diff --git a/admin/btop/Makefile b/admin/btop/Makefile index b3a92d17c..0384f7282 100644 --- a/admin/btop/Makefile +++ b/admin/btop/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=btop PKG_VERSION:=1.2.13 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://codeload.github.com/aristocratos/btop/tar.gz/v$(PKG_VERSION)? @@ -12,6 +12,7 @@ PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE +PKG_BUILD_FLAGS:=no-lto PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 diff --git a/admin/nyx/Makefile b/admin/nyx/Makefile index 5a7e26b41..1b023337b 100644 --- a/admin/nyx/Makefile +++ b/admin/nyx/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nyx PKG_VERSION:=2.1.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PYPI_NAME:=nyx PKG_HASH:=88521488d1c9052e457b9e66498a4acfaaa3adf3adc5a199892632f129a5390b diff --git a/admin/nyx/patches/01-python311.patch b/admin/nyx/patches/01-python311.patch new file mode 100644 index 000000000..36b34932d --- /dev/null +++ b/admin/nyx/patches/01-python311.patch @@ -0,0 +1,32 @@ +From dcaddf2ab7f9d2ef8649f98bb6870995ebe0b893 Mon Sep 17 00:00:00 2001 +From: Juan Orti Alcaine +Date: Mon, 27 Jun 2022 19:38:34 +0200 +Subject: [PATCH] Replace inspect.getargspec usage to support python 3.11 + +--- + nyx/panel/__init__.py | 2 +- + test/__init__.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/nyx/panel/__init__.py ++++ b/nyx/panel/__init__.py +@@ -78,7 +78,7 @@ class KeyHandler(collections.namedtuple( + is_match = self._key_func(key) if self._key_func else key.match(self.key) + + if is_match: +- if inspect.getargspec(self._action).args == ['key']: ++ if inspect.getfullargspec(self._action).args == ['key']: + self._action(key) + else: + self._action() +--- a/test/__init__.py ++++ b/test/__init__.py +@@ -94,7 +94,7 @@ def render(func, *args, **kwargs): + nyx.curses.CURSES_SCREEN.erase() + start_time = time.time() + +- func_args = inspect.getargspec(func).args ++ func_args = inspect.getfullargspec(func).args + + if func_args[:1] == ['subwindow'] or func_args[:2] == ['self', 'subwindow']: + def _draw(subwindow): diff --git a/lang/lua-rs232/Makefile b/lang/lua-rs232/Makefile index 654e21ca1..6d0ec7e4d 100644 --- a/lang/lua-rs232/Makefile +++ b/lang/lua-rs232/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lua-rs232 PKG_SOURCE_DATE:=2019-11-20 PKG_SOURCE_VERSION:=c106c94d1a5a84e8582c936528303528608776c2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/srdgame/librs232 diff --git a/lang/lua-rs232/patches/010-gcc13.patch b/lang/lua-rs232/patches/010-gcc13.patch new file mode 100644 index 000000000..32da13762 --- /dev/null +++ b/lang/lua-rs232/patches/010-gcc13.patch @@ -0,0 +1,56 @@ +From 3467c3c354263b066ad47bddfe6eb869c0111e0d Mon Sep 17 00:00:00 2001 +From: Damian Wrobel +Date: Tue, 24 Jan 2023 10:19:16 +0100 +Subject: [PATCH] Fix rs232_set_* prototypes mismatch + +Fixes compilation error on gcc 13 (excerpt): + rs232_posix.c:490:1: error: conflicting types for 'rs232_set_baud' \ + due to enum/integer mismatch; have 'unsigned int(struct rs232_port_t *, \ + enum rs232_baud_e)' [-Werror=enum-int-mismatch] + 490 | rs232_set_baud(struct rs232_port_t *p, enum rs232_baud_e baud) + | ^~~~~~~~~~~~~~ + In file included from rs232_posix.c:39: + ../include/librs232/rs232.h:203:24: note: previous declaration of \ + 'rs232_set_baud' with type 'unsigned int(struct rs232_port_t *, unsigned int)' + 203 | RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, unsigned int baud); + | ^~~~~~~~~~~~~~ + + rs232_posix.c:591:1: error: conflicting types for 'rs232_set_dtr' \ + due to enum/integer mismatch; have 'unsigned int(struct rs232_port_t *, \ + enum rs232_dtr_e)' [-Werror=enum-int-mismatch] + 591 | rs232_set_dtr(struct rs232_port_t *p, enum rs232_dtr_e state) + | ^~~~~~~~~~~~~ + In file included from rs232_posix.c:39: + ../include/librs232/rs232.h:208:24: note: previous declaration of 'rs232_set_dtr' \ + with type 'unsigned int(struct rs232_port_t *, unsigned int)' + 208 | RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, unsigned int dtr); + | ^~~~~~~~~~~~~ + +Signed-off-by: Damian Wrobel +--- + include/librs232/rs232.h | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/include/librs232/rs232.h ++++ b/include/librs232/rs232.h +@@ -200,13 +200,13 @@ RS232_LIB unsigned int rs232_port_open(s + RS232_LIB unsigned int rs232_close(struct rs232_port_t *p); + RS232_LIB unsigned int rs232_flush(struct rs232_port_t *p); + RS232_LIB void rs232_set_device(struct rs232_port_t *p, const char *device); +-RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, unsigned int baud); +-RS232_LIB unsigned int rs232_set_stop(struct rs232_port_t *p, unsigned int stop); +-RS232_LIB unsigned int rs232_set_data(struct rs232_port_t *p, unsigned int data); +-RS232_LIB unsigned int rs232_set_parity(struct rs232_port_t *p, unsigned int parity); +-RS232_LIB unsigned int rs232_set_flow(struct rs232_port_t *p, unsigned int flow); +-RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, unsigned int dtr); +-RS232_LIB unsigned int rs232_set_rts(struct rs232_port_t *p, unsigned int rts); ++RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, enum rs232_baud_e baud); ++RS232_LIB unsigned int rs232_set_stop(struct rs232_port_t *p, enum rs232_stop_e stop); ++RS232_LIB unsigned int rs232_set_data(struct rs232_port_t *p, enum rs232_data_e data); ++RS232_LIB unsigned int rs232_set_parity(struct rs232_port_t *p, enum rs232_parity_e parity); ++RS232_LIB unsigned int rs232_set_flow(struct rs232_port_t *p, enum rs232_flow_e flow); ++RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, enum rs232_dtr_e state); ++RS232_LIB unsigned int rs232_set_rts(struct rs232_port_t *p, enum rs232_rts_e state); + RS232_LIB const char * rs232_get_device(struct rs232_port_t *p); + RS232_LIB unsigned int rs232_get_baud(struct rs232_port_t *p); + RS232_LIB unsigned int rs232_get_stop(struct rs232_port_t *p); diff --git a/lang/luaposix/Makefile b/lang/luaposix/Makefile index 636daaf69..2379d6d3c 100644 --- a/lang/luaposix/Makefile +++ b/lang/luaposix/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luaposix -PKG_VERSION:=36.1 +PKG_VERSION:=36.2.1 PKG_RELEASE:=1 PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)? PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=e680ba9b9c7ae28c0598942cb00df7c7fbc70b82863bb55f028ea7dc101e39ac +PKG_HASH:=44e5087cd3c47058f9934b90c0017e4cf870b71619f99707dd433074622debb1 PKG_MAINTAINER:=Maxim Storchak PKG_LICENSE:=MIT PKG_LICENSE_FILES:=COPYING diff --git a/lang/luaposix/patches/900-disable-ldoc.patch b/lang/luaposix/patches/900-disable-ldoc.patch deleted file mode 100644 index 85d2aaa71..000000000 --- a/lang/luaposix/patches/900-disable-ldoc.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/lukefile -+++ b/lukefile -@@ -35,8 +35,6 @@ incdirs = { - '$LUA_INCDIR', - } - --ldocs = 'build-aux/config.ld.in' -- - modules = { - ['posix'] = 'lib/posix/init.lua', - ['posix._base'] = 'lib/posix/_base.lua', diff --git a/libs/file/Makefile b/libs/file/Makefile index e12dc946c..25941ecce 100644 --- a/libs/file/Makefile +++ b/libs/file/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=file -PKG_VERSION:=5.41 -PKG_RELEASE:=2 +PKG_VERSION:=5.44 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://download.openpkg.org/components/cache/file/ \ ftp://ftp.astron.com/pub/file/ -PKG_HASH:=13e532c7b364f7d57e23dfeea3147103150cb90593a57af86c10e4f6e411603f +PKG_HASH:=3751c7fba8dbc831cb8d7cc8aff21035459b8ce5155ef8b0880a27d028475f3b PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=BSD-2-Clause @@ -82,21 +82,23 @@ define Build/InstallDev $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/magic.h $(1)/usr/include/ $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libmagic.{a,so*} $(1)/usr/lib/ + ${INSTALL_DIR} $(1)/usr/lib/pkgconfig + $(INSTALL_DATA) $(PKG_BUILD_DIR)/libmagic.pc $(1)/usr/lib/pkgconfig/ endef define Package/file/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/file $(1)/usr/bin/ +endef + +define Package/libmagic/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmagic.so.* $(1)/usr/lib/ $(INSTALL_DIR) $(1)/usr/share/misc $(SED) "/^#/d" $(PKG_INSTALL_DIR)/usr/share/file/magic $(SED) "/^$$$$/d" $(PKG_INSTALL_DIR)/usr/share/file/magic $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/file/magic $(1)/usr/share/misc/ endef -define Package/libmagic/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmagic.so.