go: fix binding of privileged UDP ports via vmnetd

moby / vpnkit

A toolkit for embedding VPN capabilities in your application

Apache License 2.0

1.1k stars 187 forks source link

go: fix binding of privileged UDP ports via vmnetd #485

Closed djs55 closed 5 years ago

djs55 commented 5 years ago

Previously in 32ede13e84c08bdc76ac8ea17d5e84863b89637f we added a fix for TCP where we didn't set the socket to non-blocking mode. This PR replicates the fix for UDP and adds a unit test.

Related to docker/for-mac#3775

Furthermore this PR only uses the vmnetd code path if the bind actually fails with permission denied. In particular on Mojave, some binds will succeed (e.g. 0.0.0.0:80) without being root.

djs55 commented 5 years ago

Ignoring the OCaml broken CIs, travis is green for the Go code. This also passes the Docker Desktop end-to-end tests for extra safety.