diff --git a/luci-app-omr-bypass/Makefile b/luci-app-omr-bypass/Makefile index 8d166a2e4..2969ef549 100644 --- a/luci-app-omr-bypass/Makefile +++ b/luci-app-omr-bypass/Makefile @@ -9,7 +9,8 @@ LUCI_TITLE:=LuCI Interface to bypass domains #LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +(LINUX_5_4||LINUX_5_15||TARGET_x86_64):iptables-mod-ndpi +iptables-mod-extra +(LINUX_5_4||LINUX_5_15||TARGET_x86_64):kmod-ipt-ndpi +iptables LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +iptables-mod-extra +iptables +sqlite3-cli ifneq ($(CONFIG_TARGET_ramips),) - LUCI_DEPENDS+=+(LINUX_5_4||LINUX_5_15):iptables-mod-ndpi +(LINUX_5_4||LINUX_5_15):kmod-ipt-ndpi + #LUCI_DEPENDS+=+(LINUX_5_4||LINUX_5_15):iptables-mod-ndpi +(LINUX_5_4||LINUX_5_15):kmod-ipt-ndpi + LUCI_DEPENDS+=+iptables-mod-ndpi +kmod-ipt-ndpi endif diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile index 7eee4b671..81a815641 100644 --- a/ndpi-netfilter2/Makefile +++ b/ndpi-netfilter2/Makefile @@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=ndpi-netfilter2 PKG_RELEASE:=4 -PKG_REV:=fbb2104d125a13db3b8c7fdc34ea0e3fcfe92d12 +PKG_REV:=3deea541af037b663b1b83a055b80d9a06a0afd2 PKG_VERSION:=4-$(PKG_REV) PKG_SOURCE_PROTO:=git @@ -21,6 +21,7 @@ PKG_SOURCE_URL:=https://github.com/vel21ripn/nDPI.git PKG_SOURCE_VERSION:=$(PKG_REV) PKG_BUILD_PARALLEL:=0 +PKG_FORTIFY_SOURCE:=0 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) @@ -34,7 +35,8 @@ define Package/iptables-mod-ndpi URL:=http://www.ntop.org/products/ndpi/ # DEPENDS:=+iptables +iptables-mod-conntrack-extra +kmod-ipt-ndpi +libpcap # DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) - DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15) +# DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15) @!TARGET_ramips + DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @!TARGET_ramips MAINTAINER:=Ycarus (Yannick Chabanois) endef @@ -50,7 +52,7 @@ MAKE_PATH:=ndpi-netfilter MAKE_FLAGS += \ KERNEL_DIR="$(LINUX_DIR)" \ MODULES_DIR="$(TARGET_MODULES_DIR)" \ - NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter \ + NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter ifeq ($ARCH),aarch64) MAKE_FLAGS += ARCH="arm64" @@ -74,14 +76,15 @@ define KernelPackage/ipt-ndpi SUBMENU:=Netfilter Extensions TITLE:= nDPI net netfilter module # DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) - DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15) +# DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15) @!TARGET_ramips + DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @!TARGET_ramips KCONFIG:=CONFIG_NF_CONNTRACK_LABELS=y \ CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y FILES:= $(PKG_BUILD_DIR)/ndpi-netfilter/src/xt_ndpi.ko AUTOLOAD:=$(call AutoProbe,xt_ndpi) # MODPARAMS.xt_ndpi:=ndpi_enable_flow=1 KCONFIG:=\ - CONFIG_LIVEPATCH=y \ + CONFIG_NDPI_HOOK=y \ CONFIG_NF_CONNTRACK=y \ CONFIG_NF_CONNTRACK_LABELS=y \ CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y \ diff --git a/ndpi-netfilter2/patches/002-no-livepatch-required.patch b/ndpi-netfilter2/patches/002-no-livepatch-required.patch new file mode 100644 