Archives
/
dnscrypt-server-docker
mirror of https://github.com/dnscrypt/dnscrypt-server-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Preliminary code to move to the new server

Browse Source
new-server
Frank Denis 5 years ago
parent 1f42134a69
commit a3efabd367
13 changed files with 213 additions and 730 deletions
Show Stats Download Patch File Download Diff File

54
Dockerfile
Unescape Escape View File

@ -1,17 +1,17 @@
FROM jedisct1/alpine-runit:latest FROM jedisct1/alpine-runit:latest
MAINTAINER Frank Denis LABEL maintainer="Frank Denis"
SHELL ["/bin/sh", "-x", "-c"] SHELL ["/bin/sh", "-x", "-c"]
ENV SERIAL 3 ENV SERIAL 3
ENV CFLAGS=-Ofast ENV CFLAGS=-Ofast
ENV BUILD_DEPS make gcc musl-dev git libevent-dev expat-dev shadow autoconf file openssl-dev byacc linux-headers ENV BUILD_DEPS curl make gcc musl-dev git libevent-dev expat-dev shadow autoconf file openssl-dev byacc linux-headers
ENV RUNTIME_DEPS bash util-linux coreutils findutils grep openssl ldns ldns-tools libevent expat libexecinfo coreutils drill ca-certificates ENV RUNTIME_DEPS bash util-linux coreutils findutils grep openssl ldns ldns-tools libevent expat libexecinfo coreutils drill ca-certificates
RUN apk --no-cache upgrade && apk add --no-cache $RUNTIME_DEPS RUN apk --no-cache upgrade && apk add --no-cache $RUNTIME_DEPS
RUN update-ca-certificates 2> /dev/null || true RUN update-ca-certificates 2> /dev/null || true
ENV UNBOUND_GIT_URL https://github.com/jedisct1/unbound.git ENV UNBOUND_GIT_URL https://github.com/jedisct1/unbound.git
ENV UNBOUND_GIT_REVISION 4edb15ba417c78710069a5be8be3a6b5d8bdba9c ENV UNBOUND_GIT_REVISION 35ac577d99d56869f2f87dcc7b5e36b8996df5ca
WORKDIR /tmp WORKDIR /tmp
@ -29,53 +29,41 @@ RUN apk add --no-cache $BUILD_DEPS && \
rm -fr /opt/unbound/share/man && \ rm -fr /opt/unbound/share/man && \
rm -fr /tmp/* /var/tmp/* rm -fr /tmp/* /var/tmp/*
ENV LIBSODIUM_GIT_URL https://github.com/jedisct1/libsodium.git ENV RUSTFLAGS "-C target-feature=-crt-static -C link-arg=-s"
RUN apk add --no-cache $BUILD_DEPS && \ RUN apk add --no-cache $BUILD_DEPS && \
git clone --depth=1 --branch stable "$LIBSODIUM_GIT_URL" && \ curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
cd libsodium && \
./configure --disable-dependency-tracking && \ RUN source $HOME/.cargo/env && \
make -j"$(getconf _NPROCESSORS_ONLN)" check && make -j"$(getconf _NPROCESSORS_ONLN)" install && \ cargo install encrypted-dns && \
ldconfig /usr/local/lib && \ mkdir -p /opt/encrypted-dns/sbin && \
apk del --purge $BUILD_DEPS && \ mkdir -p /opt/encrypted-dns/etc/keys && \
rm -fr /tmp/* /var/tmp/* mv ~/.cargo/bin/encrypted-dns /opt/encrypted-dns/sbin/ && \
strip --strip-all /opt/encrypted-dns/sbin/encrypted-dns && \
ENV DNSCRYPT_WRAPPER_GIT_URL https://github.com/jedisct1/dnscrypt-wrapper.git groupadd _encrypted-dns && \
ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha-stamps useradd -g _encrypted-dns -s /etc -d /opt/encrypted-dns/empty _encrypted-dns && \
chown _encrypted-dns:_encrypted-dns /opt/encrypted-dns/etc/keys && \
COPY queue.h /tmp chmod 700 /opt/encrypted-dns/etc/keys && \
RUN apk add --no-cache $BUILD_DEPS && \
git clone --depth=1 --branch="${DNSCRYPT_WRAPPER_GIT_BRANCH}" "${DNSCRYPT_WRAPPER_GIT_URL}" && \
cd dnscrypt-wrapper && \
sed -i 's#<sys/queue.h>#"/tmp/queue.h"#' compat.h && \
sed -i 's#HAVE_BACKTRACE#NO_BACKTRACE#' compat.h && \
mkdir -p /opt/dnscrypt-wrapper/empty && \
groupadd _dnscrypt-wrapper && \
useradd -g _dnscrypt-wrapper -s /etc -d /opt/dnscrypt-wrapper/empty _dnscrypt-wrapper && \
groupadd _dnscrypt-signer && \
useradd -g _dnscrypt-signer -G _dnscrypt-wrapper -s /etc -d /dev/null _dnscrypt-signer && \
make -j"$(getconf _NPROCESSORS_ONLN)" configure && \
./configure --prefix=/opt/dnscrypt-wrapper && \
make -j"$(getconf _NPROCESSORS_ONLN)" install && \
apk del --purge $BUILD_DEPS && \ apk del --purge $BUILD_DEPS && \
rm -fr ~/.cargo ~/.rustup && \
rm -fr /tmp/* /var/tmp/* rm -fr /tmp/* /var/tmp/*
RUN mkdir -p \ RUN mkdir -p \
/etc/service/unbound \ /etc/service/unbound \
/etc/service/watchdog /etc/service/watchdog
COPY encrypted-dns.toml.in /opt/encrypted-dns/etc/
COPY entrypoint.sh / COPY entrypoint.sh /
COPY unbound.sh /etc/service/unbound/run COPY unbound.sh /etc/service/unbound/run
COPY unbound-check.sh /etc/service/unbound/check COPY unbound-check.sh /etc/service/unbound/check
COPY dnscrypt-wrapper.sh /etc/service/dnscrypt-wrapper/run COPY encrypted-dns.sh /etc/service/encrypted-dns/run
COPY key-rotation.sh /etc/service/key-rotation/run
COPY watchdog.sh /etc/service/watchdog/run COPY watchdog.sh /etc/service/watchdog/run
VOLUME ["/opt/dnscrypt-wrapper/etc/keys"] VOLUME ["/opt/encrypted-dns/etc/keys"]
EXPOSE 443/udp 443/tcp EXPOSE 443/udp 443/tcp

