2014-10-05 18:38:01 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
CONFIGFILE="/etc/default/dnscrypt-proxy"
|
|
|
|
DAEMON="/usr/sbin/dnscrypt-proxy"
|
|
|
|
|
|
|
|
. $CONFIGFILE
|
|
|
|
|
|
|
|
start_instance() {
|
|
|
|
if [ -z ${PIDFILE[$1]} ]; then
|
|
|
|
echo "No configuration for instance $1 found!"
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
if [ -r ${PIDFILE[$1]} ]; then
|
|
|
|
echo "dnscrypt-proxy (instance $1) already running!"
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
# dnscrypt-proxy will work without this, but it drops privileges before
|
|
|
|
# seeding the PRNG. libevent tries to work around a missing /dev/urandom
|
|
|
|
# but it's safer just to make sure it is available in the chroot.
|
|
|
|
if [ -n "${CHROOTDIR[$1]}" ]; then
|
|
|
|
if [ "$(readlink -f ${CHROOTDIR[$1]})" != "/" ]; then
|
|
|
|
if [ ! -d ${CHROOTDIR[$1]} ]; then
|
|
|
|
mkdir -p ${CHROOTDIR[$1]}
|
|
|
|
chmod 755 ${CHROOTDIR[$1]}
|
|
|
|
fi
|
|
|
|
if [ ! -d ${CHROOTDIR[$1]}/dev ]; then
|
|
|
|
mkdir -p ${CHROOTDIR[$1]}/dev
|
|
|
|
chmod 755 ${CHROOTDIR[$1]}/dev
|
|
|
|
fi
|
|
|
|
if [ ! -c ${CHROOTDIR[$1]}/dev/urandom ]; then
|
|
|
|
mknod -m 666 ${CHROOTDIR[$1]}/dev/urandom c 1 9
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
OPTIONS="-d"
|
|
|
|
if [ -n "${LOCALADDRESS[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --local-address=${LOCALADDRESS[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -n "${PIDFILE[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --pidfile=${PIDFILE[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -n "${USER[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --user=${USER[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -n "${RESOLVERNAME[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --resolver-name=${RESOLVERNAME[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -n "${RESOLVERSLIST[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --resolvers-list=${RESOLVERSLIST[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${RESOLVERADDRESS[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --resolver-address=${RESOLVERADDRESS[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERNAME[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --provider-name=${PROVIDERNAME[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERKEY[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --provider-key=${PROVIDERKEY[$1]}"
|
|
|
|
fi
|
2015-06-14 17:31:27 +02:00
|
|
|
if [ "${EPHEMERALKEYS[$1]}" == "yes" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --ephemeral-keys"
|
|
|
|
fi
|
2015-07-22 03:34:14 +02:00
|
|
|
if [ -n "${CLIENTKEY[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --client-key=${CLIENTKEY[$1]}"
|
|
|
|
fi
|
2014-10-05 18:38:01 +02:00
|
|
|
if [ -n "${EDNSPAYLOADSIZE[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --edns-payload-size=${EDNSPAYLOADSIZE[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -n "${MAXACTIVEREQUESTS[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --max-active-requests=${MAXACTIVEREQUESTS[$1]}"
|
|
|
|
fi
|
|
|
|
if [ "${TCPONLY[$1]}" == "yes" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --tcp-only"
|
|
|
|
fi
|
|
|
|
if [ -n "${PLUGINS[$1]}" ]; then
|
|
|
|
for plugin in ${PLUGINS[$1]}
|
|
|
|
do
|
|
|
|
OPTIONS="${OPTIONS} --plugin=${plugin}"
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
if [ -n "${LOGLEVEL[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --loglevel=${LOGLEVEL[$1]}"
|
|
|
|
fi
|
|
|
|
if [ -n "${LOGFILE[$1]}" ]; then
|
|
|
|
OPTIONS="${OPTIONS} --logfile=${LOGFILE[$1]}"
|
|
|
|
fi
|
|
|
|
$DAEMON $OPTIONS
|
|
|
|
}
|
|
|
|
|
|
|
|
stop_instance() {
|
|
|
|
if [ -z ${PIDFILE[$1]} ]; then
|
|
|
|
echo "No configuration for instance $1 found!"
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
if [ ! -r ${PIDFILE[$1]} ]; then
|
|
|
|
echo "dnscrypt-proxy (instance $1) is not running!"
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
echo "Stopping dnscrypt-proxy (instance $1)..."
|
|
|
|
kill $(cat ${PIDFILE[$1]})
|
|
|
|
}
|
|
|
|
|
|
|
|
status_instance() {
|
|
|
|
if [ -z ${PIDFILE[$1]} ]; then
|
|
|
|
echo "No configuration for instance $1 found!"
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
if [ ! -r ${PIDFILE[$1]} ]; then
|
|
|
|
echo "dnscrypt-proxy (instance $1) is not running."
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
PID=$(cat ${PIDFILE[$1]})
|
|
|
|
if [ -z "$PID" ]; then
|
|
|
|
echo "PID file is empty! dnscrypt-proxy (instance $1) does not appear to be running, but there is a stale PID file."
|
|
|
|
elif kill -0 $PID ; then
|
|
|
|
echo "dnscrypt-proxy (instance $1) is running."
|
|
|
|
else
|
|
|
|
echo "dnscrypt-proxy (instance $1) is not running, but there is a stale PID file."
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
start() {
|
|
|
|
for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
|
|
|
|
do
|
|
|
|
start_instance $i
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
stop() {
|
|
|
|
for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
|
|
|
|
do
|
|
|
|
stop_instance $i
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
status() {
|
|
|
|
for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
|
|
|
|
do
|
|
|
|
status_instance $i
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
'start')
|
|
|
|
start
|
|
|
|
;;
|
|
|
|
'stop')
|
|
|
|
stop
|
|
|
|
;;
|
|
|
|
'restart')
|
|
|
|
stop
|
|
|
|
start
|
|
|
|
;;
|
|
|
|
'status')
|
|
|
|
status
|
|
|
|
;;
|
|
|
|
*_start)
|
|
|
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
|
|
|
start_instance $INSTANCE
|
|
|
|
;;
|
|
|
|
*_stop)
|
|
|
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
|
|
|
stop_instance $INSTANCE
|
|
|
|
;;
|
|
|
|
*_restart)
|
|
|
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
|
|
|
stop_instance $INSTANCE
|
|
|
|
sleep 1
|
|
|
|
start_instance $INSTANCE
|
|
|
|
;;
|
|
|
|
*_status)
|
|
|
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
|
|
|
status_instance $INSTANCE
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "Usage: $0 {start|stop|restart|status|#_start|#_stop|#_restart}"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|