From 5b690decc4752a6f58389ec9916893269c84e7ac Mon Sep 17 00:00:00 2001
From: Joachim Wiberg <troglobit@gmail.com>
Date: Fri, 3 Sep 2021 09:49:43 +0200
Subject: [PATCH] Fixes for wrapping Net-SNMP and other services that use
 AF_UNIX IPC

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
---
 accept-guard.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/accept-guard.c b/accept-guard.c
index 18a9782..c3b35da 100644
--- a/accept-guard.c
+++ b/accept-guard.c
@@ -185,6 +185,9 @@ static int port_allowed(struct acl *entry, int port)
 {
 	int i;
 
+	if (port == 0)
+		return 1;	/* no port, local IPC traffic */
+
 	for (i = 0; i < MAX_PORTS; i++) {
 		if (entry->ports[i] == port)
 			return 1;
@@ -273,7 +276,7 @@ static int peek_ifindex(int sd)
 
 static ssize_t do_recv(int sd, int rc, int flags, int ifindex)
 {
-	if (rc == -1 || (flags & MSG_PEEK))
+	if (rc == -1 || (flags & MSG_PEEK) || ifindex == 0)
 		goto done;
 
 	parse_acl();