* $(1)/usr/lib/ -endef - $(eval $(call BuildPackage,file)) $(eval $(call BuildPackage,libmagic)) diff --git a/libs/libaio/Makefile b/libs/libaio/Makefile index e83687677..2ecbf6d14 100644 --- a/libs/libaio/Makefile +++ b/libs/libaio/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libaio PKG_VERSION:=0.3.113 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://releases.pagure.org/libaio @@ -20,7 +20,7 @@ PKG_LICENSE:=LGPL-2.1-only PKG_LICENSE_FILES:=COPYING PKG_BUILD_PARALLEL:=1 -PKG_BUILD_FLAGS:=no-mips16 +PKG_BUILD_FLAGS:=no-mips16 no-lto PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk diff --git a/libs/libre2/Makefile b/libs/libre2/Makefile index 76a679fef..1ce64f8cc 100644 --- a/libs/libre2/Makefile +++ b/libs/libre2/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=re2 -PKG_VERSION:=2021-02-02 -PKG_RELEASE:=2 +PKG_VERSION:=2023-02-01 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/google/re2/tar.gz/$(PKG_VERSION)? -PKG_HASH:=1396ab50c06c1a8885fb68bf49a5ecfd989163015fd96699a180d6414937f33f +PKG_HASH:=cbce8b7803e856827201a132862e41af386e7afd9cc6d9a9bc7a4fa4d8ddbdde PKG_MAINTAINER:= PKG_LICENSE:=BSD-3-Clause @@ -23,7 +23,7 @@ define Package/re2 DEPENDS:=+libstdcpp TITLE:=RE2 - C++ regular expression library URL:=https://github.com/google/re2 - ABI_VERSION:=6 + ABI_VERSION:=10 endef define Package/re2/description diff --git a/libs/liburing/Makefile b/libs/liburing/Makefile index 445e535ad..08403d527 100644 --- a/libs/liburing/Makefile +++ b/libs/liburing/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=liburing -PKG_VERSION:=2.3 +PKG_VERSION:=2.4 PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://git.kernel.dk/cgit/liburing/snapshot -PKG_HASH:=a65a6adbe80425c1c4d0740532ba42c3d4fd9dadd17a0e0bfd31c29e1c14dba8 +PKG_HASH:=ca260e7a5820c2d0e737ec1e9b999f10776dbe84a169a02a0eff10c8eeaf3394 PKG_MAINTAINER:=Christian Lachner PKG_LICENSE:=MIT diff --git a/libs/nlohmannjson/Makefile b/libs/nlohmannjson/Makefile index 26101344b..c88257a32 100644 --- a/libs/nlohmannjson/Makefile +++ b/libs/nlohmannjson/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nlohmannjson -PKG_VERSION:=3.10.2 -PKG_RELEASE:=2 +PKG_VERSION:=3.11.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip PKG_SOURCE_URL:=https://codeload.github.com/nlohmann/json/zip/v$(PKG_VERSION)? -PKG_HASH:=6e407a7a7a6fe2f20396270ed561afeda03cd238ccb32ad94b7f985b0aa113fe +PKG_HASH:=95651d7d1fcf2e5c3163c3d37df6d6b3e9e5027299e6bd050d157322ceda9ac9 PKG_BUILD_DIR:=$(BUILD_DIR)/json-$(PKG_VERSION) PKG_MAINTAINER:=Leonid Esman @@ -34,9 +34,10 @@ endef define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include/nlohmann - $(CP) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json.hpp $(1)/usr/include/nlohmann + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json.hpp $(1)/usr/include/nlohmann + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json_fwd.hpp $(1)/usr/include/nlohmann $(INSTALL_DIR) $(1)/usr/lib/pkgconfig - $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/nlohmann_json.pc $(1)/usr/lib/pkgconfig + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/nlohmann_json.pc $(1)/usr/lib/pkgconfig endef $(eval $(call BuildPackage,nlohmannjson)) diff --git a/net/banip/Makefile b/net/banip/Makefile index 95dc36641..a9900dbdf 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -5,8 +5,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.8.8 -PKG_RELEASE:=2 +PKG_VERSION:=0.8.9 +PKG_RELEASE:=4 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index 88e437437..0039b0d26 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -17,7 +17,9 @@ IP address blocking is commonly used to protect against brute force attacks, pre | antipopads | antipopads IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) | | asn | ASN IPs | | | x | [Link](https://asn.ipinfo.app) | | backscatterer | backscatterer IPs | x | x | | [Link](https://www.uceprotect.net/en/index.php) | +| binarydefense | binary defense banlist | x | x | | [Link](https://iplists.firehol.org/?ipset=bds_atif) | | bogon | bogon prefixes | x | x | | [Link](https://team-cymru.com) | +| bruteforceblock | bruteforceblocker IPs | x | x | | [Link](https://danger.rulez.sk/index.php/bruteforceblocker/) | | country | country blocks | x | x | | [Link](https://www.ipdeny.com/ipblocks) | | cinsscore | suspicious attacker IPs | x | x | | [Link](https://cinsscore.com/#list) | | darklist | blocks suspicious attacker IPs | x | x | | [Link](https://darklist.de) | @@ -26,6 +28,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre | drop | spamhaus drop compilation | x | x | | [Link](https://www.spamhaus.org) | | dshield | dshield IP blocklist | x | x | | [Link](https://www.dshield.org) | | edrop | spamhaus edrop compilation | x | x | | [Link](https://www.spamhaus.org) | +| etcompromised | ET compromised hosts | x | x | | [Link](https://iplists.firehol.org/?ipset=et_compromised) | | feodo | feodo tracker | x | x | x | [Link](https://feodotracker.abuse.ch) | | firehol1 | firehol level 1 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level1) | | firehol2 | firehol level 2 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level2) | @@ -34,6 +37,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre | greensnow | suspicious server IPs | x | x | | [Link](https://greensnow.co) | | iblockads | Advertising IPs | | | x | [Link](https://www.iblocklist.com) | | iblockspy | Malicious spyware IPs | x | x | | [Link](https://www.iblocklist.com) | +| ipblackhole | blackhole IPs | x | x | | [Link](https://ip.blackhole.monster) | | ipthreat | hacker and botnet TPs | x | x | | [Link](https://ipthreat.net) | | myip | real-time IP blocklist | x | x | | [Link](https://myip.ms) | | nixspam | iX spam protection | x | x | | [Link](http://www.nixspam.org) | @@ -72,7 +76,8 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Per feed it can be defined whether the wan-input chain, the wan-forward chain or the lan-forward chain should be blocked (default: all chains) * Automatic blocklist backup & restore, the backups will be used in case of download errors or during startup * Automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or full wget -* Supports an 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs +* Provides HTTP ETag or entity tag support to download only ressources that have been updated on the server side, to save bandwith and speed up banIP reloads +* Supports an 'allowlist only' mode, this option restricts internet access from/to a given number of secure websites/IPs * Deduplicate IPs accross all Sets (single IPs only, no intervals) * Provides comprehensive runtime information * Provides a detailed Set report @@ -86,7 +91,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre ## Prerequisites * **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support -* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries +* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default * For E-Mail notifications you need to install and setup the additional 'msmtp' package @@ -145,7 +150,7 @@ Available commands: | ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) | | ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP | | ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all | -| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs | +| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs | | ban_basedir | option | /tmp | base working directory while banIP processing | | ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files | | ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files | @@ -292,6 +297,9 @@ Depending on the options 'ban_autoallowlist' and 'ban_autoallowuplink' the uplin Furthermore, you can reference external Allowlist URLs with additional IPv4 and IPv6 feeds (see 'ban_allowurl'). Both local lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the Sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time. +**allowlist-only mode** +banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure MACs, IPs or domains, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist (plus the external Allowlist URLs) are blocked. + **MAC/IP-binding** banIP supports concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments. Following notations in the local allow and block lists are allowed: ``` @@ -313,9 +321,6 @@ C8:C2:9B:F7:80:12 192.168.1.10 => this will be populated to C8:C2:9B:F7:80:12 => this will be populated to v6MAC-Set with the IP-wildcard ::/0 ``` -**allowlist-only mode** -banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure MACs, IPs or domains, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked. - **redirect Asterisk security logs to lodg/logread** banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration. diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index a04265f65..170c7326c 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -79,6 +79,7 @@ ban_fetchparm="" ban_fetchinsecure="" ban_fetchretry="5" ban_rdapparm="" +ban_etagparm="" ban_cores="" ban_memory="" ban_packages="" @@ -332,25 +333,28 @@ f_getfetch() { [ "${ban_fetchinsecure}" = "1" ] && insecure="--check-certificate=false" ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 --retry-wait=10 --max-tries=${ban_fetchretry} --max-file-not-found=${ban_fetchretry} --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o"}" ban_rdapparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ -o" + ban_etagparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ --dry-run --log -" ;; "curl") [ "${ban_fetchinsecure}" = "1" ] && insecure="--insecure" - ban_fetchparm="${ban_fetchparm:-"${insecure} --connect-timeout 20 --retry-delay 10 --retry ${ban_fetchretry} --retry-all-errors --fail --silent --show-error --location -o"}" + ban_fetchparm="${ban_fetchparm:-"${insecure} --connect-timeout 20 --retry-delay 10 --retry ${ban_fetchretry} --retry-max-time $((ban_fetchretry * 20)) --retry-all-errors --fail --silent --show-error --location -o"}" ban_rdapparm="--connect-timeout 5 --silent --location -o" + ban_etagparm="--connect-timeout 5 --silent --location --head" + ;; + "wget") + [ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate" + ban_fetchparm="${ban_fetchparm:-"${insecure} --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=${ban_fetchretry} --retry-connrefused -O"}" + ban_rdapparm="--timeout=5 -O" + ban_etagparm="--timeout=5 --spider --server-response" ;; "uclient-fetch") [ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate" ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 -O"}" ban_rdapparm="--timeout=5 -O" ;; - "wget") - [ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate" - ban_fetchparm="${ban_fetchparm:-"${insecure} --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=${ban_fetchretry} --retry-connrefused -O"}" - ban_rdapparm="--timeout=5 -O" - ;; esac - f_log "debug" "f_getfetch ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}" + f_log "debug" "f_getfetch ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}, etag_parm: ${ban_etagparm:-"-"}" } # get wan interfaces @@ -462,7 +466,7 @@ f_getuplink() { for ip in ${ban_uplink}; do if ! "${ban_grepcmd}" -q "${ip} " "${ban_allowlist}"; then if [ "${update}" = "0" ]; then - "${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}" + "${ban_sedcmd}" -i "/# uplink added on /d" "${ban_allowlist}" fi printf "%-42s%s\n" "${ip}" "# uplink added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}" f_log "info" "add uplink '${ip}' to local allowlist" @@ -471,7 +475,7 @@ f_getuplink() { done ban_uplink="${ban_uplink%%?