o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 'NONE-CKUBU'.

Browse Source
This commit is contained in:
Christoph 2019-05-28 11:10:19 +02:00
parent bcf64aea51
commit 9249e79889
1110 changed files with 39330 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NONE-CKUBU/bin/admin-stuff

@ -1 +1 @@
Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718 Subproject commit 501aa95c7586d7db2ca0ab2f63d308647cf18c60

2
NONE-CKUBU/bin/manage-gw-config

@ -1 +1 @@
Subproject commit 7127fbca446673edb32b63936bb29804f2cc12d0 Subproject commit 06b975094a3a3192070a996e5f03be38b23fa14d

2
NONE-CKUBU/bin/monitoring

@ -1 +1 @@
Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653 Subproject commit 5badd41cb2f79ab47362f5f9a53a80b6e954c0f3

2
NONE-CKUBU/cron_root.NONE-CKUBU
View File

@ -26,7 +26,7 @@
PATH=/root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PATH=/root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@reboot swapon -p 1 /dev/sda2 > /dev/null @reboot swapon -p 1 /dev/sda5 > /dev/null
@reboot systemctl stop isc-dhcp-server @reboot systemctl stop isc-dhcp-server
@reboot systemctl stop ipt-firewall @reboot systemctl stop ipt-firewall

2
NONE-CKUBU/hostname.NONE-CKUBU
View File

@ -1 +1 @@
gw-replacement gw-replacement2

2
NONE-CKUBU/hosts.NONE-CKUBU
View File

@ -1,5 +1,5 @@
127.0.0.1 localhost 127.0.0.1 localhost
127.0.1.1 gw-replacement.local.netz gw-replacement 127.0.1.1 gw-replacement2.local.netz gw-replacement2
# The following lines are desirable for IPv6 capable hosts # The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback ::1 ip6-localhost ip6-loopback

2
NONE-CKUBU/interfaces.NONE-CKUBU
View File

@ -7,7 +7,7 @@ iface lo inet loopback
auto eth1 auto eth1
iface eth1 inet static iface eth1 inet static
address 192.168.63.253 address 192.168.63.252
network 192.168.63.0 network 192.168.63.0
netmask 255.255.255.0 netmask 255.255.255.0
broadcast 192.168.63.255 broadcast 192.168.63.255

45
NONE-CKUBU/ipt-firewall/interfaces_ipv6.conf Normal file
View File

@ -0,0 +1,45 @@
#!/usr/bin/env bash
# =============
# --- Define Network Interfaces / Ip-Adresses / Ports
# =============
# - Extern Interfaces DSL Lines
# - (blank separated list)
ext_if_dsl_1=""
ext_if_dsl_2=""
ext_if_dsl_3=""
ext_if_dsl_4=""
ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
# - Extern Interfaces Static Lines
# - (blank separated list)
# -
# - Example:
# - ext_if_static_1="sixxs"
# -
ext_if_static_1=""
ext_if_static_2=""
ext_if_static_3=""
ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
# - VPN Interfaces
# - (blank separated list)
vpn_ifs="tun+"
# - Local Interfaces
local_if_1=""
local_if_2=""
local_if_3=""
local_if_4=""
local_if_5=""
local_if_6=""
local_if_7=""
local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
# - Are local alias interfaces like eth0:0 defined"
# -
local_alias_interfaces=true

2
NONE-CKUBU/ipt-firewall/load_modules_ipv4.conf
View File

@ -21,7 +21,7 @@ iptable_raw
# - Load base modules for tracking # - Load base modules for tracking
# - # -
nf_conntrack nf_conntrack nf_conntrack_helper=0
nf_nat nf_nat
# - Load module for FTP Connection tracking and NAT # - Load module for FTP Connection tracking and NAT

100
NONE-CKUBU/ipt-firewall/main_ipv4.conf
View File

@ -256,6 +256,84 @@ allow_local_if_to_local_ip=""
# =============
# - Allow local ip address from given local interface
# =============
# - allow_local_if_to_local_ip
# -
# - All traffic from the given network interface to the given ip address is allowed
# -
# - Example:
# - allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
# - ${local_if_2}:192.168.10.13"
# -
# - Blank separated list
# -
allow_local_if_to_local_ip=""
# =============
# - Allow extern service from given local interface
# =============
# - allow_local_if_to_ext_service
# -
# - allow_local_if_to_ext_service="<local-interface>:<extern-ip>:<ext-port>:<protocol> [.."
# -
# - All traffic from the given (local) network interface to the given (extern) service is allowed
# -
# - Example:
# - allow_local_if_to_ext_service="${local_if_1}:83.223.86.98:3306:tcp
# - ${local_if_2}:83.223.86.98:3306:tcp"
# -
# - Blank separated list
# -
allow_local_if_to_ext_service=""
# =============
# - Allow extern network from given local interface
# =============
# - allow_local_if_to_ext_net
# -
# - allow_local_if_to_ext_net="<local-interface>:ext-network> [<local-interface>:ext-network> [.."
# -
# - All traffic from the given (local) network interface to the given (extern) network is allowed
# -
# - Example:
# - allow_local_if_to_ext_net="${local_if_1}:83.223.86.98/32
# - ${local_if_2}:83.223.86.98/32"
# -
# - Blank separated list
# -
allow_local_if_to_ext_net=""
# =============
# - Allow extern service from given local network
# =============
# - allow_local_net_to_ext_service
# -
# - allow_local_net_to_ext_service="<local-net:ext-ip:port:protocol> [<local-net:ext-ip:port:protocol> [.."
# -
# - All traffic from the given (local) network to the given (extern) service is allowed
# -
# - Example:
# - allow_local_net_to_ext_service="192.168.63.0/24:83.223.86.98:3306:tcp
# - 192.168.64.0/24:83.223.86.98:3306:tcp"
# -
# - Blank separated list
# -
allow_local_net_to_ext_service=""
# ============= # =============
# --- Separate local Networks # --- Separate local Networks
# ============= # =============
@ -976,6 +1054,28 @@ tv_extern_if="eth2.8"
tv_local_if="$local_if_1" tv_local_if="$local_if_1"
# =====
# --- Allow special TCP Ports (OUT)
# =====
# - TCP Ports
# -
# - Blank separated list of tcp ports
# -
tcp_out_ports=""
# =====
# --- Allow special UDP Ports (OUT)
# =====
# - UDP Ports
# -
# - Blank separated list udp ports
# -
udp_out_ports=""
# ====== # ======
# - Other local Services # - Other local Services

50
NONE-CKUBU/ipt-firewall/post_decalrations.conf
View File

@ -149,6 +149,38 @@ for _val in $allow_local_if_to_local_ip ; do
allow_local_if_to_local_ip_arr+=("$_val") allow_local_if_to_local_ip_arr+=("$_val")
done done
# ---
# - Allow extern service from given local interface
# ---
declare -a allow_local_if_to_ext_service_arr
for _val in $allow_local_if_to_ext_service ; do
allow_local_if_to_ext_service_arr+=("$_val")
done
# ---
# - Allow extern network from given local interface
# ---
declare -a allow_local_if_to_ext_net_arr
for _val in $allow_local_if_to_ext_net ; do
allow_local_if_to_ext_net_arr+=("$_val")
done
# ---
# - Allow extern service from given local network
# ---
declare -a allow_local_net_to_ext_service_arr
for _val in $allow_local_net_to_ext_service ; do
allow_local_net_to_ext_service_arr+=("$_val")
done
# ---
# - Allow extern network from given local network
# ---
declare -a allow_local_net_to_ext_net_arr
for _val in $allow_local_net_to_ext_net ; do
allow_local_net_to_ext_net_arr+=("$_val")
done
# --- # ---
# - Separate local Networks # - Separate local Networks
# --- # ---
@ -378,6 +410,24 @@ for _ip in $rsync_out_ips ; do
rsync_out_ip_arr+=("$_ip") rsync_out_ip_arr+=("$_ip")
done done
# ---
# - Special TCP Ports OUT
# ---
# local
declare -a tcp_out_port_arr
for _port in $tcp_out_ports ; do
tcp_out_port_arr+=("$_port")
done
# ---
# - Special UDP Ports OUT
# ---
# local
declare -a udp_out_port_arr
for _port in $udp_out_ports ; do
udp_out_port_arr+=("$_port")
done
# --- # ---
# - Other local Services # - Other local Services
# --- # ---

2
NONE-CKUBU/mailname.NONE-CKUBU
View File

@ -1 +1 @@
gw-replacement.local.netz gw-replacement2.local.netz

6
NONE-CKUBU/main.cf.NONE-CKUBU
View File

@ -32,13 +32,13 @@ alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases alias_database = hash:/etc/aliases
myorigin = /etc/mailname myorigin = /etc/mailname
mydestination = gw-replacement.local.netz, mydestination = gw-replacement2.local.netz,
localhost localhost
mynetworks = 127.0.0.0/8, mynetworks = 127.0.0.0/8,
#[::ffff:127.0.0.0]/104 #[::ffff:127.0.0.0]/104
#[::1]/128 #[::1]/128
192.168.63.253/32 192.168.63.252/32
mailbox_command = procmail -a "$EXTENSION" mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0 mailbox_size_limit = 0
recipient_delimiter = + recipient_delimiter = +
@ -48,7 +48,7 @@ inet_protocols = ipv4
inet_interfaces = 127.0.0.1, inet_interfaces = 127.0.0.1,
#[::ffff:127.0.0.0]/104, #[::ffff:127.0.0.0]/104,
#[::1]/128, #[::1]/128,
192.168.63.253 192.168.63.252
# Enable SASL authentication # Enable SASL authentication

84
NONE-CKUBU/peers/dsl-provider.DSL Normal file
View File

@ -0,0 +1,84 @@
# Configuration file for PPP, using PPP over Ethernet
# to connect to a DSL provider.
#
# See the manual page pppd(8) for information on all the options.
##
# Section 1
#
# Stuff to configure...
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
# by the DSL user name given to your by your DSL provider.
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
#user myusername@myprovider.net
# Use the pppoe program to send the ppp packets over the Ethernet link
# This line should work fine if this computer is the only one accessing
# the Internet through this DSL connection. This is the right line to use
# for most people.
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
# An even more conservative version of the previous line, if things
# don't work using -m 1452...
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1412"
# If the computer connected to the Internet using pppoe is not being used
# by other computers as a gateway to the Internet, you can try the following
# line instead, for a small gain in speed:
#pty "/usr/sbin/pppoe -I eth0 -T 80"
# The following two options should work fine for most DSL users.
# Assumes that your IP address is allocated dynamically
# by your DSL provider...
noipdefault
# Try to get the name server addresses from the ISP.
#usepeerdns
# Use this connection as the default route.
# Comment out if you already have the correct default route installed.
defaultroute
##
# Section 2
#
# Uncomment if your DSL provider charges by minute connected
# and you want to use demand-dialing.
#
# Disconnect after 300 seconds (5 minutes) of idle time.
#demand
#idle 300
##
# Section 3
#
# You shouldn't need to change these options...
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
# Override any connect script that may have been set in /etc/ppp/options.
connect /bin/true
noauth
persist
## mtu 1492
## - notwendig bei vergabe einer festen ip
## - von t-online:
## - mtu 1456
## -
#mtu 1492
mtu 1456
# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
# requested and MUST be rejected if requested by the peer:
# Address-and-Control-Field-Compression (ACFC)
noaccomp
# Asynchronous-Control-Character-Map (ACCM)
default-asyncmap
plugin rp-pppoe.so eth1
#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
user "0021920376975502683262730001@t-online.de"

84
NONE-CKUBU/peers/dsl-provider.VDSL Normal file
View File

@ -0,0 +1,84 @@
# Configuration file for PPP, using PPP over Ethernet
# to connect to a DSL provider.
#
# See the manual page pppd(8) for information on all the options.
##
# Section 1
#
# Stuff to configure...
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
# by the DSL user name given to your by your DSL provider.
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
#user myusername@myprovider.net
# Use the pppoe program to send the ppp packets over the Ethernet link
# This line should work fine if this computer is the only one accessing
# the Internet through this DSL connection. This is the right line to use
# for most people.
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
# An even more conservative version of the previous line, if things
# don't work using -m 1452...
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1412"
# If the computer connected to the Internet using pppoe is not being used
# by other computers as a gateway to the Internet, you can try the following
# line instead, for a small gain in speed:
#pty "/usr/sbin/pppoe -I eth0 -T 80"
# The following two options should work fine for most DSL users.
# Assumes that your IP address is allocated dynamically
# by your DSL provider...
noipdefault
# Try to get the name server addresses from the ISP.
#usepeerdns
# Use this connection as the default route.
# Comment out if you already have the correct default route installed.
defaultroute
##
# Section 2
#
# Uncomment if your DSL provider charges by minute connected
# and you want to use demand-dialing.
#
# Disconnect after 300 seconds (5 minutes) of idle time.
#demand
#idle 300
##
# Section 3
#
# You shouldn't need to change these options...
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
# Override any connect script that may have been set in /etc/ppp/options.
connect /bin/true
noauth
persist
## mtu 1492
## - notwendig bei vergabe einer festen ip
## - von t-online:
## - mtu 1456
## -
#mtu 1492
mtu 1456
# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
# requested and MUST be rejected if requested by the peer:
# Address-and-Control-Field-Compression (ACFC)
noaccomp
# Asynchronous-Control-Character-Map (ACCM)
default-asyncmap
plugin rp-pppoe.so eth1.7
#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
user "0021920376975502683262730001@t-online.de"

