/** * *@return 1 on sucess 0 on failiure */ int net_os_set_ifoptions(const char *if_name, struct interface *iface) { char procfile[FILENAME_MAX]; if (olsr_cnf->ip_version == AF_INET6) return -1; /* Generate the procfile name */ snprintf(procfile, sizeof(procfile), PROC_IF_REDIRECT, if_name); if (writeToProc(procfile, &iface->nic_state.redirect, '0')) { OLSR_WARN(LOG_INTERFACE, "WARNING! Could not disable ICMP redirects!\n" "you should mannually ensure that ICMP redirects are disabled!\n\n"); // TODO olsr_startup_sleep(3); return 0; } /* Generate the procfile name */ snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, if_name); if (writeToProc(procfile, &iface->nic_state.spoof, '0')) { OLSR_WARN(LOG_INTERFACE, "WARNING! Could not disable the IP spoof filter!\n" "you should mannually ensure that IP spoof filtering is disabled!\n\n"); // TODO olsr_startup_sleep(3); return 0; } return 1; }
/** *Resets the spoof filter and ICMP redirect settings */ void os_cleanup_global_ifoptions(void) { char procfile[FILENAME_MAX]; OLSR_DEBUG(LOG_INTERFACE, "Restoring network state\n"); /* Restore IP forwarding to "off" */ if (writeToProc(olsr_cnf->ip_version == AF_INET ? PROC_IPFORWARD_V4 : PROC_IPFORWARD_V6, NULL, orig_fwd_state)) { OLSR_WARN(LOG_INTERFACE, "Could not restore ip_forward settings\n"); } if (olsr_cnf->smart_gw_active && (olsr_cnf->ip_version == AF_INET || olsr_cnf->use_niit)) { /* Generate the procfile name */ snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, TUNNEL_ENDPOINT_IF); if (writeToProc(procfile, NULL, orig_tunnel_rp_filter)) { OLSR_WARN(LOG_INTERFACE, "WARNING! Could not restore the IP spoof filter for tunnel!\n"); } } if (olsr_cnf->ip_version == AF_INET) { /* Restore global ICMP redirect setting */ if (writeToProc(PROC_ALL_REDIRECT, NULL, orig_global_redirect_state)) { OLSR_WARN(LOG_INTERFACE, "Could not restore global icmp_redirect setting\n"); } /* Restore global rp_filter setting for linux 2.6.31+ */ if (is_at_least_linuxkernel_2_6_31()) { if (writeToProc(PROC_ALL_SPOOF, NULL, orig_global_rp_filter)) { OLSR_WARN(LOG_INTERFACE, "Could not restore global rp_filter setting\n"); } } } }
/** * Setup global interface options (icmp redirect, ip forwarding, rp_filter) * @return 1 on success 0 on failure */ void net_os_set_global_ifoptions(void) { if (writeToProc(olsr_cnf->ip_version == AF_INET ? PROC_IPFORWARD_V4 : PROC_IPFORWARD_V6, &orig_fwd_state, olsr_cnf->set_ip_forward ? OLSRD_FORWARD_VALUE : 0 )) { OLSR_PRINTF(1, "Warning, could not enable IP forwarding!\n" "you should manually ensure that IP forwarding is enabled!\n\n"); olsr_startup_sleep(3); } else if ((!olsr_cnf->set_ip_forward) && (orig_fwd_state != OLSRD_FORWARD_VALUE)) { olsr_exit("IP forwarding not activated, shutting down.\n", 1); } if (olsr_cnf->smart_gw_active) { char procfile[FILENAME_MAX]; /* Generate the procfile name */ if (olsr_cnf->ip_version == AF_INET || olsr_cnf->use_niit) { snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, TUNNEL_ENDPOINT_IF); if (writeToProc(procfile, &orig_tunnel_rp_filter, OLSRD_SPOOF_VALUE)) { OLSR_PRINTF(0, "WARNING! Could not disable the IP spoof filter for tunnel!\n" "you should manually ensure that IP spoof filtering is disabled!\n\n"); olsr_startup_sleep(3); } } #if 0 // should not be necessary for IPv6 if (olsr_cnf->ip_version == AF_INET6) { snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, TUNNEL_ENDPOINT_IF6); if (writeToProc(procfile, &orig_tunnel6_rp_filter, OLSRD_SPOOF_VALUE)) { OLSR_PRINTF(0, "WARNING! Could not disable the IP spoof filter for tunnel6!\n" "you should manually ensure that IP spoof filtering is disabled!\n\n"); olsr_startup_sleep(3); } } #endif } if (olsr_cnf->ip_version == AF_INET) { if (writeToProc(PROC_ALL_REDIRECT, &orig_global_redirect_state, OLSRD_REDIRECT_VALUE)) { OLSR_PRINTF(1, "WARNING! Could not disable ICMP redirects!\n" "you should manually ensure that ICMP redirects are disabled!\n\n"); olsr_startup_sleep(3); } /* check kernel version and disable global rp_filter */ if (is_at_least_linuxkernel_2_6_31()) { if (writeToProc(PROC_ALL_SPOOF, &orig_global_rp_filter, OLSRD_SPOOF_VALUE)) { OLSR_PRINTF(1, "WARNING! Could not disable global rp_filter (necessary for kernel 2.6.31 and higher!\n" "you should manually ensure that rp_filter is disabled!\n\n"); olsr_startup_sleep(3); } } } return; }
