From patchwork Sat Jun 24 12:11:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Oranje X-Patchwork-Id: 780353 X-Patchwork-Delegate: dedeckeh@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wvvMV2WTLz9s3s for ; Sat, 24 Jun 2017 22:12:22 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="iein8Ndr"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=53YvuembpRZt+QdH2YeOLVtLaJXcMdGX3e2FgpicTd8=; b=iein8NdrCkgk5w /JGFRSG71ta+OhSg9KpoFPPnM+uA3P4R28qm7ooTDA/dkq6aG31ZAiERZvuNAYGBzOijn0uSqR8Bc a0bj43RCPzH46Iv8SH20f6Nok/7t5A5RbDHKUNzlJrwrQ5V4NR+CnkYG5uUNvUL0xfrnbRIwswcvn 8cvr/VSiTBM+VywFyKMPmFLmZY33jveQ0FVqTWgYXQ5PYhkqo7juTnoyaMrIUm79M10pCliNPRRrI +Jwl7TDhFdP6WVkAiCBqH/y5vpjPQuaTYDnMUYqK0FDiecz8zQonUDN74v4E7eqCzrIXwVIOiuGD0 QuB0m6fMSQllyuyopi3Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dOjux-0002dA-DY; Sat, 24 Jun 2017 12:11:59 +0000 Received: from lb1-smtp-cloud2.xs4all.net ([194.109.24.21]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dOjur-0002S1-5W for lede-dev@lists.infradead.org; Sat, 24 Jun 2017 12:11:57 +0000 Received: from boekje.achterlaan ([217.103.48.109]) by smtp-cloud2.xs4all.net with ESMTP id ccBH1v00H2MLy0x01cBSpr; Sat, 24 Jun 2017 14:11:27 +0200 From: Paul Oranje To: lede-dev@lists.infradead.org Date: Sat, 24 Jun 2017 14:11:54 +0200 Message-Id: <20170624121154.76312-1-por@xs4all.nl> X-Mailer: git-send-email 2.13.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170624_051153_383278_EC5142D2 X-CRM114-Status: GOOD ( 12.40 ) X-Spam-Score: -2.6 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [194.109.24.21 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [194.109.24.21 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Subject: [LEDE-DEV] [PATCH v5] dnsmasq: manage resolv.conf iff when listening on 127.0.0.1#53 X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dedeckeh@gmail.com, Paul Oranje , ericluehrsen@hotmail.com MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org With this patch the dnsmasq init script manages resolv.conf if and only if when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance). Also adds ::1 to the resolver file. For unbound a likewise patch exists (PR#4454). Fixes (combined with the unbound PR) FS#785 Signed-off-by: Paul Oranje --- The intended invariant is that resolv.conf is managed whenever a resolver listens on 127.0.0.1#53. Besides dnsmasq, unbound can take that role as well (but only when dnsmasq is not already listens on 127.0.0.1#53). When no instance of dnsmasq has been configured to listen on 127.0.0.1#53 then resolv.conf is not touched by dnsmasq. Currently unbound handles resolv.conf also, but leaves it to dnsmasq whenever that will run, even when no dnsmasq instance will listen on localhost:53. So for unbound PR#4454 has been submitted to make sure it always manages resov.conf when it owns localhost:domain. Tests performed: - with/without unbound, dhcp linkages none and dnsmasq - dnsmasq listens on #53, not #53 (dnsmasq takes precedence when also on #53) - listen on localhost, not localhost - noresolv false and true - one/multiple dnsmasq instances (useless combinations are omitted in testing) single dnsmasq instance standard setup ==> dnsmasq manages resolv.conf two dnsmasq instances, each serving another LAN both dnsmasq on #53 dnsmasq-2 notinterface loopback ==> dnsmasq-1 manages resolv.conf two dnsmasq unstances and unbound (dhcp_link: none, one dnsmasq behind ubound) both dnsmasq on #53 dnsmasq-2 on #53, notinterface loopback noresolv true and server 127.0.0.1#1053 unbound on #1053 ==> dnsmasq-1 manages resolv.conf two dnsmasq instances and unbound (dhcp_link: dnsmasq) dnsmasq-1 on #1053, noresolv true dnsmasq-2 on #2053, noresolv true unbound on #53 forward LAN1 to 127.0.0.1#1053, forward LAN2 to 127.0.0.1#2053 ==> unbound manages resolv.conf on stops resolv.conf is reset to the auto if it was written by the instance resolvfile. History: v2 corrected synxtax error increased PKG_RELEASE v2 was reverted with commit 8180bbac7c237a31bd6e06c63e342c72342b7303 