Merge pull request #156 from Ysurac/develop

sync

https-dns-proxy/Makefile

@@ -1,14 +1,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=https-dns-proxy
-PKG_VERSION:=2021-01-17
-PKG_RELEASE=2
+PKG_VERSION:=2021-06-03
+PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy
-PKG_SOURCE_DATE:=2021-01-17
-PKG_SOURCE_VERSION:=37511cc08712d7548978a4f6f1cc457b7594fb96
-PKG_MIRROR_HASH:=4e6a7dcb69e350d1df9f17570439b589e031e249da7f91f2ec7600a955e0aaa3
+PKG_SOURCE_DATE:=2021-06-03
+PKG_SOURCE_VERSION:=5651b984f770a8bcecb14aeffc224703f8f82586
+PKG_MIRROR_HASH:=b65161936269aa3117debad0fcfce157024726b78d7e7da77c226f7aa8da5b4d
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE

https-dns-proxy/files/README.md

@@ -1,95 +1,3 @@
-# DNS Over HTTPS Proxy (https-dns-proxy)
+# README
 
-A lean RFC8484-compatible (no JSON API support) DNS-over-HTTPS (DoH) proxy service which supports DoH servers ran by AdGuard, CleanBrowsing, Cloudflare, Google, ODVR (nic.cz) and Quad9. Please see the [README](https://github.com/stangri/openwrt_packages/blob/master/https-dns-proxy/files/README.md) for further information. Based on [@aarond10](https://github.com/aarond10)'s [https-dns-proxy](https://github.com/aarond10/https_dns_proxy).
-
-## Features
-
-- [RFC8484](https://tools.ietf.org/html/rfc8484)-compatible DoH Proxy.
-- Compact size.
-- Web UI (```luci-app-https-dns-proxy```) available.
-- (By default) automatically updates DNSMASQ settings to use DoH proxy when it's started and reverts to old DNSMASQ resolvers when DoH proxy is stopped.
-
-## Screenshots (luci-app-https-dns-proxy)
-
-![screenshot](https://raw.githubusercontent.com/stangri/openwrt_packages/master/screenshots/https-dns-proxy/screenshot01.png "https-dns-proxy screenshot")
-
-## Requirements
-
-This proxy requires the following packages to be installed on your router: ```libc```, ```libcares```, ```libcurl```, ```libev```, ```ca-bundle```. They will be automatically installed when you're installing ```https-dns-proxy```.
-
-## Unmet Dependencies
-
-If you are running a development (trunk/snapshot) build of OpenWrt/LEDE Project on your router and your build is outdated (meaning that packages of the same revision/commit hash are no longer available and when you try to satisfy the [requirements](#requirements) you get errors), please flash either current LEDE release image or current development/snapshot image.
-
-## How To Install
-
-Install ```https-dns-proxy``` and ```luci-app-https-dns-proxy``` packages from Web UI or run the following in the command line:
-
-```sh
-opkg update; opkg install https-dns-proxy luci-app-https-dns-proxy;
-```
-
-## Default Settings
-
-Default configuration has service enabled and starts the service with Google and Cloudflare DoH servers. In most configurations, you will keep the default ```DNSMASQ``` service installed to handle requests from devices in your local network and point ```DNSMASQ``` to use ```https-dns-proxy``` for name resolution.
-
-By default, the service will intelligently override existing ```DNSMASQ``` servers settings on start to use the DoH servers and restores original ```DNSMASQ``` servers on stop. See the [Configuration Settings](#configuration-settings) section below for more information and how to disable this behavior.
-
-## Configuration Settings
-
-Configuration contains the (named) "main" config section where you can configure which ```DNSMASQ``` settings the service will automatically affect and the typed (unnamed) https-dns-proxy instance settings. The original config file is included below:
