1/* IP forward control by sysctl function.
2 * Copyright (C) 1997, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING.  If not, write to the Free
18 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 * 02111-1307, USA.
20 */
21
22#include <zebra.h>
23#include "privs.h"
24#include "zebra/ipforward.h"
25
26#include "log.h"
27
28#define MIB_SIZ 4
29
30extern struct zebra_privs_t zserv_privs;
31
32/* IPv4 forwarding control MIB. */
33int mib[MIB_SIZ] =
34{
35  CTL_NET,
36  PF_INET,
37  IPPROTO_IP,
38  IPCTL_FORWARDING
39};
40
41int
42ipforward (void)
43{
44  size_t len;
45  int ipforwarding = 0;
46
47  len = sizeof ipforwarding;
48  if (sysctl (mib, MIB_SIZ, &ipforwarding, &len, 0, 0) < 0)
49    {
50      zlog_warn ("Can't get ipforwarding value");
51      return -1;
52    }
53  return ipforwarding;
54}
55
56int
57ipforward_on (void)
58{
59  size_t len;
60  int ipforwarding = 1;
61
62  len = sizeof ipforwarding;
63  if (zserv_privs.change(ZPRIVS_RAISE))
64    zlog (NULL, LOG_ERR, "Can't raise privileges");
65  if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
66    {
67      if (zserv_privs.change(ZPRIVS_LOWER))
68        zlog (NULL, LOG_ERR, "Can't lower privileges");
69      zlog_warn ("Can't set ipforwarding on");
70      return -1;
71    }
72  if (zserv_privs.change(ZPRIVS_LOWER))
73    zlog (NULL, LOG_ERR, "Can't lower privileges");
74  return ipforwarding;
75}
76
77int
78ipforward_off (void)
79{
80  size_t len;
81  int ipforwarding = 0;
82
83  len = sizeof ipforwarding;
84  if (zserv_privs.change(ZPRIVS_RAISE))
85    zlog (NULL, LOG_ERR, "Can't raise privileges");
86  if (sysctl (mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0)
87    {
88      if (zserv_privs.change(ZPRIVS_LOWER))
89        zlog (NULL, LOG_ERR, "Can't lower privileges");
90      zlog_warn ("Can't set ipforwarding on");
91      return -1;
92    }
93  if (zserv_privs.change(ZPRIVS_LOWER))
94    zlog (NULL, LOG_ERR, "Can't lower privileges");
95  return ipforwarding;
96}
97
98#ifdef HAVE_IPV6
99
100/* IPv6 forwarding control MIB. */
101int mib_ipv6[MIB_SIZ] =
102{
103  CTL_NET,
104  PF_INET6,
105#if defined(KAME)
106  IPPROTO_IPV6,
107  IPV6CTL_FORWARDING
108#else /* NOT KAME */
109  IPPROTO_IP,
110  IP6CTL_FORWARDING
111#endif /* KAME */
112};
113
114int
115ipforward_ipv6 (void)
116{
117  size_t len;
118  int ip6forwarding = 0;
119
120  len = sizeof ip6forwarding;
121  if (zserv_privs.change(ZPRIVS_RAISE))
122    zlog (NULL, LOG_ERR, "Can't raise privileges");
123  if (sysctl (mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0)
124    {
125     if (zserv_privs.change(ZPRIVS_LOWER))
126        zlog (NULL, LOG_ERR, "Can't lower privileges");
127      zlog_warn ("can't get ip6forwarding value");
128      return -1;
129    }
130  if (zserv_privs.change(ZPRIVS_LOWER))
131    zlog (NULL, LOG_ERR, "Can't lower privileges");
132  return ip6forwarding;
133}
134
135int
136ipforward_ipv6_on (void)
137{
138  size_t len;
139  int ip6forwarding = 1;
140
141  len = sizeof ip6forwarding;
142  if (zserv_privs.change(ZPRIVS_RAISE))
143    zlog (NULL, LOG_ERR, "Can't raise privileges");
144  if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
145    {
146     if (zserv_privs.change(ZPRIVS_LOWER))
147        zlog (NULL, LOG_ERR, "Can't lower privileges");
148      zlog_warn ("can't get ip6forwarding value");
149      return -1;
150    }
151  if (zserv_privs.change(ZPRIVS_LOWER))
152    zlog (NULL, LOG_ERR, "Can't lower privileges");
153  return ip6forwarding;
154}
155
156int
157ipforward_ipv6_off (void)
158{
159  size_t len;
160  int ip6forwarding = 0;
161
162  len = sizeof ip6forwarding;
163  if (zserv_privs.change(ZPRIVS_RAISE))
164    zlog (NULL, LOG_ERR, "Can't raise privileges");
165  if (sysctl (mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0)
166    {
167      if (zserv_privs.change(ZPRIVS_LOWER))
168        zlog (NULL, LOG_ERR, "Can't lower privileges");
169      zlog_warn ("can't get ip6forwarding value");
170      return -1;
171    }
172  if (zserv_privs.change(ZPRIVS_LOWER))
173    zlog (NULL, LOG_ERR, "Can't lower privileges");
174  return ip6forwarding;
175}
176#endif /* HAVE_IPV6 */
177