v3 rewritten and thoroughly tested v4 corrected test on existence of resolvfile v5 replaces cat ... case with grep in _resolv_teardown() rebased on master Paul --- package/network/services/dnsmasq/Makefile | 2 +- .../network/services/dnsmasq/files/dnsmasq.init | 77 +++++++++++++++------- 2 files changed, 53 insertions(+), 26 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 35ac6b2891..11baff37e8 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.77 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 065d1fd8c2..c16079d73a 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -714,9 +714,49 @@ dhcp_relay_add() { fi } +_resolv_setup() +{ + local cfg="$1" + local port notinterfaces + + config_get port "$cfg" port "53" + [ $port = "53" ] || return + + config_get notinterfaces "$cfg" notinterface "" + [ -n "$notinterfaces" ] && list_contains notinterfaces "loopback" && return + + # dnsmasq instance is designated to listen on 127.0.0.1#53. + # rewrite /tmp/resolv.conf + rm -f /tmp/resolv.conf + { + echo "# /tmp/resolv.conf generated by dnsmasq $cfg $( date )" + [ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && { + echo "search $DOMAIN" + } + DNS_SERVERS="$DNS_SERVERS 127.0.0.1 ::1" + for DNS_SERVER in $DNS_SERVERS ; do + echo "nameserver $DNS_SERVER" + done + } > /tmp/resolv.conf + + return +} + +_resolv_teardown() +{ + cfg="$1" + + grep -q -e "generated by dnsmasq $cfg" /tmp/resolv.conf 2>/dev/null && { + # resolv.conf was written by this instance, + # reset /tmp/resolv.conf to default. + [ -f /tmp/resolv.conf ] && rm -f /tmp/resolv.conf + ln -s /tmp/resolv.conf.auto /tmp/resolv.conf + } +} + dnsmasq_start() { - local cfg="$1" disabled resolvfile user_dhcpscript + local cfg="$1" disabled noresolv resolvfile user_dhcpscript config_get_bool disabled "$cfg" disabled 0 [ "$disabled" -gt 0 ] && return 0 @@ -792,7 +832,6 @@ dnsmasq_start() append_bool "$cfg" nonegcache "--no-negcache" append_bool "$cfg" strictorder "--strict-order" append_bool "$cfg" logqueries "--log-queries=extra" - append_bool "$cfg" noresolv "--no-resolv" append_bool "$cfg" localise_queries "--localise-queries" append_bool "$cfg" readethers "--read-ethers" append_bool "$cfg" dbus "--enable-dbus" @@ -861,14 +900,15 @@ dnsmasq_start() config_get_bool cachelocal "$cfg" cachelocal 1 config_get_bool noresolv "$cfg" noresolv 0 - if [ "$noresolv" != "1" ]; then + if [ "$noresolv" = "1" ]; then + xappend "--no-resolv" + else config_get resolvfile "$cfg" resolvfile "/tmp/resolv.conf.auto" + xappend "--resolv-file=$resolvfile" # So jail doesn't complain if file missing - [ -n "$resolvfile" -a \! -e "$resolvfile" ] && touch "$resolvfile" + [ ! -e "$resolvfile" ] && touch "$resolvfile" fi - [ -n "$resolvfile" ] && xappend "--resolv-file=$resolvfile" - config_get hostsfile "$cfg" dhcphostsfile [ -e "$hostsfile" ] && xappend "--dhcp-hostsfile=$hostsfile" @@ -980,16 +1020,6 @@ dnsmasq_start() echo >> $CONFIGFILE_TMP mv -f $CONFIGFILE_TMP $CONFIGFILE - [ "$resolvfile" = "/tmp/resolv.conf.auto" ] && { - rm -f /tmp/resolv.conf - [ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && { - echo "search $DOMAIN" >> /tmp/resolv.conf - } - DNS_SERVERS="$DNS_SERVERS 127.0.0.1" - for DNS_SERVER in $DNS_SERVERS ; do - echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf - done - } procd_open_instance $cfg procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."${cfg}".pid @@ -1007,21 +1037,18 @@ dnsmasq_start() procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile procd_close_instance + + + # rewrite /tmp/resolv.conf only for main instance + _resolv_setup $cfg } dnsmasq_stop() { local cfg="$1" - config_get resolvfile "$cfg" "resolvfile" - - #relink /tmp/resolve.conf only for main instance - [ "$resolvfile" = "/tmp/resolv.conf.auto" ] && { - [ -f /tmp/resolv.conf ] && { - rm -f /tmp/resolv.conf - ln -s "$resolvfile" /tmp/resolv.conf - } - } + #relink /tmp/resolv.conf only for main instance + _resolv_teardown $cfg rm -f ${BASEDHCPSTAMPFILE}.${cfg}.*.dhcp }