(See <http://wiki.openwrt.org/doc/devel/packages> for overall format and construction)
-All packages you commit or submit by pull-request should follow these simple guidelines:
+### Basic guidelines
+All packages you commit or submit by pull-request should follow these simple guidelines:
* Package a version which is still maintained by the upstream author.
* Will be updated regularly to maintained and supported versions.
* Have no dependencies outside the OpenWrt core packages or this repository feed.
* Do NOT use a rolling source file (e.g. foo-latest.tar.gz) or the head of a branch as source for the package since that would create unpredictable builds which change over time.
* Best of all -- it works as expected!
-Makefile contents should contain:
+#### Makefile contents should contain:
* An up-to-date copyright notice. Use OpenWrt if no other present or supply your own.
-* A (PKG_)MAINTAINER definition listing either yourself or another person in the field.
+* A (PKG_)MAINTAINER definition listing either yourself or another person in the field.
(E.g.: PKG_MAINTAINER:= Joe D. Hacker `<jdh@jdhs-email-provider.org`>)
* A PKG_LICENSE tag declaring the main license of the package.
(E.g.: PKG_LICENSE:=GPL-2.0+) Please use SPDX identifiers if possible (see list at the bottom).
(E.g.: PKG_LICENSE_FILES:=COPYING)
* PKG_RELEASE should be initially set to 1 or reset to 1 if the software version is changed. You should increment it if the package itself has changed. For example, modifying a support script, changing configure options like --disable* or --enable* switches, or if you changed something in the package which causes the resulting binaries to be different. Changes like correcting md5sums, changing mirror URLs, adding a maintainer field or updating a comment or copyright year in a Makefile do not require a change to PKG_RELEASE.
-Commits in your pull-requests should:
+#### Commits in your pull-requests should:
-* Have a useful description prefixed with the package name
+* Have a useful description prefixed with the package name
(E.g.: "foopkg: Add libzot dependency")
-* Include Signed-off-by in the comment
+* Include Signed-off-by in the comment
(See <https://dev.openwrt.org/wiki/SubmittingPatches#a10.Signyourwork>)
-If you have commit access:
+### Advice on pull requests:
+
+Pull requests are the easiest way to contribute changes to git repos at Github. They are the preferred contribution method, as they offer a nice way for commenting and amending the proposed changes.
+
+* You need a local "fork" of the Github repo.
+* Use a "feature branch" for your changes. That separates the changes in the pull request from your other changes and makes it easy to edit/amend commits in the pull request. Workflow using "feature_x" as the example:
+ - Update your local git fork to the tip (of the master, usually)
+ - Create the feature branch with `git checkout -b feature_x`
+ - Edit changes and commit them locally
+ - Push them to your Github fork by `git push -u origin feature_x`. That creates the "feature_x" branch at your Github fork and sets it as the remote of this branch
+ - When you now visit Github, you should see a proposal to create a pull request
+
+* If you later need to add new commits to the pull request, you can simply commit the changes to the local branch and then use `git push` to automatically update the pull request.
+
+* If you need to change something in the existing pull request (e.g. to add a missing signed-off-by line to the commit message), you can use `git push -f` to overwrite the original commits. That is easy and safe when using a feature branch. Example workflow:
+ - Checkout the feature branch by `git checkout feature_x`
+ - Edit changes and commit them locally. If you are just updating the commit message in the last commit, you can use `git commit --amend` to do that
+ - If you added several new commits or made other changes that require cleaning up, you can use `git rebase -i HEAD~X` (X = number of commits to edit) to possibly squash some commits
+ - Push the changed commits to Github with `git push -f` to overwrite the original commits in the "feature_x" branch with the new ones. The pull request gets automatically updated
+
+### If you have commit access:
* Do NOT use git push --force.
* Do NOT commit to other maintainer's packages without their consent.
* Use Pull Requests if you are unsure and to suggest changes to other maintainers.
-Gaining commit access:
+#### Gaining commit access:
* We will gladly grant commit access to responsible contributors who have made
useful pull requests and / or feedback or patches to this repository or
OpenWrt in general. Please include your request for commit access in your
next pull request or ticket.
-Release Branches:
+### Release Branches:
* Branches named "for-XX.YY" (e.g. for-14.07) are release branches.
* These branches are built with the respective OpenWrt release and are created
* Do NOT add new packages and do NOT do major upgrades of packages here.
* If you are unsure if your change is suitable, please use a pull request.
-####Common LICENSE tags (short list)
+### Common LICENSE tags (short list)
(Complete list can be found at: <http://spdx.org/licenses>)
-####
| Full Name | Identifier |
|---|:---|
include $(TOPDIR)/rules.mk
PKG_NAME:=micropython-lib
-PKG_VERSION=0.5-20150827-$(PKG_SOURCE_VERSION)
+PKG_VERSION=0.5-20151122-$(PKG_SOURCE_VERSION)
PKG_RELEASE:=1
PKG_MAINTAINER:=Roger D <rogerdammit@gmail.com>
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/micropython/micropython-lib.git
-PKG_SOURCE_VERSION:=bfbbf85a181d84e2494ea6f15be311734666bf67
+PKG_SOURCE_VERSION:=9643541e6e89b96cb9785a618b19865f8c0f7215
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION)
PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.gz
include $(TOPDIR)/rules.mk
PKG_NAME:=micropython
-PKG_VERSION=1.4.5-20150827-$(PKG_SOURCE_VERSION)
+PKG_VERSION=1.5-20151122-$(PKG_SOURCE_VERSION)
PKG_RELEASE:=1
PKG_MAINTAINER:=Roger D <rogerdammit@gmail.com>
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/micropython/micropython.git
-PKG_SOURCE_VERSION:=936e25b164d837fc91e4bafd76580e747b235dff
+PKG_SOURCE_VERSION:=4120f32292090bd811165fe76780e4e74e3450b9
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.gz
PKG_SOURCE:=node-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://nodejs.org/dist/${PKG_VERSION}
+HOST_BUILD_DEPENDS:=python/host
PKG_BUILD_DEPENDS:=python/host
PKG_INSTALL:=1
PKG_USE_MIPS16:=0
PKG_NAME:=perl
PKG_VERSION:=5.22.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE_URL:=ftp://ftp.cpan.org/pub/CPAN/src/5.0 \
http://www.cpan.org/src/5.0 \
ldflags="$ldflags -L$owrt:staging_dir/lib"
}
-# uclibc does not provide crypt_r(). Enable crypt() usage for glibc builds only
-($owrt:libc ne 'glibc') {
+# uclibc does not provide crypt_r().
+($owrt:libc eq 'uclibc') {
crypt_r_proto='0'
- i_crypt='undef'
- d_crypt='undef'
d_crypt_r='undef'
}
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=cffi
+PKG_VERSION:=1.3.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/c/cffi
+PKG_MD5SUM:=a40ed8c8ac653c8fc7d5603711b06eaf
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-cffi
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-cffi
+ URL:=http://cffi.readthedocs.org/
+ DEPENDS:=+libffi +python-light +python-pycparser
+endef
+
+define Package/python-cffi/description
+Foreign Function Interface for Python calling C code.
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+$(eval $(call PyPackage,python-cffi))
+$(eval $(call BuildPackage,python-cffi))
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=enum34
+PKG_VERSION:=1.0.4
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/e/enum34
+PKG_MD5SUM:=ac80f432ac9373e7d162834b264034b6
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=enum/LICENSE
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-enum34
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-enum34
+ URL:=https://pypi.python.org/pypi/enum34/
+ DEPENDS:=+python-light
+endef
+
+define Package/python-enum34/description
+enum34 is the new Python stdlib enum module available in Python 3.4
+backported for previous versions of Python from 2.4 to 3.3.
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+$(eval $(call PyPackage,python-enum34))
+$(eval $(call BuildPackage,python-enum34))
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=idna
+PKG_VERSION:=2.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/i/idna
+PKG_MD5SUM:=bd17a9d15e755375f48a62c13b25b801
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE.rst
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-idna
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-idna
+ URL:=https://github.com/kjd/idna
+ DEPENDS:=+python-light
+endef
+
+define Package/python-idna/description
+A library to support the Internationalised Domain Names in Applications
+(IDNA) protocol as specified in RFC 5891. This version of the protocol
+is often referred to as "IDNA2008" and can produce different results
+from the earlier standard from 2003.
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+$(eval $(call PyPackage,python-idna))
+$(eval $(call BuildPackage,python-idna))
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ipaddress
+PKG_VERSION:=1.0.15
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/i/ipaddress
+PKG_MD5SUM:=12915e923b738107e47827478d553ba1
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=Python-2.0
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-ipaddress
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-ipaddress
+ URL:=https://github.com/phihag/ipaddress
+ DEPENDS:=+python-light
+endef
+
+define Package/python-ipaddress/description
+Python 3.3+'s ipaddress for Python 2.6, 2.7, 3.2.
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+$(eval $(call PyPackage,python-ipaddress))
+$(eval $(call BuildPackage,python-ipaddress))
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ply
+PKG_VERSION:=3.8
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.dabeaz.com/ply
+PKG_MD5SUM:=94726411496c52c87c2b9429b12d5c50
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=README.md
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-ply
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-ply
+ URL:=http://www.dabeaz.com/ply/
+ DEPENDS:=+python-light
+endef
+
+define Package/python-ply/description
+PLY is a 100% Python implementation of the common parsing tools lex
+and yacc.
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)$(PYTHON_PKG_DIR)
+ $(CP) \
+ $(PKG_INSTALL_DIR)$(PYTHON_PKG_DIR)/* \
+ $(1)$(PYTHON_PKG_DIR)
+endef
+
+$(eval $(call PyPackage,python-ply))
+$(eval $(call BuildPackage,python-ply))
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=pyasn1
+PKG_VERSION:=0.1.9
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/p/pyasn1
+PKG_MD5SUM:=f00a02a631d4016818659d1cc38d229a
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=BSD-2-Clause
+PKG_LICENSE_FILES:=LICENSE.txt
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-pyasn1
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-pyasn1
+ URL:=http://pyasn1.sourceforge.net/
+ DEPENDS:=+python-light
+endef
+
+define Package/python-pyasn1/description
+This is an implementation of ASN.1 types and codecs in Python programming
+language. It has been first written to support particular protocol (SNMP)
+but then generalized to be suitable for a wide range of protocols
+based on ASN.1 specification.
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+$(eval $(call PyPackage,python-pyasn1))
+$(eval $(call BuildPackage,python-pyasn1))
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=pycparser
+PKG_VERSION:=2.14
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/p/pycparser
+PKG_MD5SUM:=a2bc8d28c923b4fe2b2c3b4b51a4f935
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-pycparser
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-pycparser
+ URL:=https://github.com/eliben/pycparser
+ DEPENDS:=+python-light +python-ply
+endef
+
+define Package/python-pycparser/description
+pycparser is a parser for the C language, written in pure Python. It is a
+module designed to be easily integrated into applications that need to parse
+C source code.
+endef
+
+define PyPackage/python-pycparser/filespec
++|$(PYTHON_PKG_DIR)
+-|$(PYTHON_PKG_DIR)/pycparser/ply
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+$(eval $(call PyPackage,python-pycparser))
+$(eval $(call BuildPackage,python-pycparser))
--- /dev/null
+diff --git a/pycparser/c_lexer.py b/pycparser/c_lexer.py
+index cbb9d26..cbd7742 100644
+--- a/pycparser/c_lexer.py
++++ b/pycparser/c_lexer.py
+@@ -9,8 +9,8 @@
+ import re
+ import sys
+
+-from .ply import lex
+-from .ply.lex import TOKEN
++from ply import lex
++from ply.lex import TOKEN
+
+
+ class CLexer(object):
+diff --git a/pycparser/c_parser.py b/pycparser/c_parser.py
+index f4f7453..5c0ca88 100644
+--- a/pycparser/c_parser.py
++++ b/pycparser/c_parser.py
+@@ -8,7 +8,7 @@
+ #------------------------------------------------------------------------------
+ import re
+
+-from .ply import yacc
++from ply import yacc
+
+ from . import c_ast
+ from .c_lexer import CLexer
+diff --git a/setup.py b/setup.py
+index fdccbb3..036a10b 100644
+--- a/setup.py
++++ b/setup.py
+@@ -49,7 +49,7 @@ setup(
+ classifiers = [
+ 'Programming Language :: Python :: 2',
+ 'Programming Language :: Python :: 3',],
+- packages=['pycparser', 'pycparser.ply'],
++ packages=['pycparser'],
+ package_data={'pycparser': ['*.cfg']},
+ cmdclass={'install': install, 'sdist': sdist},
+ )
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=six
+PKG_VERSION:=1.10.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/s/six
+PKG_MD5SUM:=34eed507548117b2ab523ab14b2f8b55
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/python-six
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=python-six
+ URL:=https://pypi.python.org/pypi/six
+ DEPENDS:=+python-light
+endef
+
+define Package/python-six/description
+Six is a Python 2 and 3 compatibility library. It provides utility functions
+for smoothing over the differences between the Python versions with the goal of
+writing Python code that is compatible on both Python versions. See the
+documentation for more information on what is provided.
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,,install --prefix=/usr --root=$(PKG_INSTALL_DIR))
+endef
+
+$(eval $(call PyPackage,python-six))
+$(eval $(call BuildPackage,python-six))
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/Python-$(PKG_VERSION)
PKG_BUILD_DEPENDS:=python/host
-HOST_BUILD_DEPENDS:=bzip2/host
+HOST_BUILD_DEPENDS:=bzip2/host expat/host
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/package.mk
$(INSTALL_DIR) $(STAGING_DIR)/mk/
$(INSTALL_DIR) $(1)/usr/include/ $(1)/usr/lib/ $(1)/usr/lib/pkgconfig
$(INSTALL_DIR) $(1)/usr/lib/python$(PYTHON_VERSION)/
- $(INSTALL_DATA) ./files/python-package.mk $(STAGING_DIR)/mk/
+ $(INSTALL_DATA) \
+ ./files/python-package.mk \
+ ./files/python-host.mk \
+ $(STAGING_DIR)/mk/
$(CP) \
$(PKG_INSTALL_DIR)/usr/include/python$(PYTHON_VERSION) \
$(1)/usr/include/
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+HOST_PYTHON_INC_DIR:=$(STAGING_DIR_HOST)/include/python$(PYTHON_VERSION)
+
+HOST_PYTHON_PKG_DIR:=/lib/python$(PYTHON_VERSION)/site-packages
+
+HOST_PYTHONPATH:=$(HOST_PYTHON_LIB_DIR):$(STAGING_DIR_HOST)/$(HOST_PYTHON_PKG_DIR)
+define HostHostPython
+ ( export PYTHONPATH="$(HOST_PYTHONPATH)"; \
+ export PYTHONOPTIMIZE=""; \
+ export PYTHONDONTWRITEBYTECODE=1; \
+ export _python_sysroot="$(STAGING_DIR_HOST)"; \
+ export _python_prefix=""; \
+ export _python_exec_prefix=""; \
+ $(1) \
+ $(HOST_PYTHON_BIN) $(2); \
+ )
+endef
+
+# These configure args are needed in detection of path to Python header files
+# using autotools.
+HOST_CONFIGURE_ARGS += \
+ _python_sysroot="$(STAGING_DIR_HOST)" \
+ _python_prefix="" \
+ _python_exec_prefix=""
+
+# $(1) => build subdir
+# $(2) => additional arguments to setup.py
+# $(3) => additional variables
+define Build/Compile/HostPyMod
+ $(call HostHostPython, \
+ cd $(HOST_BUILD_DIR)/$(strip $(1)); \
+ CC="$(HOSTCC)" \
+ CCSHARED="$(HOSTCC) $(HOST_FPIC)" \
+ CXX="$(HOSTCXX)" \
+ LD="$(HOSTCC)" \
+ LDSHARED="$(HOSTCC) -shared" \
+ CFLAGS="$(HOST_CFLAGS)" \
+ CPPFLAGS="$(HOST_CPPFLAGS) -I$(HOST_PYTHON_INC_DIR)" \
+ LDFLAGS="$(HOST_LDFLAGS) -lpython$(PYTHON_VERSION)" \
+ _PYTHON_HOST_PLATFORM=linux2 \
+ __PYVENV_LAUNCHER__="/usr/bin/$(PYTHON)" \
+ $(3) \
+ , \
+ ./setup.py $(2) \
+ )
+endef
+
--- /dev/null
+#
+# Copyright (C) 2006-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tcl
+PKG_VERSION:=8.6.4
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)$(PKG_VERSION)-src.tar.gz
+PKG_SOURCE_URL:=@SF/$(PKG_NAME)
+PKG_MD5SUM:=d7cbb91f1ded1919370a30edd1534304
+
+PKG_LICENSE:=TCL
+PKG_LICENSE_FILES:=license.terms
+PKG_MAINTAINER:=Joe Mistachkin <joe@mistachkin.com>
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)$(PKG_VERSION)
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/tcl
+ SUBMENU:=Tcl
+ SECTION:=lang
+ CATEGORY:=Languages
+ DEPENDS:=+libpthread
+ TITLE:=The Tcl language
+ URL:=http://www.tcl.tk/
+endef
+
+define Package/tcl/description
+ Tcl, or Tool Command Language, is a an elegant, versatile, feature-rich,
+ simple-to-learn yet very powerful industrial-strength open-source
+ programming language and development platform. It is renowned for its
+ stability and utility, and its emphasis on providing a cross-platform
+ programming API makes it an ideal choice for an enormous variety of
+ programming jobs.
+endef
+
+CONFIGURE_PATH := unix
+
+CONFIGURE_VARS += \
+ tcl_cv_strtod_unbroken=ok
+
+CONFIGURE_ARGS += \
+ --enable-threads
+
+MAKE_PATH := unix
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include/
+
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libtcl*.{a,so*} $(1)/usr/lib/
+endef
+
+define Package/tcl/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so $(1)/usr/lib
+
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin
+endef
+
+$(eval $(call BuildPackage,tcl))
--- /dev/null
+--- a/unix/Makefile.in
++++ b/unix/Makefile.in
+@@ -817,15 +817,15 @@ install-tzdata: tclsh
+ @echo "Installing time zone data"
+ @@LD_LIBRARY_PATH_VAR@="`pwd`:$${@LD_LIBRARY_PATH_VAR@}"; export @LD_LIBRARY_PATH_VAR@; \
+ TCL_LIBRARY="${TCL_BUILDTIME_LIBRARY}"; export TCL_LIBRARY; \
+- ./tclsh $(TOOL_DIR)/installData.tcl \
+- $(TOP_DIR)/library/tzdata "$(SCRIPT_INSTALL_DIR)"/tzdata
++ #./tclsh $(TOOL_DIR)/installData.tcl \
++ # $(TOP_DIR)/library/tzdata "$(SCRIPT_INSTALL_DIR)"/tzdata
+
+ install-msgs: tclsh
+ @echo "Installing message catalogs"
+ @@LD_LIBRARY_PATH_VAR@="`pwd`:$${@LD_LIBRARY_PATH_VAR@}"; export @LD_LIBRARY_PATH_VAR@; \
+ TCL_LIBRARY="${TCL_BUILDTIME_LIBRARY}"; export TCL_LIBRARY; \
+- ./tclsh $(TOOL_DIR)/installData.tcl \
+- $(TOP_DIR)/library/msgs "$(SCRIPT_INSTALL_DIR)"/msgs
++ #./tclsh $(TOOL_DIR)/installData.tcl \
++ # $(TOP_DIR)/library/msgs "$(SCRIPT_INSTALL_DIR)"/msgs
+
+ install-doc: doc
+ @for i in "$(MAN_INSTALL_DIR)" "$(MAN1_INSTALL_DIR)" "$(MAN3_INSTALL_DIR)" "$(MANN_INSTALL_DIR)" ; \
--- /dev/null
+--- a/generic/tclStrToD.c
++++ b/generic/tclStrToD.c
+@@ -73,7 +73,7 @@ typedef unsigned int fpu_control_t __att
+ * MIPS floating-point units need special settings in control registers
+ * to use gradual underflow as we expect.
+ */
+-#if defined(__mips)
++#if defined(__sgi) && defined(_COMPILER_VERSION)
+ #include <sys/fpu.h>
+ #endif
+ /*
+@@ -2166,7 +2166,7 @@ TclInitDoubleConversion(void)
+ } bitwhack;
+ #endif
+
+-#if defined(__mips)
++#if defined(__sgi) && defined(_COMPILER_VERSION)
+ union fpc_csr mipsCR;
+
+ mipsCR.fc_word = get_fpc_csr();
--- /dev/null
+#
+# Copyright (C) 2006-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=zope.interface
+PKG_VERSION:=4.1.3
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://pypi.python.org/packages/source/z/zope.interface
+PKG_MD5SUM:=9ae3d24c0c7415deb249dd1a132f0f79
+
+PKG_BUILD_DEPENDS:=python python-setuptools
+
+PKG_LICENSE:=ZPL-2.1
+PKG_LICENSE_FILES:=LICENSE.txt
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+$(call include_mk, python-package.mk)
+
+define Package/zope-interface
+ SECTION:=lang
+ CATEGORY:=Languages
+ SUBMENU:=Python
+ TITLE:=Zope interface
+ URL:=https://github.com/zopefoundation/zope.interface
+ DEPENDS:=+python-light
+endef
+
+define Package/zope-interface/description
+This package provides an implementation of "object interfaces" for
+Python. Interfaces are a mechanism for labeling objects as conforming to
+a given API or contract. So, this package can be considered as
+implementation of the Design By Contract methodology support in Python.
+endef
+
+define PyPackage/zope-interface/filespec
++|$(PYTHON_PKG_DIR)
+-|$(PYTHON_PKG_DIR)/zope/interface/common/tests
+-|$(PYTHON_PKG_DIR)/zope/interface/tests
+endef
+
+define Build/Compile
+ $(call Build/Compile/PyMod,, \
+ install --prefix="/usr" --root="$(PKG_INSTALL_DIR)" --no-compile, \
+ )
+endef
+
+$(eval $(call PyPackage,zope-interface))
+$(eval $(call BuildPackage,zope-interface))
PKG_NAME:=boost
PKG_VERSION:=1_59_0
-PKG_RELEASE:=3
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/boost
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
-# For now, the combination TARGET_mpc85xx&&USE_UCLIBC disables boost due to incompatibility
+
define Package/boost/Default
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Boost C++ source library
URL:=http://www.boost.org
- DEPENDS:=@(!(TARGET_mpc85xx&&USE_UCLIBC)) +libstdcpp +libpthread +librt
+ DEPENDS:=+libstdcpp +libpthread +librt
endef
define Package/boost/description/Default
- Boost provides free peer-reviewed portable C++ source libraries
+ true
+endef
+
+define Package/boost/description
+This package provides the Boost v1.59 libraries.
+Boost is a set of free, peer-reviewed, portable C++ source libraries.
endef
BOOST_LIBS =
true
endef
-# For now, the combination TARGET_mpc85xx&&USE_UCLIBC disables boost due to incompatibility
+
define Package/boost
$(call Package/boost/Default)
TITLE+= packages
- DEPENDS:=@(!(TARGET_mpc85xx&&USE_UCLIBC)) +ALL:boost-libs +ALL:boost-test
+ DEPENDS:=+ALL:boost-libs +ALL:boost-test
endef
define Package/boost/config
- menu "Select Boost libraries"
+ menu "Select Boost Options"
depends on PACKAGE_boost
+ comment "Boost compilation options."
+ config boost-static-libs
+ bool "Static Libraries Only"
+ help
+ Static compile of all selected boost libraries.
+ default n
+
+ config boost-runtime-static
+ bool "Use static version of C and C++ runtimes."
+ help
+ Determines if shared or static version of C and C++ runtimes should be used.
+ default n
+ select boost-static-libs
+
+ config boost-multi-threading
+ bool "Multithread Support"
+ help
+ Compile Boost libraries with multithread support.
+ default y
+ endmenu
- config boost-libs-all
- bool "Include all Boost libraries"
- select PACKAGE_boost-libs
-
- config boost-test-pkg
- bool "Boost test package"
- select PACKAGE_boost-test
-
- comment "Libraries"
-
- $(foreach lib,$(BOOST_LIBS), \
- config PACKAGE_boost-$(lib)
- prompt "Boost $(lib) library"
-
- )
-
- endmenu
+ menu "Select Boost libraries"
+ depends on PACKAGE_boost
+ comment "Libraries"
+
+ config boost-libs-all
+ bool "Include all Boost libraries."
+ select PACKAGE_boost-libs
+
+ config boost-test-pkg
+ bool "Boost test package."
+ select PACKAGE_boost-test
+
+ config boost-coroutine2
+ bool "Boost couroutine2 support."
+ select PACKAGE_boost-coroutine
+ default n
+
+ config boost-graph-parallel
+ bool "Boost parallel graph support."
+ select PACKAGE_boost-graph
+ default n
+
+ $(foreach lib,$(BOOST_LIBS), \
+ config PACKAGE_boost-$(lib)
+ prompt "Boost $(lib) library."
+ )
+ endmenu
endef
endef
endef
+
$(eval $(call DefineBoostLibrary,atomic,system,))
$(eval $(call DefineBoostLibrary,chrono,system,))
$(eval $(call DefineBoostLibrary,container,,))
$(eval $(call DefineBoostLibrary,locale,system,$(ICONV_DEPENDS) +@BUILD_NLS))
$(eval $(call DefineBoostLibrary,log,system chrono date_time thread filesystem regex,))
$(eval $(call DefineBoostLibrary,math,,))
-#$(eval $(call DefineBoostLibrary,mpi,,))
+#$(eval $(call DefineBoostLibrary,mpi,,)) # OpenMPI does no exist in OpenWRT at this time.
$(eval $(call DefineBoostLibrary,program_options,,))
+$(eval $(call DefineBoostLibrary,python,,+python))
+$(eval $(call DefineBoostLibrary,python3,,+python3))
$(eval $(call DefineBoostLibrary,random,system,))
-
-# We need a beter way to provide this package, information regarding the Python packages
-# such as Python version and directories locations.
-# Python 2.7 version is for now hard-coded. Python 3 is (until this date) broken in the trunk tree.
-$(eval $(call DefineBoostLibrary,python,,+PACKAGE_boost-python:python))
$(eval $(call DefineBoostLibrary,regex,,))
$(eval $(call DefineBoostLibrary,serialization,,))
$(eval $(call DefineBoostLibrary,signals,,))
-$(eval $(call DefineBoostLibrary,system,,))
+$(eval $(call DefineBoostLibrary,system,,+@boost-multi-threading))
$(eval $(call DefineBoostLibrary,thread,system chrono atomic,))
$(eval $(call DefineBoostLibrary,timer,chrono))
$(eval $(call DefineBoostLibrary,wave,date_time thread filesystem,))
+
define Host/Compile
# bjam does not provide a configure-script nor a Makefile
( cd $(HOST_BUILD_DIR)/tools/build/src/engine ; ./build.sh gcc )
CONFIGURE_PREFIX:=$(PKG_INSTALL_DIR)
TARGET_LDFLAGS += -pthread -lrt
-TARGET_CFLAGS += $(if $(CONFIG_SOFT_FLOAT),-DBOOST_NO_FENV_H)
+TARGET_CFLAGS += \
+ $(if $(CONFIG_PACKAGE_boost-python), -I$(STAGING_DIR)/usr/include/python2.7/) \
+ $(if $(CONFIG_PACKAGE_boost-python3), -I$(STAGING_DIR)/usr/include/python3.5/) \
+ $(if $(CONFIG_SOFT_FLOAT),-DBOOST_NO_FENV_H) -fPIC
ifneq ($(findstring mips,$(ARCH)),)
BOOST_ABI = o32
$(info Selected Boost API $(BOOST_ABI) for architecture $(ARCH) and cpu $(CPU_TYPE) $(CPU_SUBTYPE))
( cd $(PKG_BUILD_DIR) ; \
echo "using gcc : $(ARCH) : $(GNU_TARGET_NAME)-gcc : <compileflags>\"$(TARGET_CFLAGS)\" <cxxflags>\"$(TARGET_CXXFLAGS)\" <linkflags>\"$(TARGET_LDFLAGS)\" ;" > tools/build/src/user-config.jam ; \
+ $(if $(CONFIG_PACKAGE_boost-python3), \
+ echo "using python : 3.5 : $(STAGING_DIR_ROOT)/usr/bin/python3 : $(STAGING_DIR)/usr/include/python3.5/ ;" >> \
+ tools/build/src/user-config.jam; \
+ ) \
$(if $(CONFIG_PACKAGE_boost-python), \
- echo "using python : : $(STAGING_DIR_ROOT)/usr/bin/python : $(STAGING_DIR)/usr/include/python2.7/ ;" >> \
+ echo "using python : 2.7 : $(STAGING_DIR_ROOT)/usr/bin/python : $(STAGING_DIR)/usr/include/python2.7/ ;" >> \
tools/build/src/user-config.jam; \
) \
bjam \
--ignore-site-config \
--toolset=gcc-$(ARCH) --build-type=minimal --layout=system abi=$(BOOST_ABI) \
--disable-long-double \
+ $(if $(CONFIG_boost-static-libs),link=static,link=shared) \
+ $(if $(CONFIG_boost-runtime-static),runtime-link=static,runtime-link=shared) \
+ $(if $(CONFIG_boost-multi-threading),threading=multi,threading=single) \
$(CONFIGURE_ARGS) \
--without-mpi \
+ $(if $(CONFIG_boost-coroutine2),,--without-coroutine2) \
+ $(if $(CONFIG_boost-graph-parallel),,--without-graph_parallel) \
$(if $(CONFIG_PACKAGE_boost-test),,--without-test) \
$(foreach lib,$(BOOST_LIBS), \
- $(if $(CONFIG_PACKAGE_boost-$(lib)),,--without-$(lib)) \
+ $(if $(findstring python,$(lib)), \
+ $(if $(or $(CONFIG_PACKAGE_boost-python),$(CONFIG_PACKAGE_boost-python3)),,--without-python), \
+ $(if $(CONFIG_PACKAGE_boost-$(lib)),,--without-$(lib))) \
) \
- $(if $(CONFIG_PACKAGE_boost-locale),boost.locale.iconv=on -sICONV_PATH=$(ICONV_PREFIX) boost.locale.posix=$(if $(USE_UCLIBC),on,off), \
+ $(if $(CONFIG_PACKAGE_boost-locale),boost.locale.iconv=on -sICONV_PATH=$(ICONV_PREFIX) boost.locale.posix=$(if $(USE_MUSL),on,off), \
boost.locale.iconv=off) \
\
$(if $(CONFIG_PACKAGE_boost-iostreams),-sNO_BZIP2=1 -sZLIB_INCLUDE=$(STAGING_DIR)/usr/include \
# copies _all_ header files - independent of <--with-library>-argument above
$(INSTALL_DIR) $(1)/usr/lib
- -$(CP) $(PKG_INSTALL_DIR)/lib/*.a $(1)/usr/lib/
- -$(CP) $(PKG_INSTALL_DIR)/lib/*.so* $(1)/usr/lib/
+ $(CP) -v $(PKG_INSTALL_DIR)/lib/*.a $(1)/usr/lib/ # copies all compiled archive files
+ $(FIND) $(PKG_INSTALL_DIR)/lib/ -name '*.so*' -exec $(CP) {} $(1)/usr/lib/ \; # copies all the shared objects files
endef
define Host/Install
$(INSTALL_DIR) \
$(1)/usr/lib
- $(CP) \
- $(PKG_INSTALL_DIR)/lib/libboost_$(2)*.so* \
- $(1)/usr/lib/
+ $(FIND) \
+ $(PKG_INSTALL_DIR)/lib/ -name 'libboost_$(2)*.so*' -exec $(CP) {} $(1)/usr/lib/ \;
endef
-define Package/boost-test/install
- $(INSTALL_DIR) \
- $(1)/usr/lib
-
- $(CP) \
- $(PKG_INSTALL_DIR)/lib/libboost_unit_test_framework*.so* \
- $(1)/usr/lib/
+define Package/boost-test/install
+ $(INSTALL_DIR) \
+ $(1)/usr/lib
- $(CP) \
- $(PKG_INSTALL_DIR)/lib/libboost_prg_exec_monitor*.so* \
- $(1)/usr/lib/
+ $(FIND) \
+ $(PKG_INSTALL_DIR)/lib/ -name 'libboost_unit_test_framework*.so*' -exec $(CP) {} $(1)/usr/lib/ \;
+
+ $(FIND) \
+ $(PKG_INSTALL_DIR)/lib/ -name 'libboost_prg_exec_monitor*.so*' -exec $(CP) {} $(1)/usr/lib/ \;
endef
define BuildBoostLibrary
$(foreach lib,$(BOOST_LIBS),$(eval $(call BuildBoostLibrary,$(lib))))
$(eval $(call BuildPackage,boost-test))
-
$(eval $(call BuildPackage,boost-libs))
$(eval $(call BuildPackage,boost))
include $(TOPDIR)/rules.mk
PKG_NAME:=gnutls
-PKG_VERSION:=3.4.6
+PKG_VERSION:=3.4.7
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4
-PKG_MD5SUM:=4f2c4b4483da65de7edfeb050911fafb
+PKG_MD5SUM:=e7556cec73c8b34fd2ff0b591e24e44c
#PKG_FIXUP:=autoreconf gettext-version
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <nmav@gnutls.org>
PKG_LICENSE:=LGPLv2.1+
$(INSTALL_DIR) $(1)/usr/include
$(CP) \
- $(PKG_INSTALL_DIR)/usr/lib/libffi-$(PKG_VERSION)/include/*.h \
+ $(PKG_INSTALL_DIR)/usr/include/*.h \
$(1)/usr/include/
endef
--- /dev/null
+--- a/libffi.pc.in
++++ b/libffi.pc.in
+@@ -1,10 +1,10 @@
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ libdir=@libdir@
+-includedir=${libdir}/@PACKAGE_NAME@-@PACKAGE_VERSION@/include
++includedir=@includedir@
+
+ Name: @PACKAGE_NAME@
+ Description: Library supporting Foreign Function Interfaces
+ Version: @PACKAGE_VERSION@
+-Libs: -L${libdir} -lffi
+-Cflags: -I${includedir}
++Libs: -lffi
++Cflags:
+--- a/include/Makefile.am
++++ b/include/Makefile.am
+@@ -5,5 +5,5 @@ AUTOMAKE_OPTIONS=foreign
+ DISTCLEANFILES=ffitarget.h
+ EXTRA_DIST=ffi.h.in ffi_common.h
+
+-includesdir = $(libdir)/@PACKAGE_NAME@-@PACKAGE_VERSION@/include
++includesdir = $(includedir)
+ nodist_includes_HEADERS = ffi.h ffitarget.h
+--- a/include/Makefile.in
++++ b/include/Makefile.in
+@@ -250,7 +250,7 @@ top_srcdir = @top_srcdir@
+ AUTOMAKE_OPTIONS = foreign
+ DISTCLEANFILES = ffitarget.h
+ EXTRA_DIST = ffi.h.in ffi_common.h
+-includesdir = $(libdir)/@PACKAGE_NAME@-@PACKAGE_VERSION@/include
++includesdir = $(includedir)
+ nodist_includes_HEADERS = ffi.h ffitarget.h
+ all: all-am
+
PKG_LICENSE_FILES:=COPYING
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://download.gnome.org/sources/libgee/0.18/
+PKG_SOURCE_URL:=@GNOME/libgee/0.18/
PKG_MD5SUM:=29ea6125e653d7e60b49a9a9544abc96
PKG_FIXUP:=autoreconf
--- /dev/null
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Mon, 16 Mar 2015 17:40:12 +0000 (-0400)
+Subject: Avoid breakage with gcc 5
+X-Git-Tag: libgpg-error-1.19~7
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=commitdiff_plain;h=c01c8f0c4f55d76b037c7f6aa44ad25ede18d38a
+
+Avoid breakage with gcc 5
+
+* src/Makefile.am: Add -P to the C preprocessor when building
+mkerrcodes.h, to avoid a noisy intermediate pipeline.
