diff --git a/contributors/cr3ative.md b/contributors/cr3ative.md old mode 100755 new mode 100644 diff --git a/contributors/example.md b/contributors/example.md old mode 100755 new mode 100644 diff --git a/contributors/flesser.md b/contributors/flesser.md old mode 100755 new mode 100644 diff --git a/contributors/ta264.md b/contributors/ta264.md old mode 100755 new mode 100644 diff --git a/contributors/yostyle.md b/contributors/yostyle.md old mode 100755 new mode 100644 diff --git a/fullconenat/Makefile b/fullconenat/Makefile new file mode 100644 index 000000000..d49155c7e --- /dev/null +++ b/fullconenat/Makefile @@ -0,0 +1,62 @@ +# +# Copyright (C) 2022 Chion Tang +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=fullconenat +PKG_RELEASE:=9 + +PKG_SOURCE_DATE:=2022-02-13 +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/llccd/netfilter-full-cone-nat.git +PKG_SOURCE_VERSION:=108a36cbdca17e68c9e6e7fd5e26156a88f738e8 +PKG_MIRROR_HASH:=00d749235271dee194dcd23c22e6e85207ea90192a62a110b2af0b4e4de1971f + +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Chion Tang + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +define Package/iptables-mod-fullconenat + SUBMENU:=Firewall + SECTION:=net + CATEGORY:=Network + TITLE:=FULLCONENAT iptables extension + DEPENDS:=+iptables +kmod-ipt-fullconenat +endef + +define Package/iptables-mod-fullconenat/install + $(INSTALL_DIR) $(1)/usr/lib/iptables + $(INSTALL_BIN) $(PKG_BUILD_DIR)/libipt_FULLCONENAT.so $(1)/usr/lib/iptables +endef + +define KernelPackage/ipt-fullconenat + SUBMENU:=Netfilter Extensions + TITLE:=FULLCONENAT netfilter module + DEPENDS:=+kmod-nf-ipt +kmod-nf-nat + KCONFIG:= \ + CONFIG_NF_CONNTRACK_EVENTS=y \ + CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y + FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko +endef + +include $(INCLUDE_DIR)/kernel-defaults.mk + +define Build/Compile + +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + ARCH="$(LINUX_KARCH)" \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(BUILDFLAGS)" \ + modules + $(call Build/Compile/Default) +endef + +$(eval $(call KernelPackage,ipt-fullconenat)) +$(eval $(call BuildPackage,iptables-mod-fullconenat)) diff --git a/fullconenat/patches/001-fix-init-Repeat-definition.patch b/fullconenat/patches/001-fix-init-Repeat-definition.patch new file mode 100644 index 000000000..67c9332c8 --- /dev/null +++ b/fullconenat/patches/001-fix-init-Repeat-definition.patch @@ -0,0 +1,20 @@ +--- a/libip6t_FULLCONENAT.c ++++ b/libip6t_FULLCONENAT.c +@@ -214,6 +214,7 @@ static struct xtables_target fullconenat_tg_reg = { + .x6_options = FULLCONENAT_opts, + }; + ++#define _init __attribute__((constructor)) _INIT + void _init(void) + { + xtables_register_target(&fullconenat_tg_reg); +--- a/libipt_FULLCONENAT.c ++++ b/libipt_FULLCONENAT.c +@@ -235,6 +235,7 @@ static struct xtables_target fullconenat_tg_reg = { + .x6_options = FULLCONENAT_opts, + }; + ++#define _init __attribute__((constructor)) _INIT + void _init(void) + { + xtables_register_target(&fullconenat_tg_reg); diff --git a/fullconenat/patches/001-linux-6.1-support.patch b/fullconenat/patches/001-linux-6.1-support.patch new file mode 100644 index 000000000..41721fb5c --- /dev/null +++ b/fullconenat/patches/001-linux-6.1-support.patch @@ -0,0 +1,26 @@ +--- a/xt_FULLCONENAT.c ++++ b/xt_FULLCONENAT.c +@@ -325,7 +325,11 @@ + /* for now we do the same thing for both --random and --random-fully */ + + /* select a random starting point */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) ++ start = (uint16_t)(get_random_u32() % (u32)range_size); ++#else + start = (uint16_t)(prandom_u32() % (u32)range_size); ++#endif + } else { + + if ((original_port >= min && original_port <= min + range_size - 1) +@@ -995,7 +999,11 @@ + /* for now we do the same thing for both --random and --random-fully */ + + /* select a random starting point */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) ++ start = (uint16_t)(get_random_u32() % (u32)range_size); ++#else + start = (uint16_t)(prandom_u32() % (u32)range_size); ++#endif + } else { + + if ((original_port >= min && original_port <= min + range_size - 1) diff --git a/fullconenat/src/Makefile b/fullconenat/src/Makefile new file mode 100644 index 000000000..b2f88db33 --- /dev/null +++ b/fullconenat/src/Makefile @@ -0,0 +1,6 @@ +libipt_FULLCONENAT.so: libipt_FULLCONENAT.o + $(CC) -shared -lxtables -o $@ $^; +libipt_FULLCONENAT.o: libipt_FULLCONENAT.c + $(CC) ${CFLAGS} -fPIC -D_INIT=$*_init -c -o $@ $<; + +obj-m += xt_FULLCONENAT.o diff --git a/ipcalc/Makefile b/ipcalc/Makefile old mode 100755 new mode 100644 diff --git a/iperf3/Makefile b/iperf3/Makefile old mode 100755 new mode 100644 diff --git a/iperf3/patches/add-MPTCP-support.patch b/iperf3/patches/add-MPTCP-support.patch old mode 100755 new mode 100644 diff --git a/iproute2/Makefile b/iproute2/Makefile old mode 100755 new mode 100644 diff --git a/iproute2/patches/100-configure.patch b/iproute2/patches/100-configure.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/110-darwin_fixes.patch b/iproute2/patches/110-darwin_fixes.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/115-add-config-xtlibdir.patch b/iproute2/patches/115-add-config-xtlibdir.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/120-no_arpd_ifstat_rtacct_lnstat.patch b/iproute2/patches/120-no_arpd_ifstat_rtacct_lnstat.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch b/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/140-allow_pfifo_fast.patch b/iproute2/patches/140-allow_pfifo_fast.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/140-keep_libmnl_optional.patch b/iproute2/patches/140-keep_libmnl_optional.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/145-keep_libelf_optional.patch b/iproute2/patches/145-keep_libelf_optional.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/150-keep_libcap_optional.patch b/iproute2/patches/150-keep_libcap_optional.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/155-keep_tirpc_optional.patch b/iproute2/patches/155-keep_tirpc_optional.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/160-libnetlink-pic.patch b/iproute2/patches/160-libnetlink-pic.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/170-ip_tiny.patch b/iproute2/patches/170-ip_tiny.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/175-reduce-dynamic-syms.patch b/iproute2/patches/175-reduce-dynamic-syms.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/180-drop_FAILED_POLICY.patch b/iproute2/patches/180-drop_FAILED_POLICY.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/190-fix-nls-rpath-link.patch b/iproute2/patches/190-fix-nls-rpath-link.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/195-build_variant_ip_tc.patch b/iproute2/patches/195-build_variant_ip_tc.