diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-05-23 14:09:01 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-05-23 14:20:21 +0200 |
commit | f05576a33b0944b8319b377c414c7c8dc659796a (patch) | |
tree | 7debb439e055a1d35fb534e4b18740b22dc7aea2 | |
parent | 336678a2b7a1b0bfafc77e88e21342b6b523cab9 (diff) | |
download | alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.tar.bz2 alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.tar.xz alpine_aports-f05576a33b0944b8319b377c414c7c8dc659796a.zip |
main/dnsmasq: add feature to create bridge interfaces
Make it possible to create bridge interfaces for use with lxc and xen
-rw-r--r-- | main/dnsmasq/APKBUILD | 4 | ||||
-rw-r--r-- | main/dnsmasq/dnsmasq.initd | 85 |
2 files changed, 79 insertions, 10 deletions
diff --git a/main/dnsmasq/APKBUILD b/main/dnsmasq/APKBUILD index 5fc4793454..046a197f39 100644 --- a/main/dnsmasq/APKBUILD +++ b/main/dnsmasq/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=dnsmasq | 2 | pkgname=dnsmasq |
3 | pkgver=2.76 | 3 | pkgver=2.76 |
4 | pkgrel=3 | 4 | pkgrel=4 |
5 | pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server" | 5 | pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server" |
6 | url="http://www.thekelleys.org.uk/dnsmasq/" | 6 | url="http://www.thekelleys.org.uk/dnsmasq/" |
7 | arch="all" | 7 | arch="all" |
@@ -63,6 +63,6 @@ dnssec() { | |||
63 | } | 63 | } |
64 | 64 | ||
65 | sha512sums="c22627a8d864671096d3b3428ec4f879b513e1f1e7f79be3ab89444c56234e748fbfa6b6b4f9e521984fea95d363f4aa2ca6243f0dfc12ffb74bed0648ae21c5 dnsmasq-2.76.tar.gz | 65 | sha512sums="c22627a8d864671096d3b3428ec4f879b513e1f1e7f79be3ab89444c56234e748fbfa6b6b4f9e521984fea95d363f4aa2ca6243f0dfc12ffb74bed0648ae21c5 dnsmasq-2.76.tar.gz |
66 | 1ab7a44ac19bdaf15ca995e236409f9010b3092155add87cc6a919452423919e710525de7da8f01315729ce56db6ba2584567ba67c787d4c3d64a366572331c4 dnsmasq.initd | 66 | b07055d71e535f753aff432124812fbef86cc2f490ff2a4704959c34b0f69caa74791a4ad08b2b8638c9126233591d3a86c188965eb1308e7e7c12dc0039d1ad dnsmasq.initd |
67 | 9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd | 67 | 9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd |
68 | d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch" | 68 | d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch" |
diff --git a/main/dnsmasq/dnsmasq.initd b/main/dnsmasq/dnsmasq.initd index c92853416d..f5114fb806 100644 --- a/main/dnsmasq/dnsmasq.initd +++ b/main/dnsmasq/dnsmasq.initd | |||
@@ -8,11 +8,25 @@ description_checkconfig="Check configuration syntax" | |||
8 | extra_started_commands="reload" | 8 | extra_started_commands="reload" |
9 | description_reload="Clear cache and reload hosts files" | 9 | description_reload="Clear cache and reload hosts files" |
10 | 10 | ||
11 | : ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf} | ||
12 | |||
11 | command="/usr/sbin/dnsmasq" | 13 | command="/usr/sbin/dnsmasq" |
12 | # Tell dnsmasq to not create pidfile, that's responsibility of init system. | 14 | # Tell dnsmasq to not create pidfile, that's responsibility of init system. |
13 | command_args="-k --pid-file= $DNSMASQ_OPTS" | 15 | command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE" |
14 | command_background="yes" | 16 | command_background="yes" |
15 | pidfile="/run/dnsmasq.pid" | 17 | pidfile="/run/${RC_SVCNAME}.pid" |
18 | leasefile=/var/lib/misc/$RC_SVCNAME.leases | ||
19 | |||
20 | if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then | ||
21 | BRIDGE="${RC_SVCNAME#*.}" | ||
22 | : ${BRIDGE_ADDR:="10.0.3.1"} | ||
23 | : ${BRIDGE_NETMASK:="255.255.255.0"} | ||
24 | : ${BRIDGE_NETWORK:="10.0.3.0/24"} | ||
25 | : ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"} | ||
