You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

214 lines
6.7 KiB

  1. #!/bin/sh /etc/rc.common
  2. USE_PROCD=1
  3. START=50
  4. STOP=51
  5. PROG="/usr/sbin/stubby"
  6. stubby="/usr/sbin/stubby"
  7. stubby_init="/etc/init.d/stubby"
  8. stubby_config_dir="/var/etc/stubby"
  9. stubby_config="$stubby_config_dir/stubby.yml"
  10. stubby_pid_file="/var/run/stubby.pid"
  11. stubby_manual_config="/etc/stubby/stubby.yml"
  12. boot()
  13. {
  14. stubby_boot=1
  15. rc_procd start_service
  16. }
  17. generate_config()
  18. {
  19. local config_file="$1"
  20. local round_robin
  21. local tls_authentication
  22. local tls_query_padding_blocksize
  23. local edns_client_subnet_private
  24. local idle_timeout
  25. local appdata_dir
  26. local tls_connection_retries
  27. local tls_backoff_time
  28. local timeout
  29. local dnssec_return_status
  30. local dnssec_trust_anchors
  31. local listen_addresses_section=0
  32. local dns_transport_list_section=0
  33. local upstream_recursive_servers_section=0
  34. local stubby_args
  35. local command_line_arguments
  36. local log_level
  37. # Generate configuration. See: https://github.com/getdnsapi/stubby/blob/develop/stubby.yml.example
  38. echo "# Autogenerated configuration from uci data" > "$config_file"
  39. echo "resolution_type: GETDNS_RESOLUTION_STUB" >> "$config_file"
  40. config_get round_robin "global" round_robin_upstreams "1"
  41. echo "round_robin_upstreams: $round_robin" >> "$config_file"
  42. config_get appdata_dir "global" appdata_dir "/var/lib/stubby"
  43. echo "appdata_dir: \"$appdata_dir\"" >> "$config_file"
  44. config_get tls_connection_retries "global" tls_connection_retries ""
  45. if [ -n "$tls_connection_retries" ]; then
  46. echo "tls_connection_retries: $tls_connection_retries" >> "$config_file"
  47. fi
  48. config_get tls_backoff_time "global" tls_backoff_time ""
  49. if [ -n "$tls_backoff_time" ]; then
  50. echo "tls_backoff_time: $tls_backoff_time" >> "$config_file"
  51. fi
  52. config_get timeout "global" timeout ""
  53. if [ -n "$timeout" ]; then
  54. echo "timeout: $timeout" >> "$config_file"
  55. fi
  56. config_get_bool tls_authentication "global" tls_authentication "1"
  57. if [ "$tls_authentication" = "1" ]; then
  58. echo "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED" >> "$config_file"
  59. else
  60. echo "tls_authentication: GETDNS_AUTHENTICATION_NONE" >> "$config_file"
  61. fi
  62. config_get_bool dnssec_return_status "global" dnssec_return_status "0"
  63. if [ "$dnssec_return_status" = "1" ]; then
  64. echo "dnssec_return_status: GETDNS_EXTENSION_TRUE" >> "$config_file"
  65. fi
  66. config_get dnssec_trust_anchors "global" dnssec_trust_anchors ""
  67. if [ -n "$dnssec_trust_anchors" ]; then
  68. echo "dnssec_trust_anchors: \"$dnssec_trust_anchors\"" >> "$config_file"
  69. fi
  70. config_get tls_query_padding_blocksize "global" tls_query_padding_blocksize "128"
  71. echo "tls_query_padding_blocksize: $tls_query_padding_blocksize" >> "$config_file"
  72. config_get_bool edns_client_subnet_private "global" edns_client_subnet_private "1"
  73. echo "edns_client_subnet_private: $edns_client_subnet_private" >> "$config_file"
  74. config_get idle_timeout "global" idle_timeout "10000"
  75. echo "idle_timeout: $idle_timeout" >> "$config_file"
  76. handle_listen_address_value()
  77. {
  78. local value="$1"
  79. if [ "$listen_addresses_section" = 0 ]; then
  80. echo "listen_addresses:" >> "$config_file"
