From 78cbb0153b12c5630eb5c92967a8cadf134a67df Mon Sep 17 00:00:00 2001 From: Christian Lachner Date: Sat, 24 Jun 2023 09:17:06 +0200 Subject: [PATCH 01/27] liburing: Update to v2.4 - Updated download URL and hash - Switched to downloading bz2 archives to save bandwidth Signed-off-by: Christian Lachner --- libs/liburing/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/liburing/Makefile b/libs/liburing/Makefile index 445e535ad..08403d527 100644 --- a/libs/liburing/Makefile +++ b/libs/liburing/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=liburing -PKG_VERSION:=2.3 +PKG_VERSION:=2.4 PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://git.kernel.dk/cgit/liburing/snapshot -PKG_HASH:=a65a6adbe80425c1c4d0740532ba42c3d4fd9dadd17a0e0bfd31c29e1c14dba8 +PKG_HASH:=ca260e7a5820c2d0e737ec1e9b999f10776dbe84a169a02a0eff10c8eeaf3394 PKG_MAINTAINER:=Christian Lachner PKG_LICENSE:=MIT From 659fe23a90510a98c09c0d34cb4f6113744beac1 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Fri, 30 Jun 2023 16:21:19 +0200 Subject: [PATCH 02/27] nginx: add support for MaxMind GeoIP2 databases Signed-off-by: Javier Marcet --- net/nginx/Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 56b9cc382..2937c96ce 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -27,6 +27,7 @@ PKG_BUILD_FLAGS:=gc-sections # 3rd-party modules PKG_MOD_EXTRA := \ + geoip2 \ lua \ rtmp \ dav-ext \ @@ -198,6 +199,13 @@ define Package/nginx-mod-luci/install $(INSTALL_BIN) ./files-luci-support/60_nginx-luci-support $(1)/etc/uci-defaults/60_nginx-luci-support endef +define Download/nginx-mod-geoip2 + VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf + URL:=https://github.com/leev/ngx_http_geoip2_module.git + MIRROR_HASH:=b4bd8517f6595f28e9cea5370045df476e0f7fa9ca3611d71ba85c518f1a7eda + PROTO:=git +endef + define Download/nginx-mod-headers-more VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0 URL:=https://github.com/openresty/headers-more-nginx-module.git @@ -423,6 +431,8 @@ $(eval $(call BuildModule,brotli,,ngx_http_brotli_filter ngx_http_brotli_static, Add support for brotli compression module.)) $(eval $(call BuildModule,naxsi,,ngx_http_naxsi, \ Enable NAXSI module.)) +$(eval $(call BuildModule,geoip2,+@NGINX_STREAM_CORE_MODULE +libmaxminddb,ngx_http_geoip2 ngx_stream_geoip2, \ + Enable MaxMind GeoIP2 module.)) # TODO: remove after a transition period (together with pkg nginx-util): # It is for smoothly substituting nginx and nginx-mod-luci-ssl (by nginx-ssl From f2c0fa9206463ef636a00216ef00fb5583c1d608 Mon Sep 17 00:00:00 2001 From: Tiago Gaspar Date: Sun, 2 Jul 2023 18:11:28 +0100 Subject: [PATCH 03/27] nginx: update to 1.25.1 Update nginx to 1.25.1. *) Feature: the "http2" directive, which enables HTTP/2 on a per-server basis; the "http2" parameter of the "listen" directive is now deprecated. *) Change: HTTP/2 server push support has been removed. *) Change: the deprecated "ssl" directive is not supported anymore. *) Bugfix: in HTTP/3 when using OpenSSL. Signed-off-by: Tiago Gaspar [ improve commit title and add nginx changelog ] Signed-off-by: Christian Marangi --- net/nginx/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 2937c96ce..b90f55d0a 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.25.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.25.1 +PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ -PKG_HASH:=5ed44d45943272a4e8a5bcf4434237210f2de31b903fca5e381c1bbd7eee1e8c +PKG_HASH:=f09071ac46e0ea3adc0008ef0baca229fc6b4be4533baef9bbbfba7de29a8602 PKG_MAINTAINER:=Thomas Heil \ Ansuel Smith From 34e73bddab3dc22d0f2d9efc634f947e0232a51c Mon Sep 17 00:00:00 2001 From: Tiago Gaspar Date: Sun, 2 Jul 2023 18:14:10 +0100 Subject: [PATCH 04/27] nginx: add quic modue This commit adds support for http/3. This is an experimental version and isn't fully supported because nginx is being built with the regular OpenSSL and the regular one doesn't support quic. Signed-off-by: Tiago Gaspar --- net/nginx/Config_ssl.in | 5 +++++ net/nginx/Makefile | 2 ++ 2 files changed, 7 insertions(+) diff --git a/net/nginx/Config_ssl.in b/net/nginx/Config_ssl.in index fbfb64ae7..990a01e81 100644 --- a/net/nginx/Config_ssl.in +++ b/net/nginx/Config_ssl.in @@ -175,6 +175,11 @@ config NGINX_HTTP_V2 prompt "Enable HTTP_V2 module" default y +config NGINX_HTTP_QUIC + bool + prompt "Enable QUIC support" + default n + config NGINX_PCRE bool prompt "Enable PCRE library usage" diff --git a/net/nginx/Makefile b/net/nginx/Makefile index b90f55d0a..5c162a3bc 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -76,6 +76,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_UPSTREAM_ZONE \ CONFIG_NGINX_HTTP_CACHE \ CONFIG_NGINX_HTTP_V2 \ + CONFIG_NGINX_HTTP_QUIC \ CONFIG_NGINX_PCRE \ CONFIG_NGINX_HTTP_REAL_IP \ CONFIG_NGINX_HTTP_SECURE_LINK \ @@ -401,6 +402,7 @@ CONFIGURE_ARGS += \ $(if $(call IsEnabled,NGINX_FLV),--with-http_flv_module) \ $(if $(call IsEnabled,NGINX_DAV),--with-http_dav_module) \ $(if $(call IsEnabled,NGINX_HTTP_AUTH_REQUEST),--with-http_auth_request_module) \ + $(if $(call IsEnabled,NGINX_HTTP_QUIC),--with-http_v3_module) \ $(if $(call IsEnabled,NGINX_HTTP_V2),--with-http_v2_module) \ $(if $(call IsEnabled,NGINX_HTTP_REAL_IP),--with-http_realip_module) \ $(if $(call IsEnabled,NGINX_HTTP_SECURE_LINK),--with-http_secure_link_module) \ From 3d0183e9c50ee6c709affa830460f4cd9b0ec85e Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Wed, 5 Jul 2023 02:32:56 +0200 Subject: [PATCH 05/27] nginx: don't install all module for FULL variant We currently have a more or less circular dependency with nginx ssl and full variant. FULL variant depends on every nginx module. Every nginx module depends on nginx-ssl. Since nginx-full depends on an nginx module, nginx-ssl is installed as module depends on it and then the installation fails as nginx-full conflicts with nginx-ssl. nginx-full in it's meaning is nginx built with every config selected and it should not have module as dependency. In fact an user should always install them separetly as while other things, local modification to the nginx config file are required to include the just installed module. To fix this circular dependency problem, drop the dependency of every nginx module for FULL variant. Fixes: #21300 Signed-off-by: Christian Marangi --- net/nginx/Makefile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 5c162a3bc..3251e69d4 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.25.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ @@ -160,16 +160,15 @@ endef define Package/nginx-full $(Package/nginx/default) - TITLE += with ALL module selected - DEPENDS+=+libpcre +nginx-ssl-util +zlib +libxml2 \ - $(foreach m,$(PKG_MOD_ALL),+nginx-mod-$(m)) + TITLE += with ALL config selected + DEPENDS+=+libpcre +nginx-ssl-util +zlib +libxml2 EXTRA_DEPENDS:=nginx-ssl-util (>=1.5-1) (<2) VARIANT:=full PROVIDES += nginx-ssl endef Package/nginx-full/description = $(Package/nginx/description) \ - This variant is compiled with ALL module selected. + This variant is compiled with ALL config selected. Package/nginx-full/install = $(Package/nginx-ssl/install) From 4470062c16c5125753ada0b67f0af4935038a5e1 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Tue, 4 Jul 2023 06:52:52 +0200 Subject: [PATCH 06/27] net-mtools: Add new package to debug multicast setups Add new package to debug multicast setups. This is required to use kselftests script for network testing. net-mtools is used instead of mtools as it does conflicts with another package that is also called mtools. Some additional patch from Vladimir Oltean are added to make the tool works on kernel selftests scripts. Signed-off-by: Christian Marangi --- net/net-mtools/Makefile | 40 ++ ...r-multicast-joining-to-separate-func.patch | 66 ++ ...receive-join-IGMP-group-by-interface.patch | 113 ++++ .../patches/003-mreceive-support-IPv6.patch | 578 ++++++++++++++++++ .../patches/004-msend-support-IPv6.patch | 401 ++++++++++++ ...nd-add-new-I-option-to-the-help-text.patch | 33 + ...end-a-limited-number-of-test-packets.patch | 81 +++ ...-msend-fix-wrong-version-in-v-output.patch | 37 ++ net/net-mtools/test.sh | 4 + 9 files changed, 1353 insertions(+) create mode 100644 net/net-mtools/Makefile create mode 100644 net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch create mode 100644 net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch create mode 100644 net/net-mtools/patches/003-mreceive-support-IPv6.patch create mode 100644 net/net-mtools/patches/004-msend-support-IPv6.patch create mode 100644 net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch create mode 100644 net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch create mode 100644 net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch create mode 100755 net/net-mtools/test.sh diff --git a/net/net-mtools/Makefile b/net/net-mtools/Makefile new file mode 100644 index 000000000..c19532616 --- /dev/null +++ b/net/net-mtools/Makefile @@ -0,0 +1,40 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=net-mtools +PKG_VERSION:=2.3 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL=https://github.com/troglobit/mtools +PKG_SOURCE_VERSION:=db665a4303c38cee908eba4dac50873c3f1d899c +PKG_MIRROR_HASH:=687e3743e46c8ddd23f03168b4021ed08b1a858b2a6743db3b62cb3d4c3592a0 + +include $(INCLUDE_DIR)/package.mk + +define Package/net-mtools + SECTION:=net + CATEGORY:=Network + TITLE:=Debug multicast setups with mtools (msend and mreceive) + URL:=https://github.com/troglobit/mtools +endef + +define Package/net-mtools/description + The tools msend and mreceive can be particulary useful + when debugging multicast setups. + + msend continuously sends UDP packets to the multicast + group specified by the -g and -p options. + + mreceive joins a multicast group specified by the -g and + -p options, then receives and displays the multicast + packets sent to this group:port combination by the msend + command. +endef + +define Package/net-mtools/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_BUILD_DIR)/msend $(1)/usr/sbin/ + $(CP) $(PKG_BUILD_DIR)/mreceive $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,net-mtools)) diff --git a/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch b/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch new file mode 100644 index 000000000..db96daedf --- /dev/null +++ b/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch @@ -0,0 +1,66 @@ +From 0cfc04eac370ee33118e17a298d4739c94cacc73 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 12:28:03 +0300 +Subject: [PATCH 1/6] mreceive: refactor multicast joining to separate function + +Signed-off-by: Vladimir Oltean +--- + mreceive.c | 33 ++++++++++++++++++--------------- + 1 file changed, 18 insertions(+), 15 deletions(-) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -61,12 +61,27 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -h Print the command usage.