Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'openwrt:master' into master

Browse source
This commit is contained in:
Hayzam Sherif 2023-12-08 02:01:14 +05:30 committed by GitHub
commit bf994cc82c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
40 changed files with 1770 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lang/python/pipx/Makefile
View file

@ -8,17 +8,17 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=pipx
PKG_VERSION:=1.2.1
PKG_VERSION:=1.3.2
PKG_RELEASE:=1
PYPI_NAME:=pipx
PKG_HASH:=698777c05a97cca81df4dc6a71d9ca4ece2184c6f91dc7a0e4802ac51d86d32a
PKG_HASH:=704d01d04c67c2dd0c776c5bf5ed35c7b249055b0174568b8507f07d72ed7a7f
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
PKG_BUILD_DEPENDS:=python-hatchling/host
PKG_BUILD_DEPENDS:=python-hatchling/host python-hatch-vcs/host
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
@ -37,6 +37,7 @@ define Package/pipx
+python3-venv \
+python3-argcomplete \
+python3-packaging \
+python3-platformdirs \
+python3-userpath
endef

4
lang/python/python-bcrypt/Makefile
View file

@ -6,11 +6,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-bcrypt
PKG_VERSION:=4.0.1
PKG_VERSION:=4.1.1
PKG_RELEASE:=1
PYPI_NAME:=bcrypt
PKG_HASH:=27d375903ac8261cfe4047f6709d16f7d18d39b1ec92aaf72af989552a650ebd
PKG_HASH:=df37f5418d4f1cdcff845f60e747a015389fa4e63703c918330865e06ad80007
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE

7
lang/python/python-bcrypt/test.sh
View file

@ -2,10 +2,11 @@
[ "$1" = python3-bcrypt ] || exit 0
python3 - << EOF
import sys
python3 - << 'EOF'
import bcrypt
password = b"super secret password"
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
sys.exit(0 if bcrypt.checkpw(password, hashed) else 1)
assert bcrypt.checkpw(password, hashed)
EOF

4
lang/python/python-cryptography/Makefile
View file

@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-cryptography
PKG_VERSION:=41.0.5
PKG_VERSION:=41.0.7
PKG_RELEASE:=1
PYPI_NAME:=cryptography
PKG_HASH:=392cb88b597247177172e02da6b7a63deeff1937fa6fec3bbf902ebd75d97ec7
PKG_HASH:=13f93ce9bea8016c253b34afc6bd6a75993e5c40672ed5405a9c832f0d4a00bc
PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD

4
lang/python/python-jsonschema/Makefile
View file

@ -1,11 +1,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-jsonschema
PKG_VERSION:=4.19.1
PKG_VERSION:=4.20.0
PKG_RELEASE:=1
PYPI_NAME:=jsonschema
PKG_HASH:=ec84cc37cfa703ef7cd4928db24f9cb31428a5d0fa77747b8b51a847458e0bbf
PKG_HASH:=4f614fd46d8d61258610998997743ec5492a648b33cf478c1ddc23ed4598a5fa
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
PKG_LICENSE:=MIT

47
lang/python/python-platformdirs/Makefile Normal file
View file

@ -0,0 +1,47 @@
#
# Copyright (C) 2023 Jeffery To
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=python-platformdirs
PKG_VERSION:=4.0.0
PKG_RELEASE:=1
PYPI_NAME:=platformdirs
PKG_HASH:=cb633b2bcf10c51af60beb0ab06d2f1d69064b43abf4c185ca6b28865f3f9731
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
PKG_BUILD_DEPENDS:=python-hatchling/host python-hatch-vcs/host
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
include ../python3-package.mk
define Package/python3-platformdirs
SECTION:=lang
CATEGORY:=Languages
SUBMENU:=Python
TITLE:=Determine appropriate platform-specific dirs
URL:=https://github.com/platformdirs/platformdirs
DEPENDS:=+python3-light +python3-urllib
endef
define Package/python3-platformdirs/description
When writing desktop application, finding the right location to store
user data and configuration varies per platform. Even for
single-platform apps, there may by plenty of nuances in figuring out the
right location.
This kind of thing is what the platformdirs package is for.
endef
$(eval $(call Py3Package,python3-platformdirs))
$(eval $(call BuildPackage,python3-platformdirs))
$(eval $(call BuildPackage,python3-platformdirs-src))

33
lang/python/python-platformdirs/test.sh Normal file
View file

@ -0,0 +1,33 @@
#!/bin/sh
[ "$1" = python3-platformdirs ] || exit 0
python3 - << 'EOF'
from platformdirs import *
appname = "SuperApp"
appauthor = "Acme"
assert user_data_dir(appname, appauthor) == '/root/.local/share/SuperApp'
assert user_cache_dir(appname, appauthor) == '/root/.cache/SuperApp'
assert user_log_dir(appname, appauthor) == '/root/.local/state/SuperApp/log'
assert user_config_dir(appname) == '/root/.config/SuperApp'
assert user_documents_dir() == '/root/Documents'
assert user_downloads_dir() == '/root/Downloads'
assert user_pictures_dir() == '/root/Pictures'
assert user_videos_dir() == '/root/Videos'
assert user_music_dir() == '/root/Music'
assert user_desktop_dir() == '/root/Desktop'
assert user_runtime_dir(appname, appauthor) == '/run/user/0/SuperApp'
assert site_data_dir(appname, appauthor) == '/usr/local/share/SuperApp'
assert site_data_dir(appname, appauthor, multipath=True) == '/usr/local/share/SuperApp:/usr/share/SuperApp'
assert site_config_dir(appname) == '/etc/xdg/SuperApp'
import os
os.environ["XDG_CONFIG_DIRS"] = "/etc:/usr/local/etc"
assert site_config_dir(appname, multipath=True) == '/etc/SuperApp:/usr/local/etc/SuperApp'
EOF

4
lang/python/python-referencing/Makefile
View file

@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-referencing
PKG_VERSION:=0.30.2
PKG_VERSION:=0.31.1
PKG_RELEASE:=1
PYPI_NAME:=referencing
PKG_HASH:=794ad8003c65938edcdbc027f1933215e0d0ccc0291e3ce20a4d87432b59efc0
PKG_HASH:=81a1471c68c9d5e3831c30ad1dd9815c45b558e596653db751a2bfdd17b3b9ec
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING

4
lang/python/python-trove-classifiers/Makefile
View file

@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-trove-classifiers
PKG_VERSION:=2023.11.14
PKG_VERSION:=2023.11.29
PKG_RELEASE:=1
PYPI_NAME:=trove-classifiers
PKG_HASH:=64b5e78305a5de347f2cd7ec8c12d704a3ef0cb85cc10c0ca5f73488d1c201f8
PKG_HASH:=ff8f7fd82c7932113b46e7ef6742c70091cc63640c8c65db00d91f2e940b9514
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE

6
net/adblock-fast/Makefile
View file

@ -5,8 +5,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock-fast
PKG_VERSION:=1.0.1
PKG_RELEASE:=6
PKG_VERSION:=1.1.0
PKG_RELEASE:=3
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
PKG_LICENSE:=GPL-3.0-or-later
@ -28,7 +28,7 @@ define Package/adblock-fast
endef
define Package/adblock-fast/description
Fast AdBlocking script to block ad or abuse/malware domains with DNSMASQ or Unbound.
Fast AdBlocking script to block ad or abuse/malware domains with Dnsmasq, SmartDNS or Unbound.
Script supports local/remote list of domains and hosts-files for both block-listing and allow-listing.
Please see https://docs.openwrt.melmac.net/adblock-fast/ for more information.
endef

2
net/adblock-fast/files/etc/config/adblock-fast
View file

@ -7,7 +7,7 @@ config adblock-fast 'config'
option compressed_cache '0'
option compressed_cache_dir '/etc'
option config_update_enabled '0'
option config_update_url 'https://cdn.jsdelivr.net/gh/openwrt/packages/net/adblock-fast/files/adblock-fast.conf.update'
option config_update_url 'https://cdn.jsdelivr.net/gh/openwrt/packages/net/adblock-fast/files/adblock-fast.config.update'
option curl_additional_param ''
option curl_max_file_size '30000000'
option curl_retry '3'

379
net/adblock-fast/files/etc/init.d/adblock-fast
View file

@ -34,6 +34,21 @@ readonly dnsmasqServersFile="/var/run/${packageName}/dnsmasq.servers"
readonly dnsmasqServersCache="/var/run/${packageName}/dnsmasq.servers.cache"
readonly dnsmasqServersGzip="${packageName}.dnsmasq.servers.gz"
readonly dnsmasqServersFilter='s|^|server=/|;s|$|/|'
readonly smartdnsDomainSetFile="/var/run/${packageName}/smartdns.domainset"
readonly smartdnsDomainSetCache="/var/run/${packageName}/smartdns.domainset.cache"
readonly smartdnsDomainSetConfig="/var/run/${packageName}/smartdns.domainset.conf"
readonly smartdnsDomainSetGzip="${packageName}.smartdns.domainset.gz"
readonly smartdnsDomainSetFilter=';'
readonly smartdnsIpsetFile="/var/run/${packageName}/smartdns.ipset"
readonly smartdnsIpsetCache="/var/run/${packageName}/smartdns.ipset.cache"
readonly smartdnsIpsetConfig="/var/run/${packageName}/smartdns.ipset.conf"
readonly smartdnsIpsetGzip="${packageName}.smartdns.ipset.gz"
readonly smartdnsIpsetFilter=';'
readonly smartdnsNftsetFile="/var/run/${packageName}/smartdns.nftset"
readonly smartdnsNftsetCache="/var/run/${packageName}/smartdns.nftset.cache"
readonly smartdnsNftsetConfig="/var/run/${packageName}/smartdns.nftset.conf"
readonly smartdnsNftsetGzip="${packageName}.smartdns.nftset.gz"
readonly smartdnsNftsetFilter=';'
readonly unboundFile="/var/lib/unbound/adb_list.${packageName}"
readonly unboundCache="/var/run/${packageName}/unbound.cache"
readonly unboundGzip="${packageName}.unbound.gz"
@ -97,12 +112,33 @@ check_dnsmasq_nftset() {
o="$(dnsmasq -v 2>/dev/null)"
check_nft && ! echo "$o" | grep -q 'no-nftset' && echo "$o" | grep -q 'nftset'
}
check_smartdns() { command -v smartdns >/dev/null 2>&1; }
check_smartdns_ipset() { check_smartdns && check_ipset; }
check_smartdns_nftset() { check_smartdns && check_nft; }
check_unbound() { command -v unbound >/dev/null 2>&1; }
debug() { local i j; for i in "$@"; do eval "j=\$$i"; echo "${i}: ${j} "; done; }
dnsmasq_hup() { killall -q -s HUP dnsmasq; }
dnsmasq_kill() { killall -q -s KILL dnsmasq; }
dnsmasq_restart() { /etc/init.d/dnsmasq restart >/dev/null 2>&1; }
is_enabled() { uci -q get "${1}.config.enabled"; }
is_enabled() { uci_get "$1" 'config' 'enabled' '0'; }
is_fw4_restart_needed() {
local dns force_dns
dns="$(uci_get "$packageName" 'config' 'dns' 'dnsmasq.servers')"
force_dns="$(uci_get "$packageName" 'config' 'force_dns' '1')"
if [ "$force_dns" = '1' ]; then
return 0
elif [ "$dns" = 'dnsmasq.ipset' ]; then
return 0
elif [ "$dns" = 'dnsmasq.nftset' ]; then
return 0
elif [ "$dns" = 'smartdns.ipset' ]; then
return 0
elif [ "$dns" = 'smartdns.nftset' ]; then
return 0
else
return 1
fi
}
is_integer() {
case "$1" in
(*[!0123456789]*) return 1;;
@ -142,6 +178,7 @@ print_json_bool() { json_init; json_add_boolean "$1" "$2"; json_dump; json_clean
print_json_int() { json_init; json_add_int "$1" "$2"; json_dump; json_cleanup; }
print_json_string() { json_init; json_add_string "$1" "$2"; json_dump; json_cleanup; }
sanitize_dir() { [ -d "$(readlink -fn "$1")" ] && readlink -fn "$1"; }
smartdns_restart() { /etc/init.d/smartdns restart >/dev/null 2>&1; }
str_contains() { test "$1" != "$(str_replace "$1" "$2" '')"; }
str_contains_word() { echo "$1" | grep -q -w "$2"; }
# shellcheck disable=SC2018,SC2019
@ -151,6 +188,7 @@ str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; }
str_replace() { printf "%b" "$1" | sed -e "s/$(printf "%b" "$2")/$(printf "%b" "$3")/g"; }
ubus_get_data() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@['${packageName}'].instances.main.data.${1}"; }
ubus_get_ports() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@['${packageName}'].instances.main.data.firewall.*.dest_port"; }
uci_get_protocol() { uci_get 'network' "$1" 'proto'; }
unbound_restart() { /etc/init.d/unbound restart >/dev/null 2>&1; }
json() {
@ -160,7 +198,8 @@ json() {
# shellcheck disable=SC2124
local extras="$@" line
local status message error stats
local reload restart curReload curRestart ret i
local reload restart curReload curRestart
local ret i
if [ -s "$jsonFile" ]; then
json_load_file "$jsonFile" 2>/dev/null
json_select 'data' 2>/dev/null
@ -271,9 +310,8 @@ output() {
local msg memmsg logmsg text
local sharedMemoryOutput="/dev/shm/$packageName-output"
if [ -z "$verbosity" ] && [ -n "$packageName" ]; then
verbosity="$(uci -q get "$packageName.config.verbosity")"
verbosity="$(uci_get "$packageName" 'config' 'verbosity' '2')"
fi
verbosity="${verbosity:-2}"
if [ $# -ne 1 ] && is_integer "$1"; then
if [ $((verbosity & $1)) -gt 0 ] || [ "$verbosity" = "$1" ]; then shift; text="$*"; else return 0; fi
fi
@ -308,7 +346,9 @@ uci_changes() {
local PACKAGE="$1"
local CONFIG="$2"
local OPTION="$3"
/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}"
if [ -s "${UCI_CONFIG_DIR:-'/etc/config'}${PACKAGE}" ]; then
/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}"
fi
}
if type extra_command 1>/dev/null 2>&1; then
@ -393,7 +433,7 @@ get_text() {
load_network() {
local param="$1"
local i j wan_if wan_gw wan_proto
local i j wan_if wan_gw
local counter wan_if_timeout="$procd_boot_wan_timeout" wan_gw_timeout='5'
counter=0
while [ -z "$wan_if" ]; do
@ -414,8 +454,7 @@ load_network() {
done
counter=0
wan_proto="$(uci -q get "network.${wan_if}.proto")"
if [ "$wan_proto" = 'pppoe' ]; then
if [ "$(uci_get_protocol "$wan_if")" = 'pppoe' ]; then
wan_gw_timeout=$((wan_gw_timeout+10))
fi
while [ "$counter" -le "$wan_gw_timeout" ]; do
@ -487,12 +526,14 @@ load_environment() {
return 1
fi
if [ "$debug" -ne 0 ]; then
if [ "$debug" -ne '0' ]; then
exec 1>>"/tmp/$packageName.log"
exec 2>&1
set -x
fi
# TODO: check for resolver and error out on start
if [ -n "$dnsmasq_config_file_url" ]; then
case "$dns" in
dnsmasq.conf) :;;
@ -506,13 +547,17 @@ load_environment() {
fi
case "$dns" in
dnsmasq.addnhosts|dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset|dnsmasq.servers)
dnsmasq.*)
if dnsmasq -v 2>/dev/null | grep -q 'no-IDN' || ! dnsmasq -v 2>/dev/null | grep -q -w 'IDN'; then
allow_non_ascii=0
allow_non_ascii='0'
fi
;;
unbound.adb_list)
allow_non_ascii=1;;
smartdns.*)
allow_non_ascii='0'
;;
unbound.*)
allow_non_ascii='1'
;;
esac
case "$dns" in
@ -548,6 +593,24 @@ load_environment() {
dns='dnsmasq.servers'
fi
;;
smartdns.ipset)
if ! ipset help hash:net; then
if [ "$param" != 'quiet' ]; then
json add error 'errorNoIpset'
output "${_ERROR_}: $(get_text 'errorNoIpset')!\\n"
fi
dns='smartdns.domainset'
fi
;;
smartdns.nftset)
if [ -z "$nft" ]; then
if [ "$param" != 'quiet' ]; then
json add error 'errorNoNft'
output "${_ERROR_}: $(get_text 'errorNoNft')!\\n"
fi
dns='smartdns.domainset'
fi
;;
esac
if [ "$(sanitize_dir "$compressed_cache_dir")" = '/' ]; then
@ -566,39 +629,24 @@ load_environment() {
outputFile="$dnsmasqAddnhostsFile"
outputCache="$dnsmasqAddnhostsCache"
outputGzip="${compressed_cache_dir}/${dnsmasqAddnhostsGzip}"
if [ "$ipv6_enabled" -ne 0 ]; then
if [ "$ipv6_enabled" -ne '0' ]; then
outputFilterIPv6="$dnsmasqAddnhostsFilterIPv6"
fi
rm -f "$dnsmasqConfFile" "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}"
rm -f "$dnsmasqIpsetFile" "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqNftsetFile" "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$dnsmasqServersFile" "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
;;
dnsmasq.conf)
outputFilter="$dnsmasqConfFilter"
outputFile="$dnsmasqConfFile"
outputCache="$dnsmasqConfCache"
outputGzip="${compressed_cache_dir}/${dnsmasqConfGzip}"
rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}"
rm -f "$dnsmasqIpsetFile" "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqNftsetFile" "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$dnsmasqServersFile" "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
;;
dnsmasq.ipset)
outputFilter="$dnsmasqIpsetFilter"
outputFile="$dnsmasqIpsetFile"
outputCache="$dnsmasqIpsetCache"
outputGzip="${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}"
rm -f "$dnsmasqConfFile" "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}"
rm -f "$dnsmasqNftsetFile" "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$dnsmasqServersFile" "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
;;
dnsmasq.nftset)
if [ "$ipv6_enabled" -ne 0 ]; then
if [ "$ipv6_enabled" -ne '0' ]; then
outputFilter="$dnsmasqNftsetFilterIPv6"
else
outputFilter="$dnsmasqNftsetFilter"
@ -606,37 +654,54 @@ load_environment() {
outputFile="$dnsmasqNftsetFile"
outputCache="$dnsmasqNftsetCache"
outputGzip="${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}"
rm -f "$dnsmasqConfFile" "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}"
rm -f "$dnsmasqIpsetFile" "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqServersFile" "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
;;
dnsmasq.servers)
outputFilter="$dnsmasqServersFilter"
outputFile="$dnsmasqServersFile"
outputCache="$dnsmasqServersCache"
outputGzip="${compressed_cache_dir}/${dnsmasqServersGzip}"
rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}"
rm -f "$dnsmasqConfFile" "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}"
rm -f "$dnsmasqIpsetFile" "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqNftsetFile" "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
;;
smartdns.domainset)
outputFilter="$smartdnsDomainSetFilter"
outputFile="$smartdnsDomainSetFile"
outputCache="$smartdnsDomainSetCache"
outputGzip="${compressed_cache_dir}/${smartdnsDomainSetGzip}"
outputConfig="$smartdnsDomainSetConfig"
;;
smartdns.ipset)
outputFilter="$smartdnsIpsetFilter"
outputFile="$smartdnsIpsetFile"
outputCache="$smartdnsIpsetCache"
outputGzip="${compressed_cache_dir}/${smartdnsIpsetGzip}"
outputConfig="$smartdnsIpsetConfig"
;;
smartdns.nftset)
outputFilter="$smartdnsNftsetFilter"
outputFile="$smartdnsNftsetFile"
outputCache="$smartdnsNftsetCache"
outputGzip="${compressed_cache_dir}/${smartdnsNftsetGzip}"
outputConfig="$smartdnsNftsetConfig"
;;
unbound.adb_list)
outputFilter="$unboundFilter"
outputFile="$unboundFile"
outputCache="$unboundCache"
outputGzip="$unboundGzip"
rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}"
rm -f "$dnsmasqConfFile" "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}"
rm -f "$dnsmasqIpsetFile" "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqNftsetFile" "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$dnsmasqServersFile" "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
;;
esac
for i in "$jsonFile" "$outputFile" "$outputCache" "$outputGzip"; do
[ "$dns" = 'dnsmasq.addnhosts' ] || rm -f "$dnsmasqAddnhostsFile" "$dnsmasqAddnhostsCache" "${compressed_cache_dir}/${dnsmasqAddnhostsGzip}"
[ "$dns" = 'dnsmasq.conf' ] || rm -f "$dnsmasqConfFile" "$dnsmasqConfCache" "${compressed_cache_dir}/${dnsmasqConfGzip}"
[ "$dns" = 'dnsmasq.ipset' ] || rm -f "$dnsmasqIpsetFile" "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
[ "$dns" = 'dnsmasq.nftset' ] || rm -f "$dnsmasqNftsetFile" "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
[ "$dns" = 'dnsmasq.servers' ] || rm -f "$dnsmasqServersFile" "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
[ "$dns" = 'smartdns.domainset' ] || rm -f "$smartdnsDomainSetFile" "$smartdnsDomainSetCache" "${compressed_cache_dir}/${smartdnsDomainSetGzip}" "$smartdnsDomainSetConfig"
[ "$dns" = 'smartdns.ipset' ] || rm -f "$smartdnsIpsetFile" "$smartdnsIpsetCache" "${compressed_cache_dir}/${smartdnsIpsetGzip}" "$smartdnsIpsetConfig"
[ "$dns" = 'smartdns.nftset' ] || rm -f "$smartdnsNftsetFile" "$smartdnsNftsetCache" "${compressed_cache_dir}/${smartdnsNftsetGzip}" "$smartdnsNftsetConfig"
[ "$dns" = 'unbound.adb_list' ] || rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
for i in "$jsonFile" "$outputFile" "$outputCache" "$outputGzip" "$outputConfig"; do
[ -n "$i" ] || continue
if ! mkdir -p "$(dirname "$i")"; then
if [ "$param" != 'quiet' ]; then
json add error 'errorOutputDirCreate' "$i"
@ -708,7 +773,7 @@ load_environment() {
}
resolver() {
_resolver_config() {
_dnsmasq_instance_config() {
local cfg="$1" param="$2"
case "$param" in
dnsmasq.addnhosts)
@ -731,6 +796,33 @@ resolver() {
;;
esac
}
_smartdns_instance_config() {
local cfg="$1" param="$2"
case "$param" in
cleanup)
uci_remove_list 'smartdns' "$cfg" 'conf_files' "$outputConfig"
rm -f "$outputConfig"
;;
smartdns.domainset)
{ echo "domain-set -name adblock-fast -file $outputFile"; \
echo "domain-rules /domain-set:adblock-fast/ -a #"; } > "$outputConfig"
uci_add_list_if_new 'smartdns' "$cfg" 'conf_files' "$outputConfig"
;;
smartdns.ipset)
{ echo "domain-set -name adblock-fast -file $outputFile"; \
echo "domain-rules /domain-set:adblock-fast/ -ipset adb"; } > "$outputConfig"
uci_add_list_if_new 'smartdns' "$cfg" 'conf_files' "$outputConfig"
;;
smartdns.nftset)
local nftset="#4:inet#fw4#adb4"
[ "$ipv6_enabled" -ne '0' ] && nftset="${nftset},#6:inet#fw4#adb6"
{ echo "domain-set -name adblock-fast -file $outputFile"; \
echo "domain-rules /domain-set:adblock-fast/ -nftset $nftset"; } > "$outputConfig"
uci_add_list_if_new 'smartdns' "$cfg" 'conf_files' "$outputConfig"
;;
esac
}
local param output_text i
case $1 in
cleanup)
@ -739,10 +831,16 @@ resolver() {
rm -f "$dnsmasqIpsetFile" "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqNftsetFile" "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$dnsmasqServersFile" "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
rm -f "$smartdnsDomainSetFile" "$smartdnsDomainSetCache" "${compressed_cache_dir}/${smartdnsDomainSetGzip}" "$smartdnsDomainSetConfig"
rm -f "$smartdnsIpsetFile" "$smartdnsIpsetCache" "${compressed_cache_dir}/${smartdnsIpsetGzip}" "$smartdnsIpsetConfig"
rm -f "$smartdnsNftsetFile" "$smartdnsNftsetCache" "${compressed_cache_dir}/${smartdnsNftsetGzip}" "$smartdnsNftsetConfig"
rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
config_load 'dhcp'
config_foreach _resolver_config 'dnsmasq' 'cleanup'
config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup'
uci_commit 'dhcp'
config_load 'smartdns'
config_foreach _smartdns_instance_config 'smartdns' 'cleanup'
uci_commit 'smartdns'
;;
on_start)
if [ ! -s "$outputFile" ]; then
@ -754,40 +852,54 @@ resolver() {
config_load 'dhcp'
if [ "$dnsmasq_instance" = "*" ]; then
config_foreach _resolver_config 'dnsmasq' "$dns"
config_foreach _dnsmasq_instance_config 'dnsmasq' "$dns"
elif [ -n "$dnsmasq_instance" ]; then
for i in $dnsmasq_instance; do
_resolver_config "@dnsmasq[$i]" "$dns" || _resolver_config "$i" "$dns"
_dnsmasq_instance_config "@dnsmasq[$i]" "$dns" || _dnsmasq_instance_config "$i" "$dns"
done
fi
config_load 'smartdns'
if [ "$smartdns_instance" = "*" ]; then
config_foreach _smartdns_instance_config 'smartdns' "$dns"
elif [ -n "$smartdns_instance" ]; then
for i in $smartdns_instance; do
_smartdns_instance_config "@smartdns[$i]" "$dns" || _smartdns_instance_config "$i" "$dns"
done
fi
case "$dns" in
dnsmasq.addnhosts|dnsmasq.servers)
dnsmasq.*)
chmod 660 "$outputFile"
chown root:dnsmasq "$outputFile"
param=dnsmasq_restart
output_text='Reloading dnsmasq'
;;
dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset)
chmod 660 "$outputFile"
chown root:dnsmasq "$outputFile"
param=dnsmasq_restart
param='dnsmasq_restart'
output_text='Restarting dnsmasq'
;;
unbound.adb_list)
param=unbound_restart
smartdns.*)
chmod 660 "$outputFile" "$outputConfig"
chown root:smartdns "$outputFile" "$outputConfig"
param='smartdns_restart'
output_text='Restarting SmartDNS'
;;
unbound.*)
chmod 660 "$outputFile"
chown root:unbound "$outputFile"
param='unbound_restart'
output_text='Restarting Unbound'
;;
esac
if [ -n "$(uci_changes dhcp)" ]; then
uci_commit dhcp
if [ "$param" = 'unbound_restart' ]; then
param='dnsmasq_restart; unbound_restart;'
output_text='Restarting Unbound/dnsmasq'
else
param=dnsmasq_restart
output_text='Restarting dnsmasq'
if [ -n "$(uci_changes dhcp)" ]; then
uci_commit 'dhcp'
if ! str_contains "$param" 'dnsmasq_restart'; then
param="${param:+"$param; dnsmasq_restart"}"
output_text="${output_text}/dnsmasq"
fi
fi
if [ -n "$(uci_changes smartdns)" ]; then
uci_commit 'smartdns'
if ! str_contains "$param" 'smartdns_restart'; then
param="${param:+"$param; "}smartdns_restart"
output_text="${output_text}/smartDNS"
fi
fi
output 1 "$output_text "
@ -807,34 +919,37 @@ resolver() {
;;
on_stop)
case "$dns" in
dnsmasq.addnhosts|dnsmasq.servers)
param=dnsmasq_restart
dnsmasq.*)
param='dnsmasq_restart'
;;
dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset)
param=dnsmasq_restart
smartdns.*)
param='smartdns_restart'
;;
unbound.adb_list)
param=unbound_restart
unbound.*)
param='unbound_restart'
;;
esac
if [ -n "$(uci_changes dhcp)" ]; then
uci_commit dhcp
if [ "$param" = 'unbound_restart' ]; then
param='dnsmasq_restart; unbound_restart;'
else
param=dnsmasq_restart
fi
uci_commit 'dhcp'
str_contains "$param" 'dnsmasq_restart' || param="${param:+"$param; dnsmasq_restart"}"
fi
if [ -n "$(uci_changes smartdns)" ]; then
uci_commit 'smartdns'
str_contains "$param" 'smartdns_restart' || param="${param:+"$param; "}smartdns_restart"
fi
eval "$param"
return $?
;;
quiet|quiet_restart)
case "$dns" in
dnsmasq.addnhosts|dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset|dnsmasq.servers)
param=dnsmasq_restart
dnsmasq.*)
param='dnsmasq_restart'
;;
unbound.adb_list)
param=unbound_restart
smartdns.*)
param='smartdns_restart'
;;
unbound.*)
param='unbound_restart'
;;
esac
eval "$param"
@ -937,7 +1052,7 @@ process_file_url() {
append_newline "$R_TMP"
[ -n "$cfg" ] && new_size="$(get_local_filesize "$R_TMP")"
if [ -n "$new_size" ] && [ "$size" != "$new_size" ]; then
uci set "${packageName}.${cfg}.size=$size"
uci_set "$packageName" "$cfg" 'size' "$size"
fi
format="$(detect_file_type "$R_TMP")"
case "$format" in
@ -1059,9 +1174,9 @@ download_lists() {
config_load "$packageName"
config_foreach load_validate_file_url_section 'file_url' process_file_url_wrapper
wait
if [ -n "$(uci changes "$packageName")" ]; then
if [ -n "$(uci_changes "$packageName")" ]; then
output 2 "Saving updated file size(s) "
if uci commit "$packageName"; then output_okn; else output_failn; fi
if uci_commit "$packageName"; then output_okn; else output_failn; fi
fi
output 1 '\n'
@ -1072,10 +1187,10 @@ download_lists() {
rm -f "$sharedMemoryError"
fi
if [ "$canary_domains_icloud" -ne 0 ]; then
if [ "$canary_domains_icloud" -ne '0' ]; then
canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}"
fi
if [ "$canary_domains_mozilla" -ne 0 ]; then
if [ "$canary_domains_mozilla" -ne '0' ]; then
canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}"
fi
@ -1113,6 +1228,9 @@ $(cat $A_TMP)"
[ "$dns" = 'dnsmasq.ipset' ] || \
[ "$dns" = 'dnsmasq.nftset' ] || \
[ "$dns" = 'dnsmasq.servers' ] || \
[ "$dns" = 'smartdns.domainset' ] || \
[ "$dns" = 'smartdns.ipset' ] || \
[ "$dns" = 'smartdns.nftset' ] || \
[ "$dns" = 'unbound.adb_list' ]; then
# TLD optimization written by Dirk Brenken (dev@brenken.org)
output 2 'Optimizing combined list '
@ -1168,7 +1286,7 @@ $(cat $A_TMP)"
if sed "$outputFilter" "$B_TMP" > "$A_TMP"; then
output_ok
else
output_failn
output_failn
json add error 'errorDataFileFormatting'
fi
else
@ -1206,6 +1324,18 @@ $(cat $A_TMP)"
output 2 'Creating dnsmasq servers file '
json set message "$(get_text 'statusProcessing'): creating dnsmasq servers file"
;;
smartdns.domainset)
output 2 'Creating smartdns domain-set file '
json set message "$(get_text 'statusProcessing'): creating smartdns domain-set file"
;;
smartdns.ipset)
output 2 'Creating smartdns domain-set file '
json set message "$(get_text 'statusProcessing'): creating smartdns ipset file"
;;
smartdns.nftset)
output 2 'Creating smartdns domain-set file '
json set message "$(get_text 'statusProcessing'): creating smartdns nft set file"
;;
unbound.adb_list)
output 2 'Creating Unbound adb_list file '
json set message "$(get_text 'statusProcessing'): creating Unbound adb_list file"
@ -1257,7 +1387,7 @@ adb_allow() {
return 0
fi
case "$dns" in
dnsmasq.addnhosts|dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset|dnsmasq.servers)
dnsmasq.*)
output 1 "Allowing domain(s) and restarting dnsmasq "
output 2 "Allowing domain(s) \\n"
for c in $string; do
@ -1299,7 +1429,40 @@ adb_allow() {
output_fail;
fi
;;
unbound.adb_list)
smartdns.*)
output 1 "Allowing domain(s) and restarting smartdns "
output 2 "Allowing domain(s) \\n"
for c in $string; do
output 2 " $c "
hf="$(echo "$c" | sed 's/\./\\./g')"
if sed -i "\:\(\"\|\.\)${hf}\":d" "$outputFile" && \
uci_add_list_if_new "$packageName" 'config' 'allowed_domain' "$string"; then
output_ok
else
output_fail
fi
done
if [ "$compressed_cache" -gt 0 ]; then
output 2 'Creating compressed cache '
if cache 'create_gzip'; then
output_ok
else
output_failn
fi
fi
output 2 "Committing changes to config "
if uci_commit "$packageName"; then
allowed_domain="$(uci_get "$packageName" 'config' 'allowed_domain')"
json set triggers
json set stats "$serviceName is blocking $(wc -l < "$outputFile") domains (with ${dns})"
output_ok;
output 2 "Restarting Unbound "
if unbound_restart; then output_okn; else output_failn; fi
else
output_fail;
fi
;;
unbound.*)
output 1 "Allowing domain(s) and restarting Unbound "
output 2 "Allowing domain(s) \\n"
for c in $string; do
@ -1366,6 +1529,8 @@ adb_check() {
grep "$string" "$outputFile" | sed 's|nftset=/||;s|/4#inet#adb#adb4||;';;
dnsmasq.servers)
grep "$string" "$outputFile" | sed 's|server=/||;s|/$||;';;
smartdns.*)
grep "$string" "$outputFile";;
unbound.adb_list)
grep "$string" "$outputFile" | sed 's|^local-zone: "||;s|" static$||;';;
esac
@ -1434,7 +1599,7 @@ adb_config_update() {
load_environment "$validation_result" "$param" || return 1
label="${config_update_url##*//}"
label="${label%%/*}";
[ "$config_update_enabled" -ne 0 ] || return 0
[ "$config_update_enabled" -ne '0' ] || return 0
if [ "$param" != 'download' ]; then
cache 'test' && return 0
@ -1470,7 +1635,7 @@ adb_sizes() {
size="$(get_url_filesize "$url")"
output "$url${size:+: $size} "
if [ -n "$size" ]; then
uci set "${packageName}.${cfg}.size=$size"
uci_set "$packageName" "$cfg" 'size' "$size"
output_okn
else
output_failn
@ -1481,7 +1646,7 @@ adb_sizes() {
load_environment "$validation_result" 'quiet' || return 1
config_load "$packageName"
config_foreach _config_add_url_size 'file_url'
uci commit "$packageName"
uci_commit "$packageName"
}
# shellcheck disable=SC2120
@ -1617,7 +1782,7 @@ adb_start() {
json_add_int 'entries' '0'
fi
json_add_array firewall
if [ "$force_dns" -ne 0 ]; then
if [ "$force_dns" -ne '0' ]; then
# shellcheck disable=SC3060
for c in ${force_dns_port/,/ }; do
if netstat -tuln | grep LISTEN | grep ":${c}" >/dev/null 2>&1; then
@ -1644,7 +1809,7 @@ adb_start() {
done
fi
case "$dns" in
dnsmasq.ipset)
dnsmasq.ipset|smartdns.ipset)
json_add_object ""
json_add_string type ipset
json_add_string name adb
@ -1660,7 +1825,7 @@ adb_start() {
json_add_string target REJECT
json_close_object
;;
dnsmasq.nftset)
dnsmasq.nftset|smartdns.nftset)
json_add_object ""
json_add_string type ipset
json_add_string name adb4
@ -1675,7 +1840,7 @@ adb_start() {
json_add_string proto "tcp udp"
json_add_string target REJECT
json_close_object
if [ "$ipv6_enabled" -ne 0 ]; then
if [ "$ipv6_enabled" -ne '0' ]; then
json_add_object ""
json_add_string type ipset
json_add_string name adb6
@ -1801,14 +1966,17 @@ killcache() {
rm -f "$dnsmasqIpsetCache" "${compressed_cache_dir}/${dnsmasqIpsetGzip}"
rm -f "$dnsmasqNftsetCache" "${compressed_cache_dir}/${dnsmasqNftsetGzip}"
rm -f "$dnsmasqServersCache" "${compressed_cache_dir}/${dnsmasqServersGzip}"
rm -f "$unboundCache" "$unboundGzip"
rm -f "$smartdnsDomainSetCache" "${compressed_cache_dir}/${smartdnsDomainSetGzip}"
rm -f "$smartdnsIpsetCache" "${compressed_cache_dir}/${smartdnsIpsetGzip}"
rm -f "$smartdnsNftsetCache" "${compressed_cache_dir}/${smartdnsNftsetGzip}"
rm -f "$unboundCache" "${compressed_cache_dir}/${unboundGzip}"
resolver 'cleanup'
return 0
}
reload_service() { rc_procd start_service 'restart'; }
restart_service() { rc_procd start_service 'restart'; }
service_started() { procd_set_config_changed firewall; }
service_stopped() { procd_set_config_changed firewall; }
service_started() { is_fw4_restart_needed && procd_set_config_changed firewall; }
service_stopped() { is_fw4_restart_needed && procd_set_config_changed firewall; }
service_triggers() {
local wan wan6 i
local procd_trigger_wan6
@ -1817,7 +1985,7 @@ service_triggers() {
network_flush_cache
network_find_wan wan
wan="${wan:-wan}"
if [ "$procd_trigger_wan6" -ne 0 ]; then
if [ "$procd_trigger_wan6" -ne '0' ]; then
network_find_wan6 wan6
wan6="${wan6:-wan6}"
fi
@ -1885,7 +2053,7 @@ load_validate_config() {
'canary_domains_icloud:bool:0' \
'canary_domains_mozilla:bool:0' \
'config_update_enabled:bool:0' \
'config_update_url:string:https://cdn.jsdelivr.net/gh/openwrt/packages/net/adblock-fast/files/adblock-fast.conf.update' \
'config_update_url:string:https://cdn.jsdelivr.net/gh/openwrt/packages/net/adblock-fast/files/adblock-fast.config.update' \
'download_timeout:range(1,60):20' \
'pause_timeout:range(1,60):20' \
'curl_additional_param:or("", string)' \
@ -1895,8 +2063,9 @@ load_validate_config() {
'procd_trigger_wan6:bool:0' \
'procd_boot_wan_timeout:integer:60' \
'led:or("", "none", file, device, string)' \
'dns:or("dnsmasq.addnhosts", "dnsmasq.conf", "dnsmasq.ipset", "dnsmasq.nftset", "dnsmasq.servers", "unbound.adb_list"):dnsmasq.servers' \
'dns:or("dnsmasq.addnhosts", "dnsmasq.conf", "dnsmasq.ipset", "dnsmasq.nftset", "dnsmasq.servers", "smartdns.domainset", "smartdns.ipset", "smartdns.nftset", "unbound.adb_list"):dnsmasq.servers' \
'dnsmasq_instance:list(or(integer, string)):*' \
'smartdns_instance:list(or(integer, string)):*' \
'allowed_domain:list(string)' \
'blocked_domain:list(string)' \
'dnsmasq_config_file_url:string'

51
net/adblock-fast/files/etc/uci-defaults/90-adblock-fast
View file

@ -17,7 +17,7 @@ _enable_url() {
config_get u "$cfg" 'url'
config_get a "$cfg" 'action' 'block'
if [ "$u" = "$url" ] && [ "$a" = "$action" ]; then
uci del "${packageName}.${cfg}.enabled" && _found=1
uci_remove "$packageName" "$cfg" 'enabled' && _found=1
fi
}
@ -26,32 +26,32 @@ enable_add_url() {
config_load "$packageName"
config_foreach _enable_url 'file_url' "$url" "$action"
if [ -z "$_found" ]; then
uci add "${packageName}" 'file_url' >/dev/null 2>&1
uci set "${packageName}.@file_url[-1].url=$url"
uci set "${packageName}.@file_url[-1].size=$(get_url_filesize "$url")"
uci set "${packageName}.@file_url[-1].action=$action"
uci_add "$packageName" 'file_url'
uci_set "$packageName" '@file_url[-1]' 'url' "$url"
uci_set "$packageName" '@file_url[-1]' 'size' "$(get_url_filesize "$url")"
uci_set "$packageName" '@file_url[-1]' 'action' "$action"
fi
}
if [ -s '/etc/config/simple-adblock' ] \
&& [ ! -s '/etc/config/adblock-fast-opkg' ] \
&& [ "$(uci get adblock-fast.config.enabled)" = '0' ]; then
&& [ "$(uci_get adblock-fast config enabled)" = '0' ]; then
cp -f '/etc/config/adblock-fast' '/etc/config/adblock-fast-opkg'
enabled="$(uci get simple-adblock.config.enabled)"
enabled="$(uci_get simple-adblock config enabled)"
if [ -x '/etc/init.d/simple-adblock' ]; then
output "Stopping and disabling simple-adblock "
if /etc/init.d/simple-adblock stop >/dev/null 2>&1 \
&& /etc/init.d/simple-adblock disable \
&& uci set simple-adblock.config.enabled=0 \
&& uci commit simple-adblock; then
&& uci_set simple-adblock config enabled 0 \
&& uci_commit simple-adblock; then
output_okn
else
output_failn
fi
else
output "Disabling simple-adblock."
if uci set simple-adblock.config.enabled=0 \
&& uci commit simple-adblock; then
if uci_set simple-adblock config enabled 0 \
&& uci_commit simple-adblock; then
output_okn
else
output_failn
@ -63,31 +63,30 @@ if [ -s '/etc/config/simple-adblock' ] \
curl_additional_param curl_max_file_size curl_retry download_timeout \
debug dns dns_instance dnsmasq_config_file_url force_dns led \
parallel_downloads procd_trigger_wan6 procd_boot_wan_timeout verbosity; do
j="$(uci -q get simple-adblock.config.${i})"
[ -n "$j" ] && uci set "${packageName}.config.${i}=${j}"
j="$(uci_get simple-adblock.config.${i})"
[ -n "$j" ] && uci_set "$packageName" config "$i" "$j"
done
[ -n "$enabled" ] && uci set "${packageName}.config.enabled=${enabled}"
j="$(uci -q get simple-adblock.config.config_update_url)"
[ -n "$enabled" ] && uci_set "$packageName" config enabled "$enabled"
j="$(uci_get simple-adblock config config_update_url)"
if [ "${j//simple-adblock/}" = "$j" ]; then
uci set "${packageName}.config.config_update_url=$j"
uci_set "$packageName" config config_update_url "$j"
fi
ccd="$(uci get simple-adblock.config.compressed_cache_dir)"
ccd="${ccd:-/etc}"
for j in $(uci -q get simple-adblock.config.allowed_domain); do
[ -n "$j" ] && uci add_list "${packageName}.config.allowed_domain=${j}"
ccd="$(uci_get simple-adblock config compressed_cache_dir '/etc')"
for j in $(uci_get simple-adblock config allowed_domain); do
[ -n "$j" ] && uci_add_list "$packageName" config allowed_domain "$j"
done
for j in $(uci -q get simple-adblock.config.blocked_domain); do
[ -n "$j" ] && uci add_list "${packageName}.config.blocked_domain=${j}"
for j in $(uci_get simple-adblock config blocked_domain); do
[ -n "$j" ] && uci_add_list "$packageName" config blocked_domain "$j"
done
for j in $(uci -q get simple-adblock.config.force_dns_port); do
[ -n "$j" ] && uci add_list "${packageName}.config.force_dns_port=${j}"
for j in $(uci_get simple-adblock config force_dns_port); do
[ -n "$j" ] && uci_add_list "$packageName" config force_dns_port "$j"
done
output_okn
for i in allowed_domains_url blocked_adblockplus_url blocked_domains_url \
blocked_hosts_url; do
output "Migrating simple-adblock ${i} "
for j in $(uci -q get simple-adblock.config.${i}); do
for j in $(uci_get simple-adblock config "$i"); do
if [ "$i" = 'allowed_domains_url' ]; then
enable_add_url "$j" 'allow'
else
@ -96,7 +95,7 @@ if [ -s '/etc/config/simple-adblock' ] \
done
output_okn
done
uci commit "$packageName"
uci_commit "$packageName"
output "Migrating simple-adblock cache file(s) "
for i in '/var/run/simple-adblock/dnsmasq.addnhosts.cache' \
'/var/run/simple-adblock/dnsmasq.conf.cache' \

6
net/ariang/Makefile
View file

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ariang
PKG_VERSION:=1.3.2
PKG_VERSION:=1.3.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
PKG_SOURCE_URL:=https://github.com/mayswind/AriaNg/releases/download/$(PKG_VERSION)
PKG_HASH:=2186dacf57c9d1650e00084c0454f2227e910f3203d89c6190f547b40cac7243
PKG_HASH:=2d36e1a39d95867b8e0cdb3cde96d04d40117bd37e8742d639da92496e07cc7b
UNPACK_CMD=unzip -q -d $(1) $(DL_DIR)/$(PKG_SOURCE)
PKG_MAINTAINER:=Ansuel Smith <ansuelsmth@gmail.com>
@ -56,6 +56,8 @@ define Package/ariang/install
$(PKG_BUILD_DIR)/LICENSE \
$(PKG_BUILD_DIR)/favicon.* \
$(PKG_BUILD_DIR)/robots.txt \
$(PKG_BUILD_DIR)/tileicon.png \
$(PKG_BUILD_DIR)/touchicon.png \
$(1)/www/ariang
endef

4
net/dhtd/Makefile
View file

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dhtd
PKG_VERSION:=0.2.5
PKG_VERSION:=0.2.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mwarning/dhtd/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=0e239c969400537fda549b74f0555bddc2f1fe4ab3c00abe539970dfefab6599
PKG_HASH:=4d9d88dc9cb035742a86c451c6bd40a7e44161709cd962933516ef6c5170683d
PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
PKG_LICENSE:=MIT

2
net/modemmanager/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=modemmanager
PKG_SOURCE_VERSION:=1.22.0
PKG_RELEASE:=5
PKG_RELEASE:=7
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git

15
net/modemmanager/README.md
View file

@ -26,6 +26,7 @@ Once installed, you can configure the 2G/3G/4G modem connections directly in
option lowpower '1'
option signalrate '30'
option allow_roaming '1'
option init_epsbearer '<none|default|custom>'
Only 'device' and 'proto' are mandatory options, the remaining ones are all
optional.
@ -42,3 +43,17 @@ The 'plmn' option allows to set the network operator MCCMNC.
The 'signalrate' option set's the signal refresh rate (in seconds) for the device.
You can call signal info with command: mmcli -m 0 --signal-get
If there is no Circuit switch network available, then an initial EPS
bearer must be set, so this could be used during the network registration
process in 4G and 5G network. For this resaon a new configuration option
'init_epsbearer' was added, which could have the following values.
* none: Do not set an initial EPS bearer (default)
* default: Use the configuration option 'apn', 'iptype', 'allowedauth',
'username' and 'password' for setting the initial EPS bearer.
These are the same options as when establishing a connection.
* custom: This could be used to use diffrent options when establishing a
connection. The options are prefixed with an 'init'. So we have
the following options 'init_apn', 'init_iptype',
'init_allowedauth', 'init_username' and 'init_password' for
setting the initial EPS bearer.

148
net/modemmanager/files/modemmanager.proto
View file

@ -339,6 +339,12 @@ proto_modemmanager_init_config() {
proto_config_add_int signalrate
proto_config_add_boolean lowpower
proto_config_add_boolean allow_roaming
proto_config_add_string init_epsbearer
proto_config_add_string init_iptype
proto_config_add_string 'init_allowedauth:list(string)'
proto_config_add_string init_password
proto_config_add_string init_user
proto_config_add_string init_apn
proto_config_add_defaults
}
@ -364,6 +370,50 @@ modemmanager_set_allowed_mode() {
}
}
modemmanager_check_state() {
local device="$1"
local modemstatus="$2"
local pincode="$3"
local state reason
state="$(modemmanager_get_field "${modemstatus}" "state")"
state="${state%% *}"
reason="$(modemmanager_get_field "${modemstatus}" "state-failed-reason")"
case "$state" in
"failed")
case "$reason" in
"sim-missing")
echo "SIM missing"
proto_notify_error "${interface}" MM_FAILED_REASON_SIM_MISSING
proto_block_restart "${interface}"
return 1
;;
*)
proto_notify_error "${interface}" MM_FAILED_REASON_UNKNOWN
proto_block_restart "${interface}"
return 1
;;
esac
;;
"locked")
if [ -n "$pincode" ]; then
mmcli --modem="${device}" -i any --pin=${pincode} || {
proto_notify_error "${interface}" MM_PINCODE_WRONG
proto_block_restart "${interface}"
return 1
}
else
echo "PIN required"
proto_notify_error "${interface}" MM_PINCODE_REQUIRED
proto_block_restart "${interface}"
return 1
fi
;;
esac
}
modemmanager_set_preferred_mode() {
local device="$1"
local interface="$2"
@ -394,6 +444,38 @@ modemmanager_set_preferred_mode() {
}
}
modemmanager_init_epsbearer() {
local eps="$1"
local device="$2"
local connectargs="$3"
local apn="$4"
[ "$eps" != 'none' ] && [ -z "${apn}" ] && {
echo "No '$eps' init eps bearer apn configured"
proto_notify_error "${interface}" MM_INIT_EPS_BEARER_APN_NOT_CONFIGURED
proto_block_restart "${interface}"
return 1
}
if [ "$eps" = "none" ]; then
echo "Deleting inital EPS bearer..."
else
echo "Setting '$eps' inital EPS bearer apn to '$apn'..."
fi
mmcli --modem="${device}" \
--timeout 120 \
--3gpp-set-initial-eps-bearer-settings="${connectargs}" || {
proto_notify_error "${interface}" MM_INIT_EPS_BEARER_SET_FAILED
proto_block_restart "${interface}"
return 1
}
# Wait here so that the modem can set the init EPS bearer
# for registration
sleep 2
}
proto_modemmanager_setup() {
local interface="$1"
@ -405,12 +487,20 @@ proto_modemmanager_setup() {
local device apn allowedauth username password pincode
local iptype plmn metric signalrate allow_roaming
local init_epsbearer
local init_iptype init_allowedauth
local init_password init_user init_apn
local address prefix gateway mtu dns1 dns2
json_get_vars device apn allowedauth username password
json_get_vars pincode iptype plmn metric signalrate allow_roaming
json_get_vars allowedmode preferredmode
json_get_vars init_epsbearer
json_get_vars init_iptype init_allowedauth
json_get_vars init_password init_user init_apn
# validate sysfs path given in config
[ -n "${device}" ] || {
echo "No device specified"
@ -430,6 +520,9 @@ proto_modemmanager_setup() {
}
echo "modem available at ${modempath}"
modemmanager_check_state "$device" "${modemstatus}" "$pincode"
[ "$?" -ne "0" ] && return 1
[ -z "${allowedmode}" ] || {
case "$allowedmode" in
"2g")
@ -460,10 +553,51 @@ proto_modemmanager_setup() {
# always cleanup before attempting a new connection, just in case
modemmanager_cleanup_connection "${modemstatus}"
# if allowedauth list given, build option string
for auth in $allowedauth; do
cliauth="${cliauth}${cliauth:+|}$auth"
done
mmcli --modem="${device}" --timeout 120 --enable || {
proto_notify_error "${interface}" MM_MODEM_DISABLED
return 1
}
# set initial eps bearer settings
[ -z "${init_epsbearer}" ] || {
case "$init_epsbearer" in
"none")
connectargs=""
modemmanager_init_epsbearer "none" \
"$device" "${connectargs}" "$apn"
;;
"default")
cliauth=""
for auth in $allowedauth; do
cliauth="${cliauth}${cliauth:+|}$auth"
done
connectargs=""
append_param "apn=${apn}"
append_param "${iptype:+ip-type=${iptype}}"
append_param "${cliauth:+allowed-auth=${cliauth}}"
append_param "${username:+user=${username}}"
append_param "${password:+password=${password}}"
modemmanager_init_epsbearer "default" \
"$device" "${connectargs}" "$apn"
;;
"custom")
cliauth=""
for auth in $init_allowedauth; do
cliauth="${cliauth}${cliauth:+|}$auth"
done
connectargs=""
append_param "apn=${init_apn}"
append_param "${init_iptype:+ip-type=${init_iptype}}"
append_param "${cliauth:+allowed-auth=${cliauth}}"
append_param "${init_username:+user=${init_username}}"
append_param "${init_password:+password=${init_password}}"
modemmanager_init_epsbearer "custom" \
"$device" "${connectargs}" "$init_apn"
;;
esac
# check error for init_epsbearer function call
[ "$?" -ne "0" ] && return 1
}
# setup connect args; APN mandatory (even if it may be empty)
echo "starting connection with apn '${apn}'..."
@ -477,7 +611,12 @@ proto_modemmanager_setup() {
allow_roaming="yes"
fi
cliauth=""
for auth in $allowedauth; do
cliauth="${cliauth}${cliauth:+|}$auth"
done
# Append options to 'connectargs' variable
connectargs=""
append_param "apn=${apn}"
append_param "allow-roaming=${allow_roaming}"
append_param "${iptype:+ip-type=${iptype}}"
@ -485,7 +624,6 @@ proto_modemmanager_setup() {
append_param "${cliauth:+allowed-auth=${cliauth}}"
append_param "${username:+user=${username}}"
append_param "${password:+password=${password}}"
append_param "${pincode:+pin=${pincode}}"
mmcli --modem="${device}" --timeout 120 --simple-connect="${connectargs}" || {
proto_notify_error "${interface}" MM_CONNECT_FAILED

4
net/rclone/Makefile
View file

@ -6,12 +6,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=rclone
PKG_VERSION:=1.64.2
PKG_VERSION:=1.65.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/rclone/rclone/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=85feffc2d60554bcc3c59140750dc4ccf008e109b52c451956a1f52387af1bd6
PKG_HASH:=22a15cbc381bab351c0698c83c1666344a07e1bde39ba44f33b95c5fb22cfaf4
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE

21
net/snort3/Makefile
View file

@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=snort3
PKG_VERSION:=3.1.75.0
PKG_RELEASE:=1
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
@ -25,7 +25,7 @@ define Package/snort3
SUBMENU:=Firewall
SECTION:=net
CATEGORY:=Network
DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic
DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic +kmod-nft-queue
TITLE:=Lightweight Network Intrusion Detection System
URL:=http://www.snort.org/
MENU:=1
@ -76,6 +76,10 @@ define Package/snort3/install
$(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \
$(1)/usr/bin/
$(INSTALL_BIN) \
./files/snort-{mgr,rules} \
$(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/lib/snort
$(CP) \
$(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_hext.so \
@ -90,6 +94,19 @@ define Package/snort3/install
$(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \
$(1)/usr/share/lua/
$(INSTALL_DIR) $(1)/usr/share/snort
$(INSTALL_CONF) \
./files/main.uc \
$(1)/usr/share/snort/
$(INSTALL_DIR) $(1)/usr/share/snort/templates
$(INSTALL_CONF) \
./files/nftables.uc \
$(1)/usr/share/snort/templates/
$(INSTALL_CONF) \
./files/snort.uc \
$(1)/usr/share/snort/templates/
$(INSTALL_DIR) $(1)/etc/snort/{rules,lists,builtin_rules,so_rules}
$(INSTALL_CONF) \

5
net/snort3/files/homenet.lua
View file

@ -1,3 +1,4 @@
-- Unused when using 'snort-mgr', do not modify without deep understanding.
-- setup HOME_NET below with your IP range/ranges to protect
HOME_NET = [[ 192.168.1.0/24 10.1.0.1/24 ]]
EXTERNAL_NET = "!$HOME_NET"
--HOME_NET = [[ 192.168.1.0/24 10.1.0.0/24 ]]
--EXTERNAL_NET = "!$HOME_NET"

3
net/snort3/files/local.lua
View file

@ -1,3 +1,6 @@
-- This file is no longer used if you are using 'snort-mgr' to create the
-- configuration. It is left as a sample.
--
-- use ths file to customize any functions defined in /etc/snort/snort.lua
-- switch tap to inline in ips and uncomment the below to run snort in inline mode

263
net/snort3/files/main.uc Normal file
View file

@ -0,0 +1,263 @@
{%
//------------------------------------------------------------------------------
// Copyright (c) 2023 Eric Fahlgren <eric.fahlgren@gmail.com>
// SPDX-License-Identifier: GPL-2.0
//
// The tables defined using 'config_item' are the source of record for the
// configuration file, '/etc/config/snort'. If you wish to add new items,
// do that only in the tables and propagate that use into the templates.
//
//------------------------------------------------------------------------------
import { cursor } from 'uci';
let uci = cursor();
function wrn(fmt, ...args) {
if (getenv("QUIET"))
exit(1);
let msg = "ERROR: " + sprintf(fmt, ...args);
if (getenv("TTY"))
warn(`\033[33m${msg}\033[m\n`);
else
warn(`[!] ${msg}\n`);
exit(1);
}
//------------------------------------------------------------------------------
function config_item(type, values, def) {
// If no default value is provided explicity, then values[0] is used as default.
if (! type in [ "enum", "range", "path", "str" ]) {
wrn(`Invalid item type '${type}', must be one of "enum", "range", "path" or "str".`);
return;
}
if (type == "range" && (length(values) != 2 || values[0] > values[1])) {
wrn(`A 'range' type item must have exactly 2 values in ascending order.`);
return;
}
// Maybe check paths for existence???
return {
type: type,
values: values,
default: def ?? values[0],
contains: function(value) {
// Check if the value is contained in the listed values,
// depending on the item type.
switch (this.type) {
case "enum":
return value in this.values;
case "range":
return value >= this.values[0] && value <= this.values[1];
default:
return true;
}
},
allowed: function() {
// Show a pretty version of the possible values, for error messages.
switch (this.type) {
case "enum":
return "one of [" + join(", ", this.values) + "]";
case "range":
return `${this.values[0]} <= x <= ${this.values[1]}`;
case "path":
return "a path string";
case "str":
return "a string";
default:
return "???";
}
},
}
};
const snort_config = {
enabled: config_item("enum", [ 0, 1 ], 0), // Defaults to off, so that user must configure before first start.
manual: config_item("enum", [ 0, 1 ], 1), // Allow user to manually configure, legacy behavior when enabled.
oinkcode: config_item("str", [ "" ]), // User subscription oinkcode. Much more in 'snort-rules' script.
home_net: config_item("str", [ "" ], "192.168.1.0/24"),
external_net: config_item("str", [ "" ], "any"),
config_dir: config_item("path", [ "/etc/snort" ]), // Location of the base snort configuration files.
temp_dir: config_item("path", [ "/var/snort.d" ]), // Location of all transient snort config, including downloaded rules.
log_dir: config_item("path", [ "/var/log" ]), // Location of the generated logs, and oh-by-the-way the snort PID file (why?).
logging: config_item("enum", [ 0, 1 ], 1),
openappid: config_item("enum", [ 0, 1 ], 0),
mode: config_item("enum", [ "ids", "ips" ]),
method: config_item("enum", [ "pcap", "afpacket", "nfq" ]),
action: config_item("enum", [ "alert", "block", "drop", "reject" ]),
interface: config_item("str", [ uci.get("network", "wan", "device") ]),
snaplen: config_item("range", [ 1518, 65535 ]), // int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
};
const nfq_config = {
queue_count: config_item("range", [ 1, 16 ], 4), // Count of queues to allocate in nft chain when method=nfq, usually 2-8.
queue_start: config_item("range", [ 1, 32768], 4), // Start of queue numbers in nftables.
queue_maxlen: config_item("range", [ 1024, 65536 ], 1024), // --daq-var queue_maxlen=int
fanout_type: config_item("enum", [ "hash", "lb", "cpu", "rollover", "rnd", "qm"], "hash"), // See below.
thread_count: config_item("range", [ 0, 32 ], 0), // 0 = use cpu count
chain_type: config_item("enum", [ "prerouting", "input", "forward", "output", "postrouting" ], "input"),
chain_priority: config_item("enum", [ "raw", "filter", "300"], "filter"),
include: config_item("path", [ "" ]), // User-defined rules to include inside queue chain.
};
let _snort_config_doc =
"
This is not an exhaustive list of configuration items, just those that
require more explanation than is given in the tables that define them, below.
https://openwrt.org/docs/guide-user/services/snort
snort
manual - When set to 1, use manual configuration for legacy behavior.
When disabled, then use this config.
interface - Default should usually be 'uci get network.wan.device',
something like 'eth0'
home_net - IP range/ranges to protect. May be 'any', but more likely it's
your lan range, default is '192.168.1.0/24'
external_net - IP range external to home. Usually 'any', but if you only
care about true external hosts (trusting all lan devices),
then '!$HOMENET' or some specific range
mode - 'ids' or 'ips', for detection-only or prevention, respectively
oinkcode - https://www.snort.org/oinkcodes
config_dir - Location of the base snort configuration files. Default /etc/snort
temp_dir - Location of all transient snort config, including downloaded rules
Default /var/snort.d
logging - Enable external logging of events thus enabling 'snort-mgr report',
otherwise events only go to system log (i.e., 'logread -e snort:')
log_dir - Location of the generated logs, and oh-by-the-way the snort
PID file (why?). Default /var/log
openappid - Enabled inspection using the 'openappid' package
See 'opkg info openappid'
action - 'alert', 'block', 'reject' or 'drop'
method - 'pcap', 'afpacket' or 'nfq'
snaplen - int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
nfq - https://github.com/snort3/libdaq/blob/master/modules/nfq/README.nfq.md
queue_maxlen - nfq's '--daq-var queue_maxlen=int'
queue_count - Count of queues to use when method=nfq, usually 2-8
fanout_type - Sets kernel load balancing algorithm*, one of hash, lb, cpu,
rollover, rnd, qm.
thread_count - int snort.-z: <count> maximum number of packet threads
(same as --max-packet-threads); 0 gets the number of
CPU cores reported by the system; default is 1 { 0:max32 }
chain_type - Chain type when generating nft output
chain_priority - Chain priority when generating nft output
include - Full path to user-defined extra rules to include inside queue chain
* - for details on fanout_type, see these pages:
https://github.com/florincoras/daq/blob/master/README
https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
";
function snort_config_doc(comment) {
if (comment == null) comment = "";
if (comment != "") comment += " ";
for (let line in split(_snort_config_doc, "\n")) {
let msg = rtrim(sprintf("%s%s", comment, line));
print(msg, "\n");
}
}
//------------------------------------------------------------------------------
function load(section, config) {
let self = {
".name": section,
".config": config,
};
// Set the defaults from definitions in table.
for (let item in config) {
self[item] = config[item].default;
}
// Overwrite them with any uci config settings.
let cfg = uci.get_all("snort", section);
for (let item in cfg) {
// If you need to rename, delete or change the meaning of a
// config item, just intercept it and do the work here.
if (exists(config, item)) {
let val = cfg[item];
if (config[item].contains(val))
self[item] = val;
else {
wrn(`In option ${item}='${val}', must be ${config[item].allowed()}`);
// ??? self[item] = config[item][0]; ???
}
}
}
return self;
}
let snort = null;
let nfq = null;
function load_all() {
snort = load("snort", snort_config);
nfq = load("nfq", nfq_config);
}
function dump_config(settings) {
let section = settings[".name"];
let config = settings[".config"];
printf("config %s '%s'\n", section, section);
for (let item in config) {
printf("\toption %-15s %-17s# %s\n", item, `'${settings[item]}'`, config[item].allowed());
}
print("\n");
}
function render_snort() {
include("templates/snort.uc", { snort, nfq });
}
function render_nftables() {
include("templates/nftables.uc", { snort, nfq });
}
function render_config() {
snort_config_doc("#");
dump_config(snort);
dump_config(nfq);
}
function render_help() {
snort_config_doc();
}
//------------------------------------------------------------------------------
load_all();
switch (getenv("TYPE")) {
case "snort":
render_snort();
return;
case "nftables":
render_nftables();
return;
case "config":
render_config();
return;
case "help":
render_help();
return;
default:
print("Invalid table type.\n");
return;
}
//------------------------------------------------------------------------------
-%}

18
net/snort3/files/nftables.uc Normal file
View file

@ -0,0 +1,18 @@
# Do not edit, automatically generated. See /usr/share/snort/templates.
{%
// Copyright (c) 2023 Eric Fahlgren <eric.fahlgren@gmail.com>
// SPDX-License-Identifier: GPL-2.0
let queues = `${nfq.queue_start}-${int(nfq.queue_start)+int(nfq.queue_count)-1}`;
let chain_type = nfq.chain_type;
-%}
table inet snort {
chain {{ chain_type }}_{{ snort.mode }} {
type filter hook {{ chain_type }} priority {{ nfq.chain_priority }}
policy accept
{% if (nfq.include) { include(nfq.include, { snort, nfq }); } %}
# tcp flags ack ct direction original ct state established counter accept
counter queue flags bypass to {{ queues }}
}
}

260
net/snort3/files/snort-mgr Normal file
View file

@ -0,0 +1,260 @@
#!/bin/sh
# Copyright (c) 2023 Eric Fahlgren <eric.fahlgren@gmail.com>
# SPDX-License-Identifier: GPL-2.0
# shellcheck disable=SC2039 # "local" not defined in POSIX sh
PROG="/usr/bin/snort"
MAIN="/usr/share/snort/main.uc"
CONF_DIR="/var/snort.d"
CONF="${CONF_DIR}/snort_conf.lua"
VERBOSE=
TESTING=
NLINES=0
[ ! -e "$CONF_DIR" ] && mkdir "$CONF_DIR"
[ -e /dev/stdin ] && STDIN=/dev/stdin || STDIN=/proc/self/fd/0
[ -e /dev/stdout ] && STDOUT=/dev/stdout || STDOUT=/proc/self/fd/1
[ -t 2 ] && export TTY=1
die() {
[ -n "$QUIET" ] || echo "$@" >&2
exit 1
}
disable_offload()
{
# From https://forum.openwrt.org/t/snort-3-nfq-with-ips-mode/161172
# https://blog.snort.org/2016/08/running-snort-on-commodity-hardware.html
# Not needed when running the nft daq as defragmentation is done by the kernel.
# What about pcap?
local filter_method=$(uci -q get snort.snort.method)
if [ "$filter_method" = "afpacket" ]; then
local wan=$(uci get snort.snort.interface)
if [ -n "$wan" ] && ethtool -k "$wan" | grep -q -E '(tcp-segmentation-offload|receive-offload): on' ; then
ethtool -K "$wan" gro off lro off tso off 2> /dev/null
log "Disabled gro, lro and tso on '$wan' using ethtool."
fi
fi
}
nft_rm_table() {
for table_type in 'inet' 'netdev'; do
nft list tables | grep -q "${table_type} snort" && nft delete table "${table_type}" snort
done
}
nft_add_table() {
if [ "$(uci -q get snort.snort.method)" = "nfq" ]; then
print nftables | nft $VERBOSE -f $STDIN
[ -n "$VERBOSE" ] && nft list table inet snort
fi
}
setup() {
# Generates all the configuration, then reports the config file for snort.
# Does NOT generate the rules file, you'll need to do 'update-rules' first.
nft_rm_table
print snort > "$CONF"
nft_add_table
echo "$CONF"
}
teardown() {
# Merely cleans up after.
nft_rm_table
[ -e "$CONF" ] && rm "$CONF"
}
update_rules() {
/usr/bin/snort-rules $TESTING
}
print() {
# '$1' is file type to generate, one of:
# config, snort or nftables
TYPE=$1 utpl -S "$MAIN"
}
check() {
local manual=$(uci get snort.snort.manual)
[ "$manual" = 1 ] && return 0
[ -n "$QUIET" ] && OUT=/dev/null || OUT=$STDOUT
local test_conf="${CONF_DIR}/test_conf.lua"
print snort > "${test_conf}" || die "Errors during generation of config."
if $PROG -T -q --warn-all -c "${test_conf}" 2> $OUT ; then
rm "${test_conf}"
return 0
fi
die "Errors in snort config tests."
}
report() {
# Reported IPs have source port stripped, but destination port (if any)
# retained.
#
# json notes
# from alert_fast:
# 08/30-11:39:57.639021 [**] [1:382:11] "PROTOCOL-ICMP PING Windows" [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.1.1.186 -> 10.1.1.20
#
# same event in alert_json (single line broken for clarity):
# { "timestamp" : "08/30-11:39:57.639021", "pkt_num" : 5366, "proto" : "ICMP", "pkt_gen" : "raw",
# "pkt_len" : 60, "dir" : "C2S", "src_ap" : "10.1.1.186:0", "dst_ap" : "10.1.1.20:0",
# "rule" : "1:382:11", "action" : "allow" }
#
# Second part of "rule", 382, is "sid" in ruleset, suffixing 11 is "rev".
# grep '\bsid:382\b' /etc/snort/rules/snort.rules (again, single line broken for clarity):
# alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:"PROTOCOL-ICMP PING Windows";
# itype:8; content:"abcdefghijklmnop",depth 16; metadata:ruleset community;
# classtype:misc-activity; sid:382; rev:11; )
#
# Not sure where the prefixing 1 comes from.
local logging=$(uci get snort.snort.logging)
local log_dir=$(uci get snort.snort.log_dir)
local pattern="$1"
if [ "$logging" = 0 ]; then
die "Logging is not enabled in snort config."
fi
#if [ -z "$pattern" ]; then
# die "Provide a valid IP and try again."
#fi
[ "$NLINES" = 0 ] && output="cat" || output="head -n $NLINES"
# Fix this to use json file.
tmp="/tmp/snort.report.$$"
echo "Intrusions involving ${pattern:-all IPs}"
grep "\b${pattern}\b" "$log_dir/alert_fast.txt" \
| sed 's/.*"\([^"]*\)".* \([^ :]*\)[: ].*-> \(.*\)/\1#\2#\3/' > "$tmp"
n_incidents="$(wc -l < $tmp)"
lines=$(sort "$tmp" | uniq -c | sort -nr \
| awk -F'#' '{printf "%-80s %-12s -> %s\n", $1, $2, $3}')
echo "$lines" | $output
n_lines=$(echo "$lines" | wc -l)
[ "$NLINES" -gt 0 ] && [ "$NLINES" -lt "$n_lines" ] && echo " ... Only showing $NLINES of $n_lines most frequent incidents."
printf "%7d total incidents\n" "$n_incidents"
rm "$tmp"
}
status() {
echo 'tbd'
}
while [ -n "$1" ]; do
case "$1" in
-q)
export QUIET=1
shift
;;
-v)
export VERBOSE=-e
shift
;;
-t)
TESTING=-t
shift
;;
-n)
NLINES="$2"
shift
shift
;;
*)
break
;;
esac
done
case "$1" in
setup)
setup
;;
teardown)
teardown
;;
resetup)
QUIET=1 check || die "The generated snort lua configuration contains errors, not restarting."
teardown
setup
;;
update-rules)
update_rules
;;
check)
check
;;
print)
print "$2"
;;
report)
report "$2"
;;
status)
status
;;
*)
cat <<USAGE
Usage:
-n = show only NLINES of output
-q = quiet
-v = verbose
-t = testing mode
$0 [-v] [-q] setup|teardown|resetup
Normally only used internally by init scripts to manage the generation
of configuration files and any needed firewall rules. None of these
modify the snort rules in any way (see 'update-rules').
setup = generates snort config, sets up firewall.
teardown = removes any firewall rules.
resetup = shorthand for teardown and then setup.
$0 [-n lines] report [pattern]
Report on incidents. Note this is somewhat experimental, so suggested
improvements are quite welcome.
pattern = IP or piece of IP or something in the message to filter.
$0 [-t] update-rules
Download and install the snort ruleset. Testing mode generates a canned
rule that matches IPv4 ping requests. A typical test scenario might look
like:
> snort-mgr -t update-rules
> /etc/init.d/snort start
> ping -c4 8.8.8.8
> logread -e "TEST ALERT"
$0 print config|snort|nftables
Print the rendered file contents.
config = Display contents of /etc/config/snort, but with all values and
descriptions. Missing values shown with defaults.
snort = The snort configuration file, which is a lua script.
nftables = The nftables script used to define the input queues when using
the 'nfq' DAQ.
$0 [-q] check
Test the rendered config using snort's check mode without
applying it to the running system.
$0 status
Print the nfq counter values and blah blah blah
USAGE
;;
esac

92
net/snort3/files/snort-rules Normal file
View file

@ -0,0 +1,92 @@
#!/bin/sh
# Copyright (c) 2023 Eric Fahlgren <eric.fahlgren@gmail.com>
# SPDX-License-Identifier: GPL-2.0
# shellcheck disable=SC2039 # "local" not defined in POSIX sh
alias log='logger -s -t "snort-rules[$$]" -p "info"'
[ "$1" = "-t" ] && testing=true || testing=false
download_rules() {
# Further information:
# https://www.snort.org/products#rule_subscriptions
# https://www.snort.org/oinkcodes
#
# Also, what to do about "subscription" vs Talos_LightSPD rules when subbed?
# Add a "use_rules" list or option or something?
oinkcode=$(uci -q get snort.snort.oinkcode)
local conf_dir=$(uci -q get snort.snort.config_dir || echo "/etc/snort")
local rules_file="$conf_dir/rules/snort.rules"
local data_dir=$(uci -q get snort.snort.temp_dir || echo "/var/snort.d")
local data_tar="$data_dir/rules.tar.gz"
# Make sure everything exists.
[ -d "$data_dir" ] || mkdir -p "$data_dir"
if $testing ; then
log "Generating testing rules..."
new_rules="$data_dir/testing.rules"
rm -f "$new_rules"
echo 'alert icmp any any <> any any (msg:"TEST ALERT ICMP v4"; icode:0; itype: 8; sid:10000010; rev:001;)' >> "$new_rules"
#echo 'alert icmp any any <> any any (msg:"TEST ALERT ICMP v6"; icode:0; itype:33; sid:10000011; rev:001;)' >> "$new_rules"
#echo 'alert icmp any any <> any any (msg:"TEST ALERT ICMP v6"; icode:0; itype:34; sid:10000012; rev:001;)' >> "$new_rules"
else
if [ -z "$oinkcode" ]; then
# If you do not have a subscription, then we use the community rules:
log "Downloading community rules..."
url="https://www.snort.org/downloads/community/snort3-community-rules.tar.gz"
else
# If you have a subscription and its corresponding oinkcode, use this:
#
# 'snortver' is the version number of the snort executable in use on your
# router.
#
# Ideally, the 'snort --version' output would work, but OpenWrt builds
# are often between (or, more likely, newer than) those listed on the
# snort.org downloads page.
#
# So instead, we define it manually to be the value just before the
# installed version. Look on https://www.snort.org/advisories/ and
# select the most recent date. On that page, find the closest version
# number preceding your installed version and modify the hard-coded
# value below (for example, installed is 31600 then use 31470):
#snortver=$(snort --version | awk '/Version/ {print gensub("\\.", "", "", $NF)}')
snortver=31470
log "Downloading subscription rules..."
url="https://www.snort.org/rules/snortrules-snapshot-$snortver.tar.gz?oinkcode=$oinkcode"
fi
wget "$url" -O "$data_tar" 2>&1 | log || exit 1
# ??? Does non-community tar contain just the one "*.rules" file, too???
new_rules=$(tar tzf "$data_tar" | grep '\.rules$')
new_rules="$data_dir/$new_rules"
old_rules="$data_dir/old.rules"
if [ -e "$new_rules" ]; then
# Before we overwrite with the new download.
log "Stashing old rules to $old_rules ..."
mv -f "$new_rules" "$old_rules"
fi
log "Unpacking $data_tar ..."
tar xzvf "$data_tar" -C "$data_dir" | log || exit 1
if [ -e "$old_rules" ] && ! cmp -s "$new_rules" "$old_rules" ; then
diff "$new_rules" "$old_rules" 2>&1 | log
fi
fi
rm -f "$rules_file"
ln -s "$new_rules" "$rules_file"
log "Snort rules loaded, restart snort now."
}
download_rules

75
net/snort3/files/snort.config
View file

@ -1,3 +1,74 @@
#
# This is not an exhaustive list of configuration items, just those that
# require more explanation than is given in the tables that define them, below.
#
# https://openwrt.org/docs/guide-user/services/snort
#
# snort
# manual - When set to 1, use manual configuration for legacy behavior.
# When disabled, then use this config.
# interface - Default should usually be 'uci get network.wan.device',
# something like 'eth0'
# home_net - IP range/ranges to protect. May be 'any', but more likely it's
# your lan range, default is '192.168.1.0/24'
# external_net - IP range external to home. Usually 'any', but if you only
# care about true external hosts (trusting all lan devices),
# then '!$HOMENET' or some specific range
# mode - 'ids' or 'ips', for detection-only or prevention, respectively
# oinkcode - https://www.snort.org/oinkcodes
# config_dir - Location of the base snort configuration files. Default /etc/snort
# temp_dir - Location of all transient snort config, including downloaded rules
# Default /var/snort.d
# logging - Enable external logging of events thus enabling 'snort-mgr report',
# otherwise events only go to system log (i.e., 'logread -e snort:')
# log_dir - Location of the generated logs, and oh-by-the-way the snort
# PID file (why?). Default /var/log
# openappid - Enabled inspection using the 'openappid' package
# See 'opkg info openappid'
# action - 'alert', 'block', 'reject' or 'drop'
# method - 'pcap', 'afpacket' or 'nfq'
# snaplen - int daq.snaplen = 1518: set snap length (same as -s) { 0:65535 }
#
# nfq - https://github.com/snort3/libdaq/blob/master/modules/nfq/README.nfq.md
# queue_maxlen - nfq's '--daq-var queue_maxlen=int'
# queue_count - Count of queues to use when method=nfq, usually 2-8
# fanout_type - Sets kernel load balancing algorithm*, one of hash, lb, cpu,
# rollover, rnd, qm.
# thread_count - int snort.-z: <count> maximum number of packet threads
# (same as --max-packet-threads); 0 gets the number of
# CPU cores reported by the system; default is 1 { 0:max32 }
# chain_type - Chain type when generating nft output
# chain_priority - Chain priority when generating nft output
# include - Full path to user-defined extra rules to include inside queue chain
#
# * - for details on fanout_type, see these pages:
# https://github.com/florincoras/daq/blob/master/README
# https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
#
config snort 'snort'
option config_dir '/etc/snort/'
option interface 'eth0'
option enabled '0' # one of [0, 1]
option manual '1' # one of [0, 1]
option oinkcode '' # a string
option home_net '192.168.1.0/24' # a string
option external_net 'any' # a string
option config_dir '/etc/snort' # a path string
option temp_dir '/var/snort.d' # a path string
option log_dir '/var/log' # a path string
option logging '1' # one of [0, 1]
option openappid '0' # one of [0, 1]
option mode 'ids' # one of [ids, ips]
option method 'pcap' # one of [pcap, afpacket, nfq]
option action 'alert' # one of [alert, block, drop, reject]
option interface 'eth0' # a string
option snaplen '1518' # 1518 <= x <= 65535
config nfq 'nfq'
option queue_count '4' # 1 <= x <= 16
option queue_start '4' # 1 <= x <= 32768
option queue_maxlen '1024' # 1024 <= x <= 65536
option fanout_type 'hash' # one of [hash, lb, cpu, rollover, rnd, qm]
option thread_count '0' # 0 <= x <= 32
option chain_type 'input' # one of [prerouting, input, forward, output, postrouting]
option chain_priority 'filter' # one of [raw, filter, 300]
option include '' # a path string

40
net/snort3/files/snort.init
View file

@ -1,36 +1,58 @@
#!/bin/sh /etc/rc.common
# shellcheck disable=SC2039 # "local" not defined in POSIX sh
START=99
STOP=10
USE_PROCD=1
PROG=/usr/bin/snort
MGR=/usr/bin/snort-mgr
validate_snort_section() {
$MGR -q check || return 1
uci_validate_section snort snort "${1}" \
'enabled:bool:0' \
'manual:bool:1' \
'config_dir:string' \
'interface:string'
}
start_service() {
local config_file interface
# If you wish to use application-managed PID file:
# output.logdir, in the snort lua config, determines the PID file location.
# Add '--create-pidfile' to the 'command', below.
validate_snort_section snort || {
echo "validation failed"
return 1
}
local enabled
local manual
local config_dir
local interface
validate_snort_section snort || {
echo "Validation failed, try 'snort-mgr check'."
return 1
}
[ "$enabled" = 0 ] && return
procd_open_instance
procd_set_param command $PROG -q -i "$interface" -c "${config_dir%/}/snort.lua" --tweaks local
procd_set_param env SNORT_LUA_PATH="$config_dir"
procd_set_param file $CONFIGFILE
if [ "$manual" = 0 ]; then
local config_file=$($MGR setup)
procd_set_param command "$PROG" -q -c "${config_file}"
else
procd_set_param command $PROG -q -i "$interface" -c "${config_dir%/}/snort.lua" --tweaks local
procd_set_param env SNORT_LUA_PATH="$config_dir"
procd_set_param file $CONFIGFILE
fi
procd_set_param respawn
procd_set_param stdout 0
procd_set_param stderr 1
procd_close_instance
}
stop_service()
{
service_stop ${PROG}
service_stop "$PROG"
$MGR teardown
}
service_triggers()

126
net/snort3/files/snort.uc Normal file
View file

@ -0,0 +1,126 @@
{%
// Copyright (c) 2023 Eric Fahlgren <eric.fahlgren@gmail.com>
// SPDX-License-Identifier: GPL-2.0
// Create some snort-format-specific items.
let home_net = snort.home_net == 'any' ? "'any'" : snort.home_net;
let external_net = snort.external_net;
let line_mode = snort.mode == "ids" ? "tap" : "inline";
let inputs = null;
let vars = null;
switch (snort.method) {
case "pcap":
case "afpacket":
inputs = `{ '${snort.interface}' }`;
vars = "{}";
break;
case "nfq":
inputs = "{ ";
for (let i = int(nfq.queue_start); i < int(nfq.queue_start)+int(nfq.queue_count); i++) {
inputs += `'${i}', `
}
inputs += "}";
vars = `{ 'device=${snort.interface}', 'queue_maxlen=${nfq.queue_maxlen}', 'fanout_type=${nfq.fanout_type}', 'fail_open', }`;
break;
}
-%}
-- Do not edit, automatically generated. See /usr/share/snort/templates.
-- These must be defined before processing snort.lua
-- The default include '/etc/snort/homenet.lua' must not redefine them.
HOME_NET = [[ {{ home_net }} ]]
EXTERNAL_NET = '{{ external_net }}'
include('{{ snort.config_dir }}/snort.lua')
snort = {
{% if (snort.mode == 'ips'): %}
['-Q'] = true,
{% endif %}
['--daq'] = {{ snort.method }},
--['--daq-dir'] = '/usr/lib/daq/',
{% if (snort.method == 'nfq'): %}
['--max-packet-threads'] = {{ nfq.thread_count }},
{% endif %}
}
ips = {
mode = {{ line_mode }},
variables = default_variables,
action_override = {{ snort.action }},
include = "{{ snort.config_dir }}/" .. RULE_PATH .. '/snort.rules',
}
daq = {
inputs = {{ inputs }},
snaplen = {{ snort.snaplen }},
module_dirs = { '/usr/lib/daq/', },
modules = {
{
name = '{{ snort.method }}',
mode = {{ line_mode }},
variables = {{ vars }},
}
}
}
alert_syslog = {
level = 'info',
}
{% if (int(snort.logging)): %}
-- Note that this is also the location of the PID file, if you use it.
output.logdir = "{{ snort.log_dir }}"
-- Maybe add snort.log_type, 'fast', 'json' and 'full'?
-- Json would be best for reporting, see 'snort-mgr report' code.
-- alert_full = { file = true, }
alert_fast = {
-- bool alert_fast.file = false: output to alert_fast.txt instead of stdout
-- bool alert_fast.packet = false: output packet dump with alert
-- int alert_fast.limit = 0: set maximum size in MB before rollover (0 is unlimited) { 0:maxSZ }
file = true,
packet = false,
}
alert_json = {
-- bool alert_json.file = false: output to alert_json.txt instead of stdout
-- multi alert_json.fields = timestamp pkt_num proto pkt_gen pkt_len dir src_ap dst_ap rule action: selected fields will be output
-- int alert_json.limit = 0: set maximum size in MB before rollover (0 is unlimited) { 0:maxSZ }
-- string alert_json.separator = , : separate fields with this character sequence
file = true,
}
{% endif -%}
normalizer = {
tcp = {
ips = true,
}
}
file_policy = {
enable_type = true,
enable_signature = true,
rules = {
use = {
verdict = 'log',
enable_file_type = true,
enable_file_signature = true,
}
}
}
-- To use openappid with snort, 'opkg install openappid' and enable in config.
{% if (int(snort.openappid)): %}
appid = {
log_stats = true,
app_detector_dir = '/usr/lib/openappid',
app_stats_period = 60,
}
{% endif %}

2
net/sstp-client/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=sstp-client
PKG_VERSION:=1.0.19
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://gitlab.com/sstp-project/sstp-client/-/archive/1.0.19/

7
net/sstp-client/files/lib/netifd/proto/sstp.sh
View file

@ -10,6 +10,7 @@
proto_sstp_init_config() {
proto_config_add_string "server"
proto_config_add_string "port"
proto_config_add_string "username"
proto_config_add_string "password"
proto_config_add_string "pppd_options"
@ -28,7 +29,7 @@ proto_sstp_setup() {
local iface="$2"
local ifname="sstp-$config"
local ip serv_addr server ipv6 defaultroute peerdns
local ip serv_addr server port ipv6 defaultroute peerdns
json_get_var server server && {
for ip in $(resolveip -t 5 "$server"); do
( proto_add_host_dependency "$config" "$ip" )
@ -42,7 +43,7 @@ proto_sstp_setup() {
exit 1
}
json_get_vars username password pppd_options sstp_options log_level ipv6 defaultroute peerdns
json_get_vars port username password pppd_options sstp_options log_level ipv6 defaultroute peerdns
if [ "$ipv6" = 1 ]; then
ipv6=1
else
@ -82,7 +83,7 @@ proto_sstp_setup() {
--save-server-route \
--ipparam $config \
$sstp_options \
$server \
$server${port:+:$port} \
ifname $ifname \
require-mschap-v2 \
${ipv6:++ipv6} \

4
net/strongswan/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
PKG_VERSION:=5.9.12
PKG_VERSION:=5.9.13
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
PKG_HASH:=5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5
PKG_HASH:=56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55
PKG_LICENSE:=GPL-2.0-or-later
PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting>
PKG_CPE_ID:=cpe:/a:strongswan:strongswan

96
net/uspot/Makefile Normal file
View file

@ -0,0 +1,96 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=uspot
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_MAINTAINER:=Thibaut VARÈNE <hacks@slashdirt.org>
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/f00b4r0/uspot.git
PKG_SOURCE_DATE:=2023-11-30
PKG_SOURCE_VERSION:=7e1e21b0f8425205d719b99a392fa893b3e512e6
PKG_MIRROR_HASH:=494c616159b16d978fe00348ebe50c77a48f1db98d624ed613f3cca2d39e3a6e
CMAKE_SOURCE_SUBDIR:=src
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/uspot
SUBMENU:=Captive Portals
SECTION:=net
CATEGORY:=Network
TITLE:=uspot hotspot daemon
DEPENDS:=+conntrack \
+libblobmsg-json +liblucihttp-ucode +libradcli +libubox +libubus +libuci \
+spotfilter \
+ucode +ucode-mod-math +ucode-mod-nl80211 +ucode-mod-rtnl +uhttpd-mod-ucode +ucode-mod-uloop
endef
define Package/uspot/description
This package implements a captive portal supporting click-to-continue,
simple credential-based as well as RADIUS authentication.
It is UAM capable, and has limited support for RFC5176
RADIUS Dynamic Authorization Extensions.
It is meant to be a drop-in replacement for CoovaChilli,
leveraging the performance and flexibility of the nftables firewall
without the need for extra kernel modules.
endef
define Package/uspot/conffiles
/etc/config/uspot
endef
define Package/uspot-www
SUBMENU:=Captive Portals
SECTION:=net
CATEGORY:=Network
TITLE:=uspot default user interface files
DEPENDS:=+uspot
endef
define Package/uspot-www/description
This package provides CSS and HTML templates for uspot UI.
This package must be installed with uspot unless a local alternative is provided.
endef
define Package/uspotfilter
SECTION:=net
CATEGORY:=Network
TITLE:=uspot implementation of spotfilter
PROVIDES:=spotfilter
CONFLICTS:=spotfilter
DEPENDS:=+conntrack +nftables-json +ucode +ucode-mod-rtnl +ucode-mod-uloop
endef
define Package/uspotfilter/description
This package provides the nftables firewall interface to spotfilter.
It is compatible with firewall4.
endef
define Package/uspot/install
$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/share $(1)/usr/lib/ucode $(1)/etc/init.d $(1)/etc/config
$(INSTALL_BIN) $(PKG_BUILD_DIR)/radius-client $(1)/usr/bin/radius-client
$(INSTALL_BIN) $(PKG_BUILD_DIR)/uspot-das $(1)/usr/bin/uspot-das
$(INSTALL_DATA) $(PKG_BUILD_DIR)/libuam.so $(1)/usr/lib/ucode/uam.so
$(INSTALL_CONF) $(PKG_BUILD_DIR)/files/etc/config/uspot $(1)/etc/config/uspot
$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/init.d/uspot $(1)/etc/init.d/uspot
$(CP) $(PKG_BUILD_DIR)/files/usr/bin $(1)/usr/
$(CP) $(PKG_BUILD_DIR)/files/usr/share/uspot $(1)/usr/share/
endef
define Package/uspot-www/install
$(CP) $(PKG_BUILD_DIR)/files/www-uspot $(1)/
endef
define Package/uspotfilter/install
$(INSTALL_DIR) $(1)/usr/share $(1)/etc/init.d
$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/etc/init.d/spotfilter $(1)/etc/init.d/spotfilter
$(CP) $(PKG_BUILD_DIR)/files/usr/share/uspotfilter $(1)/usr/share/
endef
$(eval $(call BuildPackage,uspot))
$(eval $(call BuildPackage,uspot-www))
$(eval $(call BuildPackage,uspotfilter))

12
net/v2raya/Makefile
View file

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=v2rayA
PKG_VERSION:=2.2.4.1
PKG_VERSION:=2.2.4.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=e0d8a2250f9933ca1d1efe023a7ec7d6d5f9a4d058a8a7270c457a8d1e0b4ab9
PKG_HASH:=8ebb1790ac57b795a03a13f830d316206040627486bd204158b04917a8c817b7
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service
PKG_LICENSE:=AGPL-3.0-only
@ -54,12 +54,12 @@ define Package/v2raya/conffiles
/etc/config/v2raya
endef
WEB_FILE:=$(PKG_NAME)-web-$(PKG_VERSION).zip
WEB_FILE:=$(PKG_NAME)-web-$(PKG_VERSION).tar.gz
define Download/v2raya-web
URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/
URL_FILE:=web.zip
URL_FILE:=web.tar.gz
FILE:=$(WEB_FILE)
HASH:=76735aa46253dc29b9605798173fafc3ae545089e3da8090f76d6a3f65780e37
HASH:=187b498b8b5fdac765309c9ae23efb1ccd74e01d713682c44b4aa7689c99017c
endef
define Build/Prepare
@ -67,7 +67,7 @@ define Build/Prepare
( \
mkdir -p $(PKG_BUILD_DIR)/server/router/web ; \
unzip -q -d $(PKG_BUILD_DIR)/server/router/web $(DL_DIR)/$(WEB_FILE) ; \
gzip -dc $(DL_DIR)/$(WEB_FILE) | $(HOST_TAR) -C $(PKG_BUILD_DIR)/server/router/web $(TAR_OPTIONS) ; \
)
endef

61
utils/cligen/Makefile Normal file
View file

@ -0,0 +1,61 @@
#
# Copyright (C) 2020-2023 Olof Hagsand and Rubicon Communications, LLC(Netgate)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=cligen
PKG_VERSION:=6.5.0
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/clicon/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
PKG_HASH:=8b3943430f7aa9eea6a5f7cf1ace5b68eb382380cf68f41ae3ef5e032e08816f
PKG_MAINTAINER:=Olof Hagsand <olof@hagsand.se>, Philip Prindeville <philipp@redfish-solutions.com>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE.md
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
define Package/cligen
SECTION:=utils
CATEGORY:=Utilities
URL:=https://www.cligen.se
TITLE:=CLIgen is a Command-Line Interface generator
DEPENDS:=libxml2
endef
define Package/cligen/description
CLIgen provides dynamic CLI interpretation from grammar files
handled at run-time.
endef
CONFIGURE_ARGS+= \
--exec-prefix=/usr
CONFIGURE_ARGS:=$(filter-out --disable-dependency-tracking,$(CONFIGURE_ARGS))
INSTALLFLAGS:=-s --strip-program=$(TARGET_CROSS)strip
CONFIGURE_VARS+= \
INSTALLFLAGS="$(INSTALLFLAGS)"
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/cligen $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcligen.so* $(1)/usr/lib/
endef
define Package/cligen/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcligen.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,cligen))

93
utils/clixon/Makefile Normal file
View file

@ -0,0 +1,93 @@
#
# Copyright (C) 2020-2023 Olof Hagsand and Rubicon Communications, LLC(Netgate)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=clixon
PKG_VERSION:=6.5.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/clicon/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
PKG_HASH:=c85bf3112ddd9dcc00965780c21bf1589095c8b67f741ef7059c805feccf3bfc
PKG_MAINTAINER:=Olof Hagsand <olof@hagsand.se>, Philip Prindeville <philipp@redfish-solutions.com>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILE:=LICENSE.md
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
define Package/clixon
SECTION:=utils
CATEGORY:=Utilities
URL:=https://www.clicon.org
TITLE:=YANG-based toolchain
DEPENDS:=+cligen +libopenssl +libnghttp2 +libcurl \
@(PACKAGE_openssh-server||PACKAGE_openssh-server-pam)
USERID:=clicon=61:clicon=61
endef
define Package/clixon/description
YANG-based toolchain including NETCONF and RESTCONF interfaces and an interactive CLI.
endef
define Package/clixon/conffiles
/etc/clixon/restconf.xml
/etc/ssh/sshd_config.d/90-netconf-subsystem.conf
endef
CONFIGURE_ARGS += \
--exec-prefix=/usr \
--with-restconf=native \
--with-configfile=/etc/clixon/clixon.xml \
--with-cligen=$(STAGING_DIR)/usr
CONFIGURE_ARGS:=$(filter-out --disable-dependency-tracking,$(CONFIGURE_ARGS))
INSTALLFLAGS:=-s --strip-program=$(TARGET_CROSS)strip
CONFIGURE_VARS+= \
INSTALLFLAGS="$(INSTALLFLAGS)" \
SSH_BIN=/usr/bin/ssh
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/clixon $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libclixon.so* \
$(PKG_INSTALL_DIR)/usr/lib/libclixon_backend.so* \
$(PKG_INSTALL_DIR)/usr/lib/libclixon_restconf.so* \
$(PKG_INSTALL_DIR)/usr/lib/libclixon_cli.so* \
$(1)/usr/lib/
endef
define Package/clixon/install
$(INSTALL_DIR) $(1)/etc/clixon
$(INSTALL_DATA) ./files/restconf.xml $(1)/etc/clixon/
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/clixon_* $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/clixon_* $(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/share/clixon
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/clixon/*.yang $(1)/usr/share/clixon/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libclixon.so* \
$(PKG_INSTALL_DIR)/usr/lib/libclixon_backend.so* \
$(PKG_INSTALL_DIR)/usr/lib/libclixon_restconf.so* \
$(PKG_INSTALL_DIR)/usr/lib/libclixon_cli.so* \
$(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/clixon.init $(1)/etc/init.d/clixon
$(INSTALL_DIR) $(1)/etc/ssh/sshd_config.d
$(INSTALL_CONF) ./files/netconf-subsystem.conf $(1)/etc/ssh/sshd_config.d/90-netconf-subsystem.conf
endef
$(eval $(call BuildPackage,clixon))

35
utils/clixon/files/clixon.init Executable file
View file

@ -0,0 +1,35 @@
#!/bin/sh /etc/rc.common
START=95
STOP=05
USE_PROCD=1
PROG=/usr/sbin/clixon_backend
CONFIGFILE=/etc/clixon/clixon.xml
get_xmldb_dir() {
$PROG -F -f "$CONFIGFILE" -1 -l s -C text -s none \
| awk '/^ CLICON_XMLDB_DIR / { print substr($2, 0, length($2) - 1); }'
}
start_service() {
local state="init"
[ -f "$(get_xmldb_dir)/running_db" ] && state="running"
procd_open_instance
procd_set_param command "$PROG"
procd_set_param file $CONFIGFILE
procd_append_param command -F
procd_append_param command -f $CONFIGFILE
procd_append_param command -l s
procd_append_param command -s $state
procd_close_instance
}
stop_service() {
service_stop "$PROG"
}

1
utils/clixon/files/netconf-subsystem.conf Normal file
View file

@ -0,0 +1 @@
Subsystem netconf /usr/bin/clixon_netconf

13
utils/clixon/files/restconf.xml Normal file
View file

@ -0,0 +1,13 @@
<restconf>
<enable>true</enable>
<auth-type>none</auth-type>
<pretty>false</pretty>
<debug>0</debug>
<log-destination>syslog</log-destination>
<socket>
<namespace>default</namespace>
<address>0.0.0.0</address>
<port>80</port>
<ssl>false</ssl>
</socket>
</restconf>

4
utils/yq/Makefile
View file

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=yq
PKG_VERSION:=4.40.3
PKG_VERSION:=4.40.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=238b695d372753a32bc0b8500a7ca99f98cf98d7855c3e84d6984a2b035b6268
PKG_HASH:=ac89c7e33ad6c62985d9c695251f66143562be10a07a2b70d14334aa3b94f764
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=MIT