From ce24fe0b3f872a6fe06f539dab128af350ba26af Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Wed, 4 Aug 2021 01:44:58 +0200 Subject: util: Don't close ping sockets if bind() fails ...they're still usable, thanks to the workaround implemented in icmp_tap_handler(). Signed-off-by: Stefano Brivio --- util.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/util.c b/util.c index 46589a4..6e0630f 100644 --- a/util.c +++ b/util.c @@ -189,10 +189,13 @@ int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port, if (bind(fd, sa, sl) < 0) { /* We'll fail to bind to low ports if we don't have enough * capabilities, and we'll fail to bind on already bound ports, - * this is fine. + * this is fine. This might also fail for ICMP because of a + * broken SELinux policy, see icmp_tap_handler(). */ - close(fd); - return 0; + if (proto != IPPROTO_ICMP && proto != IPPROTO_ICMPV6) { + close(fd); + return 0; + } } if (proto == IPPROTO_TCP && listen(fd, 128) < 0) { -- cgit v1.2.3