*: setting the socket send/recv buffer sizes doesn't need elevated privs

The less code running under elevated privileges the better.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>

diff --git a/eigrpd/eigrp_network.c b/eigrpd/eigrp_network.c
index 76f8cfc93b9f3224112b598ae1553d8e7db2cb80..bbb9487b4d85f15104d0fc445d80110ecd199d80 100644 (file)
--- a/eigrpd/eigrp_network.c
+++ b/eigrpd/eigrp_network.c
@@ -108,7 +108,6 @@ void eigrp_adjust_sndbuflen(struct eigrp *eigrp, unsigned int buflen)
        /* Check if any work has to be done at all. */
        if (eigrp->maxsndbuflen >= buflen)
                return;
-       frr_elevate_privs(&eigrpd_privs) {
 
        /* Now we try to set SO_SNDBUF to what our caller has requested
         * (the MTU of a newly added interface). However, if the OS has
@@ -117,16 +116,15 @@ void eigrp_adjust_sndbuflen(struct eigrp *eigrp, unsigned int buflen)
         * may allocate more buffer space, than requested, this isn't
         * a error.
         */
-               setsockopt_so_sendbuf(eigrp->fd, buflen);
-               newbuflen = getsockopt_so_sendbuf(eigrp->fd);
-               if (newbuflen < 0 || newbuflen < (int)buflen)
-                       zlog_warn("%s: tried to set SO_SNDBUF to %u, but got %d",
-                                 __func__, buflen, newbuflen);
-               if (newbuflen >= 0)
-                       eigrp->maxsndbuflen = (unsigned int)newbuflen;
-               else
-                       zlog_warn("%s: failed to get SO_SNDBUF", __func__);
-       }
+       setsockopt_so_sendbuf(eigrp->fd, buflen);
+       newbuflen = getsockopt_so_sendbuf(eigrp->fd);
+       if (newbuflen < 0 || newbuflen < (int)buflen)
+               zlog_warn("%s: tried to set SO_SNDBUF to %u, but got %d",
+                         __func__, buflen, newbuflen);
+       if (newbuflen >= 0)
+               eigrp->maxsndbuflen = (unsigned int)newbuflen;
+       else
+               zlog_warn("%s: failed to get SO_SNDBUF", __func__);
 }
 
 int eigrp_if_ipmulticast(struct eigrp *top, struct prefix *p,

diff --git a/lib/zclient.c b/lib/zclient.c
index 92a9d5ef3153923b31bf6340d4575826e55b5406..e5cab9e0f2f9d732af1ba76520d2d0760e26b731 100644 (file)
--- a/lib/zclient.c
+++ b/lib/zclient.c
@@ -212,10 +212,7 @@ int zclient_socket_connect(struct zclient *zclient)
                return -1;
 
        set_cloexec(sock);
-
-       frr_elevate_privs(zclient->privs) {
-               setsockopt_so_sendbuf(sock, 1048576);
-       }
+       setsockopt_so_sendbuf(sock, 1048576);
 
        /* Connect to zebra. */
        ret = connect(sock, (struct sockaddr *)&zclient_addr, zclient_addr_len);

diff --git a/ospfd/ospf_network.c b/ospfd/ospf_network.c
index e30bb0ffe1238068a334e748dbaf88e8aa0800d6..1415a6e8b748f54ed779c399b958f9f2a6c78b1f 100644 (file)
--- a/ospfd/ospf_network.c
+++ b/ospfd/ospf_network.c
@@ -234,11 +234,11 @@ int ospf_sock_init(struct ospf *ospf)
                        flog_err(EC_LIB_SOCKET,
                                 "Can't set pktinfo option for fd %d",
                                 ospf_sock);
-
-               setsockopt_so_sendbuf(ospf_sock, bufsize);
-               setsockopt_so_recvbuf(ospf_sock, bufsize);
        }
 
+       setsockopt_so_sendbuf(ospf_sock, bufsize);
+       setsockopt_so_recvbuf(ospf_sock, bufsize);
+
        ospf->fd = ospf_sock;
        return ret;
 }

diff --git a/ripd/ripd.c b/ripd/ripd.c
index 9683e26b56c2ad3c26e6ebcaf5c5c63ec235310a..201de9a46e0b3f46942e999f230f6ff06442c63a 100644 (file)
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@@ -1377,9 +1377,9 @@ int rip_create_socket(struct vrf *vrf)
 #ifdef IPTOS_PREC_INTERNETCONTROL
        setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL);
 #endif
+       setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF);
 
        frr_elevate_privs(&ripd_privs) {
-               setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF);
                if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr)))
                    < 0) {
                        zlog_err("%s: Can't bind socket %d to %s port %d: %s",

diff --git a/zebra/zserv.c b/zebra/zserv.c
index f5bb3aabb767428bccadcc61c4d33745784d2c39..80fdbefcd5837c9ba40c900383717c0bc6ed67ae 100644 (file)
--- a/zebra/zserv.c
+++ b/zebra/zserv.c
@@ -816,10 +816,8 @@ void zserv_start(char *path)
                        unlink(suna->sun_path);
        }
 
-       frr_elevate_privs(&zserv_privs) {
-               setsockopt_so_recvbuf(zsock, 1048576);
-               setsockopt_so_sendbuf(zsock, 1048576);
-       }
+       setsockopt_so_recvbuf(zsock, 1048576);
+       setsockopt_so_sendbuf(zsock, 1048576);
 
        frr_elevate_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
                ret = bind(zsock, (struct sockaddr *)&sa, sa_len);