main/dnsmasq: add feature to create bridge interfaces

Make it possible to create bridge interfaces for use with lxc and xen
author: Natanael Copa <ncopa@alpinelinux.org> 2017-05-23 14:09:01 +0200
committer: Natanael Copa <ncopa@alpinelinux.org> 2017-05-23 14:20:21 +0200
commit: f05576a33b0944b8319b377c414c7c8dc659796a (patch)
tree: 7debb439e055a1d35fb534e4b18740b22dc7aea2
parent: 336678a2b7a1b0bfafc77e88e21342b6b523cab9 (diff)
download: alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.tar.bz2
alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.tar.xz
alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.zip
2 files changed, 79 insertions, 10 deletions
diff --git a/main/dnsmasq/APKBUILD b/main/dnsmasq/APKBUILD
index 5fc4793454..046a197f39 100644
--- a/main/dnsmasq/APKBUILD
+++ b/main/dnsmasq/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=dnsmasq
 pkgver=2.76
-pkgrel=3
+pkgrel=4
 pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"
 url="http://www.thekelleys.org.uk/dnsmasq/"
 arch="all"
@@ -63,6 +63,6 @@ dnssec() {
 }
 sha512sums="c22627a8d864671096d3b3428ec4f879b513e1f1e7f79be3ab89444c56234e748fbfa6b6b4f9e521984fea95d363f4aa2ca6243f0dfc12ffb74bed0648ae21c5  dnsmasq-2.76.tar.gz
-1ab7a44ac19bdaf15ca995e236409f9010b3092155add87cc6a919452423919e710525de7da8f01315729ce56db6ba2584567ba67c787d4c3d64a366572331c4  dnsmasq.initd
+b07055d71e535f753aff432124812fbef86cc2f490ff2a4704959c34b0f69caa74791a4ad08b2b8638c9126233591d3a86c188965eb1308e7e7c12dc0039d1ad  dnsmasq.initd
 9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8  dnsmasq.confd
 d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8  uncomment-conf-dir.patch"
diff --git a/main/dnsmasq/dnsmasq.initd b/main/dnsmasq/dnsmasq.initd
index c92853416d..f5114fb806 100644
--- a/main/dnsmasq/dnsmasq.initd
+++ b/main/dnsmasq/dnsmasq.initd
@@ -8,11 +8,25 @@ description_checkconfig="Check configuration syntax"
 extra_started_commands="reload"
 description_reload="Clear cache and reload hosts files"
+: ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf}
 command="/usr/sbin/dnsmasq"
 # Tell dnsmasq to not create pidfile, that's responsibility of init system.
-command_args="-k --pid-file= $DNSMASQ_OPTS"
+command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE"
 command_background="yes"
-pidfile="/run/dnsmasq.pid"
+pidfile="/run/${RC_SVCNAME}.pid"
+leasefile=/var/lib/misc/$RC_SVCNAME.leases
+if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then
+        BRIDGE="${RC_SVCNAME#*.}"
+        : ${BRIDGE_ADDR:="10.0.3.1"}
+        : ${BRIDGE_NETMASK:="255.255.255.0"}
+        : ${BRIDGE_NETWORK:="10.0.3.0/24"}
+        : ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"}
+        : ${BRIDGE_DHCP_MAX:="253"}
+        : ${BRIDGE_MAC:="00:16:3e:00:00:00" }
+fi
+.
