From f32e77cfe63a72925b37dc4064b8500e1744aca2 Mon Sep 17 00:00:00 2001 From: Fabian Lipken Date: Tue, 3 Dec 2024 10:25:32 +0100 Subject: [PATCH 01/22] python-pycares: bump to 4.5.0 Signed-off-by: Fabian Lipken --- lang/python/python-pycares/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-pycares/Makefile b/lang/python/python-pycares/Makefile index f16e2b1e38..fe249bd875 100644 --- a/lang/python/python-pycares/Makefile +++ b/lang/python/python-pycares/Makefile @@ -2,11 +2,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-pycares -PKG_VERSION:=4.4.0 +PKG_VERSION:=4.5.0 PKG_RELEASE:=1 PYPI_NAME:=pycares -PKG_HASH:=f47579d508f2f56eddd16ce72045782ad3b1b3b678098699e2b6a1b30733e1c2 +PKG_HASH:=025b6c2ffea4e9fb8f9a097381c2fecb24aff23fbd6906e70da22ec9ba60e19d PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE From 56a2f619d6b6c8580fff563bf9757f1d76a868d0 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Wed, 4 Dec 2024 17:08:54 +0000 Subject: [PATCH 02/22] libdrm: fix architecture dependencies of sub-packages drm_intel should depend on i386||i686 (x86 doesn't exist). drm_etnaviv is available on RISC-V as well. Fixes: e092819cd ("libdrm: split into sub-packages") Signed-off-by: Daniel Golle --- libs/libdrm/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libs/libdrm/Makefile b/libs/libdrm/Makefile index fa63022bc5..94e9cfd1b0 100644 --- a/libs/libdrm/Makefile +++ b/libs/libdrm/Makefile @@ -66,7 +66,7 @@ endef define Package/libdrm-etnaviv $(call Package/libdrm/Default) TITLE+= for Vivante GPUs - DEPENDS:=+libdrm @(arm||aarch64||mips||mipsel||mips64||mips64el) + DEPENDS:=+libdrm @(arm||aarch64||mips||mipsel||mips64||mips64el||riscv64) endef define Package/libdrm-etnaviv/description @@ -78,8 +78,7 @@ endef define Package/libdrm-intel $(call Package/libdrm/Default) TITLE+= for Intel integrated GPUs - DEPENDS:=+libdrm +libpciaccess @(x86||x86_64) - + DEPENDS:=+libdrm +libpciaccess @(i386||i686||x86_64) endef define Package/libdrm-intel/description From c487146f173318ffb13dbc25f4c32789ebcfab23 Mon Sep 17 00:00:00 2001 From: Antonio Pastor Date: Thu, 5 Dec 2024 19:05:46 -0500 Subject: [PATCH 03/22] netatalk: Update to 4.0.7 Maintainer: Antonio Pastor / @APCCV Compile tested: ipq806x (24.10-rc2, snapshot) Run tested: ipq806x - C2600 (snapshot): install apk, start/stop sfpd service & review logs Description: Bump to version 4.0.7 Signed-off-by: Antonio Pastor --- net/netatalk/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netatalk/Makefile b/net/netatalk/Makefile index ae3c74035b..43aadc1932 100644 --- a/net/netatalk/Makefile +++ b/net/netatalk/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netatalk -PKG_VERSION:=4.0.4 +PKG_VERSION:=4.0.7 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@SF/netatalk -PKG_HASH:=3234ed4aee2dff05319544eec53eda232ecc94742c5cbee39376899551351219 +PKG_HASH:=64ab20c888de061468c4b49dcb703a68c31b6157b3957557f8d302558f0c4c21 PKG_MAINTAINER:=Antonio Pastor PKG_LICENSE:=GPL-2.0-or-later From beebdba29e4ba8c9ee34bf30f331f65162a72eb8 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Fri, 6 Dec 2024 03:10:17 +0000 Subject: [PATCH 04/22] adblock-fast: bugfix: dnsmasq instances confdir hack * temporary hack until https://github.com/openwrt/openwrt/pull/16806 is merged Signed-off-by: Stan Grishin --- net/adblock-fast/Makefile | 2 +- net/adblock-fast/files/etc/init.d/adblock-fast | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/net/adblock-fast/Makefile b/net/adblock-fast/Makefile index 34ba798be9..a70f211aba 100644 --- a/net/adblock-fast/Makefile +++ b/net/adblock-fast/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock-fast PKG_VERSION:=1.1.2 -PKG_RELEASE:=16 +PKG_RELEASE:=18 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=AGPL-3.0-or-later diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast index 0af3f3d249..81bca4e0b0 100755 --- a/net/adblock-fast/files/etc/init.d/adblock-fast +++ b/net/adblock-fast/files/etc/init.d/adblock-fast @@ -854,7 +854,12 @@ resolver() { uci_add_list_if_new 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" ;; cleanup|unbound.adb_list) - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' +# shellcheck disable=SC2016 + if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then + config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" + else + config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' + fi rm -f "${confdir}/${dnsmasqConfFile}" "${confdir}/${dnsmasqIpsetFile}" "${confdir}/${dnsmasqNftsetFile}" uci_remove_list 'dhcp' "$cfg" 'addnhosts' "$dnsmasqAddnhostsFile" if [ "$(uci_get 'dhcp' "$cfg" 'serversfile')" = "$dnsmasqServersFile" ]; then @@ -875,13 +880,17 @@ resolver() { ;; esac } -# shellcheck disable=SC2317 +# shellcheck disable=SC2016,SC2317 _dnsmasq_instance_init() { local cfg="$1" param="$2" confdir confdirFile [ -s "/etc/config/dhcp" ] || return 0 case "$param" in dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset) - config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' + if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then + config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" + else + config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' + fi confdirFile="${confdir}/${outputFile}" if ! str_contains "$outputDnsmasqFileList" "$confdirFile"; then outputDnsmasqFileList="${outputDnsmasqFileList:+$outputDnsmasqFileList }${confdirFile}" From ad1b32bc63e6bf5dc19d416bc223540d0c6e5732 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Sat, 7 Dec 2024 02:01:14 +0000 Subject: [PATCH 05/22] pbr: 1.1.7-65 bugfixes and improvements Maintainer: me Compile tested: x86_64, Dell EMC Edge620, OpenWrt 24.10.0-rc2 Run tested: x86_64, Dell EMC Edge620, OpenWrt 24.10.0-rc2 Description: * stop building netifd flavour until netifd isuees are resolved * improve output() * improve inline_set() * improve is_config_enabled() * bugfix is_domain() * improve is_supported_protocol() * improve is_supported_interface() * bugfix is_tor_running() * improve ipv4_leases_to_nftset() * improve ipv6_leases_to_nftset() * add check for ip-full binary on start * bugfix: load environment on boot * bugfix: hack around dnsmasq confdir instances * bugfix: IPv6-related fixes for internet_routing() and status_service() * improve netifd setup by bringing code into the init script from uci-defaults * bugfix: do not attempt to use IPv6 prefixes in pbr.user.aws if IPv6 support is disabled in pbr config Signed-off-by: Stan Grishin --- net/pbr/Makefile | 4 +- net/pbr/files/etc/init.d/pbr | 166 +++++++++++++------ net/pbr/files/etc/uci-defaults/91-pbr-netifd | 50 +----- net/pbr/files/usr/share/pbr/pbr.user.aws | 3 +- 4 files changed, 117 insertions(+), 106 deletions(-) diff --git a/net/pbr/Makefile b/net/pbr/Makefile index 13dcc55990..d540e0a2d7 100644 --- a/net/pbr/Makefile +++ b/net/pbr/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pbr PKG_VERSION:=1.1.7 -PKG_RELEASE:=47 +PKG_RELEASE:=65 PKG_LICENSE:=AGPL-3.0-or-later PKG_MAINTAINER:=Stan Grishin @@ -188,4 +188,4 @@ define Package/pbr-netifd/postrm endef $(eval $(call BuildPackage,pbr)) -$(eval $(call BuildPackage,pbr-netifd)) +# $(eval $(call BuildPackage,pbr-netifd)) diff --git a/net/pbr/files/etc/init.d/pbr b/net/pbr/files/etc/init.d/pbr index 78d2e03b5d..b020c6c1a5 100755 --- a/net/pbr/files/etc/init.d/pbr +++ b/net/pbr/files/etc/init.d/pbr @@ -128,9 +128,9 @@ str_to_lower() { echo "$1" | tr 'A-Z' 'a-z'; } str_to_upper() { echo "$1" | tr 'a-z' 'A-Z'; } # shellcheck disable=SC3060 output() { - local v="${verbosity:-1}" + [ -z "$verbosity" ] && verbosity="$(uci_get "$packageName" 'config' 'verbosity' '1')" [ "$#" -ne '1' ] && { - case "$1" in [0-9]) [ $((v & $1)) -gt 0 ] && shift || return 0;; esac } + case "$1" in [0-9]) [ $((verbosity & $1)) -gt 0 ] && shift || return 0;; esac } local msg="$*" queue="/dev/shm/$packageName-output" [ -t 1 ] && printf "%b" "$msg" [ "$msg" != "${msg//\\n}" ] && { @@ -190,16 +190,14 @@ filter_options() { inline_set() { local value="$1" inline_set i for i in $value; do - [ "${i:0:1}" = "!" ] && i=${i:1} - [ "${i:0:1}" = "@" ] && i=${i:1} - inline_set="${inline_set:+$inline_set, }$i" + inline_set="${inline_set:+$inline_set, }${i#[@\!]}" done echo "$inline_set" } # shellcheck disable=SC2016 is_bad_user_file_nft_call() { grep -q '"\$nft" list' "$1" || grep '"\$nft" -f' "$1"; } -is_config_enabled() { # shellcheck disable=SC2317 +is_config_enabled() { _check_config() { local en; config_get_bool en "$1" 'enabled' '1'; [ "$en" -gt '0' ] && _cfg_enabled=0; } local cfg="$1" _cfg_enabled=1 [ -n "$1" ] || return 1 @@ -207,7 +205,6 @@ is_config_enabled() { config_foreach _check_config "$cfg" return "$_cfg_enabled" } -# shellcheck disable=SC2317 uci_get_device() { local __tmp __tmp="$(uci_get 'network' "$2" 'device')" @@ -217,7 +214,7 @@ uci_get_device() { uci_get_protocol() { uci_get 'network' "$1" 'proto'; } is_default_dev() { [ "$1" = "$(ip -4 r | grep -m1 'dev' | grep -Eso 'dev [^ ]*' | awk '{print $2}')" ]; } is_disabled_interface() { [ "$(uci_get 'network' "$1" 'disabled')" = '1' ]; } -is_domain(){ echo "$1" | grep -qE '^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.)*[a-zA-Z]{2,}$'; } +is_domain(){ echo "$1" | grep -qE '^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}\.)*[a-zA-Z]{2,}$'; } is_dslite() { local p; network_get_protocol p "$1"; [ "${p:0:6}" = "dslite" ]; } is_family_mismatch() { ( is_ipv4 "${1//!}" && is_ipv6 "${2//!}" ) || ( is_ipv6 "${1//!}" && is_ipv4 "${2//!}" ); } is_greater() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } @@ -246,24 +243,13 @@ is_present() { command -v "$1" >/dev/null 2>&1; } is_service_running() { is_service_running_nft; } is_service_running_nft() { [ -x "$nft" ] && [ -n "$(get_mark_nft_chains)" ]; } is_supported_iface_dev() { local n dev; for n in $ifacesSupported; do network_get_device dev "$n"; [ "$1" = "$dev" ] && return 0; done; return 1; } -is_supported_protocol() { grep -o '^[^#]*' /etc/protocols | grep -w -v '0' | grep . | awk '{print $1}' | grep -q "$1"; } +is_supported_protocol(){ grep -qi "^${1:--}" /etc/protocols;} is_pptp() { local p; network_get_protocol p "$1"; [ "${p:0:4}" = "pptp" ]; } is_softether() { local d; network_get_device d "$1"; [ "${d:0:4}" = "vpn_" ]; } -is_supported_interface() { is_lan "$1" && return 1; str_contains_word "$supported_interface" "$1" || { ! is_ignored_interface "$1" && ! is_disabled_interface "$1" && { is_wan "$1" || is_wan6 "$1" || is_tunnel "$1"; }; } || is_ignore_target "$1" || is_xray "$1"; } +is_supported_interface() { { is_lan "$1" || is_disabled_interface "$1"; } && return 1; str_contains_word "$supported_interface" "$1" || { ! is_ignored_interface "$1" && { is_wan "$1" || is_wan6 "$1" || is_tunnel "$1"; }; } || is_ignore_target "$1" || is_xray "$1"; } is_tailscale() { local d; network_get_device d "$1"; [ "${d:0:9}" = "tailscale" ]; } is_tor() { [ "$(str_to_lower "$1")" = "tor" ]; } -is_tor_running() { - local ret=0 - is_ignored_interface 'tor' && return 1 - [ -s "$torConfigFile" ] || return 1 - json_load "$(ubus call service list "{ 'name': 'tor' }")" >/dev/null || return 1 - json_select 'tor' >/dev/null || return 1 - json_select 'instances' >/dev/null || return 1 - json_select 'instance1' >/dev/null || return 1 - json_get_var ret 'running' >/dev/null || return 1 - json_cleanup - if [ "$ret" = "0" ]; then return 1; else return 0; fi -} +is_tor_running() { ! is_ignored_interface 'tor' && [ -s "$torConfigFile" ] && str_contains "$(ubus call service list "{ 'name': 'tor' }" | jsonfilter -e '@.tor.instances.*.running')" 'true' && return 0 || return 1; } is_tunnel() { is_dslite "$1" || is_l2tp "$1" || is_oc "$1" || is_ovpn "$1" || is_pptp "$1" || is_softether "$1" || is_tailscale "$1" || is_tor "$1" || is_wg "$1"; } is_url() { is_url_file "$1" || is_url_dl "$1"; } is_url_dl() { is_url_ftp "$1" || is_url_http "$1" || is_url_https "$1"; } @@ -293,9 +279,9 @@ resolveip_to_nftset() { resolveip "$@" | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d'; } resolveip_to_nftset4() { resolveip_to_nftset -4 "$@"; } resolveip_to_nftset6() { [ -n "$ipv6_enabled" ] && resolveip_to_nftset -6 "$@"; } # shellcheck disable=SC2016 -ipv4_leases_to_nftset() { [ -s '/tmp/dhcp.leases' ] || return 1; grep "$1" '/tmp/dhcp.leases' | awk '{print $3}' | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d' | tr '\n' ' '; } +ipv4_leases_to_nftset(){ [ -s '/tmp/dhcp.leases' ] && awk -v arg="$1" 'BEGIN{fs=""};$0~arg{printf fs$3;fs=","}' /tmp/dhcp.leases;} # shellcheck disable=SC2016 -ipv6_leases_to_nftset() { [ -s '/tmp/hosts/odhcpd' ] || return 1; grep -v '^#' '/tmp/hosts/odhcpd' | grep "$1" | awk '{print $1}' | sed -n 'H;${x;s/\n/,/g;s/^,//;p;};d' | tr '\n' ' '; } +ipv6_leases_to_nftset(){ [ -s '/tmp/hosts/odhcpd' ] && awk -v arg="$1" 'BEGIN{fs=""};$0~arg{printf fs$1;fs=","}' /tmp/hosts/odhcpd;} # shellcheck disable=SC3037 ports_to_nftset() { echo -en "$1"; } get_mark_nft_chains() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null | grep chain | grep "${nftPrefix}_mark_" | awk '{ print $2 }'; } @@ -523,9 +509,9 @@ load_package_config() { } +# shellcheck disable=SC2317 load_environment() { _system_health_check() { -# shellcheck disable=SC2317 _check_dhcp_force() { is_lan "$1" || return 0 if [ "$(uci_get dhcp "$1" force 0)" = '0' ]; then @@ -537,8 +523,10 @@ load_environment() { uci_remove 'firewall' 'defaults' 'auto_includes' uci_commit firewall fi - # TODO: implement ip-full check - # state add 'errorSummary' 'errorRequiredBinaryMissing' 'ip-full' + if [ "$(readlink /sbin/ip)" != "$ip_full" ]; then + state add 'errorSummary' 'errorRequiredBinaryMissing' 'ip-full' + _ret='1' + fi if ! nft_call list table inet fw4; then state add 'errorSummary' 'errorDefaultFw4TableMissing' 'fw4' _ret='1' @@ -561,7 +549,7 @@ load_environment() { } local param="$1" validation_result="$2" case "$param" in - on_start) + on_boot|on_start) output 1 "Loading environment ($param) " load_package_config "$param" if [ "$enabled" -eq '0' ]; then @@ -594,10 +582,9 @@ load_environment() { esac } -load_network() { # shellcheck disable=SC2317 +load_network() { _build_ifaces_supported() { is_supported_interface "$1" && ! str_contains "$ifacesSupported" "$1" && ifacesSupported="${ifacesSupported}${1} "; } -# shellcheck disable=SC2317 _find_firewall_wan_zone() { [ "$(uci_get 'firewall' "$1" 'name')" = "wan" ] && firewallWanZone="$1"; } local i param="$1" local dev4 dev6 @@ -927,7 +914,12 @@ resolver() { _resolver_dnsmasq_confdir() { local cfg="$1" local confdir confdirFile - config_get confdir "$1" 'confdir' '/tmp/dnsmasq.d' +# shellcheck disable=SC2016 + if grep -q 'config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"' '/etc/init.d/dnsmasq'; then + config_get confdir "$cfg" 'confdir' "/tmp/dnsmasq${cfg:+.$cfg}.d" + else + config_get confdir "$cfg" 'confdir' '/tmp/dnsmasq.d' + fi confdirFile="${confdir}/${packageName}" if ! str_contains "$dnsmasqFileList" "$confdirFile"; then dnsmasqFileList="${dnsmasqFileList:+$dnsmasqFileList }${confdirFile}" @@ -1457,7 +1449,7 @@ dns_policy_process() { local filter_list_src_addr='phys_dev phys_dev_negative mac_address mac_address_negative domain domain_negative ipv4 ipv4_negative ipv6 ipv6_negative' local filter_group_src_addr filtered_value_src_addr for filter_group_src_addr in $filter_list_src_addr; do - filtered_value_src_addr=$(filter_options "$filter_group_src_addr" "$src_addr") + filtered_value_src_addr="$(filter_options "$filter_group_src_addr" "$src_addr")" if [ -n "$src_addr" ] && [ -n "$filtered_value_src_addr" ]; then if str_contains "$filter_group_src_addr" 'ipv4' && [ -z "$dest_dns_ipv4" ] ; then