+
+--
+
+With gcc 5 without this patch, we see many errors like the following:
+
+gcc -I. -I. -o mkerrcodes ./mkerrcodes.c
+In file included from ./mkerrcodes.c:26:0:
+./mkerrcodes.h:9:5: error: expected expression before ‘,’ token
+ { , "GPG_ERR_E2BIG" },
+ ^
+./mkerrcodes.h:10:5: error: expected expression before ‘,’ token
+ { , "GPG_ERR_EACCES" },
+ ^
+
+This patch cleans up the generated mkerrcodes.h by making the
+intermediate stage clean for all the versions of gcc i tested (4.x and
+5).
+
+Debian-Bug-Id: 777374
+Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -140,7 +140,7 @@ code-to-errno.h: Makefile mkerrnos.awk e
+ # It is correct to use $(CPP). We want the host's idea of the error codes.
+ mkerrcodes.h: Makefile mkerrcodes.awk $(gpg_extra_headers)
+ $(AWK) -f $(srcdir)/mkerrcodes1.awk $(srcdir)/errnos.in >_$@
+- $(CPP) $(CPPFLAGS) $(extra_cppflags) _$@ | grep GPG_ERR_ | \
++ $(CPP) $(CPPFLAGS) $(extra_cppflags) -P _$@ | grep GPG_ERR_ | \
+ $(AWK) -f $(srcdir)/mkerrcodes.awk >$@
+ -rm _$@
+
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -979,7 +979,7 @@ code-to-errno.h: Makefile mkerrnos.awk e
+ # It is correct to use $(CPP). We want the host's idea of the error codes.
+ mkerrcodes.h: Makefile mkerrcodes.awk $(gpg_extra_headers)
+ $(AWK) -f $(srcdir)/mkerrcodes1.awk $(srcdir)/errnos.in >_$@
+- $(CPP) $(CPPFLAGS) $(extra_cppflags) _$@ | grep GPG_ERR_ | \
++ $(CPP) $(CPPFLAGS) $(extra_cppflags) -P _$@ | grep GPG_ERR_ | \
+ $(AWK) -f $(srcdir)/mkerrcodes.awk >$@
+ -rm _$@
+
include $(TOPDIR)/rules.mk
PKG_NAME:=libmicrohttpd
-PKG_VERSION:=0.9.42
-PKG_RELEASE:=3
+PKG_VERSION:=0.9.44
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/libmicrohttpd
-PKG_MD5SUM:=3b9cf0b67fc8ebc9e69f53c6bc84a88d
+PKG_MD5SUM:=9101b5ebf8f71792938ae672da314da2
PKG_MAINTAINER:=Martijn Zilverschoon <martijn@friedzombie.com>
+++ /dev/null
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,14 @@
-+Thu Jun 4 13:37:05 CEST 2015
-+ Fixing memory leak in digest authentication. -AW
-+
-+Wed Jun 03 21:23:47 CEST 2015
-+ Add deprecation compiler messages for deprecated functions
-+ and macros. -EG
-+
-+Fri May 29 12:23:01 CEST 2015
-+ Fixing digest authentication when used in combination
-+ with escaped characters in URLs. -CG/AW
-+
- Wed May 13 11:49:09 CEST 2015
- Releasing libmicrohttpd 0.9.42. -CG
-
---- a/src/microhttpd/response.c
-+++ b/src/microhttpd/response.c
-@@ -24,6 +24,8 @@
- * @author Christian Grothoff
- */
-
-+#define MHD_NO_DEPRECATION 1
-+
- #include "internal.h"
- #include "response.h"
-
---- a/src/microhttpd/digestauth.c
-+++ b/src/microhttpd/digestauth.c
-@@ -1,6 +1,6 @@
- /*
- This file is part of libmicrohttpd
-- Copyright (C) 2010, 2011, 2012 Daniel Pittman and Christian Grothoff
-+ Copyright (C) 2010, 2011, 2012, 2015 Daniel Pittman and Christian Grothoff
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
-@@ -472,8 +472,8 @@ test_header (struct MHD_Connection *conn
- *
- * @param connection connections with headers to compare against
- * @param args argument URI string (after "?" in URI)
-- * @return MHD_YES if the arguments match,
-- * MHD_NO if not
-+ * @return #MHD_YES if the arguments match,
-+ * #MHD_NO if not
- */
- static int
- check_argument_match (struct MHD_Connection *connection,
-@@ -508,7 +508,10 @@ check_argument_match (struct MHD_Connect
- connection,
- argp);
- if (MHD_YES != test_header (connection, argp, NULL))
-- return MHD_NO;
-+ {
-+ free(argb);
-+ return MHD_NO;
-+ }
- num_headers++;
- break;
- }
-@@ -527,10 +530,16 @@ check_argument_match (struct MHD_Connect
- connection,
- equals);
- if (! test_header (connection, argp, equals))
-- return MHD_NO;
-+ {
-+ free(argb);
-+ return MHD_NO;
-+ }
-+
- num_headers++;
- argp = amper;
- }
-+
-+ free(argb);
-
- /* also check that the number of headers matches */
- for (pos = connection->headers_received; NULL != pos; pos = pos->next)
-@@ -632,10 +641,83 @@ MHD_digest_auth_check (struct MHD_Connec
- header value. */
- return MHD_NO;
- }
-+ /* 8 = 4 hexadecimal numbers for the timestamp */
-+ nonce_time = strtoul (nonce + len - 8, (char **)NULL, 16);
-+ t = (uint32_t) MHD_monotonic_time();
-+ /*
-+ * First level vetting for the nonce validity: if the timestamp
-+ * attached to the nonce exceeds `nonce_timeout', then the nonce is
-+ * invalid.
-+ */
-+ if ( (t > nonce_time + nonce_timeout) ||
-+ (nonce_time + nonce_timeout < nonce_time) )
-+ {
-+ /* too old */
-+ return MHD_INVALID_NONCE;
-+ }
-+
-+ calculate_nonce (nonce_time,
-+ connection->method,
-+ connection->daemon->digest_auth_random,
-+ connection->daemon->digest_auth_rand_size,
-+ connection->url,
-+ realm,
-+ noncehashexp);
-+ /*
-+ * Second level vetting for the nonce validity
-+ * if the timestamp attached to the nonce is valid
-+ * and possibly fabricated (in case of an attack)
-+ * the attacker must also know the random seed to be
-+ * able to generate a "sane" nonce, which if he does
-+ * not, the nonce fabrication process going to be
-+ * very hard to achieve.
-+ */
-+
-+ if (0 != strcmp (nonce, noncehashexp))
-+ {
-+ return MHD_INVALID_NONCE;
-+ }
-+ if ( (0 == lookup_sub_value (cnonce,
-+ sizeof (cnonce),
-+ header, "cnonce")) ||
-+ (0 == lookup_sub_value (qop, sizeof (qop), header, "qop")) ||
-+ ( (0 != strcmp (qop, "auth")) &&
-+ (0 != strcmp (qop, "")) ) ||
-+ (0 == lookup_sub_value (nc, sizeof (nc), header, "nc")) ||
-+ (0 == lookup_sub_value (response, sizeof (response), header, "response")) )
-+ {
-+#if HAVE_MESSAGES
-+ MHD_DLOG (connection->daemon,
-+ "Authentication failed, invalid format.\n");
-+#endif
-+ return MHD_NO;
-+ }
-+ nci = strtoul (nc, &end, 16);
-+ if ( ('\0' != *end) ||
-+ ( (LONG_MAX == nci) &&
-+ (ERANGE == errno) ) )
-+ {
-+#if HAVE_MESSAGES
-+ MHD_DLOG (connection->daemon,
-+ "Authentication failed, invalid format.\n");
-+#endif
-+ return MHD_NO; /* invalid nonce format */
-+ }
-+ /*
-+ * Checking if that combination of nonce and nc is sound
-+ * and not a replay attack attempt. Also adds the nonce
-+ * to the nonce-nc map if it does not exist there.
-+ */
-+
-+ if (MHD_YES != check_nonce_nc (connection, nonce, nci))
-+ {
-+ return MHD_NO;
-+ }
-+
- {
- char *uri;
--
-- uri = malloc(left + 1);
-+
-+ uri = malloc (left + 1);
- if (NULL == uri)
- {
- #if HAVE_MESSAGES
-@@ -648,24 +730,31 @@ MHD_digest_auth_check (struct MHD_Connec
- left + 1,
- header, "uri"))
- {
-- free(uri);
-+ free (uri);
- return MHD_NO;
- }
-
-- /* 8 = 4 hexadecimal numbers for the timestamp */
-- nonce_time = strtoul (nonce + len - 8, (char **)NULL, 16);
-- t = (uint32_t) MHD_monotonic_time();
-- /*
-- * First level vetting for the nonce validity: if the timestamp
-- * attached to the nonce exceeds `nonce_timeout', then the nonce is
-- * invalid.
-- */
-- if ( (t > nonce_time + nonce_timeout) ||
-- (nonce_time + nonce_timeout < nonce_time) )
-- {
-- free(uri);
-- return MHD_INVALID_NONCE;
-- }
-+ digest_calc_ha1("md5",
-+ username,
-+ realm,
-+ password,
-+ nonce,
-+ cnonce,
-+ ha1);
-+ digest_calc_response (ha1,
-+ nonce,
-+ nc,
-+ cnonce,
-+ qop,
-+ connection->method,
-+ uri,
-+ hentity,
-+ respexp);
-+
-+ /* Need to unescape URI before comparing with connection->url */
-+ connection->daemon->unescape_callback (connection->daemon->unescape_callback_cls,
-+ connection,
-+ uri);
- if (0 != strncmp (uri,
- connection->url,
- strlen (connection->url)))
-@@ -674,9 +763,10 @@ MHD_digest_auth_check (struct MHD_Connec
- MHD_DLOG (connection->daemon,
- "Authentication failed, URI does not match.\n");
- #endif
-- free(uri);
-+ free (uri);
- return MHD_NO;
- }
-+
- {
- const char *args = strchr (uri, '?');
-
-@@ -692,89 +782,11 @@ MHD_digest_auth_check (struct MHD_Connec
- MHD_DLOG (connection->daemon,
- "Authentication failed, arguments do not match.\n");
- #endif
-- free(uri);
-+ free (uri);
- return MHD_NO;
- }
- }
-- calculate_nonce (nonce_time,
-- connection->method,
-- connection->daemon->digest_auth_random,
-- connection->daemon->digest_auth_rand_size,
-- connection->url,
-- realm,
-- noncehashexp);
-- /*
-- * Second level vetting for the nonce validity
-- * if the timestamp attached to the nonce is valid
-- * and possibly fabricated (in case of an attack)
-- * the attacker must also know the random seed to be
-- * able to generate a "sane" nonce, which if he does
-- * not, the nonce fabrication process going to be
-- * very hard to achieve.
-- */
--
-- if (0 != strcmp (nonce, noncehashexp))
-- {
-- free(uri);
-- return MHD_INVALID_NONCE;
-- }
-- if ( (0 == lookup_sub_value (cnonce,
-- sizeof (cnonce),
-- header, "cnonce")) ||
-- (0 == lookup_sub_value (qop, sizeof (qop), header, "qop")) ||
-- ( (0 != strcmp (qop, "auth")) &&
-- (0 != strcmp (qop, "")) ) ||
-- (0 == lookup_sub_value (nc, sizeof (nc), header, "nc")) ||
-- (0 == lookup_sub_value (response, sizeof (response), header, "response")) )
-- {
--#if HAVE_MESSAGES
-- MHD_DLOG (connection->daemon,
-- "Authentication failed, invalid format.\n");
--#endif
-- free(uri);
-- return MHD_NO;
-- }
-- nci = strtoul (nc, &end, 16);
-- if ( ('\0' != *end) ||
-- ( (LONG_MAX == nci) &&
-- (ERANGE == errno) ) )
-- {
--#if HAVE_MESSAGES
-- MHD_DLOG (connection->daemon,
-- "Authentication failed, invalid format.\n");
--#endif
-- free(uri);
-- return MHD_NO; /* invalid nonce format */
-- }
-- /*
-- * Checking if that combination of nonce and nc is sound
-- * and not a replay attack attempt. Also adds the nonce
-- * to the nonce-nc map if it does not exist there.
-- */
--
-- if (MHD_YES != check_nonce_nc (connection, nonce, nci))
-- {
-- free(uri);
-- return MHD_NO;
-- }
--
-- digest_calc_ha1("md5",
-- username,
-- realm,
-- password,
-- nonce,
-- cnonce,
-- ha1);
-- digest_calc_response (ha1,
-- nonce,
-- nc,
-- cnonce,
-- qop,
-- connection->method,
-- uri,
-- hentity,
-- respexp);
-- free(uri);
-+ free (uri);
- return (0 == strcmp(response, respexp))
- ? MHD_YES
- : MHD_NO;
-@@ -835,7 +847,7 @@ MHD_queue_auth_fail_response (struct MHD
- : "");
- {
- char *header;
--
-+
- header = malloc(hlen + 1);
- if (NULL == header)
- {
---- a/src/microhttpd/daemon.c
-+++ b/src/microhttpd/daemon.c
-@@ -73,7 +73,7 @@
- /**
- * Default connection limit.
- */
--#ifndef WINDOWS
-+#ifndef MHD_WINSOCK_SOCKETS
- #define MHD_MAX_CONNECTIONS_DEFAULT FD_SETSIZE - 4
- #else
- #define MHD_MAX_CONNECTIONS_DEFAULT FD_SETSIZE
-@@ -1271,7 +1271,7 @@ internal_add_connection (struct MHD_Daem
- return MHD_NO;
- }
-
--#ifndef WINDOWS
-+#ifndef MHD_WINSOCK_SOCKETS
- if ( (client_socket >= FD_SETSIZE) &&
- (0 == (daemon->options & (MHD_USE_POLL | MHD_USE_EPOLL_LINUX_ONLY))) )
- {
-@@ -1418,7 +1418,7 @@ internal_add_connection (struct MHD_Daem
- #endif
- {
- /* make socket non-blocking */
--#if !defined(WINDOWS) || defined(CYGWIN)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- int flags = fcntl (connection->socket_fd, F_GETFL);
- if ( (-1 == flags) ||
- (0 != fcntl (connection->socket_fd, F_SETFL, flags | O_NONBLOCK)) )
-@@ -1797,7 +1797,7 @@ static void
- make_nonblocking_noninheritable (struct MHD_Daemon *daemon,
- MHD_socket sock)
- {
--#ifdef WINDOWS
-+#ifdef MHD_WINSOCK_SOCKETS
- DWORD dwFlags;
- unsigned long flags = 1;
-
-@@ -3611,7 +3611,7 @@ MHD_start_daemon_va (unsigned int flags,
- daemon->socket_fd = MHD_INVALID_SOCKET;
- daemon->listening_address_reuse = 0;
- daemon->options = flags;
--#if WINDOWS
-+#if defined(MHD_WINSOCK_SOCKETS) || defined(CYGWIN)
- /* Winsock is broken with respect to 'shutdown';
- this disables us calling 'shutdown' on W32. */
- daemon->options |= MHD_USE_EPOLL_TURBO;
-@@ -3650,7 +3650,7 @@ MHD_start_daemon_va (unsigned int flags,
- free (daemon);
- return NULL;
- }
--#ifndef WINDOWS
-+#ifndef MHD_WINSOCK_SOCKETS
- if ( (0 == (flags & (MHD_USE_POLL | MHD_USE_EPOLL_LINUX_ONLY))) &&
- (1 == use_pipe) &&
- (daemon->wpipe[0] >= FD_SETSIZE) )
-@@ -3934,7 +3934,7 @@ MHD_start_daemon_va (unsigned int flags,
- (http://msdn.microsoft.com/en-us/library/ms738574%28v=VS.85%29.aspx);
- and may also be missing on older POSIX systems; good luck if you have any of those,
- your IPv6 socket may then also bind against IPv4 anyway... */
--#ifndef WINDOWS
-+#ifndef MHD_WINSOCK_SOCKETS
- const int
- #else
- const char
-@@ -4016,7 +4016,7 @@ MHD_start_daemon_va (unsigned int flags,
- {
- socket_fd = daemon->socket_fd;
- }
--#ifndef WINDOWS
-+#ifndef MHD_WINSOCK_SOCKETS
- if ( (socket_fd >= FD_SETSIZE) &&
- (0 == (flags & (MHD_USE_POLL | MHD_USE_EPOLL_LINUX_ONLY)) ) )
- {
-@@ -4121,7 +4121,7 @@ MHD_start_daemon_va (unsigned int flags,
- if ( (daemon->worker_pool_size > 0) &&
- (0 == (daemon->options & MHD_USE_NO_LISTEN_SOCKET)) )
- {
--#if !defined(WINDOWS) || defined(CYGWIN)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- int sk_flags;
- #else
- unsigned long sk_flags;
-@@ -4140,7 +4140,7 @@ MHD_start_daemon_va (unsigned int flags,
- /* Accept must be non-blocking. Multiple children may wake up
- * to handle a new connection, but only one will win the race.
- * The others must immediately return. */
--#if !defined(WINDOWS) || defined(CYGWIN)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- sk_flags = fcntl (socket_fd, F_GETFL);
- if (sk_flags < 0)
- goto thread_failed;
-@@ -4150,7 +4150,7 @@ MHD_start_daemon_va (unsigned int flags,
- sk_flags = 1;
- if (SOCKET_ERROR == ioctlsocket (socket_fd, FIONBIO, &sk_flags))
- goto thread_failed;
--#endif /* WINDOWS && !CYGWIN */
-+#endif /* MHD_WINSOCK_SOCKETS */
-
- /* Allocate memory for pooled objects */
- daemon->worker_pool = malloc (sizeof (struct MHD_Daemon)
-@@ -4182,7 +4182,7 @@ MHD_start_daemon_va (unsigned int flags,
- #endif
- goto thread_failed;
- }
--#ifndef WINDOWS
-+#ifndef MHD_WINSOCK_SOCKETS
- if ( (0 == (flags & (MHD_USE_POLL | MHD_USE_EPOLL_LINUX_ONLY))) &&
- (MHD_USE_SUSPEND_RESUME == (flags & MHD_USE_SUSPEND_RESUME)) &&
- (d->wpipe[0] >= FD_SETSIZE) )
-@@ -4343,7 +4343,7 @@ close_all_connections (struct MHD_Daemon
- {
- shutdown (pos->socket_fd,
- (pos->read_closed == MHD_YES) ? SHUT_WR : SHUT_RDWR);
--#if WINDOWS
-+#if MHD_WINSOCK_SOCKETS
- if ( (0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION)) &&
- (MHD_INVALID_PIPE_ != daemon->wpipe[1]) &&
- (1 != MHD_pipe_write_ (daemon->wpipe[1], "e", 1)) )
---- a/src/include/microhttpd.h
-+++ b/src/include/microhttpd.h
-@@ -130,7 +130,7 @@ typedef intptr_t ssize_t;
- * Current version of the library.
- * 0x01093001 = 1.9.30-1.
- */
--#define MHD_VERSION 0x00094200
-+#define MHD_VERSION 0x00094202
-
- /**
- * MHD-internal return code for "YES".
-@@ -194,6 +194,53 @@ typedef SOCKET MHD_socket;
- #endif /* MHD_SOCKET_DEFINED */
-
- /**
-+ * Define MHD_NO_DEPRECATION before including "microhttpd.h" to disable deprecation messages
-+ */
-+#ifdef MHD_NO_DEPRECATION
-+#define _MHD_DEPR_MACRO(msg)
-+#define _MHD_DEPR_FUNC(msg)
-+#endif /* MHD_NO_DEPRECATION */
-+
-+#ifndef _MHD_DEPR_MACRO
-+#if defined(_MSC_FULL_VER) && _MSC_VER+0 >= 1500
-+/* Stringify macros */
-+#define _MHD_INSTRMACRO(a) #a
-+#define _MHD_STRMACRO(a) _MHD_INSTRMACRO(a)
-+#define _MHD_DEPR_MACRO(msg) __pragma(message(__FILE__ "(" _MHD_STRMACRO(__LINE__)"): warning: " msg))
-+#elif defined(__clang__) || defined (__GNUC_PATCHLEVEL__)
-+#define _MHD_GCC_PRAG(x) _Pragma (#x)
-+#if __clang_major__+0 >= 5 || \
-+ (!defined(__apple_build_version__) && (__clang_major__+0 > 3 || (__clang_major__+0 == 3 && __clang_minor__ >= 3))) || \
-+ __GNUC__+0 > 4 || (__GNUC__+0 == 4 && __GNUC_MINOR__+0 >= 8)
-+#define _MHD_DEPR_MACRO(msg) _MHD_GCC_PRAG(GCC warning msg)
-+#else /* older clang or GCC */
-+#define _MHD_DEPR_MACRO(msg) _MHD_GCC_PRAG(message msg)
-+#endif
-+/* #elif defined(SOMEMACRO) */ /* add compiler-specific macros here if required */
-+#else /* other compilers */
-+#define _MHD_DEPR_MACRO(msg)
-+#endif
-+#endif /* _MHD_DEPR_MACRO */
-+
-+#ifndef _MHD_DEPR_FUNC
-+#if defined(_MSC_FULL_VER) && _MSC_VER+0 >= 1400
-+#define _MHD_DEPR_FUNC(msg) __declspec(deprecated(msg))
-+#elif defined(_MSC_FULL_VER) && _MSC_VER+0 >= 1310
-+/* VS .NET 2003 deprecation do not support custom messages */
-+#define _MHD_DEPR_FUNC(msg) __declspec(deprecated)
-+#elif defined (__clang__) && \
-+ (__clang_major__+0 >= 4 || (!defined(__apple_build_version__) && __clang_major__+0 >= 3))
-+#define _MHD_DEPR_FUNC(msg) __attribute__((deprecated(msg)))
-+#elif defined (__clang__) || __GNUC__+0 > 3 || (__GNUC__+0 == 3 && __GNUC_MINOR__+0 >= 1)
-+/* GCC-style deprecation do not support custom messages */
-+#define _MHD_DEPR_FUNC(msg) __attribute__((__deprecated__))
-+/* #elif defined(SOMEMACRO) */ /* add compiler-specific macros here if required */
-+#else /* other compilers */
-+#define _MHD_DEPR_FUNC(msg)
-+#endif
-+#endif /* _MHD_DEPR_FUNC */
-+
-+/**
- * Not all architectures and `printf()`'s support the `long long` type.
- * This gives the ability to replace `long long` with just a `long`,
- * standard `int` or a `short`.
-@@ -204,6 +251,8 @@ typedef SOCKET MHD_socket;
- */
- #define MHD_LONG_LONG long long
- #define MHD_UNSIGNED_LONG_LONG unsigned long long
-+#else /* MHD_LONG_LONG */
-+_MHD_DEPR_MACRO("Macro MHD_LONG_LONG is deprecated, use MHD_UNSIGNED_LONG_LONG")
- #endif
- /**
- * Format string for printing a variable of type #MHD_LONG_LONG.
-@@ -215,6 +264,8 @@ typedef SOCKET MHD_socket;
- */
- #define MHD_LONG_LONG_PRINTF "ll"
- #define MHD_UNSIGNED_LONG_LONG_PRINTF "%llu"
-+#else /* MHD_LONG_LONG_PRINTF */
-+_MHD_DEPR_MACRO("Macro MHD_LONG_LONG_PRINTF is deprecated, use MHD_UNSIGNED_LONG_LONG_PRINTF")
- #endif
-
-
-@@ -253,7 +304,8 @@ typedef SOCKET MHD_socket;
- #define MHD_HTTP_METHOD_NOT_ALLOWED 405
- #define MHD_HTTP_NOT_ACCEPTABLE 406
- /** @deprecated */
--#define MHD_HTTP_METHOD_NOT_ACCEPTABLE 406
-+#define MHD_HTTP_METHOD_NOT_ACCEPTABLE \
-+ _MHD_DEPR_MACRO("Value MHD_HTTP_METHOD_NOT_ACCEPTABLE is deprecated, use MHD_HTTP_NOT_ACCEPTABLE") 406
- #define MHD_HTTP_PROXY_AUTHENTICATION_REQUIRED 407
- #define MHD_HTTP_REQUEST_TIMEOUT 408
- #define MHD_HTTP_CONFLICT 409
-@@ -1953,6 +2005,7 @@ MHD_create_response_from_callback (uint6
- * @deprecated use #MHD_create_response_from_buffer instead
- * @ingroup response
- */
-+_MHD_DEPR_FUNC("MHD_create_response_from_data() is deprecated, use MHD_create_response_from_buffer()") \
- _MHD_EXTERN struct MHD_Response *
- MHD_create_response_from_data (size_t size,
- void *data,
-@@ -2023,6 +2076,8 @@ MHD_create_response_from_buffer (size_t
- * @return NULL on error (i.e. invalid arguments, out of memory)
- * @ingroup response
- */
-+/* NOTE: this should be 'uint64_t' instead of 'size_t', but changing
-+ this would break API compatibility. */
- _MHD_EXTERN struct MHD_Response *
- MHD_create_response_from_fd (size_t size,
- int fd);
-@@ -2044,6 +2099,8 @@ MHD_create_response_from_fd (size_t size
- * @return NULL on error (i.e. invalid arguments, out of memory)
- * @ingroup response
- */
-+/* NOTE: this should be 'uint64_t' instead of 'size_t', but changing
-+ this would break API compatibility. */
- _MHD_EXTERN struct MHD_Response *
- MHD_create_response_from_fd_at_offset (size_t size,
- int fd,
---- a/src/include/platform_interface.h
-+++ b/src/include/platform_interface.h
-@@ -82,14 +82,14 @@
-
-
- /* MHD_socket_close_(fd) close any FDs (non-W32) / close only socket FDs (W32) */
--#if !defined(_WIN32) || defined(__CYGWIN__)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- #define MHD_socket_close_(fd) close((fd))
- #else
- #define MHD_socket_close_(fd) closesocket((fd))
- #endif
-
- /* MHD_socket_errno_ is errno of last function (non-W32) / errno of last socket function (W32) */
--#if !defined(_WIN32) || defined(__CYGWIN__)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- #define MHD_socket_errno_ errno
- #else
- #define MHD_socket_errno_ MHD_W32_errno_from_winsock_()
-@@ -97,21 +97,21 @@
-
- /* MHD_socket_last_strerr_ is description string of last errno (non-W32) /
- * description string of last socket error (W32) */
--#if !defined(_WIN32) || defined(__CYGWIN__)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- #define MHD_socket_last_strerr_() strerror(errno)
- #else
- #define MHD_socket_last_strerr_() MHD_W32_strerror_last_winsock_()
- #endif
-
- /* MHD_strerror_ is strerror (both non-W32/W32) */
--#if !defined(_WIN32) || defined(__CYGWIN__)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- #define MHD_strerror_(errnum) strerror((errnum))
- #else
- #define MHD_strerror_(errnum) MHD_W32_strerror_((errnum))
- #endif
-
- /* MHD_set_socket_errno_ set errno to errnum (non-W32) / set socket last error to errnum (W32) */
--#if !defined(_WIN32) || defined(__CYGWIN__)
-+#if !defined(MHD_WINSOCK_SOCKETS)
- #define MHD_set_socket_errno_(errnum) errno=(errnum)
- #else
- #define MHD_set_socket_errno_(errnum) MHD_W32_set_last_winsock_error_((errnum))
---- a/src/testcurl/test_digestauth.c
-+++ b/src/testcurl/test_digestauth.c
-@@ -73,7 +73,8 @@ ahc_echo (void *cls,
- const char *url,
- const char *method,
- const char *version,
-- const char *upload_data, size_t *upload_data_size,
-+ const char *upload_data,
-+ size_t *upload_data_size,
- void **unused)
- {
- struct MHD_Response *response;
-@@ -82,44 +83,47 @@ ahc_echo (void *cls,
- const char *realm = "test@example.com";
- int ret;
-
-- username = MHD_digest_auth_get_username(connection);
-+ username = MHD_digest_auth_get_username (connection);
- if ( (username == NULL) ||
- (0 != strcmp (username, "testuser")) )
- {
-- response = MHD_create_response_from_buffer(strlen (DENIED),
-- DENIED,
-- MHD_RESPMEM_PERSISTENT);
-+ response = MHD_create_response_from_buffer (strlen (DENIED),
-+ DENIED,
-+ MHD_RESPMEM_PERSISTENT);
- ret = MHD_queue_auth_fail_response(connection, realm,
- MY_OPAQUE,
- response,
-- MHD_NO);
-- MHD_destroy_response(response);
-+ MHD_NO);
-+ MHD_destroy_response(response);
- return ret;
- }
- ret = MHD_digest_auth_check(connection, realm,
-- username,
-- password,
-+ username,
-+ password,
- 300);
- free(username);
- if ( (ret == MHD_INVALID_NONCE) ||
- (ret == MHD_NO) )
- {
-- response = MHD_create_response_from_buffer(strlen (DENIED),
-+ response = MHD_create_response_from_buffer(strlen (DENIED),
- DENIED,
-- MHD_RESPMEM_PERSISTENT);
-- if (NULL == response)
-+ MHD_RESPMEM_PERSISTENT);
-+ if (NULL == response)
- return MHD_NO;
- ret = MHD_queue_auth_fail_response(connection, realm,
- MY_OPAQUE,
- response,
-- (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO);
-- MHD_destroy_response(response);
-+ (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO);
-+ MHD_destroy_response(response);
- return ret;
- }
-- response = MHD_create_response_from_buffer(strlen(PAGE), PAGE,
-- MHD_RESPMEM_PERSISTENT);
-- ret = MHD_queue_response(connection, MHD_HTTP_OK, response);
-- MHD_destroy_response(response);
-+ response = MHD_create_response_from_buffer (strlen(PAGE),
-+ PAGE,
-+ MHD_RESPMEM_PERSISTENT);
-+ ret = MHD_queue_response (connection,
-+ MHD_HTTP_OK,
-+ response);
-+ MHD_destroy_response (response);
- return ret;
- }
-
-@@ -144,24 +148,24 @@ testDigestAuth ()
- fd = open("/dev/urandom", O_RDONLY);
- if (-1 == fd)
- {
-- fprintf(stderr, "Failed to open `%s': %s\n",
-- "/dev/urandom",
-- strerror(errno));
-- return 1;
-- }
-+ fprintf(stderr, "Failed to open `%s': %s\n",
-+ "/dev/urandom",
-+ strerror(errno));
-+ return 1;
-+ }
- while (off < 8)
-- {
-- len = read(fd, rnd, 8);
-- if (len == -1)
-- {
-- fprintf(stderr, "Failed to read `%s': %s\n",
-- "/dev/urandom",
-- strerror(errno));
-- (void) close(fd);
-- return 1;
-- }
-- off += len;
-- }
-+ {
-+ len = read(fd, rnd, 8);
-+ if (len == -1)
-+ {
-+ fprintf(stderr, "Failed to read `%s': %s\n",
-+ "/dev/urandom",
-+ strerror(errno));
-+ (void) close(fd);
-+ return 1;
-+ }
-+ off += len;
-+ }
- (void) close(fd);
- #else
- {
-@@ -193,7 +197,7 @@ testDigestAuth ()
- if (d == NULL)
- return 1;
- c = curl_easy_init ();
-- curl_easy_setopt (c, CURLOPT_URL, "http://127.0.0.1:1337/");
-+ curl_easy_setopt (c, CURLOPT_URL, "http://127.0.0.1:1337/bar%20 foo?a=bü%20");
- curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
- curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
- curl_easy_setopt (c, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
-@@ -225,7 +229,6 @@ testDigestAuth ()
- }
-
-
--
- int
- main (int argc, char *const *argv)
- {
---- a/src/testcurl/https/test_https_time_out.c
-+++ b/src/testcurl/https/test_https_time_out.c
-@@ -64,7 +64,7 @@ test_tls_session_time_out (gnutls_sessio
-
- gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (intptr_t) sd);
-
-- ret = connect (sd, &sa, sizeof (struct sockaddr_in));
-+ ret = connect (sd, (struct sockaddr *) &sa, sizeof (struct sockaddr_in));
-
- if (ret < 0)
- {
#
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=libpng
-PKG_VERSION:=1.2.52
+PKG_VERSION:=1.2.54
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/libpng
-PKG_MD5SUM:=49d5c71929bf69a172147c47b9309fbe
+PKG_MD5SUM:=bbb7a7264f1c7d9c444fd16bf6f89832
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
PKG_LICENSE:=Libpng GPL-2.0+ BSD-3-Clause
include $(TOPDIR)/rules.mk
PKG_NAME:=libsndfile
-PKG_VERSION:=1.0.25
+PKG_VERSION:=1.0.26
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.mega-nerd.com/libsndfile/files/
-PKG_MD5SUM:=e2b7bb637e01022c7d20f95f9c3990a2
+PKG_MD5SUM:=ec810a0c60c08772a8a5552704b63393
PKG_LICENSE:=LGPLv2.1
PKG_LICENSE_FILES:=COPYING
+++ /dev/null
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1,5 +1,7 @@
- ## Process this file with automake to produce Makefile.in
-
-+ACLOCAL_AMFLAGS = -I M4
-+
- DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror
-
- if BUILD_OCTAVE_MOD
#
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=libxml2
-PKG_VERSION:=2.9.2
-PKG_RELEASE:=3
+PKG_VERSION:=2.9.3
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://gd.tuwien.ac.at/languages/libxml/ \
http://xmlsoft.org/sources/ \
ftp://fr.rpmfind.net/pub/libxml/
-PKG_MD5SUM:=9e6a9aca9d155737868b3dc5fd82f788
+PKG_MD5SUM:=daece17e045f1c107610e137ab50c179
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
+++ /dev/null
-From e3e04d254fb6bac49a285775b729e28b0500476c Mon Sep 17 00:00:00 2001
-From: Michael Heimpold <mhei@heimpold.de>
-Date: Sun, 21 Dec 2014 01:03:49 +0100
-Subject: [PATCH] threads: use forward declarations only for glibc (fixes
- #704908)
-
-The declarations of pthread functions, used to generate weak references
-to them, fail to suppress macros. Thus, if any pthread function has
-been provided as a macro, compiling threads.c will fail.