-
-```text
-config main 'config'
-  option update_dnsmasq_config '*'
-
-config https-dns-proxy
-  option bootstrap_dns '8.8.8.8,8.8.4.4'
-  option resolver_url 'https://dns.google/dns-query'
-  option listen_addr '127.0.0.1'
-  option listen_port '5053'
-  option user 'nobody'
-  option group 'nogroup'
-
-config https-dns-proxy
-  option bootstrap_dns '1.1.1.1,1.0.0.1'
-  option resolver_url 'https://cloudflare-dns.com/dns-query'
-  option listen_addr '127.0.0.1'
-  option listen_port '5054'
-  option user 'nobody'
-  option group 'nogroup'
-```
-
-The ```update_dnsmasq_config``` option can be set to dash (set to ```'-'``` to not change ```DNSMASQ``` server settings on start/stop), can be set to ```'*'``` to affect all ```DNSMASQ``` instance server settings or have a space-separated list of ```DNSMASQ``` instances to affect (like ```'0 4 5'```). If this option is omitted, the default setting is ```'*'```.
-
-Starting with ```https-dns-proxy``` version ```2019-12-03-3``` and higher, when the service is set to update the DNSMASQ servers setting on start/stop, it does not override entries which contain either ```#``` or ```/```, so the entries like listed below will be kept in use:
-
-```test
-  list server '/onion/127.0.0.1#65453'
-  list server '/openwrt.org/8.8.8.8'
-  list server '/pool.ntp.org/8.8.8.8'
-  list server '127.0.0.1#15353'
-  list server '127.0.0.1#55353'
-  list server '127.0.0.1#65353'
-```
-
-The https-dns-proxy instance settings are:
-
-|Parameter|Type|Default|Description|
-| --- | --- | --- | --- |
-|bootstrap_dns|IP Address||The non-encrypted DNS servers to be used to resolve the DoH server name on start.|
-|edns_subnet|Subnet||EDNS Subnet address can be supplied to supported DoH servers to provide local resolution results.|
-|listen_addr|IP Address|127.0.0.1|The local IP address to listen to requests.|
-|listen_port|port|5053 and up|If this setting is omitted, the service will start the first https-dns-proxy instance on port 5053, second on 5054 and so on.|
-|logfile|Full filepath||Full filepath to the file to log the instance events to.|
-|resolver_url|URL||The https URL to the RFC8484-compatible resolver.|
-|proxy_server|URL||Local proxy server to use when accessing resolvers.|
-|user|String|nobody|Local user to run instance under.|
-|group|String|nogroup|Local group to run instance under.|
-|use_http1|Boolean|0|If set to 1, use HTTP/1 on installations with broken/outdated ```curl``` package. Included for posterity reasons, you will most likely not ever need it on OpenWrt.|
-|verbosity|Integer|0|logging verbosity level. fatal = 0, error = 1, warning = 2, info = 3, debug = 4|
-|use_ipv6_resolvers_only|Boolean|0|If set to 1, Forces IPv6 DNS resolvers instead of IPv4|
-
-## Thanks
-
-This OpenWrt package wouldn't have been possible without [@aarond10](https://github.com/aarond10)'s [https-dns-proxy](https://github.com/aarond10/https_dns_proxy) and his active participation in the OpenWrt package itself. Special thanks to [@jow-](https://github.com/jow-) for general package/luci guidance.
+README has been moved to [https://docs.openwrt.melmac.net/https-dns-proxy/](https://docs.openwrt.melmac.net/https-dns-proxy/).

https-dns-proxy/files/https-dns-proxy.init

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 # Copyright 2019-2020 Stan Grishin (stangri@melmac.net)
-# shellcheck disable=SC2039
+# shellcheck disable=SC2039,SC3043,SC3060
 PKG_VERSION='dev-test'
 
