From: Roy Marples <roy@marples.name>
Date: Wed, 4 Sep 2024 11:18:10 +0000 (+0100)
Subject: IPv6: Return errors from ip6_forwarding
X-Git-Tag: v10.1.0~14
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=82e16d16bf2372cd20c55bd07fea5f1bb405a936;p=thirdparty%2Fdhcpcd.git

IPv6: Return errors from ip6_forwarding

On all OS 0 is disabled and >0 is enabled.
So return -1 on any error which is returned to the main process so
we could log a diagnostic in the future.

While where allow privsep to actually get the sysctl for Capsicum.
---

diff --git a/src/if-bsd.c b/src/if-bsd.c
index a0dde173..ceae9859 100644
--- a/src/if-bsd.c
+++ b/src/if-bsd.c
@@ -1767,14 +1767,12 @@ inet6_sysctlbyname(const char *name, int val, int action)
 int
 ip6_forwarding(__unused const char *ifname)
 {
-	int val;
 
 #ifdef IPV6CTL_FORWARDING
-	val = get_inet6_sysctl(IPV6CTL_FORWARDING);
+	return get_inet6_sysctl(IPV6CTL_FORWARDING);
 #else
-	val = get_inet6_sysctlbyname("net.inet6.ip6.forwarding");
+	return get_inet6_sysctlbyname("net.inet6.ip6.forwarding");
 #endif
-	return val < 0 ? 0 : val;
 }
 
 #ifdef SIOCIFAFATTACH
diff --git a/src/if-linux.c b/src/if-linux.c
index 83312656..b9075952 100644
--- a/src/if-linux.c
+++ b/src/if-linux.c
@@ -2250,10 +2250,10 @@ ip6_forwarding(const char *ifname)
 		ifname = "all";
 	snprintf(path, sizeof(path), "%s/%s/forwarding", p_conf, ifname);
 	if (readfile(path, buf, sizeof(buf)) == -1)
-		return 0;
+		return -1;
 	i = (int)strtoi(buf, NULL, 0, INT_MIN, INT_MAX, &error);
 	if (error != 0 && error != ENOTSUP)
-		return 0;
+		return -1;
 	return i;
 }
 
diff --git a/src/ipv6.c b/src/ipv6.c
index 28f31fc9..8877381a 100644
--- a/src/ipv6.c
+++ b/src/ipv6.c
@@ -1149,10 +1149,10 @@ ipv6_anyglobal(struct interface *sifp)
 	 * Per interface only affects IsRouter of NA messages. */
 #ifdef PRIVSEP_SYSCTL
 	if (IN_PRIVSEP(sifp->ctx))
-		forwarding = ps_root_ip6forwarding(sifp->ctx, NULL) != 0;
+		forwarding = ps_root_ip6forwarding(sifp->ctx, NULL) > 0;
 	else
 #endif
-		forwarding = ip6_forwarding(NULL) != 0;
+		forwarding = ip6_forwarding(NULL) > 0;
 
 	if (!forwarding)
 		return NULL;
diff --git a/src/ipv6nd.c b/src/ipv6nd.c
index 3d3f1fbd..71b1230c 100644
--- a/src/ipv6nd.c
+++ b/src/ipv6nd.c
@@ -572,7 +572,7 @@ ipv6nd_advertise(struct ipv6_addr *ia)
 			na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
 	} else
 #endif
-	if (ip6_forwarding(ifp->name) != 0)
+	if (ip6_forwarding(ifp->name) > 0)
 		na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
 	na->nd_na_target = ia->addr;
 
diff --git a/src/privsep-root.c b/src/privsep-root.c
index 50cd2941..d33286ec 100644
--- a/src/privsep-root.c
+++ b/src/privsep-root.c
@@ -611,7 +611,7 @@ ps_root_recvmsgcb(void *arg, struct ps_msghdr *psm, struct msghdr *msg)
 		free_rdata = true;
 		break;
 #endif
-#if defined(INET6) && (defined(__linux__) || defined(HAVE_PLEDGE))
+#if defined(INET6) && defined(PRIVSEP_SYSCTL)
 	case PS_IP6FORWARDING:
 		 err = ip6_forwarding(data);
 		 break;