Startseite Erkunden Hilfe
Anmelden
OWEALs
/
luci
Mirror von https://git.openwrt.org/project/luci.git
2
0
Fork 0
Dateien Issues 4 Wiki
Struktur: fefb9acf57
Branches Tags
luci
/
applications
/
luci-app-unbound
/
luasrc
/
model
/
cbi
/
unbound
/
configure.lua

configure.lua 13 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362 
  1. -- Copyright 2008 Steven Barth <steven@midlink.org>
    2. 

  2. -- Copyright 2016 Eric Luehrsen <ericluehrsen@gmail.com>
    3. 

  3. -- Copyright 2016 Dan Luedtke <mail@danrl.com>
    4. 

  4. -- Licensed to the public under the Apache License 2.0.
    5. 

  5. 

  6. local m1, s1
    7. 

  7. local ena, mcf, lci, lsv
    8. 

  8. local rlh, rpv, vld, nvd, eds, prt, tlm
    9. 

  9. local ctl, dlk, dom, dty, lfq, wfq, exa
    10. 

  10. local dp6, d64, pfx, qry, qrs
    11. 

  11. local pro, rsc, rsn, ag2, stt
    12. 

  12. local tgr, ifc, wfc
    13. 

  13. local rpn, din, ath
    14. 

  14. 

  15. local ut = require "luci.util"
    16. 

  16. local sy = require "luci.sys"
    17. 

  17. local ht = require "luci.http"
    18. 

  18. local ds = require "luci.dispatcher"
    19. 

  19. local ucl = luci.model.uci.cursor()
    20. 

  20. local valman = ucl:get_first("unbound", "unbound", "manual_conf")
    21. 

  21. local dhcplk = ucl:get_first("unbound", "unbound", "dhcp_link")
    22. 

  22. local lstrig = ucl:get_first("dhcp", "odhcpd", "leasetrigger") or "undefined"
    23. 

  23. 

  24. m1 = Map("unbound")
    25. 

  25. s1 = m1:section(TypedSection, "unbound", translate("Recursive DNS"),
    26. 

  26.     translatef("Unbound <a href=\"%s\" target=\"_blank\">(NLnet Labs)</a>"
    27. 

  27.     .. " is a validating, recursive, and caching DNS resolver"
    28. 

  28.     .. " <a href=\"%s\" target=\"_blank\">(help)</a>.",
    29. 

  29.     "https://www.unbound.net/",
    30. 

  30.     "https://github.com/openwrt/packages/blob/master/net/unbound/files/README.md"))
    31. 

  31. 

  32. s1.addremove = false
    33. 

  33. s1.anonymous = true
    34. 

  34. 

  35. if (valman == "0") and (dhcplk == "odhcpd") and (lstrig ~= "/usr/lib/unbound/odhcpd.sh") then
    36. 

  36.     m1.message = translatef( "Note: local DNS is configured to look at odhpcd, "
    37. 

  37.     .. "but odhpcd UCI lease trigger is incorrectly set: ")
    38. 

  38.     .. "dhcp.odhcpd.leasetrigger='" .. lstrig .. "'"
    39. 

  39. end
    40. 

  40. 

  41. --LuCI, Unbound, or Not
    42. 

  42. s1:tab("basic", translate("Basic"))
    43. 

  43. 

  44. 

  45. if (valman == "0") then
    46. 

  46.     -- Not in manual configuration mode; show UCI
    47. 

  47.     s1:tab("advanced", translate("Advanced"))
    48. 

  48.     s1:tab("DHCP", translate("DHCP"))
    49. 

  49.     s1:tab("resource", translate("Resource"))
    50. 

  50. end
    51. 

  51. 

  52. 

  53. --Basic Tab, unconditional pieces
    54. 

  54. ena = s1:taboption("basic", Flag, "enabled", translate("Enable Unbound"),
    55. 

  55.     translate("Enable the initialization scripts for Unbound"))
    56. 

  56. ena.rmempty = false
    57. 

  57. 

  58. mcf = s1:taboption("basic", Flag, "manual_conf", translate("Manual Conf"),
    59. 

  59.     translate("Skip UCI and use /etc/unbound/unbound.conf"))
    60. 

  60. mcf.rmempty = false
    61. 

  61. 

  62. 

  63. if (valman == "0") then
    64. 

  64.     -- Not in manual configuration mode; show UCI
    65. 

