diff --git a/cmd/backupd/backupd.go b/cmd/backupd/backupd.go index ef53d47..ce20769 100644 --- a/cmd/backupd/backupd.go +++ b/cmd/backupd/backupd.go @@ -51,7 +51,7 @@ func updateListeners() error { func logic() error { http.HandleFunc("/backup.tar.gz", func(w http.ResponseWriter, r *http.Request) { - if err := backup.Archive(w, *perm); err != nil { + if err := backup.Archive(w, *perm, flag.Args()); err != nil { log.Printf("backup.tar.gz: %v", err) http.Error(w, err.Error(), http.StatusInternalServerError) } diff --git a/cmd/diagd/diagd.go b/cmd/diagd/diagd.go index 8f73764..0f5da25 100644 --- a/cmd/diagd/diagd.go +++ b/cmd/diagd/diagd.go @@ -98,14 +98,14 @@ func logic() error { m := diag.NewMonitor(diag.Link(uplink). Then(diag.DHCPv4(). Then(diag.Ping4Gateway(). - Then(diag.Ping4("google.ch"). - Then(diag.TCP4("www.google.ch:80"))))). + Then(diag.Ping4("google.com"). + Then(diag.TCP4("www.google.com:80"))))). Then(diag.DHCPv6(). - Then(diag.Ping6("lan0", "google.ch"))). + Then(diag.Ping6("lan0", "google.com"))). Then(diag.RouterAdvertisments(uplink). Then(diag.Ping6Gateway(). - Then(diag.Ping6(uplink, "google.ch"). - Then(diag.TCP6("www.google.ch:80"))))). + Then(diag.Ping6(uplink, "google.com"). + Then(diag.TCP6("www.google.com:80"))))). Then(diag.Ping6("", ip6allrouters+"%"+uplink))) var mu sync.Mutex http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { diff --git a/go.mod b/go.mod index e16abb1..5387239 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/rtr7/router7 -go 1.13 +go 1.18 require ( github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 diff --git a/init/init.go b/init/init.go deleted file mode 100644 index 70609ee..0000000 --- a/init/init.go +++ /dev/null @@ -1,51 +0,0 @@ -package main - -import ( - "flag" - "fmt" - "log" - "os/exec" - "path" - - "github.com/gokrazy/gokrazy" -) - -// buildTimestamp can be overridden by specifying e.g. -// -ldflags "-X main.buildTimestamp=foo" when building. -var ( - buildTimestamp = "2020-06-08T19:45:52-07:00" - - domain string - cmdRoot string - perm string - noFirewall bool -) - -func main() { - flag.StringVar(&cmdRoot, "cmdroot", "/usr/bin", "path to rtr7 binaries") - flag.StringVar(&domain, "domain", "lan", "domain name for your network") - flag.StringVar(&perm, "perm", "/var/lib/rtr7/", "path to replace /perm") - flag.BoolVar(&noFirewall, "nofirewall", false, "disable the rtr7 firewall") - flag.Parse() - log.SetFlags(log.LstdFlags | log.Lshortfile) - - fmt.Printf("gokrazy build timestamp %s\n", buildTimestamp) - - cmds := []*exec.Cmd{ - // exec.Command(path.Join(cmdRoot, "/ntp")), - exec.Command(path.Join(cmdRoot, "backupd"), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "captured"), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "dhcp4"), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "dhcp4d"), fmt.Sprintf("-domain=%s", domain), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "dhcp6"), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "diagd"), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "dnsd"), fmt.Sprintf("-domain=%s", domain), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "dyndns"), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "netconfigd"), fmt.Sprintf("-nofirewall=%t", noFirewall), "-perm="+perm), - exec.Command(path.Join(cmdRoot, "radvd"), "-perm="+perm), - } - if err := gokrazy.Supervise(cmds); err != nil { - log.Fatal(err) - } - select {} -} diff --git a/internal/backup/backup.go b/internal/backup/backup.go index 6a5ac8e..c5706c2 100644 --- a/internal/backup/backup.go +++ b/internal/backup/backup.go @@ -23,9 +23,10 @@ import ( "io/ioutil" "os" "path/filepath" + "slices" ) -func Archive(w io.Writer, dir string) error { +func Archive(w io.Writer, dir string, excludes []string) error { gw, err := gzip.NewWriterLevel(w, gzip.BestSpeed) if err != nil { return err @@ -46,7 +47,7 @@ func Archive(w io.Writer, dir string) error { if path == dir { return