> On Wed, 15 Jan 1997, Nicholas J. Leon wrote:
> | echo 2 > /proc/net/ip_forward
>
> Doesn't do anything on my slakware 3.1
Try this patch with 2.0.xx. The syntax is different, use
echo 1 >/proc/sys/net/ipv4/ip_forward and echo 0 .. to turn it off.
-Andi
diff --recursive -u -x *isdn* -x *init.c* linux/drivers/net/Space.c linux/drivers/net/Space.c
--- linux/drivers/net/Space.c Thu Nov 7 19:13:45 1996
+++ linux/drivers/net/Space.c Thu Nov 7 18:54:35 1996
@@ -385,7 +385,6 @@
#endif
#ifdef CONFIG_NET_IPIP
-#ifdef CONFIG_IP_FORWARD
extern int tunnel_init(struct device *);
static struct device tunnel_dev1 =
@@ -418,7 +417,6 @@
# undef NEXT_DEV
# define NEXT_DEV (&tunnel_dev0)
-#endif
#endif
#ifdef CONFIG_AP1000
diff --recursive -u -x *isdn* -x *init.c* linux/drivers/net/new_tunnel.c linux/drivers/net/new_tunnel.c
--- linux/drivers/net/new_tunnel.c Fri Jul 19 07:24:05 1996
+++ linux/drivers/net/new_tunnel.c Thu Nov 7 18:55:32 1996
@@ -303,9 +303,10 @@
* If ip_forward() made a copy, it will return 1 so we can free.
*/
-#ifdef CONFIG_IP_FORWARD
- if (ip_forward(skb, dev, IPFWD_NOTTLDEC, target))
-#endif
+ if (sysctl_ip_forward) {
+ if (ip_forward(skb, dev, IPFWD_NOTTLDEC, target))
+ kfree_skb(skb, FREE_WRITE);
+ } else
kfree_skb(skb, FREE_WRITE);
/*
diff --recursive -u -x *isdn* -x *init.c* linux/include/linux/sysctl.h linux/include/linux/sysctl.h
--- linux/include/linux/sysctl.h Mon Jun 3 13:04:03 1996
+++ linux/include/linux/sysctl.h Thu Nov 7 19:05:12 1996
@@ -97,6 +97,7 @@
#define NET_IPV4_ARP_CHECK_INTERVAL 5
#define NET_IPV4_ARP_CONFIRM_INTERVAL 6
#define NET_IPV4_ARP_CONFIRM_TIMEOUT 7
+#define NET_IPV4_FORWARD 8
/* /proc/sys/net/ipx */
diff --recursive -u -x *isdn* -x *init.c* linux/include/net/ip.h linux/include/net/ip.h
--- linux/include/net/ip.h Thu Sep 5 14:34:36 1996
+++ linux/include/net/ip.h Thu Nov 7 19:16:15 1996
@@ -134,6 +134,8 @@
*/
extern int ip_forward(struct sk_buff *skb, struct device *dev, int is_frag, __u32 target_addr);
+extern int sysctl_ip_forward;
+
/*
* Functions provided by ip_options.c
diff --recursive -u -x *isdn* -x *init.c* linux/net/ipv4/Config.in linux/net/ipv4/Config.in
--- linux/net/ipv4/Config.in Fri Jul 19 07:24:05 1996
+++ linux/net/ipv4/Config.in Thu Nov 7 18:49:54 1996
@@ -7,7 +7,7 @@
bool 'IP: firewalling' CONFIG_IP_FIREWALL
if [ "$CONFIG_IP_FIREWALL" = "y" ]; then
bool 'IP: firewall packet logging' CONFIG_IP_FIREWALL_VERBOSE
- if [ "$CONFIG_EXPERIMENTAL" = "y" -a "$CONFIG_IP_FORWARD" = "y" ]; then
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
bool 'IP: masquerading (EXPERIMENTAL)' CONFIG_IP_MASQUERADE
if [ "$CONFIG_IP_MASQUERADE" != "n" ]; then
comment 'Protocol-specific masquerading support will be built as modules.'
