IPv6: Return errors from ip6_forwarding

On all OS 0 is disabled and >0 is enabled. So return -1 on any error which is returned to the main process so we could log a diagnostic in the future. While where allow privsep to actually get the sysctl for Capsicum.
NetworkConfiguration · Sep 4, 2024 · 82e16d1 · 82e16d1
1 parent 6462734
commit 82e16d1
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 10 deletions.
diff --git a/src/if-bsd.c b/src/if-bsd.c
@@ -1767,14 +1767,12 @@ inet6_sysctlbyname(const char *name, int val, int action)
 int
 ip6_forwarding(__unused const char *ifname)
 {
-	int val;
 
 #ifdef IPV6CTL_FORWARDING
-	val = get_inet6_sysctl(IPV6CTL_FORWARDING);
+	return get_inet6_sysctl(IPV6CTL_FORWARDING);
 #else
-	val = get_inet6_sysctlbyname("net.inet6.ip6.forwarding");
+	return get_inet6_sysctlbyname("net.inet6.ip6.forwarding");
 #endif
-	return val < 0 ? 0 : val;
 }
 
 #ifdef SIOCIFAFATTACH

diff --git a/src/if-linux.c b/src/if-linux.c
@@ -2250,10 +2250,10 @@ ip6_forwarding(const char *ifname)
 		ifname = "all";
 	snprintf(path, sizeof(path), "%s/%s/forwarding", p_conf, ifname);
 	if (readfile(path, buf, sizeof(buf)) == -1)
-		return 0;
+		return -1;
 	i = (int)strtoi(buf, NULL, 0, INT_MIN, INT_MAX, &error);
 	if (error != 0 && error != ENOTSUP)
-		return 0;
+		return -1;
 	return i;
 }
 

diff --git a/src/ipv6.c b/src/ipv6.c
@@ -1149,10 +1149,10 @@ ipv6_anyglobal(struct interface *sifp)
 	 * Per interface only affects IsRouter of NA messages. */
 #ifdef PRIVSEP_SYSCTL
 	if (IN_PRIVSEP(sifp->ctx))
-		forwarding = ps_root_ip6forwarding(sifp->ctx, NULL) != 0;
+		forwarding = ps_root_ip6forwarding(sifp->ctx, NULL) > 0;
 	else
 #endif
-		forwarding = ip6_forwarding(NULL) != 0;
+		forwarding = ip6_forwarding(NULL) > 0;
 
 	if (!forwarding)
 		return NULL;

diff --git a/src/ipv6nd.c b/src/ipv6nd.c
@@ -572,7 +572,7 @@ ipv6nd_advertise(struct ipv6_addr *ia)
 			na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
 	} else
 #endif
-	if (ip6_forwarding(ifp->name) != 0)
+	if (ip6_forwarding(ifp->name) > 0)
 		na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
 	na->nd_na_target = ia->addr;
 

diff --git a/src/privsep-root.c b/src/privsep-root.c
@@ -611,7 +611,7 @@ ps_root_recvmsgcb(void *arg, struct ps_msghdr *psm, struct msghdr *msg)
 		free_rdata = true;
 		break;
 #endif
-#if defined(INET6) && (defined(__linux__) || defined(HAVE_PLEDGE))
+#if defined(INET6) && defined(PRIVSEP_SYSCTL)
 	case PS_IP6FORWARDING:
 		 err = ip6_forwarding(data);
 		 break;