26 | : ${BRIDGE_DHCP_MAX:="253"} | ||
27 | : ${BRIDGE_MAC:="00:16:3e:00:00:00" } | ||
28 | fi | ||
29 | . | ||
16 | 30 | ||
17 | depend() { | 31 | depend() { |
18 | provide dns | 32 | provide dns |
@@ -21,22 +35,77 @@ depend() { | |||
21 | use logger | 35 | use logger |
22 | } | 36 | } |
23 | 37 | ||
38 | setup_firewall() { | ||
39 | local ins=$1 add=$2 | ||
40 | iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT | ||
41 | iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT | ||
42 | iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT | ||
43 | iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT | ||
44 | iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT | ||
45 | iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT | ||
46 | iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE | ||
47 | iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill | ||
48 | } | ||
49 | |||
50 | setup_bridge() { | ||
51 | if ! [ -d /sys/class/net/$BRIDGE ]; then | ||
52 | ip link add dev $BRIDGE type bridge | ||
53 | fi | ||
54 | ip addr add ${BRIDGE_ADDR}/${BRIDGE_NETMASK} dev $BRIDGE \ | ||
55 | && ip link set dev $BRIDGE address ${BRIDGE_MAC} \ | ||
56 | && ip link set dev $BRIDGE up | ||
57 | |||
58 | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
59 | echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad || true | ||
60 | |||
61 | if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then | ||
62 | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
63 | echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf | ||
64 | ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK} | ||
65 | if [ "$BRIDGE_IPV6_NAT" = "true" ]; then | ||
66 | ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE | ||
67 | fi | ||
68 | command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}" | ||
69 | fi | ||
70 | |||
71 | } | ||
72 | |||
24 | start_pre() { | 73 | start_pre() { |
25 | $command --test 2>/dev/null || $command --test || return 1 | 74 | $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ |
26 | checkpath -m 0644 -o dnsmasq:dnsmasq -f /var/lib/misc/dnsmasq.leases | 75 | || $command --test || return 1 |
76 | checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile || return 1 | ||
77 | |||
78 | if [ -n "$DNSMASQ_CONFFILE" ]; then | ||
79 | command_args="$command_args --conf-file=$DNSMASQ_CONFFILE" | ||
80 | fi | ||
81 | if [ -z "$BRIDGE" ]; then | ||
82 | return 0 | ||
83 | fi | ||
84 | |||
85 | setup_bridge | ||
86 | setup_firewall -I -A | ||
87 | command_args="$command_args --strict-order --bind-interfaces --listen-address ${BRIDGE_ADDR} --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative" | ||
88 | } | ||
89 | |||
90 | stop_post() { | ||
91 | if [ -n "$BRIDGE" ]; then | ||
92 | ip link set dev $BRIDGE down | ||
93 | setup_firewall -D -D | ||
94 | # dont destroy if there are attached interfaces | ||
95 | ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${BRIDGE} | ||
96 | fi | ||
27 | } | 97 | } |
28 | 98 | ||
29 | reload() { | 99 | reload() { |
30 | ebegin "Reloading $RC_SVCNAME" | 100 | ebegin "Reloading $RC_SVCNAME" |
31 | 101 | $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ | |
32 | start_pre || return 1 | 102 | || $command --test || return 1 |
33 | start-stop-daemon --signal HUP --pidfile "$pidfile" | 103 | start-stop-daemon --signal HUP --pidfile "$pidfile" |
34 | eend $? | 104 | eend $? |
35 | } | 105 | } |
36 | 106 | ||
37 | checkconfig() { | 107 | checkconfig() { |
38 | ebegin "Checking $RC_SVCNAME configuration" | 108 | ebegin "Checking $RC_SVCNAME configuration" |
39 | 109 | $command --test --conf-file=$DNSMAQ_CONFFILE | |
40 | $command --test | ||
41 | eend $? | 110 | eend $? |
42 | } | 111 | } |