updates

cmd/backupd/backupd.go

@@ -51,7 +51,7 @@ func updateListeners() error {
 
 func logic() error {
 	http.HandleFunc("/backup.tar.gz", func(w http.ResponseWriter, r *http.Request) {
-		if err := backup.Archive(w, *perm); err != nil {
+		if err := backup.Archive(w, *perm, flag.Args()); err != nil {
 			log.Printf("backup.tar.gz: %v", err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 		}

cmd/diagd/diagd.go

@@ -98,14 +98,14 @@ func logic() error {
 	m := diag.NewMonitor(diag.Link(uplink).
 		Then(diag.DHCPv4().
 			Then(diag.Ping4Gateway().
-				Then(diag.Ping4("google.ch").
-					Then(diag.TCP4("www.google.ch:80"))))).
+				Then(diag.Ping4("google.com").
+					Then(diag.TCP4("www.google.com:80"))))).
 		Then(diag.DHCPv6().
-			Then(diag.Ping6("lan0", "google.ch"))).
+			Then(diag.Ping6("lan0", "google.com"))).
 		Then(diag.RouterAdvertisments(uplink).
 			Then(diag.Ping6Gateway().
-				Then(diag.Ping6(uplink, "google.ch").
-					Then(diag.TCP6("www.google.ch:80"))))).
+				Then(diag.Ping6(uplink, "google.com").
+					Then(diag.TCP6("www.google.com:80"))))).
 		Then(diag.Ping6("", ip6allrouters+"%"+uplink)))
 	var mu sync.Mutex
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {

go.mod

@@ -1,6 +1,6 @@
 module github.com/rtr7/router7
 
-go 1.13
+go 1.18
 
 require (
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883

init/init.go

@@ -1,51 +0,0 @@
-package main
-
-import (
-	"flag"
-	"fmt"
-	"log"
-	"os/exec"
-	"path"
-
-	"github.com/gokrazy/gokrazy"
-)
-
-// buildTimestamp can be overridden by specifying e.g.
-// -ldflags "-X main.buildTimestamp=foo" when building.
-var (
-	buildTimestamp = "2020-06-08T19:45:52-07:00"
-
-	domain     string
-	cmdRoot    string
-	perm       string
-	noFirewall bool
-)
-
-func main() {
-	flag.StringVar(&cmdRoot, "cmdroot", "/usr/bin", "path to rtr7 binaries")
-	flag.StringVar(&domain, "domain", "lan", "domain name for your network")
-	flag.StringVar(&perm, "perm", "/var/lib/rtr7/", "path to replace /perm")
-	flag.BoolVar(&noFirewall, "nofirewall", false, "disable the rtr7 firewall")
-	flag.Parse()
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	fmt.Printf("gokrazy build timestamp %s\n", buildTimestamp)
-
-	cmds := []*exec.Cmd{
-		// exec.Command(path.Join(cmdRoot, "/ntp")),
-		exec.Command(path.Join(cmdRoot, "backupd"), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "captured"), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "dhcp4"), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "dhcp4d"), fmt.Sprintf("-domain=%s", domain), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "dhcp6"), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "diagd"), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "dnsd"), fmt.Sprintf("-domain=%s", domain), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "dyndns"), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "netconfigd"), fmt.Sprintf("-nofirewall=%t", noFirewall), "-perm="+perm),
-		exec.Command(path.Join(cmdRoot, "radvd"), "-perm="+perm),
-	}
-	if err := gokrazy.Supervise(cmds); err != nil {
-		log.Fatal(err)
-	}
-	select {}
-}

internal/backup/backup.go

@@ -23,9 +23,10 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"slices"
 )
 
-func Archive(w io.Writer, dir string) error {
+func Archive(w io.Writer, dir string, excludes []string) error {
 	gw, err := gzip.NewWriterLevel(w, gzip.BestSpeed)
 	if err != nil {
 		return err
@@ -46,7 +47,7 @@ func Archive(w io.Writer, dir string) error {
 		if path == dir {
 			return nil // skip root
 		}
-		if last := filepath.Base(path); last == "nobackup" || last == "srv" {
+		if last := filepath.Base(path); last == "nobackup" || last == "srv" || slices.Contains(excludes, path) {
 			return filepath.SkipDir // skip nobackup (and srv for legacy)
 		}
 		rel, err := filepath.Rel(dir, path)
@@ -61,7 +62,7 @@ func Archive(w io.Writer, dir string) error {
 		if err := tw.WriteHeader(hdr); err != nil {
 			return err
 		}
-		if !info.Mode().IsDir() {
+		if !info.Mode().IsDir() && !slices.Contains(excludes, path) {
 			b, err := ioutil.ReadFile(path)
 			if err != nil {
 				return err

internal/dns/dns.go

@@ -597,16 +597,24 @@ func (s *Server) handleRequest(w dns.ResponseWriter, r *dns.Msg) {
 	// DNS has no reply for resolving errors
 }
 
