#!/bin/sh /etc/rc.common # # Copyright (C) 2018-2020 Ruilin Peng (Nick) . # # smartdns is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # smartdns is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . START=99 NAME=smartdns USE_PROCD=1 SERVICE_USE_PID=1 SERVICE_WRITE_PID=1 SERVICE_DAEMONIZE=1 SERVICE_PID_FILE="/var/run/smartdns.pid" SMARTDNS_CONF_DIR="/etc/smartdns" SMARTDNS_VAR_CONF_DIR="/var/etc/smartdns" SMARTDNS_CONF="$SMARTDNS_VAR_CONF_DIR/smartdns.conf" ADDRESS_CONF="$SMARTDNS_CONF_DIR/address.conf" BLACKLIST_IP_CONF="$SMARTDNS_CONF_DIR/blacklist-ip.conf" CUSTOM_CONF="$SMARTDNS_CONF_DIR/custom.conf" SMARTDNS_CONF_TMP="${SMARTDNS_CONF}.tmp" COREDUMP="0" RESPAWN="1" set_forward_dnsmasq() { local PORT="$1" addr="127.0.0.1#$PORT" OLD_SERVER="$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)" if echo "$OLD_SERVER" | grep "^$addr" >/dev/null 2>&1; then return fi uci delete dhcp.@dnsmasq[0].server 2>/dev/null uci add_list dhcp.@dnsmasq[0].server="$addr" for server in $OLD_SERVER; do [ "$server" = "$addr" ] && continue uci add_list dhcp.@dnsmasq[0].server="$server" done uci set dhcp.@dnsmasq[0].noresolv=1 uci commit dhcp /etc/init.d/dnsmasq restart } stop_forward_dnsmasq() { local OLD_PORT="$1" addr="127.0.0.1#$OLD_PORT" OLD_SERVER="$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)" if ! echo "$OLD_SERVER" | grep "^$addr" >/dev/null 2>&1; then return fi uci del_list dhcp.@dnsmasq[0].server="$addr" 2>/dev/null addrlist="$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)" [ -z "$addrlist" ] && { uci delete dhcp.@dnsmasq[0].noresolv 2>/dev/null } uci commit dhcp /etc/init.d/dnsmasq restart } set_iptable() { local ipv6_server=$1 local tcp_server=$2 IPS="$(ifconfig | grep "inet addr" | grep -v ":127" | grep "Bcast" | awk '{print $2}' | awk -F : '{print $2}')" for IP in $IPS do if [ "$tcp_server" = "1" ]; then iptables -t nat -A PREROUTING -p tcp -d "$IP" --dport 53 -j REDIRECT --to-ports "$SMARTDNS_PORT" >/dev/null 2>&1 fi iptables -t nat -A PREROUTING -p udp -d "$IP" --dport 53 -j REDIRECT --to-ports "$SMARTDNS_PORT" >/dev/null 2>&1 done [ "$ipv6_server" = 0 ] && return IPS="$(ifconfig | grep "inet6 addr" | grep -v " fe80::" | grep -v " ::1" | grep "Global" | awk '{print $3}')" for IP in $IPS do if [ "$tcp_server" = "1" ]; then ip6tables -t nat -A PREROUTING -p tcp -d "$IP" --dport 53 -j REDIRECT --to-ports "$SMARTDNS_PORT" >/dev/null 2>&1 fi ip6tables -t nat -A PREROUTING -p udp -d "$IP" --dport 53 -j REDIRECT --to-ports "$SMARTDNS_PORT" >/dev/null 2>&1 done } clear_iptable() { local OLD_PORT="$1" local ipv6_server=$2 IPS="$(ifconfig | grep "inet addr" | grep -v ":127" | grep "Bcast" | awk '{print $2}' | awk -F : '{print $2}')" for IP in $IPS do iptables -t nat -D PREROUTING -p udp -d "$IP" --dport 53 -j REDIRECT --to-ports "$OLD_PORT" >/dev/null 2>&1 iptables -t nat -D PREROUTING -p tcp -d "$IP" --dport 53 -j REDIRECT --to-ports "$OLD_PORT" >/dev/null 2>&1 done [ "$ipv6_server" = 0 ] && return IPS="$(ifconfig | grep "inet6 addr" | grep -v " fe80::" | grep -v " ::1" | grep "Global" | awk '{print $3}')" for IP in $IPS do ip6tables -t nat -D PREROUTING -p udp -d "$IP" --dport 53 -j REDIRECT --to-ports "$OLD_PORT" >/dev/null 2>&1 ip6tables -t nat -D PREROUTING -p tcp -d "$IP" --dport 53 -j REDIRECT --to-ports "$OLD_PORT" >/dev/null 2>&1 done } service_triggers() { procd_add_reload_trigger firewall procd_add_reload_trigger smartdns } conf_append() { echo "$1 $2" >> $SMARTDNS_CONF_TMP } get_tz() { SET_TZ="" [ -e "/etc/localtime" ] && return for tzfile in /etc/TZ /var/etc/TZ do [ -e "$tzfile" ] || continue tz="$(cat $tzfile 2>/dev/null)" done [ -z "$tz" ] && return SET_TZ=$tz } load_server() { local section="$1" local ADDITIONAL_ARGS="" local DNS_ADDRESS="" config_get_bool enabled "$section" "enabled" "1" config_get port "$section" "port" "" config_get