You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

232 lines
6.4 KiB

  1. #!/bin/sh /etc/rc.common
  2. # Copyright 2019-2020 Stan Grishin (stangri@melmac.net)
  3. # shellcheck disable=SC2039
  4. PKG_VERSION='dev-test'
  5. # shellcheck disable=SC2034
  6. START=80
  7. # shellcheck disable=SC2034
  8. USE_PROCD=1
  9. if type extra_command 1>/dev/null 2>&1; then
  10. extra_command 'version' 'Show version information'
  11. else
  12. # shellcheck disable=SC2034
  13. EXTRA_COMMANDS='version'
  14. fi
  15. readonly PROG=/usr/sbin/https-dns-proxy
  16. dnsmasqConfig=''; forceDNS=''; forceDNSPorts='';
  17. version() { echo "$PKG_VERSION"; }
  18. xappend() { param="$param $1"; }
  19. append_bool() {
  20. local section="$1"
  21. local option="$2"
  22. local value="$3"
  23. local default="$4"
  24. local _loctmp
  25. [ -z "$default" ] && default="0"
  26. config_get_bool _loctmp "$section" "$option" "$default"
  27. [ "$_loctmp" != "0" ] && xappend "$value"
  28. }
  29. append_parm() {
  30. local section="$1"
  31. local option="$2"
  32. local switch="$3"
  33. local default="$4"
  34. local _loctmp
  35. config_get _loctmp "$section" "$option" "$default"
  36. [ -z "$_loctmp" ] && return 0
  37. xappend "$switch $_loctmp"
  38. }
  39. start_instance() {
  40. local cfg="$1" param listen_addr listen_port i
  41. append_parm "$cfg" 'resolver_url' '-r'
  42. append_parm "$cfg" 'polling_interval' '-i'
  43. append_parm "$cfg" 'listen_addr' '-a' '127.0.0.1'
  44. append_parm "$cfg" 'listen_port' '-p' "$p"
  45. append_parm "$cfg" 'dscp_codepoint' '-c'
  46. append_parm "$cfg" 'bootstrap_dns' '-b'
  47. append_parm "$cfg" 'user' '-u' 'nobody'
  48. append_parm "$cfg" 'group' '-g' 'nogroup'
  49. append_parm "$cfg" 'proxy_server' '-t'
  50. append_parm "$cfg" 'logfile' '-l'
  51. append_bool "$cfg" 'use_http1' '-x'
  52. config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0'
  53. config_get verbosity "$cfg" 'verbosity' '0'
  54. # shellcheck disable=SC2086,SC2154
  55. for i in $(seq 1 $verbosity); do
  56. xappend '-v'
  57. done
  58. # shellcheck disable=SC2154
  59. if [ "$ipv6_resolvers_only" = 0 ]; then
  60. xappend '-4'
  61. fi
  62. procd_open_instance
  63. # shellcheck disable=SC2086
  64. procd_set_param command ${PROG} ${param}
  65. procd_set_param stderr 1
  66. procd_set_param stdout 1
  67. procd_set_param respawn
  68. procd_close_instance
  69. config_get listen_addr "$cfg" 'listen_addr' '127.0.0.1'
  70. config_get listen_port "$cfg" 'listen_port' "$p"
  71. if [ "$dnsmasqConfig" = "*" ]; then
  72. config_load 'dhcp'
  73. config_foreach dnsmasq_add_doh_server 'dnsmasq' "${listen_addr}" "${listen_port}"
  74. elif [ -n "$dnsmasqConfig" ]; then
  75. for i in $dnsmasqConfig; do
  76. dnsmasq_add_doh_server "@dnsmasq[${i}]" "${listen_addr}" "${listen_port}"
  77. done
  78. fi
  79. p="$((p+1))"
  80. }
  81. is_force_dns_active() { iptables-save | grep -q -w -- '--dport 53'; }
  82. start_service() {
  83. local p=5053 c
  84. config_load 'https-dns-proxy'
  85. config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*'
  86. config_get_bool forceDNS 'config' 'force_dns' '1'
  87. config_get forceDNSPorts 'config' 'force_dns_port' '53 853'
  88. dhcp_backup 'create'
  89. config_load 'https-dns-proxy'
  90. config_foreach start_instance 'https-dns-proxy'
  91. if [ "$forceDNS" -ne 0 ]; then
  92. procd_open_instance 'main'
  93. procd_set_param command /bin/true
  94. procd_set_param stdout 1
  95. procd_set_param stderr 1
  96. procd_open_data
  97. json_add_array firewall
  98. for c in $forceDNSPorts; do
  99. if netstat -tuln | grep 'LISTEN' | grep ":${c}" >/dev/null 2>&1 || [ "$c" = "53" ]; then
  100. json_add_object ""
  101. json_add_string type redirect
  102. json_add_string target DNAT
