net/dnsproxy/files/dnsproxy.init

   1 #!/bin/sh /etc/rc.common
   2 # Copyright (C) 2021 Tianling Shen <cnsztl@immortalwrt.org>
   3
   4 USE_PROCD=1
   5 START=90
   6
   7 CONF="dnsproxy"
   8 PROG="/usr/bin/dnsproxy"
   9
  10 is_enabled() {
  11         local enabled
  12         config_get enabled "$1" "$2" "0"
  13         if [ "$enabled" -eq "1" ]; then
  14                 return 0
  15         else
  16                 return 1
  17         fi
  18 }
  19
  20 is_empty() {
  21         local empty
  22         config_get empty "$1" "$2" $3
  23         if [ -z "$empty" ]; then
  24                 return 0
  25         else
  26                 return 1
  27         fi
  28 }
  29
  30 append_param() {
  31         procd_append_param command "$1" $2
  32 }
  33
  34 append_param_arg() {
  35         local value
  36         config_get value "$1" "$2" $4
  37         [ -n "$value" ] && append_param "$3" "$value"
  38 }
  39
  40 append_param_bool() {
  41         is_enabled "$1" "$2" && append_param "--${2//_/-}"
  42 }
  43
  44 load_config_arg() {
  45         append_param_bool "$1" "all_servers"
  46         append_param_bool "$1" "fastest_addr"
  47         append_param_bool "$1" "http3"
  48         append_param_bool "$1" "insecure"
  49         append_param_bool "$1" "ipv6_disabled"
  50         append_param_bool "$1" "refuse_any"
  51         append_param_bool "$1" "verbose"
  52 }
  53
  54 load_config_list() {
  55         if is_empty "global" "listen_addr"; then
  56                 append_param "--listen" "127.0.0.1"
  57         else
  58                 config_list_foreach "global" "listen_addr" "append_param '--listen'"
  59         fi
  60
  61         if is_empty "global" "listen_port"; then
  62                 append_param "--port" "5353"
  63         else
  64                 config_list_foreach "global" "listen_port" "append_param '--port'"
  65         fi
  66
  67         is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
  68
  69         is_enabled "private_rdns" "enabled" && {
  70                 append_param "--use-private-rdns"
  71                 config_list_foreach "private_rdns" "upstream" "append_param '--private-rdns-upstream'"
  72         }
  73
  74         for i in "bootstrap" "fallback" "upstream"; do
  75                 is_empty "servers" "$i" || config_list_foreach "servers" "$i" "append_param '--$i'"
  76         done
  77 }
  78
  79 load_config_param() {
  80         append_param_arg "global" "log_file" "--output"
  81         append_param_arg "global" "timeout" "--timeout"
  82         append_param_arg "global" "max_go_routines" "--max-go-routines"
  83         append_param_arg "global" "rate_limit" "--ratelimit"
  84         append_param_arg "global" "udp_buf_size" "--udp-buf-size"
  85
  86         is_enabled "cache" "enabled" && {
  87                 append_param "--cache"
  88                 append_param_bool "cache" "cache_optimistic"
  89                 append_param_arg "cache" "size" "--cache-size"
  90                 append_param_arg "cache" "min_ttl" "--cache-min-ttl"
  91                 append_param_arg "cache" "max_ttl" "--cache-max-ttl"
  92         }
  93
  94         is_enabled "dns64" "enabled" && {
  95                 append_param "--dns64"
  96                 append_param_arg "dns64" "dns64_prefix" "--dns64-prefix"
  97         }
  98
  99         is_enabled "edns" "enabled" && {
 100                 append_param "--edns"
 101                 append_param_arg "edns" "edns_addr" "--edns-addr"
 102         }
 103
 104         is_enabled "tls" "enabled" && {
 105                 append_param_arg "tls" "tls_crt" "--tls-crt"
 106                 append_param_arg "tls" "tls_key" "--tls-key"
 107                 append_param_arg "tls" "https_port" "--https-port"
 108                 append_param_arg "tls" "tls_port" "--tls-port"
 109                 append_param_arg "tls" "quic_port" "--quic-port"
 110         }
 111 }
 112
 113 start_service() {
 114         config_load "$CONF"
 115
 116         is_enabled "global" "enabled" || return 1
 117
 118         local log_file tls_crt tls_key
 119         config_get log_file global log_file
 120         config_get tls_crt tls tls_crt
 121         config_get tls_key tls tls_key
 122
 123         procd_open_instance "$CONF"
 124         procd_set_param command "$PROG"
 125
 126         load_config_arg "global"
 127         load_config_list
 128         load_config_param
 129
 130         procd_set_param respawn
 131         procd_set_param stdout 1
 132         procd_set_param stderr 1
 133         procd_set_param user dnsproxy
 134
 135         procd_add_jail dnsproxy ronly log
 136         procd_set_param capabilities "/etc/capabilities/dnsproxy.json"
 137         procd_add_jail_mount "/etc/ssl/certs/ca-certificates.crt"
 138         [ -z "$log_file" ] || procd_add_jail_mount_rw "$log_file"
 139         [ -z "$tls_crt" ] || procd_add_jail_mount "$tls_crt"
 140         [ -z "$tls_key" ] || procd_add_jail_mount "$tls_key"
 141
 142         procd_close_instance
 143 }
 144
 145 reload_service() {
 146         stop
 147         start
 148 }
 149
 150 service_triggers() {
 151         procd_add_reload_trigger "$CONF"
 152 }