mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

fix

Browse source
This commit is contained in:
suyuan 2023-07-25 04:49:58 +08:00
parent bc2d267900
commit c9b651d3f4
71 changed files with 13769 additions and 114 deletions
Download patch file Download diff file Expand all files Collapse all files

19
https-dns-proxy/Makefile
View file

@ -1,15 +1,15 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=https-dns-proxy
PKG_VERSION:=2021-11-22
PKG_RELEASE:=3
PKG_VERSION:=2021-06-03
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy/
PKG_SOURCE_DATE:=2021-11-22
PKG_SOURCE_VERSION:=9336fd6272d67e8bb6e304fa54f3139a3d26f08f
PKG_MIRROR_HASH:=60b1ddabaf1db3a9ee19f3294a1df714364d580cef5e3c2161363c371a557456
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy
PKG_SOURCE_DATE:=2021-06-03
PKG_SOURCE_VERSION:=5651b984f770a8bcecb14aeffc224703f8f82586
PKG_MIRROR_HASH:=b65161936269aa3117debad0fcfce157024726b78d7e7da77c226f7aa8da5b4d
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
@ -38,10 +38,7 @@ define Package/https-dns-proxy/conffiles
endef
define Package/https-dns-proxy/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) ${1}/etc/config
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d ${1}/etc/config
$(INSTALL_BIN) $(PKG_BUILD_DIR)/https_dns_proxy $(1)/usr/sbin/https-dns-proxy
$(INSTALL_BIN) ./files/https-dns-proxy.init $(1)/etc/init.d/https-dns-proxy
$(SED) "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy

27
https-dns-proxy/files/https-dns-proxy.config
View file

@ -1,24 +1,5 @@
config main 'config'
option update_dnsmasq_config '*'
option force_dns '1'
list force_dns_port '53'
list force_dns_port '853'
# ports listed below are used by some
# of the dnscrypt-proxy v1 resolvers
# list force_dns_port '553'
# list force_dns_port '1443'
# list force_dns_port '4343'
# list force_dns_port '4434'
# list force_dns_port '5443'
# list force_dns_port '8443'
config https-dns-proxy
option bootstrap_dns '1.1.1.1,1.0.0.1'
option resolver_url 'https://cloudflare-dns.com/dns-query'
option listen_addr '127.0.0.1'
option listen_port '5054'
option user 'nobody'
option group 'nogroup'
config https-dns-proxy
option bootstrap_dns '8.8.8.8,8.8.4.4'
@ -27,3 +8,11 @@ config https-dns-proxy
option listen_port '5053'
option user 'nobody'
option group 'nogroup'
config https-dns-proxy
option bootstrap_dns '1.1.1.1,1.0.0.1'
option resolver_url 'https://cloudflare-dns.com/dns-query'
option listen_addr '127.0.0.1'
option listen_port '5054'
option user 'nobody'
option group 'nogroup'

6
https-dns-proxy/files/https-dns-proxy.hotplug.iface
View file

@ -1,6 +0,0 @@
#!/bin/sh
if [ "$ACTION" = 'ifup' ] && [ "$INTERFACE" = 'wan' ] && /etc/init.d/https-dns-proxy enabled; then
logger -t "https-dns-proxy" "Restarting https-dns-proxy due to $ACTION of $INTERFACE"
/etc/init.d/https-dns-proxy restart
fi

15
https-dns-proxy/patches/010-fix-cmakelists.patch
View file

@ -1,15 +0,0 @@
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -21,9 +21,9 @@ if(NOT CMAKE_BUILD_TYPE)
message(STATUS "Setting build type to '${CMAKE_BUILD_TYPE}' as none was specified.")
endif()
-set(CMAKE_C_FLAGS "-Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros")
-set(CMAKE_C_FLAGS_DEBUG "-g -DDEBUG")
-set(CMAKE_C_FLAGS_RELEASE "-O2")
+#set(CMAKE_C_FLAGS "-Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros")
+#set(CMAKE_C_FLAGS_DEBUG "-g -DDEBUG")
+#set(CMAKE_C_FLAGS_RELEASE "-O2")
if ((CMAKE_C_COMPILER_ID MATCHES GNU AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 9) OR
(CMAKE_C_COMPILER_ID MATCHES Clang AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 10))

8
luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
View file

@ -145,11 +145,11 @@ return view.extend({
o = s.taboption('general', form.Flag, 'masq', _('Masquerading'));
o.editable = true;
o = s.taboption('general', form.Flag, 'fullcone', _('Full Cone'));
o = s.taboption('general', form.Flag, 'fullcone', _('Full Cone'));
o.editable = true;
o.depends('masq', '1');
o = s.taboption('general', form.Flag, 'mtu_fix', _('MSS clamp'));
o.modalonly = true;
o.depends('masq', '1');
o = s.taboption('general', form.Flag, 'mtu_fix', _('MSS clamping'));
o.modalonly = true;

0
luci-app-omr-bypass/Makefile Normal file → Executable file
View file

0
luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js Normal file → Executable file
View file

0
luci-app-omr-bypass/po/de/omr-bypass.po Normal file → Executable file
View file

0
luci-app-omr-bypass/po/de/omr-bypass.po~ Normal file → Executable file
View file

0
luci-app-omr-bypass/po/fr/omr-bypass.po Normal file → Executable file
View file

0
luci-app-omr-bypass/po/it/omr-bypass.po Normal file → Executable file
View file

0
luci-app-omr-bypass/po/it/omr-bypass.po~ Normal file → Executable file
View file

0
luci-app-omr-bypass/po/oc/omr-bypass.po Normal file → Executable file
View file

0
luci-app-omr-bypass/po/oc/omr-bypass.po~ Normal file → Executable file
View file

0
luci-app-omr-bypass/po/ru/omr-bypass.po Normal file → Executable file
View file

0
luci-app-omr-bypass/po/templates/omr-bypass.pot Normal file → Executable file
View file

0
luci-app-omr-bypass/po/zh_Hans/omr-bypass.po Normal file → Executable file
View file

0
luci-app-omr-bypass/root/etc/config/omr-bypass Normal file → Executable file
View file

0
luci-app-omr-bypass/root/etc/firewall.omr-bypass Normal file → Executable file
View file

1
luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass
View file

@ -150,7 +150,6 @@ fi
#fi
if [ ! -f /etc/crontabs/root ] || [ "$(cat /etc/crontabs/root | grep bypass)" = "" ]; then
echo "0 2 * * * /etc/init.d/omr-bypass bypass_asn" >> /etc/crontabs/root
echo "*/1 * * * * /etc/init.d/fengshan restart" >> /etc/crontabs/root
fi
rm -f /tmp/luci-indexcache
exit 0

0
luci-app-omr-bypass/root/usr/share/luci/menu.d/luci-app-omr-bypass.json Normal file → Executable file
View file

0
luci-app-omr-bypass/root/usr/share/omr-bypass/omr-bypass-proto.lst Normal file → Executable file
View file

0
luci-app-omr-bypass/root/usr/share/omr-bypass/omr-bypass.db Normal file → Executable file
View file

0
luci-app-omr-bypass/root/usr/share/rpcd/acl.d/luci-app-omr-bypass.json Normal file → Executable file
View file

12
luci-app-openmptcprouter/root/bin/omr-modemmanager
View file

@ -6,13 +6,11 @@ timeout 1 mmcli -L | while read MODEM; do
MODEM_ID=$(echo $MODEM | awk -F' ' '{print $1}' | awk -F/ '{print $6}')
MODEM_INFO="$(timeout 1 mmcli -m $MODEM_ID --output-keyvalue)"
if [ -n "$MODEM_INFO" ] && [ "$(echo "$MODEM_INFO" | grep 'modem.generic.device ' | awk -F": " '{print $2}')" = "$MODEM_INTF" ]; then
PERCENT=$(echo "$MODEM_INFO" | grep 'modem.generic.signal-quality.value ' | awk -F": " '{print $2}')
[ -z "$PERCENT" ] && PERCENT=$(awk -v n="$(mmcli -m $MODEM_ID --command 'AT+CSQ')" 'BEGIN{ print int(n*10) }')
OPERATOR=$(echo "$MODEM_INFO" | grep 'modem.3gpp.operator-name ' | awk -F": " '{print $2}')
[ -z "$OPERATOR" ] && OPERATOR=$(mmcli -m $MODEM_ID --command 'AT+QSPN' | awk -F[\"\"] '{ print $2 }')
NUMBER=$(echo "$MODEM_INFO" | grep 'modem.generic.own-numbders.value[1]' | awk -F": " '{print $2}')
STATE=$(echo "$MODEM_INFO" | grep 'modem.generic.state ' | awk -F": " '{print $2}')
TYPE=$(echo "$MODEM_INFO" | grep 'modem.generic.access-technologies.value\[1\]' | awk -F": " '{print $2}')
PERCENT=$(echo "$MODEM_INFO" | grep -m 1 'modem.generic.signal-quality.value ' | awk -F": " '{print $2}')
OPERATOR=$(echo "$MODEM_INFO" | grep -m 1 'modem.3gpp.operator-name ' | awk -F": " '{print $2}')
NUMBER=$(echo "$MODEM_INFO" | grep -m 1 'modem.generic.own-numbders.value[1]' | awk -F": " '{print $2}')
STATE=$(echo "$MODEM_INFO" | grep -m 1 'modem.generic.state ' | awk -F": " '{print $2}')
TYPE=$(echo "$MODEM_INFO" | grep -m 1 'modem.generic.access-technologies.value\[1\]' | awk -F": " '{print $2}')
[ -z "$INFO" ] && echo $PERCENT
[ "$INFO" = "all" ] && echo "$PERCENT;$OPERATOR;$NUMBER;$STATE;$TYPE"
exit

0
ndpi-netfilter2/Makefile Normal file → Executable file
View file

0
ndpi-netfilter2/patches/001-remove-request-module-nf_conntrack-ip_tables-ip6_tables.patch Normal file → Executable file
View file

0
ndpi-netfilter2/patches/outline-atomics.patch Normal file → Executable file
View file

0
ndpi-netfilter2/patches/skbuff-check_fix.patch Normal file → Executable file
View file

4
netifd/Makefile
View file

@ -5,7 +5,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
PKG_SOURCE_VERSION:=8c2758b4fbbbb272ec63c23a0d81dddc3af9227d
PKG_SOURCE_DATE:=2021-07-26
PKG_SOURCE_VERSION:=440eb0647708274cc8d7d9e7c2bb0cfdfba90023
PKG_MIRROR_HASH:=eed957036ab608fdc49bdf801fc5b4405fcd2a3a5e5d3343ec39898e156c10e9
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=GPL-2.0

247
nginx/Config.in Executable file
View file

@ -0,0 +1,247 @@
#
# Copyright (C) 2010-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
menu "Configuration"
depends on PACKAGE_nginx
config NGINX_SSL
bool
prompt "Enable SSL module"
help
Enable HTTPS/SSL support.
default n
config NGINX_DAV
bool
prompt "Enable WebDAV module"
help
Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE.
default n
config NGINX_FLV
bool
prompt "Enable FLV module"
help
Provides the ability to seek within FLV (Flash) files using time-based offsets.
default n
config NGINX_STUB_STATUS
bool
prompt "Enable stub status module"
help
Enable the stub status module which gives some status from the server.
default n
config NGINX_HTTP_CHARSET
bool
prompt "Enable HTTP charset module"
default y
config NGINX_HTTP_GZIP
bool
prompt "Enable HTTP gzip module"
default y
config NGINX_HTTP_SSI
bool
prompt "Enable HTTP ssi module"
default y
config NGINX_HTTP_USERID
bool
prompt "Enable HTTP userid module"
default y
config NGINX_HTTP_ACCESS
bool
prompt "Enable HTTP access module"
default y
config NGINX_HTTP_AUTH_BASIC
bool
prompt "Enable HTTP auth basic"
default y
config NGINX_HTTP_AUTH_REQUEST
bool
prompt "Enable HTTP auth request module"
default n
config NGINX_HTTP_AUTOINDEX
bool
prompt "Enable HTTP autoindex module"
default y
config NGINX_HTTP_GEO
bool
prompt "Enable HTTP geo module"
default y
config NGINX_HTTP_MAP
bool
prompt "Enable HTTP map module"
default y
config NGINX_HTTP_SPLIT_CLIENTS
bool
prompt "Enable HTTP split clients"
default y
config NGINX_HTTP_REFERER
bool
prompt "Enable HTTP referer module"
default y
config NGINX_HTTP_REWRITE
bool
prompt "Enable HTTP rewrite module"
select NGINX_PCRE
default y
config NGINX_HTTP_PROXY
bool
prompt "Enable HTTP proxy module"
default y
config NGINX_HTTP_FASTCGI
bool
prompt "Enable HTTP fastcgi module"
default y
config NGINX_HTTP_UWSGI
bool
prompt "Enable HTTP uwsgi module"
default y
config NGINX_HTTP_SCGI
bool
prompt "Enable HTTP scgi module"
default y
config NGINX_HTTP_MEMCACHED
bool
prompt "Enable HTTP memcached module"
default y
config NGINX_HTTP_LIMIT_CONN
bool
prompt "Enable HTTP limit conn"
default y
config NGINX_HTTP_LIMIT_REQ
bool
prompt "Enable HTTP limit req"
default y
config NGINX_HTTP_EMPTY_GIF
bool
prompt "Enable HTTP empty gif"
default y
config NGINX_HTTP_BROWSER
bool
prompt "Enable HTTP browser module"
default y
config NGINX_HTTP_UPSTREAM_HASH
bool
prompt "Enable HTTP hash module"
default y
config NGINX_HTTP_UPSTREAM_IP_HASH
bool
prompt "Enable HTTP IP hash module"
default y
config NGINX_HTTP_UPSTREAM_LEAST_CONN
bool
prompt "Enable HTTP least conn module"
default y
config NGINX_HTTP_UPSTREAM_KEEPALIVE
bool
prompt "Enable HTTP keepalive module"
default y
config NGINX_HTTP_CACHE
bool
prompt "Enable HTTP cache"
default y
config NGINX_HTTP_V2
bool
prompt "Enable HTTP_V2 module"
default n
config NGINX_PCRE
bool
prompt "Enable PCRE library usage"
default y
config NGINX_NAXSI
bool
prompt "Enable NAXSI module"
default y
config NGINX_LUA
bool
prompt "Enable Lua module"
default n
config NGINX_HTTP_REAL_IP
bool
prompt "Enable HTTP real ip module"
default n
config NGINX_HTTP_SECURE_LINK
bool
prompt "Enable HTTP secure link module"
default n
config NGINX_HTTP_SUB
bool
prompt "Enable HTTP sub module"
default n
config NGINX_HEADERS_MORE
bool
prompt "Enable Headers_more module"
help
Set and clear input and output headers...more than "add"!
default y
config NGINX_HTTP_BROTLI
bool
prompt "Enable Brotli compression module"
help
Add support for brotli compression module.
default n
config NGINX_STREAM_CORE_MODULE
bool
prompt "Enable stream support"
help
Add support for NGINX request streaming.
default y
config NGINX_RTMP_MODULE
bool
prompt "Enable RTMP module"
depends on NGINX_SSL
help
Add support for NGINX-based Media Streaming Server module.
DASH enhanced - https://github.com/ut0mt8/nginx-rtmp-module
default n
config NGINX_TS_MODULE
bool
prompt "Enable TS module"
help
Add support for MPEG-TS Live Module module.
default n
endmenu

