*SOLVED* want SOCK_RAW inside vps [message #5951] |
Tue, 05 September 2006 21:53 |
jeffa
Messages: 8 Registered: September 2006
|
Junior Member |
|
|
Hi, I have a program that I want to run inside a VPS that opens a raw socket:
s = socket(AF_INET, SOCK_RAW, IPPROTO_ESP)
...but this returns EAFNOSUPPORT, "Address family not supported by protocol". If run as non-root then you get EPERM "Operation not permitted" as expected. This works fine as root from the host system.
I'm running the latest 2.6.16-026test017 SMP development kernel.
My capabilities line says:
CAPABILITY="NET_ADMIN:on NET_RAW:on SYS_ADMIN:on SYS_TTY_CONFIG:on "
and cat /proc/1/status says:
CapPrm: 000000005decfeff
CapEff: 000000005decfeff
What am I missing?
[Updated on: Fri, 08 September 2006 06:43] by Moderator Report message to a moderator
|
|
|
|
|
Re: want SOCK_RAW inside vps [message #6004 is a reply to message #5957] |
Wed, 06 September 2006 15:47 |
jeffa
Messages: 8 Registered: September 2006
|
Junior Member |
|
|
Thanks for replying. I was able to bind using the protocols that I wanted (not just IPPROTO_ESP) by adding protocols to the switch statement in vz_security_proto_check() in net/sock.c.
There it restricts PF_INET to these protocols:
case IPPROTO_IP:
case IPPROTO_ICMP:
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_RAW:
|
|
|