nil // skip root } - if last := filepath.Base(path); last == "nobackup" || last == "srv" { + if last := filepath.Base(path); last == "nobackup" || last == "srv" || slices.Contains(excludes, path) { return filepath.SkipDir // skip nobackup (and srv for legacy) } rel, err := filepath.Rel(dir, path) @@ -61,7 +62,7 @@ func Archive(w io.Writer, dir string) error { if err := tw.WriteHeader(hdr); err != nil { return err } - if !info.Mode().IsDir() { + if !info.Mode().IsDir() && !slices.Contains(excludes, path) { b, err := ioutil.ReadFile(path) if err != nil { return err diff --git a/internal/dns/dns.go b/internal/dns/dns.go index d19f56c..c8a205e 100644 --- a/internal/dns/dns.go +++ b/internal/dns/dns.go @@ -597,16 +597,24 @@ func (s *Server) handleRequest(w dns.ResponseWriter, r *dns.Msg) { // DNS has no reply for resolving errors } +func (s *Server) getSubname(domain string, queryName string) (IP,bool) { + name := strings.TrimSuffix(queryName, ".") + name = strings.TrimSuffix(name, ".lan") // trim lan domain + name = strings.TrimSuffix(name, "."+string(s.domain)) // trim server domain + name = strings.TrimSuffix(name, "."+strings.TrimSuffix(domain, "."+string(s.domain))) // trim function domain + if ip, ok := s.subname(domain, name); ok { + return ip, true + } + return IP{},false +} + func (s *Server) resolveSubname(domain string, q dns.Question) (dns.RR, error) { if q.Qclass != dns.ClassINET { return nil, nil } + ip,ok := s.getSubname(domain,q.Name) if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA /*|| q.Qtype == dns.TypeMX*/ { - name := strings.TrimSuffix(q.Name, ".") - name = strings.TrimSuffix(name, ".lan") // trim lan domain - name = strings.TrimSuffix(name, "."+string(s.domain)) // trim server domain - name = strings.TrimSuffix(name, "."+strings.TrimSuffix(domain, "."+string(s.domain))) // trim function domain - if ip, ok := s.subname(domain, name); ok { + if ok { if q.Qtype == dns.TypeA && ip.IPv4.To4() != nil { return dns.NewRR(q.Name + " 3600 IN A " + ip.IPv4.String()) } @@ -655,7 +663,7 @@ func (s *Server) subnameHandler(domain lcHostname) func(w dns.ResponseWriter, r } // Send an authoritative NXDOMAIN for local names: - if r.Question[0].Qtype == dns.TypePTR || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") { + if _,ok := s.getSubname(string(domain),r.Question[0].Name);r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") { s.promInc("local", r) m := new(dns.Msg) m.SetReply(r) diff --git a/internal/netconfig/netconfig.go b/internal/netconfig/netconfig.go index 620d910..cf2ead6 100644 --- a/internal/netconfig/netconfig.go +++ b/internal/netconfig/netconfig.go @@ -21,6 +21,7 @@ import ( "io/ioutil" "net" "os" + "os/exec" "path" "path/filepath" "regexp" @@ -718,7 +719,7 @@ func applyFirewall(dir, ifname string) error { nat := c.AddTable(&nftables.Table{ Family: nftables.TableFamilyIPv4, - Name: "nat", + Name: "nat-gokrazy", }) prerouting := c.AddChain(&nftables.Chain{ @@ -766,12 +767,12 @@ func applyFirewall(dir, ifname string) error { filter4 := c.AddTable(&nftables.Table{ Family: nftables.TableFamilyIPv4, - Name: "filter", + Name: "filter-gokrazy", }) filter6 := c.AddTable(&nftables.Table{ Family: nftables.TableFamilyIPv6, - Name: "filter", + Name: "filter-gokrazy", }) for _, filter := range []*nftables.Table{filter4, filter6} { @@ -1005,6 +1006,22 @@ func Apply(dir, root string, firewall bool) error { if err := applyFirewall(dir, ifname); err != nil { appendError(fmt.Errorf("firewall: %v", err)) } + } else { + if _, err := os.Stat("/user/nft"); err == nil { + log.Println("Applying custom firewall") + cmd := &exec.Cmd{ + Path: "/user/nft", + Args: []string{"/user/nft", "-f/etc/firewall.nft"}, + Env: os.Environ(), + Stdout: os.Stdout, + Stderr: os.Stderr, + } + if err := cmd.Run(); err != nil { + appendError(fmt.Errorf("firewall: nft: %v", err)) + } + } else { + log.Println("Firewall Disabled") + } } if err := applyWireGuard(dir); err != nil {