index 000000000..a97f001b2 --- /dev/null +++ b/ndpi-netfilter2/patches/002-no-livepatch-required.patch @@ -0,0 +1,190 @@ +From 9e2bc31b8c330dc6ad0e6e478103652cd72dc3c8 Mon Sep 17 00:00:00 2001 +From: Sebastian Gottschall +Date: Sun, 9 Jul 2023 12:22:02 +0600 +Subject: [PATCH] add ndpi support for arm/arm64 etc. in 6.1 + +ndpi is not supported in more recent kernels without livepatch support +however. livepatch is only supported for x86_64 architectures. +so ndpi cannot be used on any other platform anymore. +we solve this by adding a simple hook to nf_ct_destroy + +Signed-off-by: Sebastian Gottschall +--- + ndpi-netfilter/kernel-patch/v6.1.38.diff | 81 ++++++++++++++++++++++++ + ndpi-netfilter/src/main.c | 23 +++++-- + 2 files changed, 98 insertions(+), 6 deletions(-) + create mode 100644 ndpi-netfilter/kernel-patch/v6.1.38.diff + +diff --git a/ndpi-netfilter/kernel-patch/v6.1.38.diff b/ndpi-netfilter/kernel-patch/v6.1.38.diff +new file mode 100644 +index 0000000000..6846dc84fc +--- /dev/null ++++ b/ndpi-netfilter/kernel-patch/v6.1.38.diff +@@ -0,0 +1,81 @@ ++diff -urpN linux-6.1.38.old/include/net/netfilter/nf_conntrack.h linux-6.1.38/include/net/netfilter/nf_conntrack.h ++--- linux-6.1.38.old/include/net/netfilter/nf_conntrack.h 2023-07-05 23:27:38.000000000 +0600 +++++ linux-6.1.38/include/net/netfilter/nf_conntrack.h 2023-07-14 12:34:56.663750711 +0600 ++@@ -362,6 +362,11 @@ static inline struct nf_conntrack_net *n ++ return net_generic(net, nf_conntrack_net_id); ++ } ++ +++#ifdef CONFIG_NDPI_HOOK +++void register_ndpi_hook(void (*hook)(struct nf_conn *)); +++void unregister_ndpi_hook(void); +++#endif +++ ++ #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count) ++ #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count) ++ #define NF_CT_STAT_ADD_ATOMIC(net, count, v) this_cpu_add((net)->ct.stat->count, (v)) ++diff -urpN linux-6.1.38.old/net/netfilter/Kconfig linux-6.1.38/net/netfilter/Kconfig ++--- linux-6.1.38.old/net/netfilter/Kconfig 2023-07-05 23:27:38.000000000 +0600 +++++ linux-6.1.38/net/netfilter/Kconfig 2023-07-14 12:34:11.966879899 +0600 ++@@ -76,11 +76,15 @@ config NETFILTER_NETLINK_OSF ++ If this option is enabled, the kernel will include support ++ for passive OS fingerprint via NFNETLINK. ++ +++config NDPI_HOOK +++ bool +++ ++ config NF_CONNTRACK ++ tristate "Netfilter connection tracking support" ++ default m if NETFILTER_ADVANCED=n ++ select NF_DEFRAG_IPV4 ++ select NF_DEFRAG_IPV6 if IPV6 != n +++ select NDPI_HOOK ++ help ++ Connection tracking keeps a record of what packets have passed ++ through your machine, in order to figure out how they are related ++diff -urpN linux-6.1.38.old/net/netfilter/nf_conntrack_core.c linux-6.1.38/net/netfilter/nf_conntrack_core.c ++--- linux-6.1.38.old/net/netfilter/nf_conntrack_core.c 2023-07-05 23:27:38.000000000 +0600 +++++ linux-6.1.38/net/netfilter/nf_conntrack_core.c 2023-07-14 12:33:45.580092713 +0600 ++@@ -582,9 +582,30 @@ static void destroy_gre_conntrack(struct ++ #endif ++ } ++ +++#ifdef CONFIG_NDPI_HOOK +++ +++static void (*ndpi_hook)(struct nf_conn *) __rcu __read_mostly = NULL; +++ +++void register_ndpi_hook(void (*hook)(struct nf_conn *)) +++{ +++ rcu_assign_pointer(ndpi_hook, hook); +++} +++EXPORT_SYMBOL(register_ndpi_hook); +++ +++void unregister_ndpi_hook(void) +++{ +++ rcu_assign_pointer(ndpi_hook, NULL); +++} +++ +++EXPORT_SYMBOL(unregister_ndpi_hook); +++#endif +++ ++ void nf_ct_destroy(struct nf_conntrack *nfct) ++ { ++ struct nf_conn *ct = (struct nf_conn *)nfct; +++#ifdef CONFIG_NDPI_HOOK +++ void (*hook)(struct nf_conn *); +++#endif ++ ++ pr_debug("%s(%p)\n", __func__, ct); ++ WARN_ON(refcount_read(&nfct->use) != 0); ++@@ -594,6 +615,12 @@ void nf_ct_destroy(struct nf_conntrack * ++ return; ++ } ++ +++#ifdef CONFIG_NDPI_HOOK +++ hook = rcu_dereference(ndpi_hook); +++ if (hook) +++ hook(ct); +++#endif +++ ++ if (unlikely(nf_ct_protonum(ct) == IPPROTO_GRE)) ++ destroy_gre_conntrack(ct); ++ +diff --git a/ndpi-netfilter/src/main.c b/ndpi-netfilter/src/main.c +index 024ca4bb79..e8ae3912d7 100644 +--- a/ndpi-netfilter/src/main.c ++++ b/ndpi-netfilter/src/main.c +@@ -102,7 +102,9 @@ static char proto_name[]="proto"; + static char debug_name[]="debug"; + static char risk_name[]="risks"; + +-#if LINUX_VERSION_CODE > KERNEL_VERSION(5,19,0) ++#ifdef CONFIG_NDPI_HOOK ++#define USE_NDPI_HOOK ++#elif LINUX_VERSION_CODE > KERNEL_VERSION(5,19,0) + #ifndef USE_LIVEPATCH + #define USE_LIVEPATCH + #endif +@@ -162,15 +164,17 @@ static inline const struct net_device *xt_out(const struct xt_action_param *par) + // for testing only! + // #define USE_CONNLABELS + +-#if !defined(USE_CONNLABELS) && defined(CONFIG_NF_CONNTRACK_CUSTOM) && CONFIG_NF_CONNTRACK_CUSTOM > 0 ++#if !defined(USE_CONNLABELS) && !defined(USE_NDPI_HOOK) && defined(CONFIG_NF_CONNTRACK_CUSTOM) && CONFIG_NF_CONNTRACK_CUSTOM > 0 + #define NF_CT_CUSTOM + #else ++#ifndef USE_NDPI_HOOK + #undef NF_CT_CUSTOM + #include + #ifndef CONFIG_NF_CONNTRACK_LABELS + #error NF_CONNTRACK_LABELS not defined + #endif + #endif ++#endif + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,0) + #define nf_ct_l3proto_try_module_get(a) 0 +@@ -3187,7 +3191,7 @@ static int __net_init ndpi_net_init(struct net *net) + return -ENOMEM; + } + +-#ifndef USE_LIVEPATCH ++#if !defined(USE_LIVEPATCH) && !defined(USE_NDPI_HOOK) + static struct nf_ct_ext_type ndpi_extend = { + #if LINUX_VERSION_CODE < KERNEL_VERSION(4,8,0) + .seq_print = seq_print_ndpi, +@@ -3197,7 +3201,7 @@ static struct nf_ct_ext_type ndpi_extend = { + .align = __alignof__(uint32_t), + .id = 0, + }; +-#else ++#elif !defined(USE_NDPI_HOOK) + + #if LINUX_VERSION_CODE < KERNEL_VERSION(5,17,0) + #error "not implemented" +@@ -3266,6 +3270,8 @@ static int __init ndpi_mt_init(void) + return -EBUSY; + } + nf_ct_ext_id_ndpi = ndpi_extend.id; ++#elif defined(USE_NDPI_HOOK) ++ register_ndpi_hook(&nf_ndpi_free_flow); + #else + #ifdef USE_LIVEPATCH + nf_ct_ext_id_ndpi = NF_CT_EXT_LABELS; +@@ -3389,8 +3395,11 @@ static int __init ndpi_mt_init(void) + unreg_pernet: + unregister_pernet_subsys(&ndpi_net_ops); + unreg_ext: +-#ifndef USE_LIVEPATCH ++#if !defined(USE_LIVEPATCH) && !defined(USE_NDPI_HOOK) + nf_ct_extend_unregister(&ndpi_extend); ++#endif ++#if