dnsmasq: pluginification

79da7c9a · Franco Fichtner · aedc25a1 · 79da7c9a · 79da7c9a · 79da7c9a
Commit 79da7c9a authored Nov 19, 2016 by Franco Fichtner
10 changed files
--- a/plist
+++ b/plist
@@ -42,6 +42,7 @@
 /usr/local/etc/inc/openvpn.tls-verify.php
 /usr/local/etc/inc/openvpn_wizard.inc
 /usr/local/etc/inc/plugins.inc
+/usr/local/etc/inc/plugins.inc.d/dnsmasq.inc
 /usr/local/etc/inc/plugins.inc.d/if_group.inc
 /usr/local/etc/inc/plugins.inc.d/if_ipsec.inc
 /usr/local/etc/inc/plugins.inc.d/if_legacy_opt.inc

--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -1142,7 +1142,7 @@ function interfaces_configure()
        ipsec_configure();

        /* restart dns servers */
-        services_dnsmasq_configure();
+        dnsmasq_configure_do();
        unbound_configure_do();

        /* reload dhcpd (interface enabled/disabled status may have changed) */
@@ -2890,7 +2890,7 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven
            ipsec_configure();

            /* restart dns servers */
-            services_dnsmasq_configure();
+            dnsmasq_configure_do();
            unbound_configure_do();

            /* reload dhcpd (interface enabled/disabled status may have changed) */

--- a/src/etc/inc/plugins.inc.d/dnsmasq.inc
+++ b/src/etc/inc/plugins.inc.d/dnsmasq.inc
+<?php
+
+/*
+    Copyright (C) 2014-2016 Franco Fichtner <franco@opnsense.org>
+    Copyright (C) 2010 Ermal Luci
+    Copyright (C) 2005-2006 Colin Smith <ethethlay@gmail.com>
+    Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function dnsmasq_enabled()
+{
+    global $config;
+
+    return isset($config['dnsmasq']['enable']);
+}
+
+function dnsmasq_services()
+{
+    $services = array();
+
+    if (!dnsmasq_enabled()) {
+        return $services;
+    }
+
+    $pconfig = array();
+    $pconfig['name'] = 'dnsmasq';
+    $pconfig['description'] = gettext('Dnsmasq DNS Forwarder');
+    $pconfig['php']['restart'] = array('dnsmasq_configure_do');
+    $pconfig['php']['start'] = array('dnsmasq_configure_do');
+    $pconfig['pidfile'] = '/var/run/dnsmasq.pid';
+    $services[] = $pconfig;
+
+    return $services;
+}
+
+function dnsmasq_configure()
+{
+    /* XXX stub that prevents dnsmasq from starting again on bootup */
+    return array();
+}
+
+function dnsmasq_configure_do($verbose = false)
+{
+    global $config;
+
+    // hard coded args: will be removed to avoid duplication if specified in custom_options
+    $standard_args = array(
+        "dns-forward-max" => "--dns-forward-max=5000",
+        "cache-size" => "--cache-size=10000",
+        "local-ttl" => "--local-ttl=1"
+    );
+
+    killbypid('/var/run/dnsmasq.pid', 'TERM', true);
+
+    if (dnsmasq_enabled()) {
+        return;
+    }
+
+    if ($verbose) {
+        echo 'Starting DNS Forwarder...';
+        flush();
+    }
+
+    $args = "";
+
+    if (isset($config['dnsmasq']['regdhcp'])) {
+        $args .= " --dhcp-hostsfile=/etc/hosts ";
+    }
+
+    /* Setup listen port, if non-default */
+    if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) {
+        $args .= " --port={$config['dnsmasq']['port']} ";
+    }
+
+    if (isset($config['dnsmasq']['interface'])) {
+        $addresses = array();
+        foreach (explode(",", $config['dnsmasq']['interface']) as $interface) {
+            if (is_ipaddrv4($interface)) {
+                $addresses[] = $interface;
+            } elseif (is_ipaddrv6($interface)) {
+                 // Since dnsmasq does not support link-local address with scope specified. strip address.
+                 $addresses[] = explode("%", $interface)[0];
+            } else {
+                $intf_ipv4 = get_interface_ip($interface);
+                $intf_ipv6 = get_interface_ipv6($interface);
+                if (!empty($intf_ipv4)) {
+                    $addresses[] = $intf_ipv4;
+                }
+                if (!empty($intf_ipv6)) {
+                    $addresses[] = explode("%", $intf_ipv6)[0];
+                }
+            }
+        }
+        foreach ($addresses as $address) {
+            $args .= " --listen-address={$address} ";
+        }
+        if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) {
+            $args .= " --bind-interfaces ";
+        }
+    }
+
+    /* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */
+    /* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */
+    /* the user-specified entry made later on the command line below will be the one that is effective. */
+    if (isset($config['dnsmasq']['no_private_reverse'])) {
+        /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */
+        /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */
+        /* Just the OPNsense WAN might get a CGN address from an ISP. */
+        $args .= " --server=/10.in-addr.arpa/ ";
+        $args .= " --server=/168.192.in-addr.arpa/ ";
+        /* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */
+        for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) {
+            $args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ ";
+        }
+    }
+
+    /* Setup forwarded domains */
+    if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
+      foreach($config['dnsmasq']['domainoverrides'] as $override) {
+        if ($override['ip'] == "!") {
+            $override['ip'] = "";
+        }
+        $args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']);
+      }
+    }
+
+    /* Allow DNS Rebind for forwarded domains */
+    if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
+        if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
+            foreach($config['dnsmasq']['domainoverrides'] as $override) {
+                $args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ;
+            }
+        }
+    }
+
+    if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
+        $dns_rebind = "--rebind-localhost-ok --stop-dns-rebind";
+    }
+
+    if (isset($config['dnsmasq']['strict_order'])) {
+        $args .= " --strict-order ";
+    }
+
+    if (isset($config['dnsmasq']['domain_needed'])) {
+        $args .= " --domain-needed ";
+    }
+
+    if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) {
+        foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) {
+            $args .= " " . escapeshellarg("--{$c}");
+            $p = explode('=', $c);
+            if (array_key_exists($p[0], $standard_args)) {
+                unset($standard_args[$p[0]]);
+            }
+        }
+    }
+    $args .= ' ' . implode(' ', array_values($standard_args));
+
+    /* run dnsmasq */
+    $cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}";
+    mwexec_bg($cmd);
+    services_dhcpleases_configure();
+    unset($args);
+
+    if ($verbose) {
+        echo "done.\n";
+    }
+}
--- a/src/etc/inc/services.inc
+++ b/src/etc/inc/services.inc
@@ -38,6 +38,7 @@
 * system.inc, while all services belong to their own
 * files.  Maybe eventually this will change...
 */
+require_once('plugins.inc.d/dnsmasq.inc');
 require_once('plugins.inc.d/unbound.inc');
 require_once('dyndns.class');