623
NONE-CKUBU/sbin/check_net.sh Executable file
View File

@ -0,0 +1,623 @@
#!/usr/bin/env bash
## -------------------------------------------------------------------
## --- All Configurations ill be done in /etc/check_net/check_net.conf
## -------------------------------------------------------------------
## - Load Configuration
## -
source /etc/check_net/check_net.conf
## ------------------
## --- Some functions
## ------------------
## - Check if a given array (parameter 2) contains a given string (parameter 1)
## -
fatal(){
echo ""
echo -e "[ \033[31m\033[1mError\033[m ]: $*"
echo ""
echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
echo ""
echo "" >> $log_file
echo "[ Error ]: $*" >> $log_file
echo "" >> $log_file
echo " Script is canceled." >> $log_file
echo "" >> $log_file
exit 1
}
containsElement () {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}
set_ping_addresses () {
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Try to set IP-Address(es) for ping test. This may take some time.." >> $log_file
fi
ping_test_ip=""
unset ping_ip_arr
declare -i i=0
for _host in $PING_TEST_HOSTS ; do
while [ $i -lt 2 ]; do
if dig +short $_host > /dev/null 2>&1 ; then
ping_test_ip=`dig +short $_host | head -1`
if ping -q -c2 $ping_test_ip >/dev/null 2>&1 ; then
ping_ip_arr+=("$ping_test_ip")
let i++
break
fi
fi
break
done
done
if [ ${#ping_ip_arr[@]} -lt 1 ]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Setting IP-Address(es) for ping test FAILED!" >> $log_file
else
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] IP-Addresses for ping tests set to ${ping_ip_arr[@]}" >> $log_file
fi
fi
}
usage() {
echo
[ -n "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n"
echo -e " Usage:"
echo -e " \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m"
echo ""
echo -e " This script checks the status (online/offline) of the given devices. Afterward another"
echo " script called \033[1m`basename $netconfig_script`\033[m will be triggered to configure"
echo " the routing depending on the status of the devices."
echo ""
echo -e " It is strongly recommend to put \033[1mall devices, which should have a connection to"
echo -e " the internet\033[m, on the command line."
echo ""
echo -e " \033[1mNotice\033[m"
echo -e " On static line devices \033[1mappend \":<gateway>\"\033[m. This is very important,"
echo -e " otherwise this script will \033[1mNOT work as expected\033[m."
echo -e " Example:"
echo -e " \033[1m`basename $0` -l \"eth0 ppp-light\" eth0:172.16.0.1 ppp-light\033[m"
echo ""
echo -e " The declaration of the device(s) is mandatory."
echo ""
echo -e " Options:"
echo ""
echo -e " \033[1m-h\033[m"
echo -e " Prints this help\033[m"
echo ""
echo -e " \033[1m-l <list of online devices>\033[m"
echo -e " List of all (internet) devices known as online."
echo ""
exit 1
}
if [[ $EUID -ne 0 ]]; then
fatal "This script must be run as root" 1>&2
fi
if [[ ! -f "$netconfig_script" ]]; then
fatal "Netconfig script \"$netconfig_script\" not found!"
fi
## -------------------------------------------------
## --- If script is already running, stop execution
## -------------------------------------------------
LOCK_DIR=/tmp/`basename $0`.LOCK
if mkdir "$LOCK_DIR" 2> /dev/null ; then
## - Remove lockdir when the script finishes, or when it receives a signal
trap 'rm -rf "$LOCK_DIR"' 0 2 15
else
datum=`date +"%d.%m.%Y"`
msg="[ Error ]: A previos instance of script \"`basename $0`\" seems already be running.\n\n Exiting now.."
echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Script Error $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
if $LOGGING_CONSOLE ; then
echo ""
echo "[ Error ]: A previos instance script \"`basename $0`\" seems already be running."
echo ""
echo " Exiting now.."
echo ""
fi
exit 1
fi
## -------------
## --- Configure
## -------------
while getopts l:h opt ; do
case $opt in
h) usage ;;
l) ONLINE_DEVICE_LIST=$OPTARG
;;
esac
done
shift `expr $OPTIND - 1`
INITIAL_DEVICE_LIST="$@"
if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
fi
[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
## - Define (non associative) array
## -
declare -a inet_devices_arr
declare -a dsl_devices_arr
declare -a static_devices_arr
declare -a online_devices_arr
declare -A static_gw_arr
declare -A dsl_gw_available_arr
for _device in $INITIAL_DEVICE_LIST ; do
if [[ "$_device" =~ : ]]; then
static_gateway="${_device##*:}"
_device="${_device%:*}"
static_gw_arr[$_device]="$static_gateway"
static_devices_arr+=("$_device")
else
dsl_devices_arr+=("$_device")
fi
inet_devices_arr+=("$_device")
done
for _online_device in $ONLINE_DEVICE_LIST ; do
online_devices_arr+=("$_online_device")
done
## - Define associative array
## -
declare -A remote_gw_arr
declare -A filetime_PID_arr
for inet_device in "${online_devices_arr[@]}" ; do
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse" | cut -d":" -f3 | cut -d" " -f1`
else
remote_gw_address=${static_gw_arr[$inet_device]}
fi
remote_gw_arr[$inet_device]=$remote_gw_address
_pid_file=/var/run/${inet_device}.pid
if [ -f $_pid_file ]; then
filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
else
filetime_PID_arr[$inet_device]="NOT FOUND"
fi
done
declare -a ping_ip_arr;
#echo "--"
#for _key in "${!filetime_PID_arr[@]}" ; do
# echo "filetime_PID_arr[$_key]: ${filetime_PID_arr[$_key]}"
#done
#
#for _key in "${!remote_gw_arr[@]}" ; do
# echo "remote_gw_arr[$_key]: ${remote_gw_arr[$_key]}"
#done
#
#for _device in ${online_devices_arr[@]} ; do
# echo "$_device is online"
#done
#echo "--"
#exit
echo "" >> $log_file
echo "" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] ## ---" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] ## --- Starting script `basename $0`" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] ## ---" >> $log_file
echo "" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Devices configured..: ${inet_devices_arr[@]}" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Devices Online......: ${online_devices_arr[@]}" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] DSL Devices.........: ${dsl_devices_arr[@]}" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Static Devices......: ${static_devices_arr[@]}" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Remote Gateways.....: ${remote_gw_arr[@]}" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] ## ---" >> $log_file
echo "" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] ## --- Initial Setup:" >> $log_file
## - Initial: get ping addresses
## -
set_ping_addresses
echo "" >> $log_file
while true ; do
changed=false
for inet_device in "${inet_devices_arr[@]}" ; do
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] ## --- Device $inet_device" >> $log_file
fi
## - Set interface name, routing tables name and, if available, remote gateway.
## -
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
## - Is remote a remote gateway for this device knpn?
## -
remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse" | cut -d":" -f3 | cut -d" " -f1`
iface_name="dsl-`echo $inet_device | cut -d '-' -f2`"
rt_name="dsl_`echo $inet_device | cut -d '-' -f2`"
if [[ -n "$remote_gw_address" ]]; then
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Add $remote_gw_address to array dsl_gw_available_arr for DSL line $inet_device" >> $log_file
fi
dsl_gw_available_arr[$inet_device]=$remote_gw_address
else
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] No remote gateway found for DSL line $inet_device" >> $log_file
fi
if [[ ${dsl_gw_available_arr[$inet_device]+_} ]]; then
if $DEBUG; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Unset dsl_gw_available_arr for DSL line $inet_device" >> $log_file
fi
unset ${dsl_gw_available_arr[$inet_device]}
fi
fi
else
remote_gw_address=${static_gw_arr[$inet_device]}
iface_name=$inet_device
rt_name="static_`echo $inet_device | cut -d '-' -f1`"
fi
## ---
## --- Check if routing through this connection works
## ---
## - Notice:
## - if no remote gateway is known (remote_gw_address is empty), then we don't
## - need to test here.
## -
device_is_online=false
if [[ -n "$remote_gw_address" ]]; then
## - Check if routing through this dsl connection realy works
## -
if [ ${#ping_ip_arr[@]} -lt 1 ]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] No ip-address for ping-test is set. Skipping test.." >> $log_file
else
failed=true
for _key in ${!ping_ip_arr[@]} ; do
/sbin/ip rule add to ${ping_ip_arr[$_key]} table $rt_name
if ping -q -c2 ${ping_ip_arr[$_key]} >/dev/null 2>&1 ; then
if $DEBUG ; then
_local_gw=`curl -4 https://meine-ip.oopen.de 2> /dev/null`
if [ -n "$_local_gw" ]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Using local gateway \"$_local_gw\" for ping test" >> $log_file
fi
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Ping test (to ${ping_ip_arr[$_key]}) for device \"${inet_device}\" was successful." >> $log_file
fi
/sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
failed=false
device_is_online=true
break
fi
/sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
done
if $failed ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Ping test for device \"${inet_device}\" failed" >> $log_file
#echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
#echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
## - Remote gateway is not reachable. So empty variable "remote_gw_address"
#remote_gw_address=
fi # End: if $failed
fi # End: if [ ${#ping_ip_arr[@]} -lt 1 ]; then
fi # End: if [[ -n "$remote_gw_address" ]]
## ---
## --- Now check, if something has changed
## ---
if $device_is_online; then
if containsElement "$inet_device" ${online_devices_arr[@]} ; then
## - <before> <now>
## -
## - online online
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still online" >> $log_file
fi
## - Check if remote gateway has changed
## -
if [ "$remote_gw_address" != "${remote_gw_arr[$inet_device]}" ]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ WARN ] Remote Gateway on device \"$inet_device\" has changed: ${remote_gw_arr[$inet_device]} --> $remote_gw_address" >> $log_file
remote_gw_arr[$inet_device]=$remote_gw_address
_pid_file=/var/run/${inet_device}.pid
if [ -f $_pid_file ]; then
filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
fi
changed=true
else
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Remote Gateway on device \"$inet_device\": still ${remote_gw_arr[$inet_device]}" >> $log_file
fi
## - Test if pid-file's modify time hs changed
## -
## - Notice: that happens if your provider forces a reconnect (mostly one time a day
## - or in other words after 1440 minutes)
## -
_pid_file=/var/run/${inet_device}.pid
if [ -f $_pid_file ]; then
if [ "`stat -c %Y $_pid_file`" != "${filetime_PID_arr[$inet_device]}" ]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] Modify time for pid-file \"${inet_device}.pid\" has changed" >> $log_file
filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
changed=true
fi
fi
fi
else
## - <before> <now>
## -
## - offline online
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] Status Devices \"$inet_device\" changed" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] Devices \"$inet_device\" is now online" >> $log_file
## - Add device to array online_devices_arr
## -
online_devices_arr+=("$inet_device")
## - Add device to array remote_gw_arr
## -
remote_gw_arr[$inet_device]=$remote_gw_address
_pid=/var/run/${inet_device}.pid
if [ -f "$_pid" ]; then
filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
fi
changed=true
fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
else # ELSE: if $device_is_online; then
if containsElement "$inet_device" ${online_devices_arr[@]} ; then
## - <before> <now>
## -
## - online offline
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
## - In case of DSL Device, have a look at the ppp deamon
## -
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] pppd for \"$iface_name\" is running: Waiting another period" >> $log_file
else
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Trying to start pppd for \"$inet_device\".." >> $log_file
/usr/sbin/pppd call $iface_name > /dev/null 2>&1
fi
fi
## - Remove device from array online_devices_arr
## -
for _index in ${!online_devices_arr[@]} ; do
if [ "${online_devices_arr[$_index]}" = "$inet_device" ]; then
unset online_devices_arr[$_index]
break
fi
done
## - Also remove device from remote_gw_arr
## -
unset remote_gw_arr[$inet_device]
## - In case of DSL Device, kill the concerning the ppp deamon
## -
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
_pid=`ps -ax | grep -e "pppd call $iface_name" | grep -v grep | awk '{print$1}'`
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Kill ppp-daemon for $iface_name (pid $_pid)" >> $log_file
kill -9 $_pid
fi
changed=true
else
## - <before> <now>
## -
## - offline offline
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still offline" >> $log_file
fi
## - In case of DSL Device, have a look at the ppp deamon
## -
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] pppd for \"$iface_name\" is running: Waiting another period" >> $log_file
else
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Trying to start pppd for \"$inet_device\".." >> $log_file
/usr/sbin/pppd call $iface_name > /dev/null 2>&1
fi
fi
fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
fi # END: if $device_is_online; then
done # End: for inet_device in "${inet_devices_arr[@]}"
if $changed ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] Status Online Devices changed" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] Online Devices: ${online_devices_arr[@]}" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn ] Reconfigure Routing: invoking script \"$netconfig_script\".." >> $log_file
if [[ -z "${online_devices_arr[@]}" ]]; then
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script $INITIAL_DEVICE_LIST" >> $log_file
fi
$netconfig_script $INITIAL_DEVICE_LIST > /dev/null 2>&1
else
_LIST=
for _device in ${online_devices_arr[@]} ; do
_LIST="$_LIST $_device"
done
_LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script -l \"$_LIST\" $INITIAL_DEVICE_LIST" >> $log_file
fi
$netconfig_script -l "$_LIST" $INITIAL_DEVICE_LIST > /dev/null 2>&1
fi
datum=`date +"%d.%m.%Y"`
msg="[ `date +\"%H:%M:%S\"` ]: Status Online Devices changed..\n Online Devices: ${online_devices_arr[@]}\n\n Script \"$netconfig_script\" was invoked to reconfigure routing."
echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Status changed $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
fi # END if $changed
## - Set IP-adresses for Ping-Test at next run
## -
if [[ ${#online_devices_arr[@]} -gt 0 ]]; then
## - Try to set IP-Addresses for ping test
## -
set_ping_addresses
elif [[ ${#dsl_gw_available_arr[@]} -gt 0 ]]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Try to set default gateway to an existing DSL line .." >> $log_file
__set_default_gatway=false
default_gw_deleted=false
for _device in "${dsl_devices_arr[@]}" ; do
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Device: $_device - Gateway: ${dsl_gw_available_arr[$_device]}" >> $log_file
fi
if [[ -n "${dsl_gw_available_arr[$_device]}" ]]; then
## - Delete old default route
## -
if ! $default_gw_deleted ; then
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] /sbin/ip route delete default" >> $log_file
/sbin/ip route delete default >> $log_file 2>&1
else
/sbin/ip route delete default > /dev/null 2>&1
fi
default_gw_deleted=true
fi
## - Try to set default gateway to this DSL connection
## -
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device" >> $log_file
/sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device >> $log_file 2>&1
else
/sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device > /dev/null 2>&1
fi
if [[ "$?" == "0" ]]; then
__set_default_gatway=true
break
fi
fi
done # END: for _device in "${inet_devices_arr[@]}"
if ! $__set_default_gatway ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway (for DSL Device ${_device}) is set!" >> $log_file
else
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Default gateway on DSL Device $_device is set to ${inet_devices_arr[$_device]}" >> $log_file
## - Try to set IP-Addresses for ping test
## -
set_ping_addresses
fi
elif [[ ${#static_devices_arr[@]} -gt 0 ]]; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Try to set default gateway to an existing static line .." >> $log_file
__set_default_gatway=false
default_gw_deleted=false
for _device in "${static_devices_arr[@]}" ; do
## - Delete old default route
## -
if ! $default_gw_deleted ; then
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] /sbin/ip route delete default" >> $log_file
/sbin/ip route delete default >> $log_file 2>&1
else
/sbin/ip route delete default > /dev/null 2>&1
fi
default_gw_deleted=true
fi
## - Set new default route
## -
if $DEBUG ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
else
/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device > /dev/null 2>&1
fi
if [[ "$?" == 0 ]] ; then
__set_default_gatway=true
break
fi
done
if ! $__set_default_gatway ; then
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway is set!" >> $log_file
else
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Default gateway is set to ${static_gw_arr[$_device]}" >> $log_file
## - Try to set IP-Addresses for ping test
## -
set_ping_addresses
fi
fi # if [[ ${#online_devices_arr[@]} -gt 0 ]]
sleep 30
done
exit 0

3852
NONE-CKUBU/sbin/ip6t-firewall-gateway Executable file
View File

File diff suppressed because it is too large Load Diff

485
NONE-CKUBU/sbin/ipt-firewall-gateway
View File

@ -258,9 +258,9 @@ if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
continue continue
fi fi
# - ?? - Don't know which rule is the right one # - ?? - Don't know which rule is the right one , maybe both..
# - # -
#$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
done done
fi fi
@ -1644,6 +1644,7 @@ fi
# --- # ---
# - Allow local ip address from given local interface # - Allow local ip address from given local interface
# --- # ---
@ -1676,6 +1677,126 @@ fi
# ---
# - Allow extern service from given local interface
# ---
echononl "\tAllow extern service from given local interface"
if [[ ${#allow_local_if_to_ext_service_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in "${allow_local_if_to_ext_service_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ${_val_arr[3]} -i ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
if [[ "${_val_arr[3]}" = "tcp" ]]; then
$ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
fi
fi
done
echo_done
else
echo_skipped
fi
# ---
# - Allow extern network from given local interface
# ---
echononl "\tAllow extern network from given local interface"
if [[ ${#allow_local_if_to_ext_net_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in ${allow_local_if_to_ext_net_arr[@]} ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
$ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
echo_skipped
fi
# ---
# - Allow extern service from given local network
# ---
echononl "\tAllow extern service from given local network"
if [[ ${#allow_local_net_to_ext_service_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in "${allow_local_net_to_ext_service_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
if [[ "${_val_arr[3]}" = "tcp" ]]; then
$ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
fi
fi
done
echo_done
else
echo_skipped
fi
# ---
# - Allow extern network from given local network
# ---
echononl "\tAllow extern network from given local network"
if [[ ${#allow_local_net_to_ext_net_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in ${allow_local_net_to_ext_net_arr[@]} ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
$ipt -A FORWARD -p tcp -d ${_val_arr[1]} -s ${_val_arr[0]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -d ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Separate local networks # - Separate local networks
# --- # ---
@ -2640,6 +2761,12 @@ else
fi fi
# ---
# - FTP common
# ---
ftp_helper_output_defined=false
ftp_helper_prerouting_defined=false
# --- # ---
# - FTP out only # - FTP out only
# --- # ---
@ -2647,20 +2774,116 @@ fi
echononl "\t\tFTP out only" echononl "\t\tFTP out only"
if $allow_ftp_request_out ; then if $allow_ftp_request_out ; then
# - Used for different ftpdata recent lists 'ftpdata_$i'
# -
declare -i i=1
if ! $ftp_helper_output_defined ; then
$ipt -A OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_output_defined=true
fi
if $kernel_activate_forwarding && ! $ftp_helper_prerouting_defined ; then
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_prerouting_defined=true
fi
for _dev in ${ext_if_arr[@]} ; do for _dev in ${ext_if_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
$ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT # - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
# -
$ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m state --state NEW -m recent --name ftpdata_$i --rdest --set -j ACCEPT
# - (2)
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A OUTPUT -o $_dev -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_$i --rdest --update --seconds 1800 --reap -j ACCEPT
((i++))
# - Accept (helper ftp) related connections
# -
$ipt -A OUTPUT -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
$ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT # =====
# -
# - ip_conntrack_ftp cannot see the TLS-encrypted traffic
# - ======================================================
# -
# - Workaround:
# - (1) add (!) desitnatin ip to a 'recent list' named 'ftpdata_$i! if ftp control connections appear
# - (2) accept packets of the formaly created recent list 'ftpdata_$i!
# -
# - Note:
# - Use flag '--rdest' to match destination address
# -
# =====
# - (1)
# -
# - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
# -
$ipt -A FORWARD -o $_dev -p tcp --dport 21 -m state --state NEW \
-m recent --name ftpdata_$i --rdest --set -j ACCEPT
# - (2)
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A FORWARD -o $_dev -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_$i --rdest --update --seconds 1800 --reap -j ACCEPT
((i++))
# - Accept (helper ftp) related connections
# -
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
fi fi
done done
echo_done echo_done
else else
echo_done echo_skipped
fi fi
#if $allow_ftp_request_out ; then
# for _dev in ${ext_if_arr[@]} ; do
# $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
# $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# # - Allow active FTP connections from local network
# # -
# $ipt -A INPUT -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT
# if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
# $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
# $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# fi
# # - Allow active FTP connections from local network
# # -
# $ipt -A FORWARD -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT
# done
#
# echo_done
#else
# echo_done
#fi
# --- # ---
# - FTP Service Gateway # - FTP Service Gateway
@ -2669,7 +2892,50 @@ fi
echononl "\t\tFTP Service Gateway" echononl "\t\tFTP Service Gateway"
if $local_ftp_service ; then if $local_ftp_service ; then
$ipt -A INPUT -p tcp --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# =====
# -
# - ip_conntrack_ftp cannot see the TLS-encrypted traffic
# - ======================================================
# -
# - Workaround:
# - (1) add source ip to a 'recent list' named 'ftpservice! if ftp control connections appear
# - (2) accept packets of the formaly created recent list 'ftpservice!
# -
# =====
# - (Re)define helper
# -
# - !! Note: !!
# - for both, local FTP server (ftp_server_ip_arr)
# - and forward to (extern) FTP server (forward_ftp_server_ip_arr)
# -
if ! $ftp_helper_prerouting_defined ; then
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_prerouting_defined=true
fi
# - (1)
# -
# - Accept initial FTP connection and add the source ip to ftpdata recent list 'ftpservice'.
# -
$ipt -A INPUT -p tcp -m state --state NEW --dport 21 -m recent --name ftpservice --set -j ACCEPT
# - (2)
# - - Accept packets if the source ip-address is in the 'ftpservice' list (--update) and the
# - source ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the source address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A INPUT -p tcp -m state --state NEW --sport 1024: --dport $ftp_passive_port_range \
-m recent --name ftpservice --update --seconds 1800 --reap -j ACCEPT
# - Accept (helper ftp) related connections
# -
$ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
echo_done echo_done
else else
echo_skipped echo_skipped
@ -2681,32 +2947,100 @@ fi
# --- # ---
echononl "\t\tFTP Service local Networks" echononl "\t\tFTP Service local Networks"
if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
# - Used for different ftpdata recent lists 'ftpdata_local_$k'
# -
declare -i k=1
# - (Re)define helper
# -
if ! $ftp_helper_output_defined ; then
$ipt -A OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_output_defined=true
fi
if $kernel_activate_forwarding && ! $permit_between_local_networks && ! $ftp_helper_prerouting_defined ; then
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_prerouting_defined=true
fi
for _ip in ${ftp_server_only_local_ip_arr[@]} ; do for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
$ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
if ! $permit_between_local_networks ; then # - (1)
$ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT # -
# - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
# -
$ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport 1024: -m state --state NEW \
-m recent --name ftpdata_local_$k --rdest --set -j ACCEPT
$ipt -A FORWARD -d $_ip -p tcp --dport 21 -m state --state NEW \
-m recent --name ftpdata_local_$k --rdest --set -j ACCEPT
# - (2)
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A OUTPUT -d $_ip -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_local_$k --rdest --update --seconds 1800 --reap -j ACCEPT
if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
$ipt -A FORWARD -d $_ip -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_local_$k --rdest --update --seconds 1800 --reap -j ACCEPT
fi fi
if $local_alias_interfaces ; then ((k++))
# - Control Port
$ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT # - Accept (helper ftp) related connections
$ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT # -
# - Data Port activ $ipt -A OUTPUT -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT $ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
# - Data Port passiv if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
$ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT $ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp -d $_ip --dport 1024: -j ACCEPT
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp -s $_ip --dport 1024: -j ACCEPT
fi fi
done done
echo_done echo_done
else else
echo_skipped echo_skipped
fi fi
#echononl "\t\tFTP Service local Networks"
#if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
# for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
# $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
#
# if ! $permit_between_local_networks ; then
# $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# fi
#
# if $local_alias_interfaces ; then
# # - Control Port
# $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
# $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
# # - Data Port activ
# $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
# $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
# # - Data Port passiv
# $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
# fi
# done
#
# echo_done
#else
# echo_skipped
#fi
# --- # ---
# - FTP Services DMZ # - FTP Services DMZ
# --- # ---
@ -2812,6 +3146,38 @@ else
fi fi
# ---
# - Samba Service only out
# ---
echononl "\t\tSamba Service only out"
if $allow_samba_requests_out && ! $permit_local_net_to_inet ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${samba_udp_ports[@]} ; do
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
if $kernel_activate_forwarding ; then
for _port in ${samba_udp_ports[@]} ; do
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
fi
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Samba Service Gateway (only for local Networks) # - Samba Service Gateway (only for local Networks)
@ -3418,6 +3784,52 @@ else
fi fi
# ---
# - Special TCP Ports OUT
# ---
echononl "\t\tSpecial TCP Ports OUT"
if [[ ${#tcp_out_port_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${tcp_out_port_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
echo_done
else
echo_skipped
fi
# ---
# - Special UDP Ports OUT
# ---
echononl "\t\tSpecial UDP Ports OUT"
if [[ ${#udp_out_port_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${udp_out_port_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Other local Services # - Other local Services
# --- # ---
@ -3548,12 +3960,14 @@ if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
for _ip in ${pcns_server_ip_arr[@]} ; do for _ip in ${pcns_server_ip_arr[@]} ; do
if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
$ipt -A OUTPUT -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
fi fi
if $kernel_activate_forwarding && ! $permit_between_local_networks ; then if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
$ipt -A FORWARD -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
@ -3573,11 +3987,11 @@ fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) Gateway # - Ubiquiti Unifi Controller Gateway
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway" echononl "\t\tUbiquiti Unifi Controller Gateway"
if $local_unifi_controller_service ; then if $local_unifi_controller_service ; then
for _dev in ${local_if_arr[@]} ; do for _dev in ${local_if_arr[@]} ; do
$ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
@ -3592,11 +4006,32 @@ else
fi fi
echononl "\t\tUbiquiti Unifi Controller Gateway - STUN to Unifi APs"
if $local_unifi_controller_service ; then
if [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] ; then
for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
$ipt -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
done
echo_done
else
echo_skipped
warn "Local Unifi Controller is defined, but no Unifi APs!"
fi
else
echo_skipped
fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) local Network # - Ubiquiti Unifi Controller local Network
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network" echononl "\t\tUbiquiti Unifi Controller local Network"
if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \ if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding \ && $kernel_activate_forwarding \
&& ! $permit_between_local_networks ; then && ! $permit_between_local_networks ; then

