farp: Require CAP_NET_RAW capability to open AF_PACKET socket

author Tobias Brunner <tobias@strongswan.org>

Tue, 25 Jun 2013 06:37:01 +0000 (08:37 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Tue, 25 Jun 2013 15:16:32 +0000 (17:16 +0200)
author Tobias Brunner <tobias@strongswan.org>
Tue, 25 Jun 2013 06:37:01 +0000 (08:37 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Tue, 25 Jun 2013 15:16:32 +0000 (17:16 +0200)
diff --git a/src/libcharon/plugins/farp/farp_plugin.c b/src/libcharon/plugins/farp/farp_plugin.c

index cbc0bcf..d31defc 100644 (file)
--- a/src/libcharon/plugins/farp/farp_plugin.c
+++ b/src/libcharon/plugins/farp/farp_plugin.c
@@ -92,6 +92,12 @@ plugin_t *farp_plugin_create()
  {
         private_farp_plugin_t *this;
  
+       if (!lib->caps->keep(lib->caps, CAP_NET_RAW))
+       {       /* required to open ARP socket (AF_PACKET) */
+               DBG1(DBG_NET, "farp plugin requires CAP_NET_RAW capability");
+               return NULL;
+       }
+
         INIT(this,
                 .public = {
                         .plugin = {
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 25 Jun 2013 06:37:01 +0000 (08:37 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Tue, 25 Jun 2013 15:16:32 +0000 (17:16 +0200)