From: Roy Marples <roy@marples.name>
Date: Sat, 16 May 2020 11:28:56 +0000 (+0100)
Subject: Linux: Lock the BPF filter from future changes
X-Git-Tag: v9.1.0~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2fec927e001f2430bb8d5127403968f23b9c316;p=thirdparty%2Fdhcpcd.git

Linux: Lock the BPF filter from future changes
---

diff --git a/src/if-linux.c b/src/if-linux.c
index 2e86fe61..62bb2398 100644
--- a/src/if-linux.c
+++ b/src/if-linux.c
@@ -1725,7 +1725,17 @@ bpf_attach(int s, void *filter, unsigned int filter_len)
 	};
 
 	/* Install the filter. */
-	return setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf));
+	if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)) == -1)
+		return -1;
+
+#ifdef SO_LOCK_FILTER
+	int on = 1;
+
+	if (setsockopt(s, SOL_SOCKET, SO_LOCK_FILTER, &on, sizeof(on)) == -1)
+		return -1;
+#endif
+
+	return 0;
 }
 
 int