993
NONE-CKUBU/sbin/netconfig.sh Executable file
View File

@ -0,0 +1,993 @@
#!/usr/bin/env bash
## -------------------------------------------------------------------
## --- All Configurations ill be done in /etc/check_net/check_net.conf
## -------------------------------------------------------------------
## - Load Configuration
## -
source /etc/check_net/check_net.conf
## ------------------
## --- Some functions
## ------------------
## - Check if a given array (parameter 2) contains a given string (parameter 1)
## -
fatal(){
echo ""
echo -e "[ \033[31m\033[1mError\033[m ]: $*"
echo ""
echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
echo ""
echo "" >> $log_file
echo "[ Error ]: $*" >> $log_file
echo "" >> $log_file
echo " Script is canceled." >> $log_file
echo "" >> $log_file
exit 1
}
containsElement () {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}
usage() {
echo
[ -n "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n"
echo -e " Usage:"
echo -e " \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m"
echo ""
echo -e " This script configures the default route, especially if more than one"
echo -e " route to the internet exists. Also the routing tables are managed by this"
echo -e " script."
echo ""
echo -e " The Parameter \033[1mdevice list\033[m contains all network devices, which should have"
echo -e " a connection to the Internet. Tha can be DSL lines as well as static lines."
echo -e " The declaration of the device list is mandatory."
echo ""
echo -e " \033[1mNotice\033[m"
echo -e " Declare the device list in the order of your preferred default gatway devices."
echo ""
echo -e " \033[1mNotice\033[m"
echo -e " On static line devices \033[1mappend \":<gateway>\033[m. This is very important,"
echo -e " otherwise this script will \033[1mNOT work as expected\033[m."
echo ""
echo -e " If this script is invoked with option \033[1m-m\033[m, another script called \033[1m`basename $check_script`\033[m"
echo -e " will be triigered to monitor the devices and informs about changes (online/offline"
echo -e " status) of the given devices. If the status of a line has changed, this script"
echo -e " is reinvoked by the monitoring script \033[1m`basename $check_script`\033[m to reconfigure"
echo -e " the routing."
echo ""
echo -e " Options:"
echo ""
echo -e " \033[1m-h\033[m"
echo -e " Prints this help\033[m"
echo ""
echo -e " \033[1m-l <list of online devices>\033[m"
echo -e " List of all (internet) devices known as online. Usually, this option will"
echo -e " be used by triggering this script from check script \033[1m`basename $check_script`\033[m."
echo ""
echo -e " \033[1m-m\033[m"
echo -e " Activates monitoring of the given network devices."
echo ""
echo -e " Example:"
echo -e " - Simply configure routing for devices \"$_INITIAL_DEVICE_LIST\""
echo -e " \033[1m`basename $0` $_INITIAL_DEVICE_LIST\033[m"
echo ""
echo -e " - Configure routing for devices \"$_INITIAL_DEVICE_LIST\" and activate monitoring"
echo -e " \033[1m`basename $0` -m $_INITIAL_DEVICE_LIST\033[m"
echo ""
exit 1
}
if [[ ! -f "$check_script" ]] ; then
fatal "Check script \033[1m$check_script\033[m not found!"
fi
if [[ "`which sipcalc`" == "" ]]; then
fatal "\033[1msipcalc\033[m must be installed to run this script"
fi
if [[ $EUID -ne 0 ]]; then
fatal "This script must be run as root" 1>&2
fi
## ---
## --- Configure
## ---
_monitoring=false
ONLINE_DEVICE_LIST=
while getopts hl:m opt ; do
case $opt in
h) usage
;;
l) ONLINE_DEVICE_LIST=$OPTARG
;;
m) _monitoring=true
;;
esac
done
shift `expr $OPTIND - 1`
INITIAL_DEVICE_LIST="$@"
if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
fi
[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
## - Define (non associative) array
## -
declare -a inet_devices_arr
declare -a dsl_devices_arr
declare -a static_devices_arr
declare -a online_devices_arr
declare -A static_gw_arr
for _device in $INITIAL_DEVICE_LIST ; do
if [[ "$_device" =~ : ]]; then
static_gateway="${_device##*:}"
_device="${_device%:*}"
static_gw_arr[$_device]="$static_gateway"
static_devices_arr+=("$_device")
else
dsl_devices_arr+=("$_device")
fi
inet_devices_arr+=("$_device")
done
for _online_device in $ONLINE_DEVICE_LIST ; do
online_devices_arr+=("$_online_device")
done
#echo "All Devices:"
#for _device in "${inet_devices_arr[@]}" ; do
# echo -e "\t$_device"
#done
#echo "Online Devices:"
#for _device in "${online_devices_arr[@]}" ; do
# echo -e "\t$_device"
#done
#
#for inet_device in "${inet_devices_arr[@]}" ; do
# if [ -n "$ONLINE_DEVICE_LIST" ]; then
# if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
# echo "$inet_device is offline"
# continue
# fi
# fi
#done
#
#echo ""
#exit
## - Define associative arrays
## -
declare -A default_gw_arr
declare -A gw_connection_arr
declare -i number_rt_table=0
## ---
## --- Start
## ---
#echo "" >> $log_file
#echo "" >> $log_file
#echo "#############################" >> $log_file
#echo "### ---" >> $log_file
#echo "### --- [ `date +'%Y-%m-%d %H:%M'` ]: Starting Script `basename $0`.." >> $log_file
#echo "### --- Devices all: $INITIAL_DEVICE_LIST" >> $log_file
#echo "### --- Devices online: $ONLINE_DEVICE_LIST" >> $log_file
#echo "### ---" >> $log_file
#echo "### ---" >> $log_file
#echo "#############################" >> $log_file
echo "" >> $log_file
echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info ] Starting Script `basename $0`.." >> $log_file
echo " Devices all: $INITIAL_DEVICE_LIST" >> $log_file
echo " Devices online: $ONLINE_DEVICE_LIST" >> $log_file
configured=false
if $_monitoring ; then
max_attempts=20
else
max_attempts=1
fi
declare -i _try_number=0
declare -i prio=0
while ! $configured && [ $_try_number -lt $max_attempts ] ; do
let _try_number++
if [ $_try_number -gt 1 ]; then
echo "" >> $log_file
echo "# --- sleeping 2 seconds before attempt number $_try_number" >> $log_file
sleep 2
fi
number_rt_table=0
#for inet_device in "${dsl_devices_arr[@]}" ; do
for inet_device in "${inet_devices_arr[@]}" ; do
## - Create routing table name
## -
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
__name=`echo $inet_device | cut -d '-' -f2`
rt_name="dsl_$__name"
else
__name=`echo $inet_device | cut -d '-' -f1`
rt_name="static_$__name"
fi
if ! $_monitoring ; then
## - Check if device was reported (from check script) as offline
## -
_offline=false
if [ -n "$ONLINE_DEVICE_LIST" ]; then
if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
_offline=true
fi
else
_offline=true
fi
## - Cleanup routing tables
## -
if $_offline ; then
if $LOGGING_CONSOLE ; then
echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !"
echo -e "\t So device \"$inet_device\" will be excluded from routing."
fi
echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !" >> $log_file
echo -e "\t So device \"$inet_device\" will be excluded from routing." >> $log_file
## - Delete all existing entries of this routing table
## -
echo "" >> $log_file
echo "## - Delete all existing entries of routing table \"$rt_name\"" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route flush table $rt_name" >> $log_file
/sbin/ip route flush table $rt_name >> $log_file 2>&1
if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
## - Delete all rules concerning table $rt_name
## -
echo "" >> $log_file
echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
echo "## -" >> $log_file
while read line ; do
direction=`echo $line | awk '{print$2}'`
ip=`echo $line | awk '{print$3}'`
echo "/sbin/ip rule delete $direction $ip table $rt_name" >> $log_file
/sbin/ip rule delete $direction $ip table $rt_name
done < <(/sbin/ip rule | grep $rt_name)
echo "" >> $log_file
fi # End: if /sbin/ip rule | grep $rt_name > /dev/null 2>&1
continue
fi # End: if $_offline
fi # End: if ! $_monitoring ; then
let number_rt_table="$number_rt_table+100"
prio=0
## - Add new routing table to /etc/iproute2/rt_tables
## - if not yet exists
## -
if ! grep $rt_name /etc/iproute2/rt_tables > /dev/null 2>&1 ; then
echo "" >> $log_file
echo "## - Add new routing table to /etc/iproute2/rt_tables" >> $log_file
echo "## -" >> $log_file
echo "echo \"$number_rt_table $rt_name\" >> /etc/iproute2/rt_tables" >> $log_file
echo -e "$number_rt_table\t$rt_name" >> /etc/iproute2/rt_tables
fi
## - Is the device present and has local Address ?
## -
local_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse" | cut -d":" -f2 | cut -d" " -f1`
if [ -z $local_gw_address ]; then
if $LOGGING_CONSOLE ; then
echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
echo -e "\t No local address was found."
fi
echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
echo -e "\t No local address was found." >> $log_file
## - Cleanup routing tables
## -
## - Delete all existing entries of this routing table
## -
echo "" >> $log_file
echo "## - Delete all existing entries of this routing table" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route flush table $rt_name" >> $log_file
/sbin/ip route flush table $rt_name >> $log_file 2>&1
if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
## - Delete all rules concerning table $rt_name
## -
echo "" >> $log_file
echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
echo "## -" >> $log_file
while read line ; do
direction=`echo $line | awk '{print$2}'`
ip=`echo $line | awk '{print$3}'`
echo "/sbin/ip rule delete $direction $ip table $rt_name" >> $log_file
/sbin/ip rule delete $direction $ip table $rt_name
done < <(/sbin/ip rule | grep $rt_name)
echo "" >> $log_file
fi
continue
fi # End: if [ -z $local_gw_address ]
## - Is the DSL-device known and has remote Address ?
## -
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse" | cut -d":" -f3 | cut -d" " -f1`
remote_gw_net="$remote_gw_address/32"
else
net_address=`sipcalc $inet_device 2> /dev/null | grep -i -e "^network\s*address\s*-" | awk '{print$4}'`
remote_gw_address=${static_gw_arr[$inet_device]}
_netmask_bits=`sipcalc $inet_device 2> /dev/null | grep -i -e "Network\s*mask\s*(bits)" | awk '{print$5}'`
remote_gw_net="${net_address}/$_netmask_bits"
fi
if [ -z $remote_gw_address ]; then
if $LOGGING_CONSOLE ; then
echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
echo -e "\t No remote gateway was found."
fi
echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
echo -e "\t No remote gateway was found." >> $log_file
## - Cleanup routing tables
## -
## - Delete all existing entries of this routing table
## -
echo "" >> $log_file
echo "## - Delete all existing entries of this routing table" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route flush table $rt_name" >> $log_file
/sbin/ip route flush table $rt_name >> $log_file 2>&1
if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
## - Delete all rules concerning table $rt_name
## -
echo "" >> $log_file
echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
echo "## -" >> $log_file
while read line ; do
direction=`echo $line | awk '{print$2}'`
ip=`echo $line | awk '{print$3}'`
echo "/sbin/ip rule delete $direction $ip table $rt_name" >> $log_file
/sbin/ip rule delete $direction $ip table $rt_name
done < <(/sbin/ip rule | grep $rt_name)
echo "" >> $log_file
fi
continue
fi
## - Device already configured by that script?
## -
if [ ${default_gw_arr[$inet_device]+_} ] ; then
continue
fi
# -
# - Ready to start configuration for that device
# -
echo "" >> $log_file
echo "# ---" >> $log_file
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
echo "# --- Routing Table for (DSL) network device \"$inet_device\" was created" >> $log_file
else
echo "# --- Routing Table for (static line) network device \"$inet_device\"" >> $log_file
fi
echo "# ---" >> $log_file
if $LOGGING_CONSOLE ; then
echo
echo
if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
echo -e "\t--- DSL Connection at interface $inet_device"
else
echo -e "\t--- Static Connection at interface $inet_device"
fi
echo -e "\t---"
echo -e "\tRouting Table Name..: $rt_name"
echo
echo -e "\tInterface...........: $inet_device"
echo
echo -e "\tLocal GW address....: $local_gw_address"
echo -e "\tRemote GW address...: $remote_gw_address"
echo -e "\tRemote network......: $remote_gw_net"
echo
fi
echo "# --- Routing Table Name..: $rt_name" >> $log_file
echo "# --- " >> $log_file
echo "# --- Interface...........: $inet_device" >> $log_file
echo "# --- " >> $log_file
echo "# --- Local GW address....: $local_gw_address" >> $log_file
echo "# --- Remote GW address...: $remote_gw_address" >> $log_file
echo "# --- Remote network......: $remote_gw_net" >> $log_file
echo "# --- " >> $log_file
## - Read routing table from output of "netstat -rn"
## -
routing_table_main_arr=()
while read _destination _gateway _genmask _flags _mss _window _irtt _iface; do
if [ "$_destination" = "Destination" -o "$_destination" = "Kernel" \
-o "$_destination" = "Ziel" -o "$_destination" = "Kernel-IP-Routentabelle" ]; then
continue
fi
routing_table_main_arr+=("$_destination $_gateway $_genmask $_iface")
done < <(netstat -rn)
## - First delete all existing entries of this routing table
## -
echo "" >> $log_file
echo "## - First delete all existing entries of this routing table" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route flush table $rt_name" >> $log_file
/sbin/ip route flush table $rt_name >> $log_file 2>&1
## - Add loopback device to routing table $rt_name
## -
echo "" >> $log_file
echo "## - Add loopback device to routing table $rt_name " >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route add 127.0.0.0/8 dev lo table table $rt_name" >> $log_file
/sbin/ip route add 127.0.0.0/8 dev lo table $rt_name >> $log_file 2>&1
## - Add routing tables of all (local) network interfaces
## -
echo "" >> $log_file
echo "## - Add routing tables of all (local) network interfaces" >> $log_file
echo "## -" >> $log_file
for _entry in "${routing_table_main_arr[@]}" ; do
dest=`echo $_entry | cut -d " " -f1`
gateway=`echo $_entry | cut -d " " -f2`
genmask=`echo $_entry | cut -d " " -f3`
iface=`echo $_entry | cut -d " " -f4`
## - We will set default route later..
## -
if [ "$dest" = "0.0.0.0" ]; then
continue
fi
## - Is this a "ppp"-device ?
## -
if [[ "$iface" =~ "ppp" ]]; then
continue
fi
if [ "$dest" = "$remote_gw_address" ]; then
continue
fi
if [ "$gateway" = "0.0.0.0" ]; then
echo "/sbin/ip route add ${dest}/$genmask dev $iface table $rt_name" >> $log_file
/sbin/ip route add ${dest}/$genmask dev $iface table $rt_name >> $log_file 2>&1
else
echo "/sbin/ip route add ${dest}/$genmask via $gateway table $rt_name" >> $log_file
/sbin/ip route add ${dest}/$genmask via $gateway table $rt_name >> $log_file 2>&1
fi
done
## - Add this connection to the routing table
## -
echo "" >> $log_file
echo "## - Add this connection to the routing table $rt_name" >> $log_file
echo "## -" >> $log_file
if $USE_REMOTE_GATEWAY_ADDRESS ; then
## - Remote Network: $remote_gw_net
## -
echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name" >> $log_file
/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
else
## - Remote Network: 0.0.0.0
## -
echo "/sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name" >> $log_file
/sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
fi
if $SET_MULTIPLE_DEFAULT_GW ; then
if /sbin/ip route show table main | grep -e "^$remote_gw_address" | grep $inet_device > /dev/null 2>&1 ; then
echo "" >> $log_file
echo "## - Delete route via (dsl remote) host $remote_gw_address" >> $log_file
echo "## -"
echo "/sbin/ip route delete $remote_gw_address dev $inet_device" >> $log_file
/sbin/ip route delete $remote_gw_address dev $inet_device >> $log_file 2>&1
fi
echo "" >> $log_file
echo "## - Add this connection also to the main routing table" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address" >> $log_file
/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address >> $log_file 2>&1
fi
## - Remeber that route in order to add it to the routing table
## - of other connections
## -
gw_connection_arr[$inet_device]="$remote_gw_net $local_gw_address"
## - Add the connections associated gateway as default gateway for this
## - routing table
## -
echo "" >> $log_file
echo "## - Add the connections associated gateway as default gateway for this" >> $log_file
echo "## - routing table" >> $log_file
echo "## -" >> $log_file
if $USE_REMOTE_GATEWAY_ADDRESS ; then
## - Default Gatway: $remote_gw_address
## -
#echo "/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name" >> $log_file
#/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name >> $log_file 2>&1
echo "/sbin/ip route add default via $remote_gw_address table $rt_name" >> $log_file
/sbin/ip route add default via $remote_gw_address table $rt_name >> $log_file 2>&1
else
## - Default Gatway: 0.0.0.0
## -
echo "/sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name" >> $log_file
/sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name >> $log_file 2>&1
fi
## - Make sure that a reply goes out over the same connection as came in
## -
echo "" >> $log_file
echo "## - Make sure that a reply goes out over the same connection as came in" >> $log_file
echo "## -" >> $log_file
if ! /sbin/ip rule | grep "from $local_gw_address" > /dev/null 2>&1 ; then
let prio="$number_rt_table"
echo "/sbin/ip rule add from $local_gw_address table $rt_name prio $prio" >> $log_file
/sbin/ip rule add from $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
#let prio="10+$prio"
#echo "/sbin/ip rule add to $local_gw_address table $rt_name prio $prio" >> $log_file
#/sbin/ip rule add to $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
else
let prio="1010+$number_rt_table"
echo -e "#\t[ info ]: Rule already exists.." >> $log_file
fi
## ---
## --- Special Routing (local) IP-Address OUT
## ---
if [[ ${#rule_local_ip_arr[@]} -gt 0 ]] ; then
let prio="1000+${number_rt_table}+10"
for _val in "${rule_local_ip_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
echo "" >> $log_file
echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
echo "## -" >> $log_file
if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
else
echo "# Rule already exists" >> $log_file
fi
prio="10+$prio"
fi
done
fi
## ---
## --- Special Routing (remote) Services
## ---
if [[ ${#rule_remote_ip_arr[@]} -gt 0 ]] ; then
let prio="5000+${number_rt_table}+10"
for _val in "${rule_remote_ip_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
echo "" >> $log_file
echo "## - Rule ${prio}: to ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
echo "## -" >> $log_file
if ! /sbin/ip rule | grep "to ${_val_arr[1]} " > /dev/null 2>&1 ; then
echo "/sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
/sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
else
echo "# Rule already exists" >> $log_file
fi
prio="10+$prio"
fi
done
fi
## ---
## --- Special Routing Networks
## ---
if [[ ${#rule_local_net_arr[@]} -gt 0 ]] ; then
let prio="10000+${number_rt_table}+10"
for _val in "${rule_local_net_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
echo "" >> $log_file
echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
echo "## -" >> $log_file
if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
else
echo "# Rule already exists" >> $log_file
fi
prio="10+$prio"
fi
done
fi
## - Add this connection to the routing tables of other already configured dsl-connections
## -
## - Note:
## - Connections which will be configured later at this loop will
## - not have that connection in their routing tables. So you have
## - to add missing routes at the end (after that loop has finisched).
## -
## - _key is eqal to the ppp-device
## -
for _key in "${!gw_connection_arr[@]}"; do
if containsElement "$_key" "${dsl_devices_arr[@]}" ; then
__name=`echo $_key | cut -d '-' -f2`
_rt_name="dsl_$__name"
else
__name=`echo $_key | cut -d '-' -f1`
_rt_name="static_$__name"
fi
if [[ "$_rt_name" == "$rt_name" ]]; then
continue
fi
_local_gw_address=`echo ${gw_connection_arr[$_key]} | cut -d " " -f2`
_remote_gw_net=`echo ${gw_connection_arr[$_key]} | cut -d " " -f1`
echo "" >> $log_file
echo "## - Add this connection to the routing table \"$_rt_name\"" >> $log_file
echo "## -" >> $log_file
if $USE_REMOTE_GATEWAY_ADDRESS ; then
## - Remote Network: $_remote_gw_net
## -
if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$_key" >/dev/null 2>&1 ; then
_remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$_key" >/dev/null 2>&1 ; then
echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
else
echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
fi
fi
else
## - Remote Network: 0.0.0.0
## -
if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
_remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
else
echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
fi
fi
fi
done
## - Add this gateway data to the array concerning all outgoing gatways
## -
#default_gw_arr[$inet_device]="$local_gw_address"
default_gw_arr[$inet_device]="$remote_gw_address"
if $SET_MULTIPLE_DEFAULT_GW ; then
default_gw_arg=""
for _key in "${!default_gw_arr[@]}"; do
if $USE_DEFAULT_GW_ADDRESS ; then
## - Default Gateway: $remote_gw_address
## -
default_gw_arg="$default_gw_arg nexthop via ${default_gw_arr[$_key]} dev $_key weight 1"
else
## - Default Gateway: 0.0.0.0
## -
default_gw_arg="$default_gw_arg nexthop via 0.0.0.0 dev $_key weight 1"
fi
done
if [ -n "$default_gw_arg" ] ; then
echo "" >> $log_file
echo "## - Add multiple default gateways" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route delete default" >> $log_file
/sbin/ip route delete default >> $log_file 2>&1
echo "/sbin/ip route add default scope global $default_gw_arg" >> $log_file
/sbin/ip route add default scope global $default_gw_arg >> $log_file 2>&1
else
echo "" >> $log_file
echo "## -" >> $log_file
echo "## - [ Warning]: No default gateway found!" >> $log_file
echo "## -" >> $log_file
fi
fi
## - Notice:
## - It is possible to first make a number of changes and then flush
## - the cache so that all of the changes will be implemented simultaneously.
## - This is actually convenient when working on an active router.
## -
echo "" >> $log_file
echo "## - Flush table cache" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route flush table cache" >> $log_file
/sbin/ip route flush table cache >> $log_file 2>&1
echo "" >> $log_file
if [ ${#default_gw_arr[@]} -eq ${#inet_devices_arr[@]} ]; then
configured=true
fi
done
done
## - Some dsl-connections maybe not known to all routing tables. So add
## - the missing routes to the appropriate tables..
## -
echo "" >> $log_file
echo "" >> $log_file
echo "## - Some dsl-connections maybe not known to all routing tables. So add" >> $log_file
echo "## - the missing routes to the appropriate tables.." >> $log_file
echo "## -" >> $log_file
_changed=false
if $USE_REMOTE_GATEWAY_ADDRESS ; then
## - Remote Network: $_remote_gw_net
## -
for _key in "${!gw_connection_arr[@]}"; do
if containsElement "$_key" "${dsl_devices_arr[@]}" ; then
__name=`echo $_key | cut -d '-' -f2`
_rt_name="dsl_$__name"
else
__name=`echo $_key | cut -d '-' -f1`
_rt_name="static_$__name"
fi
echo "# Routing Table \"$_rt_name\"" >> $log_file
for __key in "${!gw_connection_arr[@]}"; do
_local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
_remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$__key" >/dev/null 2>&1 ; then
_remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$__key" >/dev/null 2>&1 ; then
#echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
#/sbin/ip route add $_remote_gw_net dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
echo "/sbin/ip route add $_remote_gw dev $__key table $_rt_name" >> $log_file
/sbin/ip route add $_remote_gw dev $__key table $_rt_name >> $log_file 2>&1
_changed=true
else
echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
fi
fi
done
done
else
## - Remote Network: 0.0.0.0
## -
for _key in "${!gw_connection_arr[@]}"; do
if containsElement "$_key" "${dsl_devices_arr[@]}" ; then
__name=`echo $_key | cut -d '-' -f2`
_rt_name="dsl_$__name"
else
__name=`echo $_key | cut -d '-' -f1`
_rt_name="static_$__name"
fi
echo "# Routing Table \"$_rt_name\"" >> $log_file
for __key in "${!gw_connection_arr[@]}"; do
_local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
_remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
_remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
/sbin/ip route add 0.0.0.0 dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
_changed=true
else
echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
fi
fi
done
done
fi
## - If not using multiple default gatways, set the default gateway here
## -
if ! $SET_MULTIPLE_DEFAULT_GW ; then
__set_default_gatway=false
echo "" >> $log_file
echo "" >> $log_file
echo "## ---" >> $log_file
echo "## --- Add default gateway" >> $log_file
echo "## ---" >> $log_file
## - Note: the first online device will become default route
## -
for _device in "${inet_devices_arr[@]}" ; do
## - Device online ?
if [ -n "${default_gw_arr[$_device]}" ]; then
echo "/sbin/ip route delete default" >> $log_file
/sbin/ip route delete default >> $log_file 2>&1
if $USE_REMOTE_GATEWAY_ADDRESS ; then
echo "/sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device" >> $log_file
/sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device >> $log_file 2>&1
else
echo "/sbin/ip route add default via 0.0.0.0 dev $_device" >> $log_file
/sbin/ip route add default via 0.0.0.0 dev $_device >> $log_file 2>&1
fi
__set_default_gatway=true
_changed=true
break
else
echo "" >> $log_file
echo -e "\t[ Warning ]: $_device is OFFLINE ! Trying next.." >> $log_file
fi
done
if ! $__set_default_gatway ; then
echo "" >> $log_file
echo -e "\t[ Error ]: No connection is online!" >> $log_file
echo -e "\t Try to set default gateway from an existing static line .." >> $log_file
## - Notice:
## -
## - If no connection is available (the machine is fully offline), the check script will not
## - recognize, if the static line becomes online. A way to handle this is to let the
## - default gateway active.
## -
default_gw_deleted=false
for _device in "${inet_devices_arr[@]}" ; do
if containsElement "$_device" "${static_devices_arr[@]}" ; then
## - Delete old default route
## -
if ! $default_gw_deleted ; then
echo "" >> $log_file
echo "## - Delete existing default gatewy" >> $log_file
echo "## - " >> $log_file
echo "/sbin/ip route delete default" >> $log_file
/sbin/ip route delete default >> $log_file 2>&1
default_gw_deleted=true
fi
## - Set new default route
## -
echo "" >> $log_file
echo "## - Try to set default gateway to ${static_gw_arr[$_device]}.." >> $log_file
echo "## - " >> $log_file
echo "/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
if [[ "$?" == 0 ]] ; then
__set_default_gatway=true
break
fi
fi
done
if ! $__set_default_gatway ; then
echo "" >> $log_file
echo -e "\t[ Error ]: No default gateway is set!" >> $log_file
fi
fi
fi
## - Flush the routing tables cache if somethimg has changed
## -
if $_changed ; then
echo "" >> $log_file
echo "" >> $log_file
echo "## - Some Routing tables has changed, so flush table cache" >> $log_file
echo "## -" >> $log_file
echo "/sbin/ip route flush table cache" >> $log_file
/sbin/ip route flush table cache >> $log_file 2>&1
fi
if $_monitoring ; then
echo "" >> $log_file
echo "" >> $log_file
echo "## - Starting monitoring script to check dsl connections.." >> $log_file
echo "## -" >> $log_file
if [[ -z "${!default_gw_arr[@]}" ]] ; then
echo "$check_script $INITIAL_DEVICE_LIST &" >> $log_file 2>&1
$check_script $INITIAL_DEVICE_LIST &
else
_LIST=
for _device in ${!default_gw_arr[@]} ; do
_LIST="$_LIST $_device"
done
_LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
echo "$check_script -l \"$_LIST\" $INITIAL_DEVICE_LIST &" >> $log_file 2>&1
$check_script -l "$_LIST" $INITIAL_DEVICE_LIST &
fi
fi
echo "" >> $log_file
echo "### -------------------------" >> $log_file
exit 0

