disable ping when smartdns run as non-root user

src/dns_conf.c

@@ -1300,6 +1300,38 @@ void dns_server_load_exit(void)
 	_config_group_table_destroy();
 }
 
+static int _dns_conf_speed_check_mode_verify(void)
+{
+	int i, j;
+	int has_cap = has_network_raw_cap();
+	int print_log = 0;
+	if (has_cap == 1) {
+		return 0;
+	}
+
+	for (i = 0; i < DOMAIN_CHECK_NUM; i++) {
+		if (dns_conf_check_order.order[i] == DOMAIN_CHECK_ICMP) {
+			for (j = i + 1; j < DOMAIN_CHECK_NUM; j++) {
+				dns_conf_check_order.order[j - 1] = dns_conf_check_order.order[j];
+			}
+			dns_conf_check_order.order[j - 1] = DOMAIN_CHECK_NONE;
+			print_log = 1;
+		}
+	}
+
+	if (print_log) {
+		tlog(TLOG_WARN, "speed check by ping is disabled because smartdns does not have network raw privileges");
+	}
+
+	return 0;
+}
+
+static int _dns_conf_load_post(void)
+{
+	_dns_conf_speed_check_mode_verify();
+	return 0;
+}
+
 int dns_server_load_conf(const char *file)
 {
 	int ret = 0;
@@ -1307,5 +1339,6 @@ int dns_server_load_conf(const char *file)
 	openlog("smartdns", LOG_CONS | LOG_NDELAY, LOG_LOCAL1);
 	ret = load_conf(file, _config_item, _conf_printf);
 	closelog();
+	_dns_conf_load_post();
 	return ret;
 }

src/util.c

@@ -7,6 +7,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/netlink.h>
+#include <linux/capability.h>
 #include <openssl/crypto.h>
 #include <openssl/ssl.h>
 #include <pthread.h>
@@ -17,6 +18,7 @@
 #include <time.h>
 #include <unistd.h>
 #include <inttypes.h>
+#include <sys/prctl.h>
 
 #define TMP_BUFF_LEN_32 32
 
@@ -920,3 +922,14 @@ void get_compiled_time(struct tm *tm)
 	tm->tm_min = min;
 	tm->tm_sec = sec;
 }
+
+int has_network_raw_cap(void)
+{
+	int fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+	if (fd < 0) {
+		return 0;
+	}
+
+	close(fd);
+	return 1;
+}

src/util.h

@@ -67,6 +67,8 @@ int parse_tls_header(const char *data, size_t data_len, char *hostname, const ch
 
 void get_compiled_time(struct tm *tm);
 
+int has_network_raw_cap(void);
+
 #ifdef __cplusplus
 }
 #endif /*__cplusplus */