diff options
Diffstat (limited to 'main/dnsmasq/dnsmasq.initd')
| -rw-r--r-- | main/dnsmasq/dnsmasq.initd | 140 |
1 files changed, 81 insertions, 59 deletions
diff --git a/main/dnsmasq/dnsmasq.initd b/main/dnsmasq/dnsmasq.initd index c7e753fd4b9..85a3b42db82 100644 --- a/main/dnsmasq/dnsmasq.initd +++ b/main/dnsmasq/dnsmasq.initd @@ -8,16 +8,22 @@ description_checkconfig="Check configuration syntax" extra_started_commands="reload" description_reload="Clear cache and reload hosts files" -: ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf} +# DNSMASQ_CONFFILE is here for backward compatibility (Alpine <3.16). +: ${cfgfile:=${DNSMASQ_CONFFILE:-"/etc/dnsmasq.conf"}} +: ${leasefile:="/var/lib/misc/$RC_SVCNAME.leases"} +: ${user:="dnsmasq"} +: ${group:="dnsmasq"} +: ${setup_bridge:="yes"} +: ${setup_command:=""} command="/usr/sbin/dnsmasq" # Tell dnsmasq to not create pidfile, that's responsibility of init system. -command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE" +# DNSMASQ_OPTS is here for backward compatibility (Alpine <3.16). +command_args="--keep-in-foreground --pid-file= $DNSMASQ_OPTS $command_args --conf-file=$cfgfile" command_background="yes" -pidfile="/run/${RC_SVCNAME}.pid" -leasefile=/var/lib/misc/$RC_SVCNAME.leases +pidfile="/run/$RC_SVCNAME.pid" -if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then +if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ] && yesno "$setup_bridge"; then BRIDGE="${RC_SVCNAME#*.}" : ${BRIDGE_ADDR:="10.0.3.1"} : ${BRIDGE_NETMASK:="255.255.255.0"} @@ -27,108 +33,124 @@ if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then : ${BRIDGE_MAC:="00:16:3e:00:00:00" } : ${DNSMASQ_LISTEN_BRIDGE_ADDR:=yes} fi -. depend() { provide dns need localmount net - after bootmisc + after bootmisc dbus use logger } setup_firewall() { local ins=$1 add=$2 - iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT - iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT - iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT - iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT - iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT - iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT - iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE - iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + + iptables -w $ins INPUT -i "$BRIDGE" -p udp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i "$BRIDGE" -p tcp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i "$BRIDGE" -p udp --dport 53 -j ACCEPT + iptables -w $ins INPUT -i "$BRIDGE" -p tcp --dport 53 -j ACCEPT + iptables -w $ins FORWARD -i "$BRIDGE" -j ACCEPT + iptables -w $ins FORWARD -o "$BRIDGE" -j ACCEPT + iptables -w -t nat $add POSTROUTING -s "$BRIDGE_NETWORK" ! -d "$BRIDGE_NETWORK" -j MASQUERADE + iptables -w -t mangle $add POSTROUTING -o "$BRIDGE" -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + + if yesno "$BRIDGE_IPV6_NAT" && [ -n "$BRIDGE_IPV6_NETWORK" ]; then + ip6tables -w -t nat $add POSTROUTING -s "$BRIDGE_IPV6_NETWORK" ! -d "$BRIDGE_IPV6_NETWORK" -j MASQUERADE + fi } setup_bridge() { - if ! [ -d /sys/class/net/$BRIDGE ]; then - ip link add dev $BRIDGE type bridge + einfo "Creating bridge $BRIDGE" + + if ! [ -d "/sys/class/net/$BRIDGE" ]; then + ip link add dev "$BRIDGE" type bridge fi - ip link set dev $BRIDGE address ${BRIDGE_MAC} && \ - for ADDR in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do - case "$ADDR" in - */*) ip addr add ${ADDR} dev $BRIDGE;; - *) ip addr add ${ADDR}/${BRIDGE_NETMASK} dev $BRIDGE;; + local addr + ip link set dev "$BRIDGE" address "$BRIDGE_MAC" \ + && for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + case "$addr" in + */*) ip addr add "$addr" dev "$BRIDGE";; + *) ip