#!/bin/sh /etc/rc.common
# Copyright (C) 2021 Tianling Shen <cnsztl@immortalwrt.org>
USE_PROCD=1
START=90
CONF="dnsproxy"
PROG="/usr/bin/dnsproxy"
is_enabled() {
local enabled
config_get enabled "$1" "$2" "0"
if [ "$enabled" -eq "1" ]; then
return 0
else
return 1
fi
}
is_empty() {
local empty
config_get empty "$1" "$2" $3
if [ -z "$empty" ]; then
return 0
else
return 1
fi
}
append_param() {
procd_append_param command "$1" $2
}
append_param_arg() {
local value
config_get value "$1" "$2" $4
[ -n "$value" ] && append_param "$3" "$value"
}
append_param_bool() {
is_enabled "$1" "$2" && append_param "--${2//_/-}"
}
load_config_arg() {
append_param_bool "$1" "all_servers"
append_param_bool "$1" "fastest_addr"
append_param_bool "$1" "http3"
append_param_bool "$1" "insecure"
append_param_bool "$1" "ipv6_disabled"
append_param_bool "$1" "refuse_any"
append_param_bool "$1" "verbose"
}
load_config_list() {
if is_empty "global" "listen_addr"; then
append_param "--listen" "127.0.0.1"
else
config_list_foreach "global" "listen_addr" "append_param '--listen'"
fi
if is_empty "global" "listen_port"; then
append_param "--port" "5353"
else
config_list_foreach "global" "listen_port" "append_param '--port'"
fi
is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
is_enabled "private_rdns" "enabled" && {
append_param "--use-private-rdns"
config_list_foreach "private_rdns" "upstream" "append_param '--private-rdns-upstream'"
}
for i in "bootstrap" "fallback" "upstream"; do
is_empty "servers" "$i" || config_list_foreach "servers" "$i" "append_param '--$i'"
done
}
load_config_param() {
append_param_arg "global" "log_file" "--output"
append_param_arg "global" "timeout" "--timeout"
append_param_arg "global" "max_go_routines" "--max-go-routines"
append_param_arg "global" "rate_limit" "--ratelimit"
append_param_arg "global" "udp_buf_size" "--udp-buf-size"
is_enabled "cache" "enabled" && {
append_param "--cache"
append_param_bool "cache" "cache_optimistic"
append_param_arg "cache" "size" "--cache-size"
append_param_arg "cache" "min_ttl" "--cache-min-ttl"
append_param_arg "cache" "max_ttl" "--cache-max-ttl"
}
is_enabled "dns64" "enabled" && {
append_param "--dns64"
append_param_arg "dns64" "dns64_prefix" "--dns64-prefix"
}
is_enabled "edns" "enabled" && {
append_param "--edns"
append_param_arg "edns" "edns_addr" "--edns-addr"
}
is_enabled "tls" "enabled" && {
append_param_arg "tls" "tls_crt" "--tls-crt"
append_param_arg "tls" "tls_key" "--tls-key"
append_param_arg "tls" "https_port" "--https-port"
append_param_arg "tls" "tls_port" "--tls-port"
append_param_arg "tls" "quic_port" "--quic-port"
}
}
start_service() {
config_load "$CONF"
is_enabled "global" "enabled" || return 1
local log_file tls_crt tls_key
config_get log_file global log_file
config_get tls_crt tls tls_crt
config_get tls_key tls tls_key
procd_open_instance "$CONF"
procd_set_param command "$PROG"
load_config_arg "global"
load_config_list
load_config_param
procd_set_param respawn
procd_set_param stdout 1
procd_set_param stderr 1
procd_set_param user dnsproxy
procd_add_jail dnsproxy ronly log
procd_set_param capabilities "/etc/capabilities/dnsproxy.json"
procd_add_jail_mount "/etc/ssl/certs/ca-certificates.crt"
[ -z "$log_file" ] || procd_add_jail_mount_rw "$log_file"
[ -z "$tls_crt" ] || procd_add_jail_mount "$tls_crt"
[ -z "$tls_key" ] || procd_add_jail_mount "$tls_key"
procd_close_instance
}
reload_service() {
stop
start
}
service_triggers() {
procd_add_reload_trigger "$CONF"
}