|
@ -44,77 +44,77 @@ generate_config() |
|
|
local tls_max_version |
|
|
local tls_max_version |
|
|
|
|
|
|
|
|
# Generate configuration. See: https://github.com/getdnsapi/stubby/blob/develop/stubby.yml.example |
|
|
# Generate configuration. See: https://github.com/getdnsapi/stubby/blob/develop/stubby.yml.example |
|
|
echo "# Autogenerated configuration from uci data" > "$config_file" |
|
|
|
|
|
echo "resolution_type: GETDNS_RESOLUTION_STUB" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "# Autogenerated configuration from uci data" |
|
|
|
|
|
echo "resolution_type: GETDNS_RESOLUTION_STUB" |
|
|
|
|
|
|
|
|
config_get round_robin "global" round_robin_upstreams "1" |
|
|
config_get round_robin "global" round_robin_upstreams "1" |
|
|
echo "round_robin_upstreams: $round_robin" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "round_robin_upstreams: $round_robin" |
|
|
|
|
|
|
|
|
config_get appdata_dir "global" appdata_dir "/var/lib/stubby" |
|
|
config_get appdata_dir "global" appdata_dir "/var/lib/stubby" |
|
|
echo "appdata_dir: \"$appdata_dir\"" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "appdata_dir: \"$appdata_dir\"" |
|
|
|
|
|
|
|
|
config_get trust_anchors_backoff_time "global" trust_anchors_backoff_time "2500" |
|
|
config_get trust_anchors_backoff_time "global" trust_anchors_backoff_time "2500" |
|
|
echo "trust_anchors_backoff_time: $trust_anchors_backoff_time" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "trust_anchors_backoff_time: $trust_anchors_backoff_time" |
|
|
|
|
|
|
|
|
config_get tls_connection_retries "global" tls_connection_retries "" |
|
|
config_get tls_connection_retries "global" tls_connection_retries "" |
|
|
if [ -n "$tls_connection_retries" ]; then |
|
|
if [ -n "$tls_connection_retries" ]; then |
|
|
echo "tls_connection_retries: $tls_connection_retries" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_connection_retries: $tls_connection_retries" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_backoff_time "global" tls_backoff_time "" |
|
|
config_get tls_backoff_time "global" tls_backoff_time "" |
|
|
if [ -n "$tls_backoff_time" ]; then |
|
|
if [ -n "$tls_backoff_time" ]; then |
|
|
echo "tls_backoff_time: $tls_backoff_time" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_backoff_time: $tls_backoff_time" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get timeout "global" timeout "" |
|
|
config_get timeout "global" timeout "" |
|
|
if [ -n "$timeout" ]; then |
|
|
if [ -n "$timeout" ]; then |
|
|
echo "timeout: $timeout" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "timeout: $timeout" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get_bool tls_authentication "global" tls_authentication "1" |
|
|
config_get_bool tls_authentication "global" tls_authentication "1" |
|
|
if [ "$tls_authentication" = "1" ]; then |
|
|
if [ "$tls_authentication" = "1" ]; then |
|
|
echo "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED" |
|
|
else |
|
|
else |
|
|
echo "tls_authentication: GETDNS_AUTHENTICATION_NONE" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_authentication: GETDNS_AUTHENTICATION_NONE" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get_bool dnssec_return_status "global" dnssec_return_status "0" |
|
|
config_get_bool dnssec_return_status "global" dnssec_return_status "0" |
|
|
if [ "$dnssec_return_status" = "1" ]; then |
|
|
if [ "$dnssec_return_status" = "1" ]; then |
|
|
echo "dnssec_return_status: GETDNS_EXTENSION_TRUE" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "dnssec_return_status: GETDNS_EXTENSION_TRUE" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get dnssec_trust_anchors "global" dnssec_trust_anchors "" |
|
|
config_get dnssec_trust_anchors "global" dnssec_trust_anchors "" |
|
|
if [ -n "$dnssec_trust_anchors" ]; then |
|
|
if [ -n "$dnssec_trust_anchors" ]; then |
|
|
echo "dnssec_trust_anchors: \"$dnssec_trust_anchors\"" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "dnssec_trust_anchors: \"$dnssec_trust_anchors\"" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_query_padding_blocksize "global" tls_query_padding_blocksize "128" |
