[pisa-src] r1081 - trunk/pisasd
- From: Thomas Jansen <mithi@xxxxxxxxx>
- To: pisa-src@xxxxxxxxxxxxx
- Date: Fri, 09 Oct 2009 15:47:50 +0200
Author: tjansen
Date: Fri Oct 9 15:47:50 2009
New Revision: 1081
Log:
Rewrote IPv4 forwarding support in pisasd.
Modified:
trunk/pisasd/sdnat.c
Modified: trunk/pisasd/sdnat.c
==============================================================================
--- trunk/pisasd/sdnat.c Fri Oct 9 15:02:20 2009 (r1080)
+++ trunk/pisasd/sdnat.c Fri Oct 9 15:47:50 2009 (r1081)
@@ -15,74 +15,58 @@
#include <fcntl.h>
#include "debug.h"
-
#include "sdctx.h"
#include "sdconf.h"
/**
- * Path to pseudo interface file in the Linux procfs.
- * Used for NAT (not internal NAT but NAT on the server)
+ * Path procfs IPv4 forwarding option.
*/
#define IP4_FOWARD_FILENAME "/proc/sys/net/ipv4/ip_forward"
-void sd_read_value(int fd,void* data){
- if (read(fd,data,1) == -1)
- PISA_ERROR("Error reading from file <%s>: %s\n",
- IP4_FOWARD_FILENAME,
- strerror(errno));
-}
-
-void sd_write_value(int fd,void* data){
- if (write(fd,(const char*)data,1) == -1)
- PISA_ERROR("Error writing to file <%s>: %s\n",
- IP4_FOWARD_FILENAME,
- strerror(errno));
-}
-
-int sd_do_with_fd_from_filename(void (*callback)(int fd, void* data),
- void* data,const char* filename,int open_flags){
- int fd=0;
-
- fd=open(filename,open_flags);
-
- if (fd == -1){
- PISA_ERROR("Error opening file <%s>:
%s\n",filename,strerror(errno));
- return 0;
- }else{
-
- callback(fd,data);
- if (close(fd) == -1){
- PISA_ERROR("Error closing file <%s>:
%s\n",filename,strerror(errno));
- return 0;
- } else
- return 1;
- }
-}
-
+/**
+ * Start IPv4 forwarding and remember if it needs to be switched off again
+ * later. If it was enabled before, we don't disable it at shutdown.
+ */
void pisa_forwarding_start(void)
{
- char value=-1;
- sd_do_with_fd_from_filename(sd_read_value,&value,
-
IP4_FOWARD_FILENAME,O_RDONLY);
- value-='0'; /* ASCII to internal representation */
-
- if(value==0){ /* 0 == NAT not enabled */
- if(sd_do_with_fd_from_filename(sd_write_value,"1",
-
IP4_FOWARD_FILENAME,O_WRONLY))
- sd_ctx.disable_ip4_forward=1;
+ char value = -1;
+ int fd;
- }
+ if ((fd = open(IP4_FOWARD_FILENAME, O_RDWR)) == -1) {
+ PISA_ERROR("Could not open %s\n", IP4_FOWARD_FILENAME);
+ return;
+ }
+
+ read(fd, &value, 1);
+ if (value == '0') {
+ PISA_DEBUG(PL_NAT, "Enabling ip_forwarding.\n");
+ write(fd, "1", 1);
+ sd_ctx.disable_ip4_forward = 1;
+ }
+ close(fd);
}
+/**
+ * Stop IPv4 forwarding if we switched it on before.
+ */
void pisa_forwarding_stop(void)
{
- if (sd_ctx.disable_ip4_forward==1){
- PISA_DEBUG(PL_NAT,"Disabling ip_forwarding.\n");
- if(sd_do_with_fd_from_filename(sd_write_value,"0",
- IP4_FOWARD_FILENAME,O_WRONLY))
- sd_ctx.disable_ip4_forward=0;
+ int fd;
+
+ if (sd_ctx.disable_ip4_forward != 1)
+ return;
+
+ if ((fd = open(IP4_FOWARD_FILENAME, O_WRONLY)) == -1) {
+ PISA_ERROR("Could not open %s\n", IP4_FOWARD_FILENAME);
+ return;
}
+
+ PISA_DEBUG(PL_NAT, "Disabling ip_forwarding.\n");
+ write(fd, "0", 1);
+ sd_ctx.disable_ip4_forward = 0;
+
+ close(fd);
}
/* TODO this is a horrible way to set up NAT. From a security point of
Other related posts:
- » [pisa-src] r1081 - trunk/pisasd - Thomas Jansen
