From 19e0b5aab292602c09e89b03f608397568532515 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 26 Apr 2023 20:26:54 +0200 Subject: [PATCH 1/7] Limit shortcut-fe to 5.4 kernel --- shortcut-fe/Makefile | 4 ++-- simulated-driver/Makefile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/shortcut-fe/Makefile b/shortcut-fe/Makefile index dd53042e5..5b03b9d76 100644 --- a/shortcut-fe/Makefile +++ b/shortcut-fe/Makefile @@ -24,7 +24,7 @@ define KernelPackage/shortcut-fe SECTION:=kernel CATEGORY:=Kernel modules SUBMENU:=Network Support - DEPENDS:=@IPV6 +kmod-nf-conntrack + DEPENDS:=@KERNEL_5_4 @IPV6 +kmod-nf-conntrack TITLE:=Kernel driver for SFE FILES:= \ $(PKG_BUILD_DIR)/shortcut-fe.ko \ @@ -53,7 +53,7 @@ define KernelPackage/shortcut-fe-cm SECTION:=kernel CATEGORY:=Kernel modules SUBMENU:=Network Support - DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe + DEPENDS:=@KERNEL_5_4 +kmod-ipt-conntrack +kmod-shortcut-fe TITLE:=Kernel driver for SFE FILES:=$(PKG_BUILD_DIR)/shortcut-fe-cm.ko KCONFIG:= \ diff --git a/simulated-driver/Makefile b/simulated-driver/Makefile index ecf9c41bd..7dcb320d9 100644 --- a/simulated-driver/Makefile +++ b/simulated-driver/Makefile @@ -18,7 +18,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=shortcut-fe-simulated-driver PKG_RELEASE:=1 -PKG_SOURCE_URL:=https://source.codeaurora.org/quic/qsdk/oss/lklm/shortcut-fe +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/shortcut-fe.git PKG_SOURCE_PROTO:=git PKG_SOURCE_DATE:=2021-03-17 PKG_SOURCE_VERSION:=697977d8d0ccf0ab596e5692d08608a75dd7f33d @@ -30,7 +30,7 @@ define KernelPackage/shortcut-fe-drv SECTION:=kernel CATEGORY:=Kernel modules SUBMENU:=Network Support - DEPENDS:=@TARGET_ipq806x||TARGET_ipq807x +kmod-shortcut-fe + DEPENDS:=@KERNEL_5_4 @TARGET_ipq806x||TARGET_ipq807x +kmod-shortcut-fe KCONFIG:= \ CONFIG_NET_CLS_ACT=y \ CONFIG_XFRM=y From 87f4bf706996f6dc8fc967ee75891fed11dc7ed8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 28 Apr 2023 08:50:09 +0200 Subject: [PATCH 2/7] Disable ndpi-netfilter2 on 6.1 for now --- luci-app-omr-bypass/Makefile | 3 ++- ndpi-netfilter2/Makefile | 20 +++++++++----------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/luci-app-omr-bypass/Makefile b/luci-app-omr-bypass/Makefile index 876d61e14..0c92a8bf8 100644 --- a/luci-app-omr-bypass/Makefile +++ b/luci-app-omr-bypass/Makefile @@ -6,7 +6,8 @@ include $(TOPDIR)/rules.mk LUCI_TITLE:=LuCI Interface to bypass domains -LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +(LINUX_5_4||LINUX_5_15||TARGET_x86_64):iptables-mod-ndpi +iptables-mod-extra +(LINUX_5_4||LINUX_5_15||TARGET_x86_64):kmod-ipt-ndpi +iptables +#LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +(LINUX_5_4||LINUX_5_15||TARGET_x86_64):iptables-mod-ndpi +iptables-mod-extra +(LINUX_5_4||LINUX_5_15||TARGET_x86_64):kmod-ipt-ndpi +iptables +LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +(LINUX_5_4||LINUX_5_15):iptables-mod-ndpi +iptables-mod-extra +(LINUX_5_4||LINUX_5_15):kmod-ipt-ndpi +iptables PKG_LICENSE:=GPLv3 diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile index a4216acdb..a764d87de 100644 --- a/ndpi-netfilter2/Makefile +++ b/ndpi-netfilter2/Makefile @@ -31,7 +31,8 @@ define Package/iptables-mod-ndpi TITLE:=ndpi successor of OpenDPI URL:=http://www.ntop.org/products/ndpi/ # DEPENDS:=+iptables +iptables-mod-conntrack-extra +kmod-ipt-ndpi +libpcap - DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) +# DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) + DEPENDS:=+iptables +kmod-ipt-ndpi +libpcap @(LINUX_5_4||LINUX_5_15) MAINTAINER:=Ycarus (Yannick Chabanois) endef @@ -47,22 +48,17 @@ MAKE_PATH:=ndpi-netfilter MAKE_FLAGS += \ KERNEL_DIR="$(LINUX_DIR)" \ MODULES_DIR="$(TARGET_MODULES_DIR)" \ - ARCH="$(LINUX_KARCH)" \ - KERNEL_RELEASE="$(KERNEL_PATCHVER)" \ - CROSS_COMPILE="$(TARGET_CROSS)" \ - CC="$(TARGET_CC)" \ -#MAKE_FLAGS += \ -# NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter + NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter \ + ARCH="$(LINUX_KARCH)" define Build/Compile (cd $(PKG_BUILD_DIR)/src/lib &&\ gcc -g -O2 -fPIC -DPIC -DNDPI_LIB_COMPILATION -I../../src/include/ -I../../src/lib/third_party/include/ ndpi_network_list_compile.c -o ndpi_network_list_compile &&\ ./ndpi_network_list_compile -o ndpi_network_list.c.inc ndpi_network_list_*.yaml) -# $(MAKE) $(MAKE_FLAGS) -C $(PKG_BUILD_DIR)/ndpi-netfilter - +$(KERNEL_MAKE) $(MAKE_FLAGS) -C $(PKG_BUILD_DIR)/ndpi-netfilter + $(MAKE) $(MAKE_FLAGS) -C $(PKG_BUILD_DIR)/ndpi-netfilter endef -define Package/iptables-mod-ndpi/install +define KernelPackage/iptables-mod-ndpi/install $(INSTALL_DIR) $(1)/usr/lib/iptables $(INSTALL_BIN) $(PKG_BUILD_DIR)/ndpi-netfilter/ipt/libxt_ndpi.so $(1)/usr/lib/iptables endef @@ -75,11 +71,13 @@ define KernelPackage/ipt-ndpi CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y FILES:= $(PKG_BUILD_DIR)/ndpi-netfilter/src/xt_ndpi.ko AUTOLOAD:=$(call AutoProbe,xt_ndpi) +# MODPARAMS.xt_ndpi:=ndpi_enable_flow=1 KCONFIG:=\ CONFIG_LIVEPATCH=y \ CONFIG_NF_CONNTRACK=y \ CONFIG_NF_CONNTRACK_LABELS=y \ - CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y + CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y \ + CONFIG_UNUSED_SYMBOLS=y endef $(eval $(call BuildPackage,iptables-mod-ndpi)) From 103031bfb4e2ca3887493196d2dd777490b514d9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 28 Apr 2023 20:50:04 +0200 Subject: [PATCH 3/7] Limit fast-classifier to 5.4 kernel --- fast-classifier/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fast-classifier/Makefile b/fast-classifier/Makefile index 09c1174dd..410a0df28 100644 --- a/fast-classifier/Makefile +++ b/fast-classifier/Makefile @@ -24,7 +24,7 @@ define KernelPackage/fast-classifier/Default SECTION:=kernel CATEGORY:=Kernel modules SUBMENU:=Network Support - DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe + DEPENDS:=@KERNEL_5_4 +kmod-ipt-conntrack +kmod-shortcut-fe TITLE:=Kernel driver for FAST Classifier FILES:=$(PKG_BUILD_DIR)/fast-classifier.ko KCONFIG:= \ @@ -59,7 +59,7 @@ endef define Package/fast-classifier-example