lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 16:14:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

dnsmasq: same as previous with bits for #1256

Browse Source
This commit is contained in:
Franco Fichtner 2016-11-13 17:01:54 +01:00
parent 20b3939520
commit 408ebbef48
10 changed files with 114 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/etc/inc/interfaces.inc
View File

@ -1141,8 +1141,8 @@ function interfaces_configure()
/* reload IPsec tunnels */
ipsec_configure();
/* restart dns servers (defering dhcp restart) */
services_dnsmasq_configure(false);
/* restart dns servers */
services_dnsmasq_configure();
services_unbound_configure();
/* reload dhcpd (interface enabled/disabled status may have changed) */
@ -2889,8 +2889,8 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven
/* reload ipsec tunnels */
ipsec_configure();
/* restart dns servers (defering dhcp restart) */
services_dnsmasq_configure(false);
/* restart dns servers */
services_dnsmasq_configure();
services_unbound_configure();
/* reload dhcpd (interface enabled/disabled status may have changed) */

207
src/etc/inc/services.inc
View File

@ -1783,7 +1783,7 @@ function dyndnsCheckIP($int)
return $ip_address;
}
function services_dnsmasq_configure($dhcp_reload = true)
function services_dnsmasq_configure($verbose = false)
{
global $config;
@ -1796,123 +1796,118 @@ function services_dnsmasq_configure($dhcp_reload = true)
killbypid('/var/run/dnsmasq.pid', 'TERM', true);
if (isset($config['dnsmasq']['enable'])) {
if (file_exists("/var/run/booting")) {
echo gettext("Starting DNS forwarder...");
}
if (!isset($config['dnsmasq']['enable'])) {
return;
}
$args = "";
if ($verbose) {
echo 'Starting DNS forwarder...';
flush();
}
if (isset($config['dnsmasq']['regdhcp'])) {
$args .= " --dhcp-hostsfile=/etc/hosts ";
}
$args = "";
/* Setup listen port, if non-default */
if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) {
$args .= " --port={$config['dnsmasq']['port']} ";
}
if (isset($config['dnsmasq']['regdhcp'])) {
$args .= " --dhcp-hostsfile=/etc/hosts ";
}
if (isset($config['dnsmasq']['interface'])) {
$addresses = array();
foreach (explode(",", $config['dnsmasq']['interface']) as $interface) {
if (is_ipaddrv4($interface)) {
$addresses[] = $interface;
} elseif (is_ipaddrv6($interface)) {
// Since dnsmasq does not support link-local address with scope specified. strip address.
$addresses[] = explode("%", $interface)[0];
} else {
$intf_ipv4 = get_interface_ip($interface);
$intf_ipv6 = get_interface_ipv6($interface);
if (!empty($intf_ipv4)) {
$addresses[] = $intf_ipv4;
}
if (!empty($intf_ipv6)) {
$addresses[] = explode("%", $intf_ipv6)[0];
}
/* Setup listen port, if non-default */
if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) {
$args .= " --port={$config['dnsmasq']['port']} ";
}
if (isset($config['dnsmasq']['interface'])) {
$addresses = array();
foreach (explode(",", $config['dnsmasq']['interface']) as $interface) {
if (is_ipaddrv4($interface)) {
$addresses[] = $interface;
} elseif (is_ipaddrv6($interface)) {
// Since dnsmasq does not support link-local address with scope specified. strip address.
$addresses[] = explode("%", $interface)[0];
} else {
$intf_ipv4 = get_interface_ip($interface);
$intf_ipv6 = get_interface_ipv6($interface);
if (!empty($intf_ipv4)) {
$addresses[] = $intf_ipv4;
}
}
foreach ($addresses as $address) {
$args .= " --listen-address={$address} ";
}
if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) {
$args .= " --bind-interfaces ";
}
}
/* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */
/* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */
/* the user-specified entry made later on the command line below will be the one that is effective. */
if (isset($config['dnsmasq']['no_private_reverse'])) {
/* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */
/* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */
/* Just the OPNsense WAN might get a CGN address from an ISP. */
$args .= " --server=/10.in-addr.arpa/ ";
$args .= " --server=/168.192.in-addr.arpa/ ";
/* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */
for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) {
$args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ ";
}
}
/* Setup forwarded domains */
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
foreach($config['dnsmasq']['domainoverrides'] as $override) {
if ($override['ip'] == "!") {
$override['ip'] = "";
}
$args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']);
}
}
/* Allow DNS Rebind for forwarded domains */
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
foreach($config['dnsmasq']['domainoverrides'] as $override) {
$args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ;
if (!empty($intf_ipv6)) {
$addresses[] = explode("%", $intf_ipv6)[0];
}
}
}
if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
$dns_rebind = "--rebind-localhost-ok --stop-dns-rebind";
foreach ($addresses as $address) {
$args .= " --listen-address={$address} ";
}
if (isset($config['dnsmasq']['strict_order'])) {
$args .= " --strict-order ";
}
if (isset($config['dnsmasq']['domain_needed'])) {
$args .= " --domain-needed ";
}
if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) {
foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) {
$args .= " " . escapeshellarg("--{$c}");
$p = explode('=', $c);
if (array_key_exists($p[0], $standard_args)) {
unset($standard_args[$p[0]]);
}
}
}
$args .= ' ' . implode(' ', array_values($standard_args));
/* run dnsmasq */
$cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}";
mwexec_bg($cmd);
services_dhcpleases_configure();
unset($args);
if (file_exists("/var/run/booting")) {
echo gettext("done.") . "\n";
if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) {
$args .= " --bind-interfaces ";
}
}
/*
* XXX this is overly convoluted, potentiall
* restarting all of dhcp up to three times ;)
*/
if ($dhcp_reload) {
services_dhcpd_configure();
/* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */
/* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */
/* the user-specified entry made later on the command line below will be the one that is effective. */
if (isset($config['dnsmasq']['no_private_reverse'])) {
/* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */
/* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */
/* Just the OPNsense WAN might get a CGN address from an ISP. */
$args .= " --server=/10.in-addr.arpa/ ";
$args .= " --server=/168.192.in-addr.arpa/ ";
/* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */
for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) {
$args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ ";
}
}
/* Setup forwarded domains */
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
foreach($config['dnsmasq']['domainoverrides'] as $override) {
if ($override['ip'] == "!") {
$override['ip'] = "";
}
$args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']);
}
}
/* Allow DNS Rebind for forwarded domains */
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
foreach($config['dnsmasq']['domainoverrides'] as $override) {
$args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ;
}
}
}
if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
$dns_rebind = "--rebind-localhost-ok --stop-dns-rebind";
}
if (isset($config['dnsmasq']['strict_order'])) {
$args .= " --strict-order ";
}
if (isset($config['dnsmasq']['domain_needed'])) {
$args .= " --domain-needed ";
}
if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) {
foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) {
$args .= " " . escapeshellarg("--{$c}");
$p = explode('=', $c);
if (array_key_exists($p[0], $standard_args)) {
unset($standard_args[$p[0]]);
}
}
}
$args .= ' ' . implode(' ', array_values($standard_args));
/* run dnsmasq */
$cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}";
mwexec_bg($cmd);
services_dhcpleases_configure();
unset($args);
if ($verbose) {
echo "done.\n";
}
}

