# HG changeset patch
# User Roy Marples <roy@marples.name>
# Date 1589628536 -3600
# Node ID 92569921a97489a0d7a834a9bc6cb37bf111f67d
# Parent  bb468c1a3b46edf5d14ae918cfc37e3f0c842808
Linux: Lock the BPF filter from future changes

diff -r bb468c1a3b46 -r 92569921a974 src/if-linux.c
--- a/src/if-linux.c	Fri May 15 22:29:30 2020 +0100
+++ b/src/if-linux.c	Sat May 16 12:28:56 2020 +0100
@@ -1725,7 +1725,17 @@
 	};
 
 	/* Install the filter. */
-	return setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf));
+	if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)) == -1)
+		return -1;
+
+#ifdef SO_LOCK_FILTER
+	int on = 1;
+
+	if (setsockopt(s, SOL_SOCKET, SO_LOCK_FILTER, &on, sizeof(on)) == -1)
+		return -1;
+#endif
+
+	return 0;
 }
 
 int