|
|
config_get tls_query_padding_blocksize "global" tls_query_padding_blocksize "128" |
|
|
echo "tls_query_padding_blocksize: $tls_query_padding_blocksize" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_query_padding_blocksize: $tls_query_padding_blocksize" |
|
|
|
|
|
|
|
|
config_get_bool edns_client_subnet_private "global" edns_client_subnet_private "1" |
|
|
config_get_bool edns_client_subnet_private "global" edns_client_subnet_private "1" |
|
|
echo "edns_client_subnet_private: $edns_client_subnet_private" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "edns_client_subnet_private: $edns_client_subnet_private" |
|
|
|
|
|
|
|
|
config_get idle_timeout "global" idle_timeout "10000" |
|
|
config_get idle_timeout "global" idle_timeout "10000" |
|
|
echo "idle_timeout: $idle_timeout" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "idle_timeout: $idle_timeout" |
|
|
|
|
|
|
|
|
config_get tls_cipher_list "global" tls_cipher_list "" |
|
|
config_get tls_cipher_list "global" tls_cipher_list "" |
|
|
if [ -n "$tls_cipher_list" ]; then |
|
|
if [ -n "$tls_cipher_list" ]; then |
|
|
echo "tls_cipher_list: \"$tls_cipher_list\"" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_cipher_list: \"$tls_cipher_list\"" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_ciphersuites "global" tls_ciphersuites "" |
|
|
config_get tls_ciphersuites "global" tls_ciphersuites "" |
|
|
if [ -n "$tls_ciphersuites" ]; then |
|
|
if [ -n "$tls_ciphersuites" ]; then |
|
|
echo "tls_ciphersuites: \"$tls_ciphersuites\"" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_ciphersuites: \"$tls_ciphersuites\"" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_min_version "global" tls_min_version "" |
|
|
config_get tls_min_version "global" tls_min_version "" |
|
|
if [ -n "$tls_min_version" ]; then |
|
|
if [ -n "$tls_min_version" ]; then |
|
|
echo "tls_min_version: GETDNS_TLS${tls_min_version/\./_}" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_min_version: GETDNS_TLS${tls_min_version/\./_}" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_max_version "global" tls_max_version "" |
|
|
config_get tls_max_version "global" tls_max_version "" |
|
|
if [ -n "$tls_max_version" ]; then |
|
|
if [ -n "$tls_max_version" ]; then |
|
|
echo "tls_max_version: GETDNS_TLS${tls_max_version/\./_}" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "tls_max_version: GETDNS_TLS${tls_max_version/\./_}" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
handle_listen_address_value() |
|
|
handle_listen_address_value() |
|
@ -122,10 +122,10 @@ generate_config() |
|
|
local value="$1" |
|
|
local value="$1" |
|
|
|
|
|
|
|
|
if [ "$listen_addresses_section" = 0 ]; then |
|
|
if [ "$listen_addresses_section" = 0 ]; then |
|
|
echo "listen_addresses:" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "listen_addresses:" |
|
|
listen_addresses_section=1 |
|
|
listen_addresses_section=1 |
|
|
fi |
|
|
fi |
|
|
echo " - $value" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " - $value" |
|
|
} |
|
|
} |
|
|
config_list_foreach "global" listen_address handle_listen_address_value |
|
|
config_list_foreach "global" listen_address handle_listen_address_value |
|
|
|
|
|
|
|
@ -134,10 +134,10 @@ generate_config() |
|
|
local value="$1" |
|
|
local value="$1" |
|
|
|
|
|
|
|
|
if [ "$dns_transport_list_section" = 0 ]; then |
|
|
if [ "$dns_transport_list_section" = 0 ]; then |
|
|
echo "dns_transport_list:" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "dns_transport_list:" |
|
|
dns_transport_list_section=1 |
|
|
dns_transport_list_section=1 |
|
|
fi |
|
|
fi |
|
|
echo " - $value" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " - $value" |
|
|
} |
|
|
} |
|
|
config_list_foreach "global" dns_transport handle_dns_transport_list_value |
|
|
config_list_foreach "global" dns_transport handle_dns_transport_list_value |
|
|
|
|
|
|
|
@ -154,38 +154,38 @@ generate_config() |
|
|
local tls_max_version |
|
|
local tls_max_version |
|
|
|
|
|
|
|
|
if [ "$upstream_recursive_servers_section" = 0 ]; then |
|
|
if [ "$upstream_recursive_servers_section" = 0 ]; then |
|
