diff options
author | Phil Sutter <phil@nwl.cc> | 2023-08-08 16:33:44 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-08-10 14:14:55 +0200 |
commit | 2d6221641d66b502b1a49d3267bd8126b0448a1d (patch) | |
tree | 19bb7a57750581945536e3b48f0c66d94c2c2d00 /extensions/libxt_set.h | |
parent | 99cd1282779beecf337c4587ffc133ecafb8130f (diff) |
Use SOCK_CLOEXEC/O_CLOEXEC where available
No need for the explicit fcntl() call, request the behaviour when
opening the descriptor.
One fcntl() call setting FD_CLOEXEC remains in extensions/libxt_bpf.c,
the indirect syscall seems not to support passing the flag directly.
Reported-by: Gaurav Gupta <g.gupta@samsung.com>
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1104
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'extensions/libxt_set.h')
-rw-r--r-- | extensions/libxt_set.h | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/extensions/libxt_set.h b/extensions/libxt_set.h index 597bf7eb..685bfab9 100644 --- a/extensions/libxt_set.h +++ b/extensions/libxt_set.h @@ -10,7 +10,7 @@ static int get_version(unsigned *version) { - int res, sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); + int res, sockfd = socket(AF_INET, SOCK_RAW | SOCK_CLOEXEC, IPPROTO_RAW); struct ip_set_req_version req_version; socklen_t size = sizeof(req_version); @@ -18,12 +18,6 @@ get_version(unsigned *version) xtables_error(OTHER_PROBLEM, "Can't open socket to ipset.\n"); - if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { - xtables_error(OTHER_PROBLEM, - "Could not set close on exec: %s\n", - strerror(errno)); - } - req_version.op = IP_SET_OP_VERSION; res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size); if (res != 0) |