]>
Commit | Line | Data |
---|---|---|
1 | /* IP forward control by sysctl function. | |
2 | * Copyright (C) 1997, 1999 Kunihiro Ishiguro | |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2, or (at your option) any | |
9 | * later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free | |
18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
19 | * 02111-1307, USA. | |
20 | */ | |
21 | ||
22 | #include <zebra.h> | |
23 | #include "privs.h" | |
24 | #include "zebra/ipforward.h" | |
25 | ||
26 | #include "log.h" | |
27 | ||
28 | #define MIB_SIZ 4 | |
29 | ||
30 | extern struct zebra_privs_t zserv_privs; | |
31 | ||
32 | /* IPv4 forwarding control MIB. */ | |
33 | int mib[MIB_SIZ] = | |
34 | { | |
35 | CTL_NET, | |
36 | PF_INET, | |
37 | IPPROTO_IP, | |
38 | IPCTL_FORWARDING | |
39 | }; | |
40 | ||
41 | int | |
42 | ipforward (void) | |
43 | { | |
44 | size_t len; | |
45 | int ipforwarding = 0; | |
46 | ||
47 | len = sizeof ipforwarding; | |
48 | if (sysctl (mib, MIB_SIZ, &ipforwarding, &len, 0, 0) < 0) | |
49 | { | |
50 | zlog_warn ("Can't get ipforwarding value"); | |
51 | return -1; | |
52 | } | |
53 | return ipforwarding; | |
54 | } | |
55 | ||
56 | int | |
57 | ipforward_on (void) | |
58 | { | |
59 | size_t len; | |
60 | int ipforwarding = 1; | |
61 | ||
62 | len = sizeof ipforwarding; | |
63 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
64 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
65 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) | |
66 | { | |
67 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
68 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
69 | zlog_warn ("Can't set ipforwarding on"); | |
70 | return -1; | |
71 | } | |
72 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
73 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
74 | return ipforwarding; | |
75 | } | |
76 | ||
77 | int | |
78 | ipforward_off (void) | |
79 | { | |
80 | size_t len; | |
81 | int ipforwarding = 0; | |
82 | ||
83 | len = sizeof ipforwarding; | |
84 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
85 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
86 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) | |
87 | { | |
88 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
89 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
90 | zlog_warn ("Can't set ipforwarding on"); | |
91 | return -1; | |
92 | } | |
93 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
94 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
95 | return ipforwarding; | |
96 | } | |
97 | ||
98 | #ifdef HAVE_IPV6 | |
99 | ||
100 | /* IPv6 forwarding control MIB. */ | |
101 | int mib_ipv6[MIB_SIZ] = | |
102 | { | |
103 | CTL_NET, | |
104 | PF_INET6, | |
105 | #if defined(KAME) | |
106 | IPPROTO_IPV6, | |
107 | IPV6CTL_FORWARDING | |
108 | #else /* NOT KAME */ | |
109 | IPPROTO_IP, | |
110 | IP6CTL_FORWARDING | |
111 | #endif /* KAME */ | |
112 | }; | |
113 | ||
114 | int | |
115 | ipforward_ipv6 (void) | |
116 | { | |
117 | size_t len; | |
118 | int ip6forwarding = 0; | |
119 | ||
120 | len = sizeof ip6forwarding; | |
121 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
122 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
123 | if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) | |
124 | { | |
125 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
126 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
127 | zlog_warn ("can't get ip6forwarding value"); | |
128 | return -1; | |
129 | } | |
130 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
131 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
132 | return ip6forwarding; | |
133 | } | |
134 | ||
135 | int | |
136 | ipforward_ipv6_on (void) | |
137 | { | |
138 | size_t len; | |
139 | int ip6forwarding = 1; | |
140 | ||
141 | len = sizeof ip6forwarding; | |
142 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
143 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
144 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) | |
145 | { | |
146 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
147 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
148 | zlog_warn ("can't get ip6forwarding value"); | |
149 | return -1; | |
150 | } | |
151 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
152 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
153 | return ip6forwarding; | |
154 | } | |
155 | ||
156 | int | |
157 | ipforward_ipv6_off (void) | |
158 | { | |
159 | size_t len; | |
160 | int ip6forwarding = 0; | |
161 | ||
162 | len = sizeof ip6forwarding; | |
163 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
164 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
165 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) | |
166 | { | |
167 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
168 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
169 | zlog_warn ("can't get ip6forwarding value"); | |
170 | return -1; | |
171 | } | |
172 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
173 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
174 | return ip6forwarding; | |
175 | } | |
176 | #endif /* HAVE_IPV6 */ |