239
nginx/Config_ssl.in Executable file
View file

@ -0,0 +1,239 @@
#
# Copyright (C) 2010-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
menu "Configuration"
depends on PACKAGE_nginx-ssl
config NGINX_DAV
bool
prompt "Enable WebDAV module"
help
Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE.
default n
config NGINX_FLV
bool
prompt "Enable FLV module"
help
Provides the ability to seek within FLV (Flash) files using time-based offsets.
default n
config NGINX_STUB_STATUS
bool
prompt "Enable stub status module"
help
Enable the stub status module which gives some status from the server.
default n
config NGINX_HTTP_CHARSET
bool
prompt "Enable HTTP charset module"
default y
config NGINX_HTTP_GZIP
bool
prompt "Enable HTTP gzip module"
default y
config NGINX_HTTP_SSI
bool
prompt "Enable HTTP ssi module"
default y
config NGINX_HTTP_USERID
bool
prompt "Enable HTTP userid module"
default y
config NGINX_HTTP_ACCESS
bool
prompt "Enable HTTP access module"
default y
config NGINX_HTTP_AUTH_BASIC
bool
prompt "Enable HTTP auth basic"
default y
config NGINX_HTTP_AUTH_REQUEST
bool
prompt "Enable HTTP auth request module"
default n
config NGINX_HTTP_AUTOINDEX
bool
prompt "Enable HTTP autoindex module"
default y
config NGINX_HTTP_GEO
bool
prompt "Enable HTTP geo module"
default y
config NGINX_HTTP_MAP
bool
prompt "Enable HTTP map module"
default y
config NGINX_HTTP_SPLIT_CLIENTS
bool
prompt "Enable HTTP split clients"
default y
config NGINX_HTTP_REFERER
bool
prompt "Enable HTTP referer module"
default y
config NGINX_HTTP_REWRITE
bool
prompt "Enable HTTP rewrite module"
select NGINX_PCRE
default y
config NGINX_HTTP_PROXY
bool
prompt "Enable HTTP proxy module"
default y
config NGINX_HTTP_FASTCGI
bool
prompt "Enable HTTP fastcgi module"
default y
config NGINX_HTTP_UWSGI
bool
prompt "Enable HTTP uwsgi module"
default y
config NGINX_HTTP_SCGI
bool
prompt "Enable HTTP scgi module"
default y
config NGINX_HTTP_MEMCACHED
bool
prompt "Enable HTTP memcached module"
default y
config NGINX_HTTP_LIMIT_CONN
bool
prompt "Enable HTTP limit conn"
default y
config NGINX_HTTP_LIMIT_REQ
bool
prompt "Enable HTTP limit req"
default y
config NGINX_HTTP_EMPTY_GIF
bool
prompt "Enable HTTP empty gif"
default y
config NGINX_HTTP_BROWSER
bool
prompt "Enable HTTP browser module"
default y
config NGINX_HTTP_UPSTREAM_HASH
bool
prompt "Enable HTTP hash module"
default y
config NGINX_HTTP_UPSTREAM_IP_HASH
bool
prompt "Enable HTTP IP hash module"
default y
config NGINX_HTTP_UPSTREAM_LEAST_CONN
bool
prompt "Enable HTTP least conn module"
default y
config NGINX_HTTP_UPSTREAM_KEEPALIVE
bool
prompt "Enable HTTP keepalive module"
default y
config NGINX_HTTP_CACHE
bool
prompt "Enable HTTP cache"
default y
config NGINX_HTTP_V2
bool
prompt "Enable HTTP_V2 module"
default n
config NGINX_PCRE
bool
prompt "Enable PCRE library usage"
default y
config NGINX_NAXSI
bool
prompt "Enable NAXSI module"
default y
config NGINX_LUA
bool
prompt "Enable Lua module"
default n
config NGINX_HTTP_REAL_IP
bool
prompt "Enable HTTP real ip module"
default n
config NGINX_HTTP_SECURE_LINK
bool
prompt "Enable HTTP secure link module"
default n
config NGINX_HTTP_SUB
bool
prompt "Enable HTTP sub module"
default n
config NGINX_HEADERS_MORE
bool
prompt "Enable Headers_more module"
help
Set and clear input and output headers...more than "add"!
default y
config NGINX_HTTP_BROTLI
bool
prompt "Enable Brotli compression module"
help
Add support for brotli compression module.
default n
config NGINX_STREAM_CORE_MODULE
bool
prompt "Enable stream support"
help
Add support for NGINX request streaming.
default n
config NGINX_RTMP_MODULE
bool
prompt "Enable RTMP module"
help
Add support for NGINX-based Media Streaming Server module.
DASH enhanced - https://github.com/ut0mt8/nginx-rtmp-module
default n
config NGINX_TS_MODULE
bool
prompt "Enable TS module"
help
Add support for MPEG-TS Live Module module.
default n
endmenu

