1: /* IP forward control by sysctl function.
2: * Copyright (C) 1997, 1999 Kunihiro Ishiguro
3: *
4: * This file is part of GNU Zebra.
5: *
6: * GNU Zebra is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2, or (at your option) any
9: * later version.
10: *
11: * GNU Zebra is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of
13: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14: * General Public License for more details.
15: *
16: * You should have received a copy of the GNU General Public License
17: * along with GNU Zebra; see the file COPYING. If not, write to the Free
18: * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19: * 02111-1307, USA.
20: */
21:
22: #include <zebra.h>
23: #include "privs.h"
24: #include "zebra/ipforward.h"
25:
26: #ifdef NRL
27: #include <netinet6/in6.h>
28: #endif /* NRL */
29:
30: #include "log.h"
31:
32: #define MIB_SIZ 4
33:
34: extern struct zebra_privs_t zserv_privs;
35:
36: /* IPv4 forwarding control MIB. */
37: int mib[MIB_SIZ] =
38: {
39: CTL_NET,
40: PF_INET,
41: IPPROTO_IP,
42: IPCTL_FORWARDING
43: };
44:
45: int
46: ipforward (void)
47: {
48: size_t len;
49: int ipforwarding = 0;
50:
51: len = sizeof ipforwarding;
52: if (sysctl (mib, MIB_SIZ, &ipforwarding, &len, 0, 0) < 0)
53: {
54: zlog_warn ("Can't get ipforwarding value");
55: return -1;
56: }
57: return ipforwarding;
58: }
59:
60: int
61: ipforward_on (void)
62: {
63: size_t len;
64: int ipforwarding = 1;
65:
66: len = sizeof ipforwarding;
67: if (zserv_privs.change(ZPRIVS_RAISE))
68: zlog (NULL, LOG_ERR, "Can't raise privileges");
69: if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
70: {
71: if (zserv_privs.change(ZPRIVS_LOWER))
72: zlog (NULL, LOG_ERR, "Can't lower privileges");
73: zlog_warn ("Can't set ipforwarding on");
74: return -1;
75: }
76: if (zserv_privs.change(ZPRIVS_LOWER))
77: zlog (NULL, LOG_ERR, "Can't lower privileges");
78: return ipforwarding;
79: }
80:
81: int
82: ipforward_off (void)
83: {
84: size_t len;
85: int ipforwarding = 0;
86:
87: len = sizeof ipforwarding;
88: if (zserv_privs.change(ZPRIVS_RAISE))
89: zlog (NULL, LOG_ERR, "Can't raise privileges");
90: if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
91: {
92: if (zserv_privs.change(ZPRIVS_LOWER))
93: zlog (NULL, LOG_ERR, "Can't lower privileges");
94: zlog_warn ("Can't set ipforwarding on");
95: return -1;
96: }
97: if (zserv_privs.change(ZPRIVS_LOWER))
98: zlog (NULL, LOG_ERR, "Can't lower privileges");
99: return ipforwarding;
100: }
101:
102: #ifdef HAVE_IPV6
103:
104: /* IPv6 forwarding control MIB. */
105: int mib_ipv6[MIB_SIZ] =
106: {
107: CTL_NET,
108: PF_INET6,
109: #if defined(KAME) || (defined(__bsdi__) && _BSDI_VERSION >= 199802 ) || defined(NRL)
110: IPPROTO_IPV6,
111: IPV6CTL_FORWARDING
112: #else /* NOT KAME */
113: IPPROTO_IP,
114: IP6CTL_FORWARDING
115: #endif /* KAME */
116: };
117:
118: int
119: ipforward_ipv6 (void)
120: {
121: size_t len;
122: int ip6forwarding = 0;
123:
124: len = sizeof ip6forwarding;
125: if (zserv_privs.change(ZPRIVS_RAISE))
126: zlog (NULL, LOG_ERR, "Can't raise privileges");
127: if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0)
128: {
129: if (zserv_privs.change(ZPRIVS_LOWER))
130: zlog (NULL, LOG_ERR, "Can't lower privileges");
131: zlog_warn ("can't get ip6forwarding value");
132: return -1;
133: }
134: if (zserv_privs.change(ZPRIVS_LOWER))
135: zlog (NULL, LOG_ERR, "Can't lower privileges");
136: return ip6forwarding;
137: }
138:
139: int
140: ipforward_ipv6_on (void)
141: {
142: size_t len;
143: int ip6forwarding = 1;
144:
145: len = sizeof ip6forwarding;
146: if (zserv_privs.change(ZPRIVS_RAISE))
147: zlog (NULL, LOG_ERR, "Can't raise privileges");
148: if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
149: {
150: if (zserv_privs.change(ZPRIVS_LOWER))
151: zlog (NULL, LOG_ERR, "Can't lower privileges");
152: zlog_warn ("can't get ip6forwarding value");
153: return -1;
154: }
155: if (zserv_privs.change(ZPRIVS_LOWER))
156: zlog (NULL, LOG_ERR, "Can't lower privileges");
157: return ip6forwarding;
158: }
159:
160: int
161: ipforward_ipv6_off (void)
162: {
163: size_t len;
164: int ip6forwarding = 0;
165:
166: len = sizeof ip6forwarding;
167: if (zserv_privs.change(ZPRIVS_RAISE))
168: zlog (NULL, LOG_ERR, "Can't raise privileges");
169: if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
170: {
171: if (zserv_privs.change(ZPRIVS_LOWER))
172: zlog (NULL, LOG_ERR, "Can't lower privileges");
173: zlog_warn ("can't get ip6forwarding value");
174: return -1;
175: }
176: if (zserv_privs.change(ZPRIVS_LOWER))
177: zlog (NULL, LOG_ERR, "Can't lower privileges");
178: return ip6forwarding;
179: }
180: #endif /* HAVE_IPV6 */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>