TITLE:=Example user space program for fast-classifier - DEPENDS:=+libnl +kmod-fast-classifier + DEPENDS:=@KERNEL_5_4 +libnl +kmod-fast-classifier endef define Package/fast-classifier-example/description From 78fa50795618f4311c95a2e49ca644ac7d0639c9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 28 Apr 2023 20:50:41 +0200 Subject: [PATCH 4/7] Update ndpi-netfilter2 --- ndpi-netfilter2/Makefile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile index a764d87de..2f55b85c7 100644 --- a/ndpi-netfilter2/Makefile +++ b/ndpi-netfilter2/Makefile @@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=ndpi-netfilter2 PKG_RELEASE:=4 -PKG_REV:=2fc0c86e58d56c8f9c5da3883a09732fc902e5e7 +PKG_REV:=fbb2104d125a13db3b8c7fdc34ea0e3fcfe92d12 PKG_VERSION:=4-$(PKG_REV) PKG_SOURCE_PROTO:=git @@ -58,7 +58,7 @@ define Build/Compile $(MAKE) $(MAKE_FLAGS) -C $(PKG_BUILD_DIR)/ndpi-netfilter endef -define KernelPackage/iptables-mod-ndpi/install +define Package/iptables-mod-ndpi/install $(INSTALL_DIR) $(1)/usr/lib/iptables $(INSTALL_BIN) $(PKG_BUILD_DIR)/ndpi-netfilter/ipt/libxt_ndpi.so $(1)/usr/lib/iptables endef @@ -66,7 +66,8 @@ endef define KernelPackage/ipt-ndpi SUBMENU:=Netfilter Extensions TITLE:= nDPI net netfilter module - DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) +# DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64) + DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15) KCONFIG:=CONFIG_NF_CONNTRACK_LABELS=y \ CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y FILES:= $(PKG_BUILD_DIR)/ndpi-netfilter/src/xt_ndpi.ko From 9d90f36870bbb7780a709153b5c429012cc37c76 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 1 May 2023 10:53:34 +0200 Subject: [PATCH 5/7] Fix ndpi-netfilter2 --- ...le-nf_conntrack-ip_tables-ip6_tables.patch | 20 +++++++++++++++++++ ndpi-netfilter2/patches/outline-atomics.patch | 5 +++-- 2 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 ndpi-netfilter2/patches/001-remove-request-module-nf_conntrack-ip_tables-ip6_tables.patch diff --git a/ndpi-netfilter2/patches/001-remove-request-module-nf_conntrack-ip_tables-ip6_tables.patch b/ndpi-netfilter2/patches/001-remove-request-module-nf_conntrack-ip_tables-ip6_tables.patch new file mode 100644 index 000000000..5c06b5100 --- /dev/null +++ b/ndpi-netfilter2/patches/001-remove-request-module-nf_conntrack-ip_tables-ip6_tables.patch @@ -0,0 +1,20 @@ +diff --git forkSrcPrefix/ndpi-netfilter/src/main.c forkDstPrefix/ndpi-netfilter/src/main.c +index 8e2766fcbd823d709930af63a38a49535b335665..4f3382eac2293709b57699994dc17bc888b082ea 100644 +--- forkSrcPrefix/ndpi-netfilter/src/main.c ++++ forkDstPrefix/ndpi-netfilter/src/main.c +@@ -3223,6 +3223,7 @@ static int __init ndpi_mt_init(void) + set_ndpi_malloc(malloc_wrapper); + set_ndpi_free(free_wrapper); + ++#if 0 + if(request_module("nf_conntrack") < 0) { + pr_err("xt_ndpi: nf_conntrack required!