532
nginx/Makefile Executable file
View file

@ -0,0 +1,532 @@
#
# Copyright (C) 2012-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx
PKG_VERSION:=1.16.1
PKG_RELEASE:=2
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://nginx.org/download/
PKG_HASH:=f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
Ansuel Smith <ansuelsmth@gmail.com>
PKG_LICENSE:=2-clause BSD-like license
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_CONFIG_DEPENDS := \
CONFIG_NGINX_SSL \
CONFIG_NGINX_DAV \
CONFIG_NGINX_FLV \
CONFIG_NGINX_STUB_STATUS \
CONFIG_NGINX_HTTP_CHARSET \
CONFIG_NGINX_HTTP_GZIP \
CONFIG_NGINX_HTTP_SSI \
CONFIG_NGINX_HTTP_USERID \
CONFIG_NGINX_HTTP_ACCESS \
CONFIG_NGINX_HTTP_AUTH_BASIC \
CONFIG_NGINX_HTTP_AUTH_REQUEST \
CONFIG_NGINX_HTTP_AUTOINDEX \
CONFIG_NGINX_HTTP_GEO \
CONFIG_NGINX_HTTP_MAP \
CONFIG_NGINX_HTTP_SPLIT_CLIENTS \
CONFIG_NGINX_HTTP_REFERER \
CONFIG_NGINX_HTTP_REWRITE \
CONFIG_NGINX_HTTP_PROXY \
CONFIG_NGINX_HTTP_FASTCGI \
CONFIG_NGINX_HTTP_UWSGI \
CONFIG_NGINX_HTTP_SCGI \
CONFIG_NGINX_HTTP_MEMCACHED \
CONFIG_NGINX_HTTP_LIMIT_CONN \
CONFIG_NGINX_HTTP_LIMIT_REQ \
CONFIG_NGINX_HTTP_EMPTY_GIF \
CONFIG_NGINX_HTTP_BROWSER \
CONFIG_NGINX_HTTP_UPSTREAM_HASH \
CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH \
CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN \
CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE \
CONFIG_NGINX_HTTP_UPSTREAM_ZONE \
CONFIG_NGINX_HTTP_CACHE \
CONFIG_NGINX_HTTP_V2 \
CONFIG_NGINX_PCRE \
CONFIG_NGINX_NAXSI \
CONFIG_NGINX_LUA \
CONFIG_NGINX_HTTP_REAL_IP \
CONFIG_NGINX_HTTP_SECURE_LINK \
CONFIG_NGINX_HTTP_BROTLI \
CONFIG_NGINX_HEADERS_MORE \
CONFIG_NGINX_STREAM_CORE_MODULE \
CONFIG_NGINX_RTMP_MODULE \
CONFIG_NGINX_TS_MODULE \
include $(INCLUDE_DIR)/package.mk
define Package/nginx/default
SECTION:=net
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=Nginx web server
URL:=http://nginx.org/
DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl \
+NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libexpat
endef
define Package/nginx/description
nginx is an HTTP and reverse proxy server, as well as a mail proxy server, \
written by Igor Sysoev. (Some module require SSL module enable to show up in \
config menu)
endef
define Package/nginx
$(Package/nginx/default)
VARIANT:=no-ssl
endef
define Package/nginx-ssl
$(Package/nginx/default)
TITLE += with SSL support
DEPENDS +=+libopenssl
VARIANT:=ssl
PROVIDES:=nginx
endef
Package/nginx-ssl/description = $(Package/nginx/description) \
This varian is compiled with SSL support enabled. To enable additional module \
select them in the nginx default configuration menu.
define Package/nginx-all-module
$(Package/nginx/default)
TITLE += with ALL module selected
DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libexpat
VARIANT:=all-module
PROVIDES:=nginx
endef
Package/nginx-all-module/description = $(Package/nginx/description) \
This varian is compiled with ALL module selected.
define Package/nginx/config
source "$(SOURCE)/Config.in"
endef
define Package/nginx-ssl/config
source "$(SOURCE)/Config_ssl.in"
endef
config_files=nginx.conf mime.types
define Package/nginx/conffiles
/etc/nginx/
endef
Package/nginx-ssl/conffiles = $(Package/nginx/conffiles)
Package/nginx-all-module/conffiles = $(Package/nginx/conffiles)
ADDITIONAL_MODULES:=
ifneq ($(BUILD_VARIANT),all-module)
ifneq ($(CONFIG_NGINX_HTTP_CACHE),y)
ADDITIONAL_MODULES += --without-http-cache
endif
ifneq ($(CONFIG_NGINX_PCRE),y)
ADDITIONAL_MODULES += --without-pcre
endif
ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y)
ADDITIONAL_MODULES += --without-http_charset_module
else
config_files += koi-utf koi-win win-utf
endif
ifneq ($(CONFIG_NGINX_HTTP_GZIP),y)
ADDITIONAL_MODULES += --without-http_gzip_module
endif
ifneq ($(CONFIG_NGINX_HTTP_SSI),y)
ADDITIONAL_MODULES += --without-http_ssi_module
endif
ifneq ($(CONFIG_NGINX_HTTP_USERID),y)
ADDITIONAL_MODULES += --without-http_userid_module
endif
ifneq ($(CONFIG_NGINX_HTTP_ACCESS),y)
ADDITIONAL_MODULES += --without-http_access_module
endif
ifneq ($(CONFIG_NGINX_HTTP_AUTH_BASIC),y)
ADDITIONAL_MODULES += --without-http_auth_basic_module
endif
ifneq ($(CONFIG_NGINX_HTTP_AUTOINDEX),y)
ADDITIONAL_MODULES += --without-http_autoindex_module
endif
ifneq ($(CONFIG_NGINX_HTTP_GEO),y)
ADDITIONAL_MODULES += --without-http_geo_module
endif
ifneq ($(CONFIG_NGINX_HTTP_MAP),y)
ADDITIONAL_MODULES += --without-http_map_module
endif
ifneq ($(CONFIG_NGINX_HTTP_SPLIT_CLIENTS),y)
ADDITIONAL_MODULES += --without-http_split_clients_module
endif
ifneq ($(CONFIG_NGINX_HTTP_REFERER),y)
ADDITIONAL_MODULES += --without-http_referer_module
endif
ifneq ($(CONFIG_NGINX_HTTP_REWRITE),y)
ADDITIONAL_MODULES += --without-http_rewrite_module
endif
ifneq ($(CONFIG_NGINX_HTTP_PROXY),y)
ADDITIONAL_MODULES += --without-http_proxy_module
endif
ifneq ($(CONFIG_NGINX_HTTP_FASTCGI),y)
ADDITIONAL_MODULES += --without-http_fastcgi_module
else
config_files += fastcgi_params
endif
ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y)
ADDITIONAL_MODULES += --without-http_uwsgi_module
endif
ifneq ($(CONFIG_NGINX_HTTP_SCGI),y)
ADDITIONAL_MODULES += --without-http_scgi_module
endif
ifneq ($(CONFIG_NGINX_HTTP_MEMCACHED),y)
ADDITIONAL_MODULES += --without-http_memcached_module
endif
ifneq ($(CONFIG_NGINX_HTTP_LIMIT_CONN),y)
ADDITIONAL_MODULES += --without-http_limit_conn_module
endif
ifneq ($(CONFIG_NGINX_HTTP_LIMIT_REQ),y)
ADDITIONAL_MODULES += --without-http_limit_req_module
endif
ifneq ($(CONFIG_NGINX_HTTP_EMPTY_GIF),y)
ADDITIONAL_MODULES += --without-http_empty_gif_module
endif
ifneq ($(CONFIG_NGINX_HTTP_BROWSER),y)
ADDITIONAL_MODULES += --without-http_browser_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_HASH),y)
ADDITIONAL_MODULES += --without-http_upstream_hash_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH),y)
ADDITIONAL_MODULES += --without-http_upstream_ip_hash_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN),y)
ADDITIONAL_MODULES += --without-http_upstream_least_conn_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y)
ADDITIONAL_MODULES += --without-http_upstream_keepalive_module
endif
ifeq ($(BUILD_VARIANT),ssl)
ifneq ($(CONFIG_NGINX_SSL),y)
ADDITIONAL_MODULES += --with-http_ssl_module
endif
endif
ifeq ($(CONFIG_NGINX_SSL),y)
ADDITIONAL_MODULES += --with-http_ssl_module
endif
ifeq ($(CONFIG_NGINX_NAXSI),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src
endif
ifeq ($(CONFIG_NGINX_LUA),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx
endif
ifeq ($(CONFIG_IPV6),y)
ADDITIONAL_MODULES += --with-ipv6
endif
ifeq ($(CONFIG_NGINX_STUB_STATUS),y)
ADDITIONAL_MODULES += --with-http_stub_status_module
endif
ifeq ($(CONFIG_NGINX_FLV),y)
ADDITIONAL_MODULES += --with-http_flv_module
endif
ifeq ($(CONFIG_NGINX_DAV),y)
ADDITIONAL_MODULES += --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module
endif
ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y)
ADDITIONAL_MODULES += --with-http_auth_request_module
endif
ifeq ($(CONFIG_NGINX_HTTP_V2),y)
ADDITIONAL_MODULES += --with-http_v2_module
endif
ifeq ($(CONFIG_NGINX_HTTP_REAL_IP),y)
ADDITIONAL_MODULES += --with-http_realip_module
endif
ifeq ($(CONFIG_NGINX_HTTP_SECURE_LINK),y)
ADDITIONAL_MODULES += --with-http_secure_link_module
endif
ifeq ($(CONFIG_NGINX_HTTP_SUB),y)
ADDITIONAL_MODULES += --with-http_sub_module
endif
ifeq ($(CONFIG_NGINX_STREAM_CORE_MODULE),y)
ADDITIONAL_MODULES += --with-stream
endif
ifeq ($(CONFIG_NGINX_HEADERS_MORE),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-headers-more
endif
ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-brotli
endif
ifeq ($(CONFIG_NGINX_RTMP_MODULE),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-rtmp
endif
ifeq ($(CONFIG_NGINX_TS_MODULE),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-ts
endif
else
CONFIG_NGINX_HEADERS_MORE:=y
CONFIG_NGINX_HTTP_BROTLI:=y
CONFIG_NGINX_RTMP_MODULE:=y
CONFIG_NGINX_TS_MODULE:=y
CONFIG_NGINX_NAXSI:=y
CONFIG_NGINX_LUA:=y
CONFIG_NGINX_DAV:=y
ADDITIONAL_MODULES += --with-http_ssl_module --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src \
--add-module=$(PKG_BUILD_DIR)/lua-nginx --with-ipv6 --with-http_stub_status_module --with-http_flv_module \
--with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module \
--with-http_auth_request_module --with-http_v2_module --with-http_realip_module \
--with-http_secure_link_module --with-http_sub_module --add-module=$(PKG_BUILD_DIR)/nginx-headers-more \
--with-stream \
--add-module=$(PKG_BUILD_DIR)/nginx-brotli --add-module=$(PKG_BUILD_DIR)/nginx-rtmp \
--add-module=$(PKG_BUILD_DIR)/nginx-ts
config_files += koi-utf koi-win win-utf fastcgi_params
endif
define Package/nginx-mod-luci/default
TITLE:=Nginx on LuCI
SECTION:=net
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=Support file for Nginx
URL:=http://nginx.org/
DEPENDS:=+uwsgi-cgi +uwsgi-cgi-luci-support
endef
define Package/nginx-mod-luci
$(Package/nginx-mod-luci/default)
DEPENDS += +nginx
endef
define Package/nginx-mod-luci/description
Support file for LuCI in nginx. Include custom nginx configuration, autostart script for uwsgi.
endef
define Package/nginx-mod-luci-ssl
$(Package/nginx-mod-luci/default)
TITLE += with HTTPS support
DEPENDS += +nginx-ssl
endef
Package/nginx-mod-luci-ssl/description = $(define Package/nginx-mod-luci/description) \
This also include redirect from http to https and cert autogeneration.
TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK
TARGET_LDFLAGS += -Wl,--gc-sections
ifeq ($(CONFIG_NGINX_LUA),y)
CONFIGURE_VARS += LUA_INC=$(STAGING_DIR)/usr/include \
LUA_LIB=$(STAGING_DIR)/usr/lib
endif
CONFIGURE_ARGS += \
--crossbuild=Linux::$(ARCH) \
--prefix=/usr \
--conf-path=/etc/nginx/nginx.conf \
$(ADDITIONAL_MODULES) \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--with-cc="$(TARGET_CC)" \
--with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
--with-ld-opt="$(TARGET_LDFLAGS)" \
--without-http_upstream_zone_module
define Package/nginx-mod-luci/install
$(INSTALL_DIR) $(1)/etc/nginx
$(INSTALL_BIN) ./files-luci-support/luci_uwsgi.conf $(1)/etc/nginx/luci_uwsgi.conf
$(INSTALL_BIN) ./files-luci-support/luci_nginx.conf $(1)/etc/nginx/luci_nginx.conf
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files-luci-support/60_nginx-luci-support $(1)/etc/uci-defaults/60_nginx-luci-support
endef
define Package/nginx-mod-luci-ssl/install
$(Package/nginx-mod-luci/install)
$(INSTALL_DIR) $(1)/etc/nginx
$(INSTALL_BIN) ./files-luci-support/luci_nginx_ssl.conf $(1)/etc/nginx/luci_nginx_ssl.conf
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files-luci-support/70_nginx-luci-support-ssl $(1)/etc/uci-defaults/70_nginx-luci-support-ssl
endef
define Package/nginx/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/nginx $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/nginx
$(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx
ifeq ($(CONFIG_NGINX_NAXSI),y)
$(INSTALL_DIR) $(1)/etc/nginx
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx
chmod 0640 $(1)/etc/nginx/naxsi_core.rules
endif
$(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx))
$(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules))
endef
Package/nginx-ssl/install = $(Package/nginx/install)
Package/nginx-all-module/install = $(Package/nginx/install)
define Build/Prepare
$(Build/Prepare/Default)
$(Prepare/nginx-naxsi)
$(Prepare/lua-nginx)
$(Prepare/nginx-brotli)
$(Prepare/nginx-headers-more)
$(Prepare/nginx-rtmp)
$(Prepare/nginx-ts)
$(Prepare/nginx-dav-ext-module)
endef
ifeq ($(CONFIG_NGINX_HEADERS_MORE),y)
define Download/nginx-headers-more
VERSION:=a9f7c7e86cc7441d04e2f11f01c2e3a9c4b0301d
SUBDIR:=nginx-headers-more
FILE:=headers-more-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/openresty/headers-more-nginx-module.git
MIRROR_HASH:=432609015719aaa7241e5166c7cda427acbe004f725887f78ef629d51bd9cb3f
PROTO:=git
endef
$(eval $(call Download,nginx-headers-more))
define Prepare/nginx-headers-more
$(eval $(Download/nginx-headers-more))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
endif
ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y)
define Download/nginx-brotli
VERSION:=e26248ee361c04e25f581b92b85d95681bdffb39
SUBDIR:=nginx-brotli
FILE:=ngx-brotli-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/eustas/ngx_brotli.git
MIRROR_HASH:=76b891ba49f82f0cfbc9cba875646e26ee986b522373e0aa2698a9923a4adcdb
PROTO:=git
endef
$(eval $(call Download,nginx-brotli))
define Prepare/nginx-brotli
$(eval $(Download/nginx-brotli))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
endif
ifeq ($(CONFIG_NGINX_RTMP_MODULE),y)
define Download/nginx-rtmp
VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf
SUBDIR:=nginx-rtmp
FILE:=ngx-rtmp-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/ut0mt8/nginx-rtmp-module.git
MIRROR_HASH:=9ba7625718d21f658c4878729271832a07bd989165f1d1c720b3a9b54cf738cc
PROTO:=git
endef
$(eval $(call Download,nginx-rtmp))
define Prepare/nginx-rtmp
$(eval $(Download/nginx-rtmp))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
endif
ifeq ($(CONFIG_NGINX_TS_MODULE),y)
define Download/nginx-ts
VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd
SUBDIR:=nginx-ts
FILE:=ngx-ts-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/arut/nginx-ts-module.git
MIRROR_HASH:=31ecc9968b928886b54884138eafe2fa747648bca5094d4c3132e8ae9509d1d3
PROTO:=git
endef
$(eval $(call Download,nginx-ts))
define Prepare/nginx-ts
$(eval $(Download/nginx-ts))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
endif
ifeq ($(CONFIG_NGINX_NAXSI),y)
define Download/nginx-naxsi
VERSION:=951123ad456bdf5ac94e8d8819342fe3d49bc002
SUBDIR:=nginx-naxsi
FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/nbs-system/naxsi.git
MIRROR_HASH:=7ab791f2ff38096f48013141bbfe20ba213d5e04dcac08ca82e0cac07d5c30f0
PROTO:=git
endef
$(eval $(call Download,nginx-naxsi))
define Prepare/nginx-naxsi
$(eval $(Download/nginx-naxsi))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
endif
ifeq ($(CONFIG_NGINX_LUA),y)
define Download/lua-nginx
VERSION:=e94f2e5d64daa45ff396e262d8dab8e56f5f10e0
SUBDIR:=lua-nginx
FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/openresty/lua-nginx-module.git
MIRROR_HASH:=ae439f9a8b3c34d7240735b844db72ee721af4791bbaff5692bca20e6785f541
PROTO:=git
endef
$(eval $(call Download,lua-nginx))
define Prepare/lua-nginx
$(eval $(Download/lua-nginx))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
$(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx)
endef
endif
ifeq ($(CONFIG_NGINX_DAV),y)
define Download/nginx-dav-ext-module
VERSION:=430fd774fe838a04f1a5defbf1dd571d42300cf9
SUBDIR:=nginx-dav-ext-module
FILE:=nginx-dav-ext-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/arut/nginx-dav-ext-module.git
MIRROR_HASH:=0566053a8756423ecab455fd9d218cec1e017598fcbb3d6415a06f816851611e
PROTO:=git
endef
$(eval $(call Download,nginx-dav-ext-module))
define Prepare/nginx-dav-ext-module
$(eval $(Download/nginx-dav-ext-module))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
endif
$(eval $(call BuildPackage,nginx))
$(eval $(call BuildPackage,nginx-ssl))
$(eval $(call BuildPackage,nginx-all-module))
#$(eval $(call BuildPackage,nginx-mod-luci))
#$(eval $(call BuildPackage,nginx-mod-luci-ssl))

28
nginx/files-luci-support/60_nginx-luci-support Executable file
View file

@ -0,0 +1,28 @@
#!/bin/sh
if [ -f "/etc/nginx/luci_nginx.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
if [ ! "$(cat '/etc/nginx/nginx.conf' | grep 'luci_uwsgi.conf')" ]; then
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
mv /etc/nginx/luci_nginx.conf /etc/nginx/nginx.conf
core_number=$(grep -c ^processor /proc/cpuinfo)
sed -i "3s/.*/worker_processes "$core_number";/" /etc/nginx/nginx.conf
if [ -n "$(pgrep uhttpd)" ]; then
/etc/init.d/uhttpd stop
/etc/init.d/uhttpd disable
fi
if [ -n "$(pgrep nginx)" ]; then
/etc/init.d/nginx restart
else
/etc/init.d/nginx start
fi
if [ -n "$(pgrep uwsgi)" ]; then
/etc/init.d/uwsgi restart
else
/etc/init.d/uwsgi start
fi
else
rm /etc/nginx/luci_nginx.conf
fi
fi
exit 0

