summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am1
-rw-r--r--debian/control7
-rw-r--r--debian/copyright3
-rw-r--r--debian/vyatta-cfg-system.postinst.in18
-rw-r--r--scripts/dns-forwarding/vyatta-dns-forwarding.pl138
-rwxr-xr-xscripts/standalone_root_pw_reset4
-rw-r--r--sysconf/vyatta-sysctl.conf3
-rw-r--r--templates/interfaces/bridge/node.tag/address/node.def3
-rw-r--r--templates/interfaces/tunnel/node.tag/address/node.def3
-rw-r--r--templates/service/dns-forwarding/cache-size/node.def4
-rw-r--r--templates/service/dns-forwarding/ignore-interface/node.def19
-rw-r--r--templates/service/dns-forwarding/node.def10
-rw-r--r--templates/system/static-host-mapping/host-name/node.def17
13 files changed, 209 insertions, 21 deletions
diff --git a/Makefile.am b/Makefile.am
index 576be4be..ec5a473e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,6 +30,7 @@ sbin_SCRIPTS += scripts/keepalived/vyatta-vrrp-state.pl
sbin_SCRIPTS += scripts/telnetd.init
sbin_SCRIPTS += scripts/add_bootfile_eth_hwid
sbin_SCRIPTS += scripts/mod_bootfile_eth_hwid
+sbin_SCRIPTS += scripts/dns-forwarding/vyatta-dns-forwarding.pl
noinst_DATA = test_bootfile
diff --git a/debian/control b/debian/control
index 4b5692bb..bcca954f 100644
--- a/debian/control
+++ b/debian/control
@@ -27,13 +27,16 @@ Depends: sed (>= 4.1.5),
ssh,
ed,
tshark,
- iputils-arping
+ ifenslave-2.6,
+ iputils-arping,
installation-report,
laptop-detect,
usbutils,
tasksel,
snmp,
- tcpdump
+ tcpdump,
+ dnsmasq
+Pre-Depends: bash-completion
Suggests: util-linux (>= 2.13-5),
net-tools,
ethtool,
diff --git a/debian/copyright b/debian/copyright
index f12deb1f..5eb46c84 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,7 +1,8 @@
This package was debianized by An-Cheng Huang <ancheng@vyatta.com> on
Thu, 18 Oct 2007 11:03:18 -0700.
-It's original content from the GIT repository <http://vyatt.com/git/vyatta-cfg-system>
+It's original content from the GIT repository
+ <http://vyatt.com/git/vyatta-cfg-system>
Upstream Author:
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index b21437a5..2c057103 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -7,7 +7,7 @@ bindir=@bindir@
sbindir=@sbindir@
# remove init of daemons that we start/stop
-for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm; do
+for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm dnsmasq; do
update-rc.d -f ${init} remove >/dev/null
done
@@ -23,6 +23,7 @@ esac
ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules
if [ "$sysconfdir" != "/etc" ]; then
+ touch /etc/sudoers
cp -p /etc/sudoers /etc/sudoers.bak
# for "admin" level
@@ -32,13 +33,12 @@ if [ "$sysconfdir" != "/etc" ]; then
fi
# cleanup any old entries from previous versions
- ed - /etc/sudoers <<EOF
-/### BEGIN VYATTA/,/### END VYATTA/d
-/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d
-g/sudo-users/d
-g/env_keep+=VYATTA/d
-wq
-EOF
+ sed -i /etc/sudoers \
+ -e '/### BEGIN VYATTA/,/### END VYATTA/d' \
+ -e '/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d' \
+ -e '/sudo-users/d' \
+ -e '/env_keep+=VYATTA/d' || true
+
# Add Vyatta entries
cat <<"EOF" >>/etc/sudoers
### BEGIN VYATTA
@@ -85,6 +85,8 @@ if [ ! -f /etc/bash_completion ]; then
echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion
fi
+sed -i 's/^set /builtin set /' /etc/bash_completion
+
# Local Variables:
# mode: shell-script
# sh-indentation: 4
diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl
new file mode 100644
index 00000000..1fb2282a
--- /dev/null
+++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl
@@ -0,0 +1,138 @@
+#!/usr/bin/perl
+#
+# Module: vyatta-dns-forwarding.pl
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Mohit Mehta
+# Date: August 2008
+# Description: Script to glue Vyatta CLI to dnsmasq daemon
+#
+# **** End License ****
+#
+
+use lib "/opt/vyatta/share/perl5/";
+use VyattaConfig;