continue @@ -1529,11 +1521,11 @@ policy_process() { local filter_group_src_addr filtered_value_src_addr filter_group_dest_addr filtered_value_dest_addr [ -z "$src_addr" ] && filter_list_src_addr='none' for filter_group_src_addr in $filter_list_src_addr; do - filtered_value_src_addr=$(filter_options "$filter_group_src_addr" "$src_addr") + filtered_value_src_addr="$(filter_options "$filter_group_src_addr" "$src_addr")" if [ -z "$src_addr" ] || { [ -n "$src_addr" ] && [ -n "$filtered_value_src_addr" ]; }; then [ -z "$dest_addr" ] && filter_list_dest_addr='none' for filter_group_dest_addr in $filter_list_dest_addr; do - filtered_value_dest_addr=$(filter_options "$filter_group_dest_addr" "$dest_addr") + filtered_value_dest_addr="$(filter_options "$filter_group_dest_addr" "$dest_addr")" if [ -z "$dest_addr" ] || { [ -n "$dest_addr" ] && [ -n "$filtered_value_dest_addr" ]; }; then if str_contains "$filter_group_src_addr" 'ipv4' && str_contains "$filter_group_dest_addr" 'ipv6'; then continue @@ -1573,7 +1565,7 @@ interface_routing() { if [ -n "$ipv6_enabled" ]; then ipv6_error=0 ip -6 rule del table "$tid" prio "$priority" >/dev/null 2>&1 - try ip -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" || ipv6_error=1 + try ip -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv6_error=1 fi else if ! grep -q "$tid ${ipTablePrefix}_${iface}" "$rtTablesFile"; then @@ -1637,7 +1629,7 @@ EOF try ip -6 route add "$(ip -6 -o a show "$dev6" | awk '{print $4}')" dev "$dev6" table "$tid" || ipv6_error=1 try ip -6 route add default dev "$dev6" table "$tid" || ipv6_error=1 fi - try ip -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$((priority-1))" || ipv6_error=1 + try ip -6 rule add fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv6_error=1 fi fi fi @@ -1667,22 +1659,30 @@ EOF return "$s" ;; delete|destroy) - ip rule del table "$tid" prio "$priority" >/dev/null 2>&1 + ip -4 rule del table "$tid" prio "$priority" >/dev/null 2>&1 + ip -6 rule del table "$tid" prio "$priority" >/dev/null 2>&1 if ! is_netifd_table_interface "$iface"; then - ip rule flush table "$tid" >/dev/null 2>&1 - ip route flush table "$tid" >/dev/null 2>&1 + ip -4 rule flush table "$tid" >/dev/null 2>&1 + ip -4 route flush table "$tid" >/dev/null 2>&1 + ip -6 rule flush table "$tid" >/dev/null 2>&1 + ip -6 route flush table "$tid" >/dev/null 2>&1 sed -i "/${ipTablePrefix}_${iface}\$/d" "$rtTablesFile" sync fi return "$s" ;; reload_interface) - ip rule del table "$tid" prio "$priority" >/dev/null 2>&1 + ip -4 rule del table "$tid" prio "$priority" >/dev/null 2>&1 + [ -n "$ipv6_enabled" ] && ip -6 rule del table "$tid" prio "$priority" >/dev/null 2>&1 is_netifd_table_interface "$iface" && return 0; ipv4_error=0 if ! is_netifd_table_interface "$iface"; then - ip rule flush table "$tid" >/dev/null 2>&1 - ip route flush table "$tid" >/dev/null 2>&1 + ip -4 rule flush table "$tid" >/dev/null 2>&1 + ip -4 route flush table "$tid" >/dev/null 2>&1 + if [ -n "$ipv6_enabled" ]; then + ip -6 rule flush table "$tid" >/dev/null 2>&1 + ip -6 route flush table "$tid" >/dev/null 2>&1 + fi fi if [ -n "$gw4" ] || [ "$strict_enforcement" -ne '0' ]; then if [ -z "$gw4" ]; then @@ -1786,15 +1786,15 @@ process_interface() { ip rule add sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1 fi if [ -n "$ipv6_enabled" ] && [ -n "$wanIface6" ]; then - ip rule del sport "$listen_port" table "pbr_${wanIface6}" >/dev/null 2>&1 - ip rule add sport "$listen_port" table "pbr_${wanIface6}" >/dev/null 2>&1 + ip -6 rule del sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1 + ip -6 rule add sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1 fi fi ;; destroy) if [ -n "$listen_port" ]; then ip rule del sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1 - ip rule del sport "$listen_port" table "pbr_${wanIface6}" >/dev/null 2>&1 + ip -6 rule del sport "$listen_port" table "pbr_${wanIface4}" >/dev/null 2>&1 fi ;; esac @@ -1887,7 +1887,8 @@ process_interface() { displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}" displayText="${iface}/${dispDev:+$dispDev/}${dispGw4}${ipv6_enabled:+/$dispGw6}" output 2 "Removing routing for '$displayText' " - interface_routing 'destroy' "${ifaceTableID}" "${ifaceMark}" "${iface}" + #interface_routing 'destroy' "${ifaceTableID}" "${ifaceMark}" "${iface}" + interface_routing 'destroy' "$ifaceTableID" "$ifaceMark" "$iface" "$gw4" "$dev" "$gw6" "$dev6" "$ifacePriority" if is_netifd_table_interface "$iface"; then output_okb; else output_ok; fi ;; reload) @@ -2227,6 +2228,57 @@ stop_service() { version() { echo "$PKG_VERSION"; } +# shellcheck disable=SC2317 +setup_netifd() { + local param="$1" + _pbr_iface_setup() { + local iface="${1}" param="$2" tid + if is_supported_interface "${iface}"; then + output "Setting up ${packageName} routing tables for ${iface} ${param:+($param) }" + tid="$(get_rt_tables_next_id)" + if ! grep -q "$tid ${ipTablePrefix}_${iface%6}" "$rtTablesFile"; then + sed -i "/${ipTablePrefix}_${iface%6}/d" "$rtTablesFile" + echo "$tid ${ipTablePrefix}_${iface%6}" >> "$rtTablesFile" + sync + fi + uci_set 'network' "${iface}" 'ip4table' "${ipTablePrefix}_${iface%6}" + uci_set 'network' "${iface}" 