 depend() {
        provide dns
@@ -21,22 +35,77 @@ depend() {
        use logger
 }
+setup_firewall() {
+        local ins=$1 add=$2
+        iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT
+        iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT
+        iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT
+        iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT
+        iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT
+        iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT
+        iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE
+        iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+}
+setup_bridge() {
+        if ! [ -d /sys/class/net/$BRIDGE ]; then
+                ip link add dev $BRIDGE type bridge
+        fi
+        ip addr add ${BRIDGE_ADDR}/${BRIDGE_NETMASK} dev $BRIDGE \
+                && ip link set dev $BRIDGE address ${BRIDGE_MAC} \
+                && ip link set dev $BRIDGE up
+         echo 1 > /proc/sys/net/ipv4/ip_forward
+         echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad || true
+        if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then
+                echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+                echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf
+                ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK}
+                if [ "$BRIDGE_IPV6_NAT" = "true" ]; then
+                        ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE
+                fi
+                command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}"
+        fi
+}
 start_pre() {
-        $command --test 2>/dev/null || $command --test || return 1
+        $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \
-        checkpath -m 0644 -o dnsmasq:dnsmasq -f /var/lib/misc/dnsmasq.leases
+                || $command --test || return 1
+        checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile || return 1
+        if [ -n "$DNSMASQ_CONFFILE" ]; then
+                command_args="$command_args --conf-file=$DNSMASQ_CONFFILE"
+        fi
+        if [ -z "$BRIDGE" ]; then
+                return 0
+        fi
+        setup_bridge
+        setup_firewall -I -A
+        command_args="$command_args --strict-order --bind-interfaces --listen-address ${BRIDGE_ADDR} --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative"
+}
+stop_post() {
+        if [ -n "$BRIDGE" ]; then
+                ip link set dev $BRIDGE down
+                setup_firewall -D -D
+                # dont destroy if there are attached interfaces
+                ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${BRIDGE}
+        fi
 }
 reload() {
        ebegin "Reloading $RC_SVCNAME"
+        $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \
-        start_pre || return 1
+                || $command --test || return 1
        start-stop-daemon --signal HUP --pidfile "$pidfile"
        eend $?
 }
 checkconfig() {
        ebegin "Checking $RC_SVCNAME configuration"
+        $command --test --conf-file=$DNSMAQ_CONFFILE
-        $command --test
        eend $?
 }
author	Natanael Copa <ncopa@alpinelinux.org>	2017-05-23 14:09:01 +0200
committer	Natanael Copa <ncopa@alpinelinux.org>	2017-05-23 14:20:21 +0200
commit	f05576a33b0944b8319b377c414c7c8dc659796a (patch)
tree	7debb439e055a1d35fb534e4b18740b22dc7aea2
parent	336678a2b7a1b0bfafc77e88e21342b6b523cab9 (diff)
download	alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.tar.bz2 alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.tar.xz alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.zip

diff --git a/main/dnsmasq/APKBUILD b/main/dnsmasq/APKBUILD index 5fc4793454..046a197f39 100644 --- a/main/dnsmasq/APKBUILD +++ b/main/dnsmasq/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=dnsmasq	2	pkgname=dnsmasq
3	pkgver=2.76	3	pkgver=2.76
4	pkgrel=3	4	pkgrel=4
5	pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"	5	pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"
6	url="http://www.thekelleys.org.uk/dnsmasq/"	6	url="http://www.thekelleys.org.uk/dnsmasq/"
7	arch="all"	7	arch="all"
@@ -63,6 +63,6 @@ dnssec() {
63	}	63	}
64		64
65	sha512sums="c22627a8d864671096d3b3428ec4f879b513e1f1e7f79be3ab89444c56234e748fbfa6b6b4f9e521984fea95d363f4aa2ca6243f0dfc12ffb74bed0648ae21c5 dnsmasq-2.76.tar.gz	65	sha512sums="c22627a8d864671096d3b3428ec4f879b513e1f1e7f79be3ab89444c56234e748fbfa6b6b4f9e521984fea95d363f4aa2ca6243f0dfc12ffb74bed0648ae21c5 dnsmasq-2.76.tar.gz
66	1ab7a44ac19bdaf15ca995e236409f9010b3092155add87cc6a919452423919e710525de7da8f01315729ce56db6ba2584567ba67c787d4c3d64a366572331c4 dnsmasq.initd	66	b07055d71e535f753aff432124812fbef86cc2f490ff2a4704959c34b0f69caa74791a4ad08b2b8638c9126233591d3a86c188965eb1308e7e7c12dc0039d1ad dnsmasq.initd
67	9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd	67	9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd
68	d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch"	68	d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch"


diff --git a/main/dnsmasq/dnsmasq.initd b/main/dnsmasq/dnsmasq.initd index c92853416d..f5114fb806 100644 --- a/main/dnsmasq/dnsmasq.initd +++ b/main/dnsmasq/dnsmasq.initd
@@ -8,11 +8,25 @@ description_checkconfig="Check configuration syntax"
8	extra_started_commands="reload"	8	extra_started_commands="reload"
9	description_reload="Clear cache and reload hosts files"	9	description_reload="Clear cache and reload hosts files"
10		10
		11	: ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf}
		12
11	command="/usr/sbin/dnsmasq"	13	command="/usr/sbin/dnsmasq"
12	# Tell dnsmasq to not create pidfile, that's responsibility of init system.	14	# Tell dnsmasq to not create pidfile, that's responsibility of init system.
