# "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC
# "bisolt" = boolean, format <host>.<network>.<domain>. so you can isolate
# "bconf" = boolean, write conf file with pipe records
+# "exclude_ipv6_ga" = boolean, exclude IPv6 GA addresses from local-data
#
##############################################################################
sub( /.*\//, "", cdr2 ) ;
gsub( /_/, "-", hst ) ;
-
if ( hst !~ /^[[:alnum:]]([-[:alnum:]]*[[:alnum:]])?$/ ) {
# that is not a valid host name (RFC1123)
# above replaced common error of "_" in host name with "-"
hst = "-" ;
}
-
if ( bisolt == 1 ) {
- # TODO: this might be better with a substituion option,
+ # TODO: this might be better with a substitution option,
# or per DHCP pool do-not-DNS option, but its getting busy here.
fqdn = net
gsub( /\./, "-", fqdn ) ;
fqdn = tolower( hst "." domain ) ;
}
-
if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) {
# IPV4 ; only for provided hostnames and full /32 assignments
# NF=9 ; odhcpd errata in field format without host name
ptr = adr ; qpr = "" ; split( ptr, ptrarr, "." ) ;
slaac = slaac_eui64( id ) ;
-
if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > conffile ;
}
-
# always create the pipe file
for( i=1; i<=4; i++ ) { qpr = ( ptrarr[i] "." qpr) ; }
x = ( fqdn ". 300 IN A " adr ) ;
y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
-
if (( bslaac == 1 ) && ( slaac != 0 )) {
# UCI option to discover IPV6 routed SLAAC addresses
# NOT TODO - ping probe take too long when added in awk-rule loop
cmd = ( "ip -6 --oneline route show dev " net ) ;
-
while ( ( cmd | getline adr ) > 0 ) {
if (( substr( adr, 1, 5 ) <= "fdff:" ) \
&& ( index( adr, "::/" ) != 0 ) \
&& ( index( adr, "anycast" ) == 0 ) \
&& ( index( adr, "via" ) == 0 )) {
- # GA or ULA routed addresses only (not LL or MC)
+ if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr) ) {
+ printf "Excluding GA IPv6 address: %s for %s\n", \
+ adr, fqdn | "logger -t unbound-odhcpd"
+ continue
+ }
sub( /\/.*/, "", adr ) ;
adr = ( adr slaac ) ;
-
if ( split( adr, tmp0, ":" ) > 8 ) {
sub( "::", ":", adr ) ;
}
-
if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > conffile ;
}
-
# always create the pipe file
qpr = ipv6_ptr( adr ) ;
x = ( fqdn ". 300 IN AAAA " adr ) ;
}
}
-
close( cmd ) ;
}
}
else if ((cls != "ipv4") && (hst != "-") && (9 <= NF) && (NF <= 10)) {
if (cdr == 128) {
+ if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr) ) {
+ printf "Excluding GA IPv6 address: %s for %s\n", \
+ adr, fqdn | "logger -t unbound-odhcpd"
+ }
+ else {
if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > conffile ;
}
-
# only for provided hostnames and full /128 assignments
qpr = ipv6_ptr( adr ) ;
x = ( fqdn ". 300 IN AAAA " adr ) ;
y = ( qpr ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
}
+ }
if (cdr2 == 128) {
+ if ( exclude_ipv6_ga == 1 && ipv6_in_range(adr2) ) {
+ printf "Excluding GA IPv6 address: %s for %s\n", \
+ adr2, fqdn | "logger -t unbound-odhcpd"
+ }
+ else {
if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ;
y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > conffile ;
}
-
# odhcp puts GA and ULA on the same line (position 9 and 10)
qpr2 = ipv6_ptr( adr2 ) ;
x = ( fqdn ". 300 IN AAAA " adr2 ) ;
y = ( qpr2 ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > pipefile ;
