From c939ab5a24edf51a57a812177e2919af15f272d3 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 3 Mar 2021 11:32:42 +0100 Subject: [PATCH] Update https-dns-proxy --- https-dns-proxy/Makefile | 22 ++++++-- https-dns-proxy/files/https-dns-proxy.init | 66 ++++++++++++++++------ 2 files changed, 66 insertions(+), 22 deletions(-) diff --git a/https-dns-proxy/Makefile b/https-dns-proxy/Makefile index 0fefc7ca5..331318402 100644 --- a/https-dns-proxy/Makefile +++ b/https-dns-proxy/Makefile @@ -1,14 +1,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=https-dns-proxy -PKG_VERSION:=2019-12-03 -PKG_RELEASE=5 +PKG_VERSION:=2021-01-17 +PKG_RELEASE=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy -PKG_SOURCE_DATE:=2019-12-03 -PKG_SOURCE_VERSION:=2adeafb67cbe8d67148219c48334856ae4f3bd75 -PKG_MIRROR_HASH:=58088baa092cd9634652d65f9b5650db88d2e102cb370710654db7b15f2f0e42 +PKG_SOURCE_DATE:=2021-01-17 +PKG_SOURCE_VERSION:=37511cc08712d7548978a4f6f1cc457b7594fb96 +PKG_MIRROR_HASH:=4e6a7dcb69e350d1df9f17570439b589e031e249da7f91f2ec7600a955e0aaa3 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE @@ -22,14 +22,26 @@ define Package/https-dns-proxy SECTION:=net CATEGORY:=Network TITLE:=DNS Over HTTPS Proxy + URL:=https://docs.openwrt.melmac.net/https-dns-proxy/ DEPENDS:=+libcares +libcurl +libev +ca-bundle CONFLICTS:=https_dns_proxy endef +define Package/https-dns-proxy/description +https-dns-proxy is a light-weight DNS<-->HTTPS, non-caching translation proxy for the RFC 8484 DoH standard. +It receives regular (UDP) DNS requests and issues them via DoH. +Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for more information. +endef + +define Package/https-dns-proxy/conffiles +/etc/config/https-dns-proxy +endef + define Package/https-dns-proxy/install $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d ${1}/etc/config $(INSTALL_BIN) $(PKG_BUILD_DIR)/https_dns_proxy $(1)/usr/sbin/https-dns-proxy $(INSTALL_BIN) ./files/https-dns-proxy.init $(1)/etc/init.d/https-dns-proxy + $(SED) "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy $(INSTALL_CONF) ./files/https-dns-proxy.config $(1)/etc/config/https-dns-proxy endef diff --git a/https-dns-proxy/files/https-dns-proxy.init b/https-dns-proxy/files/https-dns-proxy.init index 5ca0bd133..64bf7eccf 100755 --- a/https-dns-proxy/files/https-dns-proxy.init +++ b/https-dns-proxy/files/https-dns-proxy.init @@ -1,13 +1,25 @@ #!/bin/sh /etc/rc.common -# Copyright 2019 Stan Grishin (stangri@melmac.net) +# Copyright 2019-2020 Stan Grishin (stangri@melmac.net) # shellcheck disable=SC2039 +PKG_VERSION='dev-test' -export START=80 -export USE_PROCD=1 +# shellcheck disable=SC2034 +START=80 +# shellcheck disable=SC2034 +USE_PROCD=1 +if type extra_command 1>/dev/null 2>&1; then + extra_command 'version' 'Show version information' +else +# shellcheck disable=SC2034 + EXTRA_COMMANDS='version' +fi + +readonly PROG=/usr/sbin/https-dns-proxy dnsmasqConfig='' +forceDNS='1' -PROG=/usr/sbin/https-dns-proxy +version() { echo "$PKG_VERSION"; } xappend() { param="$param $1"; } @@ -35,27 +47,27 @@ append_parm() { start_instance() { local cfg="$1" param listen_addr listen_port i - + append_parm "$cfg" 'resolver_url' '-r' + append_parm "$cfg" 'polling_interval' '-i' append_parm "$cfg" 'listen_addr' '-a' '127.0.0.1' append_parm "$cfg" 'listen_port' '-p' "$p" + append_parm "$cfg" 'dscp_codepoint' '-c' append_parm "$cfg" 'bootstrap_dns' '-b' - append_parm "$cfg" 'resolver_url' '-r' append_parm "$cfg" 'user' '-u' 'nobody' append_parm "$cfg" 'group' '-g' 'nogroup' - append_parm "$cfg" 'edns_subnet' '-e' append_parm "$cfg" 'proxy_server' '-t' append_parm "$cfg" 'logfile' '-l' append_bool "$cfg" 'use_http1' '-x' config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0' - config_get verbosity "$cfg" 'verbosity' "0" + config_get verbosity "$cfg" 'verbosity' '0' # shellcheck disable=SC2086,SC2154 for i in $(seq 1 $verbosity); do - xappend "-v" + xappend '-v' done # shellcheck disable=SC2154 if [ "$ipv6_resolvers_only" = 0 ]; then - xappend "-4" + xappend '-4' fi procd_open_instance @@ -80,19 +92,36 @@ start_instance() { p="$((p+1))" } -service_triggers() { - procd_add_reload_trigger 'https-dns-proxy' -} +is_force_dns_active() { iptables-save | grep -q -w -- '--dport 53'; } start_service() { local p=5053 config_load 'https-dns-proxy' config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*' + config_get_bool forceDNS 'config' 'force_dns' '1' dhcp_backup 'create' config_load 'https-dns-proxy' config_foreach start_instance 'https-dns-proxy' - if [ "$p" != "5053" ] && [ "$dnsmasqConfig" = "*" ]; then - uci -q del_list "dhcp.@dnsmasq[0].server=127.0.0.1#5353" + if [ "$forceDNS" -ne 0 ]; then + procd_open_instance 'main' + procd_set_param command /bin/true + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_open_data + json_add_array firewall + json_add_object '' + json_add_string type redirect + json_add_string name https_dns_proxy_dns_redirect + json_add_string target DNAT + json_add_string src lan + json_add_string proto tcpudp + json_add_string src_dport 53 + json_add_string dest_port 53 + json_add_string reflection 0 + json_close_object + json_close_array + procd_close_data + procd_close_instance fi if [ -n "$(uci -q changes dhcp)" ]; then uci -q commit dhcp @@ -102,7 +131,7 @@ start_service() { stop_service() { config_load 'https-dns-proxy' - config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*' + config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*' dhcp_backup 'restore' if [ -n "$(uci -q changes dhcp)" ]; then uci -q commit dhcp @@ -111,9 +140,12 @@ stop_service() { } service_triggers() { - procd_add_reload_trigger 'https-dns-proxy' + procd_add_config_trigger "config.change" "https-dns-proxy" /etc/init.d/https-dns-proxy reload } +service_started() { procd_set_config_changed firewall; } +service_stopped() { procd_set_config_changed firewall; } + dnsmasq_add_doh_server() { local cfg="$1" address="$2" port="$3" case $address in