13	command_args="-k --pid-file= $DNSMASQ_OPTS"	15	command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE"
14	command_background="yes"	16	command_background="yes"
15	pidfile="/run/dnsmasq.pid"	17	pidfile="/run/${RC_SVCNAME}.pid"
		18	leasefile=/var/lib/misc/$RC_SVCNAME.leases
		19
		20	if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then
		21	BRIDGE="${RC_SVCNAME#*.}"
		22	: ${BRIDGE_ADDR:="10.0.3.1"}
		23	: ${BRIDGE_NETMASK:="255.255.255.0"}
		24	: ${BRIDGE_NETWORK:="10.0.3.0/24"}
		25	: ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"}
		26	: ${BRIDGE_DHCP_MAX:="253"}
		27	: ${BRIDGE_MAC:="00:16:3e:00:00:00" }
		28	fi
		29	.
16		30
17	depend() {	31	depend() {
18	provide dns	32	provide dns
@@ -21,22 +35,77 @@ depend() {
21	use logger	35	use logger
22	}	36	}
23		37
		38	setup_firewall() {
		39	local ins=$1 add=$2
		40	iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT
		41	iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT
		42	iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT
		43	iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT
		44	iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT
		45	iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT
		46	iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE
		47	iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
		48	}
		49
		50	setup_bridge() {
		51	if ! [ -d /sys/class/net/$BRIDGE ]; then
		52	ip link add dev $BRIDGE type bridge
		53	fi
		54	ip addr add ${BRIDGE_ADDR}/${BRIDGE_NETMASK} dev $BRIDGE \
		55	&& ip link set dev $BRIDGE address ${BRIDGE_MAC} \
		56	&& ip link set dev $BRIDGE up
		57
		58	echo 1 > /proc/sys/net/ipv4/ip_forward
		59	echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad \|\| true
		60
		61	if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then
		62	echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
		63	echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf
		64	ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK}
		65	if [ "$BRIDGE_IPV6_NAT" = "true" ]; then
		66	ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE
		67	fi
		68	command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}"
		69	fi
		70
		71	}
		72
24	start_pre() {	73	start_pre() {
25	$command --test 2>/dev/null \|\| $command --test \|\| return 1	74	$command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \
26	checkpath -m 0644 -o dnsmasq:dnsmasq -f /var/lib/misc/dnsmasq.leases	75	\|\| $command --test \|\| return 1
		76	checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile \|\| return 1
		77
		78	if [ -n "$DNSMASQ_CONFFILE" ]; then
		79	command_args="$command_args --conf-file=$DNSMASQ_CONFFILE"
		80	fi
		81	if [ -z "$BRIDGE" ]; then
		82	return 0
		83	fi
		84
		85	setup_bridge
		86	setup_firewall -I -A
		87	command_args="$command_args --strict-order --bind-interfaces --listen-address ${BRIDGE_ADDR} --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative"
		88	}
		89
		90	stop_post() {
		91	if [ -n "$BRIDGE" ]; then
		92	ip link set dev $BRIDGE down
		93	setup_firewall -D -D
		94	# dont destroy if there are attached interfaces
		95	ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 \|\| ip link delete ${BRIDGE}
		96	fi
27	}	97	}
28		98
29	reload() {	99	reload() {
30	ebegin "Reloading $RC_SVCNAME"	100	ebegin "Reloading $RC_SVCNAME"
31		101	$command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \
32	start_pre \|\| return 1	102	\|\| $command --test \|\| return 1
33	start-stop-daemon --signal HUP --pidfile "$pidfile"	103	start-stop-daemon --signal HUP --pidfile "$pidfile"
34	eend $?	104	eend $?
35	}	105	}
36		106
37	checkconfig() {	107	checkconfig() {
38	ebegin "Checking $RC_SVCNAME configuration"	108	ebegin "Checking $RC_SVCNAME configuration"
39		109	$command --test --conf-file=$DNSMAQ_CONFFILE
40	$command --test
41	eend $?	110	eend $?
42	}	111	}