2
NONE-CKUBU/src/check_net

@ -1 +1 @@
Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b Subproject commit 0e55b1a6c5f700e8a233fc950ddb49a5b33a8b93

376
NONE-CKUBU/src/djbdns/djbdns-1.05/CHANGES Normal file
View File

@ -0,0 +1,376 @@
19991129
version: dnscache 0.50, alpha. not released yet.
19991223
version: dnscache 0.60, alpha.
19991224
internal: dns_sortip() takes length argument.
api: dns_ip4() sorts output. currently this means just random.
api: added socket_bind4_reuse(). removed reuse from bind4().
ui: used bind4_reuse() for port 53, bind4() otherwise.
internal: eliminated some unused variables.
internal: prototypes in cdb.h, cdbmake.h, cdbmss.h.
internal: prototypes in case.h, env.h, fmt.h, scan.h, str.h.
internal: prototypes in stralloc.h.
internal: prototypes in error.h, strerr.h.
internal: prototypes in ndelay.h, open.h, seek.h.
internal: prototypes in sgetopt.h, subgetopt.h.
internal: prototypes in tai.h, taia.h.
internal: added some missing declarations.
bug: query.c checked void response_finishanswer() return code.
impact: cached responses were dropped on systems that
didn't follow the traditional C return behavior. fix:
obvious. tnx Giles Lean.
internal: switched from taia_addsec() to taia_uint().
api: switched to uint16 for socket_* port numbers.
internal: integrated uint16_pack() and friends.
ui: dnscache allows (recursive) queries from port 53.
ui: dnscache has 10-second idle timer on TCP read/write.
ui: dnscache limits itself to 20 concurrent TCP connections.
internal: moved dns_domain_fromdot() to separate file.
ui: supported \X, \1, \12, \123 in dns_domain_fromdot().
ui: supported \123 in dns_domain_todot_append().
version: dnscache 0.61, alpha.
19991230
api: added dns_ip4_qualify().
api: added dns_resolvconfrewrite().
ui: added dnsipq.
api: dns_ip4() checks for (strings of) IP addresses.
20000106
port: Solaris needs /dev/udp, not just /dev/tcp. impact:
dnscache and tinydns would stop immediately under
Solaris. fix: create /dev/udp in configure; and have
tinydns create socket before chroot. tnx Louis Theran.
internal: moved dns_name4_domain() to dns_nd.c.
ui: tinydns no longer excludes screwy queries from its log.
internal: moved respond() to tdlookup.c under new name.
ui: added tinydns-get.
ui: rewrote tinydns-data for new data format.
internal: expanded rts to cover tinydns-data using tinydns-get.
20000107
ui: tinydns-data allows arbitrary case in domain names.
ui: dnscache supports preconfigured servers for non-root
domains.
ui: dnscache uses textual addresses for preconfigured servers.
20000108
ui: tinydns-data excludes the additional and authority sections
if doing so helps meet the 512-byte UDP limit.
version: dnscache 0.70, beta.
20000114
internal: in log.c, ulong() now prints a uint64.
internal: added cache_motion, query_count, log_stats.
ui: dnscache now prints queries/motion stats after typical
response packets.
20000115
internal: added droproot.c. used in tinydns and dnscache.
internal: moved tinydns log() to qlog.c under new name.
ui: added walldns, configure-wd.
ui: configure-td now creates an empty root/data.
ui: added tinydns-edit.
ui: configure-td now sets up root/add-{ns,childns,host,mx}.
20000116
ui: renamed configure* as *-conf.
ui: added axfrdns, axfrdns-conf.
ui: added axfr-get.
ui: dnscache-conf 10.* or 192.168.* now sets IPSEND=0.0.0.0.
20000117
ui: added pickdns, pickdns-conf, pickdns-data.
version: dnscache 0.75, beta.
20000118
internal: address* -> address_* in pickdns-data.c.
internal: start writing cdb earlier in pickdns-data.c.
internal: keep track of namelen in pickdns-data.c.
ui: added client-location variability to pickdns, pickdns-data.
ui: qlog logs short packets.
ui: qlog logs header if RD or other unusual bits are set.
ui: qlog logs non-Internet classes.
api: dns_domain_todot_append() -> dns_domain_todot_cat().
ui: axfr-get prints A records more nicely. tnx Russ Nelson.
ui: tinydns, pickdns, and walldns respond REFUSED to multiple
queries, strange classes, and strange header bits.
pickdns and walldns also respond REFUSED to unrecognized
domain names.
20000120
ui: dns_resolvconfip() and dns_resolvconfrewrite() reread after
10 minutes or 10000 uses.
ui: dns_resolvconfrewrite() treats "domain" like "search".
ui: dns_resolvconfrewrite() supports $LOCALDOMAIN.
ui: dns_resolvconfrewrite() supports gethostname().
api: dns_ip4_qualify() -> dns_ip4_qualify_rules(). new function
under the old name uses dns_resolvconfrewrite().
internal: cleaned up log.h.
20000121
port: the gcc 2.95.2 -O2 optimizer can destroy parameters in a
function that calls another function with a long long
argument. impact: gcc 2.95.2 kills dnscache in
log_query(). fix: pass log_stats() inputs by reference,
and pass uint64's through a variable inside log.c.
internal: introduced x_* in axfr-get.
internal: more format verification in axfr-get.
ui: minimal Z support in tinydns-data.
ui: axfr-get prints Z lines.
ui: juggled axfr-get to support BIND 8's many-answers option.
ui: axfr-get prints common characters readably rather than in
octal. tnx Karsten Thygesen.
ui: install copies VERSION into .../etc.
20000122
ui: dns_domain_todot_cat() now lowercases everything.
internal: split printrecord.c out of tinydns-get.
ui: added dnstrace.
20000123
version: dnscache 0.76, beta.
20000124
port: Solaris needs socket libraries for dnstrace. impact:
couldn't compile under Solaris. fix: use socket.lib.
tnx Karsten Thygesen.
20000126
ui: dns_resolvconfip() supports $DNSCACHEIP.
ui: changed tinydns-get arg order.
internal: split printpacket.c out of tinydns-get.
ui: added dnsquery.
internal: merged case.a, fs.a, str.a, uint.a, ip4.a into byte.a.
internal: merged strerr.a into buffer.a.
internal: merged stralloc.a, getln.a into alloc.a.
internal: merged error.a, open.a, seek.a, ndelay.a, socket.a
into unix.a.
internal: used catulong in axfr-get.c.
ui: packet-parsing errors produce error_proto.
ui: axfr-get goes out of its way to reject wildcards.
internal: introduced generic-conf.c.
internal: upgraded timeoutread and timeoutwrite to iopause.
20000127
ui: revamped details of the log formats.
ui: full Z support in tinydns-data.
ui: axfr-get accepts authority records and additional records.
ui: axfrdns tries to imitate BIND's handling of glue.
internal: expanded rts to try out the servers and *-conf.
ui: added rbldns.
20000128
ui: increased MAXNS to 16 in query.h.
20000129
version: DNScache 0.80, beta.
20000205
ui: tinydns-data supports ^, for the benefit of people stuck
behind reverse CNAMEs. tnx Petr Novotny.
20000206
ui: rbldns supports $.
ui: tinydns-data supports C. CNAME is overridden by NS; CNAME
overrides other records; no multiple CNAMEs.
ui: axfr-get supports C.
ui: axfr-get no longer rejects wildcards, except for NS.
internal: eliminated flagempty from tinydns-data.
internal: cleaned up delegation/NXDOMAIN loops in tinydns-data.
internal: reorganized packet_start interface in tinydns-data.
ui: tinydns-data supports BIND-style wildcards, except for NS.
version: DNScache 0.81, beta.
20000207
ui: renamed dnsquery as dnsq, to eliminate name conflict with
Beecher dnsquery program. tnx Anand Buddhdev.
20000208
ui: tinydns-edit supports add alias.
ui: tinydns-conf sets up root/add-alias.
20000209
ui: dnscache-conf now sets IPSEND=0.0.0.0 in all cases.
ui: dnsq and dnstrace allow server names.
ui: dnsq and dnstrace allow type names.
20000210
internal: response_tc() reduces len, simplifying udprespond().
ui: response_tc() now truncates immediately after query. this
should work around the Squid parsing bug reported by
Stuart Henderson.
20000211
ui: tinydns-get allows type names.
ui: tinydns-data prints query name for >512 error. tnx Uwe Ohse.
version: DNScache 0.82, beta.
20000212
ui: dns_transmit starts with loop 1 for recursive queries.
ui: dnscache tries to allocate 128K of incoming UDP buffer
space. tnx Jeremy Hansen.
20000213
ui: tinydns tries to allocate 64K of incoming UDP buffer space.
internal: renamed response_*answer as response_r*.
internal: expanded response_rfinish to allow au and ar.
internal: expanded response_rstart to allow any ttl.
internal: rewrote tinydns-data, tinydns, tinydns-get, axfrdns
for compact new data.cdb format. a few ui effects: empty
nodes produce NXDOMAIN; wildcards affect empty nodes.
ui: response_addname() tries more extensive compression.
20000215
ui: tinydns-edit takes fn arguments. tnx Jason R. Mastaler.
20000218
internal: upgraded to new cdb library.
internal: added globalip().
ui: dnscache assigns IP addresses to dotted-decimal domain
names in canonical form.
internal: merged handling of C and ^ in tinydns-data.
port: FreeBSD 3.4-RELEASE poll() doesn't think that regular
files are readable. impact: under FreeBSD 3.4-RELEASE,
dnsfilter hangs waiting to read from regular files. tnx
Kenji Rikitake. fix: check for this bug in trypoll.c.
20000219
ui: tinydns-data supports time-to-die.
ui: changed home directory from /usr/local/dnscache to
/usr/local; moved @ from home/etc to home/etc/dnscache.
internal: reorganized response.c.
20000220
ui: tinydns-data allows omitted numeric fields in Z lines. tnx
Timothy L. Mayo.
version: DNScache 0.85, beta.
20000222
ui: dns_transmit_get() pauses after server failure, if udploop
is 2.
internal: sped up name handling in response.c.
20000223
ui: dnscache ignores some garbage in queries: AA, !RD, RA, Z,
RCODE, AN, AU, AR. (note that responses still say RD.)
this allows bogus queries from Ultrix versions of BIND.
internal: split dd.c out of query.c.
internal: split server.c out of tinydns.
internal: rewrote walldns, pickdns, rbldns to use server.c.
ui: server.c allows some garbage in queries: RA, Z, RCODE, AN,
AU, AR.
ui: axfrdns logs packets.
ui: walldns supports dotted-decimal IP addresses.
20000224
ui: revamped qlog, again.
ui: better error message in dnscache-conf.c. tnx Chris Johnson.
20000225
version: DNScache 0.90, gamma.
20000226
internal: dnscache-conf sets up dnscache/run to avoid env. tnx
Chris Cappuccio.
20000227
ui: tinydns-data uses server name instead of a.ns.domain for
automatic primary in SOA. tnx Frank Tegtmeyer.
20000228
bug: axfrdns doesn't set aa bit in responses. impact: named-xfer
refuses to do zone transfers from axfrdns. fix: set aa
bit. tnx Peter Hunter.
ui: server.c now accepts packets from low ports. sigh.
20000229
version: DNScache 0.91, gamma.
20000307
internal: switched from slurp to openreadclose.
20000308
ui: dns_transmit_get() pauses after recv() failure (such as
connection-refused), if udploop is 2.
ui: tinydns-data uses refresh 16384, retry 2048, expire 1048576.
tnx Frank Tegtmeyer.
version: DNScache 0.92, gamma.
20000314
portability problem: the poll() emulation in RedHat 5.1 doesn't
clear revents when select() returns 0. tnx Petr Novotny.
impact: dns_transmit_get() never times out;
dns_resolve() busy-loops. fix: clear revents before
poll().
20000315
ui: axfr-get grabs zones when serials drop. tnx Frank Tegtmeyer.
version: DNScache 0.93, gamma.
20000323
ui: dns_rcip() accepts 0.0.0.0 in /etc/resolv.conf as 127.0.0.1.
tnx Chris Saia.
20000325
version: DNScache 1.00.
20000914
ui: axfr-get decodes PTR. tnx to various people.
ui: added dnsqr.
20000915
portability problem: on some buggy kernels, accept() fails to
copy O_NONBLOCK. tnx Pavel Kankovsky. impact: with these
kernels, dnscache hangs if a TCP connection times out.
fix: ndelay_on() after accept().
ui: dnscache discards non-recursive queries.
ui: *-conf use envdir in */run.
internal: reorganized seed_addtime() calls in dnscache-conf.
ui: tinydns-data prohibits PTR in generic records.
20000917
ui: dns_transmit_get() does not pause after most recv() errors.
still pauses after connection-refused when udploop is 2.
version: djbdns 1.01.
20000922
portability problem: Linux distributions use bash as /bin/sh;
bash destroys $UID. dorks. impact: dnscache and axfrdns
run as root. fix: envdir, then sh, then envuidgid. but
/bin/sh really has to stop polluting the environment.
20000923
ui: install /etc/dnsroots.global. dnscache-conf tries
dnsroots.local, then dnsroots.global.
ui: no longer install home/etc/dnscache.
version: djbdns 1.02.
20001224
ui: new dnstrace output format.
ui: dnstrace shows all servers providing each ns/a line.
ui: added dnstracesort.
20001225
internal: response_rstart() and response_cname() use uint32 ttl.
internal: added response_hidettl().
internal: cache_get() returns ttl.
internal: dnscache keeps track of ttls for aliases.
ui: dnscache returns ttl unless $HIDETTL is set.
ui: dnscache returns ttl 655360 for localhost et al.
20001226
ui: dnscache supports $FORWARDONLY. tnx to several people for
the suggestion. tnx Dan Peterson for sample code.
ui: dnscache now logs sequential query numbers, not indices.
internal: revamped dnscache to separate udp from tcp.
ui: dnscache reports uactive, tactive separately.
ui: dnscache reports tcpopen/tcpclose by port and ip.
ui: dnscache artificially times out oldest UDP query if UDP
table is full, and oldest TCP connection if TCP table is
full.
ui: dnscache reports broken pipe when a TCP client sends FIN.
20001228
ui: dnstrace supports dd.
ui: dnscache logs stats when it handles 1.0.0.127.in-addr.arpa.
ui: pickdns actively refuses queries for unknown types.
ui: pickdns responds to MX queries. tnx Mike Batchelor.
internal: added const at various places.
internal: removed some unused variables.
internal: used time_t in tai_now.c.
internal: used stdlib.h in alloc.c.
api: split dns_domain_suffix() into suffix(), suffixpos().
internal: switched to buffer_unix*.
internal: included unistd.h for various declarations.
20010103
ui: increased maximum data size from 512 bytes to 32767 bytes in
tinydns, tinydns-get, axfrdns. allows big TXT records.
ui: dnsmx reformats name when it prints an artificial 0 MX.
20010105
ui: increased MAXLEVEL to 5. the Internet is becoming more
glueless every day.
20010106
version: djbdns 1.03.
20010113
ui: increased MAXALIAS to 16.
ui: dnscache no longer caches SERVFAIL. per-ip is obviously the
way to go.
ui: tinydns et al. now respond FORMERR to non-Internet-class
queries.
ui: tdlookup now returns A records in a random order in the
answer section, and truncates the list after 8 records.
ui: tinydns-data skips lines starting -.
20010114
internal: documented the tinydns data.cdb format.
ui: tinydns-data, tinydns, tinydns-get, axfrdns support client
differentiation.
ui: dnsqr aborts if it is given an extra argument.
20010117
ui: dnstracesort removes duplicate lines.
ui: dnstracesort prints glue.
ui: dnstrace uses a ``start'' IP address for the root glue.
20010121
version: djbdns 1.04.
20010206
internal: response_query() takes a class argument.
internal: query_start() takes a class argument.
internal: packetquery() takes a class argument.
ui: tinydns et al., axfrdns, and dnscache repeat qclass * in
response to bogus * queries. tnx Mike Batchelor.
ui: axfrdns rejects queries for weird classes.
ui: axfrdns uses query ID instead of ID 0 in the series of AXFR
response messages between the SOAs, to support the AXFR
client in BIND 9.
ui: axfrdns sets AA in the series of AXFR response messages.
20010211
ui: servers print starting message.
internal: some respond() declarations.
version: djbdns 1.05.

