Add "sudo" only when writing IP forwarding

Signed-off-by: Waldz <valdas@mysterium.network>

nat/factory_darwin.go

@@ -17,12 +17,15 @@
 
 package nat
 
+import "os/exec"
+
 // NewService returns fake nat service since there are no iptables on darwin
 func NewService() NATService {
 	return &servicePFCtl{
 		ipForward: serviceIPForward{
-			Command:  "/usr/sbin/sysctl",
-			Variable: "net.inet.ip.forwarding",
+			CommandEnable:  exec.Command("/usr/sbin/sysctl", "-w", "net.inet.ip.forwarding=1"),
+			CommandDisable: exec.Command("/usr/sbin/sysctl", "-w", "net.inet.ip.forwarding=0"),
+			CommandRead:    exec.Command("/usr/sbin/sysctl", "-n", "net.inet.ip.forwarding"),
 		},
 	}
 }

nat/factory_linux.go

@@ -17,12 +17,15 @@
 
 package nat
 
+import "os/exec"
+
 // NewService returns linux os specific nat service based on ip tables
 func NewService() NATService {
 	return &serviceIPTables{
 		ipForward: serviceIPForward{
-			Command:  "/sbin/sysctl",
-			Variable: "net.ipv4.ip_forward",
+			CommandEnable:  exec.Command("sudo", "/sbin/sysctl", "-w", "net.ipv4.ip_forward=1"),
+			CommandDisable: exec.Command("sudo", "/sbin/sysctl", "-w", "net.ipv4.ip_forward=0"),
+			CommandRead:    exec.Command("/sbin/sysctl", "-n", "net.ipv4.ip_forward"),
 		},
 	}
 }

nat/service_ipforward.go

@@ -24,9 +24,10 @@ import (
 )
 
 type serviceIPForward struct {
-	Command  string
-	Variable string
-	forward  bool
+	CommandEnable  *exec.Cmd
+	CommandDisable *exec.Cmd
+	CommandRead    *exec.Cmd
+	forward        bool
 }
 
 func (service *serviceIPForward) Enable() error {
@@ -36,38 +37,32 @@ func (service *serviceIPForward) Enable() error {
 		return nil
 	}
 
-	cmd := exec.Command(service.Command, "-w", service.Variable+"=1")
-	if output, err := cmd.CombinedOutput(); err != nil {
-		log.Warn("Failed to enable IP forwarding: ", cmd.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
+	if output, err := service.CommandEnable.CombinedOutput(); err != nil {
+		log.Warn("Failed to enable IP forwarding: ", service.CommandEnable.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
 		return err
 	}
 
 	log.Info(natLogPrefix, "IP forwarding enabled")
 	return nil
 }
 
-func (service *serviceIPForward) Enabled() bool {
-	cmd := exec.Command(service.Command, "-n", service.Variable)
-	output, err := cmd.Output()
-	if err != nil {
-		log.Warn("Failed to check IP forwarding status: ", cmd.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
+func (service *serviceIPForward) Disable() {
+	if service.forward {
+		return
 	}
 
-	if strings.TrimSpace(string(output)) == "1" {
-		return true
+	if output, err := service.CommandDisable.CombinedOutput(); err != nil {
+		log.Warn("Failed to disable IP forwarding: ", service.CommandDisable.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
 	}
-	return false
+
+	log.Info(natLogPrefix, "IP forwarding disabled")
 }
 
-func (service *serviceIPForward) Disable() {
-	if service.forward {
-		return
+func (service *serviceIPForward) Enabled() bool {
+	output, err := service.CommandEnable.Output()
+	if err != nil {
+		log.Warn("Failed to check IP forwarding status: ", service.CommandRead.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
 	}
 
-	cmd := exec.Command(service.Command, "-w", service.Variable+"=0")
-	if output, err := cmd.CombinedOutput(); err != nil {
-		log.Warn("Failed to disable IP forwarding: ", cmd.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
-	} else {
-		log.Info(natLogPrefix, "IP forwarding disabled")
-	}
+	return strings.TrimSpace(string(output)) == "1"
 }