defined(USE_NDPI_HOOK) ++ unregister_ndpi_hook(); + #endif + return ret; + } +@@ -3401,8 +3410,10 @@ static void __exit ndpi_mt_exit(void) + xt_unregister_target(&ndpi_tg_reg); + xt_unregister_match(&ndpi_mt_reg); + unregister_pernet_subsys(&ndpi_net_ops); +-#ifndef USE_LIVEPATCH ++#if !defined(USE_LIVEPATCH) && !defined(USE_NDPI_HOOK) + nf_ct_extend_unregister(&ndpi_extend); ++#elif defined(USE_NDPI_HOOK) ++ unregister_ndpi_hook(); + #else + rcu_assign_pointer(nf_conntrack_destroy_cb,NULL); + #endif diff --git a/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch b/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch new file mode 100644 index 000000000..b72b4271f --- /dev/null +++ b/ndpi-netfilter2/patches/003-bittorrent-compilation-remove-ipv6.patch @@ -0,0 +1,237 @@ +--- a/src/lib/protocols/bittorrent.c.old 2023-07-15 11:45:44.566446059 +0200 ++++ b/src/lib/protocols/bittorrent.c 2023-07-15 11:49:25.498828807 +0200 +@@ -263,19 +263,6 @@ + return key % (size-1); + } + +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +-static inline u_int32_t hash_calc6(ndpi_ip_addr_t *ip,u_int16_t port,u_int32_t size) { +- u_int32_t M,I; +- u_int8_t *ipp = (u_int8_t *)&I; +- u_int32_t key; +- M=103; +- I = ip->ipv6.u6_addr.u6_addr32[0] + ip->ipv6.u6_addr.u6_addr32[1] + ip->ipv6.u6_addr.u6_addr32[2] + ip->ipv6.u6_addr.u6_addr32[3]; +- key = (((ipp[0] * M) + ipp[1] * M) + ipp[2]) * M +ipp[3]; +- ipp = (u_int8_t *)&port; +- key = ((key * M) + ipp[0] * M) + ipp[1]; +- return key % (size-1); +-} +-#endif + + // ndpi_ip_addr_t + static struct hash_ip4p_node *hash_ip4p_add(struct hash_ip4p_table *ht, +@@ -283,9 +270,6 @@ + struct hash_ip4p_node *n,*t; + + u_int32_t key = +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- ht->ipv6 ? hash_calc6(ip,port,ht->size) : +-#endif + hash_calc(ip,port,ht->size); + + n = NULL; +@@ -293,22 +277,6 @@ + spin_lock(&ht->tbl[key].lock); + + n = ht->tbl[key].top; +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- if(ht->ipv6) { +- while(n) { +- if(!memcmp(&n->ip,ip->ipv6.u6_addr.u6_addr8,16) && n->port == port) { +- n->lchg = lchg; +- n->flag |= flag; +- move_up(&ht->tbl[key],n); +- goto unlock; +- } +- n = n->next; +- } +- n = BT_N_MALLOC(sizeof(struct hash_ip4p_node)+12); +- if(!n) goto unlock; +- memcpy(&n->ip,ip->ipv6.u6_addr.u6_addr8,16); +- } else { +-#endif + while(n) { + if(n->ip == ip->ipv4 && n->port == port) { + n->lchg = lchg; +@@ -321,9 +289,6 @@ + n = BT_N_MALLOC(sizeof(struct hash_ip4p_node)); + if(!n) goto unlock; + n->ip = ip->ipv4; +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- } +-#endif + t = ht->tbl[key].top; + n->next = t; + n->prev = NULL; +@@ -347,31 +312,16 @@ + struct hash_ip4p_node *n; + + u_int16_t key = +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- ht->ipv6 ? hash_calc6(ip,port,ht->size) : +-#endif + hash_calc(ip,port,ht->size); + + n = NULL; + spin_lock(&ht->tbl[key].lock); + + n = ht->tbl[key].top; +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- if(ht->ipv6) { +- while(n) { +- if(!memcmp(&n->ip,ip->ipv6.u6_addr.u6_addr8,16) && n->port == port) +- break; +- n = n->next; +- } +- } else { +-#endif + while(n) { + if(n->ip == ip->ipv4 && n->port == port) break; + n = n->next; + } +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- } +-#endif + if(n) { + #ifdef __KERNEL__ + diagram(ndpi_btp_tm,sizeof(ndpi_btp_tm)/sizeof(ndpi_btp_tm[0]),lchg - n->lchg); +@@ -805,13 +755,6 @@ + u_int16_t s_port = packet->udp ? packet->udp->source : + packet->tcp ? packet->tcp->source : 0; + +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- if(packet->iphv6) +- bt_add_announce(ndpi_struct, +- ndpi_struct->bt_ann, ndpi_struct->bt_ann_len, +- 1, (ndpi_ip_addr_t *)&packet->iphv6->ip6_src, +- s_port, &x.p,p_now); +-#endif + if(packet->iph) + bt_add_announce(ndpi_struct, + ndpi_struct->bt_ann, ndpi_struct->bt_ann_len, +@@ -819,39 +762,6 @@ + s_port, &x.p,p_now); + } + #endif +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +-if(packet->iphv6 && ndpi_struct->bt6_ht) { +-NDPI_LOG_DBG2(ndpi_struct, +- "BT: detected valid DHT6 %d %d\n", +- x.p.r.nn6,x.p.r.nv6); +-#ifndef __KERNEL__ +-if(bt_parse_debug) dump_bt_proto_struct(&x.p); +-#endif +- if(x.p.r.nodes6 && x.p.r.nn6) { +- struct bt_nodes6_data *n = x.p.r.nodes6; +- for(i=0; i < x.p.r.nn6; i++,n++) { +- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&n->ip,n->port,p_now,0x2); +- +- NDPI_LOG_DBG2(ndpi_struct, +- "BT: nodes6 add DHT peer %s:%d\n", +- inet_ntop(AF_INET6,(void *)&n->ip, ip6buf,sizeof(ip6buf)), +- htons(n->port)); +- } +- } +- if(x.p.r.values6 && x.p.r.nv6) { +- struct bt_ipv6p2 *n = (struct bt_ipv6p2 *)x.p.r.values6; +- for(i=0; i < x.p.r.nv6; i++,n++) { +- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&n->d.ip,n->d.port,p_now,0x4); +- +- NDPI_LOG_DBG2(ndpi_struct, +- "BT: values6 add DHT peer %s:%d\n", +- inet_ntop(AF_INET6,(void *)&n->d.ip, ip6buf,sizeof(ip6buf)), +- htons(n->d.port)); +- } +- } +- return r >= 0; +-} +-#endif + + if(!ndpi_struct->bt_ht) return r >= 0; + +@@ -899,16 +809,6 @@ + static void ndpi_bt_add_peer_cache(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_packet_struct *packet, uint16_t p_src, uint16_t p_dst) { + +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- if(ndpi_struct->bt6_ht && packet->iphv6) { +- if(packet->packet_direction) +- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_src, +- p_src, packet->current_time,1); +- else +- hash_ip4p_add(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_dst, +- p_dst, packet->current_time,1); +- } else +-#endif + if(ndpi_struct->bt_ht && packet->iph) { + if(packet->packet_direction) + hash_ip4p_add(ndpi_struct->bt_ht,(ndpi_ip_addr_t *)&packet->iph->saddr, +@@ -1073,19 +973,6 @@ + if(!packet->tcp) return 0; + source = packet->tcp->source; + dest = packet->tcp->dest; +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- if(ndpi_struct->bt6_ht && packet->iphv6) { +- f1 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_src,source, +- packet->current_time); +- f2 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_dst,dest, +- packet->current_time); +-#ifdef __KERNEL__ +- if(f1) ndpi_ptss++; +- if(f2) ndpi_ptdd++; +-#endif +- return f1 != NULL || f2 != NULL; +- } +-#endif + if(ndpi_struct->bt_ht && packet->iph) { + f1 = hash_ip4p_find(ndpi_struct->bt_ht,(ndpi_ip_addr_t *)&packet->iph->saddr,source, + packet->current_time); +@@ -1110,23 +997,6 @@ + if(!packet->udp) return 0; + source = packet->udp->source; + dest = packet->udp->dest; +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- if(ndpi_struct->bt6_ht && packet->iphv6) { +- f1 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_src,source, +- packet->current_time); +- f2 = hash_ip4p_find(ndpi_struct->bt6_ht,(ndpi_ip_addr_t *)&packet->iphv6->ip6_dst,dest, +- packet->current_time); +-#ifdef __KERNEL__ +- if(f1) { +- DIRC(ndpi_pusr,ndpi_pusf); +- } +- if(f2) { +- DIRC(ndpi_pudr,ndpi_pudf); +- } +-#endif +- return f1 != NULL || f2 != NULL; +- } +-#endif + if(ndpi_struct->bt_ht && packet->iph) { + f1 = hash_ip4p_find(ndpi_struct->bt_ht,(ndpi_ip_addr_t *)&packet->iph->saddr,source, + packet->current_time); +@@ -1653,11 +1523,6 @@ + u_int32_t size,u_int32_t size6,u_int32_t tmo,int logsize) { + + ndpi_struct->bt_ht = hash_ip4p_init(size); +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +- ndpi_struct->bt6_ht = hash_ip4p_init(size6); +- if(ndpi_struct->bt6_ht) +- ndpi_struct->bt6_ht->ipv6=1; +-#endif + ndpi_bt_node_expire = tmo; + #ifdef BT_ANNOUNCE + if(logsize > 0) { +@@ -1679,12 +1544,6 @@ + hash_ip4p_del(ndpi_struct->bt_ht); + ndpi_struct->bt_ht = NULL; + } +-#ifdef NDPI_DETECTION_SUPPORT_IPV6 +-if(ndpi_struct->bt6_ht) { +- hash_ip4p_del(ndpi_struct->bt6_ht); +- ndpi_struct->bt6_ht = NULL; +-} +-#endif + } + + void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/ndpi-netfilter2/patches/outline-atomics.patch b/ndpi-netfilter2/patches/outline-atomics.patch index 72dace62c..8055bd41a 100644 --- a/ndpi-netfilter2/patches/outline-atomics.patch +++ b/ndpi-netfilter2/patches/outline-atomics.patch @@ -7,7 +7,7 @@ +cc-option = $(shell if $(CC) -Werror $(1) -S -o /dev/null -xc /dev/null \ + > /dev/null 2>&1; then echo "$(1)"; else echo "$(2)"; fi ;) +mno_outline_atomics := $(call cc-option, -mno-outline-atomics, "") -+ccflags-y += $(mno_outline_atomics) ++ccflags-y += $(mno_outline_atomics) -Wframe-larger-than=2600 #ccflags-y += -Wshadow-local # Needed for pahole #ccflags-y += -femit-struct-debug-detailed=any diff --git a/ndpi-netfilter2/patches/skbuff-check_fix.patch b/ndpi-netfilter2/patches/skbuff-check_fix.patch index f5fe4defc..f089d87e1 100644 --- a/ndpi-netfilter2/patches/skbuff-check_fix.patch +++ b/ndpi-netfilter2/patches/skbuff-check_fix.patch @@ -4,8 +4,8 @@ KERNEL_DIR := /lib/modules/$(shell uname -r)/build endif --ifeq ($(shell test -f $(KERNEL_DIR)/source/include/linux/skbuff.h && grep -qc userid $(KERNEL_DIR)/source/include/linux/skbuff.h),1) -+ifeq ($(shell test -f $(KERNEL_DIR)/include/linux/skbuff.h && shell grep -qc userid $(KERNEL_DIR)/include/linux/skbuff.h),1) +-ifeq ($(shell test -f $(KERNEL_DIR)/source/include/linux/skbuff.h && grep -c userid $(KERNEL_DIR)/source/include/linux/skbuff.h),1) ++ifeq ($(shell test -f $(KERNEL_DIR)/include/linux/skbuff.h && shell grep -c userid $(KERNEL_DIR)/include/linux/skbuff.h),1) ccflags-y += -DUSE_HACK_USERID=1 endif