From 88e9ad366d0bce46b095646696d9b0ebd9b95716 Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Tue, 26 Jun 2012 20:58:03 +0000 Subject: -add rp filter fix to dns helper --- src/dns/gnunet-helper-dns.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'src/dns') diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index dfeb45af8..759abc89e 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c @@ -99,6 +99,11 @@ struct in6_ifreq */ static const char *sbin_iptables; +/** + * Name and full path of sysctl binary + */ +static const char *sbin_sysctl; + /** * Name and full path of IPTABLES binary. */ @@ -714,6 +719,17 @@ main (int argc, char *const*argv) strerror (errno)); return 4; } + if (0 == access ("/sbin/sysctl", X_OK)) + sbin_sysctl = "/sbin/sysctl"; + else if (0 == access ("/usr/sbin/sysctl", X_OK)) + sbin_sysctl = "/usr/sbin/sysctl"; + else + { + fprintf (stderr, + "Fatal: executable sysctl not found in approved directories: %s\n", + strerror (errno)); + return 5; + } /* setup 'mygid' string */ snprintf (mygid, sizeof (mygid), "%d", (int) getegid()); @@ -778,6 +794,22 @@ main (int argc, char *const*argv) strncpy (dev, argv[1], IFNAMSIZ); dev[IFNAMSIZ - 1] = '\0'; + /* Disable rp filtering */ + { + char *const sysctl_args[] = {"sysctl", "-w", + "net.ipv4.conf.all.rp_filter=0", NULL}; + char *const sysctl_args2[] = {"sysctl", "-w", + "net.ipv4.conf.default.rp_filter=0", NULL}; + if ((0 != fork_and_exec (sbin_sysctl, sysctl_args)) || + (0 != fork_and_exec (sbin_sysctl, sysctl_args2))) + { + fprintf (stderr, + "Failed to disable rp filtering.\n"); + return 5; + } + } + + /* now open virtual interface (first part that requires root) */ if (-1 == (fd_tun = init_tun (dev))) { @@ -814,6 +846,7 @@ main (int argc, char *const*argv) set_address4 (dev, address, mask); } + /* update routing tables -- next part why we need SUID! */ /* Forward everything from our EGID (which should only be held -- cgit v1.2.3