diff --git a/net/banip/Makefile b/net/banip/Makefile index 0c9f4460f..ceadbc0fd 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.9.1 +PKG_VERSION:=0.9.2 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken @@ -16,7 +16,7 @@ define Package/banip SECTION:=net CATEGORY:=Network TITLE:=banIP blocks IPs via named nftables Sets - DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +logd +rpcd +rpcd-mod-rpcsys + DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +rpcd +rpcd-mod-rpcsys PKGARCH:=all endef diff --git a/net/banip/files/README.md b/net/banip/files/README.md index d65e6e391..eb5e8cf65 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -91,7 +91,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre * Supports allowing / blocking of certain VLAN forwards ## Prerequisites -* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support +* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support * A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default * For E-Mail notifications you need to install and setup the additional 'msmtp' package @@ -134,62 +134,63 @@ Available commands: ## banIP config options -| Option | Type | Default | Description | -| :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- | -| ban_enabled | option | 0 | enable the banIP service | -| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) | -| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) | -| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor | -| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious | -| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) | -| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets | -| ban_debug | option | 0 | enable banIP related debug logging | -| ban_loginput | option | 1 | log drops in the wan-input chain | -| ban_logforwardwan | option | 1 | log drops in the wan-forward chain | -| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain | -| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) | -| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) | -| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP | -| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all | -| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs | -| ban_basedir | option | /tmp | base working directory while banIP processing | -| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files | -| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files | -| ban_protov4 | option | - / autodetect | enable IPv4 support | -| ban_protov6 | option | - / autodetect | enable IPv4 support | -| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' | -| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' | -| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' | -| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 | -| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 | -| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' | -| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot | -| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets | -| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) | -| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) | -| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug | -| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) | -| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance | -| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' | -| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) | -| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' | -| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' | -| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' | -| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic | -| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' | -| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' | -| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' | -| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' | -| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility | -| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) | -| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download | -| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails | -| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails | -| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails | -| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails | -| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run | -| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly | -| ban_resolver | option | - | external resolver used for DNS lookups | +| Option | Type | Default | Description | +| :---------------------- | :----- | :---------------------------- | :---------------------------------------------------------------------------------------------------------------- | +| ban_enabled | option | 0 | enable the banIP service | +| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) | +| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) | +| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor | +| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious | +| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) | +| ban_logreadfile | option | /var/log/messages | alternative location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread | +| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets | +| ban_debug | option | 0 | enable banIP