\n"); + return -EOPNOTSUPP; +@@ -3237,6 +3238,7 @@ static int __init ndpi_mt_init(void) + return -EOPNOTSUPP; + } + #endif ++#endif + #ifdef NF_CT_CUSTOM + ret = nf_ct_extend_custom_register(&ndpi_extend,0x4e445049); /* "NDPI" in hex */ + if(ret < 0) { diff --git a/ndpi-netfilter2/patches/outline-atomics.patch b/ndpi-netfilter2/patches/outline-atomics.patch index ef7f6fd5f..e8f93d0c8 100644 --- a/ndpi-netfilter2/patches/outline-atomics.patch +++ b/ndpi-netfilter2/patches/outline-atomics.patch @@ -1,13 +1,14 @@ --- a/ndpi-netfilter/src/Makefile 2022-08-03 21:27:52.321058402 +0200 +++ b/ndpi-netfilter/src/Makefile 2022-08-03 21:28:27.572452447 +0200 -@@ -5,6 +5,11 @@ +@@ -5,6 +5,12 @@ ccflags-y += -I${src}/${NDPI_SRC}/include -I${src}/${NDPI_SRC}/lib -I${src}/../libre -I${src}/${NDPI_SRC}/lib/third_party/include ccflags-y += -DHAVE_CONFIG_H -DNDPI_LIB_COMPILATION -DOPENDPI_NETFILTER_MODULE -DNDPI_DETECTION_SUPPORT_IPV6 -g ccflags-y += -Wno-declaration-after-statement -+ifeq ($(KERNEL_RELEASE),5.15) +ifeq ($(ARCH),arm64) + ccflags-y += -mno-outline-atomics +endif ++ifeq ($(ARCH),aarch64) ++ ccflags-y += -mno-outline-atomics +endif #ccflags-y += -Wshadow-local # Needed for pahole From 313640cc9ff65fd479a45271ee3a7929112b02f0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 1 May 2023 19:28:41 +0200 Subject: [PATCH 6/7] Fix ndpi --- ndpi-netfilter2/patches/outline-atomics.patch | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ndpi-netfilter2/patches/outline-atomics.patch b/ndpi-netfilter2/patches/outline-atomics.patch index e8f93d0c8..a0935ecea 100644 --- a/ndpi-netfilter2/patches/outline-atomics.patch +++ b/ndpi-netfilter2/patches/outline-atomics.patch @@ -1,14 +1,16 @@ --- a/ndpi-netfilter/src/Makefile 2022-08-03 21:27:52.321058402 +0200 +++ b/ndpi-netfilter/src/Makefile 2022-08-03 21:28:27.572452447 +0200 -@@ -5,6 +5,12 @@ +@@ -5,6 +5,14 @@ ccflags-y += -I${src}/${NDPI_SRC}/include -I${src}/${NDPI_SRC}/lib -I${src}/../libre -I${src}/${NDPI_SRC}/lib/third_party/include ccflags-y += -DHAVE_CONFIG_H -DNDPI_LIB_COMPILATION -DOPENDPI_NETFILTER_MODULE -DNDPI_DETECTION_SUPPORT_IPV6 -g ccflags-y += -Wno-declaration-after-statement ++ifneq ($(KERNEL_RELEASE),5.4) +ifeq ($(ARCH),arm64) + ccflags-y += -mno-outline-atomics +endif +ifeq ($(ARCH),aarch64) + ccflags-y += -mno-outline-atomics ++endif +endif #ccflags-y += -Wshadow-local # Needed for pahole From 84a0fe47b37278a044a4dcb2012da9c035d00837 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 2 May 2023 08:32:19 +0200 Subject: [PATCH 7/7] Fix uci on omr-bypass --- luci-app-omr-bypass/root/etc/init.d/omr-bypass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass index ebab9e1b5..65f308e27 100755 --- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass +++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass @@ -624,10 +624,10 @@ _intf_rule() { COMMIT EOF fi - if [ "$(uci -q openmptcprouter.settings.proxy)" = "shadowsocks" ]; then + if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then config_load shadowsocks-libev config_foreach _intf_rule_ss_rules ss_rules - else + elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then _intf_rule_v2ray_rules fi