'ip6table' "${ipTablePrefix}_${iface%6}" + output_okbn + fi + } + _pbr_default_route_setup() { + local iface iface6 param="$1" + iface="$(uci_get 'pbr' 'config' 'procd_wan_interface')" + iface6="$(uci_get 'pbr' 'config' 'procd_wan6_interface')" + [ -z "$iface" ] && { network_flush_cache; network_find_wan iface; } + [ -z "$iface6" ] && { network_flush_cache; network_find_wan6 iface6; } + output "Setting up ${packageName} default route for ${iface:-wan} ${param:+($param) }" + uci -q delete network.default || true # remove manual default route + uci -q delete network.pbr_default || true + uci_add network rule pbr_default + uci_set network pbr_default lookup "pbr_${iface:-wan}" + uci_set network pbr_default priority "40000" + output_okbn + output "Setting up ${packageName} default route for ${iface6:-wan6} ${param:+($param) }" + uci -q delete network.default6 || true # remove manual default route + uci -q delete network.pbr_default6 || true + uci_add network rule6 pbr_default6 + uci_set network pbr_default6 lookup "pbr_${iface6:-wan6}" + uci_set network pbr_default6 priority "40000" + output_okbn + } + sed -i "/${ipTablePrefix}_/d" "$rtTablesFile" + sync + config_load 'network' + config_foreach _pbr_iface_setup 'interface' "$param" + _pbr_default_route_setup "$param" + uci_commit 'network' + sync + output "Restarting network ${param:+($param) }" + /etc/init.d/network restart + output_okn +} + status_service() { local i dev dev6 wan_tid @@ -2237,8 +2289,8 @@ status_service() { fi if [ -n "$wanIface6" ]; then network_get_device dev6 "$wanIface6" - wanGW6=$(ip -6 route show | grep -m1 " dev $dev6 " | awk '{print $1}') - [ "$wanGW6" = "default" ] && wanGW6=$(ip -6 route show | grep -m1 " dev $dev6 " | awk '{print $3}') + wanGW6="$(ip -6 route show | grep -m1 " dev $dev6 " | awk '{print $1}')" + [ "$wanGW6" = "default" ] && wanGW6="$(ip -6 route show | grep -m1 " dev $dev6 " | awk '{print $3}')" fi while [ "${1:0:1}" = "-" ]; do param="${1//-/}"; eval "set_$param=1"; shift; done [ -e "/var/${packageName}-support" ] && rm -f "/var/${packageName}-support" @@ -2283,14 +2335,20 @@ status_service() { tableCount="$(grep -c "${packageName}_" "$rtTablesFile")" || tableCount=0 wan_tid=$(($(get_rt_tables_next_id)-tableCount)) i=0; while [ "$i" -lt "$tableCount" ]; do - echo "IPv4 table $((wan_tid + i)) route: $(ip -4 route show table $((wan_tid + i)) | grep default)" - echo "IPv4 table $((wan_tid + i)) rule(s):" + local status_table + status_table="$(grep $((wan_tid + i)) "$rtTablesFile")" + echo "IPv4 table $status_table route:" + ip -4 route show table "$((wan_tid + i))" | grep default + echo "IPv4 table $status_table rule(s):" ip -4 rule list table "$((wan_tid + i))" - if [ -n "$ipv6_enabled" ]; then - echo "IPv6 table $((wan_tid + i)) route: $(ip -6 route show table $((wan_tid + i)) | grep default)" - echo "IPv6 table $((wan_tid + i)) rule(s):" - ip -6 route show table $((wan_tid + i)) + if [ "$(uci_get "$packageName" config ipv6_enabled)" = "1" ]; then + echo "$_SEPARATOR_" + echo "IPv6 table $status_table route:" + ip -6 route show table "$((wan_tid + i))" | grep default + echo "IPv6 table $status_table rule(s):" + ip -6 rule list table "$((wan_tid + i))" fi + echo "$_SEPARATOR_" i=$((i + 1)) done } diff --git a/net/pbr/files/etc/uci-defaults/91-pbr-netifd b/net/pbr/files/etc/uci-defaults/91-pbr-netifd index a33c208ebe..42706d745a 100644 --- a/net/pbr/files/etc/uci-defaults/91-pbr-netifd +++ b/net/pbr/files/etc/uci-defaults/91-pbr-netifd @@ -9,54 +9,6 @@ else printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile" fi -# shellcheck disable=SC2317 -pbr_iface_setup() { - local iface="${1}" tid - if is_supported_interface "${iface}"; then - output "Setting up ${packageName} routing tables for ${iface} " - tid="$(get_rt_tables_next_id)" - if ! grep -q "$tid ${ipTablePrefix}_${iface%6}" "$rtTablesFile"; then - sed -i "/${ipTablePrefix}_${iface%6}/d" "$rtTablesFile" - echo "$tid ${ipTablePrefix}_${iface%6}" >> "$rtTablesFile" - sync - fi - uci_set 'network' "${iface}" 'ip4table' "${ipTablePrefix}_${iface%6}" - uci_set 'network' "${iface}" 'ip6table' "${ipTablePrefix}_${iface%6}" - output_okbn - fi -} - -pbr_default_route_setup() { - local iface iface6 - iface="$(uci_get 'pbr' 'config' 'procd_wan_interface')" - iface6="$(uci_get 'pbr' 'config' 'procd_wan6_interface')" - [ -z "$iface" ] && { network_flush_cache; network_find_wan iface; } - [ -z "$iface6" ] && { network_flush_cache; network_find_wan6 iface6; } - output "Setting up ${packageName} default route for ${iface:-wan} " - uci -q delete network.default || true # remove manual default route - uci -q delete network.pbr_default || true - uci_add network rule pbr_default - uci_set network pbr_default lookup "pbr_${iface:-wan}" - uci_set network pbr_default priority "40000" - output_okbn - output "Setting up ${packageName} default route for ${iface6:-wan6} " - uci -q delete network.default6 || true # remove manual default route - uci -q delete network.pbr_default6 || true - uci_add network rule6 pbr_default6 - uci_set network pbr_default6 lookup "pbr_${iface6:-wan6}" - uci_set network pbr_default6 priority "40000" - output_okbn -} - -sed -i "/${ipTablePrefix}_/d" "$rtTablesFile" -sync -config_load 'network' -config_foreach pbr_iface_setup 'interface' -pbr_default_route_setup -uci_commit 'network' -sync -output "Restarting network... " -/etc/init.d/network restart -output_okn +setup_netifd 'on_install' exit 0 diff --git a/net/pbr/files/usr/share/pbr/pbr.user.aws b/net/pbr/files/usr/share/pbr/pbr.user.aws index 8efcc0dea1..a6af01e00e 100644 --- a/net/pbr/files/usr/share/pbr/pbr.user.aws +++ b/net/pbr/files/usr/share/pbr/pbr.user.aws @@ -13,8 +13,9 @@ mkdir -p "${TARGET_DL_FILE%/*}" uclient-fetch --no-check-certificate -qO- "$TARGET_URL" | \ gzip > "$TARGET_DL_FILE" -[ "$(uci get pbr.config.ipv6_enabled)" = "1" ] && vers="4 6" || vers="4" +[ -s "$TARGET_DL_FILE" ] || return 1 +[ "$(uci get pbr.config.ipv6_enabled)" = "1" ] && vers="4 6" || vers="4" for ver in $vers;do case "$ver" in 4) search='@.prefixes[*].ip_prefix';; From 814578498f5f1600a7afe89ddfb3dde530ad6c02 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Sun, 8 Dec 2024 01:50:50 +0100 Subject: [PATCH 06/22] dhtd: update to 1.0.5 Signed-off-by: Moritz Warning --- net/dhtd/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dhtd/Makefile b/net/dhtd/Makefile index a8f7f55f3f..76803d6b9a 100644 --- a/net/dhtd/Makefile +++ b/net/dhtd/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dhtd -PKG_VERSION:=1.0.4 +PKG_VERSION:=1.0.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/mwarning/dhtd/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=77b106fb05a2b7c5bb777513cf47a8f2b729672520d9772ffe82b86036b45d0f +PKG_HASH:=2b88977c474f35b611124bed226648dfc7fb98fd0e922360e8b8d42443028fa5 PKG_MAINTAINER:=Moritz Warning PKG_LICENSE:=MIT From 5b058c9949b3e3adcbc35347aa1acc40c3442e2c Mon Sep 17 00:00:00 2001 From: Andrea Pesaresi Date: Sat, 7 Dec 2024 10:29:09 +0100 Subject: [PATCH 07/22] ksmbd-tools: update to version 3.5.3 - manually refresh patch 030-glib.patch Major changes are: fix adduser / addshare prompting on musl libc fix use of veto files as global share parameter lookup primary group and don't recurse in ksmbd.conf @group handling fix a leak and an intermittent auth failure in Kerberos 5 add global parameter kerberos support detailed changelog here: https://github.com/cifsd-team/ksmbd-tools/releases/tag/3.5.3 Signed-off-by: Andrea Pesaresi --- net/ksmbd-tools/Makefile | 4 ++-- net/ksmbd-tools/patches/030-glib.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile index 4c1b85663b..a08fe368cb 100644 --- a/net/ksmbd-tools/Makefile +++ b/net/ksmbd-tools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd-tools -PKG_VERSION:=3.5.2 +PKG_VERSION:=3.5.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cifsd-team/ksmbd-tools/releases/download/$(PKG_VERSION) -PKG_HASH:=5da7fb4cb4368f9abf56f6f9fbc17b25e387876bed9ff7ee0d6f1140ef07c8d7 +PKG_HASH:=e8d55cc53825170d7e5213d48a92b8251dc0d1351601283f6d0995cfd789b4d0 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING diff --git a/net/ksmbd-tools/patches/030-glib.patch b/net/ksmbd-tools/patches/030-glib.patch index 49809e9c60..4b9d7a4518 100644 --- a/net/ksmbd-tools/patches/030-glib.patch +++ b/net/ksmbd-tools/patches/030-glib.patch @@ -3,7 +3,7 @@ @@ -21,6 +21,7 @@ include_dirs = include_directories( glib_dep = dependency( 'glib-2.0', - version: '>= 2.44', + version: '>= 2.58', + static: true, ) libnl_dep = dependency( From 7db7fd2aea53689eeb9252b3edf6f8f2fefb5e54 Mon Sep 17 00:00:00 2001 From: Austin Lane Date: Thu, 5 Dec 2024 00:44:58 -0500 Subject: [PATCH 08/22] python-chardet: add hostbuild Signed-off-by: Austin Lane --- lang/python/python-chardet/Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lang/python/python-chardet/Makefile b/lang/python/python-chardet/Makefile index 8f9703cd5f..c2d6b5f9a9 100644 --- a/lang/python/python-chardet/Makefile +++ b/lang/python/python-chardet/Makefile @@ -9,15 +9,19 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-chardet PKG_VERSION:=5.2.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=LGPL-2.1 PYPI_NAME:=chardet PKG_HASH:=1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 +HOST_BUILD_DEPENDS:=python3/host python-build/host python-installer/host python-wheel/host + include ../pypi.mk include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk include ../python3-package.mk +include ../python3-host-build.mk define Package/python3-chardet SUBMENU:=Python @@ -45,3 +49,4 @@ endef $(eval $(call Py3Package,python3-chardet)) $(eval $(call BuildPackage,python3-chardet)) $(eval $(call BuildPackage,python3-chardet-src)) +$(eval $(call HostBuild)) From 6bb68d4682d6c79145e7131666da9588ab6c354d Mon Sep 17 00:00:00 2001 From: Austin Lane Date: Thu, 5 Dec 2024 00:46:48 -0500 Subject: [PATCH 09/22] python-idna: add hostbuild Signed-off-by: Austin Lane --- lang/python/python-idna/Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lang/python/python-idna/Makefile b/lang/python/python-idna/Makefile index 33129b03a8..7d6c1234e6 100644 --- a/lang/python/python-idna/Makefile +++ b/lang/python/python-idna/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-idna PKG_VERSION:=3.