- Description:
- OpenBSD Network Shell
- Last Change:
- Clone URL:
ssh://anonymous@git.chirpysoft.be/nsh.git
Commit Briefs
Hide informative output of flush routes/arp behind a verbose flag (flusherrors)
Suggested by Tom
fix error when flush arp/route run into deleted routing table entries
It is possible to get "no such process" (ESRCH) errors during flush arp or flush route commands due to concurrent deletion of routing table entries by another process. This is no reason to stop trying to delete more routes, so do not abort the loop in this case. Also, make nsh print a more informative error message in this case, rather than "no such process". Example of the new error message: % No such route to delete: 100.64.1.2 fe:e1:ba:d0:8e:45 255.255.255.255 fe:e1:bb:d1:c4:b8 100.64.1.3
do not try to remove routes for local addresses during 'flush arp'
Attempting this results in "invalid argument" errors from the kernel.
fix nsh -i/-c appending rules to daemon config files over and over
nsh -i/-c wrote daemon config files in /var/run by opening the file in append-only mode, adding a single line, closing the file again, and running chmod on the file. All this over and over, for every line. This is inefficient and also results in the problem that the full file content gets re-appended to the file each time nsh -i is run. Instead, open the file once when a new rules section is encountered, and close it when a different file needs to be written or when we can tell that we have left a "rules" section. The last open file might end up being closed implicitly when nsh -i/-c exits. While nsh -i should only be run once at boot-time which renders this issue moot, nsh -c can be run often, and the issue will also trigger during manual testing of nsh -i which is quite irritating. testing + OK Tom
prevent leading spaces in rdomain-specific daemon config files
Rules for rdomain-specific daemons have double-indentation in nshrc. When generating configuration files for daemons strip double-indentation instead of stripping only one level of indentation. testing + ok Tom
convert all command handlers to variadic functions
Resolves dozens of: warning: passing arguments to a function without a prototype is deprecated in all versions of C and is not supported in C2x In traditional C the empty argument list () indicates that a function accepts an arbitrary amount of arguments of arbitary types. A function which takes no arguments must be declared with a (void) prototype instead. nsh has been making elaborate use of this feature by defining command handlers with () and passing arbitrary arguments to handlers depending on the use case. This coding style is not future-proof. In C++, () means "no arguments", the same as (void), and clang is now warning about this C feature going away in C2x, aligning C with C++. Make nsh future-proof by using variadic function prototypes (...) instead of () prototypes. Every handler now uses (int argc, char **argv, ...) as prototype: the argument count, an argument vector, followed by arbitrary arguments which can be extracted using the va_arg(3) function from stdarg.h. The variadic part of the argument list can be used to pass arguments of types other than char * without needing to convert them to strings and back. Using () as function prototype defeats type-checking done by the compiler, and the same is true for variadic arguments. We still need to manually make sure that the correct amount and types of arguments are passed in the variadic part of the handler's argument list. Many handlers already use the argument count + argument vector approach and do not need internal changes, just a new prototype. Some handlers now require use of va_start/va_arg/va_end to access additional arguments. For example, the interfaces handlers were passing an interface name and file descriptor before the argument count/vector. The order of arguments is now swapped, such that interface name and file descriptor get passed as part of the variable argument list. Testing + OK Tom
Update no-config-change-test.nshrc
remove extra telnet command and edit telnet command so it fails saying connection refused
Create no-config-change-test.nshrc
added these basic test scripts to allow for testing nsh commands that dont alter configs
Rename flush-commands-test to flush-test.nshrc
rename flush-commands-test to flush-test.nshrc
Create flush-commands-test
used to assist in testing nsh can be run interactively or called in a nsh -c command
Branches
Tree
README.md