type "$section" "type" "udp" config_get ip "$section" "ip" "" config_get tls_host_verify "$section" "tls_host_verify" "" config_get no_check_certificate "$section" "no_check_certificate" "0" config_get host_name "$section" "host_name" "" config_get http_host "$section" "http_host" "" config_get server_group "$section" "server_group" "" config_get blacklist_ip "$section" "blacklist_ip" "0" config_get check_edns "$section" "check_edns" "0" config_get spki_pin "$section" "spki_pin" "" config_get addition_arg "$section" "addition_arg" "" [ "$enabled" = "0" ] && return if [ -z "$ip" ] || [ -z "$type" ]; then return fi SERVER="server" if [ "$type" = "tcp" ]; then SERVER="server-tcp" elif [ "$type" = "tls" ]; then SERVER="server-tls" elif [ "$type" = "https" ]; then SERVER="server-https" fi if echo "$ip" | grep ":" | grep -q -v "https://" >/dev/null 2>&1; then if ! echo "$ip" | grep -q "\\[" >/dev/null 2>&1; then ip="[$ip]" fi fi [ -z "$tls_host_verify" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -tls-host-verify $tls_host_verify" [ "$no_check_certificate" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -no-check-certificate" [ -z "$host_name" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -host-name $host_name" [ -z "$http_host" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -http-host $http_host" [ -z "$server_group" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -group $server_group" [ "$blacklist_ip" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -blacklist-ip" [ "$check_edns" = "0" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -check-edns" [ -z "$spki_pin" ] || ADDITIONAL_ARGS="$ADDITIONAL_ARGS -spki-pin $spki_pin" if [ -z "$port" ]; then DNS_ADDRESS="$ip" else DNS_ADDRESS="$ip:$port" fi [ "$type" = "https" ] && DNS_ADDRESS="$ip" conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS $addition_arg" } load_second_server() { local section="$1" local ARGS="" local ADDR="" config_get_bool seconddns_enabled "$section" "seconddns_enabled" "0" [ "$seconddns_enabled" = "0" ] && return config_get seconddns_port "$section" "seconddns_port" "6553" config_get_bool seconddns_no_speed_check "$section" "seconddns_no_speed_check" "0" [ "$seconddns_no_speed_check" = "1" ] && ARGS="$ARGS -no-speed-check" config_get seconddns_server_group "$section" "seconddns_server_group" "" [ -z "$seconddns_server_group" ] || ARGS="$ARGS -group $seconddns_server_group" config_get_bool seconddns_no_rule_addr "$section" "seconddns_no_rule_addr" "0" [ "$seconddns_no_rule_addr" = "1" ] && ARGS="$ARGS -no-rule-addr" config_get_bool seconddns_no_rule_nameserver "$section" "seconddns_no_rule_nameserver" "0" [ "$seconddns_no_rule_nameserver" = "1" ] && ARGS="$ARGS -no-rule-nameserver" config_get_bool seconddns_no_rule_ipset "$section" "seconddns_no_rule_ipset" "0" [ "$seconddns_no_rule_ipset" = "1" ] && ARGS="$ARGS -no-rule-ipset" config_get_bool seconddns_no_rule_soa "$section" "seconddns_no_rule_soa" "0" [ "$seconddns_no_rule_soa" = "1" ] && ARGS="$ARGS -no-rule-soa" config_get_bool seconddns_no_dualstack_selection "$section" "seconddns_no_dualstack_selection" "0" [ "$seconddns_no_dualstack_selection" = "1" ] && ARGS="$ARGS -no-dualstack-selection" config_get_bool seconddns_no_cache "$section" "seconddns_no_cache" "0" [ "$seconddns_no_cache" = "1" ] && ARGS="$ARGS -no-cache" config_get_bool force_aaaa_soa "$section" "force_aaaa_soa" "0" [ "$force_aaaa_soa" = "1" ] && ARGS="$ARGS -force-aaaa-soa" config_get ipv6_server "$section" "ipv6_server" "1" if [ "$ipv6_server" = "1" ]; then ADDR="[::]" else ADDR="" fi conf_append "bind" "$ADDR:$seconddns_port $ARGS" config_get_bool "seconddns_tcp_server" "$section" "seconddns_tcp_server" "1" [ "$seconddns_tcp_server" = "1" ] && conf_append "bind-tcp" "$ADDR:$seconddns_port $ARGS" } load_service() { local