-This breaks on musl libc, which defines pthread_equal as a macro (in
-addition to providing the function, as required).
-
-Prevent the declarations for e.g. musl libc by refining the condition.
-
-The idea for this solution was borrowed from the alpine linux guys, see
-http://git.alpinelinux.org/cgit/aports/tree/main/libxml2/libxml2-pthread.patch
-
-Signed-off-by: Michael Heimpold <mhei@heimpold.de>
----
- threads.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/threads.c
-+++ b/threads.c
-@@ -47,7 +47,7 @@
- #ifdef HAVE_PTHREAD_H
-
- static int libxml_is_threaded = -1;
--#ifdef __GNUC__
-+#if defined(__GNUC__) && defined(__GLIBC__)
- #ifdef linux
- #if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || (__GNUC__ > 3)
- extern int pthread_once (pthread_once_t *__once_control,
-@@ -89,7 +89,7 @@ extern int pthread_cond_signal ()
- __attribute((weak));
- #endif
- #endif /* linux */
--#endif /* __GNUC__ */
-+#endif /* defined(__GNUC__) && defined(__GLIBC__) */
- #endif /* HAVE_PTHREAD_H */
-
- /*
include $(TOPDIR)/rules.mk
PKG_NAME:=p11-kit
-PKG_VERSION:=0.20.7
+PKG_VERSION:=0.23.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MD5SUM:=6648cad01a3080b685b8b3bf7372c91a
+PKG_MD5SUM:=96f073270c489c9a594e1c9413f42db8
PKG_SOURCE_URL:=http://p11-glue.freedesktop.org/releases/
PKG_INSTALL:=1
PKG_LICENSE_FILES:=COPYING
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://download.gnome.org/sources/grilo-plugins/0.2/
+PKG_SOURCE_URL:=@GNOME/grilo-plugins/0.2/
PKG_MD5SUM:=62ecaad877b485a950259eef1ef38c18
PKG_BUILD_DEPENDS:=glib2 grilo
PKG_LICENSE_FILES:=COPYING
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://download.gnome.org/sources/grilo/0.2/
+PKG_SOURCE_URL:=@GNOME/grilo/0.2/
PKG_MD5SUM:=7eba405ada20fefcb877d534d9d4f
PKG_BUILD_DEPENDS:=glib2 libsoup libxml2
PKG_NAME:=gst1-plugins-bad
PKG_VERSION:=1.4.5
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
--disable-resindvd \
--disable-faac \
--disable-faad \
- --disable-fbdev \
--disable-flite \
--disable-gsm \
--disable-kate \
$(eval $(call GstBuildPlugin,dataurisrc,dataurisrc support,,,))
$(eval $(call GstBuildPlugin,debugutilsbad,debugutils support,video,,))
$(eval $(call GstBuildPlugin,dvdspu,dvdspu support,video,,))
+$(eval $(call GstBuildPlugin,fbdevsink,fbdev support,video,,))
$(eval $(call GstBuildPlugin,festival,festival support,audio,,))
$(eval $(call GstBuildPlugin,frei0r,frei0r support,controller video,,))
$(eval $(call GstBuildPlugin,id3tag,id3tag support,tag,,))
PKG_NAME:=icecast
PKG_VERSION:=2.4.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_LICENSE:=GPL-2.0
PKG_MAINTAINER:=André Gaul <andre@gaul.io>
CATEGORY:=Multimedia
DEPENDS:=+libcurl +libxml2 +libxslt +libogg +libopenssl
TITLE:=A streaming media server for Ogg/Vorbis and MP3 audio streams
+ USERID:=icecast=87:icecast=87
URL:=http://www.icecast.org/
endef
#!/bin/sh /etc/rc.common
-# Example script
-# Copyright (C) 2014 OpenWrt.org
+
+# Startup script
+# Copyright (C) 2015 OpenWrt.org
USE_PROCD=1
-START=99
+START=90
STOP=15
start_service() {
+ user_exists icecast 87 || user_add icecast 87
+ group_exists icecast 87 || group_add icecast 87
+
+ [ -d /var/log/icecast ] || {
+ mkdir -m 0755 -p /var/log/icecast
+ chown icecast:icecast /var/log/icecast
+ }
+
procd_open_instance
procd_set_param command /usr/bin/icecast -c /etc/icecast.xml
procd_set_param respawn
--- /dev/null
+--- a/conf/icecast.xml.in
++++ b/conf/icecast.xml.in
+@@ -61,7 +61,7 @@
+ It affects mainly the urls generated by Icecast for playlists and yp
+ listings. You MUST configure it properly for YP listings to work!
+ -->
+- <hostname>localhost</hostname>
++ <hostname>OpenWrt</hostname>
+
+ <!-- You may have multiple <listener> elements -->
+ <listen-socket>
+@@ -234,11 +234,9 @@
+
+ <security>
+ <chroot>0</chroot>
+- <!--
+ <changeowner>
+- <user>nobody</user>
+- <group>nogroup</group>
++ <user>icecast</user>
++ <group>icecast</group>
+ </changeowner>
+- -->
+ </security>
+ </icecast>
PKG_NAME:=mjpg-streamer
PKG_REV:=182
PKG_VERSION:=r$(PKG_REV)
-PKG_RELEASE:=7
+PKG_RELEASE:=8
PKG_MAINTAINER:=Roger D <rogerdammit@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).1.tar.bz2
--- /dev/null
+--- a/plugins/input_uvc/v4l2uvc.c
++++ b/plugins/input_uvc/v4l2uvc.c
+@@ -130,7 +130,7 @@ int init_videoIn(struct vdIn *vd, char *
+ return -1;
+ }
+
+- memcpy(&pglobal->in[id].in_formats[pglobal->in[id].formatCount], &fmtdesc, sizeof(input_format));
++ memcpy(&pglobal->in[id].in_formats[pglobal->in[id].formatCount], &fmtdesc, sizeof(struct v4l2_fmtdesc));
+
+ if(fmtdesc.pixelformat == format)
+ pglobal->in[id].currentFormat = pglobal->in[id].formatCount;
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=0.20.2
+PKG_VERSION:=0.22.0
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dirk@brenken.org>
endef
define Package/$(PKG_NAME)/description
-powerful adblock script to block ad/abuse domains
-When the dns server on your router receives dns requests, we will sort out queries that ask for the [A] resource records of ad servers
-and return the local ip address of your router and the internal web server delivers a transparent pixel instead.
+Powerful adblock script to block ad/abuse domains
+When the dns server on your router receives dns requests, we will sort out queries that ask for the [A]
+resource records of ad servers and return the local ip address of your router and the internal web server
+delivers a transparent pixel instead.
The script supports the following domain blacklist sites:
http://pgl.yoyo.org/adservers
http://malwaredomains.com
http://www.spam404.com
http://winhelp2002.mvps.org
+Please read README.md in /etc/adblock for further information.
+
endef
define Package/$(PKG_NAME)/conffiles
## Main Features
* support of the following domain blacklist sites (free for private usage, for commercial use please check their individual licenses):
- * [pgl.yoyo.org](http://pgl.yoyo.org/adservers)
- * [malwaredomains.com](http://malwaredomains.com)
- * [zeustracker.abuse.ch](https://zeustracker.abuse.ch)
- * [feodotracker.abuse.ch](https://feodotracker.abuse.ch)
- * [palevotracker.abuse.ch](https://palevotracker.abuse.ch)
- * [dshield.org](http://dshield.org)
- * [shallalist.de](http://www.shallalist.de) (tested with the categories "adv" "costtraps" "downloads" "spyware" "tracker" "warez")
- * [spam404.com](http://www.spam404.com)
- * [winhelp2002.mvps.org](http://winhelp2002.mvps.org)
+ * [pgl.yoyo.org](http://pgl.yoyo.org/adservers), approx. 2.500 entries
+ * [malwaredomains.com](http://malwaredomains.com), approx. 16.000 entries
+ * [zeustracker.abuse.ch](https://zeustracker.abuse.ch), currently down
+ * [feodotracker.abuse.ch](https://feodotracker.abuse.ch), approx. 10 entries
+ * [palevotracker.abuse.ch](https://palevotracker.abuse.ch), approx. 10 entries
+ * [dshield.org](http://dshield.org), approx. 4.500 entries
+ * [shallalist.de](http://www.shallalist.de) (tested with the categories "adv" "costtraps" "downloads" "spyware" "tracker" "warez"), approx. 37.000 entries
+ * [spam404.com](http://www.spam404.com), approx. 5.000 entries
+ * [winhelp2002.mvps.org](http://winhelp2002.mvps.org), approx. 15.000 entries
* blocklist parsing by fast & flexible regex rulesets
* additional white- and blacklist support for manual overrides
* separate dynamic adblock network interface
* separate dynamic uhttpd instance as pixel server
* optional: quality checks and a powerful backup/restore handling to ensure a reliable dnsmasq service
-* optional: adblock updates only on pre-defined wan interfaces
+* optional: adblock updates only on pre-defined wan interfaces (useful for (mobile) multiwan setups)
* optional: domain query logging as a background service to easily identify free and already blocked domains
* optional: ntp time sync
* optional: status & error logging (req. ntp time sync)
* additional software packages:
* curl
* wget (due to an openwrt bug still needed for certain https requests - see ticket #19621)
- * busybox find with *-mtime* support for logfile housekeeping (enabled by default with r47362, will be disabled if not found)
-* optional: mounted usb stick or any other storage device to overcome limited memory resources on embedded router devices
-* the above dependencies will be checked during package installation & script runtime, please check *logread -e "adblock"* for errors
+ * optional: busybox find with *-mtime* support for logfile housekeeping (enabled by default with r47362, will be disabled if not found)
+ * optional: coreutils-sort for reliable sort results, even on low memory systems
+* recommended: add an usb stick or any other storage device to supersize your /tmp directory with a swap partition (see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab))
+* the above dependencies and requirements will be checked during package installation & script startup, please check console output or *logread -e "adblock"* for errors
## Usage
* select & install adblock package (*opkg install adblock*)
-* configure /etc/config/adblock to your needs
-* start /usr/bin/adblock-update.sh and check *logread -e "adblock"* for errors
+* configure /etc/config/adblock to your needs, see additional comments in *adblock.conf.sample*
+* at least configure the ip address of the local adblock interface/uhttpd instance, needs to be a different subnet from the normal LAN
+* by default openwrts main uhttpd instance is bind to all ports of your router. For a working adblock setup you have to bind uhttpd to the standard LAN port only, please change listen_http accordingly
+* start /usr/bin/adblock-update.sh and check console output or *logread -e "adblock"* for errors
## Distributed samples
-* all sample configuration files stored in */etc/adblock/samples*.
-* to enable/disable additional domain query logging set the dnsmasq option *logqueries* accordingly, see *dhcp.config.sample*.
-* for script autostart by rc.local and /tmp resizing on the fly see *rc.local.sample*.
-* for scheduled call of *adblock-update.sh* see *root.crontab.sample*.
-* to redirect/force all dns queries to your router see *firwall.user.sample*.
-* for further dnsmasq tweaks see *dnsmasq.conf.sample*.
+* all sample configuration files stored in */etc/adblock/samples*
+* to enable/disable additional domain query logging set the dnsmasq option *logqueries* accordingly, see *dhcp.config.sample*
+* to bind uhttpd to standard LAN port only, see *uhttpd.config.sample*
+* for script autostart by rc.local and /tmp resizing on the fly see *rc.local.sample*
+* for scheduled call of *adblock-update.sh* see *root.crontab.sample*
+* to redirect/force all dns queries to your router see *firwall.user.sample*
+* for further dnsmasq tweaks see *dnsmasq.conf.sample*
+
+## Examples
+
+ stdout excerpt for successful adblock run:
+
+ root@pi2wrt:~# /usr/bin/adblock-update.sh
+ adblock[17771] info : domain adblock processing started (0.21.0)
+ adblock[17771] info : get wan/update interface (wlan1), after 0 loops
+ adblock[17771] info : get ntp time sync (0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org), after 0 loops
+ adblock[17771] info : shallalist archive download finished
+ adblock[17771] info : shallalist archive extraction finished
+ adblock[17771] info : shallalist (pre-)processing finished (adv costtraps downloads spyware tracker warez)
+ adblock[17771] info : source download finished (http://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext, 2426 entries)
+ adblock[17771] info : source download finished (http://mirror1.malwaredomains.com/files/justdomains, 15275 entries)
+ adblock[17771] info : source download finished (https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist, 3 entries)
+ adblock[17771] info : source download finished (https://feodotracker.abuse.ch/blocklist/?download=domainblocklist, 0 entries)
+ adblock[17771] info : source download finished (https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist, 11 entries)
+ adblock[17771] info : source download finished (http://www.dshield.org/feeds/suspiciousdomains_Low.txt, 4542 entries)
+ adblock[17771] info : source download finished (http://spam404bl.com/spam404scamlist.txt, 5193 entries)
+ adblock[17771] info : source download finished (http://winhelp2002.mvps.org/hosts.txt, 13852 entries)
+ adblock[17771] info : source download finished (file:////tmp/tmp.emlDeH/shallalist.txt, 36961 entries)
+ adblock[17771] info : source download finished (file:///etc/adblock/adblock.blacklist, 1 entries)
+ adblock[17771] info : new adblock list with 73090 domains loaded, backup generated
+ adblock[17771] info : domain adblock processing finished (0.21.0)
+
+
+ generated domain blocklist for dnsmasq:
+
+ address=/0-29.com/192.168.2.1
+ address=/0-2u.com/192.168.2.1
+ address=/0.r.msn.com/192.168.2.1
+ address=/00.devoid.us/192.168.2.1
+ address=/000007.ru/192.168.2.1
+ [...]
+ address=/zzz.cn/192.168.2.1
+ address=/zzzjsh.com/192.168.2.1
+ ####################################################
+ # last adblock list update: 20.11.2015 - 18:00:02
+ # adblock-update.sh (0.21.0) - 73087 ad/abuse domains blocked
+ # domain blacklist sources:
+ # http://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext
+ # http://mirror1.malwaredomains.com/files/justdomains
+ # https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
+ # https://feodotracker.abuse.ch/blocklist/?download=domainblocklist
+ # https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist
+ # http://www.dshield.org/feeds/suspiciousdomains_Low.txt
+ # http://spam404bl.com/spam404scamlist.txt
+ # http://winhelp2002.mvps.org/hosts.txt
+ # file:////tmp/tmp.CLBLNF/shallalist.txt
+ # file:///etc/adblock/adblock.blacklist
+ #####
+ # /etc/adblock/adblock.whitelist
+ ####################################################
+
+
+ domain query log excerpt:
+
+ query[A] www.seenby.de from fe80::6257:18ff:fe6b:4667
+ query[A] tarifrechner.heise.de from 192.168.1.131
+ query[A] www.mittelstandswiki.de from fe80::6257:18ff:fe6b:4667
+ query[A] ad.doubleclick.net from 192.168.1.131
+ ad.doubleclick.net is 192.168.2.1
+
+
+The first three queries are OK (not blocked), the last one has been blocked and answered by local dnsmasq instance.
Have fun!
Dirk
then
. /lib/functions.sh
else
- /usr/bin/logger -t "adblock[${pid}]" "error: openwrt function library not found"
+ rc=510
+ f_log "openwrt function library not found" "${rc}"
f_deltemp
- exit 10
fi
# source in openwrt json helpers library
then
. "/usr/share/libubox/jshn.sh"
else
- /usr/bin/logger -t "adblock[${pid}]" "error: openwrt json helpers library not found"
+ rc=515
+ f_log "openwrt json helpers library not found" "${rc}"
f_deltemp
- exit 15
fi
# get list with all installed openwrt packages
pkg_list="$(opkg list-installed 2>/dev/null)"
if [ -z "${pkg_list}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: empty openwrt package list"
+ rc=520
+ f_log "empty openwrt package list" "${rc}"
f_deltemp
- exit 20
fi
}
#
f_envparse()
{
+ # set the C locale, characters are single bytes, the charset is ASCII
+ # speeds up sort, grep etc., guarantees unique domains
+ #
+ LC_ALL=C
+
+ # set initial defaults (may be overwritten by adblock config options)
+ #
+ adb_if="adblock"
+ adb_minspace="20000"
+ adb_maxtime="60"
+ adb_maxloop="5"
+
+ # adblock device name auto detection
+ # derived from first entry in openwrt lan ifname config
+ #
+ adb_dev="$(uci get network.lan.ifname 2>/dev/null)"
+ adb_dev="${adb_dev/ *}"
+
+ # adblock ntp server name auto detection
+ # derived from ntp list found in openwrt ntp server config
+ #
+ adb_ntpsrv="$(uci get system.ntp.server 2>/dev/null)"
+
# function to read/set global options by callback,
# prepare list items and build option list for all others
#
# set temp variables and counter
#
- adb_tmpfile="$(mktemp -tu)"
- adb_tmpdir="$(mktemp -d)"
- cnt=0
- max_cnt=30
- max_time=60
+ adb_tmpfile="$(mktemp -tu 2>/dev/null)"
+ adb_tmpdir="$(mktemp -d 2>/dev/null)"
# set adblock source ruleset definitions
#
#
adb_dnsfile="/tmp/dnsmasq.d/adlist.conf"
adb_dnsformat="sed 's/^/address=\//;s/$/\/'${adb_ip}'/'"
+
+ # remove unused environment variables
+ #
+ env_list="$(set | grep -o "CONFIG_[A-Za-z_]*")"
+ for var in ${env_list}
+ do
+ unset "${var}" 2>/dev/null
+ done
}
#############################################
#
f_envcheck()
{
+ # check required config variables
+ #
+ adb_varlist="adb_ip adb_dev adb_if adb_domain adb_minspace adb_maxloop adb_maxtime adb_blacklist adb_whitelist"
+ for var in ${adb_varlist}
+ do
+ if [ -z "$(eval printf \"\$"${var}"\")" ]
+ then
+ rc=525
+ f_log "missing adblock config option (${var})" "${rc}"
+ f_deltemp
+ fi
+ done
+
+ # check main uhttpd configuration
+ #
+ check_uhttpd="$(uci get uhttpd.main.listen_http 2>/dev/null | grep -o "0.0.0.0")"
+ if [ -n "${check_uhttpd}" ]
+ then
+ rc=530
+ lan_ip="$(uci get network.lan.ipaddr 2>/dev/null)"
+ f_log "main uhttpd instance listens to all network interfaces, please bind uhttpd to LAN only (${lan_ip})" "${rc}"
+ f_deltemp
+ fi
+
# check adblock network device configuration
#
if [ ! -d "/sys/class/net/${adb_dev}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: invalid adblock network device input (${adb_dev})"
+ rc=535
+ f_log "invalid adblock network device input (${adb_dev})" "${rc}"
f_deltemp
- exit 25
fi
# check adblock network interface configuration
#
- check_if="$(printf "${adb_if}" | sed -n '/[^_0-9A-Za-z]/p')"
+ check_if="$(printf "${adb_if}" | sed -n '/[^._0-9A-Za-z]/p')"
banned_if="$(printf "${adb_if}" | sed -n '/.*lan.*\|.*wan.*\|.*switch.*\|main\|globals\|loopback\|px5g/p')"
if [ -n "${check_if}" ] || [ -n "${banned_if}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: invalid adblock network interface input (${adb_if})"
+ rc=540
+ f_log "invalid adblock network interface input (${adb_if})" "${rc}"
f_deltemp
- exit 30
fi
# check adblock ip address configuration
check_ip="$(printf "${adb_ip}" | sed -n '/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/p')"
if [ -z "${check_ip}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: invalid adblock ip address input (${adb_ip})"
+ rc=545
+ f_log "invalid adblock ip address input (${adb_ip})" "${rc}"
f_deltemp
- exit 35
fi
# check adblock blacklist/whitelist configuration
#
if [ ! -r "${adb_blacklist}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: adblock blacklist not found"
+ rc=550
+ f_log "adblock blacklist not found" "${rc}"
f_deltemp
- exit 40
elif [ ! -r "${adb_whitelist}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: adblock whitelist not found"
+ rc=555
+ f_log "adblock whitelist not found" "${rc}"
f_deltemp
- exit 45
fi
- # check wan update configuration
+ # check adblock temp directory
#
- if [ -n "${adb_wandev}" ]
+ if [ -n "${adb_tmpdir}" ] && [ -d "${adb_tmpdir}" ]
then
- wan_ok="true"
+ f_space "${adb_tmpdir}"
+ tmp_ok="true"
else
- wan_ok="false"
- /usr/bin/logger -t "adblock[${pid}]" "info: wan update check will be disabled"
+ rc=560
+ tmp_ok="false"
+ f_log "temp directory not found" "${rc}"
+ f_deltemp
fi
- # check ntp sync configuration
+ # check curl package dependency
#
- if [ -n "${adb_ntpsrv}" ]
+ check="$(printf "${pkg_list}" | grep "^curl -")"
+ if [ -z "${check}" ]
then
- ntp_ok="true"
- else
- ntp_ok="false"
- /usr/bin/logger -t "adblock[${pid}]" "info: ntp time sync will be disabled"
+ rc=565
+ f_log "curl package not found" "${rc}"
+ f_deltemp
fi
- # check backup configuration
+ # check wget package dependency
#
- adb_backupdir="${adb_backupfile%/*}"
- if [ -n "${adb_backupdir}" ] && [ -d "${adb_backupdir}" ]
+ check="$(printf "${pkg_list}" | grep "^wget -")"
+ if [ -z "${check}" ]
then
- backup_ok="true"
- adb_mounts="${adb_backupdir} ${adb_tmpdir}"
+ rc=570
+ f_log "wget package not found" "${rc}"
+ f_deltemp
+ fi
+
+ # check ca-certificates package and set wget/curl parms accordingly
+ #
+ check="$(printf "${pkg_list}" | grep "^ca-certificates -")"
+ if [ -z "${check}" ]
+ then
+ curl_parm="--insecure"
+ wget_parm="--no-check-certificate"
else
- backup_ok="false"
- /usr/bin/logger -t "adblock[${pid}]" "info: backup/restore will be disabled"
+ unset curl_parm
+ unset wget_parm
fi
- # check error log configuration
+ # check total and swap memory
#
- adb_logdir="${adb_logfile%/*}"
- if [ -n "${adb_logfile}" ] && [ "${adb_logfile}" = "/dev/stdout" ]
+ mem_total="$(cat /proc/meminfo | grep "MemTotal" | grep -o "[0-9]*")"
+ mem_free="$(cat /proc/meminfo | grep "MemFree" | grep -o "[0-9]*")"
+ swap_total="$(cat /proc/meminfo | grep "SwapTotal" | grep -o "[0-9]*")"
+ if [ $((mem_total)) -le 64000 ] && [ $((swap_total)) -eq 0 ]
then
- log_ok="true"
- adb_logfile="/proc/self/fd/1"
- elif [ -n "${adb_logdir}" ] && [ -d "${adb_logdir}" ] && [ "${ntp_ok}" = "true" ]
+ f_log "please consider to add an external swap device to supersize your /tmp directory (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
+ fi
+
+ # check backup configuration
+ #
+ adb_backupdir="${adb_backupfile%/*}"
+ if [ -n "${adb_backupdir}" ] && [ -d "${adb_backupdir}" ]
then
- log_ok="true"
- adb_mounts="${adb_mounts} ${adb_logdir}"
+ f_space "${adb_backupdir}"
+ backup_ok="true"
else
- log_ok="false"
- adb_logfile="/dev/null"
- /usr/bin/logger -t "adblock[${pid}]" "info: error logging will be disabled"
+ backup_ok="false"
+ f_log "backup/restore will be disabled"
fi
# check dns query log configuration
#
adb_querydir="${adb_queryfile%/*}"
- query_pid="/var/run/adb_query.pid"
+ adb_querypid="/var/run/adb_query.pid"
if [ -n "${adb_querydir}" ] && [ -d "${adb_querydir}" ]
then
# check find capabilities
if [ -z "${check}" ]
then
query_ok="false"
- /usr/bin/logger -t "adblock[${pid}]" "info: busybox without 'find/mtime' support (min. r47362), dns query logging will be disabled"
+ f_log "busybox without 'find/mtime' support (min. r47362), dns query logging will be disabled"
else
+ f_space "${adb_querydir}"
query_ok="true"
query_name="${adb_queryfile##*/}"
query_ip="${adb_ip//./\\.}"
- adb_mounts="${adb_mounts} ${adb_querydir}"
fi
else
query_ok="false"
- if [ -s "${query_pid}" ]
+ f_log "dns query logging will be disabled"
+ if [ -s "${adb_querypid}" ]
then
- kill -9 $(< "${query_pid}") 2>/dev/null
- > "${query_pid}"
- /usr/bin/logger -t "adblock[${pid}]" "info: remove old dns query log background process"
+ kill -9 "$(cat "${adb_querypid}")" >/dev/null 2>&1
+ f_log "remove old dns query log background process (pid: $(cat "${adb_querypid}"))"
+ > "${adb_querypid}"
fi
- /usr/bin/logger -t "adblock[${pid}]" "info: dns query logging will be disabled"
fi
- # check mount points & space requirements
+ # check debug log configuration
#
- adb_mounts="${adb_mounts} ${adb_tmpdir}"
- for mp in ${adb_mounts}
- do
- df "${mp}" 2>/dev/null |\
- tail -n1 |\
- while read filesystem overall used available scrap
- do
- av_space="${available}"
- if [ $((av_space)) -eq 0 ]
- then
- /usr/bin/logger -t "adblock[${pid}]" "error: no space left on device/not mounted (${mp})"
- exit 50
- elif [ $((av_space)) -lt $((adb_minspace)) ]
- then
- /usr/bin/logger -t "adblock[${pid}]" "error: not enough space left on device (${mp})"
- exit 55
- fi
- done
- # subshell return code handling
- #
- rc=$?
- if [ $((rc)) -ne 0 ]
- then
- f_deltemp
- exit ${rc}
- fi
- done
+ adb_logdir="${adb_logfile%/*}"
+ if [ -n "${adb_logdir}" ] && [ -d "${adb_logdir}" ]
+ then
+ f_space "${adb_logdir}"
+ log_ok="true"
+ else
+ log_ok="false"
+ f_log "debug logging will be disabled"
+ fi
- # check curl package dependency
+ # check wan update configuration
#
- check="$(printf "${pkg_list}" | grep "^curl")"
- if [ -z "${check}" ]
+ if [ -n "${adb_wandev}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: curl package not found"
- f_deltemp
- exit 60
+ f_wancheck "${adb_maxloop}"
+ else
+ wan_ok="false"
+ f_log "wan update check will be disabled"
fi
- # check wget package dependency
+ # check ntp sync configuration
#
- check="$(printf "${pkg_list}" | grep "^wget")"
- if [ -z "${check}" ]
+ if [ -n "${adb_ntpsrv}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: wget package not found"
- f_deltemp
- exit 65
+ f_ntpcheck "${adb_maxloop}"
+ else
+ ntp_ok="false"
+ f_log "ntp time sync will be disabled"
fi
# check dynamic/volatile adblock network interface configuration
#
- rc="$(ifstatus "${adb_if}" >/dev/null 2>&1; printf $?)"
