OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-01-05 11:36:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 2023-09-11 14:52:04

Browse Source
This commit is contained in:
github-actions[bot] 2023-09-11 14:52:04 +08:00
parent 5dd36664d0
commit 30d288db00
152 changed files with 3778 additions and 5811 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
alac/Makefile Normal file
View File

@ -0,0 +1,59 @@
# SPDX-Identifier-License: GPL-3.0-only
#
# Copyright (C) 2020 Lean <coolsnowwolf@gmail.com>
# Copyright (C) 2021 ImmortalWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=alac
PKG_VERSION:=0.0.7
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/mikebrady/alac.git
PKG_SOURCE_DATE:=2019-02-13
PKG_SOURCE_VERSION:=5d6d836ee5b025a5e538cfa62c88bc5bced506ed
PKG_MIRROR_HASH:=16da90956fb0ef41bb5d0089a543e08122c958afea69629dfa34ebdf00870a07
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=autogen.sh
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
define Package/libalac
SECTION:=libs
CATEGORY:=Libraries
TITLE:=The Apple Lossless Audio Codec Library
URL:=https://github.com/mikebrady/alac
DEPENDS:=+libstdcpp
endef
define Package/libalac/description
The Apple Lossless Audio Codec (ALAC) is an audio codec developed by
Apple and supported on iPhone, iPad, most iPods, Mac and iTunes.
ALAC is a data compression method which reduces the size of audio
files with no loss of information. A decoded ALAC stream is
bit-for-bit identical to the original uncompressed audio file.
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libalac.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/alac.pc $(1)/usr/lib/pkgconfig/
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/alac $(1)/usr/include/
endef
define Package/libalac/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libalac.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libalac))

2
ariang/Makefile
View File

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ariang
PKG_VERSION:=1.3.2
PKG_RELEASE:=$(AUTORELEASE)
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
PKG_SOURCE_URL:=https://github.com/mayswind/AriaNg/releases/download/$(PKG_VERSION)

13
base-files/Makefile
View File

@ -89,6 +89,19 @@ define ImageConfigOptions
echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
ifeq ($(CONFIG_TARGET_DEFAULT_LAN_IP_FROM_PREINIT),y)
mkdir -p $(1)/etc/board.d
echo '. /lib/functions/uci-defaults.sh' >$(1)/etc/board.d/99-lan-ip
echo 'logger -t 99-lan-ip "setting custom default LAN IP"' >>$(1)/etc/board.d/99-lan-ip
echo 'board_config_update' >>$(1)/etc/board.d/99-lan-ip
echo 'json_select network' >>$(1)/etc/board.d/99-lan-ip
echo 'json_select lan' >>$(1)/etc/board.d/99-lan-ip
echo 'json_add_string ipaddr $(if $(CONFIG_TARGET_PREINIT_IP),$(CONFIG_TARGET_PREINIT_IP),"192.168.1.1")' >>$(1)/etc/board.d/99-lan-ip
echo 'json_add_string netmask $(if $(CONFIG_TARGET_PREINIT_NETMASK),$(CONFIG_TARGET_PREINIT_NETMASK),"255.255.255.0")' >>$(1)/etc/board.d/99-lan-ip
echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
echo 'board_config_flush' >>$(1)/etc/board.d/99-lan-ip
endif
endef
define Build/Prepare

9
base-files/files/bin/config_generate
View File

@ -207,6 +207,15 @@ generate_network() {
EOF
}
;;
ncm|\
qmi|\
mbim)
uci -q batch <<-EOF
set network.$1.proto='${protocol}'
set network.$1.pdptype='ipv4'
EOF
;;
esac
}

52
base-files/files/bin/ipcalc.sh
View File

@ -1,6 +1,5 @@
#!/bin/sh
#!/usr/bin/awk -f
awk -f - $* <<EOF
function bitcount(c) {
c=and(rshift(c, 1),0x55555555)+and(c,0x55555555)
c=and(rshift(c, 2),0x33333333)+and(c,0x33333333)
@ -11,14 +10,20 @@ function bitcount(c) {
}
function ip2int(ip) {
for (ret=0,n=split(ip,a,"\."),x=1;x<=n;x++) ret=or(lshift(ret,8),a[x])
ret=0
n=split(ip,a,"\\.")
for (x=1;x<=n;x++)
ret=or(lshift(ret,8),a[x])
return ret
}
function int2ip(ip,ret,x) {
ret=and(ip,255)
ip=rshift(ip,8)
for(;x<3;ret=and(ip,255)"."ret,ip=rshift(ip,8),x++);
for(;x<3;x++) {
ret=and(ip,255)"."ret
ip=rshift(ip,8)
}
return ret
}
@ -44,28 +49,41 @@ BEGIN {
}
network=and(ipaddr,netmask)
prefix=32-bitcount(compl32(netmask))
broadcast=or(network,compl32(netmask))
start=or(network,and(ip2int(ARGV[3]),compl32(netmask)))
limit=network+1
if (start<limit) start=limit
end=start+ARGV[4]
limit=or(network,compl32(netmask))-1
if (end>limit) end=limit
print "IP="int2ip(ipaddr)
print "NETMASK="int2ip(netmask)
print "BROADCAST="int2ip(broadcast)
print "NETWORK="int2ip(network)
print "PREFIX="32-bitcount(compl32(netmask))
print "PREFIX="prefix
# range calculations:
# ipcalc <ip> <netmask> <start> <num>
if (ARGC > 3) {
print "START="int2ip(start)
print "END="int2ip(end)
if (ARGC <= 3)
exit(0)
start=or(network,and(ip2int(ARGV[3]),compl32(netmask)))
limit=network+1
if (start<limit) start=limit
if (start==ipaddr) start=ipaddr+1
end=start+ARGV[4]
limit=or(network,compl32(netmask))-1
if (end>limit) end=limit
if (end==ipaddr) end=ipaddr-1
if (start>end) {
print "network ("int2ip(network)"/"prefix") too small" > "/dev/stderr"
exit(1)
}
if (ipaddr > start && ipaddr < end) {
print "ipaddr inside range" > "/dev/stderr"
exit(1)
}
print "START="int2ip(start)
print "END="int2ip(end)
}
EOF

6
base-files/files/etc/init.d/led
View File

@ -29,7 +29,7 @@ load_led() {
config_get delay $1 delay "150"
config_get message $1 message ""
config_get gpio $1 gpio "0"
config_get inverted $1 inverted "0"
config_get_bool inverted $1 inverted "0"
# execute application led trigger
[ -f "/usr/libexec/led-trigger/${trigger}" ] && {
@ -69,6 +69,10 @@ load_led() {
return 1
}
case "$trigger" in
"heartbeat")
echo "${inverted}" > "/sys/class/leds/${sysfs}/invert"
;;
"netdev")
[ -n "$dev" ] && {
echo $dev > /sys/class/leds/${sysfs}/device_name

22
base-files/files/etc/init.d/sysfixtime
View File

@ -8,23 +8,33 @@ RTC_DEV=/dev/rtc0
HWCLOCK=/sbin/hwclock
boot() {
start && exit 0
local maxtime="$(maxtime)"
hwclock_load
local maxtime="$(find_max_time)"
local curtime="$(date +%s)"
[ $curtime -lt $maxtime ] && date -s @$maxtime
if [ $curtime -lt $maxtime ]; then
date -s @$maxtime
hwclock_save
fi
}
start() {
[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
hwclock_load
}
stop() {
hwclock_save
}
hwclock_load() {
[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
}
hwclock_save(){
[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -w -u -f $RTC_DEV && \
logger -t sysfixtime "saved '$(date)' to $RTC_DEV"
}
maxtime() {
find_max_time() {
local file newest
for file in $( find /etc -type f ) ; do

1
base-files/files/etc/sysctl.d/10-default.conf
View File

@ -9,6 +9,7 @@ fs.protected_hardlinks=1
fs.protected_symlinks=1
net.core.bpf_jit_enable=1
net.core.bpf_jit_kallsyms=1
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1

14
base-files/files/lib/functions/network.sh
View File

@ -90,6 +90,13 @@ network_get_prefix6() {
__network_ifstatus "$1" "$2" "['ipv6-prefix'][0]['address','mask']" "/"
}
# determine first IPv6 prefix assignment of given logical interface
# 1: destination variable
# 2: interface
network_get_prefix_assignment6() {
__network_ifstatus "$1" "$2" "['ipv6-prefix-assignment'][0]['address','mask']" "/"
}
# determine all IPv4 addresses of given logical interface
# 1: destination variable
# 2: interface
@ -187,6 +194,13 @@ network_get_prefixes6() {
__network_ifstatus "$1" "$2" "['ipv6-prefix'][*]['address','mask']" "/ "
}
# determine all IPv6 prefix assignments of given logical interface
# 1: destination variable
# 2: interface
network_get_prefix_assignments6() {
__network_ifstatus "$1" "$2" "['ipv6-prefix-assignment'][*]['address','mask']" "/ "
}
# determine IPv4 gateway of given logical interface
# 1: destination variable
# 2: interface

58
base-files/files/lib/functions/system.sh
View File

@ -110,11 +110,41 @@ mtd_get_mac_encrypted_arcadyan() {
[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
}
mtd_get_mac_encrypted_deco() {
local mtdname="$1"
if ! [ -e "$mtdname" ]; then
echo "mtd_get_mac_encrypted_deco: file $mtdname not found!" >&2
return
fi
tplink_key="3336303032384339"
key=$(dd if=$mtdname bs=1 skip=16 count=8 2>/dev/null | \
uencrypt -n -d -k $tplink_key -c des-ecb | hexdump -v -n 8 -e '1/1 "%02x"')
macaddr=$(dd if=$mtdname bs=1 skip=32 count=8 2>/dev/null | \
uencrypt -n -d -k $key -c des-ecb | hexdump -v -n 6 -e '5/1 "%02x:" 1/1 "%02x"')
echo $macaddr
}
mtd_get_mac_uci_config_ubi() {
local volumename="$1"
. /lib/upgrade/nand.sh
local ubidev=$(nand_attach_ubi $CI_UBIPART)
local part=$(nand_find_volume $ubidev $volumename)
cat "/dev/$part" | sed -n 's/^\s*option macaddr\s*'"'"'\?\([0-9A-F:]\+\)'"'"'\?/\1/Ip'
}
mtd_get_mac_text() {
local mtdname=$1
local offset=$(($2))
local mtdname="$1"
local offset=$((${2:-0}))
local length="${3:-17}"
local part
local mac_dirty
part=$(find_mtd_part "$mtdname")
if [ -z "$part" ]; then
@ -122,15 +152,9 @@ mtd_get_mac_text() {
return
fi
if [ -z "$offset" ]; then
echo "mtd_get_mac_text: offset missing!" >&2
return
fi
[ $((offset + length)) -le $(mtd_get_part_size "$mtdname") ] || return
mac_dirty=$(dd if="$part" bs=1 skip="$offset" count=17 2>/dev/null)
# "canonicalize" mac
[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
macaddr_canonicalize $(dd bs=1 if="$part" skip="$offset" count="$length" 2>/dev/null)
}
mtd_get_mac_binary() {
@ -185,6 +209,14 @@ macaddr_add() {
echo $oui:$nic
}
macaddr_generate_from_mmc_cid() {
local mmc_dev=$1
local sd_hash=$(sha256sum /sys/class/block/$mmc_dev/device/cid)
local mac_base=$(macaddr_canonicalize "$(echo "${sd_hash}" | dd bs=1 count=12 2>/dev/null)")
echo "$(macaddr_unsetbit_mc "$(macaddr_setbit_la "${mac_base}")")"
}
macaddr_geteui() {
local mac=$1
local sep=$2
@ -264,3 +296,7 @@ macaddr_canonicalize() {
printf "%02x:%02x:%02x:%02x:%02x:%02x" 0x${canon// / 0x} 2>/dev/null
}
dt_is_enabled() {
grep -q okay "/proc/device-tree/$1/status"
}

25
base-files/files/lib/functions/uci-defaults.sh
View File

@ -96,7 +96,7 @@ ucidef_set_interfaces_lan_wan() {
ucidef_set_bridge_device() {
json_select_object bridge
json_add_string name "${1:switch0}"
json_add_string name "${1:-switch0}"
json_select ..
}
@ -114,6 +114,14 @@ ucidef_set_network_device_mac() {
json_select ..
}
ucidef_set_network_device_path() {
json_select_object "network_device"
json_select_object "$1"
json_add_string path "$2"
json_select ..
json_select ..
}
_ucidef_add_switch_port() {
# inherited: $num $device $need_tag $want_untag $role $index $prev_role
# inherited: $n_cpu $n_ports $n_vlan $cpu0 $cpu1 $cpu2 $cpu3 $cpu4 $cpu5
@ -638,6 +646,21 @@ ucidef_set_ntpserver() {
json_select ..
}
ucidef_add_wlan() {
local path="$1"; shift
ucidef_wlan_idx=${ucidef_wlan_idx:-0}
json_select_object wlan
json_select_object "wl$ucidef_wlan_idx"
json_add_string path "$path"
json_add_fields "$@"
json_select ..
json_select ..
ucidef_wlan_idx="$((ucidef_wlan_idx + 1))"
}
board_config_update() {
json_init
[ -f ${CFG} ] && json_load "$(cat ${CFG})"

41
base-files/files/lib/preinit/10_indicate_preinit
View File

@ -63,6 +63,20 @@ preinit_config_switch() {
json_select ..
}
preinit_config_port() {
local original
local netdev="$1"
local path="$2"
[ -d "/sys/devices/$path/net" ] || return
original="$(ls "/sys/devices/$path/net" | head -1)"
[ "$netdev" = "$original" ] && return
ip link set "$original" name "$netdev"
}
preinit_config_board() {
/bin/board_detect /tmp/board.json
@ -73,6 +87,33 @@ preinit_config_board() {
json_init
json_load "$(cat /tmp/board.json)"
# Find the current highest eth*
max_eth=$(grep -o '^ *eth[0-9]*:' /proc/net/dev | tr -dc '[0-9]\n' | sort -n | tail -1)
# Find and move netdevs using eth*s we are configuring
json_get_keys keys "network_device"
for netdev in $keys; do
json_select "network_device"
json_select "$netdev"
json_get_vars path path
if [ -n "$path" -a -h "/sys/class/net/$netdev" ]; then
ip link set "$netdev" down
ip link set "$netdev" name eth$((++max_eth))
fi
json_select ..
json_select ..
done
# Move interfaces by path to their netdev name
json_get_keys keys "network_device"
for netdev in $keys; do
json_select "network_device"
json_select "$netdev"
json_get_vars path path
[ -n "$path" ] && preinit_config_port "$netdev" "$path"
json_select ..
json_select ..
done
json_select network
json_select "lan"
json_get_vars device

60
base-files/files/lib/preinit/30_failsafe_wait
View File

@ -40,35 +40,39 @@ fs_wait_for_key () {
rm -f $keypress_wait
} &
[ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2"
echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level"
# if we're on the console we wait for input
{
while [ -r $keypress_wait ]; do
timer="$(cat $keypress_sec)"
local consoles="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | sed -e 's/^console=//' -e 's/,.*//')"
[ -n "$consoles" ] || consoles=console
for console in $consoles; do
[ -c "/dev/$console" ] || continue
[ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2" > "/dev/$console"
echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level" > "/dev/$console"
{
while [ -r $keypress_wait ]; do
timer="$(cat $keypress_sec)"
[ -n "$timer" ] || timer=1
timer="${timer%%\ *}"
[ $timer -ge 1 ] || timer=1
do_keypress=""
{
read -t "$timer" do_keypress
case "$do_keypress" in
$1)
echo "true" >$keypress_true
;;
1 | 2 | 3 | 4)
echo "$do_keypress" >/tmp/debug_level
;;
*)
continue;
;;
esac
lock -u $keypress_wait
rm -f $keypress_wait
}
done
}
[ -n "$timer" ] || timer=1
timer="${timer%%\ *}"
[ $timer -ge 1 ] || timer=1
do_keypress=""
{
read -t "$timer" do_keypress < "/dev/$console"
case "$do_keypress" in
$1)
echo "true" >$keypress_true
;;
1 | 2 | 3 | 4)
echo "$do_keypress" >/tmp/debug_level
;;
*)
continue;
;;
esac
lock -u $keypress_wait
rm -f $keypress_wait
}
done
} &
done
lock -w $keypress_wait
keypressed=1

15
base-files/files/lib/preinit/99_10_failsafe_login
View File

@ -2,13 +2,14 @@
# Copyright (C) 2010 Vertical Communications
failsafe_shell() {
local console="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | head -1 | sed -e 's/^console=//' -e 's/,.*//')"
[ -n "$console" ] || console=console
[ -c "/dev/$console" ] || return 0
while true; do
ash --login <"/dev/$console" >"/dev/$console" 2>"/dev/$console"
sleep 1
done &
local consoles="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | sed -e 's/^console=//' -e 's/,.*//')"
[ -n "$consoles" ] || consoles=console
for console in $consoles; do
[ -c "/dev/$console" ] && while true; do
ash --login <"/dev/$console" >"/dev/$console" 2>"/dev/$console"
sleep 1
done &
done
}
boot_hook_add failsafe failsafe_shell

33
base-files/files/lib/upgrade/common.sh
View File

@ -127,6 +127,33 @@ get_magic_fat32() {
(get_image "$@" | dd bs=1 count=5 skip=82) 2>/dev/null
}
identify_magic_long() {
local magic=$1
case "$magic" in
"55424923")
echo "ubi"
;;
"31181006")
echo "ubifs"
;;
"68737173")
echo "squashfs"
;;
"d00dfeed")
echo "fit"
;;
"4349"*)
echo "combined"
;;
"1f8b"*)
echo "gzip"
;;
*)
echo "unknown $magic"
;;
esac
}
part_magic_efi() {
local magic=$(get_magic_gpt "$@")
[ "$magic" = "EFI PART" ]
@ -155,9 +182,11 @@ export_bootdevice() {
fi
done
;;
PARTUUID=????????-????-????-????-??????????0?/PARTNROFF=1 | \
PARTUUID=????????-????-????-????-??????????02)
uuid="${rootpart#PARTUUID=}"
uuid="${uuid%02}00"
uuid="${uuid%/PARTNROFF=1}"
uuid="${uuid%0?}00"
for disk in $(find /dev -type b); do
set -- $(dd if=$disk bs=1 skip=568 count=16 2>/dev/null | hexdump -v -e '8/1 "%02x "" "2/1 "%02x""-"6/1 "%02x"')
if [ "$4$3$2$1-$6$5-$8$7-$9" = "$uuid" ]; then
@ -203,7 +232,7 @@ export_partdevice() {
while read line; do
export -n "$line"
done < "$uevent"
if [ $BOOTDEV_MAJOR = $MAJOR -a $(($BOOTDEV_MINOR + $offset)) = $MINOR -a -b "/dev/$DEVNAME" ]; then
if [ "$BOOTDEV_MAJOR" = "$MAJOR" -a $(($BOOTDEV_MINOR + $offset)) = "$MINOR" -a -b "/dev/$DEVNAME" ]; then
export "$var=$DEVNAME"
return 0
fi

2
base-files/files/lib/upgrade/emmc.sh
View File

@ -58,7 +58,7 @@ emmc_copy_config() {
}
emmc_do_upgrade() {
local file_type=$(identify $1)
local file_type=$(identify_magic_long "$(get_magic_long "$1")")
case "$file_type" in
"fit") emmc_upgrade_fit $1;;