}" elif [ "${ban_autoallowlist}" = "1" ] && [ "${ban_autoallowuplink}" = "disable" ]; then - "${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}" + "${ban_sedcmd}" -i "/# uplink added on /d" "${ban_allowlist}" update="1" fi @@ -502,6 +506,31 @@ f_getelements() { [ -s "${file}" ] && printf "%s" "elements={ $("${ban_catcmd}" "${file}" 2>/dev/null) };" } +# handle etag http header +# +f_etag() { + local http_head http_code etag_id etag_rc out_rc="4" feed="${1}" feed_url="${2}" feed_suffix="${3}" + + if [ -n "${ban_etagparm}" ]; then + [ ! -f "${ban_backupdir}/banIP.etag" ] && : >"${ban_backupdir}/banIP.etag" + http_head="$("${ban_fetchcmd}" ${ban_etagparm} "${feed_url}" 2>&1)" + http_code="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^http\/[0123\.]+ /{printf "%s",$2}')" + etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^[[:space:]]*etag: /{gsub("\"","");printf "%s",$2}')" + etag_rc="${?}" + + if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then + out_rc="0" + elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; then + "${ban_sedcmd}" -i "/^${feed}${feed_suffix}/d" "${ban_backupdir}/banIP.etag" + printf "%-20s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag" + out_rc="2" + fi + fi + + f_log "debug" "f_etag ::: feed: ${feed}, suffix: ${feed_suffix:-"-"}, http_code: ${http_code:-"-"}, etag_id: ${etag_id:-"-"} , etag_rc: ${etag_rc:-"-"}, rc: ${out_rc}" + return "${out_rc}" +} + # build initial nft file with base table, chains and rules # f_nftinit() { @@ -547,13 +576,13 @@ f_nftinit() { feed_rc="${?}" f_log "debug" "f_nftinit ::: devices: ${ban_dev}, priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}" - return ${feed_rc} + return "${feed_rc}" } # handle downloads # f_down() { - local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle + local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc local cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}" start_ts="$(date +%s)" @@ -616,12 +645,35 @@ f_down() { } >"${tmp_flush}" fi - # restore local backups during init + # restore local backups # - if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then - f_restore "${feed}" "${feed_url}" "${tmp_load}" - restore_rc="${?}" - feed_rc="${restore_rc}" + if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ] || [ -n "${ban_etagparm}" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then + if [ -n "${ban_etagparm}" ] && [ "${ban_action}" = "reload" ] && [ "${feed_url}" != "local" ]; then + etag_rc="0" + if [ "${feed%v*}" = "country" ]; then + for country in ${ban_country}; do + f_etag "${feed}" "${feed_url}${country}-aggregated.zone" ".${country}" + rc="${?}" + [ "${rc}" = "4" ] && break + etag_rc="$((etag_rc + rc))" + done + elif [ "${feed%v*}" = "asn" ]; then + for asn in ${ban_asn}; do + f_etag "${feed}" "${feed_url}AS${asn}" ".{asn}" + rc="${?}" + [ "${rc}" = "4" ] && break + etag_rc="$((etag_rc + rc))" + done + else + f_etag "${feed}" "${feed_url}" + etag_rc="${?}" + fi + fi + if [ "${etag_rc}" = "0" ] || [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; then + f_restore "${feed}" "${feed_url}" "${tmp_load}" "${etag_rc}" + restore_rc="${?}" + feed_rc="${restore_rc}" + fi fi # prepare local allowlist @@ -781,10 +833,7 @@ f_down() { "gz") feed_log="$("${ban_fetchcmd}" ${ban_fetchparm} "${tmp_raw}" "${feed_url}" 2>&1)" feed_rc="${?}" - if [ "${feed_rc}" = "0" ]; then - "${ban_zcatcmd}" "${tmp_raw}" 2>/dev/null >"${tmp_load}" - feed_rc="${?}" - fi + [ "${feed_rc}" = "0" ] && "${ban_zcatcmd}" "${tmp_raw}" 2>/dev/null >"${tmp_load}" rm -f "${tmp_raw}" ;; esac @@ -898,35 +947,36 @@ f_down() { rm -f "${tmp_split}" "${tmp_nft}" end_ts="$(date +%s)" - f_log "debug" "f_down ::: name: ${feed}, cnt_dl: ${cnt_dl:-"-"}, cnt_set: ${cnt_set:-"-"}, split_size: ${ban_splitsize:-"-"}, time: $((end_ts - start_ts)), rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}" + f_log "debug" "f_down ::: feed: ${feed}, cnt_dl: ${cnt_dl:-"-"}, cnt_set: ${cnt_set:-"-"}, split_size: ${ban_splitsize:-"-"}, time: $((end_ts - start_ts)), rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}" } # backup feeds # f_backup() { - local backup_rc feed="${1}" feed_file="${2}" + local backup_rc="4" feed="${1}" feed_file="${2}" - gzip -cf "${feed_file}" >"${ban_backupdir}/banIP.${feed}.gz" - backup_rc="${?}" + if [ -s "${feed_file}" ]; then + gzip -cf "${feed_file}" >"${ban_backupdir}/banIP.${feed}.gz" + backup_rc="${?}" + fi - f_log "debug" "f_backup ::: name: ${feed}, source: ${feed_file##*/}, target: banIP.${feed}.gz, rc: ${backup_rc}" - return ${backup_rc} + f_log "debug" "f_backup ::: feed: ${feed}, file: banIP.${feed}.gz, rc: ${backup_rc}" + return "${backup_rc}" } # restore feeds # f_restore() { - local tmp_feed restore_rc="1" feed="${1}" feed_url="${2}" feed_file="${3}" feed_rc="${4:-"0"}" + local tmp_feed restore_rc="4" feed="${1}" feed_url="${2}" feed_file="${3}" in_rc="${4}" - [ "${feed_rc}" != "0" ] && restore_rc="${feed_rc}" [ "${feed_url}" = "local" ] && tmp_feed="${feed%v*}v4" || tmp_feed="${feed}" - if [ -f "${ban_backupdir}/banIP.${tmp_feed}.gz" ]; then + if [ -s "${ban_backupdir}/banIP.${tmp_feed}.gz" ]; then "${ban_zcatcmd}" "${ban_backupdir}/banIP.${tmp_feed}.gz" 2>/dev/null >"${feed_file}" restore_rc="${?}" fi - f_log "debug" "f_restore ::: name: ${feed}, source: banIP.${tmp_feed}.gz, target: ${feed_file##*/}, in_rc: ${feed_rc}, rc: ${restore_rc}" - return ${restore_rc} + f_log "debug" "f_restore ::: feed: ${feed}, file: banIP.${tmp_feed}.gz, in_rc: ${in_rc:-"-"}, rc: ${restore_rc}" + return "${restore_rc}" } # remove disabled Sets diff --git a/net/banip/files/banip.feeds b/net/banip/files/banip.feeds index 056582071..cfe1a70cc 100644 --- a/net/banip/files/banip.feeds +++ b/net/banip/files/banip.feeds @@ -40,6 +40,11 @@ "descr": "backscatterer IPs", "flag": "gz" }, + "binarydefense":{ + "url_4": "https://iplists.firehol.org/files/bds_atif.ipset", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", + "descr": "binary defense banlist" + }, "bogon":{ "url_4": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt", "url_6": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt", @@ -47,6 +52,11 @@ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}", "descr": "bogon prefixes" }, + "bruteforceblock":{ + "url_4": "https://danger.rulez.sk/projects/bruteforceblocker/blist.php", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}", + "descr": "bruteforceblocker IPs" + }, "cinsscore":{ "url_4": "https://cinsscore.com/list/ci-badguys.txt", "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", @@ -95,6 +105,11 @@ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}", "descr": "spamhaus edrop compilation" }, + "etcompromised":{ + "url_4": "https://iplists.firehol.org/files/et_compromised.ipset", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", + "descr": "ET compromised hosts" + }, "feodo":{ "url_4": "https://feodotracker.abuse.ch/downloads/ipblocklist.txt", "rule_4": "BEGIN{RS=\"\\r\\n\"}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", @@ -137,10 +152,16 @@ "descr": "malicious spyware IPs", "flag": "gz" }, + "ipblackhole":{ + "url_4": "https://ip.blackhole.monster/blackhole-today", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", + "descr": "blackhole IP blocklist" + }, "ipthreat":{ - "url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt", + "url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt.gz", "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}", - "descr": "hacker and botnet IPs" + "descr": "hacker and botnet IPs", + "flag": "gz" }, "myip":{ "url_4": "https://myip.ms/files/blacklist/general/latest_blacklist.txt", diff --git a/net/frp/Makefile b/net/frp/Makefile index fb8ee9af4..fdb40431d 100644 --- a/net/frp/Makefile +++ b/net/frp/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=frp -PKG_VERSION:=0.48.0 +PKG_VERSION:=0.51.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/fatedier/frp/tar.gz/v${PKG_VERSION}? -PKG_HASH:=efba8ec9fad3369ce62631369f52b78a7248df426b5b54311e96231adac5cc76 +PKG_HASH:=80ccfa40c4e25309ddb48818f6342bc59f7639be83ab6ef59ffab5caeedc37e8 PKG_MAINTAINER:=Richard Yu PKG_LICENSE:=Apache-2.0 diff --git a/net/iperf3/Makefile b/net/iperf3/Makefile index c7133bd56..136e29f0f 100644 --- a/net/iperf3/Makefile +++ b/net/iperf3/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iperf -PKG_VERSION:=3.13 +PKG_VERSION:=3.14 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf -PKG_HASH:=bee427aeb13d6a2ee22073f23261f63712d82befaa83ac8cb4db5da4c2bdc865 +PKG_HASH:=723fcc430a027bc6952628fa2a3ac77584a1d0bd328275e573fc9b206c155004 PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-3-Clause diff --git a/net/net-mtools/Makefile b/net/net-mtools/Makefile new file mode 100644 index 000000000..c19532616 --- /dev/null +++ b/net/net-mtools/Makefile @@ -0,0 +1,40 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=net-mtools +PKG_VERSION:=2.3 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL=https://github.com/troglobit/mtools +PKG_SOURCE_VERSION:=db665a4303c38cee908eba4dac50873c3f1d899c +PKG_MIRROR_HASH:=687e3743e46c8ddd23f03168b4021ed08b1a858b2a6743db3b62cb3d4c3592a0 + +include $(INCLUDE_DIR)/package.mk + +define Package/net-mtools + SECTION:=net + CATEGORY:=Network + TITLE:=Debug multicast setups with mtools (msend and mreceive) + URL:=https://github.com/troglobit/mtools +endef + +define Package/net-mtools/description + The tools msend and mreceive can be particulary useful + when debugging multicast setups. + + msend continuously sends UDP packets to the multicast + group specified by the -g and -p options. + + mreceive joins a multicast group specified by the -g and + -p options, then receives and displays the multicast + packets sent to this group:port combination by the msend + command. +endef + +define Package/net-mtools/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_BUILD_DIR)/msend $(1)/usr/sbin/ + $(CP) $(PKG_BUILD_DIR)/mreceive $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,net-mtools)) diff --git a/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch b/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch new file mode 100644 index 000000000..db96daedf --- /dev/null +++ b/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch @@ -0,0 +1,66 @@ +From 0cfc04eac370ee33118e17a298d4739c94cacc73 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 12:28:03 +0300 +Subject: [PATCH 1/6] mreceive: refactor multicast joining to separate function + +Signed-off-by: Vladimir Oltean +--- + mreceive.c | 33 ++++++++++++++++++--------------- + 1 file changed, 18 insertions(+), 15 deletions(-) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -61,12 +61,27 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -h Print the command usage.\n\n", VERSION); + } + ++static void igmp_join(int s, in_addr_t multiaddr, in_addr_t interface) ++{ ++ struct ip_mreq mreq; ++ int ret; ++ ++ mreq.imr_multiaddr.s_addr = multiaddr; ++ mreq.imr_interface.s_addr = interface; ++ ++ ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, ++ (char *)&mreq, sizeof(mreq)); ++ if (ret == SOCKET_ERROR) { ++ printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); ++ exit(1); ++ } ++} ++ + int main(int argc, char *argv[]) + { + struct sockaddr_in stLocal, stFrom; + unsigned char achIn[BUFSIZE]; + int s, i; +- struct ip_mreq stMreq; + int iTmp, iRet; + int ipnum = 0; + int ii; +@@ -153,22 +168,10 @@ int main(int argc, char *argv[]) + + /* join the multicast group. */ + if (!ipnum) { /* single interface */ +- stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR); +- stMreq.imr_interface.s_addr = INADDR_ANY; +- iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); +- exit(1); +- } ++ igmp_join(s, inet_addr(TEST_ADDR), INADDR_ANY); + } else { + for (i = 0; i < ipnum; i++) { +- stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR); +- stMreq.imr_interface.s_addr = IP[i]; +- iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); +- exit(1); +- } ++ igmp_join(s, inet_addr(TEST_ADDR), IP[i]); + } + } + diff --git a/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch b/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch new file mode 100644 index 000000000..5959062f9 --- /dev/null +++ b/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch @@ -0,0 +1,113 @@ +From 65af96e0907ba9367aab9c1534b11c7f674c1e6a Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 13:29:07 +0300 +Subject: [PATCH 2/6] mreceive: join IGMP group by interface + +mreceive uses the old-style struct ip_mreq for IP_ADD_MEMBERSHIP, which +takes the source address of the interface wishing to join. + +Since the IPV6_ADD_MEMBERSHIP variant only takes a struct ipv6_mreq +which contains the ifindex and not the source address, we need to add +support for that. + +In preparation for IPv6 support, add logic to join an IGMP group either +by source address or by interface name, whichever is specified. + +Signed-off-by: Vladimir Oltean +--- + mreceive.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 46 insertions(+), 5 deletions(-) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -61,7 +62,7 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -h Print the command usage.\n\n", VERSION); + } + +-static void igmp_join(int s, in_addr_t multiaddr, in_addr_t interface) ++static void igmp_join_by_saddr(int s, in_addr_t multiaddr, in_addr_t interface) + { + struct ip_mreq mreq; + int ret; +@@ -77,10 +78,34 @@ static void igmp_join(int s, in_addr_t m + } + } + ++static void igmp_join_by_if_name(int s, in_addr_t multicast, ++ const char *if_name) ++{ ++ struct ip_mreqn mreq = {}; ++ int if_index; ++ int ret; ++ ++ if_index = if_nametoindex(if_name); ++ if (!if_index) { ++ perror("if_nametoindex"); ++ exit(1); ++ } ++ ++ mreq.imr_multiaddr.s_addr = multicast; ++ mreq.imr_ifindex = if_index; ++ ++ ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt() IP_ADD_MEMBERSHIP"); ++ exit(1); ++ } ++} ++ + int main(int argc, char *argv[]) + { + struct sockaddr_in stLocal, stFrom; + unsigned char achIn[BUFSIZE]; ++ const char *if_name; + int s, i; + int iTmp, iRet; + int ipnum = 0; +@@ -131,6 +156,17 @@ int main(int argc, char *argv[]) + ii++; + ipnum++; + } ++ } else if (strcmp(argv[ii], "-I") == 0) { ++ ii++; ++ if (ii < argc) { ++ if (if_name) { ++ printf("Single interface expected\n"); ++ exit(1); ++ } ++ ++ if_name = argv[ii]; ++ ii++; ++ } + } else if (strcmp(argv[ii], "-n") == 0) { + ii++; + NUM = 1; +@@ -167,11 +203,16 @@ int main(int argc, char *argv[]) + } + + /* join the multicast group. */ +- if (!ipnum) { /* single interface */ +- igmp_join(s, inet_addr(TEST_ADDR), INADDR_ANY); ++ if (if_name) { ++ igmp_join_by_if_name(s, inet_addr(TEST_ADDR), if_name); + } else { +- for (i = 0; i < ipnum; i++) { +- igmp_join(s, inet_addr(TEST_ADDR), IP[i]); ++ if (!ipnum) { /* single interface */ ++ igmp_join_by_saddr(s, inet_addr(TEST_ADDR), INADDR_ANY); ++ } else { ++ for (i = 0; i < ipnum; i++) { ++ igmp_join_by_saddr(s, inet_addr(TEST_ADDR), ++ IP[i]); ++ } + } + } + diff --git a/net/net-mtools/patches/003-mreceive-support-IPv6.patch b/net/net-mtools/patches/003-mreceive-support-IPv6.patch new file mode 100644 index 000000000..cfd1ab2cf --- /dev/null +++ b/net/net-mtools/patches/003-mreceive-support-IPv6.patch @@ -0,0 +1,578 @@ +From cc7f68045e5f3cfc6c932996af784ab319951426 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 13:29:20 +0300 +Subject: [PATCH 3/6] mreceive: support IPv6 + +Extend the mreceive program with a generalization of sockets, +addresses and socket options that covers both IPv4 and IPv6. + +Most of the lower-level implementation is moved to common.c and exported +through common.h such that it can be reused by msend at a later time. + +The makefile rule to link object files into executables is updated to +look at all specified objects rather than just the first, by using $^ +instead of $<. Otherwise, common.o would be ignored when linking +mreceive. + +Signed-off-by: Vladimir Oltean +--- + Makefile | 8 +- + common.c | 261 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + common.h | 36 ++++++++ + mreceive.c | 142 ++++++++++------------------- + 4 files changed, 349 insertions(+), 98 deletions(-) + create mode 100644 common.c + create mode 100644 common.h + +--- a/Makefile ++++ b/Makefile +@@ -20,8 +20,8 @@ mandir = $(prefix)/share/man/man8 + # ttcp is currently not part of the distribution because its not tested + # yet. Please test and let me know at GitHub so I can include it! :) + EXEC := msend mreceive +-OBJS := $(EXEC:=.o) +-DEPS := $(EXEC:=.d) ++OBJS := msend.o mreceive.o common.o ++DEPS := msend.d mreceive.d common.d + MANS = $(addsuffix .8,$(EXEC)) + DISTFILES = README.md LICENSE.md + +@@ -33,10 +33,10 @@ all: $(EXEC) + + .o: + @printf " LINK $@\n" +- @$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $< $(LDLIBS$(LDLIBS-$(@))) ++ @$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $^ $(LDLIBS$(LDLIBS-$(@))) + + msend: msend.o +-mreceive: mreceive.o ++mreceive: mreceive.o common.o + ttcp: ttcp.o + + install: $(EXEC) +--- /dev/null ++++ b/common.c +@@ -0,0 +1,261 @@ ++/* ++ * common.c -- Common functions for mreceive.c and msend.c ++ */ ++#include ++#include ++#include ++#include ++#include ++ ++#include "common.h" ++ ++int ip_address_parse(const char *string, struct ip_address *ip) ++{ ++ int ret; ++ ++ ret = inet_pton(AF_INET6, string, &ip->addr6); ++ if (ret > 0) { ++ ip->family = AF_INET6; ++ } else { ++ ret = inet_pton(AF_INET, string, &ip->addr); ++ if (ret > 0) { ++ ip->family = AF_INET; ++ } else { ++ fprintf(stderr, "IP address %s not in known