2
LICENSE
Unescape Escape View File

@ -1,4 +1,4 @@
Copyright (c) 2015-2016, Frank Denis <github@pureftpd.org> Copyright (c) 2015-2019, Frank Denis <github@pureftpd.org>
Permission to use, copy, modify, and/or distribute this software for any Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above purpose with or without fee is hereby granted, provided that the above

17
README.md
Unescape Escape View File

@ -13,8 +13,8 @@ to get your resolver up and running.
Quickstart Quickstart
========== ==========
* [How to setup your own DNSCrypt server in less than 10 minutes on Scaleway](https://github.com/jedisct1/dnscrypt-proxy/wiki/How-to-setup-your-own-DNSCrypt-server-in-less-than-10-minutes) * [How to setup your own DNSCrypt server in less than 10 minutes on Scaleway](https://github.com/dnscrypt/dnscrypt-proxy/wiki/How-to-setup-your-own-DNSCrypt-server-in-less-than-10-minutes)
* [DNSCrypt server with vultr.com](https://github.com/jedisct1/dnscrypt-proxy/wiki/DNSCrypt-server-with-vultr.com) * [DNSCrypt server with vultr.com](https://github.com/dnscrypt/dnscrypt-proxy/wiki/DNSCrypt-server-with-vultr.com)
Installation Installation
============ ============
@ -104,12 +104,10 @@ Details
- Caching resolver: [Unbound](https://www.unbound.net/), with DNSSEC, prefetching, - Caching resolver: [Unbound](https://www.unbound.net/), with DNSSEC, prefetching,
and no logs. The number of threads and memory usage are automatically adjusted. and no logs. The number of threads and memory usage are automatically adjusted.
Latest stable version, compiled from source. qname minimisation is enabled. Latest stable version, compiled from source. qname minimisation is enabled.
- [libsodium](https://download.libsodium.org/doc/) - Latest stable version, - [encrypted-dns-server](https://github.com/jedisct1/dnscrypt-dns-server).
minimal build compiled from source. Compiled from source.
- [dnscrypt-wrapper](https://github.com/Cofyc/dnscrypt-wrapper) - Latest stable version,
compiled from source.
Keys and certificates are automatically rotated every 12 hour. Keys and certificates are automatically rotated every 8 hour.
Kubernetes Kubernetes
========== ==========
@ -128,8 +126,3 @@ in minutes.
To get your public key just view the logs for the `dnscrypt-init` job. The public To get your public key just view the logs for the `dnscrypt-init` job. The public
IP for your server is merely the `dnscrypt` service address. IP for your server is merely the `dnscrypt` service address.
Coming up next
==============
- Better isolation of the certificate signing process, in a dedicated container.