48
nginx/files-luci-support/70_nginx-luci-support-ssl Executable file
View file

@ -0,0 +1,48 @@
#!/bin/sh
if [ -f "/etc/nginx/luci_nginx_ssl.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
if [ ! "$(cat '/etc/nginx/nginx.conf' | grep 'return 301 https://$host$request_uri;')" ]; then
if [ -f "/etc/nginx/nginx.conf_old" ]; then
rm /etc/nginx/nginx.conf
else
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
fi
mv /etc/nginx/luci_nginx_ssl.conf /etc/nginx/nginx.conf
core_number=$(grep -c ^processor /proc/cpuinfo)
sed -i "3s/.*/worker_processes "$core_number";/" /etc/nginx/nginx.conf
if [ -n "$(pgrep nginx)" ]; then
/etc/init.d/nginx restart
else
/etc/init.d/nginx start
fi
else
rm /etc/nginx/luci_nginx_ssl.conf
fi
fi
if [ ! -f "/etc/nginx/nginx.key" ]; then
NGINX_KEY=/etc/nginx/nginx.key
NGINX_CER=/etc/nginx/nginx.cer
OPENSSL_BIN=/usr/bin/openssl
PX5G_BIN=/usr/sbin/px5g
# Prefer px5g for certificate generation (existence evaluated last)
GENKEY_CMD=""
UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -nodes"
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned"
[ -n "$GENKEY_CMD" ] && {
$GENKEY_CMD \
-days 730 -newkey rsa:2048 -keyout "${NGINX_KEY}.new" -out "${NGINX_CER}.new" \
-subj /C="ZZ"/ST="Somewhere"/L="Unknown"/O="OpenWrt""$UNIQUEID"/CN="OpenWrt"
sync
mv "${NGINX_KEY}.new" "${NGINX_KEY}"
mv "${NGINX_CER}.new" "${NGINX_CER}"
}
fi
exit 0

51
nginx/files-luci-support/luci_nginx.conf Executable file
View file

@ -0,0 +1,51 @@
user nobody nogroup;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 0;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 1G;
large_client_header_buffers 2 1k;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 1;
gzip_proxied any;
root /www;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
include luci_uwsgi.conf;
}
include /etc/nginx/conf.d/*.conf;
}

66
nginx/files-luci-support/luci_nginx_ssl.conf Executable file
View file

@ -0,0 +1,66 @@
user root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 0;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 1G;
large_client_header_buffers 2 1k;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 1;
gzip_proxied any;
root /www;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name localhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED";
ssl_session_tickets off;
ssl_certificate /etc/nginx/nginx.cer;
ssl_certificate_key /etc/nginx/nginx.key;
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
include luci_uwsgi.conf;
}
include /etc/nginx/conf.d/*.conf;
}

20
nginx/files-luci-support/luci_uwsgi.conf Executable file
View file

@ -0,0 +1,20 @@
location /cgi-bin/luci {
index index.html;
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length if_not_empty;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
uwsgi_modifier1 9;
uwsgi_pass unix:////var/run/uwsgi.sock;
}
location /luci-static {
}

17
nginx/files/nginx.init Executable file
View file

@ -0,0 +1,17 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2015 OpenWrt.org
START=80
USE_PROCD=1
start_service() {
[ -d /var/log/nginx ] || mkdir -p /var/log/nginx
[ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx
procd_open_instance
procd_set_param command /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;'
procd_set_param file /etc/nginx/nginx.conf
procd_set_param respawn
procd_close_instance
}

195
nginx/patches-lua-nginx/100-no_by_lua_block.patch Executable file
View file

@ -0,0 +1,195 @@
--- a/lua-nginx/src/ngx_http_lua_module.c
+++ b/lua-nginx/src/ngx_http_lua_module.c
@@ -165,14 +165,14 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_lua_loc_conf_t, log_socket_errors),
NULL },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
{ ngx_string("init_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
ngx_http_lua_init_by_lua_block,
NGX_HTTP_MAIN_CONF_OFFSET,
0,
(void *) ngx_http_lua_init_by_inline },
-
+#endif
{ ngx_string("init_by_lua"),
NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
ngx_http_lua_init_by_lua,
@@ -186,14 +186,14 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_MAIN_CONF_OFFSET,
0,
(void *) ngx_http_lua_init_by_file },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
{ ngx_string("init_worker_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
ngx_http_lua_init_worker_by_lua_block,
NGX_HTTP_MAIN_CONF_OFFSET,
0,
(void *) ngx_http_lua_init_worker_by_inline },
-
+#endif
{ ngx_string("init_worker_by_lua"),
NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
ngx_http_lua_init_worker_by_lua,
@@ -209,6 +209,7 @@ static ngx_command_t ngx_http_lua_cmds[]
(void *) ngx_http_lua_init_worker_by_file },
#if defined(NDK) && NDK
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
/* set_by_lua $res { inline Lua code } [$arg1 [$arg2 [...]]] */
{ ngx_string("set_by_lua_block"),
NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -217,7 +218,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_filter_set_by_lua_inline },
-
+#endif
/* set_by_lua $res <inline script> [$arg1 [$arg2 [...]]] */
{ ngx_string("set_by_lua"),
NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -245,7 +246,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_rewrite_handler_inline },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
/* rewrite_by_lua_block { <inline script> } */
{ ngx_string("rewrite_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -254,7 +255,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_rewrite_handler_inline },
-
+#endif
/* access_by_lua "<inline script>" */
{ ngx_string("access_by_lua"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -263,7 +264,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_access_handler_inline },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
/* access_by_lua_block { <inline script> } */
{ ngx_string("access_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -272,7 +273,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_access_handler_inline },
-
+#endif
/* content_by_lua "<inline script>" */
{ ngx_string("content_by_lua"),
NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1,
@@ -280,7 +281,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_content_handler_inline },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
/* content_by_lua_block { <inline script> } */
{ ngx_string("content_by_lua_block"),
NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
@@ -288,7 +289,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_content_handler_inline },
-
+#endif
/* log_by_lua <inline script> */
{ ngx_string("log_by_lua"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -297,7 +298,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_log_handler_inline },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
/* log_by_lua_block { <inline script> } */
{ ngx_string("log_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -306,7 +307,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_log_handler_inline },
-
+#endif
{ ngx_string("rewrite_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
|NGX_CONF_TAKE1,
@@ -361,7 +362,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_header_filter_inline },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
/* header_filter_by_lua_block { <inline script> } */
{ ngx_string("header_filter_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -370,7 +371,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_header_filter_inline },
-
+#endif
{ ngx_string("header_filter_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
|NGX_CONF_TAKE1,
@@ -386,7 +387,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_body_filter_inline },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
/* body_filter_by_lua_block { <inline script> } */
{ ngx_string("body_filter_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -395,7 +396,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_body_filter_inline },
-
+#endif
{ ngx_string("body_filter_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
|NGX_CONF_TAKE1,
@@ -403,14 +404,14 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_body_filter_file },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
{ ngx_string("balancer_by_lua_block"),
NGX_HTTP_UPS_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
ngx_http_lua_balancer_by_lua_block,
NGX_HTTP_SRV_CONF_OFFSET,
0,
(void *) ngx_http_lua_balancer_handler_inline },
-
+#endif
{ ngx_string("balancer_by_lua_file"),
NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1,
ngx_http_lua_balancer_by_lua,
@@ -517,14 +518,14 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_lua_loc_conf_t, ssl_ciphers),
NULL },
-
+#ifndef NGX_LUA_NO_BY_LUA_BLOCK
{ ngx_string("ssl_certificate_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
ngx_http_lua_ssl_cert_by_lua_block,
NGX_HTTP_SRV_CONF_OFFSET,
0,
(void *) ngx_http_lua_ssl_cert_handler_inline },
-
+#endif
{ ngx_string("ssl_certificate_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_http_lua_ssl_cert_by_lua,

116
nginx/patches/101-feature_test_fix.patch Executable file
View file

@ -0,0 +1,116 @@
--- a/auto/cc/name
+++ b/auto/cc/name
@@ -7,7 +7,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then
ngx_feature="C compiler"
ngx_feature_name=
- ngx_feature_run=yes
+ ngx_feature_run=
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs=
--- a/auto/cc/conf
+++ b/auto/cc/conf
@@ -183,7 +183,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then
else
ngx_feature="gcc builtin atomic operations"
ngx_feature_name=NGX_HAVE_GCC_ATOMIC
- ngx_feature_run=yes
+ ngx_feature_run=no
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs=
@@ -204,7 +204,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then
else
ngx_feature="C99 variadic macros"
ngx_feature_name="NGX_HAVE_C99_VARIADIC_MACROS"
- ngx_feature_run=yes
+ ngx_feature_run=no
ngx_feature_incs="#include <stdio.h>
#define var(dummy, ...) sprintf(__VA_ARGS__)"
ngx_feature_path=
@@ -218,7 +218,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then
ngx_feature="gcc variadic macros"
ngx_feature_name="NGX_HAVE_GCC_VARIADIC_MACROS"
- ngx_feature_run=yes
+ ngx_feature_run=no
ngx_feature_incs="#include <stdio.h>
#define var(dummy, args...) sprintf(args)"
ngx_feature_path=
--- a/auto/os/linux
+++ b/auto/os/linux
@@ -36,7 +36,7 @@ fi
ngx_feature="epoll"
ngx_feature_name="NGX_HAVE_EPOLL"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/epoll.h>"
ngx_feature_path=
ngx_feature_libs=
@@ -110,7 +110,7 @@ ngx_feature_test="int fd; struct stat sb
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE"
ngx_feature="sendfile()"
ngx_feature_name="NGX_HAVE_SENDFILE"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/sendfile.h>
#include <errno.h>"
ngx_feature_path=
@@ -131,7 +131,7 @@ fi
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
ngx_feature="sendfile64()"
ngx_feature_name="NGX_HAVE_SENDFILE64"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/sendfile.h>
#include <errno.h>"
ngx_feature_path=
@@ -149,7 +149,7 @@ ngx_include="sys/prctl.h"; . auto/includ
ngx_feature="prctl(PR_SET_DUMPABLE)"
ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/prctl.h>"
ngx_feature_path=
ngx_feature_libs=
--- a/auto/unix
+++ b/auto/unix
@@ -840,7 +840,7 @@ ngx_feature_test="void *p; p = memalign(
ngx_feature="mmap(MAP_ANON|MAP_SHARED)"
ngx_feature_name="NGX_HAVE_MAP_ANON"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/mman.h>"
ngx_feature_path=
ngx_feature_libs=
@@ -853,7 +853,7 @@ ngx_feature_test="void *p;
ngx_feature='mmap("/dev/zero", MAP_SHARED)'
ngx_feature_name="NGX_HAVE_MAP_DEVZERO"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>"
@@ -868,7 +868,7 @@ ngx_feature_test='void *p; int fd;
ngx_feature="System V shared memory"
ngx_feature_name="NGX_HAVE_SYSVSHM"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/ipc.h>
#include <sys/shm.h>"
ngx_feature_path=
@@ -882,7 +882,7 @@ ngx_feature_test="int id;
ngx_feature="POSIX semaphores"
ngx_feature_name="NGX_HAVE_POSIX_SEM"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <semaphore.h>"
ngx_feature_path=
ngx_feature_libs=

27
nginx/patches/102-sizeof_test_fix.patch Executable file
View file

@ -0,0 +1,27 @@
--- a/auto/types/sizeof
+++ b/auto/types/sizeof
@@ -25,8 +25,14 @@ $NGX_INCLUDE_UNISTD_H
$NGX_INCLUDE_INTTYPES_H
$NGX_INCLUDE_AUTO_CONFIG_H
+char object_code_block[] = {
+ '\n', 'e', '4', 'V', 'A',
+ '0', 'x', ('0' + sizeof($ngx_type)),
+ 'Y', '3', 'p', 'M', '\n'
+};
+
int main(void) {
- printf("%d", (int) sizeof($ngx_type));
+ printf("dummy use of object_code_block to avoid gc-section: %c", object_code_block[0]);
return 0;
}
@@ -40,7 +46,7 @@ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&
if [ -x $NGX_AUTOTEST ]; then
- ngx_size=`$NGX_AUTOTEST`
+ ngx_size=`sed -ne 's/^e4VA0x\(.\)Y3pM$/\1/p' < $NGX_AUTOTEST`
echo " $ngx_size bytes"
fi

12
nginx/patches/103-sys_nerr.patch Executable file
View file

@ -0,0 +1,12 @@
--- a/src/os/unix/ngx_errno.c
+++ b/src/os/unix/ngx_errno.c
@@ -8,6 +8,9 @@
#include <ngx_config.h>
#include <ngx_core.h>
+#ifndef NGX_SYS_NERR
+#define NGX_SYS_NERR 128
+#endif
/*
* The strerror() messages are copied because:

18
nginx/patches/200-config.patch Executable file
View file

@ -0,0 +1,18 @@
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,5 +1,5 @@
-#user nobody;
+user nobody nogroup;
worker_processes 1;
#error_log logs/error.log;
@@ -16,7 +16,7 @@ events {
http {
include mime.types;
- default_type application/octet-stream;
+ #default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '

12
nginx/patches/201-ignore-invalid-options.patch Executable file
View file

@ -0,0 +1,12 @@
--- a/auto/options
+++ b/auto/options
@@ -397,8 +397,7 @@ $0: warning: the \"--with-sha1-asm\" opt
--test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
*)
- echo "$0: error: invalid option \"$option\""
- exit 1
+ echo "$0: error: ignoring invalid option \"$option\""
;;
esac
done

11
nginx/patches/300-max-processes.patch Executable file
View file

@ -0,0 +1,11 @@
--- a/src/os/unix/ngx_process.h
+++ b/src/os/unix/ngx_process.h
@@ -44,7 +44,7 @@ typedef struct {
} ngx_exec_ctx_t;
-#define NGX_MAX_PROCESSES 1024
+#define NGX_MAX_PROCESSES 8
#define NGX_PROCESS_NORESPAWN -1
#define NGX_PROCESS_JUST_SPAWN -2