+ rc="$(ifstatus "${adb_if}" >/dev/null 2>&1; printf ${?})"
if [ $((rc)) -ne 0 ]
then
json_init
json_close_array
json_close_object
ubus call network add_dynamic "$(json_dump)"
- /usr/bin/logger -t "adblock[${pid}]" "info: created new dynamic/volatile network interface (${adb_if}, ${adb_ip})"
+ rc=${?}
+ if [ $((rc)) -eq 0 ]
+ then
+ f_log "created new dynamic/volatile network interface (${adb_if}, ${adb_ip})"
+ else
+ f_log "failed to initialize new dynamic/volatile network interface (${adb_if}, ${adb_ip})" "${rc}"
+ f_remove
+ fi
fi
# check dynamic/volatile adblock uhttpd instance configuration
#
- rc="$(ps | grep "[u]httpd.*\-r ${adb_if}" >/dev/null 2>&1; printf $?)"
+ rc="$(ps | grep "[u]httpd.*\-r ${adb_if}" >/dev/null 2>&1; printf ${?})"
if [ $((rc)) -ne 0 ]
then
- uhttpd -h "/www/adblock" -r "${adb_if}" -E "/adblock.html" -p "${adb_ip}:80"
- /usr/bin/logger -t "adblock[${pid}]" "info: created new dynamic/volatile uhttpd instance (${adb_if}, ${adb_ip})"
+ uhttpd -h "/www/adblock" -r "${adb_if}" -E "/adblock.html" -p "${adb_ip}:80" >/dev/null 2>&1
+ rc=${?}
+ if [ $((rc)) -eq 0 ]
+ then
+ f_log "created new dynamic/volatile uhttpd instance (${adb_if}, ${adb_ip})"
+ else
+ f_log "failed to initialize new dynamic/volatile uhttpd instance (${adb_if}, ${adb_ip})" "${rc}"
+ f_remove
+ fi
+ fi
+}
+
+################################################
+# f_log: log messages to stdout, syslog, logfile
+#
+f_log()
+{
+ local log_msg="${1}"
+ local log_rc="${2}"
+ local class="info "
+ if [ -n "${log_msg}" ]
+ then
+ if [ $((log_rc)) -ne 0 ]
+ then
+ class="error"
+ log_rc=", rc: ${log_rc}"
+ fi
+ /usr/bin/logger -s -t "adblock[${pid}] ${class}" "${log_msg}${log_rc}"
+ if [ "${log_ok}" = "true" ] && [ "${ntp_ok}" = "true" ]
+ then
+ printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${pid}] ${class}: ${log_msg}${log_rc}" >> "${adb_logfile}"
+ fi
fi
}
-###################################################
-# f_deltemp: delete temporary files and directories
+################################################
+# f_space: check mount points/space requirements
+#
+f_space()
+{
+ local mp="${1}"
+ if [ -d "${mp}" ]
+ then
+ df "${mp}" 2>/dev/null |\
+ tail -n1 |\
+ while read filesystem overall used available scrap
+ do
+ av_space="${available}"
+ if [ $((av_space)) -eq 0 ]
+ then
+ rc=575
+ f_log "no space left on device/not mounted (${mp})" "${rc}"
+ exit ${rc}
+ elif [ $((av_space)) -lt $((adb_minspace)) ]
+ then
+ rc=580
+ f_log "not enough space left on device (${mp})" "${rc}"
+ exit ${rc}
+ fi
+ done
+ rc=${?}
+ if [ $((rc)) -eq 0 ]
+ then
+ space_ok="true"
+ else
+ space_ok="false"
+ f_deltemp
+ fi
+ fi
+}
+
+####################################################
+# f_deltemp: delete temp files, directories and exit
#
f_deltemp()
{
if [ -f "${adb_tmpfile}" ]
then
- rm -f "${adb_tmpfile}" 2>/dev/null
+ rm -f "${adb_tmpfile}" >/dev/null 2>&1
fi
if [ -d "${adb_tmpdir}" ]
- then
- rm -rf "${adb_tmpdir}" 2>/dev/null
+ then
+ rm -rf "${adb_tmpdir}" >/dev/null 2>&1
fi
+ f_log "domain adblock processing finished (${adb_version})"
+ exit ${rc}
}
-################################################################
-# f_remove: remove temporary files, start and maintain query log
+####################################################
+# f_remove: maintain and (re-)start domain query log
#
f_remove()
{
- # delete temporary files and directories
- #
- f_deltemp
-
- # remove existing domain query log background process,
- # do housekeeping and start a new process on daily basis
- #
if [ "${query_ok}" = "true" ] && [ "${ntp_ok}" = "true" ]
then
query_date="$(date "+%Y%m%d")"
- if [ -s "${query_pid}" ] && [ ! -f "${adb_queryfile}.${query_date}" ]
+ if [ -s "${adb_querypid}" ] && [ ! -f "${adb_queryfile}.${query_date}" ]
then
- kill -9 $(< "${query_pid}") 2>/dev/null
- > "${query_pid}"
- find "${adb_backupdir}" -maxdepth 1 -type f -mtime +${adb_queryhistory} -name "${query_name}.*" -exec rm -f {} \; 2>/dev/null
- /usr/bin/logger -t "adblock[${pid}]" "info: remove old dns query log background process and do logfile housekeeping"
+ kill -9 "$(cat "${adb_querypid}")" >/dev/null 2>&1
+ find "${adb_backupdir}" -maxdepth 1 -type f -mtime +"${adb_queryhistory}" -name "${query_name}.*" -exec rm -f {} \; 2>/dev/null
+ f_log "remove old dns query log background process (pid: $(cat "${adb_querypid}")) and do logfile housekeeping"
+ > "${adb_querypid}"
fi
- if [ ! -s "${query_pid}" ]
+ if [ ! -s "${adb_querypid}" ]
then
- ( logread -f 2>/dev/null & printf -n "$!" > "${query_pid}" ) | egrep -o "(query\[A\].*)|([a-z0-9\.\-]* is ${query_ip}$)" >> "${adb_queryfile}.${query_date}" &
- /usr/bin/logger -t "adblock[${pid}]" "info: start new domain query log background process"
+ ( logread -f 2>/dev/null & printf ${!} > "${adb_querypid}" ) | egrep -o "(query\[A\].*)|([a-z0-9\.\-]* is ${query_ip}$)" >> "${adb_queryfile}.${query_date}" &
+ f_log "new domain query log background process started (pid: $(cat "${adb_querypid}"))"
fi
fi
-
- # final log entry
- #
- /usr/bin/logger -t "adblock[${pid}]" "info: domain adblock processing finished (${adb_version})"
+ f_deltemp
}
-#####################################################
-# f_restore: if available, restore last adlist backup
+################################################################
+# f_restore: restore last adblocklist backup and restart dnsmasq
#
f_restore()
{
- if [ -z "${restore_msg}" ]
- then
- restore_msg="unknown"
- fi
-
if [ "${backup_ok}" = "true" ] && [ -f "${adb_backupfile}" ]
then
- cp -f "${adb_backupfile}" "${adb_dnsfile}" 2>/dev/null
- /usr/bin/logger -t "adblock[${pid}]" "error: ${restore_msg}, adlist backup restored"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: ${restore_msg}, adlist backup restored" >> "${adb_logfile}"
+ cp -f "${adb_backupfile}" "${adb_dnsfile}" >/dev/null 2>&1
+ f_log "adblocklist backup restored"
else
> "${adb_dnsfile}"
- /usr/bin/logger -t "adblock[${pid}]" "error: ${restore_msg}, empty adlist generated"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: ${restore_msg}, empty adlist generated" >> "${adb_logfile}"
+ f_log="empty adblocklist generated"
fi
-
- # restart dnsmasq
- #
/etc/init.d/dnsmasq restart >/dev/null 2>&1
-
- # remove files and exit
- #
f_remove
- exit 100
}
#######################################################
#
f_wancheck()
{
- if [ "${wan_ok}" = "true" ]
- then
- # wait for wan update interface(s)
- #
- while [ $((cnt)) -le $((max_cnt)) ]
+ local cnt=0
+ local cnt_max="${1}"
+ local dev
+ local dev_out
+ while [ $((cnt)) -le $((cnt_max)) ]
+ do
+ for dev in ${adb_wandev}
do
- for dev in ${adb_wandev}
- do
- if [ -d "/sys/class/net/${dev}" ]
- then
- dev_out=$(< /sys/class/net/${dev}/operstate 2>/dev/null)
- if [ "${dev_out}" = "up" ]
- then
- /usr/bin/logger -t "adblock[${pid}]" "info: get wan/update interface: ${dev}, after ${cnt} loops"
- break 2
- fi
- fi
- if [ $((cnt)) -eq $((max_cnt)) ]
+ if [ -d "/sys/class/net/${dev}" ]
+ then
+ dev_out="$(cat /sys/class/net/${dev}/operstate 2>/dev/null)"
+ rc=${?}
+ if [ "${dev_out}" = "up" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "error: no wan/update interface(s) found (${adb_wandev})"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: no wan/update interface(s) found (${adb_wandev})" >> "${adb_logfile}"
- restore_msg="no wan/update interface(s)"
- f_restore
+ wan_ok="true"
+ f_log "get wan/update interface (${dev}), after ${cnt} loops"
+ break 2
fi
- done
- sleep 1
- cnt=$((cnt + 1))
+ fi
done
+ sleep 1
+ cnt=$((cnt + 1))
+ done
+ if [ -z "${wan_ok}" ]
+ then
+ rc=585
+ wan_ok="false"
+ f_log "no wan/update interface(s) found (${adb_wandev# })" "${rc}"
+ f_restore
fi
}
#
f_ntpcheck()
{
- if [ "${ntp_ok}" = "true" ]
+ local cnt=0
+ local cnt_max="${1}"
+ local ntp_pool
+ for srv in ${adb_ntpsrv}
+ do
+ ntp_pool="${ntp_pool} -p ${srv}"
+ done
+ while [ $((cnt)) -le $((cnt_max)) ]
+ do
+ /usr/sbin/ntpd -nq ${ntp_pool} >/dev/null 2>&1
+ rc=${?}
+ if [ $((rc)) -eq 0 ]
+ then
+ ntp_ok="true"
+ f_log "get ntp time sync (${adb_ntpsrv# }), after ${cnt} loops"
+ break
+ fi
+ sleep 1
+ cnt=$((cnt + 1))
+ done
+ if [ -z "${ntp_ok}" ]
then
- # prepare ntp server pool
- #
- unset ntp_pool
- for srv in ${adb_ntpsrv}
- do
- ntp_pool="${ntp_pool} -p ${srv}"
- done
-
- # wait for ntp time sync
- #
- while [ $((cnt)) -le $((max_cnt)) ]
- do
- /usr/sbin/ntpd -nq ${ntp_pool} >/dev/null 2>&1
- rc=$?
- if [ $((rc)) -eq 0 ]
- then
- /usr/bin/logger -t "adblock[${pid}]" "info: get ntp time sync (${adb_ntpsrv}), after ${cnt} loops"
- break
- fi
- if [ $((cnt)) -eq $((max_cnt)) ]
- then
- ntp_ok="false"
- /usr/bin/logger -t "adblock[${pid}]" "error: ntp time sync failed (${adb_ntpsrv})"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: ntp time sync failed (${adb_ntpsrv})" >> "${adb_logfile}"
- restore_msg="time sync failed"
- f_restore
- fi
- sleep 1
- cnt=$((cnt + 1))
- done
+ rc=590
+ ntp_ok="false"
+ f_log "ntp time sync failed (${adb_ntpsrv# })" "${rc}"
+ f_restore
fi
}
-#################################################################
-# f_dnscheck: dnsmasq health check with newly generated blocklist
+####################################################################
+# f_dnscheck: dnsmasq health check with newly generated adblock list
#
f_dnscheck()
{
- # check 1: dnsmasq startup
- #
+ local dns_status
dns_status="$(logread -l 20 -e "dnsmasq" -e "FAILED to start up")"
+ rc=${?}
if [ -z "${dns_status}" ]
then
- # check 2: nslookup probe
- #
dns_status="$(nslookup "${adb_domain}" 2>/dev/null | grep "${adb_ip}")"
+ rc=${?}
if [ -z "${dns_status}" ]
then
- # create backup of new block list only, if both checks are OK and backup enabled
- #
if [ "${backup_ok}" = "true" ]
then
- cp -f "${adb_dnsfile}" "${adb_backupfile}" 2>/dev/null
- /usr/bin/logger -t "adblock[${pid}]" "info: new block list with ${adb_count} domains loaded, backup generated"
+ cp -f "${adb_dnsfile}" "${adb_backupfile}" >/dev/null 2>&1
+ f_log "new adblock list with ${adb_count} domains loaded, backup generated"
else
- /usr/bin/logger -t "adblock[${pid}]" "info: new block list with ${adb_count} domains loaded, no backup"
+ f_log "new adblock list with ${adb_count} domains loaded, no backup"
fi
else
- restore_msg="nslookup probe failed"
+ f_log "nslookup probe failed" "${rc}"
f_restore
fi
else
- restore_msg="dnsmasq probe failed"
- f_restore
+ f_log "dnsmasq probe failed" "${rc}"
+ f_restore
fi
}
#
f_footer()
{
+ local url
adb_count="$(wc -l < "${adb_dnsfile}")"
- printf "%s\n" "###################################################" >> "${adb_dnsfile}"
- printf "%s\n" "# last adblock file update: $(date +"%d.%m.%Y - %T")" >> "${adb_dnsfile}"
+ printf "%s\n" "####################################################" >> "${adb_dnsfile}"
+ printf "%s\n" "# last adblock list update: $(date +"%d.%m.%Y - %T")" >> "${adb_dnsfile}"
printf "%s\n" "# ${0##*/} (${adb_version}) - ${adb_count} ad/abuse domains blocked" >> "${adb_dnsfile}"
printf "%s\n" "# domain blacklist sources:" >> "${adb_dnsfile}"
for src in ${adb_sources}
url="${src//\&ruleset=*/}"
printf "%s\n" "# ${url}" >> "${adb_dnsfile}"
done
- printf "%s\n" "###################################################" >> "${adb_dnsfile}"
- printf "%s\n" "# domain whitelist source:" >> "${adb_dnsfile}"
+ printf "%s\n" "#####" >> "${adb_dnsfile}"
printf "%s\n" "# ${adb_whitelist}" >> "${adb_dnsfile}"
- printf "%s\n" "###################################################" >> "${adb_dnsfile}"
+ printf "%s\n" "####################################################" >> "${adb_dnsfile}"
}
# set script version
#
-adb_version="0.20.2"
+adb_version="0.22.0"
# get current pid and script directory
#
-pid=$$
+pid=${$}
adb_scriptdir="${0%/*}"
# source in adblock function library
then
. "${adb_scriptdir}/adblock-helper.sh"
else
- /usr/bin/logger -t "adblock[${pid}]" "error: adblock function library not found"
- exit 200
+ rc=500
+ /usr/bin/logger -s -t "adblock[${pid}] error" "adblock function library not found, rc: ${rc}"
+ exit ${rc}
fi
################
# call restore function on trap signals (HUP, INT, QUIT, BUS, SEGV, TERM)
#
-trap "restore_msg='trap error'; f_restore" 1 2 3 10 11 15
+trap "f_log 'trap error' '600'; f_restore" 1 2 3 10 11 15
# start logging
#
-/usr/bin/logger -t "adblock[${pid}]" "info: domain adblock processing started (${adb_version})"
+f_log "domain adblock processing started (${adb_version})"
# load environment
#
#
f_envcheck
-# check wan update interface(s)
-#
-f_wancheck
-
-# check for ntp time sync
-#
-f_ntpcheck
-
-# check/start shallalist (pre-)processing
+# start shallalist (pre-)processing
#
if [ -n "${adb_arc_shalla}" ]
then
#
shalla_archive="${adb_tmpdir}/shallalist.tar.gz"
shalla_file="${adb_tmpdir}/shallalist.txt"
- curl --insecure --max-time "${max_time}" "${adb_arc_shalla}" -o "${shalla_archive}" 2>/dev/null
- rc=$?
+ curl "${curl_parm}" --max-time "${adb_maxtime}" "${adb_arc_shalla}" -o "${shalla_archive}" 2>/dev/null
+ rc=${?}
if [ $((rc)) -eq 0 ]
then
- /usr/bin/logger -t "adblock[${pid}]" "info: shallalist archive download finished"
+ f_log "shallalist archive download finished"
else
- /usr/bin/logger -t "adblock[${pid}]" "error: shallalist archive download failed (${adb_arc_shalla})"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: shallalist archive download failed (${adb_arc_shalla})" >> "${adb_logfile}"
- restore_msg="archive download failed"
+ f_log "shallalist archive download failed (${adb_arc_shalla})" "${rc}"
f_restore
fi
- # extract shallalist archive
- #
- tar -xzf "${shalla_archive}" -C "${adb_tmpdir}" 2>/dev/null
- rc=$?
- if [ $((rc)) -eq 0 ]
- then
- /usr/bin/logger -t "adblock[${pid}]" "info: shallalist archive extraction finished"
- else
- /usr/bin/logger -t "adblock[${pid}]" "error: shallalist archive extraction failed"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: shallalist archive extraction failed" >> "${adb_logfile}"
- restore_msg="archive extraction failed"
- f_restore
- fi
-
- # merge selected shallalist categories
+ # extract and merge only domains of selected shallalist categories
#
> "${shalla_file}"
for category in ${adb_cat_shalla}
do
- if [ -f "${adb_tmpdir}/BL/${category}/domains" ]
+ tar -C "${adb_tmpdir}" -xzf "${shalla_archive}" BL/${category}/domains 2>/dev/null
+ rc=${?}
+ if [ $((rc)) -eq 0 ]
then
- cat "${adb_tmpdir}/BL/${category}/domains" >> "${shalla_file}" 2>/dev/null
- rc=$?
+ if [ -r "${adb_tmpdir}/BL/${category}/domains" ]
+ then
+ cat "${adb_tmpdir}/BL/${category}/domains" >> "${shalla_file}" 2>/dev/null
+ fi
else
- rc=220
- fi
- if [ $((rc)) -ne 0 ]
- then
- break
+ f_log "shallalist archive extraction failed (${category})" "${rc}"
+ f_restore
fi
done
# finish shallalist (pre-)processing
#
- if [ $((rc)) -eq 0 ]
- then
- adb_sources="${adb_sources} file:///${shalla_file}&ruleset=rset_shalla"
- /usr/bin/logger -t "adblock[${pid}]" "info: shallalist (pre-)processing finished (${adb_cat_shalla})"
- else
- /usr/bin/logger -t "adblock[${pid}]" "error: shallalist (pre-)processing failed (${rc}, ${adb_cat_shalla})"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: shallalist (pre-)processing failed (${rc}, ${adb_cat_shalla})" >> "${adb_logfile}"
- restore_msg="shallalist merge failed"
- f_restore
- fi
+ rm -f "${shalla_archive}" >/dev/null 2>&1
+ rm -rf "${adb_tmpdir}/BL" >/dev/null 2>&1
+ adb_sources="${adb_sources} file:///${shalla_file}&ruleset=rset_shalla"
+ f_log "shallalist (pre-)processing finished (${adb_cat_shalla# })"
fi
# loop through active adblock domain sources,
check_url="$(printf "${url}" | sed -n '/^https:/p')"
if [ -n "${check_url}" ]
then
- tmp_var="$(wget --timeout="${max_time}" --tries=1 --output-document=- "${url}" 2>/dev/null)"
- rc=$?
+ tmp_var="$(wget "${wget_parm}" --timeout="${adb_maxtime}" --tries=1 --output-document=- "${url}" 2>/dev/null)"
+ rc=${?}
else
- tmp_var="$(curl --insecure --max-time "${max_time}" "${url}" 2>/dev/null)"
- rc=$?
+ tmp_var="$(curl "${curl_parm}" --max-time "${adb_maxtime}" "${url}" 2>/dev/null)"
+ rc=${?}
fi
# check download result and prepare domain output by regex patterns
then
eval "$(printf "${src}" | sed 's/\(.*\&ruleset=\)/ruleset=\$/g')"
tmp_var="$(printf "%s\n" "${tmp_var}" | tr '[A-Z]' '[a-z]')"
- adb_count="$(printf "%s\n" "${tmp_var}" | eval "${ruleset}" | tee -a "${adb_tmpfile}" | wc -l)"
- /usr/bin/logger -t "adblock[${pid}]" "info: source download finished (${url}, ${adb_count} entries)"
+ count="$(printf "%s\n" "${tmp_var}" | eval "${ruleset}" | tee -a "${adb_tmpfile}" | wc -l)"
+ f_log "source download finished (${url}, ${count} entries)"
+ if [ "${url}" = "file:///${shalla_file}" ]
+ then
+ rm -f "${shalla_file}" >/dev/null 2>&1
+ fi
+ unset tmp_var
elif [ $((rc)) -eq 0 ] && [ -z "${tmp_var}" ]
then
- /usr/bin/logger -t "adblock[${pid}]" "info: empty source download finished (${url})"
+ f_log "empty source download finished (${url})"
else
- /usr/bin/logger -t "adblock[${pid}]" "error: source download failed (${url})"
- printf "$(/bin/date "+%d.%m.%Y %H:%M:%S") - error: source download failed (${url})" >> "${adb_logfile}"
- restore_msg="download failed"
+ f_log "source download failed (${url})" "${rc}"
f_restore
fi
done
-# create empty destination file
+# remove whitelist domains, sort domains and make them unique
+# and finally rewrite ad/abuse domain information to dnsmasq file
#
> "${adb_dnsfile}"
-
-# rewrite ad/abuse domain information to dns file,
-# remove duplicates and whitelist entries
-#
-grep -vxf "${adb_whitelist}" < "${adb_tmpfile}" | eval "${adb_dnsformat}" | sort -u 2>/dev/null >> "${adb_dnsfile}"
+grep -vxf "${adb_whitelist}" < "${adb_tmpfile}" 2>/dev/null | sort -u 2>/dev/null | eval "${adb_dnsformat}" 2>/dev/null >> "${adb_dnsfile}" 2>/dev/null
+rc=${?}
+if [ $((rc)) -eq 0 ]
+then
+ unset adb_tmpfile
+ f_log "domain merging finished"
+else
+ f_log "domain merging failed" "${rc}"
+ f_restore
+fi
# write dns file footer
#
# remove files and exit
#
f_remove
-exit 0
#
config adblock "global"
option adb_ip "192.168.2.1"
- option adb_dev "eth0"
- option adb_if "adblock"
option adb_domain "heise.de"
- option adb_minspace "100000"
option adb_blacklist "/etc/adblock/adblock.blacklist"
option adb_whitelist "/etc/adblock/adblock.whitelist"
config service "ntpcheck"
option enabled "0"
- list adb_ntplist "0.pool.ntp.org"
- list adb_ntplist "1.pool.ntp.org"
- list adb_ntplist "2.pool.ntp.org"
- list adb_ntplist "3.pool.ntp.org"
config service "backup"
option enabled "0"
option adb_backupfile "/tmp/adlist.backup"
-config service "errorlog"
+config service "debuglog"
option enabled "0"
- option adb_logfile "/tmp/error.log"
+ option adb_logfile "/tmp/adb_debug.log"
config service "querylog"
option enabled "0"
- option adb_queryfile "/tmp/query.log"
+ option adb_queryfile "/tmp/adb_query.log"
option adb_queryhistory "1"
config source "yoyo"
-# adblock configuration
+# adblock configuration sample
+#
+
+# generic options (always required)
#
config adblock "global"
+ # ip address of the local adblock interface/uhttpd instance,
+ # needs to be a different subnet from the normal LAN
option adb_ip "192.168.2.1"
- option adb_dev "eth0"
- option adb_if "adblock"
+
+ # name of an "always accessible" domain,
+ # this domain will be used for the final nslookup check
option adb_domain "heise.de"
- option adb_minspace "100000"
+
+ # full path to static domain blacklist file (one domain per line)
option adb_blacklist "/etc/adblock/adblock.blacklist"
+
+ # full path to static domain whitelist file (one domain per line)
option adb_whitelist "/etc/adblock/adblock.whitelist"
+# list of wan devices that are allowed for adblock updates (check /sys/class/net/<dev>),
+# if no one found the last adlist backup will be restored,
+# useful only for (mobile) multiwan setups
+# disabled by default
config service "wancheck"
option enabled "0"
list adb_wanlist "wan"
+# check that ntp has adjusted the system time on this device,
+# will be used for logfile writing and logfile housekeeping
+# disabled by default
config service "ntpcheck"
option enabled "0"
- list adb_ntplist "0.pool.ntp.org"
- list adb_ntplist "1.pool.ntp.org"
- list adb_ntplist "2.pool.ntp.org"
- list adb_ntplist "3.pool.ntp.org"
+# full path to backup file for adlist backups
+# disabled by default
config service "backup"
option enabled "0"
option adb_backupfile "/tmp/adlist.backup"
-config service "errorlog"
+# full path to debug logfile
+# by default adblock logs to syslog and stdout only
+# disabled by default
+config service "debuglog"
option enabled "0"
- option adb_logfile "/tmp/error.log"
+ option adb_logfile "/tmp/adb_debug.log"
+# full path to domain query logfile
+# a background task will trace every dns request to file, to easily identify free and already blocked domains,
+# for this to work, you've to enable the dnsmasq option "logqueries" too.
+# the "queryhistory" option deletes query logfiles older than n days (req. busybox find with mtime support)
+# disabled by default
config service "querylog"
option enabled "0"
- option adb_queryfile "/tmp/query.log"
+ option adb_queryfile "/tmp/adb_query.log"
option adb_queryhistory "1"
+# different adblock list sources
+# please do not change the urls listed below,
+# enable/disable sources as needed
+# for shallalist you can also enable/disable different ad categories
config source "yoyo"
option enabled "1"
option adb_src_yoyo "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext&ruleset=rset_yoyo"
--- /dev/null
+# main uhttpd instance listens only to internal LAN
+#
+ config uhttpd 'main'
+ list listen_http '192.168.1.1:80'
--- /dev/null
+--- a/src/system.h
++++ b/src/system.h
+@@ -78,11 +78,6 @@
+ #include <sys/stat.h>
+ #endif
+
+-#ifdef HAVE_LINUX_SYSINFO_H
+-#define _LINUX_KERNEL_H
+-#include <linux/sysinfo.h>
+-#endif
+-
+ #ifdef HAVE_TIME_H
+ #include <time.h>
+ #endif
+@@ -123,6 +118,11 @@
+ #include <signal.h>
+ #endif
+
++#ifdef HAVE_SYS_SYSINFO_H
++#define _LINUX_SYSINFO_H
++#include <sys/sysinfo.h>
++#endif
++
+ #if defined(__linux__)
+ #include <asm/types.h>
+ #include <linux/if.h>
+@@ -135,10 +135,6 @@
+ #include <linux/un.h>
+ #endif
+
+-#ifdef HAVE_SYS_SYSINFO_H
+-#include <sys/sysinfo.h>
+-#endif
+-
+ #elif defined (__FreeBSD__) || defined (__APPLE__) || defined (__OpenBSD__) || defined (__NetBSD__)
+ #include <net/if.h>
+ #include <net/bpf.h>
+@@ -170,10 +166,6 @@
+ #include <net/if_tun.h>
+ #endif
+
+-#ifdef HAVE_NET_ETHERNET_H
+-#include <net/ethernet.h>
+-#endif
+-
+ #ifdef HAVE_ASM_TYPES_H
+ #include <asm/types.h>
+ #endif
+--- a/src/chilli_limits.h
++++ b/src/chilli_limits.h
+@@ -18,8 +18,8 @@
+ *
+ */
+
+-#ifndef _LIMITS_H
+-#define _LIMITS_H
++#ifndef _CHILLI_LIMITS_H
++#define _CHILLI_LIMITS_H
+
+ /*
+ * extracted from various .h files, needs some cleanup.
