ISIS VRF: Added vrf_socket and new param in isisd privileges.

1. The socket() call replaced with vrf_socket() in open_packet_socket().
2. One new isisd privileges is added in zebra_capabilities_t [].

Signed-off-by: Kaushik <kaushik@niralnetworks.com>

2 files changed, 13 insertions, 2 deletions

diff --git a/isisd/isis_main.c b/isisd/isis_main.c
index 7d45dd9c2..cb5b47bbd 100644
--- a/isisd/isis_main.c
+++ b/isisd/isis_main.c
@@ -66,7 +66,7 @@
 #define FABRICD_VTY_PORT     2618
 
 /* isisd privileges */
-zebra_capabilities_t _caps_p[] = {ZCAP_NET_RAW, ZCAP_BIND};
+zebra_capabilities_t _caps_p[] = {ZCAP_NET_RAW, ZCAP_BIND, ZCAP_SYS_ADMIN};
 
 struct zebra_privs_t isisd_privs = {
 #if defined(FRR_USER)
diff --git a/isisd/isis_pfpacket.c b/isisd/isis_pfpacket.c
index 28a1488c3..82f42a86d 100644
--- a/isisd/isis_pfpacket.c
+++ b/isisd/isis_pfpacket.c
@@ -32,6 +32,7 @@
 #include "stream.h"
 #include "if.h"
 #include "lib_errors.h"
+#include "vrf.h"
 
 #include "isisd/isis_constants.h"
 #include "isisd/isis_common.h"
@@ -121,8 +122,18 @@ static int open_packet_socket(struct isis_circuit *circuit)
 {
 	struct sockaddr_ll s_addr;
 	int fd, retval = ISIS_OK;
+	struct vrf *vrf = NULL;
+
+	vrf = vrf_lookup_by_id(circuit->interface->vrf_id);
+
+	if (vrf == NULL) {
+		zlog_warn("open_packet_socket(): failed to find vrf node");
+		return ISIS_WARNING;
+	}
+
+	fd = vrf_socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL),
+			circuit->interface->vrf_id, vrf->name);
 
-	fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL));
 	if (fd < 0) {
 		zlog_warn("open_packet_socket(): socket() failed %s",
 			  safe_strerror(errno));