diff options
| author | David Lamparter <equinox@opensourcerouting.org> | 2018-08-10 18:46:07 +0200 |
|---|---|---|
| committer | Quentin Young <qlyoung@cumulusnetworks.com> | 2018-08-14 22:02:05 +0200 |
| commit | 6bb30c2cbaed955383758c64cf51382dd1978cb9 (patch) | |
| tree | 156023fc555eda4843d96a708e1e115fddfba927 /ospfd/ospf_network.c | |
| parent | *: use frr_elevate_privs() (1/2: coccinelle) (diff) | |
| download | frr-6bb30c2cbaed955383758c64cf51382dd1978cb9.tar.xz frr-6bb30c2cbaed955383758c64cf51382dd1978cb9.zip | |
*: use frr_elevate_privs() (2/2: manual)
Signed-off-by: David Lamparter <equinox@diac24.net>
Diffstat (limited to 'ospfd/ospf_network.c')
| -rw-r--r-- | ospfd/ospf_network.c | 82 |
1 files changed, 33 insertions, 49 deletions
diff --git a/ospfd/ospf_network.c b/ospfd/ospf_network.c index eac4453ed..1fb930659 100644 --- a/ospfd/ospf_network.c +++ b/ospfd/ospf_network.c @@ -186,67 +186,51 @@ int ospf_sock_init(struct ospf *ospf) /* silently return since VRF is not ready */ return -1; } - if (ospfd_privs.change(ZPRIVS_RAISE)) - flog_err(LIB_ERR_PRIVILEGES, - "ospf_sock_init: could not raise privs, %s", - safe_strerror(errno)); - - ospf_sock = vrf_socket(AF_INET, SOCK_RAW, IPPROTO_OSPFIGP, ospf->vrf_id, - ospf->name); - if (ospf_sock < 0) { - int save_errno = errno; - - if (ospfd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "ospf_sock_init: could not lower privs, %s", - safe_strerror(save_errno)); - - exit(1); - } + frr_elevate_privs(&ospfd_privs) { + ospf_sock = vrf_socket(AF_INET, SOCK_RAW, IPPROTO_OSPFIGP, + ospf->vrf_id, ospf->name); + if (ospf_sock < 0) { + zlog_err("ospf_read_sock_init: socket: %s", + safe_strerror(errno)); + exit(1); + } #ifdef IP_HDRINCL - /* we will include IP header with packet */ - ret = setsockopt(ospf_sock, IPPROTO_IP, IP_HDRINCL, &hincl, - sizeof(hincl)); - if (ret < 0) { - int save_errno = errno; - - zlog_warn("Can't set IP_HDRINCL option for fd %d: %s", - ospf_sock, safe_strerror(save_errno)); - close(ospf_sock); - goto out; - } + /* we will include IP header with packet */ + ret = setsockopt(ospf_sock, IPPROTO_IP, IP_HDRINCL, &hincl, + sizeof(hincl)); + if (ret < 0) { + zlog_warn("Can't set IP_HDRINCL option for fd %d: %s", + ospf_sock, safe_strerror(errno)); + close(ospf_sock); + break; + } #elif defined(IPTOS_PREC_INTERNETCONTROL) #warning "IP_HDRINCL not available on this system" #warning "using IPTOS_PREC_INTERNETCONTROL" - ret = setsockopt_ipv4_tos(ospf_sock, IPTOS_PREC_INTERNETCONTROL); - if (ret < 0) { - int save_errno = errno; - - zlog_warn("can't set sockopt IP_TOS %d to socket %d: %s", tos, - ospf_sock, safe_strerror(save_errno)); - close(ospf_sock); /* Prevent sd leak. */ - goto out; - } + ret = setsockopt_ipv4_tos(ospf_sock, + IPTOS_PREC_INTERNETCONTROL); + if (ret < 0) { + zlog_warn("can't set sockopt IP_TOS %d to socket %d: %s", + tos, ospf_sock, safe_strerror(errno)); + close(ospf_sock); /* Prevent sd leak. */ + break; + } #else /* !IPTOS_PREC_INTERNETCONTROL */ #warning "IP_HDRINCL not available, nor is IPTOS_PREC_INTERNETCONTROL" - zlog_warn("IP_HDRINCL option not available"); + zlog_warn("IP_HDRINCL option not available"); #endif /* IP_HDRINCL */ - ret = setsockopt_ifindex(AF_INET, ospf_sock, 1); + ret = setsockopt_ifindex(AF_INET, ospf_sock, 1); - if (ret < 0) - zlog_warn("Can't set pktinfo option for fd %d", ospf_sock); + if (ret < 0) + zlog_warn("Can't set pktinfo option for fd %d", + ospf_sock); - setsockopt_so_sendbuf(ospf_sock, bufsize); - setsockopt_so_recvbuf(ospf_sock, bufsize); + setsockopt_so_sendbuf(ospf_sock, bufsize); + setsockopt_so_recvbuf(ospf_sock, bufsize); + } ospf->fd = ospf_sock; -out: - if (ospfd_privs.change(ZPRIVS_LOWER)) - flog_err(LIB_ERR_PRIVILEGES, - "ospf_sock_init: could not lower privs, %s", - safe_strerror(errno)); - return ret; } |