You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

277 lines
8.2 KiB

  1. #!/bin/sh /etc/rc.common
  2. USE_PROCD=1
  3. START=30
  4. STOP=51
  5. stubby="/usr/sbin/stubby"
  6. stubby_init="/etc/init.d/stubby"
  7. stubby_config_dir="/var/etc/stubby"
  8. stubby_config="$stubby_config_dir/stubby.yml"
  9. stubby_pid_file="/var/run/stubby.pid"
  10. stubby_manual_config="/etc/stubby/stubby.yml"
  11. boot()
  12. {
  13. stubby_boot=1
  14. rc_procd start_service
  15. }
  16. generate_config()
  17. {
  18. local round_robin
  19. local tls_authentication
  20. local tls_query_padding_blocksize
  21. local edns_client_subnet_private
  22. local idle_timeout
  23. local appdata_dir
  24. local trust_anchors_backoff_time
  25. local tls_connection_retries
  26. local tls_backoff_time
  27. local timeout
  28. local dnssec_return_status
  29. local dnssec_trust_anchors
  30. local listen_addresses_section=0
  31. local dns_transport_list_section=0
  32. local upstream_recursive_servers_section=0
  33. local command_line_arguments
  34. local log_level
  35. local tls_cipher_list
  36. local tls_ciphersuites
  37. local tls_min_version
  38. local tls_max_version
  39. # Generate configuration. See: https://github.com/getdnsapi/stubby/blob/develop/stubby.yml.example
  40. echo "# Autogenerated configuration from uci data"
  41. echo "resolution_type: GETDNS_RESOLUTION_STUB"
  42. config_get round_robin "global" round_robin_upstreams "1"
  43. echo "round_robin_upstreams: $round_robin"
  44. config_get appdata_dir "global" appdata_dir "/var/lib/stubby"
  45. echo "appdata_dir: \"$appdata_dir\""
  46. config_get trust_anchors_backoff_time "global" trust_anchors_backoff_time "2500"
  47. echo "trust_anchors_backoff_time: $trust_anchors_backoff_time"
  48. config_get tls_connection_retries "global" tls_connection_retries ""
  49. if [ -n "$tls_connection_retries" ]; then
  50. echo "tls_connection_retries: $tls_connection_retries"
  51. fi
  52. config_get tls_backoff_time "global" tls_backoff_time ""
  53. if [ -n "$tls_backoff_time" ]; then
  54. echo "tls_backoff_time: $tls_backoff_time"
  55. fi
  56. config_get timeout "global" timeout ""
  57. if [ -n "$timeout" ]; then
  58. echo "timeout: $timeout"
  59. fi
  60. config_get_bool tls_authentication "global" tls_authentication "1"
  61. if [ "$tls_authentication" = "1" ]; then
  62. echo "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED"
  63. else
  64. echo "tls_authentication: GETDNS_AUTHENTICATION_NONE"
  65. fi
  66. config_get_bool dnssec_return_status "global" dnssec_return_status "0"
  67. if [ "$dnssec_return_status" = "1" ]; then
  68. echo "dnssec_return_status: GETDNS_EXTENSION_TRUE"
  69. fi
  70. config_get dnssec_trust_anchors "global" dnssec_trust_anchors ""
  71. if [ -n "$dnssec_trust_anchors" ]; then
  72. echo "dnssec_trust_anchors: \"$dnssec_trust_anchors\""
  73. fi
  74. config_get tls_query_padding_blocksize "global" tls_query_padding_blocksize "128"
  75. echo "tls_query_padding_blocksize: $tls_query_padding_blocksize"
  76. config_get_bool edns_client_subnet_private "global" edns_client_subnet_private "1"
  77. echo "edns_client_subnet_private: $edns_client_subnet_private"
  78. config_get idle_timeout "global" idle_timeout "10000"
  79. echo "idle_timeout: $idle_timeout"
  80. config_get tls_cipher_list "global" tls_cipher_list ""
  81. if [ -n "$tls_cipher_list" ]; then
  82. echo "tls_cipher_list: \"$tls_cipher_list\""
  83. fi
  84. config_get tls_ciphersuites "global" tls_ciphersuites ""
  85. if [ -n "$tls_ciphersuites" ]; then
  86. echo "tls_ciphersuites: \"$tls_ciphersuites\""
  87. fi
  88. config_get tls_min_version "global" tls_min_version ""
  89. if [ -n "$tls_min_version" ]; then
  90. echo "tls_min_version: GETDNS_TLS${tls_min_version/\./_}"
  91. fi
  92. config_get tls_max_version "global" tls_max_version ""
  93. if [ -n "$tls_max_version" ]; then
  94. echo "tls_max_version: GETDNS_TLS${tls_max_version/\./_}"
  95. fi
  96. handle_listen_address_value()
  97. {
  98. local value="$1"
  99. if [ "$listen_addresses_section" = 0 ]; then
  100. echo "listen_addresses:"
  101. listen_addresses_section=1
  102. fi
  103. echo " - $value"
  104. }
