1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2021 Tianling Shen <cnsztl@immortalwrt.org>
8 PROG
="/usr/bin/dnsproxy"
12 config_get enabled
"$1" "$2" "0"
13 if [ "$enabled" -eq "1" ]; then
22 config_get empty
"$1" "$2" $3
23 if [ -z "$empty" ]; then
31 procd_append_param
command "$1" $2
36 config_get value
"$1" "$2" $4
37 [ -n "$value" ] && append_param
"$3" "$value"
41 is_enabled
"$1" "$2" && append_param
"--${2//_/-}"
45 append_param_bool
"$1" "all_servers"
46 append_param_bool
"$1" "fastest_addr"
47 append_param_bool
"$1" "http3"
48 append_param_bool
"$1" "insecure"
49 append_param_bool
"$1" "ipv6_disabled"
50 append_param_bool
"$1" "refuse_any"
51 append_param_bool
"$1" "verbose"
55 if is_empty
"global" "listen_addr"; then
56 append_param
"--listen" "127.0.0.1"
58 config_list_foreach
"global" "listen_addr" "append_param '--listen'"
61 if is_empty
"global" "listen_port"; then
62 append_param
"--port" "5353"
64 config_list_foreach
"global" "listen_port" "append_param '--port'"
67 is_empty
"bogus_nxdomain" "ip_addr" || config_list_foreach
"bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
69 is_enabled
"private_rdns" "enabled" && {
70 append_param
"--use-private-rdns"
71 config_list_foreach
"private_rdns" "upstream" "append_param '--private-rdns-upstream'"
74 for i
in "bootstrap" "fallback" "upstream"; do
75 is_empty
"servers" "$i" || config_list_foreach
"servers" "$i" "append_param '--$i'"
80 append_param_arg
"global" "log_file" "--output"
81 append_param_arg
"global" "timeout" "--timeout"
82 append_param_arg
"global" "max_go_routines" "--max-go-routines"
83 append_param_arg
"global" "rate_limit" "--ratelimit"
84 append_param_arg
"global" "udp_buf_size" "--udp-buf-size"
86 is_enabled
"cache" "enabled" && {
87 append_param
"--cache"
88 append_param_bool
"cache" "cache_optimistic"
89 append_param_arg
"cache" "size" "--cache-size"
90 append_param_arg
"cache" "min_ttl" "--cache-min-ttl"
91 append_param_arg
"cache" "max_ttl" "--cache-max-ttl"
94 is_enabled
"dns64" "enabled" && {
95 append_param
"--dns64"
96 append_param_arg
"dns64" "dns64_prefix" "--dns64-prefix"
99 is_enabled
"edns" "enabled" && {
100 append_param
"--edns"
101 append_param_arg
"edns" "edns_addr" "--edns-addr"
104 is_enabled
"tls" "enabled" && {
105 append_param_arg
"tls" "tls_crt" "--tls-crt"
106 append_param_arg
"tls" "tls_key" "--tls-key"
107 append_param_arg
"tls" "https_port" "--https-port"
108 append_param_arg
"tls" "tls_port" "--tls-port"
109 append_param_arg
"tls" "quic_port" "--quic-port"
116 is_enabled
"global" "enabled" ||
return 1
118 local log_file tls_crt tls_key
119 config_get log_file global log_file
120 config_get tls_crt tls tls_crt
121 config_get tls_key tls tls_key
123 procd_open_instance
"$CONF"
124 procd_set_param
command "$PROG"
126 load_config_arg
"global"
130 procd_set_param respawn
131 procd_set_param stdout
1
132 procd_set_param stderr
1
133 procd_set_param user dnsproxy
135 procd_add_jail dnsproxy ronly log
136 procd_set_param capabilities
"/etc/capabilities/dnsproxy.json"
137 procd_add_jail_mount
"/etc/ssl/certs/ca-certificates.crt"
138 [ -z "$log_file" ] || procd_add_jail_mount_rw
"$log_file"
139 [ -z "$tls_crt" ] || procd_add_jail_mount
"$tls_crt"
140 [ -z "$tls_key" ] || procd_add_jail_mount
"$tls_key"
151 procd_add_reload_trigger
"$CONF"