From c8581f3710335ae6be68909c1c8307aa66990428 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Mon, 10 May 2021 08:30:38 +0200 Subject: icmp: Warn if "ping" socket can't be opened, don't fail If net.ipv4.ping_group_range doesn't include our PID, we'll fail to open sockets for ICMP and ICMPv6 echo. Warn instead of exiting, this is not fatal. Signed-off-by: Stefano Brivio --- icmp.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/icmp.c b/icmp.c index 2966cb3..3423856 100644 --- a/icmp.c +++ b/icmp.c @@ -101,6 +101,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr, .sin_addr.s_addr = htonl(INADDR_ANY), }; + if (c->icmp.s4 < 0) + return 1; + if (msg[0].l4_len < sizeof(*ih) || ih->type != ICMP_ECHO) return 1; @@ -118,6 +121,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr, }; struct icmp6hdr *ih = (struct icmp6hdr *)msg[0].l4h; + if (c->icmp.s6 < 0) + return 1; + if (msg[0].l4_len < sizeof(*ih) || (ih->icmp6_type != 128 && ih->icmp6_type != 129)) return 1; @@ -142,14 +148,22 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr, */ int icmp_sock_init(struct ctx *c) { + int fail = 0; + c->icmp.fd_min = INT_MAX; c->icmp.fd_max = 0; if (c->v4 && (c->icmp.s4 = sock_l4(c, AF_INET, IPPROTO_ICMP, 0)) < 0) - return -1; + fail = 1; if (c->v6 && (c->icmp.s6 = sock_l4(c, AF_INET6, IPPROTO_ICMPV6, 0)) < 0) - return -1; + fail = 1; + + if (fail) { + warn("Cannot open \"ping\" socket. You might need to:"); + warn(" sysctl -w net.ipv4.ping_group_range=\"0 2147483647\""); + warn("...continuing without echo request/reply support."); + } return 0; } -- cgit v1.2.3