  105. config_list_foreach "global" listen_address handle_listen_address_value
  106. handle_dns_transport_list_value()
  107. {
  108. local value="$1"
  109. if [ "$dns_transport_list_section" = 0 ]; then
  110. echo "dns_transport_list:"
  111. dns_transport_list_section=1
  112. fi
  113. echo " - $value"
  114. }
  115. config_list_foreach "global" dns_transport handle_dns_transport_list_value
  116. handle_resolver()
  117. {
  118. local config=$1
  119. local address
  120. local tls_auth_name
  121. local tls_port
  122. local tls_pubkey_pinset_section=0
  123. local tls_cipher_list
  124. local tls_ciphersuites
  125. local tls_min_version
  126. local tls_max_version
  127. if [ "$upstream_recursive_servers_section" = 0 ]; then
  128. echo "upstream_recursive_servers:"
  129. upstream_recursive_servers_section=1
  130. fi
  131. config_get address "$config" address
  132. echo " - address_data: \"$address\""
  133. config_get tls_auth_name "$config" tls_auth_name
  134. echo " tls_auth_name: \"$tls_auth_name\""
  135. config_get tls_port "$config" tls_port ""
  136. if [ -n "$tls_port" ]; then
  137. echo " tls_port: $tls_port"
  138. fi
  139. config_get tls_cipher_list "$config" tls_cipher_list ""
  140. if [ -n "$tls_cipher_list" ]; then
  141. echo " tls_cipher_list: \"$tls_cipher_list\""
  142. fi
  143. config_get tls_ciphersuites "$config" tls_ciphersuites ""
  144. if [ -n "$tls_ciphersuites" ]; then
  145. echo " tls_ciphersuites: \"$tls_ciphersuites\""
  146. fi
  147. config_get tls_min_version "$config" tls_min_version ""
  148. if [ -n "$tls_min_version" ]; then
  149. echo " tls_min_version: GETDNS_TLS${tls_min_version/\./_}"
  150. fi
  151. config_get tls_max_version "$config" tls_max_version ""
  152. if [ -n "$tls_max_version" ]; then
  153. echo " tls_max_version: GETDNS_TLS${tls_max_version/\./_}"
  154. fi
  155. handle_resolver_spki()
  156. {
  157. local val="$1"
  158. local digest="${val%%/*}"
  159. local value="${val#*/}"
  160. if [ "$tls_pubkey_pinset_section" = 0 ]; then
  161. echo " tls_pubkey_pinset:"
  162. tls_pubkey_pinset_section=1
  163. fi
  164. echo " - digest: \"$digest\""
  165. echo " value: $value"
  166. }
  167. config_list_foreach "$config" spki handle_resolver_spki
  168. }
  169. config_foreach handle_resolver resolver
  170. } > "$config_file_tmp"
  171. start_service() {
  172. local config_file_tmp
  173. local manual
  174. local log_level
  175. local command_line_arguments
  176. mkdir -p "$stubby_config_dir"
  177. config_load "stubby"
  178. config_get_bool manual "global" manual "0"
  179. if [ "$manual" = "1" ]; then
  180. cp "$stubby_manual_config" "$stubby_config"
  181. else
  182. config_file_tmp="$stubby_config.$$"
  183. generate_config
  184. mv "$config_file_tmp" "$stubby_config"
  185. fi
  186. chown stubby:stubby "$stubby_config"
  187. chmod 0400 "$stubby_config"
  188. config_get command_line_arguments "global" command_line_arguments ""
  189. config_get log_level "global" log_level ""
  190. if [ "$("$stubby_init" enabled; printf "%u" $?)" -eq 0 ]; then
  191. if [ -n "$stubby_boot" ]; then
  192. local trigger
  193. trigger="$(uci_get stubby global trigger)"
  194. if [ "$trigger" != "timed" ]; then
  195. return 0
  196. fi
  197. fi
  198. procd_open_instance "stubby"
  199. procd_set_param command "$stubby" -C "$stubby_config"
  200. if [ -n "$log_level" ]; then
  201. procd_append_param command -v "$log_level"
  202. fi
  203. if [ -n "$command_line_arguments" ]; then
  204. procd_append_param command "$command_line_arguments"
  205. fi
  206. procd_set_param respawn
  207. procd_set_param file "$stubby_config"
  208. procd_set_param stdout 1
  209. procd_set_param stderr 1
  210. procd_set_param pidfile "$stubby_pid_file"
  211. procd_set_param user stubby
  212. procd_close_instance
  213. fi
  214. }
  215. service_triggers()
  216. {
  217. local trigger
  218. local delay
  219. trigger="$(uci_get stubby global trigger)"
  220. delay="$(uci_get stubby global triggerdelay "2")"
  221. PROCD_RELOAD_DELAY=$((${delay:-2} * 1000))
  222. for trigger_item in $trigger
  223. do
  224. procd_add_interface_trigger "interface.*.up" "$trigger_item" "$stubby_init" start
  225. done
  226. procd_add_reload_trigger "stubby"
  227. }