68
dnscrypt-wrapper.sh
Unescape Escape View File

@ -1,68 +0,0 @@
#! /usr/bin/env bash
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
STKEYS_DIR="${KEYS_DIR}/short-term"
LISTS_DIR="/opt/dnscrypt-wrapper/etc/lists"
BLACKLIST="${LISTS_DIR}/blacklist.txt"
prune() {
/usr/bin/find "$STKEYS_DIR" -type f -cmin +1440 -exec rm -f {} \;
}
rotation_needed() {
if [ "$(/usr/bin/find "$STKEYS_DIR" -name '*.cert' -type f -cmin -720 -print -quit | wc -l | sed 's/[^0-9]//g')" -le 0 ]; then
echo true
else
echo false
fi
}
new_key() {
ts=$(date '+%s')
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper --gen-crypt-keypair \
--crypt-secretkey-file="${STKEYS_DIR}/${ts}.key" &&
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper --gen-cert-file \
--xchacha20 \
--provider-publickey-file="${KEYS_DIR}/public.key" \
--provider-secretkey-file="${KEYS_DIR}/secret.key" \
--crypt-secretkey-file="${STKEYS_DIR}/${ts}.key" \
--provider-cert-file="${STKEYS_DIR}/${ts}.cert" \
--cert-file-expire-days=1
[ $? -ne 0 ] && rm -f "${STKEYS_DIR}/${ts}.key" "${STKEYS_DIR}/${ts}.cert"
}
stkeys_files() {
res=""
for file in $(ls "$STKEYS_DIR"/[0-9]*.key); do
res="${res}${file},"
done
echo "$res"
}
stcerts_files() {
res=""
for file in $(ls "$STKEYS_DIR"/[0-9]*.cert); do
res="${res}${file},"
done
echo "$res"
}
if [ ! -f "$KEYS_DIR/provider_name" ]; then
exit 1
fi
provider_name=$(cat "$KEYS_DIR/provider_name")
mkdir -p "$STKEYS_DIR"
prune
[ "$(rotation_needed)" = true ] && new_key
[ -r "$BLACKLIST" ] && blacklist_opt="--blacklist-file=${BLACKLIST}"
exec /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
--user=_dnscrypt-wrapper \
--listen-address=[::]:443 \
--resolver-address=127.0.0.1:553 \
--provider-name="$provider_name" \
--provider-cert-file="$(stcerts_files)" \
--crypt-secretkey-file="$(stkeys_files)" \
$blacklist_opt

15
encrypted-dns.sh
Unescape Escape View File

@ -0,0 +1,15 @@
#! /usr/bin/env bash
LEGACY_KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
CONF_DIR="/opt/encrypted-dns/etc"
KEYS_DIR="/opt/encrypted-dns/etc/keys"
LISTS_DIR="/opt/encrypted-dns/etc/lists"
BLACKLIST="${LISTS_DIR}/blacklist.txt"
CONFIG_FILE="${CONF_DIR}/encrypted-dns.toml"
if [ ! -f "$KEYS_DIR/provider_name" ]; then
exit 1
fi
provider_name=$(cat "$KEYS_DIR/provider_name")
exec /opt/encrypted-dns/sbin/encrypted-dns --config "$CONFIG_FILE"

151
encrypted-dns.toml.in
Unescape Escape View File

@ -0,0 +1,151 @@
####################################################
# #
# Encrypted DNS Server configuration #
# #
####################################################
##################################
# Global settings #
##################################
## IP addresses and ports to listen to, as well as their external IP
## If there is no NAT involved, `local` and `external` can be the same.
## As many addresses as needed can be configured here, IPv4 and/or IPv6.
listen_addrs = [
{ local = "0.0.0.0:443", external = "@EXTERNAL_IPV4@" }
]
## Upstream DNS server and port
upstream_addr = "127.0.0.1:53"
## File name to save the state to
state_file = "/opt/encrypted-dns/etc/keys/encrypted-dns.state"
## UDP timeout in seconds
udp_timeout = 10
## TCP timeout in seconds
tcp_timeout = 10
## Maximum active UDP sockets
udp_max_active_connections = 1000
## Maximum active TCP connections
tcp_max_active_connections = 100
## IP address to connect to upstream servers from.
## You probably do not want to change this. `0.0.0.0` should be fine.
external_addr = "0.0.0.0"
## Built-in DNS cache capacity
cache_capacity = 50000
## DNS cache: minimum TTL
cache_ttl_min = 600
## DNS cache: max TTL
cache_ttl_max = 86400
## DNS cache: error TTL
cache_ttl_error = 600
## Run as a background process
daemonize = false
## Log file
# log_file = "/tmp/encrypted-dns.log"
## PID file
# pid_file = "/tmp/encrypted-dns.pid"
## User name to drop privileges to, when started as root.
# user = "nobody"
## Group name to drop privileges to, when started as root.
# group = "nobody"
## Path to chroot() to, when started as root.
## The path to the state file is relative to the chroot base.
# chroot = "/var/empty"
####################################
# DNSCrypt settings #
####################################
[dnscrypt]
## Provider name (with or without the `2.dnscrypt-cert.` prefix)
provider_name = "@PROVIDER_NAME@"
## Does the server support DNSSEC?
dnssec = true
## Does the server always returns correct answers (no filtering, including ad blocking)?
no_filters = true
## Set to `true` if the server doesn't keep any information that can be used to identify users
no_logs = true
## Key cache capacity, per certificate
key_cache_capacity = 10000
###############################
# TLS settings #
###############################
[tls]
## Where to prooxy TLS connections to (e.g. DoH server)
# upstream_addr = "127.0.0.1:4343"