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/200-drop_libbsd_dependency.patch b/iproute2/patches/200-drop_libbsd_dependency.patch old mode 100755 new mode 100644 diff --git a/iproute2/patches/300-selinux-configurable.patch b/iproute2/patches/300-selinux-configurable.patch old mode 100755 new mode 100644 diff --git a/libmbim/Makefile b/libmbim/Makefile old mode 100755 new mode 100644 diff --git a/libqmi/Config.in b/libqmi/Config.in old mode 100755 new mode 100644 diff --git a/libqmi/Makefile b/libqmi/Makefile old mode 100755 new mode 100644 diff --git a/mptcp/Makefile b/mptcp/Makefile old mode 100755 new mode 100644 diff --git a/mptcp/files/etc/hotplug.d/iface/30-mptcp b/mptcp/files/etc/hotplug.d/iface/30-mptcp old mode 100755 new mode 100644 diff --git a/mptcp/files/usr/share/omr/post-tracking.d/010-services b/mptcp/files/usr/share/omr/post-tracking.d/010-services index 8973c0cca..f2407ea01 100755 --- a/mptcp/files/usr/share/omr/post-tracking.d/010-services +++ b/mptcp/files/usr/share/omr/post-tracking.d/010-services @@ -121,19 +121,6 @@ if ([ -f /etc/init.d/shadowsocks-libev ] && [ "$(uci -q get shadowsocks-libev.ss [ -n "$(uci -q changes openmptcprouter)" ] && uci -q commit openmptcprouter fi -restart_omrtracker() { - [ -n "$(pgrep -f "omr-tracker $1)" ] && return - config_get multipath "$1" multipath - config_get ifenabled "$1" auto - [ -z "$multipath" ] || [ "$multipath" = "off" ] && return - [ "$ifenabled" = "0" ] && return - /etc/init.d/omr-tracker start_interface "$1" - sleep 10 -} - -config_load network -config_foreach restart_omrtracker interface - if [ -f /etc/init.d/shadowsocks-libev ] && [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ "$(uci -q get shadowsocks-libev.sss0.key)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "192.18.1.3" ] && [ "$(pgrep -f omr-tracker-ss)" = "" ] && [ "$(pgrep -f '/etc/init.d/omr-tracker')" = "" ]; then _log "Can't find omr-tracker-ss, restart omr-tracker..." /etc/init.d/omr-tracker restart 2>&1 >/dev/null diff --git a/mptcpd/Makefile b/mptcpd/Makefile old mode 100755 new mode 100644 diff --git a/mptcpd/patches/endian.patch b/mptcpd/patches/endian.patch old mode 100755 new mode 100644 diff --git a/mptcpd/patches/ndiffports.patch b/mptcpd/patches/ndiffports.patch old mode 100755 new mode 100644 diff --git a/mptcpd/patches/stub_error_h.patch b/mptcpd/patches/stub_error_h.patch old mode 100755 new mode 100644 diff --git a/msmtp/Makefile b/msmtp/Makefile old mode 100755 new mode 100644 diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile old mode 100755 new mode 100644 diff --git a/ndpi-netfilter2/patches/001-remove-request-module-nf_conntrack-ip_tables-ip6_tables.patch b/ndpi-netfilter2/patches/001-remove-request-module-nf_conntrack-ip_tables-ip6_tables.patch old mode 100755 new mode 100644 diff --git a/ndpi-netfilter2/patches/002-no-livepatch-required.patch b/ndpi-netfilter2/patches/002-no-livepatch-required.patch old mode 100755 new mode 100644 diff --git a/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch b/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch old mode 100755 new mode 100644 diff --git a/ndpi-netfilter2/patches/outline-atomics.patch b/ndpi-netfilter2/patches/outline-atomics.patch old mode 100755 new mode 100644 diff --git a/ndpi-netfilter2/patches/skbuff-check_fix.patch b/ndpi-netfilter2/patches/skbuff-check_fix.patch old mode 100755 new mode 100644 diff --git a/openvpn/Config-mbedtls.in b/openvpn/Config-mbedtls.in old mode 100755 new mode 100644 diff --git a/openvpn/Config-openssl.in b/openvpn/Config-openssl.in old mode 100755 new mode 100644 diff --git a/openvpn/Config-wolfssl.in b/openvpn/Config-wolfssl.in old mode 100755 new mode 100644 diff --git a/openvpn/Makefile b/openvpn/Makefile old