From a4703f2a060a81397da497b85bc135187f0f89e9 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <dborkman@redhat.com>
Date: Tue, 9 Apr 2013 09:51:26 +0200
Subject: pcap_io: introduce init_once helper that is called with priviledges

When using netsniff-ng with dropping priviledges, we have to introduce
another pcap helper function that is called once before we drop the
priviledges. In this function we have to invoke the disc I/O scheduler
policy, because it needs priviledges. Otherwise netsniff-ng will fail
with "Failed to set io prio for pid" on startup, since we're not root
anymore.

Reported-by: Doug Burks <doug.burks@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
 netsniff-ng.c | 9 +++++++++
 pcap_io.h     | 1 +
 pcap_mm.c     | 6 +++++-
 pcap_rw.c     | 6 ++----
 pcap_sg.c     | 8 ++++++--
 5 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/netsniff-ng.c b/netsniff-ng.c
index eaf2416..25f59ac 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -187,6 +187,9 @@ static void pcap_to_xmit(struct ctx *ctx)
 		fd = open_or_die(ctx->device_in, O_RDONLY | O_LARGEFILE | O_NOATIME);
 	}
 
+	if (__pcap_io->init_once_pcap)
+		__pcap_io->init_once_pcap();
+
 	ret = __pcap_io->pull_fhdr_pcap(fd, &ctx->magic, &ctx->link_type);
 	if (ret)
 		panic("Error reading pcap header!\n");
@@ -545,6 +548,9 @@ static void read_pcap(struct ctx *ctx)
 		fd = open_or_die(ctx->device_in, O_RDONLY | O_LARGEFILE | O_NOATIME);
 	}
 
+	if (__pcap_io->init_once_pcap)
+		__pcap_io->init_once_pcap();
+
 	ret = __pcap_io->pull_fhdr_pcap(fd, &ctx->magic, &ctx->link_type);
 	if (ret)
 		panic("Error reading pcap header!\n");
@@ -866,6 +872,9 @@ static void recv_only_or_dump(struct ctx *ctx)
 	if (ctx->promiscuous)
 		ifflags = enter_promiscuous_mode(ctx->device_in);
 
+	if (dump_to_pcap(ctx) && __pcap_io->init_once_pcap)
+		__pcap_io->init_once_pcap();
+
 	drop_privileges(ctx->enforce, ctx->uid, ctx->gid);
 
 	if (dump_to_pcap(ctx)) {
diff --git a/pcap_io.h b/pcap_io.h
index 0784195..e593922 100644
--- a/pcap_io.h
+++ b/pcap_io.h
@@ -115,6 +115,7 @@ enum pcap_mode {
 };
 
 struct pcap_file_ops {
+	void (*init_once_pcap)(void);
 	int (*pull_fhdr_pcap)(int fd, uint32_t *magic, uint32_t *linktype);
 	int (*push_fhdr_pcap)(int fd, uint32_t magic, uint32_t linktype);
 	int (*prepare_access_pcap)(int fd, enum pcap_mode mode, bool jumbo);
diff --git a/pcap_mm.c b/pcap_mm.c
index f3b3fd0..28b0469 100644
--- a/pcap_mm.c
+++ b/pcap_mm.c
@@ -148,10 +148,13 @@ static void __pcap_mm_prepare_access_rd(int fd)
 	ptr_va_curr = ptr_va_start + sizeof(struct pcap_filehdr);
 }
 
-static int pcap_mm_prepare_access(int fd, enum pcap_mode mode, bool jumbo)
+static void pcap_mm_init_once(void)
 {
 	set_ioprio_be();
+}
 
+static int pcap_mm_prepare_access(int fd, enum pcap_mode mode, bool jumbo)
+{
 	switch (mode) {
 	case PCAP_MODE_RD:
 		__pcap_mm_prepare_access_rd(fd);
@@ -187,6 +190,7 @@ static void pcap_mm_prepare_close(int fd, enum pcap_mode mode)
 }
 
 const struct pcap_file_ops pcap_mm_ops = {
+	.init_once_pcap = pcap_mm_init_once,
 	.pull_fhdr_pcap = pcap_generic_pull_fhdr,
 	.push_fhdr_pcap = pcap_generic_push_fhdr,
 	.prepare_access_pcap = pcap_mm_prepare_access,
diff --git a/pcap_rw.c b/pcap_rw.c
index 22d613f..4d95c47 100644
--- a/pcap_rw.c
+++ b/pcap_rw.c
@@ -57,11 +57,9 @@ static ssize_t pcap_rw_read(int fd, pcap_pkthdr_t *phdr, enum pcap_type type,
 	return hdrsize + hdrlen;
 }
 
-static int pcap_rw_prepare_access(int fd, enum pcap_mode mode, bool jumbo)
+static void pcap_rw_init_once(void)
 {
 	set_ioprio_rt();
-
-	return 0;
 }
 
 static void pcap_rw_fsync(int fd)
@@ -70,9 +68,9 @@ static void pcap_rw_fsync(int fd)
 }
 
 const struct pcap_file_ops pcap_rw_ops = {
+	.init_once_pcap = pcap_rw_init_once,
 	.pull_fhdr_pcap = pcap_generic_pull_fhdr,
 	.push_fhdr_pcap = pcap_generic_push_fhdr,
-	.prepare_access_pcap = pcap_rw_prepare_access,
 	.read_pcap = pcap_rw_read,
 	.write_pcap = pcap_rw_write,
 	.fsync_pcap = pcap_rw_fsync,
diff --git a/pcap_sg.c b/pcap_sg.c
index ad78ce7..6902001 100644
--- a/pcap_sg.c
+++ b/pcap_sg.c
@@ -146,6 +146,11 @@ static void pcap_sg_fsync(int fd)
 	fdatasync(fd);
 }
 
+static void pcap_sg_init_once(void)
+{
+	set_ioprio_rt();
+}
+
 static int pcap_sg_prepare_access(int fd, enum pcap_mode mode, bool jumbo)
 {
 	int i, ret;
@@ -160,8 +165,6 @@ static int pcap_sg_prepare_access(int fd, enum pcap_mode mode, bool jumbo)
 		iov[i].iov_len = len;
 	}
 
-	set_ioprio_rt();
-
 	if (mode == PCAP_MODE_RD) {
 		ret = readv(fd, iov, array_size(iov));
 		if (ret <= 0)
@@ -183,6 +186,7 @@ static void pcap_sg_prepare_close(int fd, enum pcap_mode mode)
 }
 
 const struct pcap_file_ops pcap_sg_ops = {
+	.init_once_pcap = pcap_sg_init_once,
 	.pull_fhdr_pcap = pcap_generic_pull_fhdr,
 	.push_fhdr_pcap = pcap_generic_push_fhdr,
 	.prepare_access_pcap =  pcap_sg_prepare_access,
-- 
cgit v1.2.3-54-g00ecf