format\n", ++ string); ++ return -1; ++ } ++ } ++ ++ return 0; ++} ++ ++int socket_create(struct sock *s, int family, int port) ++{ ++ struct sockaddr *serv_addr; ++ int sockopt = 1; ++ int fd, ret; ++ ++ memset(s, 0, sizeof(*s)); ++ ++ if (family == AF_INET) { ++ serv_addr = (struct sockaddr *)&s->udp4; ++ s->udp4.sin_addr.s_addr = htonl(INADDR_ANY); ++ s->udp4.sin_port = htons(port); ++ s->udp4.sin_family = AF_INET; ++ s->addr_size = sizeof(struct sockaddr_in); ++ } else { ++ serv_addr = (struct sockaddr *)&s->udp6; ++ s->udp6.sin6_addr = in6addr_any; ++ s->udp6.sin6_port = htons(port); ++ s->udp6.sin6_family = AF_INET6; ++ s->addr_size = sizeof(struct sockaddr_in6); ++ } ++ ++ fd = socket(family, SOCK_DGRAM, 0); ++ if (fd < 0) { ++ perror("socket"); ++ return fd; ++ } ++ ++ /* avoid EADDRINUSE error on bind() */ ++ ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &sockopt, sizeof(int)); ++ if (ret) { ++ perror("setsockopt() SO_REUSEADDR"); ++ close(fd); ++ return ret; ++ } ++ ++ ret = bind(fd, serv_addr, s->addr_size); ++ if (ret) { ++ perror("bind"); ++ close(fd); ++ return ret; ++ } ++ ++ s->fd = fd; ++ ++ return 0; ++} ++ ++static int igmp_join_by_saddr(struct sock *s, const struct ip_address *mc, ++ struct ip_address *saddr) ++{ ++ struct ip_mreq mreq = {}; ++ int fd = s->fd; ++ int off = 0; ++ int ret; ++ ++ memcpy(&mreq.imr_multiaddr, &mc->addr, sizeof(struct in_addr)); ++ memcpy(&mreq.imr_interface.s_addr, &saddr->addr, ++ sizeof(struct in_addr)); ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt() IP_ADD_MEMBERSHIP"); ++ return -1; ++ } ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &off, sizeof(int)); ++ if (ret) { ++ perror("setsockopt() IP_MULTICAST_LOOP"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int igmp_join_by_if_name(struct sock *s, const struct ip_address *mc, ++ const char *if_name) ++{ ++ struct ip_mreqn mreq = {}; ++ int fd = s->fd; ++ int if_index; ++ int off = 0; ++ int ret; ++ ++ if_index = if_nametoindex(if_name); ++ if (!if_index) { ++ perror("if_nametoindex"); ++ return -1; ++ } ++ ++ memcpy(&mreq.imr_multiaddr, &mc->addr, sizeof(struct in_addr)); ++ mreq.imr_ifindex = if_index; ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt() IP_ADD_MEMBERSHIP"); ++ return -1; ++ } ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &off, sizeof(int)); ++ if (ret) { ++ perror("setsockopt() IP_MULTICAST_LOOP"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int mld_join(struct sock *s, const struct ip_address *mc, ++ const char *if_name) ++{ ++ struct ipv6_mreq mreq = {}; ++ int if_index, off = 0; ++ int fd = s->fd; ++ int ret; ++ ++ if_index = if_nametoindex(if_name); ++ if (!if_index) { ++ perror("if_nametoindex"); ++ return -1; ++ } ++ ++ memcpy(&mreq.ipv6mr_multiaddr, &mc->addr6, sizeof(struct in6_addr)); ++ mreq.ipv6mr_interface = if_index; ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq, ++ sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt IPV6_ADD_MEMBERSHIP"); ++ return -1; ++ } ++ ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &off, ++ sizeof(int)); ++ if (ret) { ++ perror("setsockopt IPV6_MULTICAST_LOOP"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name, ++ int num_saddrs, struct ip_address *saddrs) ++{ ++ int i, ret; ++ ++ if (if_name) { ++ switch (mc->family) { ++ case AF_INET: ++ return igmp_join_by_if_name(s, mc, if_name); ++ case AF_INET6: ++ return mld_join(s, mc, if_name); ++ default: ++ return -1; ++ } ++ } ++ ++ if (!num_saddrs) { /* single interface */ ++ struct ip_address saddr = { ++ .family = AF_INET, ++ .addr.s_addr = INADDR_ANY, ++ }; ++ ++ return igmp_join_by_saddr(s, mc, &saddr); ++ } ++ ++ for (i = 0; i < num_saddrs; i++) { ++ ret = igmp_join_by_saddr(s, mc, &saddrs[i]); ++ if (ret) ++ return ret; ++ } ++ ++ return 0; ++} ++ ++static int igmp_set_ttl(int fd, int ttl) ++{ ++ int ret; ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(int)); ++ if (ret) ++ perror("setsockopt() IP_MULTICAST_TTL"); ++ ++ return ret; ++} ++ ++static int mld_set_hop_limit(int fd, int limit) ++{ ++ int ret; ++ ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &limit, ++ sizeof(int)); ++ if (ret) ++ perror("setsockopt() IPV6_MULTICAST_HOPS"); ++ ++ return ret; ++} ++ ++int mc_set_hop_limit(struct sock *s, int limit) ++{ ++ switch (s->addr_size) { ++ case sizeof(struct sockaddr_in): ++ return igmp_set_ttl(s->fd, limit); ++ case sizeof(struct sockaddr_in6): ++ return mld_set_hop_limit(s->fd, limit); ++ default: ++ return -1; ++ } ++} ++ ++int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from) ++{ ++ from->addr_size = sizeof(struct sockaddr_in6); ++ ++ return recvfrom(s->fd, buf, len, 0, (struct sockaddr *)&(from->udp6), ++ &from->addr_size); ++} ++ ++int socket_get_port(const struct sock *s) ++{ ++ switch (s->addr_size) { ++ case sizeof(struct sockaddr_in): ++ return ntohs(s->udp4.sin_port); ++ case sizeof(struct sockaddr_in6): ++ return ntohs(s->udp6.sin6_port); ++ default: ++ return 0; ++ } ++} +--- /dev/null ++++ b/common.h +@@ -0,0 +1,36 @@ ++/* ++ * common.h -- Common header for mreceive.c and msend.c ++ */ ++#ifndef _COMMON_H ++#define _COMMON_H ++ ++#include ++#include ++#include ++ ++struct ip_address { ++ int family; ++ union { ++ struct in_addr addr; ++ struct in6_addr addr6; ++ }; ++}; ++ ++struct sock { ++ socklen_t addr_size; ++ union { ++ struct sockaddr_in udp4; ++ struct sockaddr_in6 udp6; ++ }; ++ int fd; ++}; ++ ++int ip_address_parse(const char *string, struct ip_address *ip); ++int socket_create(struct sock *s, int family, int port); ++int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name, ++ int num_saddrs, struct ip_address *saddrs); ++int mc_set_hop_limit(struct sock *s, int limit); ++int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from); ++int socket_get_port(const struct sock *s); ++ ++#endif +--- a/mreceive.c ++++ b/mreceive.c +@@ -28,6 +28,8 @@ + #include + #include + ++#include "common.h" ++ + #define TRUE 1 + #define FALSE 0 + #ifndef INVALID_SOCKET +@@ -43,7 +45,7 @@ + + char *TEST_ADDR = "224.1.1.1"; + int TEST_PORT = 4444; +-unsigned long IP[MAXIP]; ++struct ip_address IP[MAXIP]; + int NUM = 0; + + void printHelp(void) +@@ -62,52 +64,12 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -h Print the command usage.\n\n", VERSION); + } + +-static void igmp_join_by_saddr(int s, in_addr_t multiaddr, in_addr_t interface) +-{ +- struct ip_mreq mreq; +- int ret; +- +- mreq.imr_multiaddr.s_addr = multiaddr; +- mreq.imr_interface.s_addr = interface; +- +- ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, +- (char *)&mreq, sizeof(mreq)); +- if (ret == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); +- exit(1); +- } +-} +- +-static void igmp_join_by_if_name(int s, in_addr_t multicast, +- const char *if_name) +-{ +- struct ip_mreqn mreq = {}; +- int if_index; +- int ret; +- +- if_index = if_nametoindex(if_name); +- if (!if_index) { +- perror("if_nametoindex"); +- exit(1); +- } +- +- mreq.imr_multiaddr.s_addr = multicast; +- mreq.imr_ifindex = if_index; +- +- ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); +- if (ret) { +- perror("setsockopt() IP_ADD_MEMBERSHIP"); +- exit(1); +- } +-} +- + int main(int argc, char *argv[]) + { +- struct sockaddr_in stLocal, stFrom; + unsigned char achIn[BUFSIZE]; +- const char *if_name; +- int s, i; +- int iTmp, iRet; ++ const char *if_name = NULL; ++ struct ip_address mc; ++ struct sock s, from; + int ipnum = 0; + int ii; + unsigned int numreceived; +@@ -116,6 +78,8 @@ int main(int argc, char *argv[]) + int starttime; + int curtime; + struct timeval tv; ++ int ret; ++ int i; + + /* + if( argc < 2 ) { +@@ -152,7 +116,10 @@ int main(int argc, char *argv[]) + } else if (strcmp(argv[ii], "-i") == 0) { + ii++; + if ((ii < argc) && !(strchr(argv[ii], '-'))) { +- IP[ipnum] = inet_addr(argv[ii]); ++ ret = ip_address_parse(argv[ii], &IP[ipnum]); ++ if (ret) ++ exit(1); ++ + ii++; + ipnum++; + } +@@ -177,73 +144,59 @@ int main(int argc, char *argv[]) + } + } + +- /* get a datagram socket */ +- s = socket(AF_INET, SOCK_DGRAM, 0); +- if (s == INVALID_SOCKET) { +- printf("socket() failed.\n"); ++ ret = ip_address_parse(TEST_ADDR, &mc); ++ if (ret) + exit(1); +- } + +- /* avoid EADDRINUSE error on bind() */ +- iTmp = TRUE; +- iRet = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() SO_REUSEADDR failed.\n"); ++ if (mc.family == AF_INET6 && ipnum) { ++ printf("Joining IPv6 groups by source address not supported, use -I\n"); + exit(1); + } + +- /* name the socket */ +- stLocal.sin_family = AF_INET; +- stLocal.sin_addr.s_addr = htonl(INADDR_ANY); +- stLocal.sin_port = htons(TEST_PORT); +- iRet = bind(s, (struct sockaddr *)&stLocal, sizeof(stLocal)); +- if (iRet == SOCKET_ERROR) { +- printf("bind() failed.\n"); ++ if (mc.family == AF_INET6 && !if_name) { ++ printf("-I is mandatory with IPv6\n"); + exit(1); + } + +- /* join the multicast group. */ +- if (if_name) { +- igmp_join_by_if_name(s, inet_addr(TEST_ADDR), if_name); +- } else { +- if (!ipnum) { /* single interface */ +- igmp_join_by_saddr(s, inet_addr(TEST_ADDR), INADDR_ANY); +- } else { +- for (i = 0; i < ipnum; i++) { +- igmp_join_by_saddr(s, inet_addr(TEST_ADDR), +- IP[i]); +- } +- } +- } ++ /* get a datagram socket */ ++ ret = socket_create(&s, mc.family, TEST_PORT); ++ if (ret) ++ exit(1); + +- /* set TTL to traverse up to multiple routers */ +- iTmp = TTL_VALUE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_TTL failed.