summaryrefslogtreecommitdiff
path: root/repo/dnsmasq/dnsmasq.initd
blob: be09548d5df7c7e2a5df5455507c36155c781f23 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/sbin/openrc-run

description="A lightweight DNS, DHCP, RA, TFTP and PXE server"

extra_commands="checkconfig"
description_checkconfig="Check configuration syntax"

extra_started_commands="reload"
description_reload="Clear cache and reload hosts files"

# DNSMASQ_CONFFILE is here for backward compatibility (Alpine <3.16).
: ${cfgfile:=${DNSMASQ_CONFFILE:-"/etc/dnsmasq.conf"}}
: ${leasefile:="/var/lib/misc/$RC_SVCNAME.leases"}
: ${user:="dnsmasq"}
: ${group:="dnsmasq"}
: ${setup_bridge:="yes"}

command="/usr/sbin/dnsmasq"
# Tell dnsmasq to not create pidfile, that's responsibility of init system.
# DNSMASQ_OPTS is here for backward compatibility (Alpine <3.16).
command_args="--keep-in-foreground --pid-file= $DNSMASQ_OPTS $command_args --conf-file=$cfgfile"
command_background="yes"
pidfile="/run/$RC_SVCNAME.pid"

if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ] && yesno "$setup_bridge"; then
	BRIDGE="${RC_SVCNAME#*.}"
	: ${BRIDGE_ADDR:="10.0.3.1"}
	: ${BRIDGE_NETMASK:="255.255.255.0"}
	: ${BRIDGE_NETWORK:="10.0.3.0/24"}
	: ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"}
	: ${BRIDGE_DHCP_MAX:="253"}
	: ${BRIDGE_MAC:="00:16:3e:00:00:00" }
	: ${DNSMASQ_LISTEN_BRIDGE_ADDR:=yes}
fi

depend() {
	provide dns
	need localmount net
	after bootmisc
	use logger
}

setup_firewall() {
	local ins=$1 add=$2

	iptables -w $ins INPUT -i "$BRIDGE" -p udp --dport 67 -j ACCEPT
	iptables -w $ins INPUT -i "$BRIDGE" -p tcp --dport 67 -j ACCEPT
	iptables -w $ins INPUT -i "$BRIDGE" -p udp --dport 53 -j ACCEPT
	iptables -w $ins INPUT -i "$BRIDGE" -p tcp --dport 53 -j ACCEPT
	iptables -w $ins FORWARD -i "$BRIDGE" -j ACCEPT
	iptables -w $ins FORWARD -o "$BRIDGE" -j ACCEPT
	iptables -w -t nat $add POSTROUTING -s "$BRIDGE_NETWORK" ! -d "$BRIDGE_NETWORK" -j MASQUERADE
	iptables -w -t mangle $add POSTROUTING -o "$BRIDGE" -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

	if yesno "$BRIDGE_IPV6_NAT" && [ -n "$BRIDGE_IPV6_NETWORK" ]; then
		ip6tables -w -t nat $add POSTROUTING -s "$BRIDGE_IPV6_NETWORK" ! -d "$BRIDGE_IPV6_NETWORK" -j MASQUERADE
	fi
}

setup_bridge() {
	einfo "Creating bridge $BRIDGE"

	if ! [ -d "/sys/class/net/$BRIDGE" ]; then
		ip link add dev "$BRIDGE" type bridge
	fi

	local addr
	ip link set dev "$BRIDGE" address "$BRIDGE_MAC" \
		&& for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do
			case "$addr" in
				*/*) ip addr add "$addr" dev "$BRIDGE";;
				*) ip addr add "$addr/$BRIDGE_NETMASK" dev "$BRIDGE";;
			esac
		done \
		&& ip link set dev "$BRIDGE" up

	 echo 1 > /proc/sys/net/ipv4/ip_forward
	 echo 0 > "/proc/sys/net/ipv6/conf/$BRIDGE/accept_dad" || true

	if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then
		echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
		echo 0 > "/proc/sys/net/ipv6/conf/$BRIDGE/autoconf"

		ip -6 addr add dev "$BRIDGE" "$BRIDGE_IPV6_ADDR/$BRIDGE_IPV6_MASK"

		command_args="$command_args --dhcp-range=$BRIDGE_IPV6_ADDR,ra-only --listen-address $BRIDGE_IPV6_ADDR"
	fi

}

start_pre() {
	$command --test --conf-file="$cfgfile" >/dev/null 2>&1 \
		|| $command --test \
		|| return 1

	checkpath -m 0644 -o "$user:$group" -f "$leasefile" || return 1

	if [ -n "$BRIDGE" ]; then
		setup_bridge
		if ! yesno "$DISABLE_IPTABLES"; then
			setup_firewall -I -A
		fi
		if yesno "$DNSMASQ_LISTEN_BRIDGE_ADDR"; then
			local addr; for addr in $BRIDGE_ADDR; do
				command_args="$command_args --listen-address ${addr%/*}"
			done
		fi
		command_args="$command_args --strict-order --bind-interfaces --except-interface=lo --interface=$BRIDGE"
		command_args="$command_args --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative"
	fi
}

stop_post() {
	if [ -n "$BRIDGE" ]; then
		local addr; for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do
			case "$addr" in
				*/*) ip addr del "$addr" dev "$BRIDGE";;
				*) ip addr del "$addr/$BRIDGE_NETMASK" dev "$BRIDGE";;
			esac
		done
		ip link set dev "$BRIDGE" down
		if ! yesno "$DISABLE_IPTABLES"; then
			setup_firewall -D -D
		fi
		# dont destroy if there are attached interfaces
		ls /sys/class/net/"$BRIDGE"/brif/* > /dev/null 2>&1 || ip link delete "$BRIDGE"
	fi
}

reload() {
	ebegin "Reloading $RC_SVCNAME"

	$command --test --conf-file="$cfgfile" >/dev/null 2>&1 \
		|| $command --test \
		|| return 1

	if [ "$supervisor" ]; then
		$supervisor "$RC_SVCNAME" --signal HUP
	else
		start-stop-daemon --signal HUP --pidfile "$pidfile"
	fi
	eend $?
}

checkconfig() {
	ebegin "Checking $RC_SVCNAME configuration"

	$command --test --conf-file="$cfgfile"

	eend $?
}