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PYPI_NAME:=idna PKG_HASH:=9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca @@ -19,10 +19,13 @@ PKG_LICENSE_FILES:=LICENSE.md PKG_MAINTAINER:=Jeffery To PKG_BUILD_DEPENDS:=python-flit-core/host +HOST_BUILD_DEPENDS:=python3/host python-build/host python-installer/host python-flit-core/host include ../pypi.mk include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk include ../python3-package.mk +include ../python3-host-build.mk define Package/python3-idna SECTION:=lang @@ -43,3 +46,4 @@ endef $(eval $(call Py3Package,python3-idna)) $(eval $(call BuildPackage,python3-idna)) $(eval $(call BuildPackage,python3-idna-src)) +$(eval $(call HostBuild)) From 955976cee7e442e02a2bb6be132e7213d5285fdf Mon Sep 17 00:00:00 2001 From: Austin Lane Date: Thu, 5 Dec 2024 00:41:21 -0500 Subject: [PATCH 10/22] python-certifi: add hostbuild Signed-off-by: Austin Lane --- lang/python/python-certifi/Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lang/python/python-certifi/Makefile b/lang/python/python-certifi/Makefile index f31d34d243..4d5b02d039 100644 --- a/lang/python/python-certifi/Makefile +++ b/lang/python/python-certifi/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-certifi PKG_VERSION:=2024.2.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_MAINTAINER:=Eneas U de Queiroz PKG_LICENSE:=MPL-2.0 @@ -16,9 +16,13 @@ PKG_LICENSE_FILES:=LICENSE PYPI_NAME:=certifi PKG_HASH:=0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f +HOST_BUILD_DEPENDS:=python3/host python-build/host python-installer/host python-wheel/host + include ../pypi.mk include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk include ../python3-package.mk +include ../python3-host-build.mk define Package/python3-certifi SUBMENU:=Python @@ -38,3 +42,4 @@ endef $(eval $(call Py3Package,python3-certifi)) $(eval $(call BuildPackage,python3-certifi)) $(eval $(call BuildPackage,python3-certifi-src)) +$(eval $(call HostBuild)) From 77a7324de54e175029fa7ad051a3a17d1806e03e Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 4 Dec 2024 13:33:13 +0800 Subject: [PATCH 11/22] microsocks: backport upstream fixes Fix segmentation fault with newer musl and improve throughput. Signed-off-by: Tianling Shen --- net/microsocks/Makefile | 2 +- ...use-a-bigger-thread-stack-by-default.patch | 24 ++++ ...bout-shadow-declaration-of-bind_addr.patch | 22 ++++ ...hput-in-copyloop-using-bigger-buffer.patch | 114 ++++++++++++++++++ 4 files changed, 161 insertions(+), 1 deletion(-) create mode 100644 net/microsocks/patches/001-use-a-bigger-thread-stack-by-default.patch create mode 100644 net/microsocks/patches/002-mute-warning-about-shadow-declaration-of-bind_addr.patch create mode 100644 net/microsocks/patches/003-improve-throughput-in-copyloop-using-bigger-buffer.patch diff --git a/net/microsocks/Makefile b/net/microsocks/Makefile index 79eea2e6af..b2adbc20c1 100644 --- a/net/microsocks/Makefile +++ b/net/microsocks/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=microsocks PKG_VERSION:=1.0.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/rofl0r/microsocks/tar.gz/v$(PKG_VERSION)? diff --git a/net/microsocks/patches/001-use-a-bigger-thread-stack-by-default.patch b/net/microsocks/patches/001-use-a-bigger-thread-stack-by-default.patch new file mode 100644 index 0000000000..3defe5db23 --- /dev/null +++ b/net/microsocks/patches/001-use-a-bigger-thread-stack-by-default.patch @@ -0,0 +1,24 @@ +From c81760cc3f1b6db22c7c9694efe7f3be115c2caf Mon Sep 17 00:00:00 2001 +From: rofl0r +Date: Fri, 17 May 2024 14:38:16 +0000 +Subject: [PATCH] use a bigger thread stack by default + +apparently newer musl versions require more stack for the TCP-based +DNS resolver. + +closes #73 +--- + sockssrv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sockssrv.c ++++ b/sockssrv.c +@@ -47,7 +47,7 @@ + #endif + + #ifdef PTHREAD_STACK_MIN +-#define THREAD_STACK_SIZE MAX(8*1024, PTHREAD_STACK_MIN) ++#define THREAD_STACK_SIZE MAX(16*1024, PTHREAD_STACK_MIN) + #else + #define THREAD_STACK_SIZE 64*1024 + #endif diff --git a/net/microsocks/patches/002-mute-warning-about-shadow-declaration-of-bind_addr.patch b/net/microsocks/patches/002-mute-warning-about-shadow-declaration-of-bind_addr.patch new file mode 100644 index 0000000000..8d298bd7fa --- /dev/null +++ b/net/microsocks/patches/002-mute-warning-about-shadow-declaration-of-bind_addr.patch @@ -0,0 +1,22 @@ +From 0343813e0410b469d591bc61b9a546ee2c2c15f6 Mon Sep 17 00:00:00 2001 +From: rofl0r +Date: Fri, 17 May 2024 14:40:11 +0000 +Subject: [PATCH] mute warning about shadow declaration of bind_addr + +--- + sockssrv.