 # shellcheck disable=SC2034
@@ -16,8 +16,7 @@ else
 fi
 
 readonly PROG=/usr/sbin/https-dns-proxy
-dnsmasqConfig=''
-forceDNS='1'
+dnsmasqConfig=''; forceDNS=''; forceDNSPorts='';
 
 version() { echo "$PKG_VERSION"; }
 
@@ -95,10 +94,11 @@ start_instance() {
 is_force_dns_active() { iptables-save | grep -q -w -- '--dport 53'; }
 
 start_service() {
-	local p=5053
+	local p=5053 c
 	config_load 'https-dns-proxy'
 	config_get dnsmasqConfig	'config' 'update_dnsmasq_config' '*'
 	config_get_bool forceDNS	'config' 'force_dns' '1'
+	config_get forceDNSPorts	'config' 'force_dns_port' '53 853'
 	dhcp_backup 'create'
 	config_load 'https-dns-proxy'
 	config_foreach start_instance 'https-dns-proxy'
@@ -109,16 +109,28 @@ start_service() {
 		procd_set_param stderr 1
 		procd_open_data
 		json_add_array firewall
-		json_add_object ''
-		json_add_string type redirect
-		json_add_string name https_dns_proxy_dns_redirect
-		json_add_string target DNAT
-		json_add_string src lan
-		json_add_string proto tcpudp
-		json_add_string src_dport 53
-		json_add_string dest_port 53
-		json_add_string reflection 0
-		json_close_object
+		for c in $forceDNSPorts; do
+			if netstat -tuln | grep 'LISTEN' | grep ":${c}" >/dev/null 2>&1 || [ "$c" = "53" ]; then
+				json_add_object ""
+				json_add_string type redirect
+				json_add_string target DNAT
+				json_add_string src lan
+				json_add_string proto "tcp udp"
+				json_add_string src_dport "$c"
+				json_add_string dest_port "$c"
+				json_add_boolean reflection 0
+				json_close_object
+			else
+				json_add_object ""
+				json_add_string type rule
+				json_add_string src lan
+				json_add_string dest "*"
+				json_add_string proto "tcp udp"
+				json_add_string dest_port "$c"
+				json_add_string target REJECT
+				json_close_object
+			fi
+		done
 		json_close_array
 		procd_close_data
 		procd_close_instance
@@ -159,7 +171,7 @@ dnsmasq_add_doh_server() {
 dnsmasq_create_server_backup() {
 	local cfg="$1"
 	local i
-	uci -q get "dhcp.${cfg}" >/dev/null || return 0
+	uci -q get "dhcp.${cfg}" >/dev/null || return 1
 	if ! uci -q get "dhcp.${cfg}.doh_backup_noresolv" >/dev/null; then
 		if [ -z "$(uci -q get "dhcp.${cfg}.noresolv")" ]; then
 			uci -q set "dhcp.${cfg}.noresolv=1"
@@ -170,13 +182,17 @@ dnsmasq_create_server_backup() {
 		fi
 	fi
 	if ! uci -q get "dhcp.${cfg}.doh_backup_server" >/dev/null; then
+		if [ -z "$(uci -q get "dhcp.${cfg}.server")" ]; then
+			uci -q add_list "dhcp.${cfg}.doh_backup_server="
+		fi
 		for i in $(uci -q get "dhcp.${cfg}.server"); do
 			uci -q add_list "dhcp.${cfg}.doh_backup_server=$i"
-			if [ "$i" = "${i//127.0.0.1}" ] && [ "$i" = "$(echo "$i" | tr -d /)" ]; then
+			if [ "$i" = "$(echo "$i" | tr -d /\#)" ]; then
 				uci -q del_list "dhcp.${cfg}.server=$i"
 			fi
 		done
 	fi
+	return 0
 }
 
 dnsmasq_restore_server_backup() {
@@ -209,7 +225,8 @@ dhcp_backup() {
 				config_foreach dnsmasq_create_server_backup 'dnsmasq'
 			elif [ -n "$dnsmasqConfig" ]; then
 				for i in $dnsmasqConfig; do
-					dnsmasq_create_server_backup "@dnsmasq[${i}]"
+					dnsmasq_create_server_backup "@dnsmasq[${i}]" || \
+						dnsmasq_create_server_backup "$i"
 				done
 			fi
 			;;

https-dns-proxy/test.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/etc/init.d/"$1" version 2>&1 | grep "$2"

