diff options
| -rw-r--r-- | configure.ac | 20 | ||||
| -rw-r--r-- | src/Makefile.am | 4 | ||||
| -rw-r--r-- | src/ptunnel.c | 4 | ||||
| -rw-r--r-- | src/ptunnel.h | 2 |
4 files changed, 30 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index f45d875..0517201 100644 --- a/configure.ac +++ b/configure.ac @@ -152,6 +152,25 @@ if test x"${selinux_enabled}" != x; then AC_SEARCH_LIBS([setcon], [selinux],,[selinux_enabled=],) fi +dnl Check for ICMP_FILTER +AC_MSG_CHECKING([for working ICMP_FILTER]) +AC_COMPILE_IFELSE( +[AC_LANG_PROGRAM([[ +#include <netinet/in.h> +#include <sys/socket.h> +#include <linux/icmp.h> +void foo() { + struct icmp_filter filt; + int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + filt.data = ~((1<<ICMP_ECHO) | (1<<ICMP_ECHOREPLY)); + setsockopt(sockfd, SOL_RAW, ICMP_FILTER, &filt, sizeof filt); +} +]], [])] +,[AC_MSG_RESULT([yes]) + with_icmp_filter="yes"] +,[AC_MSG_RESULT([no]) + with_icmp_filter="no"]) + dnl Check for Android liblog.so AC_SEARCH_LIBS([__android_log_vprint], [log],,,) @@ -159,6 +178,7 @@ dnl Set automake conf vars AM_CONDITIONAL([HAVE_PCAP], [test x"${pcap_enabled}" = xyes]) AM_CONDITIONAL([HAVE_SELINUX], [test x"${selinux_enabled}" = xyes]) AM_CONDITIONAL([IS_WINDOWS], [test x"${use_msw}" = xyes]) +AM_CONDITIONAL([HAVE_ICMPFILTER], [test x"${with_icmp_filter}" = xyes]) dnl output config headers AC_CONFIG_HEADERS([src/config.h:src/config.h.in]) diff --git a/src/Makefile.am b/src/Makefile.am index 6d37a49..3abddda 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,6 +14,10 @@ if HAVE_SELINUX ptunnel_ng_CFLAGS += -DHAVE_SELINUX=1 endif +if HAVE_ICMPFILTER +ptunnel_ng_CFLAGS += -DHAVE_ICMPFILTER=1 +endif + ptunnel_ng_SOURCES = \ md5.c \ challenge.c \ diff --git a/src/ptunnel.c b/src/ptunnel.c index f640d1b..9f435f9 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -388,7 +388,9 @@ void* pt_proxy(void *args) { in_addr_t *adr; #endif struct in_addr in_addr; +#ifdef HAVE_ICMPFILTER struct icmp_filter filt; +#endif /* Start the thread, initialize protocol and ring states. */ pt_log(kLog_debug, "Starting ping proxy..\n"); @@ -411,9 +413,11 @@ void* pt_proxy(void *args) { else { pt_log(kLog_debug, "Attempting to create privileged ICMP raw socket..\n"); fwd_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); +#ifdef HAVE_ICMPFILTER filt.data = ~((1<<ICMP_ECHO) | (1<<ICMP_ECHOREPLY)); if (setsockopt(fwd_sock, SOL_RAW, ICMP_FILTER, &filt, sizeof filt) == -1) pt_log(kLog_error, "setockopt for ICMP_FILTER: %s\n", strerror(errno)); +#endif } if (fwd_sock < 0) { pt_log(kLog_error, "Couldn't create %s socket: %s\n", diff --git a/src/ptunnel.h b/src/ptunnel.h index 657a2e6..d93f997 100644 --- a/src/ptunnel.h +++ b/src/ptunnel.h @@ -45,7 +45,9 @@ #define PING_TUNNEL_H 1 #ifndef WIN32 +#ifdef HAVE_ICMPFILTER #include <linux/icmp.h> +#endif #ifdef HAVE_SYS_UNISTD_H #include <sys/unistd.h> #endif |