diff options
author | David Härdeman <david@hardeman.nu> | 2020-06-16 22:32:03 +0200 |
---|---|---|
committer | David Härdeman <david@hardeman.nu> | 2020-06-16 22:32:03 +0200 |
commit | 5267074938565976b105324ded8a8c5982bb8d5a (patch) | |
tree | 2d5e9551e3291c258d2a684de21c7132d671434c | |
parent | c48f30ca53695faa09683fc8f506463c07f9c2c3 (diff) |
Make sure igmp socket filter is set and locked
-rw-r--r-- | igmp.c | 16 |
1 files changed, 11 insertions, 5 deletions
@@ -8,6 +8,7 @@ #include <linux/bpf.h> #include <linux/filter.h> #include <arpa/inet.h> +#include <errno.h> /* Remove later */ #include <time.h> @@ -488,6 +489,7 @@ igmp_init(struct cfg *cfg) }; struct igmp *igmp; int sfd; + int opt; igmp = zmalloc(sizeof(*igmp)); if (!igmp) @@ -499,14 +501,18 @@ igmp_init(struct cfg *cfg) */ sfd = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_ALL)); if (sfd < 0) { - perror("igmp socket"); + if (errno == EACCES) + verbose("igmp socket: permission denied\n"); + else + error("igmp socket: %m"); goto out_free; } - if (setsockopt(sfd, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog)) < 0) { - error("igmp setsockopt: %m"); - goto out_fd; - } + if (setsockopt(sfd, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog)) < 0) + perrordie("igmp setsockopt(SO_ATTACH_FILTER): %m"); + + if (setsockopt(sfd, SOL_SOCKET, SO_LOCK_FILTER, &opt, sizeof(opt)) < 0) + perrordie("igmp setsockopt(SO_LOCK_FILTER): %m"); /* struct ifreq ifreq = { |