ifupdown-extra/0000755000000000000000000000000012655215774010736 5ustar ifupdown-extra/scripts/0000755000000000000000000000000012655225357012423 5ustar ifupdown-extra/scripts/network-test0000755000000000000000000006255112655225357015030 0ustar #!/bin/bash # Network testing script v 1.10 # (c) 2005-2014 Javier Fernandez-Sanguino # # This script will test your system's network configuration using basic # tests and providing both information (INFO messages), warnings (WARN) # and possible errors (ERR messages) by checking: # - Interface status # - Availability of configured routers, including the default route # - Proper host resolution, including DNS checks # - Proper network connectivity, including ICMP and web connections to # a remote web server (the web server used for the tests can be configured, # see below) # # Some of the network tests are described in more detail at # http://ubuntuforums.org/archive/index.php/t-25557.html # # The script does not need special privileges to run as it does not # do any system change. It also will not fix the errors by itself. # # Additional software requirements: # * ip from the iproute2 package. (could probably be rewrittent to # use ifconfig only or to parse /proc) # * ping from the iputils-ping package or the netkit-ping package. # * nc from the netcat package. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # You can also find a copy of the GNU General Public License at # http://www.gnu.org/licenses/licenses.html#TOCLGPL # # TODO # - Works only on Linux, can this be generalised for other UNIX systems # (probably not unless rewritten in C) # - Does not check for errors properly, use -e and test intensively # so that expected errors are trapped # (specially for tools that are not available, like netcat) # - If the tools are localised to languages != english the script might # break # - Ask 'host' maintainer to implement error codes as done with # dlint # - Should be able to check if DNS server is in the same network, if # it doesn't answer to pings, check ARP in that case. # - DHCP checks? # - Other internal services tests? (LDAP if using pam...) # - Generate summary of errors in the end (pretty report?) # - Check if packets are being dropped by local firewall? (use dmesg # and look for our tests) # - Support wireless interfaces? (use iwconfig) # - Check for more than one web server (have CHECK_HOSTS be a number # of hosts and determine a metric to spout an error) ? # - Use traceroute or tcptraceroute to see if there is network connectivity? # (traceroute is usually blocked by firewalls but tcptraceroute might # be an alternative to using nc) # - Use mii-tool (requires root privileges) # - Use ping -s XXXX to detect invalid MTUs # - Use arpping to detect another host with our same IP address # - Check other TODOs inline in the code # Default values VERB=3 LOG=0 while getopts ":hsv:" Option do case $Option in v ) VERB=$OPTARG;; s ) LOG=1;; * ) cat <<- EOF Usage: $0 [-s][-v ] -s Also log messages to local3 syslog facility -v 0 Silent run -v 1 Show only error messages -v 2 Show error and warning messages -v 3 Fully verbose (default) EOF exit 0;; esac done # BEGIN configuration # Configure to your needs, these values will be used when # checking DNS and Internet connectivity # DNS name to resolve. # These are default values which can be overriden by the environment. [ -z "$CHECK_HOST" ] && CHECK_HOST=www.debian.org [ -z "$CHECK_IP_ADRESS" ] && CHECK_IP_ADRESS=194.109.137.218 # Web server to check for [ -z "$CHECK_WEB_HOST" ] && CHECK_WEB_HOST=www.debian.org [ -z "$CHECK_WEB_PORT" ] && CHECK_WEB_PORT=80 # Web service to check for a specific content (fixed MD5 value) [ -z "$CHECK_WEB_URL" ] && CHECK_WEB_URL="http://network-test.debian.org/moo" [ -z "$CHECK_WEB_MD5" ] && CHECK_WEB_MD5="5cd5515e6d2f9026fef667cdef4cda42" # Service to return IP address # It should just return the IP address # for example in PHP have an index.php file with: # "" #with no carriage returns or line feed characters. [ -z "$CHECK_IP_URL" ] && CHECK_IP_URL=http://queryip.net/ip/ # END configuration export CHECK_HOST CHECK_IP_ADRESS CHECK_WEB_HOST CHECK_WEB_PORT CHECK_IP_URL PATH=/bin:/sbin:/usr/bin:/usr/sbin # Set our locale environment, just in case any of the tools are translated LC_ALL=C export PATH LC_ALL # Trap interrupts trap 'echo "`basename $0`: Quitting early due to interrupt" 1>&2; exit 1;' 1 2 3 15 # error reporting and logging functions info () { [ "$VERB" -gt 2 ] && echo "INFO: $1" [ "$VERB" -gt 2 ] && [ "$LOG" -eq 1 ] && logger -p local3.info "$0 INFO: $1" } warn () { [ "$VERB" -gt 1 ] && echo "WARN: $1" [ "$VERB" -gt 1 ] && [ "$LOG" -eq 1 ] && logger -p local3.warn "$0 WARN: $1" } err () { [ "$VERB" -gt 0 ] && echo "ERR: $1" >&2 [ "$VERB" -gt 0 ] && [ "$LOG" -eq 1 ] && logger -p local3.err "$0 ERR: $1" } # Report and error with a command an clear a temporary file cmd_err() { command=$1 exitval=$2 tempfile=$3 warn "Execution of '$command' on the interface did not complete successfully (exit value $2)." clear_temp $tempfile } clear_temp() { tempfile=$1 if [ -n "$tempfile" ] && [ -e "$tempfile" ]; then /bin/rm -f -- "$tempfile" fi trap 0 1 2 3 13 15 } # Check if all commands we need are available # NOTE: if using nslookup add "nslookup dnsutils" ( /bin/echo -e "netstat net-tools\nifconfig net-tools\n\ ping netkit-ping|inetutils-ping|iputils-ping\n\ arp net-tools\nip iproute\nhost host|bind9-host\nmktemp debianutils\n\ nc netcat" | while read cmd package; do if ! `which $cmd 2>/dev/null >&2`; then err "$cmd is not available! (please install $package)" exit 1 fi done ) || exit 1 # Recommended programs ( /bin/echo -e "ethtool ethtool" | while read cmd package; do if ! `which $cmd 2>/dev/null >&2`; then warn "$cmd is not available (consider installing $package)" exit 1 fi done ) # Default route for programs ETHTOOL=/usr/sbin/ethtool MIITOOL=/sbin/mii-tool # Other needs # We need /proc/net if [ ! -d /proc/net ] ; then err "/proc is not available! Please mount it ('mount -t /proc')" exit 1 fi defaultif=none export defaultif # Check the network routes configured in the system # # Specifically, check the default route to see if the system has one. # If it has, the interface configured for it is identified check_routes () { # Extract the interface of our default route local status=0 local defaultroutes="" defaultif="`netstat -nr |grep ^0.0.0.0 | awk '{print $8}' | head -1`" defaultroutes="`netstat -nr |grep ^0.0.0.0 | wc -l`" if [ -z "$defaultif" ] ; then defaultif=none warn "This system does not have a default route" status=1 elif [ "$defaultroutes" -gt 1 ] ; then warn "This system has more than one default route" else info "This system has exactly one default route" fi return $status } # Check the status of the loopback interface # # If the loopback interface is not define there might be issues # with local connnectivity. check_local () { local status=0 # Is there a loopback interface? if [ -n "`ip link show lo`" ] ; then # OK, can we ping localhost if ! check_host localhost 1; then # Check 127.0.0.1 instead (not everybody uses this IP address however, # although its the one commonly used) if ! check_host 127.0.0.1 1; then err "Cannot ping localhost (127.0.0.1), loopback is broken in this system" else err "Localhost is not answering but 127.0.0.1, check /etc/hosts and verify localhost points to 127.0.0.1" fi else info "Loopback interface is working properly" fi else err "There is no loopback interface in this system" status=1 fi return $status } # Check the link of a Ethernet interface using 'miitool' check_if_link_miitool () { local ifname=$1 local status=0 [ ! -x "$MIITOOL" ] && return 0 if $MIITOOL $ifname 2>&1| grep -q "no link"; then status=1 fi return $status } # Check the link of a Ethernet interface using 'ethtool' check_if_link_ethtool () { # Note: Unlike other sections of the script we need to be root # to test this local ifname=$1 local status=0 [ ! -x "$ETHTOOL" ] && return 0 LINK="`$ETHTOOL $ifname 2>&1| grep \"Link detected\"`" # If ethtool fails to print out the link line we break off # notice that ethtool cannot get the link status out of all # possible network interfaces [ -z "$LINK" ] && return if ! echo $LINK | grep -q "Link detected: yes" ; then status=1 fi return $status } # Check the link of a Ethernet interface using 'ip link' check_if_link_iplink () { local ifname=$1 local status=0 [ ! -x /sbin/ip ] && return 0 if /sbin/ip link show $ifname 2>&1 | grep -q "NO-CARRIER"; then status=1 fi return $status } # Check the link of a Ethernet interface # # Depending on how is the script is running either ethtool or # 'ip link' is used. check_if_link() { local status=-1 local iface=$1 # Use ethtool if installed (preferable to mii-tool) # If none are installed we will test using 'ip link show' if [ "`id -u`" -eq 0 ] ; then if [ -x "$ETHTOOL" ] ; then check_if_link_ethtool $iface status=$? elif [ -x "$MIITOOL" ]; then check_if_link_miitool $iface status=$? fi fi # If no test has done use ip link if [ $status -eq -1 ]; then check_if_link_iplink $iface status=$? fi return $status } # Check a network interface # # Test a network interface to see if it is working properly. Valid # tests for interfaces are: # - link tests (for Ethernet interfaces) # - IP address assignment. An interface without IP might indicate # an error in network connectity (e.g. failure to obtain an IP # using DHCP) # - packet statistics. An interface with 0 packets transmitted / received # or errors might indicate a malfunctioning device. # # TODO: # - do specific wireless tests for WiFi networks (determine if the # interface is properly associated with its configured network check_if () { local ifname=$1 local status=0 local realif=$ifname [ -z "$ifname" ] && return 1 # Check if the interface has a link case "$ifname" in eth*@*) realif="`echo $ifname | sed -e 's/^.