\n"); ++ /* join the multicast group. */ ++ ret = mc_join(&s, &mc, if_name, ipnum, IP); ++ if (ret) + exit(1); +- } + +- /* disable loopback */ +- /* iTmp = TRUE; */ +- iTmp = FALSE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_LOOP failed.\n"); ++ /* set TTL to traverse up to multiple routers */ ++ ret = mc_set_hop_limit(&s, TTL_VALUE); ++ if (ret) + exit(1); +- } + + printf("Now receiving from multicast group: %s\n", TEST_ADDR); + + for (i = 0;; i++) { +- socklen_t addr_size = sizeof(struct sockaddr_in); ++ char from_buf[INET6_ADDRSTRLEN]; + static int iCounter = 1; ++ const char *addr_str; + + /* receive from the multicast address */ + +- iRet = recvfrom(s, achIn, BUFSIZE, 0, (struct sockaddr *)&stFrom, &addr_size); +- if (iRet < 0) { +- printf("recvfrom() failed.\n"); ++ ret = mc_recv(&s, achIn, BUFSIZE, &from); ++ if (ret < 0) { ++ perror("recvfrom"); ++ exit(1); ++ } ++ ++ if (mc.family == AF_INET) { ++ addr_str = inet_ntop(AF_INET, &from.udp4.sin_addr, ++ from_buf, INET6_ADDRSTRLEN); ++ } else { ++ addr_str = inet_ntop(AF_INET6, &from.udp6.sin6_addr, ++ from_buf, INET6_ADDRSTRLEN); ++ } ++ if (!addr_str) { ++ perror("inet_ntop"); + exit(1); + } + +@@ -256,7 +209,8 @@ int main(int argc, char *argv[]) + numreceived = + (unsigned int)achIn[0] + ((unsigned int)(achIn[1]) << 8) + ((unsigned int)(achIn[2]) << 16) + + ((unsigned int)(achIn[3]) >> 24); +- fprintf(stdout, "%5d\t%s:%5d\t%d.%03d\t%5d\n", iCounter, inet_ntoa(stFrom.sin_addr), ntohs(stFrom.sin_port), ++ fprintf(stdout, "%5d\t%s:%5d\t%d.%03d\t%5d\n", iCounter, ++ from_buf, socket_get_port(&from), + curtime / 1000000, (curtime % 1000000) / 1000, numreceived); + fflush(stdout); + rcvCountNew = numreceived; +@@ -276,7 +230,7 @@ int main(int argc, char *argv[]) + rcvCountOld = rcvCountNew; + } else { + printf("Receive msg %d from %s:%d: %s\n", +- iCounter, inet_ntoa(stFrom.sin_addr), ntohs(stFrom.sin_port), achIn); ++ iCounter, from_buf, socket_get_port(&from), achIn); + } + iCounter++; + } diff --git a/net/net-mtools/patches/004-msend-support-IPv6.patch b/net/net-mtools/patches/004-msend-support-IPv6.patch new file mode 100644 index 000000000..84d517538 --- /dev/null +++ b/net/net-mtools/patches/004-msend-support-IPv6.patch @@ -0,0 +1,401 @@ +From 9aa908fc2dd84cfed151fa260b39465978079274 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 19:28:59 +0300 +Subject: [PATCH 4/6] msend: support IPv6 + +Finish the conversion by updating msend to use the common procedures +that support IPv6. + +I've only tested this with a link-local source address. + +Signed-off-by: Vladimir Oltean +--- + Makefile | 2 +- + common.c | 62 +++++++++++++++++++++---- + common.h | 5 +- + mreceive.c | 2 +- + msend.c | 131 +++++++++++++++++++++++++++++------------------------ + 5 files changed, 132 insertions(+), 70 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -35,7 +35,7 @@ all: $(EXEC) + @printf " LINK $@\n" + @$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $^ $(LDLIBS$(LDLIBS-$(@))) + +-msend: msend.o ++msend: msend.o common.o + mreceive: mreceive.o common.o + ttcp: ttcp.o + +--- a/common.c ++++ b/common.c +@@ -30,7 +30,8 @@ int ip_address_parse(const char *string, + return 0; + } + +-int socket_create(struct sock *s, int family, int port) ++int socket_create(struct sock *s, int family, int port, ++ struct ip_address *saddr, const char *if_name) + { + struct sockaddr *serv_addr; + int sockopt = 1; +@@ -40,13 +41,16 @@ int socket_create(struct sock *s, int fa + + if (family == AF_INET) { + serv_addr = (struct sockaddr *)&s->udp4; +- s->udp4.sin_addr.s_addr = htonl(INADDR_ANY); ++ s->udp4.sin_addr = saddr ? saddr->addr : ++ (struct in_addr) { ++ .s_addr = htonl(INADDR_ANY), ++ }; + s->udp4.sin_port = htons(port); + s->udp4.sin_family = AF_INET; + s->addr_size = sizeof(struct sockaddr_in); + } else { + serv_addr = (struct sockaddr *)&s->udp6; +- s->udp6.sin6_addr = in6addr_any; ++ s->udp6.sin6_addr = saddr ? saddr->addr6 : in6addr_any; + s->udp6.sin6_port = htons(port); + s->udp6.sin6_family = AF_INET6; + s->addr_size = sizeof(struct sockaddr_in6); +@@ -66,11 +70,22 @@ int socket_create(struct sock *s, int fa + return ret; + } + +- ret = bind(fd, serv_addr, s->addr_size); +- if (ret) { +- perror("bind"); +- close(fd); +- return ret; ++ if (if_name) { ++ /* Bind to device, required for IPv6 link-local addresses */ ++ ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, if_name, ++ IFNAMSIZ - 1); ++ if (ret) { ++ perror("setsockopt() SO_BINDTODEVICE"); ++ close(fd); ++ return ret; ++ } ++ } else { ++ ret = bind(fd, serv_addr, s->addr_size); ++ if (ret) { ++ perror("bind"); ++ close(fd); ++ return ret; ++ } + } + + s->fd = fd; +@@ -248,6 +263,12 @@ int mc_recv(struct sock *s, void *buf, s + &from->addr_size); + } + ++int mc_send(struct sock *s, struct sock *to, void *buf, size_t len) ++{ ++ return sendto(s->fd, buf, len, 0, (struct sockaddr *)&(to->udp4), ++ s->addr_size); ++} ++ + int socket_get_port(const struct sock *s) + { + switch (s->addr_size) { +@@ -259,3 +280,28 @@ int socket_get_port(const struct sock *s + return 0; + } + } ++ ++int socket_set_loopback(struct sock *s, int loop) ++{ ++ int fd = s->fd; ++ int ret; ++ ++ switch (s->addr_size) { ++ case sizeof(struct sockaddr_in): ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, ++ sizeof(int)); ++ if (ret) ++ perror("setsockopt IP_MULTICAST_LOOP"); ++ break; ++ case sizeof(struct sockaddr_in6): ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &loop, ++ sizeof(int)); ++ if (ret) ++ perror("setsockopt IPV6_MULTICAST_LOOP"); ++ break; ++ default: ++ return 0; ++ } ++ ++ return ret; ++} +--- a/common.h ++++ b/common.h +@@ -26,11 +26,14 @@ struct sock { + }; + + int ip_address_parse(const char *string, struct ip_address *ip); +-int socket_create(struct sock *s, int family, int port); ++int socket_create(struct sock *s, int family, int port, ++ struct ip_address *saddr, const char *if_name); + int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name, + int num_saddrs, struct ip_address *saddrs); + int mc_set_hop_limit(struct sock *s, int limit); + int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from); ++int mc_send(struct sock *s, struct sock *to, void *buf, size_t len); + int socket_get_port(const struct sock *s); ++int socket_set_loopback(struct sock *s, int loop); + + #endif +--- a/mreceive.c ++++ b/mreceive.c +@@ -159,7 +159,7 @@ int main(int argc, char *argv[]) + } + + /* get a datagram socket */ +- ret = socket_create(&s, mc.family, TEST_PORT); ++ ret = socket_create(&s, mc.family, TEST_PORT, NULL, NULL); + if (ret) + exit(1); + +--- a/msend.c ++++ b/msend.c +@@ -30,6 +30,8 @@ + #include + #include + ++#include "common.h" ++ + #define TRUE 1 + #define FALSE 0 + #ifndef INVALID_SOCKET +@@ -45,18 +47,16 @@ char *TEST_ADDR = "224.1.1.1"; + int TEST_PORT = 4444; + int TTL_VALUE = 1; + int SLEEP_TIME = 1000; +-unsigned long IP = INADDR_ANY; + int NUM = 0; + + int join_flag = 0; /* not join */ + + typedef struct timerhandler_s { +- int s; ++ struct sock *s; ++ struct sock *to; + char *achOut; + int len; + int n; +- struct sockaddr *stTo; +- int addr_size; + } timerhandler_t; + timerhandler_t handler_par; + void timerhandler(); +@@ -87,16 +87,15 @@ Usage: msend [-g GROUP] [-p PORT] [-joi + + int main(int argc, char *argv[]) + { +- struct sockaddr_in stLocal, stTo; ++ struct ip_address *saddr = NULL, mc; ++ struct sock s = {}, to = {}; ++ const char *if_name = NULL; + char achOut[BUFSIZE] = ""; +- int s, i; +- struct ip_mreq stMreq; +- int iTmp, iRet; + int ii = 1; +- int addr_size = sizeof(struct sockaddr_in); + struct itimerval times; + sigset_t sigset; + struct sigaction act; ++ int ret, i; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { + printf("msend version 2.2\n"); +@@ -126,7 +125,32 @@ int main(int argc, char *argv[]) + } else if (strcmp(argv[ii], "-i") == 0) { + ii++; + if ((ii < argc) && !(strchr(argv[ii], '-'))) { +- IP = inet_addr(argv[ii]); ++ if (saddr) { ++ printf("Single source address allowed\n"); ++ exit(1); ++ } ++ ++ saddr = calloc(1, sizeof(*saddr)); ++ if (!saddr) { ++ printf("Low memory\n"); ++ exit(1); ++ } ++ ++ ret = ip_address_parse(argv[ii], saddr); ++ if (ret) ++ exit(1); ++ ++ ii++; ++ } ++ } else if (strcmp(argv[ii], "-I") == 0) { ++ ii++; ++ if (ii < argc) { ++ if (if_name) { ++ printf("Single interface expected\n"); ++ exit(1); ++ } ++ ++ if_name = argv[ii]; + ii++; + } + } else if (strcmp(argv[ii], "-t") == 0) { +@@ -158,62 +182,50 @@ int main(int argc, char *argv[]) + } + } + +- /* get a datagram socket */ +- s = socket(AF_INET, SOCK_DGRAM, 0); +- if (s == INVALID_SOCKET) { +- printf("socket() failed.\n"); ++ ret = ip_address_parse(TEST_ADDR, &mc); ++ if (ret) + exit(1); +- } + +- /* avoid EADDRINUSE error on bind() */ +- iTmp = TRUE; +- iRet = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() SO_REUSEADDR failed.\n"); ++ if (join_flag && mc.family == AF_INET6 && !if_name) { ++ printf("-I is mandatory when joining IPv6 group\n"); + exit(1); + } + +- /* name the socket */ +- stLocal.sin_family = AF_INET; +- stLocal.sin_addr.s_addr = IP; +- stLocal.sin_port = htons(TEST_PORT); +- iRet = bind(s, (struct sockaddr *)&stLocal, sizeof(stLocal)); +- if (iRet == SOCKET_ERROR) { +- printf("bind() failed.\n"); ++ /* get a datagram socket */ ++ ret = socket_create(&s, mc.family, TEST_PORT, saddr, if_name); ++ if (ret) + exit(1); +- } + + /* join the multicast group. */ +- stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR); +- stMreq.imr_interface.s_addr = IP; + if (join_flag == 1) { +- iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); ++ ret = mc_join(&s, &mc, if_name, 0, NULL); ++ if (ret) + exit(1); +- } + } + + /* set TTL to traverse up to multiple routers */ +- iTmp = TTL_VALUE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_TTL failed.\n"); ++ ret = mc_set_hop_limit(&s, TTL_VALUE); ++ if (ret) + exit(1); +- } + + /* enable loopback */ +- iTmp = TRUE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_LOOP failed.\n"); ++ ret = socket_set_loopback(&s, 1); ++ if (ret) + exit(1); +- } + + /* assign our destination address */ +- stTo.sin_family = AF_INET; +- stTo.sin_addr.s_addr = inet_addr(TEST_ADDR); +- stTo.sin_port = htons(TEST_PORT); ++ if (mc.family == AF_INET) { ++ to.udp4.sin_addr = mc.addr; ++ to.udp4.sin_port = htons(TEST_PORT); ++ to.udp4.sin_family = AF_INET; ++ to.addr_size = sizeof(struct sockaddr_in); ++ } else { ++ to.udp6.sin6_addr = mc.addr6; ++ to.udp6.sin6_port = htons(TEST_PORT); ++ to.udp6.sin6_family = AF_INET6; ++ to.addr_size = sizeof(struct sockaddr_in6); ++ } ++ + printf("Now sending to multicast group: %s\n", TEST_ADDR); + + SLEEP_TIME *= 1000; /* convert to microsecond */ +@@ -237,12 +249,11 @@ int main(int argc, char *argv[]) + times.it_interval.tv_usec = (long)(SLEEP_TIME % 1000000); + setitimer(ITIMER_REAL, ×, NULL); + +- handler_par.s = s; ++ handler_par.s = &s; ++ handler_par.to = &to; + handler_par.achOut = achOut; + handler_par.len = strlen(achOut) + 1; + handler_par.n = 0; +- handler_par.stTo = (struct sockaddr *)&stTo; +- handler_par.addr_size = addr_size; + + /* now wait for the alarms */ + sigemptyset(&sigset); +@@ -252,8 +263,6 @@ int main(int argc, char *argv[]) + return 0; + } else { + for (i = 0; i < 10; i++) { +- int addr_size = sizeof(struct sockaddr_in); +- + if (NUM) { + achOut[3] = (unsigned char)(i >> 24); + achOut[2] = (unsigned char)(i >> 16); +@@ -264,9 +273,10 @@ int main(int argc, char *argv[]) + printf("Send out msg %d to %s:%d: %s\n", i, TEST_ADDR, TEST_PORT, achOut); + } + +- iRet = sendto(s, achOut, (NUM ? 4 : strlen(achOut) + 1), 0, (struct sockaddr *)&stTo, addr_size); +- if (iRet < 0) { +- printf("sendto() failed.\n"); ++ ret = mc_send(&s, &to, achOut, ++ NUM ? 4 : strlen(achOut) + 1); ++ if (ret < 0) { ++ perror("sendto"); + exit(1); + } + } /* end for(;;) */ +@@ -277,8 +287,8 @@ int main(int argc, char *argv[]) + + void timerhandler(void) + { +- int iRet; + static int iCounter = 1; ++ int ret; + + if (NUM) { + handler_par.achOut = (char *)(&iCounter); +@@ -287,11 +297,14 @@ void timerhandler(void) + } else { + printf("Sending msg %d, TTL %d, to %s:%d: %s\n", iCounter, TTL_VALUE, TEST_ADDR, TEST_PORT, handler_par.achOut); + } +- iRet = sendto(handler_par.s, handler_par.achOut, handler_par.len, handler_par.n, handler_par.stTo, handler_par.addr_size); +- if (iRet < 0) { +- printf("sendto() failed.\n"); ++ ++ ret = mc_send(handler_par.s, handler_par.to, handler_par.achOut, ++ handler_par.len); ++ if (ret < 0) { ++ perror("sendto"); + exit(1); + } ++ + iCounter++; + return; + } diff --git a/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch b/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch new file mode 100644 index 000000000..73af1d14e --- /dev/null +++ b/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch @@ -0,0 +1,33 @@ +From bf95bdeccab98cec77dc1b10bce0b215754e4e46 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Thu, 21 Apr 2022 16:45:08 +0300 +Subject: [PATCH 5/6] mreceive: msend: add new -I option to the help text + +Signed-off-by: Vladimir Oltean +--- + mreceive.c | 2 ++ + msend.c | 2 ++ + 2 files changed, 4 insertions(+) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -58,6 +58,8 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -p PORT UDP port number used in the multicast packets. Default: 4444\n\ + -i ADDRESS IP addresses of one or more interfaces to listen for the given\n\ + multicast group. Default: the system default interface.\n\ ++ -I interface The interface on which to receive. Can be specified as an\n\ ++ alternative to -i.\n\ + -n Interpret the contents of the message as a number instead of\n\ + a string of characters. Use this with `msend -n`\n\ + -v Print version information.\n\ +--- a/msend.c ++++ b/msend.c +@@ -72,6 +72,8 @@ Usage: msend [-g GROUP] [-p PORT] [-joi + -p PORT UDP port number used in the multicast packets. Default: 4444\n\ + -i ADDRESS IP address of the interface to use to send the packets.\n\ + The default is to use the system default interface.\n\ ++ -I interface The interface on which to send. Can be specified as an\n\ ++ alternative to -i.\n\ + -join Multicast sender will join the multicast group.\n\ + By default a sender never joins the group.\n\ + -P PERIOD Interval in milliseconds between packets. Default 1000 msec\n\ diff --git a/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch b/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch new file mode 100644 index 000000000..8e8db738e --- /dev/null +++ b/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch @@ -0,0 +1,81 @@ +From 1013b0a83aef868e6cd33b2f467b9f886b41e7bc Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Fri, 22 Apr 2022 12:59:56 +0300 +Subject: [PATCH 6/6] msend: send a limited number of test packets + +For easier integration into a selftest framework, limit the amount of +packets that the program sends via a command-line argument. + +Signed-off-by: Vladimir Oltean +--- + msend.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +--- a/msend.c ++++ b/msend.c +@@ -56,7 +56,7 @@ typedef struct timerhandler_s { + struct sock *to; + char *achOut; + int len; +- int n; ++ int num_pkts; + } timerhandler_t; + timerhandler_t handler_par; + void timerhandler(); +@@ -82,6 +82,7 @@ Usage: msend [-g GROUP] [-p PORT] [-joi + the first router will drop the packets! Default: 1\n\ + -text \"text\" Specify a string to use as payload in the packets, also\n\ + displayed by the mreceive command. Default: empty\n\ ++ -c Number of packets to send. Default: send indefinitely\n\ + -n Encode -text argument as a number instead of a string.\n\ + -v Print version information.\n\ + -h Print the command usage.\n\n", VERSION); +@@ -97,6 +98,7 @@ int main(int argc, char *argv[]) + struct itimerval times; + sigset_t sigset; + struct sigaction act; ++ int num_pkts = 0; + int ret, i; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { +@@ -171,6 +173,12 @@ int main(int argc, char *argv[]) + ii++; + NUM = 1; + ii++; ++ } else if (strcmp(argv[ii], "-c") == 0) { ++ ii++; ++ if ((ii < argc) && !(strchr(argv[ii], '-'))) { ++ num_pkts = atoi(argv[ii]); ++ ii++; ++ } + } else if (strcmp(argv[ii], "-text") == 0) { + ii++; + if ((ii < argc) && !(strchr(argv[ii], '-'))) { +@@ -255,7 +263,7 @@ int main(int argc, char *argv[]) + handler_par.to = &to; + handler_par.achOut = achOut; + handler_par.len = strlen(achOut) + 1; +- handler_par.n = 0; ++ handler_par.num_pkts = num_pkts; + + /* now wait for the alarms */ + sigemptyset(&sigset); +@@ -264,7 +272,7 @@ int main(int argc, char *argv[]) + } + return 0; + } else { +- for (i = 0; i < 10; i++) { ++ for (i = 0; num_pkts && i < num_pkts; i++) { + if (NUM) { + achOut[3] = (unsigned char)(i >> 24); + achOut[2] = (unsigned char)(i >> 16); +@@ -307,6 +315,9 @@ void timerhandler(void) + exit(1); + } + ++ if (iCounter == handler_par.num_pkts) ++ exit(1); ++ + iCounter++; + return; + } diff --git a/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch b/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch new file mode 100644 index 000000000..2ba867745 --- /dev/null +++ b/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch @@ -0,0 +1,37 @@ +From e0c9115e1ceb6621d6c04ae8bfd423a0452fea9c Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Wed, 5 Jul 2023 11:03:40 +0200 +Subject: [PATCH] mreceive: msend: fix wrong version in -v output + +-v output was never changed to follow VERSION declared in Makefile and +was still hardcoded. Fix this to improve version output and align to -h +output. + +Signed-off-by: Christian Marangi +--- + mreceive.c | 2 +- + msend.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) + ii = 1; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { +- printf("mreceive version 2.2\n"); ++ printf("mreceive version %s\n", VERSION); + return 0; + } + if ((argc == 2) && (strcmp(argv[ii], "-h") == 0)) { +--- a/msend.c ++++ b/msend.c +@@ -102,7 +102,7 @@ int main(int argc, char *argv[]) + int ret, i; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { +- printf("msend version 2.2\n"); ++ printf("msend version %s\n", VERSION); + return 0; + } + if ((argc == 2) && (strcmp(argv[ii], "-h") == 0)) { diff --git a/net/net-mtools/test.sh b/net/net-mtools/test.sh new file mode 100755 index 000000000..c32f76802 --- /dev/null +++ b/net/net-mtools/test.