mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

Compare commits

base: mirror:da74b19e68fb009f8c8be9076409a64b97705a31
Branches Tags
mirror:master
mirror:openwrt-23.05
mirror:openwrt-22.03
mirror:openwrt-21.02
mirror:openwrt-19.07
mirror:openwrt-18.06
mirror:lede-17.01
mirror:for-15.05
mirror:for-14.07
mirror:v14.07
...
compare: mirror:6147a8e94b14b55eead5b70a9ff1c31e17575a91
Branches Tags
mirror:master
mirror:openwrt-23.05
mirror:openwrt-22.03
mirror:openwrt-21.02
mirror:openwrt-19.07
mirror:openwrt-18.06
mirror:lede-17.01
mirror:for-15.05
mirror:for-14.07
mirror:v14.07

7 Commits
da74b19e68 ... 6147a8e94b

Author SHA1 Message Date
graysky 6147a8e94b
Merge 697c569dc2 into 2c6d5adac0 2024-04-26 13:32:56 -04:00
Dirk Brenken 2c6d5adac0
banip: update 0.9.5-3 
* allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000'
* removed the default protocol/port limitation from asn feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
 2024-04-26 17:03:33 +02:00
Josef Schlehofer 9d49df0dab syslog-ng: update to version 4.7.1 
Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1

Also bump version in the config file to avoid warning

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
 2024-04-26 13:41:49 +02:00
Josef Schlehofer 6d5e404a0c
Merge pull request #13619 from aparcar/no-circle 
CI: remove CircleCI for now
 2024-04-26 10:47:43 +02:00
Paul Spooren 26c101edc3 CI: remove CircleCI for now 
The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.

Signed-off-by: Paul Spooren <mail@aparcar.org>
 2024-04-26 10:44:21 +02:00
Goetz Goerisch 8b08b29271 jool: update documentation 
* corrected the documentation links for upstream
* fixed style to be correctly rendered
* add reference to OpenWrt tutorial

Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
 2024-04-26 15:46:37 +08:00
John Audia 697c569dc2 hyperscan: fix broken build w/ external toolchain 
If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass.  This patch hacks
the file to set to the correct value.

Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216
https://github.com/intel/hyperscan/issues/431

Build system: x86/64 (build system toolchain and x86/64 w/ external toolchain (18-Apr-2024 snapshot)
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
 2024-04-20 15:02:04 -04:00
12 changed files with 121 additions and 328 deletions
Show Stats Expand all files Collapse all files

93
.circleci/Dockerfile
View File

@ -1,93 +0,0 @@
FROM debian:10
# Configuration version history
# v1.0 - Initial version by Etienne Champetier
# v1.0.1 - Run as non-root, add unzip, xz-utils
# v1.0.2 - Add bzr
# v1.0.3 - Verify usign signatures
# v1.0.4 - Add support for Python3
# v1.0.5 - Add 19.07 public keys, verify keys
# v1.0.6 - Add 21.02 public keys, update Debian image to version 10, add rsync
# v1.0.7 - Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key
RUN apt update && apt install -y \
build-essential \
bzr \
curl \
jq \
gawk \
gettext \
git \
libncurses5-dev \
libssl-dev \
python \
python3 \
signify-openbsd \
subversion \
rsync \
time \
unzip \
wget \
xz-utils \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build
USER build
ENV HOME /home/build
# OpenWrt Build System (PGP key for unattended snapshot builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-snapshots@openwrt.org>' | grep '^fpr:::::::::54CC74307A2C6DC9CE618269CD84BCED626471F1:$' \
&& echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 17.01 "Reboot" release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-17.01@openwrt.org>' | grep '^fpr:::::::::B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:$' \
&& echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust
# OpenWrt Release Builder (18.06 Signing Key)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<openwrt-devel@lists.openwrt.org>' | grep '^fpr:::::::::6768C55E79B032D77A28DA5F0F20257417E1CE16:$' \
&& echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 18.06 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/15807931.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-18.06@openwrt.org>' | grep '^fpr:::::::::AD0507363D2BCE9C9E36CEC4FBCB78F015807931:$' \
&& echo 'AD0507363D2BCE9C9E36CEC4FBCB78F015807931:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 19.07 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/2074BE7A.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-19.07@openwrt.org>' | grep '^fpr:::::::::D9C6901F45C9B86858687DFF28A39BC32074BE7A:$' \
&& echo 'D9C6901F45C9B86858687DFF28A39BC32074BE7A:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 21.02 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/88CA59E8.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-21.02@openwrt.org>' | grep '^fpr:::::::::667205E379BAF348863A5C6688CA59E88F681580:$' \
&& echo '667205E379BAF348863A5C6688CA59E88F681580:6:' | gpg --import-ownertrust
# OpenWrt Build System (GnuPGP key for 22.03 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CD54E82DADB3684D.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-22.03@openwrt.org>' | grep '^fpr:::::::::BF856781A01293C8409ABE72CD54E82DADB3684D:$' \
&& echo 'BF856781A01293C8409ABE72CD54E82DADB3684D:6:' | gpg --import-ownertrust
# untrusted comment: Public usign key for unattended snapshot builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/b5043e70f9a75cde' --create-dirs -o /home/build/usign/b5043e70f9a75cde \
&& echo 'd7ac10f9ed1b38033855f3d27c9327d558444fca804c685b17d9dcfb0648228f */home/build/usign/b5043e70f9a75cde' | sha256sum --check
# untrusted comment: Public usign key for 18.06 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/1035ac73cc4e59e3' --create-dirs -o /home/build/usign/1035ac73cc4e59e3 \
&& echo '8dc2e7f5c4e634437e6641f4df77a18bf59f0c8e9016c8ba4be5d4a0111e68c2 */home/build/usign/1035ac73cc4e59e3' | sha256sum --check
# untrusted comment: Public usign key for 19.07 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/f94b9dd6febac963' --create-dirs -o /home/build/usign/f94b9dd6febac963 \
&& echo 'b1d09457cfbc36fccfe18382d65c54a2ade3e7fd3902da490a53aa517b512755 */home/build/usign/f94b9dd6febac963' | sha256sum --check
# untrusted comment: Public usign key for 21.02 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/2f8b0b98e08306bf' --create-dirs -o /home/build/usign/2f8b0b98e08306bf \
&& echo 'd102bdd75421c62490b97f520f9db06aadb44ad408b244755d26e96ea5cd3b7f */home/build/usign/2f8b0b98e08306bf' | sha256sum --check
# untrusted comment: Public usign key for 22.03 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/4d017e6f1ed5d616' --create-dirs -o /home/build/usign/4d017e6f1ed5d616 \
&& echo 'f3c5fdf447d7c2743442e68077d60acc7c3e91754849e1f4b6be837b4204b7e2 */home/build/usign/4d017e6f1ed5d616' | sha256sum --check

6
.circleci/README
View File

@ -1,6 +0,0 @@
# Build/update the docker image
docker pull debian:10
docker build --rm -t docker.io/openwrtorg/packages-cci:latest .
docker tag <IMAGE ID> docker.io/openwrtorg/packages-cci:<VERSION-TAG>
docker push docker.io/openwrtorg/packages-cci

182
.circleci/config.yml
View File

@ -1,182 +0,0 @@
version: 2.0
jobs:
build:
docker:
- image: docker.io/openwrtorg/packages-cci:v1.0.7
environment:
- SDK_HOST: "downloads.openwrt.org"
- SDK_PATH: "snapshots/targets/ath79/generic"
- SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz"
- BRANCH: "master"
steps:
- checkout:
path: ~/openwrt_packages
- run:
name: Check changes / verify commits
working_directory: ~/openwrt_packages
command: |
cat >> $BASH_ENV <<EOF
echo_red() { printf "\033[1;31m\$*\033[m\n"; }
echo_green() { printf "\033[1;32m\$*\033[m\n"; }
echo_blue() { printf "\033[1;34m\$*\033[m\n"; }
EOF
source $BASH_ENV
RET=0
for commit in $(git rev-list HEAD ^origin/$BRANCH); do
echo_blue "=== Checking commit '$commit'"
if git show --format='%P' -s $commit | grep -qF ' '; then
echo_red "Pull request should not include merge commits"
RET=1
fi
author="$(git show -s --format=%aN $commit)"
if echo $author | grep -q '\S\+\s\+\S\+'; then
echo_green "Author name ($author) seems ok"
else
echo_red "Author name ($author) need to be your real name 'firstname lastname'"
RET=1
fi
subject="$(git show -s --format=%s $commit)"
if echo "$subject" | grep -q -e '^[0-9A-Za-z,+/_-]\+: ' -e '^Revert '; then
echo_green "Commit subject line seems ok ($subject)"
else
echo_red "Commit subject line MUST start with '<package name>: ' ($subject)"
RET=1
fi
body="$(git show -s --format=%b $commit)"
sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)"
if echo "$body" | grep -qF "$sob"; then
echo_green "Signed-off-by match author"
else
echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')"
RET=1
fi
done
exit $RET
- run:
name: Download the SDK
working_directory: ~/sdk
command: |
curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true
if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then
echo_red "Missing sha256sums signature files"
exit 1
fi
[ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums
if [ -f sha256sums.sig ]; then
VERIFIED=
for KEY in ~/usign/*; do
echo "Trying $KEY..."
if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then
echo "...verified"
VERIFIED=1
break
fi
done
if [ -z "$VERIFIED" ]; then
echo_red "Could not verify usign signature"
exit 1
fi
fi
rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" .
sha256sum -c --ignore-missing sha256sums
- run:
name: Prepare build_dir
working_directory: ~/build_dir
command: |
tar Jxf ~/sdk/$SDK_FILE --strip=1
touch .config
make prepare-tmpinfo scripts/config/conf
./scripts/config/conf --defconfig=.config Config.in
make prereq
rm .config
cat > feeds.conf <<EOF
src-git base https://github.com/openwrt/openwrt.git;$BRANCH
src-link packages $HOME/openwrt_packages
src-git luci https://github.com/openwrt/luci.git;$BRANCH
EOF
cat feeds.conf
./scripts/feeds update -a > /dev/null
make defconfig > /dev/null
# enable BUILD_LOG
sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config
- run:
name: Install & download source, check package, compile
working_directory: ~/build_dir
command: |
set +o pipefail
PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -Ev '/files/|/src/' | awk -F/ '{ print $(NF-1) }')
if [ -z "$PKGS" ] ; then
echo_blue "WARNING: No new or modified packages found!"
exit 0
fi
echo_blue "=== Found new/modified packages: $PKGS"
for PKG in $PKGS ; do
echo_blue "===+ Install: $PKG"
./scripts/feeds install "$PKG"
echo_blue "===+ Download: $PKG"
make "package/$PKG/download" V=s
echo_blue "===+ Check package: $PKG"
make "package/$PKG/check" V=s 2>&1 | tee logtmp
RET=${PIPESTATUS[0]}
if [ $RET -ne 0 ]; then
echo_red "=> Package check failed: $RET)"
exit $RET
fi
badhash_msg="HASH does not match "
badhash_msg+="|HASH uses deprecated hash,"
badhash_msg+="|HASH is missing,"
if grep -qE "$badhash_msg" logtmp; then
echo_red "=> Package HASH check failed"
exit 1
fi
echo_green "=> Package check OK"
done
make \
-f .config \
-f tmp/.packagedeps \
-f <(echo '$(info $(sort $(package-y) $(package-m)))'; echo -en 'a:\n\t@:') \
| tr ' ' '\n' >enabled-package-subdirs.txt
for PKG in $PKGS ; do
if ! grep -m1 -qE "(^|/)$PKG$" enabled-package-subdirs.txt; then
echo_red "===+ Building: $PKG skipped. It cannot be enabled with $SDK_FILE"
continue
fi
echo_blue "===+ Building: $PKG"
make "package/$PKG/compile" -j3 V=s || {
RET=$?
echo_red "===+ Building: $PKG failed, rebuilding with -j1 for human readable error log"
make "package/$PKG/compile" -j1 V=s; exit $RET
}
done
- store_artifacts:
path: ~/build_dir/logs
- store_artifacts:
path: ~/build_dir/bin
workflows:
version: 2
buildpr:
jobs:
- build:
filters:
branches:
ignore: master

6
admin/syslog-ng/Makefile
View File

@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=syslog-ng
PKG_VERSION:=4.6.0
PKG_RELEASE:=2
PKG_VERSION:=4.7.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
PKG_HASH:=b69e3360dfb96a754a4e1cbead4daef37128b1152a23572356db4ab64a475d4f
PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1

2
admin/syslog-ng/files/syslog-ng.conf
View File

@ -1,7 +1,7 @@
# Collect all local logs into a single file /var/log/messages.
# See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
@version: 4.6
@version: 4.7
@include "scl.conf"
options {

2
libs/hyperscan/Makefile
View File

@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=hyperscan
PKG_VERSION:=5.4.2
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/intel/hyperscan/tar.gz/v$(PKG_VERSION)?

56
libs/hyperscan/patches/0001-CMakeLists.txt-hack-for-our-build-system.patch Normal file
View File

@ -0,0 +1,56 @@
From c5a983652a2bbbc029961affd2996459e45b5336 Mon Sep 17 00:00:00 2001
From: John Audia <therealgraysky@proton.me>
Date: Sat, 20 Apr 2024 13:29:49 -0400
Subject: [PATCH] CMakeLists.txt: hack for our build system
If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass. This patch hacks
the file to set to the correct value.
Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216
https://github.com/intel/hyperscan/issues/431
---
CMakeLists.txt | 29 +----------------------------
1 file changed, 1 insertion(+), 28 deletions(-)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -183,34 +183,7 @@ else()
endforeach ()
if (CMAKE_COMPILER_IS_GNUCC)
- message(STATUS "gcc version ${CMAKE_C_COMPILER_VERSION}")
- # If gcc doesn't recognise the host cpu, then mtune=native becomes
- # generic, which isn't very good in some cases. march=native looks at
- # cpuid info and then chooses the best microarch it can (and replaces
- # the flag), so use that for tune.
-
- # arg1 might exist if using ccache
- string (STRIP "${CMAKE_C_COMPILER_ARG1}" CC_ARG1)
- set (EXEC_ARGS ${CC_ARG1} -c -Q --help=target -march=native -mtune=native)
- execute_process(COMMAND ${CMAKE_C_COMPILER} ${EXEC_ARGS}
- OUTPUT_VARIABLE _GCC_OUTPUT)
- string(FIND "${_GCC_OUTPUT}" "march" POS)
- string(SUBSTRING "${_GCC_OUTPUT}" ${POS} -1 _GCC_OUTPUT)
- string(REGEX REPLACE "march=[ \t]*([^ \n]*)[ \n].*" "\\1"
- GNUCC_ARCH "${_GCC_OUTPUT}")
-
- # test the parsed flag
- set (EXEC_ARGS ${CC_ARG1} -E - -mtune=${GNUCC_ARCH})
- execute_process(COMMAND ${CMAKE_C_COMPILER} ${EXEC_ARGS}
- OUTPUT_QUIET ERROR_QUIET
- INPUT_FILE /dev/null
- RESULT_VARIABLE GNUCC_TUNE_TEST)
- if (NOT GNUCC_TUNE_TEST EQUAL 0)
- message(SEND_ERROR "Something went wrong determining gcc tune: -mtune=${GNUCC_ARCH} not valid")
- endif()
- set(TUNE_FLAG ${GNUCC_ARCH})
- else ()
- set(TUNE_FLAG native)
+ set(TUNE_FLAG x86-64-v2)
endif()
# compiler version checks TODO: test more compilers

2
net/banip/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.9.5
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

8
net/banip/files/README.md
View File

@ -15,7 +15,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
| adguard | adguard IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| adguardtrackers | adguardtracker IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| antipopads | antipopads IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| asn | ASN segments | | | x | tcp: 80, 443 | [Link](https://asn.ipinfo.app) |
| asn | ASN segments | x | x | x | | [Link](https://asn.ipinfo.app) |
| backscatterer | backscatterer IPs | x | x | | | [Link](https://www.uceprotect.net/en/index.php) |
| becyber | malicious attacker IPs | x | x | | | [Link](https://github.com/duggytuxy/malicious_ip_addresses) |
| binarydefense | binary defense banlist | x | x | | | [Link](https://iplists.firehol.org/?ipset=bds_atif) |
@ -114,7 +114,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
* If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs (see the options reference below)
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs, see the options reference table below
## banIP CLI interface
* All important banIP functions are accessible via CLI.
@ -428,12 +428,12 @@ A valid JSON source object contains the following information, e.g.:
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "tor exit nodes",
"flag": "tcp 80-89 443"
"flag": "gz tcp 80-88 udp 50000"
},
[...]
```
Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.
## Support
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>

50
net/banip/files/banip-functions.sh
View File

@ -595,24 +595,30 @@ f_etag() {
# build initial nft file with base table, chains and rules
#
f_nftinit() {
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc allow_proto allow_dport flag file="${1}"
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc flag tmp_proto tmp_port allow_dport file="${1}"
wan_dev="$(printf "%s" "${ban_dev}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
[ -n "${ban_vlanallow}" ] && vlan_allow="$(printf "%s" "${ban_vlanallow%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
[ -n "${ban_vlanblock}" ] && vlan_block="$(printf "%s" "${ban_vlanblock%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
for flag in ${ban_allowflag}; do
if [ -z "${allow_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
allow_proto="${flag}"
elif [ -n "${allow_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${allow_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ -z "${allow_dport}" ]; then
allow_dport="${flag}"
else
allow_dport="${allow_dport}, ${flag}"
if [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
if [ -z "${tmp_proto}" ]; then
tmp_proto="${flag}"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
elif [ -n "${flag//[![:digit]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_port="${tmp_port}, ${flag}"
fi
fi
done
[ -n "${allow_dport}" ] && allow_dport="${allow_proto} dport { ${allow_dport} }"
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
allow_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
fi
if [ "${ban_logprerouting}" = "1" ]; then
log_icmp="log level ${ban_nftloglevel} prefix \"banIP/pre-icmp/drop: \""
@ -697,7 +703,7 @@ f_nftinit() {
#
f_down() {
local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_proto feed_dport feed_target
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_target feed_dport tmp_proto tmp_port flag
local feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}"
start_ts="$(date +%s)"
@ -756,19 +762,25 @@ f_down() {
# prepare feed flags
#
for flag in ${feed_flag}; do
if [ "${flag}" = "gz" ] && ! printf "%s" "${feed_comp}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ "${flag}" = "gz" ]; then
feed_comp="${flag}"
elif [ -z "${feed_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
feed_proto="${flag}"
elif [ -n "${feed_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${feed_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ -z "${feed_dport}" ]; then
feed_dport="${flag}"
else
feed_dport="${feed_dport}, ${flag}"
elif [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
if [ -z "${tmp_proto}" ]; then
tmp_proto="${flag}"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
elif [ -n "${flag//[![:digit]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_port="${tmp_port}, ${flag}"
fi
fi
done
[ -n "${feed_dport}" ] && feed_dport="${feed_proto} dport { ${feed_dport} }"
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
feed_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
fi
# chain/rule maintenance
#

3
net/banip/files/banip.feeds
View File

@ -36,8 +36,7 @@
"url_6": "https://asn.ipinfo.app/api/text/list/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "ASN IP segments",
"flag": "tcp 80 443"
"descr": "ASN IP segments"
},
"backscatterer":{
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz",

39
net/jool/files/readme.md
View File

@ -1,28 +1,35 @@
# [Jool](https://www.jool.mx)
# [Jool](https://nicmx.github.io/Jool/en/index.html)
## Documentation
[See here](https://www.jool.mx/en/documentation.html).
[See here](https://nicmx.github.io/Jool/en/documentation.html).
You might also want to see [contact info](https://www.jool.mx/en/contact.html).
You might also want to see [contact info](https://nicmx.github.io/Jool/en/contact.html).
## Usage
### Start script
This package includes a start script that will:
1. Read the configuration file `/etc/config/jool`
2. Determine what services are active
3. Run jool with procd
For now this means that:
* The services will be disabled by default in the uci config `(/etc/config/jool)`
* The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
* There is no uci support and configuration will be saved at `/etc/jool/*
* Only one instance of jool(nat64) can run with the boot script
* Only one instance of jool(siit) can run with the boot script
* For now there is no way of overriding of the configuration file's paths
1. Read the configuration file `/etc/config/jool`
2. Determine what services are active
3. Run `jool` with procd
The configuration files the startup script useses for each jool instance are:
* jool(nat64): `/etc/jool/jool-nat64.conf.json`
* jool(siit): `/etc/jool/jool-siit.conf.json`
### For now this means that
- The services will be disabled by default in the uci config `(/etc/config/jool)`
- The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
- There is no uci support and configuration will be saved at `/etc/jool/`
- Only one instance of jool(nat64) can run with the boot script
- Only one instance of jool(siit) can run with the boot script
- For now there is no way of overriding of the configuration file's paths
The configuration files the startup script uses for each jool instance are:
- jool(nat64): `/etc/jool/jool-nat64.conf.json`
- jool(siit): `/etc/jool/jool-siit.conf.json`
### OpenWrt tutorial
For a more detailed tutorial refer to this [wiki page](https://openwrt.org/docs/guide-user/network/ipv6/nat64).