include $(TOPDIR)/rules.mk
PKG_NAME:=cshark
-PKG_VERSION:=2015-03-13
+PKG_VERSION:=2015-11-24
PKG_RELEASE=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/cloudshark/cshark.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ab2ae2fbd72b6cbd57c95e3192edc3c1f475412b
+PKG_SOURCE_VERSION:=e575ab3d35d75a6f70488001fcba45690ebe9b3e
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_BUILD_PARALLEL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=mwan3
-PKG_VERSION:=1.6
-PKG_RELEASE:=3
+PKG_VERSION:=2.0
+PKG_RELEASE:=0
PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
PKG_LICENSE:=GPLv2
-config interface 'wan'
+config interface 'wan1'
option enabled '1'
list track_ip '8.8.4.4'
- list track_ip '8.8.8.8'
- list track_ip '208.67.222.222'
- list track_ip '208.67.220.220'
- option reliability '2'
+ option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option up '8'
config interface 'wan2'
- option enabled '0'
+ option enabled '1'
list track_ip '8.8.8.8'
- list track_ip '208.67.220.220'
option reliability '1'
option count '1'
option timeout '2'
option down '3'
option up '8'
-config member 'wan_m1_w3'
- option interface 'wan'
- option metric '1'
- option weight '3'
+config interface 'wan3'
+ option enabled '1'
+ list track_ip '208.67.222.222'
+ option reliability '1'
+ option count '1'
+ option timeout '2'
+ option interval '5'
+ option down '3'
+ option up '8'
-config member 'wan_m2_w3'
- option interface 'wan'
- option metric '2'
- option weight '3'
+config interface 'wan1_v6'
+ option family 'ipv6'
+ option enabled '1'
+ list track_ip '2001:7b8:1::2'
+ option reliability '1'
+ option count '1'
+ option timeout '2'
+ option interval '5'
+ option down '3'
+ option up '8'
-config member 'wan2_m1_w2'
- option interface 'wan2'
+config interface 'wan2_v6'
+ option family 'ipv6'
+ option enabled '1'
+ list track_ip '2001:7b8:2::2'
+ option reliability '1'
+ option count '1'
+ option timeout '2'
+ option interval '5'
+ option down '3'
+ option up '8'
+
+config interface 'wan3_v6'
+ option family 'ipv6'
+ option enabled '1'
+ list track_ip '2001:7b8:3::2'
+ option reliability '1'
+ option count '1'
+ option timeout '2'
+ option interval '5'
+ option down '3'
+ option up '8'
+
+config member 'wan1_m1_w1'
+ option interface 'wan1'
option metric '1'
- option weight '2'
+ option weight '1'
-config member 'wan2_m2_w2'
+config member 'wan2_m1_w1'
option interface 'wan2'
- option metric '2'
- option weight '2'
+ option metric '1'
+ option weight '1'
+
+config member 'wan3_m1_w1'
+ option interface 'wan3'
+ option metric '1'
+ option weight '1'
+
+config member 'wan1_v6_m1_w1'
+ option interface 'wan1_v6'
+ option metric '1'
+ option weight '1'
+
+config member 'wan2_v6_m1_w1'
+ option interface 'wan2_v6'
+ option metric '1'
+ option weight '1'
+
+config member 'wan3_v6_m1_w1'
+ option interface 'wan3_v6'
+ option metric '1'
+ option weight '1'
-config policy 'wan_only'
- list use_member 'wan_m1_w3'
+config policy 'wan1_only'
+ list use_member 'wan1_m1_w1'
config policy 'wan2_only'
- list use_member 'wan2_m1_w2'
+ list use_member 'wan2_m1_w1'
+
+config policy 'wan3_only'
+ list use_member 'wan3_m1_w1'
+
+config policy 'wan1_v6_only'
+ list use_member 'wan1_v6_m1_w1'
+
+config policy 'wan2_v6_only'
+ list use_member 'wan2_v6_m1_w1'
+
+config policy 'wan3_v6_only'
+ list use_member 'wan3_v6_m1_w1'
config policy 'balanced'
- list use_member 'wan_m1_w3'
- list use_member 'wan2_m1_w2'
+ list use_member 'wan1_m1_w1'
+ list use_member 'wan2_m1_w1'
+ list use_member 'wan3_m1_w1'
+ list use_member 'wan1_v6_m1_w1'
+ list use_member 'wan2_v6_m1_w1'
+ list use_member 'wan3_v6_m1_w1'
-config policy 'wan_wan2'
- list use_member 'wan_m1_w3'
- list use_member 'wan2_m2_w2'
+config rule 'https'
+ option src_ip '2001:3::/64'
+ option dest_port '443'
+ option proto 'tcp'
+ option use_policy 'balanced'
-config policy 'wan2_wan'
- list use_member 'wan_m2_w3'
- list use_member 'wan2_m1_w2'
+config rule 'https2'
+ option dest_port '19443'
+ option proto 'tcp'
+ option use_policy 'balanced'
+ option sticky '1'
-config rule 'youtube'
+config rule 'igs'
+ option proto 'icmp'
+ option family 'ipv4'
option sticky '1'
- option ipset 'youtube'
- option dest_port '80,443'
- option proto 'tcp'
+ option ipset 'google'
option use_policy 'balanced'
-config rule 'https'
+config rule 'i6gs'
+ option proto 'icmpv6'
+ option family 'ipv6'
option sticky '1'
- option dest_port '443'
- option proto 'tcp'
+ option ipset 'google'
option use_policy 'balanced'
config rule 'default_rule'
- option dest_ip '0.0.0.0/0'
option use_policy 'balanced'
#!/bin/sh
-local IP IPS IPT LOG
+[ "$ACTION" == "ifup" -o "$ACTION" == "ifdown" ] || exit 1
+[ -n "$INTERFACE" ] || exit 2
-[ -n "$ACTION" ] || exit 0
-[ -n "$INTERFACE" ] || exit 0
-
-if [ $ACTION == "ifup" ]; then
- [ -n "$DEVICE" ] || exit 0
-fi
-
-if [ -x /usr/sbin/ip ]; then
- IP="/usr/sbin/ip -4"
-elif [ -x /usr/bin/ip ]; then
- IP="/usr/bin/ip -4"
-else
- exit 1
-fi
-
-if [ -x /usr/sbin/ipset ]; then
- IPS="/usr/sbin/ipset"
-else
- exit 1
-fi
-
-if [ -x /usr/sbin/iptables ]; then
- IPT="/usr/sbin/iptables -t mangle -w"
-else
- exit 1
+if [ "$ACTION" == "ifup" ]; then
+ [ -n "$DEVICE" ] || exit 3
fi
-if [ -x /usr/bin/logger ]; then
- LOG="/usr/bin/logger -t mwan3 -p"
-else
- exit 1
-fi
-
-
-mwan3_get_iface_id()
-{
- let iface_count++
- [ "$1" == "$INTERFACE" ] && iface_id=$iface_count
-}
-
-mwan3_set_general_iptables()
-{
- if ! $IPT -S mwan3_ifaces &> /dev/null; then
- $IPT -N mwan3_ifaces
- fi
-
- if ! $IPT -S mwan3_connected &> /dev/null; then
- $IPT -N mwan3_connected
- $IPS create mwan3_connected hash:net
- $IPT -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0xff00/0xff00
- fi
-
- if ! $IPT -S mwan3_track &> /dev/null; then
- $IPT -N mwan3_track
- fi
-
- if ! $IPT -S mwan3_rules &> /dev/null; then
- $IPT -N mwan3_rules
- fi
-
- if ! $IPT -S mwan3_hook &> /dev/null; then
- $IPT -N mwan3_hook
- $IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
- $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces
- $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
- $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_track
- $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
- $IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
- $IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected
- fi
-
- if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
- $IPT -A PREROUTING -j mwan3_hook
- fi
-
- if ! $IPT -S OUTPUT | grep mwan3_hook &> /dev/null; then
- $IPT -A OUTPUT -j mwan3_hook
- fi
-
- $IPT -F mwan3_rules
-}
-
-mwan3_set_general_rules()
-{
- if [ -z "$($IP rule list | awk '$1 == "2253:"')" ]; then
- $IP rule add pref 2253 fwmark 0xfd00/0xff00 blackhole
- fi
-
- if [ -z "$($IP rule list | awk '$1 == "2254:"')" ]; then
- $IP rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
- fi
-}
-
-mwan3_set_connected_iptables()
-{
- local connected_network
-
- if $IPT -S mwan3_connected &> /dev/null; then
-
- $IPS create mwan3_connected_temp hash:net
-
- for connected_network in $($IP route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
- $IPS -! add mwan3_connected_temp $connected_network
- done
-
- for connected_network in $($IP route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
- $IPS -! add mwan3_connected_temp $connected_network
- done
-
- $IPS add mwan3_connected_temp 224.0.0.0/3
- $IPS swap mwan3_connected_temp mwan3_connected
- $IPS destroy mwan3_connected_temp
-
- fi
-}
-
-mwan3_set_iface_iptables()
-{
- if ! $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
- $IPT -N mwan3_iface_$INTERFACE
- fi
-
- $IPT -F mwan3_iface_$INTERFACE
- $IPT -D mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
-
- if [ $ACTION == "ifup" ]; then
- $IPT -I mwan3_iface_$INTERFACE -i $DEVICE -m set --match-set mwan3_connected src -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
- $IPT -A mwan3_iface_$INTERFACE -i $DEVICE -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
- $IPT -A mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
- fi
-
- if [ $ACTION == "ifdown" ]; then
- $IPT -X mwan3_iface_$INTERFACE
- fi
-}
-
-mwan3_set_iface_route()
-{
- $IP route flush table $iface_id
- [ $ACTION == "ifup" ] && $IP route add table $iface_id default $route_args
-}
-
-mwan3_set_iface_rules()
-{
- while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
- $IP rule del pref $(($iface_id+1000))
- done
-
- while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
- $IP rule del pref $(($iface_id+2000))
- done
-
- [ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+1000)) iif $DEVICE lookup main
- [ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
-}
-
-mwan3_set_iface_ipset()
-{
- local setname entry
-
- for setname in $(ipset -n list | grep ^mwan3_sticky_); do
- for entry in $(ipset list $setname | grep "$(echo $(($iface_id*256)) | awk '{ printf "0x%08x", $1; }')" | cut -d ' ' -f 1); do
- $IPS del $setname $entry
- done
- done
-}
-
-mwan3_track()
-{
- local track_ip track_ips reliability count timeout interval down up
-
- mwan3_list_track_ips()
- {
- track_ips="$1 $track_ips"
- }
- config_list_foreach $INTERFACE track_ip mwan3_list_track_ips
-
- if [ -e /var/run/mwan3track-$INTERFACE.pid ] ; then
- kill $(cat /var/run/mwan3track-$INTERFACE.pid) &> /dev/null
- rm /var/run/mwan3track-$INTERFACE.pid &> /dev/null
- fi
-
- if [ -n "$track_ips" ]; then
- config_get reliability $INTERFACE reliability 1
- config_get count $INTERFACE count 1
- config_get timeout $INTERFACE timeout 4
- config_get interval $INTERFACE interval 10
- config_get down $INTERFACE down 5
- config_get up $INTERFACE up 5
-
- $IPS -! create mwan3_track_$INTERFACE hash:ip
- $IPS create mwan3_track_temp_$INTERFACE hash:ip
-
- for track_ip in $track_ips; do
- $IPS -! add mwan3_track_temp_$INTERFACE $track_ip
- done
-
- $IPS swap mwan3_track_temp_$INTERFACE mwan3_track_$INTERFACE
- $IPS destroy mwan3_track_temp_$INTERFACE
-
- $IPT -D mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00 &> /dev/null
- $IPT -A mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00
-
- [ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
- else
- $IPT -D mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00 &> /dev/null
- $IPS destroy mwan3_track_$INTERFACE
- fi
-}
-
-mwan3_set_policy()
-{
- local iface_count iface_id INTERFACE metric probability weight
-
- config_get INTERFACE $1 interface
- config_get metric $1 metric 1
- config_get weight $1 weight 1
-
- [ -n "$INTERFACE" ] || return 0
+[ -x /usr/bin/ip ] || exit 4
+[ -x /usr/sbin/ipset ] || exit 5
+[ -x /usr/sbin/iptables ] || exit 6
+[ -x /usr/sbin/ip6tables ] || exit 7
+[ -x /usr/bin/logger ] || exit 8
- config_foreach mwan3_get_iface_id interface
+. /lib/functions.sh
+. /lib/functions/network.sh
+. /lib/mwan3/mwan3.sh
- [ -n "$iface_id" ] || return 0
+config_load mwan3
- if $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
- if [ "$metric" -lt "$lowest_metric" ]; then
+config_get enabled $INTERFACE enabled 0
+[ "$enabled" == "1" ] || exit 0
- total_weight=$weight
- $IPT -F mwan3_policy_$policy
- $IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE $weight $weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
+$LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
- lowest_metric=$metric
-
- elif [ "$metric" -eq "$lowest_metric" ]; then
-
- total_weight=$(($total_weight+$weight))
- probability=$(($weight*1000/$total_weight))
-
- if [ "$probability" -lt 10 ]; then
- probability="0.00$probability"
- elif [ $probability -lt 100 ]; then
- probability="0.0$probability"
- elif [ $probability -lt 1000 ]; then
- probability="0.$probability"
- else
- probability="1"
- fi
-
- probability="-m statistic --mode random --probability $probability"
-
- $IPT -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
- fi
- fi
-}
-
-mwan3_set_policies_iptables()
-{
- local last_resort lowest_metric policy total_weight
-
- policy=$1
-
- config_get last_resort $1 last_resort unreachable
-
- if [ "$policy" != $(echo "$policy" | cut -c1-15) ]; then
- $LOG warn "Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
- fi
-
- if ! $IPT -S mwan3_policy_$policy &> /dev/null; then
- $IPT -N mwan3_policy_$policy
- fi
-
- $IPT -F mwan3_policy_$policy
-
- case "$last_resort" in
- blackhole)
- $IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "blackhole" -j MARK --set-xmark 0xfd00/0xff00
- ;;
- default)
- $IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
- ;;
- *)
- $IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
- ;;
- esac
-
- lowest_metric=256
- total_weight=0
-
- config_list_foreach $policy use_member mwan3_set_policy
-}
-
-mwan3_set_sticky_iptables()
-{
- local INTERFACE iface_count iface_id
-
- INTERFACE="$1"
-
- config_foreach mwan3_get_iface_id interface
- unset iface_count
-
- $IPS -! create mwan3_sticky_$rule hash:ip,mark markmask 0xff00 timeout $timeout
-
- if [ -n "$iface_id" ]; then
- if [ -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" ]; then
- $IPT -I mwan3_rule_$rule -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
- $IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($iface_id*256))/0xff00
- fi
- fi
-
- unset iface_id
-}
-
-mwan3_set_user_rules_iptables()
-{
- local ipset proto src_ip src_port sticky dest_ip dest_port use_policy rule timeout
-
- config_get sticky $1 sticky 0
- config_get timeout $1 timeout 600
- config_get ipset $1 ipset
- config_get proto $1 proto all
- config_get src_ip $1 src_ip 0.0.0.0/0
- config_get src_port $1 src_port 0:65535
- config_get dest_ip $1 dest_ip 0.0.0.0/0
- config_get dest_port $1 dest_port 0:65535
- config_get use_policy $1 use_policy
-
- rule="$1"
-
- if [ "$rule" != $(echo "$rule" | cut -c1-15) ]; then
- $LOG warn "Rule $rule exceeds max of 15 chars. Not setting rule" && return 0
- fi
-
- if [ -n "$ipset" ]; then
- if [ -z "$($IPS -n list $ipset)" ]; then
- $IPS create $ipset hash:ip timeout 3600
- fi
-
- ipset="-m set --match-set $ipset dst"
- fi
-
- if [ -n "$use_policy" ]; then
- if [ "$use_policy" == "default" ]; then
- use_policy="MARK --set-xmark 0xff00/0xff00"
- elif [ "$use_policy" == "unreachable" ]; then
- use_policy="MARK --set-xmark 0xfe00/0xff00"
- elif [ "$use_policy" == "blackhole" ]; then
- use_policy="MARK --set-xmark 0xfd00/0xff00"
- else
- if [ "$sticky" -eq 1 ]; then
-
- if ! $IPT -S mwan3_rule_$rule &> /dev/null; then
- $IPT -N mwan3_rule_$rule
- fi
-
- $IPT -F mwan3_rule_$rule
-
- config_foreach mwan3_set_sticky_iptables interface
-
- $IPT -A mwan3_rule_$rule -m mark --mark 0/0xff00 -j mwan3_policy_$use_policy
- $IPT -A mwan3_rule_$rule -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_$rule src,src
- $IPT -A mwan3_rule_$rule -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_$rule src,src
-
- use_policy="mwan3_rule_$rule"
- else
- use_policy="mwan3_policy_$use_policy"
- fi
- fi
-
- case $proto in
- tcp|udp)
- $IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
- ;;
- *)
- $IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
- ;;
- esac
- fi
-}
-
-mwan3_ifupdown()
-{
- local counter enabled iface_count iface_id route_args wan_metric
-
- config_load mwan3
- config_foreach mwan3_get_iface_id interface
-
- [ -n "$iface_id" ] || return 0
- [ "$iface_count" -le 250 ] || return 0
- unset iface_count
-
- config_get enabled $INTERFACE enabled 0
-
- counter=0
-
- if [ $ACTION == "ifup" ]; then
- [ "$enabled" -eq 1 ] || return 0
-
- while [ -z "$($IP route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
- sleep 1
- let counter++
- if [ "$counter" -ge 10 ]; then
- $LOG warn "Could not find gateway for interface $INTERFACE ($DEVICE)" && return 0
- fi
- done
-
- route_args=$($IP route list dev $DEVICE default | head -1 | sed '/.*via \([^ ]*\) .*$/!d;s//via \1/;q' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
- route_args="$route_args dev $DEVICE"
- fi
-
- while [ "$(pgrep -f -o hotplug-call)" -ne $$ -a "$counter" -lt 60 ]; do
- sleep 1
- let counter++
- if [ "$counter" -ge 60 ]; then
- $LOG warn "Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE (${DEVICE:-unknown}) aborted" && return 0
- fi
- done
-
- $LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
-
- mwan3_set_general_iptables
- mwan3_set_general_rules
- mwan3_set_iface_iptables
- mwan3_set_iface_route
- mwan3_set_iface_rules
-
- [ $ACTION == "ifdown" ] && mwan3_set_iface_ipset
- [ $ACTION == "ifup" ] && mwan3_track
-
- config_foreach mwan3_set_policies_iptables policy
- config_foreach mwan3_set_user_rules_iptables rule
-}
+mwan3_set_connected_iptables
case "$ACTION" in
- ifup|ifdown)
- mwan3_ifupdown
- mwan3_set_connected_iptables
+ ifup)
+ mwan3_set_general_rules
+ mwan3_set_general_iptables
+ mwan3_create_iface_rules $INTERFACE $DEVICE
+ mwan3_create_iface_iptables $INTERFACE $DEVICE
+ mwan3_create_iface_route $INTERFACE $DEVICE
+ mwan3_track $INTERFACE $DEVICE
+ mwan3_set_user_rules
+ ;;
+ ifdown)
+ mwan3_delete_iface_rules $INTERFACE
+ mwan3_delete_iface_iptables $INTERFACE
+ mwan3_delete_iface_route $INTERFACE
+ mwan3_delete_iface_ipset_entries $INTERFACE
;;
esac
+config_foreach mwan3_create_policies_iptables policy
+
exit 0
--- /dev/null
+#!/bin/sh
+
+local IP4 IP6 IPS IPT4 IPT6 LOG
+
+IP4="/usr/bin/ip -4"
+IP6="/usr/bin/ip -6"
+IPS="/usr/sbin/ipset"
+IPT4="/usr/sbin/iptables -t mangle -w"
+IPT6="/usr/sbin/ip6tables -t mangle -w"
+LOG="/usr/bin/logger -t mwan3 -p"
+
+mwan3_get_iface_id()
+{
+ local _tmp _iface _iface_count
+
+ _iface="$2"
+
+ mwan3_get_id()
+ {
+ let _iface_count++
+ [ "$1" == "$_iface" ] && _tmp=$_iface_count
+ }
+ config_foreach mwan3_get_id interface
+ export "$1=$_tmp"
+}
+
+mwan3_set_connected_iptables()
+{
+ local connected_network_v4 connected_network_v6
+
+ $IPS -! create mwan3_connected_v4 hash:net
+ $IPS create mwan3_connected_v4_temp hash:net
+
+ for connected_network_v4 in $($IP4 route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
+ $IPS -! add mwan3_connected_v4_temp $connected_network_v4
+ done
+
+ for connected_network_v4 in $($IP4 route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
+ $IPS -! add mwan3_connected_v4_temp $connected_network_v4
+ done
+
+ $IPS add mwan3_connected_v4_temp 224.0.0.0/3
+
+ $IPS swap mwan3_connected_v4_temp mwan3_connected_v4
+ $IPS destroy mwan3_connected_v4_temp
+
+ $IPS -! create mwan3_connected_v6 hash:net family inet6
+ $IPS create mwan3_connected_v6_temp hash:net family inet6
+
+ for connected_network_v6 in $($IP6 route | awk '{print $1}' | egrep '([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'); do
+ $IPS -! add mwan3_connected_v6_temp $connected_network_v6
+ done
+
+ $IPS swap mwan3_connected_v6_temp mwan3_connected_v6
+ $IPS destroy mwan3_connected_v6_temp
+
+ $IPS -! create mwan3_connected list:set
+ $IPS -! add mwan3_connected mwan3_connected_v4
+ $IPS -! add mwan3_connected mwan3_connected_v6
+}
+
+mwan3_set_general_rules()
+{
+ local IP
+
+ for IP in "$IP4" "$IP6"; do
+
+ if [ -z "$($IP rule list | awk '$1 == "2253:"')" ]; then
+ $IP rule add pref 2253 fwmark 0xfd00/0xff00 blackhole
+ fi
+
+ if [ -z "$($IP rule list | awk '$1 == "2254:"')" ]; then
+ $IP rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
+ fi
+ done
+}
+
+mwan3_set_general_iptables()
+{
+ local IPT
+
+ for IPT in "$IPT4" "$IPT6"; do
+
+ if ! $IPT -S mwan3_ifaces_in &> /dev/null; then
+ $IPT -N mwan3_ifaces_in
+ fi
+
+ if ! $IPT -S mwan3_ifaces_out &> /dev/null; then
+ $IPT -N mwan3_ifaces_out
+ fi
+
+ if ! $IPT -S mwan3_connected &> /dev/null; then
+ $IPT -N mwan3_connected
+ $IPS -! create mwan3_connected list:set
+ $IPT -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0xff00/0xff00
+ fi
+
+ if ! $IPT -S mwan3_rules &> /dev/null; then
+ $IPT -N mwan3_rules
+ fi
+
+ if ! $IPT -S mwan3_hook &> /dev/null; then
+ $IPT -N mwan3_hook
+ $IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
+ $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces_in
+ $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces_out
+ $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
+ $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
+ $IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
+ $IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected
+ fi
+
+ if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
+ $IPT -A PREROUTING -j mwan3_hook
+ fi
+
+ if ! $IPT -S OUTPUT | grep mwan3_hook &> /dev/null; then
+ $IPT -A OUTPUT -j mwan3_hook
+ fi
+ done
+}
+
+mwan3_create_iface_iptables()
+{
+ local id family src_ip src_ipv6
+
+ config_get family $1 family ipv4
+ mwan3_get_iface_id id $1
+
+ [ -n "$id" ] || return 0
+
+ if [ "$family" == "ipv4" ]; then
+
+ network_get_ipaddr src_ip $1
+
+ $IPS -! create mwan3_connected list:set
+
+ if ! $IPT4 -S mwan3_ifaces_in &> /dev/null; then
+ $IPT4 -N mwan3_ifaces_in
+ fi
+
+ if ! $IPT4 -S mwan3_ifaces_out &> /dev/null; then
+ $IPT4 -N mwan3_ifaces_out
+ fi
+
+ if ! $IPT4 -S mwan3_iface_in_$1 &> /dev/null; then
+ $IPT4 -N mwan3_iface_in_$1
+ fi
+
+ if ! $IPT4 -S mwan3_iface_out_$1 &> /dev/null; then
+ $IPT4 -N mwan3_iface_out_$1
+ fi
+
+ $IPT4 -F mwan3_iface_in_$1
+ $IPT4 -A mwan3_iface_in_$1 -i $2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
+ $IPT4 -A mwan3_iface_in_$1 -i $2 -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
+
+ $IPT4 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
+ $IPT4 -A mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1
+
+ $IPT4 -F mwan3_iface_out_$1
+ $IPT4 -A mwan3_iface_out_$1 -s $src_ip -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
+
+ $IPT4 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
+ $IPT4 -A mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+
+ network_get_ipaddr6 src_ipv6 $1
+
+ $IPS -! create mwan3_connected_v6 hash:net family inet6
+
+ if ! $IPT6 -S mwan3_ifaces_in &> /dev/null; then
+ $IPT6 -N mwan3_ifaces_in
+ fi
+
+ if ! $IPT6 -S mwan3_ifaces_out &> /dev/null; then
+ $IPT6 -N mwan3_ifaces_out
+ fi
+
+ if ! $IPT6 -S mwan3_iface_in_$1 &> /dev/null; then
+ $IPT6 -N mwan3_iface_in_$1
+ fi
+
+ if ! $IPT6 -S mwan3_iface_out_$1 &> /dev/null; then
+ $IPT6 -N mwan3_iface_out_$1
+ fi
+
+ $IPT6 -F mwan3_iface_in_$1
+ $IPT6 -A mwan3_iface_in_$1 -i $2 -m set --match-set mwan3_connected_v6 src -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
+ $IPT6 -A mwan3_iface_in_$1 -i $2 -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
+
+ $IPT6 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
+ $IPT6 -A mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1
+
+ $IPT6 -F mwan3_iface_out_$1
+ $IPT6 -A mwan3_iface_out_$1 -s $src_ipv6 -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
+
+ $IPT6 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
+ $IPT6 -A mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1
+ fi
+}
+
+mwan3_delete_iface_iptables()
+{
+ config_get family $1 family ipv4
+
+ if [ "$family" == "ipv4" ]; then
+
+ $IPT4 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
+ $IPT4 -F mwan3_iface_in_$1 &> /dev/null
+ $IPT4 -X mwan3_iface_in_$1 &> /dev/null
+
+ $IPT4 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
+ $IPT4 -F mwan3_iface_out_$1 &> /dev/null
+ $IPT4 -X mwan3_iface_out_$1 &> /dev/null
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+
+ $IPT6 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
+ $IPT6 -F mwan3_iface_in_$1 &> /dev/null
+ $IPT6 -X mwan3_iface_in_$1 &> /dev/null
+
+ $IPT6 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
+ $IPT6 -F mwan3_iface_out_$1 &> /dev/null
+ $IPT6 -X mwan3_iface_out_$1 &> /dev/null
+ fi
+}
+
+mwan3_create_iface_route()
+{
+ local id route_args
+
+ config_get family $1 family ipv4
+ mwan3_get_iface_id id $1
+
+ [ -n "$id" ] || return 0
+
+ if [ "$family" == "ipv4" ]; then
+
+ network_get_gateway route_args $1
+ route_args="via $route_args dev $2"
+
+ $IP4 route flush table $id
+ $IP4 route add table $id default $route_args
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+
+ network_get_gateway6 route_args $1
+ route_args="via $route_args dev $2"
+
+ $IP6 route flush table $id
+ $IP6 route add table $id default $route_args
+ fi
+}
+
+mwan3_delete_iface_route()
+{
+ local id
+
+ config_get family $1 family ipv4
+ mwan3_get_iface_id id $1
+
+ [ -n "$id" ] || return 0
+
+ if [ "$family" == "ipv4" ]; then
+ $IP4 route flush table $id
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+ $IP6 route flush table $id
+ fi
+}
+
+mwan3_create_iface_rules()
+{
+ local id family
+
+ config_get family $1 family ipv4
+ mwan3_get_iface_id id $1
+
+ [ -n "$id" ] || return 0
+
+ if [ "$family" == "ipv4" ]; then
+
+ while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
+ $IP4 rule del pref $(($id+1000))
+ done
+
+ while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
+ $IP4 rule del pref $(($id+2000))
+ done
+
+ $IP4 rule add pref $(($id+1000)) iif $2 lookup main
+ $IP4 rule add pref $(($id+2000)) fwmark $(($id*256))/0xff00 lookup $id
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+
+ while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
+ $IP6 rule del pref $(($id+1000))
+ done
+
+ while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
+ $IP6 rule del pref $(($id+2000))
+ done
+
+ $IP6 rule add pref $(($id+1000)) iif $2 lookup main
+ $IP6 rule add pref $(($id+2000)) fwmark $(($id*256))/0xff00 lookup $id
+ fi
+}
+
+mwan3_delete_iface_rules()
+{
+ local id family
+
+ config_get family $1 family ipv4
+ mwan3_get_iface_id id $1
+
+ [ -n "$id" ] || return 0
+
+ if [ "$family" == "ipv4" ]; then
+
+ while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
+ $IP4 rule del pref $(($id+1000))
+ done
+
+ while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
+ $IP4 rule del pref $(($id+2000))
+ done
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+
+ while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
+ $IP6 rule del pref $(($id+1000))
+ done
+
+ while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
+ $IP6 rule del pref $(($id+2000))
+ done
+ fi
+}
+
+mwan3_delete_iface_ipset_entries()
+{
+ local id setname entry
+
+ mwan3_get_iface_id id $1
+
+ [ -n "$id" ] || return 0
+
+ for setname in $(ipset -n list | grep ^mwan3_sticky_); do
+ for entry in $(ipset list $setname | grep "$(echo $(($id*256)) | awk '{ printf "0x%08x", $1; }')" | cut -d ' ' -f 1); do
+ $IPS del $setname $entry
+ done
+ done
+}
+
+mwan3_track()
+{
+ local track_ip track_ips reliability count timeout interval down up
+
+ mwan3_list_track_ips()
+ {
+ track_ips="$1 $track_ips"
+ }
+ config_list_foreach $1 track_ip mwan3_list_track_ips
+
+ if [ -e /var/run/mwan3track-$1.pid ] ; then
+ kill $(cat /var/run/mwan3track-$1.pid) &> /dev/null
+ rm /var/run/mwan3track-$1.pid &> /dev/null
+ fi
+
+ if [ -n "$track_ips" ]; then
+ config_get reliability $1 reliability 1
+ config_get count $1 count 1
+ config_get timeout $1 timeout 4
+ config_get interval $1 interval 10
+ config_get down $1 down 5
+ config_get up $1 up 5
+
+ [ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $1 $2 $reliability $count $timeout $interval $down $up $track_ips &
+ fi
+}
+
+mwan3_set_policy()
+{
+ local iface_count id iface family metric probability weight
+
+ config_get iface $1 interface
+ config_get metric $1 metric 1
+ config_get weight $1 weight 1
+
+ [ -n "$iface" ] || return 0
+
+ mwan3_get_iface_id id $iface
+
+ [ -n "$id" ] || return 0
+
+ config_get family $iface family ipv4
+
+ if [ "$family" == "ipv4" ]; then
+
+ if [ -n "$($IP4 route list table $id)" ]; then
+ if [ "$metric" -lt "$lowest_metric_v4" ]; then
+
+ total_weight_v4=$weight
+ $IPT4 -F mwan3_policy_$policy
+ $IPT4 -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$iface $weight $weight" -j MARK --set-xmark $(($id*256))/0xff00
+
+ lowest_metric_v4=$metric
+
+ elif [ "$metric" -eq "$lowest_metric_v4" ]; then
+
+ total_weight_v4=$(($total_weight_v4+$weight))
+ probability=$(($weight*1000/$total_weight_v4))
+
+ if [ "$probability" -lt 10 ]; then
+ probability="0.00$probability"
+ elif [ $probability -lt 100 ]; then
+ probability="0.0$probability"
+ elif [ $probability -lt 1000 ]; then
+ probability="0.$probability"
+ else
+ probability="1"
+ fi
+
+ probability="-m statistic --mode random --probability $probability"
+
+ $IPT4 -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$iface $weight $total_weight_v4" -j MARK --set-xmark $(($id*256))/0xff00
+ fi
+ fi
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+
+ if [ -n "$($IP6 route list table $id)" ]; then
+ if [ "$metric" -lt "$lowest_metric_v6" ]; then
+
+ total_weight_v6=$weight
+ $IPT6 -F mwan3_policy_$policy
+ $IPT6 -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$iface $weight $weight" -j MARK --set-xmark $(($id*256))/0xff00
+
+ lowest_metric_v6=$metric
+
+ elif [ "$metric" -eq "$lowest_metric_v6" ]; then
+
+ total_weight_v6=$(($total_weight_v6+$weight))
+ probability=$(($weight*1000/$total_weight_v6))
+
+ if [ "$probability" -lt 10 ]; then
+ probability="0.00$probability"
+ elif [ $probability -lt 100 ]; then
+ probability="0.0$probability"
+ elif [ $probability -lt 1000 ]; then
+ probability="0.$probability"
+ else
+ probability="1"
+ fi
+
+ probability="-m statistic --mode random --probability $probability"
+
+ $IPT6 -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$iface $weight $total_weight_v6" -j MARK --set-xmark $(($id*256))/0xff00
+ fi
+ fi
+ fi
+}
+
+mwan3_create_policies_iptables()
+{
+ local last_resort lowest_metric_v4 lowest_metric_v6 total_weight_v4 total_weight_v6 policy IPT
+
+ policy="$1"
+
+ config_get last_resort $1 last_resort unreachable
+
+ if [ "$1" != $(echo "$1" | cut -c1-15) ]; then
+ $LOG warn "Policy $1 exceeds max of 15 chars. Not setting policy" && return 0
+ fi
+
+ for IPT in "$IPT4" "$IPT6"; do
+
+ if ! $IPT -S mwan3_policy_$1 &> /dev/null; then
+ $IPT -N mwan3_policy_$1
+ fi
+
+ $IPT -F mwan3_policy_$1
+
+ case "$last_resort" in
+ blackhole)
+ $IPT -A mwan3_policy_$1 -m mark --mark 0x0/0xff00 -m comment --comment "blackhole" -j MARK --set-xmark 0xfd00/0xff00
+ ;;
+ default)
+ $IPT -A mwan3_policy_$1 -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
+ ;;
+ *)