  65.     --Basic Tab
    66. 

  66.     lsv = s1:taboption("basic", Flag, "localservice",
    67. 

  67.         translate("Local Service"),
    68. 

  68.         translate("Accept queries only from local subnets"))
    69. 

  69.     lsv.rmempty = false
    70. 

  70. 

  71.     vld = s1:taboption("basic", Flag, "validator",
    72. 

  72.         translate("Enable DNSSEC"),
    73. 

  73.         translate("Enable the DNSSEC validator module"))
    74. 

  74.     vld.rmempty = false
    75. 

  75. 

  76.     nvd = s1:taboption("basic", Flag, "validator_ntp",
    77. 

  77.         translate("DNSSEC NTP Fix"),
    78. 

  78.         translate("Break the loop where DNSSEC needs NTP and NTP needs DNS"))
    79. 

  79.     nvd.optional = true
    80. 

  80.     nvd.default = true
    81. 

  81.     nvd:depends("validator", true)
    82. 

  82. 

  83.     prt = s1:taboption("basic", Value, "listen_port",
    84. 

  84.         translate("Listening Port"),
    85. 

  85.         translate("Choose Unbounds listening port"))
    86. 

  86.     prt.datatype = "port"
    87. 

  87.     prt.placeholder = "53"
    88. 

  88. 

  89.     --Avanced Tab
    90. 

  90.     rlh = s1:taboption("advanced", Flag, "rebind_localhost",
    91. 

  91.         translate("Filter Localhost Rebind"),
    92. 

  92.         translate("Protect against upstream response of 127.0.0.0/8"))
    93. 

  93.     rlh.rmempty = false
    94. 

  94. 

  95.     rpv = s1:taboption("advanced", ListValue, "rebind_protection",
    96. 

  96.         translate("Filter Private Rebind"),
    97. 

  97.         translate("Protect against upstream responses within local subnets"))
    98. 

  98.     rpv:value("0", translate("No Filter"))
    99. 

  99.     rpv:value("1", translate("Filter Private Address"))
    100. 

  100.     rpv:value("2", translate("Filter Entire Subnet"))
    101. 

  101.     rpv.rmempty = false
    102. 

  102. 

  103.     d64 = s1:taboption("advanced", Flag, "dns64", translate("Enable DNS64"),
    104. 

  104.         translate("Enable the DNS64 module"))
    105. 

  105.     d64.rmempty = false
    106. 

  106. 

  107.     pfx = s1:taboption("advanced", Value, "dns64_prefix",
    108. 

  108.         translate("DNS64 Prefix"),
    109. 

  109.         translate("Prefix for generated DNS64 addresses"))
    110. 

  110.     pfx.datatype = "ip6addr"
    111. 

  111.     pfx.placeholder = "64:ff9b::/96"
    112. 

  112.     pfx.optional = true
    113. 

  113.     pfx:depends("dns64", true)
    114. 

  114. 

  115.     din = s1:taboption("advanced", DynamicList, "domain_insecure",
    116. 

  116.         translate("Domain Insecure"),
    117. 

  117.         translate("List domains to bypass checks of DNSSEC"))
    118. 

  118.     din:depends("validator", true)
    119. 

  119. 

  120.     ag2 = s1:taboption("advanced", Value, "root_age",
    121. 

  121.         translate("Root DSKEY Age"),
    122. 

  122.         translate("Limit days between RFC5011 copies to reduce flash writes"))
    123. 

  123.     ag2.datatype = "and(uinteger,min(1),max(99))"
    124. 

  124.     ag2:value("3", "3")
    125. 

  125.     ag2:value("9", "9 ("..translate("default")..")")
    126. 

  126.     ag2:value("12", "12")
    127. 

  127.     ag2:value("24", "24")
    128. 

  128.     ag2:value("99", "99 ("..translate("never")..")")
    129. 

  129. 

  130.     ifc = s1:taboption("advanced", Value, "iface_lan",
    131. 

  131.         translate("LAN Networks"),
    132. 

  132.         translate("Networks to consider LAN (served) beyond those served by DHCP"))
    133. 

  133.     ifc.template = "cbi/network_netlist"
    134. 

  134.     ifc.widget = "checkbox"
    135. 

  135.     ifc.rmempty = true
    136. 

  136.     ifc.cast = "string"
    137. 

  137.     ifc.nocreate = true
    138. 

  138. 