-func (s *Server) resolveSubname(domain string, q dns.Question) (dns.RR, error) {
-	if q.Qclass != dns.ClassINET {
-		return nil, nil
-	}
-	if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA /*|| q.Qtype == dns.TypeMX*/ {
-		name := strings.TrimSuffix(q.Name, ".")
+func (s *Server) getSubname(domain string, queryName string) (IP,bool) {
+	name := strings.TrimSuffix(queryName, ".")
 	name = strings.TrimSuffix(name, ".lan")                                               // trim lan domain
 	name = strings.TrimSuffix(name, "."+string(s.domain))                                 // trim server domain
 	name = strings.TrimSuffix(name, "."+strings.TrimSuffix(domain, "."+string(s.domain))) // trim function domain
 	if ip, ok := s.subname(domain, name); ok {
+		return ip, true
+	}
+	return IP{},false
+}
+
+func (s *Server) resolveSubname(domain string, q dns.Question) (dns.RR, error) {
+	if q.Qclass != dns.ClassINET {
+		return nil, nil
+	}
+	ip,ok := s.getSubname(domain,q.Name)
+	if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA /*|| q.Qtype == dns.TypeMX*/ {
+		if ok {
 			if q.Qtype == dns.TypeA && ip.IPv4.To4() != nil {
 				return dns.NewRR(q.Name + " 3600 IN A " + ip.IPv4.String())
 			}
@@ -655,7 +663,7 @@ func (s *Server) subnameHandler(domain lcHostname) func(w dns.ResponseWriter, r
 		}
 
 		// Send an authoritative NXDOMAIN for local names:
-		if r.Question[0].Qtype == dns.TypePTR || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") {
+		if _,ok := s.getSubname(string(domain),r.Question[0].Name);r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") {
 			s.promInc("local", r)
 			m := new(dns.Msg)
 			m.SetReply(r)

internal/netconfig/netconfig.go

@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"net"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"regexp"
@@ -718,7 +719,7 @@ func applyFirewall(dir, ifname string) error {
 
 	nat := c.AddTable(&nftables.Table{
 		Family: nftables.TableFamilyIPv4,
-		Name:   "nat",
+		Name:   "nat-gokrazy",
 	})
 
 	prerouting := c.AddChain(&nftables.Chain{
@@ -766,12 +767,12 @@ func applyFirewall(dir, ifname string) error {
 
 	filter4 := c.AddTable(&nftables.Table{
 		Family: nftables.TableFamilyIPv4,
-		Name:   "filter",
+		Name:   "filter-gokrazy",
 	})
 
 	filter6 := c.AddTable(&nftables.Table{
 		Family: nftables.TableFamilyIPv6,
-		Name:   "filter",
+		Name:   "filter-gokrazy",
 	})
 
 	for _, filter := range []*nftables.Table{filter4, filter6} {
@@ -1005,6 +1006,22 @@ func Apply(dir, root string, firewall bool) error {
 		if err := applyFirewall(dir, ifname); err != nil {
 			appendError(fmt.Errorf("firewall: %v", err))
 		}
+	} else {
+		if _, err := os.Stat("/user/nft"); err == nil {
+			log.Println("Applying custom firewall")
+			cmd := &exec.Cmd{
+				Path:   "/user/nft",
+				Args:   []string{"/user/nft", "-f/etc/firewall.nft"},
+				Env:    os.Environ(),
+				Stdout: os.Stdout,
+				Stderr: os.Stderr,
+			}
+			if err := cmd.Run(); err != nil {
+				appendError(fmt.Errorf("firewall: nft: %v", err))
+			}
+		} else {
+			log.Println("Firewall Disabled")
+		}
 	}
 
 	if err := applyWireGuard(dir); err != nil {