clatd - move bind() post bpf filter attach This fixes a minor race where the ingress ipv6 raw socket can receive/deliver packets prior to the bpf filter being setup to filter them out. Test: builds, booted on crosshatch, clat continues to work Bug: 144635476 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I47a4f908d1d365937885d36902fa6a92c53d1ebf

commit: 69c840fe5363ead6c0d6e012965b7c1538055584 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Mon Nov 18 12:00:49 2019 -0800
committer: Maciej Żenczykowski <maze@google.com> Wed Nov 27 16:45:51 2019 +0000
tree: 2b5fcdc606b4859346b183d337054d17b97ca1ff
parent: badfbedcadeee85f8b7792abfd58de1ca89ec43b [diff] [blame]
diff --git a/ring.c b/ring.c
index e836a55..96a50ca 100644
--- a/ring.c
+++ b/ring.c

@@ -30,7 +30,9 @@
 #include "tun.h"
 
 int ring_create(struct tun_data *tunnel) {
-  int packetsock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6));
+  // Will eventually be bound to htons(ETH_P_IPV6) protocol,
+  // but only after appropriate bpf filter is attached.
+  int packetsock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
   if (packetsock < 0) {
     logmsg(ANDROID_LOG_FATAL, "packet socket failed: %s", strerror(errno));
     return -1;
commit	69c840fe5363ead6c0d6e012965b7c1538055584	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Mon Nov 18 12:00:49 2019 -0800
committer	Maciej Żenczykowski <maze@google.com>	Wed Nov 27 16:45:51 2019 +0000
tree	2b5fcdc606b4859346b183d337054d17b97ca1ff
parent	badfbedcadeee85f8b7792abfd58de1ca89ec43b [diff] [blame]