fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge Mainline

Browse Source
This commit is contained in:
CN_SZTL 2020-06-06 22:57:01 +08:00
commit 05c36e29c6
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
46 changed files with 3976 additions and 4859 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/ctcgfw/luci-theme-argonv3/Makefile
View File

@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk
LUCI_TITLE:=Argon Theme
LUCI_DEPENDS:=
PKG_VERSION:=1.5.1
PKG_RELEASE:=01-20200331
PKG_VERSION:=1.5.2
PKG_RELEASE:=01-2020401
include $(TOPDIR)/feeds/luci/luci.mk

27
package/ctcgfw/luci-theme-argonv3/htdocs/luci-static/argon/css/style.css
View File

@ -1133,6 +1133,7 @@ input[name="nslookup"] {
#xhr_poll_status {
cursor: pointer;
display: inline-block;
}
@ -1577,7 +1578,7 @@ footer>a {
}
}
[id^="cbi-apply-"] {
fieldset[id^="cbi-apply-"] {
position: fixed;
z-index: 200;
width: 20rem;
@ -1586,8 +1587,9 @@ footer>a {
height: 10rem;
left: 50%;
top: 50%;
padding: 1rem;
box-sizing: border-box;
font-size: 1.2rem;
border-color: #5e72e4;
text-align: center;
}
@ -2287,6 +2289,10 @@ form.inline+form.inline,
border-color: #5e72e4 !important;
}
.node-services-vssr .ssr-button{
margin-left: 0.3rem;
}
.cbi-section-remove>.cbi-button,
.cbi-button-remove {
@ -3480,6 +3486,10 @@ header>.container>.pull-right>* {
font-size: 0.875rem;
}
/* fix nlbw/display*/
#detail-bubble.in{
z-index: 500;
}
@media screen and (max-width: 1600px) {
@ -4145,6 +4155,7 @@ header>.container>.pull-right>* {
.node-services-vssr .block{
background-color: #3c3c3c !important;
box-shadow: 0 0 0.5rem 0 rgba(0, 0, 0, .35);
}
.node-services-vssr .block h4 {
@ -4160,6 +4171,12 @@ header>.container>.pull-right>* {
.node-services-vssr .cbi-section-table-row{
color: #ccc;
background-color: #3c3c3c !important;
box-shadow: 0 0 5px 0 rgba(0, 0, 0, .35)
}
.node-services-vssr .cbi-section-table-row.fast {
background: darkslateblue !important;
color: #fff;
}
.node-services-vssr .ssr-button{
@ -4200,6 +4217,12 @@ header>.container>.pull-right>* {
border-bottom: 0.18751rem solid darkslateblue;
color: darkslateblue;
}
fieldset[id^="cbi-apply-"] {
background-color: #333333;
}
}
@media (prefers-color-scheme: dark) and (max-width: 480px){

BIN
package/ctcgfw/luci-theme-argonv3/htdocs/luci-static/argon/favicon.ico
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.4 KiB

After

Width:  |  Height:  |  Size: 4.2 KiB

4
package/ctcgfw/luci-theme-argonv3/luasrc/view/themes/argon/header.htm
View File

@ -278,9 +278,9 @@
</div>
</header>
<div class="darkMask"></div>
<% if striptags( node.title ) == nil then %>
<div class="login-bg" style="background-image:url(<%=media%>/img/bg<%=math.random(1,bgcount)%>.jpg)"></div>
<% end -%>
<div id="maincontent">
<div class="container">

4
package/libs/nghttp2/Makefile
View File

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=nghttp2
PKG_VERSION:=1.40.0
PKG_VERSION:=1.41.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/nghttp2/nghttp2/releases/download/v$(PKG_VERSION)
PKG_HASH:=09fc43d428ff237138733c737b29fb1a7e49d49de06d2edbed3bc4cdcee69073
PKG_HASH:=abc25b8dc601f5b3fefe084ce50fcbdc63e3385621bee0cbfa7b57f9ec3e67c2
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING

6
package/network/services/dnsmasq/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_VERSION:=2.80
PKG_RELEASE:=12
PKG_VERSION:=2.81
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
PKG_HASH:=cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb
PKG_HASH:=749ca903537c5197c26444ac24b0dce242cf42595fdfe6b9a5b9e4c7ad32f8fb
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING

495
package/network/services/dnsmasq/patches/0001-Impove-cache-behaviour-for-TCP-connections.patch
View File

@ -1,495 +0,0 @@
From a799ca0c6314ad73a97bc6c89382d2712a9c0b0e Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 18 Oct 2018 19:35:29 +0100
Subject: [PATCH 01/11] Impove cache behaviour for TCP connections.
For ease of implementaion, dnsmasq has always forked a new process to
handle each incoming TCP connection. A side-effect of this is that any
DNS queries answered from TCP connections are not cached: when TCP
connections were rare, this was not a problem. With the coming of
DNSSEC, it's now the case that some DNSSEC queries have answers which
spill to TCP, and if, for instance, this applies to the keys for the
root then those never get cached, and performance is very bad. This
fix passes cache entries back from the TCP child process to the main
server process, and fixes the problem.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
CHANGELOG | 14 ++++
src/blockdata.c | 37 ++++++++-
src/cache.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++--
src/dnsmasq.c | 58 ++++++++++++--
src/dnsmasq.h | 5 ++
5 files changed, 291 insertions(+), 19 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,17 @@
+version 2.81
+ Impove cache behaviour for TCP connections. For ease of
+ implementaion, dnsmasq has always forked a new process to handle
+ each incoming TCP connection. A side-effect of this is that
+ any DNS queries answered from TCP connections are not cached:
+ when TCP connections were rare, this was not a problem.
+ With the coming of DNSSEC, it's now the case that some
+ DNSSEC queries have answers which spill to TCP, and if,
+ for instance, this applies to the keys for the root then
+ those never get cached, and performance is very bad.
+ This fix passes cache entries back from the TCP child process to
+ the main server process, and fixes the problem.
+
+
version 2.80
Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
for the initial patch and motivation.
--- a/src/blockdata.c
+++ b/src/blockdata.c
@@ -61,7 +61,7 @@ void blockdata_report(void)
blockdata_alloced * sizeof(struct blockdata));
}
-struct blockdata *blockdata_alloc(char *data, size_t len)
+static struct blockdata *blockdata_alloc_real(int fd, char *data, size_t len)
{
struct blockdata *block, *ret = NULL;
struct blockdata **prev = &ret;
@@ -89,8 +89,17 @@ struct blockdata *blockdata_alloc(char *
blockdata_hwm = blockdata_count;
blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len;
- memcpy(block->key, data, blen);
- data += blen;
+ if (data)
+ {
+ memcpy(block->key, data, blen);
+ data += blen;
+ }
+ else if (!read_write(fd, block->key, blen, 1))
+ {
+ /* failed read free partial chain */
+ blockdata_free(ret);
+ return NULL;
+ }
len -= blen;
*prev = block;
prev = &block->next;
@@ -100,6 +109,10 @@ struct blockdata *blockdata_alloc(char *
return ret;
}
+struct blockdata *blockdata_alloc(char *data, size_t len)
+{
+ return blockdata_alloc_real(0, data, len);
+}
void blockdata_free(struct blockdata *blocks)
{
@@ -148,5 +161,21 @@ void *blockdata_retrieve(struct blockdat
return data;
}
-
+
+
+void blockdata_write(struct blockdata *block, size_t len, int fd)
+{
+ for (; len > 0 && block; block = block->next)
+ {
+ size_t blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len;
+ read_write(fd, block->key, blen, 0);
+ len -= blen;
+ }
+}
+
+struct blockdata *blockdata_read(int fd, size_t len)
+{
+ return blockdata_alloc_real(fd, NULL, len);
+}
+
#endif
--- a/src/cache.c
+++ b/src/cache.c
@@ -26,6 +26,8 @@ static union bigname *big_free = NULL;
static int bignames_left, hash_size;
static void make_non_terminals(struct crec *source);
+static struct crec *really_insert(char *name, struct all_addr *addr,
+ time_t now, unsigned long ttl, unsigned short flags);
/* type->string mapping: this is also used by the name-hash function as a mixing table. */
static const struct {
@@ -464,16 +466,10 @@ void cache_start_insert(void)
new_chain = NULL;
insert_error = 0;
}
-
+
struct crec *cache_insert(char *name, struct all_addr *addr,
time_t now, unsigned long ttl, unsigned short flags)
{
- struct crec *new, *target_crec = NULL;
- union bigname *big_name = NULL;
- int freed_all = flags & F_REVERSE;
- int free_avail = 0;
- unsigned int target_uid;
-
/* Don't log DNSSEC records here, done elsewhere */
if (flags & (F_IPV4 | F_IPV6 | F_CNAME))
{
@@ -484,7 +480,20 @@ struct crec *cache_insert(char *name, st
if (daemon->min_cache_ttl != 0 && daemon->min_cache_ttl > ttl)
ttl = daemon->min_cache_ttl;
}
+
+ return really_insert(name, addr, now, ttl, flags);
+}
+
+static struct crec *really_insert(char *name, struct all_addr *addr,
+ time_t now, unsigned long ttl, unsigned short flags)
+{
+ struct crec *new, *target_crec = NULL;
+ union bigname *big_name = NULL;
+ int freed_all = flags & F_REVERSE;
+ int free_avail = 0;
+ unsigned int target_uid;
+
/* if previous insertion failed give up now. */
if (insert_error)
return NULL;
@@ -645,12 +654,185 @@ void cache_end_insert(void)
cache_hash(new_chain);
cache_link(new_chain);
daemon->metrics[METRIC_DNS_CACHE_INSERTED]++;
+
+ /* If we're a child process, send this cache entry up the pipe to the master.
+ The marshalling process is rather nasty. */
+ if (daemon->pipe_to_parent != -1)
+ {
+ char *name = cache_get_name(new_chain);
+ ssize_t m = strlen(name);
+ unsigned short flags = new_chain->flags;
+#ifdef HAVE_DNSSEC
+ u16 class = new_chain->uid;
+#endif
+
+ read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)name, m, 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0);
+
+ if (flags & (F_IPV4 | F_IPV6))
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0);
+#ifdef HAVE_DNSSEC
+ else if (flags & F_DNSKEY)
+ {
+ read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.algo, sizeof(new_chain->addr.key.algo), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keytag, sizeof(new_chain->addr.key.keytag), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.flags, sizeof(new_chain->addr.key.flags), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.key.keylen, sizeof(new_chain->addr.key.keylen), 0);
+ blockdata_write(new_chain->addr.key.keydata, new_chain->addr.key.keylen, daemon->pipe_to_parent);
+ }
+ else if (flags & F_DS)
+ {
+ read_write(daemon->pipe_to_parent, (unsigned char *)&class, sizeof(class), 0);
+ /* A negative DS entry is possible and has no data, obviously. */
+ if (!(flags & F_NEG))
+ {
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.algo, sizeof(new_chain->addr.ds.algo), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keytag, sizeof(new_chain->addr.ds.keytag), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.digest, sizeof(new_chain->addr.ds.digest), 0);
+ read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr.ds.keylen, sizeof(new_chain->addr.ds.keylen), 0);
+ blockdata_write(new_chain->addr.ds.keydata, new_chain->addr.ds.keylen, daemon->pipe_to_parent);
+ }
+ }
+#endif
+
+ }
}
+
new_chain = tmp;
}
+
+ /* signal end of cache insert in master process */
+ if (daemon->pipe_to_parent != -1)
+ {
+ ssize_t m = -1;
+ read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0);
+ }
+
new_chain = NULL;
}
+
+/* A marshalled cache entry arrives on fd, read, unmarshall and insert into cache of master process. */
+int cache_recv_insert(time_t now, int fd)
+{
+ ssize_t m;
+ struct all_addr addr;
+ unsigned long ttl;
+ time_t ttd;
+ unsigned short flags;
+ struct crec *crecp = NULL;
+
+ cache_start_insert();
+
+ while(1)
+ {
+
+ if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1))
+ return 0;
+
+ if (m == -1)
+ {
+ cache_end_insert();
+ return 1;
+ }
+
+ if (!read_write(fd, (unsigned char *)daemon->namebuff, m, 1) ||
+ !read_write(fd, (unsigned char *)&ttd, sizeof(ttd), 1) ||
+ !read_write(fd, (unsigned char *)&flags, sizeof(flags), 1))
+ return 0;
+
+ daemon->namebuff[m] = 0;
+
+ ttl = difftime(ttd, now);
+
+ if (flags & (F_IPV4 | F_IPV6))
+ {
+ if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1))
+ return 0;
+ crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags);
+ }
+ else if (flags & F_CNAME)
+ {
+ struct crec *newc = really_insert(daemon->namebuff, NULL, now, ttl, flags);
+ /* This relies on the fact the the target of a CNAME immediately preceeds
+ it because of the order of extraction in extract_addresses, and
+ the order reversal on the new_chain. */
+ if (newc)
+ {
+ if (!crecp)
+ {
+ newc->addr.cname.target.cache = NULL;
+ /* anything other than zero, to avoid being mistaken for CNAME to interface-name */
+ newc->addr.cname.uid = 1;
+ }
+ else
+ {
+ next_uid(crecp);
+ newc->addr.cname.target.cache = crecp;
+ newc->addr.cname.uid = crecp->uid;
+ }
+ }
+ }
+#ifdef HAVE_DNSSEC
+ else if (flags & (F_DNSKEY | F_DS))
+ {
+ unsigned short class, keylen, keyflags, keytag;
+ unsigned char algo, digest;
+ struct blockdata *keydata;
+
+ if (!read_write(fd, (unsigned char *)&class, sizeof(class), 1))
+ return 0;
+ /* Cache needs to known class for DNSSEC stuff */
+ addr.addr.dnssec.class = class;
+
+ crecp = really_insert(daemon->namebuff, &addr, now, ttl, flags);
+
+ if (flags & F_DNSKEY)
+ {
+ if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) ||
+ !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) ||
+ !read_write(fd, (unsigned char *)&keyflags, sizeof(keyflags), 1) ||
+ !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) ||
+ !(keydata = blockdata_read(fd, keylen)))
+ return 0;
+ }
+ else if (!(flags & F_NEG))
+ {
+ if (!read_write(fd, (unsigned char *)&algo, sizeof(algo), 1) ||
+ !read_write(fd, (unsigned char *)&keytag, sizeof(keytag), 1) ||
+ !read_write(fd, (unsigned char *)&digest, sizeof(digest), 1) ||
+ !read_write(fd, (unsigned char *)&keylen, sizeof(keylen), 1) ||
+ !(keydata = blockdata_read(fd, keylen)))
+ return 0;
+ }
+
+ if (crecp)
+ {
+ if (flags & F_DNSKEY)
+ {
+ crecp->addr.key.algo = algo;
+ crecp->addr.key.keytag = keytag;
+ crecp->addr.key.flags = flags;
+ crecp->addr.key.keylen = keylen;
+ crecp->addr.key.keydata = keydata;
+ }
+ else if (!(flags & F_NEG))
+ {
+ crecp->addr.ds.algo = algo;
+ crecp->addr.ds.keytag = keytag;
+ crecp->addr.ds.digest = digest;
+ crecp->addr.ds.keylen = keylen;
+ crecp->addr.ds.keydata = keydata;
+ }
+ }
+ }
+#endif
+ }
+}
+
int cache_find_non_terminal(char *name, time_t now)
{
struct crec *crecp;
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -930,6 +930,10 @@ int main (int argc, char **argv)
check_servers();
pid = getpid();
+
+ daemon->pipe_to_parent = -1;
+ for (i = 0; i < MAX_PROCS; i++)
+ daemon->tcp_pipes[i] = -1;
#ifdef HAVE_INOTIFY
/* Using inotify, have to select a resolv file at startup */
@@ -1611,7 +1615,7 @@ static int set_dns_listeners(time_t now)
we don't need to explicitly arrange to wake up here */
if (listener->tcpfd != -1)
for (i = 0; i < MAX_PROCS; i++)
- if (daemon->tcp_pids[i] == 0)
+ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
{
poll_listen(listener->tcpfd, POLLIN);
break;
@@ -1624,6 +1628,13 @@ static int set_dns_listeners(time_t now)
}
+#ifndef NO_FORK
+ if (!option_bool(OPT_DEBUG))
+ for (i = 0; i < MAX_PROCS; i++)
+ if (daemon->tcp_pipes[i] != -1)
+ poll_listen(daemon->tcp_pipes[i], POLLIN);
+#endif
+
return wait;
}
@@ -1632,7 +1643,10 @@ static void check_dns_listeners(time_t n
struct serverfd *serverfdp;
struct listener *listener;
int i;
-
+#ifndef NO_FORK
+ int pipefd[2];
+#endif
+
for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
if (poll_check(serverfdp->fd, POLLIN))
reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
@@ -1642,7 +1656,26 @@ static void check_dns_listeners(time_t n
if (daemon->randomsocks[i].refcount != 0 &&
poll_check(daemon->randomsocks[i].fd, POLLIN))
reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
-
+
+#ifndef NO_FORK
+ /* Races. The child process can die before we read all of the data from the
+ pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the
+ process, and tcp_pipes to -1 and close the FD when we read the last
+ of the data - indicated by cache_recv_insert returning zero.
+ The order of these events is indeterminate, and both are needed
+ to free the process slot. Once the child process has gone, poll()
+ returns POLLHUP, not POLLIN, so have to check for both here. */
+ if (!option_bool(OPT_DEBUG))
+ for (i = 0; i < MAX_PROCS; i++)
+ if (daemon->tcp_pipes[i] != -1 &&
+ poll_check(daemon->tcp_pipes[i], POLLIN | POLLHUP) &&
+ !cache_recv_insert(now, daemon->tcp_pipes[i]))
+ {
+ close(daemon->tcp_pipes[i]);
+ daemon->tcp_pipes[i] = -1;
+ }
+#endif
+
for (listener = daemon->listeners; listener; listener = listener->next)
{
if (listener->fd != -1 && poll_check(listener->fd, POLLIN))
@@ -1736,15 +1769,20 @@ static void check_dns_listeners(time_t n
while (retry_send(close(confd)));
}
#ifndef NO_FORK
- else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
+ else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0)
{
- if (p != -1)
+ close(pipefd[1]); /* parent needs read pipe end. */
+ if (p == -1)
+ close(pipefd[0]);
+ else
{
int i;
+
for (i = 0; i < MAX_PROCS; i++)
- if (daemon->tcp_pids[i] == 0)
+ if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
{
daemon->tcp_pids[i] = p;
+ daemon->tcp_pipes[i] = pipefd[0];
break;
}
}
@@ -1761,7 +1799,7 @@ static void check_dns_listeners(time_t n
int flags;
struct in_addr netmask;
int auth_dns;
-
+
if (iface)
{
netmask = iface->netmask;
@@ -1777,7 +1815,11 @@ static void check_dns_listeners(time_t n
/* Arrange for SIGALRM after CHILD_LIFETIME seconds to
terminate the process. */
if (!option_bool(OPT_DEBUG))
- alarm(CHILD_LIFETIME);
+ {
+ alarm(CHILD_LIFETIME);
+ close(pipefd[0]); /* close read end in child. */
+ daemon->pipe_to_parent = pipefd[1];
+ }
#endif
/* start with no upstream connections. */
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1091,6 +1091,8 @@ extern struct daemon {
size_t packet_len; /* " " */
struct randfd *rfd_save; /* " " */
pid_t tcp_pids[MAX_PROCS];
+ int tcp_pipes[MAX_PROCS];
+ int pipe_to_parent;
struct randfd randomsocks[RANDOM_SOCKS];
int v6pktinfo;
struct addrlist *interface_addrs; /* list of all addresses/prefix lengths associated with all local interfaces */
@@ -1152,6 +1154,7 @@ struct crec *cache_find_by_name(struct c
char *name, time_t now, unsigned int prot);
void cache_end_insert(void);
void cache_start_insert(void);
+int cache_recv_insert(time_t now, int fd);
struct crec *cache_insert(char *name, struct all_addr *addr,
time_t now, unsigned long ttl, unsigned short flags);
void cache_reload(void);
@@ -1174,6 +1177,8 @@ void blockdata_init(void);
void blockdata_report(void);
struct blockdata *blockdata_alloc(char *data, size_t len);
void *blockdata_retrieve(struct blockdata *block, size_t len, void *data);
+struct blockdata *blockdata_read(int fd, size_t len);
+void blockdata_write(struct blockdata *block, size_t len, int fd);
void blockdata_free(struct blockdata *blocks);
#endif

26
package/network/services/dnsmasq/patches/0002-Ensure-that-AD-bit-is-reset-on-answers-from-address-.patch
View File

@ -1,26 +0,0 @@
From a220545c4277cba534be5ef4638b5076fc7d2cf4 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 22 Oct 2018 18:21:48 +0100
Subject: [PATCH 02/11] Ensure that AD bit is reset on answers from
--address=/<domain>/<address>.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/rfc1035.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -938,9 +938,9 @@ size_t setup_reply(struct dns_header *he
return 0;
/* clear authoritative and truncated flags, set QR flag */
- header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
- /* set RA flag */
- header->hb4 |= HB4_RA;
+ header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC )) | HB3_QR;
+ /* clear AD flag, set RA flag */
+ header->hb4 = (header->hb4 & ~HB4_AD) | HB4_RA;
header->nscount = htons(0);
header->arcount = htons(0);

2192
package/network/services/dnsmasq/patches/0003-Remove-ability-to-compile-without-IPv6-support.patch
View File

File diff suppressed because it is too large Load Diff

52
package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch
View File

@ -1,52 +0,0 @@
From cf5984367bc6a949e3803a576512c5a7bc48ebab Mon Sep 17 00:00:00 2001
From: Vladislav Grishenko <themiron@mail.ru>
Date: Thu, 18 Oct 2018 04:55:21 +0500
Subject: [PATCH 04/11] Don't forward *.bind/*.server queries upstream
Chaos .bind and .server (RFC4892) zones are local, therefore
don't forward queries upstream to avoid mixing with supported
locally and false replies with NO_ID enabled.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/rfc1035.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1276,7 +1276,7 @@ size_t answer_request(struct dns_header
int q, ans, anscount = 0, addncount = 0;
int dryrun = 0;
struct crec *crecp;
- int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
+ int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1;
struct mx_srv_record *rec;
size_t len;
@@ -1355,6 +1355,17 @@ size_t answer_request(struct dns_header
}
}
+ if (qclass == C_CHAOS)
+ {
+ /* don't forward *.bind and *.server chaos queries */
+ if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name))
+ {
+ if (!ans)
+ notimp = 1, auth = 0;
+ ans = 1;
+ }
+ }
+
if (qclass == C_IN)
{
struct txt_record *t;
@@ -1903,6 +1914,8 @@ size_t answer_request(struct dns_header
if (nxdomain)
SET_RCODE(header, NXDOMAIN);
+ else if (notimp)
+ SET_RCODE(header, NOTIMP);
else
SET_RCODE(header, NOERROR); /* no error */
header->ancount = htons(anscount);

63
package/network/services/dnsmasq/patches/0005-Fix-logging-in-cf5984367bc6a949e3803a576512c5a7bc48e.patch
View File

@ -1,63 +0,0 @@
From cbb5b17ad8e03e08ade62376a4f6a2066e55960d Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 23 Oct 2018 23:45:57 +0100
Subject: [PATCH 05/11] Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/rfc1035.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1335,7 +1335,6 @@ size_t answer_request(struct dns_header
{
unsigned long ttl = daemon->local_ttl;
int ok = 1;
- log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
#ifndef NO_ID
/* Dynamically generate stat record */
if (t->stat != 0)
@@ -1345,11 +1344,14 @@ size_t answer_request(struct dns_header
ok = 0;
}
#endif
- if (ok && add_resource_record(header, limit, &trunc, nameoffset, &ansp,
- ttl, NULL,
- T_TXT, t->class, "t", t->len, t->txt))
- anscount++;
-
+ if (ok)
+ {
+ log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
+ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
+ ttl, NULL,
+ T_TXT, t->class, "t", t->len, t->txt))
+ anscount++;
+ }
}
}
}
@@ -1357,12 +1359,19 @@ size_t answer_request(struct dns_header
if (qclass == C_CHAOS)
{
- /* don't forward *.bind and *.server chaos queries */
+ /* don't forward *.bind and *.server chaos queries - always reply with NOTIMP */
if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name))
{
if (!ans)
- notimp = 1, auth = 0;
- ans = 1;
+ {
+ notimp = 1, auth = 0;
+ if (!dryrun)
+ {
+ addr.addr.rcode.rcode = NOTIMP;
+ log_query(F_CONFIG | F_RCODE, name, &addr, NULL);
+ }
+ ans = 1;
+ }
}
}

120
package/network/services/dnsmasq/patches/0006-Fix-spurious-AD-flags-in-some-DNS-replies-from-local.patch
View File

@ -1,120 +0,0 @@
From 6f7812d97bc8f87004c0a5069c6c94c64af78106 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 23 Oct 2018 23:54:44 +0100
Subject: [PATCH 06/11] Fix spurious AD flags in some DNS replies from local
config.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/rfc1035.c | 42 ++++++++++++++++++++++++------------------
1 file changed, 24 insertions(+), 18 deletions(-)
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1330,7 +1330,7 @@ size_t answer_request(struct dns_header
{
if (t->class == qclass && hostname_isequal(name, t->name))
{
- ans = 1;
+ ans = 1, sec_data = 0;
if (!dryrun)
{
unsigned long ttl = daemon->local_ttl;
@@ -1370,7 +1370,7 @@ size_t answer_request(struct dns_header
addr.addr.rcode.rcode = NOTIMP;
log_query(F_CONFIG | F_RCODE, name, &addr, NULL);
}
- ans = 1;
+ ans = 1, sec_data = 0;
}
}
}
@@ -1725,7 +1725,7 @@ size_t answer_request(struct dns_header
}
else if (is_name_synthetic(flag, name, &addr))
{
- ans = 1;
+ ans = 1, sec_data = 0;
if (!dryrun)
{
log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL);
@@ -1763,25 +1763,27 @@ size_t answer_request(struct dns_header
for (rec = daemon->mxnames; rec; rec = rec->next)
if (!rec->issrv && hostname_isequal(name, rec->name))
{
- ans = found = 1;
- if (!dryrun)
- {
- int offset;
- log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
- if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
- &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
- {
- anscount++;
- if (rec->target)
- rec->offset = offset;
- }
- }
+ ans = found = 1;
+ sec_data = 0;
+ if (!dryrun)
+ {
+ int offset;
+ log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
+ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
+ &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
+ {
+ anscount++;
+ if (rec->target)
+ rec->offset = offset;
+ }
+ }
}
if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) &&
cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP | F_NO_RR))
{
ans = 1;
+ sec_data = 0;
if (!dryrun)
{
log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
@@ -1802,6 +1804,7 @@ size_t answer_request(struct dns_header
if (rec->issrv && hostname_isequal(name, rec->name))
{
found = ans = 1;
+ sec_data = 0;
if (!dryrun)
{
int offset;
@@ -1838,6 +1841,7 @@ size_t answer_request(struct dns_header
if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_'))))
{
ans = 1;
+ sec_data = 0;
if (!dryrun)
log_query(F_CONFIG | F_NEG, name, NULL, NULL);
}
@@ -1850,6 +1854,7 @@ size_t answer_request(struct dns_header
if (hostname_isequal(name, na->name))
{
ans = 1;
+ sec_data = 0;
if (!dryrun)
{
log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
@@ -1862,11 +1867,12 @@ size_t answer_request(struct dns_header
}
if (qtype == T_MAILB)
- ans = 1, nxdomain = 1;
+ ans = 1, nxdomain = 1, sec_data = 0;
if (qtype == T_SOA && option_bool(OPT_FILTER))
{
- ans = 1;
+ ans = 1;
+ sec_data = 0;
if (!dryrun)
log_query(F_CONFIG | F_NEG, name, &addr, NULL);
}

71
package/network/services/dnsmasq/patches/0007-Do-not-rely-on-dead-code-elimination-use-array-inste.patch
View File

@ -1,71 +0,0 @@
From 24b87607c1353e94689e8a2190571ab3f3b36f31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 24 Oct 2018 22:30:18 +0100
Subject: [PATCH 07/11] Do not rely on dead code elimination, use array
instead. Make options bits derived from size and count. Use size of option
bits and last supported bit in computation. No new change would be required
when new options are added. Just change OPT_LAST constant.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/dnsmasq.h | 11 +++++++----
src/option.c | 10 ++--------
2 files changed, 9 insertions(+), 12 deletions(-)
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -200,9 +200,6 @@ struct event_desc {
#define EC_MISC 5
#define EC_INIT_OFFSET 10
-/* Trust the compiler dead-code eliminator.... */
-#define option_bool(x) (((x) < 32) ? daemon->options & (1u << (x)) : daemon->options2 & (1u << ((x) - 32)))
-
#define OPT_BOGUSPRIV 0
#define OPT_FILTER 1
#define OPT_LOG 2
@@ -264,6 +261,12 @@ struct event_desc {
#define OPT_UBUS 58
#define OPT_LAST 59
+#define OPTION_BITS (sizeof(unsigned int)*8)
+#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
+#define option_var(x) (daemon->options[(x) / OPTION_BITS])
+#define option_val(x) ((1u) << ((x) % OPTION_BITS))
+#define option_bool(x) (option_var(x) & option_val(x))
+
/* extra flags for my_syslog, we use a couple of facilities since they are known
not to occupy the same bits as priorities, no matter how syslog.h is set up. */
#define MS_TFTP LOG_USER
@@ -978,7 +981,7 @@ extern struct daemon {
config file arguments. All set (including defaults)
in option.c */
- unsigned int options, options2;
+ unsigned int options[OPTION_SIZE];
struct resolvc default_resolv, *resolv_files;
time_t last_resolv;
char *servers_file;
--- a/src/option.c
+++ b/src/option.c
@@ -1490,18 +1490,12 @@ static int parse_dhcp_opt(char *errstr,
void set_option_bool(unsigned int opt)
{
- if (opt < 32)
- daemon->options |= 1u << opt;
- else
- daemon->options2 |= 1u << (opt - 32);
+ option_var(opt) |= option_val(opt);
}
void reset_option_bool(unsigned int opt)
{
- if (opt < 32)
- daemon->options &= ~(1u << opt);
- else
- daemon->options2 &= ~(1u << (opt - 32));
+ option_var(opt) &= ~(option_val(opt));
}
static int one_opt(int option, char *arg, char *errstr, char *gen_err, int command_line, int servers_only)

63
package/network/services/dnsmasq/patches/0008-Fix-Makefile-lines-generating-UBUS-linker-config.patch
View File

@ -1,63 +0,0 @@
From 3a5a84cdd1488bad118eeac72d09a60299bca744 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 31 Oct 2018 21:30:13 +0000
Subject: [PATCH 08/11] Fix Makefile lines generating UBUS linker config.
If arg2 of pkg-wrapper is "--copy", then arg1 is NOT the name of
the package manager (--copy doesn't invoke it) it's a secondary
config string that inhibts the copy if found. This patch allows that
to be the empty string, for unconditional copy, and modifies the
ubus linker config to use it. It worked by coincidence before, because
there was no config string called "pkg-config".
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
Makefile | 2 +-
bld/pkg-wrapper | 14 ++++++++------
2 files changed, 9 insertions(+), 7 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -53,7 +53,7 @@ top?=$(CURDIR)
dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1`
dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1`
-ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS $(PKG_CONFIG) --copy -lubox -lubus`
+ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy -lubox -lubus`
idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn`
idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn`
idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2`
--- a/bld/pkg-wrapper
+++ b/bld/pkg-wrapper
@@ -11,23 +11,25 @@ in=`cat`
if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
echo $in | grep $search >/dev/null 2>&1; then
-# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP
+# Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP
if [ $op = "--copy" ]; then
- if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
- echo $in | grep $pkg >/dev/null 2>&1; then
+ if [ -z "$pkg" ]; then
+ pkg="$*"
+ elif grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
+ echo $in | grep $pkg >/dev/null 2>&1; then
pkg=""
else
pkg="$*"
fi
elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
+ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
pkg=`$pkg --static $op $*`
else
pkg=`$pkg $op $*`
fi
-
+
if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
+ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
if [ $op = "--libs" ] || [ $op = "--copy" ]; then
echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic"
else

41
package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch
View File

@ -1,41 +0,0 @@
From 122392e0b352507cabb9e982208d35d2e56902e0 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 31 Oct 2018 22:24:02 +0000
Subject: [PATCH 09/11] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
The above is intended to increase robustness, but actually does the
opposite. The problem is that by ignoring SERVFAIL messages and hoping
for a better answer from another of the servers we've forwarded to,
we become vulnerable in the case that one or more of the configured
servers is down or not responding.
Consider the case that a domain is indeed BOGUS, and we've send the
query to n servers. With 68f6312d4bae30b78daafcd6f51dc441b8685b1e
we ignore the first n-1 SERVFAIL replies, and only return the
final n'th answer to the client. Now, if one of the servers we are
forwarding to is down, then we won't get all n replies, and the
client will never get an answer! This is a far more likely scenario
than a temporary SERVFAIL from only one of a set of notionally identical
servers, so, on the ground of robustness, we have to believe
any SERVFAIL answers we get, and return them to the client.
The client could be using the same recursive servers we are,
so it should, in theory, retry on SERVFAIL anyway.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/forward.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -957,8 +957,7 @@ void reply_query(int fd, int family, tim
we get a good reply from another server. Kill it when we've
had replies from all to avoid filling the forwarding table when
everything is broken */
- if (forward->forwardall == 0 || --forward->forwardall == 1 ||
- (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
+ if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED)
{
int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;

199
package/network/services/dnsmasq/patches/0010-Remove-the-NO_FORK-compile-time-option-and-support-f.patch
View File

@ -1,199 +0,0 @@
From 48d12f14c9c0fc8cf943b52774c3892517dd72d4 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 2 Nov 2018 21:55:04 +0000
Subject: [PATCH 10/11] Remove the NO_FORK compile-time option, and support for
uclinux.
In an era where everything has an MMU, this looks like
an anachronism, and it adds to (Ok, multiplies!) the
combinatorial explosion of compile-time options.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
CHANGELOG | 6 ++++++
src/config.h | 21 ++-------------------
src/dnsmasq.c | 14 --------------
src/option.c | 4 +---
4 files changed, 9 insertions(+), 36 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -11,6 +11,12 @@ version 2.81
This fix passes cache entries back from the TCP child process to
the main server process, and fixes the problem.
+ Remove the NO_FORK compile-time option, and support for uclinux.
+ In an era where everything has an MMU, this looks like
+ an anachronism, and it adds to (Ok, multiplies!) the
+ combinatorial explosion of compile-time options. Thanks to
+ Kevin Darbyshire-Bryant for the patch.
+
version 2.80
Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
--- a/src/config.h
+++ b/src/config.h
@@ -239,27 +239,13 @@ HAVE_SOCKADDR_SA_LEN
defined if struct sockaddr has sa_len field (*BSD)
*/
-/* Must precede __linux__ since uClinux defines __linux__ too. */
-#if defined(__uClinux__)
-#define HAVE_LINUX_NETWORK
-#define HAVE_GETOPT_LONG
-#undef HAVE_SOCKADDR_SA_LEN
-/* Never use fork() on uClinux. Note that this is subtly different from the
- --keep-in-foreground option, since it also suppresses forking new
- processes for TCP connections and disables the call-a-script on leasechange
- system. It's intended for use on MMU-less kernels. */
-#define NO_FORK
-
-#elif defined(__UCLIBC__)
+#if defined(__UCLIBC__)
#define HAVE_LINUX_NETWORK
#if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
# define HAVE_GETOPT_LONG
#endif
#undef HAVE_SOCKADDR_SA_LEN
-#if !defined(__ARCH_HAS_MMU__) && !defined(__UCLIBC_HAS_MMU__)
-# define NO_FORK
-#endif
#if defined(__UCLIBC_HAS_IPV6__)
# ifndef IPV6_V6ONLY
# define IPV6_V6ONLY 26
@@ -328,7 +314,7 @@ HAVE_SOCKADDR_SA_LEN
#define HAVE_DHCP
#endif
-#if defined(NO_SCRIPT) || defined(NO_FORK)
+#if defined(NO_SCRIPT)
#undef HAVE_SCRIPT
#undef HAVE_LUASCRIPT
#endif
@@ -372,9 +358,6 @@ static char *compile_opts =
#ifdef HAVE_BROKEN_RTC
"no-RTC "
#endif
-#ifdef NO_FORK
-"no-MMU "
-#endif
#ifndef HAVE_DBUS
"no-"
#endif
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -485,7 +485,6 @@ int main (int argc, char **argv)
if (chdir("/") != 0)
die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
-#ifndef NO_FORK
if (!option_bool(OPT_NO_FORK))
{
pid_t pid;
@@ -525,7 +524,6 @@ int main (int argc, char **argv)
if (pid != 0)
_exit(0);
}
-#endif
/* write pidfile _after_ forking ! */
if (daemon->runfile)
@@ -1628,12 +1626,10 @@ static int set_dns_listeners(time_t now)
}
-#ifndef NO_FORK
if (!option_bool(OPT_DEBUG))
for (i = 0; i < MAX_PROCS; i++)
if (daemon->tcp_pipes[i] != -1)
poll_listen(daemon->tcp_pipes[i], POLLIN);
-#endif
return wait;
}
@@ -1643,9 +1639,7 @@ static void check_dns_listeners(time_t n
struct serverfd *serverfdp;
struct listener *listener;
int i;
-#ifndef NO_FORK
int pipefd[2];
-#endif
for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
if (poll_check(serverfdp->fd, POLLIN))
@@ -1657,7 +1651,6 @@ static void check_dns_listeners(time_t n
poll_check(daemon->randomsocks[i].fd, POLLIN))
reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
-#ifndef NO_FORK
/* Races. The child process can die before we read all of the data from the
pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the
process, and tcp_pipes to -1 and close the FD when we read the last
@@ -1674,7 +1667,6 @@ static void check_dns_listeners(time_t n
close(daemon->tcp_pipes[i]);
daemon->tcp_pipes[i] = -1;
}
-#endif
for (listener = daemon->listeners; listener; listener = listener->next)
{
@@ -1768,7 +1760,6 @@ static void check_dns_listeners(time_t n
shutdown(confd, SHUT_RDWR);
while (retry_send(close(confd)));
}
-#ifndef NO_FORK
else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0)
{
close(pipefd[1]); /* parent needs read pipe end. */
@@ -1791,7 +1782,6 @@ static void check_dns_listeners(time_t n
/* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
daemon->log_id += TCP_MAX_QUERIES;
}
-#endif
else
{
unsigned char *buff;
@@ -1811,7 +1801,6 @@ static void check_dns_listeners(time_t n
auth_dns = 0;
}
-#ifndef NO_FORK
/* Arrange for SIGALRM after CHILD_LIFETIME seconds to
terminate the process. */
if (!option_bool(OPT_DEBUG))
@@ -1820,7 +1809,6 @@ static void check_dns_listeners(time_t n
close(pipefd[0]); /* close read end in child. */
daemon->pipe_to_parent = pipefd[1];
}
-#endif
/* start with no upstream connections. */
for (s = daemon->servers; s; s = s->next)
@@ -1846,13 +1834,11 @@ static void check_dns_listeners(time_t n
shutdown(s->tcpfd, SHUT_RDWR);
while (retry_send(close(s->tcpfd)));
}
-#ifndef NO_FORK
if (!option_bool(OPT_DEBUG))
{
flush_log();
_exit(0);
}
-#endif
}
}
}
--- a/src/option.c
+++ b/src/option.c
@@ -1828,9 +1828,7 @@ static int one_opt(int option, char *arg
/* Sorry about the gross pre-processor abuse */
case '6': /* --dhcp-script */
case LOPT_LUASCRIPT: /* --dhcp-luascript */
-# if defined(NO_FORK)
- ret_err(_("cannot run scripts under uClinux"));
-# elif !defined(HAVE_SCRIPT)
+# if !defined(HAVE_SCRIPT)
ret_err(_("recompile with HAVE_SCRIPT defined to enable lease-change scripts"));
# else
if (option == LOPT_LUASCRIPT)

1199
package/network/services/dnsmasq/patches/0011-Free-config-file-values-on-parsing-errors.patch
View File

File diff suppressed because it is too large Load Diff

27
package/network/services/dnsmasq/patches/0012-option-fix-non-DHCPv6-build-error.patch
View File

@ -1,27 +0,0 @@
From 061eb8599636bb360e0b7fa5986935b86db39497 Mon Sep 17 00:00:00 2001
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Mon, 10 Dec 2018 10:07:33 +0000
Subject: [PATCH] option: fix non DHCPv6 build error
option.c: In function 'dhcp_context_free':
option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface'
free(ctx->template_interface);
^~
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/src/option.c
+++ b/src/option.c
@@ -1039,7 +1039,9 @@ static void dhcp_context_free(struct dhc
{
dhcp_netid_free(ctx->filter);
free(ctx->netid.net);
+#ifdef HAVE_DHCP6
free(ctx->template_interface);
+#endif
free(ctx);
}
}

21
package/network/services/dnsmasq/patches/0013-ipset-fix-ternary-order-swap.patch
View File

@ -1,21 +0,0 @@
From 46de5d4954b470db155098001cffc357b51e50f4 Mon Sep 17 00:00:00 2001
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Wed, 12 Dec 2018 11:35:12 +0000
Subject: [PATCH] ipset fix ternary order swap
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/ipset.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/ipset.c
+++ b/src/ipset.c
@@ -120,7 +120,7 @@ static int new_add_to_ipset(const char *
struct my_nfgenmsg *nfg;
struct my_nlattr *nested[2];
uint8_t proto;
- int addrsz = (af == AF_INET6) ? INADDRSZ : IN6ADDRSZ;
+ int addrsz = (af == AF_INET6) ? IN6ADDRSZ : INADDRSZ;
if (strlen(setname) >= IPSET_MAXNAMELEN)
{

40
package/network/services/dnsmasq/patches/0014-option-dhcp-boot-dhcp-reply-delay-tag-fixes.patch
View File

@ -1,40 +0,0 @@
From 668b45c29c38d440c8fce4bc994c56910adc3919 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 14 Dec 2018 17:03:08 +0100
Subject: [PATCH] Fix required tags in few places
Some locations were incorrectly changed to require always tags, else
dnsmasq will not start. Fix dhcp-boot, dhcp-reply-delay and pxe-prompt.
---
src/option.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/src/option.c
+++ b/src/option.c
@@ -3434,7 +3434,7 @@ static int one_opt(int option, char *arg
{
struct dhcp_netid *id = dhcp_tags(&arg);
- if (!id)
+ if (!arg)
{
ret_err(gen_err);
}
@@ -3485,7 +3485,7 @@ static int one_opt(int option, char *arg
{
struct dhcp_netid *id = dhcp_tags(&arg);
- if (!id)
+ if (!arg)
{
ret_err(gen_err);
}
@@ -3515,7 +3515,7 @@ static int one_opt(int option, char *arg
new->opt = 10; /* PXE_MENU_PROMPT */
new->netid = dhcp_tags(&arg);
- if (!new->netid)
+ if (!arg)
{
dhcp_opt_free(new);
ret_err(gen_err);

33
package/network/services/dnsmasq/patches/0015-fix-build-with-libnettle-3.5.patch
View File

@ -1,33 +0,0 @@
diff --git a/src/crypto.c b/src/crypto.c
index ebb871e..94d0332 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -275,6 +275,10 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
static struct ecc_point *key_256 = NULL, *key_384 = NULL;
static mpz_t x, y;
static struct dsa_signature *sig_struct;
+#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4
+#define nettle_get_secp_256r1() (&nettle_secp_256r1)
+#define nettle_get_secp_384r1() (&nettle_secp_384r1)
+#endif
if (!sig_struct)
{
@@ -294,7 +298,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
return 0;
- nettle_ecc_point_init(key_256, &nettle_secp_256r1);
+ nettle_ecc_point_init(key_256, nettle_get_secp_256r1());
}
key = key_256;
@@ -307,7 +311,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
return 0;
- nettle_ecc_point_init(key_384, &nettle_secp_384r1);
+ nettle_ecc_point_init(key_384, nettle_get_secp_256r1());
}
key = key_384;

178
package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch Normal file
View File

@ -0,0 +1,178 @@
From 7df4c681678612d196b4e1eec24963d181fdb28a Mon Sep 17 00:00:00 2001
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Sun, 5 Apr 2020 17:18:23 +0100
Subject: [PATCH] drop runtime old kernel support
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/dnsmasq.c | 4 ----
src/dnsmasq.h | 5 +---
src/ipset.c | 64 ++++-----------------------------------------------
src/netlink.c | 3 +--
src/util.c | 19 ---------------
5 files changed, 6 insertions(+), 89 deletions(-)
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -94,10 +94,6 @@ int main (int argc, char **argv)
read_opts(argc, argv, compile_opts);
-#ifdef HAVE_LINUX_NETWORK
- daemon->kernel_version = kernel_version();
-#endif
-
if (daemon->edns_pktsz < PACKETSZ)
daemon->edns_pktsz = PACKETSZ;
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1110,7 +1110,7 @@ extern struct daemon {
int inotifyfd;
#endif
#if defined(HAVE_LINUX_NETWORK)
- int netlinkfd, kernel_version;
+ int netlinkfd;
#elif defined(HAVE_BSD_NETWORK)
int dhcp_raw_fd, dhcp_icmp_fd, routefd;
#endif
@@ -1290,9 +1290,6 @@ int read_write(int fd, unsigned char *pa
void close_fds(long max_fd, int spare1, int spare2, int spare3);
int wildcard_match(const char* wildcard, const char* match);
int wildcard_matchn(const char* wildcard, const char* match, int num);
-#ifdef HAVE_LINUX_NETWORK
-int kernel_version(void);
-#endif
/* log.c */
void die(char *message, char *arg1, int exit_code) ATTRIBUTE_NORETURN;
--- a/src/ipset.c
+++ b/src/ipset.c
@@ -70,7 +70,7 @@ struct my_nfgenmsg {
#define NL_ALIGN(len) (((len)+3) & ~(3))
static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK };
-static int ipset_sock, old_kernel;
+static int ipset_sock;
static char *buffer;
static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
@@ -85,12 +85,7 @@ static inline void add_attr(struct nlmsg
void ipset_init(void)
{
- old_kernel = (daemon->kernel_version < KERNEL_VERSION(2,6,32));
-
- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1)
- return;
-
- if (!old_kernel &&
+ if (
(buffer = safe_malloc(BUFF_SZ)) &&
(ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
(bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
@@ -147,65 +142,14 @@ static int new_add_to_ipset(const char *
return errno == 0 ? 0 : -1;
}
-
-static int old_add_to_ipset(const char *setname, const union all_addr *ipaddr, int remove)
-{
- socklen_t size;
- struct ip_set_req_adt_get {
- unsigned op;
- unsigned version;
- union {
- char name[IPSET_MAXNAMELEN];
- uint16_t index;
- } set;
- char typename[IPSET_MAXNAMELEN];
- } req_adt_get;
- struct ip_set_req_adt {
- unsigned op;
- uint16_t index;
- uint32_t ip;
- } req_adt;
-
- if (strlen(setname) >= sizeof(req_adt_get.set.name))
- {
- errno = ENAMETOOLONG;
- return -1;
- }
-
- req_adt_get.op = 0x10;
- req_adt_get.version = 3;
- strcpy(req_adt_get.set.name, setname);
- size = sizeof(req_adt_get);
- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
- return -1;
- req_adt.op = remove ? 0x102 : 0x101;
- req_adt.index = req_adt_get.set.index;
- req_adt.ip = ntohl(ipaddr->addr4.s_addr);
- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0)
- return -1;
-
- return 0;
-}
-
-
-
int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove)
{
int ret = 0, af = AF_INET;
if (flags & F_IPV6)
- {
af = AF_INET6;
- /* old method only supports IPv4 */
- if (old_kernel)
- {
- errno = EAFNOSUPPORT ;
- ret = -1;
- }
- }
-
- if (ret != -1)
- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
+
+ ret = new_add_to_ipset(setname, ipaddr, af, remove);
if (ret == -1)
my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -82,8 +82,7 @@ void netlink_init(void)
}
if (daemon->netlinkfd == -1 ||
- (daemon->kernel_version >= KERNEL_VERSION(2,6,30) &&
- setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) ||
+ (setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) ||
getsockname(daemon->netlinkfd, (struct sockaddr *)&addr, &slen) == -1)
die(_("cannot create netlink socket: %s"), NULL, EC_MISC);
--- a/src/util.c
+++ b/src/util.c
@@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard
return (!num) || (*wildcard == *match);
}
-
-#ifdef HAVE_LINUX_NETWORK
-int kernel_version(void)
-{
- struct utsname utsname;
- int version;
- char *split;
-
- if (uname(&utsname) < 0)
- die(_("failed to find kernel version: %s"), NULL, EC_MISC);
-
- split = strtok(utsname.release, ".");
- version = (split ? atoi(split) : 0);
- split = strtok(NULL, ".");
- version = version * 256 + (split ? atoi(split) : 0);
- split = strtok(NULL, ".");
- return version * 256 + (split ? atoi(split) : 0);
-}
-#endif

64
package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch
View File

@ -1,64 +0,0 @@
--- a/src/ipset.c
+++ b/src/ipset.c
@@ -22,7 +22,6 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
-#include <sys/utsname.h>
#include <arpa/inet.h>
#include <linux/version.h>
#include <linux/netlink.h>
@@ -72,7 +71,7 @@ struct my_nfgenmsg {
#define NL_ALIGN(len) (((len)+3) & ~(3))
static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK };
-static int ipset_sock, old_kernel;
+static int ipset_sock;
static char *buffer;
static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data)
@@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg
void ipset_init(void)
{
- struct utsname utsname;
- int version;
- char *split;
-
- if (uname(&utsname) < 0)
- die(_("failed to find kernel version: %s"), NULL, EC_MISC);
-
- split = strtok(utsname.release, ".");
- version = (split ? atoi(split) : 0);
- split = strtok(NULL, ".");
- version = version * 256 + (split ? atoi(split) : 0);
- split = strtok(NULL, ".");
- version = version * 256 + (split ? atoi(split) : 0);
- old_kernel = (version < KERNEL_VERSION(2,6,32));
-
- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1)
- return;
-
- if (!old_kernel &&
+ if (
(buffer = safe_malloc(BUFF_SZ)) &&
(ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
(bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
@@ -211,16 +192,9 @@ int add_to_ipset(const char *setname, co
if (flags & F_IPV6)
{
af = AF_INET6;
- /* old method only supports IPv4 */
- if (old_kernel)
- {
- errno = EAFNOSUPPORT ;
- ret = -1;
- }
}
- if (ret != -1)
- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
+ ret = new_add_to_ipset(setname, ipaddr, af, remove);
if (ret == -1)
my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));

18
package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch
View File

@ -1,18 +0,0 @@
dnsmasq: fix warning with poll.h include on musl
Warning is:
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -95,7 +95,7 @@ typedef unsigned long long u64;
#if defined(HAVE_SOLARIS_NETWORK)
# include <sys/sockio.h>
#endif
-#include <sys/poll.h>
+#include <poll.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/un.h>

61
package/network/services/dnsmasq/patches/910-mini-ttl.patch
View File

@ -1,62 +1,71 @@
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
--- a/src/dnsmasq.h 2018-10-19 02:21:55.000000000 +0800
+++ b/src/dnsmasq.h 2020-01-13 10:38:16.940067371 +0800
@@ -1017,7 +1017,7 @@
--- a/src/dnsmasq.h 2020-03-16 04:31:43.337573724 +0800
+++ b/src/dnsmasq.h 2020-03-16 04:32:07.138008046 +0800
@@ -1029,7 +1029,7 @@
int max_logs; /* queue limit */
int cachesize, ftabsize;
int port, query_port, min_port, max_port;
- unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
+ unsigned long local_ttl, neg_ttl, min_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
+ unsigned long local_ttl, neg_ttl, max_ttl, min_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
char *dns_client_id;
struct hostsfile *addn_hosts;
struct dhcp_context *dhcp, *dhcp6;
diff --git a/src/option.c b/src/option.c
--- a/src/option.c 2018-10-19 02:21:55.000000000 +0800
+++ b/src/option.c 2020-01-13 17:21:13.925164926 +0800
@@ -106,6 +106,7 @@
--- a/src/option.c 2020-03-16 04:33:35.999622026 +0800
+++ b/src/option.c 2020-03-16 04:40:44.839289942 +0800
@@ -105,6 +105,7 @@
#define LOPT_TAG_IF 294
#define LOPT_PROXY 295
#define LOPT_GEN_NAMES 296
+#define LOPT_MINTTL 361
#define LOPT_MAXTTL 297
+#define LOPT_MINTTL 397
#define LOPT_NO_REBIND 298
#define LOPT_LOC_REBND 299
#define LOPT_ADD_MAC 300
@@ -282,6 +283,7 @@
@@ -167,7 +168,7 @@
#define LOPT_IGNORE_CLID 358
#define LOPT_SINGLE_PORT 359
#define LOPT_SCRIPT_TIME 360
-
+
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
#else
@@ -284,6 +285,7 @@
{ "dhcp-name-match", 1, 0, LOPT_NAME_MATCH },
{ "dhcp-broadcast", 2, 0, LOPT_BROADCAST },
{ "neg-ttl", 1, 0, LOPT_NEGTTL },
{ "max-ttl", 1, 0, LOPT_MAXTTL },
+ { "min-ttl", 1, 0, LOPT_MINTTL },
{ "max-ttl", 1, 0, LOPT_MAXTTL },
{ "min-cache-ttl", 1, 0, LOPT_MINCTTL },
{ "max-cache-ttl", 1, 0, LOPT_MAXCTTL },
{ "dhcp-alternate-port", 2, 0, LOPT_ALTPORT },
@@ -411,6 +413,7 @@
@@ -410,6 +412,7 @@
{ 't', ARG_ONE, "<host_name>", gettext_noop("Specify default target in an MX record."), NULL },
{ 'T', ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL },
{ LOPT_NEGTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL },
{ LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
+ { LOPT_MINTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for minimum TTL to send to clients."), NULL },
{ LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
{ LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live ceiling for cache."), NULL },
{ LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live floor for cache."), NULL },
{ 'u', ARG_ONE, "<username>", gettext_noop("Change to this user after startup. (defaults to %s)."), CHUSER },
@@ -2747,6 +2750,7 @@
@@ -2812,6 +2815,7 @@
case 'T': /* --local-ttl */
case LOPT_NEGTTL: /* --neg-ttl */
case LOPT_MAXTTL: /* --max-ttl */
+ case LOPT_MINTTL: /* --min-ttl */
case LOPT_MAXTTL: /* --max-ttl */
case LOPT_MINCTTL: /* --min-cache-ttl */
case LOPT_MAXCTTL: /* --max-cache-ttl */
case LOPT_AUTHTTL: /* --auth-ttl */
@@ -2759,6 +2763,8 @@
@@ -2823,6 +2827,8 @@
ret_err(gen_err);
else if (option == LOPT_NEGTTL)
daemon->neg_ttl = (unsigned long)ttl;
else if (option == LOPT_MAXTTL)
daemon->max_ttl = (unsigned long)ttl;
+ else if (option == LOPT_MINTTL)
+ daemon->min_ttl = (unsigned long)ttl;
else if (option == LOPT_MAXTTL)
daemon->max_ttl = (unsigned long)ttl;
else if (option == LOPT_MINCTTL)
{
if (ttl > TTL_FLOOR_LIMIT)
diff --git a/src/rfc1035.c b/src/rfc1035.c
--- a/src/rfc1035.c 2018-10-19 02:21:55.000000000 +0800
+++ b/src/rfc1035.c 2020-01-13 17:12:25.455445871 +0800
--- a/src/rfc1035.c 2020-03-08 23:56:19.000000000 +0800
+++ b/src/rfc1035.c 2020-03-16 04:41:50.888215364 +0800
@@ -664,11 +664,20 @@
GETSHORT(aqtype, p1);
GETSHORT(aqclass, p1);
@ -81,7 +90,7 @@ diff --git a/src/rfc1035.c b/src/rfc1035.c
GETSHORT(ardlen, p1);
endrr = p1+ardlen;
@@ -755,11 +764,20 @@
@@ -760,11 +769,20 @@
GETSHORT(aqtype, p1);
GETSHORT(aqclass, p1);
GETLONG(attl, p1);

36
package/network/services/dnsmasq/patches/996-dnsmasq-filter-aaaa.patch → package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch
View File

@ -13,13 +13,13 @@ diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 1896a64..e10d6c4 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -259,7 +259,8 @@ struct event_desc {
#define OPT_TFTP_APREF_MAC 56
#define OPT_RAPID_COMMIT 57
#define OPT_UBUS 58
-#define OPT_LAST 59
+#define OPT_FILTER_AAAA 59
+#define OPT_LAST 60
@@ -268,7 +268,8 @@
#define OPT_IGNORE_CLID 59
#define OPT_SINGLE_PORT 60
#define OPT_LEASE_RENEW 61
-#define OPT_LAST 62
+#define OPT_FILTER_AAAA 62
+#define OPT_LAST 63
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
@ -27,26 +27,26 @@ diff --git a/src/option.c b/src/option.c
index d8c57d6..1cc65bf 100644
--- a/src/option.c
+++ b/src/option.c
@@ -166,6 +166,7 @@ struct myoption {
#define LOPT_UBUS 354
#define LOPT_NAME_MATCH 355
#define LOPT_CAA 356
+#define LOPT_FILTER_AAAA 357
@@ -168,6 +168,7 @@
#define LOPT_IGNORE_CLID 358
#define LOPT_SINGLE_PORT 359
#define LOPT_SCRIPT_TIME 360
+#define LOPT_FILTER_AAAA 362
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -337,6 +338,7 @@ static const struct myoption opts[] =
{ "dhcp-rapid-commit", 0, 0, LOPT_RAPID_COMMIT },
@@ -341,6 +342,7 @@
{ "dumpfile", 1, 0, LOPT_DUMPFILE },
{ "dumpmask", 1, 0, LOPT_DUMPMASK },
{ "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID },
+ { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
{ NULL, 0, 0, 0 }
};
@@ -515,6 +517,7 @@ static struct {
{ LOPT_RAPID_COMMIT, OPT_RAPID_COMMIT, NULL, gettext_noop("Enables DHCPv4 Rapid Commit option."), NULL },
@@ -521,6 +523,7 @@
{ LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
{ LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
{ LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
+ { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Filter all AAAA requests."), NULL },
{ 0, 0, NULL, NULL, NULL }
};
@ -55,7 +55,7 @@ diff --git a/src/rfc1035.c b/src/rfc1035.c
index 24d08c1..1594962 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1970,6 +1970,15 @@ size_t answer_request(struct dns_header
@@ -1959,6 +1959,15 @@
}
}

20
package/network/services/dropbear/Config.in
View File

@ -8,7 +8,7 @@ config DROPBEAR_CURVE25519
This enables the following key exchange algorithm:
curve25519-sha256@libssh.org
Increases binary size by about 8 kB uncompressed (MIPS).
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
@ -49,6 +49,24 @@ config DROPBEAR_ECC_FULL
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ED25519
bool "Ed25519 support"
default n
help
This enables the following public key algorithm:
ssh-ed25519
Increases binary size by about 12 kB (MIPS).
config DROPBEAR_CHACHA20POLY1305
bool "Chacha20-Poly1305 support"
default y
help
This enables the following authenticated encryption cipher:
chacha20-poly1305@openssh.com
Increases binary size by about 4 kB (MIPS).
config DROPBEAR_ZLIB
bool "Enable compression"
default n

11
package/network/services/dropbear/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
PKG_VERSION:=2019.78
PKG_RELEASE:=3
PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
@ -29,6 +29,7 @@ PKG_FIXUP:=autoreconf
PKG_CONFIG_DEPENDS:= \
CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
CONFIG_DROPBEAR_DBCLIENT
@ -63,6 +64,7 @@ define Package/dropbear/description
endef
define Package/dropbear/conffiles
$(if $(CONFIG_DROPBEAR_ED25519),/etc/dropbear/dropbear_ed25519_host_key)
$(if $(CONFIG_DROPBEAR_ECC),/etc/dropbear/dropbear_ecdsa_host_key)
/etc/dropbear/dropbear_rsa_host_key
/etc/config/dropbear
@ -110,6 +112,12 @@ define Build/Configure
$(PKG_BUILD_DIR)/localoptions.h; \
done
echo '#define DROPBEAR_ED25519 $(if $(CONFIG_DROPBEAR_ED25519),1,0)' >> \
$(PKG_BUILD_DIR)/localoptions.h
echo '#define DROPBEAR_CHACHA20POLY1305 $(if $(CONFIG_DROPBEAR_CHACHA20POLY1305),1,0)' >> \
$(PKG_BUILD_DIR)/localoptions.h
# remove protocol idented software version number
$(ESED) 's,^(#define LOCAL_IDENT) .*$$$$,\1 "SSH-2.0-dropbear",g' \
$(PKG_BUILD_DIR)/sysoptions.h
@ -160,6 +168,7 @@ define Package/dropbear/install
$(INSTALL_DIR) $(1)/etc/dropbear
$(INSTALL_DIR) $(1)/lib/preinit
$(INSTALL_DATA) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear
$(if $(CONFIG_DROPBEAR_ED25519),touch $(1)/etc/dropbear/dropbear_ed25519_host_key)
$(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key)
touch $(1)/etc/dropbear/dropbear_rsa_host_key
endef

2
package/network/services/dropbear/files/dropbear.init
View File

@ -66,7 +66,7 @@ hk_generate_as_needed()
kdir='/etc/dropbear'
kgen=''
for ktype in ecdsa rsa; do
for ktype in ed25519 ecdsa rsa; do
hk_verify "${kdir}/dropbear_${ktype}_host_key" && continue
kgen="${kgen} ${ktype}"

2890
package/network/services/dropbear/patches/020-backport-ed25519-support.patch Normal file
View File

File diff suppressed because it is too large Load Diff

693
package/network/services/dropbear/patches/021-backport-chacha20-poly1305-support.patch Normal file
View File

@ -0,0 +1,693 @@
From 3cdf9ec918b37c17e12b33e4c244944d1ee836ca Mon Sep 17 00:00:00 2001
From: Vladislav Grishenko <themiron@mail.ru>
Date: Mon, 6 Apr 2020 23:28:09 +0500
Subject: [PATCH] Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
---
Makefile.in | 2 +-
algo.h | 8 ++
chachapoly.c | 148 ++++++++++++++++++++
chachapoly.h | 44 ++++++
common-algo.c | 11 +-
common-kex.c | 44 ++++--
default_options.h | 6 +
libtomcrypt/src/headers/tomcrypt_dropbear.h | 4 +
packet.c | 145 +++++++++++++------
session.h | 4 +
sysoptions.h | 8 +-
11 files changed, 368 insertions(+), 56 deletions(-)
create mode 100644 chachapoly.c
create mode 100644 chachapoly.h
diff --git a/Makefile.in b/Makefile.in
index aaf7b3b..3437cb2 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -53,7 +53,7 @@ CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
common-channel.o common-chansession.o termcodes.o loginrec.o \
tcp-accept.o listener.o process-packet.o dh_groups.o \
- common-runopts.o circbuffer.o list.o netio.o
+ common-runopts.o circbuffer.o list.o netio.o chachapoly.o
KEYOBJS=dropbearkey.o
diff --git a/algo.h b/algo.h
index b12fb94..efd0d73 100644
--- a/algo.h
+++ b/algo.h
@@ -72,6 +72,14 @@ struct dropbear_cipher_mode {
unsigned long len, void *cipher_state);
int (*decrypt)(const unsigned char *ct, unsigned char *pt,
unsigned long len, void *cipher_state);
+ int (*aead_crypt)(unsigned int seq,
+ const unsigned char *in, unsigned char *out,
+ unsigned long len, unsigned long taglen,
+ void *cipher_state, int direction);
+ int (*aead_getlength)(unsigned int seq,
+ const unsigned char *in, unsigned int *outlen,
+ unsigned long len, void *cipher_state);
+ const struct dropbear_hash *aead_mac;
};
struct dropbear_hash {
diff --git a/chachapoly.c b/chachapoly.c
new file mode 100644
index 0000000..8fb06c5
--- /dev/null
+++ b/chachapoly.c
@@ -0,0 +1,148 @@
+/*
+ * Dropbear SSH
+ *
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2020 by Vladislav Grishenko
+ * All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "algo.h"
+#include "dbutil.h"
+#include "chachapoly.h"
+
+#if DROPBEAR_CHACHA20POLY1305
+
+#define CHACHA20_KEY_LEN 32
+#define CHACHA20_BLOCKSIZE 8
+#define POLY1305_KEY_LEN 32
+#define POLY1305_TAG_LEN 16
+
+static const struct ltc_cipher_descriptor dummy = {.name = NULL};
+
+static const struct dropbear_hash dropbear_chachapoly_mac =
+ {NULL, POLY1305_KEY_LEN, POLY1305_TAG_LEN};
+
+const struct dropbear_cipher dropbear_chachapoly =
+ {&dummy, CHACHA20_KEY_LEN*2, CHACHA20_BLOCKSIZE};
+
+static int dropbear_chachapoly_start(int UNUSED(cipher), const unsigned char* UNUSED(IV),
+ const unsigned char *key, int keylen,
+ int UNUSED(num_rounds), dropbear_chachapoly_state *state) {
+ int err;
+
+ TRACE2(("enter dropbear_chachapoly_start"))
+
+ if (keylen != CHACHA20_KEY_LEN*2) {
+ return CRYPT_ERROR;
+ }
+
+ if ((err = chacha_setup(&state->chacha, key,
+ CHACHA20_KEY_LEN, 20)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = chacha_setup(&state->header, key + CHACHA20_KEY_LEN,
+ CHACHA20_KEY_LEN, 20) != CRYPT_OK)) {
+ return err;
+ }
+
+ TRACE2(("leave dropbear_chachapoly_start"))
+ return CRYPT_OK;
+}
+
+static int dropbear_chachapoly_crypt(unsigned int seq,
+ const unsigned char *in, unsigned char *out,
+ unsigned long len, unsigned long taglen,
+ dropbear_chachapoly_state *state, int direction) {
+ poly1305_state poly;
+ unsigned char seqbuf[8], key[POLY1305_KEY_LEN], tag[POLY1305_TAG_LEN];
+ int err;
+
+ TRACE2(("enter dropbear_chachapoly_crypt"))
+
+ if (len < 4 || taglen != POLY1305_TAG_LEN) {
+ return CRYPT_ERROR;
+ }
+
+ STORE64H((uint64_t)seq, seqbuf);
+ chacha_ivctr64(&state->chacha, seqbuf, sizeof(seqbuf), 0);
+ if ((err = chacha_keystream(&state->chacha, key, sizeof(key))) != CRYPT_OK) {
+ return err;
+ }
+
+ poly1305_init(&poly, key, sizeof(key));
+ if (direction == LTC_DECRYPT) {
+ poly1305_process(&poly, in, len);
+ poly1305_done(&poly, tag, &taglen);
+ if (constant_time_memcmp(in + len, tag, taglen) != 0) {
+ return CRYPT_ERROR;
+ }
+ }
+
+ chacha_ivctr64(&state->header, seqbuf, sizeof(seqbuf), 0);
+ if ((err = chacha_crypt(&state->header, in, 4, out)) != CRYPT_OK) {
+ return err;
+ }
+
+ chacha_ivctr64(&state->chacha, seqbuf, sizeof(seqbuf), 1);
+ if ((err = chacha_crypt(&state->chacha, in + 4, len - 4, out + 4)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (direction == LTC_ENCRYPT) {
+ poly1305_process(&poly, out, len);
+ poly1305_done(&poly, out + len, &taglen);
+ }
+
+ TRACE2(("leave dropbear_chachapoly_crypt"))
+ return CRYPT_OK;
+}
+
+static int dropbear_chachapoly_getlength(unsigned int seq,
+ const unsigned char *in, unsigned int *outlen,
+ unsigned long len, dropbear_chachapoly_state *state) {
+ unsigned char seqbuf[8], buf[4];
+ int err;
+
+ TRACE2(("enter dropbear_chachapoly_getlength"))
+
+ if (len < sizeof(buf)) {
+ return CRYPT_ERROR;
+ }
+
+ STORE64H((uint64_t)seq, seqbuf);
+ chacha_ivctr64(&state->header, seqbuf, sizeof(seqbuf), 0);
+ if ((err = chacha_crypt(&state->header, in, sizeof(buf), buf)) != CRYPT_OK) {
+ return err;
+ }
+
+ LOAD32H(*outlen, buf);
+
+ TRACE2(("leave dropbear_chachapoly_getlength"))
+ return CRYPT_OK;
+}
+
+const struct dropbear_cipher_mode dropbear_mode_chachapoly =
+ {(void *)dropbear_chachapoly_start, NULL, NULL,
+ (void *)dropbear_chachapoly_crypt,
+ (void *)dropbear_chachapoly_getlength, &dropbear_chachapoly_mac};
+
+#endif /* DROPBEAR_CHACHA20POLY1305 */
diff --git a/chachapoly.h b/chachapoly.h
new file mode 100644
index 0000000..5a7c5b2
--- /dev/null
+++ b/chachapoly.h
@@ -0,0 +1,44 @@
+/*
+ * Dropbear SSH
+ *
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2020 by Vladislav Grishenko
+ * All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_DROPBEAR_CHACHAPOLY_H_
+#define DROPBEAR_DROPBEAR_CHACHAPOLY_H_
+
+#include "includes.h"
+#include "algo.h"
+
+#if DROPBEAR_CHACHA20POLY1305
+
+typedef struct {
+ chacha_state chacha;
+ chacha_state header;
+} dropbear_chachapoly_state;
+
+extern const struct dropbear_cipher dropbear_chachapoly;
+extern const struct dropbear_cipher_mode dropbear_mode_chachapoly;
+
+#endif /* DROPBEAR_CHACHA20POLY1305 */
+
+#endif /* DROPBEAR_DROPBEAR_CHACHAPOLY_H_ */
diff --git a/common-algo.c b/common-algo.c
index 558aad2..1436456 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -30,6 +30,7 @@
#include "dh_groups.h"
#include "ltc_prng.h"
#include "ecc.h"
+#include "chachapoly.h"
/* This file (algo.c) organises the ciphers which can be used, and is used to
* decide which ciphers/hashes/compression/signing to use during key exchange*/
@@ -86,11 +87,11 @@ const struct dropbear_cipher dropbear_nocipher =
* about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
#if DROPBEAR_ENABLE_CBC_MODE
const struct dropbear_cipher_mode dropbear_mode_cbc =
- {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
+ {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt, NULL, NULL, NULL};
#endif /* DROPBEAR_ENABLE_CBC_MODE */
const struct dropbear_cipher_mode dropbear_mode_none =
- {void_start, void_cipher, void_cipher};
+ {void_start, void_cipher, void_cipher, NULL, NULL, NULL};
#if DROPBEAR_ENABLE_CTR_MODE
/* a wrapper to make ctr_start and cbc_start look the same */
@@ -101,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher,
return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr);
}
const struct dropbear_cipher_mode dropbear_mode_ctr =
- {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
+ {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt, NULL, NULL, NULL};
#endif /* DROPBEAR_ENABLE_CTR_MODE */
/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
@@ -137,6 +138,10 @@ const struct dropbear_hash dropbear_nohash =
* that is also supported by the server will get used. */
algo_type sshciphers[] = {
+#if DROPBEAR_CHACHA20POLY1305
+ {"chacha20-poly1305@openssh.com", 0, &dropbear_chachapoly, 1, &dropbear_mode_chachapoly},
+#endif
+
#if DROPBEAR_ENABLE_CTR_MODE
#if DROPBEAR_AES128
{"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
diff --git a/common-kex.c b/common-kex.c
index 16b7e27..5e2923f 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -329,9 +329,12 @@ static void gen_new_keys() {
hashkeys(S2C_key, sizeof(S2C_key), &hs, 'D');
if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) {
- int recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
- if (recv_cipher < 0)
- dropbear_exit("Crypto error");
+ int recv_cipher = -1;
+ if (ses.newkeys->recv.algo_crypt->cipherdesc->name != NULL) {
+ recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
+ if (recv_cipher < 0)
+ dropbear_exit("Crypto error");
+ }
if (ses.newkeys->recv.crypt_mode->start(recv_cipher,
recv_IV, recv_key,
ses.newkeys->recv.algo_crypt->keysize, 0,
@@ -341,9 +344,12 @@ static void gen_new_keys() {
}
if (ses.newkeys->trans.algo_crypt->cipherdesc != NULL) {
- int trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
- if (trans_cipher < 0)
- dropbear_exit("Crypto error");
+ int trans_cipher = -1;
+ if (ses.newkeys->trans.algo_crypt->cipherdesc->name != NULL) {
+ trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
+ if (trans_cipher < 0)
+ dropbear_exit("Crypto error");
+ }
if (ses.newkeys->trans.crypt_mode->start(trans_cipher,
trans_IV, trans_key,
ses.newkeys->trans.algo_crypt->keysize, 0,
@@ -868,19 +874,29 @@ static void read_kex_algos() {
/* mac_algorithms_client_to_server */
c2s_hash_algo = buf_match_algo(ses.payload, sshhashes, NULL, NULL);
+#if DROPBEAR_AEAD_MODE
+ if (((struct dropbear_cipher_mode*)c2s_cipher_algo->mode)->aead_crypt != NULL) {
+ c2s_hash_algo = NULL;
+ } else
+#endif
if (c2s_hash_algo == NULL) {
erralgo = "mac c->s";
goto error;
}
- TRACE(("hash c2s is %s", c2s_hash_algo->name))
+ TRACE(("hash c2s is %s", c2s_hash_algo ? c2s_hash_algo->name : "<implicit>"))
/* mac_algorithms_server_to_client */
s2c_hash_algo = buf_match_algo(ses.payload, sshhashes, NULL, NULL);
+#if DROPBEAR_AEAD_MODE
+ if (((struct dropbear_cipher_mode*)s2c_cipher_algo->mode)->aead_crypt != NULL) {
+ s2c_hash_algo = NULL;
+ } else
+#endif
if (s2c_hash_algo == NULL) {
erralgo = "mac s->c";
goto error;
}
- TRACE(("hash s2c is %s", s2c_hash_algo->name))
+ TRACE(("hash s2c is %s", s2c_hash_algo ? s2c_hash_algo->name : "<implicit>"))
/* compression_algorithms_client_to_server */
c2s_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, NULL, NULL);
@@ -925,8 +941,14 @@ static void read_kex_algos() {
ses.newkeys->trans.crypt_mode =
(struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
ses.newkeys->recv.algo_mac =
+#if DROPBEAR_AEAD_MODE
+ s2c_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac :
+#endif
(struct dropbear_hash*)s2c_hash_algo->data;
ses.newkeys->trans.algo_mac =
+#if DROPBEAR_AEAD_MODE
+ c2s_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac :
+#endif
(struct dropbear_hash*)c2s_hash_algo->data;
ses.newkeys->recv.algo_comp = s2c_comp_algo->val;
ses.newkeys->trans.algo_comp = c2s_comp_algo->val;
@@ -941,8 +963,14 @@ static void read_kex_algos() {
ses.newkeys->trans.crypt_mode =
(struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
ses.newkeys->recv.algo_mac =
+#if DROPBEAR_AEAD_MODE
+ c2s_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac :
+#endif
(struct dropbear_hash*)c2s_hash_algo->data;
ses.newkeys->trans.algo_mac =
+#if DROPBEAR_AEAD_MODE
+ s2c_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac :
+#endif
(struct dropbear_hash*)s2c_hash_algo->data;
ses.newkeys->recv.algo_comp = c2s_comp_algo->val;
ses.newkeys->trans.algo_comp = s2c_comp_algo->val;
diff --git a/default_options.h b/default_options.h
index bafbb07..1a2ab10 100644
--- a/default_options.h
+++ b/default_options.h
@@ -99,6 +99,12 @@ IMPORTANT: Some options will require "make clean" after changes */
* and forwards compatibility */
#define DROPBEAR_ENABLE_CTR_MODE 1
+/* Enable Chacha20-Poly1305 authenticated encryption mode. This is
+ * generally faster than AES256 on CPU w/o dedicated AES instructions,
+ * having the same key size.
+ * Compiling in will add ~5,5kB to binary size on x86-64 */
+#define DROPBEAR_CHACHA20POLY1305 1
+
/* Message integrity. sha2-256 is recommended as a default,
sha1 for compatibility */
#define DROPBEAR_SHA1_HMAC 1
diff --git a/libtomcrypt/src/headers/tomcrypt_dropbear.h b/libtomcrypt/src/headers/tomcrypt_dropbear.h
index b0ce45b..59960e5 100644
--- a/libtomcrypt/src/headers/tomcrypt_dropbear.h
+++ b/libtomcrypt/src/headers/tomcrypt_dropbear.h
@@ -35,6 +35,10 @@
#define LTC_CTR_MODE
#endif
+#if DROPBEAR_CHACHA20POLY1305
+#define LTC_CHACHA
+#define LTC_POLY1305
+#endif
#if DROPBEAR_SHA512
#define LTC_SHA512
diff --git a/packet.c b/packet.c
index 9fda0d6..0454726 100644
--- a/packet.c
+++ b/packet.c
@@ -215,7 +215,7 @@ static int read_packet_init() {
unsigned int maxlen;
int slen;
- unsigned int len;
+ unsigned int len, plen;
unsigned int blocksize;
unsigned int macsize;
@@ -254,21 +254,35 @@ static int read_packet_init() {
/* now we have the first block, need to get packet length, so we decrypt
* the first block (only need first 4 bytes) */
buf_setpos(ses.readbuf, 0);
- if (ses.keys->recv.crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize),
- buf_getwriteptr(ses.readbuf, blocksize),
- blocksize,
- &ses.keys->recv.cipher_state) != CRYPT_OK) {
- dropbear_exit("Error decrypting");
+#if DROPBEAR_AEAD_MODE
+ if (ses.keys->recv.crypt_mode->aead_crypt) {
+ if (ses.keys->recv.crypt_mode->aead_getlength(ses.recvseq,
+ buf_getptr(ses.readbuf, blocksize), &plen,
+ blocksize,
+ &ses.keys->recv.cipher_state) != CRYPT_OK) {
+ dropbear_exit("Error decrypting");
+ }
+ len = plen + 4 + macsize;
+ } else
+#endif
+ {
+ if (ses.keys->recv.crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize),
+ buf_getwriteptr(ses.readbuf, blocksize),
+ blocksize,
+ &ses.keys->recv.cipher_state) != CRYPT_OK) {
+ dropbear_exit("Error decrypting");
+ }
+ plen = buf_getint(ses.readbuf) + 4;
+ len = plen + macsize;
}
- len = buf_getint(ses.readbuf) + 4 + macsize;
TRACE2(("packet size is %u, block %u mac %u", len, blocksize, macsize))
/* check packet length */
if ((len > RECV_MAX_PACKET_LEN) ||
- (len < MIN_PACKET_LEN + macsize) ||
- ((len - macsize) % blocksize != 0)) {
+ (plen < blocksize) ||
+ (plen % blocksize != 0)) {
dropbear_exit("Integrity error (bad packet size %u)", len);
}
@@ -294,23 +308,42 @@ void decrypt_packet() {
ses.kexstate.datarecv += ses.readbuf->len;
- /* we've already decrypted the first blocksize in read_packet_init */
- buf_setpos(ses.readbuf, blocksize);
-
- /* decrypt it in-place */
- len = ses.readbuf->len - macsize - ses.readbuf->pos;
- if (ses.keys->recv.crypt_mode->decrypt(
- buf_getptr(ses.readbuf, len),
- buf_getwriteptr(ses.readbuf, len),
- len,
- &ses.keys->recv.cipher_state) != CRYPT_OK) {
- dropbear_exit("Error decrypting");
- }
- buf_incrpos(ses.readbuf, len);
+#if DROPBEAR_AEAD_MODE
+ if (ses.keys->recv.crypt_mode->aead_crypt) {
+ /* first blocksize is not decrypted yet */
+ buf_setpos(ses.readbuf, 0);
+
+ /* decrypt it in-place */
+ len = ses.readbuf->len - macsize - ses.readbuf->pos;
+ if (ses.keys->recv.crypt_mode->aead_crypt(ses.recvseq,
+ buf_getptr(ses.readbuf, len + macsize),
+ buf_getwriteptr(ses.readbuf, len),
+ len, macsize,
+ &ses.keys->recv.cipher_state, LTC_DECRYPT) != CRYPT_OK) {
+ dropbear_exit("Error decrypting");
+ }
+ buf_incrpos(ses.readbuf, len);
+ } else
+#endif
+ {
+ /* we've already decrypted the first blocksize in read_packet_init */
+ buf_setpos(ses.readbuf, blocksize);
+
+ /* decrypt it in-place */
+ len = ses.readbuf->len - macsize - ses.readbuf->pos;
+ if (ses.keys->recv.crypt_mode->decrypt(
+ buf_getptr(ses.readbuf, len),
+ buf_getwriteptr(ses.readbuf, len),
+ len,
+ &ses.keys->recv.cipher_state) != CRYPT_OK) {
+ dropbear_exit("Error decrypting");
+ }
+ buf_incrpos(ses.readbuf, len);
- /* check the hmac */
- if (checkmac() != DROPBEAR_SUCCESS) {
- dropbear_exit("Integrity error");
+ /* check the hmac */
+ if (checkmac() != DROPBEAR_SUCCESS) {
+ dropbear_exit("Integrity error");
+ }
}
/* get padding length */
@@ -557,9 +590,16 @@ void encrypt_packet() {
buf_setpos(ses.writepayload, 0);
buf_setlen(ses.writepayload, 0);
- /* length of padding - packet length must be a multiple of blocksize,
- * with a minimum of 4 bytes of padding */
- padlen = blocksize - (writebuf->len) % blocksize;
+ /* length of padding - packet length excluding the packetlength uint32
+ * field in aead mode must be a multiple of blocksize, with a minimum of
+ * 4 bytes of padding */
+ len = writebuf->len;
+#if DROPBEAR_AEAD_MODE
+ if (ses.keys->trans.crypt_mode->aead_crypt) {
+ len -= 4;
+ }
+#endif
+ padlen = blocksize - len % blocksize;
if (padlen < 4) {
padlen += blocksize;
}
@@ -579,23 +619,42 @@ void encrypt_packet() {
buf_incrlen(writebuf, padlen);
genrandom(buf_getptr(writebuf, padlen), padlen);
- make_mac(ses.transseq, &ses.keys->trans, writebuf, writebuf->len, mac_bytes);
+#if DROPBEAR_AEAD_MODE
+ if (ses.keys->trans.crypt_mode->aead_crypt) {
+ /* do the actual encryption, in-place */
+ buf_setpos(writebuf, 0);
+ /* encrypt it in-place*/
+ len = writebuf->len;
+ buf_incrlen(writebuf, mac_size);
+ if (ses.keys->trans.crypt_mode->aead_crypt(ses.transseq,
+ buf_getptr(writebuf, len),
+ buf_getwriteptr(writebuf, len + mac_size),
+ len, mac_size,
+ &ses.keys->trans.cipher_state, LTC_ENCRYPT) != CRYPT_OK) {
+ dropbear_exit("Error encrypting");
+ }
+ buf_incrpos(writebuf, len + mac_size);
+ } else
+#endif
+ {
+ make_mac(ses.transseq, &ses.keys->trans, writebuf, writebuf->len, mac_bytes);
+
+ /* do the actual encryption, in-place */
+ buf_setpos(writebuf, 0);
+ /* encrypt it in-place*/
+ len = writebuf->len;
+ if (ses.keys->trans.crypt_mode->encrypt(
+ buf_getptr(writebuf, len),
+ buf_getwriteptr(writebuf, len),
+ len,
+ &ses.keys->trans.cipher_state) != CRYPT_OK) {
+ dropbear_exit("Error encrypting");
+ }
+ buf_incrpos(writebuf, len);
- /* do the actual encryption, in-place */
- buf_setpos(writebuf, 0);
- /* encrypt it in-place*/
- len = writebuf->len;
- if (ses.keys->trans.crypt_mode->encrypt(
- buf_getptr(writebuf, len),
- buf_getwriteptr(writebuf, len),
- len,
- &ses.keys->trans.cipher_state) != CRYPT_OK) {
- dropbear_exit("Error encrypting");
+ /* stick the MAC on it */
+ buf_putbytes(writebuf, mac_bytes, mac_size);
}
- buf_incrpos(writebuf, len);
-
- /* stick the MAC on it */
- buf_putbytes(writebuf, mac_bytes, mac_size);
/* Update counts */
ses.kexstate.datatrans += writebuf->len;
diff --git a/session.h b/session.h
index e436882..a8f8914 100644
--- a/session.h
+++ b/session.h
@@ -41,6 +41,7 @@
#include "chansession.h"
#include "dbutil.h"
#include "netio.h"
+#include "chachapoly.h"
void common_session_init(int sock_in, int sock_out);
void session_loop(void(*loophandler)(void)) ATTRIB_NORETURN;
@@ -80,6 +81,9 @@ struct key_context_directional {
symmetric_CBC cbc;
#if DROPBEAR_ENABLE_CTR_MODE
symmetric_CTR ctr;
+#endif
+#if DROPBEAR_CHACHA20POLY1305
+ dropbear_chachapoly_state chachapoly;
#endif
} cipher_state;
unsigned char mackey[MAX_MAC_LEN];
diff --git a/sysoptions.h b/sysoptions.h
index 2c27caf..2432779 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -92,7 +92,11 @@
#define MD5_HASH_SIZE 16
#define MAX_HASH_SIZE 64 /* sha512 */
+#if DROPBEAR_CHACHA20POLY1305
+#define MAX_KEY_LEN 64 /* 2 x 256 bits for chacha20 */
+#else
#define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
+#endif
#define MAX_IV_LEN 20 /* must be same as max blocksize, */
#if DROPBEAR_SHA2_512_HMAC
@@ -207,6 +211,8 @@ If you test it please contact the Dropbear author */
#define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128))
+#define DROPBEAR_AEAD_MODE ((DROPBEAR_CHACHA20POLY1305))
+
#define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD))
#define DROPBEAR_TCP_ACCEPT ((DROPBEAR_CLI_LOCALTCPFWD) || (DROPBEAR_SVR_REMOTETCPFWD))
@@ -249,7 +255,7 @@ If you test it please contact the Dropbear author */
#endif
#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
- || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
+ || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128 || DROPBEAR_CHACHA20POLY1305)
#error "At least one encryption algorithm must be enabled. AES128 is recommended."
#endif
--
2.17.1

6
package/network/services/uhttpd/Makefile
View File

@ -12,9 +12,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git
PKG_SOURCE_DATE:=2020-03-13
PKG_SOURCE_VERSION:=5e9c23c6f40ff26209ef22cfeeda4904a5918f3d
PKG_MIRROR_HASH:=3ede9616c5a9fbbf9db68eeb083efc605246ec53b7f4404b8dc63b5190646949
PKG_SOURCE_DATE:=2020-06-03
PKG_SOURCE_VERSION:=939c281c70ef82929ffcb3cb383fd6fdc40f341b
PKG_MIRROR_HASH:=4cd16ef955fe32ddb579ec79f3d8f636e7100ccecd95be1991e7e4d317090a54
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=ISC

5
package/ntlf9t/luci-app-clash/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-clash
PKG_VERSION:=1.7.0
PKG_VERSION:=1.7.1
PKG_MAINTAINER:=frainzy1477
@ -101,7 +101,6 @@ define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/lib/lua/luci
$(INSTALL_DIR) $(1)/usr/share/
$(INSTALL_DIR) $(1)/usr/share/clash
$(INSTALL_DIR) $(1)/usr/share/clash/rules
$(INSTALL_DIR) $(1)/usr/share/clash/rules/g_rules
$(INSTALL_DIR) $(1)/usr/share/clash/dashboard
@ -137,8 +136,6 @@ define Package/$(PKG_NAME)/install
$(INSTALL_BIN) ./root/usr/share/clash/logstatus_check $(1)/usr/share/clash/
$(INSTALL_BIN) ./root/usr/share/clash/clash.txt $(1)/usr/share/clash/
$(INSTALL_BIN) ./root/usr/share/clash/dashboard/index.html $(1)/usr/share/clash/dashboard/
$(INSTALL_BIN) ./root/usr/share/clash/dashboard/main.1560b07adc97ac0ac265.css $(1)/usr/share/clash/dashboard/
$(INSTALL_BIN) ./root/usr/share/clash/dashboard/img/ffac0fa1d89f15922b4594863b8b32e9.png $(1)/usr/share/clash/dashboard/img/

2
package/ntlf9t/luci-app-clash/luasrc/controller/clash.lua
View File

@ -13,7 +13,7 @@ function index()
local page = entry({"admin", "services", "clash"},alias("admin", "services", "clash", "overview"), _("Clash"), 5)
page.dependent = true
page.acl_depends = { "luci-app-clash" }
page.acl_depends = {"luci-app-clash"}
entry({"admin", "services", "clash", "overview"},cbi("clash/overview"),_("Overview"), 10).leaf = true
entry({"admin", "services", "clash", "client"},cbi("clash/client"),_("Client"), 20).leaf = true

5
package/ntlf9t/luci-app-clash/luasrc/model/cbi/clash/client.lua
View File

@ -29,11 +29,6 @@ o:value("4", translate("Clash(dTun)"))
end
o.description = translate("Select core, clashr support ssr while clash does not.")
o = s:option(Flag, "old_conf", translate("Old Config"))
o.description = translate("Proxy/Proxy Groups/Rule")
o = s:option(ListValue, "g_rules", translate("Game Rules"))
o.default = "0"
o:value("0", translate("Disable"))

20
package/ntlf9t/luci-app-clash/luasrc/view/clash/core_check.htm
View File

@ -1,5 +1,6 @@
<%+cbi/valueheader%>
<%local fs=require"nixio.fs"%>
<input type="button" class="cbi-button cbi-button-apply" id="apply_update_button" value="<%:Download%>" onclick=" return apply_update() "/>
<br /><br />
<textarea id="core_download" class="cbi-input-textarea" style="width: 100%;display:none" data-update="change" rows="10" cols="100" readonly="readonly" > </textarea>
@ -16,14 +17,15 @@ function apply_update(){
function poll_check(){
var lv = document.getElementById('core_download');
lv.style.display="inline"
lv.innerText = ""
XHR.poll(2, '<%=url([[admin]], [[services]], [[clash]], [[check]])%>', null,
function(x, data) {
if(x && x.status === 200) {
if(typeof(x.responseText) === "string") {
lv.insertAdjacentText("beforeend", x.responseText);
lv.scrollTop = lv.scrollHeight;
}}});
function(x, data) {
var lv = document.getElementById('core_download');
if (x.responseText && lv) {
lv.innerHTML += x.responseText;
lv.scrollTop = lv.scrollHeight;
}
}
);
}
@ -54,11 +56,13 @@ function hide(){
btn.value = '<%:Download%>';
}
<% if fs.access("/var/run/core_update") then %>
var btn = document.getElementById('apply_update_button');
btn.disabled = true;
btn.value = '<%:Downloading...%>';
poll_check();
poll_check();
<%end%>

11
package/ntlf9t/luci-app-clash/luasrc/view/clash/geoip.htm
View File

@ -17,14 +17,12 @@ function apply_update(){
function poll_check(){
var lv = document.getElementById('geoip_download');
lv.style.display="inline"
lv.innerText = ""
XHR.poll(2, '<%=url([[admin]], [[services]], [[clash]], [[check_geoip]])%>', null,
function(x, data) {
scroll();
var lv = document.getElementById('geoip_download');
if (x.responseText && lv) {
lv.innerHTML += x.responseText;
lv.scrollTop = lv.scrollHeight;
lv.innerHTML += x.responseText;
lv.scrollTop = lv.scrollHeight;
}
}
);
@ -60,11 +58,6 @@ function hide(){
}
/*function scroll(){
var textarea = document.getElementById('geoip_download');
textarea.scrollTop = textarea.scrollHeight;
}*/
<% if fs.access("/var/run/geoip_update") then %>
var btn = document.getElementById('apply_update_geoip');

18
package/ntlf9t/luci-app-clash/luasrc/view/clash/status_log.htm
View File

@ -1,18 +1,22 @@
<%+cbi/valueheader%>
<textarea id="log" class="cbi-input-textarea" style="width: 100%;" data-update="change" rows="29" readonly="readonly" > </textarea>
<script type="text/javascript">//<![CDATA[
var lv = document.getElementById('log');
lv.innerText = ""
lv.style.display="inline"
XHR.poll(3, '<%=url([[admin]], [[services]], [[clash]], [[logstatus]])%>', null,
XHR.poll(1, '<%=url([[admin]], [[services]], [[clash]], [[logstatus]])%>', null,
function(x, data) {
if(x && x.status === 200) {
if(typeof(x.responseText) === "string") {
lv.insertAdjacentText("beforeend", x.responseText);
lv.scrollTop = lv.scrollHeight;
}}});
var lv = document.getElementById('log');
if (x.responseText && lv) {
lv.innerHTML += x.responseText;
lv.scrollTop = lv.scrollHeight;
}
}
);
//]]>
</script>
<%+cbi/valuefooter%>

14
package/ntlf9t/luci-app-clash/root/etc/init.d/clash
View File

@ -205,10 +205,10 @@ yml_dns_change(){
check(){
sed -i 's/Proxy Group:/proxy-groups:/g' "$CONFIG_YAML"
sed -i 's/proxy-provider:/proxy-providers:/g' "$CONFIG_YAML"
sed -i 's/Proxy:/proxies:/g' "$CONFIG_YAML"
sed -i 's/Rule:/rules:/g' "$CONFIG_YAML"
sed -i 's/^Proxy Group:/proxy-groups:/g' "$CONFIG_YAML"
sed -i 's/^proxy-provider:/proxy-providers:/g' "$CONFIG_YAML"
sed -i 's/^Proxy:/proxies:/g' "$CONFIG_YAML"
sed -i 's/^Rule:/rules:/g' "$CONFIG_YAML"
}
@ -455,7 +455,7 @@ enable=$(uci get clash.config.enable 2>/dev/null)
core=$(uci get clash.config.core 2>/dev/null)
mode=$(uci get clash.config.mode 2>/dev/null)
tun_mode=$(uci get clash.config.tun_mode 2>/dev/null)
old_conf=$(uci get clash.config.old_conf 2>/dev/null)
if [ -f /etc/clash/config.yaml ];then
@ -508,11 +508,9 @@ elif [ "${core}" -eq 3 ] && [ ! -f /etc/clash/clashtun/clash ]; then
echo "Clash for OpenWRT" >$REAL_LOG
exit 0
else
if [ -f $CONFIG_YAML ] && [ "$(ls -l $CONFIG_YAML|awk '{print int($5/1024)}')" -ne 0 ] ; then
if [ -f $CONFIG_YAML ] && [ "$(ls -l $CONFIG_YAML|awk '{print int($5)}')" -ne 0 ] ; then
if [ -z "$old_conf" ];then
check >/dev/null 2>&1
fi
yml_change >/dev/null 2>&1

16
package/ntlf9t/luci-app-clash/root/usr/share/clash/clash.sh
View File

@ -19,13 +19,19 @@ if [ $config_name == "" ] || [ -z $config_name ];then
fi
sleep 5
echo "Clash for OpenWRT" >$REAL_LOG
exit 0
exit 0
fi
if [ ! -f "/usr/share/clashbackup/confit_list.conf" ];then
touch /usr/share/clashbackup/confit_list.conf
fi
check_name=$(grep -F "${config_name}.yaml" "/usr/share/clashbackup/confit_list.conf")
if [ ! -z $check_name ];then
if [ $lang == "en" ] || [ $lang == "auto" ];then
@ -48,14 +54,14 @@ else
sleep 1
if [ "$subtype" = "clash" ];then
curl -sL --connect-timeout 10 --retry 2 "$clash_url" -O 2>&1 >1 $CONFIG_YAML
wget -c4 --no-check-certificate --user-agent="Clash/OpenWRT" "$clash_url" -O 2>&1 >1 $CONFIG_YAML
if [ "$?" -eq "0" ]; then
echo "${config_name}.yaml#$clash_url#$subtype" >>/usr/share/clashbackup/confit_list.conf
fi
fi
if [ "$subtype" = "ssr2clash" ];then
curl -sL --connect-timeout 10 --retry 2 "https://ssrsub2clashr.herokuapp.com/ssrsub2clash?sub=$ssr_url" -O 2>&1 >1 $CONFIG_YAML
wget -c4 --no-check-certificate --user-agent="Clash/OpenWRT" "https://gfwsb.114514.best/sub?target=clashr&url=$ssr_url" -O 2>&1 >1 $CONFIG_YAML
if [ "$?" -eq "0" ]; then
echo "${config_name}.yaml#$ssr_url#$subtype" >>/usr/share/clashbackup/confit_list.conf
CONFIG_YAMLL="/tmp/conf"
@ -100,7 +106,7 @@ else
fi
if [ "$subtype" = "v2clash" ];then
curl -sL --connect-timeout 10 --retry 2 "https://tgbot.lbyczf.com/v2rayn2clash?url=$v2_url" -O 2>&1 >1 $CONFIG_YAML
wget -c4 --no-check-certificate --user-agent="Clash/OpenWRT" "https://tgbot.lbyczf.com/v2rayn2clash?url=$v2_url" -O 2>&1 >1 $CONFIG_YAML
if [ "$?" -eq "0" ]; then
echo "${config_name}.yaml#$v2_url#$subtype" >>/usr/share/clashbackup/confit_list.conf
fi

BIN
package/ntlf9t/luci-app-clash/root/usr/share/clash/dashboard/img/33343e6117c37aaef8886179007ba6b5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.0 KiB

2
package/ntlf9t/luci-app-clash/root/usr/share/clash/dashboard/js/1.bundle.0bddb85299f970595cb5.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
package/ntlf9t/luci-app-clash/root/usr/share/clash/dashboard/js/bundle.0bddb85299f970595cb5.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

27
package/ntlf9t/luci-app-clash/root/usr/share/clash/dashboard/main.0bddb85299f970595cb5.css Normal file
View File

File diff suppressed because one or more lines are too long

2
package/ntlf9t/luci-app-clash/root/usr/share/clash/luci_version
View File

@ -1 +1 @@
1.7.0
1.7.1

46
package/ntlf9t/luci-app-clash/root/usr/share/clash/restore.sh
View File

@ -1,37 +1,31 @@
#!/bin/sh /etc/rc.common
if [ -f /usr/share/clashbackup/history ];then
HISTORY_PATH="/usr/share/clashbackup/history"
SECRET=$(uci get clash.config.dash_pass 2>/dev/null)
LAN_IP=$(uci get network.lan.ipaddr 2>/dev/null |awk -F '/' '{print $1}' 2>/dev/null)
PORT=$(uci get clash.config.dash_port 2>/dev/null)
urlencode() {
local data
if [ "$#" -eq "1" ]; then
data=$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")
if [ ! -z "$data" ]; then
echo "${data##/?}"
fi
if [ "$#" != 1 ]; then
return 1
fi
data=$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")
if [ ! -z "$data" ]; then
echo "${data##/?}"
fi
return 0
}
GROUP_STATE() {
echo "$(curl -m 5 -w %{http_code}"\n" -H "Authorization: Bearer ${SECRET}" -H "Content-Type:application/json" -X GET http://"$LAN_IP":"$PORT"/proxies/"$1" 2>/dev/null |sed -n '$p' 2>/dev/null)"
}
restore_history() {
GROUP_NAME=$(urlencode "$GROUP_NAME")
NOW_NAME=$(echo $line |awk -F '#*#' '{print $3}')
GROUP_STATE=$(GROUP_STATE "$GROUP_NAME")
GROUP_STATE_NUM=0
while ( [ ! -z "$(pidof clash)" ] && [ "$GROUP_STATE" != "200" ] && [ "$GROUP_STATE_NUM" -le 1 ] )
do
sleep 3
GROUP_STATE_NUM=$(expr "$GROUP_STATE_NUM" + 1)
GROUP_STATE=$(GROUP_STATE "$GROUP_NAME")
done
curl -m 5 --retry 2 -H "Authorization: Bearer ${SECRET}" -H "Content-Type:application/json" -X PUT -d '{"name":"'"$NOW_NAME"'"}' http://"$LAN_IP":"$PORT"/proxies/"$GROUP_NAME" >/dev/null 2>&1
}
fi
cat $HISTORY_PATH |while read line
do
if [ -z "$(echo $line |grep "#*#")" ]; then
continue
else
GORUP_NAME=$(urlencode "$(echo $line |awk -F '#*#' '{print $1}')")
NOW_NAME=$(echo $line |awk -F '#*#' '{print $3}')
curl -H "Authorization: Bearer ${SECRET}" -H "Content-Type:application/json" -X PUT -d '{"name":"'"$NOW_NAME"'"}' http://"$LAN_IP":"$PORT"/proxies/"$GORUP_NAME" >/dev/null 2>&1
fi
done >/dev/null 2>&1
fi