1 files changed, 9 insertions, 5 deletions

diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c
index b5fa948c..3355316c 100644
--- a/bgpd/bgp_network.c
+++ b/bgpd/bgp_network.c
@@ -320,12 +320,16 @@ bgp_connect (struct peer *peer)
   sockopt_reuseport (peer->fd);
   
 #ifdef IPTOS_PREC_INTERNETCONTROL
+  if (bgpd_privs.change (ZPRIVS_RAISE))
+    zlog_err ("%s: could not raise privs", __func__);
   if (sockunion_family (&peer->su) == AF_INET)
     setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
 # ifdef HAVE_IPV6
   else if (sockunion_family (&peer->su) == AF_INET6)
     setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
 # endif
+  if (bgpd_privs.change (ZPRIVS_LOWER))
+    zlog_err ("%s: could not lower privs", __func__);
 #endif
 
   if (peer->password)
@@ -382,6 +386,9 @@ bgp_listener (int sock, struct sockaddr *sa, socklen_t salen)
   sockopt_reuseaddr (sock);
   sockopt_reuseport (sock);
 
+  if (bgpd_privs.change (ZPRIVS_RAISE))
+    zlog_err ("%s: could not raise privs", __func__);
+
 #ifdef IPTOS_PREC_INTERNETCONTROL
   if (sa->sa_family == AF_INET)
     setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL);
@@ -400,13 +407,10 @@ bgp_listener (int sock, struct sockaddr *sa, socklen_t salen)
   }
 #endif
 
-  if (bgpd_privs.change (ZPRIVS_RAISE) )
-    zlog_err ("bgp_socket: could not raise privs");
-
   ret = bind (sock, sa, salen);
   en = errno;
-  if (bgpd_privs.change (ZPRIVS_LOWER) )
-    zlog_err ("bgp_bind_address: could not lower privs");
+  if (bgpd_privs.change (ZPRIVS_LOWER))
+    zlog_err ("%s: could not lower privs", __func__);
 
   if (ret < 0)
     {