498
base-files/files/lib/upgrade/nand.sh
View File

@ -7,6 +7,8 @@
CI_KERNPART="${CI_KERNPART:-kernel}"
# 'ubi' partition on NAND contains UBI
# There are also CI_KERN_UBIPART and CI_ROOT_UBIPART if kernel
# and rootfs are on separated UBIs.
CI_UBIPART="${CI_UBIPART:-ubi}"
# 'rootfs' UBI volume on NAND contains the rootfs
@ -26,7 +28,7 @@ ubi_mknod() {
nand_find_volume() {
local ubidevdir ubivoldir
ubidevdir="/sys/devices/virtual/ubi/$1"
ubidevdir="/sys/class/ubi/"
[ ! -d "$ubidevdir" ] && return 1
for ubivoldir in $ubidevdir/${1}_*; do
[ ! -d "$ubivoldir" ] && continue
@ -39,13 +41,12 @@ nand_find_volume() {
}
nand_find_ubi() {
local ubidevdir ubidev mtdnum
local ubidevdir ubidev mtdnum cmtdnum
mtdnum="$( find_mtd_index $1 )"
[ ! "$mtdnum" ] && return 1
for ubidevdir in /sys/devices/virtual/ubi/ubi*; do
[ ! -d "$ubidevdir" ] && continue
for ubidevdir in /sys/class/ubi/ubi*; do
[ ! -e "$ubidevdir/mtd_num" ] && continue
cmtdnum="$( cat $ubidevdir/mtd_num )"
[ ! "$mtdnum" ] && continue
if [ "$mtdnum" = "$cmtdnum" ]; then
ubidev=$( basename $ubidevdir )
ubi_mknod "$ubidevdir"
@ -56,134 +57,175 @@ nand_find_ubi() {
}
nand_get_magic_long() {
dd if="$1" skip=$2 bs=4 count=1 2>/dev/null | hexdump -v -n 4 -e '1/1 "%02x"'
(${3}cat "$1" | dd bs=4 "skip=${2:-0}" count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
}
get_magic_long_tar() {
( tar xf $1 $2 -O | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
(tar xO${3}f "$1" "$2" | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
}
identify_magic() {
local magic=$1
case "$magic" in
"55424923")
echo "ubi"
;;
"31181006")
echo "ubifs"
;;
"68737173")
echo "squashfs"
;;
"d00dfeed")
echo "fit"
;;
"4349"*)
echo "combined"
;;
*)
echo "unknown $magic"
;;
esac
}
identify() {
identify_magic $(nand_get_magic_long "$1" "${2:-0}")
identify_magic_long $(nand_get_magic_long "$@")
}
identify_tar() {
identify_magic $(get_magic_long_tar "$1" "$2")
identify_magic_long $(get_magic_long_tar "$@")
}
identify_if_gzip() {
if [ "$(identify "$1")" = gzip ]; then echo -n z; fi
}
nand_restore_config() {
sync
local ubidev=$( nand_find_ubi $CI_UBIPART )
local ubidev=$( nand_find_ubi "${CI_ROOT_UBIPART:-$CI_UBIPART}" )
local ubivol="$( nand_find_volume $ubidev rootfs_data )"
[ ! "$ubivol" ] &&
ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
if [ ! "$ubivol" ]; then
ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
if [ ! "$ubivol" ]; then
echo "cannot find ubifs data volume"
return 1
fi
fi
mkdir /tmp/new_root
if ! mount -t ubifs /dev/$ubivol /tmp/new_root; then
echo "mounting ubifs $ubivol failed"
echo "cannot mount ubifs volume $ubivol"
rmdir /tmp/new_root
return 1
fi
mv "$1" "/tmp/new_root/$BACKUP_FILE"
umount /tmp/new_root
sync
if mv "$1" "/tmp/new_root/$BACKUP_FILE"; then
if umount /tmp/new_root; then
echo "configuration saved"
rmdir /tmp/new_root
return 0
fi
else
umount /tmp/new_root
fi
echo "could not save configuration to ubifs volume $ubivol"
rmdir /tmp/new_root
return 1
}
nand_remove_ubiblock() {
local ubivol="$1"
local ubiblk="ubiblock${ubivol:3}"
if [ -e "/dev/$ubiblk" ]; then
umount "/dev/$ubiblk" && echo "unmounted /dev/$ubiblk" || :
if ! ubiblock -r "/dev/$ubivol"; then
echo "cannot remove $ubiblk"
return 1
fi
fi
}
nand_attach_ubi() {
local ubipart="$1"
local has_env="${2:-0}"
local mtdnum="$( find_mtd_index "$ubipart" )"
if [ ! "$mtdnum" ]; then
>&2 echo "cannot find ubi mtd partition $ubipart"
return 1
fi
local ubidev="$( nand_find_ubi "$ubipart" )"
if [ ! "$ubidev" ]; then
>&2 ubiattach -m "$mtdnum"
ubidev="$( nand_find_ubi "$ubipart" )"
if [ ! "$ubidev" ]; then
>&2 ubiformat /dev/mtd$mtdnum -y
>&2 ubiattach -m "$mtdnum"
ubidev="$( nand_find_ubi "$ubipart" )"
if [ ! "$ubidev" ]; then
>&2 echo "cannot attach ubi mtd partition $ubipart"
return 1
fi
if [ "$has_env" -gt 0 ]; then
>&2 ubimkvol /dev/$ubidev -n 0 -N ubootenv -s 1MiB
>&2 ubimkvol /dev/$ubidev -n 1 -N ubootenv2 -s 1MiB
fi
fi
fi
echo "$ubidev"
return 0
}
nand_detach_ubi() {
local ubipart="$1"
local mtdnum="$( find_mtd_index "$ubipart" )"
if [ ! "$mtdnum" ]; then
echo "cannot find ubi mtd partition $ubipart"
return 1
fi
local ubidev="$( nand_find_ubi "$ubipart" )"
if [ "$ubidev" ]; then
for ubivol in $(find /dev -name "${ubidev}_*" -maxdepth 1 | sort); do
ubivol="${ubivol:5}"
nand_remove_ubiblock "$ubivol" || :
umount "/dev/$ubivol" && echo "unmounted /dev/$ubivol" || :
done
if ! ubidetach -m "$mtdnum"; then
echo "cannot detach ubi mtd partition $ubipart"
return 1
fi
fi
}
nand_upgrade_prepare_ubi() {
local rootfs_length="$1"
local rootfs_type="$2"
local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2>/dev/null)"
local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2> /dev/null)"
[ -n "$rootfs_data_max" ] && rootfs_data_max=$((rootfs_data_max))
local kernel_length="$3"
local has_env="${4:-0}"
local kern_ubidev
local root_ubidev
[ -n "$rootfs_length" -o -n "$kernel_length" ] || return 1
local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
if [ ! "$mtdnum" ]; then
echo "cannot find ubi mtd partition $CI_UBIPART"
return 1
if [ -n "$CI_KERN_UBIPART" -a -n "$CI_ROOT_UBIPART" ]; then
kern_ubidev="$( nand_attach_ubi "$CI_KERN_UBIPART" "$has_env" )"
[ -n "$kern_ubidev" ] || return 1
root_ubidev="$( nand_attach_ubi "$CI_ROOT_UBIPART" )"
[ -n "$root_ubidev" ] || return 1
else
kern_ubidev="$( nand_attach_ubi "$CI_UBIPART" "$has_env" )"
[ -n "$kern_ubidev" ] || return 1
root_ubidev="$kern_ubidev"
fi
local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
if [ ! "$ubidev" ]; then
ubiattach -m "$mtdnum"
sync
ubidev="$( nand_find_ubi "$CI_UBIPART" )"
fi
local kern_ubivol="$( nand_find_volume $kern_ubidev "$CI_KERNPART" )"
local root_ubivol="$( nand_find_volume $root_ubidev "$CI_ROOTPART" )"
local data_ubivol="$( nand_find_volume $root_ubidev rootfs_data )"
[ "$root_ubivol" = "$kern_ubivol" ] && root_ubivol=
if [ ! "$ubidev" ]; then
ubiformat /dev/mtd$mtdnum -y
ubiattach -m "$mtdnum"
sync
ubidev="$( nand_find_ubi "$CI_UBIPART" )"
[ ! "$ubidev" ] && return 1
[ "$has_env" -gt 0 ] && {
ubimkvol /dev/$ubidev -n 0 -N ubootenv -s 1MiB
ubimkvol /dev/$ubidev -n 1 -N ubootenv2 -s 1MiB
}
fi
local kern_ubivol="$( nand_find_volume $ubidev $CI_KERNPART )"
local root_ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
local data_ubivol="$( nand_find_volume $ubidev rootfs_data )"
local ubiblk ubiblkvol
for ubiblk in /dev/ubiblock${ubidev:3}_* ; do
[ -e "$ubiblk" ] || continue
case "$ubiblk" in
/dev/ubiblock*_*p*)
continue
;;
esac
echo "removing ubiblock${ubiblk:13}"
ubiblkvol=ubi${ubiblk:13}
if ! ubiblock -r /dev/$ubiblkvol; then
echo "cannot remove $ubiblk"
return 1
fi
done
# remove ubiblocks
[ "$kern_ubivol" ] && { nand_remove_ubiblock $kern_ubivol || return 1; }
[ "$root_ubivol" ] && { nand_remove_ubiblock $root_ubivol || return 1; }
[ "$data_ubivol" ] && { nand_remove_ubiblock $data_ubivol || return 1; }
# kill volumes
[ "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_KERNPART || :
[ "$root_ubivol" -a "$root_ubivol" != "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_ROOTPART || :
[ "$data_ubivol" ] && ubirmvol /dev/$ubidev -N rootfs_data || :
[ "$kern_ubivol" ] && ubirmvol /dev/$kern_ubidev -N "$CI_KERNPART" || :
[ "$root_ubivol" ] && ubirmvol /dev/$root_ubidev -N "$CI_ROOTPART" || :
[ "$data_ubivol" ] && ubirmvol /dev/$root_ubidev -N rootfs_data || :
# update kernel
# create kernel vol
if [ -n "$kernel_length" ]; then
if ! ubimkvol /dev/$ubidev -N $CI_KERNPART -s $kernel_length; then
if ! ubimkvol /dev/$kern_ubidev -N "$CI_KERNPART" -s $kernel_length; then
echo "cannot create kernel volume"
return 1;
fi
fi
# update rootfs
# create rootfs vol
if [ -n "$rootfs_length" ]; then
local rootfs_size_param
if [ "$rootfs_type" = "ubifs" ]; then
@ -191,155 +233,224 @@ nand_upgrade_prepare_ubi() {
else
rootfs_size_param="-s $rootfs_length"
fi
if ! ubimkvol /dev/$ubidev -N $CI_ROOTPART $rootfs_size_param; then
if ! ubimkvol /dev/$root_ubidev -N "$CI_ROOTPART" $rootfs_size_param; then
echo "cannot create rootfs volume"
return 1;
fi
fi
# create rootfs_data for non-ubifs rootfs
# create rootfs_data vol for non-ubifs rootfs
if [ "$rootfs_type" != "ubifs" ]; then
local rootfs_data_size_param="-m"
if [ -n "$rootfs_data_max" ]; then
rootfs_data_size_param="-s $rootfs_data_max"
fi
if ! ubimkvol /dev/$ubidev -N rootfs_data $rootfs_data_size_param; then
if ! ubimkvol /dev/$ubidev -N rootfs_data -m; then
if ! ubimkvol /dev/$root_ubidev -N rootfs_data $rootfs_data_size_param; then
if ! ubimkvol /dev/$root_ubidev -N rootfs_data -m; then
echo "cannot initialize rootfs_data volume"
return 1
fi
fi
fi
sync
return 0
}
nand_do_upgrade_success() {
local conf_tar="/tmp/sysupgrade.tgz"
sync
[ -f "$conf_tar" ] && nand_restore_config "$conf_tar"
echo "sysupgrade successful"
umount -a
reboot -f
}
# Flash the UBI image to MTD partition
# Write the UBI image to MTD ubi partition
nand_upgrade_ubinized() {
local ubi_file="$1"
local mtdnum="$(find_mtd_index "$CI_UBIPART")"
local gz="$2"
[ ! "$mtdnum" ] && {
CI_UBIPART="rootfs"
mtdnum="$(find_mtd_index "$CI_UBIPART")"
}
local ubi_length=$( (${gz}cat "$ubi_file" | wc -c) 2> /dev/null)
if [ ! "$mtdnum" ]; then
echo "cannot find mtd device $CI_UBIPART"
umount -a
reboot -f
fi
nand_detach_ubi "$CI_UBIPART" || return 1
local mtddev="/dev/mtd${mtdnum}"
ubidetach -p "${mtddev}" || true
sync
ubiformat "${mtddev}" -y -f "${ubi_file}"
ubiattach -p "${mtddev}"
nand_do_upgrade_success
local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum"
}
# Write the UBIFS image to UBI volume
# Write the UBIFS image to UBI rootfs volume
nand_upgrade_ubifs() {
local rootfs_length=$( (cat $1 | wc -c) 2> /dev/null)
local ubifs_file="$1"
local gz="$2"
nand_upgrade_prepare_ubi "$rootfs_length" "ubifs" "" ""
local ubifs_length=$( (${gz}cat "$ubifs_file" | wc -c) 2> /dev/null)
nand_upgrade_prepare_ubi "$ubifs_length" "ubifs" "" "" || return 1
local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
local root_ubivol="$(nand_find_volume $ubidev $CI_ROOTPART)"
ubiupdatevol /dev/$root_ubivol -s $rootfs_length $1
nand_do_upgrade_success
local root_ubivol="$(nand_find_volume $ubidev "$CI_ROOTPART")"
${gz}cat "$ubifs_file" | ubiupdatevol /dev/$root_ubivol -s "$ubifs_length" -
}
# Write the FIT image to UBI kernel volume
nand_upgrade_fit() {
local fit_file="$1"
local fit_length="$(wc -c < "$fit_file")"
local gz="$2"
nand_upgrade_prepare_ubi "" "" "$fit_length" "1"
local fit_length=$( (${gz}cat "$fit_file" | wc -c) 2> /dev/null)
nand_upgrade_prepare_ubi "" "" "$fit_length" "1" || return 1
local fit_ubidev="$(nand_find_ubi "$CI_UBIPART")"
local fit_ubivol="$(nand_find_volume $fit_ubidev "$CI_KERNPART")"
ubiupdatevol /dev/$fit_ubivol -s $fit_length $fit_file
nand_do_upgrade_success
${gz}cat "$fit_file" | ubiupdatevol /dev/$fit_ubivol -s "$fit_length" -
}
# Write images in the TAR file to MTD partitions and/or UBI volumes as required
nand_upgrade_tar() {
local tar_file="$1"
local kernel_mtd="$(find_mtd_index $CI_KERNPART)"
local gz="$2"
local jffs2_markers="${CI_JFFS2_CLEAN_MARKERS:-0}"
local board_dir=$(tar tf "$tar_file" | grep -m 1 '^sysupgrade-.*/$')
board_dir=${board_dir%/}
# WARNING: This fails if tar contains more than one 'sysupgrade-*' directory.
local board_dir="$(tar t${gz}f "$tar_file" | grep -m 1 '^sysupgrade-.*/$')"
board_dir="${board_dir%/}"
kernel_length=$( (tar xf "$tar_file" ${board_dir}/kernel -O | wc -c) 2> /dev/null)
local has_rootfs=0
local rootfs_length
local kernel_mtd kernel_length
if [ "$CI_KERNPART" != "none" ]; then
kernel_mtd="$(find_mtd_index "$CI_KERNPART")"
kernel_length=$( (tar xO${gz}f "$tar_file" "$board_dir/kernel" | wc -c) 2> /dev/null)
[ "$kernel_length" = 0 ] && kernel_length=
fi
local rootfs_length=$( (tar xO${gz}f "$tar_file" "$board_dir/root" | wc -c) 2> /dev/null)
[ "$rootfs_length" = 0 ] && rootfs_length=
local rootfs_type
[ "$rootfs_length" ] && rootfs_type="$(identify_tar "$tar_file" "$board_dir/root" "$gz")"
tar tf "$tar_file" ${board_dir}/root 1>/dev/null 2>/dev/null && has_rootfs=1
[ "$has_rootfs" = "1" ] && {
rootfs_length=$( (tar xf "$tar_file" ${board_dir}/root -O | wc -c) 2> /dev/null)
rootfs_type="$(identify_tar "$tar_file" ${board_dir}/root)"
}
local ubi_kernel_length
if [ "$kernel_length" ]; then
if [ "$kernel_mtd" ]; then
# On some devices, the raw kernel and ubi partitions overlap.
# These devices brick if the kernel partition is erased.
# Hence only invalidate kernel for now.
dd if=/dev/zero bs=4096 count=1 2> /dev/null | \
mtd write - "$CI_KERNPART"
else
ubi_kernel_length="$kernel_length"
fi
fi
local has_kernel=1
local has_env=0
nand_upgrade_prepare_ubi "$rootfs_length" "$rootfs_type" "$ubi_kernel_length" "$has_env" || return 1
[ "$kernel_length" != 0 -a -n "$kernel_mtd" ] && {
tar xf "$tar_file" ${board_dir}/kernel -O | mtd write - $CI_KERNPART
}
[ "$kernel_length" = 0 -o ! -z "$kernel_mtd" ] && has_kernel=
[ "$CI_KERNPART" = "none" ] && has_kernel=
if [ "$rootfs_length" ]; then
local ubidev="$( nand_find_ubi "${CI_ROOT_UBIPART:-$CI_UBIPART}" )"
local root_ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
tar xO${gz}f "$tar_file" "$board_dir/root" | \
ubiupdatevol /dev/$root_ubivol -s "$rootfs_length" -
fi
if [ "$kernel_length" ]; then
if [ "$kernel_mtd" ]; then
if [ "$jffs2_markers" = 1 ]; then
flash_erase -j "/dev/mtd${kernel_mtd}" 0 0
tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
nandwrite "/dev/mtd${kernel_mtd}" -
else
tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
mtd write - "$CI_KERNPART"
fi
else
local ubidev="$( nand_find_ubi "${CI_KERN_UBIPART:-$CI_UBIPART}" )"
local kern_ubivol="$( nand_find_volume $ubidev "$CI_KERNPART" )"
tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
ubiupdatevol /dev/$kern_ubivol -s "$kernel_length" -
fi
fi
nand_upgrade_prepare_ubi "$rootfs_length" "$rootfs_type" "${has_kernel:+$kernel_length}" "$has_env"
return 0
}
local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
[ "$has_kernel" = "1" ] && {
local kern_ubivol="$( nand_find_volume $ubidev $CI_KERNPART )"
tar xf "$tar_file" ${board_dir}/kernel -O | \
ubiupdatevol /dev/$kern_ubivol -s $kernel_length -
}
nand_verify_if_gzip_file() {
local file="$1"
local gz="$2"
[ "$has_rootfs" = "1" ] && {
local root_ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
tar xf "$tar_file" ${board_dir}/root -O | \
ubiupdatevol /dev/$root_ubivol -s $rootfs_length -
}
nand_do_upgrade_success
if [ "$gz" = z ]; then
echo "verifying compressed sysupgrade file integrity"
if ! gzip -t "$file"; then
echo "corrupted compressed sysupgrade file"
return 1
fi
fi
}
nand_verify_tar_file() {
local file="$1"
local gz="$2"
echo "verifying sysupgrade tar file integrity"
if ! tar xO${gz}f "$file" > /dev/null; then
echo "corrupted sysupgrade tar file"
return 1
fi
}
nand_do_flash_file() {
local file="$1"
local gz="$(identify_if_gzip "$file")"
local file_type="$(identify "$file" "" "$gz")"
[ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART=rootfs
case "$file_type" in
"fit")
nand_verify_if_gzip_file "$file" "$gz" || return 1
nand_upgrade_fit "$file" "$gz"
;;
"ubi")
nand_verify_if_gzip_file "$file" "$gz" || return 1
nand_upgrade_ubinized "$file" "$gz"
;;
"ubifs")
nand_verify_if_gzip_file "$file" "$gz" || return 1
nand_upgrade_ubifs "$file" "$gz"
;;
*)
nand_verify_tar_file "$file" "$gz" || return 1
nand_upgrade_tar "$file" "$gz"
;;
esac
}
nand_do_restore_config() {
local conf_tar="/tmp/sysupgrade.tgz"
[ ! -f "$conf_tar" ] || nand_restore_config "$conf_tar"
}
# Recognize type of passed file and start the upgrade process
nand_do_upgrade() {
local file_type=$(identify $1)
local file="$1"
[ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART="rootfs"
case "$file_type" in
"fit") nand_upgrade_fit $1;;
"ubi") nand_upgrade_ubinized $1;;
"ubifs") nand_upgrade_ubifs $1;;
*) nand_upgrade_tar $1;;
esac
sync
nand_do_flash_file "$file" && nand_do_upgrade_success
nand_do_upgrade_failed
}
# Check if passed file is a valid one for NAND sysupgrade. Currently it accepts
# 3 types of files:
# 1) UBI - should contain an ubinized image, header is checked for the proper
# MAGIC
# 2) UBIFS - should contain UBIFS partition that will replace "rootfs" volume,
# header is checked for the proper MAGIC
# 3) TAR - archive has to include "sysupgrade-BOARD" directory with a non-empty
# "CONTROL" file (at this point its content isn't verified)
nand_do_upgrade_success() {
if nand_do_restore_config && sync; then
echo "sysupgrade successful"
umount -a
reboot -f
fi
nand_do_upgrade_failed
}
nand_do_upgrade_failed() {
sync
echo "sysupgrade failed"
# Should we reboot or bring up some failsafe mode instead?
umount -a
reboot -f
}
# Check if passed file is a valid one for NAND sysupgrade.
# Currently it accepts 4 types of files:
# 1) UBI: a ubinized image containing required UBI volumes.
# 2) UBIFS: a UBIFS rootfs volume image.
# 3) FIT: a FIT image containing kernel and rootfs.
# 4) TAR: an archive that includes directory "sysupgrade-${BOARD_NAME}" containing
# a non-empty "CONTROL" file and required partition and/or volume images.
#
# You usually want to call this function in platform_check_image.
#
@ -347,14 +458,25 @@ nand_do_upgrade() {
# $(2): file to be checked
nand_do_platform_check() {
local board_name="$1"
local tar_file="$2"
local control_length=$( (tar xf $tar_file sysupgrade-$board_name/CONTROL -O | wc -c) 2> /dev/null)
local file_type="$(identify $2)"
local file="$2"
[ "$control_length" = 0 -a "$file_type" != "ubi" -a "$file_type" != "ubifs" -a "$file_type" != "fit" ] && {
echo "Invalid sysupgrade file."
return 1
}
local gz="$(identify_if_gzip "$file")"
local file_type="$(identify "$file" "" "$gz")"
local control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//,/_}/CONTROL" | wc -c) 2> /dev/null)
if [ "$control_length" = 0 ]; then
control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//_/,}/CONTROL" | wc -c) 2> /dev/null)
fi
if [ "$control_length" != 0 ]; then
nand_verify_tar_file "$file" "$gz" || return 1
else
nand_verify_if_gzip_file "$file" "$gz" || return 1
if [ "$file_type" != "fit" -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ]; then
echo "invalid sysupgrade file"
return 1
fi
fi
return 0
}

4
base-files/files/lib/upgrade/stage2
View File

@ -39,9 +39,9 @@ switch_to_ramfs() {
for binary in \
/bin/busybox /bin/ash /bin/sh /bin/mount /bin/umount \
pivot_root mount_root reboot sync kill sleep \
md5sum hexdump cat zcat dd tar \
md5sum hexdump cat zcat dd tar gzip \
ls basename find cp mv rm mkdir rmdir mknod touch chmod \
'[' printf wc grep awk sed cut tail \
'[' printf wc grep awk sed cut sort tail \
mtd partx losetup mkfs.ext4 nandwrite flash_erase \
ubiupdatevol ubiattach ubiblock ubiformat \
ubidetach ubirsvol ubirmvol ubimkvol \

27
base-files/files/sbin/wifi
View File

@ -6,7 +6,7 @@
usage() {
cat <<EOF
Usage: $0 [config|up|down|reconf|reload|status]
Usage: $0 [config|up|down|reconf|reload|status|isup]
enables (default), disables or configures devices not yet configured.
EOF
exit 1
@ -17,8 +17,24 @@ ubus_wifi_cmd() {
local dev="$2"
json_init
[ -n "$2" ] && json_add_string device "$2"
ubus call network.wireless "$1" "$(json_dump)"
[ -n "$dev" ] && json_add_string device "$dev"
ubus call network.wireless "$cmd" "$(json_dump)"
}
wifi_isup() {
local dev="$1"
json_load "$(ubus_wifi_cmd "status" "$dev")"
json_get_keys devices
for device in $devices; do
json_select "$device"
json_get_var up up
[ $up -eq 0 ] && return 1
json_select ..
done
return 0
}
find_net_config() {(
@ -128,14 +144,14 @@ wifi_updown() {
[ enable = "$1" ] && {
_wifi_updown disable "$2"
ubus_wifi_cmd "$cmd" "$2"
ubus call network reload
scan_wifi
cmd=up
ubus call network reload
}
[ reconf = "$1" ] && {
ubus call network reload
scan_wifi
cmd=reconf
ubus call network reload
}
ubus_wifi_cmd "$cmd" "$2"
_wifi_updown "$@"
@ -245,6 +261,7 @@ case "$1" in
detect) wifi_detect_notice ;;
config) wifi_config ;;
status) ubus_wifi_cmd "status" "$2";;
isup) wifi_isup "$2"; exit $?;;
reload) wifi_reload "$2";;
reload_legacy) wifi_reload_legacy "$2";;
--help|help) usage;;

