proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-15 08:57:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

*: setting the socket send/recv buffer sizes doesn't need elevated privs

Browse Source 
The less code running under elevated privileges the better.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This commit is contained in:
Renato Westphal 2019-04-08 13:08:00 -03:00
parent 421ac5391f
commit 338b8e914a
5 changed files with 16 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
eigrpd/eigrp_network.c
View File

@ -108,7 +108,6 @@ void eigrp_adjust_sndbuflen(struct eigrp *eigrp, unsigned int buflen)
/* Check if any work has to be done at all. */ /* Check if any work has to be done at all. */
if (eigrp->maxsndbuflen >= buflen) if (eigrp->maxsndbuflen >= buflen)
return; return;
frr_elevate_privs(&eigrpd_privs) {
/* Now we try to set SO_SNDBUF to what our caller has requested /* Now we try to set SO_SNDBUF to what our caller has requested
* (the MTU of a newly added interface). However, if the OS has * (the MTU of a newly added interface). However, if the OS has
@ -126,7 +125,6 @@ void eigrp_adjust_sndbuflen(struct eigrp *eigrp, unsigned int buflen)
eigrp->maxsndbuflen = (unsigned int)newbuflen; eigrp->maxsndbuflen = (unsigned int)newbuflen;
else else
zlog_warn("%s: failed to get SO_SNDBUF", __func__); zlog_warn("%s: failed to get SO_SNDBUF", __func__);
}
} }
int eigrp_if_ipmulticast(struct eigrp *top, struct prefix *p, int eigrp_if_ipmulticast(struct eigrp *top, struct prefix *p,

3
lib/zclient.c
View File

@ -212,10 +212,7 @@ int zclient_socket_connect(struct zclient *zclient)
return -1; return -1;
set_cloexec(sock); set_cloexec(sock);
frr_elevate_privs(zclient->privs) {
setsockopt_so_sendbuf(sock, 1048576); setsockopt_so_sendbuf(sock, 1048576);
}
/* Connect to zebra. */ /* Connect to zebra. */
ret = connect(sock, (struct sockaddr *)&zclient_addr, zclient_addr_len); ret = connect(sock, (struct sockaddr *)&zclient_addr, zclient_addr_len);

2
ospfd/ospf_network.c
View File

@ -234,10 +234,10 @@ int ospf_sock_init(struct ospf *ospf)
flog_err(EC_LIB_SOCKET, flog_err(EC_LIB_SOCKET,
"Can't set pktinfo option for fd %d", "Can't set pktinfo option for fd %d",
ospf_sock); ospf_sock);
}
setsockopt_so_sendbuf(ospf_sock, bufsize); setsockopt_so_sendbuf(ospf_sock, bufsize);
setsockopt_so_recvbuf(ospf_sock, bufsize); setsockopt_so_recvbuf(ospf_sock, bufsize);
}
ospf->fd = ospf_sock; ospf->fd = ospf_sock;
return ret; return ret;

2
ripd/ripd.c
View File

@ -1377,9 +1377,9 @@ int rip_create_socket(struct vrf *vrf)
#ifdef IPTOS_PREC_INTERNETCONTROL #ifdef IPTOS_PREC_INTERNETCONTROL
setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL); setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL);
#endif #endif
setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF);
frr_elevate_privs(&ripd_privs) { frr_elevate_privs(&ripd_privs) {
setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF);
if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr))) if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr)))
< 0) { < 0) {
zlog_err("%s: Can't bind socket %d to %s port %d: %s", zlog_err("%s: Can't bind socket %d to %s port %d: %s",

2
zebra/zserv.c
View File

@ -816,10 +816,8 @@ void zserv_start(char *path)
unlink(suna->sun_path); unlink(suna->sun_path);
} }
frr_elevate_privs(&zserv_privs) {
setsockopt_so_recvbuf(zsock, 1048576); setsockopt_so_recvbuf(zsock, 1048576);
setsockopt_so_sendbuf(zsock, 1048576); setsockopt_so_sendbuf(zsock, 1048576);
}
frr_elevate_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) { frr_elevate_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
ret = bind(zsock, (struct sockaddr *)&sa, sa_len); ret = bind(zsock, (struct sockaddr *)&sa, sa_len);