sd-dhcp6-client: fix free before use

[elogind.git] / src / libsystemd-network / ipv4ll-network.c

diff --git a/src/libsystemd-network/ipv4ll-network.c b/src/libsystemd-network/ipv4ll-network.c
index 9525408de964e523e56015f9bc1894ca7e869b0d..0852f42c3a8291cb11b88af894b7fce3099dba04 100644 (file)
--- a/src/libsystemd-network/ipv4ll-network.c
+++ b/src/libsystemd-network/ipv4ll-network.c
@@ -17,23 +17,50 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
+#include <linux/filter.h>
+
 #include "util.h"
 #include "ipv4ll-internal.h"
 
 int arp_network_send_raw_socket(int fd, const union sockaddr_union *link,
                                         const struct ether_arp *arp) {
+        int r;
+
         assert(arp);
         assert(link);
         assert(fd >= 0);
 
-        if (sendto(fd, arp, sizeof(struct ether_arp), 0, &link->sa, sizeof(link->ll)) < 0)
+        r = sendto(fd, arp, sizeof(struct ether_arp), 0, &link->sa, sizeof(link->ll));
+        if (r < 0)
                 return -errno;
 
         return 0;
 }
 
 int arp_network_bind_raw_socket(int index, union sockaddr_union *link) {
-        int s;
+        struct sock_filter filter[] = {
+            BPF_STMT(BPF_LD + BPF_W + BPF_LEN, 0),                                         /* A <- packet length */
+            BPF_JUMP(BPF_JMP + BPF_JGE + BPF_K, sizeof(struct ether_arp), 1, 0),           /* packet >= arp packet ? */
+            BPF_STMT(BPF_RET + BPF_K, 0),                                                  /* ignore */
+            BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(struct ether_arp, ea_hdr.ar_hrd)), /* A <- header */
+            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPHRD_ETHER, 1, 0),                       /* header == ethernet ? */
+            BPF_STMT(BPF_RET + BPF_K, 0),                                                  /* ignore */
+            BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(struct ether_arp, ea_hdr.ar_pro)), /* A <- protocol */
+            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 1, 0),                       /* protocol == IP ? */
+            BPF_STMT(BPF_RET + BPF_K, 0),                                                  /* ignore */
+            BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(struct ether_arp, ea_hdr.ar_op)),  /* A <- operation */
+            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REQUEST, 0, 1),                      /* protocol == request ? */
+            BPF_STMT(BPF_RET + BPF_K, 65535),                                              /* return all */
+            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REPLY, 0, 1),                        /* protocol == reply ? */
+            BPF_STMT(BPF_RET + BPF_K, 65535),                                              /* return all */
+            BPF_STMT(BPF_RET + BPF_K, 0),                                                  /* ignore */
+        };
+        struct sock_fprog fprog = {
+            .len = ELEMENTSOF(filter),
+            .filter = filter
+        };
+        _cleanup_close_ int s = -1;
+        int r;
 
         assert(index > 0);
         assert(link);
@@ -42,16 +69,22 @@ int arp_network_bind_raw_socket(int index, union sockaddr_union *link) {
         if (s < 0)
                 return -errno;
 
+        r = setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog));
+        if (r < 0)
+                return -errno;
+
         link->ll.sll_family = AF_PACKET;
         link->ll.sll_protocol = htons(ETH_P_ARP);
         link->ll.sll_ifindex = index;
         link->ll.sll_halen = ETH_ALEN;
         memset(link->ll.sll_addr, 0xff, ETH_ALEN);
 
-        if (bind(s, &link->sa, sizeof(link->ll)) < 0) {
-                safe_close(s);
+        r = bind(s, &link->sa, sizeof(link->ll));
+        if (r < 0)
                 return -errno;
-        }
 
-        return s;
+        r = s;
+        s = -1;
+
+        return r;
 }