| | 1 | /* IP forward control by sysctl function. |
| | 2 | * Copyright (C) 1997, 1999 Kunihiro Ishiguro |
| | 3 | * |
| | 4 | * This file is part of GNU Zebra. |
| | 5 | * |
| | 6 | * GNU Zebra is free software; you can redistribute it and/or modify it |
| | 7 | * under the terms of the GNU General Public License as published by the |
| | 8 | * Free Software Foundation; either version 2, or (at your option) any |
| | 9 | * later version. |
| | 10 | * |
| | 11 | * GNU Zebra is distributed in the hope that it will be useful, but |
| | 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
| | 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| | 14 | * General Public License for more details. |
| | 15 | * |
| | 16 | * You should have received a copy of the GNU General Public License |
| | 17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free |
| | 18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
| | 19 | * 02111-1307, USA. |
| | 20 | */ |
| | 21 | |
| | 22 | #include <zebra.h> |
| | 23 | #include "privs.h" |
| | 24 | #include "zebra/ipforward.h" |
| | 25 | |
| | 26 | #include "log.h" |
| | 27 | |
| | 28 | #define MIB_SIZ 4 |
| | 29 | |
| | 30 | extern struct zebra_privs_t zserv_privs; |
| | 31 | |
| | 32 | /* IPv4 forwarding control MIB. */ |
| | 33 | int mib[MIB_SIZ] = |
| | 34 | { |
| | 35 | CTL_NET, |
| | 36 | PF_INET, |
| | 37 | IPPROTO_IP, |
| | 38 | IPCTL_FORWARDING |
| | 39 | }; |
| | 40 | |
| | 41 | int |
| | 42 | ipforward (void) |
| | 43 | { |
| | 44 | size_t len; |
| | 45 | int ipforwarding = 0; |
| | 46 | |
| | 47 | len = sizeof ipforwarding; |
| | 48 | if (sysctl (mib, MIB_SIZ, &ipforwarding, &len, 0, 0) < 0) |
| | 49 | { |
| | 50 | zlog_warn ("Can't get ipforwarding value"); |
| | 51 | return -1; |
| | 52 | } |
| | 53 | return ipforwarding; |
| | 54 | } |
| | 55 | |
| | 56 | int |
| | 57 | ipforward_on (void) |
| | 58 | { |
| | 59 | size_t len; |
| | 60 | int ipforwarding = 1; |
| | 61 | |
| | 62 | len = sizeof ipforwarding; |
| | 63 | if (zserv_privs.change(ZPRIVS_RAISE)) |
| | 64 | zlog (NULL, LOG_ERR, "Can't raise privileges"); |
| | 65 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) |
| | 66 | { |
| | 67 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 68 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 69 | zlog_warn ("Can't set ipforwarding on"); |
| | 70 | return -1; |
| | 71 | } |
| | 72 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 73 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 74 | return ipforwarding; |
| | 75 | } |
| | 76 | |
| | 77 | int |
| | 78 | ipforward_off (void) |
| | 79 | { |
| | 80 | size_t len; |
| | 81 | int ipforwarding = 0; |
| | 82 | |
| | 83 | len = sizeof ipforwarding; |
| | 84 | if (zserv_privs.change(ZPRIVS_RAISE)) |
| | 85 | zlog (NULL, LOG_ERR, "Can't raise privileges"); |
| | 86 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) |
| | 87 | { |
| | 88 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 89 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 90 | zlog_warn ("Can't set ipforwarding on"); |
| | 91 | return -1; |
| | 92 | } |
| | 93 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 94 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 95 | return ipforwarding; |
| | 96 | } |
| | 97 | |
| | 98 | #ifdef HAVE_IPV6 |
| | 99 | |
| | 100 | /* IPv6 forwarding control MIB. */ |
| | 101 | int mib_ipv6[MIB_SIZ] = |
| | 102 | { |
| | 103 | CTL_NET, |
| | 104 | PF_INET6, |
| | 105 | #if defined(KAME) |
| | 106 | IPPROTO_IPV6, |
| | 107 | IPV6CTL_FORWARDING |
| | 108 | #else /* NOT KAME */ |
| | 109 | IPPROTO_IP, |
| | 110 | IP6CTL_FORWARDING |
| | 111 | #endif /* KAME */ |
| | 112 | }; |
| | 113 | |
| | 114 | int |
| | 115 | ipforward_ipv6 (void) |
| | 116 | { |
| | 117 | size_t len; |
| | 118 | int ip6forwarding = 0; |
| | 119 | |
| | 120 | len = sizeof ip6forwarding; |
| | 121 | if (zserv_privs.change(ZPRIVS_RAISE)) |
| | 122 | zlog (NULL, LOG_ERR, "Can't raise privileges"); |
| | 123 | if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) |
| | 124 | { |
| | 125 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 126 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 127 | zlog_warn ("can't get ip6forwarding value"); |
| | 128 | return -1; |
| | 129 | } |
| | 130 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 131 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 132 | return ip6forwarding; |
| | 133 | } |
| | 134 | |
| | 135 | int |
| | 136 | ipforward_ipv6_on (void) |
| | 137 | { |
| | 138 | size_t len; |
| | 139 | int ip6forwarding = 1; |
| | 140 | |
| | 141 | len = sizeof ip6forwarding; |
| | 142 | if (zserv_privs.change(ZPRIVS_RAISE)) |
| | 143 | zlog (NULL, LOG_ERR, "Can't raise privileges"); |
| | 144 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) |
| | 145 | { |
| | 146 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 147 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 148 | zlog_warn ("can't get ip6forwarding value"); |
| | 149 | return -1; |
| | 150 | } |
| | 151 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 152 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 153 | return ip6forwarding; |
| | 154 | } |
| | 155 | |
| | 156 | int |
| | 157 | ipforward_ipv6_off (void) |
| | 158 | { |
| | 159 | size_t len; |
| | 160 | int ip6forwarding = 0; |
| | 161 | |
| | 162 | len = sizeof ip6forwarding; |
| | 163 | if (zserv_privs.change(ZPRIVS_RAISE)) |
| | 164 | zlog (NULL, LOG_ERR, "Can't raise privileges"); |
| | 165 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) |
| | 166 | { |
| | 167 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 168 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 169 | zlog_warn ("can't get ip6forwarding value"); |
| | 170 | return -1; |
| | 171 | } |
| | 172 | if (zserv_privs.change(ZPRIVS_LOWER)) |
| | 173 | zlog (NULL, LOG_ERR, "Can't lower privileges"); |
| | 174 | return ip6forwarding; |
| | 175 | } |
| | 176 | #endif /* HAVE_IPV6 */ |
projects / mirror_frr.git / blame_incremental