clatd - move bind() post bpf filter attach
This fixes a minor race where the ingress ipv6 raw socket
can receive/deliver packets prior to the bpf filter being
setup to filter them out.
Test: builds, booted on crosshatch, clat continues to work
Bug: 144635476
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I47a4f908d1d365937885d36902fa6a92c53d1ebf
diff --git a/clatd.c b/clatd.c
index 019ce7c..8a0d55f 100644
--- a/clatd.c
+++ b/clatd.c
@@ -68,17 +68,6 @@
* sock - the socket to configure
*/
int configure_packet_socket(int sock) {
- struct sockaddr_ll sll = {
- .sll_family = AF_PACKET,
- .sll_protocol = htons(ETH_P_IPV6),
- .sll_ifindex = if_nametoindex(Global_Clatd_Config.default_pdp_interface),
- .sll_pkttype = PACKET_OTHERHOST, // The 464xlat IPv6 address is not assigned to the kernel.
- };
- if (bind(sock, (struct sockaddr *)&sll, sizeof(sll))) {
- logmsg(ANDROID_LOG_FATAL, "binding packet socket: %s", strerror(errno));
- return 0;
- }
-
uint32_t *ipv6 = Global_Clatd_Config.ipv6_local_subnet.s6_addr32;
// clang-format off
@@ -107,6 +96,17 @@
return 0;
}
+ struct sockaddr_ll sll = {
+ .sll_family = AF_PACKET,
+ .sll_protocol = htons(ETH_P_IPV6),
+ .sll_ifindex = if_nametoindex(Global_Clatd_Config.default_pdp_interface),
+ .sll_pkttype = PACKET_OTHERHOST, // The 464xlat IPv6 address is not assigned to the kernel.
+ };
+ if (bind(sock, (struct sockaddr *)&sll, sizeof(sll))) {
+ logmsg(ANDROID_LOG_FATAL, "binding packet socket: %s", strerror(errno));
+ return 0;
+ }
+
return 1;
}