}
+ }
}
else {
# IPV6 colon flexibility is a challenge when creating [ptr].ip6.arpa.
sz = split( ipv6, ary, ":" ) ; end = 9 - sz ;
-
for( m=1; m<=sz; m++ ) {
if( length(ary[m]) == 0 ) {
for( n=1; n<=end; n++ ) { ary[m] = ( ary[m] "0000" ) ; }
}
}
-
new6 = ary[1] ;
for( m = 2; m <= sz; m++ ) { new6 = ( new6 ary[m] ) ; }
start = length( new6 ) ;
eui64 = 0 ;
}
-
return eui64 ;
}
##############################################################################
+function normalize_ipv6(ip, parts, normalized) {
+ # Remove any prefix length
+ sub(/\/.*/, "", ip);
+
+ # Handle compressed notation (::)
+ if (index(ip, "::") > 0) {
+ split(ip, parts, "::");
+ # Count colons to determine how many zero groups to insert
+ gsub(/:/, ":", parts[1]);
+ if (parts[2] != "") gsub(/:/, ":", parts[2]);
+ missing = 8 - (split(parts[1], tmp1, ":") + split(parts[2], tmp2, ":"));
+
+ # Build normalized address
+ normalized = parts[1];
+ for (i = 0; i < missing; i++) normalized = normalized ":0";
+ if (parts[2] != "") normalized = normalized ":" parts[2];
+ } else {
+ normalized = ip;
+ }
+
+ # Fill each group with leading zeros
+ split(normalized, parts, ":");
+ normalized = "";
+ for (i = 1; i <= length(parts); i++) {
+ if (parts[i] == "") parts[i] = "0";
+ while (length(parts[i]) < 4) {
+ parts[i] = "0" parts[i];
+ }
+ if (i > 1) normalized = normalized ":";
+ normalized = normalized parts[i];
+ }
+
+ return normalized;
+}
+
+function ipv6_in_range(ip) {
+ # Normalize the address first
+ ip = normalize_ipv6(ip);
+
+ # Check if it's in 2000::/3 range
+ # This covers 2000:: to 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+ first_group = substr(ip, 1, 4);
+ first_digit = substr(first_group, 1, 1);
+
+ return (first_digit == "2" || first_digit == "3");
+}
+
local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 )
local dhcp_domain=$( uci_get unbound.@unbound[0].domain )
local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile )
+ local exclude_ipv6_ga=$( uci_get unbound.@unbound[0].exclude_ipv6_ga )
+ if [ "$exclude_ipv6_ga" != "0" ] && [ "$exclude_ipv6_ga" != "1" ]; then
+ logger -t unbound -s "invalid exclude_ipv6_ga value, using default (0)"
+ exclude_ipv6_ga=0
+ fi
if [ -f "$UB_TOTAL_CONF" ] && [ -f "$dhcp_origin" ] \
&& [ "$dhcp_link" = "odhcpd" ] && [ -n "$dhcp_domain" ] ; then
local dns_ls_old=$UB_VARDIR/dhcp_dns.old
local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new
-
if [ ! -f $UB_DHCP_CONF ] || [ ! -f $dns_ls_old ] ; then
# no old files laying around
touch $dns_ls_old
dateconf=$(( $( date +%s ) - $( date -r $UB_DHCP_CONF +%s ) ))
dateoldf=$(( $( date +%s ) - $( date -r $dns_ls_old +%s ) ))
-
if [ $dateconf -gt 300 ] ; then
touch $dns_ls_old
sort $dhcp_origin > $dhcp_ls_new
freshstart)
awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
-v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
- -v bisolt=0 -v bconf=1 \
+ -v bisolt=0 -v bconf=1 -v exclude_ipv6_ga=$exclude_ipv6_ga \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
cp $dns_ls_new $dns_ls_add
longtime)
awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
-v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
- -v bisolt=0 -v bconf=1 \
+ -v bisolt=0 -v bconf=1 -v exclude_ipv6_ga=$exclude_ipv6_ga \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
awk '{ print $1 }' $dns_ls_old | sort | uniq > $dns_ls_del
# unbound-control can be slow so high DHCP rates cannot run a full list
awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
-v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
- -v bisolt=0 -v bconf=0 \
+ -v bisolt=0 -v bconf=0 -v exclude_ipv6_ga=$exclude_ipv6_ga \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
sort $dns_ls_new $dns_ls_old $dns_ls_old | uniq -u > $dns_ls_add
fi
##############################################################################
+
projects / feed / packages.git / commitdiff