# nsh ## network shell --- Author and Founder of the project: Chris Cappuccio <chris@nmedia.net> NSH is a CLI intended for OpenBSD-based network appliances. It replaces ifconfig, sysctl and route with its own simple command language, and encapsulates configuration for other daemons into one place, effectively replacing /etc/netstart and parts of /etc/rc for appliance-style usage. ## Daemons and services encapsulated by nsh: bgpd, dhcpd, dhcpleased, dhcrelay, dvmrpd, eigrpd, ftp-proxy, ifstated, inetd, iked, ipsecctl, ldapd, ldpd, npppd, ntpd, ospfd, ospf6d, pf, rad, relayd, resolvd, ripd, sasyncd, slaacd, smtpd, snmpd, sshd, tftpd, tftp-proxy. --- ## License NSH is freely licensed, in the BSD style. In conjunction with the OpenBSD kernel and the daemons you wish to control, you have a fully functioning network appliance type of system. --- ## NSH Manual See [https://github.com/yellowman/nsh/wiki/NSH-Manual-page](https://github.com/yellowman/nsh/wiki/NSH-1.2.x-Manual-Page) or nsh.8 manual for detailed installation instructions and command set. nsh manual is available on your system shell by simply typing the command: ```shell man nsh ``` --- ## Manual pages from within NSH For your convenience we have included handy manual page search for commonly used network functionality. this feature is available in nsh by simply typing the command: ```shell manual [searchterm] ``` E.g. searching vlan functionality ```shell manual vlan ``` The system also gives a list of searchable terms through double tab completion. --- ## Other Relevant NSH Documentation See the to-do list on https://github.com/users/yellowman/projects/1 for details on implementation status and future ideas. See http://github.com/yellowman/nsh/ for current source code repository. See http://www.nmedia.net/nsh/ for example configurations and mailing list. See https://www.youtube.com/watch?v=9T9-v5NLjXk for a BSDCAN 2024 Presentation on Supporting Business IT and network needs with OpenBSD and NSH By: Tom Smyth See https://www.youtube.com/watch?v=WMKxIHaWaG0 for an EurobsdCon 2022 Presentation on NSH for network administrators By: Tom Smyth --- ## Quickstart Guide for installing and building **nsh** on an OpenBSD system 1. Install OpenBSD on your system by running the following commands in your system shell 2. Install the OpenBSD port of nsh on your system (this will install the latest nsh release version) ```shell pkg_add nsh ``` 3. Install git on your system to allow fetching more recent versions of nsh from github ```shell pkg_add git ``` 4. To download the latest development of nsh use git to download the latest nsh repository ```shell git clone https://github.com/yellowman/nsh ``` 5. Change directory to the downloaded nsh directory ```shell cd nsh ``` 6. Run make to build / compile the sources ```shell make ``` 7. Install the compiled nsh binaries and supporting files (you will need root privileges to do this). ```shell make install ``` 8. To have nsh take over the configuration of a system a number of steps that need to be carried out such as 9. Backup configuration of system, daemons and network in /etc 10. Copy the configuration files to /var/run/example-configfilename.0 (the .0 file extension) implies running in the default rdomain / rtable (rdomain 0) 11. save the running config to /etc/nshrc 12. secure the /etc/nshrc file so that world cannot read, write or execute it . 13. configure the system to run nsh -i /etc/nshrc either adding a line to /etc/rc.local or using an rccctl script for nsh. For the users convenience, the above steps (9-13) can be largely automated by running the **rc.local-nsh-openbsd-integrate.sh** script in your system shell and following on screen instructions. - If you have downloaded nsh via git you can run the integration script as follows ```shell cd nsh cd scripts/shell sh ./rc.local-nsh-openbsd-integrate.sh ``` - If you have installed nsh via the OpenBSD ports package you can run the integration script as follows ```shell cd /usr/local/share/exampes/nsh cd scripts/shell sh ./rc.local-nsh-openbsd-integrate.sh ``` 14. once configuration has been imported, restart the system and verify nsh config is running as expected. 15. Setting NSH as the default shell for a user - Login as the user - locate nsh binary, it is usually in /usr/local/bin/nsh - at the command prompt run chsh -s command to set the shell to path to the nsh binary by running the following command in your system shell ```shell chsh -s /usr/local/bin/nsh ``` 16. please provide feedback , bug repots and suggestions to the developers on our mailing list <nsh@lists.deschutesdigital.com> .