+use VyattaMisc;
+use Getopt::Long;
+
+use strict;
+use warnings;
+
+my $dnsforwarding_init = '/etc/init.d/dnsmasq';
+my $dnsforwarding_conf = '/etc/dnsmasq.conf';
+
+sub dnsforwarding_init {
+
+}
+
+sub dnsforwarding_restart {
+ system("$dnsforwarding_init restart >&/dev/null");
+ print "Setting up DNS forwarding.\n";
+}
+
+sub dnsforwarding_stop {
+ system("$dnsforwarding_init stop >&/dev/null");
+ print "Stopping DNS forwarding.\n";
+}
+
+sub dnsforwarding_get_constants {
+ my $output;
+
+ my $date = `date`;
+ chomp $date;
+ $output = "#\n# autogenerated by vyatta-dns-forwarding.pl on $date\n#\n";
+ return $output;
+}
+
+sub dnsforwarding_get_values {
+ my $output = '';
+ my $config = new VyattaConfig;
+
+ $config->setLevel("service dns-forwarding");
+
+ my @ignore_interfaces = $config->returnValues("ignore-interface");
+ if ($#ignore_interfaces >= 0) {
+ foreach my $interface (@ignore_interfaces) {
+ $output .= "except-interface=$interface\n";
+ }
+ }
+
+ my $cache_size = $config->returnValue("cache-size");
+ if (defined $cache_size) {
+ $output .= "cache-size=$cache_size\n";
+ }
+
+ return $output;
+}
+
+sub dnsforwarding_write_file {
+ my ($config) = @_;
+
+ open(my $fh, '>', $dnsforwarding_conf) || die "Couldn't open $dnsforwarding_conf - $!";
+ print $fh $config;
+ close $fh;
+}
+
+sub check_nameserver {
+
+ my $cmd = `grep nameserver /etc/resolv.conf|wc -l`;
+ return $cmd;
+}
+
+#
+# main
+#
+my $init_dnsforwarding;
+my $update_dnsforwarding;
+my $stop_dnsforwarding;
+my $nameserver;
+
+GetOptions("init-dnsforwarding!" => \$init_dnsforwarding,
+ "update-dnsforwarding!" => \$update_dnsforwarding,
+ "stop-dnsforwarding!" => \$stop_dnsforwarding,
+ "nameserver!" => \$nameserver);
+
+if (defined $nameserver) {
+ my $nameserver_exists = check_nameserver();
+ if ($nameserver_exists < 1){
+ exit 1;
+ } else {
+ exit 0;
+ }
+}
+
+
+if (defined $init_dnsforwarding) {
+ dnsforwarding_init();
+}
+
+if (defined $update_dnsforwarding) {
+ my $config;
+
+ $config = dnsforwarding_get_constants();
+ $config .= dnsforwarding_get_values();
+ dnsforwarding_write_file($config);
+ dnsforwarding_restart();
+}
+
+if (defined $stop_dnsforwarding) {
+ dnsforwarding_stop();
+}
+
+exit 0;
+
+# end of file
+
diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset
index b173f22d..336d534d 100755
--- a/scripts/standalone_root_pw_reset
+++ b/scripts/standalone_root_pw_reset
@@ -70,13 +70,13 @@ cp $CF ${CF}.before_pwrecovery
echo "Reseting the root password..."
# change system first
-newpwd=$(mkpasswd -H md5 vyatta)
+newpwd=`mkpasswd -H md5 vyatta`
usermod --password "$newpwd" root
# escape / in encrypted passwd
pw=$(echo $newpwd | sed 's:/:\\/:g')
sed -i \
- -e "/^.* user root {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$pw\"/" \
+ -e "/^.* user root {/,/}/s/encrypted-password .*\$/encrypted-password \"$pw\"/" \
$CF
echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index cb03a614..fae11945 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -24,3 +24,6 @@ net.ipv4.icmp_errors_use_inbound_ifaddr=1
# Turn off SACK since it causes problems with MD5 due to lack of options space
net.ipv4.tcp_sack=0
+
+# Enable packet forwarding for IPv6
+net.ipv6.conf.all.forwarding=1
diff --git a/templates/interfaces/bridge/node.tag/address/node.def b/templates/interfaces/bridge/node.tag/address/node.def
index 52188386..3f04ec06 100644
--- a/templates/interfaces/bridge/node.tag/address/node.def
+++ b/templates/interfaces/bridge/node.tag/address/node.def
@@ -7,5 +7,6 @@ delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete
allowed: echo "dhcp <>"
comp_help:Possible completions:
<x.x.x.x/x> Set the IP address and prefix length
- dhcp\t\t\t\tSet the IP address and prefix length via DHCP
+ <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length
+ dhcp Set the IP address and prefix length via DHCP
diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def
index 07ea4a0e..3310ee00 100644
--- a/templates/interfaces/tunnel/node.tag/address/node.def
+++ b/templates/interfaces/tunnel/node.tag/address/node.def
@@ -9,4 +9,5 @@ update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update
delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)"
comp_help:Possible completions:
- <x.x.x.x/x> Set the IP address and prefix length
+ <x.x.x.x/x> Set the IP address and prefix length
+ <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length
diff --git a/templates/service/dns-forwarding/cache-size/node.def b/templates/service/dns-forwarding/cache-size/node.def
new file mode 100644
index 00000000..3a73f308
--- /dev/null
+++ b/templates/service/dns-forwarding/cache-size/node.def
@@ -0,0 +1,4 @@
+type: u32
+default:150
+help: Set DNS forwarding cache size
+syntax:expression: ($VAR(@) >=0 && $VAR(@) < 10001) ; "Cache size must be between 0 and 10000"
diff --git a/templates/service/dns-forwarding/ignore-interface/node.def b/templates/service/dns-forwarding/ignore-interface/node.def
new file mode 100644
index 00000000..5355eecf
--- /dev/null
+++ b/templates/service/dns-forwarding/ignore-interface/node.def
@@ -0,0 +1,19 @@
+multi:
+type: txt
+help: Set interface to ignore DNS queries on
+syntax:expression: exec "
+ intf_array=($(awk '$1 ~ /:$/ { print $1 }' /proc/net/dev))
+ intf_array_len=${#intf_array[*]}
+ i=0
+ while [ $i -lt $intf_array_len ]; do
+ if [ \"${intf_array[$i]}\" == \"$VAR(@):\" ] ; then
+ exit 0
+ fi
+ let i++
+ done
+ echo Invalid ethernet interface [$VAR(@)]
+ exit 1 "
+
+allowed: local -a array ;
+ array=($(awk '$1 ~ /:$/ { print $1 }' /proc/net/dev));
+ echo -n ${array[@]%:}
diff --git a/templates/service/dns-forwarding/node.def b/templates/service/dns-forwarding/node.def
new file mode 100644
index 00000000..f84e4f02
--- /dev/null
+++ b/templates/service/dns-forwarding/node.def
@@ -0,0 +1,10 @@
+help: Configure Domain Name Server (DNS) forwarding
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --nameserver"; "No nameserver exists to forward DNS queries"
+create:expression: "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --init-dnsforwarding"
+delete:expression: "touch /tmp/dnsmasq.$PPID"
+end:expression: "if [ -f \"/tmp/dnsmasq.$PPID\" ]; then \
+ sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --stop-dnsforwarding \
+ rm /tmp/dnsmasq.$PPID; \
+ else \
+ sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --update-dnsforwarding; \
+ fi; "
diff --git a/templates/system/static-host-mapping/host-name/node.def b/templates/system/static-host-mapping/host-name/node.def
index 189025e3..187b21dd 100644
--- a/templates/system/static-host-mapping/host-name/node.def
+++ b/templates/system/static-host-mapping/host-name/node.def
@@ -3,9 +3,14 @@ type: txt
help: Set to map DNS names to system interfaces
syntax:expression: pattern $VAR(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $VAR(@)"
commit:expression: $VAR(./inet) != ""; "IP address for the static mapping must be set"
-end:expression: "sudo sh -c \"\
- touch /etc/hosts; \
- sed -i '/ $VAR(@) .*#vyatta entry/d' /etc/hosts; \
- if [ -z \"$VAR(./inet/@)\" ]; then exit 0; fi; \
- declare -a aliases=( $VAR(alias/@@) ); \
- echo \\\"$VAR(inet/@)\t $VAR(@) \\${aliases[*]} \t #vyatta entry\\\" \ >> /etc/hosts\" "
+end: sudo sh -c "
+ touch /etc/hosts
+ sed -i '/ $VAR(@) .*#vyatta entry/d' /etc/hosts
+ if [ -z \"$VAR(./inet/@)\" ]; then
+ if [ -d /opt/vyatta/config/active/service/dns-forwarding ]; then /etc/init.d/dnsmasq restart >&/dev/null; fi
+ exit 0
+ fi
+ declare -a aliases=( $VAR(alias/@@) )
+ echo -e \"$VAR(inet/@)\\t $VAR(@) \${aliases[*]} \\t #vyatta entry\" >> /etc/hosts
+ if [ -d /opt/vyatta/config/active/service/dns-forwarding ]; then /etc/init.d/dnsmasq restart >&/dev/null; fi"
+