9
base-files/image-config.in
View File

@ -5,6 +5,13 @@
# See /LICENSE for more information.
#
config TARGET_DEFAULT_LAN_IP_FROM_PREINIT
bool "Use preinit IP configuration as default LAN IP" if IMAGEOPT
default n
help
Enabling this will set the default LAN IP address and netmask
to the preinit values set in the image config.
menuconfig PREINITOPT
bool "Preinit configuration options" if IMAGEOPT
default n
@ -183,7 +190,7 @@ if VERSIONOPT
config VERSION_REPO
string
prompt "Release repository"
default "https://downloads.openwrt.org/releases/22.03-SNAPSHOT"
default "https://downloads.openwrt.org/releases/23.05-SNAPSHOT"
help
This is the repository address embedded in the image, it defaults
to the trunk snapshot repo; the url may contain the following placeholders:

59
btop/Makefile Normal file
View File

@ -0,0 +1,59 @@
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2022 ImmortalWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=btop
PKG_VERSION:=1.2.13
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://codeload.github.com/aristocratos/btop/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=668dc4782432564c35ad0d32748f972248cc5c5448c9009faeb3445282920e02
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_FLAGS:=no-lto
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
define Package/btop
SECTION:=admin
CATEGORY:=Administration
TITLE:=A monitor of resources
URL:=https://github.com/aristocratos/btop
DEPENDS:=+libstdcpp
endef
define Package/btop/description
Resource monitor that shows usage and stats for processor, memory,
disks, network and processes.
C++ version and continuation of bashtop and bpytop.
endef
MAKE_FLAGS+= \
PLATFORM=Linux \
OPTFLAGS="$(TARGET_CXXFLAGS)" \
LDCXXFLAGS="$(TARGET_LDFLAGS) -pthread"
ifneq ($(CONFIG_USE_MUSL),)
TARGET_CFLAGS += -D_LARGEFILE64_SOURCE
endif
define Package/btop/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/bin/btop $(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/share
$(CP) $(PKG_INSTALL_DIR)/usr/local/share/btop $(1)/usr/share/
$(INSTALL_DIR) $(1)/etc/profile.d
$(CP) $(CURDIR)/files/btop.sh $(1)/etc/profile.d/
endef
$(eval $(call BuildPackage,btop))

1
btop/files/btop.sh Normal file
View File

@ -0,0 +1 @@
alias btop="btop --utf-force"

3
btop/test.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
btop --version | grep "$PKG_VERSION"

10
coremark/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=coremark
PKG_SOURCE_DATE:=2022-01-03
PKG_SOURCE_VERSION:=b24e397f7103061b3673261d292a0667bd3bc1b8
PKG_SOURCE_DATE:=2023-01-25
PKG_SOURCE_VERSION:=d5fad6bd094899101a4e5fd53af7298160ced6ab
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/eembc/coremark/tar.gz/$(PKG_SOURCE_VERSION)?
PKG_HASH:=1b8c36b202f39b4f8a872ed7d5db1dc4473ee27f7bc2885a9da20e72925c58c3
PKG_HASH:=76f3b98fc940d277521023dc6e106551ef4a2180fa4c3da8cd5bf933aa494ef2
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
PKG_MAINTAINER:=Lim Guo Wei <limguowei@gmail.com> \
@ -22,7 +22,7 @@ PKG_MAINTAINER:=Lim Guo Wei <limguowei@gmail.com> \
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE.md
PKG_USE_MIPS16:=0
PKG_BUILD_FLAGS:=no-mips16 lto
include $(INCLUDE_DIR)/package.mk
@ -60,8 +60,6 @@ define Package/coremark/config
Number of threads to run in parallel
endef
TARGET_CFLAGS += -flto
ifeq ($(CONFIG_COREMARK_OPTIMIZE_O3),y)
TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
endif

44
cxxopts/Makefile Normal file
View File

@ -0,0 +1,44 @@
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2021 ImmortalWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=cxxopts
PKG_VERSION:=3.1.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/jarro2783/cxxopts/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=523175f792eb0ff04f9e653c90746c12655f10cb70f1d5e6d6d9491420298a08
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_BUILD_PARALLEL:=1
CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
CMAKE_OPTIONS+= \
-DCXXOPTS_ENABLE_INSTALL=ON \
-DCXXOPTS_BUILD_EXAMPLES=OFF \
-DCXXOPTS_BUILD_TESTS=OFF
define Package/cxxopts
SECTION:=lib
CATEGORY:=Libraries
URL:=https://github.com/jarro2783/cxxopts
TITLE:=Lightweight C++ command line option parser
DEPENDS:=+libc
BUILDONLY:=1
endef
define Package/cxxopts/description
This is a lightweight C++ option parser library, supporting the
standard GNU style syntax for options.
endef
$(eval $(call BuildPackage,cxxopts))

65
ddns-scripts/Makefile
View File

@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ddns-scripts
PKG_VERSION:=2.8.2
PKG_RELEASE:=25
PKG_RELEASE:=37
PKG_LICENSE:=GPL-2.0
@ -58,6 +58,16 @@ define Package/ddns-scripts-services/description
endef
define Package/ddns-scripts-luadns
$(call Package/ddns-scripts/Default)
TITLE:=Extension for LuaDNS API v1
DEPENDS:=ddns-scripts +curl
endef
define Package/ddns-scripts-luadns/description
Dynamic DNS Client scripts extension for LuaDNS API v1 (require curl)
endef
define Package/ddns-scripts-cloudflare
$(call Package/ddns-scripts/Default)
TITLE:=Extension for cloudflare.com API v4
@ -70,6 +80,17 @@ define Package/ddns-scripts-cloudflare/description
endef
define Package/ddns-scripts-gcp
$(call Package/ddns-scripts/Default)
TITLE:=Extension for Google Cloud DNS API v1
DEPENDS:=ddns-scripts +curl +openssl-util
endef
define Package/ddns-scripts-gcp/description
Dynamic DNS Client scripts extension for Google Cloud DNS API v1 (requires curl)
endef
define Package/ddns-scripts-freedns
$(call Package/ddns-scripts/Default)
TITLE:=Extension for freedns.42.pl
@ -322,7 +343,9 @@ define Package/ddns-scripts-services/install
$(1)/usr/share/ddns/default
# Remove special services
rm $(1)/usr/share/ddns/default/luadns.com-v1.json
rm $(1)/usr/share/ddns/default/cloudflare.com-v4.json
rm $(1)/usr/share/ddns/default/cloud.google.com-v1.json
rm $(1)/usr/share/ddns/default/freedns.42.pl.json
rm $(1)/usr/share/ddns/default/godaddy.com-v1.json
rm $(1)/usr/share/ddns/default/digitalocean.com-v2.json
@ -339,6 +362,25 @@ define Package/ddns-scripts-services/install
endef
define Package/ddns-scripts-luadns/install
$(INSTALL_DIR) $(1)/usr/lib/ddns
$(INSTALL_BIN) ./files/usr/lib/ddns/update_luadns_v1.sh \
$(1)/usr/lib/ddns
$(INSTALL_DIR) $(1)/usr/share/ddns/default
$(INSTALL_DATA) ./files/usr/share/ddns/default/luadns.com-v1.json \
$(1)/usr/share/ddns/default/
endef
define Package/ddns-scripts-luadns/prerm
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
/etc/init.d/ddns stop
fi
exit 0
endef
define Package/ddns-scripts-cloudflare/install
$(INSTALL_DIR) $(1)/usr/lib/ddns
$(INSTALL_BIN) ./files/usr/lib/ddns/update_cloudflare_com_v4.sh \
@ -358,6 +400,25 @@ exit 0
endef
define Package/ddns-scripts-gcp/install
$(INSTALL_DIR) $(1)/usr/lib/ddns
$(INSTALL_BIN) ./files/usr/lib/ddns/update_gcp_v1.sh \
$(1)/usr/lib/ddns
$(INSTALL_DIR) $(1)/usr/share/ddns/default
$(INSTALL_DATA) ./files/usr/share/ddns/default/cloud.google.com-v1.json \
$(1)/usr/share/ddns/default/
endef
define Package/ddns-scripts-gcp/prerm
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
/etc/init.d/ddns stop
fi
exit 0
endef
define Package/ddns-scripts-freedns/install
$(INSTALL_DIR) $(1)/usr/lib/ddns
$(INSTALL_BIN) ./files/usr/lib/ddns/update_freedns_42_pl.sh \
@ -607,7 +668,9 @@ endef
$(eval $(call BuildPackage,ddns-scripts))
$(eval $(call BuildPackage,ddns-scripts-services))
$(eval $(call BuildPackage,ddns-scripts-luadns))
$(eval $(call BuildPackage,ddns-scripts-cloudflare))
$(eval $(call BuildPackage,ddns-scripts-gcp))
$(eval $(call BuildPackage,ddns-scripts-freedns))
$(eval $(call BuildPackage,ddns-scripts-godaddy))
$(eval $(call BuildPackage,ddns-scripts-digitalocean))

71
ddns-scripts/files/usr/lib/ddns/dynamic_dns_functions.sh
View File

@ -28,6 +28,7 @@ else
fi
SECTION_ID="" # hold config's section name
VERBOSE=0 # default mode is log to console, but easily changed with parameter
DRY_RUN=0 # run without actually doing (sending) any changes
MYPROG=$(basename $0) # my program call name
LOGFILE="" # logfile - all files are set in dynamic_dns_updater.sh
@ -47,8 +48,8 @@ CURR_TIME=0 # holds the current uptime
NEXT_TIME=0 # calculated time for next FORCED update
EPOCH_TIME=0 # seconds since 1.1.1970 00:00:00
CURRENT_IP="" # holds the current IP read from the box
REGISTERED_IP="" # holds the IP read from DNS
LOCAL_IP="" # holds the local IP read from the box
URL_USER="" # url encoded $username from config file
URL_PASS="" # url encoded $password from config file
@ -57,7 +58,7 @@ URL_PENC="" # url encoded $param_enc from config file
UPD_ANSWER="" # Answer given by service on success
ERR_LAST=0 # used to save $? return code of program and function calls
ERR_UPDATE=0 # error counter on different local and registered ip
RETRY_COUNT=0 # error counter on different current and registered IPs
PID_SLEEP=0 # ProcessID of current background "sleep"
@ -627,11 +628,11 @@ verify_dns() {
return $__ERR
elif [ $__ERR -ne 0 ]; then
__CNT=$(( $__CNT + 1 )) # increment error counter
# if error count > retry_count leave here
[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
write_log 14 "Verify DNS server '$1' failed after $retry_count retries"
# if error count > retry_max_count leave here
[ $retry_max_count -gt 0 -a $__CNT -gt $retry_max_count ] && \
write_log 14 "Verify DNS server '$1' failed after $retry_max_count retries"
write_log 4 "Verify DNS server '$1' failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
write_log 4 "Verify DNS server '$1' failed - retry $__CNT/$retry_max_count in $RETRY_SECONDS seconds"
sleep $RETRY_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler
@ -687,11 +688,11 @@ verify_proxy() {
return $__ERR
elif [ $__ERR -gt 0 ]; then
__CNT=$(( $__CNT + 1 )) # increment error counter
# if error count > retry_count leave here
[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
write_log 14 "Verify Proxy server '$1' failed after $retry_count retries"
# if error count > retry_max_count leave here
[ $retry_max_count -gt 0 -a $__CNT -gt $retry_max_count ] && \
write_log 14 "Verify Proxy server '$1' failed after $retry_max_count retries"
write_log 4 "Verify Proxy server '$1' failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
write_log 4 "Verify Proxy server '$1' failed - retry $__CNT/$retry_max_count in $RETRY_SECONDS seconds"
sleep $RETRY_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler
@ -722,7 +723,7 @@ do_transfer() {
# set correct program to detect IP
[ $use_ipv6 -eq 0 ] && __RUNPROG="network_get_ipaddr" || __RUNPROG="network_get_ipaddr6"
eval "$__RUNPROG __BINDIP $bind_network" || \
write_log 13 "Can not detect local IP using '$__RUNPROG $bind_network' - Error: '$?'"
write_log 13 "Can not detect current IP using '$__RUNPROG $bind_network' - Error: '$?'"
write_log 7 "Force communication via IP '$__BINDIP'"
__PROG="$__PROG --bind-address=$__BINDIP"
fi
@ -867,11 +868,11 @@ do_transfer() {
}
__CNT=$(( $__CNT + 1 )) # increment error counter
# if error count > retry_count leave here
[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
write_log 14 "Transfer failed after $retry_count retries"
# if error count > retry_max_count leave here
[ $retry_max_count -gt 0 -a $__CNT -gt $retry_max_count ] && \
write_log 14 "Transfer failed after $retry_max_count retries"
write_log 4 "Transfer failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
write_log 4 "Transfer failed - retry $__CNT/$retry_max_count in $RETRY_SECONDS seconds"
sleep $RETRY_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler
@ -923,13 +924,13 @@ send_update() {
fi
}
get_local_ip () {
# $1 Name of Variable to store local IP (LOCAL_IP)
get_current_ip () {
# $1 Name of Variable to store current IP
local __CNT=0 # error counter
local __RUNPROG __DATA __URL __ERR
[ $# -ne 1 ] && write_log 12 "Error calling 'get_local_ip()' - wrong number of parameters"
write_log 7 "Detect local IP on '$ip_source'"
[ $# -ne 1 ] && write_log 12 "Error calling 'get_current_ip()' - wrong number of parameters"
write_log 7 "Detect current IP on '$ip_source'"
while : ; do
if [ -n "$ip_network" -a "$ip_source" = "network" ]; then
@ -938,8 +939,8 @@ get_local_ip () {
[ $use_ipv6 -eq 0 ] && __RUNPROG="network_get_ipaddr" \
|| __RUNPROG="network_get_ipaddr6"
eval "$__RUNPROG __DATA $ip_network" || \
write_log 13 "Can not detect local IP using $__RUNPROG '$ip_network' - Error: '$?'"
[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on network '$ip_network'"
write_log 13 "Can not detect current IP using $__RUNPROG '$ip_network' - Error: '$?'"
[ -n "$__DATA" ] && write_log 7 "Current IP '$__DATA' detected on network '$ip_network'"
elif [ -n "$ip_interface" -a "$ip_source" = "interface" ]; then
local __DATA4=""; local __DATA6=""
if [ -n "$(command -v ip)" ]; then # ip program installed
@ -1018,14 +1019,14 @@ get_local_ip () {
fi
fi
[ $use_ipv6 -eq 0 ] && __DATA="$__DATA4" || __DATA="$__DATA6"
[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on interface '$ip_interface'"
[ -n "$__DATA" ] && write_log 7 "Current IP '$__DATA' detected on interface '$ip_interface'"
elif [ -n "$ip_script" -a "$ip_source" = "script" ]; then
write_log 7 "#> $ip_script >$DATFILE 2>$ERRFILE"
eval $ip_script >$DATFILE 2>$ERRFILE
__ERR=$?
if [ $__ERR -eq 0 ]; then
__DATA=$(cat $DATFILE)
[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected via script '$ip_script'"
[ -n "$__DATA" ] && write_log 7 "Current IP '$__DATA' detected via script '$ip_script'"
else
write_log 3 "$ip_script Error: '$__ERR'"
write_log 7 "$(cat $ERRFILE)" # report error
@ -1036,9 +1037,9 @@ get_local_ip () {
[ $use_ipv6 -eq 0 ] \
&& __DATA=$(grep -m 1 -o "$IPV4_REGEX" $DATFILE) \
|| __DATA=$(grep -m 1 -o "$IPV6_REGEX" $DATFILE)
[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on web at '$ip_url'"
[ -n "$__DATA" ] && write_log 7 "Current IP '$__DATA' detected on web at '$ip_url'"
else
write_log 12 "Error in 'get_local_ip()' - unhandled ip_source '$ip_source'"
write_log 12 "Error in 'get_current_ip()' - unhandled ip_source '$ip_source'"
fi
# valid data found return here
[ -n "$__DATA" ] && {
@ -1053,22 +1054,22 @@ get_local_ip () {
[ $VERBOSE -gt 1 ] && {
# VERBOSE > 1 then NO retry
write_log 4 "Get local IP via '$ip_source' failed - Verbose Mode: $VERBOSE - NO retry on error"
write_log 4 "Get current IP via '$ip_source' failed - Verbose Mode: $VERBOSE - NO retry on error"
return 1
}
__CNT=$(( $__CNT + 1 )) # increment error counter
# if error count > retry_count leave here
[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
write_log 14 "Get local IP via '$ip_source' failed after $retry_count retries"
write_log 4 "Get local IP via '$ip_source' failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
# if error count > retry_max_count leave here
[ $retry_max_count -gt 0 -a $__CNT -gt $retry_max_count ] && \
write_log 14 "Get current IP via '$ip_source' failed after $retry_max_count retries"
write_log 4 "Get current IP via '$ip_source' failed - retry $__CNT/$retry_max_count in $RETRY_SECONDS seconds"
sleep $RETRY_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler
PID_SLEEP=0
done
# we should never come here there must be a programming error
write_log 12 "Error in 'get_local_ip()' - program coding error"
write_log 12 "Error in 'get_current_ip()' - program coding error"
}
get_registered_ip() {
@ -1200,11 +1201,11 @@ get_registered_ip() {
}
__CNT=$(( $__CNT + 1 )) # increment error counter
# if error count > retry_count leave here
[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
write_log 14 "Get registered/public IP for '$lookup_host' failed after $retry_count retries"
# if error count > retry_max_count leave here
[ $retry_max_count -gt 0 -a $__CNT -gt $retry_max_count ] && \
write_log 14 "Get registered/public IP for '$lookup_host' failed after $retry_max_count retries"
write_log 4 "Get registered/public IP for '$lookup_host' failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
write_log 4 "Get registered/public IP for '$lookup_host' failed - retry $__CNT/$retry_max_count in $RETRY_SECONDS seconds"
sleep $RETRY_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler

8
ddns-scripts/files/usr/lib/ddns/dynamic_dns_lucihelper.sh
View File

@ -137,11 +137,11 @@ case "$1" in
if [ "$ip_source" = "web" -o "$ip_source" = "script" ]; then
# we wait only 3 seconds for an
# answer from "web" or "script"
write_log 7 "-----> timeout 3 -- get_local_ip IP"
timeout 3 -- get_local_ip IP
write_log 7 "-----> timeout 3 -- get_current_ip IP"
timeout 3 -- get_current_ip IP
else
write_log 7 "-----> get_local_ip IP"
get_local_ip IP
write_log 7 "-----> get_current_ip IP"
get_current_ip IP
fi
__RET=$?
;;

