diff options
Diffstat (limited to 'src/dns/gnunet-helper-dns.c')
-rw-r--r-- | src/dns/gnunet-helper-dns.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index dfeb45af8..759abc89e 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c | |||
@@ -100,6 +100,11 @@ struct in6_ifreq | |||
100 | static const char *sbin_iptables; | 100 | static const char *sbin_iptables; |
101 | 101 | ||
102 | /** | 102 | /** |
103 | * Name and full path of sysctl binary | ||
104 | */ | ||
105 | static const char *sbin_sysctl; | ||
106 | |||
107 | /** | ||
103 | * Name and full path of IPTABLES binary. | 108 | * Name and full path of IPTABLES binary. |
104 | */ | 109 | */ |
105 | static const char *sbin_ip; | 110 | static const char *sbin_ip; |
@@ -714,6 +719,17 @@ main (int argc, char *const*argv) | |||
714 | strerror (errno)); | 719 | strerror (errno)); |
715 | return 4; | 720 | return 4; |
716 | } | 721 | } |
722 | if (0 == access ("/sbin/sysctl", X_OK)) | ||
723 | sbin_sysctl = "/sbin/sysctl"; | ||
724 | else if (0 == access ("/usr/sbin/sysctl", X_OK)) | ||
725 | sbin_sysctl = "/usr/sbin/sysctl"; | ||
726 | else | ||
727 | { | ||
728 | fprintf (stderr, | ||
729 | "Fatal: executable sysctl not found in approved directories: %s\n", | ||
730 | strerror (errno)); | ||
731 | return 5; | ||
732 | } | ||
717 | 733 | ||
718 | /* setup 'mygid' string */ | 734 | /* setup 'mygid' string */ |
719 | snprintf (mygid, sizeof (mygid), "%d", (int) getegid()); | 735 | snprintf (mygid, sizeof (mygid), "%d", (int) getegid()); |
@@ -778,6 +794,22 @@ main (int argc, char *const*argv) | |||
778 | strncpy (dev, argv[1], IFNAMSIZ); | 794 | strncpy (dev, argv[1], IFNAMSIZ); |
779 | dev[IFNAMSIZ - 1] = '\0'; | 795 | dev[IFNAMSIZ - 1] = '\0'; |
780 | 796 | ||
797 | /* Disable rp filtering */ | ||
798 | { | ||
799 | char *const sysctl_args[] = {"sysctl", "-w", | ||
800 | "net.ipv4.conf.all.rp_filter=0", NULL}; | ||
801 | char *const sysctl_args2[] = {"sysctl", "-w", | ||
802 | "net.ipv4.conf.default.rp_filter=0", NULL}; | ||
803 | if ((0 != fork_and_exec (sbin_sysctl, sysctl_args)) || | ||
804 | (0 != fork_and_exec (sbin_sysctl, sysctl_args2))) | ||
805 | { | ||
806 | fprintf (stderr, | ||
807 | "Failed to disable rp filtering.\n"); | ||
808 | return 5; | ||
809 | } | ||
810 | } | ||
811 | |||
812 | |||
781 | /* now open virtual interface (first part that requires root) */ | 813 | /* now open virtual interface (first part that requires root) */ |
782 | if (-1 == (fd_tun = init_tun (dev))) | 814 | if (-1 == (fd_tun = init_tun (dev))) |
783 | { | 815 | { |
@@ -814,6 +846,7 @@ main (int argc, char *const*argv) | |||
814 | 846 | ||
815 | set_address4 (dev, address, mask); | 847 | set_address4 (dev, address, mask); |
816 | } | 848 | } |
849 | |||
817 | 850 | ||
818 | /* update routing tables -- next part why we need SUID! */ | 851 | /* update routing tables -- next part why we need SUID! */ |
819 | /* Forward everything from our EGID (which should only be held | 852 | /* Forward everything from our EGID (which should only be held |