]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | /* IP forward control by sysctl function. |
2 | * Copyright (C) 1997, 1999 Kunihiro Ishiguro | |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2, or (at your option) any | |
9 | * later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free | |
18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
19 | * 02111-1307, USA. | |
20 | */ | |
21 | ||
22 | #include <zebra.h> | |
edd7c245 | 23 | #include "privs.h" |
a1ac18c4 | 24 | #include "zebra/ipforward.h" |
718e3744 | 25 | |
718e3744 | 26 | #include "log.h" |
27 | ||
28 | #define MIB_SIZ 4 | |
29 | ||
edd7c245 | 30 | extern struct zebra_privs_t zserv_privs; |
31 | ||
718e3744 | 32 | /* IPv4 forwarding control MIB. */ |
33 | int mib[MIB_SIZ] = | |
34 | { | |
35 | CTL_NET, | |
36 | PF_INET, | |
37 | IPPROTO_IP, | |
38 | IPCTL_FORWARDING | |
39 | }; | |
40 | ||
41 | int | |
a1ac18c4 | 42 | ipforward (void) |
718e3744 | 43 | { |
a5ea687e | 44 | size_t len; |
718e3744 | 45 | int ipforwarding = 0; |
46 | ||
47 | len = sizeof ipforwarding; | |
48 | if (sysctl (mib, MIB_SIZ, &ipforwarding, &len, 0, 0) < 0) | |
49 | { | |
50 | zlog_warn ("Can't get ipforwarding value"); | |
51 | return -1; | |
52 | } | |
53 | return ipforwarding; | |
54 | } | |
55 | ||
56 | int | |
a1ac18c4 | 57 | ipforward_on (void) |
718e3744 | 58 | { |
a5ea687e | 59 | size_t len; |
718e3744 | 60 | int ipforwarding = 1; |
61 | ||
62 | len = sizeof ipforwarding; | |
edd7c245 | 63 | if (zserv_privs.change(ZPRIVS_RAISE)) |
64 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
65 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) | |
718e3744 | 66 | { |
edd7c245 | 67 | if (zserv_privs.change(ZPRIVS_LOWER)) |
68 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 69 | zlog_warn ("Can't set ipforwarding on"); |
70 | return -1; | |
71 | } | |
edd7c245 | 72 | if (zserv_privs.change(ZPRIVS_LOWER)) |
73 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 74 | return ipforwarding; |
75 | } | |
76 | ||
77 | int | |
a1ac18c4 | 78 | ipforward_off (void) |
718e3744 | 79 | { |
a5ea687e | 80 | size_t len; |
718e3744 | 81 | int ipforwarding = 0; |
82 | ||
83 | len = sizeof ipforwarding; | |
edd7c245 | 84 | if (zserv_privs.change(ZPRIVS_RAISE)) |
85 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
86 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) | |
718e3744 | 87 | { |
edd7c245 | 88 | if (zserv_privs.change(ZPRIVS_LOWER)) |
89 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 90 | zlog_warn ("Can't set ipforwarding on"); |
91 | return -1; | |
92 | } | |
edd7c245 | 93 | if (zserv_privs.change(ZPRIVS_LOWER)) |
94 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 95 | return ipforwarding; |
96 | } | |
97 | ||
98 | #ifdef HAVE_IPV6 | |
99 | ||
100 | /* IPv6 forwarding control MIB. */ | |
101 | int mib_ipv6[MIB_SIZ] = | |
102 | { | |
103 | CTL_NET, | |
104 | PF_INET6, | |
1cbb5dfc | 105 | #if defined(KAME) |
718e3744 | 106 | IPPROTO_IPV6, |
107 | IPV6CTL_FORWARDING | |
108 | #else /* NOT KAME */ | |
109 | IPPROTO_IP, | |
110 | IP6CTL_FORWARDING | |
111 | #endif /* KAME */ | |
112 | }; | |
113 | ||
114 | int | |
a1ac18c4 | 115 | ipforward_ipv6 (void) |
718e3744 | 116 | { |
a5ea687e | 117 | size_t len; |
718e3744 | 118 | int ip6forwarding = 0; |
119 | ||
120 | len = sizeof ip6forwarding; | |
edd7c245 | 121 | if (zserv_privs.change(ZPRIVS_RAISE)) |
122 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
123 | if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) | |
718e3744 | 124 | { |
edd7c245 | 125 | if (zserv_privs.change(ZPRIVS_LOWER)) |
126 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 127 | zlog_warn ("can't get ip6forwarding value"); |
128 | return -1; | |
129 | } | |
edd7c245 | 130 | if (zserv_privs.change(ZPRIVS_LOWER)) |
131 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 132 | return ip6forwarding; |
133 | } | |
134 | ||
135 | int | |
a1ac18c4 | 136 | ipforward_ipv6_on (void) |
718e3744 | 137 | { |
a5ea687e | 138 | size_t len; |
718e3744 | 139 | int ip6forwarding = 1; |
140 | ||
141 | len = sizeof ip6forwarding; | |
edd7c245 | 142 | if (zserv_privs.change(ZPRIVS_RAISE)) |
143 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
144 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) | |
718e3744 | 145 | { |
edd7c245 | 146 | if (zserv_privs.change(ZPRIVS_LOWER)) |
147 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 148 | zlog_warn ("can't get ip6forwarding value"); |
149 | return -1; | |
150 | } | |
edd7c245 | 151 | if (zserv_privs.change(ZPRIVS_LOWER)) |
152 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 153 | return ip6forwarding; |
154 | } | |
155 | ||
156 | int | |
a1ac18c4 | 157 | ipforward_ipv6_off (void) |
718e3744 | 158 | { |
a5ea687e | 159 | size_t len; |
718e3744 | 160 | int ip6forwarding = 0; |
161 | ||
162 | len = sizeof ip6forwarding; | |
edd7c245 | 163 | if (zserv_privs.change(ZPRIVS_RAISE)) |
164 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
165 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) | |
718e3744 | 166 | { |
edd7c245 | 167 | if (zserv_privs.change(ZPRIVS_LOWER)) |
168 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 169 | zlog_warn ("can't get ip6forwarding value"); |
170 | return -1; | |
171 | } | |
edd7c245 | 172 | if (zserv_privs.change(ZPRIVS_LOWER)) |
173 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
718e3744 | 174 | return ip6forwarding; |
175 | } | |
176 | #endif /* HAVE_IPV6 */ |