mirror of
https://gitlab.nic.cz/labs/bird.git
synced 2024-12-22 09:41:54 +00:00
IO: Avoid re-binding accepted sockets to VRF
When VRFs are used, BIRD correctly binds listening (and connecting) sockets to their VRFs but also re-binds accepted sockets to the same VRF. This is not needed as the interface bind is inherited in this case, and indeed this redundant bind causes an -EPERM if BIRD is running as non-root making BIRD close the connection and reject the peer. Thanks to Christian Svensson for the original patch and Alexander Zubkov for suggestions.
This commit is contained in:
parent
08ff0af898
commit
130da72203
@ -971,10 +971,11 @@ sk_setup(sock *s)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (s->vrf && !s->iface)
|
if (s->vrf && !s->iface && (s->type != SK_TCP))
|
||||||
{
|
{
|
||||||
/* Bind socket to associated VRF interface.
|
/* Bind socket to associated VRF interface.
|
||||||
This is Linux-specific, but so is SO_BINDTODEVICE. */
|
This is Linux-specific, but so is SO_BINDTODEVICE.
|
||||||
|
For accepted TCP sockets it is inherited from the listening one. */
|
||||||
#ifdef SO_BINDTODEVICE
|
#ifdef SO_BINDTODEVICE
|
||||||
struct ifreq ifr = {};
|
struct ifreq ifr = {};
|
||||||
strcpy(ifr.ifr_name, s->vrf->name);
|
strcpy(ifr.ifr_name, s->vrf->name);
|
||||||
|
Loading…
Reference in New Issue
Block a user