254
NONE-CKUBU/src/djbdns/djbdns-1.05/FILES Normal file
View File

@ -0,0 +1,254 @@
README
TODO
CHANGES
VERSION
FILES
SYSDEPS
TARGETS
Makefile
dnsroots.global
TINYDNS
conf-cc
conf-ld
conf-home
rts.sh
rts.tests
rts.exp
dnscache-conf.c
hasdevtcp.h1
hasdevtcp.h2
dnscache.c
server.c
walldns-conf.c
walldns.c
rbldns-conf.c
rbldns.c
rbldns-data.c
pickdns-conf.c
pickdns.c
pickdns-data.c
dnsipq.c
tinydns-conf.c
tinydns.c
tdlookup.c
tinydns-get.c
tinydns-data.c
tinydns-edit.c
axfrdns-conf.c
axfrdns.c
axfr-get.c
dnsip.c
dnsname.c
dnstxt.c
dnsmx.c
dnsfilter.c
random-ip.c
dnsqr.c
dnsq.c
dnstrace.c
dnstracesort.sh
utime.c
cachetest.c
generic-conf.h
generic-conf.c
dd.h
dd.c
droproot.h
droproot.c
response.h
response.c
query.h
query.c
cache.h
cache.c
log.h
log.c
okclient.h
okclient.c
roots.h
roots.c
qlog.h
qlog.c
printrecord.h
printrecord.c
printpacket.h
printpacket.c
parsetype.h
parsetype.c
dns.h
dns_dfd.c
dns_domain.c
dns_dtda.c
dns_ip.c
dns_ipq.c
dns_mx.c
dns_name.c
dns_nd.c
dns_packet.c
dns_random.c
dns_rcip.c
dns_rcrw.c
dns_resolve.c
dns_sortip.c
dns_transmit.c
dns_txt.c
choose.sh
warn-auto.sh
find-systype.sh
trycpp.c
x86cpuid.c
alloc.c
alloc.h
alloc_re.c
auto-str.c
auto_home.h
buffer.c
buffer.h
buffer_1.c
buffer_2.c
buffer_copy.c
buffer_get.c
buffer_put.c
byte.h
byte_chr.c
byte_copy.c
byte_cr.c
byte_diff.c
byte_zero.c
case.h
case_diffb.c
case_diffs.c
case_lowerb.c
cdb.c
cdb.h
cdb_hash.c
cdb_make.c
cdb_make.h
chkshsgr.c
direntry.h1
direntry.h2
env.c
env.h
error.c
error.h
error_str.c
exit.h
fmt.h
fmt_ulong.c
fmt_xlong.c
gen_alloc.h
gen_allocdefs.h
getln.c
getln.h
getln2.c
hasshsgr.h1
hasshsgr.h2
hier.c
install.c
instcheck.c
iopause.c
iopause.h1
iopause.h2
ip4.h
ip4_fmt.c
ip4_scan.c
ip6.h
ip6_fmt.c
ip6_scan.c
ndelay.h
ndelay_off.c
ndelay_on.c
open.h
open_read.c
open_trunc.c
openreadclose.c
openreadclose.h
prot.c
prot.h
readclose.c
readclose.h
scan.h
scan_0x.c
scan_ulong.c
seek.h
seek_set.c
select.h1
select.h2
sgetopt.c
sgetopt.h
socket.h
socket_accept.c
socket_bind.c
socket_conn.c
socket_listen.c
socket_recv.c
socket_send.c
socket_tcp.c
socket_udp.c
str.h
str_chr.c
str_diff.c
str_len.c
str_rchr.c
str_start.c
stralloc.h
stralloc_cat.c
stralloc_catb.c
stralloc_cats.c
stralloc_copy.c
stralloc_eady.c
stralloc_num.c
stralloc_opyb.c
stralloc_opys.c
stralloc_pend.c
strerr.h
strerr_die.c
strerr_sys.c
subgetopt.c
subgetopt.h
tai.h
tai_add.c
tai_now.c
tai_pack.c
tai_sub.c
tai_uint.c
tai_unpack.c
taia.h
taia_add.c
taia_approx.c
taia_frac.c
taia_less.c
taia_now.c
taia_pack.c
taia_sub.c
taia_tai.c
taia_uint.c
timeoutread.c
timeoutread.h
timeoutwrite.c
timeoutwrite.h
trydrent.c
trylsock.c
trypoll.c
tryshsgr.c
trysysel.c
tryulong32.c
tryulong64.c
uint16.h
uint16_pack.c
uint16_unpack.c
uint32.h1
uint32.h2
uint32_pack.c
uint32_unpack.c
uint64.h1
uint64.h2
warn-shsgr
buffer_read.c
buffer_write.c
dns_nd6.c
socket_udp6.c
socket_getifidx.c
tryn2i.c
haven2i.h1
haven2i.h2

1226
NONE-CKUBU/src/djbdns/djbdns-1.05/Makefile Normal file
View File

File diff suppressed because it is too large Load Diff

7
NONE-CKUBU/src/djbdns/djbdns-1.05/README Normal file
View File

@ -0,0 +1,7 @@
djbdns 1.05
20010211
Copyright 2001
D. J. Bernstein
djbdns home page: http://cr.yp.to/djbdns.html
Installation instructions: http://cr.yp.to/djbdns/install.html

10
NONE-CKUBU/src/djbdns/djbdns-1.05/SYSDEPS Normal file
View File

@ -0,0 +1,10 @@
VERSION
systype
uint32.h
uint64.h
select.h
iopause.h
direntry.h
hasshsgr.h
hasdevtcp.h
socket.lib

241
NONE-CKUBU/src/djbdns/djbdns-1.05/TARGETS Normal file
View File

@ -0,0 +1,241 @@
load
compile
systype
hasdevtcp.h
uint32.h
choose
uint64.h
dnscache-conf.o
generic-conf.o
auto-str.o
makelib
buffer.o
buffer_1.o
buffer_2.o
buffer_copy.o
buffer_get.o
buffer_put.o
strerr_die.o
strerr_sys.o
buffer.a
buffer_read.o
buffer_write.o
error.o
error_str.o
ndelay_off.o
ndelay_on.o
open_read.o
open_trunc.o
openreadclose.o
readclose.o
seek_set.o
socket_accept.o
socket_bind.o
socket_conn.o
socket_listen.o
socket_recv.o
socket_send.o
socket_tcp.o
socket_udp.o
unix.a
byte_chr.o
byte_copy.o
byte_cr.o
byte_diff.o
byte_zero.o
case_diffb.o
case_diffs.o
case_lowerb.o
fmt_ulong.o
ip4_fmt.o
ip4_scan.o
scan_ulong.o
str_chr.o
str_diff.o
str_len.o
str_rchr.o
str_start.o
uint16_pack.o
uint16_unpack.o
uint32_pack.o
uint32_unpack.o
byte.a
auto-str
auto_home.c
auto_home.o
tai_add.o
tai_now.o
tai_pack.o
tai_sub.o
tai_uint.o
tai_unpack.o
taia_add.o
taia_approx.o
taia_frac.o
taia_less.o
taia_now.o
taia_pack.o
taia_sub.o
taia_tai.o
taia_uint.o
libtai.a
dnscache-conf
iopause.h
dnscache.o
droproot.o
okclient.o
log.o
cache.o
query.o
response.o
dd.o
direntry.h
roots.o
select.h
iopause.o
chkshsgr.o
chkshsgr
hasshsgr.h
prot.o
dns_dfd.o
dns_domain.o
dns_dtda.o
dns_ip.o
dns_ipq.o
dns_ipq6.o
dns_mx.o
dns_name.o
dns_nd.o
dns_packet.o
dns_random.o
dns_rcip.o
dns_rcrw.o
dns_resolve.o
dns_sortip.o
dns_transmit.o
dns_txt.o
dns.a
env.o
env.a
alloc.o
alloc_re.o
getln.o
getln2.o
stralloc_cat.o
stralloc_catb.o
stralloc_cats.o
stralloc_copy.o
stralloc_eady.o
stralloc_num.o
stralloc_opyb.o
stralloc_opys.o
stralloc_pend.o
alloc.a
socket.lib
dnscache
walldns-conf.o
walldns-conf
walldns.o
server.o
qlog.o
cdb.o
cdb_hash.o
cdb_make.o
cdb.a
walldns
rbldns-conf.o
rbldns-conf
rbldns.o
rbldns
rbldns-data.o
rbldns-data
pickdns-conf.o
pickdns-conf
pickdns.o
pickdns
pickdns-data.o
pickdns-data
tinydns-conf.o
tinydns-conf
tinydns.o
tdlookup.o
tinydns
tinydns-data.o
tinydns-data
tinydns-get.o
printpacket.o
printrecord.o
parsetype.o
tinydns-get
tinydns-edit.o
tinydns-edit
axfr-get.o
timeoutread.o
timeoutwrite.o
axfr-get
axfrdns-conf.o
axfrdns-conf
axfrdns.o
axfrdns
dnsip.o
dnsip
dnsipq.o
dnsipq
dnsip6q.o
dnsip6q
dnsname.o
dnsname
dnstxt.o
dnstxt
dnsmx.o
dnsmx
dnsfilter.o
sgetopt.o
subgetopt.o
getopt.a
dnsfilter
random-ip.o
random-ip
dnsqr.o
dnsqr
dnsq.o
dnsq
dnstrace.o
dnstrace
dnstracesort
cachetest.o
cachetest
utime.o
utime
rts
prog
install.o
hier.o
install
instcheck.o
instcheck
it
setup
check
scan_0x.o
fmt_xlong.o
ip6_scan.o
ip6_fmt.o
dnsip6.o
dns_ip6.o
dns_sortip6.o
dnsip6
dns_nd6.o
socket_udp6.o
socket_getifidx.o
socket_bind6.o
socket_noipv6.o
socket_recv6.o
socket_send6.o
haveip6.h
haven2i.h
sockaddr_in6.h
scan_xlong.o
socket_accept6.o
socket_connect6.o
socket_tcp6.o

25
NONE-CKUBU/src/djbdns/djbdns-1.05/TINYDNS Normal file
View File

@ -0,0 +1,25 @@
The tinydns data.cdb format is subject to change. If you want to write
code that relies on something here, let me know.
Keys starting with the two bytes \000\045 are locations. The rest of the
key is an IP prefix, normally between 0 and 4 bytes long. The data is a
2-byte location.
Other keys are owner names for DNS records. The data begins with a
header in the following format:
* a 2-byte type;
* either \075, or \076 with a 2-byte location;
* a 4-byte TTL;
* an 8-byte timestamp.
(Exception: Wildcard records replace \075 with \052 and \076 with \053;
also, the owner name omits the wildcard.) The data continues in a
type-specific format:
* SOA: first domain name, second domain name, 20-byte miscellany.
* NS or PTR or CNAME: domain name.
* MX: 2-byte preference, domain name.
* Other types: no special structure.
Domain names, types, and numbers are in DNS packet format.

12
NONE-CKUBU/src/djbdns/djbdns-1.05/TODO Normal file
View File

@ -0,0 +1,12 @@
end-to-end nym-based security
link-level security
try to get the root authorities to set up a secure, usable NS-list system
have dnscache-conf keep track of copies of dnsroots.global
incorporate automatic NS-list upgrades
consider dead-server table in dnscache or in kernel
IPv6 lookups
maybe reverse IPv6 lookups; what a mess
DNS over IPv6

1
NONE-CKUBU/src/djbdns/djbdns-1.05/VERSION Normal file
View File

@ -0,0 +1 @@
djbdns 1.05

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/alloc.a Normal file
View File

Binary file not shown.