*@//g'`" ifname="`echo $ifname | sed -e 's/@.*//g'`" check_if_link $realif ; status=$?;; eth*) check_if_link $ifname ; status=$?;; *) ;; esac # Print results if [ $status -ne 0 ] ; then if [ "$ifname" = "$defaultif" ] ; then err "The $ifname interface that is associated with your default route has no link!" else if [ "$realif" = "$ifname" ] ; then warn "Interface $ifname does not have link" else warn "The interface $realif does not have link (underlying interface of $ifname" fi fi fi # Prepare a tempfile tempfile="`mktemp --tmpdir tmptestnet.XXXXXX`" || { err "Cannot create temporary file! Aborting! " ; exit 1; } trap " [ -f \"$tempfile\" ] && /bin/rm -f -- \"$tempfile\"" 0 1 2 3 13 15 # Find IP addresses for $ifname ip addr show $ifname 2>/dev/null >$tempfile exitval=$? if [ "$exitval" != "0" ] || [ ! -s "$tempfile" ] ; then cmd_err "ip addr show" $exitval $tempfile clear_temp $tempfile return 1 fi inetaddr="`cat \"$tempfile\" | grep \"inet \" | awk '{print $2}' | sed -e 's/\/.*//'`" if [ -z "$inetaddr" ] ; then warn "The $ifname interface does not have an IP address assigned" status=1 else # TODO: WARN if more than 2 IP addresses? echo $inetaddr | while read ipaddr; do info "The $ifname interface has IP address $ipaddr assigned" done fi # Lookup TX and RX statistics ifconfig $ifname 2>/dev/null >$tempfile exitval=$? if [ "$exitval" != "0" ] || [ ! -s "$tempfile" ] ; then cmd_err "ifconfig" $exitval $tempfile clear_temp $tempfile return 1 fi # TODO: This is done using ifconfig but could use /proc/net/dev for # more readibility or, better, 'netstat -i' txpkts="`cat \"$tempfile\" | awk '/RX packets/ { print $2 }' |sed 's/.*://'`" rxpkts="`cat \"$tempfile\" | awk '/RX packets/ { print $2 }' |sed 's/.*://'`" txerrors="`cat \"$tempfile\" | awk '/TX packets/ { print $3 }' |sed 's/.*://'`" rxerrors="`cat \"$tempfile\" | awk '/RX packets/ { print $3 }' |sed 's/.*://'`" # Abort if we do not have values to check [ -z "$txpkts" ] && [ -z "$rxpkts" ] && return 0 # TODO: Check also frames and collisions, to detect faulty cables # or network devices (cheap hubs) if [ "$txpkts" -eq 0 ] && [ "$rxpkts" -eq 0 ] ; then err "The $ifname interface has not tx or rx any packets. Link down?" status=1 elif [ "$txpkts" -eq 0 ]; then warn "The $ifname interface has not transmitted any packets." elif [ "$rxpkts" -eq 0 ] ; then warn "The $ifname interface has not received any packets." else info "The $ifname interface has tx and rx packets." fi # Abort if we do not have values to check [ -z "$txerrors" ] && [ -z "$rxerrors" ] && return 0 # TODO: It should be best if there was a comparison with tx/rx packets. # a few errors are not uncommon if the card has been running for a long # time. It would be better if a relative comparison was done (i.e. # less than 1% ok, more than 20% warning, over 80% major issue, etc.) if [ "$txerrors" -ne 0 ]; then warn "The $ifname interface has tx errors." fi if [ "$rxerrors" -ne 0 ]; then warn "The $ifname interface has rx errors." fi clear_temp $tempfile return $status } # Check the status of the network interfaces in the host # # The list of network interfaces is obtained using 'ip link' and # this list is reviewed to see if there is any valid (i.e. "UP") # interface. # If there is, the interface is analysed to determine if it # is working properly. # check_netif () { local status=0 ip link show | egrep '^[[:digit:]]' | { validif=0 while read ifnumber ifname status extra; do ifname="`echo $ifname |sed -e 's/:$//'`" # Strip the ending ':'" [ "$ifname" = "lo" ] && continue # Skip loopback # TODO: this is redundant with the check if_link test # (although faster since using it would make us call 'ip' # twice. if [ -n "`echo $extra | grep DOWN `" ] || [ -n "`echo $status | grep NO-CARRIER`" ] then if [ "$ifname" = "$defaultif" ] ; then err "The $ifname interface that is associated with your default route is down!" status=1 elif [ "$ifname" = "lo" ] ; then err "Your lo interface is down, this might cause issues with local applications (but not necessarily with network connectivity)" else warn "The $ifname interface is down" fi if [ -n "`echo $extra | grep LOWERLAYERDOWN `" ] ; then realif="`echo $ifname | sed -e 's/^.*@//g'`" info "$ifname is down because the underlying interface '$realif' is down" fi else # Check network routes associated with this interface info "The $ifname interface is up" check_if $ifname # Check the interface check_netroute $ifname # Check routes assigned to it # TODO: Determine under which conditions an # interface is valid validif=$(( $validif +1 )) fi done; return $validif; } if [ "$?" -eq 0 ] ; then err "No valid network interfaces were found. System does not have network connectivity" status=1 fi return $status } # Checks the network routes assigned to a given interface # if any of the routers defined for a network route does not # answer then consider it is not reachable (and, consequently, its route # might not be reachable). We do not consider the remote network # as unavailable as there might be two different routers for # the same network and we do not differentiate these check_netroute () { local ifname=$1 [ -z "$ifname" ] && return 1 netstat -nr | grep "${ifname}$" | while read network gw netmask flags mss window irtt iface; do # For each gw that is not the default one or a direct network, # check it # (default route is tested separately) if [ "$network" != "0.0.0.0" ] && [ "$gw" != "0.0.0.0" ]; then if ! check_router $gw ; then err "The router $gw (interface $ifname) is not reachable (network $network migth not be available)" return 1 fi fi done return 0 } # Checks the default network routes check_default_route () { local valid_defgw=0 netstat -nr |grep ^0.0.0.0 | { valid=0 while read network gw netmask flags mss window irtt iface; do # Test each default route separately # check it # (default route is tested separately) if ! check_router $gw ; then warn "The router $gw for the default route (in interface $iface) is not reachable" else valid=$(( $valid +1 )) fi done; return $valid; } valid_defgw=$? if [ "$valid_defgw" -eq 0 ] ; then err "The default route is not available" return 1 fi return 0 } # Checks if a router is up and alive # The check is done first by sending ICMP queries to the router # and then we check if we have the ARP address of it. # A router that does not answer to ICMP queries is just a warning # (some firewalls will behave this way) but we consider it # a failure if we do not obtain a proper MAC address check_router () { local router=$1 local status=0 [ -z "$router" ] && return 1 # First ping the router, if it does not answer then check arp tables and # see if we have an arp. We use 5 packets since it is in our local network. ping -n -q -c 5 "$router" >/dev/null 2>&1 if [ "$?" -ne 0 ]; then warn "Router $router does not answer to ICMP pings" # Router does not answer, check arp routerarp="`arp -n | grep \"^$router\" | grep -v incomplete`" if [ -z "$routerarp" ] ; then err "We cannot retrieve a MAC address for router $router" status=1 fi fi if [ "$status" -eq 0 ] ; then info "The router $router is reachable" fi return $status } # Check if a host is reachable # The host is checked by first sending ICMP queries # if the host does not answer to them it might be firewalled # or unavailable. # This script is intented to be run for any host (local or remote) # so it does not check for ARP replies (unlike the check_router() # function above. # # TODO: # - if the host is in our local network (no route needs to be used) then # check ARP availability # - if the host is not on our local network then check if we have a route # for it # - if it is a remote host we could alternatively use some other network # tests since ICMP queries are (unfortunately) many times firewalled. check_host () { local host=$1 [ -z "$host" ] && return 1 # Use 10 packets as we expect this to be outside of our network COUNT=10 [ -n "$2" ] && COUNT=$2 status=0 ping -n -q -c $COUNT "$host" >/dev/null 2>&1 if [ "$?" -ne 0 ]; then warn "Host $host does not answer to ICMP pings" status=1 else info "Host $host answers to ICMP pings" fi return $status } # Check the nameservers defined in /etc/resolv.conf # First the /etc/resolv.conf file is parsed, then, for each nameserver # found in it: # - We check if it is reachable using check_host # - We try to make a DNS query to see if it answers # # NOTE: Not all systems use DNS, /etc/nsswitch.conf might be configured # to use LDAP or file-based (ug!) queries to find out remote hosts. # However, in most cases, failure of DNS means the network connectivity # fails too. check_dns () { local status=1 local nsfound=0 local nsok=0 tempfile="`mktemp --tmpdir tmptestnet.XXXXXX`" || { err "Cannot create temporary file! Aborting! " ; exit 1; } trap " [ -f \"$tempfile\" ] && /bin/rm -f -- \"$tempfile\"" 0 1 2 3 13 15 cat /etc/resolv.conf | grep -v ^# | grep nameserver | awk '/nameserver/ { for (i=2;i<=NF;i++) { print $i ; } }' >$tempfile if [ ! -s "$tempfile" ] ; then err "The system does not have any nameserver configured" return 1 fi for nameserver in `cat $tempfile`; do nsfound=$(( $nsfound + 1 )) info "This system is configured to use nameserver $nameserver" check_host $nameserver 5 if check_ns $nameserver ; then nsok=$(( $nsok +1 )) else status=$? fi done #Could also do: #nsfound="`wc -l $tempfile | awk '{print $1}'`" clear_temp $tempfile if [ "$nsfound" -eq 0 ] ; then err "The system does not have any nameserver configured" return 1 else if [ "$status" -ne 0 -a "$nsok" -eq 0 ] ; then if [ "$nsfound" -eq 1 ] ; then err "There is one nameserver configured for this system but it does not work properly" else err "There are $nsfound nameservers configured for this system and none of them works properly" fi else if [ "$nsfound" -eq 1 ] ; then info "The nameserver configured for this system works properly" else info "There are $nsfound nameservers configured for this system and $nsok are working properly" fi fi fi return $status } # Check the nameserver using a pre-defined host # This function tests a remote DNS server by querying it with # a pre-defined host and tries to determine if the DNS query # works as expected # # TODO: use nslookup? # nslookup $CHECK_HOST -$nameserver check_ns () { local nameserver=$1 local status=1 [ -z "$nameserver" ] && return 1 CHECK_RESULT="$CHECK_HOST .