|
echo "upstream_recursive_servers:" >> "$config_file" |
|
|
|
|
|
|
|
|
echo "upstream_recursive_servers:" |
|
|
upstream_recursive_servers_section=1 |
|
|
upstream_recursive_servers_section=1 |
|
|
fi |
|
|
fi |
|
|
config_get address "$config" address |
|
|
config_get address "$config" address |
|
|
echo " - address_data: $address" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " - address_data: $address" |
|
|
|
|
|
|
|
|
config_get tls_auth_name "$config" tls_auth_name |
|
|
config_get tls_auth_name "$config" tls_auth_name |
|
|
echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " tls_auth_name: \"$tls_auth_name\"" |
|
|
|
|
|
|
|
|
config_get tls_auth_port "$config" tls_port "" |
|
|
config_get tls_auth_port "$config" tls_port "" |
|
|
if [ -n "$tls_port" ]; then |
|
|
if [ -n "$tls_port" ]; then |
|
|
echo " tls_port: $tls_port" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " tls_port: $tls_port" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_cipher_list "$config" tls_cipher_list "" |
|
|
config_get tls_cipher_list "$config" tls_cipher_list "" |
|
|
if [ -n "$tls_cipher_list" ]; then |
|
|
if [ -n "$tls_cipher_list" ]; then |
|
|
echo " tls_cipher_list: \"$tls_cipher_list\"" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " tls_cipher_list: \"$tls_cipher_list\"" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_ciphersuites "$config" tls_ciphersuites "" |
|
|
config_get tls_ciphersuites "$config" tls_ciphersuites "" |
|
|
if [ -n "$tls_ciphersuites" ]; then |
|
|
if [ -n "$tls_ciphersuites" ]; then |
|
|
echo " tls_ciphersuites: \"$tls_ciphersuites\"" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " tls_ciphersuites: \"$tls_ciphersuites\"" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_min_version "$config" tls_min_version "" |
|
|
config_get tls_min_version "$config" tls_min_version "" |
|
|
if [ -n "$tls_min_version" ]; then |
|
|
if [ -n "$tls_min_version" ]; then |
|
|
echo " tls_min_version: GETDNS_TLS${tls_min_version/\./_}" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " tls_min_version: GETDNS_TLS${tls_min_version/\./_}" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
config_get tls_max_version "$config" tls_max_version "" |
|
|
config_get tls_max_version "$config" tls_max_version "" |
|
|
if [ -n "$tls_max_version" ]; then |
|
|
if [ -n "$tls_max_version" ]; then |
|
|
echo " tls_max_version: GETDNS_TLS${tls_max_version/\./_}" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " tls_max_version: GETDNS_TLS${tls_max_version/\./_}" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
handle_resolver_spki() |
|
|
handle_resolver_spki() |
|
@ -195,17 +195,17 @@ generate_config() |
|
|
local value="${val#*/}" |
|
|
local value="${val#*/}" |
|
|
|
|
|
|
|
|
if [ "$tls_pubkey_pinset_section" = 0 ]; then |
|
|
if [ "$tls_pubkey_pinset_section" = 0 ]; then |
|
|
echo " tls_pubkey_pinset:" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " tls_pubkey_pinset:" |
|
|
tls_pubkey_pinset_section=1 |
|
|
tls_pubkey_pinset_section=1 |
|
|
fi |
|
|
fi |
|
|
echo " - digest: \"$digest\"" >> "$config_file" |
|
|
|
|
|
echo " value: $value" >> "$config_file" |
|
|
|
|
|
|
|
|
echo " - digest: \"$digest\"" |
|
|
|
|
|
echo " value: $value" |
|
|
} |
|
|
} |
|
|
config_list_foreach "$config" spki handle_resolver_spki |
|
|
config_list_foreach "$config" spki handle_resolver_spki |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
config_foreach handle_resolver resolver |
|
|
config_foreach handle_resolver resolver |
|
|
} |
|
|
|
|
|
|
|
|
} > "$config_file" |
|
|
|
|
|
|
|
|
start_service() { |
|
|
start_service() { |
|
|
local config_file_tmp |
|
|
local config_file_tmp |
|
@ -226,6 +226,7 @@ start_service() { |
|
|
generate_config "$config_file_tmp" |
|
|
generate_config "$config_file_tmp" |
|
|
mv "$config_file_tmp" "$stubby_config" |
|
|
mv "$config_file_tmp" "$stubby_config" |
|
|
fi |
|
|
fi |
|
|
|
|
|
chmod 0644 "$stubby_config" |
|
|
|
|
|
|
|
|
config_get command_line_arguments "global" command_line_arguments "" |
|
|
config_get command_line_arguments "global" command_line_arguments "" |
|
|
|
|
|
|
|
|