2
src/etc/inc/xmlrpc/legacy.inc
View File

@ -137,7 +137,7 @@ function filter_configure_xmlrpc()
system_hosts_generate();
services_dhcpleases_configure();
local_sync_accounts();
services_dnsmasq_configure(false);
services_dnsmasq_configure();
services_unbound_configure();
services_dhcpd_configure();
relayd_configure_do();

2
src/etc/rc.bootup
View File

@ -188,7 +188,7 @@ system_routing_configure();
system_routing_enable();
/* start dnsmasq service */
services_dnsmasq_configure(false);
services_dnsmasq_configure(true);
/* start unbound service */
services_unbound_configure(true);

2
src/www/services_dhcp.php
View File

@ -112,7 +112,7 @@ function reconfigure_dhcpd()
system_hosts_generate();
services_dhcpleases_configure();
if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) {
services_dnsmasq_configure(false);
services_dnsmasq_configure();
clear_subsystem_dirty('hosts');
}
if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) {

2
src/www/services_dhcpv6.php
View File

@ -42,7 +42,7 @@ require_once("services.inc");
function reconfigure_dhcpd()
{
if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) {
services_dnsmasq_configure(false);
services_dnsmasq_configure();
clear_subsystem_dirty('hosts');
}

2
src/www/services_dnsmasq.php
View File

@ -109,6 +109,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
write_config();
services_dnsmasq_configure();
services_dhcpd_configure();
header(url_safe('Location: /services_dnsmasq.php'));
exit;
}
@ -120,6 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
system_hosts_generate();
services_dhcpleases_configure();
services_dnsmasq_configure();
services_dhcpd_configure();
clear_subsystem_dirty('hosts');
header(url_safe('Location: /services_dnsmasq.php'));
exit;

1
src/www/services_dnsmasq_domainoverride_edit.php
View File

@ -116,6 +116,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_domainOverrides[] = $doment;
}
services_dnsmasq_configure();
services_dhcpd_configure();
write_config();
header(url_safe('Location: /services_dnsmasq.php'));
exit;

2
src/www/system_advanced_admin.php
View File

@ -253,7 +253,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
system_login_configure();
system_hosts_generate();
services_dhcpleases_configure();
services_dnsmasq_configure(false);
services_dnsmasq_configure();
services_unbound_configure();
services_dhcpd_configure();

2
src/www/system_general.php
View File

@ -227,7 +227,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
system_hosts_generate();
services_dhcpleases_configure();
system_resolvconf_generate();
services_dnsmasq_configure(false);
services_dnsmasq_configure();
services_unbound_configure();
services_dhcpd_configure();
system_timezone_configure();