@@ -18,7 +18,6 @@
fi
fi
bool 'IP: accounting' CONFIG_IP_ACCT
-if [ "$CONFIG_IP_FORWARD" = "y" ]; then
bool 'IP: optimize as router not host' CONFIG_IP_ROUTER
tristate 'IP: tunneling' CONFIG_NET_IPIP
if [ "$CONFIG_IP_MULTICAST" = "y" ]; then
@@ -26,7 +25,6 @@
bool 'IP: multicast routing (EXPERIMENTAL)' CONFIG_IP_MROUTE
fi
fi
-fi
if [ "$CONFIG_NET_ALIAS" = "y" ]; then
tristate 'IP: aliasing support' CONFIG_IP_ALIAS
fi
diff --recursive -u -x *isdn* -x *init.c* linux/net/ipv4/icmp.c linux/net/ipv4/icmp.c
--- linux/net/ipv4/icmp.c Thu Nov 7 19:15:32 1996
+++ linux/net/ipv4/icmp.c Thu Nov 7 18:47:49 1996
@@ -808,10 +808,12 @@
* When using no routing protocol, we MAY follow redirects. (RFC 1812, 5.2.7.2)
*/
-#if defined(CONFIG_IP_FORWARD) && !defined(CONFIG_IP_DUMB_ROUTER)
+#if !defined(CONFIG_IP_DUMB_ROUTER)
+ if (sysctl_ip_forward) {
NETDEBUG(printk(KERN_INFO "icmp: ICMP redirect ignored. dest = %lX, "
"orig gw = %lX, \"new\" gw = %lX, device = %s.\n", ntohl(ip),
ntohl(source), ntohl(icmph->un.gateway), dev->name));
+ }
#else
switch(icmph->code & 7)
{
diff --recursive -u -x *isdn* -x *init.c* linux/net/ipv4/ip_forward.c linux/net/ipv4/ip_forward.c
--- linux/net/ipv4/ip_forward.c Thu Nov 7 19:13:48 1996
+++ linux/net/ipv4/ip_forward.c Thu Nov 7 19:25:55 1996
@@ -40,7 +40,12 @@
#include <linux/route.h>
#include <net/route.h>
-#ifdef CONFIG_IP_FORWARD
+#ifdef CONFIG_IP_FORWARD /* set the default */
+int sysctl_ip_forward = 1;
+#else
+int sysctl_ip_forward = 0;
+#endif
+
#ifdef CONFIG_IP_MROUTE
/*
@@ -560,7 +565,6 @@
}
-#endif
diff --recursive -u -x *isdn* -x *init.c* linux/net/ipv4/ip_input.c linux/net/ipv4/ip_input.c
--- linux/net/ipv4/ip_input.c Thu Nov 7 19:15:32 1996
+++ linux/net/ipv4/ip_input.c Thu Nov 7 18:52:35 1996
@@ -480,13 +480,13 @@
{
opt->srr_is_hit = 1;
opt->is_changed = 1;
-#ifdef CONFIG_IP_FORWARD
- if (ip_forward(skb, dev, is_frag, nexthop))
+ if (sysctl_ip_forward) {
+ if (ip_forward(skb, dev, is_frag, nexthop))
+ kfree_skb(skb, FREE_WRITE);
+ } else {
+ ip_statistics.IpInAddrErrors++;
kfree_skb(skb, FREE_WRITE);
-#else
- ip_statistics.IpInAddrErrors++;
- kfree_skb(skb, FREE_WRITE);
-#endif
+ }
return 0;
}
}
@@ -716,21 +716,21 @@
* The packet is for another target. Forward the frame
*/
-#ifdef CONFIG_IP_FORWARD
- if (opt && opt->is_strictroute)
- {
- icmp_send(skb, ICMP_PARAMETERPROB, 0, 16, skb->dev);
- kfree_skb(skb, FREE_WRITE);
- return -1;
- }
- if (ip_forward(skb, dev, is_frag, iph->daddr))
- kfree_skb(skb, FREE_WRITE);
-#else
+ if (sysctl_ip_forward) {
+ if (opt && opt->is_strictroute)
+ {
+ icmp_send(skb, ICMP_PARAMETERPROB, 0, 16, skb->dev);
+ kfree_skb(skb, FREE_WRITE);
+ return -1;
+ }
+ if (ip_forward(skb, dev, is_frag, iph->daddr))
+ kfree_skb(skb, FREE_WRITE);
+ } else {
