IO: Avoid re-binding accepted sockets to VRF

When VRFs are used, BIRD correctly binds listening (and connecting)
sockets to their VRFs but also re-binds accepted sockets to the same VRF.
This is not needed as the interface bind is inherited in this case, and
indeed this redundant bind causes an -EPERM if BIRD is running as
non-root making BIRD close the connection and reject the peer.

Thanks to Christian Svensson for the original patch and Alexander Zubkov
for suggestions.

diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c
index ba2e166149951bd1e206768c5fbacb3568b81af6..987c7a6ba942ea5484a1b120d83f86ce6850cdfd 100644 (file)
--- a/sysdep/unix/io.c
+++ b/sysdep/unix/io.c
@@ -971,10 +971,11 @@ sk_setup(sock *s)
   }
 #endif
 
-  if (s->vrf && !s->iface)
+  if (s->vrf && !s->iface && (s->type != SK_TCP))
   {
     /* Bind socket to associated VRF interface.
-       This is Linux-specific, but so is SO_BINDTODEVICE. */
+       This is Linux-specific, but so is SO_BINDTODEVICE.
+       For accepted TCP sockets it is inherited from the listening one. */
 #ifdef SO_BINDTODEVICE
     struct ifreq ifr = {};
     strcpy(ifr.ifr_name, s->vrf->name);