\n\n", VERSION); + } + ++static void igmp_join(int s, in_addr_t multiaddr, in_addr_t interface) ++{ ++ struct ip_mreq mreq; ++ int ret; ++ ++ mreq.imr_multiaddr.s_addr = multiaddr; ++ mreq.imr_interface.s_addr = interface; ++ ++ ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, ++ (char *)&mreq, sizeof(mreq)); ++ if (ret == SOCKET_ERROR) { ++ printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); ++ exit(1); ++ } ++} ++ + int main(int argc, char *argv[]) + { + struct sockaddr_in stLocal, stFrom; + unsigned char achIn[BUFSIZE]; + int s, i; +- struct ip_mreq stMreq; + int iTmp, iRet; + int ipnum = 0; + int ii; +@@ -153,22 +168,10 @@ int main(int argc, char *argv[]) + + /* join the multicast group. */ + if (!ipnum) { /* single interface */ +- stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR); +- stMreq.imr_interface.s_addr = INADDR_ANY; +- iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); +- exit(1); +- } ++ igmp_join(s, inet_addr(TEST_ADDR), INADDR_ANY); + } else { + for (i = 0; i < ipnum; i++) { +- stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR); +- stMreq.imr_interface.s_addr = IP[i]; +- iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); +- exit(1); +- } ++ igmp_join(s, inet_addr(TEST_ADDR), IP[i]); + } + } + diff --git a/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch b/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch new file mode 100644 index 000000000..5959062f9 --- /dev/null +++ b/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch @@ -0,0 +1,113 @@ +From 65af96e0907ba9367aab9c1534b11c7f674c1e6a Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 13:29:07 +0300 +Subject: [PATCH 2/6] mreceive: join IGMP group by interface + +mreceive uses the old-style struct ip_mreq for IP_ADD_MEMBERSHIP, which +takes the source address of the interface wishing to join. + +Since the IPV6_ADD_MEMBERSHIP variant only takes a struct ipv6_mreq +which contains the ifindex and not the source address, we need to add +support for that. + +In preparation for IPv6 support, add logic to join an IGMP group either +by source address or by interface name, whichever is specified. + +Signed-off-by: Vladimir Oltean +--- + mreceive.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 46 insertions(+), 5 deletions(-) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -61,7 +62,7 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -h Print the command usage.\n\n", VERSION); + } + +-static void igmp_join(int s, in_addr_t multiaddr, in_addr_t interface) ++static void igmp_join_by_saddr(int s, in_addr_t multiaddr, in_addr_t interface) + { + struct ip_mreq mreq; + int ret; +@@ -77,10 +78,34 @@ static void igmp_join(int s, in_addr_t m + } + } + ++static void igmp_join_by_if_name(int s, in_addr_t multicast, ++ const char *if_name) ++{ ++ struct ip_mreqn mreq = {}; ++ int if_index; ++ int ret; ++ ++ if_index = if_nametoindex(if_name); ++ if (!if_index) { ++ perror("if_nametoindex"); ++ exit(1); ++ } ++ ++ mreq.imr_multiaddr.s_addr = multicast; ++ mreq.imr_ifindex = if_index; ++ ++ ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt() IP_ADD_MEMBERSHIP"); ++ exit(1); ++ } ++} ++ + int main(int argc, char *argv[]) + { + struct sockaddr_in stLocal, stFrom; + unsigned char achIn[BUFSIZE]; ++ const char *if_name; + int s, i; + int iTmp, iRet; + int ipnum = 0; +@@ -131,6 +156,17 @@ int main(int argc, char *argv[]) + ii++; + ipnum++; + } ++ } else if (strcmp(argv[ii], "-I") == 0) { ++ ii++; ++ if (ii < argc) { ++ if (if_name) { ++ printf("Single interface expected\n"); ++ exit(1); ++ } ++ ++ if_name = argv[ii]; ++ ii++; ++ } + } else if (strcmp(argv[ii], "-n") == 0) { + ii++; + NUM = 1; +@@ -167,11 +203,16 @@ int main(int argc, char *argv[]) + } + + /* join the multicast group. */ +- if (!ipnum) { /* single interface */ +- igmp_join(s, inet_addr(TEST_ADDR), INADDR_ANY); ++ if (if_name) { ++ igmp_join_by_if_name(s, inet_addr(TEST_ADDR), if_name); + } else { +- for (i = 0; i < ipnum; i++) { +- igmp_join(s, inet_addr(TEST_ADDR), IP[i]); ++ if (!ipnum) { /* single interface */ ++ igmp_join_by_saddr(s, inet_addr(TEST_ADDR), INADDR_ANY); ++ } else { ++ for (i = 0; i < ipnum; i++) { ++ igmp_join_by_saddr(s, inet_addr(TEST_ADDR), ++ IP[i]); ++ } + } + } + diff --git a/net/net-mtools/patches/003-mreceive-support-IPv6.patch b/net/net-mtools/patches/003-mreceive-support-IPv6.patch new file mode 100644 index 000000000..cfd1ab2cf --- /dev/null +++ b/net/net-mtools/patches/003-mreceive-support-IPv6.patch @@ -0,0 +1,578 @@ +From cc7f68045e5f3cfc6c932996af784ab319951426 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 13:29:20 +0300 +Subject: [PATCH 3/6] mreceive: support IPv6 + +Extend the mreceive program with a generalization of sockets, +addresses and socket options that covers both IPv4 and IPv6. + +Most of the lower-level implementation is moved to common.c and exported +through common.h such that it can be reused by msend at a later time. + +The makefile rule to link object files into executables is updated to +look at all specified objects rather than just the first, by using $^ +instead of $<. Otherwise, common.o would be ignored when linking +mreceive. + +Signed-off-by: Vladimir Oltean +--- + Makefile | 8 +- + common.c | 261 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + common.h | 36 ++++++++ + mreceive.c | 142 ++++++++++------------------- + 4 files changed, 349 insertions(+), 98 deletions(-) + create mode 100644 common.c + create mode 100644 common.h + +--- a/Makefile ++++ b/Makefile +@@ -20,8 +20,8 @@ mandir = $(prefix)/share/man/man8 + # ttcp is currently not part of the distribution because its not tested + # yet. Please test and let me know at GitHub so I can include it! :) + EXEC := msend mreceive +-OBJS := $(EXEC:=.o) +-DEPS := $(EXEC:=.d) ++OBJS := msend.o mreceive.o common.o ++DEPS := msend.d mreceive.d common.d + MANS = $(addsuffix .8,$(EXEC)) + DISTFILES = README.md LICENSE.md + +@@ -33,10 +33,10 @@ all: $(EXEC) + + .o: + @printf " LINK $@\n" +- @$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $< $(LDLIBS$(LDLIBS-$(@))) ++ @$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $^ $(LDLIBS$(LDLIBS-$(@))) + + msend: msend.o +-mreceive: mreceive.o ++mreceive: mreceive.o common.o + ttcp: ttcp.o + + install: $(EXEC) +--- /dev/null ++++ b/common.c +@@ -0,0 +1,261 @@ ++/* ++ * common.c -- Common functions for mreceive.c and msend.c ++ */ ++#include ++#include ++#include ++#include ++#include ++ ++#include "common.h" ++ ++int ip_address_parse(const char *string, struct ip_address *ip) ++{ ++ int ret; ++ ++ ret = inet_pton(AF_INET6, string, &ip->addr6); ++ if (ret > 0) { ++ ip->family = AF_INET6; ++ } else { ++ ret = inet_pton(AF_INET, string, &ip->addr); ++ if (ret > 0) { ++ ip->family = AF_INET; ++ } else { ++ fprintf(stderr, "IP address %s not in known format\n", ++ string); ++ return -1; ++ } ++ } ++ ++ return 0; ++} ++ ++int socket_create(struct sock *s, int family, int port) ++{ ++ struct sockaddr *serv_addr; ++ int sockopt = 1; ++ int fd, ret; ++ ++ memset(s, 0, sizeof(*s)); ++ ++ if (family == AF_INET) { ++ serv_addr = (struct sockaddr *)&s->udp4; ++ s->udp4.sin_addr.s_addr = htonl(INADDR_ANY); ++ s->udp4.sin_port = htons(port); ++ s->udp4.sin_family = AF_INET; ++ s->addr_size = sizeof(struct sockaddr_in); ++ } else { ++ serv_addr = (struct sockaddr *)&s->udp6; ++ s->udp6.sin6_addr = in6addr_any; ++ s->udp6.sin6_port = htons(port); ++ s->udp6.sin6_family = AF_INET6; ++ s->addr_size = sizeof(struct sockaddr_in6); ++ } ++ ++ fd = socket(family, SOCK_DGRAM, 0); ++ if (fd < 0) { ++ perror("socket"); ++ return fd; ++ } ++ ++ /* avoid EADDRINUSE error on bind() */ ++ ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &sockopt, sizeof(int)); ++ if (ret) { ++ perror("setsockopt() SO_REUSEADDR"); ++ close(fd); ++ return ret; ++ } ++ ++ ret = bind(fd, serv_addr, s->addr_size); ++ if (ret) { ++ perror("bind"); ++ close(fd); ++ return ret; ++ } ++ ++ s->fd = fd; ++ ++ return 0; ++} ++ ++static int igmp_join_by_saddr(struct sock *s, const struct ip_address *mc, ++ struct ip_address *saddr) ++{ ++ struct ip_mreq mreq = {}; ++ int fd = s->fd; ++ int off = 0; ++ int ret; ++ ++ memcpy(&mreq.imr_multiaddr, &mc->addr, sizeof(struct in_addr)); ++ memcpy(&mreq.imr_interface.s_addr, &saddr->addr, ++ sizeof(struct in_addr)); ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt() IP_ADD_MEMBERSHIP"); ++ return -1; ++ } ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &off, sizeof(int)); ++ if (ret) { ++ perror("setsockopt() IP_MULTICAST_LOOP"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int igmp_join_by_if_name(struct sock *s, const struct ip_address *mc, ++ const char *if_name) ++{ ++ struct ip_mreqn mreq = {}; ++ int fd = s->fd; ++ int if_index; ++ int off = 0; ++ int ret; ++ ++ if_index = if_nametoindex(if_name); ++ if (!if_index) { ++ perror("if_nametoindex"); ++ return -1; ++ } ++ ++ memcpy(&mreq.imr_multiaddr, &mc->addr, sizeof(struct in_addr)); ++ mreq.imr_ifindex = if_index; ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt() IP_ADD_MEMBERSHIP"); ++ return -1; ++ } ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &off, sizeof(int)); ++ if (ret) { ++ perror("setsockopt() IP_MULTICAST_LOOP"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int mld_join(struct sock *s, const struct ip_address *mc, ++ const char *if_name) ++{ ++ struct ipv6_mreq mreq = {}; ++ int if_index, off = 0; ++ int fd = s->fd; ++ int ret; ++ ++ if_index = if_nametoindex(if_name); ++ if (!if_index) { ++ perror("if_nametoindex"); ++ return -1; ++ } ++ ++ memcpy(&mreq.ipv6mr_multiaddr, &mc->addr6, sizeof(struct in6_addr)); ++ mreq.ipv6mr_interface = if_index; ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq, ++ sizeof(mreq)); ++ if (ret) { ++ perror("setsockopt IPV6_ADD_MEMBERSHIP"); ++ return -1; ++ } ++ ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &off, ++ sizeof(int)); ++ if (ret) { ++ perror("setsockopt IPV6_MULTICAST_LOOP"); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name, ++ int num_saddrs, struct ip_address *saddrs) ++{ ++ int i, ret; ++ ++ if (if_name) { ++ switch (mc->family) { ++ case AF_INET: ++ return igmp_join_by_if_name(s, mc, if_name); ++ case AF_INET6: ++ return mld_join(s, mc, if_name); ++ default: ++ return -1; ++ } ++ } ++ ++ if (!num_saddrs) { /* single interface */ ++ struct ip_address saddr = { ++ .family = AF_INET, ++ .addr.s_addr = INADDR_ANY, ++ }; ++ ++ return igmp_join_by_saddr(s, mc, &saddr); ++ } ++ ++ for (i = 0; i < num_saddrs; i++) { ++ ret = igmp_join_by_saddr(s, mc, &saddrs[i]); ++ if (ret) ++ return ret; ++ } ++ ++ return 0; ++} ++ ++static int igmp_set_ttl(int fd, int ttl) ++{ ++ int ret; ++ ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(int)); ++ if (ret) ++ perror("setsockopt() IP_MULTICAST_TTL"); ++ ++ return ret; ++} ++ ++static int mld_set_hop_limit(int fd, int limit) ++{ ++ int ret; ++ ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &limit, ++ sizeof(int)); ++ if (ret) ++ perror("setsockopt() IPV6_MULTICAST_HOPS"); ++ ++ return ret; ++} ++ ++int mc_set_hop_limit(struct sock *s, int limit) ++{ ++ switch (s->addr_size) { ++ case sizeof(struct sockaddr_in): ++ return igmp_set_ttl(s->fd, limit); ++ case sizeof(struct sockaddr_in6): ++ return mld_set_hop_limit(s->fd, limit); ++ default: ++ return -1; ++ } ++} ++ ++int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from) ++{ ++ from->addr_size = sizeof(struct sockaddr_in6); ++ ++ return recvfrom(s->fd, buf, len, 0, (struct sockaddr *)&(from->udp6), ++ &from->addr_size); ++} ++ ++int socket_get_port(const struct sock *s) ++{ ++ switch (s->addr_size) { ++ case sizeof(struct sockaddr_in): ++ return ntohs(s->udp4.sin_port); ++ case sizeof(struct sockaddr_in6): ++ return ntohs(s->udp6.sin6_port); ++ default: ++ return 0; ++ } ++} +--- /dev/null ++++ b/common.h +@@ -0,0 +1,36 @@ ++/* ++ * common.h -- Common header for mreceive.c and msend.c ++ */ ++#ifndef _COMMON_H ++#define _COMMON_H ++ ++#include ++#include ++#include ++ ++struct ip_address { ++ int family; ++ union { ++ struct in_addr addr; ++ struct in6_addr addr6; ++ }; ++}; ++ ++struct sock { ++ socklen_t addr_size; ++ union { ++ struct sockaddr_in udp4; ++ struct sockaddr_in6 udp6; ++ }; ++ int fd; ++}; ++ ++int ip_address_parse(const char *string, struct ip_address *ip); ++int socket_create(struct sock *s, int family, int port); ++int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name, ++ int num_saddrs, struct ip_address *saddrs); ++int mc_set_hop_limit(struct sock *s, int limit); ++int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from); ++int socket_get_port(const struct sock *s); ++ ++#endif +--- a/mreceive.c ++++ b/mreceive.c +@@ -28,6 +28,8 @@ + #include + #include + ++#include "common.h" ++ + #define TRUE 1 + #define FALSE 0 + #ifndef INVALID_SOCKET +@@ -43,7 +45,7 @@ + + char *TEST_ADDR = "224.1.1.1"; + int TEST_PORT = 4444; +-unsigned long IP[MAXIP]; ++struct ip_address IP[MAXIP]; + int NUM = 0; + + void printHelp(void) +@@ -62,52 +64,12 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -h Print the command usage.\n\n", VERSION); + } + +-static void igmp_join_by_saddr(int s, in_addr_t multiaddr, in_addr_t interface) +-{ +- struct ip_mreq mreq; +- int ret; +- +- mreq.imr_multiaddr.s_addr = multiaddr; +- mreq.imr_interface.s_addr = interface; +- +- ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, +- (char *)&mreq, sizeof(mreq)); +- if (ret == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); +- exit(1); +- } +-} +- +-static void igmp_join_by_if_name(int s, in_addr_t multicast, +- const char *if_name) +-{ +- struct ip_mreqn mreq = {}; +- int if_index; +- int ret; +- +- if_index = if_nametoindex(if_name); +- if (!if_index) { +- perror("if_nametoindex"); +- exit(1); +- } +- +- mreq.imr_multiaddr.s_addr = multicast; +- mreq.imr_ifindex = if_index; +- +- ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); +- if (ret) { +- perror("setsockopt() IP_ADD_MEMBERSHIP"); +- exit(1); +- } +-} +- + int main(int argc, char *argv[]) + { +- struct sockaddr_in stLocal, stFrom; + unsigned char achIn[BUFSIZE]; +- const char *if_name; +- int s, i; +- int iTmp, iRet; ++ const char *if_name = NULL; ++ struct ip_address mc; ++ struct sock s, from; + int ipnum = 0; + int ii; + unsigned int numreceived; +@@ -116,6 +78,8 @@ int main(int argc, char *argv[]) + int starttime; + int curtime; + struct timeval tv; ++ int ret; ++ int i; + + /* + if( argc < 2 ) { +@@ -152,7 +116,10 @@ int main(int argc, char *argv[]) + } else if (strcmp(argv[ii], "-i") == 0) { + ii++; + if ((ii < argc) && !(strchr(argv[ii], '-'))) { +- IP[ipnum] = inet_addr(argv[ii]); ++ ret = ip_address_parse(argv[ii], &IP[ipnum]); ++ if (ret) ++ exit(1); ++ + ii++; + ipnum++; + } +@@ -177,73 +144,59 @@ int main(int argc, char *argv[]) + } + } + +- /* get a datagram socket */ +- s = socket(AF_INET, SOCK_DGRAM, 0); +- if (s == INVALID_SOCKET) { +- printf("socket() failed.\n"); ++ ret = ip_address_parse(TEST_ADDR, &mc); ++ if (ret) + exit(1); +- } + +- /* avoid EADDRINUSE error on bind() */ +- iTmp = TRUE; +- iRet = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() SO_REUSEADDR failed.\n"); ++ if (mc.family == AF_INET6 && ipnum) { ++ printf("Joining IPv6 groups by source address not supported, use -I\n"); + exit(1); + } + +- /* name the socket */ +- stLocal.sin_family = AF_INET; +- stLocal.sin_addr.s_addr = htonl(INADDR_ANY); +- stLocal.sin_port = htons(TEST_PORT); +- iRet = bind(s, (struct sockaddr *)&stLocal, sizeof(stLocal)); +- if (iRet == SOCKET_ERROR) { +- printf("bind() failed.\n"); ++ if (mc.family == AF_INET6 && !if_name) { ++ printf("-I is mandatory with IPv6\n"); + exit(1); + } + +- /* join the multicast group. */ +- if (if_name) { +- igmp_join_by_if_name(s, inet_addr(TEST_ADDR), if_name); +- } else { +- if (!ipnum) { /* single interface */ +- igmp_join_by_saddr(s, inet_addr(TEST_ADDR), INADDR_ANY); +- } else { +- for (i = 0; i < ipnum; i++) { +- igmp_join_by_saddr(s, inet_addr(TEST_ADDR), +- IP[i]); +- } +- } +- } ++ /* get a datagram socket */ ++ ret = socket_create(&s, mc.family, TEST_PORT); ++ if (ret) ++ exit(1); + +- /* set TTL to traverse up to multiple routers */ +- iTmp = TTL_VALUE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_TTL failed.\n"); ++ /* join the multicast group. */ ++ ret = mc_join(&s, &mc, if_name, ipnum, IP); ++ if (ret) + exit(1); +- } + +- /* disable loopback */ +- /* iTmp = TRUE; */ +- iTmp = FALSE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_LOOP failed.\n"); ++ /* set TTL to traverse up to multiple routers */ ++ ret = mc_set_hop_limit(&s, TTL_VALUE); ++ if (ret) + exit(1); +- } + + printf("Now receiving from multicast group: %s\n", TEST_ADDR); + + for (i = 0;; i++) { +- socklen_t addr_size = sizeof(struct sockaddr_in); ++ char from_buf[INET6_ADDRSTRLEN]; + static int iCounter = 1; ++ const char *addr_str; + + /* receive from the multicast address */ + +- iRet = recvfrom(s, achIn, BUFSIZE, 0, (struct sockaddr *)&stFrom, &addr_size); +- if (iRet < 0) { +- printf("recvfrom() failed.\n"); ++ ret = mc_recv(&s, achIn, BUFSIZE, &from); ++ if (ret < 0) { ++ perror("recvfrom"); ++ exit(1); ++ } ++ ++ if (mc.family == AF_INET) { ++ addr_str = inet_ntop(AF_INET, &from.udp4.sin_addr, ++ from_buf, INET6_ADDRSTRLEN); ++ } else { ++ addr_str = inet_ntop(AF_INET6, &from.udp6.sin6_addr, ++ from_buf, INET6_ADDRSTRLEN); ++ } ++ if (!addr_str) { ++ perror("inet_ntop"); + exit(1); + } + +@@ -256,7 +209,8 @@ int main(int argc, char *argv[]) + numreceived = + (unsigned int)achIn[0] + ((unsigned int)(achIn[1]) << 8) + ((unsigned int)(achIn[2]) << 16) + + ((unsigned int)(achIn[3]) >> 24); +- fprintf(stdout, "%5d\t%s:%5d\t%d.%03d\t%5d\n", iCounter, inet_ntoa(stFrom.sin_addr), ntohs(stFrom.sin_port), ++ fprintf(stdout, "%5d\t%s:%5d\t%d.%03d\t%5d\n", iCounter, ++ from_buf, socket_get_port(&from), + curtime / 1000000, (curtime % 1000000) / 1000, numreceived); + fflush(stdout); + rcvCountNew = numreceived; +@@ -276,7 +230,7 @@ int main(int argc, char *argv[]) + rcvCountOld = rcvCountNew; + } else { + printf("Receive msg %d from %s:%d: %s\n", +- iCounter, inet_ntoa(stFrom.sin_addr), ntohs(stFrom.sin_port), achIn); ++ iCounter, from_buf, socket_get_port(&from), achIn); + } + iCounter++; + } diff --git a/net/net-mtools/patches/004-msend-support-IPv6.patch b/net/net-mtools/patches/004-msend-support-IPv6.patch new file mode 100644 index 000000000..84d517538 --- /dev/null +++ b/net/net-mtools/patches/004-msend-support-IPv6.patch @@ -0,0 +1,401 @@ +From 9aa908fc2dd84cfed151fa260b39465978079274 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Tue, 19 Apr 2022 19:28:59 +0300 +Subject: [PATCH 4/6] msend: support IPv6 + +Finish the conversion by updating msend to use the common procedures +that support IPv6. + +I've only tested this with a link-local source address. + +Signed-off-by: Vladimir Oltean +--- + Makefile | 2 +- + common.c | 62 +++++++++++++++++++++---- + common.h | 5 +- + mreceive.c | 2 +- + msend.c | 131 +++++++++++++++++++++++++++++------------------------ + 5 files changed, 132 insertions(+), 70 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -35,7 +35,7 @@ all: $(EXEC) + @printf " LINK $@\n" + @$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $^ $(LDLIBS$(LDLIBS-$(@))) + +-msend: msend.o ++msend: msend.o common.o + mreceive: mreceive.o common.o + ttcp: ttcp.o + +--- a/common.c ++++ b/common.c +@@ -30,7 +30,8 @@ int ip_address_parse(const char *string, + return 0; + } + +-int socket_create(struct sock *s, int family, int port) ++int socket_create(struct sock *s, int family, int port, ++ struct ip_address *saddr, const char *if_name) + { + struct sockaddr *serv_addr; + int sockopt = 1; +@@ -40,13 +41,16 @@ int socket_create(struct sock *s, int fa + + if (family == AF_INET) { + serv_addr = (struct sockaddr *)&s->udp4; +- s->udp4.sin_addr.s_addr = htonl(INADDR_ANY); ++ s->udp4.sin_addr = saddr ? saddr->addr : ++ (struct in_addr) { ++ .s_addr = htonl(INADDR_ANY), ++ }; + s->udp4.sin_port = htons(port); + s->udp4.sin_family = AF_INET; + s->addr_size = sizeof(struct sockaddr_in); + } else { + serv_addr = (struct sockaddr *)&s->udp6; +- s->udp6.sin6_addr = in6addr_any; ++ s->udp6.sin6_addr = saddr ? saddr->addr6 : in6addr_any; + s->udp6.sin6_port = htons(port); + s->udp6.sin6_family = AF_INET6; + s->addr_size = sizeof(struct sockaddr_in6); +@@ -66,11 +70,22 @@ int socket_create(struct sock *s, int fa + return ret; + } + +- ret = bind(fd, serv_addr, s->addr_size); +- if (ret) { +- perror("bind"); +- close(fd); +- return ret; ++ if (if_name) { ++ /* Bind to device, required for IPv6 link-local addresses */ ++ ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, if_name, ++ IFNAMSIZ - 1); ++ if (ret) { ++ perror("setsockopt() SO_BINDTODEVICE"); ++ close(fd); ++ return ret; ++ } ++ } else { ++ ret = bind(fd, serv_addr, s->addr_size); ++ if (ret) { ++ perror("bind"); ++ close(fd); ++ return ret; ++ } + } + + s->fd = fd; +@@ -248,6 +263,12 @@ int mc_recv(struct sock *s, void *buf, s + &from->addr_size); + } + ++int mc_send(struct sock *s, struct sock *to, void *buf, size_t len) ++{ ++ return sendto(s->fd, buf, len, 0, (struct sockaddr *)&(to->udp4), ++ s->addr_size); ++} ++ + int socket_get_port(const struct sock *s) + { + switch (s->addr_size) { +@@ -259,3 +280,28 @@ int socket_get_port(const struct sock *s + return 0; + } + } ++ ++int socket_set_loopback(struct sock *s, int loop) ++{ ++ int fd = s->fd; ++ int ret; ++ ++ switch (s->addr_size) { ++ case sizeof(struct sockaddr_in): ++ ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, ++ sizeof(int)); ++ if (ret) ++ perror("setsockopt IP_MULTICAST_LOOP"); ++ break; ++ case sizeof(struct sockaddr_in6): ++ ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &loop, ++ sizeof(int)); ++ if (ret) ++ perror("setsockopt IPV6_MULTICAST_LOOP"); ++ break; ++ default: ++ return 0; ++ } ++ ++ return ret; ++} +--- a/common.h ++++ b/common.h +@@ -26,11 +26,14 @@ struct sock { + }; + + int ip_address_parse(const char *string, struct ip_address *ip); +-int socket_create(struct sock *s, int family, int port); ++int socket_create(struct sock *s, int family, int port, ++ struct ip_address *saddr, const char *if_name); + int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name, + int num_saddrs, struct ip_address *saddrs); + int mc_set_hop_limit(struct sock *s, int limit); + int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from); ++int mc_send(struct sock *s, struct sock *to, void *buf, size_t len); + int socket_get_port(const struct sock *s); ++int socket_set_loopback(struct sock *s, int loop); + + #endif +--- a/mreceive.c ++++ b/mreceive.c +@@ -159,7 +159,7 @@ int main(int argc, char *argv[]) + } + + /* get a datagram socket */ +- ret = socket_create(&s, mc.family, TEST_PORT); ++ ret = socket_create(&s, mc.family, TEST_PORT, NULL, NULL); + if (ret) + exit(1); + +--- a/msend.c ++++ b/msend.c +@@ -30,6 +30,8 @@ + #include + #include + ++#include "common.h" ++ + #define TRUE 1 + #define FALSE 0 + #ifndef INVALID_SOCKET +@@ -45,18 +47,16 @@ char *TEST_ADDR = "224.1.1.1"; + int TEST_PORT = 4444; + int TTL_VALUE = 1; + int SLEEP_TIME = 1000; +-unsigned long IP = INADDR_ANY; + int NUM = 0; + + int join_flag = 0; /* not join */ + + typedef struct timerhandler_s { +- int s; ++ struct sock *s; ++ struct sock *to; + char *achOut; + int len; + int n; +- struct sockaddr *stTo; +- int addr_size; + } timerhandler_t; + timerhandler_t handler_par; + void timerhandler(); +@@ -87,16 +87,15 @@ Usage: msend [-g GROUP] [-p PORT] [-joi + + int main(int argc, char *argv[]) + { +- struct sockaddr_in stLocal, stTo; ++ struct ip_address *saddr = NULL, mc; ++ struct sock s = {}, to = {}; ++ const char *if_name = NULL; + char achOut[BUFSIZE] = ""; +- int s, i; +- struct ip_mreq stMreq; +- int iTmp, iRet; + int ii = 1; +- int addr_size = sizeof(struct sockaddr_in); + struct itimerval times; + sigset_t sigset; + struct sigaction act; ++ int ret, i; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { + printf("msend version 2.2\n"); +@@ -126,7 +125,32 @@ int main(int argc, char *argv[]) + } else if (strcmp(argv[ii], "-i") == 0) { + ii++; + if ((ii < argc) && !(strchr(argv[ii], '-'))) { +- IP = inet_addr(argv[ii]); ++ if (saddr) { ++ printf("Single source address allowed\n"); ++ exit(1); ++ } ++ ++ saddr = calloc(1, sizeof(*saddr)); ++ if (!saddr) { ++ printf("Low memory\n"); ++ exit(1); ++ } ++ ++ ret = ip_address_parse(argv[ii], saddr); ++ if (ret) ++ exit(1); ++ ++ ii++; ++ } ++ } else if (strcmp(argv[ii], "-I") == 0) { ++ ii++; ++ if (ii < argc) { ++ if (if_name) { ++ printf("Single interface expected\n"); ++ exit(1); ++ } ++ ++ if_name = argv[ii]; + ii++; + } + } else if (strcmp(argv[ii], "-t") == 0) { +@@ -158,62 +182,50 @@ int main(int argc, char *argv[]) + } + } + +- /* get a datagram socket */ +- s = socket(AF_INET, SOCK_DGRAM, 0); +- if (s == INVALID_SOCKET) { +- printf("socket() failed.\n"); ++ ret = ip_address_parse(TEST_ADDR, &mc); ++ if (ret) + exit(1); +- } + +- /* avoid EADDRINUSE error on bind() */ +- iTmp = TRUE; +- iRet = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() SO_REUSEADDR failed.\n"); ++ if (join_flag && mc.family == AF_INET6 && !if_name) { ++ printf("-I is mandatory when joining IPv6 group\n"); + exit(1); + } + +- /* name the socket */ +- stLocal.sin_family = AF_INET; +- stLocal.sin_addr.s_addr = IP; +- stLocal.sin_port = htons(TEST_PORT); +- iRet = bind(s, (struct sockaddr *)&stLocal, sizeof(stLocal)); +- if (iRet == SOCKET_ERROR) { +- printf("bind() failed.\n"); ++ /* get a datagram socket */ ++ ret = socket_create(&s, mc.family, TEST_PORT, saddr, if_name); ++ if (ret) + exit(1); +- } + + /* join the multicast group. */ +- stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR); +- stMreq.imr_interface.s_addr = IP; + if (join_flag == 1) { +- iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n"); ++ ret = mc_join(&s, &mc, if_name, 0, NULL); ++ if (ret) + exit(1); +- } + } + + /* set TTL to traverse up to multiple routers */ +- iTmp = TTL_VALUE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_TTL failed.\n"); ++ ret = mc_set_hop_limit(&s, TTL_VALUE); ++ if (ret) + exit(1); +- } + + /* enable loopback */ +- iTmp = TRUE; +- iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, (char *)&iTmp, sizeof(iTmp)); +- if (iRet == SOCKET_ERROR) { +- printf("setsockopt() IP_MULTICAST_LOOP failed.\n"); ++ ret = socket_set_loopback(&s, 1); ++ if (ret) + exit(1); +- } + + /* assign our destination address */ +- stTo.sin_family = AF_INET; +- stTo.sin_addr.s_addr = inet_addr(TEST_ADDR); +- stTo.sin_port = htons(TEST_PORT); ++ if (mc.family == AF_INET) { ++ to.udp4.sin_addr = mc.addr; ++ to.udp4.sin_port = htons(TEST_PORT); ++ to.udp4.sin_family = AF_INET; ++ to.addr_size = sizeof(struct sockaddr_in); ++ } else { ++ to.udp6.sin6_addr = mc.addr6; ++ to.udp6.sin6_port = htons(TEST_PORT); ++ to.udp6.sin6_family = AF_INET6; ++ to.addr_size = sizeof(struct sockaddr_in6); ++ } ++ + printf("Now sending to multicast group: %s\n", TEST_ADDR); + + SLEEP_TIME *= 1000; /* convert to microsecond */ +@@ -237,12 +249,11 @@ int main(int argc, char *argv[]) + times.it_interval.tv_usec = (long)(SLEEP_TIME % 1000000); + setitimer(ITIMER_REAL, ×, NULL); + +- handler_par.s = s; ++ handler_par.s = &s; ++ handler_par.to = &to; + handler_par.achOut = achOut; + handler_par.len = strlen(achOut) + 1; + handler_par.n = 0; +- handler_par.stTo = (struct sockaddr *)&stTo; +- handler_par.addr_size = addr_size; + + /* now wait for the alarms */ + sigemptyset(&sigset); +@@ -252,8 +263,6 @@ int main(int argc, char *argv[]) + return 0; + } else { + for (i = 0; i < 10; i++) { +- int addr_size = sizeof(struct sockaddr_in); +- + if (NUM) { + achOut[3] = (unsigned char)(i >> 24); + achOut[2] = (unsigned char)(i >> 16); +@@ -264,9 +273,10 @@ int main(int argc, char *argv[]) + printf("Send out msg %d to %s:%d: %s\n", i, TEST_ADDR, TEST_PORT, achOut); + } + +- iRet = sendto(s, achOut, (NUM ? 4 : strlen(achOut) + 1), 0, (struct sockaddr *)&stTo, addr_size); +- if (iRet < 0) { +- printf("sendto() failed.\n"); ++ ret = mc_send(&s, &to, achOut, ++ NUM ? 4 : strlen(achOut) + 1); ++ if (ret < 0) { ++ perror("sendto"); + exit(1); + } + } /* end for(;;) */ +@@ -277,8 +287,8 @@ int main(int argc, char *argv[]) + + void timerhandler(void) + { +- int iRet; + static int iCounter = 1; ++ int ret; + + if (NUM) { + handler_par.achOut = (char *)(&iCounter); +@@ -287,11 +297,14 @@ void timerhandler(void) + } else { + printf("Sending msg %d, TTL %d, to %s:%d: %s\n", iCounter, TTL_VALUE, TEST_ADDR, TEST_PORT, handler_par.achOut); + } +- iRet = sendto(handler_par.s, handler_par.achOut, handler_par.len, handler_par.n, handler_par.stTo, handler_par.addr_size); +- if (iRet < 0) { +- printf("sendto() failed.\n"); ++ ++ ret = mc_send(handler_par.s, handler_par.to, handler_par.achOut, ++ handler_par.len); ++ if (ret < 0) { ++ perror("sendto"); + exit(1); + } ++ + iCounter++; + return; + } diff --git a/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch b/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch new file mode 100644 index 000000000..73af1d14e --- /dev/null +++ b/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch @@ -0,0 +1,33 @@ +From bf95bdeccab98cec77dc1b10bce0b215754e4e46 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Thu, 21 Apr 2022 16:45:08 +0300 +Subject: [PATCH 5/6] mreceive: msend: add new -I option to the help text + +Signed-off-by: Vladimir Oltean +--- + mreceive.c | 2 ++ + msend.c | 2 ++ + 2 files changed, 4 insertions(+) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -58,6 +58,8 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i + -p PORT UDP port number used in the multicast packets. Default: 4444\n\ + -i ADDRESS IP addresses of one or more interfaces to listen for the given\n\ + multicast group. Default: the system default interface.\n\ ++ -I interface The interface on which to receive. Can be specified as an\n\ ++ alternative to -i.\n\ + -n Interpret the contents of the message as a number instead of\n\ + a string of characters. Use this with `msend -n`\n\ + -v Print version information.\n\ +--- a/msend.c ++++ b/msend.c +@@ -72,6 +72,8 @@ Usage: msend [-g GROUP] [-p PORT] [-joi + -p PORT UDP port number used in the multicast packets. Default: 4444\n\ + -i ADDRESS IP address of the interface to use to send the packets.\n\ + The default is to use the system default interface.\n\ ++ -I interface The interface on which to send. Can be specified as an\n\ ++ alternative to -i.\n\ + -join Multicast sender will join the multicast group.\n\ + By default a sender never joins the group.\n\ + -P PERIOD Interval in milliseconds between packets. Default 1000 msec\n\ diff --git a/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch b/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch new file mode 100644 index 000000000..8e8db738e --- /dev/null +++ b/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch @@ -0,0 +1,81 @@ +From 1013b0a83aef868e6cd33b2f467b9f886b41e7bc Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Fri, 22 Apr 2022 12:59:56 +0300 +Subject: [PATCH 6/6] msend: send a limited number of test packets + +For easier integration into a selftest framework, limit the amount of +packets that the program sends via a command-line argument. + +Signed-off-by: Vladimir Oltean +--- + msend.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +--- a/msend.c ++++ b/msend.c +@@ -56,7 +56,7 @@ typedef struct timerhandler_s { + struct sock *to; + char *achOut; + int len; +- int n; ++ int num_pkts; + } timerhandler_t; + timerhandler_t handler_par; + void timerhandler(); +@@ -82,6 +82,7 @@ Usage: msend [-g GROUP] [-p PORT] [-joi + the first router will drop the packets! Default: 1\n\ + -text \"text\" Specify a string to use as payload in the packets, also\n\ + displayed by the mreceive command. Default: empty\n\ ++ -c Number of packets to send. Default: send indefinitely\n\ + -n Encode -text argument as a number instead of a string.\n\ + -v Print version information.\n\ + -h Print the command usage.\n\n", VERSION); +@@ -97,6 +98,7 @@ int main(int argc, char *argv[]) + struct itimerval times; + sigset_t sigset; + struct sigaction act; ++ int num_pkts = 0; + int ret, i; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { +@@ -171,6 +173,12 @@ int main(int argc, char *argv[]) + ii++; + NUM = 1; + ii++; ++ } else if (strcmp(argv[ii], "-c") == 0) { ++ ii++; ++ if ((ii < argc) && !(strchr(argv[ii], '-'))) { ++ num_pkts = atoi(argv[ii]); ++ ii++; ++ } + } else if (strcmp(argv[ii], "-text") == 0) { + ii++; + if ((ii < argc) && !(strchr(argv[ii], '-'))) { +@@ -255,7 +263,7 @@ int main(int argc, char *argv[]) + handler_par.to = &to; + handler_par.achOut = achOut; + handler_par.len = strlen(achOut) + 1; +- handler_par.n = 0; ++ handler_par.num_pkts = num_pkts; + + /* now wait for the alarms */ + sigemptyset(&sigset); +@@ -264,7 +272,7 @@ int main(int argc, char *argv[]) + } + return 0; + } else { +- for (i = 0; i < 10; i++) { ++ for (i = 0; num_pkts && i < num_pkts; i++) { + if (NUM) { + achOut[3] = (unsigned char)(i >> 24); + achOut[2] = (unsigned char)(i >> 16); +@@ -307,6 +315,9 @@ void timerhandler(void) + exit(1); + } + ++ if (iCounter == handler_par.num_pkts) ++ exit(1); ++ + iCounter++; + return; + } diff --git a/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch b/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch new file mode 100644 index 000000000..2ba867745 --- /dev/null +++ b/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch @@ -0,0 +1,37 @@ +From e0c9115e1ceb6621d6c04ae8bfd423a0452fea9c Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Wed, 5 Jul 2023 11:03:40 +0200 +Subject: [PATCH] mreceive: msend: fix wrong version in -v output + +-v output was never changed to follow VERSION declared in Makefile and +was still hardcoded. Fix this to improve version output and align to -h +output. + +Signed-off-by: Christian Marangi +--- + mreceive.c | 2 +- + msend.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/mreceive.c ++++ b/mreceive.c +@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) + ii = 1; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { +- printf("mreceive version 2.2\n"); ++ printf("mreceive version %s\n", VERSION); + return 0; + } + if ((argc == 2) && (strcmp(argv[ii], "-h") == 0)) { +--- a/msend.c ++++ b/msend.c +@@ -102,7 +102,7 @@ int main(int argc, char *argv[]) + int ret, i; + + if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) { +- printf("msend version 2.2\n"); ++ printf("msend version %s\n", VERSION); + return 0; + } + if ((argc == 2) && (strcmp(argv[ii], "-h") == 0)) { diff --git a/net/net-mtools/test.sh b/net/net-mtools/test.sh new file mode 100755 index 000000000..c32f76802 --- /dev/null +++ b/net/net-mtools/test.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +msend -v | grep "$2" +mreceive -v | grep "$2" From f6fd7e4b002b9e9cff8c05a675b9272e758040be Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sat, 1 Jul 2023 20:32:53 +0200 Subject: [PATCH 07/27] nyx: fix python 3.11 compatibility Signed-off-by: Javier Marcet --- admin/nyx/Makefile | 2 +- admin/nyx/patches/01-python311.patch | 32 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 admin/nyx/patches/01-python311.patch diff --git a/admin/nyx/Makefile b/admin/nyx/Makefile index 5a7e26b41..1b023337b 100644 --- a/admin/nyx/Makefile +++ b/admin/nyx/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nyx PKG_VERSION:=2.1.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PYPI_NAME:=nyx PKG_HASH:=88521488d1c9052e457b9e66498a4acfaaa3adf3adc5a199892632f129a5390b diff --git a/admin/nyx/patches/01-python311.patch b/admin/nyx/patches/01-python311.patch new file mode 100644 index 000000000..36b34932d --- /dev/null +++ b/admin/nyx/patches/01-python311.patch @@ -0,0 +1,32 @@ +From dcaddf2ab7f9d2ef8649f98bb6870995ebe0b893 Mon Sep 17 00:00:00 2001 +From: Juan Orti Alcaine +Date: Mon, 27 Jun 2022 19:38:34 +0200 +Subject: [PATCH] Replace inspect.getargspec usage to support python 3.11 + +--- + nyx/panel/__init__.py | 2 +- + test/__init__.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/nyx/panel/__init__.py ++++ b/nyx/panel/__init__.py +@@ -78,7 +78,7 @@ class KeyHandler(collections.namedtuple( + is_match = self._key_func(key) if self._key_func else key.match(self.key) + + if is_match: +- if inspect.getargspec(self._action).args == ['key']: ++ if inspect.getfullargspec(self._action).args == ['key']: + self._action(key) + else: + self._action() +--- a/test/__init__.py ++++ b/test/__init__.py +@@ -94,7 +94,7 @@ def render(func, *args, **kwargs): + nyx.curses.CURSES_SCREEN.erase() + start_time = time.time() + +- func_args = inspect.getargspec(func).args ++ func_args = inspect.getfullargspec(func).args + + if func_args[:1] == ['subwindow'] or func_args[:2] == ['self', 'subwindow']: + def _draw(subwindow): From 381a5515c7bfa047be8724c35b1190e8e91f984f Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Mon, 3 Jul 2023 10:11:46 +0200 Subject: [PATCH 08/27] pdns-recursor: update to 4.9.0 Signed-off-by: Peter van Dijk --- net/pdns-recursor/Makefile | 4 ++-- .../patches/100-disable-recursor.conf-dist.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/pdns-recursor/Makefile b/net/pdns-recursor/Makefile index 92adc440c..4334e136b 100644 --- a/net/pdns-recursor/Makefile +++ b/net/pdns-recursor/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns-recursor -PKG_VERSION:=4.8.4 +PKG_VERSION:=4.9.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=f0a63fd08e03da82fa20d333ea5179d1b9259f4264546cf4995286677d9458c7 +PKG_HASH:=d36f162843e367646a661a785ca0becde9b68552855bf40532aebafa103966f3 PKG_MAINTAINER:=Peter van Dijk PKG_LICENCE:=GPL-2.0-only diff --git a/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch b/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch index ab7aa6977..4a9e90b0a 100644 --- a/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch +++ b/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch @@ -1,6 +1,6 @@ --- a/Makefile.am +++ b/Makefile.am -@@ -503,12 +503,6 @@ $(srcdir)/effective_tld_names.dat: +@@ -507,12 +507,6 @@ $(srcdir)/effective_tld_names.dat: pubsuffix.cc: $(srcdir)/effective_tld_names.dat $(AM_V_GEN)./mkpubsuffixcc From 68cdc3952dd7adf6fb1ed4b8138ec5478ac18b9a Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 7 Jul 2023 18:28:21 +0200 Subject: [PATCH 09/27] banip: release 0.8.9-1 * added HTTP ETag or entity tag support to download only ressources that have been updated on the server side, to save bandwith and speed up banIP reloads * added 4 new feeds: binarydefense, bruteforceblock, etcompromised, ipblackhole (see readme) * updated the readme Signed-off-by: Dirk Brenken --- net/banip/Makefile | 4 +- net/banip/files/README.md | 17 +++-- net/banip/files/banip-functions.sh | 103 +++++++++++++++++++++-------- net/banip/files/banip.feeds | 20 ++++++ 4 files changed, 108 insertions(+), 36 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index 95dc36641..98004dd1e 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -5,8 +5,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.8.8 -PKG_RELEASE:=2 +PKG_VERSION:=0.8.9 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/README.md b/net/banip/files/README.md index 88e437437..0039b0d26 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -17,7 +17,9 @@ IP address blocking is commonly used to protect against brute force attacks, pre | antipopads | antipopads IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) | | asn | ASN IPs | | | x | [Link](https://asn.ipinfo.app) | | backscatterer | backscatterer IPs | x | x | | [Link](https://www.uceprotect.net/en/index.php) | +| binarydefense | binary defense banlist | x | x | | [Link](https://iplists.firehol.org/?ipset=bds_atif) | | bogon | bogon prefixes | x | x | | [Link](https://team-cymru.com) | +| bruteforceblock | bruteforceblocker IPs | x | x | | [Link](https://danger.rulez.sk/index.php/bruteforceblocker/) | | country | country blocks | x | x | | [Link](https://www.ipdeny.com/ipblocks) | | cinsscore | suspicious attacker IPs | x | x | | [Link](https://cinsscore.com/#list) | | darklist | blocks suspicious attacker IPs | x | x | | [Link](https://darklist.de) | @@ -26,6 +28,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre | drop | spamhaus drop compilation | x | x | | [Link](https://www.spamhaus.org) | | dshield | dshield IP blocklist | x | x | | [Link](https://www.dshield.org) | | edrop | spamhaus edrop compilation | x | x | | [Link](https://www.spamhaus.org) | +| etcompromised | ET compromised hosts | x | x | | [Link](https://iplists.firehol.org/?ipset=et_compromised) | | feodo | feodo tracker | x | x | x | [Link](https://feodotracker.abuse.ch) | | firehol1 | firehol level 1 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level1) | | firehol2 | firehol level 2 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level2) | @@ -34,6 +37,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre | greensnow | suspicious server IPs | x | x | | [Link](https://greensnow.co) | | iblockads | Advertising IPs | | | x | [Link](https://www.iblocklist.com) | | iblockspy | Malicious spyware IPs | x | x | | [Link](https://www.iblocklist.com) | +| ipblackhole | blackhole IPs | x | x | | [Link](https://ip.blackhole.monster) | | ipthreat | hacker and botnet TPs | x | x | | [Link](https://ipthreat.net) | | myip | real-time IP blocklist | x | x | | [Link](https://myip.ms) | | nixspam | iX spam protection | x | x | | [Link](http://www.nixspam.org) | @@ -72,7 +76,8 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Per feed it can be defined whether the wan-input chain, the wan-forward chain or the lan-forward chain should be blocked (default: all chains) * Automatic blocklist backup & restore, the backups will be used in case of download errors or during startup * Automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or full wget -* Supports an 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs +* Provides HTTP ETag or entity tag support to download only ressources that have been updated on the server side, to save bandwith and speed up banIP reloads +* Supports an 'allowlist only' mode, this option restricts internet access from/to a given number of secure websites/IPs * Deduplicate IPs accross all Sets (single IPs only, no intervals) * Provides comprehensive runtime information * Provides a detailed Set report @@ -86,7 +91,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre ## Prerequisites * **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support -* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries +* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default * For E-Mail notifications you need to install and setup the additional 'msmtp' package @@ -145,7 +150,7 @@ Available commands: | ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) | | ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP | | ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all | -| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs | +| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs | | ban_basedir | option | /tmp | base working directory while banIP processing | | ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files | | ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files | @@ -292,6 +297,9 @@ Depending on the options 'ban_autoallowlist' and 'ban_autoallowuplink' the uplin Furthermore, you can reference external Allowlist URLs with additional IPv4 and IPv6 feeds (see 'ban_allowurl'). Both local lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the Sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time. +**allowlist-only mode** +banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure MACs, IPs or domains, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist (plus the external Allowlist URLs) are blocked. + **MAC/IP-binding** banIP supports concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments. Following notations in the local allow and block lists are allowed: ``` @@ -313,9 +321,6 @@ C8:C2:9B:F7:80:12 192.168.1.10 => this will be populated to C8:C2:9B:F7:80:12 => this will be populated to v6MAC-Set with the IP-wildcard ::/0 ``` -**allowlist-only mode** -banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure MACs, IPs or domains, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked. - **redirect Asterisk security logs to lodg/logread** banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration. diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index a04265f65..2d64f678a 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -79,6 +79,7 @@ ban_fetchparm="" ban_fetchinsecure="" ban_fetchretry="5" ban_rdapparm="" +ban_etagparm="" ban_cores="" ban_memory="" ban_packages="" @@ -332,25 +333,28 @@ f_getfetch() { [ "${ban_fetchinsecure}" = "1" ] && insecure="--check-certificate=false" ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 --retry-wait=10 --max-tries=${ban_fetchretry} --max-file-not-found=${ban_fetchretry} --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o"}" ban_rdapparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ -o" + ban_etagparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ --dry-run --log -" ;; "curl") [ "${ban_fetchinsecure}" = "1" ] && insecure="--insecure" - ban_fetchparm="${ban_fetchparm:-"${insecure} --connect-timeout 20 --retry-delay 10 --retry ${ban_fetchretry} --retry-all-errors --fail --silent --show-error --location -o"}" + ban_fetchparm="${ban_fetchparm:-"${insecure} --connect-timeout 20 --retry-delay 10 --retry ${ban_fetchretry} --retry-max-time $((ban_fetchretry * 20)) --retry-all-errors --fail --silent --show-error --location -o"}" ban_rdapparm="--connect-timeout 5 --silent --location -o" + ban_etagparm="--connect-timeout 5 --silent --location --head" + ;; + "wget") + [ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate" + ban_fetchparm="${ban_fetchparm:-"${insecure} --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=${ban_fetchretry} --retry-connrefused -O"}" + ban_rdapparm="--timeout=5 -O" + ban_etagparm="--timeout=5 --spider --server-response" ;; "uclient-fetch") [ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate" ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 -O"}" ban_rdapparm="--timeout=5 -O" ;; - "wget") - [ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate" - ban_fetchparm="${ban_fetchparm:-"${insecure} --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=${ban_fetchretry} --retry-connrefused -O"}" - ban_rdapparm="--timeout=5 -O" - ;; esac - f_log "debug" "f_getfetch ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}" + f_log "debug" "f_getfetch ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}, etag_parm: ${ban_etagparm:-"-"}" } # get wan interfaces @@ -462,7 +466,7 @@ f_getuplink() { for ip in ${ban_uplink}; do if ! "${ban_grepcmd}" -q "${ip} " "${ban_allowlist}"; then if [ "${update}" = "0" ]; then - "${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}" + "${ban_sedcmd}" -i "/# uplink added on /d" "${ban_allowlist}" fi printf "%-42s%s\n" "${ip}" "# uplink added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}" f_log "info" "add uplink '${ip}' to local allowlist" @@ -471,7 +475,7 @@ f_getuplink() { done ban_uplink="${ban_uplink%%?