]>
Commit | Line | Data |
---|---|---|
1 | /* IP forward control by sysctl function. | |
2 | * Copyright (C) 1997, 1999 Kunihiro Ishiguro | |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2, or (at your option) any | |
9 | * later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with GNU Zebra; see the file COPYING. If not, write to the Free | |
18 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
19 | * 02111-1307, USA. | |
20 | */ | |
21 | ||
22 | #include <zebra.h> | |
23 | #include "privs.h" | |
24 | ||
25 | #ifdef NRL | |
26 | #include <netinet6/in6.h> | |
27 | #endif /* NRL */ | |
28 | ||
29 | #include "log.h" | |
30 | ||
31 | #define MIB_SIZ 4 | |
32 | ||
33 | extern struct zebra_privs_t zserv_privs; | |
34 | ||
35 | /* IPv4 forwarding control MIB. */ | |
36 | int mib[MIB_SIZ] = | |
37 | { | |
38 | CTL_NET, | |
39 | PF_INET, | |
40 | IPPROTO_IP, | |
41 | IPCTL_FORWARDING | |
42 | }; | |
43 | ||
44 | int | |
45 | ipforward () | |
46 | { | |
47 | size_t len; | |
48 | int ipforwarding = 0; | |
49 | ||
50 | len = sizeof ipforwarding; | |
51 | if (sysctl (mib, MIB_SIZ, &ipforwarding, &len, 0, 0) < 0) | |
52 | { | |
53 | zlog_warn ("Can't get ipforwarding value"); | |
54 | return -1; | |
55 | } | |
56 | return ipforwarding; | |
57 | } | |
58 | ||
59 | int | |
60 | ipforward_on () | |
61 | { | |
62 | size_t len; | |
63 | int ipforwarding = 1; | |
64 | ||
65 | len = sizeof ipforwarding; | |
66 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
67 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
68 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) | |
69 | { | |
70 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
71 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
72 | zlog_warn ("Can't set ipforwarding on"); | |
73 | return -1; | |
74 | } | |
75 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
76 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
77 | return ipforwarding; | |
78 | } | |
79 | ||
80 | int | |
81 | ipforward_off () | |
82 | { | |
83 | size_t len; | |
84 | int ipforwarding = 0; | |
85 | ||
86 | len = sizeof ipforwarding; | |
87 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
88 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
89 | if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) | |
90 | { | |
91 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
92 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
93 | zlog_warn ("Can't set ipforwarding on"); | |
94 | return -1; | |
95 | } | |
96 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
97 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
98 | return ipforwarding; | |
99 | } | |
100 | ||
101 | #ifdef HAVE_IPV6 | |
102 | ||
103 | /* IPv6 forwarding control MIB. */ | |
104 | int mib_ipv6[MIB_SIZ] = | |
105 | { | |
106 | CTL_NET, | |
107 | PF_INET6, | |
108 | #if defined(KAME) || (defined(__bsdi__) && _BSDI_VERSION >= 199802 ) || defined(NRL) | |
109 | IPPROTO_IPV6, | |
110 | IPV6CTL_FORWARDING | |
111 | #else /* NOT KAME */ | |
112 | IPPROTO_IP, | |
113 | IP6CTL_FORWARDING | |
114 | #endif /* KAME */ | |
115 | }; | |
116 | ||
117 | int | |
118 | ipforward_ipv6 () | |
119 | { | |
120 | size_t len; | |
121 | int ip6forwarding = 0; | |
122 | ||
123 | len = sizeof ip6forwarding; | |
124 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
125 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
126 | if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) | |
127 | { | |
128 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
129 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
130 | zlog_warn ("can't get ip6forwarding value"); | |
131 | return -1; | |
132 | } | |
133 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
134 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
135 | return ip6forwarding; | |
136 | } | |
137 | ||
138 | int | |
139 | ipforward_ipv6_on () | |
140 | { | |
141 | size_t len; | |
142 | int ip6forwarding = 1; | |
143 | ||
144 | len = sizeof ip6forwarding; | |
145 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
146 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
147 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) | |
148 | { | |
149 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
150 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
151 | zlog_warn ("can't get ip6forwarding value"); | |
152 | return -1; | |
153 | } | |
154 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
155 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
156 | return ip6forwarding; | |
157 | } | |
158 | ||
159 | int | |
160 | ipforward_ipv6_off () | |
161 | { | |
162 | size_t len; | |
163 | int ip6forwarding = 0; | |
164 | ||
165 | len = sizeof ip6forwarding; | |
166 | if (zserv_privs.change(ZPRIVS_RAISE)) | |
167 | zlog (NULL, LOG_ERR, "Can't raise privileges"); | |
168 | if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) | |
169 | { | |
170 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
171 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
172 | zlog_warn ("can't get ip6forwarding value"); | |
173 | return -1; | |
174 | } | |
175 | if (zserv_privs.change(ZPRIVS_LOWER)) | |
176 | zlog (NULL, LOG_ERR, "Can't lower privileges"); | |
177 | return ip6forwarding; | |
178 | } | |
179 | #endif /* HAVE_IPV6 */ |