mode 100755 new mode 100644 diff --git a/openvpn/files/etc/hotplug.d/openvpn/01-user b/openvpn/files/etc/hotplug.d/openvpn/01-user old mode 100755 new mode 100644 diff --git a/openvpn/files/etc/openvpn.user b/openvpn/files/etc/openvpn.user old mode 100755 new mode 100644 diff --git a/openvpn/files/lib/functions/openvpn.sh b/openvpn/files/lib/functions/openvpn.sh old mode 100755 new mode 100644 diff --git a/openvpn/files/openvpn.config b/openvpn/files/openvpn.config old mode 100755 new mode 100644 index 9b5a42655..ea442c765 --- a/openvpn/files/openvpn.config +++ b/openvpn/files/openvpn.config @@ -279,6 +279,17 @@ config openvpn sample_server # Use BF-CBC as fallback # option data_ciphers_fallback 'BF-CBC' + # OpenVPN versions 2.4 and later will attempt to + # automatically negotiate the most secure cipher + # between the client and server, regardless of a + # configured "option cipher" (see below). + # Automatic negotiation is recommended. + # + # Uncomment this option to disable this behavior, + # and force all OpenVPN peers to use the configured + # cipher option instead (not recommended). +# option ncp_disable + # Enable compression on the VPN link. # If you enable it here, you must also # enable it in the client config file. diff --git a/openvpn/files/openvpn.init b/openvpn/files/openvpn.init old mode 100755 new mode 100644 diff --git a/openvpn/files/openvpn.options b/openvpn/files/openvpn.options old mode 100755 new mode 100644 index 5b8d55a07..7e3aedb0d --- a/openvpn/files/openvpn.options +++ b/openvpn/files/openvpn.options @@ -166,6 +166,7 @@ mlock mtu_test multihome mute_replay_warnings +ncp_disable nobind opt_verify passtos diff --git a/openvpn/files/openvpn.upgrade b/openvpn/files/openvpn.upgrade old mode 100755 new mode 100644 diff --git a/openvpn/files/usr/libexec/openvpn-hotplug b/openvpn/files/usr/libexec/openvpn-hotplug old mode 100755 new mode 100644 diff --git a/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch old mode 100755 new mode 100644 diff --git a/openvpn/patches/101-Fix-EVP_PKEY_CTX_-compilation-with-wolfSSL.patch b/openvpn/patches/101-Fix-EVP_PKEY_CTX_-compilation-with-wolfSSL.patch old mode 100755 new mode 100644 diff --git a/openvpn/patches/102-Disable-external-ec-key-support-when-building-with-wolfSSL.patch b/openvpn/patches/102-Disable-external-ec-key-support-when-building-with-wolfSSL.patch old mode 100755 new mode 100644 diff --git a/openvpn/patches/103-define-LN_serialNumber-for-wolfSSL.patch b/openvpn/patches/103-define-LN_serialNumber-for-wolfSSL.patch old mode 100755 new mode 100644 diff --git a/openvpn/patches/900-add-MPTCP-support.patch b/openvpn/patches/900-add-MPTCP-support.patch old mode 100755 new mode 100644 diff --git a/protobuf/Makefile b/protobuf/Makefile old mode 100755 new mode 100644 diff --git a/rust/Makefile b/rust/Makefile old mode 100755 new mode 100644 diff --git a/rust/files/cargo-config b/rust/files/cargo-config old mode 100755 new mode 100644 diff --git a/rust/patches/0001-Update-xz2-and-use-it-static.patch b/rust/patches/0001-Update-xz2-and-use-it-static.patch old mode 100755 new mode 100644 diff --git a/rust/patches/0002-Bumped-libc-version.patch b/rust/patches/0002-Bumped-libc-version.patch old mode 100755 new mode 100644 diff --git a/rust/rust-host-build.mk b/rust/rust-host-build.mk old mode 100755 new mode 100644 diff --git a/rust/rust-package.mk b/rust/rust-package.mk old mode 100755 new mode 100644 diff --git a/rust/rust-values.mk b/rust/rust-values.mk old mode 100755 new mode 100644