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +msend -v | grep "$2" +mreceive -v | grep "$2" diff --git a/net/nginx/Config_ssl.in b/net/nginx/Config_ssl.in index fbfb64ae7..990a01e81 100644 --- a/net/nginx/Config_ssl.in +++ b/net/nginx/Config_ssl.in @@ -175,6 +175,11 @@ config NGINX_HTTP_V2 prompt "Enable HTTP_V2 module" default y +config NGINX_HTTP_QUIC + bool + prompt "Enable QUIC support" + default n + config NGINX_PCRE bool prompt "Enable PCRE library usage" diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 56b9cc382..3251e69d4 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.25.0 +PKG_VERSION:=1.25.1 PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ -PKG_HASH:=5ed44d45943272a4e8a5bcf4434237210f2de31b903fca5e381c1bbd7eee1e8c +PKG_HASH:=f09071ac46e0ea3adc0008ef0baca229fc6b4be4533baef9bbbfba7de29a8602 PKG_MAINTAINER:=Thomas Heil \ Ansuel Smith @@ -27,6 +27,7 @@ PKG_BUILD_FLAGS:=gc-sections # 3rd-party modules PKG_MOD_EXTRA := \ + geoip2 \ lua \ rtmp \ dav-ext \ @@ -75,6 +76,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_UPSTREAM_ZONE \ CONFIG_NGINX_HTTP_CACHE \ CONFIG_NGINX_HTTP_V2 \ + CONFIG_NGINX_HTTP_QUIC \ CONFIG_NGINX_PCRE \ CONFIG_NGINX_HTTP_REAL_IP \ CONFIG_NGINX_HTTP_SECURE_LINK \ @@ -158,16 +160,15 @@ endef define Package/nginx-full $(Package/nginx/default) - TITLE += with ALL module selected - DEPENDS+=+libpcre +nginx-ssl-util +zlib +libxml2 \ - $(foreach m,$(PKG_MOD_ALL),+nginx-mod-$(m)) + TITLE += with ALL config selected + DEPENDS+=+libpcre +nginx-ssl-util +zlib +libxml2 EXTRA_DEPENDS:=nginx-ssl-util (>=1.5-1) (<2) VARIANT:=full PROVIDES += nginx-ssl endef Package/nginx-full/description = $(Package/nginx/description) \ - This variant is compiled with ALL module selected. + This variant is compiled with ALL config selected. Package/nginx-full/install = $(Package/nginx-ssl/install) @@ -198,6 +199,13 @@ define Package/nginx-mod-luci/install $(INSTALL_BIN) ./files-luci-support/60_nginx-luci-support $(1)/etc/uci-defaults/60_nginx-luci-support endef +define Download/nginx-mod-geoip2 + VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf + URL:=https://github.com/leev/ngx_http_geoip2_module.git + MIRROR_HASH:=b4bd8517f6595f28e9cea5370045df476e0f7fa9ca3611d71ba85c518f1a7eda + PROTO:=git +endef + define Download/nginx-mod-headers-more VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0 URL:=https://github.com/openresty/headers-more-nginx-module.git @@ -393,6 +401,7 @@ CONFIGURE_ARGS += \ $(if $(call IsEnabled,NGINX_FLV),--with-http_flv_module) \ $(if $(call IsEnabled,NGINX_DAV),--with-http_dav_module) \ $(if $(call IsEnabled,NGINX_HTTP_AUTH_REQUEST),--with-http_auth_request_module) \ + $(if $(call IsEnabled,NGINX_HTTP_QUIC),--with-http_v3_module) \ $(if $(call IsEnabled,NGINX_HTTP_V2),--with-http_v2_module) \ $(if $(call IsEnabled,NGINX_HTTP_REAL_IP),--with-http_realip_module) \ $(if $(call IsEnabled,NGINX_HTTP_SECURE_LINK),--with-http_secure_link_module) \ @@ -423,6 +432,8 @@ $(eval $(call BuildModule,brotli,,ngx_http_brotli_filter ngx_http_brotli_static, Add support for brotli compression module.)) $(eval $(call BuildModule,naxsi,,ngx_http_naxsi, \ Enable NAXSI module.)) +$(eval $(call BuildModule,geoip2,+@NGINX_STREAM_CORE_MODULE +libmaxminddb,ngx_http_geoip2 ngx_stream_geoip2, \ + Enable MaxMind GeoIP2 module.)) # TODO: remove after a transition period (together with pkg nginx-util): # It is for smoothly substituting nginx and nginx-mod-luci-ssl (by nginx-ssl diff --git a/net/pdns-recursor/Makefile b/net/pdns-recursor/Makefile index 92adc440c..4334e136b 100644 --- a/net/pdns-recursor/Makefile +++ b/net/pdns-recursor/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns-recursor -PKG_VERSION:=4.8.4 +PKG_VERSION:=4.9.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=f0a63fd08e03da82fa20d333ea5179d1b9259f4264546cf4995286677d9458c7 +PKG_HASH:=d36f162843e367646a661a785ca0becde9b68552855bf40532aebafa103966f3 PKG_MAINTAINER:=Peter van Dijk PKG_LICENCE:=GPL-2.0-only diff --git a/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch b/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch index ab7aa6977..4a9e90b0a 100644 --- a/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch +++ b/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch @@ -1,6 +1,6 @@ --- a/Makefile.am +++ b/Makefile.am -@@ -503,12 +503,6 @@ $(srcdir)/effective_tld_names.dat: +@@ -507,12 +507,6 @@ $(srcdir)/effective_tld_names.dat: pubsuffix.cc: $(srcdir)/effective_tld_names.dat $(AM_V_GEN)./mkpubsuffixcc diff --git a/net/pdns/Makefile b/net/pdns/Makefile index d0ca2d65b..110731352 100644 --- a/net/pdns/Makefile +++ b/net/pdns/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns -PKG_VERSION:=4.8.0 +PKG_VERSION:=4.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=61a96bbaf8b0ca49a9225a2254b9443c4ff8e050d337437d85af4de889e10127 +PKG_HASH:=66dd3ee2654f42b4eb80260f94ecb48e313a81817f58125ce48c14c2d26e309e PKG_MAINTAINER:=Peter van Dijk PKG_LICENCE:=GPL-2.0-only diff --git a/net/snort3/Makefile b/net/snort3/Makefile index bd888ec47..b32b11591 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.1.64.0 +PKG_VERSION:=3.1.65.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/ -PKG_HASH:=57be62557178526059ded86d0bebf8a57aa4a46db9390a48ae030b6e45f1dc61 +PKG_HASH:=c798e34703e1e6710fa7eecc4684f2cac58e310f85ce5d5f832945a036e7f542 PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=GPL-2.0-only diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile index 0199bd150..d07dc502d 100644 --- a/net/tailscale/Makefile +++ b/net/tailscale/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tailscale -PKG_VERSION:=1.42.0 +PKG_VERSION:=1.44.0 PKG_RELEASE:=1 PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=09de9bacda98de8d733cff162572b7eac857d13db783776ba2a2450a44ecc5e9 +PKG_HASH:=dc230cf3ac290140e573268a6e8f17124752ef064c8d3a86765a9dbb6f1bd354 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=BSD-3-Clause diff --git a/utils/dfu-programmer/Makefile b/utils/dfu-programmer/Makefile index 8a7e1a0e5..45eec6344 100644 --- a/utils/dfu-programmer/Makefile +++ b/utils/dfu-programmer/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dfu-programmer -PKG_VERSION:=1.0.0 +PKG_VERSION:=1.1.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/$(PKG_NAME)/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/ -PKG_HASH:=867eaf0a8cd10123715491807ab99cecb54dc6f09dddade4b2a42b0b0ef9e6b0 +PKG_HASH:=844e469be559657bc52c9d9d03c30846acd11ffbb1ddd42438fa8af1d2b8587d PKG_MAINTAINER:=Stefan Hellermann PKG_LICENSE:=GPL-2.0 diff --git a/utils/stress-ng/Makefile b/utils/stress-ng/Makefile index 248468a86..0edf09f17 100644 --- a/utils/stress-ng/Makefile +++ b/utils/stress-ng/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stress-ng -PKG_VERSION:=0.15.06 +PKG_VERSION:=0.15.10 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ColinIanKing/stress-ng/tar.gz/refs/tags/V$(PKG_VERSION)? -PKG_HASH:=c38cefcf0a83f6c65aed7c36e57a9a1ee8373418ef71cf089a75b0661dcd4623 +PKG_HASH:=fcd86e1b8db5b2c22182cefbf4b3131a8599bff5bdd85edf776ec15c2d80e8f1 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=GPL-2.0-only diff --git a/utils/stress-ng/patches/001-disable-extra-stressors.patch b/utils/stress-ng/patches/001-disable-extra-stressors.patch new file mode 100644 index 000000000..b4ec4c303 --- /dev/null +++ b/utils/stress-ng/patches/001-disable-extra-stressors.patch @@ -0,0 +1,15 @@ +--- a/Makefile.config ++++ b/Makefile.config +@@ -319,9 +319,9 @@ compiler: configdir + libraries: \ + compiler \ + LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ +- LIB_EGL LIB_GBM LIB_GLES2 LIB_IPSEC_MB LIB_JPEG \ +- LIB_JUDY LIB_KMOD LIB_MD LIB_MPFR LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ +- LIB_RT LIB_SCTP LIB_XXHASH LIB_Z ++ LIB_IPSEC_MB LIB_JPEG \ ++ LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ ++ LIB_RT LIB_SCTP LIB_Z + + LIB_AIO: compiler + $(call check,test-libaio,HAVE_LIB_AIO,$(LIB_AIO),$(LIB_AIO)) diff --git a/utils/stress-ng/patches/001-disable-gpu-stressor.patch b/utils/stress-ng/patches/001-disable-gpu-stressor.patch deleted file mode 100644 index 4fc4941e0..000000000 --- a/utils/stress-ng/patches/001-disable-gpu-stressor.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile.config -+++ b/Makefile.config -@@ -264,7 +264,7 @@ clean: - libraries: \ - configdir \ - LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ -- LIB_EGL LIB_GBM LIB_GLES2 LIB_IPSEC_MB LIB_JPEG \ -+ LIB_IPSEC_MB LIB_JPEG \ - LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ - LIB_RT LIB_SCTP LIB_XXHASH LIB_Z - diff --git a/utils/stress-ng/patches/002-disable-compiler-test.patch b/utils/stress-ng/patches/002-disable-compiler-test.patch new file mode 100644 index 000000000..886b3a649 --- /dev/null +++ b/utils/stress-ng/patches/002-disable-compiler-test.patch @@ -0,0 +1,13 @@ +--- a/Makefile.config ++++ b/Makefile.config +@@ -309,10 +309,6 @@ clean: + @rm -rf $(CONFIGS) config config.h + + compiler: configdir +- @echo "checking compiler ..." +- @$(CC) test/test-compiler.c -o test/test-compiler +- @echo "" > $(CONFIGS)/$$(./test/test-compiler) +- @rm -f test/test-compiler + $(call check,test-glibc,HAVE_GLIBC,using glibc) + + .PHONY: libraries diff --git a/utils/stress-ng/patches/002-disable-xxhash.patch b/utils/stress-ng/patches/002-disable-xxhash.patch deleted file mode 100644 index d24e6f062..000000000 --- a/utils/stress-ng/patches/002-disable-xxhash.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile.config -+++ b/Makefile.config -@@ -266,7 +266,7 @@ libraries: \ - LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ - LIB_IPSEC_MB LIB_JPEG \ - LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ -- LIB_RT LIB_SCTP LIB_XXHASH LIB_Z -+ LIB_RT LIB_SCTP LIB_Z - - LIB_AIO: - $(call check,test-libaio,HAVE_LIB_AIO,$(LIB_AIO),$(LIB_AIO))