}" elif [ "${ban_autoallowlist}" = "1" ] && [ "${ban_autoallowuplink}" = "disable" ]; then - "${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}" + "${ban_sedcmd}" -i "/# uplink added on /d" "${ban_allowlist}" update="1" fi @@ -502,6 +506,31 @@ f_getelements() { [ -s "${file}" ] && printf "%s" "elements={ $("${ban_catcmd}" "${file}" 2>/dev/null) };" } +# handle etag http header +# +f_etag() { + local http_head http_code etag_id etag_rc out_rc="4" feed="${1}" feed_url="${2}" feed_suffix="${3}" + + if [ -n "${ban_etagparm}" ]; then + [ ! -f "${ban_backupdir}/banIP.etag" ] && : >"${ban_backupdir}/banIP.etag" + http_head="$("${ban_fetchcmd}" ${ban_etagparm} "${feed_url}" 2>&1)" + http_code="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^http\/[0123\.]+ /{printf "%s",$2}')" + etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" '{FS="\""}tolower($0)~/^[[:space:]]*etag: /{printf "%s",$2}')" + etag_rc="${?}" + + if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then + out_rc="0" + elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; then + "${ban_sedcmd}" -i "/^${feed}${feed_suffix}/d" "${ban_backupdir}/banIP.etag" + printf "%-20s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag" + out_rc="2" + fi + fi + + f_log "debug" "f_etag ::: feed: ${feed}, suffix: ${feed_suffix:-"-"}, http_code: ${http_code:-"-"}, etag_id: ${etag_id:-"-"} , etag_rc: ${etag_rc:-"-"}, rc: ${out_rc}" + return "${out_rc}" +} + # build initial nft file with base table, chains and rules # f_nftinit() { @@ -547,13 +576,13 @@ f_nftinit() { feed_rc="${?}" f_log "debug" "f_nftinit ::: devices: ${ban_dev}, priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}" - return ${feed_rc} + return "${feed_rc}" } # handle downloads # f_down() { - local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle + local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc="0" local cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}" start_ts="$(date +%s)" @@ -616,12 +645,34 @@ f_down() { } >"${tmp_flush}" fi - # restore local backups during init + # restore local backups # - if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then - f_restore "${feed}" "${feed_url}" "${tmp_load}" - restore_rc="${?}" - feed_rc="${restore_rc}" + if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ] || [ -n "${ban_etagparm}" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then + if [ -n "${ban_etagparm}" ] && [ "${feed_url}" != "local" ]; then + if [ "${feed%v*}" = "country" ]; then + for country in ${ban_country}; do + f_etag "${feed}" "${feed_url}${country}-aggregated.zone" ".${country}" + rc="${?}" + [ "${rc}" = "4" ] && break + etag_rc="$((etag_rc + rc))" + done + elif [ "${feed%v*}" = "asn" ]; then + for asn in ${ban_asn}; do + f_etag "${feed}" "${feed_url}AS${asn}" ".{asn}" + rc="${?}" + [ "${rc}" = "4" ] && break + etag_rc="$((etag_rc + rc))" + done + else + f_etag "${feed}" "${feed_url}" + etag_rc="${?}" + fi + fi + if [ "${etag_rc}" = "0" ] || [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; then + f_restore "${feed}" "${feed_url}" "${tmp_load}" "${etag_rc}" + restore_rc="${?}" + feed_rc="${restore_rc}" + fi fi # prepare local allowlist @@ -781,10 +832,7 @@ f_down() { "gz") feed_log="$("${ban_fetchcmd}" ${ban_fetchparm} "${tmp_raw}" "${feed_url}" 2>&1)" feed_rc="${?}" - if [ "${feed_rc}" = "0" ]; then - "${ban_zcatcmd}" "${tmp_raw}" 2>/dev/null >"${tmp_load}" - feed_rc="${?}" - fi + [ "${feed_rc}" = "0" ] && "${ban_zcatcmd}" "${tmp_raw}" 2>/dev/null >"${tmp_load}" rm -f "${tmp_raw}" ;; esac @@ -898,7 +946,7 @@ f_down() { rm -f "${tmp_split}" "${tmp_nft}" end_ts="$(date +%s)" - f_log "debug" "f_down ::: name: ${feed}, cnt_dl: ${cnt_dl:-"-"}, cnt_set: ${cnt_set:-"-"}, split_size: ${ban_splitsize:-"-"}, time: $((end_ts - start_ts)), rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}" + f_log "debug" "f_down ::: feed: ${feed}, cnt_dl: ${cnt_dl:-"-"}, cnt_set: ${cnt_set:-"-"}, split_size: ${ban_splitsize:-"-"}, time: $((end_ts - start_ts)), rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}" } # backup feeds @@ -909,24 +957,23 @@ f_backup() { gzip -cf "${feed_file}" >"${ban_backupdir}/banIP.${feed}.gz" backup_rc="${?}" - f_log "debug" "f_backup ::: name: ${feed}, source: ${feed_file##*/}, target: banIP.${feed}.gz, rc: ${backup_rc}" - return ${backup_rc} + f_log "debug" "f_backup ::: feed: ${feed}, file: banIP.${feed}.gz, rc: ${backup_rc}" + return "${backup_rc}" } # restore feeds # f_restore() { - local tmp_feed restore_rc="1" feed="${1}" feed_url="${2}" feed_file="${3}" feed_rc="${4:-"0"}" + local tmp_feed restore_rc="4" feed="${1}" feed_url="${2}" feed_file="${3}" in_rc="${4}" - [ "${feed_rc}" != "0" ] && restore_rc="${feed_rc}" [ "${feed_url}" = "local" ] && tmp_feed="${feed%v*}v4" || tmp_feed="${feed}" - if [ -f "${ban_backupdir}/banIP.${tmp_feed}.gz" ]; then + if [ -s "${ban_backupdir}/banIP.${tmp_feed}.gz" ]; then "${ban_zcatcmd}" "${ban_backupdir}/banIP.${tmp_feed}.gz" 2>/dev/null >"${feed_file}" restore_rc="${?}" fi - f_log "debug" "f_restore ::: name: ${feed}, source: banIP.${tmp_feed}.gz, target: ${feed_file##*/}, in_rc: ${feed_rc}, rc: ${restore_rc}" - return ${restore_rc} + f_log "debug" "f_restore ::: feed: ${feed}, file: banIP.${tmp_feed}.gz, in_rc: ${in_rc:-"-"}, rc: ${restore_rc}" + return "${restore_rc}" } # remove disabled Sets diff --git a/net/banip/files/banip.feeds b/net/banip/files/banip.feeds index 056582071..d54f2de49 100644 --- a/net/banip/files/banip.feeds +++ b/net/banip/files/banip.feeds @@ -40,6 +40,11 @@ "descr": "backscatterer IPs", "flag": "gz" }, + "binarydefense":{ + "url_4": "https://iplists.firehol.org/files/bds_atif.ipset", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", + "descr": "binary defense banlist" + }, "bogon":{ "url_4": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt", "url_6": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt", @@ -47,6 +52,11 @@ "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}", "descr": "bogon prefixes" }, + "bruteforceblock":{ + "url_4": "https://danger.rulez.sk/projects/bruteforceblocker/blist.php", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}", + "descr": "bruteforceblocker IPs" + }, "cinsscore":{ "url_4": "https://cinsscore.com/list/ci-badguys.txt", "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", @@ -95,6 +105,11 @@ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}", "descr": "spamhaus edrop compilation" }, + "etcompromised":{ + "url_4": "https://iplists.firehol.org/files/et_compromised.ipset", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", + "descr": "ET compromised hosts" + }, "feodo":{ "url_4": "https://feodotracker.abuse.ch/downloads/ipblocklist.txt", "rule_4": "BEGIN{RS=\"\\r\\n\"}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", @@ -137,6 +152,11 @@ "descr": "malicious spyware IPs", "flag": "gz" }, + "ipblackhole":{ + "url_4": "https://ip.blackhole.monster/blackhole-today", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", + "descr": "blackhole IP blocklist" + }, "ipthreat":{ "url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt", "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}", From 137045faa904fd826be9e82b22aa2ee1d65229b7 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 7 Jul 2023 20:03:08 +0200 Subject: [PATCH 10/27] banip: update 0.8.9-2 * fix a corner case backup issue with empty feed downloads Signed-off-by: Dirk Brenken --- net/banip/Makefile | 2 +- net/banip/files/banip-functions.sh | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index 98004dd1e..4be2afd69 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=0.8.9 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 2d64f678a..1fa1578d6 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -952,10 +952,12 @@ f_down() { # backup feeds # f_backup() { - local backup_rc feed="${1}" feed_file="${2}" + local backup_rc="4" feed="${1}" feed_file="${2}" - gzip -cf "${feed_file}" >"${ban_backupdir}/banIP.${feed}.gz" - backup_rc="${?}" + if [ -s "${feed_file}" ]; then + gzip -cf "${feed_file}" >"${ban_backupdir}/banIP.${feed}.gz" + backup_rc="${?}" + fi f_log "debug" "f_backup ::: feed: ${feed}, file: banIP.${feed}.gz, rc: ${backup_rc}" return "${backup_rc}" From 62901b7895583d6f4845bf7cc2d944f98c662a1e Mon Sep 17 00:00:00 2001 From: Van Waholtz Date: Wed, 5 Jul 2023 22:06:24 +0800 Subject: [PATCH 11/27] frp: update to 0.51.0 XTCP is incompatible with previous versions since 0.49.0. Changelog: https://github.com/fatedier/frp/releases/tag/v0.49.0 https://github.com/fatedier/frp/releases/tag/v0.50.0 https://github.com/fatedier/frp/releases/tag/v0.51.0 Signed-off-by: Van Waholtz --- net/frp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/frp/Makefile b/net/frp/Makefile index fb8ee9af4..fdb40431d 100644 --- a/net/frp/Makefile +++ b/net/frp/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=frp -PKG_VERSION:=0.48.0 +PKG_VERSION:=0.51.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/fatedier/frp/tar.gz/v${PKG_VERSION}? -PKG_HASH:=efba8ec9fad3369ce62631369f52b78a7248df426b5b54311e96231adac5cc76 +PKG_HASH:=80ccfa40c4e25309ddb48818f6342bc59f7639be83ab6ef59ffab5caeedc37e8 PKG_MAINTAINER:=Richard Yu PKG_LICENSE:=Apache-2.0 From bc718f43bf58949ed9832480bf971f6a9e9e9ae3 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 7 Jul 2023 20:32:22 +0200 Subject: [PATCH 12/27] pdns: update to 4.8.1 Signed-off-by: Peter van Dijk --- net/pdns/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/pdns/Makefile b/net/pdns/Makefile index d0ca2d65b..110731352 100644 --- a/net/pdns/Makefile +++ b/net/pdns/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns -PKG_VERSION:=4.8.0 +PKG_VERSION:=4.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=61a96bbaf8b0ca49a9225a2254b9443c4ff8e050d337437d85af4de889e10127 +PKG_HASH:=66dd3ee2654f42b4eb80260f94ecb48e313a81817f58125ce48c14c2d26e309e PKG_MAINTAINER:=Peter van Dijk PKG_LICENCE:=GPL-2.0-only From 88e64a2ae488e1cd8d4d539c6d976c9ccc728d2f Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sat, 8 Jul 2023 19:51:52 +0200 Subject: [PATCH 13/27] banip: update 0.8.9-3 * prevent superflous etag function calls during start action (on start backups will be used anyway) * changed the ipthreat feed download URL (load a compressed file variant to save bandwidth) Signed-off-by: Dirk Brenken --- net/banip/Makefile | 2 +- net/banip/files/banip-functions.sh | 5 +++-- net/banip/files/banip.feeds | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index 4be2afd69..ebc88007d 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=0.8.9 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index 1fa1578d6..ad642ee12 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -582,7 +582,7 @@ f_nftinit() { # handle downloads # f_down() { - local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc="0" + local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc local cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}" start_ts="$(date +%s)" @@ -648,7 +648,8 @@ f_down() { # restore local backups # if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ] || [ -n "${ban_etagparm}" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then - if [ -n "${ban_etagparm}" ] && [ "${feed_url}" != "local" ]; then + if [ -n "${ban_etagparm}" ] && [ "${ban_action}" = "reload" ] && [ "${feed_url}" != "local" ]; then + etag_rc="0" if [ "${feed%v*}" = "country" ]; then for country in ${ban_country}; do f_etag "${feed}" "${feed_url}${country}-aggregated.zone" ".