server: support config reload

README.md

@@ -69,6 +69,15 @@ $ netguard-tool keygen --help
 ```
 
 
+### Reload config
+
+Reload `netguard-server` config file:
+
+```shell
+$ pkill -HUP netguard-server
+```
+
+
 ## Build
 
 Build release version.
@@ -87,7 +96,6 @@ $ cargo build --release
 
 - Add query and reject connection Interfaces
 - More certificate signing algorithms
-- Reload configuration file
 - Hot update bin executable program
 - Audit log
 - Knock SDK APIs

server/src/bin/server.rs

@@ -3,7 +3,7 @@ use std::sync::Arc;
 
 use anyhow::Result;
 use clap::Parser;
-use signal_hook::consts::{SIGINT, SIGQUIT, SIGTERM};
+use signal_hook::consts::{SIGHUP, SIGINT, SIGQUIT, SIGTERM};
 use signal_hook::iterator::Signals;
 use tikv_jemallocator::Jemalloc;
 use tracing::{debug, info};
@@ -59,7 +59,7 @@ fn main() -> Result<()> {
 
     iptables::rules_create(&config)?;
 
-    wait_for_signal()?;
+    wait_for_signal(&args, &workers)?;
 
     iptables::rules_destroy(&config)?;
 
@@ -68,15 +68,25 @@ fn main() -> Result<()> {
     Ok(())
 }
 
-fn wait_for_signal() -> Result<()> {
-    let sigs = vec![SIGTERM, SIGQUIT, SIGINT];
+fn wait_for_signal(args: &Args, workers: &[Worker]) -> Result<()> {
+    let sigs = vec![SIGTERM, SIGQUIT, SIGINT, SIGHUP];
 
     let mut signals = Signals::new(sigs)?;
 
     for signal in &mut signals {
         debug!("Received a signal {:?}", signal);
 
         match signal {
+            SIGHUP => match Config::from_file(&args.config) {
+                Ok(new_config) => {
+                    for worker in workers {
+                        worker.update_config(new_config.clone());
+                    }
+                }
+                Err(e) => {
+                    info!("Failed to reload config: {e}")
+                }
+            },
             term_sig => {
                 info!("Received a termination signal {:?}", term_sig);
                 break;