+ $IPT -A mwan3_policy_$1 -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
+ ;;
+ esac
+ done
+
+ lowest_metric_v4=256
+ total_weight_v4=0
+
+ lowest_metric_v6=256
+ total_weight_v6=0
+
+ config_list_foreach $1 use_member mwan3_set_policy
+}
+
+mwan3_set_sticky_iptables()
+{
+ local id
+
+ mwan3_get_iface_id id $1
+
+ [ -n "$id" ] || return 0
+
+ $IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
+ $IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
+ $IPS -! create mwan3_sticky_$rule list:set
+ $IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
+ $IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
+
+ for IPT in "$IPT4" "$IPT6"; do
+ if [ -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" ]; then
+ $IPT -I mwan3_rule_$rule -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
+ $IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($id*256))/0xff00
+ fi
+ done
+}
+
+mwan3_set_user_iptables_rule()
+{
+ local ipset family proto policy src_ip src_port sticky dest_ip dest_port use_policy timeout rule policy IPT
+
+ rule="$1"
+
+ config_get sticky $1 sticky 0
+ config_get timeout $1 timeout 600
+ config_get ipset $1 ipset
+ config_get proto $1 proto all
+ config_get src_ip $1 src_ip 0.0.0.0/0
+ config_get src_port $1 src_port 0:65535
+ config_get dest_ip $1 dest_ip 0.0.0.0/0
+ config_get dest_port $1 dest_port 0:65535
+ config_get use_policy $1 use_policy
+ config_get family $1 family any
+
+ if [ "$1" != $(echo "$1" | cut -c1-15) ]; then
+ $LOG warn "Rule $1 exceeds max of 15 chars. Not setting rule" && return 0
+ fi
+
+ if [ -n "$ipset" ]; then
+ if [ -z "$($IPS -n list $ipset 2> /dev/null)" ]; then
+ $IPS create $ipset list:set
+ $IPS create v4_$ipset hash:ip timeout 3600
+ $IPS create v6_$ipset hash:ip timeout 3600 family inet6
+ $IPS add $ipset v4_$ipset
+ $IPS add $ipset v6_$ipset
+ fi
+
+ ipset="-m set --match-set $ipset dst"
+ fi
+
+ if [ -n "$use_policy" ]; then
+ if [ "$use_policy" == "default" ]; then
+ policy="MARK --set-xmark 0xff00/0xff00"
+ elif [ "$use_policy" == "unreachable" ]; then
+ policy="MARK --set-xmark 0xfe00/0xff00"
+ elif [ "$use_policy" == "blackhole" ]; then
+ policy="MARK --set-xmark 0xfd00/0xff00"
+ else
+ if [ "$sticky" -eq 1 ]; then
+
+ policy="mwan3_policy_$use_policy"
+
+ config_foreach mwan3_set_sticky_iptables interface
+
+ for IPT in "$IPT4" "$IPT6"; do
+ if ! $IPT -S $policy &> /dev/null; then
+ $IPT -N $policy
+ fi
+
+ if ! $IPT -S mwan3_rule_$1 &> /dev/null; then
+ $IPT -N mwan3_rule_$1
+ fi
+
+ $IPT -F mwan3_rule_$1
+
+ $IPT -A mwan3_rule_$1 -m mark --mark 0/0xff00 -j $policy
+ $IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_$rule src,src
+ $IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_$rule src,src
+ done
+
+ policy="mwan3_rule_$1"
+ else
+ policy="mwan3_policy_$use_policy"
+
+ for IPT in "$IPT4" "$IPT6"; do
+ if ! $IPT -S $policy &> /dev/null; then
+ $IPT -N $policy
+ fi
+ done
+
+ fi
+ fi
+
+ if [ "$family" == "any" ]; then
+
+ for IPT in "$IPT4" "$IPT6"; do
+ case $proto in
+ tcp|udp)
+ $IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
+ ;;
+ *)
+ $IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
+ ;;
+ esac
+ done
+
+ elif [ "$family" == "ipv4" ]; then
+
+ case $proto in
+ tcp|udp)
+ $IPT4 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
+ ;;
+ *)
+ $IPT4 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
+ ;;
+ esac
+
+ elif [ "$family" == "ipv6" ]; then
+
+ case $proto in
+ tcp|udp)
+ $IPT6 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
+ ;;
+ *)
+ $IPT6 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
+ ;;
+ esac
+ fi
+ fi
+}
+
+mwan3_set_user_rules()
+{
+ local IPT
+
+ for IPT in "$IPT4" "$IPT6"; do
+
+ if ! $IPT -S mwan3_rules &> /dev/null; then
+ $IPT -N mwan3_rules
+ fi
+
+ $IPT -F mwan3_rules
+ done
+
+ config_foreach mwan3_set_user_iptables_rule rule
+}
+
+mwan3_report_iface_status()
+{
+ local device result track_ips tracking IP IPT
+
+ mwan3_get_iface_id id $1
+ network_get_device device $1
+ config_get enabled "$1" enabled 0
+ config_get family "$1" family ipv4
+
+ if [ "$family" == "ipv4" ]; then
+ IP="$IP4"
+ IPT="$IPT4"
+ fi
+
+ if [ "$family" == "ipv6" ]; then
+ IP="$IP6"
+ IPT="$IPT6"
+ fi
+
+ if [ -z "$id" -o -z "$device" ]; then
+ result="unknown"
+ elif [ -n "$($IP rule | awk '$1 == "'$(($id+1000)):'"')"i -a -n "$($IP rule | awk '$1 == "'$(($id+2000)):'"')" -a -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" -a -n "$($IPT -S mwan3_iface_out_$1 2> /dev/null)" -a -n "$($IP route list table $id default dev $device 2> /dev/null)" ]; then
+ result="online"
+ elif [ -n "$($IP rule | awk '$1 == "'$(($id+1000)):'"')" -o -n "$($IP rule | awk '$1 == "'$(($id+2000)):'"')" -o -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" -o -n "$($IPT -S mwan3_iface_out_$1 2> /dev/null)" -o -n "$($IP route list table $id default dev $device 2> /dev/null)" ]; then
+ result="error"
+ else
+ if [ "$enabled" == "1" ]; then
+ result="offline"
+ else
+ result="disabled"
+ fi
+ fi
+
+ mwan3_list_track_ips()
+ {
+ track_ips="$1 $track_ips"
+ }
+ config_list_foreach $1 track_ip mwan3_list_track_ips
+
+ if [ -n "$track_ips" ]; then
+ if [ -n "$(ps -w | grep mwan3track | grep -v grep | sed '/.*\/usr\/sbin\/mwan3track \([^ ]*\) .*$/!d;s//\1/' | awk '$1 == "'$1'"')" ]; then
+ tracking="active"
+ else
+ tracking="down"
+ fi
+ else
+ tracking="not enabled"
+ fi
+
+ echo " interface $1 is $result and tracking is $tracking"
+}
+
+mwan3_report_policies_v4()
+{
+ local percent policy share total_weight weight iface
+
+ for policy in $($IPT4 -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
+ echo "$policy:" | sed 's/mwan3_policy_//'
+
+ [ -n "$total_weight" ] || total_weight=$($IPT4 -S $policy | cut -s -d'"' -f2 | head -1 | awk '{print $3}')
+
+ if [ ! -z "${total_weight##*[!0-9]*}" ]; then
+ for iface in $($IPT4 -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
+ weight=$($IPT4 -S $policy | cut -s -d'"' -f2 | awk '$1 == "'$iface'"' | awk '{print $2}')
+ percent=$(($weight*100/$total_weight))
+ echo " $iface ($percent%)"
+ done
+ else
+ echo " $($IPT4 -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
+ fi
+
+ unset total_weight
+
+ echo -e
+ done
+}
+
+mwan3_report_policies_v6()
+{
+ local percent policy share total_weight weight iface
+
+ for policy in $($IPT6 -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
+ echo "$policy:" | sed 's/mwan3_policy_//'
+
+ [ -n "$total_weight" ] || total_weight=$($IPT6 -S $policy | cut -s -d'"' -f2 | head -1 | awk '{print $3}')
+
+ if [ ! -z "${total_weight##*[!0-9]*}" ]; then
+ for iface in $($IPT6 -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
+ weight=$($IPT6 -S $policy | cut -s -d'"' -f2 | awk '$1 == "'$iface'"' | awk '{print $2}')
+ percent=$(($weight*100/$total_weight))
+ echo " $iface ($percent%)"
+ done
+ else
+ echo " $($IPT6 -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
+ fi
+
+ unset total_weight
+
+ echo -e
+ done
+}
+
+mwan3_report_connected_v4()
+{
+ local address
+
+ if [ -n "$($IPT4 -S mwan3_connected 2> /dev/null)" ]; then
+ for address in $($IPS list mwan3_connected_v4 | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
+ echo " $address"
+ done
+ fi
+}
+
+mwan3_report_connected_v6()
+{
+ local address
+
+ if [ -n "$($IPT6 -S mwan3_connected 2> /dev/null)" ]; then
+ for address in $($IPS list mwan3_connected_v6 | egrep '([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'); do
+ echo " $address"
+ done
+ fi
+}
+
+mwan3_report_rules_v4()
+{
+ if [ -n "$($IPT4 -S mwan3_rules 2> /dev/null)" ]; then
+ $IPT4 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
+ fi
+}
+
+mwan3_report_rules_v6()
+{
+ if [ -n "$($IPT6 -S mwan3_rules 2> /dev/null)" ]; then
+ $IPT6 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
+ fi
+}
#!/bin/sh
-if [ -x /usr/sbin/ip ]; then
- IP="/usr/sbin/ip -4"
-elif [ -x /usr/bin/ip ]; then
- IP="/usr/bin/ip -4"
-else
- exit 1
-fi
-
-if [ -x /usr/sbin/ipset ]; then
- IPS="/usr/sbin/ipset"
-else
- exit 1
-fi
-
-if [ -x /usr/sbin/iptables ]; then
- IPT="/usr/sbin/iptables -t mangle -w"
-else
- exit 1
-fi
+[ -x /usr/bin/ip ] || exit 4
+[ -x /usr/sbin/ipset ] || exit 5
+[ -x /usr/sbin/iptables ] || exit 6
+[ -x /usr/sbin/ip6tables ] || exit 7
+[ -x /usr/bin/logger ] || exit 8
. /lib/functions.sh
+. /lib/functions/network.sh
+. /lib/mwan3/mwan3.sh
help()
{
ifup <iface> Load rules and routes for specific interface
ifdown <iface> Unload rules and routes for specific interface
interfaces Show interfaces status
- policies Show policies status
- rules Show rules status
+ policies Show currently active policy
+ connected Show directly connected networks
+ rules Show active rules
status Show all status
EOF
echo "Error: Too many arguments. Usage: mwan3 ifdown <interface>" && exit 0
fi
+ ACTION=ifdown INTERFACE=$1 /sbin/hotplug-call iface
+
if [ -e /var/run/mwan3track-$1.pid ] ; then
kill $(cat /var/run/mwan3track-$1.pid)
rm /var/run/mwan3track-$1.pid
fi
-
- ACTION=ifdown INTERFACE=$1 /sbin/hotplug-call iface
}
ifup()
interfaces()
{
- local device enabled iface_id tracking
-
config_load mwan3
echo "Interface status:"
-
- check_iface_status()
- {
- let iface_id++
- device=$(uci -p /var/state get network.$1.ifname) &> /dev/null
-
- if [ -z "$device" ]; then
- echo " interface $1 is unknown"
- return 0
- fi
-
- config_get enabled "$1" enabled 0
-
- if [ -n "$(ps -w | grep mwan3track | grep -v grep | sed '/.*\/usr\/sbin\/mwan3track \([^ ]*\) .*$/!d;s//\1/' | awk '$1 == "'$1'"')" ]; then
- tracking="active"
- else
- tracking="down"
- fi
-
- if [ -n "$($IP rule | awk '$5 == "'$device'"')" -a -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -a -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
- if [ -n "$(uci -p /var/state get mwan3.$1.track_ip 2> /dev/null)" ]; then
- echo " interface $1 is online (tracking $tracking)"
- else
- echo " interface $1 is online"
- fi
- elif [ -n "$($IP rule | awk '$5 == "'$device'"')" -o -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -o -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
- echo " interface $1 error"
- else
- if [ "$enabled" -eq 1 ]; then
- if [ -n "$(uci -p /var/state get mwan3.$1.track_ip 2> /dev/null)" ]; then
- echo " interface $1 is offline (tracking $tracking)"
- else
- echo " interface $1 is offline"
- fi
- else
- echo " interface $1 is disabled"
- fi
- fi
- }
- config_foreach check_iface_status interface
+ config_foreach mwan3_report_iface_status interface
echo -e
}
policies()
{
- local percent policy share total_weight weight iface
-
- for policy in $($IPT -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
- echo "Policy $policy:" | sed 's/mwan3_policy_//'
-
- [ -n "$total_weight" ] || total_weight=$($IPT -S $policy | cut -s -d'"' -f2 | head -1 | awk '{print $3}')
-
- if [ ! -z "${total_weight##*[!0-9]*}" ]; then
- for iface in $($IPT -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
- weight=$($IPT -S $policy | cut -s -d'"' -f2 | awk '$1 == "'$iface'"' | awk '{print $2}')
- percent=$(($weight*100/$total_weight))
- echo " $iface ($percent%)"
- done
- else
- echo " $($IPT -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
- fi
-
- echo -e
+ echo "Current ipv4 policies:"
+ mwan3_report_policies_v4
+ echo "Current ipv6 policies:"
+ mwan3_report_policies_v6
+}
- unset iface
- unset total_weight
- done
+connected()
+{
+ echo "Directly connected ipv4 networks:"
+ mwan3_report_connected_v4
+ echo -e
+ echo "Directly connected ipv6 networks:"
+ mwan3_report_connected_v6
+ echo -e
}
+
rules()
{
- local address
-
- if [ -n "$($IPT -S mwan3_connected 2> /dev/null)" ]; then
- echo "Known networks:"
- for address in $($IPS list mwan3_connected | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
- echo " $address"
- done
- echo -e
- fi
-
- if [ -n "$($IPT -S mwan3_rules 2> /dev/null)" ]; then
- echo "Active rules:"
- $IPT -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
- echo -e
- fi
+ echo "Active ipv4 user rules:"
+ mwan3_report_rules_v4
+ echo -e
+ echo "Active ipv6 user rules:"
+ mwan3_report_rules_v6
+ echo -e
}
status()
{
interfaces
policies
+ connected
rules
}
stop()
{
- local ipset route rule table
+ local ipset route rule table IP IPT
killall mwan3track &> /dev/null
rm /var/run/mwan3track-* &> /dev/null
- for route in $($IP route list table all | sed 's/.*table \([^ ]*\) .*/\1/' | awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
- $IP route flush table $route &> /dev/null
- done
+ for IP in "$IP4" "$IP6"; do
- for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
- $IP rule del pref $rule &> /dev/null
+ for route in $($IP route list table all | sed 's/.*table \([^ ]*\) .*/\1/' | awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
+ $IP route flush table $route &> /dev/null
+ done
+
+ for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
+ $IP rule del pref $rule &> /dev/null
+ done
done
- $IPT -D PREROUTING -j mwan3_hook &> /dev/null
- $IPT -D OUTPUT -j mwan3_hook &> /dev/null
+ for IPT in "$IPT4" "$IPT6"; do
- for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
- $IPT -F $table &> /dev/null
- done
+ $IPT -D PREROUTING -j mwan3_hook &> /dev/null
+ $IPT -D OUTPUT -j mwan3_hook &> /dev/null
- for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
- $IPT -X $table &> /dev/null
+ for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
+ $IPT -F $table &> /dev/null
+ done
+
+ for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
+ $IPT -X $table &> /dev/null
+ done
done
- for ipset in $(ipset -n list | grep mwan3); do
+ for ipset in $($IPS -n list | sort | grep mwan3); do
$IPS destroy $ipset
done
}
}
case "$1" in
- ifup|ifdown|interfaces|policies|rules|status|start|stop|restart)
+ ifup|ifdown|interfaces|policies|connected|rules|status|start|stop|restart)
$*
;;
*)
while true; do
for track_ip in $track_ips; do
- ping -I $2 -c $4 -W $5 -s 4 -q $track_ip &> /dev/null
+ ping -I $2 -c $4 -W $5 -q $track_ip &> /dev/null
if [ $? -eq 0 ]; then
let host_up_count++
else
echo "access $group $context $version $level $prefix $read $write $notify" >> $CONFIGFILE
}
+snmpd_trap_hostname_add() {
+ local cfg="$1"
+ config_get hostname "$cfg" HostName
+ config_get port "$cfg" Port
+ config_get community "$cfg" Community
+ config_get type "$cfg" Type
+ echo "$type $hostname $community $port" >> $CONFIGFILE
+}
+
+snmpd_trap_ip_add() {
+ local cfg="$1"
+ config_get host_ip "$cfg" HostIP
+ config_get port "$cfg" Port
+ config_get community "$cfg" Community
+ config_get type "$cfg" Type
+ echo "$type $host_ip $community $port" >> $CONFIGFILE
+}
+
+snmpd_access_default_add() {
+ local cfg="$1"
+ config_get mode "$cfg" Mode
+ config_get community "$cfg" CommunityName
+ config_get oidrestrict "$cfg" RestrictOID
+ config_get oid "$cfg" RestrictedOID
+ echo -n "$mode $community default" >> $CONFIGFILE
+ [ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
+ [ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
+}
+
+snmpd_access_HostName_add() {
+ local cfg="$1"
+ config_get hostname "$cfg" HostName
+ config_get mode "$cfg" Mode
+ config_get community "$cfg" CommunityName
+ config_get oidrestrict "$cfg" RestrictOID
+ config_get oid "$cfg" RestrictedOID
+ echo -n "$mode $community $hostname" >> $CONFIGFILE
+ [ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
+ [ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
+}
+
+snmpd_access_HostIP_add() {
+ local cfg="$1"
+ config_get host_ip "$cfg" HostIP
+ config_get ip_mask "$cfg" IPMask
+ config_get mode "$cfg" Mode
+ config_get community "$cfg" CommunityName
+ config_get oidrestrict "$cfg" RestrictOID
+ config_get oid "$cfg" RestrictedOID
+ echo -n "$mode $community $host_ip/$ip_mask" >> $CONFIGFILE
+ [ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
+ [ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
+}
+
snmpd_pass_add() {
local cfg="$1"
local pass='pass'
config_foreach snmpd_group_add group
config_foreach snmpd_view_add view
config_foreach snmpd_access_add access
+ config_foreach snmpd_trap_hostname_add trap_HostName
+ config_foreach snmpd_trap_ip_add trap_HostIP
+ config_foreach snmpd_access_default_add access_default
+ config_foreach snmpd_access_HostName_add access_HostName
+ config_foreach snmpd_access_HostIP_add access_HostIP
config_foreach snmpd_pass_add pass
config_foreach snmpd_exec_add exec
config_foreach snmpd_disk_add disk
stop_service() {
[ -f "$CONFIGFILE" ] && rm -f "$CONFIGFILE"
}
+
+service_triggers(){
+ procd_add_reload_trigger 'snmpd'
+}
#
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=nmap
-PKG_VERSION:=6.47
-PKG_RELEASE:=2
+PKG_VERSION:=7.00
+PKG_RELEASE:=1
PKG_MAINTAINER=Nuno Goncalves <nunojpg@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://nmap.org/dist/
-PKG_MD5SUM:=edfe81f6763223c0a29bfa15a8526e2a
+PKG_MD5SUM:=6cdf5d03cc3294b99d69dfca83f2f2ee
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=ntp
-PKG_VERSION:=4.2.8p2
-PKG_RELEASE:=3
+PKG_VERSION:=4.2.8p4
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/
-PKG_MD5SUM:=fa37049383316322d060ec9061ac23a9
+PKG_MD5SUM:=6af96862b09324a8ef965ca76b759c8b
PKG_LICENSE:=Unique
PKG_LICENSE_FILES:=COPYRIGHT html/copyright.html
define Package/ntp-utils
$(call Package/ntpd/Default)
TITLE+= utilities
+ DEPENDS+= +libcap
endef
define Package/ntp-utils/description
define Package/ntp-keygen
$(call Package/ntpd/Default)
TITLE+=keygen
+ DEPENDS+= +libcap +libevent2-core
endef
define Package/ntp-keygen/description
PKG_NAME:=ocserv
PKG_VERSION:=0.10.9
-PKG_RELEASE:=2
+PKG_RELEASE:=4
PKG_USE_MIPS16:=0
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
-----------------------------------------------------------------
```
+Setting up split-dns
+====================
+
+To allow the clients to resolv with the local domain add the following
+to the ocserv configuration file.
+
+```
+----/etc/config/ocserv-------------------------------------------
+config ocserv 'config'
+ option split_dns '1'
+ option default_domain 'mydomain'
+```
+
+The ```default_domain``` is optional and if not set, it will be autodetected
+from dnsmasq's configuration.
+
Setting up the firewall
=======================
# The domains over which the provided DNS should be used. Use
# multiple lines for multiple domains.
-#split-dns = example.com
+|ENABLE_SPLIT_DNS|split-dns = |DEFAULT_DOMAIN|
# Prior to leasing any IP from the pool ping it to verify that
# it is not in use by another (unrelated to this server) host.
config_get ip6addr $1 ip6addr ""
config_get proxy_arp $1 proxy_arp "0"
config_get ping_leases $1 ping_leases "0"
+ config_get split_dns $1 split_dns "0"
config_get default_domain $1 default_domain ""
# Enable proxy arp, and make sure that ping leases is set to true in that case,
enable_default_domain="#"
enable_udp="#"
enable_compression="#"
+ enable_split_dns="#"
test $predictable_ips = "0" && predictable_ips="false"
test $predictable_ips = "1" && predictable_ips="true"
test $cisco_compat = "0" && cisco_compat="false"
test $ping_leases = "0" && ping_leases="false"
test $ping_leases = "1" && ping_leases="true"
test $udp = "1" && enable_udp=""
+ test $split_dns = "1" && enable_split_dns=""
test $compression = "1" && enable_compression=""
- test -z $default_domain && enable_default_domain=""
+
+ test -z $default_domain && default_domain=$(uci get dhcp.@dnsmasq[0].domain)
+ test -n $default_domain && enable_default_domain=""
test -z $ip6addr && enable_ipv6="#"
test $auth = "plain" && authsuffix="\[passwd=/var/etc/ocpasswd\]"
-e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
-e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
-e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
+ -e "s/|ENABLE_SPLIT_DNS|/$enable_split_dns/g" \
-e "s/|CISCO_COMPAT|/$cisco_compat/g" \
-e "s/|PING_LEASES|/$ping_leases/g" \
-e "s/|UDP|/$enable_udp/g" \
--- /dev/null
+#
+# Copyright (C) 2015 Bruno Randolf (br1@einfach.org)
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=pingcheck
+PKG_VERSION:=0.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/br101/pingcheck.git
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=0f099998782f550e2abebdc65bcc3e969b798769
+
+PKG_MAINTAINER:=Bruno Randolf <br1@einfach.org>
+PKG_LICENSE:=GPL-2.0+
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/pingcheck
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+libubus +libuci
+ MAINTAINER:=Bruno Randolf <br1@einfach.org>
+ TITLE:=Check Internet and interface connectivity
+endef
+
+define Package/pingcheck/description
+Checks by using "ping" (ICMP echo) wether a configured host (normally on the
+internet) can be reached via a specific interface. Then makes this information
+available via ubus and triggers "online" and "offline" scripts.
+endef
+
+define Package/pingcheck/conffiles
+/etc/config/pingcheck
+endef
+
+define Package/pingcheck/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/pingcheck $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./pingcheck.init $(1)/etc/init.d/pingcheck
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/pingcheck.config $(1)/etc/config/pingcheck
+endef
+
+$(eval $(call BuildPackage,pingcheck))
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=99
+
+USE_PROCD=1
+PROG=/usr/sbin/pingcheck
+CONFFILE=/etc/config/pingcheck
+
+start_service() {
+ procd_open_instance
+ procd_set_param command $PROG
+ procd_set_param file $CONFFILE
+ procd_set_param respawn
+ procd_close_instance
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=redsocks
-PKG_VERSION:=0.4
+PKG_VERSION:=0.4-20150907
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_PROTO:=git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/darkk/redsocks.git
-PKG_SOURCE_VERSION:=release-0.4
+PKG_SOURCE_VERSION:=2118c616b4970a0436eceaa57a6e3451ec98ad2b
PKG_MAINTAINER:=Johannes Morgenroth <jm@m-network.de>
PKG_LICENSE:=Apache-2.0
+++ /dev/null
-From 290f19972e9f7b74f818ae211cb535e32f1f314f Mon Sep 17 00:00:00 2001
-From: Leonid Evdokimov <leon@darkk.net.ru>
-Date: Tue, 10 Apr 2012 00:57:26 +0400
-Subject: [PATCH 01/12] Fix bug in DNS resolution - results were ignored (since
- 8179a1ff).
-
----
- parser.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/parser.c b/parser.c
-index 85d3533..6198828 100644
---- a/parser.c
-+++ b/parser.c
-@@ -295,22 +295,22 @@ static int vp_in_addr(parser_context *context, void *addr, const char *token)
- memcpy(addr, &ia, sizeof(ia));
- }
- else {
-- struct addrinfo *addr, hints;
-+ struct addrinfo *ainfo, hints;
- int err;
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = AF_INET; /* IPv4-only */
- hints.ai_socktype = SOCK_STREAM; /* I want to have one address once and ONLY once, that's why I specify socktype and protocol */
- hints.ai_protocol = IPPROTO_TCP;
- hints.ai_flags = AI_ADDRCONFIG; /* I don't need IPv4 addrs without IPv4 connectivity */
-- err = getaddrinfo(token, NULL, &hints, &addr);
-+ err = getaddrinfo(token, NULL, &hints, &ainfo);
- if (err == 0) {
- int count, taken;
- struct addrinfo *iter;
- struct sockaddr_in *resolved_addr;
-- for (iter = addr, count = 0; iter; iter = iter->ai_next, ++count)
-+ for (iter = ainfo, count = 0; iter; iter = iter->ai_next, ++count)
- ;
- taken = rand() % count;
-- for (iter = addr; taken > 0; iter = iter->ai_next, --taken)
-+ for (iter = ainfo; taken > 0; iter = iter->ai_next, --taken)
- ;
- resolved_addr = (struct sockaddr_in*)iter->ai_addr;
- assert(resolved_addr->sin_family == iter->ai_family && iter->ai_family == AF_INET);
-@@ -318,7 +318,7 @@ static int vp_in_addr(parser_context *context, void *addr, const char *token)
- log_error(LOG_WARNING, "%s resolves to %d addresses, using %s",
- token, count, inet_ntoa(resolved_addr->sin_addr));
- memcpy(addr, &resolved_addr->sin_addr, sizeof(ia));
-- freeaddrinfo(addr);
-+ freeaddrinfo(ainfo);
- }
- else {
- if (err == EAI_SYSTEM)
---
-1.9.1
-
+++ /dev/null
-From 6015b3a6f26e04dd5d78cd6c1320886fc9035612 Mon Sep 17 00:00:00 2001
-From: Leonid Evdokimov <leon@darkk.net.ru>
-Date: Tue, 10 Apr 2012 01:37:34 +0400
-Subject: [PATCH 02/12] inet_ntop -> red_inet_ntop
-
----
- redsocks.c | 13 ++++---------
- redudp.c | 19 +++++++++++--------
- utils.c | 37 +++++++++++++++++++++++++++++++++----
- utils.h | 7 +++++++
- 4 files changed, 55 insertions(+), 21 deletions(-)
-
-diff --git a/redsocks.c b/redsocks.c
-index d085e10..ba5eab2 100644
---- a/redsocks.c
-+++ b/redsocks.c
-@@ -207,22 +207,17 @@ void redsocks_log_write_plain(
- int saved_errno = errno;
- struct evbuffer *fmt = evbuffer_new();
- va_list ap;
-- char clientaddr_str[INET6_ADDRSTRLEN], destaddr_str[INET6_ADDRSTRLEN];
-+ char clientaddr_str[RED_INET_ADDRSTRLEN], destaddr_str[RED_INET_ADDRSTRLEN];
-
- if (!fmt) {
- log_errno(LOG_ERR, "evbuffer_new()");
- // no return, as I have to call va_start/va_end
- }
-
-- if (!inet_ntop(clientaddr->sin_family, &clientaddr->sin_addr, clientaddr_str, sizeof(clientaddr_str)))
-- strncpy(clientaddr_str, "???", sizeof(clientaddr_str));
-- if (!inet_ntop(destaddr->sin_family, &destaddr->sin_addr, destaddr_str, sizeof(destaddr_str)))
-- strncpy(destaddr_str, "???", sizeof(destaddr_str));
--
- if (fmt) {
-- evbuffer_add_printf(fmt, "[%s:%i->%s:%i]: %s",
-- clientaddr_str, ntohs(clientaddr->sin_port),
-- destaddr_str, ntohs(destaddr->sin_port),
-+ evbuffer_add_printf(fmt, "[%s->%s]: %s",
-+ red_inet_ntop(clientaddr, clientaddr_str, sizeof(clientaddr_str)),
-+ red_inet_ntop(destaddr, destaddr_str, sizeof(destaddr_str)),
- orig_fmt);
- }
-
-diff --git a/redudp.c b/redudp.c
-index 0a97852..9516a50 100644
---- a/redudp.c
-+++ b/redudp.c
-@@ -436,10 +436,9 @@ static void redudp_pkt_from_socks(int fd, short what, void *_arg)
- return;
-
- if (memcmp(&udprelayaddr, &client->udprelayaddr, sizeof(udprelayaddr)) != 0) {
-- char buf[INET6_ADDRSTRLEN];
-- const char *addr = inet_ntop(udprelayaddr.sin_family, &udprelayaddr.sin_addr, buf, sizeof(buf));
-- redudp_log_error(client, LOG_NOTICE, "Got packet from unexpected address %s:%u.",
-- addr ? addr : "?", ntohs(udprelayaddr.sin_port));
-+ char buf[RED_INET_ADDRSTRLEN];
-+ redudp_log_error(client, LOG_NOTICE, "Got packet from unexpected address %s.",
-+ red_inet_ntop(&udprelayaddr, buf, sizeof(buf)));
- return;
- }
-
-@@ -459,10 +458,14 @@ static void redudp_pkt_from_socks(int fd, short what, void *_arg)
- if (pkt.header.ip.port != client->instance->config.destaddr.sin_port ||
- pkt.header.ip.addr != client->instance->config.destaddr.sin_addr.s_addr)
- {
-- char buf[INET6_ADDRSTRLEN];
-- const char *addr = inet_ntop(AF_INET, &pkt.header.ip.addr, buf, sizeof(buf));
-- redudp_log_error(client, LOG_NOTICE, "Socks5 server relayed packet from unexpected address %s:%u.",
-- addr ? addr : "?", ntohs(pkt.header.ip.port));
-+ char buf[RED_INET_ADDRSTRLEN];
-+ struct sockaddr_in pktaddr = {
-+ .sin_family = AF_INET,
-+ .sin_addr = { pkt.header.ip.addr },
-+ .sin_port = pkt.header.ip.port,
-+ };
-+ redudp_log_error(client, LOG_NOTICE, "Socks5 server relayed packet from unexpected address %s.",
-+ red_inet_ntop(&pktaddr, buf, sizeof(buf)));
- return;
- }
-
-diff --git a/utils.c b/utils.c
-index c6ced51..6e1f3af 100644
---- a/utils.c
-+++ b/utils.c
-@@ -18,6 +18,7 @@
- #include <errno.h>
- #include <assert.h>
- #include <fcntl.h>
-+#include <string.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
-@@ -42,10 +43,9 @@ int red_recv_udp_pkt(int fd, char *buf, size_t buflen, struct sockaddr_in *inadd
- }
-
- if (pktlen >= buflen) {
-- char buf[INET6_ADDRSTRLEN];
-- const char *addr = inet_ntop(inaddr->sin_family, &inaddr->sin_addr, buf, sizeof(buf));
-- log_error(LOG_WARNING, "wow! Truncated udp packet of size %zd from %s:%u! impossible! dropping it...",
-- pktlen, addr ? addr : "?", ntohs(inaddr->sin_port));
-+ char buf[RED_INET_ADDRSTRLEN];
-+ log_error(LOG_WARNING, "wow! Truncated udp packet of size %zd from %s! impossible! dropping it...",
-+ pktlen, red_inet_ntop(inaddr, buf, sizeof(buf)));
- return -1;
- }
-
-@@ -176,4 +176,33 @@ int red_is_socket_connected_ok(struct bufferevent *buffev)
- }
- }
-
-+char *red_inet_ntop(const struct sockaddr_in* sa, char* buffer, size_t buffer_size)
-+{
-+ const char *retval = 0;
-+ size_t len = 0;
-+ uint16_t port;
-+ const char placeholder[] = "???:???";
-+
-+ assert(buffer_size >= sizeof(placeholder));
-+
-+ memset(buffer, buffer_size, 0);
-+ if (sa->sin_family == AF_INET) {
-+ retval = inet_ntop(AF_INET, &sa->sin_addr, buffer, buffer_size);
-+ port = ((struct sockaddr_in*)sa)->sin_port;
-+ }
-+ else if (sa->sin_family == AF_INET6) {
-+ retval = inet_ntop(AF_INET6, &((const struct sockaddr_in6*)sa)->sin6_addr, buffer, buffer_size);
-+ port = ((struct sockaddr_in6*)sa)->sin6_port;
-+ }
-+ if (retval) {
-+ assert(retval == buffer);
-+ len = strlen(retval);
-+ snprintf(buffer + len, buffer_size - len, ":%d", ntohs(port));
-+ }
-+ else {
-+ strcpy(buffer, placeholder);
-+ }
-+ return buffer;
-+}
-+
- /* vim:set tabstop=4 softtabstop=4 shiftwidth=4: */
-diff --git a/utils.h b/utils.h
-index f691b77..d3af00f 100644
---- a/utils.h
-+++ b/utils.h
-@@ -57,6 +57,13 @@ int fcntl_nonblock(int fd);
- (what) & EVBUFFER_TIMEOUT ? "EVBUFFER_TIMEOUT" : "0", \
- (what) & ~(EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF|EVBUFFER_ERROR|EVBUFFER_TIMEOUT)
-
-+#if INET6_ADDRSTRLEN < INET_ADDRSTRLEN
-+# error Impossible happens: INET6_ADDRSTRLEN < INET_ADDRSTRLEN
-+#else
-+# define RED_INET_ADDRSTRLEN (INET6_ADDRSTRLEN + 1 + 5 + 1) // addr + : + port + \0
-+#endif
-+char *red_inet_ntop(const struct sockaddr_in* sa, char* buffer, size_t buffer_size);
-+
- /* vim:set tabstop=4 softtabstop=4 shiftwidth=4: */
- /* vim:set foldmethod=marker foldlevel=32 foldmarker={,}: */
- #endif /* UTILS_H_SAT_FEB__2_02_24_05_2008 */
---
-1.9.1
-
+++ /dev/null
-From 709646d59d96cb73a7e70347f37de9823e4e5f14 Mon Sep 17 00:00:00 2001
-From: Leonid Evdokimov <leon@darkk.net.ru>
-Date: Fri, 13 Apr 2012 01:57:23 +0400
-Subject: [PATCH 03/12] Initial support for UDP + TPROXY redirection. No more
- dest_ip in redudp.
-
- * TPROXY requires Linux 2.6.29+ (see man 7 ip[1]).
- * all redsocks code is running as root to bind to arbitrary port.
- * Non-Linux and old-Linux builds are broken at the moment.