31
NONE-CKUBU/src/djbdns/djbdns-1.05/alloc.c Normal file
View File

@ -0,0 +1,31 @@
#include <stdlib.h>
#include "alloc.h"
#include "error.h"
#define ALIGNMENT 16 /* XXX: assuming that this alignment is enough */
#define SPACE 2048 /* must be multiple of ALIGNMENT */
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
static aligned realspace[SPACE / ALIGNMENT];
#define space ((char *) realspace)
static unsigned int avail = SPACE; /* multiple of ALIGNMENT; 0<=avail<=SPACE */
/*@null@*//*@out@*/char *alloc(n)
unsigned int n;
{
char *x;
n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */
if (n <= avail) { avail -= n; return space + avail; }
x = malloc(n);
if (!x) errno = error_nomem;
return x;
}
void alloc_free(x)
char *x;
{
if (x >= space)
if (x < space + SPACE)
return; /* XXX: assuming that pointers are flat */
free(x);
}

8
NONE-CKUBU/src/djbdns/djbdns-1.05/alloc.h Normal file
View File

@ -0,0 +1,8 @@
#ifndef ALLOC_H
#define ALLOC_H
extern /*@null@*//*@out@*/char *alloc();
extern void alloc_free();
extern int alloc_re();
#endif

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/alloc.o Normal file
View File

Binary file not shown.

17
NONE-CKUBU/src/djbdns/djbdns-1.05/alloc_re.c Normal file
View File

@ -0,0 +1,17 @@
#include "alloc.h"
#include "byte.h"
int alloc_re(x,m,n)
char **x;
unsigned int m;
unsigned int n;
{
char *y;
y = alloc(n);
if (!y) return 0;
byte_copy(y,m,*x);
alloc_free(*x);
*x = y;
return 1;
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/alloc_re.o Normal file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/auto-str Executable file
View File

Binary file not shown.

40
NONE-CKUBU/src/djbdns/djbdns-1.05/auto-str.c Normal file
View File

@ -0,0 +1,40 @@
#include "buffer.h"
#include "exit.h"
char bspace[256];
buffer b = BUFFER_INIT(buffer_unixwrite,1,bspace,sizeof bspace);
void puts(const char *s)
{
if (buffer_puts(&b,s) == -1) _exit(111);
}
int main(int argc,char **argv)
{
char *name;
char *value;
unsigned char ch;
char octal[4];
name = argv[1];
if (!name) _exit(100);
value = argv[2];
if (!value) _exit(100);
puts("const char ");
puts(name);
puts("[] = \"\\\n");
while (ch = *value++) {
puts("\\");
octal[3] = 0;
octal[2] = '0' + (ch & 7); ch >>= 3;
octal[1] = '0' + (ch & 7); ch >>= 3;
octal[0] = '0' + (ch & 7);
puts(octal);
}
puts("\\\n\";\n");
if (buffer_flush(&b) == -1) _exit(111);
_exit(0);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/auto-str.o Normal file
View File

Binary file not shown.

3
NONE-CKUBU/src/djbdns/djbdns-1.05/auto_home.c Normal file
View File

@ -0,0 +1,3 @@
const char auto_home[] = "\
\057\165\163\162\057\154\157\143\141\154\
";

6
NONE-CKUBU/src/djbdns/djbdns-1.05/auto_home.h Normal file
View File

@ -0,0 +1,6 @@
#ifndef AUTO_HOME_H
#define AUTO_HOME_H
extern const char auto_home[];
#endif

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/auto_home.o Normal file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/axfr-get Executable file
View File

Binary file not shown.

382
NONE-CKUBU/src/djbdns/djbdns-1.05/axfr-get.c Normal file
View File

@ -0,0 +1,382 @@
#include <stdio.h>
#include <unistd.h>
#include "uint32.h"
#include "uint16.h"
#include "stralloc.h"
#include "error.h"
#include "strerr.h"
#include "getln.h"
#include "buffer.h"
#include "exit.h"
#include "open.h"
#include "scan.h"
#include "byte.h"
#include "str.h"
#include "ip4.h"
#include "ip6.h"
#include "timeoutread.h"
#include "timeoutwrite.h"
#include "dns.h"
#define FATAL "axfr-get: fatal: "
void die_usage(void)
{
strerr_die1x(100,"axfr-get: usage: axfr-get zone fn fn.tmp");
}
void die_generate(void)
{
strerr_die2sys(111,FATAL,"unable to generate AXFR query: ");
}
void die_parse(void)
{
strerr_die2sys(111,FATAL,"unable to parse AXFR results: ");
}
unsigned int x_copy(char *buf,unsigned int len,unsigned int pos,char *out,unsigned int outlen)
{
pos = dns_packet_copy(buf,len,pos,out,outlen);
if (!pos) die_parse();
return pos;
}
unsigned int x_getname(char *buf,unsigned int len,unsigned int pos,char **out)
{
pos = dns_packet_getname(buf,len,pos,out);
if (!pos) die_parse();
return pos;
}
unsigned int x_skipname(char *buf,unsigned int len,unsigned int pos)
{
pos = dns_packet_skipname(buf,len,pos);
if (!pos) die_parse();
return pos;
}
static char *zone;
unsigned int zonelen;
char *fn;
char *fntmp;
void die_netread(void)
{
strerr_die2sys(111,FATAL,"unable to read from network: ");
}
void die_netwrite(void)
{
strerr_die2sys(111,FATAL,"unable to write to network: ");
}
void die_read(void)
{
strerr_die4sys(111,FATAL,"unable to read ",fn,": ");
}
void die_write(void)
{
strerr_die4sys(111,FATAL,"unable to write ",fntmp,": ");
}
int saferead(int fd,char *buf,unsigned int len)
{
int r;
r = timeoutread(60,fd,buf,len);
if (r == 0) { errno = error_proto; die_parse(); }
if (r <= 0) die_netread();
return r;
}
int safewrite(int fd,char *buf,unsigned int len)
{
int r;
r = timeoutwrite(60,fd,buf,len);
if (r <= 0) die_netwrite();
return r;
}
char netreadspace[1024];
buffer netread = BUFFER_INIT(saferead,6,netreadspace,sizeof netreadspace);
char netwritespace[1024];
buffer netwrite = BUFFER_INIT(safewrite,7,netwritespace,sizeof netwritespace);
void netget(char *buf,unsigned int len)
{
int r;
while (len > 0) {
r = buffer_get(&netread,buf,len);
buf += r; len -= r;
}
}
int fd;
buffer b;
char bspace[1024];
void put(char *buf,unsigned int len)
{
if (buffer_put(&b,buf,len) == -1) die_write();
}
int printable(char ch)
{
if (ch == '.') return 1;
if ((ch >= 'a') && (ch <= 'z')) return 1;
if ((ch >= '0') && (ch <= '9')) return 1;
if ((ch >= 'A') && (ch <= 'Z')) return 1;
if (ch == '-') return 1;
return 0;
}
static char *d1;
static char *d2;
static char *d3;
stralloc line;
int match;
int numsoa;
unsigned int doit(char *buf,unsigned int len,unsigned int pos)
{
char data[20];
uint32 ttl;
uint16 dlen;
uint16 typenum;
uint32 u32;
int i;
pos = x_getname(buf,len,pos,&d1);
pos = x_copy(buf,len,pos,data,10);
uint16_unpack_big(data,&typenum);
uint32_unpack_big(data + 4,&ttl);
uint16_unpack_big(data + 8,&dlen);
if (len - pos < dlen) { errno = error_proto; return 0; }
len = pos + dlen;
if (!dns_domain_suffix(d1,zone)) return len;
if (byte_diff(data + 2,2,DNS_C_IN)) return len;
if (byte_equal(data,2,DNS_T_SOA)) {
if (++numsoa >= 2) return len;
pos = x_getname(buf,len,pos,&d2);
pos = x_getname(buf,len,pos,&d3);
x_copy(buf,len,pos,data,20);
uint32_unpack_big(data,&u32);
if (!stralloc_copys(&line,"#")) return 0;
if (!stralloc_catulong0(&line,u32,0)) return 0;
if (!stralloc_cats(&line," auto axfr-get\n")) return 0;
if (!stralloc_cats(&line,"Z")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
if (!dns_domain_todot_cat(&line,d2)) return 0;
if (!stralloc_cats(&line,".:")) return 0;
if (!dns_domain_todot_cat(&line,d3)) return 0;
if (!stralloc_cats(&line,".")) return 0;
for (i = 0;i < 5;++i) {
uint32_unpack_big(data + 4 * i,&u32);
if (!stralloc_cats(&line,":")) return 0;
if (!stralloc_catulong0(&line,u32,0)) return 0;
}
}
else if (byte_equal(data,2,DNS_T_NS)) {
if (!stralloc_copys(&line,"&")) return 0;
if (byte_equal(d1,2,"\1*")) { errno = error_proto; return 0; }
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,"::")) return 0;
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".")) return 0;
}
else if (byte_equal(data,2,DNS_T_CNAME)) {
if (!stralloc_copys(&line,"C")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".")) return 0;
}
else if (byte_equal(data,2,DNS_T_PTR)) {
if (!stralloc_copys(&line,"^")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".")) return 0;
}
else if (byte_equal(data,2,DNS_T_MX)) {
uint16 dist;
if (!stralloc_copys(&line,"@")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,"::")) return 0;
pos = x_copy(buf,len,pos,data,2);
uint16_unpack_big(data,&dist);
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".:")) return 0;
if (!stralloc_catulong0(&line,dist,0)) return 0;
}
else if (byte_equal(data,2,DNS_T_A) && (dlen == 4)) {
char ipstr[IP4_FMT];
if (!stralloc_copys(&line,"+")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_copy(buf,len,pos,data,4);
if (!stralloc_catb(&line,ipstr,ip4_fmt(ipstr,data))) return 0;
}
else if (byte_equal(data,2,DNS_T_AAAA)) {
char ipstr[IP6_FMT];
if (!stralloc_copys(&line,"3")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_copy(buf,len,pos,data,16);
if (!stralloc_catb(&line,ipstr,ip6_fmt_flat(ipstr,data))) return 0;
}
else {
unsigned char ch;
unsigned char ch2;
if (!stralloc_copys(&line,":")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
if (!stralloc_catulong0(&line,typenum,0)) return 0;
if (!stralloc_cats(&line,":")) return 0;
for (i = 0;i < dlen;++i) {
pos = x_copy(buf,len,pos,data,1);
ch = data[0];
if (printable(ch)) {
if (!stralloc_catb(&line,&ch,1)) return 0;
}
else {
if (!stralloc_cats(&line,"\\")) return 0;
ch2 = '0' + ((ch >> 6) & 7);
if (!stralloc_catb(&line,&ch2,1)) return 0;
ch2 = '0' + ((ch >> 3) & 7);
if (!stralloc_catb(&line,&ch2,1)) return 0;
ch2 = '0' + (ch & 7);
if (!stralloc_catb(&line,&ch2,1)) return 0;
}
}
}
if (!stralloc_cats(&line,":")) return 0;
if (!stralloc_catulong0(&line,ttl,0)) return 0;
if (!stralloc_cats(&line,"\n")) return 0;
put(line.s,line.len);
return len;
}
stralloc packet;
int main(int argc,char **argv)
{
char out[20];
unsigned long u;
uint16 dlen;
unsigned int pos;
uint32 oldserial = 0;
uint32 newserial = 0;
uint16 numqueries;
uint16 numanswers;
if (!*argv) die_usage();
if (!*++argv) die_usage();
if (!dns_domain_fromdot(&zone,*argv,str_len(*argv))) die_generate();
zonelen = dns_domain_length(zone);
if (!*++argv) die_usage();
fn = *argv;
if (!*++argv) die_usage();
fntmp = *argv;
fd = open_read(fn);
if (fd == -1) {
if (errno != error_noent) die_read();
}
else {
buffer_init(&b,buffer_unixread,fd,bspace,sizeof bspace);
if (getln(&b,&line,&match,'\n') == -1) die_read();
if (!stralloc_0(&line)) die_read();
if (line.s[0] == '#') {
scan_ulong(line.s + 1,&u);
oldserial = u;
}
close(fd);
}
if (!stralloc_copyb(&packet,"\0\0\0\0\0\1\0\0\0\0\0\0",12)) die_generate();
if (!stralloc_catb(&packet,zone,zonelen)) die_generate();
if (!stralloc_catb(&packet,DNS_T_SOA DNS_C_IN,4)) die_generate();
uint16_pack_big(out,packet.len);
buffer_put(&netwrite,out,2);
buffer_put(&netwrite,packet.s,packet.len);
buffer_flush(&netwrite);
netget(out,2);
uint16_unpack_big(out,&dlen);
if (!stralloc_ready(&packet,dlen)) die_parse();
netget(packet.s,dlen);
packet.len = dlen;
pos = x_copy(packet.s,packet.len,0,out,12);
uint16_unpack_big(out + 4,&numqueries);
uint16_unpack_big(out + 6,&numanswers);
while (numqueries) {
--numqueries;
pos = x_skipname(packet.s,packet.len,pos);
pos += 4;
}
if (!numanswers) { errno = error_proto; die_parse(); }
pos = x_getname(packet.s,packet.len,pos,&d1);
if (!dns_domain_equal(zone,d1)) { errno = error_proto; die_parse(); }
pos = x_copy(packet.s,packet.len,pos,out,10);
if (byte_diff(out,4,DNS_T_SOA DNS_C_IN)) { errno = error_proto; die_parse(); }
pos = x_skipname(packet.s,packet.len,pos);
pos = x_skipname(packet.s,packet.len,pos);
pos = x_copy(packet.s,packet.len,pos,out,4);
uint32_unpack_big(out,&newserial);
if (oldserial && newserial) /* allow 0 for very recently modified zones */
if (oldserial == newserial) /* allow serial numbers to move backwards */
_exit(0);
fd = open_trunc(fntmp);
if (fd == -1) die_write();
buffer_init(&b,buffer_unixwrite,fd,bspace,sizeof bspace);
if (!stralloc_copyb(&packet,"\0\0\0\0\0\1\0\0\0\0\0\0",12)) die_generate();
if (!stralloc_catb(&packet,zone,zonelen)) die_generate();
if (!stralloc_catb(&packet,DNS_T_AXFR DNS_C_IN,4)) die_generate();
uint16_pack_big(out,packet.len);
buffer_put(&netwrite,out,2);
buffer_put(&netwrite,packet.s,packet.len);
buffer_flush(&netwrite);
numsoa = 0;
while (numsoa < 2) {
netget(out,2);
uint16_unpack_big(out,&dlen);
if (!stralloc_ready(&packet,dlen)) die_parse();
netget(packet.s,dlen);
packet.len = dlen;
pos = x_copy(packet.s,packet.len,0,out,12);
uint16_unpack_big(out + 4,&numqueries);
while (numqueries) {
--numqueries;
pos = x_skipname(packet.s,packet.len,pos);
pos += 4;
}
while (pos < packet.len) {
pos = doit(packet.s,packet.len,pos);
if (!pos) die_parse();
}
}
if (buffer_flush(&b) == -1) die_write();
if (fsync(fd) == -1) die_write();
if (close(fd) == -1) die_write(); /* NFS dorks */
if (rename(fntmp,fn) == -1)
strerr_die6sys(111,FATAL,"unable to move ",fntmp," to ",fn,": ");
_exit(0);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/axfr-get.o Normal file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/axfrdns Executable file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/axfrdns-conf Executable file
View File

Binary file not shown.

71
NONE-CKUBU/src/djbdns/djbdns-1.05/axfrdns-conf.c Normal file
View File

@ -0,0 +1,71 @@
#include <unistd.h>
#include <pwd.h>
#include "strerr.h"
#include "exit.h"
#include "auto_home.h"
#include "generic-conf.h"
#define FATAL "axfrdns-conf: fatal: "
void usage(void)
{
strerr_die1x(100,"axfrdns-conf: usage: axfrdns-conf acct logacct /axfrdns /tinydns myip");
}
char *dir;
char *user;
char *loguser;
struct passwd *pw;
char *myip;
char *tinydns;
int main(int argc,char **argv)
{
user = argv[1];
if (!user) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
if (dir[0] != '/') usage();
tinydns = argv[4];
if (!tinydns) usage();
if (tinydns[0] != '/') usage();
myip = argv[5];
if (!myip) usage();
pw = getpwnam(loguser);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",loguser);
init(dir,FATAL);
makelog(loguser,pw->pw_uid,pw->pw_gid);
makedir("env");
perm(02755);
start("env/ROOT"); outs(tinydns); outs("/root\n"); finish();
perm(0644);
start("env/IP"); outs(myip); outs("\n"); finish();
perm(0644);
start("run");
outs("#!/bin/sh\nexec 2>&1\nexec envdir ./env sh -c '\n exec envuidgid "); outs(user);
outs(" softlimit -d300000 tcpserver -vDRHl0 -x tcp.cdb -- \"$IP\" 53 ");
outs(auto_home); outs("/bin/axfrdns\n'\n");
finish();
perm(0755);
start("Makefile");
outs("tcp.cdb: tcp\n");
outs("\ttcprules tcp.cdb tcp.tmp < tcp\n");
finish();
perm(0644);
start("tcp");
outs("# sample line: 1.2.3.4:allow,AXFR=\"heaven.af.mil/3.2.1.in-addr.arpa\"\n");
outs(":deny\n");
finish();
perm(0644);
_exit(0);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/axfrdns-conf.o Normal file
View File

Binary file not shown.

