From: Roy Marples Date: Mon, 1 Jun 2020 17:59:08 +0000 (+0100) Subject: privsep: Only open raw sockets for the needed protocols. X-Git-Tag: v9.1.1~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd1a2992260deed8a669c4dfdbb599409330c08a;p=thirdparty%2Fdhcpcd.git privsep: Only open raw sockets for the needed protocols. Just warn about any errors rather than forcing an early exit as well. While here, fix startup if DHCPv6 disabled globally but enabled per if. --- diff --git a/src/privsep-inet.c b/src/privsep-inet.c index 8bf0474c..48fb19a2 100644 --- a/src/privsep-inet.c +++ b/src/privsep-inet.c @@ -170,8 +170,8 @@ ps_inet_startcb(void *arg) } #endif #ifdef DHCP6 - if ((ctx->options & (DHCPCD_DHCP6 | DHCPCD_MASTER)) == - (DHCPCD_DHCP6 | DHCPCD_MASTER)) + if ((ctx->options & (DHCPCD_IPV6 | DHCPCD_MASTER)) == + (DHCPCD_IPV6 | DHCPCD_MASTER)) { ctx->dhcp6_rfd = dhcp6_openudp(0, NULL); if (ctx->dhcp6_rfd == -1) diff --git a/src/privsep-root.c b/src/privsep-root.c index 942fdd84..04e19742 100644 --- a/src/privsep-root.c +++ b/src/privsep-root.c @@ -607,19 +607,26 @@ ps_root_startcb(void *arg) * but makes life very easy for unicasting DHCPv6 in non master * mode as we no longer care about address selection. */ #ifdef INET - ctx->udp_wfd = xsocket(PF_INET, SOCK_RAW | SOCK_CXNB, IPPROTO_UDP); - if (ctx->udp_wfd == -1) - return -1; + if (ctx->options & DHCPCD_IPV4) { + ctx->udp_wfd = xsocket(PF_INET, + SOCK_RAW | SOCK_CXNB, IPPROTO_UDP); + if (ctx->udp_wfd == -1) + logerr("%s: dhcp_openraw", __func__); + } #endif #ifdef INET6 - ctx->nd_fd = ipv6nd_open(false); - if (ctx->nd_fd == -1) - return -1; + if (ctx->options & DHCPCD_IPV6) { + ctx->nd_fd = ipv6nd_open(false); + if (ctx->udp_wfd == -1) + logerr("%s: ipv6nd_open", __func__); + } #endif #ifdef DHCP6 - ctx->dhcp6_wfd = dhcp6_openraw(); - if (ctx->dhcp6_wfd == -1) - return -1; + if (ctx->options & DHCPCD_IPV6) { + ctx->dhcp6_wfd = dhcp6_openraw(); + if (ctx->udp_wfd == -1) + logerr("%s: dhcp6_openraw", __func__); + } #endif #ifdef PLUGIN_DEV