commit f1fa85ea7325269fdb9f2d82257104d51f58b6a6 Author: Nick Mathewson nickm@torproject.org Date: Mon Feb 23 12:16:08 2015 -0500

Fix running with the seccomp2 sandbox

We had a regression in 0.2.6.3-alpha when we stopped saying IPPROTO_TCP to socket(). Fixes bug 14989, bugfix on 0.2.6.3-alpha. --- changes/bug14989 | 4 ++++ src/or/connection.c | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/changes/bug14989 b/changes/bug14989 new file mode 100644 index 0000000..f4432d4 --- /dev/null +++ b/changes/bug14989 @@ -0,0 +1,4 @@ + o Major bugfixes (Linux seccomp2 sandbox): + - Pass IPPROTO_TCP rather than 0 to socket(), so that the + Linux seccomp2 sandbox doesn't fail. Fixes bug 14989; + bugfix on 0.2.6.3-alpha. diff --git a/src/or/connection.c b/src/or/connection.c index 79ae178..7db0238 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1612,7 +1612,6 @@ connection_connect_sockaddr(connection_t *conn, tor_socket_t s; int inprogress = 0; const or_options_t *options = get_options(); - int protocol_family;

tor_assert(conn); tor_assert(sa); @@ -1624,8 +1623,6 @@ connection_connect_sockaddr(connection_t *conn, return -1; }

- protocol_family = sa->sa_family; - if (get_options()->DisableNetwork) { /* We should never even try to connect anyplace if DisableNetwork is set. * Warn if we do, and refuse to make the connection. */ @@ -1637,7 +1634,11 @@ connection_connect_sockaddr(connection_t *conn, return -1; }

- s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, 0); + const int protocol_family = sa->sa_family; + const int proto = (sa->sa_family == AF_INET6 || + sa->sa_family == AF_INET) ? IPPROTO_TCP : 0; + + s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto); if (! SOCKET_OK(s)) { *socket_error = tor_socket_errno(-1); log_warn(LD_NET,"Error creating network socket: %s",