Author: tjansen Date: Fri Oct 9 15:47:50 2009 New Revision: 1081 Log: Rewrote IPv4 forwarding support in pisasd. Modified: trunk/pisasd/sdnat.c Modified: trunk/pisasd/sdnat.c ============================================================================== --- trunk/pisasd/sdnat.c Fri Oct 9 15:02:20 2009 (r1080) +++ trunk/pisasd/sdnat.c Fri Oct 9 15:47:50 2009 (r1081) @@ -15,74 +15,58 @@ #include <fcntl.h> #include "debug.h" - #include "sdctx.h" #include "sdconf.h" /** - * Path to pseudo interface file in the Linux procfs. - * Used for NAT (not internal NAT but NAT on the server) + * Path procfs IPv4 forwarding option. */ #define IP4_FOWARD_FILENAME "/proc/sys/net/ipv4/ip_forward" -void sd_read_value(int fd,void* data){ - if (read(fd,data,1) == -1) - PISA_ERROR("Error reading from file <%s>: %s\n", - IP4_FOWARD_FILENAME, - strerror(errno)); -} - -void sd_write_value(int fd,void* data){ - if (write(fd,(const char*)data,1) == -1) - PISA_ERROR("Error writing to file <%s>: %s\n", - IP4_FOWARD_FILENAME, - strerror(errno)); -} - -int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data), - void* data,const char* filename,int open_flags){ - int fd=0; - - fd=open(filename,open_flags); - - if (fd == -1){ - PISA_ERROR("Error opening file <%s>: %s\n",filename,strerror(errno)); - return 0; - }else{ - - callback(fd,data); - if (close(fd) == -1){ - PISA_ERROR("Error closing file <%s>: %s\n",filename,strerror(errno)); - return 0; - } else - return 1; - } -} - +/** + * Start IPv4 forwarding and remember if it needs to be switched off again + * later. If it was enabled before, we don't disable it at shutdown. + */ void pisa_forwarding_start(void) { - char value=-1; - sd_do_with_fd_from_filename(sd_read_value,&value, - IP4_FOWARD_FILENAME,O_RDONLY); - value-='0'; /* ASCII to internal representation */ - - if(value==0){ /* 0 == NAT not enabled */ - if(sd_do_with_fd_from_filename(sd_write_value,"1", - IP4_FOWARD_FILENAME,O_WRONLY)) - sd_ctx.disable_ip4_forward=1; + char value = -1; + int fd; - } + if ((fd = open(IP4_FOWARD_FILENAME, O_RDWR)) == -1) { + PISA_ERROR("Could not open %s\n", IP4_FOWARD_FILENAME); + return; + } + + read(fd, &value, 1); + if (value == '0') { + PISA_DEBUG(PL_NAT, "Enabling ip_forwarding.\n"); + write(fd, "1", 1); + sd_ctx.disable_ip4_forward = 1; + } + close(fd); } +/** + * Stop IPv4 forwarding if we switched it on before. + */ void pisa_forwarding_stop(void) { - if (sd_ctx.disable_ip4_forward==1){ - PISA_DEBUG(PL_NAT,"Disabling ip_forwarding.\n"); - if(sd_do_with_fd_from_filename(sd_write_value,"0", - IP4_FOWARD_FILENAME,O_WRONLY)) - sd_ctx.disable_ip4_forward=0; + int fd; + + if (sd_ctx.disable_ip4_forward != 1) + return; + + if ((fd = open(IP4_FOWARD_FILENAME, O_WRONLY)) == -1) { + PISA_ERROR("Could not open %s\n", IP4_FOWARD_FILENAME); + return; } + + PISA_DEBUG(PL_NAT, "Disabling ip_forwarding.\n"); + write(fd, "0", 1); + sd_ctx.disable_ip4_forward = 0; + + close(fd); } /* TODO this is a horrible way to set up NAT. From a security point of