378
NONE-CKUBU/src/djbdns/djbdns-1.05/axfrdns.c Normal file
View File

@ -0,0 +1,378 @@
#include <unistd.h>
#include "droproot.h"
#include "exit.h"
#include "env.h"
#include "uint32.h"
#include "uint16.h"
#include "ip4.h"
#include "tai.h"
#include "buffer.h"
#include "timeoutread.h"
#include "timeoutwrite.h"
#include "open.h"
#include "seek.h"
#include "cdb.h"
#include "stralloc.h"
#include "strerr.h"
#include "str.h"
#include "byte.h"
#include "case.h"
#include "dns.h"
#include "scan.h"
#include "qlog.h"
#include "response.h"
extern int respond(char *,char *,char *);
#define FATAL "axfrdns: fatal: "
void nomem()
{
strerr_die2x(111,FATAL,"out of memory");
}
void die_truncated()
{
strerr_die2x(111,FATAL,"truncated request");
}
void die_netwrite()
{
strerr_die2sys(111,FATAL,"unable to write to network: ");
}
void die_netread()
{
strerr_die2sys(111,FATAL,"unable to read from network: ");
}
void die_outside()
{
strerr_die2x(111,FATAL,"unable to locate information in data.cdb");
}
void die_cdbread()
{
strerr_die2sys(111,FATAL,"unable to read data.cdb: ");
}
void die_cdbformat()
{
strerr_die3x(111,FATAL,"unable to read data.cdb: ","format error");
}
int safewrite(int fd,char *buf,unsigned int len)
{
int w;
w = timeoutwrite(60,fd,buf,len);
if (w <= 0) die_netwrite();
return w;
}
char netwritespace[1024];
buffer netwrite = BUFFER_INIT(safewrite,1,netwritespace,sizeof netwritespace);
void print(char *buf,unsigned int len)
{
char tcpheader[2];
uint16_pack_big(tcpheader,len);
buffer_put(&netwrite,tcpheader,2);
buffer_put(&netwrite,buf,len);
buffer_flush(&netwrite);
}
char *axfr;
static char *axfrok;
void axfrcheck(char *q)
{
int i;
int j;
if (!axfr) return;
i = j = 0;
for (;;) {
if (!axfr[i] || (axfr[i] == '/')) {
if (i > j) {
if (!dns_domain_fromdot(&axfrok,axfr + j,i - j)) nomem();
if (dns_domain_equal(q,axfrok)) return;
}
j = i + 1;
}
if (!axfr[i]) break;
++i;
}
strerr_die2x(111,FATAL,"disallowed zone transfer request");
}
static char *zone;
unsigned int zonelen;
char typeclass[4];
int fdcdb;
buffer bcdb;
char bcdbspace[1024];
void get(char *buf,unsigned int len)
{
int r;
while (len > 0) {
r = buffer_get(&bcdb,buf,len);
if (r < 0) die_cdbread();
if (!r) die_cdbformat();
buf += r;
len -= r;
}
}
char ip[4];
unsigned long port;
char clientloc[2];
struct tai now;
char data[32767];
uint32 dlen;
uint32 dpos;
void copy(char *buf,unsigned int len)
{
dpos = dns_packet_copy(data,dlen,dpos,buf,len);
if (!dpos) die_cdbread();
}
void doname(stralloc *sa)
{
static char *d;
dpos = dns_packet_getname(data,dlen,dpos,&d);
if (!dpos) die_cdbread();
if (!stralloc_catb(sa,d,dns_domain_length(d))) nomem();
}
int build(stralloc *sa,char *q,int flagsoa,char id[2])
{
unsigned int rdatapos;
char misc[20];
char type[2];
char recordloc[2];
char ttl[4];
char ttd[8];
struct tai cutoff;
dpos = 0;
copy(type,2);
if (flagsoa) if (byte_diff(type,2,DNS_T_SOA)) return 0;
if (!flagsoa) if (byte_equal(type,2,DNS_T_SOA)) return 0;
if (!stralloc_copyb(sa,id,2)) nomem();
if (!stralloc_catb(sa,"\204\000\0\0\0\1\0\0\0\0",10)) nomem();
copy(misc,1);
if ((misc[0] == '=' + 1) || (misc[0] == '*' + 1)) {
--misc[0];
copy(recordloc,2);
if (byte_diff(recordloc,2,clientloc)) return 0;
}
if (misc[0] == '*') {
if (flagsoa) return 0;
if (!stralloc_catb(sa,"\1*",2)) nomem();
}
if (!stralloc_catb(sa,q,dns_domain_length(q))) nomem();
if (!stralloc_catb(sa,type,2)) nomem();
copy(ttl,4);
copy(ttd,8);
if (byte_diff(ttd,8,"\0\0\0\0\0\0\0\0")) {
tai_unpack(ttd,&cutoff);
if (byte_equal(ttl,4,"\0\0\0\0")) {
if (tai_less(&cutoff,&now)) return 0;
uint32_pack_big(ttl,2);
}
else
if (!tai_less(&cutoff,&now)) return 0;
}
if (!stralloc_catb(sa,DNS_C_IN,2)) nomem();
if (!stralloc_catb(sa,ttl,4)) nomem();
if (!stralloc_catb(sa,"\0\0",2)) nomem();
rdatapos = sa->len;
if (byte_equal(type,2,DNS_T_SOA)) {
doname(sa);
doname(sa);
copy(misc,20);
if (!stralloc_catb(sa,misc,20)) nomem();
}
else if (byte_equal(type,2,DNS_T_NS) || byte_equal(type,2,DNS_T_PTR) || byte_equal(type,2,DNS_T_CNAME)) {
doname(sa);
}
else if (byte_equal(type,2,DNS_T_MX)) {
copy(misc,2);
if (!stralloc_catb(sa,misc,2)) nomem();
doname(sa);
}
else
if (!stralloc_catb(sa,data + dpos,dlen - dpos)) nomem();
if (sa->len > 65535) die_cdbformat();
uint16_pack_big(sa->s + rdatapos - 2,sa->len - rdatapos);
return 1;
}
static struct cdb c;
static char *q;
static stralloc soa;
static stralloc message;
void doaxfr(char id[2])
{
char key[512];
uint32 klen;
char num[4];
uint32 eod;
uint32 pos;
int r;
axfrcheck(zone);
tai_now(&now);
cdb_init(&c,fdcdb);
byte_zero(clientloc,2);
key[0] = 0;
key[1] = '%';
byte_copy(key + 2,4,ip);
r = cdb_find(&c,key,6);
if (!r) r = cdb_find(&c,key,5);
if (!r) r = cdb_find(&c,key,4);
if (!r) r = cdb_find(&c,key,3);
if (!r) r = cdb_find(&c,key,2);
if (r == -1) die_cdbread();
if (r && (cdb_datalen(&c) == 2))
if (cdb_read(&c,clientloc,2,cdb_datapos(&c)) == -1) die_cdbread();
cdb_findstart(&c);
for (;;) {
r = cdb_findnext(&c,zone,zonelen);
if (r == -1) die_cdbread();
if (!r) die_outside();
dlen = cdb_datalen(&c);
if (dlen > sizeof data) die_cdbformat();
if (cdb_read(&c,data,dlen,cdb_datapos(&c)) == -1) die_cdbformat();
if (build(&soa,zone,1,id)) break;
}
cdb_free(&c);
print(soa.s,soa.len);
seek_begin(fdcdb);
buffer_init(&bcdb,buffer_unixread,fdcdb,bcdbspace,sizeof bcdbspace);
pos = 0;
get(num,4); pos += 4;
uint32_unpack(num,&eod);
while (pos < 2048) { get(num,4); pos += 4; }
while (pos < eod) {
if (eod - pos < 8) die_cdbformat();
get(num,4); pos += 4;
uint32_unpack(num,&klen);
get(num,4); pos += 4;
uint32_unpack(num,&dlen);
if (eod - pos < klen) die_cdbformat();
pos += klen;
if (eod - pos < dlen) die_cdbformat();
pos += dlen;
if (klen > sizeof key) die_cdbformat();
get(key,klen);
if (dlen > sizeof data) die_cdbformat();
get(data,dlen);
if ((klen > 1) && (key[0] == 0)) continue; /* location */
if (klen < 1) die_cdbformat();
if (dns_packet_getname(key,klen,0,&q) != klen) die_cdbformat();
if (!dns_domain_suffix(q,zone)) continue;
if (!build(&message,q,0,id)) continue;
print(message.s,message.len);
}
print(soa.s,soa.len);
}
void netread(char *buf,unsigned int len)
{
int r;
while (len > 0) {
r = timeoutread(60,0,buf,len);
if (r == 0) _exit(0);
if (r < 0) die_netread();
buf += r; len -= r;
}
}
char tcpheader[2];
char buf[512];
uint16 len;
static char seed[128];
int main()
{
unsigned int pos;
char header[12];
char qtype[2];
char qclass[2];
const char *x;
droproot(FATAL);
dns_random_init(seed);
axfr = env_get("AXFR");
x = env_get("TCPREMOTEIP");
if (x && ip4_scan(x,ip))
;
else
byte_zero(ip,4);
x = env_get("TCPREMOTEPORT");
if (!x) x = "0";
scan_ulong(x,&port);
for (;;) {
netread(tcpheader,2);
uint16_unpack_big(tcpheader,&len);
if (len > 512) strerr_die2x(111,FATAL,"excessively large request");
netread(buf,len);
pos = dns_packet_copy(buf,len,0,header,12); if (!pos) die_truncated();
if (header[2] & 254) strerr_die2x(111,FATAL,"bogus query");
if (header[4] || (header[5] != 1)) strerr_die2x(111,FATAL,"bogus query");
pos = dns_packet_getname(buf,len,pos,&zone); if (!pos) die_truncated();
zonelen = dns_domain_length(zone);
pos = dns_packet_copy(buf,len,pos,qtype,2); if (!pos) die_truncated();
pos = dns_packet_copy(buf,len,pos,qclass,2); if (!pos) die_truncated();
if (byte_diff(qclass,2,DNS_C_IN) && byte_diff(qclass,2,DNS_C_ANY))
strerr_die2x(111,FATAL,"bogus query: bad class");
qlog(ip,port,header,zone,qtype," ");
if (byte_equal(qtype,2,DNS_T_AXFR)) {
case_lowerb(zone,zonelen);
fdcdb = open_read("data.cdb");
if (fdcdb == -1) die_cdbread();
doaxfr(header);
close(fdcdb);
}
else {
if (!response_query(zone,qtype,qclass)) nomem();
response[2] |= 4;
case_lowerb(zone,zonelen);
response_id(header);
response[3] &= ~128;
if (!(header[2] & 1)) response[2] &= ~1;
if (!respond(zone,qtype,ip)) die_outside();
print(response,response_len);
}
}
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/axfrdns.o Normal file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer.a Normal file
View File

Binary file not shown.

10
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer.c Normal file
View File

@ -0,0 +1,10 @@
#include "buffer.h"
void buffer_init(buffer *s,int (*op)(),int fd,char *buf,unsigned int len)
{
s->x = buf;
s->fd = fd;
s->op = op;
s->p = 0;
s->n = len;
}

59
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer.h Normal file
View File

@ -0,0 +1,59 @@
#ifndef BUFFER_H
#define BUFFER_H
typedef struct buffer {
char *x;
unsigned int p;
unsigned int n;
int fd;
int (*op)();
} buffer;
#define BUFFER_INIT(op,fd,buf,len) { (buf), 0, (len), (fd), (op) }
#define BUFFER_INSIZE 8192
#define BUFFER_OUTSIZE 8192
extern void buffer_init(buffer *,int (*)(),int,char *,unsigned int);
extern int buffer_flush(buffer *);
extern int buffer_put(buffer *,const char *,unsigned int);
extern int buffer_putalign(buffer *,const char *,unsigned int);
extern int buffer_putflush(buffer *,const char *,unsigned int);
extern int buffer_puts(buffer *,const char *);
extern int buffer_putsalign(buffer *,const char *);
extern int buffer_putsflush(buffer *,const char *);
#define buffer_PUTC(s,c) \
( ((s)->n != (s)->p) \
? ( (s)->x[(s)->p++] = (c), 0 ) \
: buffer_put((s),&(c),1) \
)
extern int buffer_get(buffer *,char *,unsigned int);
extern int buffer_bget(buffer *,char *,unsigned int);
extern int buffer_feed(buffer *);
extern char *buffer_peek(buffer *);
extern void buffer_seek(buffer *,unsigned int);
#define buffer_PEEK(s) ( (s)->x + (s)->n )
#define buffer_SEEK(s,len) ( ( (s)->p -= (len) ) , ( (s)->n += (len) ) )
#define buffer_GETC(s,c) \
( ((s)->p > 0) \
? ( *(c) = (s)->x[(s)->n], buffer_SEEK((s),1), 1 ) \
: buffer_get((s),(c),1) \
)
extern int buffer_copy(buffer *,buffer *);
extern int buffer_unixread(int,char *,unsigned int);
extern int buffer_unixwrite(int,const char *,unsigned int);
extern buffer *buffer_0;
extern buffer *buffer_0small;
extern buffer *buffer_1;
extern buffer *buffer_1small;
extern buffer *buffer_2;
#endif

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer.o Normal file
View File

Binary file not shown.

5
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_1.c Normal file
View File

@ -0,0 +1,5 @@
#include "buffer.h"
char buffer_1_space[BUFFER_OUTSIZE];
static buffer it = BUFFER_INIT(buffer_unixwrite,1,buffer_1_space,sizeof buffer_1_space);
buffer *buffer_1 = &it;

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_1.o Normal file
View File

Binary file not shown.

5
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_2.c Normal file
View File

@ -0,0 +1,5 @@
#include "buffer.h"
char buffer_2_space[256];
static buffer it = BUFFER_INIT(buffer_unixwrite,2,buffer_2_space,sizeof buffer_2_space);
buffer *buffer_2 = &it;

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_2.o Normal file
View File

Binary file not shown.

16
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_copy.c Normal file
View File

@ -0,0 +1,16 @@
#include "buffer.h"
int buffer_copy(buffer *bout,buffer *bin)
{
int n;
char *x;
for (;;) {
n = buffer_feed(bin);
if (n < 0) return -2;
if (!n) return 0;
x = buffer_PEEK(bin);
if (buffer_put(bout,x,n) == -1) return -3;
buffer_SEEK(bin,n);
}
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_copy.o Normal file
View File

Binary file not shown.

67
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_get.c Normal file
View File

@ -0,0 +1,67 @@
#include "buffer.h"
#include "byte.h"
#include "error.h"
static int oneread(int (*op)(),int fd,char *buf,unsigned int len)
{
int r;
for (;;) {
r = op(fd,buf,len);
if (r == -1) if (errno == error_intr) continue;
return r;
}
}
static int getthis(buffer *s,char *buf,unsigned int len)
{
if (len > s->p) len = s->p;
s->p -= len;
byte_copy(buf,len,s->x + s->n);
s->n += len;
return len;
}
int buffer_feed(buffer *s)
{
int r;
if (s->p) return s->p;
r = oneread(s->op,s->fd,s->x,s->n);
if (r <= 0) return r;
s->p = r;
s->n -= r;
if (s->n > 0) byte_copyr(s->x + s->n,r,s->x);
return r;
}
int buffer_bget(buffer *s,char *buf,unsigned int len)
{
int r;
if (s->p > 0) return getthis(s,buf,len);
if (s->n <= len) return oneread(s->op,s->fd,buf,s->n);
r = buffer_feed(s); if (r <= 0) return r;
return getthis(s,buf,len);
}
int buffer_get(buffer *s,char *buf,unsigned int len)
{
int r;
if (s->p > 0) return getthis(s,buf,len);
if (s->n <= len) return oneread(s->op,s->fd,buf,len);
r = buffer_feed(s); if (r <= 0) return r;
return getthis(s,buf,len);
}
char *buffer_peek(buffer *s)
{
return s->x + s->n;
}
void buffer_seek(buffer *s,unsigned int len)
{
s->n += len;
s->p -= len;
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_get.o Normal file
View File

Binary file not shown.

88
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_put.c Normal file
View File

@ -0,0 +1,88 @@
#include "buffer.h"
#include "str.h"
#include "byte.h"
#include "error.h"
static int allwrite(int (*op)(),int fd,const char *buf,unsigned int len)
{
int w;
while (len) {
w = op(fd,buf,len);
if (w == -1) {
if (errno == error_intr) continue;
return -1; /* note that some data may have been written */
}
if (w == 0) ; /* luser's fault */
buf += w;
len -= w;
}
return 0;
}
int buffer_flush(buffer *s)
{
int p;
p = s->p;
if (!p) return 0;
s->p = 0;
return allwrite(s->op,s->fd,s->x,p);
}
int buffer_putalign(buffer *s,const char *buf,unsigned int len)
{
unsigned int n;
while (len > (n = s->n - s->p)) {
byte_copy(s->x + s->p,n,buf); s->p += n; buf += n; len -= n;
if (buffer_flush(s) == -1) return -1;
}
/* now len <= s->n - s->p */
byte_copy(s->x + s->p,len,buf);
s->p += len;
return 0;
}
int buffer_put(buffer *s,const char *buf,unsigned int len)
{
unsigned int n;
n = s->n;
if (len > n - s->p) {
if (buffer_flush(s) == -1) return -1;
/* now s->p == 0 */
if (n < BUFFER_OUTSIZE) n = BUFFER_OUTSIZE;
while (len > s->n) {
if (n > len) n = len;
if (allwrite(s->op,s->fd,buf,n) == -1) return -1;
buf += n;
len -= n;
}
}
/* now len <= s->n - s->p */
byte_copy(s->x + s->p,len,buf);
s->p += len;
return 0;
}
int buffer_putflush(buffer *s,const char *buf,unsigned int len)
{
if (buffer_flush(s) == -1) return -1;
return allwrite(s->op,s->fd,buf,len);
}
int buffer_putsalign(buffer *s,const char *buf)
{
return buffer_putalign(s,buf,str_len(buf));
}
int buffer_puts(buffer *s,const char *buf)
{
return buffer_put(s,buf,str_len(buf));
}
int buffer_putsflush(buffer *s,const char *buf)
{
return buffer_putflush(s,buf,str_len(buf));
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_put.o Normal file
View File

Binary file not shown.

7
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_read.c Normal file
View File

@ -0,0 +1,7 @@
#include <unistd.h>
#include "buffer.h"
int buffer_unixread(int fd,char *buf,unsigned int len)
{
return read(fd,buf,len);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_read.o Normal file
View File

Binary file not shown.

7
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_write.c Normal file
View File

@ -0,0 +1,7 @@
#include <unistd.h>
#include "buffer.h"
int buffer_unixwrite(int fd,const char *buf,unsigned int len)
{
return write(fd,buf,len);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/buffer_write.o Normal file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/byte.a Normal file
View File

Binary file not shown.

13
NONE-CKUBU/src/djbdns/djbdns-1.05/byte.h Normal file
View File

@ -0,0 +1,13 @@
#ifndef BYTE_H
#define BYTE_H
extern unsigned int byte_chr();
extern unsigned int byte_rchr();
extern void byte_copy();
extern void byte_copyr();
extern int byte_diff();
extern void byte_zero();
#define byte_equal(s,n,t) (!byte_diff((s),(n),(t)))
#endif

20
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_chr.c Normal file
View File

@ -0,0 +1,20 @@
#include "byte.h"
unsigned int byte_chr(s,n,c)
char *s;
register unsigned int n;
int c;
{
register char ch;
register char *t;
ch = c;
t = s;
for (;;) {
if (!n) break; if (*t == ch) break; ++t; --n;
if (!n) break; if (*t == ch) break; ++t; --n;
if (!n) break; if (*t == ch) break; ++t; --n;
if (!n) break; if (*t == ch) break; ++t; --n;
}
return t - s;
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_chr.o Normal file
View File

Binary file not shown.

14
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_copy.c Normal file
View File

@ -0,0 +1,14 @@
#include "byte.h"
void byte_copy(to,n,from)
register char *to;
register unsigned int n;
register char *from;
{
for (;;) {
if (!n) return; *to++ = *from++; --n;
if (!n) return; *to++ = *from++; --n;
if (!n) return; *to++ = *from++; --n;
if (!n) return; *to++ = *from++; --n;
}
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_copy.o Normal file
View File

Binary file not shown.

16
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_cr.c Normal file
View File

@ -0,0 +1,16 @@
#include "byte.h"
void byte_copyr(to,n,from)
register char *to;
register unsigned int n;
register char *from;
{
to += n;
from += n;
for (;;) {
if (!n) return; *--to = *--from; --n;
if (!n) return; *--to = *--from; --n;
if (!n) return; *--to = *--from; --n;
if (!n) return; *--to = *--from; --n;
}
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_cr.o Normal file
View File

Binary file not shown.

16
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_diff.c Normal file
View File

@ -0,0 +1,16 @@
#include "byte.h"
int byte_diff(s,n,t)
register char *s;
register unsigned int n;
register char *t;
{
for (;;) {
if (!n) return 0; if (*s != *t) break; ++s; ++t; --n;
if (!n) return 0; if (*s != *t) break; ++s; ++t; --n;
if (!n) return 0; if (*s != *t) break; ++s; ++t; --n;
if (!n) return 0; if (*s != *t) break; ++s; ++t; --n;
}
return ((int)(unsigned int)(unsigned char) *s)
- ((int)(unsigned int)(unsigned char) *t);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_diff.o Normal file
View File

Binary file not shown.