* $CHECK_IP_ADDRESS" # Using dnscheck: dnscheck="`host -t A $CHECK_HOST $nameserver 2>&1 | tail -1`" if [ -n "`echo $dnscheck |grep NXDOMAIN`" ] ; then err "Dns server $nameserver does not resolv properly" elif [ -n "`echo $dnscheck | grep \"timed out\"`" ] ; then err "Dns server $nameserver is not available" elif [ -z "`echo $dnscheck | egrep \"$CHECK_RESULT\"`" ] ; then warn "Dns server $nameserver did not return the expected result for $CHECK_HOST" else info "Dns server $nameserver resolved correctly $CHECK_HOST" status=0 fi # Using dlint # dlint $CHECK_HOST @$nameserver >/dev/null 2>&1 # if [ $? -eq 2 ] ; then # err "Dns server $nameserver does not resolv properly" # elif [ $? -ne 0 ]; then # err "Unexpected error when testing $nameserver" # else # info "Dns server $nameserver resolved correctly $CHECK_HOST" # status=0 # fi return $status } # Checks network connectivity to a web host # # Makes a check to test if a remote (pre-defined) system is available through # the network. # # This function currently uses two tests: # - check_host() which implements network test (ICMP queries) # - a standard query to the web server, the query is direct using # netcat. I.e. it does not use any proxy settings available in the system # # TODO: # - this could also implement proxy checks (if the http_proxy environment is # defined?) check_conn () { local status=0 if ! check_host $CHECK_WEB_HOST >/dev/null ; then warn "System does not seem to reach Internet host $CHECK_WEB_HOST through ICMP" else info "System can reach Internet host $CHECK_WEB_HOST" fi # Check web access, using nc /bin/echo -e "HEAD / HTTP/1.0\n\n" |nc -w 20 $CHECK_WEB_HOST $CHECK_WEB_PORT >/dev/null 2>&1 if [ $? -ne 0 ] ; then err "Cannot access web server at Internet host $CHECK_WEB_HOST (port $CHECK_WEB_PORT)" status=1 else info "System can access web server at Internet host $CHECK_WEB_HOST (port $CHECK_WEB_PORT)" fi return $status } # Checks network connectivity to a web host checking the content # # Makes a check to test if a remote (pre-defined) system is available through # the network and the content it delivers is provided without changes. # check_web_content () { local status=0 tempfile="`mktemp --tmpdir tmptestnet.XXXXXX`" || { err "Cannot create temporary file! Aborting! " ; exit 1; } trap " [ -f \"$tempfile\" ] && /bin/rm -f -- \"$tempfile\"" 0 1 2 3 13 15 # Check IP address, using curl /usr/bin/curl -s $CHECK_WEB_URL >$tempfile 2>&1 if [ $? -ne 0 ] ; then err "Cannot access web service at $CHECK_WEB_URL" status=1 else info "System can access web service at $CHECK_WEB_URL" fi md5=`md5sum $tempfile | awk '{print $1}'` if [ $md5 = "$CHECK_WEB_MD5" ] ; then info "System can connect to the Internet and received files without changes" else err "System can access the Internet, but the received files are modified somehow (file had md5 '$md5', expected ' $CHECK_WEB_MD5'" fi clear_temp $tempfile return $status } # Checks the public IP address of a service # # Connects to a public web sevice to determine the system's public IP address # check_ip_addr () { local status=0 tempfile="`mktemp --tmpdir tmptestnet.XXXXXX`" || { err "Cannot create temporary file! Aborting! " ; exit 1; } trap " [ -f \"$tempfile\" ] && /bin/rm -f -- \"$tempfile\"" 0 1 2 3 13 15 # Check IP address, using curl /usr/bin/curl -s $CHECK_IP_URL >$tempfile 2>&1 # Alternatively: # URI=`echo $CHECK_IP_URL | sed -e 's|^[^/]*/|/|' # /bin/echo -e "GET $URI HTTP/1.0\n\n" |nc -w 20 $CHECK_IP_URL 80 >$tempfile 2>&1 if [ $? -ne 0 ] ; then err "Cannot access IP address service at Internet host $CHECK_IP_URL" status=1 else info "System can access web server at Internet host $CHECK_IP_URL" fi ip_address=`cat $tempfile` info "System public IP address is $ip_address" clear_temp $tempfile return $status } # TODO: checks could be conditioned, i.e. if there is no proper # interface setup don't bother with DNS and don't do some Inet checks # if DNS is not setup properly check_routes check_local || exit 1 check_netif || exit 1 check_default_route || exit 1 check_dns || exit 1 check_conn || exit 1 check_web_content check_ip_addr exit 0 ifupdown-extra/scripts/network-test.10000644000000000000000000001171412321354351015142 0ustar .\" network-test.1 - check the network and test if everything is OK .\" Copyright (C) 2006-2011 Javier Fernandez-Sanguino .\" Everybody is allowed to distribute this manual page, .\" to modify it, and to distribute modifed versions of it. .TH network-test 1 "April 10 2014" "ifupdown\-extra" "ifupdown\-extra" .SH NAME network-test \- check the network and test if everything is fine .SH SYNOPSIS .B network-test .SH DESCRIPTION The .B network-test program will test your system's network configuration using basic tests and providing both information (\fBINFO\fP), warnings (\fBWARN\fP) and possible errors (\fBERR\fP) based on the results of these tests. It will check and report on: .RS * Status of the network interfaces of the system including: link status, IP addressing and number of transmitted packets and error rates. * Accessibility to configured routes to external networks, including the default network route, checking the routers configured to give access to the network * Proper host resolution, testing DNS resolution against a known host. * Proper network connectivity, testing reachability of remote hosts using ICMP and simulating a web connections to a remote web server (the web server used for the tests can be configured through the environment, see below) .RE .P The program does not need special privileges to run as it does not do any system change. However, the behaviour of the program when running as an unprivileged user is not the same as running as system administrator (i.e. root). If the program is run as system administrator it will try to run some tools that are only available to it to speed up some of the tests. .P The program relies on the use of \fBip\fR, \fBnetstat\fR, \fBifconfig\fR, \fBarp\fR and (when running as root) \fBethtool\fR or \fBmii-tool\fR, to obtain information about the system's networking configuration (status of available interfaces and configured network routes). It also uses \fBping\fR, \fBhost\fR and \fBnc\fR (netcat) to do tests of the network connectivity and ensure that the host can connect to the Internet. .SH ENVIRONMENT The program will, by default, check .B www.debian.org and its associated web server. If you want to use a different check host you can setup the environment as follows: .br .TP .B CHECK_HOST The name of a host to use when testing DNS resolution. By default 'www.debian.org' .TP .B CHECK_IP_ADRESS The .B CHECK_HOST \'s IP address. By default defined with the following value: 194.109.137.218 .TP .B CHECK_WEB_HOST The web server to use for testing purposes when testing network connectivity. By default it will use 'www.debian.org' .TP .B CHECK_WEB_PORT The web server port of server .B CHECK_WEB_HOST that will be used for testing. By default it will use TCP port 80.. .TP .B CHECK_WEB_URL A web service to test network connectivity by downloading some content. By default it will use 'http://network-test.debian.org/moo' .TP .B CHECK_WEB_MD5 The MD5sum value of the content being checked. .TP .B CHECK_IP_URL A web service used to determine the system's public IP address. By default it will use 'http://queryip.net/ip/' .SH EXIT STATUS The program will exit with error (1) if any of the network checks fail. .SH BUGS This program does not have \fIsuper cow powers\fP so it is unable to fix the errors by itself. It is also unable to detect if the network is failing due to a local firewall policy been in place so make sure you check your system logs with .B dmesg (1) to detect if some of the active tests are being dropped due to your local firewall. Other known issues that might make the program not work reliable are: .RS * IPv6: The program does not yet explicitly handle IPv6 only hosts, some of the tests might be biased towards IPv4 and might fail in IPv6 environments. * Proxies: The program does not check network connectivity for hosts that connect through the Internet using a proxy gateway for services. The program might report issues in hosts using proxies even when these might connect to the Internet properly through proxied services. * Firewall environments: some of the tests rely on direct connectivity to external hosts, which are tested using ICMP queries (through the use of \fBping\fR. These tests might fail in hosts installed in networking environments with firewalls that block outbound ICMP communication. .RE .SH SEE ALSO .B ip (8), .B netstat (8), .B ifconfig (8), .B ethtool (8), .B mii-tool (8), .B ping (8), .B nc (1), .B curl (1), and .B host (1). .SH AUTHOR .B network-test was written by Javier Fernandez-Sanguino for the Debian GNU/Linux distribution. .SH COPYRIGHT AND LICENCE Copyright (C) 2005-2014 Javier Fernandez-Sanguino . This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. On Debian systems, a copy of the GNU General Public License may be found in /usr/share/common-licenses/GPL. ifupdown-extra/debian/0000755000000000000000000000000012655225661012154 5ustar ifupdown-extra/debian/ifupdown-extra.postinst0000755000000000000000000000051411645666421016741 0ustar #!/bin/sh set -e # There was a bug in the package (<< 0.15). We need to # move the file to the new location if dpkg-maintscript-helper supports mv_conffile; then dpkg-maintscript-helper mv_conffile \ /etc/network/network-routes /etc/network/routes 0.14 -- "$@" fi #DEBHELPER# # vim:tabstop=2:expandtab:shiftwidth=2 ifupdown-extra/debian/compat0000644000000000000000000000000211645666421013353 0ustar 7 ifupdown-extra/debian/copyright0000644000000000000000000000307511645666421014115 0ustar This is ifupdown-extra, written and maintained by Javier Fernandez-Sanguino Peña on Sun, 13 Aug 2006 13:14:25 +0200. The original source can always be found at: ftp://ftp.debian.org/dists/unstable/main/source/ Copyright Holder: Copyright 2006 - 2011 Javier Fernandez-Sanguino Peña The code of the run_route() function in the debian/ifupdown-extra.networking-routes.init script is derived from the ifup-route script in SuSE's sysconfig package (scripts/ifup-route) These portions are: Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany. All rights reserved. Author: Christian Zoz , 2002 Based on rcroute: Burchard Steinbild , 1996 Werner Fink , 1996-2000 License: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. ifupdown-extra/debian/rules0000755000000000000000000000310112655222141013215 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ install: build dh binary --until dh_installdirs # Configuration files install -m644 debian/network-routes $(CURDIR)/debian/ifupdown-extra/etc/network/routes install -m644 debian/network-test-default $(CURDIR)/debian/ifupdown-extra/etc/default/network-test # Network scripts for ifupdown install -m755 if-up-scripts/check-network-cable $(CURDIR)/debian/ifupdown-extra/etc/network/if-up.d/00check-network-cable install -m755 if-up-scripts/check-duplicate-ip $(CURDIR)/debian/ifupdown-extra/etc/network/if-up.d/10check-duplicate-ip install -m755 if-up-scripts/check-duplicate-ip6 $(CURDIR)/debian/ifupdown-extra/etc/network/if-up.d/10check-duplicate-ip6 install -m755 if-up-scripts/static-routes $(CURDIR)/debian/ifupdown-extra/etc/network/if-up.d/20static-routes install -m755 if-up-scripts/check-gateway $(CURDIR)/debian/ifupdown-extra/etc/network/if-up.d/30check-gateway # Other programs install -m755 scripts/network-test $(CURDIR)/debian/ifupdown-extra/usr/bin/network-test dh_installman -i scripts/network-test.1 dh_installinit --name=networking-routes --no-start -- start 41 S . binary: install dh binary --after dh_installdirs ifupdown-extra/debian/ifupdown-extra.postrm0000755000000000000000000000051311645666421016401 0ustar #!/bin/sh set -e # There was a bug in the package (<< 0.15). We need to # move the file to the new location if dpkg-maintscript-helper supports mv_conffile; then dpkg-maintscript-helper mv_conffile \ /etc/network/network-routes /etc/network/routes 0.14 -- "$@" fi #DEBHELPER# # vim:tabstop=2:expandtab:shiftwidth=2 ifupdown-extra/debian/source/0000755000000000000000000000000011645666421013455 5ustar ifupdown-extra/debian/source/lintian-overrides0000644000000000000000000000037611645666421017044 0ustar # Lintian overrides for ifupdown-extra # These overrides are required because the debian/changelog # is in UTF-8 and debian/control not: ifupdown-extra source: changelog-should-mention-nmu ifupdown-extra source: source-nmu-has-incorrect-version-number ifupdown-extra/debian/dirs0000644000000000000000000000011411575215655013036 0ustar usr/bin etc/default etc/network etc/network/if-pre-up.d etc/network/if-up.d ifupdown-extra/debian/network-test-default0000644000000000000000000000271512655222325016166 0ustar # Defaults for ifupdown-extra testing scripts # sourced by scripts at /etc/network/if-{pre-,-}up.d # installed at /etc/default/network-test by the maintainer scripts # while respecting exported shell environment variables # Tells scripts to log to syslog the tests done before an interface # is configured. Set this to "no" if you just want to use stderr DO_SYSLOG=${DO_SYSLOG:-yes} # Abort scripts (do not continue) if the network link is not up ABORT_NO_LINK=${ABORT_NO_LINK:-no} # Additional options that are passed to ARPING scripts # # DO_ARPING tells the scripts to test if an IPv4 or IPv6 address is already # assigned in the network (using arping for IPv4 and ndisc6 for IPv6, if # available). The scripts provided will log this event to syslog and can be # used to detect network configuration errors. # # Please bear in mind that these type of network probes will introduce a delay # when configuring the interface (if everything is OK) since the scripts will # have to wait until the tool sends the probes and finishes before configuring # an interface. Set this to 'no' if you do not want this delay and want to skip # these tests. DO_ARPING=${DO_ARPING:-yes} # # These values control how many arp pings are sent when doing ARP tests # The higher the count (or timeout) the more time it will take for those # scripts to finish but it might make it more easy to detect faulty # counditions in overloaded networks. ARP_COUNT=${ARP_COUNT:-2} ARP_TIMEOUT=${ARP_TIMEOUT:-3} ifupdown-extra/debian/changelog0000644000000000000000000003535712655225661014043 0ustar ifupdown-extra (0.26) unstable; urgency=medium * if-up-scripts/check-duplicate-ip: - Add code to ensure that we skip IPv6 addresses if found (Closes: 758700) - Do not exit with error to prevent having an interface marked as unconfigured * if-up-scripts/check-duplicate-ip6: - New script to test for duplicate IPv6 assignment using ndisc6 * if-up-scripts/check-network-cable: - Fix the definition of LINK which fails due to variable name (Closes: #758798) (LP: 1397965) * if-up-scripts/check-network-cable: - Do not exit with error to prevent having an interface marked as unconfigured * debian/ifupdown-extra.networking-routes.init: - Fix management of routes defined with an interface and with "any" as an interface. Also, use 'ip route' instead of the obsolete 'route' command. Thanks to Steve Wray for the patch. (Closes: #794846) * scripts/network-test: - Fix logic so that it reports properly when only some, but not all, nameservers are failing. Thanks to Gregor Zattler for the patch that fixes the evaluation logic (Closes: #764529) * debian/control: - Add ndisc6 to Recommends: - Mention that the scripts now test also IPv6 addressing -- Javier Fernández-Sanguino Peña Fri, 05 Feb 2016 23:41:39 +0100 ifupdown-extra (0.25) unstable; urgency=medium * debian/control: - Add curl to dependencies - Update Standards Version * scripts/network-test: - Fix error in output - Add tests to determine if the system is connected to the Internet (using the new http://network-test.debian.org/ Debian Network test system) - Add test to determine the system's public IP address -- Javier Fernández-Sanguino Peña Thu, 10 Apr 2014 01:25:07 +0200 ifupdown-extra (0.24) unstable; urgency=medium * if-up-scripts/check-gateway: - Fix typo in script that causes grep call to fail miserably (Closes: 726505, 726816) * debian/control: - Add dependency on dh-python, as indicated in https://wiki.debian.org/Python/TransitionToDHPython -- Javier Fernández-Sanguino Peña Mon, 21 Oct 2013 18:34:17 +0200 ifupdown-extra (0.23) unstable; urgency=low * if-up-scripts/check-duplicate-ip: - Manage redirections properly, the code causes invocation errors if using iputil's arping (Closes: 632210) - Harmonise call to external programs in shell script * if-up-scripts/check-network-cable: - Fix spacing and some other minor shell scripts (Closes: 641923) * if-up-scripts/check-gateway: - Harmonise call to external programs in shell script * debian/control: Rename iproute to iproute2, since the former is a transitional package that will be removed in Jessie+1 -- Javier Fernández-Sanguino Peña Wed, 25 Sep 2013 18:35:23 +0200 ifupdown-extra (0.22) unstable; urgency=low [ Javier Fernández-Sanguino Peña ] * if-up-scripts/check-duplicate-ip: - Do not pass aliased interface information to arping since it cannot handle it properly (Closes: #644891) * Handle the configuration file through the use of dpkg-maintscript-helper instead of moving it directly to prevent dpkg from raising a conffile change prompt on upgrades even if the user has not made any changes. -- Javier Fernández-Sanguino Peña Fri, 14 Oct 2011 00:38:29 +0200 ifupdown-extra (0.21) unstable; urgency=low * Fix argument passing in function (Closes: #641312) * if-up-scripts/check-network-cable: - Do not run the 'ip' tool until we have verified that it is available * debian/source/lintian-overrides: Add overrides for lintian, required since debian/changelog is in UTF-8 format but debian/control is not -- Javier Fernández-Sanguino Peña Mon, 12 Sep 2011 22:47:26 +0200 ifupdown-extra (0.20) unstable; urgency=low * if-up-scripts/check-gateway,if-up-scripts/check-network-cable,scripts/network-test: Make dash happy by declaring the local variables at the beginning of each function (Closes: #639889) * if-up-scripts/check-network-cable: - Do not use ethtool or mii-tool if we are not running as root * if-up-scripts/check-duplicate-ip,if-up-scripts/check-gateway,if-up-scripts/check-network-cable,scripts/network-test: Proper quoting of shell-escaped variables -- Javier Fernández-Sanguino Peña Thu, 01 Sep 2011 10:26:30 +0200 ifupdown-extra (0.19) unstable; urgency=low * debian/control: Fix url in Vcs-git * scripts/network-test: - Handle interfaces reported by 'ip' as being subinterfaces of others (such as the case of VLAN interfaces). (Closes: #636474) - Better handle the case when some of the tools used fail to work - Separate specific check for the default route and its router(s) - Do not test the loopback interface twice - Better detection for 'DOWN' interfaces through 'ip' * scripts/network-test.1: Improve the manpage with more documentation of how it works * if-up-scripts/check-network-cable: Use 'ip link' if neither ethtool no mii-tool are available and try to handle some of the cases ip link nows about. Although it might not be as reliable as the others (Closes: #630137) * debian/ifupdown-extra.preinst: Add debhelper token, as required * debian/compat, debian/rules: Switch over to use debhelper version 7 which bastly simplifies debian/rules and also fixes many lintian warnings. * debian/control: - Depend on debhelper v7 - Update Standards Version to 3.9.2 (no changes needed) -- Javier Fernández-Sanguino Peña Fri, 12 Aug 2011 03:14:20 +0200 ifupdown-extra (0.18) unstable; urgency=low * debian/control: Advertise that now sources are available in collab-maint. * if-up-scripts/static-routes: Be more strict when looking for interfaces in the configuration file to avoid matching interfaces with similar names. * if-up-scripts/check-gateway: adjust how the ethtool binary alternative location is found -- Javier Fernández-Sanguino Peña Wed, 22 Jun 2011 01:30:45 +0200 ifupdown-extra (0.17) unstable; urgency=low * Move the network-cable test from /etc/network/if-pre-up.d/ to /etc/network/if-up.d/ so that it can behave properly and warn the sysadmin once the network cable is up. -- Javier Fernández-Sanguino Peña Sun, 24 Apr 2011 17:57:35 +0200 ifupdown-extra (0.16) unstable; urgency=low * if-up-scripts/check-duplicate-ip: - Location of ethtool has changed: adjust to the new location but fallback to the old one if it is still there. - Make it possible to use arping's arping which: is located in another directory, interprets parameters differently and does not support -q. Thanks to Cristian Ionescu-Idbohrn for bringing up this issue and providing a patch which I base the changes on (Closes: #614056) - Do not try to determine the ip address for interfaces we are not going to arping to. - Add some warnings for unexpected events that prevent the script from working. * if-up-scripts/check-network-cable: Location of ethtool has changed, adjust to the new location but fallback to the old one if it is still there. -- Javier Fernández-Sanguino Peña Sun, 20 Feb 2011 13:58:38 +0100 ifupdown-extra (0.15) unstable; urgency=medium * if-up-scripts/static-routes: - Fix typo that prevented the script from adding routes as it expected them to have 'reject' when they shouldn't. Thanks to Mathieu Parent and to Petru Ratiu for the patches. (Closes: #613632) (LP: #631533) - Add new functionality to support 'reject' routes in /etc/network/network-routes. Thanks to Petru Ratiu for the patch (Closes: #458395) * scripts/network-test: - Fix call to mktemp to use --tmpdir so that the script does not break if run in a non-writable directory (Closes: #541619) - Trap interrupts and abort under some circunstances, such as a Ctrl+C (LP: #450753) * debian/ifupdown-extra.preinst: Rename the /etc/network/network-routes config file to /etc/network/routes (Closes: #611982) * if-up-scripts/check-network-cable: Make the script work when bonding interfaces are used, using a patch provided by Ohad Lutzky (Closes: #574333) * [NEW] debian/ifupdown-extra.networking-routes.init: New init.d script to install global static networking routes which cannot be associated with any interface. This is useful for admins that want to share the configuration file /etc/network/routes through different systems in which the interface name changes or for 'reject' routes. (Closes: #458395) * debian/rules: - Fix installation of the network-routes sample configuration file so that it is installed where it should be (/etc/network/routes instead of /etc/network/network-routes) (Closes: #611982) - Install the new debian/ifupdown-extra.networking-routes.init as an init.d script running at 'S' runlevel right after the 'networking' script provided by netbase. * debian/TODO: An item was already done. * debian/control: Adapt description to indicate the new features included in the package. [ Lintian fixes ] * debian/copyright: - Add proper copyright notice and use UTF-8 to put in my full name. - Indicate the copyright of code reused from SuSE's sysconfig * debian/control: Depend on 'iputils-ping | ping' instead of just ping -- Javier Fernández-Sanguino Peña Fri, 18 Feb 2011 19:31:05 +0100 ifupdown-extra (0.14) unstable; urgency=low * Apply a patch provided by Guillem Jover to make check-duplicate-ip work with interfaces with multiple interfaces (Closes: 507949) * Change handling of default values so that the environment variables are honored if set with patch provided by Osamu Aoki (Closes: 464715) * Change if-up-scripts/static-routes so that it complains if a line in /etc/network/static-routes is not defined as expected. -- Javier Fernández-Sanguino Peña Sat, 01 Aug 2009 01:26:04 +0200 ifupdown-extra (0.13) unstable; urgency=low * Fix syntax error in the static-routes script and clarify a comment when exiting as soon as we find that there is no /etc/network/network-routes file (Closes: 496600) -- Javier Fernández-Sanguino Peña Tue, 26 Aug 2008 12:17:27 +0200 ifupdown-extra (0.12) unstable; urgency=low * Change maintainer's email address -- Javier Fernández-Sanguino Peña Fri, 28 Dec 2007 02:34:51 +0100 ifupdown-extra (0.11) unstable; urgency=low * Move the package over to unstable, it is ready for mass consumption * if-up-scripts/check-duplicate-ip: Exit if the interface does not have an IP address asigned or none is provided. This prevents the script from breaking if used in systems with interfaces with no IP address (for example, in promiscuous mode) * if-up-scripts/check-gateway: - if running as root do not use -D when calling arping but use -f instead (to return as soon as 1 reply has been received). -D does not work for all gateways - if not running as root, do use -D. - do not try to find out the status of the interface if not running as root. - work properly if multiple default gateways have been set. * network-test has been removed from debian-goodies, change the dependencies accordingly. -- Javier Fernández-Sanguino Peña Tue, 18 Dec 2007 21:12:50 +0100 ifupdown-extra (0.10) experimental; urgency=low * network-test: - Include patch provided by Federico Ceratto which adds command line support, allows the setting of a verbosity level and makes it possible to log to syslog based on that level. This patch is useful if the script is run through init, cron or other task-scheduling tool. * Updated conflicts: with debian-goodies, as network-test is still in there. -- Javier Fernández-Sanguino Peña Sun, 14 Oct 2007 23:17:58 +0200 ifupdown-extra (0.9) experimental; urgency=low * check-duplicate-ip: - Rename check-arping to check-duplicate-ip. - Add GPL header to the script. - Fix so it can work in DHCP environments by retrieving IF_ADDRESS from the interface information, also makes it easer to use this as a standalone script. * check-gateway: - Fix so it can work in DHCP environments by retrieving IF_GATEWAY from the current routing information. - Add GPL header to the script. * static-route: Add GPL header to the script. * network-test: Fix it so it can retrieve interface addresses properly (no CIDR) when using 'ip addr show' -- Javier Fernández-Sanguino Peña Mon, 18 Jun 2007 15:37:57 +0200 ifupdown-extra (0.8) experimental; urgency=low * Conflict with the latest debian-goodies which still provides network-test -- Javier Fernández-Sanguino Peña Tue, 19 Dec 2006 02:59:56 +0100 ifupdown-extra (0.7) experimental; urgency=low * Make network-test use bash (Closes: #401363) -- Javier Fernández-Sanguino Peña Sun, 3 Dec 2006 08:45:54 +0100 ifupdown-extra (0.6) experimental; urgency=low [scripts/network-test] * Do not analyse resolv.conf lines that have been commented out. -- Javier Fernández-Sanguino Peña Tue, 28 Nov 2006 23:37:02 +0100 ifupdown-extra (0.5) experimental; urgency=low * Improve the debian/control file so that it now Depends: on host and the different 'ping' providers (Closes: #400473). * Have it Depend on iputils-arping | arping * Change network-test so it does not complain loudly if ethtool is not installed (just recommends its installation) * Fix duplicate spaces in the script as well as some typos with patch provided by Norbert Kiesel (Closes: #400463) -- Javier Fernández-Sanguino Peña Sun, 26 Nov 2006 17:00:17 +0100 ifupdown-extra (0.4) experimental; urgency=low * Fix network link check in network-test -- Javier Fernández-Sanguino Peña Sat, 25 Nov 2006 15:55:47 +0100 ifupdown-extra (0.3) experimental; urgency=low * First upload (to experimental) to get wider exposure. * Upgrade debian-goodies conflict. -- Javier Fernández-Sanguino Peña Sat, 25 Nov 2006 13:09:41 +0100 ifupdown-extra (0.2) unstable; urgency=low * Change behaviour of network-test when testing ethernet link (based on 'check-network-cable' tests) -- Javier Fernández-Sanguino Peña Wed, 16 Aug 2006 22:33:34 +0200 ifupdown-extra (0.1) unstable; urgency=low * Initial Release. -- Javier Fernández-Sanguino Peña Sun, 13 Aug 2006 13:14:25 +0200 ifupdown-extra/debian/ifupdown-extra.preinst0000755000000000000000000000072111645666421016542 0ustar #!/bin/sh set -e case "$1" in install|upgrade) if [ -e /etc/network/network-routes ] ; then # There was a bug in the package (<< 0.15). We need to # move the file to the new location if dpkg-maintscript-helper supports mv_conffile; then dpkg-maintscript-helper mv_conffile \ /etc/network/network-routes /etc/network/routes 0.14 -- "$@" fi fi ;; esac #DEBHELPER# # vim:tabstop=2:expandtab:shiftwidth=2 ifupdown-extra/debian/docs0000644000000000000000000000000011575215655013017 0ustar ifupdown-extra/debian/network-routes0000644000000000000000000000222111645666421015105 0ustar # This configuration file is read by the static-routes if-updown script # and the /etc/init.d/networking-routes script to setup a list of # routes associated either with a given interface or global routes. # # DO NOT configure default gateway routes for interfaces here, they should be # configured in the /etc/network/interfaces ('gateway' option) instead # # This file includes a list of routes for different networks following # the format: # Network Netmask Gateway Interface # # Example: # 172.1.1.0 255.255.255.0 192.168.0.1 eth0 # # # If you want to add a route that will be added regardless of interfaces # you will have to use the 'any' interface. This can be handy if you want # to share the same configuration file between different machines in which # the kernel names given to interfaces vary. # # It is also useful to add a 'reject' route that is not assigned to any # interface. # # For example: # # 172.1.1.0 255.255.255.0 192.168.0.1 any # 10.0.0.0 255.0.0.0 reject any # # # This file is read by: # # - /etc/network/if-up.d/20static-routes when an interface is configured # # - /etc/init.d/networking-routes to add the 'all' interfaces routes ifupdown-extra/debian/TODO0000644000000000000000000000166111645666421012651 0ustar TODO - check all the gateways that might have been defined for a given interface: * dump netstat -nr, parse, and arping the gateways - create if-up.d/down scripts to test for issues in network setup TODO: - if we have a DNS server in our same subnet try to test it too (but how do we do this? Maybe with ipsc or prips ? ) We could use 'ipsc -i eth0 -c' to obtain the CIDR block and 'prips ' to find if its there - Make it possible to test server availability in a generic manner and warn if a given server is not reachable ( have a file with servers to test for when the interface's UPs?) DONE: - link status - arping of IP address to find if someone has our own IP DONE ---- - move network-test from debian-goodies to here - have the package make it possible to setup default routes for interfaces easily (through a script) and avoid the issues described in #368228 ifupdown-extra/debian/ifupdown-extra.networking-routes.init0000755000000000000000000001427712655225034021532 0ustar #!/bin/sh -e # Script to add global static routes to the system # # ### BEGIN INIT INFO # Provides: networking-routes # Required-Start: $network $local_fs # Required-Stop: $local_fs # Default-Start: S # Default-Stop: # Short-Description: Establish global networking routes for the system # Description: Define global network routes for the system using # the configuration defined in /etc/network/routes # Global routes can be either routes for which # the associated interface cannot be determined # beforehand (maybe the device name is not known) # or 'reject' routes to prevent the system from # communicating with remote networks. ### END INIT INFO # # Copyright (c) 2011 Javier Fernandez-Sanguino # # Some portions (specifically the code of the run_route() function) are derived # from the ifup-route script in SuSE's sysconfig package. # These portions are: # # - Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany. All rights reserved. # - Author: Christian Zoz , 2002 # - Based on rcroute: Burchard Steinbild , 1996 # Werner Fink , 1996-2000 # # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or (at your option) any later # version. # # This program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more # details. # # You should have received a copy of the GNU General Public License along with # this program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA # [ -x /sbin/ip ] || exit 0 ROUTEFILE="/etc/network/routes" # Abort (without error) if the configuration file does not exist [ ! -r "$ROUTEFILE" ] && exit 0 . /lib/lsb/init-functions # Default value VERBOSITY=${VERBOSITY:-0} # Functions to read the route file and process it run_route() { local COMMAND="ip route $*" export LC_MESSAGES=C # We need the return messages to be in english RETMESSAGE="$($COMMAND 2>&1)" RETVALUE=$? if test $RETVALUE -ne 0 ; then [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: calling: '$COMMAND' FAILED" # Process the messages and omits those that are not # relevant. case "$RETMESSAGE" in # Omit 'File exists' since the route is already there.. *File*exists) return ;; # 'No such process' is only omitted if the route is being # deleted. If the route is being created, this error message # might appear if the gateway is not reachable. *No*such*process) [ "$1" = "del" ] && return ;; *) esac log_failure_msg "Error while executing:" \ " Command '$COMMAND' returned: ${RETMESSAGE%%Usage:*}"\ " Configuration line: $LINE" else [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: calling: '$COMMAND' SUCCEEDED" fi } del_global_routes() { ret=0 cat $ROUTEFILE | egrep "^[^#].*$" | while read network netmask gateway interface ; do if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then if [ "$gateway" != "reject" ] ; then [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting global route for $network / $netmask through gateway $gateway" if [ "$interface" != "any" ] ; then run_route del $network/$netmask via $gateway dev $interface else run_route del $network/$netmask via $gateway fi [ $? -ne 0 ] && ret=$? else [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting reject route for $network / $netmask" run_route del $network/$netmask reject [ $? -ne 0 ] && ret=$? fi else echo "ERROR: Incorrect line for global network routes in $ROUTEFILE: '$network $netmask $gateway $interface'" ret=1 fi done return $ret } add_global_routes() { ret=0 cat $ROUTEFILE | egrep "^[^#].*$" | while read network netmask gateway interface ; do if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then if [ "$gateway" != "reject" ] ; then [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding global route for $network / $netmask through gateway $gateway" if [ "$interface" != "any" ] ; then run_route add $network/$netmask via $gateway dev $interface else run_route add $network/$netmask via $gateway fi [ $? -ne 0 ] && ret=$? else [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding global reject route for $network / $netmask" run_route add $network/$netmask reject [ $? -ne 0 ] && ret=$? fi else echo "ERROR: Incorrect line for global network routes in $ROUTEFILE: '$network $netmask $gateway $interface'" ret=1 fi done return $ret } case "$1" in start) log_action_begin_msg "Configuring network routes" if add_global_routes; then log_action_end_msg $? else log_action_end_msg $? fi ;; stop) log_action_begin_msg "Deconfiguring network routes" if del_global_routes; then log_action_end_msg $? else log_action_end_msg $? fi ;; reload|force-reload|restart) log_action_begin_msg "Reconfiguring network routes" del_global_routes if add_global_routes; then log_action_end_msg $? else log_action_end_msg $? fi ;; *) echo "Usage: /etc/init.d/networking-routes {start|stop|restart|reload}" exit 1 ;; esac exit 0 ifupdown-extra/debian/control0000644000000000000000000000276012655222106013553 0ustar Source: ifupdown-extra Section: admin Priority: optional Maintainer: Javier Fernandez-Sanguino Peña Build-Depends: debhelper (>= 7), dh-python Standards-Version: 3.9.5 Vcs-Browser: http://git.debian.org/?p=collab-maint/ifupdown-extra.git Vcs-Git: git://git.debian.org/git/collab-maint/ifupdown-extra.git Package: ifupdown-extra Architecture: all Depends: iproute2, iputils-ping | ping, netcat, iputils-arping | arping, net-tools, host, curl, ${misc:Depends} Pre-Depends: dpkg (>= 1.15.7.2) Recommends: ethtool, ndisc6 Conflicts: debian-goodies (<< 0.39) Description: Network scripts for ifupdown This package provides a set of network testing scripts to be used together with the ifupdown package. These scripts can: - check the network cable before an interface is configured. - test if an assigned IPv4 or IPv6 address is already in use in the network. - test if default network gateways are reachable. - setup default static routes for interfaces. . Additionally network static routes can also be defined globally for the system when this is needed (e.g. for 'reject' rules) and will be added after network initialisation. . This package also provides 'network-test', a script to test the network configuration status by checking: - Status of available interface. - Availability of configured gateway routes. - If host resolution is working properly (DNS checks). - If network connectivity is working, including ICMP and web connections to remote web servers. ifupdown-extra/if-up-scripts/0000755000000000000000000000000012655223574013440 5ustar ifupdown-extra/if-up-scripts/check-gateway0000755000000000000000000001072612231253526016076 0ustar #!/bin/sh # Check if the (default) gateway configured for the interface is # present in our network # # This script should be installed in /etc/network/if-up.d/ # It can also be used as a standalone script by setting up # its environment: # IFACE=eth0 IF_GATEWAY=192.168.0.1 check-gateway # # NOTE: If IF_GATEWAY is not provided the script will try to test # the default gateway. # # TODO: # # - Support non-default gateways that might have been set at the # same time the interface was enabled. # # ------------------------------------------------------------------------ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # You can also find a copy of the GNU General Public License at # http://www.gnu.org/licenses/licenses.html#TOCLGPL # Check if an IP we are going to assign to an Ethernet interface # is already in use by another system. # # Read system default file [ -r /etc/default/network-test ] && . /etc/default/network-test # Defaults ARPING=/usr/bin/arping ETHTOOL=/sbin/ethtool [ ! -x "$ETHTOOL" ] && [ -x "/usr/sbin/ethtool" ] && ETHTOOL=/usr/sbin/ethtool ARP_COUNT=${ARP_COUNT:-2} ARP_TIMEOUT=${ARP_TIMEOUT:-3} DO_SYSLOG=${DO_SYSLOG:-yes} VERBOSITY=${VERBOSITY:-0} # Do not continue if ETHTOOL is not available [ ! -x "$ARPING" ] && exit 0 # or if the user has told us to not do arpings [ "$DO_ARPING" = "no" ] && exit 0 # Break out if we don't have an interface to work with [ -z "$IFACE" ] && exit 0 if [ "$DO_SYSLOG" = "yes" ] ; then OUTPUT="logger -i -p daemon.err -s" else OUTPUT="echo" fi # Try to obtain the IP address of our gateway (DHCP case) if [ -z "$IF_GATEWAY" ] ; then IF_GATEWAY=$(ip route list | grep "^default " | grep "dev $IFACE" | awk '{print $3}') # Warn if there are multiple gateways echo $IF_GATEWAY | grep -q " " && [ "$VERBOSITY" -eq 1 ] && $OUTPUT "Found multiple gateways as default routes for $IFACE" fi # Still no IP? Bail out [ -z "$IF_GATEWAY" ] && exit 0 # Set up our environment LC_ALL=C export LC_ALL do_arping() { # Send ARP pings to detect if the default gateway is "out there" # Curiously enough, the script will return faster if there *is* a system # with the same IP address and will take ${ARP_TIMEOUT}*${ARP_COUNT} seconds # to return if there is none. # Do not do the check if ethtool (if installed) tells us the interface # does not have link, notice that ARPING will try to send the ARP requests # even if there is no link so we use this to speed things up local GATEWAY=$1 local ARPING_OPTIONS="-q -c $ARP_COUNT -w $ARP_TIMEOUT -f -I $IFACE" local GATEWAY_FOUND=1 if [ "`id -u`" = 0 ] ; then # Only do this if we are root, otherwise assume the interface is # up if [ -x "$ETHTOOL" ] ; then LINK=$($ETHTOOL "$IFACE" 2>&1| grep "Link detected") if ! $ETHTOOL "$IFACE" | grep -q "Link detected: yes" ; then return 0 fi fi fi [ "$VERBOSITY" -eq 1 ] && $OUTPUT "DEBUG: Sending arp pings through $IFACE to detect if the gateway $GATEWAY is present" if [ "`id -u`" = 0 ] ; then if $ARPING $ARPING_OPTIONS $GATEWAY ; then GATEWAY_FOUND=0 fi else # If we are not root we can only use arping in DAD mode # in this case we negate the check as it will return 1 # if there is an answer if ! $ARPING $ARPING_OPTIONS -D $GATEWAY ; then GATEWAY_FOUND=0 fi fi if [ "$GATEWAY_FOUND" = 1 ] ; then $OUTPUT "ERROR: Cannot find default gateway $GATEWAY in the network where $IFACE is connected to" fi } # Check our IFACE name, if it does not start with eth, bail out case "$IFACE" in eth*) for gateway in $IF_GATEWAY ; do do_arping $gateway; done ;; *) ;; esac exit 0 ifupdown-extra/if-up-scripts/static-routes0000755000000000000000000001027011645666421016174 0ustar #!/bin/sh # # Script to setup a system's static routes based on the # /etc/network/routes definitions. # # It tries to simplify network route management and make it easier # to handle those as requested in bug #368228 ('Wish: Better Handling # of up/down route commands'). With this script routes do not have to be # introduced in /etc/network/interfaces (in 'up' and 'down' commands). # # This file includes a list of routes for different networks and follows # the format: # Network Netmask Gateway Interface # # Example: # 172.1.1.0 255.255.255.0 192.168.0.1 eth0 # # Install this script in /etc/network/if-up.d/ (to setup the routes) and in # /etc/network/if-pre-down.d/ (if you want to remove the routes before # deconfiguring the interface) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # You can also find a copy of the GNU General Public License at # http://www.gnu.org/licenses/licenses.html#TOCLGPL # # # TODO: # - No action is taken if the routes already exist (when adding them) or when # they dont (if you are removing), if they do you will get an error in # stderr but the script will continue # Note: If you add the up/down in /etc/network/interfaces failure when # setting up a route breaks the interface configuration ROUTEFILE="/etc/network/routes" # Abort (without error) if the configuration file does not exist [ ! -r "$ROUTEFILE" ] && exit 0 # Default value VERBOSITY=${VERBOSITY:-0} del_static_routes() { # NOTE: We actually don't have to remove routes if downing an interface # since they will be removed nevertheless. In any case, this # piece of code only runs if you install this file in # /etc/network/if-pre-down.d/ (which you don't need to) cat $ROUTEFILE | egrep "^[^#].*[[:space:]]${IFACE}[[:space:]]*$" | while read network netmask gateway interface ; do if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then if [ "$gateway" != "reject" ] ; then [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting route for $network / $netmask through gateway $gateway at $interface" route del -net $network netmask $netmask gw $gateway dev $interface else [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting reject route for $network / $netmask when bringing up $interface" route del -net $network netmask $netmask reject fi else echo "ERROR: Incorrect line for $IFACE in $ROUTEFILE: '$network $netmask $gateway $interface'" fi done } add_static_routes() { cat $ROUTEFILE | egrep "^[^#].*[[:space:]]${IFACE}[[:space:]]*$" | while read network netmask gateway interface ; do if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then if [ "$gateway" != "reject" ] ; then [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding route for $network / $netmask through gateway $gateway at $interface" route add -net $network netmask $netmask gw $gateway dev $interface else [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding reject route for $network / $netmask when bringing up $interface" route add -net $network netmask $netmask reject fi else echo "ERROR: Incorrect line for $IFACE in $ROUTEFILE: '$network $netmask $gateway $interface'" fi done } case "$MODE" in start) add_static_routes ;; stop) del_static_routes ;; *) ;; esac exit 0 ifupdown-extra/if-up-scripts/check-duplicate-ip0000755000000000000000000001263212655223562017022 0ustar #!/bin/sh # # Check if an IPv4 ddress we are going to assign to an Ethernet interface is # already in use by another system. # # This script should be installed in /etc/network/if-up.d/ # if you want it to be used whenever an interface is configured. # # It can also be used as a standalone script by setting up # its environment: # IFACE=eth0 IF_ADDRESS=192.168.0.1 check-duplicate-ip # # NOTE: IF_ADDRESS is optional, if not provided it will be determined # by using the ip tools # # This script only works with IPv4 addresses, it does not work # for IPv6 since arping does not work there. Use the check-duplicate-ip6 # script instead. # # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # You can also find a copy of the GNU General Public License at # http://www.gnu.org/licenses/licenses.html#TOCLGPL # Check if an IP we are going to assign to an Ethernet interface # is already in use by another system. # DEFAULT=/etc/default/network-test # Read system default file [ -r "$DEFAULT" ] && . $DEFAULT # Do not continue if the user has told us to not do arpings [ "$DO_ARPING" = "no" ] && exit 0 # Defaults ETHTOOL=/sbin/ethtool [ ! -x "$ETHTOOL" ] && [ -x "/usr/sbin/ethtool" ] && ETHTOOL=/usr/sbin/ethtool DO_SYSLOG=${DO_SYSLOG:-yes} VERBOSITY=${VERBOSITY:-0} # Set up our environment LC_ALL=C export LC_ALL if [ "$DO_SYSLOG" = "yes" ] ; then OUTPUT="logger -i -p daemon.err -s" else OUTPUT="echo" fi do_arping() { # Send ARP pings to detect if there is a duplicate address "out there" # Curiously enough, the script will return faster if there *is* a system # with the same IP address and will take ${ARP_TIMEOUT}*${ARP_COUNT} seconds # to return if there is none. # Do not do the check if ethtool (if installed) tells us the interface # does not have link, notice that ARPING will try to send the ARP requests # even if there is no link so we use this to speed things up # First determine physical interface in case aliased interfaces are used real_iface=$(echo "$IFACE" | sed -e 's|:[[:digit:]]\+||') if [ -x "$ETHTOOL" ] ; then LINK="`$ETHTOOL $real_iface 2>&1| grep \"Link[[:blank:]]\+detected:\"`" if ! echo $LINK | grep -q "yes$" ; then return fi fi for ADDR in $IF_ADDRESS; do # Skip interface is address is IPv6, arping only works for IPv4 if ! echo ${ADDR} | grep -q ":" ; then [ "$VERBOSITY" -eq 1 ] && $OUTPUT "DEBUG: Sending arp pings through $real_iface (for $IFACE) to detect other systems using $ADDR" $ARPING -c $ARP_COUNT -w $ARP_TIMEOUT -D -I $real_iface $ADDR $ARPING_EXTRAOPTS >$ARPING_REDIR if [ $? -ne 0 ] ; then $OUTPUT "ERROR: Duplicate address $ADDR assigned in the network where $real_iface is connected to." fi fi done } find_ip() { # Try to obtain our IP address (DHCP case) export IF_ADDRESS IF_ADDRESS=$(ip addr show "$IFACE" | sed -rne 's|^[[:blank:]]*inet[[:blank:]]+([^/]+)/.