-
-[1] http://www.kernel.org/doc/man-pages/online/pages/man7/ip.7.html
----
- dnstc.c | 2 +-
- redudp.c | 197 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
- redudp.h | 2 +
- utils.c | 43 +++++++++++++-
- utils.h | 2 +-
- 5 files changed, 227 insertions(+), 19 deletions(-)
-
-diff --git a/dnstc.c b/dnstc.c
-index 43881d8..5f9fedd 100644
---- a/dnstc.c
-+++ b/dnstc.c
-@@ -68,7 +68,7 @@ static void dnstc_pkt_from_client(int fd, short what, void *_arg)
- ssize_t pktlen, outgoing;
-
- assert(fd == EVENT_FD(&self->listener));
-- pktlen = red_recv_udp_pkt(fd, buf.raw, sizeof(buf), &clientaddr);
-+ pktlen = red_recv_udp_pkt(fd, buf.raw, sizeof(buf), &clientaddr, NULL);
- if (pktlen == -1)
- return;
-
-diff --git a/redudp.c b/redudp.c
-index 9516a50..262af3e 100644
---- a/redudp.c
-+++ b/redudp.c
-@@ -15,6 +15,7 @@
- */
-
- #include <stdlib.h>
-+#include <search.h>
- #include <string.h>
- #include <sys/types.h>
- #include <sys/uio.h>
-@@ -33,30 +34,157 @@
- #include "redudp.h"
-
- #define redudp_log_error(client, prio, msg...) \
-- redsocks_log_write_plain(__FILE__, __LINE__, __func__, 0, &(client)->clientaddr, &(client)->instance->config.destaddr, prio, ## msg)
-+ redsocks_log_write_plain(__FILE__, __LINE__, __func__, 0, &(client)->clientaddr, get_destaddr(client), prio, ## msg)
- #define redudp_log_errno(client, prio, msg...) \
-- redsocks_log_write_plain(__FILE__, __LINE__, __func__, 1, &(client)->clientaddr, &(client)->instance->config.destaddr, prio, ## msg)
-+ redsocks_log_write_plain(__FILE__, __LINE__, __func__, 1, &(client)->clientaddr, get_destaddr(client), prio, ## msg)
-
- static void redudp_pkt_from_socks(int fd, short what, void *_arg);
- static void redudp_drop_client(redudp_client *client);
- static void redudp_fini_instance(redudp_instance *instance);
- static int redudp_fini();
-+static int redudp_transparent(int fd);
-
- typedef struct redudp_expected_assoc_reply_t {
- socks5_reply h;
- socks5_addr_ipv4 ip;
- } PACKED redudp_expected_assoc_reply;
-
-+struct bound_udp4_key {
-+ struct in_addr sin_addr;
-+ uint16_t sin_port;
-+};
-+
-+struct bound_udp4 {
-+ struct bound_udp4_key key;
-+ int ref;
-+ int fd;
-+};
-+
- /***********************************************************************
- * Helpers
- */
-+// TODO: separate binding to privileged process (this operation requires uid-0)
-+static void* root_bound_udp4 = NULL; // to avoid two binds to same IP:port
-+
-+static int bound_udp4_cmp(const void *a, const void *b)
-+{
-+ return memcmp(a, b, sizeof(struct bound_udp4_key));
-+}
-+
-+static void bound_udp4_mkkey(struct bound_udp4_key *key, const struct sockaddr_in *addr)
-+{
-+ memset(key, 0, sizeof(*key));
-+ key->sin_addr = addr->sin_addr;
-+ key->sin_port = addr->sin_port;
-+}
-+
-+static int bound_udp4_get(const struct sockaddr_in *addr)
-+{
-+ struct bound_udp4_key key;
-+ struct bound_udp4 *node, **pnode;
-+
-+ bound_udp4_mkkey(&key, addr);
-+ // I assume, that memory allocation for lookup is awful, so I use
-+ // tfind/tsearch pair instead of tsearch/check-result.
-+ pnode = tfind(&key, &root_bound_udp4, bound_udp4_cmp);
-+ if (pnode) {
-+ assert((*pnode)->ref > 0);
-+ (*pnode)->ref++;
-+ return (*pnode)->fd;
-+ }
-+
-+ node = calloc(1, sizeof(*node));
-+ if (!node) {
-+ log_errno(LOG_ERR, "calloc");
-+ goto fail;
-+ }
-+
-+ node->key = key;
-+ node->ref = 1;
-+ node->fd = socket(AF_INET, SOCK_DGRAM, 0);
-+ if (node->fd == -1) {
-+ log_errno(LOG_ERR, "socket");
-+ goto fail;
-+ }
-+
-+ if (0 != redudp_transparent(node->fd))
-+ goto fail;
-+
-+ if (0 != bind(node->fd, (struct sockaddr*)addr, sizeof(*addr))) {
-+ log_errno(LOG_ERR, "bind");
-+ goto fail;
-+ }
-+
-+ pnode = tsearch(node, &root_bound_udp4, bound_udp4_cmp);
-+ if (!pnode) {
-+ log_errno(LOG_ERR, "tsearch(%p) == %p", node, pnode);
-+ goto fail;
-+ }
-+ assert(node == *pnode);
-+
-+ return node->fd;
-+
-+fail:
-+ if (node) {
-+ if (node->fd != -1)
-+ redsocks_close(node->fd);
-+ free(node);
-+ }
-+ return -1;
-+}
-+
-+static void bound_udp4_put(const struct sockaddr_in *addr)
-+{
-+ struct bound_udp4_key key;
-+ struct bound_udp4 **pnode, *node;
-+ void *parent;
-+
-+ bound_udp4_mkkey(&key, addr);
-+ pnode = tfind(&key, &root_bound_udp4, bound_udp4_cmp);
-+ assert(pnode && (*pnode)->ref > 0);
-+
-+ node = *pnode;
-+
-+ node->ref--;
-+ if (node->ref)
-+ return;
-+
-+ parent = tdelete(node, &root_bound_udp4, bound_udp4_cmp);
-+ assert(parent);
-+
-+ redsocks_close(node->fd); // expanding `pnode` to avoid use after free
-+ free(node);
-+}
-+
-+static int redudp_transparent(int fd)
-+{
-+ int on = 1;
-+ int error = setsockopt(fd, SOL_IP, IP_TRANSPARENT, &on, sizeof(on));
-+ if (error)
-+ log_errno(LOG_ERR, "setsockopt(..., SOL_IP, IP_TRANSPARENT)");
-+ return error;
-+}
-+
-+static int do_tproxy(redudp_instance* instance)
-+{
-+ return instance->config.destaddr.sin_addr.s_addr == 0;
-+}
-+
-+static struct sockaddr_in* get_destaddr(redudp_client *client)
-+{
-+ if (do_tproxy(client->instance))
-+ return &client->destaddr;
-+ else
-+ return &client->instance->config.destaddr;
-+}
-+
- static void redudp_fill_preamble(socks5_udp_preabmle *preamble, redudp_client *client)
- {
- preamble->reserved = 0;
- preamble->frag_no = 0; /* fragmentation is not supported */
- preamble->addrtype = socks5_addrtype_ipv4;
-- preamble->ip.addr = client->instance->config.destaddr.sin_addr.s_addr;
-- preamble->ip.port = client->instance->config.destaddr.sin_port;
-+ preamble->ip.addr = get_destaddr(client)->sin_addr.s_addr;
-+ preamble->ip.port = get_destaddr(client)->sin_port;
- }
-
- static struct evbuffer* socks5_mkmethods_plain_wrapper(void *p)
-@@ -104,6 +232,8 @@ static void redudp_drop_client(redudp_client *client)
- redudp_log_errno(client, LOG_ERR, "event_del");
- redsocks_close(fd);
- }
-+ if (client->sender_fd != -1)
-+ bound_udp4_put(&client->destaddr);
- list_for_each_entry_safe(q, tmp, &client->queue, list) {
- list_del(&q->list);
- free(q);
-@@ -344,7 +474,8 @@ static void redudp_relay_connected(struct bufferevent *buffev, void *_arg)
- redudp_client *client = _arg;
- int do_password = socks5_is_valid_cred(client->instance->config.login, client->instance->config.password);
- int error;
-- redudp_log_error(client, LOG_DEBUG, "<trace>");
-+ char relayaddr_str[RED_INET_ADDRSTRLEN];
-+ redudp_log_error(client, LOG_DEBUG, "via %s", red_inet_ntop(&client->instance->config.relayaddr, relayaddr_str, sizeof(relayaddr_str)));
-
- if (!red_is_socket_connected_ok(buffev)) {
- redudp_log_errno(client, LOG_NOTICE, "red_is_socket_connected_ok");
-@@ -382,7 +513,7 @@ static void redudp_timeout(int fd, short what, void *_arg)
- redudp_drop_client(client);
- }
-
--static void redudp_first_pkt_from_client(redudp_instance *self, struct sockaddr_in *clientaddr, char *buf, size_t pktlen)
-+static void redudp_first_pkt_from_client(redudp_instance *self, struct sockaddr_in *clientaddr, struct sockaddr_in *destaddr, char *buf, size_t pktlen)
- {
- redudp_client *client = calloc(1, sizeof(*client));
-
-@@ -395,9 +526,13 @@ static void redudp_first_pkt_from_client(redudp_instance *self, struct sockaddr_
- INIT_LIST_HEAD(&client->queue);
- client->instance = self;
- memcpy(&client->clientaddr, clientaddr, sizeof(*clientaddr));
-+ if (destaddr)
-+ memcpy(&client->destaddr, destaddr, sizeof(client->destaddr));
- evtimer_set(&client->timeout, redudp_timeout, client);
- // XXX: self->relay_ss->init(client);
-
-+ client->sender_fd = -1; // it's postponed until socks-server replies to avoid trivial DoS
-+
- client->relay = red_connect_relay(&client->instance->config.relayaddr,
- redudp_relay_connected, redudp_relay_error, client);
- if (!client->relay)
-@@ -431,7 +566,7 @@ static void redudp_pkt_from_socks(int fd, short what, void *_arg)
-
- assert(fd == EVENT_FD(&client->udprelay));
-
-- pktlen = red_recv_udp_pkt(fd, pkt.buf, sizeof(pkt.buf), &udprelayaddr);
-+ pktlen = red_recv_udp_pkt(fd, pkt.buf, sizeof(pkt.buf), &udprelayaddr, NULL);
- if (pktlen == -1)
- return;
-
-@@ -455,8 +590,8 @@ static void redudp_pkt_from_socks(int fd, short what, void *_arg)
- return;
- }
-
-- if (pkt.header.ip.port != client->instance->config.destaddr.sin_port ||
-- pkt.header.ip.addr != client->instance->config.destaddr.sin_addr.s_addr)
-+ if (pkt.header.ip.port != get_destaddr(client)->sin_port ||
-+ pkt.header.ip.addr != get_destaddr(client)->sin_addr.s_addr)
- {
- char buf[RED_INET_ADDRSTRLEN];
- struct sockaddr_in pktaddr = {
-@@ -472,8 +607,18 @@ static void redudp_pkt_from_socks(int fd, short what, void *_arg)
- redsocks_time(&client->last_relay_event);
- redudp_bump_timeout(client);
-
-+ if (do_tproxy(client->instance) && client->sender_fd == -1) {
-+ client->sender_fd = bound_udp4_get(&client->destaddr);
-+ if (client->sender_fd == -1) {
-+ redudp_log_error(client, LOG_WARNING, "bound_udp4_get failure");
-+ return;
-+ }
-+ }
-+
- fwdlen = pktlen - sizeof(pkt.header);
-- outgoing = sendto(EVENT_FD(&client->instance->listener),
-+ outgoing = sendto(do_tproxy(client->instance)
-+ ? client->sender_fd
-+ : EVENT_FD(&client->instance->listener),
- pkt.buf + sizeof(pkt.header), fwdlen, 0,
- (struct sockaddr*)&client->clientaddr, sizeof(client->clientaddr));
- if (outgoing != fwdlen) {
-@@ -486,18 +631,21 @@ static void redudp_pkt_from_socks(int fd, short what, void *_arg)
- static void redudp_pkt_from_client(int fd, short what, void *_arg)
- {
- redudp_instance *self = _arg;
-- struct sockaddr_in clientaddr;
-+ struct sockaddr_in clientaddr, destaddr, *pdestaddr;
- char buf[0xFFFF]; // UDP packet can't be larger then that
- ssize_t pktlen;
- redudp_client *tmp, *client = NULL;
-
-+ pdestaddr = do_tproxy(self) ? &destaddr : NULL;
-+
- assert(fd == EVENT_FD(&self->listener));
-- pktlen = red_recv_udp_pkt(fd, buf, sizeof(buf), &clientaddr);
-+ pktlen = red_recv_udp_pkt(fd, buf, sizeof(buf), &clientaddr, pdestaddr);
- if (pktlen == -1)
- return;
-
- // TODO: this lookup may be SLOOOOOW.
- list_for_each_entry(tmp, &self->clients, list) {
-+ // TODO: check destaddr
- if (0 == memcmp(&clientaddr, &tmp->clientaddr, sizeof(clientaddr))) {
- client = tmp;
- break;
-@@ -515,7 +663,7 @@ static void redudp_pkt_from_client(int fd, short what, void *_arg)
- }
- }
- else {
-- redudp_first_pkt_from_client(self, &clientaddr, buf, pktlen);
-+ redudp_first_pkt_from_client(self, &clientaddr, pdestaddr, buf, pktlen);
- }
- }
-
-@@ -554,7 +702,6 @@ static int redudp_onenter(parser_section *section)
- instance->config.relayaddr.sin_family = AF_INET;
- instance->config.relayaddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- instance->config.destaddr.sin_family = AF_INET;
-- instance->config.destaddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- instance->config.max_pktqueue = 5;
- instance->config.udp_timeout = 30;
- instance->config.udp_timeout_stream = 180;
-@@ -614,6 +761,28 @@ static int redudp_init_instance(redudp_instance *instance)
- goto fail;
- }
-
-+ if (do_tproxy(instance)) {
-+ int on = 1;
-+ char buf[RED_INET_ADDRSTRLEN];
-+ // iptables TPROXY target does not send packets to non-transparent sockets
-+ if (0 != redudp_transparent(fd))
-+ goto fail;
-+
-+ error = setsockopt(fd, SOL_IP, IP_RECVORIGDSTADDR, &on, sizeof(on));
-+ if (error) {
-+ log_errno(LOG_ERR, "setsockopt(listener, SOL_IP, IP_RECVORIGDSTADDR)");
-+ goto fail;
-+ }
-+
-+ log_error(LOG_DEBUG, "redudp @ %s: TPROXY", red_inet_ntop(&instance->config.bindaddr, buf, sizeof(buf)));
-+ }
-+ else {
-+ char buf1[RED_INET_ADDRSTRLEN], buf2[RED_INET_ADDRSTRLEN];
-+ log_error(LOG_DEBUG, "redudp @ %s: destaddr=%s",
-+ red_inet_ntop(&instance->config.bindaddr, buf1, sizeof(buf1)),
-+ red_inet_ntop(&instance->config.destaddr, buf2, sizeof(buf2)));
-+ }
-+
- error = bind(fd, (struct sockaddr*)&instance->config.bindaddr, sizeof(instance->config.bindaddr));
- if (error) {
- log_errno(LOG_ERR, "bind");
-diff --git a/redudp.h b/redudp.h
-index 308bd33..3f1d9d1 100644
---- a/redudp.h
-+++ b/redudp.h
-@@ -24,6 +24,8 @@ typedef struct redudp_client_t {
- list_head list;
- redudp_instance *instance;
- struct sockaddr_in clientaddr;
-+ struct sockaddr_in destaddr;
-+ int sender_fd; // shared between several clients socket (bound to `destaddr`)
- struct event timeout;
- struct bufferevent *relay;
- struct event udprelay;
-diff --git a/utils.c b/utils.c
-index 6e1f3af..afdeea8 100644
---- a/utils.c
-+++ b/utils.c
-@@ -26,17 +26,54 @@
- #include "utils.h"
- #include "redsocks.h" // for redsocks_close
-
--int red_recv_udp_pkt(int fd, char *buf, size_t buflen, struct sockaddr_in *inaddr)
-+int red_recv_udp_pkt(int fd, char *buf, size_t buflen, struct sockaddr_in *inaddr, struct sockaddr_in *toaddr)
- {
- socklen_t addrlen = sizeof(*inaddr);
- ssize_t pktlen;
--
-- pktlen = recvfrom(fd, buf, buflen, 0, (struct sockaddr*)inaddr, &addrlen);
-+ struct msghdr msg;
-+ struct iovec io;
-+ char control[1024];
-+
-+ memset(&msg, 0, sizeof(msg));
-+ msg.msg_name = inaddr;
-+ msg.msg_namelen = sizeof(*inaddr);
-+ msg.msg_iov = &io;
-+ msg.msg_iovlen = 1;
-+ msg.msg_control = control;
-+ msg.msg_controllen = sizeof(control);
-+ io.iov_base = buf;
-+ io.iov_len = buflen;
-+
-+ pktlen = recvmsg(fd, &msg, 0);
- if (pktlen == -1) {
- log_errno(LOG_WARNING, "recvfrom");
- return -1;
- }
-
-+ if (toaddr) {
-+ memset(toaddr, 0, sizeof(*toaddr));
-+ for (struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
-+ if (
-+ cmsg->cmsg_level == SOL_IP &&
-+ cmsg->cmsg_type == IP_ORIGDSTADDR &&
-+ cmsg->cmsg_len >= CMSG_LEN(sizeof(*toaddr))
-+ ) {
-+ struct sockaddr_in* cmsgaddr = (struct sockaddr_in*)CMSG_DATA(cmsg);
-+ char buf[RED_INET_ADDRSTRLEN];
-+ log_error(LOG_DEBUG, "IP_ORIGDSTADDR: %s", red_inet_ntop(cmsgaddr, buf, sizeof(buf)));
-+ memcpy(toaddr, cmsgaddr, sizeof(*toaddr));
-+ }
-+ else {
-+ log_error(LOG_WARNING, "unexepcted cmsg (level,type) = (%d,%d)",
-+ cmsg->cmsg_level, cmsg->cmsg_type);
-+ }
-+ }
-+ if (toaddr->sin_family != AF_INET) {
-+ log_error(LOG_WARNING, "(SOL_IP, IP_ORIGDSTADDR) not found");
-+ return -1;
-+ }
-+ }
-+
- if (addrlen != sizeof(*inaddr)) {
- log_error(LOG_WARNING, "unexpected address length %u instead of %zu", addrlen, sizeof(*inaddr));
- return -1;
-diff --git a/utils.h b/utils.h
-index d3af00f..c2277e9 100644
---- a/utils.h
-+++ b/utils.h
-@@ -44,7 +44,7 @@ char *redsocks_evbuffer_readline(struct evbuffer *buf);
- struct bufferevent* red_connect_relay(struct sockaddr_in *addr, evbuffercb writecb, everrorcb errorcb, void *cbarg);
- int red_socket_geterrno(struct bufferevent *buffev);
- int red_is_socket_connected_ok(struct bufferevent *buffev);
--int red_recv_udp_pkt(int fd, char *buf, size_t buflen, struct sockaddr_in *inaddr);
-+int red_recv_udp_pkt(int fd, char *buf, size_t buflen, struct sockaddr_in *fromaddr, struct sockaddr_in *toaddr);
-
- int fcntl_nonblock(int fd);
-
---
-1.9.1
-
+++ /dev/null
-From b60b492602448b59aea194afd4991910d3613e5c Mon Sep 17 00:00:00 2001
-From: Cody Schafer <jmesmon@gmail.com>
-Date: Tue, 24 Apr 2012 04:33:13 -0500
-Subject: [PATCH 04/12] Fix transposition of memset parameters.
-
----
- utils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utils.c b/utils.c
-index afdeea8..31c6894 100644
---- a/utils.c
-+++ b/utils.c
-@@ -222,7 +222,7 @@ char *red_inet_ntop(const struct sockaddr_in* sa, char* buffer, size_t buffer_si
-
- assert(buffer_size >= sizeof(placeholder));
-
-- memset(buffer, buffer_size, 0);
-+ memset(buffer, 0, buffer_size);
- if (sa->sin_family == AF_INET) {
- retval = inet_ntop(AF_INET, &sa->sin_addr, buffer, buffer_size);
- port = ((struct sockaddr_in*)sa)->sin_port;
---
-1.9.1
-
+++ /dev/null
-From 18e2b5ed1ffb3e7c5dfec8ff41b3027163f680ed Mon Sep 17 00:00:00 2001
-From: Leonid Evdokimov <leon@darkk.net.ru>
-Date: Wed, 12 Sep 2012 02:05:39 +0400
-Subject: [PATCH 09/12] Fix compilation on Ubuntu 10.04 LTS and (hopefully)
- Debian squeeze[1]
-
-fixes #28, fixes #22, fixes #24
-[1] current "stable" release
----
- libc-compat.h | 25 +++++++++++++++++++++++++
- libevent-compat.h | 11 +++++++++++
- redsocks.c | 1 +
- redudp.c | 1 +
- utils.c | 1 +
- 5 files changed, 39 insertions(+)
- create mode 100644 libc-compat.h
- create mode 100644 libevent-compat.h
-
-diff --git a/libc-compat.h b/libc-compat.h
-new file mode 100644
-index 0000000..adcf63b
---- /dev/null
-+++ b/libc-compat.h
-@@ -0,0 +1,25 @@
-+#ifndef UUID_67C91670_FCCB_4855_BDF7_609F1EECB8B4
-+#define UUID_67C91670_FCCB_4855_BDF7_609F1EECB8B4
-+
-+/* all these definitions, are included into bits/in.h from libc6-dev 2.15-0ubuntu10
-+ * from Ubuntu 12.04 and is not included into libc6-dev 2.11.1-0ubuntu7.10 from
-+ * Ubuntu 10.04.
-+ * linux/in.h is not included directly because of lots of redefinitions,
-+ * extracting single value from linux/in.h is not done because it looks like
-+ * autotools reinvention */
-+#ifndef IP_ORIGDSTADDR
-+# warning Using hardcoded value for IP_ORIGDSTADDR as libc headers do not define it.
-+# define IP_ORIGDSTADDR 20
-+#endif
-+
-+#ifndef IP_RECVORIGDSTADDR
-+# warning Using hardcoded value for IP_RECVORIGDSTADDR as libc headers do not define it.
-+# define IP_RECVORIGDSTADDR IP_ORIGDSTADDR
-+#endif
-+
-+#ifndef IP_TRANSPARENT
-+# warning Using hardcoded value for IP_TRANSPARENT as libc headers do not define it.
-+# define IP_TRANSPARENT 19
-+#endif
-+
-+#endif // 67C91670_FCCB_4855_BDF7_609F1EECB8B4
-diff --git a/libevent-compat.h b/libevent-compat.h
-new file mode 100644
-index 0000000..a7f1ca1
---- /dev/null
-+++ b/libevent-compat.h
-@@ -0,0 +1,11 @@
-+#ifndef UUID_FC148CFA_5ECC_488E_8A62_CD39406C9F1E
-+#define UUID_FC148CFA_5ECC_488E_8A62_CD39406C9F1E
-+
-+/* evutil_socket_t is macros in libevent-2.0, not typedef, libevent-1.4 is
-+ * still supported because of Ubuntu 10.04 LTS */
-+#ifndef evutil_socket_t
-+# warning Using hardcoded value for evutil_socket_t as libevent headers do not define it.
-+# define evutil_socket_t int
-+#endif
-+
-+#endif // FC148CFA_5ECC_488E_8A62_CD39406C9F1E
-diff --git a/redsocks.c b/redsocks.c
-index ba5eab2..878576f 100644
---- a/redsocks.c
-+++ b/redsocks.c
-@@ -33,6 +33,7 @@
- #include "base.h"
- #include "redsocks.h"
- #include "utils.h"
-+#include "libevent-compat.h"
-
-
- #define REDSOCKS_RELAY_HALFBUFF 4096
-diff --git a/redudp.c b/redudp.c
-index 262af3e..05460dc 100644
---- a/redudp.c
-+++ b/redudp.c
-@@ -32,6 +32,7 @@
- #include "main.h"
- #include "redsocks.h"
- #include "redudp.h"
-+#include "libc-compat.h"
-
- #define redudp_log_error(client, prio, msg...) \
- redsocks_log_write_plain(__FILE__, __LINE__, __func__, 0, &(client)->clientaddr, get_destaddr(client), prio, ## msg)
-diff --git a/utils.c b/utils.c
-index 31c6894..7de3969 100644
---- a/utils.c
-+++ b/utils.c
-@@ -25,6 +25,7 @@
- #include "log.h"
- #include "utils.h"
- #include "redsocks.h" // for redsocks_close
-+#include "libc-compat.h"
-
- int red_recv_udp_pkt(int fd, char *buf, size_t buflen, struct sockaddr_in *inaddr, struct sockaddr_in *toaddr)
- {
---
-1.9.1
-
Last-Update: 2013-04-23
--- a/main.c
+++ b/main.c
-@@ -39,7 +39,7 @@
+@@ -39,7 +39,7 @@ app_subsys *subsystems[] = {
&dnstc_subsys,
};
include $(TOPDIR)/rules.mk
PKG_NAME:=sqm-scripts
-PKG_SOURCE_VERSION:=b761c3d39fadd6b868e9417595ba4260c047bcd2
-PKG_VERSION:=1.0.4
-PKG_RELEASE:=1
+PKG_SOURCE_VERSION:=90399ffc4ddbe0b25374682d7914afee3d522328
+PKG_VERSION:=1.0.5
+PKG_RELEASE:=2
PKG_LICENSE:=GPLv2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.xz
define Package/sqm-scripts
SECTION:=net
CATEGORY:=Base system
- DEPENDS:=+tc +kmod-sched +kmod-ifb iptables +ip \
+ DEPENDS:=+tc +kmod-sched +kmod-ifb +iptables \
+iptables-mod-ipopt +iptables-mod-conntrack-extra
TITLE:=SQM Scripts (QoS)
PKGARCH:=all
include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
-PKG_VERSION:=5.3.3
+PKG_VERSION:=5.3.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
-PKG_MD5SUM:=5a25f3d1c31a77ef44d14a2e7b3eaad0
+PKG_MD5SUM:=655a632a515c74a99f2e9cc337ab2f33
PKG_LICENSE:=GPL-2.0+
PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
gcm \
gcrypt \
gmp \
+ gmpdh \
ha \
hmac \
kernel-libipsec \
This meta-package contains only dependencies to match upstream defaults.
endef
+
+define Package/strongswan-isakmp
+$(call Package/strongswan/Default)
+ TITLE+= (isakmp)
+ DEPENDS:= +strongswan \
+ +strongswan-charon \
+ +strongswan-mod-aes \
+ +strongswan-mod-des \
+ +strongswan-mod-gmpdh \
+ +strongswan-mod-hmac \
+ +strongswan-mod-kernel-netlink \
+ +strongswan-mod-md5 \
+ +strongswan-mod-nonce \
+ +strongswan-mod-pubkey \
+ +strongswan-mod-random \
+ +strongswan-mod-sha1 \
+ +strongswan-mod-socket-default \
+ +strongswan-mod-stroke \
+ +strongswan-mod-uci \
+ +strongswan-mod-updown \
+ +strongswan-utils
+endef
+
+define Package/strongswan-isakmp/description
+$(call Package/strongswan/description/Default)
+ This meta-package contains only dependencies to establish ISAKMP /
+ IKE PSK connections, dropping other capabilities in favor of small size
+ Can fit most routers even with 4Mb flash (after removing IPv6 support).
+endef
+
+
define Package/strongswan-minimal
$(call Package/strongswan/Default)
TITLE+= (minimal)
true
endef
+define Package/strongswan-isakmp/install
+ true
+endef
+
define Package/strongswan-minimal/install
true
endef
$(eval $(call BuildPackage,strongswan-default))
$(eval $(call BuildPackage,strongswan-full))
$(eval $(call BuildPackage,strongswan-minimal))
+$(eval $(call BuildPackage,strongswan-isakmp))
$(eval $(call BuildPackage,strongswan-charon))
$(eval $(call BuildPackage,strongswan-utils))
$(eval $(call BuildPackage,strongswan-libtls))
$(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,))
$(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan-mod-gcrypt:libgcrypt))
$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
+$(eval $(call BuildPlugin,gmpdh,DH-Groups; no libgmp dep,))
$(eval $(call BuildPlugin,ha,high availability cluster,))
$(eval $(call BuildPlugin,hmac,HMAC crypto,))
$(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,))
--- /dev/null
+--- a/configure.ac
++++ b/configure.ac
+@@ -135,6 +135,7 @@ ARG_DISBL_SET([fips-prf], [disable
+ ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.])
+ ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
+ ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.])
++ARG_DISBL_SET([gmpdh], [disable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.])
+ ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
+ ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.])
+ ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.])
+@@ -1310,6 +1311,7 @@ ADD_PLUGIN([gcrypt], [s ch
+ ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
+ ADD_PLUGIN([fips-prf], [s charon nm cmd])
+ ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
++ADD_PLUGIN([gmpdh], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ ADD_PLUGIN([agent], [s charon nm cmd])
+ ADD_PLUGIN([keychain], [s charon cmd])
+ ADD_PLUGIN([chapoly], [s charon scripts nm cmd])
+@@ -1441,6 +1443,7 @@ AM_CONDITIONAL(USE_SHA1, test x$sha1 = x
+ AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
+ AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
+ AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
++AM_CONDITIONAL(USE_GMPDH, test x$gmpdh = xtrue)
+ AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
+ AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
+ AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
+@@ -1688,6 +1691,7 @@ AC_CONFIG_FILES([
+ src/libstrongswan/plugins/sha2/Makefile
+ src/libstrongswan/plugins/fips_prf/Makefile
+ src/libstrongswan/plugins/gmp/Makefile
++ src/libstrongswan/plugins/gmpdh/Makefile
+ src/libstrongswan/plugins/rdrand/Makefile
+ src/libstrongswan/plugins/aesni/Makefile
+ src/libstrongswan/plugins/random/Makefile
+--- a/src/libstrongswan/Makefile.am
++++ b/src/libstrongswan/Makefile.am
+@@ -295,6 +295,13 @@ if MONOLITHIC
+ endif
+ endif
+
++if USE_GMPDH
++ SUBDIRS += plugins/gmpdh
++if MONOLITHIC
++ libstrongswan_la_LIBADD += plugins/gmpdh/libstrongswan-gmpdh.la
++endif
++endif
++
+ if USE_RDRAND
+ SUBDIRS += plugins/rdrand
+ if MONOLITHIC
+--- /dev/null
++++ b/src/libstrongswan/plugins/gmpdh/Makefile.am
+@@ -0,0 +1,19 @@
++AM_CPPFLAGS = \
++ -I$(top_srcdir)/src/libstrongswan
++
++AM_CFLAGS = \
++ $(PLUGIN_CFLAGS)
++
++if MONOLITHIC
++noinst_LTLIBRARIES = libstrongswan-gmpdh.la
++else
++plugin_LTLIBRARIES = libstrongswan-gmpdh.la
++endif
++
++libstrongswan_gmpdh_la_SOURCES = \
++ gmpdh_plugin.h gmpdh_plugin.c \
++ ../gmp/gmp_diffie_hellman.c ../gmp/gmp_diffie_hellman.h
++
++
++libstrongswan_gmpdh_la_LDFLAGS = -module -avoid-version -Wl,-Bstatic -Wl,-lgmp -Wl,-Bdynamic -Wl,--as-needed
++libstrongswan_gmpdh_la_LIBADD =
+--- /dev/null
++++ b/src/libstrongswan/plugins/gmpdh/gmpdh_plugin.c
+@@ -0,0 +1,101 @@
++/*
++ * Copyright (C) 2008-2009 Martin Willi
++ * Hochschule fuer Technik Rapperswil
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ */
++
++#include "gmpdh_plugin.h"
++
++#include <library.h>
++#include "../gmp/gmp_diffie_hellman.h"
++
++typedef struct private_gmpdh_plugin_t private_gmpdh_plugin_t;
++
++/**
++ * private data of gmp_plugin
++ */
++struct private_gmpdh_plugin_t {
++
++ /**
++ * public functions
++ */
++ gmpdh_plugin_t public;
++};
++
++METHOD(plugin_t, get_name, char*,
++ private_gmpdh_plugin_t *this)
++{
++ return "gmpdh";
++}
++
++METHOD(plugin_t, get_features, int,
++ private_gmpdh_plugin_t *this, plugin_feature_t *features[])
++{
++ static plugin_feature_t f[] = {
++ /* DH groups */
++ PLUGIN_REGISTER(DH, gmp_diffie_hellman_create),
++ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_2048_224),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_2048_256),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_1024_160),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_PROVIDE(DH, MODP_768_BIT),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ PLUGIN_REGISTER(DH, gmp_diffie_hellman_create_custom),
++ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
++ PLUGIN_DEPENDS(RNG, RNG_STRONG),
++ };
++ *features = f;
++ return countof(f);
++}
++
++METHOD(plugin_t, destroy, void,
++ private_gmpdh_plugin_t *this)
++{
++ free(this);
++}
++
++/*
++ * see header file
++ */
++plugin_t *gmpdh_plugin_create()
++{
++ private_gmpdh_plugin_t *this;
++
++ INIT(this,
++ .public = {
++ .plugin = {
++ .get_name = _get_name,
++ .get_features = _get_features,
++ .destroy = _destroy,
++ },
++ },
++ );
++
++ return &this->public.plugin;
++}
++
+--- /dev/null
++++ b/src/libstrongswan/plugins/gmpdh/gmpdh_plugin.h
+@@ -0,0 +1,42 @@
++/*
++ * Copyright (C) 2008 Martin Willi
++ * Hochschule fuer Technik Rapperswil
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ */
++
++/**
++ * @defgroup gmpdh_p gmpdh
++ * @ingroup plugins
++ *
++ * @defgroup gmpdh_plugin gmpdh_plugin
++ * @{ @ingroup gmpdh_p
++ */
++
++#ifndef GMPDH_PLUGIN_H_
++#define GMPDH_PLUGIN_H_
++
++#include <plugins/plugin.h>
++
++typedef struct gmpdh_plugin_t gmpdh_plugin_t;
++
++/**
++ * Plugin implementing asymmetric crypto algorithms using the GNU MP library.
