diff options
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | debian/control | 7 | ||||
-rw-r--r-- | debian/copyright | 3 | ||||
-rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 18 | ||||
-rw-r--r-- | scripts/dns-forwarding/vyatta-dns-forwarding.pl | 138 | ||||
-rwxr-xr-x | scripts/standalone_root_pw_reset | 4 | ||||
-rw-r--r-- | sysconf/vyatta-sysctl.conf | 3 | ||||
-rw-r--r-- | templates/interfaces/bridge/node.tag/address/node.def | 3 | ||||
-rw-r--r-- | templates/interfaces/tunnel/node.tag/address/node.def | 3 | ||||
-rw-r--r-- | templates/service/dns-forwarding/cache-size/node.def | 4 | ||||
-rw-r--r-- | templates/service/dns-forwarding/ignore-interface/node.def | 19 | ||||
-rw-r--r-- | templates/service/dns-forwarding/node.def | 10 | ||||
-rw-r--r-- | templates/system/static-host-mapping/host-name/node.def | 17 |
13 files changed, 209 insertions, 21 deletions
diff --git a/Makefile.am b/Makefile.am index 576be4be..ec5a473e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -30,6 +30,7 @@ sbin_SCRIPTS += scripts/keepalived/vyatta-vrrp-state.pl sbin_SCRIPTS += scripts/telnetd.init sbin_SCRIPTS += scripts/add_bootfile_eth_hwid sbin_SCRIPTS += scripts/mod_bootfile_eth_hwid +sbin_SCRIPTS += scripts/dns-forwarding/vyatta-dns-forwarding.pl noinst_DATA = test_bootfile diff --git a/debian/control b/debian/control index 4b5692bb..bcca954f 100644 --- a/debian/control +++ b/debian/control @@ -27,13 +27,16 @@ Depends: sed (>= 4.1.5), ssh, ed, tshark, - iputils-arping + ifenslave-2.6, + iputils-arping, installation-report, laptop-detect, usbutils, tasksel, snmp, - tcpdump + tcpdump, + dnsmasq +Pre-Depends: bash-completion Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/debian/copyright b/debian/copyright index f12deb1f..5eb46c84 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,7 +1,8 @@ This package was debianized by An-Cheng Huang <ancheng@vyatta.com> on Thu, 18 Oct 2007 11:03:18 -0700. -It's original content from the GIT repository <http://vyatt.com/git/vyatta-cfg-system> +It's original content from the GIT repository + <http://vyatt.com/git/vyatta-cfg-system> Upstream Author: diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index b21437a5..2c057103 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -7,7 +7,7 @@ bindir=@bindir@ sbindir=@sbindir@ # remove init of daemons that we start/stop -for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm; do +for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm dnsmasq; do update-rc.d -f ${init} remove >/dev/null done @@ -23,6 +23,7 @@ esac ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules if [ "$sysconfdir" != "/etc" ]; then + touch /etc/sudoers cp -p /etc/sudoers /etc/sudoers.bak # for "admin" level @@ -32,13 +33,12 @@ if [ "$sysconfdir" != "/etc" ]; then fi # cleanup any old entries from previous versions - ed - /etc/sudoers <<EOF -/### BEGIN VYATTA/,/### END VYATTA/d -/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d -g/sudo-users/d -g/env_keep+=VYATTA/d -wq -EOF + sed -i /etc/sudoers \ + -e '/### BEGIN VYATTA/,/### END VYATTA/d' \ + -e '/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d' \ + -e '/sudo-users/d' \ + -e '/env_keep+=VYATTA/d' || true + # Add Vyatta entries cat <<"EOF" >>/etc/sudoers ### BEGIN VYATTA @@ -85,6 +85,8 @@ if [ ! -f /etc/bash_completion ]; then echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion fi +sed -i 's/^set /builtin set /' /etc/bash_completion + # Local Variables: # mode: shell-script # sh-indentation: 4 diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl new file mode 100644 index 00000000..1fb2282a --- /dev/null +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -0,0 +1,138 @@ +#!/usr/bin/perl +# +# Module: vyatta-dns-forwarding.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: August 2008 +# Description: Script to glue Vyatta CLI to dnsmasq daemon +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaMisc; +use Getopt::Long; + +use strict; +use warnings; + +my $dnsforwarding_init = '/etc/init.d/dnsmasq'; +my $dnsforwarding_conf = '/etc/dnsmasq.conf'; + +sub dnsforwarding_init { + +} + +sub dnsforwarding_restart { + system("$dnsforwarding_init restart >&/dev/null"); + print "Setting up DNS forwarding.\n"; +} + +sub dnsforwarding_stop { + system("$dnsforwarding_init stop >&/dev/null"); + print "Stopping DNS forwarding.\n"; +} + +sub dnsforwarding_get_constants { + my $output; + + my $date = `date`; + chomp $date; + $output = "#\n# autogenerated by vyatta-dns-forwarding.pl on $date\n#\n"; + return $output; +} + +sub dnsforwarding_get_values { + my $output = ''; + my $config = new VyattaConfig; + + $config->setLevel("service dns-forwarding"); + + my @ignore_interfaces = $config->returnValues("ignore-interface"); + if ($#ignore_interfaces >= 0) { + foreach my $interface (@ignore_interfaces) { + $output .= "except-interface=$interface\n"; + } + } + + my $cache_size = $config->returnValue("cache-size"); + if (defined $cache_size) { + $output .= "cache-size=$cache_size\n"; + } + + return $output; +} + +sub dnsforwarding_write_file { + my ($config) = @_; + + open(my $fh, '>', $dnsforwarding_conf) || die "Couldn't open $dnsforwarding_conf - $!"; + print $fh $config; + close $fh; +} + +sub check_nameserver { + + my $cmd = `grep nameserver /etc/resolv.conf|wc -l`; + return $cmd; +} + +# +# main +# +my $init_dnsforwarding; +my $update_dnsforwarding; +my $stop_dnsforwarding; +my $nameserver; + +GetOptions("init-dnsforwarding!" => \$init_dnsforwarding, + "update-dnsforwarding!" => \$update_dnsforwarding, + "stop-dnsforwarding!" => \$stop_dnsforwarding, + "nameserver!" => \$nameserver); + +if (defined $nameserver) { + my $nameserver_exists = check_nameserver(); + if ($nameserver_exists < 1){ + exit 1; + } else { + exit 0; + } +} + + +if (defined $init_dnsforwarding) { + dnsforwarding_init(); +} + +if (defined $update_dnsforwarding) { + my $config; + + $config = dnsforwarding_get_constants(); + $config .= dnsforwarding_get_values(); + dnsforwarding_write_file($config); + dnsforwarding_restart(); +} + +if (defined $stop_dnsforwarding) { + dnsforwarding_stop(); +} + +exit 0; + +# end of file + diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index b173f22d..336d534d 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -70,13 +70,13 @@ cp $CF ${CF}.before_pwrecovery echo "Reseting the root password..." # change system first -newpwd=$(mkpasswd -H md5 vyatta) +newpwd=`mkpasswd -H md5 vyatta` usermod --password "$newpwd" root # escape / in encrypted passwd pw=$(echo $newpwd | sed 's:/:\\/:g') sed -i \ - -e "/^.* user root {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$pw\"/" \ + -e "/^.* user root {/,/}/s/encrypted-password .*\$/encrypted-password \"$pw\"/" \ $CF echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \ diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index cb03a614..fae11945 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -24,3 +24,6 @@ net.ipv4.icmp_errors_use_inbound_ifaddr=1 # Turn off SACK since it causes problems with MD5 due to lack of options space net.ipv4.tcp_sack=0 + +# Enable packet forwarding for IPv6 +net.ipv6.conf.all.forwarding=1 diff --git a/templates/interfaces/bridge/node.tag/address/node.def b/templates/interfaces/bridge/node.tag/address/node.def index 52188386..3f04ec06 100644 --- a/templates/interfaces/bridge/node.tag/address/node.def +++ b/templates/interfaces/bridge/node.tag/address/node.def @@ -7,5 +7,6 @@ delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete allowed: echo "dhcp <>" comp_help:Possible completions: <x.x.x.x/x> Set the IP address and prefix length - dhcp\t\t\t\tSet the IP address and prefix length via DHCP + <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length + dhcp Set the IP address and prefix length via DHCP diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def index 07ea4a0e..3310ee00 100644 --- a/templates/interfaces/tunnel/node.tag/address/node.def +++ b/templates/interfaces/tunnel/node.tag/address/node.def @@ -9,4 +9,5 @@ update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" comp_help:Possible completions: - <x.x.x.x/x> Set the IP address and prefix length + <x.x.x.x/x> Set the IP address and prefix length + <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length diff --git a/templates/service/dns-forwarding/cache-size/node.def b/templates/service/dns-forwarding/cache-size/node.def new file mode 100644 index 00000000..3a73f308 --- /dev/null +++ b/templates/service/dns-forwarding/cache-size/node.def @@ -0,0 +1,4 @@ +type: u32 +default:150 +help: Set DNS forwarding cache size +syntax:expression: ($VAR(@) >=0 && $VAR(@) < 10001) ; "Cache size must be between 0 and 10000" diff --git a/templates/service/dns-forwarding/ignore-interface/node.def b/templates/service/dns-forwarding/ignore-interface/node.def new file mode 100644 index 00000000..5355eecf --- /dev/null +++ b/templates/service/dns-forwarding/ignore-interface/node.def @@ -0,0 +1,19 @@ +multi: +type: txt +help: Set interface to ignore DNS queries on +syntax:expression: exec " + intf_array=($(awk '$1 ~ /:$/ { print $1 }' /proc/net/dev)) + intf_array_len=${#intf_array[*]} + i=0 + while [ $i -lt $intf_array_len ]; do + if [ \"${intf_array[$i]}\" == \"$VAR(@):\" ] ; then + exit 0 + fi + let i++ + done + echo Invalid ethernet interface [$VAR(@)] + exit 1 " + +allowed: local -a array ; + array=($(awk '$1 ~ /:$/ { print $1 }' /proc/net/dev)); + echo -n ${array[@]%:} diff --git a/templates/service/dns-forwarding/node.def b/templates/service/dns-forwarding/node.def new file mode 100644 index 00000000..f84e4f02 --- /dev/null +++ b/templates/service/dns-forwarding/node.def @@ -0,0 +1,10 @@ +help: Configure Domain Name Server (DNS) forwarding +syntax:expression: exec "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --nameserver"; "No nameserver exists to forward DNS queries" +create:expression: "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --init-dnsforwarding" +delete:expression: "touch /tmp/dnsmasq.$PPID" +end:expression: "if [ -f \"/tmp/dnsmasq.$PPID\" ]; then \ + sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --stop-dnsforwarding \ + rm /tmp/dnsmasq.$PPID; \ + else \ + sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --update-dnsforwarding; \ + fi; " diff --git a/templates/system/static-host-mapping/host-name/node.def b/templates/system/static-host-mapping/host-name/node.def index 189025e3..187b21dd 100644 --- a/templates/system/static-host-mapping/host-name/node.def +++ b/templates/system/static-host-mapping/host-name/node.def @@ -3,9 +3,14 @@ type: txt help: Set to map DNS names to system interfaces syntax:expression: pattern $VAR(@) "^[-a-zA-Z0-9.]+$" ; "invalid host name $VAR(@)" commit:expression: $VAR(./inet) != ""; "IP address for the static mapping must be set" -end:expression: "sudo sh -c \"\ - touch /etc/hosts; \ - sed -i '/ $VAR(@) .*#vyatta entry/d' /etc/hosts; \ - if [ -z \"$VAR(./inet/@)\" ]; then exit 0; fi; \ - declare -a aliases=( $VAR(alias/@@) ); \ - echo \\\"$VAR(inet/@)\t $VAR(@) \\${aliases[*]} \t #vyatta entry\\\" \ >> /etc/hosts\" " +end: sudo sh -c " + touch /etc/hosts + sed -i '/ $VAR(@) .*#vyatta entry/d' /etc/hosts + if [ -z \"$VAR(./inet/@)\" ]; then + if [ -d /opt/vyatta/config/active/service/dns-forwarding ]; then /etc/init.d/dnsmasq restart >&/dev/null; fi + exit 0 + fi + declare -a aliases=( $VAR(alias/@@) ) + echo -e \"$VAR(inet/@)\\t $VAR(@) \${aliases[*]} \\t #vyatta entry\" >> /etc/hosts + if [ -d /opt/vyatta/config/active/service/dns-forwarding ]; then /etc/init.d/dnsmasq restart >&/dev/null; fi" + |