  139.     wfc = s1:taboption("advanced", Value, "iface_wan",
    140. 

  140.         translate("WAN Networks"),
    141. 

  141.         translate("Networks to consider WAN (unserved)"))
    142. 

  142.     wfc.template = "cbi/network_netlist"
    143. 

  143.     wfc.widget = "checkbox"
    144. 

  144.     wfc.rmempty = true
    145. 

  145.     wfc.cast = "string"
    146. 

  146.     wfc.nocreate = true
    147. 

  147. 

  148.     tgr = s1:taboption("advanced", Value, "iface_trig",
    149. 

  149.         translate("Trigger Networks"),
    150. 

  150.         translate("Networks that may trigger Unbound to reload (avoid wan6)"))
    151. 

  151.     tgr.template = "cbi/network_netlist"
    152. 

  152.     tgr.widget = "checkbox"
    153. 

  153.     tgr.rmempty = true
    154. 

  154.     tgr.cast = "string"
    155. 

  155.     tgr.nocreate = true
    156. 

  156. 

  157.     --DHCP Tab
    158. 

  158.     dlk = s1:taboption("DHCP", ListValue, "dhcp_link",
    159. 

  159.         translate("DHCP Link"),
    160. 

  160.         translate("Link to supported programs to load DHCP into DNS"))
    161. 

  161.     dlk:value("none", translate("(none)"))
    162. 

  162.     dlk:value("dnsmasq", "dnsmasq")
    163. 

  163.     dlk:value("odhcpd", "odhcpd")
    164. 

  164.     dlk.rmempty = false
    165. 

  165. 

  166.     dp6 = s1:taboption("DHCP", Flag, "dhcp4_slaac6",
    167. 

  167.         translate("DHCPv4 to SLAAC"),
    168. 

  168.         translate("Use DHCPv4 MAC to discover IP6 hosts SLAAC (EUI64)"))
    169. 

  169.     dp6.optional = true
    170. 

  170.     dp6:depends("dhcp_link", "odhcpd")
    171. 

  171. 

  172.     dom = s1:taboption("DHCP", Value, "domain",
    173. 

  173.         translate("Local Domain"),
    174. 

  174.         translate("Domain suffix for this router and DHCP clients"))
    175. 

  175.     dom.placeholder = "lan"
    176. 

  176.     dom.optional = true
    177. 

  177. 

  178.     dty = s1:taboption("DHCP", ListValue, "domain_type",
    179. 

  179.         translate("Local Domain Type"),
    180. 

  180.         translate("How to treat queries of this local domain"))
    181. 

  181.     dty.optional = true
    182. 

  182.     dty:value("deny", translate("Denied (nxdomain)"))
    183. 

  183.     dty:value("refuse", translate("Refused"))
    184. 

  184.     dty:value("static", translate("Static (local only)"))
    185. 

  185.     dty:value("transparent", translate("Transparent (local/global)"))
    186. 

  186.     dty:depends("dhcp_link", "none")
    187. 

  187.     dty:depends("dhcp_link", "odhcpd")
    188. 

  188. 

  189.     lfq = s1:taboption("DHCP", ListValue, "add_local_fqdn",
    190. 

  190.         translate("LAN DNS"),
    191. 

  191.         translate("How to enter the LAN or local network router in DNS"))
    192. 

  192.     lfq.optional = true
    193. 

  193.     lfq:value("0", translate("No Entry"))
    194. 

  194.     lfq:value("1", translate("Hostname, Primary Address"))
    195. 

  195.     lfq:value("2", translate("Hostname, All Addresses"))
    196. 

  196.     lfq:value("3", translate("Host FQDN, All Addresses"))
    197. 

  197.     lfq:value("4", translate("Interface FQDN, All Addresses"))
    198. 

  198.     lfq:depends("dhcp_link", "none")
    199. 

  199.     lfq:depends("dhcp_link", "odhcpd")
    200. 

  200. 

  201.     wfq = s1:taboption("DHCP", ListValue, "add_wan_fqdn",
    202. 

  202.         translate("WAN DNS"),
    203. 

  203.         translate("Override the WAN side router entry in DNS"))
    204. 

  204.     wfq.optional = true
    205. 

  205.     wfq:value("0", translate("Use Upstream"))
    206. 

  206.     wfq:value("1", translate("Hostname, Primary Address"))
    207. 

  207.     wfq:value("2", translate("Hostname, All Addresses"))
    208. 

