55 lines
1.7 KiB
Diff
55 lines
1.7 KiB
Diff
From a2d2428c5fa6bf370486f509b18862c5c7b8b47e Mon Sep 17 00:00:00 2001
|
|
From: Petr Vorel <pvorel@suse.cz>
|
|
Date: Tue, 9 Nov 2021 02:39:56 +0100
|
|
Subject: [PATCH 2/2] ping6: Avoid binding to non-VRF
|
|
|
|
This fixes permission issue when specifying just address (without VRF)
|
|
unless having CAP_NET_ADMIN (i.e. root) permission:
|
|
|
|
$ ./builddir/ping/ping -c1 -I lo ::1
|
|
./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted
|
|
|
|
because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on
|
|
opt_strictsource.
|
|
|
|
Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address")
|
|
|
|
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
|
(cherry picked from commit f52b582248f1f870e870a9973621805d969906b4)
|
|
---
|
|
ping/ping6_common.c | 18 ++++++++++--------
|
|
1 file changed, 10 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
|
|
index 98b5adb..a784be0 100644
|
|
--- a/ping/ping6_common.c
|
|
+++ b/ping/ping6_common.c
|
|
@@ -236,14 +236,16 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
|
|
memset(ipi, 0, sizeof(*ipi));
|
|
ipi->ipi6_ifindex = if_name2index(rts->device);
|
|
|
|
- enable_capability_raw();
|
|
- rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
|
|
- rts->device, strlen(rts->device) + 1);
|
|
- errno_save = errno;
|
|
- disable_capability_raw();
|
|
-
|
|
- if (rc == -1)
|
|
- error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
|
|
+ if (rts->opt_strictsource) {
|
|
+ enable_capability_raw();
|
|
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
|
|
+ rts->device, strlen(rts->device) + 1);
|
|
+ errno_save = errno;
|
|
+ disable_capability_raw();
|
|
+
|
|
+ if (rc == -1)
|
|
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
|
|
+ }
|
|
}
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
|
|
--
|
|
2.46.0
|
|
|