Added new files and began the addition of new functionality:

- checking, enabling, & disabling of IP forwarding - enumerating, checking, and removing route data
sophsec · Jun 5, 2009 · 5e92e09 · 5e92e09
1 parent ff87547
commit 5e92e09
Show file tree

Hide file tree

Showing 4 changed files with 234 additions and 0 deletions.
diff --git a/src/poison_ipforward.c b/src/poison_ipforward.c
@@ -0,0 +1,105 @@
+
+/* code to enable/disable ip forwarding in the kernel */
+
+#include "poison_route.h"
+#include "libpoison.h"
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+/* sets '1' in PROCIPFORWARD file */
+int poison_enable_ipforward(void)
+{
+	int fd;
+	char buf[]="1";
+
+	/* open the file */
+	fd = open(PROCIPFORWARD, O_WRONLY | O_CREAT | O_TRUNC, 
+					S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+
+	if (fd == -1)
+	{
+		return POISON_ERROR;
+	}
+
+
+	/* set the status */
+	if (1 != write(fd, buf, 1))
+	{
+		close(fd);
+		return POISON_ERROR;
+	}
+
+	close(fd);
+
+	return POISON_OK;
+}
+
+/* sets '0' in PROCIPFORWARD file */
+int poison_disable_ipforward(void)
+{
+	int fd;
+	char buf[]="0";
+
+	/* open the file */
+	fd = open(PROCIPFORWARD, O_WRONLY | O_CREAT | O_TRUNC, 
+					S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+
+	if (fd == -1)
+	{
+		return POISON_ERROR;
+	}
+
+	/* set the status */
+	if (1 != write(fd, buf, 1))
+	{
+		close(fd);
+		return POISON_ERROR;
+	}
+
+	close(fd);
+
+	return POISON_OK;
+}
+
+/* Returns IPFORWARD_ON, IPFORWARD_OFF, or POISON_ERROR */
+int poison_status_ipforward(void)
+{
+	int fd;
+	char buf[2];
+
+	buf[0]=0;	
+	buf[1]=0;
+
+	/* open the file */
+	fd = open(PROCIPFORWARD, O_RDONLY);
+
+	if (fd == -1)
+	{
+		return POISON_ERROR;
+	}
+
+	/* read the data */
+	if (1 != read(fd, buf, 1))
+	{
+		close(fd);
+		return POISON_ERROR;
+	}
+
+	close(fd);
+
+	/* check it and return accordingly */
+	if (buf[0] == '1')
+	{
+		return IPFORWARD_ON;
+	}
+
+	if (buf[0] == '0')
+	{
+		return IPFORWARD_OFF;
+	}
+
+	/* unrecognized value */
+	return POISON_ERROR;	
+}
diff --git a/src/poison_ipforward.h b/src/poison_ipforward.h
@@ -0,0 +1,13 @@
+#ifndef _LIBPOISON_HOST_H_
+#define _LIBPOISON_HOST_H_
+
+#include "libpoison.h"
+
+/* IP forward file */
+#define PROCIPFORWARD "/proc/sys/net/ipv4/ip_forward"
+
+/* IP forward status */
+#define IPFORWARD_ON	1
+#define IPFORWARD_OFF	0
+
+#endif
diff --git a/src/poison_route.c b/src/poison_route.c
@@ -0,0 +1,78 @@
+
+/* code to read, update routing tables on linux */
+
+#include "poison_route.h"
+#include "libpoison.h"
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+int poison_get_route(poison_session_t *session)
+{
+    int fd;
+	char buf[200];
+	ssize_t rbytes;
+
+
+	/* first, before clearing old route info (assuming there is any)
+	   verify the file could be opened to read! */
+    fd = open(PROCIPFORWARD, O_RDONLY);
+
+    if (fd == -1)
+    {
+        return POISON_ERROR;
+    }
+
+	/* clear any existing route info */
+	poison_unlink_route(session);
+
+	/* read in data */
+	/* each line should be < 200 bytes */
+
+	rbytes = read(fd, buf, sizeof(buf)-1);
+
+	/* first line is the line specifying the order of data given 
+	   this line should be at least 70 bytes! */
+	/* FIXME: will the order ever change? this assumes static order! */
+
+
+}
+
+/* route node allocation: returns new initialized (to 0) node or NULL on fail */
+poison_route_t *poison_route_new(void)
+{
+	poison_route_t *p = NULL;
+
+	/* allocate */
+	p = malloc(sizeof(poison_route_t));
+
+	/* clean memory if memory was given */
+	if (p)
+	{
+		memset((char *)p, 0, sizeof(poison_route_t));
+	}
+
+	/* BLAM */
+	return p;
+}
+
+void poison_unlink_route(poison_session_t *session)
+{
+	poison_route_t *p = NULL;
+	poison_route_t *n = NULL;
+
+	p = session->route;
+
+	while (p)
+	{
+		n = p->next;
+		free(p);
+		p = n;
+	}
+
+	session->route = NULL;
+
+	return;
+}
+
diff --git a/src/poison_route.h b/src/poison_route.h
@@ -0,0 +1,38 @@
+#ifndef _LIBPOISON_ROUTE_H_
+#define _LIBPOISON_ROUTE_H_
+
+#include "libpoison.h"
+#define PROCIPROUTE "/proc/net/route"
+
+typedef struct
+{
+	/* FIXME: what is the max interface name length? */
+	char interface[128];
+
+	/* destination */
+	ip_addr_t dest;
+
+	/* gateway */
+	ip_addr_t gateway;
+
+	/* netmask */
+	ip_addr_t netmask;
+
+	/* FIXME: flags == 16 bit? */
+	unsigned short flags;
+
+	/* although not currently relevant, 
+	   other data provided in file is also given */
+	/* FIXME type sizes? */
+	unsigned int refcnt; 	
+	unsigned int use;
+	unsigned int metric;
+	unsigned int mtu;
+	unsigned int window;
+	unsigned int irtt;
+
+	/* next node */
+	poison_route_t *next;
+} poison_route_t;
+
+#endif