iperf3/Makefile

@@ -0,0 +1,83 @@
+#
+# Copyright (C) 2007-2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=iperf
+PKG_VERSION:=3.10.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf
+PKG_HASH:=03bc9760cc54a245191d46bfc8edaf8a4750f0e87abca6764486972044d6715a
+
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+PKG_LICENSE:=BSD-3-Clause
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+DISABLE_NLS:=
+
+define Package/iperf3/default
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Internet Protocol bandwidth measuring tool
+  URL:=https://github.com/esnet/iperf
+endef
+
+define Package/iperf3
+$(call Package/iperf3/default)
+  VARIANT:=nossl
+endef
+
+define Package/iperf3-ssl
+$(call Package/iperf3/default)
+  TITLE+= with iperf_auth support
+  VARIANT:=ssl
+  DEPENDS:= +libopenssl
+endef
+
+TARGET_CFLAGS += -D_GNU_SOURCE
+CONFIGURE_ARGS += --disable-shared
+
+ifeq ($(BUILD_VARIANT),ssl)
+	CONFIGURE_ARGS += --with-openssl="$(STAGING_DIR)/usr"
+else
+	CONFIGURE_ARGS += --without-openssl
+endif
+
+MAKE_FLAGS += noinst_PROGRAMS=
+
+define Package/iperf3/description
+ Iperf is a modern alternative for measuring TCP and UDP bandwidth
+ performance, allowing the tuning of various parameters and
+ characteristics.
+endef
+
+# autoreconf fails if the README file isn't present
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	touch $(PKG_BUILD_DIR)/README
+endef
+
+define Package/iperf3/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
+endef
+
+define Package/iperf3-ssl/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,iperf3))
+$(eval $(call BuildPackage,iperf3-ssl))

iperf3/patches/remove-in6_flowlabel_req.patch

@@ -0,0 +1,24 @@
+--- a/src/flowlabel.h	2021-06-24 13:26:33.142463630 +0200
++++ b/src/flowlabel.h	2021-06-24 13:27:45.669235179 +0200
+@@ -37,21 +37,6 @@
+    conflicts with "netinet/in.h" .
+ */
+ 
+-#ifndef __ANDROID__
+-struct in6_flowlabel_req
+-{
+-    struct in6_addr flr_dst;
+-    __u32   flr_label;
+-    __u8    flr_action;
+-    __u8    flr_share;
+-    __u16   flr_flags;
+-    __u16   flr_expires;
+-    __u16   flr_linger;
+-    __u32   __flr_pad;
+-    /* Options in format of IPV6_PKTOPTIONS */
+-};
+-#endif
+-
+ #define IPV6_FL_A_GET           0
+ #define IPV6_FL_A_PUT           1
+ #define IPV6_FL_A_RENEW         2

luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js

@@ -164,7 +164,7 @@ function upgrade_check() {
     hide("#status_box");
     hide("#server_div");
     set_status("info", _("Searching for upgrades"), true);
-    fetch(data.url + "/api/versions")
+    fetch(data.url + "/api/versions?v=" + Date.now())
         .then(response => response.json())
         .then(response => {
             var branches = response["branches"]
@@ -348,7 +348,7 @@ function download_image() {
 }
 
 function server_request() {
-    fetch(data.url + "/api/build", {
+    fetch(data.url + "/api/build?v=" + Date.now(), {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json'

shadowsocks-libev/Makefile

@@ -57,7 +57,7 @@ define Package/shadowsocks-libev/Default
     SUBMENU:=Web Servers/Proxies
     TITLE:=shadowsocks-libev $(1)
     URL:=https://github.com/shadowsocks/shadowsocks-libev
-    DEPENDS:=+libcares +libev +libmbedtls +libpcre +libpthread +libsodium +shadowsocks-libev-config +zlib +libpcap +libcap +libstdcpp +libelf1
+    DEPENDS:=+libcares +libev +libmbedtls +libpcre +libpthread +libsodium +shadowsocks-libev-config +zlib +libpcap +libcap +libstdcpp +libelf
   endef
 
   define Package/shadowsocks-libev-$(1)/install