Add "sudo" only when writing IP forwarding

mysteriumnetwork · Jul 23, 2018 · f51efd0 · f51efd0
1 parent 5ade24d
commit f51efd0
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 43 deletions.
diff --git a/nat/factory_darwin.go b/nat/factory_darwin.go
@@ -17,7 +17,15 @@
 
 package nat
 
+import "os/exec"
+
 // NewService returns fake nat service since there are no iptables on darwin
 func NewService() NATService {
-	return &servicePFCtl{}
+	return &servicePFCtl{
+		ipForward: serviceIPForward{
+			CommandEnable:  exec.Command("/usr/sbin/sysctl", "-w", "net.inet.ip.forwarding=1"),
+			CommandDisable: exec.Command("/usr/sbin/sysctl", "-w", "net.inet.ip.forwarding=0"),
+			CommandRead:    exec.Command("/usr/sbin/sysctl", "-n", "net.inet.ip.forwarding"),
+		},
+	}
 }
diff --git a/nat/factory_linux.go b/nat/factory_linux.go
@@ -17,7 +17,15 @@
 
 package nat
 
+import "os/exec"
+
 // NewService returns linux os specific nat service based on ip tables
 func NewService() NATService {
-	return &serviceIPTables{}
+	return &serviceIPTables{
+		ipForward: serviceIPForward{
+			CommandEnable:  exec.Command("sudo", "/sbin/sysctl", "-w", "net.ipv4.ip_forward=1"),
+			CommandDisable: exec.Command("sudo", "/sbin/sysctl", "-w", "net.ipv4.ip_forward=0"),
+			CommandRead:    exec.Command("/sbin/sysctl", "-n", "net.ipv4.ip_forward"),
+		},
+	}
 }
diff --git a/nat/service_ipforward.go b/nat/service_ipforward.go
@@ -15,36 +15,19 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-/*
- * Copyright (C) 2018 The "MysteriumNetwork/node" Authors.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
 package nat
 
 import (
 	log "github.com/cihub/seelog"
-	"github.com/mysterium/node/utils"
 	"os/exec"
 	"strings"
 )
 
 type serviceIPForward struct {
-	command  string
-	variable string
-	forward  bool
+	CommandEnable  *exec.Cmd
+	CommandDisable *exec.Cmd
+	CommandRead    *exec.Cmd
+	forward        bool
 }
 
 func (service *serviceIPForward) Enable() error {
@@ -54,38 +37,32 @@ func (service *serviceIPForward) Enable() error {
 		return nil
 	}
 
-	cmd := utils.SplitCommand(service.command, "-w net.inet.ip.forwarding=1")
-	if output, err := cmd.CombinedOutput(); err != nil {
-		log.Warn("Failed to enable IP forwarding: ", cmd.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
+	if output, err := service.CommandEnable.CombinedOutput(); err != nil {
+		log.Warn("Failed to enable IP forwarding: ", service.CommandEnable.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
 		return err
 	}
 
 	log.Info(natLogPrefix, "IP forwarding enabled")
 	return nil
 }
 
-func (service *serviceIPForward) Enabled() bool {
-	cmd := exec.Command(service.command, "-n", service.variable)
-	output, err := cmd.Output()
-	if err != nil {
-		log.Warn("Failed to check IP forwarding status: ", cmd.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
+func (service *serviceIPForward) Disable() {
+	if service.forward {
+		return
 	}
 
-	if strings.TrimSpace(string(output)) == "1" {
-		return true
+	if output, err := service.CommandDisable.CombinedOutput(); err != nil {
+		log.Warn("Failed to disable IP forwarding: ", service.CommandDisable.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
 	}
-	return false
+
+	log.Info(natLogPrefix, "IP forwarding disabled")
 }
 
-func (service *serviceIPForward) Disable() {
-	if service.forward {
-		return
+func (service *serviceIPForward) Enabled() bool {
+	output, err := service.CommandEnable.Output()
+	if err != nil {
+		log.Warn("Failed to check IP forwarding status: ", service.CommandRead.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
 	}
 
-	cmd := utils.SplitCommand(service.command, "-w net.inet.ip.forwarding=0")
-	if output, err := cmd.CombinedOutput(); err != nil {
-		log.Warn("Failed to disable IP forwarding: ", cmd.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output))
-	} else {
-		log.Info(natLogPrefix, "IP forwarding disabled")
-	}
+	return strings.TrimSpace(string(output)) == "1"
 }