31
entrypoint.sh
Unescape Escape View File

@ -4,7 +4,11 @@ set -e
action="$1" action="$1"
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys" LEGACY_KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
KEYS_DIR="/opt/encrypted-dns/etc/keys"
CONF_DIR="/opt/encrypted-dns/etc"
CONFIG_FILE="${CONF_DIR}/encrypted-dns.toml"
# -N provider-name -E external-ip-address:port # -N provider-name -E external-ip-address:port
@ -37,18 +41,14 @@ init() {
esac esac
echo "Provider name: [$provider_name]" echo "Provider name: [$provider_name]"
cd "$KEYS_DIR"
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
--gen-provider-keypair --nolog --dnssec --nofilter \
--provider-name="$provider_name" --ext-address="$ext_address" |
tee "${KEYS_DIR}/provider-info.txt"
chmod 640 "${KEYS_DIR}/secret.key"
chmod 644 "${KEYS_DIR}/public.key"
chown root:_dnscrypt-signer "${KEYS_DIR}/public.key" "${KEYS_DIR}/secret.key"
echo "$provider_name" > "${KEYS_DIR}/provider_name" echo "$provider_name" > "${KEYS_DIR}/provider_name"
chmod 644 "${KEYS_DIR}/provider_name" chmod 644 "${KEYS_DIR}/provider_name"
hexdump -ve '1/1 "%.2x"' < "${KEYS_DIR}/public.key" > "${KEYS_DIR}/public.key.txt"
chmod 644 "${KEYS_DIR}/public.key.txt" /opt/encrypted-dns/sbin/dnscrypted-dns \
--config "$CONFIG_FILE" --dry-run |
tee "${KEYS_DIR}/provider-info.txt"
echo echo
echo ----------------------------------------------------------------------- echo -----------------------------------------------------------------------
echo echo
@ -59,16 +59,13 @@ init() {
provider_info() { provider_info() {
ensure_initialized ensure_initialized
echo "Provider name:"
cat "${KEYS_DIR}/provider_name"
echo echo
echo "Provider public key:" cat "${KEYS_DIR}/provider-info.txt"
cat "${KEYS_DIR}/public.key.txt"
echo echo
} }
is_initialized() { is_initialized() {
if [ ! -f "${KEYS_DIR}/public.key" ] && [ ! -f "${KEYS_DIR}/secret.key" ] && [ ! -f "${KEYS_DIR}/provider_name" ]; then if [ ! -f "${KEYS_DIR}/encrypted-dns.state" ] && [ ! -f "${KEYS_DIR}/provider-info.txt" ] && [ ! -f "${KEYS_DIR}/provider_name" ]; then
echo no echo no
else else
echo yes echo yes
@ -104,7 +101,7 @@ Ports 443/udp and 443/tcp have to be publicly exposed.
* provider-info: prints the provider name and provider public key. * provider-info: prints the provider name and provider public key.
This container has a single volume that you might want to securely keep a This container has a single volume that you might want to securely keep a
backup of: /opt/dnscrypt-wrapper/etc/keys backup of: /opt/encrypted-dns/etc/keys
EOT EOT
exit 1 exit 1
} }

18
key-rotation.sh
Unescape Escape View File

@ -1,18 +0,0 @@
#! /usr/bin/env bash
sleep 1800
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
STKEYS_DIR="${KEYS_DIR}/short-term"
rotation_needed() {
if [ "$(/usr/bin/find "$STKEYS_DIR" -type f -cmin -720 -print -quit | wc -l | sed 's/[^0-9]//g')" -le 0 ]; then
echo true
else
echo false
fi
}
[ "$(rotation_needed)" = true ] || exit 0
sv status dnscrypt-wrapper | grep -E -q '^run:' || exit 0
sv restart dnscrypt-wrapper

2
kube/dnscrypt-deployment.yml
Unescape Escape View File

@ -20,7 +20,7 @@ spec:
name: dnscrypt name: dnscrypt
volumeMounts: volumeMounts:
- name: dnscrypt-keys - name: dnscrypt-keys
mountPath: /opt/dnscrypt-wrapper/etc/keys mountPath: /opt/encrypted-dns/etc/keys
command: ["/entrypoint.sh", "start"] command: ["/entrypoint.sh", "start"]
resources: resources:
requests: requests:

2
kube/dnscrypt-init-job.yml
Unescape Escape View File

@ -13,7 +13,7 @@ spec:
command: ["/entrypoint.sh", "init", "-N", "example.com", "-E", "192.168.1.1:443"] command: ["/entrypoint.sh", "init", "-N", "example.com", "-E", "192.168.1.1:443"]
volumeMounts: volumeMounts:
- name: dnscrypt-keys - name: dnscrypt-keys
mountPath: /opt/dnscrypt-wrapper/etc/keys mountPath: /opt/encrypted-dns/etc/keys
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: dnscrypt-keys - name: dnscrypt-keys

574
queue.h
Unescape Escape View File

@ -1,574 +0,0 @@
/*
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)queue.h 8.5 (Berkeley) 8/20/94
*/
#ifndef _SYS_QUEUE_H_
#define _SYS_QUEUE_H_
/*
* This file defines five types of data structures: singly-linked lists,
* lists, simple queues, tail queues, and circular queues.
*
* A singly-linked list is headed by a single forward pointer. The
* elements are singly linked for minimum space and pointer manipulation
* overhead at the expense of O(n) removal for arbitrary elements. New
* elements can be added to the list after an existing element or at the
* head of the list. Elements being removed from the head of the list
* should use the explicit macro for this purpose for optimum
* efficiency. A singly-linked list may only be traversed in the forward
* direction. Singly-linked lists are ideal for applications with large
* datasets and few or no removals or for implementing a LIFO queue.
*
* A list is headed by a single forward pointer (or an array of forward
* pointers for a hash table header). The elements are doubly linked
* so that an arbitrary element can be removed without a need to
* traverse the list. New elements can be added to the list before
* or after an existing element or at the head of the list. A list
* may only be traversed in the forward direction.
*
* A simple queue is headed by a pair of pointers, one the head of the
* list and the other to the tail of the list. The elements are singly
* linked to save space, so elements can only be removed from the
* head of the list. New elements can be added to the list after
* an existing element, at the head of the list, or at the end of the
* list. A simple queue may only be traversed in the forward direction.
*
* A tail queue is headed by a pair of pointers, one to the head of the
* list and the other to the tail of the list. The elements are doubly
* linked so that an arbitrary element can be removed without a need to
* traverse the list. New elements can be added to the list before or
* after an existing element, at the head of the list, or at the end of
* the list. A tail queue may be traversed in either direction.
*
* A circle queue is headed by a pair of pointers, one to the head of the
* list and the other to the tail of the list. The elements are doubly
* linked so that an arbitrary element can be removed without a need to
* traverse the list. New elements can be added to the list before or after
* an existing element, at the head of the list, or at the end of the list.
* A circle queue may be traversed in either direction, but has a more
* complex end of list detection.
*
* For details on the use of these macros, see the queue(3) manual page.
*/
/*
* List definitions.
*/
#define LIST_HEAD(name, type) \
struct name { \
struct type *lh_first; /* first element */ \
}
#define LIST_HEAD_INITIALIZER(head) \
{ NULL }
#define LIST_ENTRY(type) \
struct { \
struct type *le_next; /* next element */ \
struct type **le_prev; /* address of previous next element */ \
}
/*
* List functions.
*/
#define LIST_INIT(head) do { \
(head)->lh_first = NULL; \
} while (/*CONSTCOND*/0)
#define LIST_INSERT_AFTER(listelm, elm, field) do { \
if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
(listelm)->field.le_next->field.le_prev = \
&(elm)->field.le_next; \
(listelm)->field.le_next = (elm); \
(elm)->field.le_prev = &(listelm)->field.le_next; \
} while (/*CONSTCOND*/0)
#define LIST_INSERT_BEFORE(listelm, elm, field) do { \
(elm)->field.le_prev = (listelm)->field.le_prev; \
(elm)->field.le_next = (listelm); \
*(listelm)->field.le_prev = (elm); \
(listelm)->field.le_prev = &(elm)->field.le_next; \
} while (/*CONSTCOND*/0)
#define LIST_INSERT_HEAD(head, elm, field) do { \
if (((elm)->field.le_next = (head)->lh_first) != NULL) \
(head)->lh_first->field.le_prev = &(elm)->field.le_next;\
(head)->lh_first = (elm); \
(elm)->field.le_prev = &(head)->lh_first; \
} while (/*CONSTCOND*/0)
#define LIST_REMOVE(elm, field) do { \
if ((elm)->field.le_next != NULL) \
(elm)->field.le_next->field.le_prev = \
(elm)->field.le_prev; \
*(elm)->field.le_prev = (elm)->field.le_next; \
} while (/*CONSTCOND*/0)
#define LIST_FOREACH(var, head, field) \
for ((var) = ((head)->lh_first); \
(var); \
(var) = ((var)->field.le_next))
/*
* List access methods.
*/
#define LIST_EMPTY(head) ((head)->lh_first == NULL)
#define LIST_FIRST(head) ((head)->lh_first)
#define LIST_NEXT(elm, field) ((elm)->field.le_next)
/*
* Singly-linked List definitions.
*/
#define SLIST_HEAD(name, type) \
struct name { \
struct type *slh_first; /* first element */ \
}
#define SLIST_HEAD_INITIALIZER(head) \
{ NULL }
#define SLIST_ENTRY(type) \
struct { \
struct type *sle_next; /* next element */ \
}
/*
* Singly-linked List functions.
*/
#define SLIST_INIT(head) do { \
(head)->slh_first = NULL; \
} while (/*CONSTCOND*/0)
#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \
(elm)->field.sle_next = (slistelm)->field.sle_next; \
(slistelm)->field.sle_next = (elm); \
} while (/*CONSTCOND*/0)
#define SLIST_INSERT_HEAD(head, elm, field) do { \
(elm)->field.sle_next = (head)->slh_first; \
(head)->slh_first = (elm); \
} while (/*CONSTCOND*/0)
#define SLIST_REMOVE_HEAD(head, field) do { \
(head)->slh_first = (head)->slh_first->field.sle_next; \
} while (/*CONSTCOND*/0)
#define SLIST_REMOVE(head, elm, type, field) do { \
if ((head)->slh_first == (elm)) { \
SLIST_REMOVE_HEAD((head), field); \
} \
else { \
struct type *curelm = (head)->slh_first; \
while(curelm->field.sle_next != (elm)) \
curelm = curelm->field.sle_next; \
curelm->field.sle_next = \
curelm->field.sle_next->field.sle_next; \
} \
} while (/*CONSTCOND*/0)
#define SLIST_FOREACH(var, head, field) \
for((var) = (head)->slh_first; (var); (var) = (var)->field.sle_next)
/*
* Singly-linked List access methods.
*/
#define SLIST_EMPTY(head) ((head)->slh_first == NULL)
#define SLIST_FIRST(head) ((head)->slh_first)
#define SLIST_NEXT(elm, field) ((elm)->field.sle_next)
/*
* Singly-linked Tail queue declarations.
*/
#define STAILQ_HEAD(name, type) \
struct name { \
struct type *stqh_first; /* first element */ \
struct type **stqh_last; /* addr of last next element */ \
}
#define STAILQ_HEAD_INITIALIZER(head) \
{ NULL, &(head).stqh_first }
#define STAILQ_ENTRY(type) \
struct { \
struct type *stqe_next; /* next element */ \
}
/*
* Singly-linked Tail queue functions.
*/
#define STAILQ_INIT(head) do { \
(head)->stqh_first = NULL; \
(head)->stqh_last = &(head)->stqh_first; \
} while (/*CONSTCOND*/0)
#define STAILQ_INSERT_HEAD(head, elm, field) do { \
if (((elm)->field.stqe_next = (head)->stqh_first) == NULL) \
(head)->stqh_last = &(elm)->field.stqe_next; \
(head)->stqh_first = (elm); \
} while (/*CONSTCOND*/0)
#define STAILQ_INSERT_TAIL(head, elm, field) do { \
(elm)->field.stqe_next = NULL; \
*(head)->stqh_last = (elm); \
(head)->stqh_last = &(elm)->field.stqe_next; \
} while (/*CONSTCOND*/0)
#define STAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
if (((elm)->field.stqe_next = (listelm)->field.stqe_next) == NULL)\
(head)->stqh_last = &(elm)->field.stqe_next; \
(listelm)->field.stqe_next = (elm); \
} while (/*CONSTCOND*/0)
#define STAILQ_REMOVE_HEAD(head, field) do { \
if (((head)->stqh_first = (head)->stqh_first->field.stqe_next) == NULL) \
(head)->stqh_last = &(head)->stqh_first; \
} while (/*CONSTCOND*/0)
#define STAILQ_REMOVE(head, elm, type, field) do { \
if ((head)->stqh_first == (elm)) { \
STAILQ_REMOVE_HEAD((head), field); \
} else { \
struct type *curelm = (head)->stqh_first; \
while (curelm->field.stqe_next != (elm)) \
curelm = curelm->field.stqe_next; \
if ((curelm->field.stqe_next = \
curelm->field.stqe_next->field.stqe_next) == NULL) \
(head)->stqh_last = &(curelm)->field.stqe_next; \
} \
} while (/*CONSTCOND*/0)
#define STAILQ_FOREACH(var, head, field) \
for ((var) = ((head)->stqh_first); \
(var); \
(var) = ((var)->field.stqe_next))
#define STAILQ_CONCAT(head1, head2) do { \
if (!STAILQ_EMPTY((head2))) { \
*(head1)->stqh_last = (head2)->stqh_first; \
(head1)->stqh_last = (head2)->stqh_last; \
STAILQ_INIT((head2)); \
} \
} while (/*CONSTCOND*/0)
/*
* Singly-linked Tail queue access methods.
*/
#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL)
#define STAILQ_FIRST(head) ((head)->stqh_first)
#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next)
/*
* Simple queue definitions.
*/
#define SIMPLEQ_HEAD(name, type) \
struct name { \
struct type *sqh_first; /* first element */ \
struct type **sqh_last; /* addr of last next element */ \
}
#define SIMPLEQ_HEAD_INITIALIZER(head) \
{ NULL, &(head).sqh_first }
#define SIMPLEQ_ENTRY(type) \
struct { \
struct type *sqe_next; /* next element */ \
}
/*
* Simple queue functions.
*/
#define SIMPLEQ_INIT(head) do { \
(head)->sqh_first = NULL; \
(head)->sqh_last = &(head)->sqh_first; \
} while (/*CONSTCOND*/0)
#define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \
if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \
(head)->sqh_last = &(elm)->field.sqe_next; \
(head)->sqh_first = (elm); \
} while (/*CONSTCOND*/0)
#define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \
(elm)->field.sqe_next = NULL; \
*(head)->sqh_last = (elm); \
(head)->sqh_last = &(elm)->field.sqe_next; \
} while (/*CONSTCOND*/0)
#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
(head)->sqh_last = &(elm)->field.sqe_next; \
(listelm)->field.sqe_next = (elm); \
} while (/*CONSTCOND*/0)
#define SIMPLEQ_REMOVE_HEAD(head, field) do { \
if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \
(head)->sqh_last = &(head)->sqh_first; \
} while (/*CONSTCOND*/0)
#define SIMPLEQ_REMOVE(head, elm, type, field) do { \
if ((head)->sqh_first == (elm)) { \
SIMPLEQ_REMOVE_HEAD((head), field); \
} else { \
struct type *curelm = (head)->sqh_first; \
while (curelm->field.sqe_next != (elm)) \
curelm = curelm->field.sqe_next; \
if ((curelm->field.sqe_next = \
curelm->field.sqe_next->field.sqe_next) == NULL) \
(head)->sqh_last = &(curelm)->field.sqe_next; \
} \
} while (/*CONSTCOND*/0)
#define SIMPLEQ_FOREACH(var, head, field) \
for ((var) = ((head)->sqh_first); \
(var); \
(var) = ((var)->field.sqe_next))
/*
* Simple queue access methods.
*/
#define SIMPLEQ_EMPTY(head) ((head)->sqh_first == NULL)
#define SIMPLEQ_FIRST(head) ((head)->sqh_first)
#define SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next)
/*
* Tail queue definitions.
*/
#define _TAILQ_HEAD(name, type, qual) \
struct name { \
qual type *tqh_first; /* first element */ \
qual type *qual *tqh_last; /* addr of last next element */ \
}
#define TAILQ_HEAD(name, type) _TAILQ_HEAD(name, struct type,)
#define TAILQ_HEAD_INITIALIZER(head) \
{ NULL, &(head).tqh_first }
#define _TAILQ_ENTRY(type, qual) \
struct { \
qual type *tqe_next; /* next element */ \
qual type *qual *tqe_prev; /* address of previous next element */\
}
#define TAILQ_ENTRY(type) _TAILQ_ENTRY(struct type,)
/*
* Tail queue functions.
*/
#define TAILQ_INIT(head) do { \
(head)->tqh_first = NULL; \
(head)->tqh_last = &(head)->tqh_first; \
} while (/*CONSTCOND*/0)
#define TAILQ_INSERT_HEAD(head, elm, field) do { \
if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
(head)->tqh_first->field.tqe_prev = \
&(elm)->field.tqe_next; \
else \
(head)->tqh_last = &(elm)->field.tqe_next; \
(head)->tqh_first = (elm); \
(elm)->field.tqe_prev = &(head)->tqh_first; \
} while (/*CONSTCOND*/0)
#define TAILQ_INSERT_TAIL(head, elm, field) do { \
(elm)->field.tqe_next = NULL; \
(elm)->field.tqe_prev = (head)->tqh_last; \
*(head)->tqh_last = (elm); \
(head)->tqh_last = &(elm)->field.tqe_next; \
} while (/*CONSTCOND*/0)
#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
(elm)->field.tqe_next->field.tqe_prev = \
&(elm)->field.tqe_next; \
else \
(head)->tqh_last = &(elm)->field.tqe_next; \
(listelm)->field.tqe_next = (elm); \
(elm)->field.tqe_prev = &(listelm)->field.tqe_next; \
} while (/*CONSTCOND*/0)
#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
(elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
(elm)->field.tqe_next = (listelm); \
*(listelm)->field.tqe_prev = (elm); \
(listelm)->field.tqe_prev = &(elm)->field.tqe_next; \
} while (/*CONSTCOND*/0)
#define TAILQ_REMOVE(head, elm, field) do { \
if (((elm)->field.tqe_next) != NULL) \
(elm)->field.tqe_next->field.tqe_prev = \
(elm)->field.tqe_prev; \
else \
(head)->tqh_last = (elm)->field.tqe_prev; \
*(elm)->field.tqe_prev = (elm)->field.tqe_next; \
} while (/*CONSTCOND*/0)
#define TAILQ_FOREACH(var, head, field) \
for ((var) = ((head)->tqh_first); \
(var); \
(var) = ((var)->field.tqe_next))
#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \
for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \
(var); \
(var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last)))
#define TAILQ_CONCAT(head1, head2, field) do { \
if (!TAILQ_EMPTY(head2)) { \
*(head1)->tqh_last = (head2)->tqh_first; \
(head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \
(head1)->tqh_last = (head2)->tqh_last; \
TAILQ_INIT((head2)); \
} \
} while (/*CONSTCOND*/0)
/*
* Tail queue access methods.
*/
#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL)
#define TAILQ_FIRST(head) ((head)->tqh_first)
#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
#define TAILQ_LAST(head, headname) \
(*(((struct headname *)((head)->tqh_last))->tqh_last))
#define TAILQ_PREV(elm, headname, field) \
(*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
/*
* Circular queue definitions.
*/
#define CIRCLEQ_HEAD(name, type) \
struct name { \
struct type *cqh_first; /* first element */ \
struct type *cqh_last; /* last element */ \
}
#define CIRCLEQ_HEAD_INITIALIZER(head) \
{ (void *)&head, (void *)&head }
#define CIRCLEQ_ENTRY(type) \
struct { \
struct type *cqe_next; /* next element */ \
struct type *cqe_prev; /* previous element */ \
}
/*
* Circular queue functions.
*/
#define CIRCLEQ_INIT(head) do { \
(head)->cqh_first = (void *)(head); \
(head)->cqh_last = (void *)(head); \
} while (/*CONSTCOND*/0)
#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
(elm)->field.cqe_next = (listelm)->field.cqe_next; \
(elm)->field.cqe_prev = (listelm); \
if ((listelm)->field.cqe_next == (void *)(head)) \
(head)->cqh_last = (elm); \
else \
(listelm)->field.cqe_next->field.cqe_prev = (elm); \
(listelm)->field.cqe_next = (elm); \
} while (/*CONSTCOND*/0)
#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
(elm)->field.cqe_next = (listelm); \
(elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
if ((listelm)->field.cqe_prev == (void *)(head)) \
(head)->cqh_first = (elm); \
else \
(listelm)->field.cqe_prev->field.cqe_next = (elm); \
(listelm)->field.cqe_prev = (elm); \
} while (/*CONSTCOND*/0)
#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
(elm)->field.cqe_next = (head)->cqh_first; \
(elm)->field.cqe_prev = (void *)(head); \
if ((head)->cqh_last == (void *)(head)) \
(head)->cqh_last = (elm); \
else \
(head)->cqh_first->field.cqe_prev = (elm); \
(head)->cqh_first = (elm); \
} while (/*CONSTCOND*/0)
#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
(elm)->field.cqe_next = (void *)(head); \
(elm)->field.cqe_prev = (head)->cqh_last; \
if ((head)->cqh_first == (void *)(head)) \
(head)->cqh_first = (elm); \
else \
(head)->cqh_last->field.cqe_next = (elm); \
(head)->cqh_last = (elm); \
} while (/*CONSTCOND*/0)
#define CIRCLEQ_REMOVE(head, elm, field) do { \
if ((elm)->field.cqe_next == (void *)(head)) \
(head)->cqh_last = (elm)->field.cqe_prev; \
else \
(elm)->field.cqe_next->field.cqe_prev = \
(elm)->field.cqe_prev; \
if ((elm)->field.cqe_prev == (void *)(head)) \
(head)->cqh_first = (elm)->field.cqe_next; \
else \
(elm)->field.cqe_prev->field.cqe_next = \
(elm)->field.cqe_next; \
} while (/*CONSTCOND*/0)
#define CIRCLEQ_FOREACH(var, head, field) \
for ((var) = ((head)->cqh_first); \
(var) != (const void *)(head); \
(var) = ((var)->field.cqe_next))
#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \
for ((var) = ((head)->cqh_last); \
(var) != (const void *)(head); \
(var) = ((var)->field.cqe_prev))
/*
* Circular queue access methods.
*/
#define CIRCLEQ_EMPTY(head) ((head)->cqh_first == (void *)(head))
#define CIRCLEQ_FIRST(head) ((head)->cqh_first)
#define CIRCLEQ_LAST(head) ((head)->cqh_last)
#define CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next)
#define CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev)
#define CIRCLEQ_LOOP_NEXT(head, elm, field) \
(((elm)->field.cqe_next == (void *)(head)) \
? ((head)->cqh_first) \
: (elm->field.cqe_next))
#define CIRCLEQ_LOOP_PREV(head, elm, field) \
(((elm)->field.cqe_prev == (void *)(head)) \
? ((head)->cqh_last) \
: (elm->field.cqe_prev))
#endif /* sys/queue.h */

2
unbound.sh
Unescape Escape View File

@ -1,6 +1,6 @@
#! /usr/bin/env bash #! /usr/bin/env bash
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys" KEYS_DIR="/opt/encrypted-dns/etc/keys"
ZONES_DIR="/opt/unbound/etc/unbound/zones" ZONES_DIR="/opt/unbound/etc/unbound/zones"
reserved=134217728 reserved=134217728

7
watchdog.sh
Unescape Escape View File

@ -2,15 +2,14 @@
sleep 300 sleep 300
for service in unbound dnscrypt-wrapper; do for service in unbound encrypted-dns; do
sv check "$service" || sv force-restart "$service" sv check "$service" || sv force-restart "$service"
done done
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys" KEYS_DIR="/opt/encrypted-dns/etc/keys"
GRACE_PERIOD=60 GRACE_PERIOD=60
provider_key=$(cat "${KEYS_DIR}/public.key.txt")
provider_name=$(cat "${KEYS_DIR}/provider_name") provider_name=$(cat "${KEYS_DIR}/provider_name")
drill -p 443 -Q TXT "$provider_name" @127.0.0.1 || drill -p 443 -Q TXT "$provider_name" @127.0.0.1 ||
sv force-restart dnscrypt-wrapper sv force-restart encrypted-dns

Write Preview
Loading…
Cancel
Save