From 2d6221641d66b502b1a49d3267bd8126b0448a1d Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 8 Aug 2023 16:33:44 +0200
Subject: Use SOCK_CLOEXEC/O_CLOEXEC where available

No need for the explicit fcntl() call, request the behaviour when
opening the descriptor.

One fcntl() call setting FD_CLOEXEC remains in extensions/libxt_bpf.c,
the indirect syscall seems not to support passing the flag directly.

Reported-by: Gaurav Gupta <g.gupta@samsung.com>
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1104
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 libiptc/libiptc.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

(limited to 'libiptc')

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 29ff356f..e4750633 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1318,16 +1318,10 @@ retry:
 		return NULL;
 	}
 
-	sockfd = socket(TC_AF, SOCK_RAW, IPPROTO_RAW);
+	sockfd = socket(TC_AF, SOCK_RAW | SOCK_CLOEXEC, IPPROTO_RAW);
 	if (sockfd < 0)
 		return NULL;
 
-	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
-		fprintf(stderr, "Could not set close on exec: %s\n",
-			strerror(errno));
-		abort();
-	}
-
 	s = sizeof(info);
 
 	strcpy(info.name, tablename);
-- 
cgit v1.2.3