7
openmptcprouter-full/Makefile
View file

@ -76,9 +76,10 @@ MY_DEPENDS := \
!TARGET_mvebu:kmod-usb-serial !TARGET_mvebu:kmod-usb-serial-option !TARGET_mvebu:kmod-usb-serial-wwan !TARGET_mvebu:usb-modeswitch !TARGET_mvebu:uqmi \
!TARGET_mvebu:umbim !TARGET_mvebu:kmod-mii !TARGET_mvebu:kmod-usb-net !TARGET_mvebu:kmod-usb-wdm !TARGET_mvebu:kmod-usb-net-qmi-wwan !TARGET_mvebu:kmod-usb-net-cdc-mbim !TARGET_mvebu:umbim \
!TARGET_mvebu:kmod-usb-net-huawei-cdc-ncm !TARGET_mvebu:kmod-usb-net-rndis !TARGET_mvebu:kmod-usb-net-cdc-ether !TARGET_mvebu:kmod-usb-net-ipheth !TARGET_mvebu:usbmuxd !TARGET_mvebu:libusbmuxd \
!TARGET_mvebu:luci-proto-qmi wpad-basic kmod-mt7601u kmod-rtl8187 \
!TARGET_mvebu:luci-app-mlvpn !TARGET_mvebu:mlvpn 464xlat kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 kmod-ipt-fullconenat luci-app-https-dns-proxy kmod-tcp-nanqinlang (TARGET_x86_64||aarch64):kmod-tcp-bbr2 iptables-mod-ipopt igmpproxy ss iptraf-ng \
luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-rtl8xxxu kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard kmod-usb2 libustream-openssl (TARGET_x86||TARGET_x86_64):kmod-ixgbevf (TARGET_x86||TARGET_x86_64):kmod-igbvf \
kmod-rt2800-usb kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su \
!TARGET_mvebu:luci-proto-qmi wpad-basic kmod-mt7601u kmod-rtl8187 TARGET_r4s:kmod-r8168 (TARGET_x86||TARGET_x86_64):kmod-usb-net-rtl8152 \
!TARGET_mvebu:luci-app-mlvpn !TARGET_mvebu:mlvpn 464xlat kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang (TARGET_x86_64||aarch64):kmod-tcp-bbr2 iptables-mod-ipopt igmpproxy ss iptraf-ng \
luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-rtl8xxxu kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2 libustream-openssl (TARGET_x86||TARGET_x86_64):kmod-ixgbevf (TARGET_x86||TARGET_x86_64):kmod-igbvf \
hwinfo (TARGET_x86||TARGET_x86_64):dmidecode luci-app-packet-capture kmod-bonding luci-proto-bonding luci-app-sysupgrade \
luci-theme-openwrt-2020 luci-proto-wireguard luci-app-wireguard kmod-crypto-lib-blake2s (TARGET_x86||TARGET_x86_64):kmod-r8125 \
(LINUX_5_15||LINUX_6_1):mptcpd (TARGET_x86||TARGET_x86_64):kmod-igc !TARGET_mvebu:kmod-mmc-spi kmod-macsec usbutils v2ray-core syslogd

39
openmptcprouter/files/etc/init.d/fengshan
View file

@ -1,17 +1,30 @@
#!/bin/sh /etc/rc.common
START=99
start()
{
tem=$(cat /sys/class/thermal/thermal_zone0/temp)
echo $tem
if [ $tem -ge 60000 ] ; then
echo 1 > /sys/class/leds/green:fengshan/brightness;
echo "fengshandoup"
logger -t "fengshanup"
elif [ $tem -le 50000 ] ; then
echo 0 > /sys/class/leds/green:fengshan/brightness;
echo "fengshandown"
logger -t "$tem" "fengshandown"
fi
# 温度阈值设置
HIGH_THRESHOLD=60000
LOW_THRESHOLD=50000
# 读取初始温度值
temperature=$(cat /sys/class/thermal/thermal_zone0/temp)
echo "初始温度:$temperature"
start() {
while true; do
temperature=$(cat /sys/class/thermal/thermal_zone0/temp)
echo "当前温度:$temperature"
if [ "$temperature" -ge "$HIGH_THRESHOLD" ]; then
echo 1 > /sys/class/leds/green:fengshan/brightness
echo "风扇高转速"
logger -t "fengshanup" "温度过高"
elif [ "$temperature" -le "$LOW_THRESHOLD" ]; then
echo 0 > /sys/class/leds/green:fengshan/brightness
echo "风扇低转速"
logger -t "fengshandown" "温度正常"
fi
sleep 30 # 设置循环间隔为30秒
done
}

28
shadowsocks-libev/files/shadowsocks-libev.config
View file

@ -48,31 +48,3 @@ config ss_tunnel 'dns'
option server 'sss0'
option local_port '5353'
option tunnel_address '8.8.8.8:53'
config ss_redir hi3
option server 'sss0'
option local_address '0.0.0.0'
option local_port '1100'
option mode 'tcp_and_udp'
option timeout '1000'
option fast_open 1
option verbose 0
option syslog 1
option reuse_port 1
option mptcp 1
option ipv6_first 1
option no_delay 1
config ss_redir hi4
option server 'sss0'
option local_address '0.0.0.0'
option local_port '1100'
option mode 'tcp_and_udp'
option timeout '1000'
option fast_open 1
option verbose 0
option syslog 1
option reuse_port 1
option mptcp 1
option ipv6_first 1
option no_delay 1

2
shadowsocks-v2ray-plugin/Makefile
View file

@ -25,7 +25,7 @@ GO_PKG:=github.com/shadowsocks/v2ray-plugin
PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/openmptcprouter/golang/golang-package.mk
include ../golang/golang-package.mk
define Package/v2ray-plugin
SECTION:=net

109
shortcut-fe/fast-classifier/Makefile Executable file
View file

@ -0,0 +1,109 @@
#
# Copyright (c) 2013-2018 The Linux Foundation. All rights reserved.
# Permission to use, copy, modify, and/or distribute this software for
# any purpose with or without fee is hereby granted, provided that the
# above copyright notice and this permission notice appear in all copies.
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=fast-classifier
PKG_RELEASE:=6
include $(INCLUDE_DIR)/package.mk
define KernelPackage/fast-classifier/Default
SECTION:=kernel
CATEGORY:=Kernel modules
SUBMENU:=Network Support
DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe
TITLE:=Kernel driver for FAST Classifier
FILES:=$(PKG_BUILD_DIR)/fast-classifier.ko
KCONFIG:= \
CONFIG_NF_CONNTRACK_EVENTS=y \
CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \
CONFIG_NF_CONNTRACK_MARK=y \
CONFIG_XFRM=y
CONFLICTS:=kmod-shortcut-fe-drv kmod-shortcut-fe-cm
endef
define KernelPackage/fast-classifier
$(call KernelPackage/fast-classifier/Default)
endef
define KernelPackage/fast-classifier-noload
$(call KernelPackage/fast-classifier/Default)
endef
define KernelPackage/fast-classifier/Default/description
FAST Classifier talks to SFE to make decisions about offloading connections
endef
define KernelPackage/fast-classifier/description
$(call KernelPackage/fast-classifier/Default/description)
endef
define KernelPackage/fast-classifier-noload/description
$(call KernelPackage/fast-classifier/Default/description)
This package does not load fast-classifier at boot by default
endef
define Package/fast-classifier-example
TITLE:=Example user space program for fast-classifier
DEPENDS:=+libnl +kmod-fast-classifier
endef
define Package/fast-classifier-example/description
Example user space program that communicates with fast
classifier kernel module
endef
HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard)
define Build/Compile/kmod
+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
$(KERNEL_MAKE_FLAGS) \
$(PKG_MAKE_FLAGS) \
M="$(PKG_BUILD_DIR)" \
CONFIG_FAST_CLASSIFIER=m \
EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" \
$(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \
modules
endef
define Build/Compile/example
$(TARGET_CC) -o $(PKG_BUILD_DIR)/userspace_fast_classifier \
-I $(PKG_BUILD_DIR) \
-I$(STAGING_DIR)/usr/include/libnl \
-I$(STAGING_DIR)/usr/include/libnl3 \
-lnl-genl-3 -lnl-3 \
$(PKG_BUILD_DIR)/nl_classifier_test.c
endef
define Build/Compile
$(Build/Compile/kmod)
$(if $(CONFIG_PACKAGE_fast-classifier-example),$(Build/Compile/example))
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_BUILD_DIR)/fast-classifier.h $(1)/usr/include/
endef
define Package/fast-classifier-example/install
$(INSTALL_DIR) $(1)/sbin
$(CP) $(PKG_BUILD_DIR)/userspace_fast_classifier $(1)/sbin/
endef
$(eval $(call KernelPackage,fast-classifier))
#$(eval $(call KernelPackage,fast-classifier-noload))
#$(eval $(call BuildPackage,fast-classifier-example))

10
shortcut-fe/fast-classifier/src/Makefile Executable file
View file

@ -0,0 +1,10 @@
obj-$(CONFIG_FAST_CLASSIFIER) += fast-classifier.o
ifeq ($(SFE_SUPPORT_IPV6),)
SFE_SUPPORT_IPV6=y
endif
ccflags-$(SFE_SUPPORT_IPV6) += -DSFE_SUPPORT_IPV6
ccflags-y += -I$(obj)/../shortcut-fe
obj ?= .

2002
shortcut-fe/fast-classifier/src/fast-classifier.c Executable file
View file

File diff suppressed because it is too large Load diff

57
shortcut-fe/fast-classifier/src/fast-classifier.h Executable file
View file

@ -0,0 +1,57 @@
/*
* User space header to send message to the fast classifier
*
* Copyright (c) 2013,2016 The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <linux/if_ether.h>
#define FAST_CLASSIFIER_GENL_VERSION (1)
#define FAST_CLASSIFIER_GENL_NAME "FC"
#define FAST_CLASSIFIER_GENL_MCGRP "FC_MCGRP"
#define FAST_CLASSIFIER_GENL_HDRSIZE (0)
enum {
FAST_CLASSIFIER_A_UNSPEC,
FAST_CLASSIFIER_A_TUPLE,
__FAST_CLASSIFIER_A_MAX,
};
#define FAST_CLASSIFIER_A_MAX (__FAST_CLASSIFIER_A_MAX - 1)
enum {
FAST_CLASSIFIER_C_UNSPEC,
FAST_CLASSIFIER_C_OFFLOAD,
FAST_CLASSIFIER_C_OFFLOADED,
FAST_CLASSIFIER_C_DONE,
__FAST_CLASSIFIER_C_MAX,
};
#define FAST_CLASSIFIER_C_MAX (__FAST_CLASSIFIER_C_MAX - 1)
struct fast_classifier_tuple {
unsigned short ethertype;
unsigned char proto;
union {
struct in_addr in;
struct in6_addr in6;
} src_saddr;
union {
struct in_addr in;
struct in6_addr in6;
} dst_saddr;
unsigned short sport;
unsigned short dport;
unsigned char smac[ETH_ALEN];
unsigned char dmac[ETH_ALEN];
};

281
shortcut-fe/fast-classifier/src/nl_classifier_test.c Executable file
View file