${country}" diff --git a/net/banip/files/banip.feeds b/net/banip/files/banip.feeds index d54f2de49..cfe1a70cc 100644 --- a/net/banip/files/banip.feeds +++ b/net/banip/files/banip.feeds @@ -158,9 +158,10 @@ "descr": "blackhole IP blocklist" }, "ipthreat":{ - "url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt", + "url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt.gz", "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}", - "descr": "hacker and botnet IPs" + "descr": "hacker and botnet IPs", + "flag": "gz" }, "myip":{ "url_4": "https://myip.ms/files/blacklist/general/latest_blacklist.txt", From 5e2a9f082aa271dd2b7c2bd7f884bc2aef0b9be6 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sun, 9 Jul 2023 07:01:17 +0200 Subject: [PATCH 14/27] banip: update 0.8.9-4 * made the etag id parsing more bulletproof (to catch unverified etags as well) Signed-off-by: Dirk Brenken --- net/banip/Makefile | 2 +- net/banip/files/banip-functions.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/banip/Makefile b/net/banip/Makefile index ebc88007d..a9900dbdf 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=0.8.9 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index ad642ee12..170c7326c 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -515,7 +515,7 @@ f_etag() { [ ! -f "${ban_backupdir}/banIP.etag" ] && : >"${ban_backupdir}/banIP.etag" http_head="$("${ban_fetchcmd}" ${ban_etagparm} "${feed_url}" 2>&1)" http_code="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^http\/[0123\.]+ /{printf "%s",$2}')" - etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" '{FS="\""}tolower($0)~/^[[:space:]]*etag: /{printf "%s",$2}')" + etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^[[:space:]]*etag: /{gsub("\"","");printf "%s",$2}')" etag_rc="${?}" if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then From 049a27bc531b7e6cb735be8f52443d1c5f9b6ff7 Mon Sep 17 00:00:00 2001 From: Stefan Hellermann Date: Sat, 8 Jul 2023 23:25:38 +0200 Subject: [PATCH 15/27] dfu-programmer: update to 1.1.0 Changes: * Add `--erase-first` option Signed-off-by: Stefan Hellermann --- utils/dfu-programmer/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/dfu-programmer/Makefile b/utils/dfu-programmer/Makefile index 8a7e1a0e5..45eec6344 100644 --- a/utils/dfu-programmer/Makefile +++ b/utils/dfu-programmer/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dfu-programmer -PKG_VERSION:=1.0.0 +PKG_VERSION:=1.1.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/$(PKG_NAME)/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/ -PKG_HASH:=867eaf0a8cd10123715491807ab99cecb54dc6f09dddade4b2a42b0b0ef9e6b0 +PKG_HASH:=844e469be559657bc52c9d9d03c30846acd11ffbb1ddd42438fa8af1d2b8587d PKG_MAINTAINER:=Stefan Hellermann PKG_LICENSE:=GPL-2.0 From 107312a73f29a6a99df5b0dca3aec99986358512 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sun, 9 Jul 2023 15:26:52 +0200 Subject: [PATCH 16/27] btop: opt out of lto usage Signed-off-by: Javier Marcet --- admin/btop/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/admin/btop/Makefile b/admin/btop/Makefile index b3a92d17c..0384f7282 100644 --- a/admin/btop/Makefile +++ b/admin/btop/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=btop PKG_VERSION:=1.2.13 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://codeload.github.com/aristocratos/btop/tar.gz/v$(PKG_VERSION)? @@ -12,6 +12,7 @@ PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE +PKG_BUILD_FLAGS:=no-lto PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 From dae4f184f77aed1aae44edea7b10a5676f014693 Mon Sep 17 00:00:00 2001 From: Volker Christian Date: Sat, 8 Jul 2023 16:01:12 +0200 Subject: [PATCH 17/27] File: Update to version 5.44 Signed-off-by: Volker Christian --- libs/file/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/file/Makefile b/libs/file/Makefile index e12dc946c..7b502bfab 100644 --- a/libs/file/Makefile +++ b/libs/file/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=file -PKG_VERSION:=5.41 -PKG_RELEASE:=2 +PKG_VERSION:=5.44 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://download.openpkg.org/components/cache/file/ \ ftp://ftp.astron.com/pub/file/ -PKG_HASH:=13e532c7b364f7d57e23dfeea3147103150cb90593a57af86c10e4f6e411603f +PKG_HASH:=3751c7fba8dbc831cb8d7cc8aff21035459b8ce5155ef8b0880a27d028475f3b PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=BSD-2-Clause From 5362b272cbe6124519616052bf61a6faee60cd2b Mon Sep 17 00:00:00 2001 From: Volker Christian Date: Sat, 8 Jul 2023 16:04:27 +0200 Subject: [PATCH 18/27] File: Fix segfault Executables depending on binary package libmagic segfault in case package file is not installed. Libmagic needs file /usr/share/misc/magic to not segfault. Thus, install /usr/share/misc/magic along with libmagic and not with file. Signed-off-by: Volker Christian --- libs/file/Makefile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libs/file/Makefile b/libs/file/Makefile index 7b502bfab..25941ecce 100644 --- a/libs/file/Makefile +++ b/libs/file/Makefile @@ -82,21 +82,23 @@ define Build/InstallDev $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/magic.h $(1)/usr/include/ $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libmagic.{a,so*} $(1)/usr/lib/ + ${INSTALL_DIR} $(1)/usr/lib/pkgconfig + $(INSTALL_DATA) $(PKG_BUILD_DIR)/libmagic.pc $(1)/usr/lib/pkgconfig/ endef define Package/file/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/file $(1)/usr/bin/ +endef + +define Package/libmagic/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmagic.so.* $(1)/usr/lib/ $(INSTALL_DIR) $(1)/usr/share/misc $(SED) "/^#/d" $(PKG_INSTALL_DIR)/usr/share/file/magic $(SED) "/^$$$$/d" $(PKG_INSTALL_DIR)/usr/share/file/magic $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/file/magic $(1)/usr/share/misc/ endef -define Package/libmagic/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmagic.so.* $(1)/usr/lib/ -endef - $(eval $(call BuildPackage,file)) $(eval $(call BuildPackage,libmagic)) From fcccb7724a01603db452f42c978303f3f435d0c5 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 1 Jul 2023 11:06:04 -0700 Subject: [PATCH 19/27] libre2: update to 2023-02-01 Fixes compilation with GCC13 Signed-off-by: Rosen Penev --- libs/libre2/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libs/libre2/Makefile b/libs/libre2/Makefile index 76a679fef..1ce64f8cc 100644 --- a/libs/libre2/Makefile +++ b/libs/libre2/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=re2 -PKG_VERSION:=2021-02-02 -PKG_RELEASE:=2 +PKG_VERSION:=2023-02-01 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/google/re2/tar.gz/$(PKG_VERSION)? -PKG_HASH:=1396ab50c06c1a8885fb68bf49a5ecfd989163015fd96699a180d6414937f33f +PKG_HASH:=cbce8b7803e856827201a132862e41af386e7afd9cc6d9a9bc7a4fa4d8ddbdde PKG_MAINTAINER:= PKG_LICENSE:=BSD-3-Clause @@ -23,7 +23,7 @@ define Package/re2 DEPENDS:=+libstdcpp TITLE:=RE2 - C++ regular expression library URL:=https://github.com/google/re2 - ABI_VERSION:=6 + ABI_VERSION:=10 endef define Package/re2/description From 8c0afc4cabdba316835706e06919271bd7f13a62 Mon Sep 17 00:00:00 2001 From: John Audia Date: Mon, 10 Jul 2023 06:17:44 -0400 Subject: [PATCH 20/27] iperf3: update to 3.14 Release Notes: https://github.com/esnet/iperf/blob/master/RELNOTES.md Signed-off-by: John Audia --- net/iperf3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/iperf3/Makefile b/net/iperf3/Makefile index c7133bd56..136e29f0f 100644 --- a/net/iperf3/Makefile +++ b/net/iperf3/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iperf -PKG_VERSION:=3.13 +PKG_VERSION:=3.14 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf -PKG_HASH:=bee427aeb13d6a2ee22073f23261f63712d82befaa83ac8cb4db5da4c2bdc865 +PKG_HASH:=723fcc430a027bc6952628fa2a3ac77584a1d0bd328275e573fc9b206c155004 PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-3-Clause From 002400b873dc65c0f861c32888500a2d95f7067b Mon Sep 17 00:00:00 2001 From: Maxim Storchak Date: Sun, 9 Jul 2023 16:06:55 +0300 Subject: [PATCH 21/27] luaposix: update to 36.2.1 Signed-off-by: Maxim Storchak --- lang/luaposix/Makefile | 4 ++-- lang/luaposix/patches/900-disable-ldoc.patch | 11 ----------- 2 files changed, 2 insertions(+), 13 deletions(-) delete mode 100644 lang/luaposix/patches/900-disable-ldoc.patch diff --git a/lang/luaposix/Makefile b/lang/luaposix/Makefile index 636daaf69..2379d6d3c 100644 --- a/lang/luaposix/Makefile +++ b/lang/luaposix/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luaposix -PKG_VERSION:=36.1 +PKG_VERSION:=36.2.1 PKG_RELEASE:=1 PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)? PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=e680ba9b9c7ae28c0598942cb00df7c7fbc70b82863bb55f028ea7dc101e39ac +PKG_HASH:=44e5087cd3c47058f9934b90c0017e4cf870b71619f99707dd433074622debb1 PKG_MAINTAINER:=Maxim Storchak PKG_LICENSE:=MIT PKG_LICENSE_FILES:=COPYING diff --git a/lang/luaposix/patches/900-disable-ldoc.patch b/lang/luaposix/patches/900-disable-ldoc.patch deleted file mode 100644 index 85d2aaa71..000000000 --- a/lang/luaposix/patches/900-disable-ldoc.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/lukefile -+++ b/lukefile -@@ -35,8 +35,6 @@ incdirs = { - '$LUA_INCDIR', - } - --ldocs = 'build-aux/config.ld.in' -- - modules = { - ['posix'] = 'lib/posix/init.lua', - ['posix._base'] = 'lib/posix/_base.lua', From 1c671bc10b5d3a3ca64d0d9a2ab0f1c5bdcdcf40 Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 4 Jul 2023 08:25:43 -0400 Subject: [PATCH 22/27] snort3: update to 3.1.65.0 Upstream bump Build system: x86_64 Build-tested: x86_64/AMD 5800U Run-tested: x86_64/AMD 5800U Signed-off-by: John Audia --- net/snort3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index bd888ec47..b32b11591 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.1.64.0 +PKG_VERSION:=3.1.65.