  81. listen_addresses_section=1
  82. fi
  83. echo " - $value" >> "$config_file"
  84. }
  85. config_list_foreach "global" listen_address handle_listen_address_value
  86. handle_dns_transport_list_value()
  87. {
  88. local value="$1"
  89. if [ "$dns_transport_list_section" = 0 ]; then
  90. echo "dns_transport_list:" >> "$config_file"
  91. dns_transport_list_section=1
  92. fi
  93. echo " - $value" >> "$config_file"
  94. }
  95. config_list_foreach "global" dns_transport handle_dns_transport_list_value
  96. handle_resolver()
  97. {
  98. local config=$1
  99. local address
  100. local tls_auth_name
  101. local spki
  102. local tls_pubkey_pinset_section=0
  103. if [ "$upstream_recursive_servers_section" = 0 ]; then
  104. echo "upstream_recursive_servers:" >> "$config_file"
  105. upstream_recursive_servers_section=1
  106. fi
  107. config_get address "$config" address
  108. config_get tls_auth_name "$config" tls_auth_name
  109. echo " - address_data: $address" >> "$config_file"
  110. echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file"
  111. handle_resolver_spki()
  112. {
  113. local val="$1"
  114. local digest="${val%/*}"
  115. local value="${val#*/}"
  116. if [ "$tls_pubkey_pinset_section" = 0 ]; then
  117. echo " tls_pubkey_pinset:" >> "$config_file"
  118. tls_pubkey_pinset_section=1
  119. fi
  120. echo " - digest: \"$digest\"" >> "$config_file"
  121. echo " value: $value" >> "$config_file"
  122. }
  123. config_list_foreach "$config" spki handle_resolver_spki
  124. }
  125. config_foreach handle_resolver resolver
  126. }
  127. start_service() {
  128. local config_file_tmp
  129. local manual
  130. local log_level
  131. local command_line_arguments
  132. mkdir -p "$stubby_config_dir"
  133. config_load "stubby"
  134. config_get_bool manual "global" manual "0"
  135. if [ "$manual" = "1" ]; then
  136. cp "$stubby_manual_config" "$stubby_config"
  137. else
  138. config_file_tmp="$stubby_config.$$"
  139. generate_config "$config_file_tmp"
  140. mv "$config_file_tmp" "$stubby_config"
  141. fi
  142. config_get command_line_arguments "global" command_line_arguments ""
  143. config_get log_level "global" log_level ""
  144. if [ $("${stubby_init}" enabled; printf "%u" ${?}) -eq 0 ]; then
  145. if [ -n "${stubby_boot}" ]; then
  146. local trigger="$(uci_get stubby global trigger)"
  147. if [ "${trigger}" != "timed" ]; then
  148. return 0
  149. fi
  150. fi
  151. procd_open_instance "stubby"
  152. procd_set_param command "$stubby" -C "$stubby_config"
  153. if [ -n "$log_level" ]; then
  154. procd_append_param command -v "$log_level"
  155. fi
  156. if [ -n "$command_line_arguments" ]; then
  157. procd_append_param command "$command_line_arguments"
  158. fi
  159. procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
  160. procd_set_param file "$stubby_config"
  161. procd_set_param stdout 1
  162. procd_set_param stderr 1
  163. procd_set_param pidfile "$stubby_pid_file"
  164. procd_set_param user stubby
  165. procd_close_instance
  166. fi
  167. }
  168. service_triggers()
  169. {
  170. local trigger="$(uci_get stubby global trigger)"
  171. local delay="$(uci_get stubby global triggerdelay "2")"
  172. if [ "${trigger}" != "none" ] && [ "${trigger}" != "timed" ]; then
  173. PROCD_RELOAD_DELAY=$((${delay:-2} * 1000))
  174. procd_add_interface_trigger "interface.*.up" "${trigger}" "${stubby_init}" start
  175. fi
  176. procd_add_reload_trigger "stubby"
  177. }