77
ddns-scripts/files/usr/lib/ddns/dynamic_dns_updater.sh
View File

@ -37,9 +37,7 @@ Parameters:
'1' output to console
'2' output to console AND logfile
+ run once WITHOUT retry on error
'3' output to console AND logfile
+ run once WITHOUT retry on error
+ NOT sending update to DDNS service
-d dry run (don't send any changes)
EOF
}
@ -50,10 +48,11 @@ usage_err() {
exit 1
}
while getopts ":hv:n:S:V" OPT; do
while getopts ":hv:dn:S:V" OPT; do
case "$OPT" in
h) usage; exit 0;;
v) VERBOSE=$OPTARG;;
d) DRY_RUN=1;;
n) NETWORK=$OPTARG;;
S) SECTION_ID=$OPTARG;;
V) printf %s\\n "ddns-scripts $VERSION"; exit 0;;
@ -108,6 +107,8 @@ LOGFILE="$ddns_logdir/$SECTION_ID.log" # log file
# only with this data of this run for easier diagnostic
# new one created by write_log function
[ $VERBOSE -gt 1 -a -f $LOGFILE ] && rm -f $LOGFILE
# Previously -v 3 could we used for dry run
[ $VERBOSE -ge 3 ] && DRY_RUN=1
# TRAP handler
trap "trap_handler 0 \$?" 0 # handle script exit with exit status
@ -145,10 +146,10 @@ trap "trap_handler 15" 15 # SIGTERM Termination
#
# use_syslog log activity to syslog
#
# ip_source source to detect current local IP ('network' or 'web' or 'script' or 'interface')
# ip_source source to detect current IP ('network' or 'web' or 'script' or 'interface')
# ip_network local defined network to read IP from i.e. 'wan' or 'wan6'
# ip_url URL to read local address from i.e. http://checkip.dyndns.com/ or http://checkipv6.dyndns.com/
# ip_script full path and name of your script to detect local IP
# ip_url URL to read current IP from i.e. http://checkip.dyndns.com/ or http://checkipv6.dyndns.com/
# ip_script full path and name of your script to detect current IP
# ip_interface physical interface to use for detecting
#
# check_interval check for changes every !!! checks below 10 minutes make no sense because the Internet
@ -159,13 +160,13 @@ trap "trap_handler 15" 15 # SIGTERM Termination
#
# retry_interval if error was detected retry in
# retry_unit 'days' 'hours' 'minutes' 'seconds'
# retry_count number of retries before scripts stops
# retry_max_count number of retries before scripts stops
#
# use_ipv6 detecting/sending IPv6 address
# force_ipversion force usage of IPv4 or IPv6 for the whole detection and update communication
# dns_server using a non default dns server to get Registered IP from Internet
# force_dnstcp force communication with DNS server via TCP instead of default UDP
# proxy using a proxy for communication !!! ALSO used to detect local IP via web => return proxy's IP !!!
# proxy using a proxy for communication !!! ALSO used to detect current IP via web => return proxy's IP !!!
# use_logfile self-explanatory "/var/log/ddns/$SECTION_ID.log"
# is_glue the record that should be updated is a glue record
#
@ -180,7 +181,7 @@ ERR_LAST=$? # save return code - equal 0 if SECTION_ID found
# set defaults if not defined
[ -z "$enabled" ] && enabled=0
[ -z "$retry_count" ] && retry_count=0 # endless retry
[ -z "$retry_max_count" ] && retry_max_count=0 # endless retry
[ -z "$use_syslog" ] && use_syslog=2 # syslog "Notice"
[ -z "$use_https" ] && use_https=0 # not use https
[ -z "$use_logfile" ] && use_logfile=1 # use logfile by default
@ -222,9 +223,9 @@ case $VERBOSE in
0) write_log 7 "verbose mode : 0 - run normal, NO console output";;
1) write_log 7 "verbose mode : 1 - run normal, console mode";;
2) write_log 7 "verbose mode : 2 - run once, NO retry on error";;
3) write_log 7 "verbose mode : 3 - run once, NO retry on error, NOT sending update";;
*) write_log 14 "error detecting VERBOSE '$VERBOSE'";;
esac
[ $DRY_RUN -ge 1 ] && write_log 7 "Dry Run: NOT sending update"
# check enabled state otherwise we don't need to continue
[ $enabled -eq 0 ] && write_log 14 "Service section disabled!"
@ -280,8 +281,8 @@ esac
# verify ip_source 'script' if script is configured and executable
if [ "$ip_source" = "script" ]; then
set -- $ip_script #handling script with parameters, we need a trick
[ -z "$1" ] && write_log 14 "No script defined to detect local IP!"
[ -x "$1" ] || write_log 14 "Script to detect local IP not executable!"
[ -z "$1" ] && write_log 14 "No script defined to detect current IP!"
[ -x "$1" ] || write_log 14 "Script to detect current IP not executable!"
fi
# compute update interval in seconds
@ -293,7 +294,7 @@ get_seconds RETRY_SECONDS ${retry_interval:-60} ${retry_unit:-"seconds"} # defau
write_log 7 "check interval: $CHECK_SECONDS seconds"
write_log 7 "force interval: $FORCE_SECONDS seconds"
write_log 7 "retry interval: $RETRY_SECONDS seconds"
write_log 7 "retry counter : $retry_count times"
write_log 7 "retry max count : $retry_max_count times"
# kill old process if it exists & set new pid file
stop_section_processes "$SECTION_ID"
@ -347,8 +348,8 @@ ERR_LAST=$?
write_log 6 "Starting main loop at $(eval $DATE_PROG)"
while : ; do
get_local_ip LOCAL_IP # read local IP
[ $use_ipv6 -eq 1 ] && expand_ipv6 "$LOCAL_IP" LOCAL_IP # on IPv6 we use expanded version
get_current_ip CURRENT_IP # read current IP
[ $use_ipv6 -eq 1 ] && expand_ipv6 "$CURRENT_IP" CURRENT_IP # on IPv6 we use expanded version
# prepare update
# never updated or forced immediate then NEXT_TIME = 0
@ -358,24 +359,23 @@ while : ; do
get_uptime CURR_TIME # get current uptime
# send update when current time > next time or local ip different from registered ip
if [ $CURR_TIME -ge $NEXT_TIME -o "$LOCAL_IP" != "$REGISTERED_IP" ]; then
if [ $VERBOSE -gt 2 ]; then
write_log 7 "Verbose Mode: $VERBOSE - NO UPDATE send"
elif [ "$LOCAL_IP" != "$REGISTERED_IP" ]; then
write_log 7 "Update needed - L: '$LOCAL_IP' <> R: '$REGISTERED_IP'"
# send update when current time > next time or current ip different from registered ip
if [ $CURR_TIME -ge $NEXT_TIME -o "$CURRENT_IP" != "$REGISTERED_IP" ]; then
if [ $DRY_RUN -ge 1 ]; then
write_log 7 "Dry Run: NO UPDATE send"
elif [ "$CURRENT_IP" != "$REGISTERED_IP" ]; then
write_log 7 "Update needed - L: '$CURRENT_IP' <> R: '$REGISTERED_IP'"
else
write_log 7 "Forced Update - L: '$LOCAL_IP' == R: '$REGISTERED_IP'"
write_log 7 "Forced Update - L: '$CURRENT_IP' == R: '$REGISTERED_IP'"
fi
ERR_LAST=0
[ $VERBOSE -lt 3 ] && {
# only send if VERBOSE < 3
send_update "$LOCAL_IP"
[ $DRY_RUN -eq 0 ] && {
send_update "$CURRENT_IP"
ERR_LAST=$? # save return value
}
# error sending local IP to provider
# error sending current IP to provider
# we have no communication error (handled inside send_update/do_transfer)
# but update was not recognized
# do NOT retry after RETRY_SECONDS, do retry after CHECK_SECONDS
@ -384,9 +384,9 @@ while : ; do
if [ $ERR_LAST -eq 0 ]; then
get_uptime LAST_TIME # we send update, so
echo $LAST_TIME > $UPDFILE # save LASTTIME to file
[ "$LOCAL_IP" != "$REGISTERED_IP" ] \
&& write_log 6 "Update successful - IP '$LOCAL_IP' send" \
|| write_log 6 "Forced update successful - IP: '$LOCAL_IP' send"
[ "$CURRENT_IP" != "$REGISTERED_IP" ] \
&& write_log 6 "Update successful - IP '$CURRENT_IP' send" \
|| write_log 6 "Forced update successful - IP: '$CURRENT_IP' send"
elif [ $ERR_LAST -eq 127 ]; then
write_log 3 "No update send to DDNS Provider"
else
@ -395,26 +395,25 @@ while : ; do
fi
# now we wait for check interval before testing if update was recognized
# only sleep if VERBOSE <= 2 because otherwise nothing was send
[ $VERBOSE -le 2 ] && {
[ $DRY_RUN -eq 0 ] && {
write_log 7 "Waiting $CHECK_SECONDS seconds (Check Interval)"
sleep $CHECK_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler
PID_SLEEP=0
} || write_log 7 "Verbose Mode: $VERBOSE - NO Check Interval waiting"
} || write_log 7 "Dry Run: NO Check Interval waiting"
REGISTERED_IP="" # clear variable
get_registered_ip REGISTERED_IP # get registered/public IP
[ $use_ipv6 -eq 1 ] && expand_ipv6 "$REGISTERED_IP" REGISTERED_IP # on IPv6 we use expanded version
# IP's are still different
if [ "$LOCAL_IP" != "$REGISTERED_IP" ]; then
if [ "$CURRENT_IP" != "$REGISTERED_IP" ]; then
if [ $VERBOSE -le 1 ]; then # VERBOSE <=1 then retry
ERR_UPDATE=$(( $ERR_UPDATE + 1 ))
[ $retry_count -gt 0 -a $ERR_UPDATE -gt $retry_count ] && \
write_log 14 "Updating IP at DDNS provider failed after $retry_count retries"
write_log 4 "Updating IP at DDNS provider failed - starting retry $ERR_UPDATE/$retry_count"
RETRY_COUNT=$(( $RETRY_COUNT + 1 ))
[ $retry_max_count -gt 0 -a $RETRY_COUNT -gt $retry_max_count ] && \
write_log 14 "Updating IP at DDNS provider failed after $retry_max_count retries"
write_log 4 "Updating IP at DDNS provider failed - starting retry $RETRY_COUNT/$retry_max_count"
continue # loop to beginning
else
write_log 4 "Updating IP at DDNS provider failed"
@ -422,7 +421,7 @@ while : ; do
fi
else
# we checked successful the last update
ERR_UPDATE=0 # reset error counter
RETRY_COUNT=0 # reset error counter
fi
# force_update=0 or VERBOSE > 1 - leave here

13
ddns-scripts/files/usr/lib/ddns/update_gandi_net.sh
View File

@ -20,14 +20,23 @@ json_add_array rrset_values
json_add_string "" "$__IP"
json_close_array
# Log the curl command
write_log 7 "curl -s -X PUT \"$__ENDPOINT/domains/$domain/records/$username/$__RRTYPE\" \
-H \"Authorization: Apikey $password\" \
-H \"Content-Type: application/json\" \
-d \"$(json_dump)\" \
--connect-timeout 30"
__STATUS=$(curl -s -X PUT "$__ENDPOINT/domains/$domain/records/$username/$__RRTYPE" \
-H "Authorization: Apikey $password" \
-H "Content-Type: application/json" \
-d "$(json_dump)" \
--connect-timeout 30 \
-w "%{http_code}\n" -o $DATFILE 2>$ERRFILE)
if [ $? -ne 0 ]; then
write_log 14 "Curl failed: $(cat $ERRFILE)"
local __ERRNO=$?
if [ $__ERRNO -ne 0 ]; then
write_log 14 "Curl failed with $__ERRNO: $(cat $ERRFILE)"
return 1
elif [ -z $__STATUS ] || [ $__STATUS != 201 ]; then
write_log 14 "LiveDNS failed: $__STATUS \ngandi.net answered: $(cat $DATFILE)"

272
ddns-scripts/files/usr/lib/ddns/update_gcp_v1.sh Executable file
View File

@ -0,0 +1,272 @@
#!/bin/sh
#
#.Distributed under the terms of the GNU General Public License (GPL) version 2.0
#.2022 Chris Barrick <chrisbarrick@google.com>
#
# This script sends DDNS updates using the Google Cloud DNS REST API.
# See: https://cloud.google.com/dns/docs/reference/v1
#
# This script uses a GCP service account. The user is responsible for creating
# the service account, ensuring it has permission to update DNS records, and
# for generating a service account key to be used by this script. The records
# to be updated must already exist.
#
# Arguments:
#
# - $username: The service account name.
# Example: ddns-service-account@my-dns-project.iam.gserviceaccount.com
#
# - $password: The service account key. You can paste the key directly into the
# "password" field or upload the key file to the router and set the field
# equal to the file path. This script supports JSON keys or the raw private
# key as a PEM file. P12 keys are not supported. File names must end with
# `*.json` or `*.pem`.
#
# - $domain: The domain to update.
#
# - $param_enc: The additional required arguments, as form-urlencoded data,
# i.e. `key1=value1&key2=value2&...`. The required arguments are:
# - project: The name of the GCP project that owns the DNS records.
# - zone: The DNS zone in the GCP API.
# - Example: `project=my-dns-project&zone=my-dns-zone`
#
# - $param_opt: Optional TTL for the records, in seconds. Defaults to 3600 (1h).
#
# Dependencies:
# - ddns-scripts (for the base functionality)
# - openssl-util (for the authentication flow)
# - curl (for the GCP REST API)
. /usr/share/libubox/jshn.sh
# Authentication
# ---------------------------------------------------------------------------
# The authentication flow works like this:
#
# 1. Construct a JWT claim for access to the DNS readwrite scope.
# 2. Sign the JWT with the service accout key, proving we have access.
# 3. Exchange the JWT for an access token, valid for 5m.
# 4. Use the access token for API calls.
#
# See https://developers.google.com/identity/protocols/oauth2/service-account
# A URL-safe variant of base64 encoding, used by JWTs.
base64_urlencode() {
openssl base64 | tr '/+' '_-' | tr -d '=\n'
}
# Prints the service account private key in PEM format.
get_service_account_key() {
# The "password" field provides us with the service account key.
# We allow the user to provide it to us in a few different formats.
#
# 1. If $password is a string ending in `*.json`, it is a file path,
# pointing to a JSON service account key as downloaded from GCP.
#
# 2. If $password is a string ending with `*.pem`, it is a PEM private
# key, extracted from the JSON service account key.
#
# 3. If $password starts with `{`, then the JSON service account key
# was pasted directly into the password field.
#
# 4. If $password starts with `---`, then the PEM private key was pasted
# directly into the password field.
#
# We do not support P12 service account keys.
case "${password}" in
(*".json")
jsonfilter -i "${password}" -e @.private_key
;;
(*".pem")
cat "${password}"
;;
("{"*)
jsonfilter -s "${password}" -e @.private_key
;;
("---"*)
printf "%s" "${password}"
;;
(*)
write_log 14 "Could not parse the service account key."
;;
esac
}
# Sign stdin using the service account key. Prints the signature.
# The input is the JWT header-payload. Used to construct a signed JWT.
sign() {
# Dump the private key to a tmp file so openssl can get to it.
local tmp_keyfile="$(mktemp -t gcp_dns_sak.pem.XXXXXX)"
chmod 600 ${tmp_keyfile}
get_service_account_key > ${tmp_keyfile}
openssl dgst -binary -sha256 -sign ${tmp_keyfile}
rm ${tmp_keyfile}
}
# Print the JWT header in JSON format.
# Currently, Google only supports RS256.
jwt_header() {
json_init
json_add_string "alg" "RS256"
json_add_string "typ" "JWT"
json_dump
}
# Prints the JWT claim-set in JSON format.
# The claim is for 5m of readwrite access to the Cloud DNS API.
jwt_claim_set() {
local iat=$(date -u +%s) # Current UNIX time, UTC.
local exp=$(( iat + 300 )) # Expiration is 5m in the future.
json_init
json_add_string "iss" "${username}"
json_add_string "scope" "https://www.googleapis.com/auth/ndev.clouddns.readwrite"
json_add_string "aud" "https://oauth2.googleapis.com/token"
json_add_string "iat" "${iat}"
json_add_string "exp" "${exp}"
json_dump
}
# Generate a JWT signed by the service account key, which can be exchanged for
# a Google Cloud access token, authorized for Cloud DNS.
get_jwt() {
local header=$(jwt_header | base64_urlencode)
local payload=$(jwt_claim_set | base64_urlencode)
local header_payload="${header}.${payload}"
local signature=$(printf "%s" ${header_payload} | sign | base64_urlencode)
echo "${header_payload}.${signature}"
}
# Request an access token for the Google Cloud service account.
get_access_token_raw() {
local grant_type="urn:ietf:params:oauth:grant-type:jwt-bearer"
local assertion=$(get_jwt)
${CURL} -v https://oauth2.googleapis.com/token \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' \
--data-urlencode "assertion=${assertion}" \
| jsonfilter -e @.access_token
}
# Get the access token, stripping the trailing dots.
get_access_token() {
# Since tokens may contain internal dots, we only trim the suffix if it
# starts with at least 8 dots. (The access token has *many* trailing dots.)
local access_token="$(get_access_token_raw)"
echo "${access_token%%........*}"
}
# Google Cloud DNS API
# ---------------------------------------------------------------------------
# Cloud DNS offers a straight forward RESTful API.
#
# - The main class is a ResourceRecordSet. It's a collection of DNS records
# that share the same domain, type, TTL, etc. Within a record set, the only
# difference between the records are their values.
#
# - The record sets live under a ManagedZone, which in turn lives under a
# Project. All we need to know about these are their names.
#
# - This implementation only makes PATCH requests to update existing record
# sets. The user must have already created at least one A or AAAA record for
# the domain they are updating. It's fine to start with a dummy, like 0.0.0.0.
#
# - The API requires SSL, and this implementation uses curl.
# Prints a ResourceRecordSet in JSON format.
format_record_set() {
local domain="$1"
local record_type="$2"
local ttl="$3"
shift 3 # The remaining arguments are the IP addresses for this record set.
json_init
json_add_string "kind" "dns#resourceRecordSet"
json_add_string "name" "${domain}." # trailing dot on the domain
json_add_string "type" "${record_type}"
json_add_string "ttl" "${ttl}"
json_add_array "rrdatas"
for value in $@; do
json_add_string "" "${value}"
done
json_close_array
json_dump
}
# Makes an HTTP PATCH request to the Cloud DNS API.
patch_record_set() {
local access_token="$1"
local project="$2"
local zone="$3"
local domain="$4"
local record_type="$5"
local ttl="$6"
shift 6 # The remaining arguments are the IP addresses for this record set.
# Note the trailing dot after the domain name. It's fully qualified.
local url="https://dns.googleapis.com/dns/v1/projects/${project}/managedZones/${zone}/rrsets/${domain}./${record_type}"
local record_set=$(format_record_set ${domain} ${record_type} ${ttl} $@)
${CURL} -v ${url} \
-X PATCH \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${access_token}" \
-d "${record_set}"
}
# Main entrypoint
# ---------------------------------------------------------------------------
# Parse the $param_enc into project and zone variables.
# The arguments are the names for those variables.
parse_project_zone() {
local project_var=$1
local zone_var=$2
IFS='&'
for entry in $param_enc
do
case "${entry}" in
('project='*)
local project_val=$(echo "${entry}" | cut -d'=' -f2)
eval "${project_var}=${project_val}"
;;
('zone='*)
local zone_val=$(echo "${entry}" | cut -d'=' -f2)
eval "${zone_var}=${zone_val}"
;;
esac
done
unset IFS
}
main() {
local access_token project zone ttl record_type
# Dependency checking
[ -z "${CURL_SSL}" ] && write_log 14 "Google Cloud DNS requires cURL with SSL support"
[ -z "$(openssl version)" ] && write_log 14 "Google Cloud DNS update requires openssl-utils"
# Argument parsing
[ -z ${param_opt} ] && ttl=3600 || ttl="${param_opt}"
[ $use_ipv6 -ne 0 ] && record_type="AAAA" || record_type="A"
parse_project_zone project zone
# Sanity checks
[ -z "${username}" ] && write_log 14 "Config is missing 'username' (service account name)"
[ -z "${password}" ] && write_log 14 "Config is missing 'password' (service account key)"
[ -z "${domain}" ] && write_log 14 "Config is missing 'domain'"
[ -z "${project}" ] && write_log 14 "Could not parse project name from 'param_enc'"
[ -z "${zone}" ] && write_log 14 "Could not parse zone name from 'param_enc'"
[ -z "${ttl}" ] && write_log 14 "Could not parse TTL from 'param_opt'"
[ -z "${record_type}" ] && write_log 14 "Could not determine the record type"
# Push the record!
access_token="$(get_access_token)"
patch_record_set "${access_token}" "${project}" "${zone}" "${domain}" "${record_type}" "${ttl}" "${__IP}"
}
main $@

191
ddns-scripts/files/usr/lib/ddns/update_luadns_v1.sh Normal file
View File

@ -0,0 +1,191 @@
#!/bin/sh
#
#.Distributed under the terms of the GNU General Public License (GPL) version 2.0
#.2023 Jihoon Han <rapid_renard@renard.ga>
#
#.based on Christian Schoenebeck's update_cloudflare_com_v4.sh
#.and on Neilpang's acme.sh found at https://github.com/acmesh-official/acme.sh
#
# Script for sending DDNS updates using the LuaDNS API
# See: https://luadns.com/api
#
# using following options from /etc/config/ddns
# option username - "Emaii" as registered on LuaDNS
# option password - "API Key" as generated at https://api.luadns.com/api_keys
# option domain - The domain to update (e.g. my.example.com)
#
# check parameters
[ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "LuaDNS API require cURL with SSL support. Please install"
[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing e-mail as 'Username'"
[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing personal API key as 'Password'"
[ $use_https -eq 0 ] && use_https=1 # force HTTPS
# used variables
local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID
local __URLBASE="https://api.luadns.com/v1"
local __TTL=300
# set record type
[ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
# transfer function to use for LuaDNS
# all needed variables are set global here
# so we can use them directly
luadns_transfer() {
local __CNT=0
local __STATUS __ERR
while : ; do
write_log 7 "#> $__RUNPROG"
__STATUS=$(eval "$__RUNPROG")
__ERR=$? # save communication error
[ $__ERR -eq 0 ] && break # no error break while
write_log 3 "cURL Error: '$__ERR'"
write_log 7 "$(cat $ERRFILE)" # report error
[ $VERBOSE_MODE -gt 1 ] && {
# VERBOSE_MODE > 1 then NO retry
write_log 4 "Transfer failed - Verbose Mode: $VERBOSE_MODE - NO retry on error"
break
}
__CNT=$(( $__CNT + 1 )) # increment error counter
# if error count > retry_count leave here
[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
write_log 14 "Transfer failed after $retry_count retries"
write_log 4 "Transfer failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
sleep $RETRY_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler
PID_SLEEP=0
done
# handle HTTP error
[ $__STATUS -ne 200 ] && {
write_log 4 "LuaDNS reported an error:"
write_log 7 "$(cat $DATFILE)"
return 1
}
return 0
}
# Build base command to use
__PRGBASE="$CURL -RsS -w '%{http_code}' -o $DATFILE --stderr $ERRFILE"
# force network/interface-device to use for communication
if [ -n "$bind_network" ]; then
local __DEVICE
network_get_physdev __DEVICE $bind_network || \
write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
write_log 7 "Force communication via device '$__DEVICE'"
__PRGBASE="$__PRGBASE --interface $__DEVICE"
fi
# force ip version to use
if [ $force_ipversion -eq 1 ]; then
[ $use_ipv6 -eq 0 ] && __PRGBASE="$__PRGBASE -4" || __PRGBASE="$__PRGBASE -6" # force IPv4/IPv6
fi
# set certificate parameters
if [ "$cacert" = "IGNORE" ]; then # idea from Ticket #15327 to ignore server cert
__PRGBASE="$__PRGBASE --insecure" # but not empty better to use "IGNORE"
elif [ -f "$cacert" ]; then
__PRGBASE="$__PRGBASE --cacert $cacert"
elif [ -d "$cacert" ]; then
__PRGBASE="$__PRGBASE --capath $cacert"
elif [ -n "$cacert" ]; then # it's not a file and not a directory but given
write_log 14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
fi
# disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
# or check if libcurl compiled with proxy support
if [ -z "$proxy" ]; then
__PRGBASE="$__PRGBASE --noproxy '*'"
elif [ -z "$CURL_PROXY" ]; then
# if libcurl has no proxy support and proxy should be used then force ERROR
write_log 13 "cURL: libcurl compiled without Proxy support"
fi
# set headers
__PRGBASE="$__PRGBASE --user '$username:$password' "
__PRGBASE="$__PRGBASE --header 'Accept: application/json' "
if [ -n "$zone_id" ]; then
__ZONEID="$zone_id"
else
# read zone id for registered domain.TLD
__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones'"
luadns_transfer || return 1
# extract zone id
i=1
while : ; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100 -s)
[ -z "$h" ] && {
write_log 4 "Could not detect 'Zone ID' for the domain provided: '$domain'"
return 127
}
__ZONEID=$(grep -o -e "\"id\":[^,]*,\"name\":\"$h\"" $DATFILE | cut -d : -f 2 | cut -d , -f 1)
[ -n "$__ZONEID" ] && {
# LuaDNS API needs:
# __DOMAIN = the base domain i.e. example.com
# __HOST = the FQDN of record to modify
# i.e. example.com for the "domain record" or host.sub.example.com for "host record"
__HOST="$domain"
__DOMAIN="$h"
write_log 7 "Domain : '$__DOMAIN'"
write_log 7 "Zone ID : '$__ZONEID'"
write_log 7 "Host : '$__HOST'"
break
}
i=$(expr "$i" + 1)
done
fi
# read record id for A or AAAA record of host.domain.TLD
__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/records'"
luadns_transfer || return 1
# extract record id
__RECID=$(grep -o -e "\"id\":[^,]*,\"name\":\"$__HOST.\",\"type\":\"$__TYPE\"" $DATFILE | head -n 1 | cut -d : -f 2 | cut -d , -f 1)
[ -z "$__RECID" ] && {
write_log 4 "Could not detect 'Record ID' for the domain provided: '$__HOST'"
return 127
}
write_log 7 "Record ID : '$__RECID'"
# extract current stored IP
__DATA=$(grep -o -e "\"id\":$__RECID,\"name\":\"$__HOST.\",\"type\":\"$__TYPE\",\"content\":[^,]*" $DATFILE | grep -o '[^"]*' | tail -n 1)
# check data
[ $use_ipv6 -eq 0 ] \
&& __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV4_REGEX") \
|| __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV6_REGEX")
# we got data so verify
[ -n "$__DATA" ] && {
# expand IPv6 for compare
if [ $use_ipv6 -eq 1 ]; then
expand_ipv6 $__IP __IPV6
expand_ipv6 $__DATA __DATA
[ "$__DATA" = "$__IPV6" ] && { # IPv6 no update needed
write_log 7 "IPv6 at LuaDNS already up to date"
return 0
}
else
[ "$__DATA" = "$__IP" ] && { # IPv4 no update needed
write_log 7 "IPv4 at LuaDNS already up to date"
return 0
}
fi
}
# update is needed
# let's build data to send
# use file to work around " needed for json
cat > $DATFILE << EOF
{"name":"$__HOST.","type":"$__TYPE","content":"$__IP","ttl":$__TTL}
EOF
# let's complete transfer command
__RUNPROG="$__PRGBASE --request PUT --data @$DATFILE '$__URLBASE/zones/$__ZONEID/records/$__RECID'"
luadns_transfer || return 1
return 0

