From 2799e613da8a1aa0c5ef4618e73bd45892672c9b Mon Sep 17 00:00:00 2001
From: hselasky <hselasky@FreeBSD.org>
Date: Mon, 17 Sep 2018 11:24:16 +0000
Subject: [PATCH] MFC r338613: Fix for backends which doesn't support capsicum.

Not all libpcap backends use the BPF compatible set
of IOCTLs. For example the mlx5 backend uses libibverbs
which is currently not capsicum compatible.

Disable sandboxing for such backends.

Discussed with:		emaste@
Sponsored by:		Mellanox Technologies
---
 contrib/tcpdump/tcpdump.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/contrib/tcpdump/tcpdump.c b/contrib/tcpdump/tcpdump.c
index d08c33ee6eb..31adfed016a 100644
--- a/contrib/tcpdump/tcpdump.c
+++ b/contrib/tcpdump/tcpdump.c
@@ -2069,6 +2069,9 @@ main(int argc, char **argv)
 #else
 	cansandbox = (cansandbox && ndo->ndo_nflag);
 #endif	/* HAVE_CASPER */
+	cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+	    RFileName != NULL));
+
 	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
 		error("unable to enter the capability mode");
 #endif	/* HAVE_CAPSICUM */
-- 
2.45.0