From f05576a33b0944b8319b377c414c7c8dc659796a Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Tue, 23 May 2017 14:09:01 +0200 Subject: main/dnsmasq: add feature to create bridge interfaces Make it possible to create bridge interfaces for use with lxc and xen --- main/dnsmasq/APKBUILD | 4 +-- main/dnsmasq/dnsmasq.initd | 85 +++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 79 insertions(+), 10 deletions(-) (limited to 'main/dnsmasq') diff --git a/main/dnsmasq/APKBUILD b/main/dnsmasq/APKBUILD index 5fc4793454..046a197f39 100644 --- a/main/dnsmasq/APKBUILD +++ b/main/dnsmasq/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=dnsmasq pkgver=2.76 -pkgrel=3 +pkgrel=4 pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server" url="http://www.thekelleys.org.uk/dnsmasq/" arch="all" @@ -63,6 +63,6 @@ dnssec() { } sha512sums="c22627a8d864671096d3b3428ec4f879b513e1f1e7f79be3ab89444c56234e748fbfa6b6b4f9e521984fea95d363f4aa2ca6243f0dfc12ffb74bed0648ae21c5 dnsmasq-2.76.tar.gz -1ab7a44ac19bdaf15ca995e236409f9010b3092155add87cc6a919452423919e710525de7da8f01315729ce56db6ba2584567ba67c787d4c3d64a366572331c4 dnsmasq.initd +b07055d71e535f753aff432124812fbef86cc2f490ff2a4704959c34b0f69caa74791a4ad08b2b8638c9126233591d3a86c188965eb1308e7e7c12dc0039d1ad dnsmasq.initd 9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch" diff --git a/main/dnsmasq/dnsmasq.initd b/main/dnsmasq/dnsmasq.initd index c92853416d..f5114fb806 100644 --- a/main/dnsmasq/dnsmasq.initd +++ b/main/dnsmasq/dnsmasq.initd @@ -8,11 +8,25 @@ description_checkconfig="Check configuration syntax" extra_started_commands="reload" description_reload="Clear cache and reload hosts files" +: ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf} + command="/usr/sbin/dnsmasq" # Tell dnsmasq to not create pidfile, that's responsibility of init system. -command_args="-k --pid-file= $DNSMASQ_OPTS" +command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE" command_background="yes" -pidfile="/run/dnsmasq.pid" +pidfile="/run/${RC_SVCNAME}.pid" +leasefile=/var/lib/misc/$RC_SVCNAME.leases + +if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then + BRIDGE="${RC_SVCNAME#*.}" + : ${BRIDGE_ADDR:="10.0.3.1"} + : ${BRIDGE_NETMASK:="255.255.255.0"} + : ${BRIDGE_NETWORK:="10.0.3.0/24"} + : ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"} + : ${BRIDGE_DHCP_MAX:="253"} + : ${BRIDGE_MAC:="00:16:3e:00:00:00" } +fi +. depend() { provide dns @@ -21,22 +35,77 @@ depend() { use logger } +setup_firewall() { + local ins=$1 add=$2 + iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT + iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT + iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE + iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +} + +setup_bridge() { + if ! [ -d /sys/class/net/$BRIDGE ]; then + ip link add dev $BRIDGE type bridge + fi + ip addr add ${BRIDGE_ADDR}/${BRIDGE_NETMASK} dev $BRIDGE \ + && ip link set dev $BRIDGE address ${BRIDGE_MAC} \ + && ip link set dev $BRIDGE up + + echo 1 > /proc/sys/net/ipv4/ip_forward + echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad || true + + if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf + ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK} + if [ "$BRIDGE_IPV6_NAT" = "true" ]; then + ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE + fi + command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}" + fi + +} + start_pre() { - $command --test 2>/dev/null || $command --test || return 1 - checkpath -m 0644 -o dnsmasq:dnsmasq -f /var/lib/misc/dnsmasq.leases + $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ + || $command --test || return 1 + checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile || return 1 + + if [ -n "$DNSMASQ_CONFFILE" ]; then + command_args="$command_args --conf-file=$DNSMASQ_CONFFILE" + fi + if [ -z "$BRIDGE" ]; then + return 0 + fi + + setup_bridge + setup_firewall -I -A + command_args="$command_args --strict-order --bind-interfaces --listen-address ${BRIDGE_ADDR} --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative" +} + +stop_post() { + if [ -n "$BRIDGE" ]; then + ip link set dev $BRIDGE down + setup_firewall -D -D + # dont destroy if there are attached interfaces + ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${BRIDGE} + fi } reload() { ebegin "Reloading $RC_SVCNAME" - - start_pre || return 1 + $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ + || $command --test || return 1 start-stop-daemon --signal HUP --pidfile "$pidfile" eend $? } checkconfig() { ebegin "Checking $RC_SVCNAME configuration" - - $command --test + $command --test --conf-file=$DNSMAQ_CONFFILE eend $? } -- cgit v1.2.3