@@ -1734,134 +1735,6 @@ function dyndnsCheckIP($int)
    return $ip_address;
 }

-function services_dnsmasq_configure($verbose = false)
-{
-    global $config;
-
-    // hard coded args: will be removed to avoid duplication if specified in custom_options
-    $standard_args = array(
-        "dns-forward-max" => "--dns-forward-max=5000",
-        "cache-size" => "--cache-size=10000",
-        "local-ttl" => "--local-ttl=1"
-    );
-
-    killbypid('/var/run/dnsmasq.pid', 'TERM', true);
-
-    if (!isset($config['dnsmasq']['enable'])) {
-        return;
-    }
-
-    if ($verbose) {
-        echo 'Starting DNS Forwarder...';
-        flush();
-    }
-
-    $args = "";
-
-    if (isset($config['dnsmasq']['regdhcp'])) {
-        $args .= " --dhcp-hostsfile=/etc/hosts ";
-    }
-
-    /* Setup listen port, if non-default */
-    if (isset($config['dnsmasq']['port']) && is_port($config['dnsmasq']['port'])) {
-        $args .= " --port={$config['dnsmasq']['port']} ";
-    }
-
-    if (isset($config['dnsmasq']['interface'])) {
-        $addresses = array();
-        foreach (explode(",", $config['dnsmasq']['interface']) as $interface) {
-            if (is_ipaddrv4($interface)) {
-                $addresses[] = $interface;
-            } elseif (is_ipaddrv6($interface)) {
-                 // Since dnsmasq does not support link-local address with scope specified. strip address.
-                 $addresses[] = explode("%", $interface)[0];
-            } else {
-                $intf_ipv4 = get_interface_ip($interface);
-                $intf_ipv6 = get_interface_ipv6($interface);
-                if (!empty($intf_ipv4)) {
-                    $addresses[] = $intf_ipv4;
-                }
-                if (!empty($intf_ipv6)) {
-                    $addresses[] = explode("%", $intf_ipv6)[0];
-                }
-            }
-        }
-        foreach ($addresses as $address) {
-            $args .= " --listen-address={$address} ";
-        }
-        if (!empty($addresses) && isset($config['dnsmasq']['strictbind'])) {
-            $args .= " --bind-interfaces ";
-        }
-    }
-
-    /* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */
-    /* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */
-    /* the user-specified entry made later on the command line below will be the one that is effective. */
-    if (isset($config['dnsmasq']['no_private_reverse'])) {
-        /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */
-        /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */
-        /* Just the OPNsense WAN might get a CGN address from an ISP. */
-        $args .= " --server=/10.in-addr.arpa/ ";
-        $args .= " --server=/168.192.in-addr.arpa/ ";
-        /* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */
-        for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) {
-            $args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ ";
-        }
-    }
-
-    /* Setup forwarded domains */
-    if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
-      foreach($config['dnsmasq']['domainoverrides'] as $override) {
-        if ($override['ip'] == "!") {
-            $override['ip'] = "";
-        }
-        $args .= ' --server='. escapeshellarg('/' . $override['domain'] . '/' . $override['ip']);
-      }
-    }
-
-    /* Allow DNS Rebind for forwarded domains */
-    if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
-        if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
-            foreach($config['dnsmasq']['domainoverrides'] as $override) {
-                $args .= ' --rebind-domain-ok=' . escapeshellarg('/'.$override['domain'].'/') . ' ' ;
-            }
-        }
-    }
-
-    if (!isset($config['system']['webgui']['nodnsrebindcheck'])) {
-        $dns_rebind = "--rebind-localhost-ok --stop-dns-rebind";
-    }
-
-    if (isset($config['dnsmasq']['strict_order'])) {
-        $args .= " --strict-order ";
-    }
-
-    if (isset($config['dnsmasq']['domain_needed'])) {
-        $args .= " --domain-needed ";
-    }
-
-    if (isset($config['dnsmasq']['custom_options']) && !empty($config['dnsmasq']['custom_options'])) {
-        foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) {
-            $args .= " " . escapeshellarg("--{$c}");
-            $p = explode('=', $c);
-            if (array_key_exists($p[0], $standard_args)) {
-                unset($standard_args[$p[0]]);
-            }
-        }
-    }
-    $args .= ' ' . implode(' ', array_values($standard_args));
-
-    /* run dnsmasq */
-    $cmd = "/usr/local/sbin/dnsmasq --all-servers {$dns_rebind} {$args}";
-    mwexec_bg($cmd);
-    services_dhcpleases_configure();
-    unset($args);
-
-    if ($verbose) {
-        echo "done.\n";
-    }
-}
-
 function services_snmpd_configure($verbose = false)
 {
    global $config, $g;
@@ -2307,16 +2180,6 @@ function services_get()
        $services[] = $pconfig;
    }