/** * Setup global interface options (icmp redirect, ip forwarding, rp_filter) * @return 1 on success 0 on failure */ void net_os_set_global_ifoptions(void) { if (writeToProc(olsr_cnf->ip_version == AF_INET ? PROC_IPFORWARD_V4 : PROC_IPFORWARD_V6, &orig_fwd_state, '1')) { OLSR_PRINTF(1, "Warning, could not enable IP forwarding!\n" "you should manually ensure that IP forwarding is enabled!\n\n"); olsr_startup_sleep(3); } if (olsr_cnf->smart_gw_active) { char procfile[FILENAME_MAX]; /* Generate the procfile name */ snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, TUNNEL_ENDPOINT_IF); if (writeToProc(procfile, &orig_tunnel_rp_filter, '0')) { OLSR_PRINTF(0, "WARNING! Could not disable the IP spoof filter for tunnel!\n" "you should mannually ensure that IP spoof filtering is disabled!\n\n"); olsr_startup_sleep(3); } if (olsr_cnf->ip_version == AF_INET6) { snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, TUNNEL_ENDPOINT_IF6); if (writeToProc(procfile, &orig_tunnel6_rp_filter, '0')) { OLSR_PRINTF(0, "WARNING! Could not disable the IP spoof filter for tunnel6!\n" "you should mannually ensure that IP spoof filtering is disabled!\n\n"); olsr_startup_sleep(3); } } } if (olsr_cnf->ip_version == AF_INET) { if (writeToProc(PROC_ALL_REDIRECT, &orig_global_redirect_state, '0')) { OLSR_PRINTF(1, "WARNING! Could not disable ICMP redirects!\n" "you should manually ensure that ICMP redirects are disabled!\n\n"); olsr_startup_sleep(3); } /* check kernel version and disable global rp_filter */ if (is_at_least_linuxkernel_2_6_31()) { if (writeToProc(PROC_ALL_SPOOF, &orig_global_rp_filter, '0')) { OLSR_PRINTF(1, "WARNING! Could not disable global rp_filter (necessary for kernel 2.6.31 and higher!\n" "you should manually ensure that rp_filter is disabled!\n\n"); olsr_startup_sleep(3); } } } return; }
void net_os_restore_ifoption(struct interface *ifs) { char procfile[FILENAME_MAX]; /* ICMP redirects */ snprintf(procfile, sizeof(procfile), PROC_IF_REDIRECT, ifs->int_name); if (writeToProc(procfile, NULL, ifs->nic_state.redirect)) { OLSR_WARN(LOG_INTERFACE, "Could not restore icmp_redirect for interface %s\n", ifs->int_name); } /* Spoof filter */ sprintf(procfile, PROC_IF_SPOOF, ifs->int_name); if (writeToProc(procfile, NULL, ifs->nic_state.spoof)) { OLSR_WARN(LOG_INTERFACE, "Could not restore rp_filter for interface %s\n", ifs->int_name); } }
/** *Resets the spoof filter and ICMP redirect settings */ int net_os_restore_ifoptions(void) { struct interface *ifs; char procfile[FILENAME_MAX]; OLSR_PRINTF(1, "Restoring network state\n"); /* Restore IP forwarding to "off" */ if (writeToProc(olsr_cnf->ip_version == AF_INET ? PROC_IPFORWARD_V4 : PROC_IPFORWARD_V6, NULL, orig_fwd_state)) { OLSR_PRINTF(1, "Error, could not restore ip_forward settings\n"); } if (olsr_cnf->smart_gw_active) { /* Generate the procfile name */ snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, TUNNEL_ENDPOINT_IF); if (writeToProc(procfile, NULL, orig_tunnel_rp_filter)) { OLSR_PRINTF(0, "WARNING! Could not restore the IP spoof filter for tunnel!\n"); } if (olsr_cnf->ip_version == AF_INET6) { snprintf(procfile, sizeof(procfile), PROC_IF_SPOOF, TUNNEL_ENDPOINT_IF6); if (writeToProc(procfile, NULL, orig_tunnel6_rp_filter)) { OLSR_PRINTF(0, "WARNING! Could not restore the IP spoof filter for tunnel6!\n"); } } } if (olsr_cnf->ip_version == AF_INET) { /* Restore global ICMP redirect setting */ if (writeToProc(PROC_ALL_REDIRECT, NULL, orig_global_redirect_state)) { OLSR_PRINTF(1, "Error, could not restore global icmp_redirect setting\n"); } /* Restore global rp_filter setting for linux 2.6.31+ */ if (is_at_least_linuxkernel_2_6_31()) { if (writeToProc(PROC_ALL_SPOOF, NULL, orig_global_rp_filter)) { OLSR_PRINTF(1, "Error, could not restore global rp_filter setting\n"); } } for (ifs = ifnet; ifs != NULL; ifs = ifs->int_next) { /* Discard host-emulation interfaces */ if (ifs->is_hcif) continue; /* ICMP redirects */ snprintf(procfile, sizeof(procfile), PROC_IF_REDIRECT, ifs->int_name); if (writeToProc(procfile, NULL, ifs->nic_state.redirect)) { OLSR_PRINTF(1, "Error, could not restore icmp_redirect for interface %s\n", ifs->int_name); } /* Spoof filter */ sprintf(procfile, PROC_IF_SPOOF, ifs->int_name); if (writeToProc(procfile, NULL, ifs->nic_state.spoof)) { OLSR_PRINTF(1, "Error, could not restore rp_filter for interface %s\n", ifs->int_name); } } } return 1; }
/* write new value to proc file if current value is different*/ static int restoreProc(const char *file, char original, char value) { if ( original == value ) return 0; else return writeToProc(file, NULL, original); }