From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 48b1876a48ae485f371fe6baa5fe3c1d000ef7d8
Date: Wed, 14 Sep 2016 16:43:49 +0100 [thread overview]
Message-ID: <20160914154350.82C5F1078E81@git01.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 12161 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 48b1876a48ae485f371fe6baa5fe3c1d000ef7d8 (commit)
via 3f1b94b9faf319ef82f1fde727563b02c9772c6b (commit)
via d20ef9d703dd4f4c16d8ce68f6b093d21d1a04ca (commit)
via 74a5ab67fef3726f1d47bee6181423cd9d18a2c1 (commit)
via b8dd42b9a6b42d69bcabbedb962bc13ecc44d22a (commit)
from ccba93959baf64aefe8c63d4e44888bb7500b036 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 48b1876a48ae485f371fe6baa5fe3c1d000ef7d8
Merge: 3f1b94b ccba939
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Sep 14 16:41:38 2016 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 3f1b94b9faf319ef82f1fde727563b02c9772c6b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Sep 14 16:41:12 2016 +0100
python-ipaddress: New package
Required for the unbound DHCP leases bridge
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d20ef9d703dd4f4c16d8ce68f6b093d21d1a04ca
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Sep 14 16:35:41 2016 +0100
unbound+DHCP: Make sure to only remove old leases and not static hosts
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 74a5ab67fef3726f1d47bee6181423cd9d18a2c1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Sep 14 16:29:53 2016 +0100
unbound+DHCP: Read correct DHCP domain name for lease
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b8dd42b9a6b42d69bcabbedb962bc13ecc44d22a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Sep 14 15:54:36 2016 +0100
unbound+DHCP: Read existing leases from unbound
This allows us to restart unbound and all DHCP leases
will be re-imported even if the unbound-dhcp-leases-bridge is
not restarted.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/python-ipaddress | 8 +++
config/unbound/unbound-dhcp-leases-bridge | 103 ++++++++++++++++++++++++++----
lfs/{python-inotify => python-ipaddress} | 6 +-
make.sh | 1 +
4 files changed, 101 insertions(+), 17 deletions(-)
create mode 100644 config/rootfiles/common/python-ipaddress
copy lfs/{python-inotify => python-ipaddress} (96%)
Difference in files:
diff --git a/config/rootfiles/common/python-ipaddress b/config/rootfiles/common/python-ipaddress
new file mode 100644
index 0000000..a81a5e6
--- /dev/null
+++ b/config/rootfiles/common/python-ipaddress
@@ -0,0 +1,8 @@
+usr/lib/python2.7/site-packages/ipaddress.py
+usr/lib/python2.7/site-packages/ipaddress.pyc
+#usr/lib/python2.7/site-packages/py2_ipaddress-3.4.1-py2.7.egg-info
+#usr/lib/python2.7/site-packages/py2_ipaddress-3.4.1-py2.7.egg-info/PKG-INFO
+#usr/lib/python2.7/site-packages/py2_ipaddress-3.4.1-py2.7.egg-info/SOURCES.txt
+#usr/lib/python2.7/site-packages/py2_ipaddress-3.4.1-py2.7.egg-info/dependency_links.txt
+#usr/lib/python2.7/site-packages/py2_ipaddress-3.4.1-py2.7.egg-info/top_level.txt
+#usr/lib/python2.7/site-packages/py2_ipaddress-3.4.1-py2.7.egg-info/zip-safe
diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge
index 06bff2e..0ef14e1 100644
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -22,6 +22,7 @@
import argparse
import datetime
import daemon
+import ipaddress
import logging
import logging.handlers
import re
@@ -220,7 +221,47 @@ class Lease(object):
@property
def domain(self):
- return "local" # XXX
+ # Load ethernet settings
+ ethernet_settings = self.read_settings("/var/ipfire/ethernet/settings")
+
+ # Load DHCP settings
+ dhcp_settings = self.read_settings("/var/ipfire/dhcp/settings")
+
+ subnets = {}
+ for zone in ("GREEN", "BLUE"):
+ if not dhcp_settings.get("ENABLE_%s" % zone) == "on":
+ continue
+
+ netaddr = ethernet_settings.get("%s_NETADDRESS" % zone)
+ submask = ethernet_settings.get("%s_NETMASK" % zone)
+
+ subnet = ipaddress.ip_network("%s/%s" % (netaddr, submask))
+ domain = dhcp_settings.get("DOMAIN_NAME_%s" % zone)
+
+ subnets[subnet] = domain
+
+ address = ipaddress.ip_address(self.ipaddr)
+
+ for subnet, domain in subnets.items():