*|\1|p') return 0 } if [ -z "$IFACE" ] ; then echo "ERROR: Do not know what interface to check. IFACE environment variable is not defined!" >&2 exit 0 fi # For arping: # Two possible arpings: iputils-arping or arping, with different # interpretation of the '-w' value if [ -x /usr/bin/arping ] ; then # We are going to use iputils-arping ARPING=/usr/bin/arping ARP_TIMEOUT=${ARP_TIMEOUT:-3} # Time here is measured in seconds ARPING_EXTRAOPTS="-q" # Use -q(uiet) in iputil's arping ARPING_REDIR="/dev/stdout" # Do not redirect output else if [ -x /usr/sbin/arping ] ; then ARPING=/usr/sbin/arping ARP_TIMEOUT=${ARP_TIMEOUT:-1500} # Time here is measures in milliseconds # experiments show anything less than 1500 is unreliable. ARPING_EXTRAOPTS="" # No '-q' option in arping's arping ARPING_REDIR=">/dev/null" # Send output to /dev/null if using this program else # Do not continue if ARPING is not available echo "WARNING: Cannot check for duplicate IP address in the network. The script cannot find the 'arping' program (tried /usr/bin/arping and /usr/sbin/arping. Please either install the iputils-arping or arping packages or disable this test by setting DO_ARPING to 'no' in $DEFAULT ." >&2 exit 0 fi fi ARP_COUNT=${ARP_COUNT:-2} # Check our IFACE name, if it does not start with eth, bail out case "$IFACE" in eth*) [ -z "$IF_ADDRESS" ] && find_ip # Still no IP? Bail out if [ -z "$IF_ADDRESS" ] ; then echo "WARNING: Cannot check for duplicate IP address in the network as the script could not find the ip address of $IFACE. You can disable this test by setting DO_ARPING to 'no' in $DEFAULT ." >&2 exit 0 fi do_arping ;; *) ;; esac exit 0 ifupdown-extra/if-up-scripts/check-network-cable0000755000000000000000000001036412655223574017202 0ustar #!/bin/sh # Check the link status of an ethernet interface # This script should be installed in /etc/network/if-pre-up.d/ # # You can use this script to solve bug #120382 # ('ifup should (optionally) check for link before configuring the interface.') # if you configure ABORT_NO_LINK to 'yes' in /etc/default/network-test # since this will make the script abort if the interface does not have # any link. # # Note that if you set ABORT_NO_LINK to 'yes' and the Ethernet interface # does not have a link, the script will abort and ifupdown will *not* # mark the interface as configured. # # It can also be used as a standalone script by setting up # its environment: # IFACE=eth0 check-network-cable # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # You can also find a copy of the GNU General Public License at # http://www.gnu.org/licenses/licenses.html#TOCLGPL # # Read system default file rc=/etc/default/network-test [ ! -r $rc ] || . $rc # Defaults ETHTOOL=/sbin/ethtool alt_et=/usr/sbin/ethtool [ -x $ETHTOOL ] || [ ! -x $alt_et ] || ETHTOOL=$alt_et MIITOOL=/sbin/mii-tool DO_SYSLOG=${DO_SYSLOG:-yes} ABORT_NO_LINK=i${ABORT_NO_LINK:-no} VERBOSITY=${VERBOSITY:-0} if [ "$DO_SYSLOG" = yes ]; then OUTPUT="logger -i -p daemon.err -s" else OUTPUT=echo fi # Set our locale environment, just in case any of the tools get translated LC_ALL=C export LC_ALL check_status_miitool() { local status=0 if $MIITOOL "$IFACE" 2>&1 | grep -q "no link"; then status=1 fi return $status } check_status_ethtool() { local status=0 LINK LINK="$($ETHTOOL ${IFACE} 2>&1 | grep "Link detected" || :)" # If ethtool fails to print out the link line we break off # Notice that ethtool cannot get the link status out of all # possible network interfaces [ "$LINK" ] || return 1 if ! echo $LINK | grep -q "Link detected: yes"; then status=1 fi return $status } check_status_iplink() { local status=0 local info="" [ -x /sbin/ip ] || return 0 info=$(/sbin/ip link show "$IFACE" 2>&1 | grep "$IFACE:") if echo $info | grep -q NO-CARRIER || echo $info | grep -q "state DOWN" || echo $info | grep -q "state LOWERLAYERDOWN"; then status=1 fi return $status } check_status() { local status=0 myid=$(id -u) ifconfig "$IFACE" 2>/dev/null 1>&2 || { $OUTPUT "ERROR: Interface $IFACE does not seem to be present" \ "in the system" # FIXME: would that be return status 0 or 1? return } # Use ethtool if installed (preferable to mii-tool) # If none are installed (or not running as root) we will test using # 'ip link show' if [ -x $ETHTOOL ] && [ $myid -eq 0 ]; then check_status_ethtool || status=$? elif [ -x $MIITOOL ] && [ $myid -eq 0 ]; then check_status_miitool || status=$? else check_status_iplink || status=$? fi [ $status -eq 0 ] || $OUTPUT "WARNING: Initialising interface $IFACE which does" \ "not have link" return $status } check_bond_status() { local status=1 slaves slave_iface slaves="/sys/class/net/$IFACE/bonding/slaves" [ -e $slaves ] || return 0 while read slave_iface; do # Use ":" command to silence slaves. OUTPUT=: IFACE=$slave_iface check_status || status=$? # One functional slave will suffice [ $status -ne 0 ] || return 0 done <$slaves $OUTPUT "WARNING: Initialising bond $IFACE which does not have link" \ "on any slave" return $status } [ "$IFACE" ] || { $OUTPUT "ERROR: Variable IFACE not set in environment" exit 0 } # Check our IFACE name, if it does not start with eth, bail out case $IFACE in eth*) check_status || [ "$ABORT_NO_LINK" != yes ] || exit 1 ;; bond*) check_bond_status || [ "$ABORT_NO_LINK" != yes ] || exit 1 ;; esac ifupdown-extra/if-up-scripts/check-duplicate-ip60000755000000000000000000000741012655221732017103 0ustar #!/bin/sh # # Check if an IPv6 address we are going to assign to an Ethernet interface is # already in use by another system. # # This script should be installed in /etc/network/if-up.d/ # if you want it to be used whenever an interface is configured. # # It can also be used as a standalone script by setting up # its environment: # IFACE=eth0 IFACE= check-duplicate-ip6 # # NOTE: IF_ADDRESS is optional, if not provided it will be determined # by using the ip tools # # This script only works with IPv6 addresses # # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # You can also find a copy of the GNU General Public License at # http://www.gnu.org/licenses/licenses.html#TOCLGPL # Check if an IP we are going to assign to an Ethernet interface # is already in use by another system. # DEFAULT=/etc/default/network-test # Read system default file [ -r "$DEFAULT" ] && . $DEFAULT # Do not continue if the user has told us to not send network probes [ "$DO_ARPING" = "no" ] && exit 0 # Defaults ETHTOOL=/sbin/ethtool NDISC=/usr/bin/ndisc6 [ ! -x "$ETHTOOL" ] && [ -x "/usr/sbin/ethtool" ] && ETHTOOL=/usr/sbin/ethtool [ ! -x "$NDISC" ] && exit 0 # Silent exit if ndisc is not installed DO_SYSLOG=${DO_SYSLOG:-yes} VERBOSITY=${VERBOSITY:-0} # Set up our environment LC_ALL=C export LC_ALL if [ "$DO_SYSLOG" = "yes" ] ; then OUTPUT="logger -i -p daemon.err -s" else OUTPUT="echo" fi do_ndisc() { # Use the Network Discovery Protocol to detect if there is a duplicate address # "out there" # Do not do the check if ethtool (if installed) tells us the interface # does not have link, notice that ARPING will try to send the ARP requests # even if there is no link so we use this to speed things up # First determine physical interface in case aliased interfaces are used real_iface=$(echo "$IFACE" | sed -e 's|:[[:digit:]]\+||') if [ -x "$ETHTOOL" ] ; then LINK="`$ETHTOOL $real_iface 2>&1| grep \"Link[[:blank:]]\+detected:\"`" if ! echo $LINK | grep -q "yes$" ; then return fi fi for ADDR in $IF_ADDRESS; do # Only check IP address if it is IPv6 if echo ${ADDR} | grep -q ":" ; then [ "$VERBOSITY" -eq 1 ] && $OUTPUT "DEBUG: Sending arp pings through $real_iface (for $IFACE) to detect other systems using $ADDR" $NDISC -q $ADDR $real_iface if [ $? -eq 0 ] ; then $OUTPUT "ERROR: Duplicate address $ADDR assigned in the network where $real_iface is connected to." fi fi done } find_ip6() { # Try to obtain our IPv6 addresses export IF_ADDRESS IF_ADDRESS=$(ip addr show "$IFACE" | sed -rne 's|^[[:blank:]]*inet6[[:blank:]]+([^/]+)/.*|\1|p') return 0 } if [ -z "$IFACE" ] ; then echo "ERROR: Do not know what interface to check. IFACE environment variable is not defined!" >&2 exit 1 fi # Check our IFACE name, if it does not start with eth, bail out case "$IFACE" in eth*) [ -z "$IF_ADDRESS" ] && find_ip6 # Still no IPv6 address, then Bail out without error (IPv6 addresses are not required) [ -z "$IF_ADDRESS" ] && exit 0 do_ndisc ;; *) ;; esac exit 0