icmp: Warn if "ping" socket can't be opened, don't fail

If net.ipv4.ping_group_range doesn't include our PID, we'll fail
to open sockets for ICMP and ICMPv6 echo. Warn instead of
exiting, this is not fatal.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

1 files changed, 16 insertions, 2 deletions

diff --git a/icmp.c b/icmp.c
index 2966cb3..3423856 100644
--- a/icmp.c
+++ b/icmp.c
@@ -101,6 +101,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
 			.sin_addr.s_addr = htonl(INADDR_ANY),
 		};
 
+		if (c->icmp.s4 < 0)
+			return 1;
+
 		if (msg[0].l4_len < sizeof(*ih) || ih->type != ICMP_ECHO)
 			return 1;
 
@@ -118,6 +121,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
 		};
 		struct icmp6hdr *ih = (struct icmp6hdr *)msg[0].l4h;
 
+		if (c->icmp.s6 < 0)
+			return 1;
+
 		if (msg[0].l4_len < sizeof(*ih) ||
 		    (ih->icmp6_type != 128 && ih->icmp6_type != 129))
 			return 1;
@@ -142,14 +148,22 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
  */
 int icmp_sock_init(struct ctx *c)
 {
+	int fail = 0;
+
 	c->icmp.fd_min = INT_MAX;
 	c->icmp.fd_max = 0;
 
 	if (c->v4 && (c->icmp.s4 = sock_l4(c, AF_INET, IPPROTO_ICMP, 0)) < 0)
-		return -1;
+		fail = 1;
 
 	if (c->v6 && (c->icmp.s6 = sock_l4(c, AF_INET6, IPPROTO_ICMPV6, 0)) < 0)
-		return -1;
+		fail = 1;
+
+	if (fail) {
+		warn("Cannot open \"ping\" socket. You might need to:");
+		warn("  sysctl -w net.ipv4.ping_group_range=\"0 2147483647\"");
+		warn("...continuing without echo request/reply support.");
+	}
 
 	return 0;
 }