13
ddns-scripts/files/usr/lib/ddns/update_pdns.sh
View File

@ -5,6 +5,7 @@
local __TTL=600
local __RRTYPE
local __STATUS
local __RNAME
[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing subdomain as 'username'"
[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing API Key as 'password'"
@ -16,11 +17,21 @@ local __ENDPOINT="$param_opt/api/v1/servers/localhost/zones"
[ $use_ipv6 -ne 0 ] && __RRTYPE="AAAA" || __RRTYPE="A"
# Make sure domain is period terminated
if [ ${domain: -1} != '.' ]; then
domain="${domain}."
fi
if [ $username == '@' ]; then
__RNAME="$domain"
else
__RNAME="$username.$domain"
fi
# Build JSON payload
json_init
json_add_array rrsets
json_add_object
json_add_string name "$username.$domain"
json_add_string name "$__RNAME"
json_add_string type "$__RRTYPE"
json_add_int ttl $__TTL
json_add_string changetype "REPLACE"

6
ddns-scripts/files/usr/share/ddns/default/able.or.kr.json
View File

@ -1,6 +0,0 @@
{
"name": "able.or.kr",
"ipv4": {
"url": "http://able.or.kr/ddns/src/update.php?hostname=[DOMAIN]&myip=[IP]&ddnsuser=[USERNAME]&pwd=[PASSWORD]"
}
}

10
ddns-scripts/files/usr/share/ddns/default/cloud.google.com-v1.json Normal file
View File

@ -0,0 +1,10 @@
{
"name": "cloud.google.com-v1",
"ipv4": {
"url": "update_gcp_v1.sh"
},
"ipv6": {
"url": "update_gcp_v1.sh"
}
}

6
ddns-scripts/files/usr/share/ddns/default/dtdns.com.json
View File

@ -1,6 +0,0 @@
{
"name": "dtdns.com",
"ipv4": {
"url": "http://www.dtdns.com/api/autodns.cfm?id=[DOMAIN]&pw=[PASSWORD]&ip=[IP]"
}
}

6
ddns-scripts/files/usr/share/ddns/default/dyndnss.net.json
View File

@ -1,6 +0,0 @@
{
"name": "dyndnss.net",
"ipv4": {
"url": "http://www.dyndnss.net/?user=[USERNAME]&pass=[PASSWORD]&domain=[DOMAIN]&updater=other"
}
}

6
ddns-scripts/files/usr/share/ddns/default/dynsip.org.json
View File

@ -1,6 +0,0 @@
{
"name": "dynsip.org",
"ipv4": {
"url": "http://[USERNAME]:[PASSWORD]@dynsip.org/nic/update?hostname=[DOMAIN]&myip=[IP]"
}
}

4
ddns-scripts/files/usr/share/ddns/default/easydns.com.json
View File

@ -3,5 +3,9 @@
"ipv4": {
"url": "http://[USERNAME]:[PASSWORD]@api.cp.easydns.com/dyn/generic.php?hostname=[DOMAIN]&myip=[IP]",
"answer": "OK|NOERROR"
},
"ipv6": {
"url": "http://[USERNAME]:[PASSWORD]@api.cp.easydns.com/dyn/generic.php?hostname=[DOMAIN]&myip=[IP]",
"answer": "OK|NOERROR"
}
}

6
ddns-scripts/files/usr/share/ddns/default/editdns.net.json
View File

@ -1,6 +0,0 @@
{
"name": "editdns.net",
"ipv4": {
"url": "http://dyndns-free.editdns.net/api/dynLinux.php?p=[PASSWORD]&r=[DOMAIN]"
}
}

11
ddns-scripts/files/usr/share/ddns/default/hosting.de.json Normal file
View File

@ -0,0 +1,11 @@
{
"name": "hosting.de",
"ipv4": {
"url": "https://[USERNAME]:[PASSWORD]@ddns.hosting.de/nic/update?hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
},
"ipv6": {
"url": "https://[USERNAME]:[PASSWORD]@ddns.hosting.de/nic/update?hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
}
}

9
ddns-scripts/files/usr/share/ddns/default/luadns.com-v1.json Normal file
View File

@ -0,0 +1,9 @@
{
"name": "luadns.com-v1",
"ipv4": {
"url": "update_luadns_v1.sh"
},
"ipv6": {
"url": "update_luadns_v1.sh"
}
}

7
ddns-scripts/files/usr/share/ddns/default/myip.co.ua.json
View File

@ -1,7 +0,0 @@
{
"name": "myip.co.ua",
"ipv4": {
"url": "http://[USERNAME]:[PASSWORD]@myip.co.ua/update?hostname=[DOMAIN]&myip=[IP]",
"answer": "good"
}
}

9
ddns-scripts/files/usr/share/ddns/default/mythic-beasts.com-v2.json Normal file
View File

@ -0,0 +1,9 @@
{
"name": "mythic-beasts.com (API v2)",
"ipv4": {
"url": "https://[USERNAME]:[PASSWORD]@ipv4.api.mythic-beasts.com/dns/v2/dynamic/[DOMAIN]"
},
"ipv6": {
"url": "https://[USERNAME]:[PASSWORD]@ipv6.api.mythic-beasts.com/dns/v2/dynamic/[DOMAIN]"
}
}

6
ddns-scripts/files/usr/share/ddns/default/nettica.com.json
View File

@ -1,6 +0,0 @@
{
"name": "nettica.com",
"ipv4": {
"url": "http://www.nettica.com/Domain/Update.aspx?U=[USERNAME]&PC=[PASSWORD]&FQDN=[DOMAIN]&N=[IP]"
}
}

9
ddns-scripts/files/usr/share/ddns/default/njal.la.json Normal file
View File

@ -0,0 +1,9 @@
{
"name": "njal.la",
"ipv4": {
"url": "https://njal.la/update/?h=[DOMAIN]&k=[PASSWORD]&a=[IP]"
},
"ipv6": {
"url": "https://njal.la/update/?h=[DOMAIN]&k=[PASSWORD]&aaaa=[IP]"
}
}

11
ddns-scripts/files/usr/share/ddns/default/simply.com.json Normal file
View File

@ -0,0 +1,11 @@
{
"name": "simply.com",
"ipv4": {
"url": "https://[USERNAME]:[PASSWORD]@api.simply.com/2/ddns/?hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
},
"ipv6": {
"url": "https://[USERNAME]:[PASSWORD]@api.simply.com/2/ddns/?hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
}
}

4
ddns-scripts/files/usr/share/ddns/default/strato.com.json
View File

@ -3,5 +3,9 @@
"ipv4": {
"url": "http://[USERNAME]:[PASSWORD]@dyndns.strato.com/nic/update?hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
},
"ipv6": {
"url": "http://[USERNAME]:[PASSWORD]@dyndns.strato.com/nic/update?hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
}
}

11
ddns-scripts/files/usr/share/ddns/default/zerigo.com.json
View File

@ -1,11 +0,0 @@
{
"name": "zerigo.com",
"ipv4": {
"url": "http://update.zerigo.com/dynamic?user=[USERNAME]&password=[PASSWORD]&host=[DOMAIN]&ip=[IP]",
"answer": "ok"
},
"ipv6": {
"url": "http://update.zerigo.com/dynamic?user=[USERNAME]&password=[PASSWORD]&host=[DOMAIN]&ip=[IP]",
"answer": "ok"
}
}

11
ddns-scripts/files/usr/share/ddns/default/zzzz.io.json
View File

@ -1,11 +0,0 @@
{
"name": "zzzz.io",
"ipv4": {
"url": "http://zzzz.io/api/v1/update/[DOMAIN]/?token=[PASSWORD]&ip=[IP]",
"answer": "Updated|No change"
},
"ipv6": {
"url": "http://zzzz.io/api/v1/update/[DOMAIN]/?token=[PASSWORD]&type=aaaa&ip=[IP]",
"answer": "Updated|No change"
}
}

13
ddns-scripts/files/usr/share/ddns/list
View File

@ -1,5 +1,4 @@
3322.org
able.or.kr
afraid.org-basicauth
afraid.org-keyauth
afraid.org-v2-basic
@ -21,33 +20,30 @@ dnsomatic.com
dnspark.com
do.de
domopoli.de
dtdns.com
duckdns.org
duiadns.net
dy.fi
dyn.com
dyndns.it
dyndns.org
dyndnss.net
dynsip.org
dynu.com
dynv6.com
easydns.com
editdns.net
goip.de
google.com
he.net
hosting.de
infomaniak.com
inwx.de
joker.com
loopia.se
moniker.com
mydns.jp
myip.co.ua
myonlineportal.net
mythic-beasts.com
mythic-beasts.com-v2
namecheap.com
nettica.com
njal.la
no-ip.pl
now-dns.com
nsupdate.info
@ -57,6 +53,7 @@ ovh.com
regfish.de
schokokeks.org
selfhost.de
simply.com
sitelutions.com
spdyn.de
strato.com
@ -67,6 +64,4 @@ twodns.de
udmedia.de
variomedia.de
xlhost.de
zerigo.com
zoneedit.com
zzzz.io

25
dnsmasq/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.86
PKG_UPSTREAM_VERSION:=2.89
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=$(AUTORELEASE)
PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
PKG_HASH:=28d52cfc9e2004ac4f85274f52b32e1647b4dbc9761b82e7de1e41c49907eb08
PKG_SOURCE_URL:=https://thekelleys.org.uk/dnsmasq/
PKG_HASH:=02bd230346cf0b9d5909f5e151df168b2707103785eb616b56685855adebb609
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
@ -24,12 +24,14 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_UPSTR
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=lto
PKG_ASLR_PIE_REGULAR:=1
PKG_CONFIG_DEPENDS:= CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcp \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_nftset \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc \
@ -61,10 +63,11 @@ endef
define Package/dnsmasq-full
$(call Package/dnsmasq/Default)
TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Conntrack, NO_ID enabled by default)
TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Nftset, Conntrack, NO_ID enabled by default)
DEPENDS+=+PACKAGE_dnsmasq_full_dnssec:libnettle \
+PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset \
+PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack
+PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack \
+PACKAGE_dnsmasq_full_nftset:nftables-json
VARIANT:=full
PROVIDES:=dnsmasq
endef
@ -83,7 +86,7 @@ define Package/dnsmasq-full/description
$(call Package/dnsmasq/description)
This is a fully configurable variant with DHCPv4, DHCPv6, DNSSEC, Authoritative DNS
and IPset, Conntrack support & NO_ID enabled by default.
and nftset, Conntrack support & NO_ID enabled by default.
endef
define Package/dnsmasq/conffiles
@ -109,6 +112,9 @@ define Package/dnsmasq-full/config
default y
config PACKAGE_dnsmasq_full_ipset
bool "Build with IPset support."
default n
config PACKAGE_dnsmasq_full_nftset
bool "Build with Nftset support."
default y
config PACKAGE_dnsmasq_full_conntrack
bool "Build with Conntrack support."
@ -128,9 +134,6 @@ endef
Package/dnsmasq-dhcpv6/conffiles = $(Package/dnsmasq/conffiles)
Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles)
TARGET_CFLAGS += -flto
TARGET_LDFLAGS += -flto=jobserver
COPTS = -DHAVE_UBUS -DHAVE_POLL_H \
$(if $(CONFIG_IPV6),,-DNO_IPV6)
@ -144,6 +147,7 @@ ifeq ($(BUILD_VARIANT),full)
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_nftset),-DHAVE_NFTSET,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack),-DHAVE_CONNTRACK,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid),-DNO_ID,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc),-DHAVE_BROKEN_RTC) \
@ -182,6 +186,7 @@ define Package/dnsmasq/install
$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/50-dnsmasq-migrate-ipset.sh $(1)/etc/uci-defaults
endef
Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install)

32
dnsmasq/files/50-dnsmasq-migrate-ipset.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
ipsets=$(uci -q get dhcp.@dnsmasq[0].ipset)
[ -z "$ipsets" ] && exit 0
for ipset in $ipsets; do
names=${ipset##*/}
domains=${ipset%/*}
[ -z "$names" ] || [ -z "$domains" ] && continue
uci add dhcp ipset
OLDIFS="$IFS"
IFS=","
for name in $names; do
uci add_list dhcp.@ipset[-1].name="$name"
done
IFS="/"
for domain in ${domains:1}; do
uci add_list dhcp.@ipset[-1].domain="$domain"
done
IFS="$OLDIFS"
uci del_list dhcp.@dnsmasq[0].ipset="$ipset"
done
uci commit dhcp
exit 0

4
dnsmasq/files/dhcp.conf
View File

@ -10,6 +10,7 @@ config dnsmasq
option domain 'lan'
option expandhosts 1
option nonegcache 0
option cachesize 1000
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
@ -21,6 +22,9 @@ config dnsmasq
#list bogusnxdomain '64.94.110.11'
option localservice 1 # disable to allow DNS requests from non-local subnets
option ednspacket_max 1232
option filter_aaaa 0
option filter_a 0
#list addnmount /some/path # read-only mount path to expose it to dnsmasq
config dhcp lan
option interface lan

70
dnsmasq/files/dnsmasq.init
View File

@ -33,6 +33,7 @@ dnsmasq_ignore_opt() {
[ "${dnsmasq_features#* DNSSEC }" = "$dnsmasq_features" ] || dnsmasq_has_dnssec=1
[ "${dnsmasq_features#* TFTP }" = "$dnsmasq_features" ] || dnsmasq_has_tftp=1
[ "${dnsmasq_features#* ipset }" = "$dnsmasq_features" ] || dnsmasq_has_ipset=1
[ "${dnsmasq_features#* nftset }" = "$dnsmasq_features" ] || dnsmasq_has_nftset=1
fi
case "$opt" in
@ -55,6 +56,8 @@ dnsmasq_ignore_opt() {
[ -z "$dnsmasq_has_tftp" ] ;;
ipset)
[ -z "$dnsmasq_has_ipset" ] ;;
nftset)
[ -z "$dnsmasq_has_nftset" ] ;;
*)
return 1
esac
@ -169,10 +172,6 @@ append_address() {
xappend "--address=$1"
}
append_ipset() {
xappend "--ipset=$1"
}
append_connmark_allowlist() {
xappend "--connmark-allowlist=$1"
}
@ -205,8 +204,12 @@ ismounted() {
return 1
}
append_addnhosts() {
append_extramount() {
ismounted "$1" || append EXTRA_MOUNT "$1"
}
append_addnhosts() {
append_extramount "$1"
xappend "--addn-hosts=$1"
}
@ -554,6 +557,8 @@ dhcp_add() {
config_get leasetime "$cfg" leasetime 12h
config_get options "$cfg" options
config_get_bool dynamicdhcp "$cfg" dynamicdhcp 1
config_get_bool dynamicdhcpv4 "$cfg" dynamicdhcpv4 $dynamicdhcp
config_get_bool dynamicdhcpv6 "$cfg" dynamicdhcpv6 $dynamicdhcp
config_get dhcpv4 "$cfg" dhcpv4
config_get dhcpv6 "$cfg" dhcpv6
@ -581,21 +586,20 @@ dhcp_add() {
limit=$((limit-1))
fi
eval "$(ipcalc.sh "${subnet%%/*}" $netmask $start $limit)"
# make sure the DHCP range is not empty
if [ "$dhcpv4" != "disabled" ] && eval "$(ipcalc.sh "${subnet%%/*}" "$netmask" "$start" "$limit")" ; then
[ "$dynamicdhcpv4" = "0" ] && END="static"
if [ "$dynamicdhcp" = "0" ] ; then
END="static"
xappend "--dhcp-range=$tags$nettag$START,$END,$NETMASK,$leasetime${options:+ $options}"
fi
if [ "$dynamicdhcpv6" = "0" ] ; then
dhcp6range="::,static"
else
dhcp6range="::1000,::ffff"
fi
if [ "$dhcpv4" != "disabled" ] ; then
xappend "--dhcp-range=$tags$nettag$START,$END,$NETMASK,$leasetime${options:+ $options}"
fi
if [ $DNSMASQ_DHCP_VER -eq 6 ] && [ "$ra" = "server" ] ; then
# Note: dnsmasq cannot just be a DHCPv6 server (all-in-1)
# and let some other machine(s) send RA pointing to it.
@ -796,25 +800,54 @@ dhcp_relay_add() {
dnsmasq_ipset_add() {
local cfg="$1"
local ipsets domains
local ipsets nftsets domains
add_ipset() {
ipsets="${ipsets:+$ipsets,}$1"
}
add_nftset() {
local IFS=,
for set in $1; do
local fam="$family"
[ -n "$fam" ] || fam=$(echo "$set" | sed -nre \
's#^.*[^0-9]([46])$|^.*[-_]([46])[-_].*$|^([46])[^0-9].*$#\1\2\3#p')
[ -n "$fam" ] || \
fam=$(nft -t list set "$table_family" "$table" "$set" 2>&1 | sed -nre \
's#^\t\ttype .*\bipv([46])_addr\b.*$#\1#p')
[ -n "$fam" ] || \
logger -t dnsmasq "Cannot infer address family from non-existent nftables set '$set'"
nftsets="${nftsets:+$nftsets,}${fam:+$fam#}$table_family#$table#$set"
done
}
add_domain() {
# leading '/' is expected
domains="$domains/$1"
}
config_get table "$cfg" table 'fw4'
config_get table_family "$cfg" table_family 'inet'
if [ "$table_family" = "ip" ] ; then
family="4"
elif [ "$table_family" = "ip6" ] ; then
family="6"
else
config_get family "$cfg" family
fi
config_list_foreach "$cfg" "name" add_ipset
config_list_foreach "$cfg" "name" add_nftset
config_list_foreach "$cfg" "domain" add_domain
if [ -z "$ipsets" ] || [ -z "$domains" ]; then
if [ -z "$ipsets" ] || [ -z "$nftsets" ] || [ -z "$domains" ]; then
return 0
fi
xappend "--ipset=$domains/$ipsets"
xappend "--nftset=$domains/$nftsets"
}
dnsmasq_start()
@ -932,6 +965,9 @@ dnsmasq_start()
append_bool "$cfg" rapidcommit "--dhcp-rapid-commit"
append_bool "$cfg" scriptarp "--script-arp"
append_bool "$cfg" filter_aaaa "--filter-AAAA"
append_bool "$cfg" filter_a "--filter-A"
append_parm "$cfg" logfacility "--log-facility"
config_get logfacility "$cfg" "logfacility"
append_parm "$cfg" cachesize "--cache-size"
@ -948,7 +984,6 @@ dnsmasq_start()
config_list_foreach "$cfg" "server" append_server
config_list_foreach "$cfg" "rev_server" append_rev_server
config_list_foreach "$cfg" "address" append_address
config_list_foreach "$cfg" "ipset" append_ipset
local connmark_allowlist_enable
config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
@ -1141,7 +1176,6 @@ dnsmasq_start()
config_foreach filter_dnsmasq ipset dnsmasq_ipset_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> $CONFIGFILE_TMP
mv -f $CONFIGFILE_TMP $CONFIGFILE
mv -f $HOSTFILE_TMP $HOSTFILE
@ -1157,6 +1191,8 @@ dnsmasq_start()
done
}
config_list_foreach "$cfg" addnmount append_extramount
procd_open_instance $cfg
procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."${cfg}".pid
procd_set_param file $CONFIGFILE

179
dnsmasq/patches/001-CVE-2022-0934-Fix-write-after-free-error-in-DHCPv6-code.patch
View File