  103. json_add_string src lan
  104. json_add_string proto "tcp udp"
  105. json_add_string src_dport "$c"
  106. json_add_string dest_port "$c"
  107. json_add_boolean reflection 0
  108. json_close_object
  109. else
  110. json_add_object ""
  111. json_add_string type rule
  112. json_add_string src lan
  113. json_add_string dest "*"
  114. json_add_string proto "tcp udp"
  115. json_add_string dest_port "$c"
  116. json_add_string target REJECT
  117. json_close_object
  118. fi
  119. done
  120. json_close_array
  121. procd_close_data
  122. procd_close_instance
  123. fi
  124. if [ -n "$(uci -q changes dhcp)" ]; then
  125. uci -q commit dhcp
  126. [ -x /etc/init.d/dnsmasq ] && /etc/init.d/dnsmasq restart >/dev/null 2>&1
  127. fi
  128. }
  129. stop_service() {
  130. config_load 'https-dns-proxy'
  131. config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*'
  132. dhcp_backup 'restore'
  133. if [ -n "$(uci -q changes dhcp)" ]; then
  134. uci -q commit dhcp
  135. [ -x /etc/init.d/dnsmasq ] && /etc/init.d/dnsmasq restart >/dev/null 2>&1
  136. fi
  137. }
  138. service_triggers() {
  139. procd_add_config_trigger "config.change" "https-dns-proxy" /etc/init.d/https-dns-proxy reload
  140. }
  141. service_started() { procd_set_config_changed firewall; }
  142. service_stopped() { procd_set_config_changed firewall; }
  143. dnsmasq_add_doh_server() {
  144. local cfg="$1" address="$2" port="$3"
  145. case $address in
  146. 0.0.0.0|::ffff:0.0.0.0) address='127.0.0.1';;
  147. ::) address='::1';;
  148. esac
  149. uci -q del_list "dhcp.${cfg}.server=${address}#${port}"
  150. uci -q add_list "dhcp.${cfg}.server=${address}#${port}"
  151. }
  152. dnsmasq_create_server_backup() {
  153. local cfg="$1"
  154. local i
  155. uci -q get "dhcp.${cfg}" >/dev/null || return 0
  156. if ! uci -q get "dhcp.${cfg}.doh_backup_noresolv" >/dev/null; then
  157. if [ -z "$(uci -q get "dhcp.${cfg}.noresolv")" ]; then
  158. uci -q set "dhcp.${cfg}.noresolv=1"
  159. uci -q set "dhcp.${cfg}.doh_backup_noresolv=-1"
  160. elif [ "$(uci -q get "dhcp.${cfg}.noresolv")" != "1" ]; then
  161. uci -q set "dhcp.${cfg}.noresolv=1"
  162. uci -q set "dhcp.${cfg}.doh_backup_noresolv=0"
  163. fi
  164. fi
  165. if ! uci -q get "dhcp.${cfg}.doh_backup_server" >/dev/null; then
  166. for i in $(uci -q get "dhcp.${cfg}.server"); do
  167. uci -q add_list "dhcp.${cfg}.doh_backup_server=$i"
  168. if [ "$i" = "${i//127.0.0.1}" ] && [ "$i" = "$(echo "$i" | tr -d /)" ]; then
  169. uci -q del_list "dhcp.${cfg}.server=$i"
  170. fi
  171. done
  172. fi
  173. }
  174. dnsmasq_restore_server_backup() {
  175. local cfg="$1"
  176. local i
  177. uci -q get "dhcp.${cfg}" >/dev/null || return 0
  178. if uci -q get "dhcp.${cfg}.doh_backup_noresolv" >/dev/null; then
  179. if [ "$(uci -q get "dhcp.${cfg}.doh_backup_noresolv")" = "0" ]; then
  180. uci -q set "dhcp.${cfg}.noresolv=0"
  181. else
  182. uci -q del "dhcp.${cfg}.noresolv"
  183. fi
  184. uci -q del "dhcp.${cfg}.doh_backup_noresolv"
  185. fi
  186. if uci -q get "dhcp.${cfg}.doh_backup_server" >/dev/null; then
  187. uci -q del "dhcp.${cfg}.server"
  188. for i in $(uci -q get "dhcp.${cfg}.doh_backup_server"); do
  189. uci -q add_list "dhcp.${cfg}.server=$i"
  190. done
  191. uci -q del "dhcp.${cfg}.doh_backup_server"
  192. fi
  193. }
  194. dhcp_backup() {
  195. local i
  196. config_load 'dhcp'
  197. case "$1" in
  198. create)
  199. if [ "$dnsmasqConfig" = "*" ]; then
  200. config_foreach dnsmasq_create_server_backup 'dnsmasq'
  201. elif [ -n "$dnsmasqConfig" ]; then
  202. for i in $dnsmasqConfig; do
  203. dnsmasq_create_server_backup "@dnsmasq[${i}]"
  204. done
  205. fi
  206. ;;
  207. restore)
  208. config_foreach dnsmasq_restore_server_backup 'dnsmasq'
  209. ;;
  210. esac
  211. }