/
runsniproxy.sh
166 lines (141 loc) · 4.13 KB
/
runsniproxy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/bin/bash
# Generate a sniproxy configuration file from the environment settings.
# Global settings. These should not need changing, but may be overridden.
# The user to run `sniproxy` as. The default should be fine.
: ${SNIPROXY_USER:=nobody}
# PID file to use.
: ${SNIPROXY_PIDFILE:=/var/tmp/sniproxy.pid}
# We'll put the configuration file here for sniproxy:
SNIPROXY_CFG=/tmp/sniproxy.cfg
# Emit the initial options
cat > ${SNIPROXY_CFG} <<EOF
user ${SNIPROXY_USER}
pidfile ${SNIPROXY_PIDFILE}
error_log {
syslog daemon
priority notice
}
access_log {
syslog daemon
}
EOF
# Resolver configuration. We configure these as a series of numbered
# parameters:
# - SNIPROXY_NS_SRVn: specifies resolver IP address 'n'
# - SNIPROXY_NS_SEARCHn: specifies domain search item 'n'
# - SNIPROXY_NS_MODE: Decides the resolver mode; ipv{4,6}_{only,first}
if [ -n "${SNIPROXY_NS_SRV0}" ] || [ -n "${SNIPROXY_NS_SEARCH0}" ] \
|| [ -n "${SNIPROXY_NS_MODE}" ]
then
# We've got resolvers configured, so emit configuration for those.
echo "resolver {"
idx=0
eval srv="\${SNIPROXY_NS_SRV${idx}}"
while [ -n "${srv}" ]
do
echo " nameserver ${srv}"
idx=$(( ${idx} + 1 ))
eval srv="\${SNIPROXY_NS_SRV${idx}}"
done
idx=0
eval domain="\${SNIPROXY_NS_SEARCH${idx}}"
while [ -n "${srv}" ]
do
echo " search ${srv}"
idx=$(( ${idx} + 1 ))
eval domain="\${SNIPROXY_NS_SEARCH${idx}}"
done
if [ -n "${SNIPROXY_NS_MODE}" ]
then
echo " mode ${SNIPROXY_NS_MODE}"
fi
echo "}"
fi >> ${SNIPROXY_CFG}
# Listen configurations. These are a series of numbered parameters that specify
# the sockets being listened to. They may optionally be mapped to a named
# table which is defined later.
#
# Syntax is:
# SNIPROXY_LISTENn_PROTO={http|tls}
# SNIPROXY_LISTENn_PORT=port number
# SNIPROXY_LISTENn_ADDR=optional IP address (default: any,
# IPv6 must be in brackets)
# SNIPROXY_LISTENn_FALLBACK=optional fallback address/port if request
# cannot be parsed.
# SNIPROXY_LISTENn_SOURCE=optional source IP address
# SNIPROXY_LISTENn_TABLE=optional table
idx=0
eval proto="\${SNIPROXY_LISTEN${idx}_PROTO}"
eval port="\${SNIPROXY_LISTEN${idx}_PORT}"
while [ -n "${proto}" ] && [ -n "${port}" ]
do
eval addr="\${SNIPROXY_LISTEN${idx}_ADDR}"
eval fallback="\${SNIPROXY_LISTEN${idx}_FALLBACK}"
eval src="\${SNIPROXY_LISTEN${idx}_SOURCE}"
eval table="\${SNIPROXY_LISTEN${idx}_TABLE}"
if [ -n "${addr}" ]
then
echo "listen ${addr}:${port} {"
else
echo "listen ${port} {"
fi
echo " protocol ${proto}"
if [ -n "${fallback}" ]
then
echo " fallback ${fallback}"
fi
if [ -n "${src}" ]
then
echo " source ${src}"
fi
if [ -n "${table}" ]
then
echo " table ${table}"
fi
echo "}"
idx=$(( ${idx} + 1 ))
eval proto="\${SNIPROXY_LISTEN${idx}_PROTO}"
eval port="\${SNIPROXY_LISTEN${idx}_PORT}"
done >> ${SNIPROXY_CFG}
# Proxy tables.
# Each table is listed in a similar fashion to the ports with a variable
# named SNIPROXY_TABLEn:
# - SNIPROXY_TABLEn: Name of table N
# Note that the "default" table is hardcoded as table 0.
#
# For each table; it accepts a series of variables which give the pattern and
# destination IP/port for the matching host of the form:
# - SNIPROXY_TABLEn_SRCm: Pattern for table N host M.
# - SNIPROXY_TABLEn_DESTm: IP and port of host for SNIPROXY_TABLEn_SRCm.
SNIPROXY_TABLE0=''
idx=0
table=""
while [ ${idx} = 0 ] || [ -n "${table}" ]
do
tidx=0
echo "table ${table} {"
eval src="\${SNIPROXY_TABLE${idx}_SRC${tidx}}"
eval dest="\${SNIPROXY_TABLE${idx}_DEST${tidx}}"
while [ -n "${src}" ] && [ -n "${dest}" ]
do
echo " ${src} ${dest}"
tidx=$(( ${tidx} + 1 ))
eval src="\${SNIPROXY_TABLE${idx}_SRC${tidx}}"
eval dest="\${SNIPROXY_TABLE${idx}_DEST${tidx}}"
done
echo "}"
idx=$(( ${idx} + 1 ))
eval table="\${SNIPROXY_TABLE${idx}}"
done >> ${SNIPROXY_CFG}
# Dump for debugging
echo "# Generated ${SNIPROXY_CFG}"
cat ${SNIPROXY_CFG}
# Dry run mode?
if [ -n "${SNIPROXY_DRY_RUN}" ]
then
echo "Dry run mode, exiting."
exit 0
fi
# Start sniproxy, in foreground (TODO: figure out how to do this *and* drop
# privs after binding)
exec /usr/sbin/sniproxy -c ${SNIPROXY_CFG} -f