Skip to content

Commit

Permalink
ICMP: don't fail to start if we can't create a socket
Browse files Browse the repository at this point in the history
On some systems the creation of a user-space ICMP socket will fail
with EPERM. If this happens, don't block startup; instead log a message
explaining that ping won't work and continue.

Fixes moby#286

Signed-off-by: David Scott <dave.scott@docker.com>
  • Loading branch information
djs55 committed Sep 17, 2017
1 parent 2a39423 commit 420e93b
Showing 1 changed file with 19 additions and 7 deletions.
26 changes: 19 additions & 7 deletions src/hostnet/slirp.ml
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,7 @@ struct
mutable endpoints: Endpoint.t IPMap.t;
endpoints_m: Lwt_mutex.t;
udp_nat: Udp_nat.t;
icmp_nat: Icmp_nat.t;
icmp_nat: Icmp_nat.t option;
}

let after_disconnect t = t.after_disconnect
Expand Down Expand Up @@ -601,7 +601,7 @@ struct
type t = {
endpoint: Endpoint.t;
udp_nat: Udp_nat.t;
icmp_nat: Icmp_nat.t;
icmp_nat: Icmp_nat.t option;
}
(** Represents a remote system by proxying data to and from sockets *)

Expand All @@ -614,8 +614,12 @@ struct
Hostnet_icmp.src = src; dst = dst;
ty; code; seq; id; payload = p
} in
Icmp_nat.input ~t:t.icmp_nat ~datagram ()
>|= ok
( match t.icmp_nat with
| Some icmp_nat ->
Icmp_nat.input ~t:icmp_nat ~datagram ()
>|= ok
| None ->
Lwt.return (Ok ()) )

(* Transparent HTTP intercept? *)
| Ipv4 { src = dest_ip ; dst = local_ip;
Expand Down Expand Up @@ -892,7 +896,14 @@ struct
let endpoints = IPMap.empty in
let endpoints_m = Lwt_mutex.create () in
let udp_nat = Udp_nat.create clock in
let icmp_nat = Icmp_nat.create clock in
let icmp_nat = match Icmp_nat.create clock with
| icmp_nat -> Some icmp_nat
| exception Unix.Unix_error (Unix.EPERM, _, _) ->
Log.err (fun f -> f "Permission denied setting up user-space ICMP socket: ping will not work");
None
| exception e ->
Log.err (fun f -> f "Unexpected exception %s setting up user-space ICMP socket: ping will not work" (Printexc.to_string e));
None in
let t = {
vnet_client_id;
after_disconnect = Vmnet.after_disconnect x;
Expand Down Expand Up @@ -967,8 +978,9 @@ struct
Log.err (fun f ->
f "Failed to write an IPv4 packet: %a" Stack_ipv4.pp_error e);
| Ok () -> () in

Icmp_nat.set_send_reply ~t:icmp_nat ~send_reply;
( match icmp_nat with
| Some icmp_nat -> Icmp_nat.set_send_reply ~t:icmp_nat ~send_reply
| None -> () );

(* If using bridge, add listener *)
Vnet.set_listen_fn vnet_switch t.vnet_client_id (fun buf ->
Expand Down

0 comments on commit 420e93b

Please sign in to comment.