@ -1,179 +0,0 @@
From 03345ecefeb0d82e3c3a4c28f27c3554f0611b39 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 31 Mar 2022 21:35:20 +0100
Subject: Fix write-after-free error in DHCPv6 code. CVE-2022-0934 refers.
---
CHANGELOG | 3 +++
src/rfc3315.c | 48 +++++++++++++++++++++++++++---------------------
2 files changed, 30 insertions(+), 21 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -92,6 +92,9 @@ version 2.86
of filename). Thanks to Ed Wildgoose for the initial patch
and motivation for this.
+ Fix write-after-free error in DHCPv6 server code.
+ CVE-2022-0934 refers.
+
version 2.85
Fix problem with DNS retries in 2.83/2.84.
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -33,9 +33,9 @@ struct state {
unsigned int mac_len, mac_type;
};
-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
struct in6_addr *client_addr, int is_unicast, time_t now);
-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_c
}
/* This cost me blood to write, it will probably cost you blood to understand - srk. */
-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
struct in6_addr *client_addr, int is_unicast, time_t now)
{
void *end = inbuff + sz;
void *opts = inbuff + 34;
- int msg_type = *((unsigned char *)inbuff);
+ int msg_type = *inbuff;
unsigned char *outmsgtypep;
void *opt;
struct dhcp_vendor *vendor;
@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct stat
return 1;
}
-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
{
void *opt;
- int i, o, o1, start_opts;
+ int i, o, o1, start_opts, start_msg;
struct dhcp_opt *opt_cfg;
struct dhcp_netid *tagif;
struct dhcp_config *config = NULL;
struct dhcp_netid known_id, iface_id, v6_id;
- unsigned char *outmsgtypep;
+ unsigned char outmsgtype;
struct dhcp_vendor *vendor;
struct dhcp_context *context_tmp;
struct dhcp_mac *mac_opt;
@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *
v6_id.next = state->tags;
state->tags = &v6_id;
- /* copy over transaction-id, and save pointer to message type */
- if (!(outmsgtypep = put_opt6(inbuff, 4)))
+ start_msg = save_counter(-1);
+ /* copy over transaction-id */
+ if (!put_opt6(inbuff, 4))
return 0;
start_opts = save_counter(-1);
- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
-
+ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
+
/* We're going to be linking tags from all context we use.
mark them as unused so we don't link one twice and break the list */
for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *
(msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
{
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
o1 = new_opt6(OPTION6_STATUS_CODE);
put_opt6_short(DHCP6USEMULTI);
put_opt6_string("Use multicast");
@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *
struct dhcp_netid *solicit_tags;
struct dhcp_context *c;
- *outmsgtypep = DHCP6ADVERTISE;
+ outmsgtype = DHCP6ADVERTISE;
if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
{
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
state->lease_allocate = 1;
o = new_opt6(OPTION6_RAPID_COMMIT);
end_opt6(o);
@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *
int start = save_counter(-1);
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
state->lease_allocate = 1;
log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *
int address_assigned = 0;
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *
int good_addr = 0;
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *
log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
if (ignore)
return 0;
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
tagif = add_options(state, 1);
break;
}
@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *
case DHCP6RELEASE:
{
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, "DHCPRELEASE", NULL, NULL);
@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *
case DHCP6DECLINE:
{
/* set reply message type */
- *outmsgtypep = DHCP6REPLY;
+ outmsgtype = DHCP6REPLY;
log6_quiet(state, "DHCPDECLINE", NULL, NULL);
@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *
}
}
-
+
+ /* Fill in the message type. Note that we store the offset,
+ not a direct pointer, since the packet memory may have been
+ reallocated. */
+ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
+
log_tags(tagif, state->xid);
log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));

8
dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -95,10 +95,6 @@ int main (int argc, char **argv)
@@ -103,10 +103,6 @@ int main (int argc, char **argv)
read_opts(argc, argv, compile_opts);
@ -26,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1201,7 +1201,7 @@ extern struct daemon {
@@ -1248,7 +1248,7 @@ extern struct daemon {
int inotifyfd;
#endif
#if defined(HAVE_LINUX_NETWORK)
@ -35,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
#elif defined(HAVE_BSD_NETWORK)
int dhcp_raw_fd, dhcp_icmp_fd, routefd;
#endif
@@ -1388,9 +1388,6 @@ int read_write(int fd, unsigned char *pa
@@ -1453,9 +1453,6 @@ int read_write(int fd, unsigned char *pa
void close_fds(long max_fd, int spare1, int spare2, int spare3);
int wildcard_match(const char* wildcard, const char* match);
int wildcard_matchn(const char* wildcard, const char* match, int num);
@ -140,7 +140,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
--- a/src/util.c
+++ b/src/util.c
@@ -796,22 +796,3 @@ int wildcard_matchn(const char* wildcard
@@ -855,22 +855,3 @@ int wildcard_matchn(const char* wildcard
return (!num) || (*wildcard == *match);
}

6
dnsmasq/patches/200-ubus_dns.patch
View File

@ -1,6 +1,6 @@
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1564,14 +1564,26 @@ void emit_dbus_signal(int action, struct
@@ -1631,14 +1631,26 @@ void emit_dbus_signal(int action, struct
/* ubus.c */
#ifdef HAVE_UBUS
@ -151,7 +151,7 @@
if (!ADD_RDLEN(header, p, qlen, rdlen))
return 0; /* bad packet */
}
@@ -563,7 +632,7 @@ int extract_addresses(struct dns_header
@@ -570,7 +639,7 @@ int extract_addresses(struct dns_header
cache_start_insert();
/* find_soa is needed for dns_doctor side effects, so don't call it lazily if there are any. */
@ -269,7 +269,7 @@
struct ubus_context *ubus = (struct ubus_context *)daemon->ubus;
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -1972,6 +1972,10 @@ static void check_dns_listeners(time_t n
@@ -2003,6 +2003,10 @@ static void check_dns_listeners(time_t n
daemon->pipe_to_parent = pipefd[1];
}

4
firewall/Makefile
View File

@ -21,6 +21,8 @@ PKG_LICENSE:=ISC
PKG_CONFIG_DEPENDS := CONFIG_IPV6
PKG_BUILD_FLAGS:=gc-sections lto
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
@ -42,8 +44,6 @@ define Package/firewall/conffiles
/etc/firewall.user
endef
TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
TARGET_LDFLAGS += -Wl,--gc-sections -flto
CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
define Package/firewall/install

2
firewall/files/firewall.config
View File

@ -1,6 +1,6 @@
config defaults
option syn_flood 1
option input ACCEPT
option input REJECT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules

8
firewall4/Makefile
View File

@ -5,13 +5,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=firewall4
PKG_RELEASE:=$(AUTORELEASE)
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall4.git
PKG_SOURCE_DATE:=2022-10-18
PKG_SOURCE_VERSION:=7ae5e14bbd7265cc67ec870c3bb0c8e197bb7ca9
PKG_MIRROR_HASH:=ce190e526df915df65b40aa24fadf2a1b5badc57ab4e564d5f44575b11d18e26
PKG_SOURCE_DATE:=2023-03-23
PKG_SOURCE_VERSION:=04a06bd70b9808b14444cae81a2faba4708ee231
PKG_MIRROR_HASH:=37c34facb733c50d0fdbfa238765a23e667e4daaae9728aaccbaba87a2a07bb9
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=ISC

50
fullconenat-nft/Makefile Normal file
View File

@ -0,0 +1,50 @@
# SPDX-License-Identifier: GPL-2.0-only
# Copyright (c) 2018 Chion Tang <tech@chionlab.moe>
# Original xt_FULLCONENAT and related iptables extension author
# Copyright (c) 2019-2022 GitHub/llccd Twitter/@gNodeB
# Added IPv6 support for xt_FULLCONENAT and ip6tables extension
# Ported to recent kernel versions
# Copyright (c) 2022 Syrone Wong <wong.syrone@gmail.com>
# Massively rewrite the whole module, split the original code into library and nftables 'fullcone' expression module
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=fullconenat-nft
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/fullcone-nat-nftables/nft-fullcone.git
PKG_SOURCE_DATE:=2023-01-10
PKG_SOURCE_VERSION:=95ad79bc6d15c64b2770fe8b7092a64d5c2a293c
PKG_MIRROR_HASH:=56440d912625a26f1a6412c5399fccf89432d1cd35d2e6c9cc4d3a445e98b223
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Syrone Wong <wong.syrone@gmail.com>
include $(INCLUDE_DIR)/package.mk
define KernelPackage/nft-fullcone
SUBMENU:=Netfilter Extensions
DEPENDS:=+kmod-nft-nat
TITLE:=nftables fullcone expression support
FILES:= $(PKG_BUILD_DIR)/src/nft_fullcone.ko
KCONFIG:= \
CONFIG_NF_CONNTRACK_EVENTS=y \
CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
AUTOLOAD:=$(call AutoProbe,nft_fullcone)
endef
define KernelPackage/nft-fullcone/Description
Kernel module adds the fullcone expression that you can use
to perform NAT in the RFC3489-compatible full cone SNAT flavour.
Currently only UDP traffic is supported for full-cone NAT.
For other protos FULLCONENAT is equivalent to MASQUERADE.
endef
define Build/Compile
+$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)/src" modules
endef
$(eval $(call KernelPackage,nft-fullcone))

71
fullconenat/Makefile Normal file
View File

@ -0,0 +1,71 @@
#
# Copyright (C) 2018 Chion Tang <tech@chionlab.moe>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=fullconenat
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/llccd/netfilter-full-cone-nat.git
PKG_SOURCE_DATE:=2023-01-01
PKG_SOURCE_VERSION:=74c5e6f3c7faaf33ece451697537c81781781c20
PKG_MIRROR_HASH:=3c254f1edba28eafdccac9cf95eb550fd2b05eeaaec8a02c73e1dcd2f98f9d93
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Chion Tang <tech@chionlab.moe>
include $(INCLUDE_DIR)/package.mk
define Package/iptables-mod-fullconenat
SUBMENU:=Firewall
SECTION:=net
CATEGORY:=Network
TITLE:=FULLCONENAT iptables extension
DEPENDS:=+iptables +kmod-ipt-fullconenat
endef
define Package/ip6tables-mod-fullconenat
SUBMENU:=Firewall
SECTION:=net
CATEGORY:=Network
TITLE:=FULLCONENAT ip6tables extension
DEPENDS:=ip6tables +kmod-nf-nat6 +kmod-ipt-fullconenat +ip6tables-mod-nat
endef
define KernelPackage/ipt-fullconenat
SUBMENU:=Netfilter Extensions
TITLE:=FULLCONENAT netfilter module
DEPENDS:=+kmod-nf-ipt +kmod-nf-nat
KCONFIG:= \
CONFIG_NF_CONNTRACK_EVENTS=y \
CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko
endef
include $(INCLUDE_DIR)/kernel-defaults.mk
define Build/Compile
+$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)" modules
$(call Build/Compile/Default)
endef
define Package/iptables-mod-fullconenat/install
$(INSTALL_DIR) $(1)/usr/lib/iptables
$(INSTALL_BIN) $(PKG_BUILD_DIR)/libipt_FULLCONENAT.so $(1)/usr/lib/iptables
endef
define Package/ip6tables-mod-fullconenat/install
$(INSTALL_DIR) $(1)/usr/lib/iptables
$(INSTALL_BIN) $(PKG_BUILD_DIR)/libip6t_FULLCONENAT.so $(1)/usr/lib/iptables
endef
$(eval $(call BuildPackage,iptables-mod-fullconenat))
$(eval $(call BuildPackage,ip6tables-mod-fullconenat))
$(eval $(call KernelPackage,ipt-fullconenat))

16
fullconenat/patches/000-printk.patch Normal file
View File

@ -0,0 +1,16 @@
--- a/xt_FULLCONENAT.c
+++ b/xt_FULLCONENAT.c
@@ -1345,9 +1345,12 @@ static struct xt_target tg_reg[] __read_
static int __init fullconenat_tg_init(void)
{
int ret;
+ printk(KERN_INFO "xt_FULLCONENAT: RFC3489 Full Cone NAT module\n"
+ "xt_FULLCONENAT: Copyright (C) 2018 Chion Tang <tech@chionlab.moe>\n");
+
wq = create_singlethread_workqueue("xt_FULLCONENAT");
if (wq == NULL) {
- printk("xt_FULLCONENAT: warning: failed to create workqueue\n");
+ printk(KERN_WARNING "xt_FULLCONENAT: warning: failed to create workqueue\n");
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0)

12
fullconenat/src/Makefile Normal file
View File

@ -0,0 +1,12 @@
all: libipt_FULLCONENAT.so libip6t_FULLCONENAT.so
libipt_FULLCONENAT.so: libipt_FULLCONENAT.o
$(CC) -shared -lxtables -o $@ $^;
libipt_FULLCONENAT.o: libipt_FULLCONENAT.c
$(CC) ${CFLAGS} -fPIC -c -o $@ $<;
libip6t_FULLCONENAT.so: libip6t_FULLCONENAT.o
$(CC) -shared -lxtables -o $@ $^;
libip6t_FULLCONENAT.o: libip6t_FULLCONENAT.c
$(CC) ${CFLAGS} -fPIC -c -o $@ $<;
obj-m += xt_FULLCONENAT.o

80
homeredirect/Makefile Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (c) 2020 xiaoqingfeng (xiaoqingfengatgm@gmail.com)
# Feed site - https://github.com/xiaoqingfengATGH/feeds-xiaoqingfeng
# This is free software, licensed under the GNU General Public License v3.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=HomeRedirect
PKG_VERSION:=1.4
PKG_RELEASE:=1
PKG_DATE:=20210226
PKG_MAINTAINER:=xiaoqingfeng <xiaoqingfengatgm@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=net
CATEGORY:=Network
TITLE:=Port forwarding utility for HomeLede.
DEPENDS:=+bash +coreutils-nohup +socat
PKGARCH:=all
URL:=https://github.com/xiaoqingfengATGH/feeds-xiaoqingfeng
endef
define Package/$(PKG_NAME)/config
help
$(PKG_NAME)
Version: $(PKG_VERSION)-$(PKG_RELEASE)
Port forwarding utility for HomeLede. Support TCP/UDP ipv4 & ipv6.
endef
define Package/$(PKG_NAME)/description
Port forwarding utility for HomeLede. Support TCP/UDP ipv4 & ipv6.
endef
define Package/$(PKG_NAME)/conffiles
/etc/config/homeredirect
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/homeredirect
$(INSTALL_BIN) files/etc/init.d/homeredirect $(1)/etc/init.d
$(INSTALL_CONF) files/etc/config/homeredirect $(1)/etc/config
$(INSTALL_DATA) files/etc/homeredirect/firewall.include $(1)/etc/homeredirect/
$(INSTALL_DATA) files/etc/homeredirect/script.sh $(1)/etc/homeredirect/
endef
define Package/$(PKG_NAME)/postinst
#!/bin/sh
exit 0
endef
define Package/$(PKG_NAME)/prerm
#!/bin/sh
/etc/init.d/homeredirect stop
uci -q batch <<-EOF >/dev/null
delete ucitrack.@homeredirect[-1]
commit ucitrack
EOF
uci -q batch <<-EOF >/dev/null
delete firewall.homeredirect
EOF
exit 0
endef
define Build/Configure
endef
define Build/Prepare
endef
define Build/Compile
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

38
homeredirect/files/etc/config/homeredirect Normal file
View File

@ -0,0 +1,38 @@
config global
option enabled '1'
config redirect
option proto 'tcp4'
option src_ip '0.0.0.0'
option src_dport '60609'
option dest_ip '192.168.1.100'
option dest_port '3389'
option name 'TCP_REDIRECT_IPV4'
option enabled '0'
config redirect
option proto 'tcp6'
option src_ip '::'
option src_dport '60608'
option dest_ip 'fd5b:64cf:4ff4::1c4'
option dest_port '3389'
option name 'TCP_REDIRECT_IPV6'
option enabled '0'
config redirect
option proto 'udp4'
option src_ip '0.0.0.0'
option src_dport '64511'
option dest_ip '192.168.1.100'
option dest_port '500'
option name 'UDP_REDIRECT_IPV4'
option enabled '0'
config redirect
option proto 'udp6'
option src_ip '::'
option src_dport '64500'
option dest_ip 'fd5b:64cf:4ff4::1c4'
option dest_port '4500'
option name 'UDP_REDIRECT_IPV6'
option enabled '0'

1
homeredirect/files/etc/homeredirect/firewall.include Normal file
View File

@ -0,0 +1 @@
bash /etc/homeredirect/script.sh

45
homeredirect/files/etc/homeredirect/script.sh Normal file
View File

@ -0,0 +1,45 @@
#!/bin/bash
del_rule() {
count=$(iptables -n -L INPUT 2>/dev/null | grep -c "HOME_REDIRECT")
if [ -n "$count" ]; then
until [ "$count" = 0 ]
do
rules=$(iptables -n -L INPUT --line-num 2>/dev/null | grep "HOME_REDIRECT" | awk '{print $1}')
for rule in $rules
do
iptables -D INPUT $rule 2>/dev/null
break
done
count=$(expr $count - 1)
done
fi
iptables -F HOME_REDIRECT 2>/dev/null
iptables -X HOME_REDIRECT 2>/dev/null
}
add_rule(){
iptables -N HOME_REDIRECT
iptables -I INPUT -j HOME_REDIRECT
maxRedirctCount=$(uci show homeredirect | grep @redirect | awk -F '[' '{print $2}' | awk -F ']' '{print $1}' | sort | tail -n 1)
for ((i=($maxRedirctCount);i>=0;i--));
do
enabled=$(uci get homeredirect.@redirect[$i].enabled)
if [ $enabled -eq 1 ]; then
protoAll=$(uci get homeredirect.@redirect[$i].proto)
proto=${protoAll:0:3}
port=$(uci get homeredirect.@redirect[$i].src_dport)
iptables -A HOME_REDIRECT -p $proto --dport $port -j ACCEPT
fi
done
}
del_rule
enable=$(uci get homeredirect.@global[0].enabled)
if [ $enable -eq 1 ]; then
add_rule
fi

140
homeredirect/files/etc/init.d/homeredirect Normal file
View File

@ -0,0 +1,140 @@
#!/bin/sh /etc/rc.common
START=99
RUNLOG_DIR=/tmp/hr
PROCESSED_REDIRECT=0
log()
{
logger -t homeredirect $1
}
setupDefaultSrcIP() {
if [ -z $src_ip ];then
if [ "$1" = "ipv4" ]; then
src_ip="0.0.0.0"
else
src_ip="::"
fi
fi
}
setup() {
config_get enabled $1 enabled
id=$1
config_get proto $1 proto
config_get src_ip $1 src_ip
config_get src_dport $1 src_dport
config_get dest_ip $1 dest_ip
config_get dest_port $1 dest_port
config_get name $1 name
terminateRedirect $id
[ "$enabled" != "1" ] && return 0
PROCESSED_REDIRECT=1
if [ "$proto" = "tcp4" ]; then
src_addresstype="TCP4-LISTEN"
dest_addresstype="TCP4"
setupDefaultSrcIP "ipv4"
elif [ "$proto" = "tcp6" ]; then
src_addresstype="TCP6-LISTEN"
dest_addresstype="TCP6"
setupDefaultSrcIP "ipv6"
src_ip="[$src_ip]"
dest_ip="[$dest_ip]"
elif [ "$proto" = "udp4" ]; then
src_addresstype="UDP4-LISTEN"
dest_addresstype="UDP4"
setupDefaultSrcIP "ipv4"
elif [ "$proto" = "udp6" ]; then
src_addresstype="UDP6-LISTEN"
dest_addresstype="UDP6"
setupDefaultSrcIP "ipv6"
src_ip="[$src_ip]"
dest_ip="[$dest_ip]"
fi
#echo "nohup socat -lf $RUNLOG_DIR/$id.log $src_addresstype:$src_dport,bind=$src_ip,fork $dest_addresstype:$dest_ip:$dest_port > $RUNLOG_DIR/$id.log 2>&1 &"
nohup socat -lf $RUNLOG_DIR/$id.log $src_addresstype:$src_dport,bind=$src_ip,fork $dest_addresstype:$dest_ip:$dest_port > $RUNLOG_DIR/$id.log 2>&1 &
log "[HomeRedirect] Port redirect from $proto $src_ip:$src_dport==>$dest_addresstype:$dest_ip:$dest_port started."
}
# param $1 is port
showTcpPortState() {
local process=$(netstat -ltnp | awk -F ' ' '{if(NR>2) print $1"/"$4"/"$7}' | grep :$1)
if [ -n "$process" ]; then
echo $process
else
echo 'TCP Port $1 is Free.'
fi
}
# param $1 is port
showUdpPortState() {
local process=$(netstat -lunp | awk -F ' ' '{if(NR>2) print $1"/"$4"/"$6}'|grep :$1)
if [ -n "$process" ]; then
echo $process
else
echo 'UDP Port $1 is Free.'
fi
}
isRedirectRunning() {
local runningPID=$(ps | grep socat | grep $RUNLOG_DIR/$1 | sed '/grep/d' | awk -F ' ' '{print $1}')
if [ -n "$runningPID" ]; then
return 1
else
return 0
fi
}
# param $1 is redirect id
terminateRedirect() {
isRedirectRunning $1
[ "$?" = "1" ] && {
local runningPID=$(ps | grep socat | grep $RUNLOG_DIR/$1 | sed '/grep/d' | awk -F ' ' '{print $1}')
#echo "Going to kill process $runningPID"
kill $runningPID
}
}
terminateAll() {
local runningPIDs=$(ps | grep socat | grep $RUNLOG_DIR | sed '/grep/d' | awk -F ' ' '{print $1}')
[ -n "$runningPIDs" ] && {
kill $runningPIDs
log "Redirect process : $runningPIDs stopped."
}
}
start() {
local vt_enabled=$(uci -q get homeredirect.@global[0].enabled)
if [ "$vt_enabled" = 0 ]; then
terminateAll
fw3 reload
return 1
fi
rm -rf $RUNLOG_DIR
mkdir -p $RUNLOG_DIR
config_load homeredirect
PROCESSED_REDIRECT=0
config_foreach setup redirect
[ "$PROCESSED_REDIRECT" == "1" ] && {
fw3 reload
}
log 'HomeRedirect started.'
}
stop() {
terminateAll
fw3 reload
log 'HomeRedirect stopped.'
}

