From 83ef1da2a4793c03eba38452562aa3955eafb7f2 Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Sun, 7 Feb 2021 19:34:19 +0800 Subject: [PATCH 01/15] go-nats: add new pakage Go-NATs is a NAT type discovery tool using STUN written purely in Go. Signed-off-by: CN_SZTL --- package/ctcgfw/go-nats/Makefile | 74 +++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 package/ctcgfw/go-nats/Makefile diff --git a/package/ctcgfw/go-nats/Makefile b/package/ctcgfw/go-nats/Makefile new file mode 100644 index 0000000000..cd34c5c82a --- /dev/null +++ b/package/ctcgfw/go-nats/Makefile @@ -0,0 +1,74 @@ +# +# Copyright (C) 2021 ImmortalWrt +# +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=go-nats +PKG_VERSION:=0.0.1 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/enobufs/go-nats.git +PKG_SOURCE_DATE:=2019-09-23 +PKG_SOURCE_VERSION:=4effc32e0f4006da0636b24f4468cf32ce494d71 +PKG_MIRROR_HASH:=52156d096ba21fdc18316040749b20868e500d7bd785a0d33533610ba7f7169b + +PKG_LICENSE:=MIT +PKG_LICENSE_FILE:=LICENSE +PKG_MAINTAINER:=CN_SZTL + +PKG_CONFIG_DEPENDS:= \ + CONFIG_GO_NATS_COMPRESS_GOPROXY \ + CONFIG_GO_NATS_COMPRESS_UPX + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +GO_PKG:=github.com/enobufs/go-nats +GO_PKG_LDFLAGS:=-s -w + +include $(INCLUDE_DIR)/package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk + +define Package/go-nats + SECTION:=net + CATEGORY:=Network + TITLE:=A NAT type discovery tool + URL:=https://github.com/enobufs/go-nats + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/go-nats/description + A NAT type discovery tool using STUN written purely in Go. +endef + +define Package/go-nats/config +config GO_NATS_COMPRESS_GOPROXY + bool "Compiling with GOPROXY proxy" + default n + +config GO_NATS_COMPRESS_UPX + bool "Compress executable files with UPX" + default y +endef + +ifeq ($(CONFIG_GO_NATS_COMPRESS_GOPROXY),y) + export GO111MODULE=on + export GOPROXY=https://goproxy.io +endif + +define Build/Compile + $(call GoPackage/Build/Compile) +ifeq ($(CONFIG_GO_NATS_COMPRESS_UPX),y) + $(STAGING_DIR_HOST)/bin/upx --lzma --best $(GO_PKG_BUILD_BIN_DIR)/go-nats +endif +endef + +$(eval $(call GoBinPackage,go-nats)) +$(eval $(call BuildPackage,go-nats)) From b02404150fe3a2e34107da74dbc094b4c890dc64 Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Sun, 7 Feb 2021 19:43:44 +0800 Subject: [PATCH 02/15] gotop: fix build err GO_PKG_BUILD_PKG seems to be wrong, so just drop it here. Signed-off-by: CN_SZTL --- package/ctcgfw/gotop/Makefile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/package/ctcgfw/gotop/Makefile b/package/ctcgfw/gotop/Makefile index 463d6dcb31..149290092c 100644 --- a/package/ctcgfw/gotop/Makefile +++ b/package/ctcgfw/gotop/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gotop PKG_VERSION:=4.1.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/xxxserxxx/gotop/tar.gz/v$(PKG_VERSION)? @@ -29,10 +29,8 @@ PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 GO_PKG:=github.com/xxxserxxx/gotop -GO_PKG_BUILD_PKG:=github.com/xxxserxxx/gotop/cmd/gotop GO_PKG_LDFLAGS:=-s -w -GO_PKG_LDFLAGS_X:= \ - main.Version=$(PKG_VERSION) +GO_PKG_LDFLAGS_X:=main.Version=$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk @@ -73,4 +71,4 @@ endif endef $(eval $(call GoBinPackage,gotop)) -$(eval $(call BuildPackage,gotop)) \ No newline at end of file +$(eval $(call BuildPackage,gotop)) From 80d39677718cf5e3c5753ea892fe4c2fd3c5f2b3 Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Sun, 7 Feb 2021 21:30:02 +0800 Subject: [PATCH 03/15] kernel: rollback 4.9 to 4.9.255 "4.9.256" completely broken the compilation. --- include/kernel-version.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 367c631ad8..99c7adc79c 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -6,11 +6,11 @@ ifdef CONFIG_TESTING_KERNEL KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER) endif -LINUX_VERSION-4.9 = .256 +LINUX_VERSION-4.9 = .255 LINUX_VERSION-4.14 = .219 LINUX_VERSION-4.19 = .173 -LINUX_KERNEL_HASH-4.9.256 = c48b11c9ca1312632ac3e039be43d975cdac31ba9e78d94b0afb37532ad91497 +LINUX_KERNEL_HASH-4.9.255 = afdf2d03c920f6b12f4e207ab18e45fbe2d7f4a61c066eff0d9916fc5d00c118 LINUX_KERNEL_HASH-4.14.219 = 75eecaa731c091fcf3bc2ec914b01d299a447d78041cb66a11a2ab169eb801dd LINUX_KERNEL_HASH-4.19.173 = d2fdd236e6f31aa8e939f4a686c95417d8571bde3d091fc6a2535937c144195f From dfc285f60ff334077c40858d9629ffec23b61dba Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Mon, 8 Feb 2021 03:33:54 +0800 Subject: [PATCH 04/15] cdnspeedtest: add new package A useful tool for getting the fastest ips of CDN to your network. Signed-off-by: CN_SZTL --- package/ctcgfw/cdnspeedtest/Makefile | 77 ++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 package/ctcgfw/cdnspeedtest/Makefile diff --git a/package/ctcgfw/cdnspeedtest/Makefile b/package/ctcgfw/cdnspeedtest/Makefile new file mode 100644 index 0000000000..df92a21f2f --- /dev/null +++ b/package/ctcgfw/cdnspeedtest/Makefile @@ -0,0 +1,77 @@ +# +# Copyright (C) 2021 ImmortalWrt +# +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=CloudflareSpeedTest +PKG_VERSION:=1.4.8 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/XIU2/CloudflareSpeedTest/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=5e822fb24348dbb75aeb33c3e9f558d629892089bc918186d5e68c3341e70049 + +PKG_LICENSE:=GPL-3.0 +PKG_LICENSE_FILE:=LICENSE +PKG_MAINTAINER:=CN_SZTL + +PKG_CONFIG_DEPENDS:= \ + CONFIG_CDNSPEEDTEST_COMPRESS_GOPROXY \ + CONFIG_CDNSPEEDTEST_COMPRESS_UPX + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +GO_PKG:=CloudflareSpeedTest +GO_PKG_LDFLAGS:=-s -w + +include $(INCLUDE_DIR)/package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk + +define Package/cdnspeedtest + SECTION:=net + CATEGORY:=Network + TITLE:=Getting the fastest ips to your network of CDN + URL:=https://github.com/XIU2/CloudflareSpeedTest + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/cdnspeedtest/config +config CDNSPEEDTEST_COMPRESS_GOPROXY + bool "Compiling with GOPROXY proxy" + default n + +config CDNSPEEDTEST_COMPRESS_UPX + bool "Compress executable files with UPX" + default y +endef + +ifeq ($(CONFIG_CDNSPEEDTEST_COMPRESS_GOPROXY),y) + export GO111MODULE=on + export GOPROXY=https://goproxy.io +endif + +define Build/Compile + $(call GoPackage/Build/Compile) +ifeq ($(CONFIG_CDNSPEEDTEST_COMPRESS_UPX),y) + $(STAGING_DIR_HOST)/bin/upx --lzma --best $(GO_PKG_BUILD_BIN_DIR)/CloudflareSpeedTest +endif +endef + +define Package/cdnspeedtest/install + $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/CloudflareSpeedTest $(1)/usr/bin/cdnspeedtest + + $(INSTALL_DIR) $(1)/usr/share/CloudflareSpeedTest + $(INSTALL_DATA) $(PKG_BUILD_DIR)/ip.txt $(1)/usr/share/CloudflareSpeedTest/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/ipv6.txt $(1)/usr/share/CloudflareSpeedTest/ +endef + +$(eval $(call BuildPackage,cdnspeedtest)) From 0bc6a697760183f563ab0be284579b4e972895e8 Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Sat, 30 Jan 2021 10:54:44 -1000 Subject: [PATCH 05/15] treewide: unify OpenWrt hosted source via @OPENWRT Multiple sources are hosted on OpenWrts source server only. The source URLs to point to the server vary based on different epochs in OpenWrts history. Replace all by @OPENWRT which is an "empty" mirror, therefore using the fallback servers sources.cdn.openwrt.org and sources.openwrt.org. Signed-off-by: Paul Spooren --- include/download.mk | 2 +- package/boot/fconfig/Makefile | 2 +- package/firmware/b43legacy-firmware/Makefile | 2 +- package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile | 2 +- package/kernel/broadcom-wl/Makefile | 2 +- package/kernel/lantiq/ltq-adsl/Makefile | 2 +- package/kernel/lantiq/ltq-tapi/Makefile | 2 +- package/kernel/lantiq/ltq-vdsl-mei/Makefile | 2 +- package/kernel/lantiq/ltq-vdsl/Makefile | 2 +- package/kernel/lantiq/ltq-vmmc/Makefile | 2 +- package/kernel/mac80211/broadcom.mk | 6 +++--- package/network/config/ltq-adsl-app/Makefile | 2 +- package/network/config/ltq-vdsl-app/Makefile | 2 +- scripts/download.pl | 2 ++ tools/lzma-old/Makefile | 2 +- tools/lzma/Makefile | 2 +- 16 files changed, 19 insertions(+), 17 deletions(-) diff --git a/include/download.mk b/include/download.mk index a638e69382..c69d84939c 100644 --- a/include/download.mk +++ b/include/download.mk @@ -27,7 +27,7 @@ define dl_method $(strip \ $(if $(filter git,$(2)),$(call dl_method_git,$(1),$(2)), $(if $(2),$(2), \ - $(if $(filter @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \ + $(if $(filter @OPENWRT @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \ $(if $(filter git://%,$(1)),$(call dl_method_git,$(1),$(2)), \ $(if $(filter svn://%,$(1)),svn, \ $(if $(filter cvs://%,$(1)),cvs, \ diff --git a/package/boot/fconfig/Makefile b/package/boot/fconfig/Makefile index 9b806fe97c..5784477bf4 100644 --- a/package/boot/fconfig/Makefile +++ b/package/boot/fconfig/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=20080329 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=4ff0e8f07e35e46b705c0dbe9d9544ede01ea092a69e3f7db03e55a3f2bb8eb7 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) diff --git a/package/firmware/b43legacy-firmware/Makefile b/package/firmware/b43legacy-firmware/Makefile index 9b9c0070b2..ecbfc32293 100644 --- a/package/firmware/b43legacy-firmware/Makefile +++ b/package/firmware/b43legacy-firmware/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=3.130.20.0 PKG_RELEASE:=1 PKG_SOURCE:=wl_apsta-$(PKG_VERSION).o -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=7dba610b1d96dd14e901bcbce14cd6ecd1b1ac6f5c0035b0d6b6dc46a7c3ef90 include $(INCLUDE_DIR)/package.mk diff --git a/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile b/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile index a076fe2596..649325601c 100644 --- a/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile +++ b/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile @@ -10,7 +10,7 @@ PKG_NAME:=dsl_vr9_firmware_xdsl PKG_VERSION:=05.08.01.08.01.06_05.08.00.0B.01.01_osc PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=44cd94130571fe42dfa8f0f9d44597d104e9e77962617fe38646b7a0b4184a2b PKG_BUILD_DEPENDS:=bsdiff/host diff --git a/package/kernel/broadcom-wl/Makefile b/package/kernel/broadcom-wl/Makefile index 7c3de8a019..3355e183da 100644 --- a/package/kernel/broadcom-wl/Makefile +++ b/package/kernel/broadcom-wl/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=5.10.56.27.3 PKG_RELEASE:=10 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(ARCH).tar.bz2 -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT ifeq ($(ARCH),mipsel) PKG_HASH:=26a8c370f48fc129d0731cfd751c36cae1419b0bc8ca35781126744e60eae009 diff --git a/package/kernel/lantiq/ltq-adsl/Makefile b/package/kernel/lantiq/ltq-adsl/Makefile index 1a9128fc58..b2e1ccb640 100644 --- a/package/kernel/lantiq/ltq-adsl/Makefile +++ b/package/kernel/lantiq/ltq-adsl/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=3.24.4.4 PKG_RELEASE:=3 