iputils/backport-ping6-Avoid-binding-to-non-VRF.patch

From f52b582248f1f870e870a9973621805d969906b4 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Tue, 9 Nov 2021 02:39:56 +0100
Subject: [PATCH] ping6: Avoid binding to non-VRF

This fixes permission issue when specifying just address (without VRF)
unless having CAP_NET_ADMIN (i.e. root) permission:

    $ ./builddir/ping/ping -c1 -I lo ::1
    ./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted

because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on
opt_strictsource.

Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address")

Signed-off-by: Petr Vorel <pvorel@suse.cz>

Conflict: Modifying "rts->opt_strictsource" to "options & F_STRICTSOURCE" and "rts->device" to "device","ping/ping6_common.c" to "ping6_common.c"
Reference: https://github.com/iputils/iputils/commit/f52b582248f1f870e870a9973621805d969906b4.patch
---
 ping6_common.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/ping6_common.c b/ping6_common.c
index 4eaa4f6..eb7ca70 100644
--- a/ping6_common.c
+++ b/ping6_common.c
@@ -691,14 +691,16 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock
 		memset(ipi, 0, sizeof(*ipi));
 		ipi->ipi6_ifindex = if_name2index(device);
 
-		enable_capability_raw();
-		rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
-				device, strlen(device) + 1);
-		errno_save = errno;
-		disable_capability_raw();
-
-		if (rc == -1)
-			error(2, errno_save, "SO_BINDTODEVICE %s", device);
+		if (options & F_STRICTSOURCE) {
+			enable_capability_raw();
+			rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
+					device, strlen(device) + 1);
+			errno_save = errno;
+			disable_capability_raw();
+
+			if (rc == -1)
+				error(2, errno_save, "SO_BINDTODEVICE %s", device);
+		}
 	}
 
	if ((whereto.sin6_addr.s6_addr16[0] & htons(0xff00)) == htons(0xff00)) {
-- 
2.27.0