++ */
++struct gmpdh_plugin_t {
++
++ /**
++ * implements plugin interface
++ */
++ plugin_t plugin;
++};
++
++#endif /** GMPDH_PLUGIN_H_ @}*/
PKG_NAME:=vpnc-scripts
PKG_VERSION:=20150116
-PKG_RELEASE:=2
+PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk
[[ "$addr" != "$mask" ]] && proto_add_ipv6_address "$addr" "$mask"
fi
+ DNSMASQ_FILE="/tmp/dnsmasq.d/openconnect.$TUNDEV"
+ LOCAL_DOMAIN=$(uci get dhcp.@dnsmasq[0].domain)
+ rm -f $DNSMASQ_FILE
if [ -n "$CISCO_SPLIT_DNS" ] && [ -d "/tmp/dnsmasq.d/" ];then
SDNS=`echo $CISCO_SPLIT_DNS|sed 's/,/\n/g'`
- DNSMASQ_FILE="/tmp/dnsmasq.d/openconnect.$TUNDEV"
- rm -f $DNSMASQ_FILE
echo "$SDNS" | while read i; do
+ if [ "$i" = "$LOCAL_DOMAIN" ];then
+ continue
+ fi
if [ -n "$INTERNAL_IP4_DNS" ];then
for dns in "$INTERNAL_IP4_DNS";do
echo "server=/$i/$dns" >> $DNSMASQ_FILE
proto_add_dns_server "$dns"
done
fi
- [ -n "$CISCO_DEF_DOMAIN" ] && proto_add_dns_search "$CISCO_DEF_DOMAIN"
+ if [ -n "$CISCO_DEF_DOMAIN" ] && [ "$CISCO_DEF_DOMAIN" != "$LOCAL_DOMAIN" ];then
+ if [ -n "$INTERNAL_IP4_DNS" ];then
+ for dns in "$INTERNAL_IP4_DNS";do
+ echo "server=/$CISCO_DEF_DOMAIN/$dns" >> $DNSMASQ_FILE
+ done
+ fi
+ if [ -n "$INTERNAL_IP6_DNS" ];then
+ for dns in "$INTERNAL_IP6_DNS";do
+ echo "server=/$CISCO_DEF_DOMAIN/$dns" >> $DNSMASQ_FILE
+ done
+ fi
+ proto_add_dns_search "$CISCO_DEF_DOMAIN"
+ fi
fi
if [ -n "$CISCO_SPLIT_INC" ]; then
include $(TOPDIR)/rules.mk
PKG_NAME:=wget
-PKG_VERSION:=1.16.3
+PKG_VERSION:=1.17
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
-PKG_MD5SUM:=d2e4455781a70140ae83b54ca594ce21
+PKG_MD5SUM:=b8cff5a2f88f5ce60a2b0e361e030b46
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=GPL-3.0+
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=mpd
-PKG_VERSION:=0.19.10
-PKG_RELEASE:=2
+PKG_VERSION:=0.19.11
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.musicpd.org/download/mpd/0.19/
-PKG_MD5SUM:=da4bc3e47afd0faf9e7a67168e012102
+PKG_MD5SUM:=78935f6c464b67e19b4dc65bdb80319e
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=GPL-2.0
--- /dev/null
+Add a patch from the Alpine Linux project to fix a musl build issue with gcc 5:
+
+Problem has been reported upstream and closed with WONTFIX:
+http://bugs.musicpd.org/view.php?id=4387
+http://bugs.musicpd.org/view.php?id=4110
+
+however...
+
+POSIX does not permit using PTHREAD_COND_INITIALIZER except for static
+initialization, and certainly does not permit using it as a value
+
+POSIX does not specify the type of the object (it's opaque) so if
+there are any types for which their code would be invalid C++, then their
+code is invalid
+
+Volatile in the type is necessary. without that, LTO can break the code.
+
+--- a/src/notify.hxx
++++ b/src/notify.hxx
+@@ -28,7 +28,7 @@ struct notify {
+ Cond cond;
+ bool pending;
+
+-#if !defined(WIN32) && !defined(__NetBSD__) && !defined(__BIONIC__)
++#if defined(__GLIBC__)
+ constexpr
+ #endif
+ notify():pending(false) {}
+--- a/src/thread/PosixCond.hxx
++++ b/src/thread/PosixCond.hxx
+@@ -41,7 +41,7 @@ class PosixCond {
+ pthread_cond_t cond;
+
+ public:
+-#if defined(__NetBSD__) || defined(__BIONIC__)
++#if !defined(__GLIBC__)
+ /* NetBSD's PTHREAD_COND_INITIALIZER is not compatible with
+ "constexpr" */
+ PosixCond() {
+--- a/src/thread/PosixMutex.hxx
++++ b/src/thread/PosixMutex.hxx
+@@ -41,7 +41,7 @@ class PosixMutex {
+ pthread_mutex_t mutex;
+
+ public:
+-#if defined(__NetBSD__) || defined(__BIONIC__)
++#if !defined(__GLIBC__)
+ /* NetBSD's PTHREAD_MUTEX_INITIALIZER is not compatible with
+ "constexpr" */
+ PosixMutex() {
--- a/src/decoder/plugins/FfmpegDecoderPlugin.cxx
+++ b/src/decoder/plugins/FfmpegDecoderPlugin.cxx
-@@ -765,6 +765,7 @@ static const char *const ffmpeg_mime_typ
+@@ -774,6 +774,7 @@ static const char *const ffmpeg_mime_typ
"audio/qcelp",
"audio/vorbis",
"audio/vorbis+ogg",
--- a/src/decoder/plugins/FfmpegDecoderPlugin.cxx
+++ b/src/decoder/plugins/FfmpegDecoderPlugin.cxx
-@@ -458,6 +458,13 @@ ffmpeg_probe(Decoder *decoder, InputStre
+@@ -467,6 +467,13 @@ ffmpeg_probe(Decoder *decoder, InputStre
unsigned char buffer[BUFFER_SIZE];
size_t nbytes = decoder_read(decoder, is, buffer, BUFFER_SIZE);
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) \
$(PKG_INSTALL_DIR)/usr/bin/mpg123{,-id3dump,-strip} \
- $(PKG_INSTALL_DIR)/usr/bin/out123
+ $(PKG_INSTALL_DIR)/usr/bin/out123 \
$(1)/usr/bin
$(INSTALL_DIR) $(1)/usr/lib/mpg123
include $(TOPDIR)/rules.mk
PKG_NAME:=pulseaudio
-PKG_VERSION:=7.0
+PKG_VERSION:=7.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://freedesktop.org/software/pulseaudio/releases/
-PKG_MD5SUM:=09668b660ffb32f2639cfd6fdc9d3b37
+PKG_MD5SUM:=9d0a9817b632cac8e3f3834d7eb1c99d
PKG_LICENSE:=LGPL-2.1+
PKG_LICENSE_FILES:=GPL LICENSE
#!/bin/sh /etc/rc.common
# Copyright (C) 2011 OpenWrt.org
-START=65
+START=99
STOP=65
USE_PROCD=1
--- /dev/null
+#
+# Copyright (C) 2008-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=at
+PKG_VERSION:=3.1.16
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
+PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/a/at
+PKG_MD5SUM:=d05da75d9b75d93917ffb16ab48b1e19
+
+PKG_LICENSE:=GPL-2.0+ GPL-3.0+ ISC
+PKG_LICENSE_FILES:=COPYING Copyright
+PKG_MAINTAINER:=Phil Eichinger <phil@zankapfel.net>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/at
+ SECTION:=utils
+ CATEGORY:=Utilities
+ DEPENDS:=+libelf1
+ TITLE:=Delayed job execution and batch processing
+ URL:=http://packages.debian.org/stable/at
+endef
+
+define Package/at/description
+ At and batch read shell commands from standard input storing them as a job to
+ be scheduled for execution in the future.
+endef
+
+export SENDMAIL=/bin/true
+EXTRA_CFLAGS:=-DNEED_YYWRAP -I$(PKG_BUILD_DIR) \
+ $(TARGET_LDFLAGS)
+
+CONFIGURE_ARGS+=--prefix=/usr \
+ --with-daemon_username=nobody \
+ --with-daemon_groupname=nogroup \
+ --with-jobdir=/var/spool/cron/atjobs \
+ --with-atspool=/var/spool/cron/atspool
+
+CONFIGURE_VARS += \
+ ac_cv_header_security_pam_appl_h=no
+
+define Package/at/install
+ $(INSTALL_DIR) $(1)/usr/bin $(1)/usr/sbin $(1)/etc/init.d/
+ $(INSTALL_BIN) ./files/atd.init $(1)/etc/init.d/atd
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/at $(1)/usr/bin
+ ln -sf at $(1)/usr/bin/atq
+ ln -sf at $(1)/usr/bin/atrm
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/atd $(1)/usr/sbin
+endef
+
+$(eval $(call BuildPackage,at))
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2015 OpenWrt.org
+
+START=50
+
+USE_PROCD=1
+
+start_service() {
+ [ -d /var/spool/cron/atjobs ] || {
+ mkdir -m 0755 -p /var/spool/cron/atjobs
+ touch /var/spool/cron/atjobs/.SEQ
+ chown -R nobody:nogroup /var/spool/cron/atjobs
+ }
+ [ -d /var/spool/cron/atspool ] || {
+ mkdir -m 0755 -p /var/spool/cron/atspool
+ chown -R nobody:nogroup /var/spool/cron/atspool
+ }
+ procd_open_instance
+
+ procd_set_param command /usr/sbin/atd -f
+ procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
+ procd_set_param stdout 1 # forward stdout of the command to logd
+ procd_set_param stderr 1 # same for stderr
+
+ procd_close_instance
+}
--- /dev/null
+From 7f811d9c4ebc9444e613e251c31d6bf537a24dc1 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 13 Apr 2015 16:35:30 -0700
+Subject: [PATCH] remove glibc assumption
+
+glibc time.h header has an undocumented __isleap macro
+that we are using anf musl is missing it.
+Since it is undocumented & does not appear
+on any other libc, stop using it and just define the macro in
+locally instead.
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+[patch from: http://patchwork.openembedded.org/patch/91893/ ]
+Signed-off-by: Phil Eichinger <phil@zankapfel.net>
+---
+ parsetime.y | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/parsetime.y b/parsetime.y
+index 7005e88..324e6d3 100644
+--- a/parsetime.y
++++ b/parsetime.y
+@@ -8,6 +8,9 @@
+
+ #define YYDEBUG 1
+
++#define is_leap_year(y) \
++ ((y) % 4 == 0 && ((y) % 100 != 0 || (y) % 400 == 0))
++
+ struct tm exectm;
+ static int isgmt;
+ static int yearspec;
+@@ -217,8 +220,8 @@ date : month_name day_number
+ mnum == 12) && dnum > 31)
+ || ((mnum == 4 || mnum == 6 || mnum == 9 ||
+ mnum == 11) && dnum > 30)
+- || (mnum == 2 && dnum > 29 && __isleap(ynum+1900))
+- || (mnum == 2 && dnum > 28 && !__isleap(ynum+1900))
++ || (mnum == 2 && dnum > 29 && is_leap_year(ynum+1900))
++ || (mnum == 2 && dnum > 28 && !is_leap_year(ynum+1900))
+ )
+ {
+ yyerror("Error in day of month");
+@@ -261,8 +264,8 @@ date : month_name day_number
+ mnum == 12) && dnum > 31)
+ || ((mnum == 4 || mnum == 6 || mnum == 9 ||
+ mnum == 11) && dnum > 30)
+- || (mnum == 2 && dnum > 29 && __isleap(ynum+1900))
+- || (mnum == 2 && dnum > 28 && !__isleap(ynum+1900))
++ || (mnum == 2 && dnum > 29 && is_leap_year(ynum+1900))
++ || (mnum == 2 && dnum > 28 && !is_leap_year(ynum+1900))
+ )
+ {
+ yyerror("Error in day of month");
+--
+2.1.4
+
--- /dev/null
+--- a/getloadavg.c
++++ b/getloadavg.c
+@@ -69,8 +69,9 @@ Boston, MA 02110-1301 USA */
+ #include <config.h>
+ #endif
+
+-#include "lisp.h"
+-#include "sysfile.h" /* for encapsulated open, close, read, write */
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
+
+ #ifndef HAVE_GETLOADAVG
+
ac_cv_file__usr_local_pgsql_include=no
endif
-EXTRA_CFLAGS+= $(TARGET_CPPFLAGS)
+EXTRA_CFLAGS+= $(TARGET_CPPFLAGS) -std=gnu89
EXTRA_LDFLAGS+= $(TARGET_LDFLAGS) -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
define Package/bandwidthd/install
#!/bin/sh /etc/rc.common
-# Copyright (C) 2008-2011 OpenWrt.org
+# Copyright (C) 2008-2015 OpenWrt.org
START=99
notify_desktop \
notify_email \
numa \
- nut \
openldap \
openvz \
oracle \
network \
nginx \
ntpd \
+ nut \
olsrd \
onewire \
openvpn \
$(eval $(call BuildPlugin,network,network input/output,network))
$(eval $(call BuildPlugin,nginx,nginx status input,nginx,+PACKAGE_collectd-mod-nginx:libcurl))
$(eval $(call BuildPlugin,ntpd,NTP daemon status input,ntpd,))
-#$(eval $(call BuildPlugin,nut,UPS monitoring input,nut,+PACKAGE_collectd-mod-nut:nut))
+$(eval $(call BuildPlugin,nut,UPS monitoring input,nut,+PACKAGE_collectd-mod-nut:nut))
$(eval $(call BuildPlugin,olsrd,OLSRd status input,olsrd,))
$(eval $(call BuildPlugin,onewire,onewire sensor input,onewire,+PACKAGE_collectd-mod-onewire:libow-capi @BROKEN))
$(eval $(call BuildPlugin,openvpn,OpenVPN traffic/compression input,openvpn,))
# Make sure to also update the dbus-x package
PKG_NAME:=dbus
-PKG_VERSION:=1.10.0
+PKG_VERSION:=1.10.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://dbus.freedesktop.org/releases/dbus/
-PKG_MD5SUM:=5af6297348107a906c8449817a728b3b
+PKG_MD5SUM:=27b8e99ffad603b8acfa25201c6e3d5c
PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
PKG_LICENSE:=AFL-2.1
include $(TOPDIR)/rules.mk
PKG_NAME:=dump1090
-PKG_VERSION:=2015-10-08
+PKG_VERSION:=2015-11-22
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=git://github.com/mutability/dump1090.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=c55c71b57cf34e90d95afd52449a05a4b6dbda03
+PKG_SOURCE_VERSION:=497f88fe1c597652aca23c1035ddb55a9f6c274d
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
option no_fix '0'
option no_crc_check '0'
option phase_enhance '0'
- option agressive '0'
+ option aggressive '0'
option mlat '0'
option stats '0'
option stats_range '0'
append_bool "$cfg" no_fix "--no-fix"
append_bool "$cfg" no_crc_check "--no-crc-check"
append_bool "$cfg" phase_enhance "--phase-enhance"
- append_bool "$cfg" agressive "--agressive"
+ append_bool "$cfg" aggressive "--aggressive"
append_bool "$cfg" mlat "--mlat"
append_bool "$cfg" stats "--stats"
append_bool "$cfg" stats_range "--stats-range"
libgpsmm=no \
libQgpsmm=no \
bluez=no \
- strip=no \
+ nostrip=yes \
python=no \
implicit_link=no \
chrpath=no
--- /dev/null
+ menu "Customize libow"
+ depends on PACKAGE_libow
+
+ menu "Bus master and adapter support"
+ config LIBOW_MASTER_USB
+ bool "USB bus master support (requires libusb)"
+ help
+ Include support for USB adapters (NOT usb-serial adapters, which use
+ kernel driver and are supported anyway).
+ Turning this off will save ~13kB (and ~50kB weighting libusb dependency).
+ default y
+
+ config LIBOW_MASTER_I2C
+ bool "I2C bus master (DS2482) support"
+ default y
+ help
+ Include support for I2C adapters.
+ Turning this feature off will save ~6kB.
+
+ config LIBOW_MASTER_W1
+ bool "Kernel W1 bus master support (requires kmod-w1)"
+ help
+ Support kernel 1-Wire bus masters (requires KConfig CONFIG_CONNECTOR=y
+ and CONFIG_W1_CON=y).
+ Turning this on will increase libow size by about 10kB.
+ default n
+ endmenu
+
+ config LIBOW_ZEROCONF
+ bool "Zeroconf/bonjour support"
+ default y
+ help
+ Enable server process announcement using Zeroconf (Bonjour) protocol.
+ Turning this feature on will increase owlib size by about 12kB.
+
+ config LIBOW_DEBUG
+ bool "Enable debug output (100+ kB)"
+ default y
+ help
+ If you don't need to debug your 1-wire network, you can save as much as
+ 137kB disabling debug output.
+
+ config LIBOW_OWTRAFFIC
+ bool "Enable bus traffic reports"
+ default n
+ help
+ Enable owfs traffic monitor. It's here purely for debugging purposes.
+ Turning this on will increase libow size by about 3kB.
+ endmenu
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_CONFIG_DEPENDS:= \
+ CONFIG_LIBOW_MASTER_USB \
+ CONFIG_LIBOW_MASTER_I2C \
+ CONFIG_LIBOW_MASTER_W1 \
+ CONFIG_LIBOW_ZEROCONF \
+ CONFIG_LIBOW_DEBUG \
+ CONFIG_LIBOW_OWTRAFFIC
+
include $(INCLUDE_DIR)/package.mk
#
define Package/libow
$(call Package/owfs/Library)
- DEPENDS:=+libusb-compat +libpthread
+ DEPENDS:= \
+ +libpthread \
+ +LIBOW_MASTER_USB:libusb-compat \
+ +LIBOW_MASTER_W1:kmod-w1
TITLE:=OWFS - common shared library
endef
+define Package/libow/config
+ source "$(SOURCE)/Config.in"
+endef
+
define Package/libow/description
$(call Package/$(PKG_NAME)/Default/description)
--with-fuseinclude="$(STAGING_DIR)/usr/include" \
--with-fuselib="$(STAGING_DIR)/usr/lib" \
--enable-shared \
- --enable-zero \
--disable-parport \
--disable-ownet \
--disable-owpython \
--disable-owphp \
--disable-owtcl \
--disable-swig \
+ $(if $(CONFIG_LIBOW_MASTER_USB),--enable-usb,--disable-usb) \
+ $(if $(CONFIG_LIBOW_MASTER_W1),--enable-w1,--disable-w1) \
+ $(if $(CONFIG_LIBOW_MASTER_I2C),--enable-i2c,--disable-i2c) \
+ $(if $(CONFIG_LIBOW_ZEROCONF),--enable-zero,--disable-zero) \
+ $(if $(CONFIG_LIBOW_DEBUG),--enable-debug,--disable-debug) \
+ $(if $(CONFIG_LIBOW_OWTRAFFIC),--enable-owtraffic,--disable-owtraffic)
CONFIGURE_VARS += \
LDFLAGS="$(TARGET_LDFLAGS) -Wl,-rpath-link=$(STAGING_DIR)/usr/lib -Wl,-rpath-link=$(TOOLCHAIN_DIR)/usr/lib" \
define Package/owfs/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/owfs $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/owfs.conf $(1)/etc/config/owfs
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/owfs.init $(1)/etc/init.d/owfs
+ mkdir -p $(1)/mnt/owfs
+endef
+
+define Package/owfs/conffiles
+/etc/config/owfs
endef
define Package/owshell/install
define Package/owserver/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/owserver $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/owserver.conf $(1)/etc/config/owserver
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/owserver.init $(1)/etc/init.d/owserver
+endef
+
+define Package/owserver/conffiles
+/etc/config/owserver
endef
define Package/owhttpd/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/owhttpd $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/owhttpd.conf $(1)/etc/config/owhttpd
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/owhttpd.init $(1)/etc/init.d/owhttpd
+endef
+
+define Package/owhttpd/conffiles
+/etc/config/owhttpd
endef
define Package/owftpd/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/owftpd $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/owftpd.conf $(1)/etc/config/owftpd
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/owftpd.init $(1)/etc/init.d/owftpd
endef
+define Package/owftpd/conffiles
+/etc/config/owftpd
+endef
define Package/libow/install
$(INSTALL_DIR) $(1)/usr/lib
--- /dev/null
+config owfs 'owfs'
+ option enabled 0
+ option user root
+ option readonly 0
+ option mountpoint '/mnt/owfs'
+ option fuse_allow_other 0
+ option fuse_open_opt ''
+ option error_level 0
+ list devices '-s'
+ list devices 'localhost:4304'
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2009-2015 OpenWrt.org
+
+START=95
+USE_PROCD=1
+
+PROG=/usr/bin/owfs
+
+append_arg() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param command $opt "${val:-$def}"
+}
+
+append_bool() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get_bool val "$cfg" "$var" "$def"
+ [ "$val" = 1 ] && procd_append_param command "$opt"
+}
+
+append_plain() {
+ procd_append_param command "$1"
+}
+
+append_param() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param "$opt" "${val:-$def}"
+}
+
+start_instance() {
+ local cfg="$1"
+ local enabled
+
+ config_get_bool enabled "$cfg" 'enabled' '0'
+ [ "$enabled" = 0 ] && return 1
+
+ procd_open_instance
+
+ procd_set_param command "$PROG" --foreground --error_print=1
+
+ # common parameters
+ append_bool "$cfg" readonly "--readonly"
+ append_arg "$cfg" error_level "--error_level"
+ config_list_foreach "$cfg" options append_plain
+ config_list_foreach "$cfg" devices append_plain
+ append_param "$cfg" user user
+
+ # owfs-specific
+ append_arg "$cfg" mountpoint "--mountpoint" /mnt/owfs
+ append_bool "$cfg" fuse_allow_other "--allow_other"
+ append_arg "$cfg" fuse_open_opt "--fuse_open_opt"
+
+ # don't respawn fuse
+
+ procd_close_instance
+
+}
+
+service_triggers() {
+ procd_add_reload_trigger owfs
+}
+
+start_service() {
+ config_load owfs
+ config_foreach start_instance owfs
+}
--- /dev/null
+config owftpd 'owftpd'
+ option enabled 0
+ option user root
+ option readonly 0
+ option port 21
+ option error_level 0
+ list devices '-s'
+ list devices 'localhost:4304'
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2009-2015 OpenWrt.org
+
+START=95
+USE_PROCD=1
+
+PROG=/usr/bin/owftpd
+
+append_arg() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param command $opt "${val:-$def}"
+}
+
+append_bool() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get_bool val "$cfg" "$var" "$def"
+ [ "$val" = 1 ] && procd_append_param command "$opt"
+}
+
+append_plain() {
+ procd_append_param command "$1"
+}
+
+append_param() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param "$opt" "${val:-$def}"
+}
+
+start_instance() {
+ local cfg="$1"
+ local enabled
+
+ config_get_bool enabled "$cfg" 'enabled' '0'
+ [ "$enabled" = 0 ] && return 1
+
+ procd_open_instance
+
+ procd_set_param command "$PROG" --foreground --error_print=1
+
+ # common parameters
+ append_bool "$cfg" readonly "--readonly"
+ append_arg "$cfg" error_level "--error_level"
+ config_list_foreach "$cfg" options append_plain
+ config_list_foreach "$cfg" devices append_plain
+ append_param "$cfg" user user
+
+ # owftpd-specific
+ append_arg "$cfg" port "--port"
+ append_arg "$cfg" max_connections "--max_connections"
+
+ procd_set_param respawn
+
+ procd_close_instance
+
+}
+
+service_triggers() {
+ procd_add_reload_trigger owftpd
+}
+
+start_service() {
+ config_load owftpd
+ config_foreach start_instance owftpd
+}
--- /dev/null
+config owhttpd 'owhttpd'
+ option enabled 0
+ option user root
+ option readonly 0
+ option port 3001
+ option error_level 0
+ list devices '-s'
+ list devices 'localhost:4304'
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2009-2015 OpenWrt.org
+
+START=95
+USE_PROCD=1
+
+PROG=/usr/bin/owhttpd
+
+append_arg() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param command $opt "${val:-$def}"
+}
+
+append_bool() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get_bool val "$cfg" "$var" "$def"
+ [ "$val" = 1 ] && procd_append_param command "$opt"
+}
+
+append_plain() {
+ procd_append_param command "$1"
+}
+
+append_param() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param "$opt" "${val:-$def}"
+}
+
+start_instance() {
+ local cfg="$1"
+ local enabled
+
+ config_get_bool enabled "$cfg" 'enabled' '0'
+ [ "$enabled" = 0 ] && return 1
+
+ procd_open_instance
+
+ procd_set_param command "$PROG" --foreground --error_print=1
+
+ # common parameters
+ append_bool "$cfg" readonly "--readonly"
+ append_arg "$cfg" error_level "--error_level"
+ config_list_foreach "$cfg" options append_plain
+ config_list_foreach "$cfg" devices append_plain
+ append_param "$cfg" user user
+
+ # owhttpd-specific
+ append_arg "$cfg" port "--port"
+ append_arg "$cfg" max_connections "--max_connections"
+
+ procd_set_param respawn
+
+ procd_close_instance
+
+}
+
+service_triggers() {
+ procd_add_reload_trigger owhttpd
+}
+
+start_service() {
+ config_load owhttpd
+ config_foreach start_instance owhttpd
+}
--- /dev/null
+config owserver 'owserver'
+ option enabled 0
+ option user root
+ option readonly 0
+ option port 4304
+ option error_level 0
+ list devices '-d'
+ list devices '/dev/ttyUSB0'
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2009-2015 OpenWrt.org
+
+START=90
+USE_PROCD=1
+
+PROG=/usr/bin/owserver
+
+append_arg() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param command $opt "${val:-$def}"
+}
+
+append_bool() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get_bool val "$cfg" "$var" "$def"
+ [ "$val" = 1 ] && procd_append_param command "$opt"
+}
+
+append_plain() {
+ procd_append_param command "$1"
+}
+
+append_param() {
+ local cfg="$1"
+ local var="$2"
+ local opt="$3"
+ local def="$4"
+ local val
+
+ config_get val "$cfg" "$var"
+ [ -n "$val" -o -n "$def" ] && procd_append_param "$opt" "${val:-$def}"
+}
+
+start_instance() {
+ local cfg="$1"
+ local enabled
+
+ config_get_bool enabled "$cfg" 'enabled' '0'
+ [ "$enabled" = 0 ] && return 1
+
+ procd_open_instance
+
+ procd_set_param command "$PROG" --foreground --error_print=1
+
+ # common parameters
+ append_bool "$cfg" readonly "--readonly"
+ append_arg "$cfg" error_level "--error_level"
+ config_list_foreach "$cfg" options append_plain
+ config_list_foreach "$cfg" devices append_plain
+ append_param "$cfg" user user
+
+ # owserver-specific
+ append_arg "$cfg" port "--port"
+ append_arg "$cfg" max_connections "--max_connections"
+
+ procd_set_param respawn
+
+ procd_close_instance
+
+}
+
+service_triggers() {
+ procd_add_reload_trigger owserver
+}
+
+start_service() {
+ config_load owserver
+ config_foreach start_instance owserver
+}
--- /dev/null
+AaAA
+--- a/module/owlib/src/c/ow_w1_parse.c
++++ b/module/owlib/src/c/ow_w1_parse.c
+@@ -237,7 +237,7 @@ enum Netlink_Read_Status W1_Process_Resp
+ owfree(nlp.nlm) ;
+ return nrs_nodev ;
+ }
+- if ( nrs_callback == NULL ) { // status message
++ if ( nrs_callback == NULL ) { // bus reset
+ owfree(nlp.nlm) ;
+ return nrs_complete ;
+ }
+@@ -246,7 +246,7 @@ enum Netlink_Read_Status W1_Process_Resp
+ nrs_callback( &nlp, v, pn ) ;
+ LEVEL_DEBUG("Called nrs_callback");
+ owfree(nlp.nlm) ;
+- if ( nlp.cn->ack != 0 ) {
++ if ( nlp.cn->seq != nlp.cn->ack ) {
+ if ( nlp.w1m->type == W1_LIST_MASTERS ) {
+ continue ; // look for more data
+ }
+@@ -254,7 +254,7 @@ enum Netlink_Read_Status W1_Process_Resp
+ continue ; // look for more data
+ }
+ }
+- nrs_callback = NULL ; // now look for status message
++ return nrs_complete ; // status message
+ }
+ return nrs_timeout ;
+ }
--- /dev/null
+--- a/module/owlib/src/c/ow_reset.c
++++ b/module/owlib/src/c/ow_reset.c
+@@ -21,6 +21,10 @@ RESET_TYPE BUS_reset(const struct parsed
+ struct connection_in * in = pn->selected_connection ;
+ STAT_ADD1_BUS(e_bus_resets, in);
+
++ if ( in->iroutines.reset == NO_RESET_ROUTINE ) {
++ return BUS_RESET_OK;
++ }
++
+ switch ( (in->iroutines.reset) (pn) ) {
+ case BUS_RESET_OK:
+ in->reconnect_state = reconnect_ok; // Flag as good!
--- /dev/null
+#
+# Copyright (C) 2006-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=stress
+PKG_VERSION:=1.0.4
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://people.seas.harvard.edu/~apw/stress/
+PKG_MD5SUM:=a607afa695a511765b40993a64c6e2f4
+
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/stress
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=stress is a simple stress utility
+ URL:=http://people.seas.harvard.edu/~apw/stress/
+ MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
+endef
+
+define Package/stress/description
+stress is a simple tool that imposes certain types of compute \ stress on
+UNIX-like operating systems.
+endef
+
+CONFIGURE_ARGS += \
+ --prefix="/usr"
+
+MAKE_FLAGS += \
+ CFLAGS="$(TARGET_CFLAGS)"
+
+define Package/stress/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/stress $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,stress))
PKG_NAME:=zile
PKG_VERSION:=2.3.24
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/zile
PKG_LICENSE:=GPL-3.0+
PKG_LICENSE_FILES:=COPYING
+PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_DEPENDS += libncurses
+
include $(INCLUDE_DIR)/package.mk
define Package/zile
endef
CONFIGURE_VARS += \
- gl_cv_func_getopt_gnu=yes
+ gl_cv_func_getopt_gnu=yes \
+ gl_cv_warn__Wmudflap=no \
+ gl_cv_warn__fmudflap=no
define Package/zile/install
$(INSTALL_DIR) $(1)/usr/bin
--- /dev/null
+--- a/lib/stdio.in.h
++++ b/lib/stdio.in.h
+@@ -733,7 +733,7 @@ _GL_CXXALIASWARN (gets);
+ /* It is very rare that the developer ever has full control of stdin,
+ so any use of gets warrants an unconditional warning. Assume it is
+ always declared, since it is required by C89. */
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
++#define gets(a) fgets( a, sizeof(*(a)), stdin)
+ #endif
+
+