icmp: Warn if "ping" socket can't be opened, don't fail
If net.ipv4.ping_group_range doesn't include our PID, we'll fail to open sockets for ICMP and ICMPv6 echo. Warn instead of exiting, this is not fatal. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio
parent
b385ebaadf
commit
c8581f3710
1 changed files with 16 additions and 2 deletions
18
icmp.c
18
icmp.c
|
|
@ -101,6 +101,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
|
|||
.sin_addr.s_addr = htonl(INADDR_ANY),
|
||||
};
|
||||
|
||||
if (c->icmp.s4 < 0)
|
||||
return 1;
|
||||
|
||||
if (msg[0].l4_len < sizeof(*ih) || ih->type != ICMP_ECHO)
|
||||
return 1;
|
||||
|
||||
|
|
@ -118,6 +121,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
|
|||
};
|
||||
struct icmp6hdr *ih = (struct icmp6hdr *)msg[0].l4h;
|
||||
|
||||
if (c->icmp.s6 < 0)
|
||||
return 1;
|
||||
|
||||
if (msg[0].l4_len < sizeof(*ih) ||
|
||||
(ih->icmp6_type != 128 && ih->icmp6_type != 129))
|
||||
return 1;
|
||||
|
|
@ -142,14 +148,22 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
|
|||
*/
|
||||
int icmp_sock_init(struct ctx *c)
|
||||
{
|
||||
int fail = 0;
|
||||
|
||||
c->icmp.fd_min = INT_MAX;
|
||||
c->icmp.fd_max = 0;
|
||||
|
||||
if (c->v4 && (c->icmp.s4 = sock_l4(c, AF_INET, IPPROTO_ICMP, 0)) < 0)
|
||||
return -1;
|
||||
fail = 1;
|
||||
|
||||
if (c->v6 && (c->icmp.s6 = sock_l4(c, AF_INET6, IPPROTO_ICMPV6, 0)) < 0)
|
||||
return -1;
|
||||
fail = 1;
|
||||
|
||||
if (fail) {
|
||||
warn("Cannot open \"ping\" socket. You might need to:");
|
||||
warn(" sysctl -w net.ipv4.ping_group_range=\"0 2147483647\"");
|
||||
warn("...continuing without echo request/reply support.");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue