Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'openwrt:master' into master

Browse source
This commit is contained in:
Hayzam Sherif 2023-11-05 19:24:26 +04:00 committed by GitHub
commit 8c94ab1da7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 246 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
net/banip/Makefile
View file

@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.9.1
PKG_VERSION:=0.9.2
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
@ -16,7 +16,7 @@ define Package/banip
SECTION:=net
CATEGORY:=Network
TITLE:=banIP blocks IPs via named nftables Sets
DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +logd +rpcd +rpcd-mod-rpcsys
DEPENDS:=+jshn +jsonfilter +firewall4 +ca-bundle +rpcd +rpcd-mod-rpcsys
PKGARCH:=all
endef

115
net/banip/files/README.md
View file

@ -91,7 +91,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* Supports allowing / blocking of certain VLAN forwards
## Prerequisites
* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support
* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support
* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header
* A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
* For E-Mail notifications you need to install and setup the additional 'msmtp' package
@ -134,62 +134,63 @@ Available commands:
## banIP config options
| Option | Type | Default | Description |
| :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- |
| ban_enabled | option | 0 | enable the banIP service |
| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor |
| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
| ban_debug | option | 0 | enable banIP related debug logging |
| ban_loginput | option | 1 | log drops in the wan-input chain |
| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) |
| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP |
| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all |
| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs |
| ban_basedir | option | /tmp | base working directory while banIP processing |
| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
| ban_protov4 | option | - / autodetect | enable IPv4 support |
| ban_protov6 | option | - / autodetect | enable IPv4 support |
| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 |
| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 |
| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' |
| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot |
| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets |
| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) |
| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance |
| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic |
| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) |
| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly |
| ban_resolver | option | - | external resolver used for DNS lookups |
| Option | Type | Default | Description |
| :---------------------- | :----- | :---------------------------- | :---------------------------------------------------------------------------------------------------------------- |
| ban_enabled | option | 0 | enable the banIP service |
| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
| ban_loglimit | option | 100 | scan only the last n log entries permanently. A value of '0' disables the monitor |
| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
| ban_logreadfile | option | /var/log/messages | alternative location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread |
| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
| ban_debug | option | 0 | enable banIP related debug logging |
| ban_loginput | option | 1 | log drops in the wan-input chain |
| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) |
| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
| ban_autoblocksubnet | option | 0 | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP |
| ban_autoallowuplink | option | subnet | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all |
| ban_allowlistonly | option | 0 | restrict the internet access from/to a given number of secure websites/IPs |
| ban_basedir | option | /tmp | base working directory while banIP processing |
| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
| ban_protov4 | option | - / autodetect | enable IPv4 support |
| ban_protov6 | option | - / autodetect | enable IPv4 support |
| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
| ban_vlanallow | list | - | always allow certain VLAN forwards, e.g. br-lan.20 |
| ban_vlanblock | list | - | always block certain VLAN forwards, e.g. br-lan.10 |
| ban_trigger | list | - | logical reload trigger interface(s), e.g. 'wan' |
| ban_triggerdelay | option | 10 | trigger timeout during interface reload and boot |
| ban_deduplicate | option | 1 | deduplicate IP addresses across all active Sets |
| ban_splitsize | option | 0 | split ext. Sets after every n lines/members (saves RAM) |
| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
| ban_nftpolicy | option | memory | nft policy for banIP-related Sets, values: memory, performance |
| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
| ban_blocktype | option | drop | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic |
| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) |
| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
| ban_reportelements | option | 1 | count Set elements in the report, disable this option to speed up the report significantly |
| ban_resolver | option | - | external resolver used for DNS lookups |
## Examples
**banIP report information**

38
net/banip/files/banip-functions.sh
View file

@ -23,7 +23,8 @@ ban_rtfile="/var/run/banip_runtime.json"
ban_rdapfile="/var/run/banip_rdap.json"
ban_rdapurl="https://rdap.db.ripe.net/ip/"
ban_lock="/var/run/banip.lock"
ban_logreadcmd="$(command -v logread)"
ban_logreadfile="/var/log/messages"
ban_logreadcmd=""
ban_logcmd="$(command -v logger)"
ban_ubuscmd="$(command -v ubus)"
ban_nftcmd="$(command -v nft)"
@ -188,7 +189,12 @@ f_rmpid() {
local ppid pid pids
ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
[ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)"
if [ -n "${ppid}" ]; then
pids="$(pgrep -P "${ppid}" 2>/dev/null)"
for pid in ${pids}; do
pids="${pids} $(pgrep -P "${pid}" 2>/dev/null)"
done
fi
for pid in ${pids}; do
kill -INT "${pid}" >/dev/null 2>&1
done
@ -283,19 +289,25 @@ f_conf() {
}
}
config_load banip
[ -f "${ban_logreadfile}" ] && ban_logreadcmd="$(command -v tail)" || ban_logreadcmd="$(command -v logread)"
}
# get nft/monitor actuals
#
f_actual() {
local nft monitor
local nft monitor ppid pid
if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then
nft="$(f_char "1")"
else
nft="$(f_char "0")"
fi
if pgrep -f "${ban_logreadcmd##*/}" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then
ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
if [ -n "${ppid}" ]; then
pid="$(pgrep -oP "${ppid}" 2>/dev/null)"
fi
if pgrep -f "${ban_logreadcmd##*/}" -P "${pid}" >/dev/null 2>&1; then
monitor="$(f_char "1")"
else
monitor="$(f_char "0")"
@ -1471,12 +1483,20 @@ f_mail() {
# log monitor
#
f_monitor() {
local nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info
local logread_cmd loglimit_cmd nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info
if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
f_log "info" "start detached banIP log service"
if [ -f "${ban_logreadfile}" ]; then
logread_cmd="${ban_logreadcmd} -qf ${ban_logreadfile} 2>/dev/null | ${ban_grepcmd} -e \"${ban_logterm%%??}\" 2>/dev/null"
loglimit_cmd="${ban_logreadcmd} -qn ${ban_loglimit} ${ban_logreadfile} 2>/dev/null"
elif printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"logd'; then
logread_cmd="${ban_logreadcmd} -fe \"${ban_logterm%%??}\" 2>/dev/null"
loglimit_cmd="${ban_logreadcmd} -l ${ban_loglimit} 2>/dev/null"
fi
if [ -x "${ban_logreadcmd}" ] && [ -n "${logread_cmd}" ] && [ -n "${loglimit_cmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
f_log "info" "start detached banIP log service (${ban_logreadcmd})"
[ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")"
"${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null |
eval "${logread_cmd}" |
while read -r line; do
: >"${ban_rdapfile}"
proto=""
@ -1492,7 +1512,7 @@ f_monitor() {
fi
if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1 && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; then
f_log "info" "suspicious IP '${ip}'"
log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)"
log_raw="$(eval ${loglimit_cmd})"
log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")"
if [ "${log_count}" -ge "${ban_logcount}" ]; then
if [ "${ban_autoblocksubnet}" = "1" ]; then

4
net/dnsproxy/Makefile
View file

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsproxy
PKG_VERSION:=0.56.2
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
@ -49,6 +49,8 @@ define Package/dnsproxy/install
$(INSTALL_CONF) $(CURDIR)/files/dnsproxy.config $(1)/etc/config/dnsproxy
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) $(CURDIR)/files/dnsproxy.init $(1)/etc/init.d/dnsproxy
$(INSTALL_DIR) $(1)/etc/uci-defaults/
$(INSTALL_BIN) $(CURDIR)/files/dnsproxy.defaults $(1)/etc/uci-defaults/80-dnsproxy-migration
endef
define Package/dnsproxy/conffiles

7
net/dnsproxy/files/dnsproxy.config
View file

@ -3,13 +3,16 @@
config dnsproxy 'global'
option enabled '0'
option listen_addr '127.0.0.1'
option listen_port '5353'
list listen_addr '127.0.0.1'
list listen_addr '::1'
list listen_port '5353'
option log_file ''
option all_servers '0'
option fastest_addr '0'
option http3 '0'
option insecure '0'
option ipv6_disabled '0'
option timeout ''
option max_go_routines ''
option rate_limit ''
option refuse_any '0'

8
net/dnsproxy/files/dnsproxy.defaults Normal file
View file

@ -0,0 +1,8 @@
#!/bin/sh
[ -s "/etc/config/dnsproxy" ] || exit 0
#Migrate options 'listen_addr' 'listen_port' to list type
sed -i -e "s,option listen_addr,list listen_addr,g" \
-e "s,option listen_port,list listen_port,g" "/etc/config/dnsproxy"
exit 0

16
net/dnsproxy/files/dnsproxy.init
View file

@ -44,6 +44,7 @@ append_param_bool() {
load_config_arg() {
append_param_bool "$1" "all_servers"
append_param_bool "$1" "fastest_addr"
append_param_bool "$1" "http3"
append_param_bool "$1" "insecure"
append_param_bool "$1" "ipv6_disabled"
append_param_bool "$1" "refuse_any"
@ -51,6 +52,18 @@ load_config_arg() {
}
load_config_list() {
if is_empty "global" "listen_addr"; then
append_param "--listen" "127.0.0.1"
else
config_list_foreach "global" "listen_addr" "append_param '--listen'"
fi
if is_empty "global" "listen_port"; then
append_param "--port" "5353"
else
config_list_foreach "global" "listen_port" "append_param '--port'"
fi
is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
for i in "bootstrap" "fallback" "upstream"; do
@ -59,9 +72,8 @@ load_config_list() {
}
load_config_param() {
append_param_arg "global" "listen_addr" "--listen" "127.0.0.1"
append_param_arg "global" "listen_port" "--port" "5353"
append_param_arg "global" "log_file" "--output"
append_param_arg "global" "timeout" "--timeout"
append_param_arg "global" "max_go_routines" "--max-go-routines"
append_param_arg "global" "rate_limit" "--ratelimit"
append_param_arg "global" "udp_buf_size" "--udp-buf-size"

24
net/gensio/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gensio
PKG_VERSION:=2.4.2
PKG_VERSION:=2.7.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/ser2net
PKG_HASH:=2593c1e7beaec3a0a4acbf60f94bbf64b99883d86f172a3b584eba5f67441b4b
PKG_HASH:=7574fb710ddd6580d53ea44af4ddfc57f28dbcdc646d842f7ed8ccc1235fdf89
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
@ -39,15 +39,25 @@ include $(INCLUDE_DIR)/package.mk
include ../../lang/python/python3-package.mk
CONFIGURE_ARGS += \
--$(if $(CONFIG_GENSIO_AVAHI),with,without)-avahi \
--$(if $(CONFIG_GENSIO_SSL),with,without)-openssl \
--$(if $(CONFIG_GENSIO_SCTP),with,without)-sctp \
--$(if $(CONFIG_GENSIO_WRAP),with,without)-tcp-wrappers \
--$(if $(CONFIG_GENSIO_PTHREADS),with,without)-pthreads \
--$(if $(CONFIG_GENSIO_GLIB),with,without)-glib \
--$(if $(CONFIG_GENSIO_TCL),with,without)-tcl \
--without-afskmdm \
--without-ax25 \
--without-alsa \
--without-go \
--without-ipmisol \
--without-kiss \
--without-openipmi \
--without-portaudio \
--without-sound \
--with-cplusplus \
--with-flock-locking \
--with-uucp-locking \
--disable-doc
CONFIGURE_VARS += \
@ -161,8 +171,9 @@ endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/gensio/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/gensio/* $(1)/usr/include/gensio/
$(INSTALL_DIR) $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/gensio
$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.{so*,a,la} $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/gensio/* $(1)/usr/lib/gensio/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/* $(1)/usr/lib/pkgconfig/
ifneq ($(CONFIG_PACKAGE_python3-gensio),)
@ -173,8 +184,11 @@ endif
endef
define Package/libgensio/install
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DIR) $(1)/usr/lib/gensio
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensio.so.* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensioosh.so.* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensiomdns.so.* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/gensio/* $(1)/usr/lib/gensio/
ifeq ($(CONFIG_GENSIO_GLIB),y)
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensioglib.so.* $(1)/usr/lib/
endif
@ -200,7 +214,7 @@ endef
define Package/libgensiocpp/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensiocpp.so.* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgensio*cpp.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libgensio))

11
net/gensio/patches/100-musl-compat.patch
View file

@ -1,11 +0,0 @@
--- a/tools/gensiotool.c
+++ b/tools/gensiotool.c
@@ -44,7 +44,7 @@
#include <signal.h>
#include <errno.h>
#include <sys/types.h>
-#include <sys/unistd.h>
+#include <unistd.h>
#include <syslog.h>
#endif

104
net/iperf3-mt/Makefile Normal file
View file

@ -0,0 +1,104 @@
# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2023 Jonas Jelonek
include $(TOPDIR)/rules.mk
PKG_NAME:=iperf
PKG_VERSION:=3.15-mt-beta1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/esnet/iperf/tar.gz/$(PKG_NAME)-$(PKG_VERSION)?
PKG_HASH:=4d5ad5bef9321adb832581a495c3cb1b5dec9d9678296f90bfc87166bbb7a43b
PKG_MAINTAINER:=Jonas Jelonek <jelonek.jonas@gmail.com>
PKG_LICENSE:=BSD-3-Clause
PKG_CPE_ID:=cpe:/a:es:iperf3
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk
DISABLE_NLS:=
define Package/iperf3-mt/default
SECTION:=net
CATEGORY:=Network
TITLE:=iperf3 with multithreading
URL:=https://github.com/esnet/iperf
CONFLICTS:=iperf3 iperf3-ssl
endef
define Package/iperf3-mt
$(call Package/iperf3-mt/default)
VARIANT:=nossl
DEPENDS:=+libiperf3-mt
CONFLICTS+=iperf3-mt-ssl
endef
define Package/iperf3-mt-ssl
$(call Package/iperf3-mt/default)
TITLE+= and iperf_auth support
VARIANT:=ssl
DEPENDS:=+libopenssl +libatomic
endef
define Package/libiperf3-mt
SECTION:=libs
CATEGORY:=Libraries
TITLE:=libiperf3 with multithreading
URL:=https://github.com/esnet/iperf
CONFLICTS:=libiperf3
DEPENDS+=+libatomic
endef
TARGET_CFLAGS += -D_GNU_SOURCE
TARGET_LDFLAGS += -latomic
ifeq ($(BUILD_VARIANT),ssl)
CONFIGURE_ARGS += --with-openssl="$(STAGING_DIR)/usr" --disable-shared
else
CONFIGURE_ARGS += --without-openssl
endif
MAKE_FLAGS += noinst_PROGRAMS=
define Package/iperf3-mt/description
iPerf3 is a modern alternative for measuring TCP and UDP bandwidth
performance, allowing the tuning of various parameters and
characteristics.
iperf3-mt has experimental multithreading support.
endef
define Package/libiperf3-mt/description
Libiperf is a library providing an API for iperf3 functionality.
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiperf.* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
endef
define Package/iperf3-mt/install/Default
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
endef
Package/iperf3-mt/install = $(Package/iperf3-mt/install/Default)
Package/iperf3-mt-ssl/install = $(Package/iperf3-mt/install/Default)
define Package/libiperf3-mt/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiperf.so.* $(1)/usr/lib
endef
$(eval $(call BuildPackage,iperf3-mt))
$(eval $(call BuildPackage,iperf3-mt-ssl))
$(eval $(call BuildPackage,libiperf3-mt))

5
net/strongswan/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
PKG_VERSION:=5.9.11
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
@ -41,6 +41,7 @@ PKG_MOD_AVAILABLE:= \
dnskey \
drbg \
duplicheck \
eap-dynamic \
eap-identity \
eap-md5 \
eap-mschapv2 \
@ -183,6 +184,7 @@ $(call Package/strongswan/Default)
+strongswan-mod-dnskey \
+strongswan-mod-drbg \
+strongswan-mod-duplicheck \
+strongswan-mod-eap-dynamic \
+strongswan-mod-eap-identity \
+strongswan-mod-eap-md5 \
+strongswan-mod-eap-mschapv2 \
@ -681,6 +683,7 @@ $(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,))
$(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
$(eval $(call BuildPlugin,drbg,Deterministic random bit generator,,))
$(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,))
$(eval $(call BuildPlugin,eap-dynamic,EAP dynamic selector,))
$(eval $(call BuildPlugin,eap-identity,EAP identity helper,))
$(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,))
$(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,+strongswan-mod-md4 +strongswan-mod-des))