PKG_SOURCE:=drv_dsl_cpe_api_danube-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/ltq-dsl-$(BUILD_VARIANT)/drv_dsl_cpe_api-$(PKG_VERSION) -PKG_SOURCE_URL:=https://mirror2.openwrt.org/sources/ +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=eb2ed59715d3bf4e8a1460bbbe2f1660039e0a9f9d72afb1b2b16590094eb33c PKG_MAINTAINER:=John Crispin diff --git a/package/kernel/lantiq/ltq-tapi/Makefile b/package/kernel/lantiq/ltq-tapi/Makefile index 072041c589..a04f7d38e5 100644 --- a/package/kernel/lantiq/ltq-tapi/Makefile +++ b/package/kernel/lantiq/ltq-tapi/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=3.13.0 PKG_RELEASE:=4 PKG_SOURCE:=drv_tapi-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=109374d52872716570fca3fef3b93c9a93159a804dfd42484b19152b825af5c0 PKG_MAINTAINER:=John Crispin diff --git a/package/kernel/lantiq/ltq-vdsl-mei/Makefile b/package/kernel/lantiq/ltq-vdsl-mei/Makefile index 5d15f2650b..4a305d9c27 100644 --- a/package/kernel/lantiq/ltq-vdsl-mei/Makefile +++ b/package/kernel/lantiq/ltq-vdsl-mei/Makefile @@ -14,7 +14,7 @@ PKG_RELEASE:=4 PKG_BASE_NAME:=drv_mei_cpe PKG_SOURCE:=$(PKG_BASE_NAME)-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BASE_NAME)-$(PKG_VERSION) -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=94f6904364348b7f74087e721968abc28b2564fb9bd8899aa930d36490387662 PKG_FIXUP:=autoreconf PKG_FLAGS:=nonshared diff --git a/package/kernel/lantiq/ltq-vdsl/Makefile b/package/kernel/lantiq/ltq-vdsl/Makefile index d518bd647d..c09c88057f 100644 --- a/package/kernel/lantiq/ltq-vdsl/Makefile +++ b/package/kernel/lantiq/ltq-vdsl/Makefile @@ -14,7 +14,7 @@ PKG_RELEASE:=3 PKG_BASE_NAME:=drv_dsl_cpe_api PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BASE_NAME)-$(PKG_VERSION) -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=b4966a60653acc49254b168c6cc9c49eb36c54548e763617788aa4f252a29f21 PKG_LICENSE:=GPL-2.0 BSD-2-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/package/kernel/lantiq/ltq-vmmc/Makefile b/package/kernel/lantiq/ltq-vmmc/Makefile index 7c6545fbc1..8c9adbc0a6 100644 --- a/package/kernel/lantiq/ltq-vmmc/Makefile +++ b/package/kernel/lantiq/ltq-vmmc/Makefile @@ -14,7 +14,7 @@ PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_HASH:=707f515eb727c032418c4da67d7e86884bb56cdc2a606e8f6ded6057d8767e57 -PKG_SOURCE_URL:=https://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_MAINTAINER:=John Crispin PKG_CHECK_FORMAT_SECURITY:=0 diff --git a/package/kernel/mac80211/broadcom.mk b/package/kernel/mac80211/broadcom.mk index a777d19b72..84c09812b7 100644 --- a/package/kernel/mac80211/broadcom.mk +++ b/package/kernel/mac80211/broadcom.mk @@ -51,7 +51,7 @@ ifneq ($(CONFIG_B43_FW_5_10),) PKG_B43_FWV4_VERSION:=5.10.56.27.3 PKG_B43_FWV4_OBJECT:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)/driver/wl_apsta/wl_prebuilt.o PKG_B43_FWV4_SOURCE:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)_mipsel.tar.bz2 - PKG_B43_FWV4_SOURCE_URL:=http://mirror2.openwrt.org/sources/ + PKG_B43_FWV4_SOURCE_URL:=@OPENWRT PKG_B43_FWV4_HASH:=26a8c370f48fc129d0731cfd751c36cae1419b0bc8ca35781126744e60eae009 else ifneq ($(CONFIG_B43_FW_4_178),) @@ -59,7 +59,7 @@ ifneq ($(CONFIG_B43_FW_4_178),) PKG_B43_FWV4_VERSION:=4.178.10.4 PKG_B43_FWV4_OBJECT:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)/linux/wl_apsta.o PKG_B43_FWV4_SOURCE:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION).tar.bz2 - PKG_B43_FWV4_SOURCE_URL:=http://mirror2.openwrt.org/sources/ + PKG_B43_FWV4_SOURCE_URL:=@OPENWRT PKG_B43_FWV4_HASH:=32f6ad98facbb9045646fdc8b54bb03086d204153253f9c65d0234a5d90ae53f else ifneq ($(CONFIG_B43_FW_5_100_138),) @@ -74,7 +74,7 @@ else PKG_B43_FWV4_VERSION:=4.150.10.5 PKG_B43_FWV4_OBJECT:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)/driver/wl_apsta_mimo.o PKG_B43_FWV4_SOURCE:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION).tar.bz2 - PKG_B43_FWV4_SOURCE_URL:=http://mirror2.openwrt.org/sources/ + PKG_B43_FWV4_SOURCE_URL:=@OPENWRT PKG_B43_FWV4_HASH:=a9f4e276a4d8d3a1cd0f2eb87080ae89b77f0a7140f06d4e9e2135fc44fdd533 endif endif diff --git a/package/network/config/ltq-adsl-app/Makefile b/package/network/config/ltq-adsl-app/Makefile index cfd66d0ee4..38d2ef06a5 100644 --- a/package/network/config/ltq-adsl-app/Makefile +++ b/package/network/config/ltq-adsl-app/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=3.24.4.4 PKG_RELEASE:=9 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(BUILD_DIR)/dsl_cpe_control-$(PKG_VERSION) -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources/ +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=af0bdf45cc7a62e2b38d39aad4924dd83c24fae170ae5bbd8190c2a3d9106257 PKG_MAINTAINER:=John Crispin PKG_LICENSE:=BSD-3-Clause diff --git a/package/network/config/ltq-vdsl-app/Makefile b/package/network/config/ltq-vdsl-app/Makefile index 5e2db1d5c6..2d300fbb27 100644 --- a/package/network/config/ltq-vdsl-app/Makefile +++ b/package/network/config/ltq-vdsl-app/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=4.17.18.6 PKG_RELEASE:=5 PKG_BASE_NAME:=dsl_cpe_control PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=da8bb929526a61aea0e153ef524331fcd472a1ebbc6d88ca017735a4f82ece02 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BASE_NAME)-$(PKG_VERSION) PKG_LICENSE:=BSD-2-Clause diff --git a/scripts/download.pl b/scripts/download.pl index 6296174212..e67cc571ea 100755 --- a/scripts/download.pl +++ b/scripts/download.pl @@ -194,6 +194,8 @@ foreach my $mirror (@ARGV) { for (1 .. 5) { push @mirrors, "https://downloads.sourceforge.net/$1"; } + } elsif ($mirror =~ /^\@OPENWRT$/) { + # use OpenWrt source server directly } elsif ($mirror =~ /^\@APACHE\/(.+)$/) { push @mirrors, "https://mirrors.cloud.tencent.com/apache/$1"; push @mirrors, "https://mirrors.aliyun.com/apache/$1"; diff --git a/tools/lzma-old/Makefile b/tools/lzma-old/Makefile index 4ccd336ed0..21e7428c07 100644 --- a/tools/lzma-old/Makefile +++ b/tools/lzma-old/Makefile @@ -10,7 +10,7 @@ PKG_NAME:=lzma-old PKG_VERSION:=4.32 PKG_SOURCE:=lzma-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=49053e4bb5e0646a841d250d9cb81f7714f5fff04a133216c4748163567acc3d HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/lzma-$(PKG_VERSION) diff --git a/tools/lzma/Makefile b/tools/lzma/Makefile index 04c427a3a9..b87289e385 100644 --- a/tools/lzma/Makefile +++ b/tools/lzma/Makefile @@ -10,7 +10,7 @@ PKG_NAME:=lzma PKG_VERSION:=4.65 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=dcbdb5f4843eff638e4a5e8be0e2486a3c5483df73c70823618db8e66f609ec2 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-$(PKG_VERSION) From 9bf22b3f534b30fdcb7535ff5b4b6502fbf02cb1 Mon Sep 17 00:00:00 2001 From: Ilya Lipnitskiy Date: Fri, 5 Feb 2021 21:11:20 -0800 Subject: [PATCH 06/15] acx-mac80211: replace dead URLs with OpenWrt CDN erley.org no longer exists; attempting to connect to it during package download results in lengthy timeouts. Use the new OpenWrt CDN alias to download from reliable OpenWrt mirrors. Signed-off-by: Ilya Lipnitskiy --- package/kernel/acx-mac80211/Makefile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/package/kernel/acx-mac80211/Makefile b/package/kernel/acx-mac80211/Makefile index 5927f174d4..695d89a008 100644 --- a/package/kernel/acx-mac80211/Makefile +++ b/package/kernel/acx-mac80211/Makefile @@ -114,55 +114,55 @@ endef define Download/tiacx100 FILE:=tiacx100 - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=4f05913c940c2455b267545b12d93ad81fa5eebb0cbee22a2c7588c50525b4f0 endef define Download/tiacx100r0d FILE:=tiacx100r0D - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=6a4a7fbb24a328a88261bc2a507b2a0bf63c91e831e3f1a8caa4f6599b2215e6 endef define Download/tiacx100r11 FILE:=tiacx100r11 - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=e005a93a0b463e01edba2b79038b54c29a7932efee61c851a2ac644b8a4e5dd4 endef define Download/tiacx100r15 FILE:=tiacx100r15 - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=c6f40bead5ef45720e2d72bbe4d998367c2c7857eb7716234aedeb2ad98bcdde endef define Download/tiacx111c16 FILE:=tiacx111c16 - URL:=http://acx100.erley.org/fw/acx111_2.3.1.31/ + URL:=@OPENWRT HASH:=cc6108d577ebc55b924ff6bab44eeee3456d284c63819277cb5460338b2f1bd7 endef define Download/tiacx111c16_1 FILE:=tiacx111c16_1.2.1_34 - URL:=http://sites.google.com/site/atorkhov/files/ + URL:=@OPENWRT HASH:=672ed9d02565ab44da450c52f0ced3be99a3a3901f73454455da8e1f98ada220 endef define Download/tiacx111c17 FILE:=tiacx111c17 - URL:=http://acx100.erley.org/fw/acx111_2.3.1.31/ + URL:=@OPENWRT HASH:=2bb900a5886dbea2d3504623d9f3ac8abbb2e9fdfcf0fe233e77951dff748a40 endef define Download/tiacx111c19 FILE:=tiacx111c19 - URL:=http://acx100.erley.org/fw/acx111_2.3.1.31/ + URL:=@OPENWRT HASH:=383d86a8cfddf92400d661b4e43a9b855350fa656edd4f75b4aff7fab2d00e90 endef define Download/tiacx111usbc1b FILE:=tiacx111usbc1B - URL:=http://acx100.erley.org/fw/acx111_2.4.0.70-USB/ + URL:=@OPENWRT HASH:=f3c9e574de7073014ab6eef9a0f6412c53ae521b67723360af753c41401ed4d5 endef From 1beeb3fe4ea37f4eea2b3cc4c23a994bc98c5889 Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Sun, 31 Jan 2021 12:28:26 +0800 Subject: [PATCH 07/15] rtl8812au-ac: remove useless build variables --- package/ctcgfw/rtl8812au-ac/Makefile | 7 ------- 1 file changed, 7 deletions(-) diff --git a/package/ctcgfw/rtl8812au-ac/Makefile b/package/ctcgfw/rtl8812au-ac/Makefile index 4b3bd62e49..dfbaf06cc2 100644 --- a/package/ctcgfw/rtl8812au-ac/Makefile +++ b/package/ctcgfw/rtl8812au-ac/Makefile @@ -51,13 +51,6 @@ NOSTDINC_FLAGS = \ NOSTDINC_FLAGS += -DCONFIG_IOCTL_CFG80211 -DRTW_USE_CFG80211_STA_EVENT \ -DRTW_SINGLE_WIPHY -DCONFIG_CONCURRENT_MODE -D_LINUX_BYTEORDER_SWAB_H -ifeq ($(CONFIG_BIG_ENDIAN), y) -NOSTDINC_FLAGS += -DCONFIG_BIG_ENDIAN -endif -ifeq ($(CONFIG_LITTLE_ENDIAN), y) -NOSTDINC_FLAGS += -DCONFIG_LITTLE_ENDIAN -endif - PKG_MAKE_FLAGS += USER_MODULE_NAME=rtl8812au KERNEL_MAKE_FLAGS += CONFIG_88XXAU=m From 0b3b8825a7c206b674b100a90de33bfaa50a3ca7 Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Sat, 6 Feb 2021 12:30:06 +0800 Subject: [PATCH 08/15] rtl8188eu: add package (not tested) --- package/ctcgfw/rtl8188eu/Makefile | 74 +++++++++++++++++++ .../patches/001-use-kernel-byteorder.patch | 15 ++++ .../010-disable-default-build-x86.patch | 11 +++ .../patches/020-remove-repeat-flies.patch | 39 ++++++++++ 4 files changed, 139 insertions(+) create mode 100644 package/ctcgfw/rtl8188eu/Makefile create mode 100644 package/ctcgfw/rtl8188eu/patches/001-use-kernel-byteorder.patch create mode 100644 package/ctcgfw/rtl8188eu/patches/010-disable-default-build-x86.patch create mode 100644 package/ctcgfw/rtl8188eu/patches/020-remove-repeat-flies.patch diff --git a/package/ctcgfw/rtl8188eu/Makefile b/package/ctcgfw/rtl8188eu/Makefile new file mode 100644 index 0000000000..a9d22950a1 --- /dev/null +++ b/package/ctcgfw/rtl8188eu/Makefile @@ -0,0 +1,74 @@ +# +# Copyright (C) 2021 ImmortalWrt +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=rtl8188eu +PKG_RELEASE=1 + +PKG_SOURCE_URL:=https://github.com/aircrack-ng/rtl8188eus.