  208.     wfq:value("3", translate("Host FQDN, All Addresses"))
    209. 

  209.     wfq:value("4", translate("Interface FQDN, All Addresses"))
    210. 

  210.     wfq:depends("dhcp_link", "none")
    211. 

  211.     wfq:depends("dhcp_link", "odhcpd")
    212. 

  212. 

  213.     exa = s1:taboption("DHCP", ListValue, "add_extra_dns",
    214. 

  214.         translate("Extra DNS"),
    215. 

  215.         translate("Use extra DNS entries found in /etc/config/dhcp"))
    216. 

  216.     exa.optional = true
    217. 

  217.     exa:value("0", translate("Ignore"))
    218. 

  218.     exa:value("1", translate("Host Records"))
    219. 

  219.     exa:value("2", translate("Host/MX/SRV RR"))
    220. 

  220.     exa:value("3", translate("Host/MX/SRV/CNAME RR"))
    221. 

  221.     exa:depends("dhcp_link", "none")
    222. 

  222.     exa:depends("dhcp_link", "odhcpd")
    223. 

  223. 

  224.     --TODO: dnsmasq needs to not reference resolve-file and get off port 53.
    225. 

  225. 

  226.     --Resource Tuning Tab
    227. 

  227.     ctl = s1:taboption("resource", ListValue, "unbound_control",
    228. 

  228.         translate("Unbound Control App"),
    229. 

  229.         translate("Enable access for unbound-control"))
    230. 

  230.     ctl.rmempty = false
    231. 

  231.     ctl:value("0", translate("No Remote Control"))
    232. 

  232.     ctl:value("1", translate("Local Host, No Encryption"))
    233. 

  233.     ctl:value("2", translate("Local Host, Encrypted"))
    234. 

  234.     ctl:value("3", translate("Local Subnet, Encrypted"))
    235. 

  235.     ctl:value("4", translate("Local Subnet, Static Encryption"))
    236. 

  236. 

  237.     pro = s1:taboption("resource", ListValue, "protocol",
    238. 

  238.         translate("Recursion Protocol"),
    239. 

  239.         translate("Choose the IP versions used upstream and downstream"))
    240. 

  240.     pro:value("default", translate("Default"))
    241. 

  241.     pro:value("ip4_only", translate("IP4 Only"))
    242. 

  242.     pro:value("ip6_local", translate("IP4 All and IP6 Local"))
    243. 

  243.     pro:value("ip6_only", translate("IP6 Only*"))
    244. 

  244.     pro:value("ip6_prefer", translate("IP6 Preferred"))
    245. 

  245.     pro:value("mixed", translate("IP4 and IP6"))
    246. 

  246.     pro.rmempty = false
    247. 

  247. 

  248.     rsc = s1:taboption("resource", ListValue, "resource",
    249. 

  249.         translate("Memory Resource"),
    250. 

  250.         translate("Use menu System/Processes to observe any memory growth"))
    251. 

  251.     rsc:value("default", translate("Default"))
    252. 

  252.     rsc:value("tiny", translate("Tiny"))
    253. 

  253.     rsc:value("small", translate("Small"))
    254. 

  254.     rsc:value("medium", translate("Medium"))
    255. 

  255.     rsc:value("large", translate("Large"))
    256. 

  256.     rsc.rmempty = false
    257. 

  257. 

  258.     rsn = s1:taboption("resource", ListValue, "recursion",
    259. 

  259.         translate("Recursion Strength"),
    260. 

  260.         translate("Recursion activity affects memory growth and CPU load"))
    261. 

  261.     rsn:value("default", translate("Default"))
    262. 

  262.     rsn:value("passive", translate("Passive"))
    263. 

  263.     rsn:value("aggressive", translate("Aggressive"))
    264. 

  264.     rsn.rmempty = false
    265. 

  265. 

  266.     qry = s1:taboption("resource", Flag, "query_minimize",
    267. 

  267.         translate("Query Minimize"),
    268. 

  268.         translate("Break down query components for limited added privacy"))
    269. 

  269.     qry.optional = true
    270. 

  270.     qry:depends("recursion", "passive")
    271. 

  271.     qry:depends("recursion", "aggressive")
    272. 

  272. 

  273.     qrs = s1:taboption("resource", Flag, "query_min_strict",
    274. 

  274.         translate("Strict Minimize"),
    275. 

  275.         translate("Strict version of 'query minimize' but it can break DNS"))
    276. 

  276.     qrs.optional = true
    277. 

  277.     qrs:depends("query_minimize", true)
    278. 

  278. 

  279.     eds = s1:taboption("resource", Value, "edns_size",
    280. 

  280.         translate("EDNS Size"),
    281. 

  281.         translate("Limit extended DNS packet size"))
    282. 

  282.     eds.datatype = "and(uinteger,min(512),max(4096))"
    283. 

  283.     eds.placeholder = "1280"
    284. 

  284. 

  285.     tlm = s1:taboption("resource", Value, "ttl_min",
    286. 

  286.         translate("TTL Minimum"),
    287. 

  287.         translate("Prevent excessively short cache periods"))
    288. 

  288.     tlm.datatype = "and(uinteger,min(0),max(1200))"
    289. 

  289.     tlm.placeholder = "120"
    290. 

  290. 

  291.     rtt = s1:taboption("resource", Value, "rate_limit",
    292. 

  292.         translate("Query Rate Limit"),
    293. 

  293.         translate("Prevent client query overload; zero is off"))
    294. 

  294.     rtt.datatype = "and(uinteger,min(0),max(5000))"
    295. 

  295.     rtt.placeholder = "0"
    296. 

  296. 

  297.     stt = s1:taboption("resource", Flag, "extended_stats",
    298. 

  298.         translate("Extended Statistics"),
    299. 

  299.         translate("Extended statistics are printed from unbound-control"))
    300. 

  300.     stt.rmempty = false
    301. 

  301. 

  302. else
    303. 

  303.     ag2 = s1:taboption("basic", Value, "root_age",
    304. 

  304.         translate("Root DSKEY Age"),
    305. 

  305.         translate("Limit days between RFC5011 copies to reduce flash writes"))
    306. 

  306.     ag2.datatype = "and(uinteger,min(1),max(99))"
    307. 

  307.     ag2:value("3", "3")
    308. 

  308.     ag2:value("9", "9 ("..translate("default")..")")
    309. 

  309.     ag2:value("12", "12")
    310. 

  310.     ag2:value("24", "24")
    311. 

  311.     ag2:value("99", "99 ("..translate("never")..")")
    312. 

  312. 

  313.     tgr = s1:taboption("basic", Value, "trigger_interface",
    314. 

  314.         translate("Trigger Networks"),
    315. 

  315.         translate("Networks that may trigger Unbound to reload (avoid wan6)"))
    316. 

  316.     tgr.template = "cbi/network_netlist"
    317. 

  317.     tgr.widget = "checkbox"
    318. 

  318.     tgr.rmempty = true
    319. 

  319.     tgr.cast = "string"
    320. 

  320.     tgr.nocreate = true
    321. 

  321. end
    322. 

  322. 

  323. 

  324. function ena.cfgvalue(self, section)
    325. 

  325.     return sy.init.enabled("unbound") and self.enabled or self.disabled
    326. 

  326. end
    327. 

  327. 

  328. 

  329. function ena.write(self, section, value)
    330. 

  330.     if (value == "1") then
    331. 

  331.         sy.init.enable("unbound")
    332. 

  332.         sy.call("/etc/init.d/unbound start >/dev/null 2>&1")
    333. 

  333. 

  334.     else
    335. 

  335.         sy.call("/etc/init.d/unbound stop >/dev/null 2>&1")
    336. 

  336.         sy.init.disable("unbound")
    337. 

  337.     end
    338. 

  338. 

  339. 

  340.     return Flag.write(self, section, value)
    341. 

  341. end
    342. 

  342. 

  343. 

  344. function m1.on_commit(self)
    345. 

  345.     if sy.init.enabled("unbound") then
    346. 

  346.         -- Restart Unbound with configuration
    347. 

  347.         sy.call("/etc/init.d/unbound restart >/dev/null 2>&1")
    348. 

  348. 

  349.     else
    350. 

  350.         sy.call("/etc/init.d/unbound stop >/dev/null 2>&1")
    351. 

  351.     end
    352. 

  352. end
    353. 

  353. 

  354. 

  355. function m1.on_apply(self)
    356. 

  356.     -- reload the page because some options hide
    357. 

  357.     ht.redirect(ds.build_url("admin", "services", "unbound", "configure"))
    358. 

  358. end
    359. 

  359. 

  360. 

  361. return m1
    362. 

  362.