addr add "$addr/$BRIDGE_NETMASK" dev "$BRIDGE";; esac - done && ip link set dev $BRIDGE up + done \ + && ip link set dev "$BRIDGE" up echo 1 > /proc/sys/net/ipv4/ip_forward - echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad || true + echo 0 > "/proc/sys/net/ipv6/conf/$BRIDGE/accept_dad" || true if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then echo 1 > /proc/sys/net/ipv6/conf/all/forwarding - echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf - ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK} - if [ "$BRIDGE_IPV6_NAT" = "true" ]; then - ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE - fi - command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}" + echo 0 > "/proc/sys/net/ipv6/conf/$BRIDGE/autoconf" + + ip -6 addr add dev "$BRIDGE" "$BRIDGE_IPV6_ADDR/$BRIDGE_IPV6_MASK" + + command_args="$command_args --dhcp-range=$BRIDGE_IPV6_ADDR,ra-only --listen-address $BRIDGE_IPV6_ADDR" fi } start_pre() { - $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ - || $command --test || return 1 - checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile || return 1 + $command --test --conf-file="$cfgfile" >/dev/null 2>&1 \ + || $command --test \ + || return 1 - if [ -n "$DNSMASQ_CONFFILE" ]; then - command_args="$command_args --conf-file=$DNSMASQ_CONFFILE" - fi - if [ -z "$BRIDGE" ]; then - return 0 - fi + checkpath -m 0644 -o "$user:$group" -f "$leasefile" || return 1 - setup_bridge - if [ -z "$DISABLE_IPTABLES" ]; then - setup_firewall -I -A + if [ -n "$BRIDGE" ]; then + setup_bridge + if ! yesno "$DISABLE_IPTABLES"; then + setup_firewall -I -A + fi + if yesno "$DNSMASQ_LISTEN_BRIDGE_ADDR"; then + local addr; for addr in $BRIDGE_ADDR; do + command_args="$command_args --listen-address ${addr%/*}" + done + fi + command_args="$command_args --strict-order --bind-interfaces --except-interface=lo --interface=$BRIDGE" + command_args="$command_args --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative" fi - if yesno "$DNSMASQ_LISTEN_BRIDGE_ADDR"; then - local addr - for addr in $BRIDGE_ADDR; do - command_args="$command_args --listen-address ${addr%/*}" - done + + if command -v "$setup_command" >/dev/null; then + $setup_command || return 1 fi - command_args="$command_args --strict-order --bind-interfaces --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative" } stop_post() { if [ -n "$BRIDGE" ]; then - local addr - for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + local addr; for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do case "$addr" in - */*) ip addr del $addr dev $BRIDGE;; - *) ip addr del $addr/${BRIDGE_NETMASK} dev $BRIDGE;; + */*) ip addr del "$addr" dev "$BRIDGE";; + *) ip addr del "$addr/$BRIDGE_NETMASK" dev "$BRIDGE";; esac done - ip link set dev $BRIDGE down - if [ -z "$DISABLE_IPTABLES" ]; then + ip link set dev "$BRIDGE" down + if ! yesno "$DISABLE_IPTABLES"; then setup_firewall -D -D fi # dont destroy if there are attached interfaces - ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${BRIDGE} + ls /sys/class/net/"$BRIDGE"/brif/* > /dev/null 2>&1 || ip link delete "$BRIDGE" fi } reload() { ebegin "Reloading $RC_SVCNAME" - $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ - || $command --test || return 1 - start-stop-daemon --signal HUP --pidfile "$pidfile" + + $command --test --conf-file="$cfgfile" >/dev/null 2>&1 \ + || $command --test \ + || return 1 + + if [ "$supervisor" ]; then + $supervisor "$RC_SVCNAME" --signal HUP + else + start-stop-daemon --signal HUP --pidfile "$pidfile" + fi eend $? } checkconfig() { ebegin "Checking $RC_SVCNAME configuration" - $command --test --conf-file=$DNSMASQ_CONFFILE + + $command --test --conf-file="$cfgfile" + eend $? } |