section="$1" args="" mkdir -p $SMARTDNS_VAR_CONF_DIR rm -f $SMARTDNS_CONF_TMP config_get_bool enabled "$section" "enabled" '0' config_get server_name "$section" "server_name" "" [ -z "$server_name" ] || conf_append "server-name" "$server_name" config_get coredump "$section" "coredump" "0" [ "$coredump" = "1" ] && COREDUMP="1" config_get port "$section" "port" "6053" config_get ipv6_server "$section" "ipv6_server" "1" config_get tcp_server "$section" "tcp_server" "1" if [ "$ipv6_server" = "1" ]; then conf_append "bind" "[::]:$port" else conf_append "bind" ":$port" fi [ "$tcp_server" = "1" ] && { if [ "$ipv6_server" = "1" ]; then conf_append "bind-tcp" "[::]:$port" else conf_append "bind-tcp" ":$port" fi } config_get dualstack_ip_selection "$section" "dualstack_ip_selection" "0" [ "$dualstack_ip_selection" = "1" ] && conf_append "dualstack-ip-selection" "yes" config_get prefetch_domain "$section" "prefetch_domain" "0" [ "$prefetch_domain" = "1" ] && conf_append "prefetch-domain" "yes" config_get serve_expired "$section" "serve_expired" "0" [ "$serve_expired" = "1" ] && conf_append "serve-expired" "yes" SMARTDNS_PORT="$port" config_get cache_size "$section" "cache_size" "" [ -z "$cache_size" ] || conf_append "cache-size" "$cache_size" config_get rr_ttl "$section" "rr_ttl" "" [ -z "$rr_ttl" ] || conf_append "rr-ttl" "$rr_ttl" config_get rr_ttl_min "$section" "rr_ttl_min" "" [ -z "$rr_ttl_min" ] || conf_append "rr-ttl-min" "$rr_ttl_min" config_get rr_ttl_max "$section" "rr_ttl_max" "" [ -z "$rr_ttl_max" ] || conf_append "rr-ttl-max" "$rr_ttl_max" config_get log_size "$section" "log_size" "64K" [ -z "$log_size" ] || conf_append "log-size" "$log_size" config_get log_num "$section" "log_num" "1" [ -z "$log_num" ] || conf_append "log-num" "$log_num" config_get log_level "$section" "log_level" "error" [ -z "$log_level" ]|| conf_append "log-level" "$log_level" config_get log_file "$section" "log_file" "" [ -z "$log_file" ] || conf_append "log-file" "$log_file" config_get redirect "$section" "redirect" "none" config_get old_redirect "$section" "old_redirect" "none" config_get old_port "$section" "old_port" "0" config_get old_enabled "$section" "old_enabled" "0" if [ "$old_redirect" != "$redirect" ] || [ "$old_port" != "$SMARTDNS_PORT" ] || [ "$old_enabled" = "1" -a "$enabled" = "0" ]; then [ "$old_redirect" = "none" ] || { [ "$old_port" = "0" ] || clear_iptable "$old_port" "$ipv6_server" [ "$old_redirect" = "dnsmasq-upstream" ] && stop_forward_dnsmasq "$old_port" } fi uci delete smartdns.@smartdns[0].old_redirect 2>/dev/null uci delete smartdns.@smartdns[0].old_port 2>/dev/null uci delete smartdns.@smartdns[0].old_enabled 2>/dev/null uci add_list smartdns.@smartdns[0].old_redirect="$redirect" 2>/dev/null uci add_list smartdns.@smartdns[0].old_port="$SMARTDNS_PORT" 2>/dev/null uci add_list smartdns.@smartdns[0].old_enabled="$enabled" 2>/dev/null uci commit smartdns [ "$enabled" -gt 0 ] || return 1 if [ "$redirect" = "redirect" ]; then set_iptable $ipv6_server $tcp_server elif [ "$redirect" = "dnsmasq-upstream" ]; then set_forward_dnsmasq "$SMARTDNS_PORT" fi load_second_server $section config_foreach load_server "server" { echo "conf-file $ADDRESS_CONF" echo "conf-file $BLACKLIST_IP_CONF" echo "conf-file $CUSTOM_CONF" } >> $SMARTDNS_CONF_TMP mv $SMARTDNS_CONF_TMP $SMARTDNS_CONF procd_open_instance "smartdns" [ "$COREDUMP" = "1" ] && { args="$args -S" procd_set_param limits core="unlimited" } get_tz [ -z "$SET_TZ" ] || procd_set_param env TZ="$SET_TZ" procd_set_param command /usr/sbin/smartdns -f -c $SMARTDNS_CONF $args [ "$RESPAWN" = "1" ] && procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} procd_set_param file "$SMARTDNS_CONF" procd_close_instance } start_service() { config_load "smartdns" config_foreach load_service "smartdns" } reload_service() { stop start }