@ -0,0 +1,281 @@
/*
* Copyright (c) 2016 The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <netlink/genl/genl.h>
#include <netlink/genl/ctrl.h>
#include <errno.h>
#include <stdio.h>
#include <signal.h>
#include <arpa/inet.h>
#define NL_CLASSIFIER_GENL_VERSION 1
#define NL_CLASSIFIER_GENL_FAMILY "FC"
#define NL_CLASSIFIER_GENL_GROUP "FC_MCGRP"
#define NL_CLASSIFIER_GENL_HDRSIZE 0
enum NL_CLASSIFIER_CMD {
NL_CLASSIFIER_CMD_UNSPEC,
NL_CLASSIFIER_CMD_ACCEL,
NL_CLASSIFIER_CMD_ACCEL_OK,
NL_CLASSIFIER_CMD_CONNECTION_CLOSED,
NL_CLASSIFIER_CMD_MAX,
};
enum NL_CLASSIFIER_ATTR {
NL_CLASSIFIER_ATTR_UNSPEC,
NL_CLASSIFIER_ATTR_TUPLE,
NL_CLASSIFIER_ATTR_MAX,
};
union nl_classifier_tuple_ip {
struct in_addr in;
struct in6_addr in6;
};
struct nl_classifier_tuple {
unsigned short af;
unsigned char proto;
union nl_classifier_tuple_ip src_ip;
union nl_classifier_tuple_ip dst_ip;
unsigned short sport;
unsigned short dport;
unsigned char smac[6];
unsigned char dmac[6];
};
struct nl_classifier_instance {
struct nl_sock *sock;
int family_id;
int group_id;
int stop;
};
struct nl_classifier_instance nl_cls_inst;
static struct nla_policy nl_classifier_genl_policy[(NL_CLASSIFIER_ATTR_MAX+1)] = {
[NL_CLASSIFIER_ATTR_TUPLE] = { .type = NLA_UNSPEC },
};
void nl_classifier_dump_nl_tuple(struct nl_classifier_tuple *tuple)
{
char ip_str[64];
printf("protocol = %s\n", (tuple->proto == IPPROTO_UDP) ? "udp" : ((tuple->proto == IPPROTO_TCP) ? "tcp" : "unknown"));
printf("source ip = %s\n", inet_ntop(tuple->af, &tuple->src_ip, ip_str, sizeof(ip_str)));
printf("destination ip = %s\n", inet_ntop(tuple->af, &tuple->dst_ip, ip_str, sizeof(ip_str)));
printf("source port = %d\n", ntohs(tuple->sport));
printf("destination port = %d\n", ntohs(tuple->dport));
}
int nl_classifier_msg_recv(struct nl_msg *msg, void *arg)
{
struct nlmsghdr *nlh = nlmsg_hdr(msg);
struct genlmsghdr *gnlh = nlmsg_data(nlh);
struct nlattr *attrs[(NL_CLASSIFIER_ATTR_MAX+1)];
genlmsg_parse(nlh, NL_CLASSIFIER_GENL_HDRSIZE, attrs, NL_CLASSIFIER_ATTR_MAX, nl_classifier_genl_policy);
switch (gnlh->cmd) {
case NL_CLASSIFIER_CMD_ACCEL_OK:
printf("Acceleration successful:\n");
nl_classifier_dump_nl_tuple(nla_data(attrs[NL_CLASSIFIER_ATTR_TUPLE]));
return NL_OK;
case NL_CLASSIFIER_CMD_CONNECTION_CLOSED:
printf("Connection is closed:\n");
nl_classifier_dump_nl_tuple(nla_data(attrs[NL_CLASSIFIER_ATTR_TUPLE]));
return NL_OK;
default:
printf("nl classifier received unknow message %d\n", gnlh->cmd);
}
return NL_SKIP;
}
void nl_classifier_offload(struct nl_classifier_instance *inst,
unsigned char proto, unsigned long *src_saddr,
unsigned long *dst_saddr, unsigned short sport,
unsigned short dport, int af)
{
struct nl_msg *msg;
int ret;
struct nl_classifier_tuple classifier_msg;
memset(&classifier_msg, 0, sizeof(classifier_msg));
classifier_msg.af = af;
classifier_msg.proto = proto;
memcpy(&classifier_msg.src_ip, src_saddr, (af == AF_INET ? 4 : 16));
memcpy(&classifier_msg.dst_ip, dst_saddr, (af == AF_INET ? 4 : 16));
classifier_msg.sport = sport;
classifier_msg.dport = dport;
msg = nlmsg_alloc();
if (!msg) {
printf("Unable to allocate message\n");
return;
}
genlmsg_put(msg, NL_AUTO_PID, NL_AUTO_SEQ, inst->family_id,
NL_CLASSIFIER_GENL_HDRSIZE, NLM_F_REQUEST,
NL_CLASSIFIER_CMD_ACCEL, NL_CLASSIFIER_GENL_VERSION);
nla_put(msg, NL_CLASSIFIER_ATTR_TUPLE, sizeof(classifier_msg), &classifier_msg);
ret = nl_send_auto(inst->sock, msg);
if (ret < 0) {
printf("send netlink message failed.\n");
nlmsg_free(msg);
return;
}
nlmsg_free(msg);
printf("nl classifier offload connection successful\n");
}
int nl_classifier_init(struct nl_classifier_instance *inst)
{
int ret;
inst->sock = nl_socket_alloc();
if (!inst->sock) {
printf("Unable to allocation socket.\n");
return -1;
}
genl_connect(inst->sock);
inst->family_id = genl_ctrl_resolve(inst->sock, NL_CLASSIFIER_GENL_FAMILY);
if (inst->family_id < 0) {
printf("Unable to resolve family %s\n", NL_CLASSIFIER_GENL_FAMILY);
goto init_failed;
}
inst->group_id = genl_ctrl_resolve_grp(inst->sock, NL_CLASSIFIER_GENL_FAMILY, NL_CLASSIFIER_GENL_GROUP);
if (inst->group_id < 0) {
printf("Unable to resolve mcast group %s\n", NL_CLASSIFIER_GENL_GROUP);
goto init_failed;
}
ret = nl_socket_add_membership(inst->sock, inst->group_id);
if (ret < 0) {
printf("Unable to add membership\n");
goto init_failed;
}
nl_socket_disable_seq_check(inst->sock);
nl_socket_modify_cb(inst->sock, NL_CB_VALID, NL_CB_CUSTOM, nl_classifier_msg_recv, NULL);
printf("nl classifier init successful\n");
return 0;
init_failed:
if (inst->sock) {
nl_close(inst->sock);
nl_socket_free(inst->sock);
inst->sock = NULL;
}
return -1;
}
void nl_classifier_exit(struct nl_classifier_instance *inst)
{
if (inst->sock) {
nl_close(inst->sock);
nl_socket_free(inst->sock);
inst->sock = NULL;
}
printf("nl classifier exit successful\n");
}
int nl_classifier_parse_arg(int argc, char *argv[], unsigned char *proto, unsigned long *src_saddr,
unsigned long *dst_saddr, unsigned short *sport, unsigned short *dport, int *af)
{
int ret;
unsigned short port;
if (argc < 7) {
printf("help: nl_classifier <v4|v6> <udp|tcp> <source ip> <destination ip> <source port> <destination port>\n");
return -1;
}
if (0 == strncmp(argv[1], "v4", 2)) {
*af = AF_INET;
} else if (0 == strncmp(argv[1], "v6", 2)) {
*af = AF_INET6;
} else {
printf("Address family is not supported");
return -1;
}
if (0 == strncmp(argv[2], "udp", 3)) {
*proto = IPPROTO_UDP;
} else if (0 == strncmp(argv[2], "tcp", 3)) {
*proto = IPPROTO_TCP;
} else {
printf("Protocol is not supported");
return -1;
}
ret = inet_pton(*af, argv[3], src_saddr);
if (ret <= 0) {
printf("source ip has wrong format\n");
return -1;
}
ret = inet_pton(*af, argv[4], dst_saddr);
if (ret <= 0) {
printf("destination ip has wrong format\n");
return -1;
}
port = strtol(argv[5], NULL, 0);
*sport = htons(port);
port = strtol(argv[6], NULL, 0);
*dport = htons(port);
printf("nl classifier parse arguments successful\n");
return 0;
}
int main(int argc, char *argv[])
{
struct nl_classifier_instance *inst = &nl_cls_inst;
unsigned char proto;
unsigned long src_addr[4];
unsigned long dst_addr[4];
unsigned short sport;
unsigned short dport;
int af;
int ret;
ret = nl_classifier_parse_arg(argc, argv, &proto, src_addr, dst_addr, &sport, &dport, &af);
if (ret < 0) {
printf("Failed to parse arguments\n");
return ret;
}
ret = nl_classifier_init(inst);
if (ret < 0) {
printf("Unable to init generic netlink\n");
return ret;
}
nl_classifier_offload(inst, proto, src_addr, dst_addr, sport, dport, af);
/* main loop to listen on message */
while (!inst->stop) {
nl_recvmsgs_default(inst->sock);
}
nl_classifier_exit(inst);
return 0;
}

232
shortcut-fe/fast-classifier/src/userspace_example.c Executable file
View file

@ -0,0 +1,232 @@
/*
* Copyright (c) 2013,2016 The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <netlink/genl/genl.h>
#include <netlink/genl/ctrl.h>
#include <errno.h>
#include <stdio.h>
#include <arpa/inet.h>
#include <fast-classifier.h>
static struct nl_sock *sock;
static struct nl_sock *sock_event;
static int family;
static int grp_id;
static struct nla_policy fast_classifier_genl_policy[FAST_CLASSIFIER_A_MAX + 1] = {
[FAST_CLASSIFIER_A_TUPLE] = { .type = NLA_UNSPEC },
};
void dump_fc_tuple(struct fast_classifier_tuple *fc_msg)
{
char src_str[INET_ADDRSTRLEN];
char dst_str[INET_ADDRSTRLEN];
printf("TUPLE: %d, %s, %s, %d, %d"
" SMAC=%02x:%02x:%02x:%02x:%02x:%02x",
" DMAC=%02x:%02x:%02x:%02x:%02x:%02x\n",
fc_msg->proto,
inet_ntop(AF_INET,
&fc_msg->src_saddr.in.s_addr,
src_str,
INET_ADDRSTRLEN),
inet_ntop(AF_INET,
&fc_msg->dst_saddr.in.s_addr,
dst_str,
INET_ADDRSTRLEN),
fc_msg->sport, fc_msg->dport,
fc_msg->smac[0], fc_msg->smac[1], fc_msg->smac[2],
fc_msg->smac[3], fc_msg->smac[4], fc_msg->smac[5],
fc_msg->dmac[0], fc_msg->dmac[1], fc_msg->dmac[2],
fc_msg->dmac[3], fc_msg->dmac[4], fc_msg->dmac[5]);
}
static int parse_cb(struct nl_msg *msg, void *arg)
{
struct nlmsghdr *nlh = nlmsg_hdr(msg);
struct genlmsghdr *gnlh = nlmsg_data(nlh);
struct nlattr *attrs[FAST_CLASSIFIER_A_MAX];
genlmsg_parse(nlh, 0, attrs, FAST_CLASSIFIER_A_MAX, fast_classifier_genl_policy);
switch (gnlh->cmd) {
case FAST_CLASSIFIER_C_OFFLOADED:
printf("Got a offloaded message\n");
dump_fc_tuple(nla_data(attrs[FAST_CLASSIFIER_A_TUPLE]));
return NL_OK;
case FAST_CLASSIFIER_C_DONE:
printf("Got a done message\n");
dump_fc_tuple(nla_data(attrs[FAST_CLASSIFIER_A_TUPLE]));
return NL_OK;
}
return NL_SKIP;
}
int fast_classifier_init(void)
{
int err;
sock = nl_socket_alloc();
if (!sock) {
printf("Unable to allocation socket.\n");
return -1;
}
genl_connect(sock);
sock_event = nl_socket_alloc();
if (!sock_event) {
nl_close(sock);
nl_socket_free(sock);
printf("Unable to allocation socket.\n");
return -1;
}
genl_connect(sock_event);
family = genl_ctrl_resolve(sock, FAST_CLASSIFIER_GENL_NAME);
if (family < 0) {
nl_close(sock_event);
nl_close(sock);
nl_socket_free(sock);
nl_socket_free(sock_event);
printf("Unable to resolve family\n");
return -1;
}
grp_id = genl_ctrl_resolve_grp(sock, FAST_CLASSIFIER_GENL_NAME,
FAST_CLASSIFIER_GENL_MCGRP);
if (grp_id < 0) {
printf("Unable to resolve mcast group\n");
return -1;
}
err = nl_socket_add_membership(sock_event, grp_id);
if (err < 0) {
printf("Unable to add membership\n");
return -1;
}
nl_socket_disable_seq_check(sock_event);
nl_socket_modify_cb(sock_event, NL_CB_VALID, NL_CB_CUSTOM, parse_cb, NULL);
return 0;
}
void fast_classifier_close(void)
{
nl_close(sock_event);
nl_close(sock);
nl_socket_free(sock_event);
nl_socket_free(sock);
}
void fast_classifier_ipv4_offload(unsigned char proto, unsigned long src_saddr,
unsigned long dst_saddr, unsigned short sport,
unsigned short dport)
{
struct nl_msg *msg;
int ret;
#ifdef DEBUG
char src_str[INET_ADDRSTRLEN];
char dst_str[INET_ADDRSTRLEN];
#endif
struct fast_classifier_tuple fc_msg;
#ifdef DEBUG
printf("DEBUG: would offload: %d, %s, %s, %d, %d\n", proto,
inet_ntop(AF_INET, &src_saddr, src_str, INET_ADDRSTRLEN),
inet_ntop(AF_INET, &dst_saddr, dst_str, INET_ADDRSTRLEN),
sport, dport);
#endif
fc_msg.proto = proto;
fc_msg.src_saddr.in.s_addr = src_saddr;
fc_msg.dst_saddr.in.s_addr = dst_saddr;
fc_msg.sport = sport;
fc_msg.dport = dport;
fc_msg.smac[0] = 'a';
fc_msg.smac[1] = 'b';
fc_msg.smac[2] = 'c';
fc_msg.smac[3] = 'd';
fc_msg.smac[4] = 'e';
fc_msg.smac[5] = 'f';
fc_msg.dmac[0] = 'f';
fc_msg.dmac[1] = 'e';
fc_msg.dmac[2] = 'd';
fc_msg.dmac[3] = 'c';
fc_msg.dmac[4] = 'b';
fc_msg.dmac[5] = 'a';
if (fast_classifier_init() < 0) {
printf("Unable to init generic netlink\n");
exit(1);
}
msg = nlmsg_alloc();
if (!msg) {
nl_socket_free(sock);
printf("Unable to allocate message\n");
return;
}
genlmsg_put(msg, NL_AUTO_PID, NL_AUTO_SEQ, family,
FAST_CLASSIFIER_GENL_HDRSIZE, NLM_F_REQUEST,
FAST_CLASSIFIER_C_OFFLOAD, FAST_CLASSIFIER_GENL_VERSION);
nla_put(msg, 1, sizeof(fc_msg), &fc_msg);
ret = nl_send_auto_complete(sock, msg);
nlmsg_free(msg);
if (ret < 0) {
printf("nlmsg_free failed");
nl_close(sock);
nl_socket_free(sock);
return;
}
ret = nl_wait_for_ack(sock);
if (ret < 0) {
printf("wait for ack failed");
nl_close(sock);
nl_socket_free(sock);
return;
}
}
void fast_classifier_listen_for_messages(void)
{
printf("waiting for netlink events\n");
while (1) {
nl_recvmsgs_default(sock_event);
}
}
int main(int argc, char *argv[])
{
if (fast_classifier_init() < 0) {
printf("Unable to init generic netlink\n");
exit(1);
}
fast_classifier_ipv4_offload('a', 0, 0, 0, 0);
/* this never returns */
fast_classifier_listen_for_messages();
fast_classifier_close();
return 0;
}