13
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_zero.c Normal file
View File

@ -0,0 +1,13 @@
#include "byte.h"
void byte_zero(s,n)
char *s;
register unsigned int n;
{
for (;;) {
if (!n) break; *s++ = 0; --n;
if (!n) break; *s++ = 0; --n;
if (!n) break; *s++ = 0; --n;
if (!n) break; *s++ = 0; --n;
}
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/byte_zero.o Normal file
View File

Binary file not shown.

207
NONE-CKUBU/src/djbdns/djbdns-1.05/cache.c Normal file
View File

@ -0,0 +1,207 @@
#include "alloc.h"
#include "byte.h"
#include "uint32.h"
#include "exit.h"
#include "tai.h"
#include "cache.h"
uint64 cache_motion = 0;
static char *x = 0;
static uint32 size;
static uint32 hsize;
static uint32 writer;
static uint32 oldest;
static uint32 unused;
/*
100 <= size <= 1000000000.
4 <= hsize <= size/16.
hsize is a power of 2.
hsize <= writer <= oldest <= unused <= size.
If oldest == unused then unused == size.
x is a hash table with the following structure:
x[0...hsize-1]: hsize/4 head links.
x[hsize...writer-1]: consecutive entries, newest entry on the right.
x[writer...oldest-1]: free space for new entries.
x[oldest...unused-1]: consecutive entries, oldest entry on the left.
x[unused...size-1]: unused.
Each hash bucket is a linked list containing the following items:
the head link, the newest entry, the second-newest entry, etc.
Each link is a 4-byte number giving the xor of
the positions of the adjacent items in the list.
Entries are always inserted immediately after the head and removed at the tail.
Each entry contains the following information:
4-byte link; 4-byte keylen; 4-byte datalen; 8-byte expire time; key; data.
*/
#define MAXKEYLEN 1000
#define MAXDATALEN 1000000
static void cache_impossible(void)
{
_exit(111);
}
static void set4(uint32 pos,uint32 u)
{
if (pos > size - 4) cache_impossible();
uint32_pack(x + pos,u);
}
static uint32 get4(uint32 pos)
{
uint32 result;
if (pos > size - 4) cache_impossible();
uint32_unpack(x + pos,&result);
return result;
}
static unsigned int hash(const char *key,unsigned int keylen)
{
unsigned int result = 5381;
while (keylen) {
result = (result << 5) + result;
result ^= (unsigned char) *key;
++key;
--keylen;
}
result <<= 2;
result &= hsize - 4;
return result;
}
char *cache_get(const char *key,unsigned int keylen,unsigned int *datalen,uint32 *ttl)
{
struct tai expire;
struct tai now;
uint32 pos;
uint32 prevpos;
uint32 nextpos;
uint32 u;
unsigned int loop;
double d;
if (!x) return 0;
if (keylen > MAXKEYLEN) return 0;
prevpos = hash(key,keylen);
pos = get4(prevpos);
loop = 0;
while (pos) {
if (get4(pos + 4) == keylen) {
if (pos + 20 + keylen > size) cache_impossible();
if (byte_equal(key,keylen,x + pos + 20)) {
tai_unpack(x + pos + 12,&expire);
tai_now(&now);
if (tai_less(&expire,&now)) return 0;
tai_sub(&expire,&expire,&now);
d = tai_approx(&expire);
if (d > 604800) d = 604800;
*ttl = d;
u = get4(pos + 8);
if (u > size - pos - 20 - keylen) cache_impossible();
*datalen = u;
return x + pos + 20 + keylen;
}
}
nextpos = prevpos ^ get4(pos);
prevpos = pos;
pos = nextpos;
if (++loop > 100) return 0; /* to protect against hash flooding */
}
return 0;
}
void cache_set(const char *key,unsigned int keylen,const char *data,unsigned int datalen,uint32 ttl)
{
struct tai now;
struct tai expire;
unsigned int entrylen;
unsigned int keyhash;
uint32 pos;
if (!x) return;
if (keylen > MAXKEYLEN) return;
if (datalen > MAXDATALEN) return;
if (!ttl) return;
if (ttl > 604800) ttl = 604800;
entrylen = keylen + datalen + 20;
while (writer + entrylen > oldest) {
if (oldest == unused) {
if (writer <= hsize) return;
unused = writer;
oldest = hsize;
writer = hsize;
}
pos = get4(oldest);
set4(pos,get4(pos) ^ oldest);
oldest += get4(oldest + 4) + get4(oldest + 8) + 20;
if (oldest > unused) cache_impossible();
if (oldest == unused) {
unused = size;
oldest = size;
}
}
keyhash = hash(key,keylen);
tai_now(&now);
tai_uint(&expire,ttl);
tai_add(&expire,&expire,&now);
pos = get4(keyhash);
if (pos)
set4(pos,get4(pos) ^ keyhash ^ writer);
set4(writer,pos ^ keyhash);
set4(writer + 4,keylen);
set4(writer + 8,datalen);
tai_pack(x + writer + 12,&expire);
byte_copy(x + writer + 20,keylen,key);
byte_copy(x + writer + 20 + keylen,datalen,data);
set4(keyhash,writer);
writer += entrylen;
cache_motion += entrylen;
}
int cache_init(unsigned int cachesize)
{
if (x) {
alloc_free(x);
x = 0;
}
if (cachesize > 1000000000) cachesize = 1000000000;
if (cachesize < 100) cachesize = 100;
size = cachesize;
hsize = 4;
while (hsize <= (size >> 5)) hsize <<= 1;
x = alloc(size);
if (!x) return 0;
byte_zero(x,size);
writer = hsize;
oldest = size;
unused = size;
return 1;
}

12
NONE-CKUBU/src/djbdns/djbdns-1.05/cache.h Normal file
View File

@ -0,0 +1,12 @@
#ifndef CACHE_H
#define CACHE_H
#include "uint32.h"
#include "uint64.h"
extern uint64 cache_motion;
extern int cache_init(unsigned int);
extern void cache_set(const char *,unsigned int,const char *,unsigned int,uint32);
extern char *cache_get(const char *,unsigned int,unsigned int *,uint32 *);
#endif

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/cache.o Normal file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/cachetest Executable file
View File

Binary file not shown.

32
NONE-CKUBU/src/djbdns/djbdns-1.05/cachetest.c Normal file
View File

@ -0,0 +1,32 @@
#include "buffer.h"
#include "exit.h"
#include "cache.h"
#include "str.h"
int main(int argc,char **argv)
{
int i;
char *x;
char *y;
unsigned int u;
uint32 ttl;
if (!cache_init(200)) _exit(111);
if (*argv) ++argv;
while (x = *argv++) {
i = str_chr(x,':');
if (x[i])
cache_set(x,i,x + i + 1,str_len(x) - i - 1,86400);
else {
y = cache_get(x,i,&u,&ttl);
if (y)
buffer_put(buffer_1,y,u);
buffer_puts(buffer_1,"\n");
}
}
buffer_flush(buffer_1);
_exit(0);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/cachetest.o Normal file
View File

Binary file not shown.

13
NONE-CKUBU/src/djbdns/djbdns-1.05/case.h Normal file
View File

@ -0,0 +1,13 @@
#ifndef CASE_H
#define CASE_H
extern void case_lowers(char *);
extern void case_lowerb(char *,unsigned int);
extern int case_diffs(const char *,const char *);
extern int case_diffb(const char *,unsigned int,const char *);
extern int case_starts(const char *,const char *);
extern int case_startb(const char *,unsigned int,const char *);
#define case_equals(s,t) (!case_diffs((s),(t)))
#endif

18
NONE-CKUBU/src/djbdns/djbdns-1.05/case_diffb.c Normal file
View File

@ -0,0 +1,18 @@
#include "case.h"
int case_diffb(register const char *s,register unsigned int len,register const char *t)
{
register unsigned char x;
register unsigned char y;
while (len > 0) {
--len;
x = *s++ - 'A';
if (x <= 'Z' - 'A') x += 'a'; else x += 'A';
y = *t++ - 'A';
if (y <= 'Z' - 'A') y += 'a'; else y += 'A';
if (x != y)
return ((int)(unsigned int) x) - ((int)(unsigned int) y);
}
return 0;
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/case_diffb.o Normal file
View File

Binary file not shown.

17
NONE-CKUBU/src/djbdns/djbdns-1.05/case_diffs.c Normal file
View File

@ -0,0 +1,17 @@
#include "case.h"
int case_diffs(register const char *s,register const char *t)
{
register unsigned char x;
register unsigned char y;
for (;;) {
x = *s++ - 'A';
if (x <= 'Z' - 'A') x += 'a'; else x += 'A';
y = *t++ - 'A';
if (y <= 'Z' - 'A') y += 'a'; else y += 'A';
if (x != y) break;
if (!x) break;
}
return ((int)(unsigned int) x) - ((int)(unsigned int) y);
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/case_diffs.o Normal file
View File

Binary file not shown.

12
NONE-CKUBU/src/djbdns/djbdns-1.05/case_lowerb.c Normal file
View File

@ -0,0 +1,12 @@
#include "case.h"
void case_lowerb(char *s,unsigned int len)
{
unsigned char x;
while (len > 0) {
--len;
x = *s - 'A';
if (x <= 'Z' - 'A') *s = x + 'a';
++s;
}
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/case_lowerb.o Normal file
View File

Binary file not shown.

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/cdb.a Normal file
View File

Binary file not shown.

136
NONE-CKUBU/src/djbdns/djbdns-1.05/cdb.c Normal file
View File

@ -0,0 +1,136 @@
/* Public domain. */
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <unistd.h>
#include "error.h"
#include "seek.h"
#include "byte.h"
#include "cdb.h"
void cdb_free(struct cdb *c)
{
if (c->map) {
munmap(c->map,c->size);
c->map = 0;
}
}
void cdb_findstart(struct cdb *c)
{
c->loop = 0;
}
void cdb_init(struct cdb *c,int fd)
{
struct stat st;
char *x;
cdb_free(c);
cdb_findstart(c);
c->fd = fd;
if (fstat(fd,&st) == 0)
if (st.st_size <= 0xffffffff) {
x = mmap(0,st.st_size,PROT_READ,MAP_SHARED,fd,0);
if (x + 1) {
c->size = st.st_size;
c->map = x;
}
}
}
int cdb_read(struct cdb *c,char *buf,unsigned int len,uint32 pos)
{
if (c->map) {
if ((pos > c->size) || (c->size - pos < len)) goto FORMAT;
byte_copy(buf,len,c->map + pos);
}
else {
if (seek_set(c->fd,pos) == -1) return -1;
while (len > 0) {
int r;
do
r = read(c->fd,buf,len);
while ((r == -1) && (errno == error_intr));
if (r == -1) return -1;
if (r == 0) goto FORMAT;
buf += r;
len -= r;
}
}
return 0;
FORMAT:
errno = error_proto;
return -1;
}
static int match(struct cdb *c,const char *key,unsigned int len,uint32 pos)
{
char buf[32];
int n;
while (len > 0) {
n = sizeof buf;
if (n > len) n = len;
if (cdb_read(c,buf,n,pos) == -1) return -1;
if (byte_diff(buf,n,key)) return 0;
pos += n;
key += n;
len -= n;
}
return 1;
}
int cdb_findnext(struct cdb *c,const char *key,unsigned int len)
{
char buf[8];
uint32 pos;
uint32 u;
if (!c->loop) {
u = cdb_hash(key,len);
if (cdb_read(c,buf,8,(u << 3) & 2047) == -1) return -1;
uint32_unpack(buf + 4,&c->hslots);
if (!c->hslots) return 0;
uint32_unpack(buf,&c->hpos);
c->khash = u;
u >>= 8;
u %= c->hslots;
u <<= 3;
c->kpos = c->hpos + u;
}
while (c->loop < c->hslots) {
if (cdb_read(c,buf,8,c->kpos) == -1) return -1;
uint32_unpack(buf + 4,&pos);
if (!pos) return 0;
c->loop += 1;
c->kpos += 8;
if (c->kpos == c->hpos + (c->hslots << 3)) c->kpos = c->hpos;
uint32_unpack(buf,&u);
if (u == c->khash) {
if (cdb_read(c,buf,8,pos) == -1) return -1;
uint32_unpack(buf,&u);
if (u == len)
switch(match(c,key,len,pos + 8)) {
case -1:
return -1;
case 1:
uint32_unpack(buf + 4,&c->dlen);
c->dpos = pos + 8 + len;
return 1;
}
}
}
return 0;
}
int cdb_find(struct cdb *c,const char *key,unsigned int len)
{
cdb_findstart(c);
return cdb_findnext(c,key,len);
}

37
NONE-CKUBU/src/djbdns/djbdns-1.05/cdb.h Normal file
View File

@ -0,0 +1,37 @@
/* Public domain. */
#ifndef CDB_H
#define CDB_H
#include "uint32.h"
#define CDB_HASHSTART 5381
extern uint32 cdb_hashadd(uint32,unsigned char);
extern uint32 cdb_hash(const char *,unsigned int);
struct cdb {
char *map; /* 0 if no map is available */
int fd;
uint32 size; /* initialized if map is nonzero */
uint32 loop; /* number of hash slots searched under this key */
uint32 khash; /* initialized if loop is nonzero */
uint32 kpos; /* initialized if loop is nonzero */
uint32 hpos; /* initialized if loop is nonzero */
uint32 hslots; /* initialized if loop is nonzero */
uint32 dpos; /* initialized if cdb_findnext() returns 1 */
uint32 dlen; /* initialized if cdb_findnext() returns 1 */
} ;
extern void cdb_free(struct cdb *);
extern void cdb_init(struct cdb *,int fd);
extern int cdb_read(struct cdb *,char *,unsigned int,uint32);
extern void cdb_findstart(struct cdb *);
extern int cdb_findnext(struct cdb *,const char *,unsigned int);
extern int cdb_find(struct cdb *,const char *,unsigned int);
#define cdb_datapos(c) ((c)->dpos)
#define cdb_datalen(c) ((c)->dlen)
#endif

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/cdb.o Normal file
View File

Binary file not shown.

21
NONE-CKUBU/src/djbdns/djbdns-1.05/cdb_hash.c Normal file
View File

@ -0,0 +1,21 @@
/* Public domain. */
#include "cdb.h"
uint32 cdb_hashadd(uint32 h,unsigned char c)
{
h += (h << 5);
return h ^ c;
}
uint32 cdb_hash(const char *buf,unsigned int len)
{
uint32 h;
h = CDB_HASHSTART;
while (len) {
h = cdb_hashadd(h,*buf++);
--len;
}
return h;
}

BIN
NONE-CKUBU/src/djbdns/djbdns-1.05/cdb_hash.o Normal file
View File

Binary file not shown.

152
NONE-CKUBU/src/djbdns/djbdns-1.05/cdb_make.c Normal file
View File

@ -0,0 +1,152 @@
/* Public domain. */
#include "seek.h"
#include "error.h"
#include "alloc.h"
#include "cdb.h"
#include "cdb_make.h"
int cdb_make_start(struct cdb_make *c,int fd)
{
c->head = 0;
c->split = 0;
c->hash = 0;
c->numentries = 0;
c->fd = fd;
c->pos = sizeof c->final;
buffer_init(&c->b,buffer_unixwrite,fd,c->bspace,sizeof c->bspace);
return seek_set(fd,c->pos);
}
static int posplus(struct cdb_make *c,uint32 len)
{
uint32 newpos = c->pos + len;
if (newpos < len) { errno = error_nomem; return -1; }
c->pos = newpos;
return 0;
}
int cdb_make_addend(struct cdb_make *c,unsigned int keylen,unsigned int datalen,uint32 h)
{
struct cdb_hplist *head;
head = c->head;
if (!head || (head->num >= CDB_HPLIST)) {
head = (struct cdb_hplist *) alloc(sizeof(struct cdb_hplist));
if (!head) return -1;
head->num = 0;
head->next = c->head;
c->head = head;
}
head->hp[head->num].h = h;
head->hp[head->num].p = c->pos;
++head->num;
++c->numentries;
if (posplus(c,8) == -1) return -1;
if (posplus(c,keylen) == -1) return -1;
if (posplus(c,datalen) == -1) return -1;
return 0;
}
int cdb_make_addbegin(struct cdb_make *c,unsigned int keylen,unsigned int datalen)
{
char buf[8];
if (keylen > 0xffffffff) { errno = error_nomem; return -1; }
if (datalen > 0xffffffff) { errno = error_nomem; return -1; }
uint32_pack(buf,keylen);
uint32_pack(buf + 4,datalen);
if (buffer_putalign(&c->b,buf,8) == -1) return -1;
return 0;
}
int cdb_make_add(struct cdb_make *c,const char *key,unsigned int keylen,const char *data,unsigned int datalen)
{
if (cdb_make_addbegin(c,keylen,datalen) == -1) return -1;
if (buffer_putalign(&c->b,key,keylen) == -1) return -1;
if (buffer_putalign(&c->b,data,datalen) == -1) return -1;
return cdb_make_addend(c,keylen,datalen,cdb_hash(key,keylen));
}
int cdb_make_finish(struct cdb_make *c)
{
char buf[8];
int i;
uint32 len;
uint32 u;
uint32 memsize;
uint32 count;
uint32 where;
struct cdb_hplist *x;
struct cdb_hp *hp;
for (i = 0;i < 256;++i)
c->count[i] = 0;
for (x = c->head;x;x = x->next) {
i = x->num;
while (i--)
++c->count[255 & x->hp[i].h];
}
memsize = 1;
for (i = 0;i < 256;++i) {
u = c->count[i] * 2;
if (u > memsize)
memsize = u;
}
memsize += c->numentries; /* no overflow possible up to now */
u = (uint32) 0 - (uint32) 1;
u /= sizeof(struct cdb_hp);
if (memsize > u) { errno = error_nomem; return -1; }
c->split = (struct cdb_hp *) alloc(memsize * sizeof(struct cdb_hp));
if (!c->split) return -1;
c->hash = c->split + c->numentries;
u = 0;
for (i = 0;i < 256;++i) {
u += c->count[i]; /* bounded by numentries, so no overflow */
c->start[i] = u;
}
for (x = c->head;x;x = x->next) {
i = x->num;
while (i--)
c->split[--c->start[255 & x->hp[i].h]] = x->hp[i];
}
for (i = 0;i < 256;++i) {
count = c->count[i];
len = count + count; /* no overflow possible */
uint32_pack(c->final + 8 * i,c->pos);
uint32_pack(c->final + 8 * i + 4,len);
for (u = 0;u < len;++u)
c->hash[u].h = c->hash[u].p = 0;
hp = c->split + c->start[i];
for (u = 0;u < count;++u) {
where = (hp->h >> 8) % len;
while (c->hash[where].p)
if (++where == len)
where = 0;
c->hash[where] = *hp++;
}
for (u = 0;u < len;++u) {
uint32_pack(buf,c->hash[u].h);
uint32_pack(buf + 4,c->hash[u].p);
if (buffer_putalign(&c->b,buf,8) == -1) return -1;
if (posplus(c,8) == -1) return -1;
}
}
if (buffer_flush(&c->b) == -1) return -1;
if (seek_begin(c->fd) == -1) return -1;
return buffer_putflush(&c->b,c->final,sizeof c->final);
}

Some files were not shown because too many files have changed in this diff Show More