-    if (isset($config['dnsmasq']['enable'])) {
-        $pconfig = array();
-        $pconfig['name'] = "dnsmasq";
-        $pconfig['description'] = gettext("Dnsmasq DNS Forwarder");
-        $pconfig['php']['restart'] = array('services_dnsmasq_configure');
-        $pconfig['php']['start'] = array('services_dnsmasq_configure');
-        $pconfig['pidfile'] = '/var/run/dnsmasq.pid';
-        $services[] = $pconfig;
-    }
-
    if (isset($config['system']['timeservers'])) {
        $pconfig = array();
        $pconfig['name'] = "ntpd";

--- a/src/etc/inc/xmlrpc/legacy.inc
+++ b/src/etc/inc/xmlrpc/legacy.inc
@@ -138,7 +138,7 @@ function filter_configure_xmlrpc()
    system_hosts_generate();
    services_dhcpleases_configure();
    local_sync_accounts();
-    services_dnsmasq_configure();
+    dnsmasq_configure_do();
    unbound_configure_do();
    services_dhcpd_configure();
    relayd_configure_do();

--- a/src/etc/rc.bootup
+++ b/src/etc/rc.bootup
@@ -177,7 +177,7 @@ echo 'Starting webConfigurator...'. (system_webgui_configure() ? "done.\n" : "fa
 system_configure_cron(true);
 system_routing_configure();
 system_routing_enable();
-services_dnsmasq_configure(true);
+dnsmasq_configure_do(true);
 unbound_configure_do(true);
 system_ntp_configure(false, true);
 services_dhcpd_configure('all', array(), true);

--- a/src/www/services_dnsmasq.php
+++ b/src/www/services_dnsmasq.php
@@ -107,7 +107,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                unset($config['dnsmasq']['custom_options']);
            }
            write_config();
-            services_dnsmasq_configure();
+            dnsmasq_configure_do();
            services_dhcpd_configure();
            header(url_safe('Location: /services_dnsmasq.php'));
            exit;
@@ -119,7 +119,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        system_resolvconf_generate();
        system_hosts_generate();
        services_dhcpleases_configure();
-        services_dnsmasq_configure();
+        dnsmasq_configure_do();
        services_dhcpd_configure();
        clear_subsystem_dirty('hosts');
        header(url_safe('Location: /services_dnsmasq.php'));

--- a/src/www/services_dnsmasq_domainoverride_edit.php
+++ b/src/www/services_dnsmasq_domainoverride_edit.php
@@ -115,7 +115,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        } else {
            $a_domainOverrides[] = $doment;
        }
-        services_dnsmasq_configure();
+        dnsmasq_configure_do();
        services_dhcpd_configure();
        write_config();
        header(url_safe('Location: /services_dnsmasq.php'));

--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@@ -252,7 +252,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        system_login_configure();
        system_hosts_generate();
        services_dhcpleases_configure();
-        services_dnsmasq_configure();
+        dnsmasq_configure_do();
        unbound_configure_do();
        services_dhcpd_configure();


--- a/src/www/system_general.php
+++ b/src/www/system_general.php
@@ -226,7 +226,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        system_hosts_generate();
        services_dhcpleases_configure();
        system_resolvconf_generate();
-        services_dnsmasq_configure();
+        dnsmasq_configure_do();
        unbound_configure_do();
        services_dhcpd_configure();
        system_timezone_configure();