From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 25 Jun 2013 06:37:01 +0000 (+0200)
Subject: farp: Require CAP_NET_RAW capability to open AF_PACKET socket
X-Git-Tag: 5.1.0dr1~32^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=405f5ab9e92d0cfe78fe33de081e02cfd89b91d1;p=thirdparty%2Fstrongswan.git

farp: Require CAP_NET_RAW capability to open AF_PACKET socket
---

diff --git a/src/libcharon/plugins/farp/farp_plugin.c b/src/libcharon/plugins/farp/farp_plugin.c
index cbc0bcf825..d31defca45 100644
--- a/src/libcharon/plugins/farp/farp_plugin.c
+++ b/src/libcharon/plugins/farp/farp_plugin.c
@@ -92,6 +92,12 @@ plugin_t *farp_plugin_create()
 {
 	private_farp_plugin_t *this;
 
+	if (!lib->caps->keep(lib->caps, CAP_NET_RAW))
+	{	/* required to open ARP socket (AF_PACKET) */
+		DBG1(DBG_NET, "farp plugin requires CAP_NET_RAW capability");
+		return NULL;
+	}
+
 	INIT(this,
 		.public = {
 			.plugin = {