;
	268	for (;;) {
	269	NEXTFIELD; if (!*p) break;
	270	if (strcmp(p, "ESTABLISHED") == 0)
	271	fl \|= F_ESTAB;
	272	else if (strncmp(p, "src=", 4) == 0) {
2a9b8d4a	273	inet_pton(q->ao->af, p + 4, &s[i].addr);
9dcdc856 MW	274	fl \|= F_SADDR;
9dcdc856 MW	275	} else if (strncmp(p, "dst=", 4) == 0) {
2a9b8d4a	276	inet_pton(q->ao->af, p + 4, &s[i + 1].addr);
9dcdc856 MW	277	fl \|= F_DADDR;
	278	} else if (strncmp(p, "sport=", 6) == 0) {
	279	s[i].port = atoi(p + 6);
	280	fl \|= F_SPORT;
	281	} else if (strncmp(p, "dport=", 6) == 0) {
	282	s[i + 1].port = atoi(p + 6);
	283	fl \|= F_DPORT;
	284	}
	285	if ((fl & F_ALL) == F_ALL) {
	286	fl &= ~F_ALL;
	287	if (i < 4) i += 2;
	288	else break;
	289	}
	290	}
	291
	292	#ifdef notdef
	293	{
	294	dstr dd = DSTR_INIT;
	295	dstr_putf(&dd, "%sestab ", (fl & F_ESTAB) ? " " : "!");
bf4d9761	296	dputsock(&dd, q->ao, &s[0]);
9dcdc856	297	dstr_puts(&dd, "<->");
bf4d9761	298	dputsock(&dd, q->ao, &s[1]);
9dcdc856	299	dstr_puts(&dd, " \| ");
bf4d9761	300	dputsock(&dd, q->ao, &s[2]);
9dcdc856	301	dstr_puts(&dd, "<->");
bf4d9761	302	dputsock(&dd, q->ao, &s[3]);
9dcdc856 MW	303	printf("parsed: %s\n", dd.buf);
	304	dstr_destroy(&dd);
	305	}
	306	#endif
	307
	308	if (!(fl & F_ESTAB)) continue;
	309
	310	for (i = 0; i < 4; i++)
bf4d9761	311	if (sockeq(q->ao, &s[i], &q->s[L])) goto found_local;
9dcdc856 MW	312	continue;
	313	putchar('.');
	314	found_local:
bf4d9761 MW	315	if (!sockeq(q->ao, &s[i^1], &s[i^2]) \|\|
bf4d9761 MW	316	!sockeq(q->ao, &s[i^1], &q->s[R]))
9dcdc856	317	continue;
9da480be MW	318	q->resp = R_NAT;
9da480be MW	319	q->u.nat = s[i^3];
9dcdc856 MW	320	goto done;
	321	}
	322
2a9b8d4a	323	/* Reached the end of the NAT file. */
b093b41d	324	if (ferror(natfp)) {
2a9b8d4a	325	logmsg(q, LOG_ERR, "failed to read `/proc/net/nf_conntrack': %s",
9dcdc856 MW	326	strerror(errno));
	327	goto err_unk;
	328	}
	329	}
	330
	331	#undef NEXTFIELD
	332
b093b41d	333	logmsg(q, LOG_NOTICE, "connection not found");
9da480be MW	334	q->resp = R_ERROR;
9da480be MW	335	q->u.error = E_NOUSER;
9dcdc856 MW	336	goto done;
9dcdc856 MW	337	err_unk:
9da480be MW	338	q->resp = R_ERROR;
9da480be MW	339	q->u.error = E_UNKNOWN;
9dcdc856 MW	340	done:
9dcdc856 MW	341	dstr_destroy(&d);
60150b4c	342	if (fp) fclose(fp);
9dcdc856 MW	343	}
9dcdc856 MW	344
b093b41d MW	345	void init_sys(void)
b093b41d MW	346	{
2a9b8d4a	347	if ((natfp = fopen("/proc/net/nf_conntrack", "r")) == 0 &&
b093b41d	348	errno != ENOENT) {
2a9b8d4a	349	die(1, "failed to open `/proc/net/nf_conntrack' for reading: %s",
b093b41d MW	350	strerror(errno));
	351	}
	352	}
	353
9dcdc856	354	/----- That's all, folks -------------------------------------------------/