60
libdouble-conversion/Makefile Normal file
View File

@ -0,0 +1,60 @@
#
# Copyright (C) 2008-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=libdouble-conversion
PKG_VERSION:=3.2.1
PKG_RELEASE:=1
PKG_SOURCE:=double-conversion-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/google/double-conversion/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=e40d236343cad807e83d192265f139481c51fc83a1c49e406ac6ce0a0ba7cd35
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/double-conversion-$(PKG_VERSION)
PKG_BUILD_DIR:=$(BUILD_DIR)/double-conversion-$(PKG_VERSION)
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3c
PKG_LICENSE_FILES:=COPYING LICENSE
PKG_BUILD_FLAGS:=gc-sections lto
CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/libdouble-conversion
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Efficient binary-decimal and decimal-binary conversion routines for IEEE doubles
URL:=https://github.com/google/double-conversion
DEPENDS:=+libstdcpp
endef
define Package/libdouble-conversion/description
double-conversion provides binary-decimal and decimal-binary routines for IEEE doubles.
The library consists of efficient conversion routines that have been extracted
from the V8 JavaScript engine. The code has been refactored and improved so that
it can be used more easily in other projects.
endef
CMAKE_OPTIONS += \
-DBUILD_SHARED_LIBS=ON \
-DBUILD_TESTING=OFF
TARGET_CXXFLAGS += -fno-rtti
define Package/libdouble-conversion/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libdouble-conversion))
$(eval $(call HostBuild))

91
libtorrent-rasterbar/Makefile Normal file
View File

@ -0,0 +1,91 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libtorrent-rasterbar
PKG_VERSION:=2.0.8
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/arvidn/libtorrent/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=29e5c5395de8126ed1b24d0540a9477fbb158b536021cd65aaf9de34d0aadb46
PKG_MAINTAINER:=David Yang <mmyangfl@gmail.com>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/libtorrent-rasterbar/Default
TITLE:=Rasterbar BitTorrent library
URL:=https://libtorrent.org/
endef
define Package/libtorrent-rasterbar
$(call Package/libtorrent-rasterbar/Default)
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:=+boost +boost-system +libopenssl +libatomic +libstdcpp
endef
#define Package/python3-libtorrent
# $(call Package/libtorrent-rasterbar/Default)
# SECTION:=lang
# CATEGORY:=Languages
# SUBMENU:=Python
# TITLE+= (Python 3)
# DEPENDS:=+libtorrent-rasterbar +boost-python
#endef
define Package/libtorrent-rasterbar/description
Rasterbar libtorrent is a C++ library that aims to be a good alternative to
all the other bittorrent implementations around.
endef
#define Package/python3-libtorrent/description
# $(call Package/libtorrent-rasterbar/description)
# This package contains Python 3 bindings for the libtorrent-rasterbar library.
#endef
define Download/try_signal
VERSION:=105cce59972f925a33aa6b1c3109e4cd3caf583d
SUBDIR:=deps/try_signal
FILE:=$(PKG_NAME)-try_signal-$$(VERSION).tar.xz
URL:=https://github.com/arvidn/try_signal.git
MIRROR_HASH:=da81da67d52b7a731c21148573b68bf8dc7863616d6ae1f81845b7afb29e8f00
PROTO:=git
endef
$(eval $(call Download,try_signal))
PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
define Build/Prepare
$(Build/Prepare/Default)
$(eval $(Download/try_signal))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
#CMAKE_OPTIONS += \
# -Dpython-bindings=ON \
# -Dpython-egg-info=ON
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/libtorrent $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libtorrent-rasterbar.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libtorrent-rasterbar.pc $(1)/usr/lib/pkgconfig/
endef
define Package/libtorrent-rasterbar/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libtorrent-rasterbar.so.* $(1)/usr/lib/
endef
#define Package/python3-libtorrent/install
# $(INSTALL_DIR) $(1)/usr/lib/python2.7/site-packages
# $(CP) $(PKG_INSTALL_DIR)/usr/lib/python2.7/site-packages/*.so* $(1)/usr/lib/python2.7/site-packages/
#endef
$(eval $(call BuildPackage,libtorrent-rasterbar))
#$(eval $(call BuildPackage,python3-libtorrent))

18
luci-app-homeredirect/Makefile Normal file
View File

@ -0,0 +1,18 @@
# Copyright (C) 2020 xiaoqingfeng <xiaoqingfengatgm@gmail.com>
#
# This is free software, licensed under the Apache License, Version 2.0 .
#
include $(TOPDIR)/rules.mk
LUCI_TITLE:=LuCI for HomeRedirect
LUCI_DEPENDS:=+HomeRedirect
LUCI_PKGARCH:=all
PKG_NAME:=luci-app-homeredirect
PKG_VERSION:=1.0
PKG_RELEASE:=1-20200805
PKG_MAINTAINER:=Richard Yu <xiaoqingfengatgm@gmail.com>
include $(TOPDIR)/feeds/luci/luci.mk
# call BuildPackage - OpenWrt buildroot signature

62
luci-app-homeredirect/luasrc/controller/homeredirect.lua Normal file
View File

@ -0,0 +1,62 @@
-- Copyright 2020 Richard <xiaoqingfengatgm@gmail.com>
-- feed site : https://github.com/xiaoqingfengATGH/feeds-xiaoqingfeng
module("luci.controller.homeredirect", package.seeall)
local appname = "homeredirect"
local RUNLOG_DIR = "/tmp/hr"
local ucic = luci.model.uci.cursor()
local http = require "luci.http"
function index()
entry({"admin", "services", "homeredirect", "show"}, call("show_menu")).leaf = true
entry({"admin", "services", "homeredirect", "hide"}, call("hide_menu")).leaf = true
if nixio.fs.access("/etc/config/homeredirect") and
nixio.fs.access("/etc/config/homeredirect_show") then
entry({"admin", "services", "homeredirect"},
alias("admin", "services", "homeredirect", "settings"),
_("Home Redirect"), 50).dependent = true
end
entry({"admin", "services", "homeredirect", "settings"},
cbi("homeredirect/settings")).leaf = true
entry({"admin", "services", "homeredirect", "status"}, call("status")).leaf =
true
end
local function http_write_json(content)
http.prepare_content("application/json")
http.write_json(content or {code = 1})
end
function status()
local e = {}
e.enabled = ucic:get(appname, "@global[0]", "enabled")
ucic:foreach(appname, "redirect", function(redirect)
local state = -1
local id = redirect['.name']
local enabled = redirect['enabled']
if enabled == "1" then
local pid = luci.sys.exec("ps | grep socat | grep " .. RUNLOG_DIR .. "/" .. id .. " | sed '/grep/d' | awk -F ' ' '{print $1}'")
if pid == "" then
state = 0
else
state = tonumber(pid)
end
end
e[id] = state
end)
luci.http.prepare_content("application/json")
luci.http.write_json(e)
end
function show_menu()
luci.sys.call("touch /etc/config/homeredirect_show")
luci.http.redirect(luci.dispatcher.build_url("admin", "services", "homeredirect"))
end
function hide_menu()
luci.sys.call("rm -rf /etc/config/homeredirect_show")
luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview"))
end

62
luci-app-homeredirect/luasrc/model/cbi/homeredirect/settings.lua Normal file
View File

@ -0,0 +1,62 @@
local s = require "luci.sys"
local m, s, o
mp = Map("homeredirect", translate("Home Redirect - Port forwarding utility"))
mp.description = translate("HomeRedirect is a customized port forwarding utility for HomeLede. It supports TCP / UDP protocol, IPv4 and IPv6.")
mp:section(SimpleSection).template = "homeredirect/index"
s = mp:section(TypedSection, "global")
s.anonymous = true
enabled = s:option(Flag, "enabled", translate("Master switch"))
enabled.default = 0
enabled.rmempty = false
s = mp:section(TypedSection, "redirect", translate("Redirect Configuration"))
s.addremove = true
s.anonymous = true
s.template = "cbi/tblsection"
s.sortable = true
enabled = s:option(Flag, "enabled", translate("Enabled"))
enabled.rmempty = false
name = s:option(Value, "name", translate("Name"))
name.optional = false
name.rmempty = false
proto = s:option(ListValue, "proto", translate("Transport Protocol"))
proto.default = "tcp4"
proto:value("tcp4", "TCP/IPv4")
proto:value("udp4", "UDP/IPv4")
proto:value("tcp6", "TCP/IPv6")
proto:value("udp6", "UDP/IPv6")
-- src_ip = s:option(Value, "src_ip", translate("Source IP"))
-- src_ip.datatype = "ipaddr"
-- src_ip.optional = false
-- src_ip.rmempty = false
src_dport = s:option(Value, "src_dport", translate("Source Port"))
src_dport.datatype = "port"
src_dport.optional = false
src_dport.rmempty = false
dest_ip = s:option(Value, "dest_ip", translate("Destination Address"))
dest_ip.datatype = "ipaddr"
dest_ip.optional = false
dest_ip.rmempty = false
dest_port = s:option(Value, "dest_port", translate("Destination Port"))
dest_port.datatype = "port"
dest_port.optional = false
dest_port.rmempty = false
o = s:option(DummyValue, "rs", translate("Status"))
o.default = "检测中..."
local apply=luci.http.formvalue("cbi.apply")
if apply then
io.popen("/etc/init.d/homeredirect restart")
end
return mp

38
luci-app-homeredirect/luasrc/view/homeredirect/index.htm Normal file
View File

File diff suppressed because one or more lines are too long

44
luci-app-homeredirect/po/zh-cn/homeredirect.po Normal file
View File

@ -0,0 +1,44 @@
msgid "Home Redirect"
msgstr "端口转发"
msgid "HomeRedirect is a customized port forwarding utility for HomeLede. It supports TCP / UDP protocol, IPv4 and IPv6."
msgstr "HomeRedirect是一款为HomeLede定制的端口转发工具可以将路由上端口访问转发至任意位置支持TCP/UDP协议IPv4和IPv6。"
msgid "Home Redirect - Port forwarding utility"
msgstr "Home Redirect 端口转发"
msgid "Redirect Configuration"
msgstr "转发设置"
msgid "Transport Protocol"
msgstr "传输协议"
msgid "Source Port"
msgstr "路由器端口"
msgid "Destination Address"
msgstr "转发目标地址"
msgid "Destination Port"
msgstr "转发目标端口"
msgid "Name"
msgstr "名称"
msgid "Source IP"
msgstr "路由器IP"
msgid "Status"
msgstr "状态"
msgid "Master switch"
msgstr "总开关"
msgid "Disabled"
msgstr "未启用"
msgid "Not running"
msgstr "未运行"
msgid "Running"
msgstr "运行中"

1
luci-app-homeredirect/po/zh_Hans Symbolic link
View File

@ -0,0 +1 @@
zh-cn

0
luci-app-homeredirect/root/etc/config/homeredirect_show Normal file
View File

19
luci-app-homeredirect/root/etc/uci-defaults/luci-app-homeredirect Normal file
View File

@ -0,0 +1,19 @@
#!/bin/sh
uci -q batch <<-EOF >/dev/null
delete firewall.homeredirect
set firewall.homeredirect=include
set firewall.homeredirect.type=script
set firewall.homeredirect.path=/etc/homeredirect/firewall.include
set firewall.homeredirect.reload=1
EOF
uci -q batch <<-EOF >/dev/null
delete ucitrack.@homeredirect[-1]
add ucitrack homeredirect
set ucitrack.@homeredirect[-1].init=homeredirect
commit ucitrack
EOF
rm -rf /tmp/luci-*cache
exit 0

11
luci-app-homeredirect/root/usr/share/rpcd/acl.d/luci-app-homeredirect.json Normal file
View File

@ -0,0 +1,11 @@
{
"luci-app-homeredirect": {
"description": "Grant UCI access for luci-app-homeredirect",
"read": {
"uci": [ "homeredirect" ]
},
"write": {
"uci": [ "homeredirect" ]
}
}
}

200
luci-app-watchcat/po/lt/watchcat.po Normal file
View File

@ -0,0 +1,200 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"PO-Revision-Date: 2023-08-28 01:55+0000\n"
"Last-Translator: Džiugas J <dziugas1959@hotmail.com>\n"
"Language-Team: Lithuanian <https://hosted.weblate.org/projects/openwrt/"
"luciapplicationswatchcat/lt/>\n"
"Language: lt\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n % 10 == 1 && (n % 100 < 11 || n % 100 > "
"19)) ? 0 : ((n % 10 >= 2 && n % 10 <= 9 && (n % 100 < 11 || n % 100 > 19)) ? "
"1 : 2);\n"
"X-Generator: Weblate 5.0.1-dev\n"
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:104
msgid ""
"<i>Applies to Ping Reboot, Restart Interface, and Run Script modes</i> <br /"
"> Specify the interface to monitor and react if a ping over it fails."
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:60
msgid "Address family for pinging the host"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:94
msgid ""
"Applies to Ping Reboot and Periodic Reboot modes</i> <br /> When rebooting "
"the router, the service will trigger a soft reboot. Entering a non-zero "
"value here will trigger a delayed hard reboot if the soft reboot were to "
"fail. Enter the number of seconds to wait for the soft reboot to fail or use "
"0 to disable the forced reboot delay."
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:111
msgid ""
"Applies to Ping Reboot and Restart Interface modes</i> <br /> If using "
"ModemManager, you can have Watchcat restart your ModemManger interface by "
"specifying its name."
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:84
msgid "Big: 248 bytes"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:70
msgid "Check Interval"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:93
msgid "Force Reboot Delay"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:19
msgid "General Settings"
msgstr "Bendri nustatymai"
#: applications/luci-app-watchcat/root/usr/share/rpcd/acl.d/luci-app-watchcat.json:3
msgid "Grant access to LuCI app watchcat"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:12
msgid ""
"Here you can set up several checks and actions to take in the event that a "
"host becomes unreachable. Click the <b>Add</b> button at the bottom to set "
"up more than one action."
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:52
msgid "Host To Check"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:71
msgid ""
"How often to ping the host specified above. <br /><br />The default unit is "
"seconds, without a suffix, but you can use the suffix <b>m</b> for minutes, "
"<b>h</b> for hours or <b>d</b> for days. <br /><br /> Examples:<ul><li>10 "
"seconds would be: <b>10</b> or <b>10s</b></li><li>5 minutes would be: <b>5m</"
"b></li><li>1 hour would be: <b>1h</b></li><li>1 week would be: <b>7d</b></"
"li><ul>"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:85
msgid "Huge: 1492 bytes"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:52
msgid "IP address or hostname to ping."
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:118
msgid ""
"If using ModemManager, then before restarting the interface, set the modem "
"to be allowed to use any band."
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:41
msgid ""
"In Periodic Reboot mode, it defines how often to reboot. <br /> In Ping "
"Reboot mode, it defines the longest period of time without a reply from the "
"Host To Check before a reboot is engaged. <br /> In Network Restart or Run "
"Script mode, it defines the longest period of time without a reply from the "
"Host to Check before the interface is restarted or the script is run. <br /"
"><br />The default unit is seconds, without a suffix, but you can use the "
"suffix <b>m</b> for minutes, <b>h</b> for hours or <b>d</b> for days. <br /"
"><br />Examples:<ul><li>10 seconds would be: <b>10</b> or <b>10s</b></"
"li><li>5 minutes would be: <b>5m</b></li><li> 1 hour would be: <b>1h</b></"
"li><li>1 week would be: <b>7d</b></li><ul>"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:102
msgid "Interface"
msgstr "Sąsaja ir Sietuvas"
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:103
msgid "Interface to monitor and/or restart"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:86
msgid "Jumbo: 9000 bytes"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:22
msgid "Mode"
msgstr "Režimas"
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:110
msgid "Name of ModemManager Interface"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:40
msgid "Period"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:28
msgid "Periodic Reboot"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:80
msgid "Ping Packet Size"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:27
msgid "Ping Reboot"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:23
msgid ""
"Ping Reboot: Reboot this device if a ping to a specified host fails for a "
"specified duration of time. <br /> Periodic Reboot: Reboot this device after "
"a specified interval of time. <br /> Restart Interface: Restart a network "
"interface if a ping to a specified host fails for a specified duration of "
"time. <br /> Run Script: Run a script if a ping to a specified host fails "
"for a specified duration of time. <br />"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:29
msgid "Restart Interface"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:30
msgid "Run Script"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:33
msgid "Script to run"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:34
msgid ""
"Script to run when the host has not responded for the specified duration of "
"time. The script is passed the interface name as $1"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:81
msgid "Small: 1 byte"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:83
msgid "Standard: 56 bytes"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:15
msgid "These rules will govern how this device reacts to network events."
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:117
msgid "Unlock Modem Bands"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:11
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:15
#: applications/luci-app-watchcat/root/usr/share/luci/menu.d/luci-app-watchcat.json:3
msgid "Watchcat"
msgstr ""
#: applications/luci-app-watchcat/htdocs/luci-static/resources/view/watchcat.js:82
msgid "Windows: 32 bytes"
msgstr ""

203
mbedtls/Config.in
View File

@ -1,203 +0,0 @@
if PACKAGE_libmbedtls
comment "Option details in source code: include/mbedtls/mbedtls_config.h"
comment "Ciphers - unselect old or less-used ciphers to reduce binary size"
config MBEDTLS_AES_C
bool "MBEDTLS_AES_C"
default y
config MBEDTLS_CAMELLIA_C
bool "MBEDTLS_CAMELLIA_C"
default n
config MBEDTLS_CCM_C
bool "MBEDTLS_CCM_C"
default n
config MBEDTLS_CMAC_C
bool "MBEDTLS_CMAC_C (old but used by hostapd)"
default y
config MBEDTLS_DES_C
bool "MBEDTLS_DES_C (old but used by hostapd)"
default y
config MBEDTLS_GCM_C
bool "MBEDTLS_GCM_C"
default y
config MBEDTLS_NIST_KW_C
bool "MBEDTLS_NIST_KW_C (old but used by hostapd)"
default y
config MBEDTLS_RIPEMD160_C
bool "MBEDTLS_RIPEMD160_C"
default n
config MBEDTLS_XTEA_C
bool "MBEDTLS_XTEA_C"
default n
config MBEDTLS_RSA_NO_CRT
bool "MBEDTLS_RSA_NO_CRT"
default y
config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED"
default y
config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED"
default n
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED"
default y
config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
default n
config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED"
default n
config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED"
default n
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED"
default y
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
default y
config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
default n
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
bool "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED"
default n
comment "Curves - unselect old or less-used curves to reduce binary size"
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
bool "MBEDTLS_ECP_DP_SECP192R1_ENABLED"
default n
config MBEDTLS_ECP_DP_SECP224R1_ENABLED
bool "MBEDTLS_ECP_DP_SECP224R1_ENABLED"
default n
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
bool "MBEDTLS_ECP_DP_SECP256R1_ENABLED"
default y
config MBEDTLS_ECP_DP_SECP384R1_ENABLED
bool "MBEDTLS_ECP_DP_SECP384R1_ENABLED"
default y
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED"
default n
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED"
default n
config MBEDTLS_ECP_DP_SECP224K1_ENABLED
bool "MBEDTLS_ECP_DP_SECP224K1_ENABLED"
default n
config MBEDTLS_ECP_DP_SECP256K1_ENABLED
bool "MBEDTLS_ECP_DP_SECP256K1_ENABLED"
default y
config MBEDTLS_ECP_DP_BP256R1_ENABLED
bool "MBEDTLS_ECP_DP_BP256R1_ENABLED"
default n
config MBEDTLS_ECP_DP_BP384R1_ENABLED
bool "MBEDTLS_ECP_DP_BP384R1_ENABLED"
default n
config MBEDTLS_ECP_DP_BP512R1_ENABLED
bool "MBEDTLS_ECP_DP_BP512R1_ENABLED"
default n
config MBEDTLS_ECP_DP_CURVE25519_ENABLED
bool "MBEDTLS_ECP_DP_CURVE25519_ENABLED"
default y
config MBEDTLS_ECP_DP_CURVE448_ENABLED
bool "MBEDTLS_ECP_DP_CURVE448_ENABLED"
default n
comment "Build Options - unselect features to reduce binary size"
config MBEDTLS_ARMV8CE_AES_C
bool "MBEDTLS_ARMV8CE_AES_C"
default y
depends on aarch64 && !TARGET_bcm27xx
config MBEDTLS_CERTS_C
bool "MBEDTLS_CERTS_C"
default n
config MBEDTLS_CIPHER_MODE_OFB
bool "MBEDTLS_CIPHER_MODE_OFB"
default n
config MBEDTLS_CIPHER_MODE_XTS
bool "MBEDTLS_CIPHER_MODE_XTS"
default n
config MBEDTLS_DEBUG_C
bool "MBEDTLS_DEBUG_C"
default n
config MBEDTLS_HAVE_SSE2
bool "MBEDTLS_HAVE_SSE2"
default y
depends on TARGET_x86_generic || TARGET_x86_64
config MBEDTLS_HKDF_C
bool "MBEDTLS_HKDF_C"
default n
config MBEDTLS_PLATFORM_C
bool "MBEDTLS_PLATFORM_C"
default n
config MBEDTLS_SELF_TEST
bool "MBEDTLS_SELF_TEST"
default n
config MBEDTLS_SSL_TRUNCATED_HMAC
bool "MBEDTLS_SSL_TRUNCATED_HMAC"
default n
config MBEDTLS_VERSION_C
bool "MBEDTLS_VERSION_C"
default n
config MBEDTLS_VERSION_FEATURES
bool "MBEDTLS_VERSION_FEATURES"
default n
comment "Build Options"
config MBEDTLS_ENTROPY_FORCE_SHA256
bool "MBEDTLS_ENTROPY_FORCE_SHA256"
default y
config MBEDTLS_SSL_RENEGOTIATION
bool "MBEDTLS_SSL_RENEGOTIATION"
default n
endif

167
mbedtls/Makefile
View File

@ -1,167 +0,0 @@
#
# Copyright (C) 2011-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls
PKG_VERSION:=2.28.4
PKG_RELEASE:=1
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=578c4dcd15bbff3f5cd56aa07cd4f850fc733634e3d5947be4f7157d5bfd81ac
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=gpl-2.0.txt
PKG_CPE_ID:=cpe:/a:arm:mbed_tls
MBEDTLS_BUILD_OPTS_CURVES= \
CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED \
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED \
CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED
MBEDTLS_BUILD_OPTS_CIPHERS= \
CONFIG_MBEDTLS_AES_C \
CONFIG_MBEDTLS_CAMELLIA_C \
CONFIG_MBEDTLS_CCM_C \
CONFIG_MBEDTLS_CMAC_C \
CONFIG_MBEDTLS_DES_C \
CONFIG_MBEDTLS_GCM_C \
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED \
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
CONFIG_MBEDTLS_NIST_KW_C \
CONFIG_MBEDTLS_RIPEMD160_C \
CONFIG_MBEDTLS_RSA_NO_CRT \
CONFIG_MBEDTLS_XTEA_C
MBEDTLS_BUILD_OPTS= \
$(MBEDTLS_BUILD_OPTS_CURVES) \
$(MBEDTLS_BUILD_OPTS_CIPHERS) \
CONFIG_MBEDTLS_ARMV8CE_AES_C \
CONFIG_MBEDTLS_CERTS_C \
CONFIG_MBEDTLS_CIPHER_MODE_OFB \
CONFIG_MBEDTLS_CIPHER_MODE_XTS \
CONFIG_MBEDTLS_DEBUG_C \
CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256 \
CONFIG_MBEDTLS_HAVE_SSE2 \
CONFIG_MBEDTLS_HKDF_C \
CONFIG_MBEDTLS_PLATFORM_C \
CONFIG_MBEDTLS_SELF_TEST \
CONFIG_MBEDTLS_SSL_RENEGOTIATION \
CONFIG_MBEDTLS_SSL_TRUNCATED_HMAC \
CONFIG_MBEDTLS_VERSION_C \
CONFIG_MBEDTLS_VERSION_FEATURES
PKG_CONFIG_DEPENDS := $(MBEDTLS_BUILD_OPTS)
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/mbedtls/Default
TITLE:=Embedded SSL
URL:=https://tls.mbed.org
endef
define Package/mbedtls/Default/description
The aim of the mbedtls project is to provide a quality, open-source
cryptographic library written in C and targeted at embedded systems.
endef
define Package/libmbedtls
$(call Package/mbedtls/Default)
SECTION:=libs
CATEGORY:=Libraries
SUBMENU:=SSL
TITLE+= (library)
ABI_VERSION:=12
MENU:=1
endef
define Package/libmbedtls/config
source "$(SOURCE)/Config.in"
endef
define Package/mbedtls-util
$(call Package/mbedtls/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE+= (utilities)
DEPENDS:=+libmbedtls
endef
define Package/libmbedtls/description
$(call Package/mbedtls/Default/description)
This package contains the mbedtls library.
endef
define Package/mbedtls-util/description
$(call Package/mbedtls/Default/description)
This package contains mbedtls helper programs for private key and
CSR generation (gen_key, cert_req)
endef
TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))
ifneq ($(CONFIG_MBEDTLS_ARMV8CE_AES_C),)
TARGET_CFLAGS := $(filter-out -march=%,$(TARGET_CFLAGS)) -march=armv8-a+crypto
endif
CMAKE_OPTIONS += \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \
-DENABLE_TESTING:Bool=OFF \
-DENABLE_PROGRAMS:Bool=ON
define Build/Prepare
$(call Build/Prepare/Default)
$(if $(strip $(foreach opt,$(MBEDTLS_BUILD_OPTS),$($(opt)))),
$(foreach opt,$(MBEDTLS_BUILD_OPTS),
$(PKG_BUILD_DIR)/scripts/config.py \
-f $(PKG_BUILD_DIR)/include/mbedtls/config.h \
$(if $($(opt)),set,unset) $(patsubst CONFIG_%,%,$(opt))),)
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/
endef
define Package/libmbedtls/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/
endef
define Package/mbedtls-util/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/
endef
$(eval $(call BuildPackage,libmbedtls))
$(eval $(call BuildPackage,mbedtls-util))

197
mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch
View File

@ -1,197 +0,0 @@
From eb9d4fdf1846e688d51d86a9a50f0312aca2af25 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 23 Oct 2022 19:48:18 -0400
Subject: [PATCH] x509 crt verify SAN iPAddress
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
include/mbedtls/x509_crt.h | 2 +-
library/x509_crt.c | 126 ++++++++++++++++++++++++++++++-------
2 files changed, 103 insertions(+), 25 deletions(-)
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -608,7 +608,7 @@ int mbedtls_x509_crt_verify_info(char *b
* \param cn The expected Common Name. This will be checked to be
* present in the certificate's subjectAltNames extension or,
* if this extension is absent, as a CN component in its
- * Subject name. Currently only DNS names are supported. This
+ * Subject name. DNS names and IP addresses are supported. This
* may be \c NULL if the CN need not be verified.
* \param flags The address at which to store the result of the verification.
* If the verification couldn't be completed, the flag value is
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -57,6 +57,10 @@
#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#define WIN32_LEAN_AND_MEAN
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0600
+#endif
#include <windows.h>
#else
#include <time.h>
@@ -3001,6 +3005,61 @@ find_parent:
}
}
+#ifdef _WIN32
+#ifdef _MSC_VER
+#pragma comment(lib, "ws2_32.lib")
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+#elif defined(__sun)
+/* Solaris requires -lsocket -lnsl for inet_pton() */
+#elif defined(__has_include)
+#if __has_include(<sys/socket.h>)
+#include <sys/socket.h>
+#endif
+#if __has_include(<arpa/inet.h>)
+#include <arpa/inet.h>
+#endif
+#endif
+
+/* Use whether or not AF_INET6 is defined to indicate whether or not to use
+ * the platform inet_pton() or a local implementation (below). The local
+ * implementation may be used even in cases where the platform provides
+ * inet_pton(), e.g. when there are different includes required and/or the
+ * platform implementation requires dependencies on additional libraries.
+ * Specifically, Windows requires custom includes and additional link
+ * dependencies, and Solaris requires additional link dependencies.
+ * Also, as a coarse heuristic, use the local implementation if the compiler
+ * does not support __has_include(), or if the definition of AF_INET6 is not
+ * provided by headers included (or not) via __has_include() above. */
+#ifndef AF_INET6
+
+#define x509_cn_inet_pton(cn, dst) (0)
+
+#else
+
+static int x509_inet_pton_ipv6(const char *src, void *dst)
+{
+ return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1;
+}
+
+static int x509_inet_pton_ipv4(const char *src, void *dst)
+{
+ return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1;
+}
+
+#endif /* AF_INET6 */
+
+static size_t x509_cn_inet_pton(const char *cn, void *dst)
+{
+ return strchr(cn, ':') == NULL
+ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0
+ : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0;
+}
+
/*
* Check for CN match
*/
@@ -3021,24 +3080,51 @@ static int x509_crt_check_cn(const mbedt
return -1;
}
+static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san,
+ const char *cn, size_t cn_len)
+{
+ uint32_t ip[4];
+ cn_len = x509_cn_inet_pton(cn, ip);
+ if (cn_len == 0) {
+ return -1;
+ }
+
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ const unsigned char san_type = (unsigned char) cur->buf.tag &
+ MBEDTLS_ASN1_TAG_VALUE_MASK;
+ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
+ cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) {
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
/*
* Check for SAN match, see RFC 5280 Section 4.2.1.6
*/
-static int x509_crt_check_san(const mbedtls_x509_buf *name,
+static int x509_crt_check_san(const mbedtls_x509_sequence *san,
const char *cn, size_t cn_len)
{
- const unsigned char san_type = (unsigned char) name->tag &
- MBEDTLS_ASN1_TAG_VALUE_MASK;
-
- /* dNSName */
- if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
- return x509_crt_check_cn(name, cn, cn_len);
+ int san_ip = 0;
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */
+ if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
+ return 0;
+ }
+ break;
+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */
+ san_ip = 1;
+ break;
+ /* (We may handle other types here later.) */
+ default: /* Unrecognized type */
+ break;
+ }
}
- /* (We may handle other types here later.) */
-
- /* Unrecognized type */
- return -1;
+ return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1;
}
/*
@@ -3049,31 +3135,23 @@ static void x509_crt_verify_name(const m
uint32_t *flags)
{
const mbedtls_x509_name *name;
- const mbedtls_x509_sequence *cur;
size_t cn_len = strlen(cn);
if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
- for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
- if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
- break;
- }
- }
-
- if (cur == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
+ return;
}
} else {
for (name = &crt->subject; name != NULL; name = name->next) {
if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
- break;
+ return;
}
}
- if (name == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
}
+
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
}
/*

15
mbedtls/patches/101-remove-test.patch
View File

@ -1,15 +0,0 @@
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -1,12 +1,8 @@
add_subdirectory(aes)
-if (NOT WIN32)
- add_subdirectory(fuzz)
-endif()
add_subdirectory(hash)
add_subdirectory(pkey)
add_subdirectory(psa)
add_subdirectory(random)
add_subdirectory(ssl)
-add_subdirectory(test)
add_subdirectory(util)
add_subdirectory(x509)

390
mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch
View File

@ -1,390 +0,0 @@
From dfb6015ca79a9fee28f7fcb0af7e350a83574b83 Mon Sep 17 00:00:00 2001
From: "Markku-Juhani O. Saarinen" <mjos@mjos.fi>
Date: Mon, 20 Nov 2017 14:58:41 +0000
Subject: Implements AES and GCM with ARMv8 Crypto Extensions
A compact patch that provides AES and GCM implementations that utilize the
ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which
is disabled by default as we don't do runtime checking for the feature.
The new implementation lives in armv8ce_aes.c.
Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432
Thanks to Barry O'Rourke and others for that contribtion.
Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM
throughput increases about 4x, while raw AES speed is up to 10x faster.
When cross-compiling, you want to set something like:
export CC='aarch64-linux-gnu-gcc'
export CFLAGS='-Ofast -march=armv8-a+crypto'
scripts/config.pl set MBEDTLS_ARMV8CE_AES_C
QEMU seems to also need
export LDFLAGS='-static'
Then run normal make or cmake etc.
---
--- /dev/null
+++ b/ChangeLog.d/armv8_crypto_extensions.txt
@@ -0,0 +1,2 @@
+Features
+ * Support ARMv8 Cryptography Extensions for AES and GCM.
--- /dev/null
+++ b/include/mbedtls/armv8ce_aes.h
@@ -0,0 +1,63 @@
+/**
+ * \file armv8ce_aes.h
+ *
+ * \brief ARMv8 Cryptography Extensions -- Optimized code for AES and GCM
+ */
+
+/*
+ *
+ * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_ARMV8CE_AES_H
+#define MBEDTLS_ARMV8CE_AES_H
+
+#include "aes.h"
+
+/**
+ * \brief [ARMv8 Crypto Extensions] AES-ECB block en(de)cryption
+ *
+ * \param ctx AES context
+ * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input 16-byte input block
+ * \param output 16-byte output block
+ *
+ * \return 0 on success (cannot fail)
+ */
+
+int mbedtls_armv8ce_aes_crypt_ecb( mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] );
+
+/**
+ * \brief [ARMv8 Crypto Extensions] Multiply in GF(2^128) for GCM
+ *
+ * \param c Result
+ * \param a First operand
+ * \param b Second operand
+ *
+ * \note Both operands and result are bit strings interpreted as
+ * elements of GF(2^128) as per the GCM spec.
+ */
+
+void mbedtls_armv8ce_gcm_mult( unsigned char c[16],
+ const unsigned char a[16],
+ const unsigned char b[16] );
+
+#endif /* MBEDTLS_ARMV8CE_AES_H */
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -69,6 +69,10 @@
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
+#if defined(MBEDTLS_ARMV8CE_AES_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_ARMV8CE_AES_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
@@ -959,3 +963,4 @@ typedef int mbedtls_iso_c_forbids_empty_
/* *INDENT-ON* */
#endif /* MBEDTLS_CHECK_CONFIG_H */
+
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -46,6 +46,7 @@
* Requires support for asm() in compiler.
*
* Used in:
+ * library/armv8ce_aes.c
* library/aria.c
* library/timing.c
* include/mbedtls/bn_mul.h
@@ -2374,6 +2375,21 @@
#define MBEDTLS_AESNI_C
/**
+ * \def MBEDTLS_ARMV8CE_AES_C
+ *
+ * Enable ARMv8 Crypto Extensions for AES and GCM
+ *
+ * Module: library/armv8ce_aes.c
+ * Caller: library/aes.c
+ * library/gcm.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This module adds support for Armv8 Cryptography Extensions for AES and GCM.
+ */
+//#define MBEDTLS_ARMV8CE_AES_C
+
+/**
* \def MBEDTLS_AES_C
*
* Enable the AES block cipher.
--- a/library/aes.c
+++ b/library/aes.c
@@ -39,7 +39,9 @@
#if defined(MBEDTLS_AESNI_C)
#include "mbedtls/aesni.h"
#endif
-
+#if defined(MBEDTLS_ARMV8CE_AES_C)
+#include "mbedtls/armv8ce_aes.h"
+#endif
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_AES_ALT)
@@ -1040,6 +1042,11 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_co
}
#endif
+#if defined(MBEDTLS_ARMV8CE_AES_C)
+ // We don't do runtime checking for ARMv8 Crypto Extensions
+ return mbedtls_armv8ce_aes_crypt_ecb( ctx, mode, input, output );
+#endif
+
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if (aes_padlock_ace) {
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
--- /dev/null
+++ b/library/armv8ce_aes.c
@@ -0,0 +1,142 @@
+/*
+ * ARMv8 Cryptography Extensions -- Optimized code for AES and GCM
+ *
+ * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ARMV8CE_AES_C)
+
+#include <arm_neon.h>
+#include "mbedtls/armv8ce_aes.h"
+
+#ifndef asm
+#define asm __asm
+#endif
+
+/*
+ * [Armv8 Cryptography Extensions] AES-ECB block en(de)cryption
+ */
+
+#if defined(MBEDTLS_AES_C)
+
+int mbedtls_armv8ce_aes_crypt_ecb( mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] )
+{
+ unsigned int i;
+ const uint8_t *rk;
+ uint8x16_t x, k;
+
+ x = vld1q_u8( input ); /* input block */
+ rk = (const uint8_t *) ctx->rk; /* round keys */
+
+ if( mode == MBEDTLS_AES_ENCRYPT )
+ {
+ for( i = ctx->nr - 1; i != 0; i-- ) /* encryption loop */
+ {
+ k = vld1q_u8( rk );
+ rk += 16;
+ x = vaeseq_u8( x, k );
+ x = vaesmcq_u8( x );
+ }
+ k = vld1q_u8( rk );
+ rk += 16;
+ x = vaeseq_u8( x, k );
+ }
+ else
+ {
+ for( i = ctx->nr - 1; i != 0 ; i-- ) /* decryption loop */
+ {
+ k = vld1q_u8( rk );
+ rk += 16;
+ x = vaesdq_u8( x, k );
+ x = vaesimcq_u8( x );
+ }
+ k = vld1q_u8( rk );
+ rk += 16;
+ x = vaesdq_u8( x, k );
+ }
+
+ k = vld1q_u8( rk ); /* final key just XORed */
+ x = veorq_u8( x, k );
+ vst1q_u8( output, x ); /* write out */
+
+ return ( 0 );
+}
+
+#endif /* MBEDTLS_AES_C */
+
+
+/*
+ * [Armv8 Cryptography Extensions] Multiply in GF(2^128) for GCM
+ */
+
+#if defined(MBEDTLS_GCM_C)
+
+void mbedtls_armv8ce_gcm_mult( unsigned char c[16],
+ const unsigned char a[16],
+ const unsigned char b[16] )
+{
+ /* GCM's GF(2^128) polynomial basis is x^128 + x^7 + x^2 + x + 1 */
+ const uint64x2_t base = { 0, 0x86 }; /* note missing LS bit */
+
+ register uint8x16_t vc asm( "v0" ); /* named registers */
+ register uint8x16_t va asm( "v1" ); /* (to avoid conflict) */
+ register uint8x16_t vb asm( "v2" );
+ register uint64x2_t vp asm( "v3" );
+
+ va = vld1q_u8( a ); /* load inputs */
+ vb = vld1q_u8( b );
+ vp = base;
+
+ asm (
+ "rbit %1.16b, %1.16b \n\t" /* reverse bit order */
+ "rbit %2.16b, %2.16b \n\t"
+ "pmull2 %0.1q, %1.2d, %2.2d \n\t" /* v0 = a.hi * b.hi */
+ "pmull2 v4.1q, %0.2d, %3.2d \n\t" /* mul v0 by x^64, reduce */
+ "ext %0.16b, %0.16b, %0.16b, #8 \n\t"
+ "eor %0.16b, %0.16b, v4.16b \n\t"
+ "ext v5.16b, %2.16b, %2.16b, #8 \n\t" /* (swap hi and lo in b) */
+ "pmull v4.1q, %1.1d, v5.1d \n\t" /* v0 ^= a.lo * b.hi */
+ "eor %0.16b, %0.16b, v4.16b \n\t"
+ "pmull2 v4.1q, %1.2d, v5.2d \n\t" /* v0 ^= a.hi * b.lo */
+ "eor %0.16b, %0.16b, v4.16b \n\t"
+ "pmull2 v4.1q, %0.2d, %3.2d \n\t" /* mul v0 by x^64, reduce */
+ "ext %0.16b, %0.16b, %0.16b, #8 \n\t"
+ "eor %0.16b, %0.16b, v4.16b \n\t"
+ "pmull v4.1q, %1.1d, %2.1d \n\t" /* v0 ^= a.lo * b.lo */
+ "eor %0.16b, %0.16b, v4.16b \n\t"
+ "rbit %0.16b, %0.16b \n\t" /* reverse bits for output */
+ : "=w" (vc) /* q0: output */
+ : "w" (va), "w" (vb), "w" (vp) /* q1, q2: input */
+ : "v4", "v5" /* q4, q5: clobbered */
+ );
+
+ vst1q_u8( c, vc ); /* write out */
+}
+
+#endif /* MBEDTLS_GCM_C */
+
+#endif /* MBEDTLS_ARMV8CE_AES_C */
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -15,6 +15,7 @@ set(src_crypto
aesni.c
arc4.c
aria.c
+ armv8ce_aes.c
asn1parse.c
asn1write.c
base64.c
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -42,6 +42,10 @@
#include "mbedtls/aesni.h"
#endif
+#if defined(MBEDTLS_ARMV8CE_AES_C)
+#include "mbedtls/armv8ce_aes.h"
+#endif
+
#if !defined(MBEDTLS_GCM_ALT)
/* Parameter validation macros */
@@ -80,6 +84,12 @@ static int gcm_gen_table(mbedtls_gcm_con
return ret;
}
+#if defined(MBEDTLS_ARMV8CE_AES_C)
+ // we don't do feature testing with ARMv8 cryptography extensions
+ memcpy( ctx ->HL, h, 16 ); // put H at the beginning of buffer
+ return( 0 ); // that's all we need
+#endif
+
/* pack h as two 64-bits ints, big-endian */
hi = MBEDTLS_GET_UINT32_BE(h, 0);
lo = MBEDTLS_GET_UINT32_BE(h, 4);
@@ -190,6 +200,11 @@ static void gcm_mult(mbedtls_gcm_context
unsigned char lo, hi, rem;
uint64_t zh, zl;
+#if defined(MBEDTLS_ARMV8CE_AES_C)
+ mbedtls_armv8ce_gcm_mult( output, x, (const unsigned char *) ctx->HL );
+ return;
+#endif
+
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
unsigned char h[16];
--- a/library/Makefile
+++ b/library/Makefile
@@ -74,6 +74,7 @@ OBJS_CRYPTO= \
aria.o \
asn1parse.o \
asn1write.o \
+ armv8ce_aes.o \
base64.o \
bignum.o \
blowfish.o \
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -624,6 +624,9 @@ static const char * const features[] = {
#if defined(MBEDTLS_AESNI_C)
"MBEDTLS_AESNI_C",
#endif /* MBEDTLS_AESNI_C */
+#if defined(MBEDTLS_ARMV8CE_AES_C)
+ "MBEDTLS_ARMV8CE_AES_C",
+#endif /* MBEDTLS_ARMV8CE_AES_C */
#if defined(MBEDTLS_AES_C)
"MBEDTLS_AES_C",
#endif /* MBEDTLS_AES_C */

0
miniupnpd/Makefile → miniupnpd-iptables/Makefile
View File

0
miniupnpd/files/firewall.include → miniupnpd-iptables/files/firewall.include
View File

0
miniupnpd/files/miniupnpd.defaults → miniupnpd-iptables/files/miniupnpd.defaults
View File

0
miniupnpd/files/miniupnpd.hotplug → miniupnpd-iptables/files/miniupnpd.hotplug
View File

0
miniupnpd/files/miniupnpd.init → miniupnpd-iptables/files/miniupnpd.init
View File

0
miniupnpd/files/upnpd.config → miniupnpd-iptables/files/upnpd.config
View File

0
miniupnpd/patches/100-no-daemon.patch → miniupnpd-iptables/patches/100-no-daemon.patch
View File

0
miniupnpd/patches/101-no-ssl-uuid.patch → miniupnpd-iptables/patches/101-no-ssl-uuid.patch
View File

0
miniupnpd/patches/102-ipv6-ext-port.patch → miniupnpd-iptables/patches/102-ipv6-ext-port.patch
View File

0
miniupnpd/patches/103-no-ipv6-autodetection.patch → miniupnpd-iptables/patches/103-no-ipv6-autodetection.patch
View File

0
miniupnpd/patches/104-always-libuuid.patch → miniupnpd-iptables/patches/104-always-libuuid.patch
View File

0
miniupnpd/patches/105-build-with-kernel-5.4.patch → miniupnpd-iptables/patches/105-build-with-kernel-5.4.patch
View File

0
miniupnpd/patches/106-spam-syslog-ignoring.patch → miniupnpd-iptables/patches/106-spam-syslog-ignoring.patch
View File

Some files were not shown because too many files have changed in this diff Show More