diff options
| author | Roy Marples <roy@marples.name> | 2020-05-19 16:19:05 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-05-19 16:19:05 +0100 |
| commit | c5445ce8235c153f4f184067ef58249f598d8629 (patch) | |
| tree | b16a5c64baf8b7e6ecfcf1f09cf38d13aa68ff09 /src/if-bsd.c | |
| parent | d2fec927e001f2430bb8d5127403968f23b9c316 (diff) | |
| download | dhcpcd-c5445ce8235c153f4f184067ef58249f598d8629.tar.xz | |
privsep: Enable Capsicum for all processes.
Except for the priviledged process.
This is quite an in-depth change:
* ARP is now one process per address
* BPF flags are now returned via privsep
* BPF write filters are locked when supported
* The root process sends to the network
The last step is done by opening RAW sockets and then sending a UDP
header (where applicable) to avoid binding to an address
which is already in use by the reader sockets.
This is slightly wasteful for OS's without sandboxing but does
have the very nice side effect of not needing a source address
to unicast DHCPs replies from which makes the code smaller.
Diffstat (limited to 'src/if-bsd.c')
| -rw-r--r-- | src/if-bsd.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/if-bsd.c b/src/if-bsd.c index 5849b52e..2d9bbb2a 100644 --- a/src/if-bsd.c +++ b/src/if-bsd.c @@ -168,12 +168,16 @@ if_opensockets_os(struct dhcpcd_ctx *ctx) priv->pf_inet6_fd = -1; #endif -#define SOCK_FLAGS (SOCK_CLOEXEC | SOCK_NONBLOCK) - ctx->link_fd = xsocket(PF_ROUTE, SOCK_RAW | SOCK_FLAGS, AF_UNSPEC); -#undef SOCK_FLAGS + ctx->link_fd = xsocket(PF_ROUTE, SOCK_RAW | SOCK_CXNB, AF_UNSPEC); if (ctx->link_fd == -1) return -1; +#ifdef SO_RERROR + n = 1; + if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_RERROR, &n,sizeof(n)) == -1) + goto errexit; +#endif + /* Ignore our own route(4) messages. * Sadly there is no way of doing this for route(4) messages * generated from addresses we add/delete. */ |