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2020-08-01 +PKG_SOURCE_VERSION:=ae1d233fe6a34a321ca1da2202bec34b1a4b41cd +PKG_MIRROR_HASH:=995d021dec4bef7ce5227239b64aee88ea6d1002464bc7a62cc2ed766607ea89 + +PKG_MAINTAINTER:=ImmortalWrt +PKG_BUILD_PARALLEL:=1 + +STAMP_CONFIGURED_DEPENDS := $(STAGING_DIR)/usr/include/mac80211-backport/backport/autoconf.h + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/rtl8188eu + SUBMENU:=Wireless Drivers + TITLE:=Realtek 8188EU(S)/8188ETV support + DEPENDS:=+kmod-cfg80211 +kmod-usb-core +@DRIVER_11N_SUPPORT +@DRIVER_11AC_SUPPORT + FILES:=$(PKG_BUILD_DIR)/rtl8188eu.ko + AUTOLOAD:=$(call AutoProbe,rtl8188eu) +endef + +NOSTDINC_FLAGS = \ + -I$(PKG_BUILD_DIR) \ + -I$(PKG_BUILD_DIR)/include \ + -I$(STAGING_DIR)/usr/include/mac80211-backport \ + -I$(STAGING_DIR)/usr/include/mac80211-backport/uapi \ + -I$(STAGING_DIR)/usr/include/mac80211 \ + -I$(STAGING_DIR)/usr/include/mac80211/uapi \ + -include backport/autoconf.h \ + -include backport/backport.h + +EXTRA_CFLAGS:= \ + -DRTW_SINGLE_WIPHY \ + -DRTW_USE_CFG80211_STA_EVENT \ + -DCONFIG_IOCTL_CFG80211 \ + -DCONFIG_CONCURRENT_MODE + +ifeq ($(CONFIG_BIG_ENDIAN),y) +EXTRA_CFLAGS += -DCONFIG_BIG_ENDIAN +else +EXTRA_CFLAGS += -DCONFIG_LITTLE_ENDIAN +endif + +EXTRA_KCONFIG:= \ + CONFIG_RTL8188EU=m \ + USER_MODULE_NAME=rtl8188eu + +MAKE_OPTS:= \ + $(KERNEL_MAKE_FLAGS) \ + M="$(PKG_BUILD_DIR)" \ + NOSTDINC_FLAGS="$(NOSTDINC_FLAGS)" \ + USER_EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + $(EXTRA_KCONFIG) + +define Build/Compile + +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ + $(MAKE_OPTS) \ + modules +endef + +$(eval $(call KernelPackage,rtl8188eu)) diff --git a/package/ctcgfw/rtl8188eu/patches/001-use-kernel-byteorder.patch b/package/ctcgfw/rtl8188eu/patches/001-use-kernel-byteorder.patch new file mode 100644 index 0000000000..187a6788ed --- /dev/null +++ b/package/ctcgfw/rtl8188eu/patches/001-use-kernel-byteorder.patch @@ -0,0 +1,15 @@ +Fix compile problem when rtw_byteorder.h and asm/byteorder.h gets +included in addition for example indirectly, do not use realtek own copy +of the byteorder headers. + +--- a/include/drv_types.h ++++ b/include/drv_types.h +@@ -24,7 +24,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include diff --git a/package/ctcgfw/rtl8188eu/patches/010-disable-default-build-x86.patch b/package/ctcgfw/rtl8188eu/patches/010-disable-default-build-x86.patch new file mode 100644 index 0000000000..fc8b53f3c2 --- /dev/null +++ b/package/ctcgfw/rtl8188eu/patches/010-disable-default-build-x86.patch @@ -0,0 +1,11 @@ +--- a/Makefile ++++ b/Makefile +@@ -91,7 +91,7 @@ CONFIG_RTW_SDIO_PM_KEEP_POWER = y + ###################### MP HW TX MODE FOR VHT ####################### + CONFIG_MP_VHT_HW_TX_MODE = n + ###################### Platform Related ####################### +-CONFIG_PLATFORM_I386_PC = y ++CONFIG_PLATFORM_I386_PC = n + CONFIG_PLATFORM_ARM_RPI = n + CONFIG_PLATFORM_ARM64_RPI = n + CONFIG_PLATFORM_ANDROID_X86 = n diff --git a/package/ctcgfw/rtl8188eu/patches/020-remove-repeat-flies.patch b/package/ctcgfw/rtl8188eu/patches/020-remove-repeat-flies.patch new file mode 100644 index 0000000000..76baf2a24a --- /dev/null +++ b/package/ctcgfw/rtl8188eu/patches/020-remove-repeat-flies.patch @@ -0,0 +1,39 @@ +From 9b2b0ec1bc2d31ddf93ed74d63fdfa6044e329a4 Mon Sep 17 00:00:00 2001 +From: Ben Greear +Date: Fri, 9 Nov 2018 16:21:43 -0800 +Subject: [PATCH] Fix build against openwrt backports tree. + +Like breaks builds elsewhere, can fix it up later. + +Signed-off-by: Ben Greear +--- + include/drv_conf.h | 4 +++- + .../{wireless.h => old_unused_rtl_wireless.h} | 0 + include/{autoconf.h => rtl_autoconf.h} | 0 + 3 files changed, 3 insertions(+), 1 deletions(-) + rename include/linux/{wireless.h => old_unused_rtl_wireless.h} (100%) + rename include/{autoconf.h => rtl_autoconf.h} (100%) + +diff --git a/include/drv_conf.h b/include/drv_conf.h +index 0d20a7e..f0a9f88 100644 +--- a/include/drv_conf.h ++++ b/include/drv_conf.h +@@ -14,7 +14,9 @@ + *****************************************************************************/ + #ifndef __DRV_CONF_H__ + #define __DRV_CONF_H__ +-#include "autoconf.h" ++ ++#include ++#include "rtl_autoconf.h" + #include "hal_ic_cfg.h" + + #if defined(PLATFORM_LINUX) && defined (PLATFORM_WINDOWS) +diff --git a/include/linux/wireless.h b/include/linux/old_unused_rtl_wireless.h +similarity index 100% +rename from include/linux/wireless.h +rename to include/linux/old_unused_rtl_wireless.h +diff --git a/include/autoconf.h b/include/rtl_autoconf.h +similarity index 100% +rename from include/autoconf.h +rename to include/rtl_autoconf.h From 2674114502b9d1176f22a6036943e90d9c42ccdc Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Tue, 9 Feb 2021 12:05:06 +0800 Subject: [PATCH 09/15] ipq40xx: r619ac: fix the conflict with 4G network card --- .../ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts b/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts index e40ba58cf8..972454cc74 100644 --- a/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts +++ b/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts @@ -6,7 +6,6 @@ #include / { - model = "P&W R619AC"; compatible = "p2w,r619ac"; @@ -222,7 +221,7 @@ status = "okay"; pinctrl-0 = <&pcie_pins>; pinctrl-names = "default"; - perst-gpio = <&tlmm 4 GPIO_ACTIVE_LOW>; + perst-gpio = <&tlmm 4 GPIO_ACTIVE_HIGH>; wake-gpio = <&tlmm 40 GPIO_ACTIVE_HIGH>; /* Free slot for use */ From 7e779f435ce02d12097d1adbf60b4a74df9fca14 Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Tue, 9 Feb 2021 12:10:08 +0800 Subject: [PATCH 10/15] sunxi: Nanopi R1S H5: add missing device package That is required by the Reset button. Signed-off-by: AmadeusGhost --- package/boot/uboot-sunxi/Makefile | 16 ++++++++-------- target/linux/sunxi/image/cortex-a53.mk | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package/boot/uboot-sunxi/Makefile b/package/boot/uboot-sunxi/Makefile index f02f6b4c94..a3a8b95317 100644 --- a/package/boot/uboot-sunxi/Makefile +++ b/package/boot/uboot-sunxi/Makefile @@ -156,14 +156,6 @@ define U-Boot/nanopi_r1 BUILD_DEVICES:=friendlyarm_nanopi-r1 endef -define U-Boot/nanopi_r1s_h5 - BUILD_SUBTARGET:=cortexa53 - NAME:=U-Boot for NanoPi R1S (H5) - BUILD_DEVICES:=friendlyarm_nanopi-r1s-h5 - DEPENDS:=+PACKAGE_u-boot-nanopi_r1s_h5:arm-trusted-firmware-sunxi - UENV:=a64 -endef - define U-Boot/orangepi_r1 BUILD_SUBTARGET:=cortexa7 NAME:=Orange Pi R1 (H2+) @@ -228,6 +220,14 @@ define U-Boot/nanopi_neo2 UENV:=a64 endef +define U-Boot/nanopi_r1s_h5 + BUILD_SUBTARGET:=cortexa53 + NAME:=NanoPi R1S (H5) + BUILD_DEVICES:=friendlyarm_nanopi-r1s-h5 + DEPENDS:=+PACKAGE_u-boot-nanopi_r1s_h5:arm-trusted-firmware-sunxi + UENV:=a64 +endef + define U-Boot/pine64_plus BUILD_SUBTARGET:=cortexa53 NAME:=Pine64 Plus A64 diff --git a/target/linux/sunxi/image/cortex-a53.mk b/target/linux/sunxi/image/cortex-a53.mk index 2b2933aa63..dae515065e 100644 --- a/target/linux/sunxi/image/cortex-a53.mk +++ b/target/linux/sunxi/image/cortex-a53.mk @@ -31,8 +31,8 @@ TARGET_DEVICES += friendlyarm_nanopi-neo2 define Device/friendlyarm_nanopi-r1s-h5 DEVICE_VENDOR := FriendlyARM DEVICE_MODEL:=Nanopi R1S H5 - DEVICE_PACKAGES:= kmod-eeprom-at24 kmod-leds-gpio kmod-rtl8189es \ - kmod-usb2 kmod-usb-net kmod-usb-net-rtl8152 wpad-basic + DEVICE_PACKAGES:= kmod-eeprom-at24 kmod-gpio-button-hotplug kmod-leds-gpio \ + kmod-rtl8189es kmod-usb2 kmod-usb-net kmod-usb-net-rtl8152 wpad-basic SUPPORTED_DEVICES:=nanopi-r1s-h5 SUNXI_DTS_DIR := allwinner/ SOC := sun50i-h5 From f353b10ebe1b058221d38ac00c99a4c6aaed9768 Mon Sep 17 00:00:00 2001 From: Mattraks <16359027+Mattraks@users.noreply.github.com> Date: Tue, 9 Feb 2021 17:22:07 +0800 Subject: [PATCH 11/15] luci-app-ssr-plus: fix typo err Signed-off-by: CN_SZTL --- .../luasrc/model/cbi/shadowsocksr/client-config.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua index 9e00fc95c3..7e5f9200fa 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua @@ -461,7 +461,7 @@ o.default = 2 o.rmempty = true o = s:option(Value, "seed", translate("Obfuscate password (optional)")) -o:depends({type = "vless", transport = "kcp"}) +o:depends({v2ray_protocol = "vless", transport = "kcp"}) o.rmempty = true o = s:option(Flag, "congestion", translate("Congestion")) From 68fbe1c0aa2675c94f9b0d423721c81c2b46f2e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Gonz=C3=A1lez=20Cabanelas?= Date: Fri, 5 Feb 2021 19:59:54 +0100 Subject: [PATCH 12/15] bcm63xx: sprom: override the PCI device ID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The PCI device ID detected by the wifi drivers on devices using a fallback SPROM is wrong. Currently the chipnum is used for this parameter. Most SSB based Broadcom wifi chips are 2.4 and 5GHz capable. But on devices without a physical SPROM, the only one way to detect if the device suports both bands or only the 5GHz band, is by reading the device ID from the fallback SPROM. In some devices, this may lead to a non working wifi on a 5GHz-only card, or in the best case a working 2.4GHz-only in a dual band wifi card. The offset for the deviceid in SSB SPROMs is 0x0008, whereas in BCMA is 0x0060. This is true for any SPROM version. Override the PCI device ID with the one defined at the fallback SPROM, to detect the correct wifi card model and allow using the 5GHz band if supported. The patch has been tested with the following wifi radios: BCM43222: b43: both 2.4/5GHz working brcm-wl: both 2.4/5GHz working BCM43225: b43: 2.4GHz, working brcmsmac: working brcm-wl: it lacks support BCM43217: b43: 2.4GHz, working brcmsmac: it lacks support brcm-wl: it lacks support Signed-off-by: Daniel González Cabanelas Signed-off-by: Álvaro Fernández Rojas Backported from a0e0e621ca Signed-off-by: CN_SZTL --- ...CM63XX-fallback-sprom-override-devid.patch | 78 +++++++++++++++++++ .../801-ssb_export_fallback_sprom.patch | 2 +- 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 target/linux/brcm63xx/patches-4.14/366-MIPS-BCM63XX-fallback-sprom-override-devid.patch diff --git a/target/linux/brcm63xx/patches-4.14/366-MIPS-BCM63XX-fallback-sprom-override-devid.patch b/target/linux/brcm63xx/patches-4.14/366-MIPS-BCM63XX-fallback-sprom-override-devid.patch new file mode 100644 index 0000000000..0587b7e33b --- /dev/null +++ b/target/linux/brcm63xx/patches-4.14/366-MIPS-BCM63XX-fallback-sprom-override-devid.patch @@ -0,0 +1,78 @@ +--- a/arch/mips/bcm63xx/sprom.c ++++ b/arch/mips/bcm63xx/sprom.c +@@ -384,6 +384,7 @@ static __initconst u16 bcm4331_sprom[] = + struct fallback_sprom_match { + u8 pci_bus; + u8 pci_dev; ++ int override_devid; + struct ssb_sprom sprom; + }; + +@@ -399,6 +400,8 @@ int bcm63xx_get_fallback_ssb_sprom(struc + fallback_sprom.pci_bus, fallback_sprom.pci_dev, + bus->host_pci->bus->number, + PCI_SLOT(bus->host_pci->devfn)); ++ if (fallback_sprom.override_devid) ++ bus->host_pci->device = fallback_sprom.sprom.dev_id; + memcpy(out, &fallback_sprom.sprom, sizeof(struct ssb_sprom)); + return 0; + } else { +@@ -418,6 +421,8 @@ int bcm63xx_get_fallback_bcma_sprom(stru + fallback_sprom.pci_bus, fallback_sprom.pci_dev, + bus->host_pci->bus->number, + PCI_SLOT(bus->host_pci->devfn)); ++ if (fallback_sprom.override_devid) ++ bus->host_pci->device = fallback_sprom.sprom.dev_id; + memcpy(out, &fallback_sprom.sprom, sizeof(struct ssb_sprom)); + return 0; + } else { +@@ -901,6 +906,37 @@ static int sprom_extract(struct ssb_spro + return 0; + } + ++int sprom_override_devid(struct fallback_sprom_data *data, ++ struct ssb_sprom *out, const u16 *in) ++{ ++ switch (data->type) { ++#if defined(CONFIG_SSB_PCIHOST) ++ case SPROM_BCM4306: ++ case SPROM_BCM4318: ++ case SPROM_BCM4321: ++ case SPROM_BCM4322: ++ case SPROM_BCM43222: ++ SPEX(dev_id, SSB_SPROM1_PID, 0xFFFF, 0); ++ return !!out->dev_id; ++#endif /* CONFIG_SSB_PCIHOST */ ++#if defined(CONFIG_BCMA_HOST_PCI) ++ case SPROM_BCM4313: ++ case SPROM_BCM43131: ++ case SPROM_BCM43217: ++ case SPROM_BCM43225: ++ case SPROM_BCM43227: ++ case SPROM_BCM43228: ++ case SPROM_BCM4331: ++ SPEX(dev_id, 0x0060, 0xFFFF, 0); ++ return !!out->dev_id; ++#endif /* CONFIG_BCMA_HOST_PCI */ ++ case SPROM_DEFAULT: ++ return 0; ++ } ++ ++ return 0; ++} ++ + void sprom_apply_fixups(u16 *sprom, struct sprom_fixup *fixups, int n) + { + unsigned int i; +@@ -992,6 +1028,11 @@ int __init bcm63xx_register_fallback_spr + data->num_board_fixups); + + sprom_extract(&fallback_sprom.sprom, template_sprom, size); ++ ++ fallback_sprom.override_devid = ++ sprom_override_devid(data, &fallback_sprom.sprom, template_sprom); ++ } else { ++ fallback_sprom.override_devid = 0; + } + + memcpy(fallback_sprom.sprom.il0mac, data->mac_addr, ETH_ALEN); diff --git a/target/linux/brcm63xx/patches-4.14/801-ssb_export_fallback_sprom.patch b/target/linux/brcm63xx/patches-4.14/801-ssb_export_fallback_sprom.patch index 11a83536b7..6e4e05a63b 100644 --- a/target/linux/brcm63xx/patches-4.14/801-ssb_export_fallback_sprom.patch +++ b/target/linux/brcm63xx/patches-4.14/801-ssb_export_fallback_sprom.patch @@ -8,7 +8,7 @@ #include #include #include -@@ -387,7 +388,19 @@ struct fallback_sprom_match { +@@ -388,7 +389,19 @@ struct fallback_sprom_match { struct ssb_sprom sprom; }; From 216c1c1f14cc3f013b8ae5c77071c799543a31ee Mon Sep 17 00:00:00 2001 From: xiaorouji <60100640+xiaorouji@users.noreply.github.com> Date: Mon, 8 Feb 2021 01:21:45 +0800 Subject: [PATCH 13/15] luci-app-passwall: bump to 4-14 Co-authored-by: tritu Co-authored-by: ShanStone <31815718+ShanStone@users.noreply.github.com> Signed-off-by: CN_SZTL --- package/lienol/luci-app-passwall/Makefile | 4 +- .../model/cbi/passwall/api/gen_xray.lua | 112 ++++--- .../model/cbi/passwall/client/global.lua | 58 ++-- .../model/cbi/passwall/client/haproxy.lua | 2 - .../model/cbi/passwall/client/node_config.lua | 17 +- .../model/cbi/passwall/client/other.lua | 14 + .../luasrc/model/cbi/passwall/client/rule.lua | 4 + .../model/cbi/passwall/client/rule_list.lua | 4 +- .../model/cbi/passwall/server/api/app.lua | 2 +- .../luasrc/view/passwall/global/footer.htm | 223 ++++++++------ .../luci-app-passwall/po/zh-cn/passwall.po | 18 ++ .../root/etc/config/passwall | 21 ++ .../root/usr/share/passwall/app.sh | 131 +++++--- .../root/usr/share/passwall/iptables.sh | 286 ++++++++++++++---- .../root/usr/share/passwall/monitor.sh | 88 +++--- .../root/usr/share/passwall/rules/proxy_ip | 5 + .../root/usr/share/passwall/subscribe.lua | 104 ++++--- .../root/usr/share/passwall/test.sh | 16 +- 18 files changed, 740 insertions(+), 369 deletions(-) diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile index 38dbea2570..81dbc80417 100644 --- a/package/lienol/luci-app-passwall/Makefile +++ b/package/lienol/luci-app-passwall/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=4 -PKG_RELEASE:=13 -PKG_DATE:=20210207 +PKG_RELEASE:=14 +PKG_DATE:=20210209 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua index 9bb67237c2..2c124ab5f4 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua @@ -226,61 +226,71 @@ if node_section then local rules = {} ucursor:foreach(appname, "shunt_rules", function(e) local name = e[".name"] - local _node_id = node[name] or nil - if _node_id and _node_id ~= "nil" then - local _node = ucursor:get_all(appname, _node_id) - local is_proxy = node[name .. "_proxy"] - local relay_port - if is_proxy and is_proxy == "1" then - new_port = get_new_port() - relay_port = new_port - table.insert(inbounds, { - tag = "proxy_" .. name, - listen = "127.0.0.1", - port = new_port, - protocol = "dokodemo-door", - settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)} - }) - if _node.tls_serverName == nil then - _node.tls_serverName = _node.address - end - _node.address = "127.0.0.1" - _node.port = new_port - end - local _outbound = gen_outbound(_node, name, relay_port) - if _outbound then - table.insert(outbounds, _outbound) + local _node_id = node[name] or "nil" + local outboundTag + if _node_id == "_direct" then + outboundTag = "direct" + elseif _node_id == "_blackhole" then + outboundTag = "blackhole" + else + if _node_id ~= "nil" then + local _node = ucursor:get_all(appname, _node_id) + local is_proxy = node[name .. "_proxy"] + local relay_port if is_proxy and is_proxy == "1" then - table.insert(rules, { - type = "field", - inboundTag = {"proxy_" .. name}, - outboundTag = "default" + new_port = get_new_port() + relay_port = new_port + table.insert(inbounds, { + tag = "proxy_" .. name, + listen = "127.0.0.1", + port = new_port, + protocol = "dokodemo-door", + settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)} }) + if _node.tls_serverName == nil then + _node.tls_serverName = _node.address + end + _node.address = "127.0.0.1" + _node.port = new_port end - if e.domain_list then - local _domain = {} - string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_domain, w) - end) - table.insert(rules, { - type = "field", - outboundTag = name, - domain = _domain - }) - end - if e.ip_list then - local _ip = {} - string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_ip, w) - end) - table.insert(rules, { - type = "field", - outboundTag = name, - ip = _ip - }) + local _outbound = gen_outbound(_node, name, relay_port) + if _outbound then + table.insert(outbounds, _outbound) + if is_proxy and is_proxy == "1" then + table.insert(rules, { + type = "field", + inboundTag = {"proxy_" .. name}, + outboundTag = "default" + }) + end + outboundTag = name end end end + if outboundTag then + if e.domain_list then + local _domain = {} + string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) + table.insert(_domain, w) + end) + table.insert(rules, { + type = "field", + outboundTag = outboundTag, + domain = _domain + }) + end + if e.ip_list then + local _ip = {} + string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) + table.insert(_ip, w) + end) + table.insert(rules, { + type = "field", + outboundTag = outboundTag, + ip = _ip + }) + end + end end) local default_node_id = node.default_node or nil @@ -448,6 +458,10 @@ if inbounds or outbounds then tag = "direct", settings = {domainStrategy = "UseIPv4"} }) + table.insert(outbounds, { + protocol = "blackhole", + tag = "blackhole" + }) local xray = { log = { diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 917f2d8b13..299a324956 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -115,56 +115,52 @@ if has_xray and #nodes_table > 0 then shunt_list[#shunt_list + 1] = v end end - if #normal_list > 0 and #shunt_list > 0 then + for k, v in pairs(shunt_list) do uci:foreach(appname, "shunt_rules", function(e) local id = e[".name"] - o = s:taboption("Main", ListValue, id .. "_node", string.format('* %s', api.url("shunt_rules", id), translate(e.remarks))) - for k, v in pairs(shunt_list) do - o:depends("tcp_node", v.id) - o.cfgvalue = function(self, section) - return m:get(v.id, id) or "nil" - end - o.write = function(self, section, value) - m:set(v.id, id, value) - end - end + o = s:taboption("Main", ListValue, v.id .. "." .. id .. "_node", string.format('* %s', api.url("shunt_rules", id), translate(e.remarks))) + o:depends("tcp_node", v.id) o:value("nil", translate("Close")) + o:value("_direct", translate("Direct Connection")) + o:value("_blackhole", translate("Blackhole")) for k, v in pairs(normal_list) do o:value(v.id, v.remarks_name) end + o.cfgvalue = function(self, section) + return m:get(v.id, id) or "nil" + end + o.write = function(self, section, value) + m:set(v.id, id, value) + end end) local id = "default_node" - o = s:taboption("Main", ListValue, id, "* " .. translate("Default")) - for k, v in pairs(shunt_list) do - o:depends("tcp_node", v.id) - o.cfgvalue = function(self, section) - return m:get(v.id, id) or "nil" - end - o.write = function(self, section, value) - m:set(v.id, id, value) - end - end + o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default")) + o:depends("tcp_node", v.id) o:value("nil", translate("Close")) for k, v in pairs(normal_list) do o:value(v.id, v.remarks_name) end + o.cfgvalue = function(self, section) + return m:get(v.id, id) or "nil" + end + o.write = function(self, section, value) + m:set(v.id, id, value) + end local id = "main_node" - o = s:taboption("Main", ListValue, id, "* " .. translate("Default") .. translate("Preproxy")) - for k, v in pairs(shunt_list) do - o:depends("tcp_node", v.id) - o.cfgvalue = function(self, section) - return m:get(v.id, id) or "nil" - end - o.write = function(self, section, value) - m:set(v.id, id, value) - end - end + o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default") .. translate("Preproxy")) + o:depends("tcp_node", v.id) o:value("nil", translate("Close")) for k, v in pairs(normal_list) do o:value(v.id, v.remarks_name) end + o.cfgvalue = function(self, section) + return m:get(v.id, id) or "nil" + end + o.write = function(self, section, value) + m:set(v.id, id, value) + end end end diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua index 0d4a61beb9..eba5bfefd7 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua @@ -82,7 +82,6 @@ o.default = "5" o.rmempty = false ---- Export ---[[ o = s:option(ListValue, "export", translate("Export Of Multi WAN")) o:value(0, translate("Auto")) local ifaces = e.net:devices() @@ -97,7 +96,6 @@ for _, iface in ipairs(ifaces) do end o.default = 0 o.rmempty = false -]]-- ---- Mode o = s:option(ListValue, "backup", translate("Mode")) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua index 3f5be4a493..4f3c4b6f51 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua @@ -128,14 +128,21 @@ balancing_node:depends("protocol", "_balancing") -- 分流 uci:foreach(appname, "shunt_rules", function(e) - o = s:option(ListValue, e[".name"], '' .. translate(e.remarks) .. "") + o = s:option(ListValue, e[".name"], string.format('* %s', api.url("shunt_rules", e[".name"]), translate(e.remarks))) o:value("nil", translate("Close")) - for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end + o:value("_direct", translate("Direct Connection")) + o:value("_blackhole", translate("Blackhole")) o:depends("protocol", "_shunt") - o = s:option(Flag, e[".name"] .. "_proxy", translate(e.remarks) .. translate("Preproxy"), translate("Use the default node for the transit.")) - o.default = 0 - o:depends("protocol", "_shunt") + if #nodes_table > 0 then + _proxy = s:option(Flag, e[".name"] .. "_proxy", translate(e.remarks) .. translate("Preproxy"), translate("Use the default node for the transit.")) + _proxy.default = 0 + + for k, v in pairs(nodes_table) do + o:value(v.id, v.remarks) + _proxy:depends(e[".name"], v.id) + end + end end) shunt_tips = s:option(DummyValue, "shunt_tips", " ") diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua index 3f87aeb380..5a3e2b5450 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua @@ -8,6 +8,12 @@ s = m:section(TypedSection, "global_delay", translate("Delay Settings")) s.anonymous = true s.addremove = false +---- Delay Start +o = s:option(Value, "start_delay", translate("Delay Start"), + translate("Units:seconds")) +o.default = "1" +o.rmempty = true + ---- Open and close Daemon o = s:option(Flag, "start_daemon", translate("Open and close Daemon")) o.default = 1 @@ -109,6 +115,14 @@ s = m:section(TypedSection, "global_other", translate("Other Settings")) s.anonymous = true s.addremove = false +---- IPv6 TProxy +o = s:option(Flag, "ipv6_tproxy", translate("IPv6 TProxy"), + "" .. translate( + "Experimental feature.Make sure that your node supports IPv6.") .. + "") +o.default = 0 +o.rmempty = false + o = s:option(MultiValue, "status", translate("Status info")) o:value("big_icon", translate("Big icon")) -- 大图标 o:value("show_check_port", translate("Show node check")) -- 显示节点检测 diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua index bebcfb7ea0..5025bf5853 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua @@ -49,6 +49,10 @@ for e = 0, 23 do o:value(e, e .. translate("oclock")) end o.default = 0 o:depends("auto_update", 1) +o = s:option(Value, "xray_location_asset", translate("Location of Xray asset"), translate("This variable specifies a directory where geoip.dat and geosite.dat files are.")) +o.default = "/usr/share/xray/" +o.rmempty = false + s = m:section(TypedSection, "shunt_rules", "Xray" .. translate("Shunt") .. translate("Rule")) s.template = "cbi/tblsection" s.anonymous = false diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua index db9e5a1772..2a4fd8d008 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua @@ -45,7 +45,7 @@ o.validate = function(self, value) local ipmasks= {} string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if not datatypes.ipmask4(ipmask) then + if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!") end end @@ -83,7 +83,7 @@ o.validate = function(self, value) local ipmasks= {} string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if not datatypes.ipmask4(ipmask) then + if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!") end end diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua index 62200646c5..9128db9e64 100755 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua @@ -155,7 +155,7 @@ local function start() end local function stop() - cmd(string.format("ps -w | grep -v 'grep' | grep '%s/' | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &", CONFIG_PATH)) + cmd(string.format("top -bn1 | grep -v 'grep' | grep '%s/' | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1", CONFIG_PATH)) cmd("iptables -D INPUT -j PSW-SERVER 2>/dev/null") cmd("iptables -F PSW-SERVER 2>/dev/null") cmd("iptables -X PSW-SERVER 2>/dev/null") diff --git a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm index 935cb14641..f532e88ef9 100644 --- a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm +++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm @@ -4,111 +4,144 @@ local auto_switch = api.uci_get_type("auto_switch", "enable", 0) -%> \ No newline at end of file diff --git a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po index 0d209c6863..50e4c9713f 100644 --- a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po +++ b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po @@ -412,6 +412,12 @@ msgstr "V2ray 分流" msgid "Preproxy" msgstr "前置代理" +msgid "Direct Connection" +msgstr "直连" + +msgid "Blackhole" +msgstr "黑洞" + msgid "Use the default node for the transit." msgstr "使用默认节点代理转发。" @@ -742,6 +748,12 @@ msgstr "周" msgid "oclock" msgstr "点" +msgid "Location of Xray asset" +msgstr "Xray 资源文件目录" + +msgid "This variable specifies a directory where geoip.dat and geosite.dat files are." +msgstr "此变量指定geoip.dat和geosite.dat文件所在的目录。" + msgid "Update..." msgstr "更新中" @@ -1054,6 +1066,12 @@ msgstr "节点数量" msgid "You can only set up a maximum of %s nodes for the time being, Used for access control." msgstr "目前最多只能设置%s个节点,用于给访问控制使用。" +msgid "IPv6 TProxy" +msgstr "IPv6透明代理(TProxy)" + +msgid "Experimental feature.Make sure that your node supports IPv6." +msgstr "实验特性,请确保你的节点支持IPv6" + msgid "Status info" msgstr "状态信息" diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall index b1388face2..c35a0a2fe3 100644 --- a/package/lienol/luci-app-passwall/root/etc/config/passwall +++ b/package/lienol/luci-app-passwall/root/etc/config/passwall @@ -36,6 +36,7 @@ config global_forwarding config global_other option status 'big_icon show_check_port show_ip111' option nodes_ping 'auto_ping tcping' + option ipv6_tproxy '0' config global_rules option auto_update '0' @@ -66,6 +67,26 @@ config global_subscribe config auto_switch option testing_time '1' option enable '0' + +config nodes '696cd32c1d5149ee95fd1b3accbad6df' + option remarks '分流总节点' + option type 'Xray' + option protocol '_shunt' + option youtube 'nil' + option netflix 'nil' + option TVB 'nil' + option Telegram 'nil' + option default_node 'nil' + option default_proxy '0' + option domainStrategy 'IPIfNonMatch' + +config shunt_rules 'Telegram' + option remarks 'Telegram' + option ip_list '149.154.160.0/20 +91.108.4.0/22 +91.108.56.0/24 +109.239.140.0/24 +67.198.55.0/24' config shunt_rules 'youtube' option remarks 'youtube' diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh index 8af513d37a..110a44abff 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh @@ -10,6 +10,7 @@ TMP_PATH=/var/etc/$CONFIG TMP_BIN_PATH=$TMP_PATH/bin TMP_ID_PATH=$TMP_PATH/id TMP_PORT_PATH=$TMP_PATH/port +TMP_ROUTE_PATH=$TMP_PATH/route LOCK_FILE=/var/lock/$CONFIG.lock LOG_FILE=/var/log/$CONFIG.log APP_PATH=/usr/share/$CONFIG @@ -305,7 +306,7 @@ load_config() { DNS_CACHE=$(config_t_get global dns_cache 0) LOCAL_DNS=$(config_t_get global up_china_dns default | sed 's/:/#/g') if [ "${LOCAL_DNS}" = "default" ]; then - DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep ".server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',') + DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',') if [ -z "${DEFAULT_DNS}" ]; then DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v "0.0.0.0" | grep -v "127.0.0.1" | grep -v "^::$" | head -2) | tr ' ' ',') fi @@ -313,7 +314,8 @@ load_config() { IS_DEFAULT_DNS=1 fi PROXY_IPV6=$(config_t_get global_forwarding proxy_ipv6 0) - mkdir -p /var/etc $TMP_PATH $TMP_BIN_PATH $TMP_ID_PATH $TMP_PORT_PATH + export XRAY_LOCATION_ASSET=$(config_t_get global_rules xray_location_asset "/usr/share/xray/") + mkdir -p /var/etc $TMP_PATH $TMP_BIN_PATH $TMP_ID_PATH $TMP_PORT_PATH $TMP_ROUTE_PATH return 0 } @@ -595,8 +597,36 @@ node_switch() { local log_file=$TMP_PATH/${1}.log eval current_port=\$${1}_REDIR_PORT local port=$(cat $TMP_PORT_PATH/${1}) + + local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') + for id in $ids; do + [ "$(config_n_get $id enabled 0)" == "0" ] && continue + [ "$(config_n_get $id node nil)" != "tcp" ] && continue + local socks_port=$(config_n_get $id port) + local http_port=$(config_n_get $id http_port 0) + top -bn1 | grep -E "$TMP_PATH" | grep -i "SOCKS" | grep "$id" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + tcp_node_socks=1 + tcp_node_socks_port=$socks_port + tcp_node_socks_id=$id + [ "$http_port" != "0" ] && { + tcp_node_http=1 + tcp_node_http_port=$http_port + tcp_node_http_id=$id + } + break + done + run_redir $node "0.0.0.0" $port $config_file $1 $log_file echo $node > $TMP_ID_PATH/${1} + + [ "$1" = "TCP" ] && { + [ "$(config_t_get global udp_node nil)" = "tcp_" ] && { + top -bn1 | grep -E "$TMP_PATH" | grep -i "UDP" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + UDP_NODE=$node + start_redir UDP + } + } + #local node_net=$(echo $1 | tr 'A-Z' 'a-z') #uci set $CONFIG.@global[0].${node_net}_node=$node #uci commit $CONFIG @@ -658,10 +688,10 @@ clean_log() { clean_crontab() { touch /etc/crontabs/root - #sed -i "/${CONFIG}/d" /etc/crontabs/root >/dev/null 2>&1 & - sed -i "/$(echo "/etc/init.d/${CONFIG}" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 & - sed -i "/$(echo "lua ${APP_PATH}/rule_update.lua log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 & - sed -i "/$(echo "lua ${APP_PATH}/subscribe.lua start log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 & + #sed -i "/${CONFIG}/d" /etc/crontabs/root >/dev/null 2>&1 + sed -i "/$(echo "/etc/init.d/${CONFIG}" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 + sed -i "/$(echo "lua ${APP_PATH}/rule_update.lua log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 + sed -i "/$(echo "lua ${APP_PATH}/subscribe.lua start log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 } start_crontab() { @@ -721,7 +751,6 @@ start_crontab() { stop_crontab() { clean_crontab - ps | grep "$APP_PATH/test.sh" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & /etc/init.d/cron restart #echolog "清除定时执行命令。" } @@ -914,7 +943,9 @@ add_dnsmasq() { local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil) - [ "$shunt_node_id" = "nil" ] && continue + if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then + continue + fi local shunt_node=$(config_n_get $shunt_node_id address nil) [ "$shunt_node" = "nil" ] && continue config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/998-shunt_host.conf" @@ -928,8 +959,8 @@ add_dnsmasq() { [ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}" [ -n "$CHINADNS_NG" ] && unset fwd_dns [ ! -f "${TMP_PATH}/gfwlist.txt" ] && sed -n 's/^ipset=\/\.\?\([^/]*\).*$/\1/p' "${RULES_PATH}/gfwlist.conf" | sort -u > "${TMP_PATH}/gfwlist.txt" - sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" - #sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" + #sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" + sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" echolog " - [$?]防火墙域名表(gfwlist):${fwd_dns:-默认}" else #回国模式 @@ -1035,6 +1066,44 @@ del_dnsmasq() { rm -rf $TMP_DNSMASQ_PATH } +add_ip2route() { + local ip=$(get_host_ip "ipv4" $1) + [ -z "$ip" ] && { + echolog " - 无法解析${1},路由表添加失败!" + return 1 + } + local remarks="${1}" + [ "$remarks" != "$ip" ] && remarks="${1}(${ip})" + local interface=$2 + local retries=5 + local failcount=0 + while [ "$failcount" -lt $retries ]; do + unset msg + ip route show dev ${interface} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + let "failcount++" + echolog " - 找不到出口接口:$interface,1分钟后再重试(${failcount}/${retries}),${ip}" + [ "$failcount" -ge $retries ] && return 1 + sleep 1m + else + route add -host ${ip} dev ${interface} >/dev/null 2>&1 + echolog " - ${remarks}添加路由表${interface}接口成功!" + echo "$ip" >> $TMP_ROUTE_PATH/${interface} + break + fi + done +} + +delete_ip2route() { + [ -d "${TMP_ROUTE_PATH}" ] && { + for interface in $(ls ${TMP_ROUTE_PATH}); do + for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do + route del -host ${ip} dev ${interface} >/dev/null 2>&1 + done + done + } +} + start_haproxy() { local haproxy_path haproxy_file item items lport sort_items @@ -1109,28 +1178,10 @@ start_haproxy() { server $bip:$bport $bip:$bport weight $lbweight check inter 1500 rise 1 fall 3 $bbackup EOF - #暂时不开启此功能,以后抽时间改成后台执行,防止卡luci。 -:</dev/null 2>&1 - if [ $? -ne 0 ]; then - let "failcount++" - echolog " - 找不到出口接口:$export,1分钟后再重试(${failcount}/3),${bip}" - [ "$failcount" -ge 3 ] && exit 0 - sleep 1m - else - route add -host ${bip} dev ${export} - msg="[$?] 从 ${export} 接口路由," - echo "$bip" >>/tmp/balancing_ip - break - fi - done + add_ip2route ${bip} ${export} > /dev/null 2>&1 & fi - echolog " | - ${msg}出口节点:${bip}:${bport},权重:${lbweight}" -! + echolog " | - 出口节点:${bip}:${bport},权重:${lbweight}" done # 控制台配置 @@ -1156,7 +1207,7 @@ start_haproxy() { } kill_all() { - kill -9 $(pidof "$@") >/dev/null 2>&1 & + kill -9 $(pidof "$@") >/dev/null 2>&1 } force_stop() { @@ -1195,7 +1246,15 @@ restart_dnsmasq() { } boot() { - [ "$ENABLED" == 1 ] && start + [ "$ENABLED" == 1 ] && { + local delay=$(config_t_get global_delay start_delay 1) + if [ "$delay" -gt 0 ]; then + echolog "执行启动延时 $delay 秒后再启动!" + sleep $delay && start >/dev/null 2>&1 & + else + start + fi + } return 0 } @@ -1226,12 +1285,12 @@ stop() { set_lock clean_log source $APP_PATH/iptables.sh stop + delete_ip2route kill_all v2ray-plugin obfs-local - top -bn1 | grep -v "grep" | grep $CONFIG/test.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & - top -bn1 | grep -v "grep" | grep $CONFIG/monitor.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & - top -bn1 | grep -v -E "grep|${TMP_PATH}_server" | grep -E "$TMP_PATH" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & - top -bn1 | grep -v "grep" | grep "sleep 1m" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & + top -bn1 | grep -v "grep" | grep "sleep" | grep -E "9s|58s" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + top -bn1 | grep -v "grep" | grep -v "app.sh" | grep "${CONFIG}/" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 rm -rf $TMP_DNSMASQ_PATH $TMP_PATH + unset XRAY_LOCATION_ASSET stop_crontab del_dnsmasq /etc/init.d/dnsmasq restart >/dev/null 2>&1 diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh index 8f033a45a6..6df408ddae 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -4,14 +4,24 @@ IPSET_LANIPLIST="laniplist" IPSET_VPSIPLIST="vpsiplist" IPSET_SHUNTLIST="shuntlist" IPSET_GFW="gfwlist" -#IPSET_GFW6="gfwlist6" IPSET_CHN="chnroute" -IPSET_CHN6="chnroute6" IPSET_BLACKLIST="blacklist" IPSET_BLACKLIST2="blacklist2" IPSET_BLACKLIST3="blacklist3" IPSET_WHITELIST="whitelist" +IPSET_LANIPLIST_6="laniplist6" +IPSET_VPSIPLIST_6="vpsiplist6" +IPSET_SHUNTLIST_6="shuntlist6" +IPSET_GFW6="gfwlist6" +IPSET_CHN6="chnroute6" +IPSET_BLACKLIST_6="blacklist_6" +IPSET_BLACKLIST2_6="blacklist2_6" +IPSET_BLACKLIST3_6="blacklist3_6" +IPSET_WHITELIST_6="whitelist_6" + +PROXY_IPV6=0 + FORCE_INDEX=2 ipt_n="iptables -t nat" @@ -79,6 +89,26 @@ get_redirect_ipt() { esac } +get_redirect_ip6t() { + case "$1" in + disable) + echo "-j RETURN" + ;; + global) + echo "$(REDIRECT $2 $3)" + ;; + gfwlist) + echo "$(dst $IPSET_GFW6) $(REDIRECT $2 $3)" + ;; + chnroute) + echo "$(dst $IPSET_CHN6 !) $(REDIRECT $2 $3)" + ;; + returnhome) + echo "$(dst $IPSET_CHN6) $(REDIRECT $2 $3)" + ;; + esac +} + get_action_chain_name() { case "$1" in disable) @@ -113,6 +143,24 @@ gen_laniplist() { EOF } +gen_laniplist_6() { + cat <<-EOF + ::/128 + ::1/128 + ::ffff:0:0/96 + ::ffff:0:0:0/96 + 64:ff9b::/96 + 100::/64 + 2001::/32 + 2001:20::/28 + 2001:db8::/32 + 2002::/16 + fc00::/7 + fe80::/10 + ff00::/8 + EOF +} + load_acl() { local items=$(get_enabled_anonymous_secs "@acl_rule") [ -n "$items" ] && { @@ -156,16 +204,24 @@ load_acl() { fi [ "$tcp_no_redir_ports" != "disable" ] && { $ipt_tmp -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN msg2="${msg2}[$?]除${tcp_no_redir_ports}外的" } msg2="${msg2}所有端口" $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port $is_tproxy) $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy) $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ipt $tcp_proxy_mode $tcp_port $is_tproxy) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $tcp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $tcp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $tcp_proxy_mode $tcp_port TPROXY) + fi } echolog " - ${msg2}" } $ipt_tmp -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -j RETURN [ "$udp_proxy_mode" != "disable" ] && { msg2="${msg}使用UDP节点 [$(get_action_chain_name $udp_proxy_mode)]" @@ -174,16 +230,24 @@ load_acl() { msg2="${msg2}(TPROXY:${udp_port})代理" [ "$udp_no_redir_ports" != "disable" ] && { $ipt_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN msg2="${msg2}[$?]除${udp_no_redir_ports}外的" } msg2="${msg2}所有端口" $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $udp_port TPROXY) $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY) $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ipt $udp_proxy_mode $udp_port TPROXY) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $udp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $udp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $udp_proxy_mode $udp_port TPROXY) + fi } echolog " - ${msg2}" } $ipt_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN done } @@ -191,7 +255,11 @@ load_acl() { local ipt_tmp=$ipt_n local is_tproxy msg if [ "$TCP_PROXY_MODE" != "disable" ]; then - [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { + $ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + $ip6t_m -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + } + ipt_tmp=$ipt_n unset is_tproxy msg [ "$TCP_NODE" != "nil" ] && { @@ -210,11 +278,19 @@ load_acl() { $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy) $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy) $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT $is_tproxy) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $TCP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $TCP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT TPROXY) + fi + echolog "${msg}" } fi $ipt_n -A PSW $(comment "默认") -p tcp -j RETURN $ipt_m -A PSW $(comment "默认") -p tcp -j RETURN + $ip6t_m -A PSW $(comment "默认") -p tcp -j RETURN # 加载UDP默认代理模式 if [ "$UDP_PROXY_MODE" != "disable" ]; then @@ -226,10 +302,18 @@ load_acl() { $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT TPROXY) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $UDP_PROXY_MODE/6 $UDP_REDIR_PORT TPROXY) + fi + echolog "${msg}" } fi $ipt_m -A PSW $(comment "默认") -p udp -j RETURN + $ip6t_m -A PSW $(comment "默认") -p udp -j RETURN unset is_tproxy msg } @@ -243,7 +327,7 @@ filter_haproxy() { filter_vpsip() { uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - #uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7}])" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIP6LIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7}])" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R echolog "加入所有节点到ipset[$IPSET_VPSIPLIST]直连完成" } @@ -364,24 +448,37 @@ add_firewall_rule() { ipset -! create $IPSET_VPSIPLIST nethash ipset -! create $IPSET_SHUNTLIST nethash ipset -! create $IPSET_GFW nethash - #ipset -! create $IPSET_GFW6 nethash family inet6 ipset -! create $IPSET_CHN nethash - ipset -! create $IPSET_CHN6 nethash family inet6 ipset -! create $IPSET_BLACKLIST nethash ipset -! create $IPSET_BLACKLIST2 nethash ipset -! create $IPSET_BLACKLIST3 nethash ipset -! create $IPSET_WHITELIST nethash + ipset -! create $IPSET_LANIPLIST_6 nethash family inet6 + ipset -! create $IPSET_VPSIPLIST_6 nethash family inet6 + ipset -! create $IPSET_SHUNTLIST_6 nethash family inet6 + ipset -! create $IPSET_GFW6 nethash family inet6 + ipset -! create $IPSET_CHN6 nethash family inet6 + ipset -! create $IPSET_BLACKLIST_6 nethash family inet6 + ipset -! create $IPSET_BLACKLIST2_6 nethash family inet6 + ipset -! create $IPSET_BLACKLIST3_6 nethash family inet6 + ipset -! create $IPSET_WHITELIST_6 nethash family inet6 + local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R done cat $RULES_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/proxy_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/direct_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/chnroute6 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/proxy_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - [ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - [ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/direct_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/proxy_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/direct_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R ipset -! -R <<-EOF $(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /") @@ -390,14 +487,31 @@ add_firewall_rule() { echolog "系统不兼容,终止执行!" return 1 } + + ipset -! -R <<-EOF + $(gen_laniplist_6 | sed -e "s/^/add $IPSET_LANIPLIST_6 /") + EOF +# [ $? -eq 0 ] || { +# echolog "系统不兼容IPv6,终止执行!" +# return 1 +# } # 忽略特殊IP段 local lan_ifname lan_ip lan_ifname=$(uci -q -p /var/state get network.lan.ifname) [ -n "$lan_ifname" ] && { lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}') - #echolog "本机网段互访直连:${lan_ip}" - [ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 & + lan_ip6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') + #echolog "本机IPv4网段互访直连:${lan_ip}" + #echolog "本机IPv6网段互访直连:${lan_ip6}" + + [ -n "$lan_ip" ] && ipset -! -R <<-EOF + $(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST /") + EOF + + [ -n "$lan_ip6" ] && ipset -! -R <<-EOF + $(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST_6 /") + EOF } local ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1) @@ -408,16 +522,25 @@ add_firewall_rule() { #echolog " - 追加到白名单:${ispip}" done } - + + local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u ) + [ -n "$ISP_DNS" ] && { + #echolog "处理 ISP IPv6 DNS 例外..." + for ispip6 in $ISP_DNS; do + ipset -! add $IPSET_WHITELIST_6 $ispip6 >/dev/null 2>&1 & + #echolog " - 追加到白名单:${ispip6}" + done + } + # 过滤所有节点IP filter_vpsip > /dev/null 2>&1 & filter_haproxy > /dev/null 2>&1 & - + $ipt_n -N PSW $ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN $ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN $ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN - + $ipt_n -N PSW_OUTPUT $ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN $ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN @@ -427,7 +550,7 @@ add_firewall_rule() { $ipt_m -A PSW $(dst $IPSET_LANIPLIST) -j RETURN $ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN $ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN - + $ipt_m -N PSW_OUTPUT $ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN $ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN @@ -435,7 +558,48 @@ add_firewall_rule() { ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 - + + local NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z') + local ipv6_tproxy=$(config_t_get global_other ipv6_tproxy 0) + + if [ $NODE_TYPE == "xray" ] && [ $ipv6_tproxy == "1" ]; then + PROXY_IPV6=1 + echolog "节点类型:$NODE_TYPE,开启实验性IPv6透明代理(TProxy)..." + else + [ $enble_ipv6=="1" ] && echolog "节点类型:$NODE_TYPE,暂不支持IPv6透明代理(TProxy)..." + fi + + #$ip6t_n -N PSW + #$ip6t_n -A PREROUTING -j PSW + + #$ip6t_n -N PSW_OUTPUT + #$ip6t_n -A OUTPUT -p tcp -j PSW_OUTPUT + + $ip6t_m -N PSW + $ip6t_m -A PSW $(dst $IPSET_LANIPLIST_6) -j RETURN + $ip6t_m -A PSW $(dst $IPSET_VPSIPLIST_6) -j RETURN + $ip6t_m -A PSW $(dst $IPSET_WHITELIST_6) -j RETURN + $ip6t_m -A PREROUTING -j PSW + + $ip6t_m -N PSW_OUTPUT + $ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST_6) -j RETURN + $ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST_6) -j RETURN + $ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST_6) -j RETURN + $ip6t_m -A OUTPUT -p tcp -j PSW_OUTPUT + + ip -6 rule add fwmark 1 table 100 + ip -6 route add local ::/0 dev lo table 100 + + [ -n "$lan_ifname" ] && { + lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段 + [ -n "$lan_ipv6" ] && { + for ip in $lan_ipv6; do + $ip6t_m -A PSW -d $ip -j RETURN + $ip6t_m -A PSW_OUTPUT -d $ip -j RETURN + done + } + } + # 加载路由器自身代理 TCP if [ "$TCP_NODE" != "nil" ]; then local ipt_tmp=$ipt_n @@ -469,11 +633,18 @@ add_firewall_rule() { $ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + $ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS" } $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $blist_r $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $p_r + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $LOCALHOST_TCP_PROXY_MODE 1 MARK) + fi fi local PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING ADBYBY) @@ -485,33 +656,14 @@ add_firewall_rule() { PR_INDEX=$((PR_INDEX + 1)) $ipt_n -I PREROUTING $PR_INDEX -p tcp -j PSW echolog "使用链表 PREROUTING 排列索引${PR_INDEX}[$?]" - - $ip6t_n -N PSW - $ip6t_n -A PREROUTING -j PSW - $ip6t_n -N PSW_OUTPUT - $ip6t_n -A OUTPUT -p tcp -j PSW_OUTPUT - - $ip6t_m -N PSW - $ip6t_m -A PREROUTING -j PSW - $ip6t_m -N PSW_OUTPUT - $ip6t_m -A OUTPUT -p tcp -j PSW_OUTPUT - [ -n "$lan_ifname" ] && { - lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段 - [ -n "$lan_ipv6" ] && { - for ip in $lan_ipv6; do - $ip6t_n -A PSW -d $ip -j RETURN - $ip6t_n -A PSW_OUTPUT -d $ip -j RETURN - done - } - } - - if [ "$PROXY_IPV6" == "1" ]; then - local msg="IPv6 配置不当,无法代理" - $ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT) - $ip6t_n -A PSW_OUTPUT -p tcp $(REDIRECT $TCP_REDIR_PORT) - msg="${msg},转发 IPv6 TCP 流量到节点[$?]" - echolog "$msg" - fi + +# if [ "$PROXY_IPV6" == "1" ]; then +# local msg="IPv6 配置不当,无法代理" +# $ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT) +# $ip6t_n -A PSW_OUTPUT -p tcp $(REDIRECT $TCP_REDIR_PORT) +# msg="${msg},转发 IPv6 TCP 流量到节点[$?]" +# echolog "$msg" +# fi # 过滤Socks节点 [ "$SOCKS_ENABLED" = "1" ] && { @@ -551,7 +703,7 @@ add_firewall_rule() { filter_node $node $stream $port > /dev/null 2>&1 & fi done - + # 加载路由器自身代理 UDP if [ "$UDP_NODE" != "nil" ]; then echolog "加载路由器自身 UDP 代理..." @@ -577,15 +729,21 @@ add_firewall_rule() { $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK) $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK) $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_UDP_PROXY_MODE 1 MARK) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $LOCALHOST_UDP_PROXY_MODE 1 MARK) + fi fi - + $ipt_m -A PREROUTING -j PSW - + # 加载ACLS load_acl - + # dns_hijack "force" - + echolog "防火墙规则加载完成!" } @@ -606,9 +764,11 @@ del_firewall_rule() { $ip6t_m -D PREROUTING -j PSW 2>/dev/null $ip6t_m -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null + $ip6t_m -D OUTPUT -p udp -j PSW_OUTPUT 2>/dev/null ib_nat_exist=$(expr $ib_nat_exist - 1) done + fi $ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null $ipt_n -F PSW_OUTPUT 2>/dev/null && $ipt_n -X PSW_OUTPUT 2>/dev/null @@ -622,17 +782,29 @@ del_firewall_rule() { ip rule del fwmark 1 lookup 100 2>/dev/null ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null + ip -6 rule del fwmark 1 table 100 2>/dev/null + ip -6 route del local ::/0 dev lo table 100 2>/dev/null + ipset -F $IPSET_LANIPLIST >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST >/dev/null 2>&1 & ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 & #ipset -F $IPSET_SHUNTLIST >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST >/dev/null 2>&1 & #ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 & - #ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & #ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 & - #ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & #ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 & #ipset -F $IPSET_BLACKLIST2 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2 >/dev/null 2>&1 & #ipset -F $IPSET_BLACKLIST3 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3 >/dev/null 2>&1 & ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 & + + ipset -F $IPSET_LANIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_VPSIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST_6 >/dev/null 2>&1 & + #ipset -F $IPSET_SHUNTLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST_6 >/dev/null 2>&1 & + #ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & + #ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & + #ipset -F $IPSET_BLACKLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST_6 >/dev/null 2>&1 & + #ipset -F $IPSET_BLACKLIST2_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2_6 >/dev/null 2>&1 & + #ipset -F $IPSET_BLACKLIST3_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3_6 >/dev/null 2>&1 & + ipset -F $IPSET_WHITELIST_6 >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST_6 >/dev/null 2>&1 & + echolog "删除相关防火墙规则完成。" } @@ -641,13 +813,21 @@ flush_ipset() { ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 & ipset -F $IPSET_SHUNTLIST >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST >/dev/null 2>&1 & ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 & - #ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 & - ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 & ipset -F $IPSET_BLACKLIST2 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2 >/dev/null 2>&1 & ipset -F $IPSET_BLACKLIST3 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3 >/dev/null 2>&1 & ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 & + + ipset -F $IPSET_LANIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_VPSIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_SHUNTLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & + ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & + ipset -F $IPSET_BLACKLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_BLACKLIST2_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2_6 >/dev/null 2>&1 & + ipset -F $IPSET_BLACKLIST3_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3_6 >/dev/null 2>&1 & + ipset -F $IPSET_WHITELIST_6 >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST_6 >/dev/null 2>&1 & } flush_include() { diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh index 81e9e429d0..991dc28752 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh @@ -1,7 +1,9 @@ #!/bin/sh CONFIG=passwall -RUN_BIN_PATH=/var/etc/${CONFIG}/bin +TMP_PATH=/var/etc/$CONFIG +TMP_BIN_PATH=$TMP_PATH/bin +TMP_ID_PATH=$TMP_PATH/id config_n_get() { local ret=$(uci -q get $CONFIG.$1.$2 2>/dev/null) @@ -23,59 +25,71 @@ ENABLED=$(config_t_get global enabled 0) [ "$ENABLED" != 1 ] && return 1 ENABLED=$(config_t_get global_delay start_daemon 0) [ "$ENABLED" != 1 ] && return 1 -sleep 1m +sleep 58s while [ "$ENABLED" -eq 1 ] do - #tcp - TCP_NODE=$(config_t_get global tcp_node nil) - if [ "$TCP_NODE" != "nil" ]; then - #kcptun - use_kcp=$(config_n_get $TCP_NODE use_kcp 0) - if [ $use_kcp -gt 0 ]; then - icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH/kcptun" | grep -i "tcp" | wc -l) + #TCP + [ -f "$TMP_ID_PATH/TCP" ] && { + TCP_NODE=$(cat $TMP_ID_PATH/TCP) + if [ "$TCP_NODE" != "nil" ]; then + #kcptun + use_kcp=$(config_n_get $TCP_NODE use_kcp 0) + if [ $use_kcp -gt 0 ]; then + icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH/kcptun" | grep -i "tcp" | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi + fi + icount=$(top -bn1 | grep -v -E 'grep|kcptun' | grep "$TMP_BIN_PATH" | grep -i "TCP" | wc -l) if [ $icount = 0 ]; then - /etc/init.d/passwall restart + /etc/init.d/$CONFIG restart exit 0 fi fi - icount=$(top -bn1 | grep -v -E 'grep|kcptun' | grep "$RUN_BIN_PATH" | grep -i "TCP" | wc -l) - if [ $icount = 0 ]; then - /etc/init.d/passwall restart - exit 0 - fi - fi + } #udp - UDP_NODE=$(config_t_get global udp_node nil) - if [ "$UDP_NODE" != "nil" ]; then - [ "$UDP_NODE" == "tcp" ] && continue - [ "$UDP_NODE" == "tcp_" ] && UDP_NODE=$TCP_NODE1 - icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH" | grep -i "UDP" | wc -l) - if [ $icount = 0 ]; then - /etc/init.d/passwall restart - exit 0 + [ -f "$TMP_ID_PATH/UDP" ] && { + UDP_NODE=$(cat $TMP_ID_PATH/UDP) + if [ "$UDP_NODE" != "nil" ]; then + [ "$UDP_NODE" == "tcp" ] && continue + [ "$UDP_NODE" == "tcp_" ] && UDP_NODE=$TCP_NODE + icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH" | grep -i "UDP" | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi fi - fi + } #dns dns_mode=$(config_t_get global dns_mode) if [ "$dns_mode" != "nonuse" ] && [ "$dns_mode" != "custom" ]; then icount=$(netstat -apn | grep 7913 | wc -l) if [ $icount = 0 ]; then - /etc/init.d/passwall restart - exit 0 - fi - fi - - #haproxy - use_haproxy=$(config_t_get global_haproxy balancing_enable 0) - if [ $use_haproxy -gt 0 ]; then - icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH/haproxy" | wc -l) - if [ $icount = 0 ]; then - /etc/init.d/passwall restart + /etc/init.d/$CONFIG restart exit 0 fi fi - sleep 1m + [ -f "$TMP_BIN_PATH/chinadns-ng" ] && { + icount=$(top -bn1 | grep -v grep | grep $TMP_BIN_PATH/chinadns-ng | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi + } + + #haproxy + use_haproxy=$(config_t_get global_haproxy balancing_enable 0) + if [ $use_haproxy -gt 0 ]; then + icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH/haproxy" | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi + fi + + sleep 58s done diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip index fd5eb772df..eecd323ecd 100644 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip @@ -11,3 +11,8 @@ 1.0.0.1 9.9.9.9 149.112.112.112 +2001:67c:4e8::/48 +2001:b28:f23c::/48 +2001:b28:f23d::/48 +2001:b28:f23f::/48 +2001:b28:f242::/48 \ No newline at end of file diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua index bc0abbd1c5..24614020ca 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua @@ -70,6 +70,7 @@ do local node_id = t.node CONFIG[#CONFIG + 1] = { log = true, + id = t[".name"], remarks = "Socks节点列表[" .. i .. "]", currentNodeId = node_id, currentNode = node_id and ucic2:get_all(application, node_id) or nil, @@ -106,7 +107,7 @@ do set = function(o) for kk, vv in pairs(CONFIG) do if (vv.remarks == "TCP备用节点的列表") then - log("刷新自动切换的TCP备用节点的列表") + --log("刷新自动切换的TCP备用节点的列表") ucic2:set_list(application, "@auto_switch[0]", "tcp_node", vv.new_nodes) end end @@ -133,7 +134,7 @@ do local default_node_id = node.default_node CONFIG[#CONFIG + 1] = { - log = false, + log = true, currentNodeId = default_node_id, currentNode = default_node_id and ucic2:get_all(application, default_node_id) or nil, remarks = "分流默认节点", @@ -145,7 +146,7 @@ do local main_node_id = node.main_node CONFIG[#CONFIG + 1] = { - log = false, + log = true, currentNodeId = main_node_id, currentNode = main_node_id and ucic2:get_all(application, main_node_id) or nil, remarks = "分流默认前置代理节点", @@ -182,7 +183,7 @@ do set = function(o) for kk, vv in pairs(CONFIG) do if (vv.remarks == "负载均衡节点列表" .. node_id) then - log("刷新负载均衡节点列表") + --log("刷新负载均衡节点列表") ucic2:foreach(application, uciType, function(node2) if node2[".name"] == node[".name"] then local index = node2[".index"] @@ -586,31 +587,24 @@ local function curl(url) end local function truncate_nodes() - local function clear(type) - local node_num = ucic2:get(application, "@global_other[0]", type .. "_node_num") or 1 - for i = 1, node_num, 1 do - local node = ucic2:get(application, "@global[0]", type .. "_node" .. i) - if node then - local is_sub_node = ucic2:get(application, node, "is_sub") or 0 - if is_sub_node == "1" then - ucic2:set(application, '@global[0]', type .. "_node" .. i, "nil") + for _, config in pairs(CONFIG) do + if config.nodes and type(config.nodes) == "table" then + for kk, vv in pairs(config.nodes) do + if vv.currentNode.is_sub and vv.currentNode.is_sub == "1" then + else + vv.set(vv, vv.currentNodeId) + end + end + config.set(config) + else + if config.currentNode.is_sub and config.currentNode.is_sub == "1" then + config.set(config, "nil") + if config.id then + ucic2:delete(application, config.id) end end end end - clear("tcp") - clear("udp") - - ucic2:foreach(application, "socks", function(t) - local node = t.node - if node then - local is_sub_node = ucic2:get(application, node, "is_sub") or 0 - if is_sub_node == "1" then - ucic2:set(application, t[".name"], "node", "nil") - end - end - end) - ucic2:foreach(application, uciType, function(node) if (node.is_sub or node.hashkey) and node.add_mode ~= '导入' then ucic2:delete(application, node['.name']) @@ -624,84 +618,96 @@ end local function select_node(nodes, config) local server if config.currentNode then - for id, node in pairs(nodes) do - -- 特别优先级 分流 + 备注 - if config.currentNode.protocol and config.currentNode.protocol == '_shunt' then + -- 特别优先级 分流 + 备注 + if config.currentNode.protocol and config.currentNode.protocol == '_shunt' then + for index, node in pairs(nodes) do if node.remarks == config.currentNode.remarks then log('更新【' .. config.remarks .. '】分流匹配节点:' .. node.remarks) - server = id + server = node[".name"] break end end - -- 特别优先级 负载均衡 + 备注 - if config.currentNode.protocol and config.currentNode.protocol == '_balancing' then + end + -- 特别优先级 负载均衡 + 备注 + if config.currentNode.protocol and config.currentNode.protocol == '_balancing' then + for index, node in pairs(nodes) do if node.remarks == config.currentNode.remarks then log('更新【' .. config.remarks .. '】负载均衡匹配节点:' .. node.remarks) - server = id + server = node[".name"] break end end - -- 第一优先级 cfgid - if not server then - if id == config.currentNode['.name'] then + end + -- 第一优先级 cfgid + if not server then + for index, node in pairs(nodes) do + if node[".name"] == config.currentNode['.name'] then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第一匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end - -- 第二优先级 类型 + IP + 端口 - if not server then + end + -- 第二优先级 类型 + IP + 端口 + if not server then + for index, node in pairs(nodes) do if config.currentNode.type and config.currentNode.address and config.currentNode.port then if node.type and node.address and node.port then if node.type == config.currentNode.type and (node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port) then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第二匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end end end - -- 第三优先级 IP + 端口 - if not server then + end + -- 第三优先级 IP + 端口 + if not server then + for index, node in pairs(nodes) do if config.currentNode.address and config.currentNode.port then if node.address and node.port then if node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第三匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end end end - -- 第四优先级 IP - if not server then + end + -- 第四优先级 IP + if not server then + for index, node in pairs(nodes) do if config.currentNode.address then if node.address then if node.address == config.currentNode.address then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第四匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end end end - -- 第五优先级备注 - if not server then + end + -- 第五优先级备注 + if not server then + for index, node in pairs(nodes) do if config.currentNode.remarks then if node.remarks then if node.remarks == config.currentNode.remarks then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第五匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end @@ -752,7 +758,7 @@ local function update_node(manual) local nodes = {} local ucic3 = luci.model.uci.cursor() ucic3:foreach(application, uciType, function(node) - nodes[node['.name']] = node + nodes[#nodes + 1] = node end) for _, config in pairs(CONFIG) do diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh index a16395d16e..51f5f730fa 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh @@ -88,12 +88,13 @@ test_auto_switch() { } else local tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp) - /usr/share/${CONFIG}/app.sh run_socks "auto_switch" "$main_node" "127.0.0.1" "$tmp_port" "/var/etc/${CONFIG}/auto_switch.json" + /usr/share/${CONFIG}/app.sh run_socks "auto_switch" "$main_node" "127.0.0.1" "$tmp_port" "/var/etc/${CONFIG}/test.json" local curlx="socks5h://127.0.0.1:$tmp_port" fi - sleep 10s + sleep 9s proxy_status=$(test_url "https://www.google.com/generate_204" 3 3 "-x $curlx") - top -bn1 | grep -v "grep" | grep "/var/etc/${CONFIG}/auto_switch.json" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + top -bn1 | grep -v "grep" | grep "/var/etc/${CONFIG}/test.json" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + rm -rf "/var/etc/${CONFIG}/test.json" if [ "$proxy_status" -eq 200 ]; then #主节点正常,切换到主节点 echolog "自动切换检测:${TYPE}主节点正常,切换到主节点!" @@ -125,7 +126,7 @@ test_auto_switch() { fi fi /usr/share/${CONFIG}/app.sh node_switch ${TYPE} ${new_node} - sleep 10s + sleep 9s # 切换节点后等待10秒后再检测一次,如果还是不通继续切,直到可用为止 status2=$(test_proxy) if [ "$status2" -eq 0 ]; then @@ -141,11 +142,12 @@ test_auto_switch() { start() { ENABLED=$(config_t_get global enabled 0) - [ "$ENABLED" != 1 ] && _return 1 + [ "$ENABLED" != 1 ] && return 1 ENABLED=$(config_t_get auto_switch enable 0) - [ "$ENABLED" != 1 ] && _return 1 + [ "$ENABLED" != 1 ] && return 1 delay=$(config_t_get auto_switch testing_time 1) - sleep ${delay}m + #sleep ${delay}m + sleep 9s while [ "$ENABLED" -eq 1 ] do TCP_NODE=$(config_t_get auto_switch tcp_node nil) From 37f650ad14289dcd6300354b6fe291478ba429b7 Mon Sep 17 00:00:00 2001 From: Curtis Deptuck Date: Mon, 8 Feb 2021 14:20:11 -0700 Subject: [PATCH 14/15] glibc: update to 2.33 ChangeLog: https://sourceware.org/pipermail/libc-alpha/2021-February/122207.html Refresh patch: None required Signed-off-by: Curtis Deptuck --- toolchain/glibc/common.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk index aaeb253353..9a2878ea05 100644 --- a/toolchain/glibc/common.mk +++ b/toolchain/glibc/common.mk @@ -7,13 +7,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=glibc -PKG_VERSION:=2.32 +PKG_VERSION:=2.33 PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=760e1d287825fa91d4d5a0cc921340c740d803e2 -PKG_MIRROR_HASH:=3ea50e679a241faec8d0e90c9db84a19a42e03dd08328aee406a9ec56393104d +PKG_SOURCE_VERSION:=17f0ff097887008b2d3dca270c8ffbb4b43a8749 +PKG_MIRROR_HASH:=c208569b844f22a6fb446fb02b392c5f280d7a29263a4d5401c47157fc7ac169 PKG_SOURCE_URL:=https://sourceware.org/git/glibc.git PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz From dcb54c420b6153ee46aaf993153c47465e91560b Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Tue, 9 Feb 2021 00:53:09 +0100 Subject: [PATCH 15/15] wolfssl: Backport fix for CVE-2021-3336 This should fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The patch is backported from the upstream wolfssl development branch. Signed-off-by: Hauke Mehrtens --- package/libs/wolfssl/Makefile | 2 +- .../wolfssl/patches/010-CVE-2021-3336.patch | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 package/libs/wolfssl/patches/010-CVE-2021-3336.patch diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index dcc6aca40c..ff01fca663 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl PKG_VERSION:=4.6.0-stable -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) diff --git a/package/libs/wolfssl/patches/010-CVE-2021-3336.patch b/package/libs/wolfssl/patches/010-CVE-2021-3336.patch new file mode 100644 index 0000000000..abb9bfdd9b --- /dev/null +++ b/package/libs/wolfssl/patches/010-CVE-2021-3336.patch @@ -0,0 +1,53 @@ +From fad1e67677bf7797b6bd6e1f21a513c289d963a7 Mon Sep 17 00:00:00 2001 +From: Sean Parkinson +Date: Thu, 21 Jan 2021 08:24:38 +1000 +Subject: [PATCH] TLS 1.3: ensure key for signature in CertificateVerify + +--- + src/tls13.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/src/tls13.c ++++ b/src/tls13.c +@@ -5624,28 +5624,36 @@ static int DoTls13CertificateVerify(WOLF + #ifdef HAVE_ED25519 + if (args->sigAlgo == ed25519_sa_algo && + !ssl->peerEd25519KeyPresent) { +- WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify"); ++ WOLFSSL_MSG("Peer sent ED22519 sig but not ED22519 cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif + #ifdef HAVE_ED448 + if (args->sigAlgo == ed448_sa_algo && !ssl->peerEd448KeyPresent) { +- WOLFSSL_MSG("Oops, peer sent ED448 key but not in verify"); ++ WOLFSSL_MSG("Peer sent ED448 sig but not ED448 cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif + #ifdef HAVE_ECC + if (args->sigAlgo == ecc_dsa_sa_algo && + !ssl->peerEccDsaKeyPresent) { +- WOLFSSL_MSG("Oops, peer sent ECC key but not in verify"); ++ WOLFSSL_MSG("Peer sent ECC sig but not ECC cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif + #ifndef NO_RSA + if (args->sigAlgo == rsa_sa_algo) { +- WOLFSSL_MSG("Oops, peer sent PKCS#1.5 signature"); ++ WOLFSSL_MSG("Peer sent PKCS#1.5 algo but not in certificate"); + ERROR_OUT(INVALID_PARAMETER, exit_dcv); + } + if (args->sigAlgo == rsa_pss_sa_algo && + (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)) { +- WOLFSSL_MSG("Oops, peer sent RSA key but not in verify"); ++ WOLFSSL_MSG("Peer sent RSA sig but not RSA cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif +