From 0bdf0d60dfc63b3085242b4ddb6a34a1fc270f16 Mon Sep 17 00:00:00 2001 From: Sean Whalen <44679+seanthegeek@users.noreply.github.com> Date: Thu, 19 Dec 2024 11:13:00 -0500 Subject: [PATCH] Enable IPv4 forwarding at rooter startup Also add the `--sysctrl` option to the `rooter.py` CLI --- utils/rooter.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/utils/rooter.py b/utils/rooter.py index 717bdbdc762..702815ef44a 100644 --- a/utils/rooter.py +++ b/utils/rooter.py @@ -46,6 +46,12 @@ def run(*args): stdout, stderr = p.communicate() return stdout, stderr +def enable_ip_forwarding(sysctl="/usr/sbin/ctl"): + log.debug("Enabling IPv4 forwarding") + with open("/proc/sys/net/ipv4/ip_forward", "w+") as ip_forward: + ip_forward.write("0") + run([sysctl, "-w" "net.ipv4.ip_forward=1"]) + def check_tuntap(vm_name, main_iface): """Create tuntap device for qemu vms""" @@ -763,6 +769,7 @@ def drop_disable(ipaddr, resultserver_port): parser.add_argument("socket", nargs="?", default="/tmp/cuckoo-rooter", help="Unix socket path") parser.add_argument("-g", "--group", default="cape", help="Unix socket group") parser.add_argument("--systemctl", default="/bin/systemctl", help="Systemctl wrapper script for invoking OpenVPN") + parser.add_argument("--sysctl", default="/usr/sbin/ctl", help=Path to sysctl") parser.add_argument("--iptables", default="/sbin/iptables", help="Path to iptables") parser.add_argument("--iptables-save", default="/sbin/iptables-save", help="Path to iptables-save") parser.add_argument("--iptables-restore", default="/sbin/iptables-restore", help="Path to iptables-restore") @@ -786,9 +793,14 @@ def drop_disable(ipaddr, resultserver_port): if not settings.iptables or not path_exists(settings.iptables): sys.exit("The `iptables` binary is not available, eh?!") + if not settings.sysctl or not path_exists(settings.sysctl): + sys.exit("The `iptables` binary is not available, eh?!") + if os.getuid(): sys.exit("This utility is supposed to be ran as root.") + enable_ip_forwarding(settings.sysctl) + if path_exists(settings.socket): path_delete(settings.socket)