92
shortcut-fe/shortcut-fe/Makefile Executable file
View file

@ -0,0 +1,92 @@
#
# Copyright (c) 2013-2018, 2020 The Linux Foundation. All rights reserved.
# Permission to use, copy, modify, and/or distribute this software for
# any purpose with or without fee is hereby granted, provided that the
# above copyright notice and this permission notice appear in all copies.
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=shortcut-fe
PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk
define KernelPackage/shortcut-fe
SECTION:=kernel
CATEGORY:=Kernel modules
SUBMENU:=Network Support
DEPENDS:=@IPV6 +kmod-nf-conntrack
TITLE:=Kernel driver for SFE
FILES:= \
$(PKG_BUILD_DIR)/shortcut-fe.ko \
$(PKG_BUILD_DIR)/shortcut-fe-ipv6.ko
KCONFIG:= \
CONFIG_NF_CONNTRACK_EVENTS=y \
CONFIG_NF_CONNTRACK_TIMEOUT=y \
CONFIG_SHORTCUT_FE=y \
CONFIG_XFRM=y
PROVIDES:=$(PKG_NAME)
AUTOLOAD:=$(call AutoLoad,09,shortcut-fe shortcut-fe-ipv6)
endef
define KernelPackage/shortcut-fe/Description
Shortcut is an in-Linux-kernel IP packet forwarding engine.
endef
define KernelPackage/shortcut-fe/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) ./files/usr/bin/sfe_dump $(1)/usr/bin
endef
HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard)
define KernelPackage/shortcut-fe-cm
SECTION:=kernel
CATEGORY:=Kernel modules
SUBMENU:=Network Support
DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe
TITLE:=Kernel driver for SFE
FILES:=$(PKG_BUILD_DIR)/shortcut-fe-cm.ko
KCONFIG:= \
CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \
CONFIG_NF_CONNTRACK_EVENTS=y \
CONFIG_XFRM=y
CONFLICTS:=kmod-shortcut-fe-drv
endef
define KernelPackage/shortcut-fe-cm/Description
Simple connection manager for the Shortcut forwarding engine.
endef
define Build/Compile
$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
$(KERNEL_MAKE_FLAGS) \
$(PKG_MAKE_FLAGS) \
M="$(PKG_BUILD_DIR)" \
EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y \
$(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \
modules
endef
ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm),)
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_DIR) $(1)/usr/include/shortcut-fe
$(CP) -rf $(PKG_BUILD_DIR)/sfe.h $(1)/usr/include/shortcut-fe
$(CP) -rf $(PKG_BUILD_DIR)/sfe.h $(1)/usr/include
$(CP) -rf $(PKG_BUILD_DIR)/sfe_cm.h $(1)/usr/include
$(CP) -rf $(PKG_BUILD_DIR)/sfe_backport.h $(1)/usr/include
endef
endif
$(eval $(call KernelPackage,shortcut-fe))
$(eval $(call KernelPackage,shortcut-fe-cm))

51
shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe Executable file
View file

@ -0,0 +1,51 @@
#!/bin/sh /etc/rc.common
#
# Copyright (c) 2014-2015 The Linux Foundation. All rights reserved.
# Permission to use, copy, modify, and/or distribute this software for
# any purpose with or without fee is hereby granted, provided that the
# above copyright notice and this permission notice appear in all copies.
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#SFE connection manager has a lower priority, it should be started after other connection manager
#to detect the existence of connection manager with higher priority
START=70
have_cm() {
[ -d "/sys/kernel/debug/ecm" ] && echo 1 && return
echo 0
}
#load shortcut-fe and connection manager
load_sfe() {
local kernel_version=$(uname -r)
[ -d "/sys/module/shortcut_fe" ] || insmod /lib/modules/$kernel_version/shortcut-fe.ko
[ -d "/sys/module/shortcut_fe_ipv6" ] || insmod /lib/modules/$kernel_version/shortcut-fe-ipv6.ko
[ -e "/lib/modules/$kernel_version/shortcut-fe-cm.ko" ] && {
[ -d /sys/module/shortcut_fe_cm ] || insmod /lib/modules/$kernel_version/shortcut-fe-cm.ko
}
[ -e "/lib/modules/$kernel_version/fast-classifier.ko" ] && {
[ -d /sys/module/fast_classifier ] || insmod /lib/modules/$kernel_version/fast-classifier.ko
}
}
start() {
[ "$(have_cm)" = "0" ] && load_sfe
}
stop() {
[ -d "/sys/module/shortcut_fe_cm" ] && rmmod shortcut_fe_cm
[ -d "/sys/module/shortcut_fe_ipv6" ] && rmmod shortcut_fe_ipv6
[ -d "/sys/module/shortcut_fe" ] && rmmod shortcut_fe
[ -d "/sys/module/shortcut_fe_drv" ] && rmmod shortcut_fe_drv
[ -d "/sys/module/fast_classifier" ] && rmmod fast_classifier
}

35
shortcut-fe/shortcut-fe/files/usr/bin/sfe_dump Executable file
View file

@ -0,0 +1,35 @@
#!/bin/sh
#
# Copyright (c) 2015 The Linux Foundation. All rights reserved.
# Permission to use, copy, modify, and/or distribute this software for
# any purpose with or without fee is hereby granted, provided that the
# above copyright notice and this permission notice appear in all copies.
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#@sfe_dump
#@example : sfe_dump (ipv4|ipv6)
sfe_dump(){
[ -e "/dev/sfe_ipv4" ] || {
dev_num=$(cat /sys/sfe_ipv4/debug_dev)
mknod /dev/sfe_ipv4 c $dev_num 0
}
[ -e "/dev/sfe_ipv6" ] || {
dev_num=$(cat /sys/sfe_ipv6/debug_dev)
mknod /dev/sfe_ipv6 c $dev_num 0
}
cat /dev/sfe_$1
}
if [ -z "$1" ]; then
sfe_dump ipv4
sfe_dump ipv6
else
sfe_dump $1
fi

14
shortcut-fe/shortcut-fe/src/Kconfig Executable file
View file

@ -0,0 +1,14 @@
#
# Shortcut forwarding engine
#
config SHORTCUT_FE
tristate "Shortcut Forwarding Engine"
depends on NF_CONNTRACK
---help---
Shortcut is a fast in-kernel packet forwarding engine.
To compile this code as a module, choose M here: the module will be
called shortcut-fe.
If unsure, say N.

24
shortcut-fe/shortcut-fe/src/Makefile Executable file
View file

@ -0,0 +1,24 @@
#
# Makefile for Shortcut FE.
#
obj-m += shortcut-fe.o
ifdef SFE_SUPPORT_IPV6
obj-m += shortcut-fe-ipv6.o
endif
obj-m += shortcut-fe-cm.o
shortcut-fe-objs := \
sfe_ipv4.o
ifdef SFE_SUPPORT_IPV6
shortcut-fe-ipv6-objs := \
sfe_ipv6.o
endif
shortcut-fe-cm-objs := \
sfe_cm.o
ccflags-y += -Werror -Wall

114
shortcut-fe/shortcut-fe/src/sfe.h Executable file
View file

@ -0,0 +1,114 @@
/*
* sfe.h
* Shortcut forwarding engine.
*
* Copyright (c) 2013-2017 The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* The following are debug macros used throughout the SFE.
*
* The DEBUG_LEVEL enables the followings based on its value,
* when dynamic debug option is disabled.
*
* 0 = OFF
* 1 = ASSERTS / ERRORS
* 2 = 1 + WARN
* 3 = 2 + INFO
* 4 = 3 + TRACE
*/
#define DEBUG_LEVEL 2
#if (DEBUG_LEVEL < 1)
#define DEBUG_ASSERT(s, ...)
#define DEBUG_ERROR(s, ...)
#else
#define DEBUG_ASSERT(c, s, ...) if (!(c)) { pr_emerg("ASSERT: %s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__); BUG(); }
#define DEBUG_ERROR(s, ...) pr_err("%s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#endif
#if defined(CONFIG_DYNAMIC_DEBUG)
/*
* Compile messages for dynamic enable/disable
*/
#define DEBUG_WARN(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#define DEBUG_INFO(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#define DEBUG_TRACE(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#else
/*
* Statically compile messages at different levels
*/
#if (DEBUG_LEVEL < 2)
#define DEBUG_WARN(s, ...)
#else
#define DEBUG_WARN(s, ...) pr_warn("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#endif
#if (DEBUG_LEVEL < 3)
#define DEBUG_INFO(s, ...)
#else
#define DEBUG_INFO(s, ...) pr_notice("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#endif
#if (DEBUG_LEVEL < 4)
#define DEBUG_TRACE(s, ...)
#else
#define DEBUG_TRACE(s, ...) pr_info("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#endif
#endif
#ifdef CONFIG_NF_FLOW_COOKIE
typedef int (*flow_cookie_set_func_t)(u32 protocol, __be32 src_ip, __be16 src_port,
__be32 dst_ip, __be16 dst_port, u16 flow_cookie);
/*
* sfe_register_flow_cookie_cb
* register a function in SFE to let SFE use this function to configure flow cookie for a flow
*
* Hardware driver which support flow cookie should register a callback function in SFE. Then SFE
* can use this function to configure flow cookie for a flow.
* return: 0, success; !=0, fail
*/
int sfe_register_flow_cookie_cb(flow_cookie_set_func_t cb);
/*
* sfe_unregister_flow_cookie_cb
* unregister function which is used to configure flow cookie for a flow
*
* return: 0, success; !=0, fail
*/
int sfe_unregister_flow_cookie_cb(flow_cookie_set_func_t cb);
typedef int (*sfe_ipv6_flow_cookie_set_func_t)(u32 protocol, __be32 src_ip[4], __be16 src_port,
__be32 dst_ip[4], __be16 dst_port, u16 flow_cookie);
/*
* sfe_ipv6_register_flow_cookie_cb
* register a function in SFE to let SFE use this function to configure flow cookie for a flow
*
* Hardware driver which support flow cookie should register a callback function in SFE. Then SFE
* can use this function to configure flow cookie for a flow.
* return: 0, success; !=0, fail
*/
int sfe_ipv6_register_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb);
/*
* sfe_ipv6_unregister_flow_cookie_cb
* unregister function which is used to configure flow cookie for a flow
*
* return: 0, success; !=0, fail
*/
int sfe_ipv6_unregister_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb);
#endif /*CONFIG_NF_FLOW_COOKIE*/

195
shortcut-fe/shortcut-fe/src/sfe_backport.h Executable file
View file

@ -0,0 +1,195 @@
/*
* sfe_backport.h
* Shortcut forwarding engine compatible header file.
*
* Copyright (c) 2014-2016 The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0))
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0))
#include <net/netfilter/nf_conntrack_timeout.h>
#else
enum udp_conntrack {
UDP_CT_UNREPLIED,
UDP_CT_REPLIED,
UDP_CT_MAX
};
static inline unsigned int *
nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct,
struct nf_conntrack_l4proto *l4proto)
{
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
struct nf_conn_timeout *timeout_ext;
unsigned int *timeouts;
timeout_ext = nf_ct_timeout_find(ct);
if (timeout_ext)
timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
else
timeouts = l4proto->get_timeouts(net);
return timeouts;
#else
return l4proto->get_timeouts(net);
#endif /*CONFIG_NF_CONNTRACK_TIMEOUT*/
}
#endif /*KERNEL_VERSION(3, 7, 0)*/
#endif /*KERNEL_VERSION(3, 4, 0)*/
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
static unsigned int FN_NAME(void *priv, \
struct sk_buff *SKB, \
const struct nf_hook_state *state)
#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
static unsigned int FN_NAME(const struct nf_hook_ops *OPS, \
struct sk_buff *SKB, \
const struct net_device *UNUSED, \
const struct net_device *OUT, \
int (*OKFN)(struct sk_buff *))
#else
#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
static unsigned int FN_NAME(unsigned int HOOKNUM, \
struct sk_buff *SKB, \
const struct net_device *UNUSED, \
const struct net_device *OUT, \
int (*OKFN)(struct sk_buff *))
#endif
#define sfe_cm_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
sfe_define_post_routing_hook(__sfe_cm_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
#define sfe_cm_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
sfe_define_post_routing_hook(__sfe_cm_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
#define fast_classifier_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
sfe_define_post_routing_hook(__fast_classifier_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
#define fast_classifier_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
sfe_define_post_routing_hook(__fast_classifier_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \
{ \
.hook = fn, \
.pf = NFPROTO_IPV4, \
.hooknum = NF_INET_POST_ROUTING, \
.priority = NF_IP_PRI_NAT_SRC + 1, \
}
#else
#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \
{ \
.hook = fn, \
.owner = THIS_MODULE, \
.pf = NFPROTO_IPV4, \
.hooknum = NF_INET_POST_ROUTING, \
.priority = NF_IP_PRI_NAT_SRC + 1, \
}
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \
{ \
.hook = fn, \
.pf = NFPROTO_IPV6, \
.hooknum = NF_INET_POST_ROUTING, \
.priority = NF_IP_PRI_NAT_SRC + 1, \
}
#else
#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \
{ \
.hook = fn, \
.owner = THIS_MODULE, \
.pf = NFPROTO_IPV6, \
.hooknum = NF_INET_POST_ROUTING, \
.priority = NF_IP6_PRI_NAT_SRC + 1, \
}
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0))
#define SFE_NF_CT_DEFAULT_ZONE (&nf_ct_zone_dflt)
#else
#define SFE_NF_CT_DEFAULT_ZONE NF_CT_DEFAULT_ZONE
#endif
/*
* sfe_dev_get_master
* get master of bridge port, and hold it
*/
static inline struct net_device *sfe_dev_get_master(struct net_device *dev)
{
struct net_device *master;
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
rcu_read_lock();
master = netdev_master_upper_dev_get_rcu(dev);
if (master)
dev_hold(master);
rcu_read_unlock();
#else
master = dev->master;
if (master)
dev_hold(master);
#endif
return master;
}
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0))
#define SFE_DEV_EVENT_PTR(PTR) netdev_notifier_info_to_dev(PTR)
#else
#define SFE_DEV_EVENT_PTR(PTR) (struct net_device *)(PTR)
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
#define SFE_NF_CONN_ACCT(NM) struct nf_conn_acct *NM
#else
#define SFE_NF_CONN_ACCT(NM) struct nf_conn_counter *NM
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
#define SFE_ACCT_COUNTER(NM) ((NM)->counter)
#else
#define SFE_ACCT_COUNTER(NM) (NM)
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
#define sfe_hash_for_each_possible(name, obj, node, member, key) \
hash_for_each_possible(name, obj, member, key)
#else
#define sfe_hash_for_each_possible(name, obj, node, member, key) \
hash_for_each_possible(name, obj, node, member, key)
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
#define sfe_hash_for_each(name, bkt, node, obj, member) \
hash_for_each(name, bkt, obj, member)
#else
#define sfe_hash_for_each(name, bkt, node, obj, member) \
hash_for_each(name, bkt, node, obj, member)
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0))
#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, addr)
#else
static inline struct neighbour *
sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr)
{
struct neighbour *neigh = dst_get_neighbour_noref(dst);
if (neigh)
neigh_hold(neigh);
return neigh;
}
#endif