related debug logging | +| ban_loginput | option | 1 | log drops in the wan-input chain | +| ban_logforwardwan | option | 1 | log drops in the wan-forward chain | +| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain | +| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) | +| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) | +| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP | +| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all | +| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs | +| ban_basedir | option | /tmp | base working directory while banIP processing | +| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files | +| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files | +| ban_protov4 | option | - / autodetect | enable IPv4 support | +| ban_protov6 | option | - / autodetect | enable IPv4 support | +| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' | +| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' | +| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' | +| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 | +| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 | +| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' | +| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot | +| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets | +| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) | +| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) | +| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug | +| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) | +| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance | +| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' | +| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) | +| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' | +| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' | +| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' | +| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic | +| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' | +| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' | +| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' | +| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' | +| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility | +| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) | +| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download | +| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails | +| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails | +| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails | +| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails | +| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run | +| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly | +| ban_resolver | option | - | external resolver used for DNS lookups | ## Examples **banIP report information** diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index c0c4ea959..c75a2b564 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -23,7 +23,8 @@ ban_rtfile="/var/run/banip_runtime.json" ban_rdapfile="/var/run/banip_rdap.json" ban_rdapurl="https://rdap.db.ripe.net/ip/" ban_lock="/var/run/banip.lock" -ban_logreadcmd="$(command -v logread)" +ban_logreadfile="/var/log/messages" +ban_logreadcmd="" ban_logcmd="$(command -v logger)" ban_ubuscmd="$(command -v ubus)" ban_nftcmd="$(command -v nft)" @@ -188,7 +189,12 @@ f_rmpid() { local ppid pid pids ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" - [ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" + if [ -n "${ppid}" ]; then + pids="$(pgrep -P "${ppid}" 2>/dev/null)" + for pid in ${pids}; do + pids="${pids} $(pgrep -P "${pid}" 2>/dev/null)" + done + fi for pid in ${pids}; do kill -INT "${pid}" >/dev/null 2>&1 done @@ -283,19 +289,25 @@ f_conf() { } } config_load banip + [ -f "${ban_logreadfile}" ] && ban_logreadcmd="$(command -v tail)" || ban_logreadcmd="$(command -v logread)" } # get nft/monitor actuals # f_actual() { - local nft monitor + local nft monitor ppid pid if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then nft="$(f_char "1")" else nft="$(f_char "0")" fi - if pgrep -f "${ban_logreadcmd##*/}" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then + + ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" + if [ -n "${ppid}" ]; then + pid="$(pgrep -oP "${ppid}" 2>/dev/null)" + fi + if pgrep -f "${ban_logreadcmd##*/}" -P "${pid}" >/dev/null 2>&1; then monitor="$(f_char "1")" else monitor="$(f_char "0")" @@ -1471,12 +1483,20 @@ f_mail() { # log monitor # f_monitor() { - local nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info + local logread_cmd loglimit_cmd nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info - if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then - f_log "info" "start detached banIP log service" + if [ -f "${ban_logreadfile}" ]; then + logread_cmd="${ban_logreadcmd} -qf ${ban_logreadfile} 2>/dev/null | ${ban_grepcmd} -e \"${ban_logterm%%??}\" 2>/dev/null" + loglimit_cmd="${ban_logreadcmd} -qn ${ban_loglimit} ${ban_logreadfile} 2>/dev/null" + elif printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"logd'; then + logread_cmd="${ban_logreadcmd} -fe \"${ban_logterm%%??