+ if address in subnet:
+ return domain
+
+ # Fall back to localdomain if no match could be found
+ return "localdomain"
+
+ @staticmethod
+ def read_settings(filename):
+ settings = {}
+
+ with open(filename) as f:
+ for line in f.readlines():
+ # Remove line-breaks
+ line = line.rstrip()
+
+ k, v = line.split("=", 1)
+ settings[k] = v
+
+ return settings
@property
def fqdn(self):
@@ -257,10 +298,10 @@ class Lease(object):
def rrset(self):
return [
# Forward record
- (self.fqdn, LOCAL_TTL, "IN A", self.ipaddr),
+ (self.fqdn, "%s" % LOCAL_TTL, "IN A", self.ipaddr),
# Reverse record
- (self.ipaddr, LOCAL_TTL, "IN PTR", self.fqdn),
+ (self.ipaddr, "%s" % LOCAL_TTL, "IN PTR", self.fqdn),
]
@@ -268,33 +309,67 @@ class UnboundConfigWriter(object):
def __init__(self, path):
self.path = path
- self._cached_leases = []
+ @property
+ def existing_leases(self):
+ local_data = self._control("list_local_data")
+ ret = {}
+
+ for line in local_data.splitlines():
+ try:
+ hostname, ttl, x, record_type, content = line.split("\t")
+ except ValueError:
+ continue
+
+ # Ignore everything that is not A or PTR
+ if not record_type in ("A", "PTR"):
+ continue
+
+ if hostname.endswith("."):
+ hostname = hostname[:-1]
+
+ if content.endswith("."):
+ content = content[:-1]
+
+ if record_type == "A":
+ ret[hostname] = content
+ elif record_type == "PTR":
+ ret[content] = hostname
+
+ return ret
def update_dhcp_leases(self, leases):
+ # Cache all expired or inactive leases
+ expired_leases = [l for l in leases if l.expired or not l.active]
+
+ # Find any leases that have expired or do not exist any more
+ # but are still in the unbound local data
+ removed_leases = []
+ for fqdn, address in self.existing_leases.items():
+ if fqdn in (l.fqdn for l in expired_leases):
+ removed_leases += [fqdn, address]
+
# Strip all non-active or expired leases
leases = [l for l in leases if l.active and not l.expired]
- # Find any leases that have expired or do not exist any more
- removed_leases = [l for l in self._cached_leases if l.expired or l not in leases]
-
# Find any leases that have been added
- new_leases = [l for l in leases if l not in self._cached_leases]
+ new_leases = [l for l in leases
+ if l.fqdn not in self.existing_leases]
# End here if nothing has changed
if not new_leases and not removed_leases:
return
- self._cached_leases = leases
-
# Write out all leases
self.write_dhcp_leases(leases)
# Update unbound about changes
- for l in removed_leases:
- self._control("local_data_remove", l.fqdn)
+ for hostname in removed_leases:
+ log.debug("Removing all records for %s" % hostname)
+ self._control("local_data_remove", hostname)
for l in new_leases:
for rr in l.rrset:
+ log.debug("Adding new record %s" % " ".join(rr))
self._control("local_data", *rr)
@@ -305,11 +380,11 @@ class UnboundConfigWriter(object):
f.write("local-data: \"%s\"\n" % " ".join(rr))
def _control(self, *args):
- command = ["unbound-control", "-q"]
+ command = ["unbound-control"]
command.extend(args)
try:
- subprocess.check_call(command)
+ return subprocess.check_output(command)
# Log any errors
except subprocess.CalledProcessError as e:
diff --git a/lfs/python-ipaddress b/lfs/python-ipaddress
new file mode 100644
index 0000000..dd96289
--- /dev/null
+++ b/lfs/python-ipaddress
@@ -0,0 +1,75 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2011 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 3.4.1
+
+THISAPP = py2-ipaddress-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 47734313c841068e3d5386d048d01c3d
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python setup.py install --root=/
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 73feacb..951f3dc 100755
--- a/make.sh
+++ b/make.sh
@@ -608,6 +608,7 @@ buildipfire() {
ipfiremake python-inotify
ipfiremake python-docutils
ipfiremake python-daemon
+ ipfiremake python-ipaddress
ipfiremake glib
ipfiremake GeoIP
ipfiremake fwhits
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2016-09-14 15:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160914154350.82C5F1078E81@git01.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox