To align with old iptables-based ss-rules implementation.
Supersedes openwrt/packages#20239
Link: https://github.com/openwrt/packages/pull/20239
Signed-off-by: Luis Liou <liouluis@gmail.com>
[minor fixup on commit title, version bump, etc.]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Convert package to PCRE2 by porting a pending patch from a closed PR.
The PR is old but the code never changed and is simple enough to check
the changes. The patch apply directly with no changes (aside from
commenting out the travis CI file)
The PR was never merged as PCRE2 at times was too new and they were
trying to find a better regex lib.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
See commit 07730ff3 "treewide: add support for "lto" in PKG_BUILD_FLAGS"
on the main repository.
Note: Some packages only added `-flto` to CFLAGS and not LDFLAGS. This
fixes it and properly enables LTO.
Signed-off-by: Andre Heider <a.heider@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Remove nft rules file generated by ss-rules if ss-rules was or should be
turned off for by configuration. Use "fw4 restart" instead of "fw4
reload" to force the runtime rule reloading
Ref: https://github.com/openwrt/packages/pull/17937#issuecomment-1207357037
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It was leftover from the previous rewrite of ss-rules. The built
package has no ref to it so no need to update PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It will be mostly implemented with ucode templates installed at
/usr/share/ss-rules and called from init script. The generated nftables
rules will be stored at /etc/nftables.d/
Incompatible changes were introduced as described in the README.md file
- Netfilter ipset was replaced with nftables sets
- UCI options ipt_args and dst_forward_recentrst of section ss_rules
are now deprecated. The former does not apply to nftables. The
later not yet implemented with nftables.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
ss-rules with iptables needs presence of netfilter nat table to work.
ss-rules works before without explicitly requesting it as a dependency
because it's present by default on a pre-firewall4/nftables OpenWrt
install. We request it explicitly now to make life easier in case
people would like to try ss-rules/iptables on firewall4/nftables enabled
OpenWrt system
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
At the moment ss-server seems to be the only component using these two
options. It also accepts "local_address" of either ip4 or ip6 address,
but the meaning is different from that of ss-local, ss-tunnel etc.
where it is for listen bind
With this commit, we start deprecation process of uci option
"bind_address". The name was replaced with "local_addr" in upstream
project commit 5fa98a66 ("Fix #1911") and available as json config
option "local_address". This upstream change was released in 3.2.0
Link: 4a42da641b
Link: https://github.com/openwrt/packages/issues/12931
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.
Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".
Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")
Error scene
root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated
root@OpenWrt:/# echo $?
2
Fixes: https://github.com/openwrt/packages/issues/12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
This should fixopenwrt/packages#9346 ("shadowsocks-libev: undefined
behavior from unaligned access")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Use link-time optimization and --gc-sections --as-needed ldflags
Reduces ipk size by 20%
Remove unnecessary dependencies
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Plugin options are properties of shadowsocks deployment as a whole,
including both server and each client components. Multiple client
instances accessing the same server will need to share the same plugin
settings
With this change, plugin options will need to specified to "server" and
"ss-server" section, not to each component section.
Fixes: c19e949 ("shadowsocks-libev: add plugin options support")
Reference: https://github.com/openwrt/packages/issues/8903#issuecomment-489674137
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
A short while after 3.2.2 was tagged, it was superseded by 3.2.3 with a
minor fix for aligned memory allocation for 32-bit arch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Changes summarized by upstream maintainer
* Add MinGW support by @linusyang.
* Refine c-ares integration by @xnoreq.
* Fix building issues with GCC8 by @FlyingheartCN.
* Minor bug fixes.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou