From f59476ad8980ebf0d09db5b00d1259f1e11ac2a5 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Sun, 3 Aug 2025 11:07:25 -0300 Subject: [PATCH] iodine: use procd, add extra options MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Iodine now uses a procd init.d service and output is sent to the system log. Two new options have been added: - debuglevel — increases the verbosity of debug output. - check_client_ip — controls whether to accept or reject queries from different IP addresses for the same login. This should be disabled if the recursive DNS server might send queries from varying IPs. However, disabling this option also makes replay attacks significantly easier. Signed-off-by: Luiz Angelo Daros de Luca --- net/iodine/Makefile | 2 +- net/iodine/files/iodined.config | 5 ++- net/iodine/files/iodined.init | 57 ++++++++++++++++++++++++--------- 3 files changed, 46 insertions(+), 18 deletions(-) diff --git a/net/iodine/Makefile b/net/iodine/Makefile index bee032f896..ce2bd5ae56 100644 --- a/net/iodine/Makefile +++ b/net/iodine/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iodine PKG_VERSION:=0.8.0 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://code.kryo.se/iodine/ diff --git a/net/iodine/files/iodined.config b/net/iodine/files/iodined.config index f95549d7a5..ce4d63bf10 100644 --- a/net/iodine/files/iodined.config +++ b/net/iodine/files/iodined.config @@ -1,5 +1,8 @@ config iodined option address '' option password '' - option tunnelip '10.0.0.1' + option tunnelip '10.0.0.1/24' option tld '' + #option port '53' + #option client_ip_check '0' + #option debuglevel '0' diff --git a/net/iodine/files/iodined.init b/net/iodine/files/iodined.init index 48dea619dc..8d7e0b9427 100644 --- a/net/iodine/files/iodined.init +++ b/net/iodine/files/iodined.init @@ -2,26 +2,51 @@ # Copyright (C) 2006-2011 OpenWrt.org START=50 +PROG=/usr/sbin/iodined +USE_PROCD=1 +NAME=iodined -start_instance () { - local section="$1" - config_get address "$section" 'address' - config_get password "$section" 'password' - config_get tunnelip "$section" 'tunnelip' - config_get tld "$section" 'tld' - config_get port "$section" 'port' - - test -n "$address" || address='0.0.0.0' - test -n "$port" || port='53' +validate_section_iodined() +{ + uci_load_validate iodined iodined "$1" "$2" \ + 'enable:bool:1' \ + 'address:cidr4' \ + 'password:string' \ + 'tunnelip:cidr4' \ + 'tld:string' \ + 'port:range(0,65535)' \ + 'debuglevel:range(0,6):0' \ + 'client_ip_check:bool:1' +} + +iodined_instance() +{ + [ "$2" = 0 ] || { + echo "validation failed" + return 1 + } + + [ "$enable" = "0" ] && return 1 - service_start /usr/sbin/iodined -l "$address" -P "$password" -p "$port" "$tunnelip" "$tld" + procd_open_instance + procd_set_param command "$PROG" -f + [ -n "$address" ] && procd_append_param command -l "$address" + [ -n "$password" ] && procd_append_param command -P "$password" + [ -n "$port" ] && procd_append_param command -p "$port" + [ "$debuglevel" -gt 0 ] && procd_append_param command -$(printf 'D%.0s' $(seq $debuglevel)) + [ "$client_ip_check" -eq 0 ] && procd_append_param command -c + procd_append_param command "$tunnelip" "$tld" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance } -start() { - config_load 'iodined' - config_foreach start_instance 'iodined' +start_service () { + config_load "$NAME" + config_foreach validate_section_iodined iodined iodined_instance } -stop() { - service_stop /usr/sbin/iodined +service_triggers() { + procd_add_reload_trigger "$NAME" + procd_add_validation validate_section_iodined } -- 2.30.2