/* printk("Machine %lx tried to use us as a forwarder to %lx but we have forwarding disabled!\n",
iph->saddr,iph->daddr);*/
- ip_statistics.IpInAddrErrors++;
- kfree_skb(skb, FREE_WRITE);
-#endif
+ ip_statistics.IpInAddrErrors++;
+ kfree_skb(skb, FREE_WRITE);
+ }
return(0);
}
diff --recursive -u -x *isdn* -x *init.c* linux/net/ipv4/protocol.c linux/net/ipv4/protocol.c
--- linux/net/ipv4/protocol.c Thu Nov 7 19:15:33 1996
+++ linux/net/ipv4/protocol.c Thu Nov 7 18:48:54 1996
@@ -46,7 +46,6 @@
#include <linux/igmp.h>
-#ifdef CONFIG_IP_FORWARD
#ifdef CONFIG_NET_IPIP
static struct inet_protocol ipip_protocol =
@@ -62,13 +61,12 @@
#endif
-#endif
static struct inet_protocol tcp_protocol =
{
tcp_rcv, /* TCP handler */
tcp_err, /* TCP error control */
-#if defined(CONFIG_NET_IPIP) && defined(CONFIG_IP_FORWARD)
+#if defined(CONFIG_NET_IPIP)
&ipip_protocol,
#else
NULL, /* next */
diff --recursive -u -x *isdn* -x *init.c* linux/net/ipv4/sysctl_net_ipv4.c linux/net/ipv4/sysctl_net_ipv4.c
--- linux/net/ipv4/sysctl_net_ipv4.c Mon Jun 3 13:07:09 1996
+++ linux/net/ipv4/sysctl_net_ipv4.c Thu Nov 7 19:28:06 1996
@@ -7,6 +7,7 @@
#include <linux/mm.h>
#include <linux/sysctl.h>
+#include <net/ip.h>
/* From arp.c */
extern int sysctl_arp_res_time;
@@ -17,6 +18,27 @@
extern int sysctl_arp_confirm_interval;
extern int sysctl_arp_confirm_timeout;
+extern int sysctl_ip_forward;
+static int proc_doipforward(ctl_table *ctl, int write, struct file *filp,
+ void *buffer, size_t *lenp)
+{
+ int val = sysctl_ip_forward;
+ int retv;
+
+ retv = proc_dointvec(ctl, write, filp, buffer, lenp);
+ if (write) {
+ if (sysctl_ip_forward && !val) {
+ printk(KERN_INFO "sysctl: ip forwarding enabled\n");
+ ip_statistics.IpForwarding = 1;
+ }
+ if (!sysctl_ip_forward && val) {
+ printk(KERN_INFO, "sysctl: ip forwarding off\n");
+ ip_statistics.IpForwarding = 2;
+ }
+ }
+ return retv;
+}
+
ctl_table ipv4_table[] = {
{NET_IPV4_ARP_RES_TIME, "arp_res_time",
&sysctl_arp_res_time, sizeof(int), 0644, NULL, &proc_dointvec},
@@ -34,5 +56,7 @@
{NET_IPV4_ARP_CONFIRM_TIMEOUT, "arp_confirm_timeout",
&sysctl_arp_confirm_timeout, sizeof(int), 0644, NULL,
&proc_dointvec},
+ {NET_IPV4_FORWARD, "ip_forward", &sysctl_ip_forward, sizeof(int),
+ 0644, NULL, &proc_doipforward },
{0}
};
diff --recursive -u -x *isdn* -x *init.c* linux/net/netsyms.c linux/net/netsyms.c
--- linux/net/netsyms.c Fri Jul 19 07:24:05 1996
+++ linux/net/netsyms.c Thu Nov 7 18:54:08 1996
@@ -105,9 +105,7 @@
X(arp_send),
X(ip_id_count),
X(ip_send_check),
-#ifdef CONFIG_IP_FORWARD
X(ip_forward),
-#endif
#if defined(CONFIG_ULTRA) || defined(CONFIG_WD80x3) || \
defined(CONFIG_EL2) || defined(CONFIG_NE2000) || \
>
> ---
> M Shariful Anam <shuman@kaifnet.com>
>
> Kaifnet Services -- Bangladesh