check-blacklist.sh: Fix potential false positive

DiG might print error messages to stdout in case of errors, which
the script mistaken as legitimate responses. Now it checks the exit
code of DiG to avoid such situations.

This script is supposed to only return non-zero exit code when the
host is found to be on the blacklist, not for any other reasons,
so DNS failures are not reported as non-zero exit codes. Users of
this script should detect DNS errors by other means.

	modified:   host/check-blacklist.sh

diff --git a/host/check-blacklist.sh b/host/check-blacklist.sh
index 76c6e708543be9f32650d6b7f97c0529b1041e46..a00e0181593ab37faadabbb16e94adfb856b5403 100755 (executable)
--- a/host/check-blacklist.sh
+++ b/host/check-blacklist.sh
@@ -10,9 +10,10 @@ END
        exit 255
 fi
 
-ip=$(dig a "$1" +short)
-if [ -n "$ip" ]
+if ip=$(dig a "$1" +short) && [ -n "$ip" ]
 then
-       bl=$(dig a "$(printf "%s." "$ip" | tac -s.)$2" +short)
-       [ -n "$bl" ] && { echo "$ip is blacklisted."; exit 1; } || echo "$ip is not blacklisted."
+       bl=$(dig a "$(printf "%s." "$ip" | tac -s.)$2" +short) \
+               && [ -n "$bl" ] && { echo "$ip is blacklisted ($bl)."; exit 1; } || echo "$ip is not blacklisted."
+else
+       echo "Could not resolve $1!"
 fi

diff --git a/host/fix-ip6-default-route.sh b/host/fix-ip6-default-route.sh
new file mode 100755 (executable)
index 0000000..7eb91f2
--- /dev/null
+++ b/host/fix-ip6-default-route.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+export PATH=${PATH}:/sbin
+NETCFG=/etc/network/interfaces
+
+[ "$1" = "-v" ] && DEBUG="printf" || DEBUG="true"
+
+lastiface=""
+lastgateway=""
+
+while read -r line
+do
+       if echo "${line}" | grep -q "[ \t]*#"
+       then
+               false
+       elif echo "${line}" | grep -q "^iface [^ ]* inet6 [^ ]*$"
+       then
+               echo "${line}" | ( IFS=' ' read -r _ iface _ method
+                       "${DEBUG}" "Found %s with method %s.\n" "${iface}" "${method}"
+                       if [ "${method}" != "static" ]
+                       then
+                               "${DEBUG}" "Interface %s does not use static configuration. Ambiguous config, exiting.\n" "${iface}"
+                               exit 2
+                       fi
+               ) || exit $?
+               lastiface="${line}"
+       elif [ -n "${lastiface}" ]
+       then
+               if gateway=$(echo "${line}" | grep -o "gateway *[0-9a-fA-F:]*:[0-9a-fA-F:]*")
+               then
+                       if [ -z "${lastgateway}" ]
+                       then
+                               lastgateway="${gateway}"
+                               "${DEBUG}" "Found %s for %s.\n" "${lastgateway}" "${lastiface}"
+                       else
+                               "${DEBUG}" "A gateway was already defined for another interface. Ambiguous situation, exiting.\n"
+                               exit 3
+                       fi
+               fi
+       fi
+done < "${NETCFG}"
+
+if [ -z "${lastiface}" ]
+then
+       "${DEBUG}" "No inet6 interface config found.\n"
+       exit 1
+else
+       iface=$(echo "${lastiface}" | grep -oP "(?<=iface )[^ ]*(?= inet6)")
+       "${DEBUG}" "Checking if %s needs to be reconfigured...\n" "${iface}"
+fi
+
+defroute=$(ip -6 route | grep "^default ")
+if [ -z "${defroute}" ] || echo "${defroute}" | grep -q " proto ra "
+then
+       # If we get here, we will provide output of our actions. It is not affected by verbose mode.
+       printf "No default route, or it is RA-configured. Reconfiguring %s...\n" "${iface}"
+       ifdown -v "${iface}"
+       ip link set "${iface}" down
+       ifup -v "${iface}"
+else
+       "${DEBUG}" "Found healthy default route: %s.\nNo action is necessary.\n" "${defroute}"
+fi