1210
shortcut-fe/shortcut-fe/src/sfe_cm.c Executable file
View file

File diff suppressed because it is too large Load diff

260
shortcut-fe/shortcut-fe/src/sfe_cm.h Executable file
View file

@ -0,0 +1,260 @@
/*
* sfe_cm.h
* Shortcut forwarding engine.
*
* Copyright (c) 2013-2016 The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* connection flags.
*/
#define SFE_CREATE_FLAG_NO_SEQ_CHECK BIT(0)
/* Indicates that we should not check sequence numbers */
#define SFE_CREATE_FLAG_REMARK_PRIORITY BIT(1)
/* Indicates that we should remark priority of skb */
#define SFE_CREATE_FLAG_REMARK_DSCP BIT(2)
/* Indicates that we should remark DSCP of packet */
/*
* IPv6 address structure
*/
struct sfe_ipv6_addr {
__be32 addr[4];
};
typedef union {
__be32 ip;
struct sfe_ipv6_addr ip6[1];
} sfe_ip_addr_t;
/*
* connection creation structure.
*/
struct sfe_connection_create {
int protocol;
struct net_device *src_dev;
struct net_device *dest_dev;
u32 flags;
u32 src_mtu;
u32 dest_mtu;
sfe_ip_addr_t src_ip;
sfe_ip_addr_t src_ip_xlate;
sfe_ip_addr_t dest_ip;
sfe_ip_addr_t dest_ip_xlate;
__be16 src_port;
__be16 src_port_xlate;
__be16 dest_port;
__be16 dest_port_xlate;
u8 src_mac[ETH_ALEN];
u8 src_mac_xlate[ETH_ALEN];
u8 dest_mac[ETH_ALEN];
u8 dest_mac_xlate[ETH_ALEN];
u8 src_td_window_scale;
u32 src_td_max_window;
u32 src_td_end;
u32 src_td_max_end;
u8 dest_td_window_scale;
u32 dest_td_max_window;
u32 dest_td_end;
u32 dest_td_max_end;
u32 mark;
#ifdef CONFIG_XFRM
u32 original_accel;
u32 reply_accel;
#endif
u32 src_priority;
u32 dest_priority;
u32 src_dscp;
u32 dest_dscp;
};
/*
* connection destruction structure.
*/
struct sfe_connection_destroy {
int protocol;
sfe_ip_addr_t src_ip;
sfe_ip_addr_t dest_ip;
__be16 src_port;
__be16 dest_port;
};
typedef enum sfe_sync_reason {
SFE_SYNC_REASON_STATS, /* Sync is to synchronize stats */
SFE_SYNC_REASON_FLUSH, /* Sync is to flush a entry */
SFE_SYNC_REASON_DESTROY /* Sync is to destroy a entry(requested by connection manager) */
} sfe_sync_reason_t;
/*
* Structure used to sync connection stats/state back within the system.
*
* NOTE: The addresses here are NON-NAT addresses, i.e. the true endpoint addressing.
* 'src' is the creator of the connection.
*/
struct sfe_connection_sync {
struct net_device *src_dev;
struct net_device *dest_dev;
int is_v6; /* Is it for ipv6? */
int protocol; /* IP protocol number (IPPROTO_...) */
sfe_ip_addr_t src_ip; /* Non-NAT source address, i.e. the creator of the connection */
sfe_ip_addr_t src_ip_xlate; /* NATed source address */
__be16 src_port; /* Non-NAT source port */
__be16 src_port_xlate; /* NATed source port */
sfe_ip_addr_t dest_ip; /* Non-NAT destination address, i.e. to whom the connection was created */
sfe_ip_addr_t dest_ip_xlate; /* NATed destination address */
__be16 dest_port; /* Non-NAT destination port */
__be16 dest_port_xlate; /* NATed destination port */
u32 src_td_max_window;
u32 src_td_end;
u32 src_td_max_end;
u64 src_packet_count;
u64 src_byte_count;
u32 src_new_packet_count;
u32 src_new_byte_count;
u32 dest_td_max_window;
u32 dest_td_end;
u32 dest_td_max_end;
u64 dest_packet_count;
u64 dest_byte_count;
u32 dest_new_packet_count;
u32 dest_new_byte_count;
u32 reason; /* reason for stats sync message, i.e. destroy, flush, period sync */
u64 delta_jiffies; /* Time to be added to the current timeout to keep the connection alive */
};
/*
* connection mark structure
*/
struct sfe_connection_mark {
int protocol;
sfe_ip_addr_t src_ip;
sfe_ip_addr_t dest_ip;
__be16 src_port;
__be16 dest_port;
u32 mark;
};
/*
* Expose the hook for the receive processing.
*/
extern int (*athrs_fast_nat_recv)(struct sk_buff *skb);
/*
* Expose what should be a static flag in the TCP connection tracker.
*/
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 15, 0)
extern int nf_ct_tcp_no_window_check;
#endif
/*
* This callback will be called in a timer
* at 100 times per second to sync stats back to
* Linux connection track.
*
* A RCU lock is taken to prevent this callback
* from unregistering.
*/
typedef void (*sfe_sync_rule_callback_t)(struct sfe_connection_sync *);
/*
* IPv4 APIs used by connection manager
*/
int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb);
int sfe_ipv4_create_rule(struct sfe_connection_create *sic);
void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid);
void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev);
void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t callback);
void sfe_ipv4_update_rule(struct sfe_connection_create *sic);
void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark);
#ifdef SFE_SUPPORT_IPV6
/*
* IPv6 APIs used by connection manager
*/
int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb);
int sfe_ipv6_create_rule(struct sfe_connection_create *sic);
void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid);
void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev);
void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback);
void sfe_ipv6_update_rule(struct sfe_connection_create *sic);
void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark);
#else
static inline int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb)
{
return 0;
}
static inline int sfe_ipv6_create_rule(struct sfe_connection_create *sic)
{
return 0;
}
static inline void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid)
{
return;
}
static inline void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev)
{
return;
}
static inline void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback)
{
return;
}
static inline void sfe_ipv6_update_rule(struct sfe_connection_create *sic)
{
return;
}
static inline void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark)
{
return;
}
#endif
/*
* sfe_ipv6_addr_equal()
* compare ipv6 address
*
* return: 1, equal; 0, no equal
*/
static inline int sfe_ipv6_addr_equal(struct sfe_ipv6_addr *a,
struct sfe_ipv6_addr *b)
{
return a->addr[0] == b->addr[0] &&
a->addr[1] == b->addr[1] &&
a->addr[2] == b->addr[2] &&
a->addr[3] == b->addr[3];
}
/*
* sfe_ipv4_addr_equal()
* compare ipv4 address
*
* return: 1, equal; 0, no equal
*/
#define sfe_ipv4_addr_equal(a, b) ((u32)(a) == (u32)(b))
/*
* sfe_addr_equal()
* compare ipv4 or ipv6 address
*
* return: 1, equal; 0, no equal
*/
static inline int sfe_addr_equal(sfe_ip_addr_t *a,
sfe_ip_addr_t *b, int is_v4)
{
return is_v4 ? sfe_ipv4_addr_equal(a->ip, b->ip) : sfe_ipv6_addr_equal(a->ip6, b->ip6);
}

3618
shortcut-fe/shortcut-fe/src/sfe_ipv4.c Executable file
View file

File diff suppressed because it is too large Load diff

3625
shortcut-fe/shortcut-fe/src/sfe_ipv6.c Executable file
View file

File diff suppressed because it is too large Load diff

60
shortcut-fe/simulated-driver/Makefile Executable file
View file

@ -0,0 +1,60 @@
#
# Copyright (c) 2015,2016 The Linux Foundation. All rights reserved.
# Permission to use, copy, modify, and/or distribute this software for
# any purpose with or without fee is hereby granted, provided that the
# above copyright notice and this permission notice appear in all copies.
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=shortcut-fe-simulated-driver
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/shortcut-fe.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2021-03-17
PKG_SOURCE_VERSION:=697977d8d0ccf0ab596e5692d08608a75dd7f33d
PKG_MIRROR_HASH:=659fa82a431e15af797a6c7069faeee02810453ad8b576c51c29f95a1761a045
include $(INCLUDE_DIR)/package.mk
define KernelPackage/shortcut-fe-drv
SECTION:=kernel
CATEGORY:=Kernel modules
SUBMENU:=Network Support
DEPENDS:=@TARGET_ipq806x||TARGET_ipq807x +kmod-shortcut-fe
KCONFIG:= \
CONFIG_NET_CLS_ACT=y \
CONFIG_XFRM=y
TITLE:=Simulated sfe driver for ECM
FILES:=$(PKG_BUILD_DIR)/simulated-driver/shortcut-fe-drv.ko
endef
define KernelPackage/shortcut-fe-drv/Description
Simulated sfe driver which act as an adapter to convert message
between a connection manager and the SFE core engine.
endef
define Build/Compile
$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
$(KERNEL_MAKE_FLAGS) \
$(PKG_MAKE_FLAGS) \
M="$(PKG_BUILD_DIR)/simulated-driver" \
EXTRA_CFLAGS="-DSFE_SUPPORT_IPV6" \
modules
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/shortcut-fe
$(CP) -rf $(PKG_BUILD_DIR)/simulated-driver/sfe_drv.h $(1)/usr/include/shortcut-fe
endef
$(eval $(call KernelPackage,shortcut-fe-drv))

11
shortcut-fe/simulated-driver/patches/200-nss-qdisc-support.patch Executable file
View file

@ -0,0 +1,11 @@
--- ./simulated-driver/sfe_drv.c.orig 2020-06-16 12:49:47.680153371 +0800
+++ ./simulated-driver/sfe_drv.c 2020-06-16 12:50:18.540153371 +0800
@@ -1167,7 +1167,7 @@ int sfe_drv_recv(struct sk_buff *skb)
* If ingress Qdisc configured, and packet not processed by ingress Qdisc yet
* We can not accelerate this packet.
*/
- if (dev->ingress_queue && !(skb->tc_verd & TC_NCLS)) {
+ if (dev->ingress_queue && !(skb->tc_verd_qca_nss & TC_NCLS)) {
return 0;
}
#endif

66
upx/Makefile Executable file
View file

@ -0,0 +1,66 @@
#
# Copyright (C) 2011-2020 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=upx
PKG_RELEASE:=1
PKG_MAINTAINER:=Xingwang Liao <kuoruan@gmail.com>
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING LICENSE
PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2022-01-15
PKG_SOURCE_VERSION:=1050de5171f70fd4ba113016e4db994e898c7be3
PKG_SOURCE_URL:=https://github.com/upx/upx.git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
HOST_BUILD_DEPENDS:=ucl/host
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/package.mk
define Host/Compile
UPX_UCLDIR=$(STAGING_DIR_HOST) \
$(MAKE) -C $(HOST_BUILD_DIR)/src \
CXXFLAGS_WERROR="" LDFLAGS="$(HOST_LDFLAGS)" \
CXX="$(HOSTCXX)"
endef
define Host/Install
$(CP) $(HOST_BUILD_DIR)/src/upx.out $(STAGING_DIR_HOST)/bin/upx
endef
define Host/Clean
rm -f $(STAGING_DIR_HOST)/bin/upx
endef
define Package/upx
SECTION:=utils
CATEGORY:=Utilities
DEPENDS:=+libucl +libstdcpp +zlib
TITLE:=The Ultimate Packer for eXecutables
URL:=https://upx.github.io/
endef
define Package/upx/description
UPX is a free, portable, extendable, high-performance executable packer for
several different executable formats. It achieves an excellent compression ratio
and offers very fast decompression. Your executables suffer no memory overhead
or other drawbacks for most of the formats supported, because of in-place
decompression.
endef
MAKE_PATH := src
define Package/upx/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/upx.out $(1)/usr/bin/upx
endef
$(eval $(call HostBuild))
$(eval $(call BuildPackage,upx))

2
v2ray-ext/Makefile
View file

@ -25,7 +25,7 @@ GO_PKG:=v2ray.com/ext
GO_PKG_SOURCE_ONLY:=1
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/openmptcprouter/golang/golang-package.mk
include ../golang/golang-package.mk
define Package/v2ray-ext-dev
$(call GoPackage/GoSubMenu)