From: Vincent Bernat <vincent@bernat.ch>
Date: Mon, 7 Sep 2020 15:45:38 +0000 (+0200)
Subject: linux: ignore outgoing packets at the socket level
X-Git-Tag: 1.0.7~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5d9226d140676b7246b26794b05916226e0b4caa;p=thirdparty%2Flldpd.git

linux: ignore outgoing packets at the socket level

Since Linux 4.20, it is possible to ignore outgoing packets. This is
already done like this on *BSD.
---

diff --git a/src/daemon/priv-linux.c b/src/daemon/priv-linux.c
index 9a409150..43faca3a 100644
--- a/src/daemon/priv-linux.c
+++ b/src/daemon/priv-linux.c
@@ -145,16 +145,16 @@ asroot_iface_init_os(int ifindex, char *name, int *fd, int proto)
 		.len = sizeof(lldpd_filter_f) / sizeof(struct sock_filter)
 	};
 	if (setsockopt(*fd, SOL_SOCKET, SO_ATTACH_FILTER,
-                &prog, sizeof(prog)) < 0) {
+	    &prog, sizeof(prog)) < 0) {
 		rc = errno;
 		log_warn("privsep", "unable to change filter for %s", name);
 		return rc;
 	}
 
 #ifdef SO_LOCK_FILTER
-	int enable = 1;
+	int lock = 1;
 	if (setsockopt(*fd, SOL_SOCKET, SO_LOCK_FILTER,
-		&enable, sizeof(enable)) < 0) {
+	    &lock, sizeof(lock)) < 0) {
 		if (errno != ENOPROTOOPT) {
 			rc = errno;
 			log_warn("privsep", "unable to lock filter for %s", name);
@@ -162,6 +162,19 @@ asroot_iface_init_os(int ifindex, char *name, int *fd, int proto)
 		}
 	}
 #endif
+#ifdef PACKET_IGNORE_OUTGOING
+	int ignore = 1;
+	if (setsockopt(*fd, SOL_PACKET, PACKET_IGNORE_OUTGOING,
+	    &ignore, sizeof(ignore)) < 0) {
+		if (errno != ENOPROTOOPT) {
+			rc = errno;
+			log_warn("privsep",
+			    "unable to set packet direction for BPF filter on %s",
+			    name);
+			return rc;
+		}
+	}
+#endif
 
 	return 0;
 }