aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2021-08-04 01:44:58 +0200
committerStefano Brivio <sbrivio@redhat.com>2021-08-04 01:44:58 +0200
commitce24fe0b3f872a6fe06f539dab128af350ba26af (patch)
tree763896bfdbeb88bb9b102a1e333fa68feeb0711b
parenta340e5336d28f5f945287a87d9d20775516c4557 (diff)
downloadpasst-ce24fe0b3f872a6fe06f539dab128af350ba26af.tar
passt-ce24fe0b3f872a6fe06f539dab128af350ba26af.tar.gz
passt-ce24fe0b3f872a6fe06f539dab128af350ba26af.tar.bz2
passt-ce24fe0b3f872a6fe06f539dab128af350ba26af.tar.lz
passt-ce24fe0b3f872a6fe06f539dab128af350ba26af.tar.xz
passt-ce24fe0b3f872a6fe06f539dab128af350ba26af.tar.zst
passt-ce24fe0b3f872a6fe06f539dab128af350ba26af.zip
util: Don't close ping sockets if bind() fails
...they're still usable, thanks to the workaround implemented in icmp_tap_handler(). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--util.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/util.c b/util.c
index 46589a4..6e0630f 100644
--- a/util.c
+++ b/util.c
@@ -189,10 +189,13 @@ int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port,
if (bind(fd, sa, sl) < 0) {
/* We'll fail to bind to low ports if we don't have enough
* capabilities, and we'll fail to bind on already bound ports,
- * this is fine.
+ * this is fine. This might also fail for ICMP because of a
+ * broken SELinux policy, see icmp_tap_handler().
*/
- close(fd);
- return 0;
+ if (proto != IPPROTO_ICMP && proto != IPPROTO_ICMPV6) {
+ close(fd);
+ return 0;
+ }
}
if (proto == IPPROTO_TCP && listen(fd, 128) < 0) {