}\" 2>/dev/null" + loglimit_cmd="${ban_logreadcmd} -l ${ban_loglimit} 2>/dev/null" + fi + + if [ -x "${ban_logreadcmd}" ] && [ -n "${logread_cmd}" ] && [ -n "${loglimit_cmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then + f_log "info" "start detached banIP log service (${ban_logreadcmd})" [ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")" - "${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null | + eval "${logread_cmd}" | while read -r line; do : >"${ban_rdapfile}" proto="" @@ -1492,7 +1512,7 @@ f_monitor() { fi if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1 && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; then f_log "info" "suspicious IP '${ip}'" - log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)" + log_raw="$(eval ${loglimit_cmd})" log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")" if [ "${log_count}" -ge "${ban_logcount}" ]; then if [ "${ban_autoblocksubnet}" = "1" ]; then diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile index 04bbd4bec..10dd9316c 100644 --- a/net/dnsproxy/Makefile +++ b/net/dnsproxy/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsproxy PKG_VERSION:=0.56.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? @@ -49,6 +49,8 @@ define Package/dnsproxy/install $(INSTALL_CONF) $(CURDIR)/files/dnsproxy.config $(1)/etc/config/dnsproxy $(INSTALL_DIR) $(1)/etc/init.d/ $(INSTALL_BIN) $(CURDIR)/files/dnsproxy.init $(1)/etc/init.d/dnsproxy + $(INSTALL_DIR) $(1)/etc/uci-defaults/ + $(INSTALL_BIN) $(CURDIR)/files/dnsproxy.defaults $(1)/etc/uci-defaults/80-dnsproxy-migration endef define Package/dnsproxy/conffiles diff --git a/net/dnsproxy/files/dnsproxy.config b/net/dnsproxy/files/dnsproxy.config index a9fa02028..90feb94d4 100644 --- a/net/dnsproxy/files/dnsproxy.config +++ b/net/dnsproxy/files/dnsproxy.config @@ -3,13 +3,16 @@ config dnsproxy 'global' option enabled '0' - option listen_addr '127.0.0.1' - option listen_port '5353' + list listen_addr '127.0.0.1' + list listen_addr '::1' + list listen_port '5353' option log_file '' option all_servers '0' option fastest_addr '0' + option http3 '0' option insecure '0' option ipv6_disabled '0' + option timeout '' option max_go_routines '' option rate_limit '' option refuse_any '0' diff --git a/net/dnsproxy/files/dnsproxy.defaults b/net/dnsproxy/files/dnsproxy.defaults new file mode 100644 index 000000000..7ce089f1a --- /dev/null +++ b/net/dnsproxy/files/dnsproxy.defaults @@ -0,0 +1,8 @@ +#!/bin/sh + +[ -s "/etc/config/dnsproxy" ] || exit 0 + +#Migrate options 'listen_addr' 'listen_port' to list type +sed -i -e "s,option listen_addr,list listen_addr,g" \ + -e "s,option listen_port,list listen_port,g" "/etc/config/dnsproxy" +exit 0 diff --git a/net/dnsproxy/files/dnsproxy.init b/net/dnsproxy/files/dnsproxy.init index 1514ee152..fc04ac9a6 100644 --- a/net/dnsproxy/files/dnsproxy.init +++ b/net/dnsproxy/files/dnsproxy.init @@ -44,6 +44,7 @@ append_param_bool() { load_config_arg() { append_param_bool "$1" "all_servers" append_param_bool "$1" "fastest_addr" + append_param_bool "$1" "http3" append_param_bool "$1" "insecure" append_param_bool "$1" "ipv6_disabled" append_param_bool "$1" "refuse_any" @@ -51,6 +52,18 @@ load_config_arg() { } load_config_list() { + if is_empty "global" "listen_addr"; then + append_param "--listen" "127.0.0.1" + else + config_list_foreach "global" "listen_addr" "append_param '--listen'" + fi + + if is_empty "global" "listen_port"; then + append_param "--port" "5353" + else + config_list_foreach "global" "listen_port" "append_param '--port'" + fi + is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'" for i in "bootstrap" "fallback" "upstream"; do @@ -59,9 +72,8 @@ load_config_list() { } load_config_param() { - append_param_arg "global" "listen_addr" "--listen" "127.0.0.1" - append_param_arg "global" "listen_port" "--port" "5353" append_param_arg "global" "log_file" "--output" + append_param_arg "global" "timeout" "--timeout" append_param_arg "global" "max_go_routines" "--max-go-routines" append_param_arg "global" "rate_limit" "--ratelimit" append_param_arg "global" "udp_buf_size" "--udp-buf-size" diff --git a/net/gensio/Makefile b/net/gensio/Makefile index b193a0492..6fca78e9c 100644 --- a/net/gensio/Makefile +++ b/net/gensio/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gensio -PKG_VERSION:=2.4.2 +PKG_VERSION:=2.7.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/ser2net -PKG_HASH:=2593c1e7beaec3a0a4acbf60f94bbf64b99883d86f172a3b584eba5f67441b4b +PKG_HASH:=7574fb710ddd6580d53ea44af4ddfc57f28dbcdc646d842f7ed8ccc1235fdf89 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING @@ -39,15 +39,25 @@ include $(INCLUDE_DIR)/package.mk include ../../lang/python/python3-package.mk CONFIGURE_ARGS += \ + --$(if $(CONFIG_GENSIO_AVAHI),with,without)-avahi \ --$(if $(CONFIG_GENSIO_SSL),with,without)-openssl \ --$(if $(CONFIG_GENSIO_SCTP),with,without)-sctp \ --$(if $(CONFIG_GENSIO_WRAP),with,without)-tcp-wrappers \ --$(if $(CONFIG_GENSIO_PTHREADS),with,without)-pthreads \ --$(if $(CONFIG_GENSIO_GLIB),with,without)-glib \ --$(if $(CONFIG_GENSIO_TCL),with,without)-tcl \ + --without-afskmdm \ + --without-ax25 \ + --without-alsa \ --without-go \ + --without-ipmisol \ + --without-kiss \ --without-openipmi \ + --without-portaudio \ + --without-sound \ --with-cplusplus \ + --with-flock-locking \ + --with-uucp-locking \ --disable-doc CONFIGURE_VARS += \ @@ -161,8 +171,9 @@ endef define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include/gensio/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/gensio/* $(1)/usr/include/gensio/ - $(INSTALL_DIR) $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/lib/gensio $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.{so*,a,la} $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/gensio/* $(1)/usr/lib/gensio/ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/* $(1)/usr/lib/pkgconfig/ ifneq ($(CONFIG_PACKAGE_python3-gensio),) @@ -173,8 +184,11 @@ endif endef define Package/libgensio/install - $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_DIR) $(1)/usr/lib/gensio $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensio.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensioosh.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensiomdns.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/gensio/* $(1)/usr/lib/gensio/ ifeq ($(CONFIG_GENSIO_GLIB),y) $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensioglib.so.* $(1)/usr/lib/ endif @@ -200,7 +214,7 @@ endef define Package/libgensiocpp/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensiocpp.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensio*cpp.so.* $(1)/usr/lib/ endef $(eval $(call BuildPackage,libgensio)) diff --git a/net/gensio/patches/100-musl-compat.patch b/net/gensio/patches/100-musl-compat.patch deleted file mode 100644 index da61fe741..000000000 --- a/net/gensio/patches/100-musl-compat.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/tools/gensiotool.c -+++ b/tools/gensiotool.c -@@ -44,7 +44,7 @@ - #include - #include - #include --#include -+#include - #include - #endif - diff --git a/net/iperf3-mt/Makefile b/net/iperf3-mt/Makefile new file mode 100644 index 000000000..42ff05635 --- /dev/null +++ b/net/iperf3-mt/Makefile @@ -0,0 +1,104 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +# Copyright (C) 2023 Jonas Jelonek + +include $(TOPDIR)/rules.mk + +PKG_NAME:=iperf +PKG_VERSION:=3.15-mt-beta1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/esnet/iperf/tar.gz/$(PKG_NAME)-$(PKG_VERSION)? +PKG_HASH:=4d5ad5bef9321adb832581a495c3cb1b5dec9d9678296f90bfc87166bbb7a43b + +PKG_MAINTAINER:=Jonas Jelonek +PKG_LICENSE:=BSD-3-Clause +PKG_CPE_ID:=cpe:/a:es:iperf3 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION) +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +PKG_FIXUP:=autoreconf + +include $(INCLUDE_DIR)/package.mk + +DISABLE_NLS:= + +define Package/iperf3-mt/default + SECTION:=net + CATEGORY:=Network + TITLE:=iperf3 with multithreading + URL:=https://github.com/esnet/iperf + CONFLICTS:=iperf3 iperf3-ssl +endef + +define Package/iperf3-mt +$(call Package/iperf3-mt/default) + VARIANT:=nossl + DEPENDS:=+libiperf3-mt + CONFLICTS+=iperf3-mt-ssl +endef + +define Package/iperf3-mt-ssl +$(call Package/iperf3-mt/default) + TITLE+= and iperf_auth support + VARIANT:=ssl + DEPENDS:=+libopenssl +libatomic +endef + +define Package/libiperf3-mt + SECTION:=libs + CATEGORY:=Libraries + TITLE:=libiperf3 with multithreading + URL:=https://github.com/esnet/iperf + CONFLICTS:=libiperf3 + DEPENDS+=+libatomic +endef + +TARGET_CFLAGS += -D_GNU_SOURCE +TARGET_LDFLAGS += -latomic + +ifeq ($(BUILD_VARIANT),ssl) + CONFIGURE_ARGS += --with-openssl="$(STAGING_DIR)/usr" --disable-shared +else + CONFIGURE_ARGS += --without-openssl +endif + +MAKE_FLAGS += noinst_PROGRAMS= + +define Package/iperf3-mt/description + iPerf3 is a modern alternative for measuring TCP and UDP bandwidth + performance, allowing the tuning of various parameters and + characteristics. + iperf3-mt has experimental multithreading support. +endef + +define Package/libiperf3-mt/description + Libiperf is a library providing an API for iperf3 functionality. +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiperf.* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ +endef + +define Package/iperf3-mt/install/Default + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/ +endef + +Package/iperf3-mt/install = $(Package/iperf3-mt/install/Default) +Package/iperf3-mt-ssl/install = $(Package/iperf3-mt/install/Default) + +define Package/libiperf3-mt/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiperf.so.* $(1)/usr/lib +endef + +$(eval $(call BuildPackage,iperf3-mt)) +$(eval $(call BuildPackage,iperf3-mt-ssl)) +$(eval $(call BuildPackage,libiperf3-mt)) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index c106257bf..d175b4c4b 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.11 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -41,6 +41,7 @@ PKG_MOD_AVAILABLE:= \ dnskey \ drbg \ duplicheck \ + eap-dynamic \ eap-identity \ eap-md5 \ eap-mschapv2 \ @@ -183,6 +184,7 @@ $(call Package/strongswan/Default) +strongswan-mod-dnskey \ +strongswan-mod-drbg \ +strongswan-mod-duplicheck \ + +strongswan-mod-eap-dynamic \ +strongswan-mod-eap-identity \ +strongswan-mod-eap-md5 \ +strongswan-mod-eap-mschapv2 \ @@ -681,6 +683,7 @@ $(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,)) $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,)) $(eval $(call BuildPlugin,drbg,Deterministic random bit generator,,)) $(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,)) +$(eval $(call BuildPlugin,eap-dynamic,EAP dynamic selector,)) $(eval $(call BuildPlugin,eap-identity,EAP identity helper,)) $(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,)) $(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,+strongswan-mod-md4 +strongswan-mod-des))