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/ -PKG_HASH:=57be62557178526059ded86d0bebf8a57aa4a46db9390a48ae030b6e45f1dc61 +PKG_HASH:=c798e34703e1e6710fa7eecc4684f2cac58e310f85ce5d5f832945a036e7f542 PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=GPL-2.0-only From 2ee93efe5d8824ae7622265195c9e8fdbfb14c7d Mon Sep 17 00:00:00 2001 From: Zephyr Lykos Date: Tue, 4 Jul 2023 21:38:10 +0800 Subject: [PATCH 23/27] tailscale: update to 1.44.0 Signed-off-by: Zephyr Lykos --- net/tailscale/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile index 0199bd150..d07dc502d 100644 --- a/net/tailscale/Makefile +++ b/net/tailscale/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tailscale -PKG_VERSION:=1.42.0 +PKG_VERSION:=1.44.0 PKG_RELEASE:=1 PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=09de9bacda98de8d733cff162572b7eac857d13db783776ba2a2450a44ecc5e9 +PKG_HASH:=dc230cf3ac290140e573268a6e8f17124752ef064c8d3a86765a9dbb6f1bd354 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=BSD-3-Clause From 8168fc84df6521a33ef220f63dc65e7d01a196a5 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Fri, 26 May 2023 14:21:19 +0300 Subject: [PATCH 24/27] stress-ng: bump to version 0.15.10 Merged patches into a single one. Disabling libmpfr (which got added recently). To avoid potentially new build failures. And disabling test-compiler check. Signed-off-by: Alexandru Ardelean --- utils/stress-ng/Makefile | 4 ++-- .../patches/001-disable-extra-stressors.patch | 15 +++++++++++++++ .../patches/001-disable-gpu-stressor.patch | 11 ----------- .../patches/002-disable-compiler-test.patch | 13 +++++++++++++ utils/stress-ng/patches/002-disable-xxhash.patch | 11 ----------- 5 files changed, 30 insertions(+), 24 deletions(-) create mode 100644 utils/stress-ng/patches/001-disable-extra-stressors.patch delete mode 100644 utils/stress-ng/patches/001-disable-gpu-stressor.patch create mode 100644 utils/stress-ng/patches/002-disable-compiler-test.patch delete mode 100644 utils/stress-ng/patches/002-disable-xxhash.patch diff --git a/utils/stress-ng/Makefile b/utils/stress-ng/Makefile index 248468a86..0edf09f17 100644 --- a/utils/stress-ng/Makefile +++ b/utils/stress-ng/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stress-ng -PKG_VERSION:=0.15.06 +PKG_VERSION:=0.15.10 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ColinIanKing/stress-ng/tar.gz/refs/tags/V$(PKG_VERSION)? -PKG_HASH:=c38cefcf0a83f6c65aed7c36e57a9a1ee8373418ef71cf089a75b0661dcd4623 +PKG_HASH:=fcd86e1b8db5b2c22182cefbf4b3131a8599bff5bdd85edf776ec15c2d80e8f1 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=GPL-2.0-only diff --git a/utils/stress-ng/patches/001-disable-extra-stressors.patch b/utils/stress-ng/patches/001-disable-extra-stressors.patch new file mode 100644 index 000000000..b4ec4c303 --- /dev/null +++ b/utils/stress-ng/patches/001-disable-extra-stressors.patch @@ -0,0 +1,15 @@ +--- a/Makefile.config ++++ b/Makefile.config +@@ -319,9 +319,9 @@ compiler: configdir + libraries: \ + compiler \ + LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ +- LIB_EGL LIB_GBM LIB_GLES2 LIB_IPSEC_MB LIB_JPEG \ +- LIB_JUDY LIB_KMOD LIB_MD LIB_MPFR LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ +- LIB_RT LIB_SCTP LIB_XXHASH LIB_Z ++ LIB_IPSEC_MB LIB_JPEG \ ++ LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ ++ LIB_RT LIB_SCTP LIB_Z + + LIB_AIO: compiler + $(call check,test-libaio,HAVE_LIB_AIO,$(LIB_AIO),$(LIB_AIO)) diff --git a/utils/stress-ng/patches/001-disable-gpu-stressor.patch b/utils/stress-ng/patches/001-disable-gpu-stressor.patch deleted file mode 100644 index 4fc4941e0..000000000 --- a/utils/stress-ng/patches/001-disable-gpu-stressor.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile.config -+++ b/Makefile.config -@@ -264,7 +264,7 @@ clean: - libraries: \ - configdir \ - LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ -- LIB_EGL LIB_GBM LIB_GLES2 LIB_IPSEC_MB LIB_JPEG \ -+ LIB_IPSEC_MB LIB_JPEG \ - LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ - LIB_RT LIB_SCTP LIB_XXHASH LIB_Z - diff --git a/utils/stress-ng/patches/002-disable-compiler-test.patch b/utils/stress-ng/patches/002-disable-compiler-test.patch new file mode 100644 index 000000000..886b3a649 --- /dev/null +++ b/utils/stress-ng/patches/002-disable-compiler-test.patch @@ -0,0 +1,13 @@ +--- a/Makefile.config ++++ b/Makefile.config +@@ -309,10 +309,6 @@ clean: + @rm -rf $(CONFIGS) config config.h + + compiler: configdir +- @echo "checking compiler ..." +- @$(CC) test/test-compiler.c -o test/test-compiler +- @echo "" > $(CONFIGS)/$$(./test/test-compiler) +- @rm -f test/test-compiler + $(call check,test-glibc,HAVE_GLIBC,using glibc) + + .PHONY: libraries diff --git a/utils/stress-ng/patches/002-disable-xxhash.patch b/utils/stress-ng/patches/002-disable-xxhash.patch deleted file mode 100644 index d24e6f062..000000000 --- a/utils/stress-ng/patches/002-disable-xxhash.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile.config -+++ b/Makefile.config -@@ -266,7 +266,7 @@ libraries: \ - LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \ - LIB_IPSEC_MB LIB_JPEG \ - LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \ -- LIB_RT LIB_SCTP LIB_XXHASH LIB_Z -+ LIB_RT LIB_SCTP LIB_Z - - LIB_AIO: - $(call check,test-libaio,HAVE_LIB_AIO,$(LIB_AIO),$(LIB_AIO)) From 8bd6e23fad2aaeb7158a054b1c8426b3508ad8f8 Mon Sep 17 00:00:00 2001 From: Volker Christian Date: Sat, 8 Jul 2023 10:02:58 +0200 Subject: [PATCH 25/27] Nlohmannjson: Update to version 3.11.2 Compile tested: OpenWRT-23.05-rc2, arm_cortex-a7_neon-vfpv4, mips_24kc Run tested: arm_cortex-a7_neon-vfpv4 (Linksys MR8300), mips_24kc (tplink_archer-a7), OpenWrt 23.05-rc2) * Update package nlohmannjson to version 3.11.2. * Version 3.11.2 is source compatible with 3.10.2 so no package should fail to compile * From version 3.11.2 on forward template declarations are collected in the file json_fwd.hpp. The json.hpp still contains all template definitions. Because in most compilation units of a software package only the file json_fwd.hpp needs to be included, the compilation process is accelerated a lot. Signed-off-by: Volker Christian --- libs/nlohmannjson/Makefile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libs/nlohmannjson/Makefile b/libs/nlohmannjson/Makefile index 26101344b..c88257a32 100644 --- a/libs/nlohmannjson/Makefile +++ b/libs/nlohmannjson/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nlohmannjson -PKG_VERSION:=3.10.2 -PKG_RELEASE:=2 +PKG_VERSION:=3.11.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip PKG_SOURCE_URL:=https://codeload.github.com/nlohmann/json/zip/v$(PKG_VERSION)? -PKG_HASH:=6e407a7a7a6fe2f20396270ed561afeda03cd238ccb32ad94b7f985b0aa113fe +PKG_HASH:=95651d7d1fcf2e5c3163c3d37df6d6b3e9e5027299e6bd050d157322ceda9ac9 PKG_BUILD_DIR:=$(BUILD_DIR)/json-$(PKG_VERSION) PKG_MAINTAINER:=Leonid Esman @@ -34,9 +34,10 @@ endef define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include/nlohmann - $(CP) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json.hpp $(1)/usr/include/nlohmann + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json.hpp $(1)/usr/include/nlohmann + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json_fwd.hpp $(1)/usr/include/nlohmann $(INSTALL_DIR) $(1)/usr/lib/pkgconfig - $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/nlohmann_json.pc $(1)/usr/lib/pkgconfig + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/nlohmann_json.pc $(1)/usr/lib/pkgconfig endef $(eval $(call BuildPackage,nlohmannjson)) From b883a6941333ceb99c8e0a38a75cfda4c8f595e6 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sun, 9 Jul 2023 16:43:45 +0200 Subject: [PATCH 26/27] libaio: opt out of lto usage Signed-off-by: Javier Marcet --- libs/libaio/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/libaio/Makefile b/libs/libaio/Makefile index e83687677..2ecbf6d14 100644 --- a/libs/libaio/Makefile +++ b/libs/libaio/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libaio PKG_VERSION:=0.3.113 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://releases.pagure.org/libaio @@ -20,7 +20,7 @@ PKG_LICENSE:=LGPL-2.1-only PKG_LICENSE_FILES:=COPYING PKG_BUILD_PARALLEL:=1 -PKG_BUILD_FLAGS:=no-mips16 +PKG_BUILD_FLAGS:=no-mips16 no-lto PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk From 7709b85f86f7ce2da5a86f2d5d1fcdd77c5089a1 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 1 Jul 2023 11:30:42 -0700 Subject: [PATCH 27/27] lua-rs232: fix compilation with GCC13 Patch taken from upstream. Signed-off-by: Rosen Penev --- lang/lua-rs232/Makefile | 2 +- lang/lua-rs232/patches/010-gcc13.patch | 56 ++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 lang/lua-rs232/patches/010-gcc13.patch diff --git a/lang/lua-rs232/Makefile b/lang/lua-rs232/Makefile index 654e21ca1..6d0ec7e4d 100644 --- a/lang/lua-rs232/Makefile +++ b/lang/lua-rs232/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lua-rs232 PKG_SOURCE_DATE:=2019-11-20 PKG_SOURCE_VERSION:=c106c94d1a5a84e8582c936528303528608776c2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/srdgame/librs232 diff --git a/lang/lua-rs232/patches/010-gcc13.patch b/lang/lua-rs232/patches/010-gcc13.patch new file mode 100644 index 000000000..32da13762 --- /dev/null +++ b/lang/lua-rs232/patches/010-gcc13.patch @@ -0,0 +1,56 @@ +From 3467c3c354263b066ad47bddfe6eb869c0111e0d Mon Sep 17 00:00:00 2001 +From: Damian Wrobel +Date: Tue, 24 Jan 2023 10:19:16 +0100 +Subject: [PATCH] Fix rs232_set_* prototypes mismatch + +Fixes compilation error on gcc 13 (excerpt): + rs232_posix.c:490:1: error: conflicting types for 'rs232_set_baud' \ + due to enum/integer mismatch; have 'unsigned int(struct rs232_port_t *, \ + enum rs232_baud_e)' [-Werror=enum-int-mismatch] + 490 | rs232_set_baud(struct rs232_port_t *p, enum rs232_baud_e baud) + | ^~~~~~~~~~~~~~ + In file included from rs232_posix.c:39: + ../include/librs232/rs232.h:203:24: note: previous declaration of \ + 'rs232_set_baud' with type 'unsigned int(struct rs232_port_t *, unsigned int)' + 203 | RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, unsigned int baud); + | ^~~~~~~~~~~~~~ + + rs232_posix.c:591:1: error: conflicting types for 'rs232_set_dtr' \ + due to enum/integer mismatch; have 'unsigned int(struct rs232_port_t *, \ + enum rs232_dtr_e)' [-Werror=enum-int-mismatch] + 591 | rs232_set_dtr(struct rs232_port_t *p, enum rs232_dtr_e state) + | ^~~~~~~~~~~~~ + In file included from rs232_posix.c:39: + ../include/librs232/rs232.h:208:24: note: previous declaration of 'rs232_set_dtr' \ + with type 'unsigned int(struct rs232_port_t *, unsigned int)' + 208 | RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, unsigned int dtr); + | ^~~~~~~~~~~~~ + +Signed-off-by: Damian Wrobel +--- + include/librs232/rs232.h | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/include/librs232/rs232.h ++++ b/include/librs232/rs232.h +@@ -200,13 +200,13 @@ RS232_LIB unsigned int rs232_port_open(s + RS232_LIB unsigned int rs232_close(struct rs232_port_t *p); + RS232_LIB unsigned int rs232_flush(struct rs232_port_t *p); + RS232_LIB void rs232_set_device(struct rs232_port_t *p, const char *device); +-RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, unsigned int baud); +-RS232_LIB unsigned int rs232_set_stop(struct rs232_port_t *p, unsigned int stop); +-RS232_LIB unsigned int rs232_set_data(struct rs232_port_t *p, unsigned int data); +-RS232_LIB unsigned int rs232_set_parity(struct rs232_port_t *p, unsigned int parity); +-RS232_LIB unsigned int rs232_set_flow(struct rs232_port_t *p, unsigned int flow); +-RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, unsigned int dtr); +-RS232_LIB unsigned int rs232_set_rts(struct rs232_port_t *p, unsigned int rts); ++RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, enum rs232_baud_e baud); ++RS232_LIB unsigned int rs232_set_stop(struct rs232_port_t *p, enum rs232_stop_e stop); ++RS232_LIB unsigned int rs232_set_data(struct rs232_port_t *p, enum rs232_data_e data); ++RS232_LIB unsigned int rs232_set_parity(struct rs232_port_t *p, enum rs232_parity_e parity); ++RS232_LIB unsigned int rs232_set_flow(struct rs232_port_t *p, enum rs232_flow_e flow); ++RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, enum rs232_dtr_e state); ++RS232_LIB unsigned int rs232_set_rts(struct rs232_port_t *p, enum rs232_rts_e state); + RS232_LIB const char * rs232_get_device(struct rs232_port_t *p); + RS232_LIB unsigned int rs232_get_baud(struct rs232_port_t *p); + RS232_LIB unsigned int rs232_get_stop(struct rs232_port_t *p);