Skip to content

Commit

Permalink
Enable IPv4 forwarding at rooter startup
Browse files Browse the repository at this point in the history 
Also add the `--sysctrl` option to the `rooter.py` CLI
  • Loading branch information
@seanthegeek
seanthegeek authored Dec 19, 2024
1 parent 0018def commit 0bdf0d6
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions utils/rooter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ def run(*args):
stdout, stderr = p.communicate()
return stdout, stderr

def enable_ip_forwarding(sysctl="/usr/sbin/ctl"):
log.debug("Enabling IPv4 forwarding")
with open("/proc/sys/net/ipv4/ip_forward", "w+") as ip_forward:
ip_forward.write("0")
run([sysctl, "-w" "net.ipv4.ip_forward=1"])


def check_tuntap(vm_name, main_iface):
"""Create tuntap device for qemu vms"""
Expand Down Expand Up @@ -763,6 +769,7 @@ def drop_disable(ipaddr, resultserver_port):
parser.add_argument("socket", nargs="?", default="/tmp/cuckoo-rooter", help="Unix socket path")
parser.add_argument("-g", "--group", default="cape", help="Unix socket group")
parser.add_argument("--systemctl", default="/bin/systemctl", help="Systemctl wrapper script for invoking OpenVPN")
parser.add_argument("--sysctl", default="/usr/sbin/ctl", help=Path to sysctl")
parser.add_argument("--iptables", default="/sbin/iptables", help="Path to iptables")
parser.add_argument("--iptables-save", default="/sbin/iptables-save", help="Path to iptables-save")
parser.add_argument("--iptables-restore", default="/sbin/iptables-restore", help="Path to iptables-restore")
Expand All @@ -786,9 +793,14 @@ def drop_disable(ipaddr, resultserver_port):
if not settings.iptables or not path_exists(settings.iptables):
sys.exit("The `iptables` binary is not available, eh?!")

if not settings.sysctl or not path_exists(settings.sysctl):
sys.exit("The `iptables` binary is not available, eh?!")

if os.getuid():
sys.exit("This utility is supposed to be ran as root.")

enable_ip_forwarding(settings.sysctl)

if path_exists(settings.socket):
path_delete(settings.socket)

Expand Down

0 comments on commit 0bdf0d6

Please sign in to comment.