Skip kernel_setup_interface when skip-kernel-setup is enabled.

Setting sysctls is not allowed for unprivileged users, so let's not try to set per interface rp_filter when `skip-kernel-setup` is set. After this change babeld can run as an unprivileged users with CAP_NET_ADMIN. The user needs to take care of setting up the sysctls themselves.
jech · Dec 20, 2020 · f9698a5 · f9698a5
1 parent bd67a65
commit f9698a5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/babeld.man b/babeld.man
@@ -283,9 +283,12 @@ the command-line option
 .BR \-D .
 .TP
 .BR skip-kernel-setup " {" true | false }
-If this flag is set, no kernel (sysctl) setup is performed on startup. This can
-be useful when running in environments where system permissions prevent setting
-kernel parameters, for instance inside a Linux container.
+If this flag is set, no kernel (sysctl) setup is performed on startup, and
+it is assumed that enabling forwarding, disabling redirects and disabling
+the reverse-path filter is performed by other means.  This can be useful
+when running in environments where system permissions prevent setting
+kernel parameters, for instance without root permissions or inside a Linux
+container.
 .TP
 .BI router-id " id"
 Specify the router-id explicitly, as a modified EUI-64 or a MAC-48

diff --git a/kernel_netlink.c b/kernel_netlink.c
@@ -553,7 +553,8 @@ kernel_setup(int setup)
         }
         nl_setup = 1;
 
-        if(skip_kernel_setup) return 1;
+        if(skip_kernel_setup)
+            return 1;
 
         for(i=0; i<NUM_SYSCTLS; i++) {
             s = &sysctl_settings[i];
@@ -680,6 +681,8 @@ get_old_if(const char *ifname)
 int
 kernel_setup_interface(int setup, const char *ifname, int ifindex)
 {
+    if(skip_kernel_setup) return 1;
+
     char buf[100];
     int i, rc;