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/sockssrv.c ++++ b/sockssrv.c +@@ -112,8 +112,8 @@ struct thread { + static void dolog(const char* fmt, ...) { } + #endif + +-static struct addrinfo* addr_choose(struct addrinfo* list, union sockaddr_union* bind_addr) { +- int af = SOCKADDR_UNION_AF(bind_addr); ++static struct addrinfo* addr_choose(struct addrinfo* list, union sockaddr_union* bindaddr) { ++ int af = SOCKADDR_UNION_AF(bindaddr); + if(af == AF_UNSPEC) return list; + struct addrinfo* p; + for(p=list; p; p=p->ai_next) diff --git a/net/microsocks/patches/003-improve-throughput-in-copyloop-using-bigger-buffer.patch b/net/microsocks/patches/003-improve-throughput-in-copyloop-using-bigger-buffer.patch new file mode 100644 index 0000000000..dfee5c933e --- /dev/null +++ b/net/microsocks/patches/003-improve-throughput-in-copyloop-using-bigger-buffer.patch @@ -0,0 +1,114 @@ +From 98421a21c4adc4c77c0cf3a5d650cc28ad3e0107 Mon Sep 17 00:00:00 2001 +From: rofl0r +Date: Fri, 24 May 2024 23:02:34 +0000 +Subject: [PATCH] improve throughput in copyloop() using bigger buffer + +- refactored clientthread to put the handshake code into its own + function, since it used its own 1K stack buffer. + by returning from the function before calling copyloop, we have + that space available in the new stackframe. +- since getaddrinfo() was the main stack consumer in the entire + code, we can safely use at least half the available thread + stack size for the copyloop to achieve higher throughput. + in my testing with pyhttpd it turned out that 64k is the sweet + spot to have minimal syscall overhead, but 16k is very close, + and it allows us to keep the minimal memory usage profile. + +this is in response to https://github.com/rofl0r/microsocks/issues/58#issuecomment-2118389063 +which links to a repo that tests different socks5 servers +performance on gigabit links. + +also closes #10 +--- + sockssrv.c | 35 +++++++++++++++++++---------------- + 1 file changed, 19 insertions(+), 16 deletions(-) + +--- a/sockssrv.c ++++ b/sockssrv.c +@@ -44,6 +44,7 @@ + + #ifndef MAX + #define MAX(x, y) ((x) > (y) ? (x) : (y)) ++#define MIN(x, y) ((x) < (y) ? (x) : (y)) + #endif + + #ifdef PTHREAD_STACK_MIN +@@ -282,7 +283,10 @@ static void copyloop(int fd1, int fd2) { + } + int infd = (fds[0].revents & POLLIN) ? fd1 : fd2; + int outfd = infd == fd2 ? fd1 : fd2; +- char buf[1024]; ++ /* since the biggest stack consumer in the entire code is ++ libc's getaddrinfo(), we can safely use at least half the ++ available stacksize to improve throughput. */ ++ char buf[MIN(16*1024, THREAD_STACK_SIZE/2)]; + ssize_t sent = 0, n = read(infd, buf, sizeof buf); + if(n <= 0) return; + while(sent < n) { +@@ -310,14 +314,12 @@ static enum errorcode check_credentials( + return EC_NOT_ALLOWED; + } + +-static void* clientthread(void *data) { +- struct thread *t = data; +- t->state = SS_1_CONNECTED; ++static int handshake(struct thread *t) { + unsigned char buf[1024]; + ssize_t n; + int ret; +- int remotefd = -1; + enum authmethod am; ++ t->state = SS_1_CONNECTED; + while((n = recv(t->client.fd, buf, sizeof buf, 0)) > 0) { + switch(t->state) { + case SS_1_CONNECTED: +@@ -325,13 +327,13 @@ static void* clientthread(void *data) { + if(am == AM_NO_AUTH) t->state = SS_3_AUTHED; + else if (am == AM_USERNAME) t->state = SS_2_NEED_AUTH; + send_auth_response(t->client.fd, 5, am); +- if(am == AM_INVALID) goto breakloop; ++ if(am == AM_INVALID) return -1; + break; + case SS_2_NEED_AUTH: + ret = check_credentials(buf, n); + send_auth_response(t->client.fd, 1, ret); + if(ret != EC_SUCCESS) +- goto breakloop; ++ return -1; + t->state = SS_3_AUTHED; + if(auth_ips && !pthread_rwlock_wrlock(&auth_ips_lock)) { + if(!is_in_authed_list(&t->client.addr)) +@@ -343,23 +345,24 @@ static void* clientthread(void *data) { + ret = connect_socks_target(buf, n, &t->client); + if(ret < 0) { + send_error(t->client.fd, ret*-1); +- goto breakloop; ++ return -1; + } +- remotefd = ret; + send_error(t->client.fd, EC_SUCCESS); +- copyloop(t->client.fd, remotefd); +- goto breakloop; +- ++ return ret; + } + } +-breakloop: ++ return -1; ++} + +- if(remotefd != -1) ++static void* clientthread(void *data) { ++ struct thread *t = data; ++ int remotefd = handshake(t); ++ if(remotefd != -1) { ++ copyloop(t->client.fd, remotefd); + close(remotefd); +- ++ } + close(t->client.fd); + t->done = 1; +- + return 0; + } + From f4c508fdce9c86bac82987837cdb6c65cb458dcb Mon Sep 17 00:00:00 2001 From: Ryan Keane Date: Tue, 26 Nov 2024 01:38:23 -0800 Subject: [PATCH 12/22] haproxy: Require lua 5.4 Upstream installation guide use lua 5.4, let's follow it. Link: https://github.com/haproxy/haproxy/blob/master/INSTALL Signed-off-by: Ryan Keane --- net/haproxy/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 6d20cea136..84142a2579 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy PKG_VERSION:=3.0.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.haproxy.org/download/3.0/src @@ -46,7 +46,7 @@ endef define Package/haproxy $(call Package/haproxy/Default) TITLE+=with SSL support - DEPENDS+= +libpcre2 +libltdl +zlib +libpthread +liblua5.3 +libopenssl +libncurses +libreadline +libatomic + DEPENDS+= +libpcre2 +libltdl +zlib +libpthread +liblua5.4 +libopenssl +libncurses +libreadline +libatomic VARIANT:=ssl endef @@ -59,7 +59,7 @@ define Package/haproxy-nossl $(call Package/haproxy/Default) TITLE+=without SSL support VARIANT:=nossl - DEPENDS+= +libpcre2 +libltdl +zlib +libpthread +liblua5.3 +libatomic + DEPENDS+= +libpcre2 +libltdl +zlib +libpthread +liblua5.4 +libatomic CONFLICTS:=haproxy endef @@ -92,7 +92,7 @@ define Build/Compile DESTDIR="$(PKG_INSTALL_DIR)" \ CC="$(TARGET_CC)" \ PCREDIR="$(STAGING_DIR)/usr/" \ - USE_LUA=1 LUA_LIB_NAME="lua5.3" LUA_INC="$(STAGING_DIR)/usr/include/lua5.3" LUA_LIB="$(STAGING_DIR)/usr/lib" \ + USE_LUA=1 LUA_LIB_NAME="lua5.4" LUA_INC="$(STAGING_DIR)/usr/include/lua5.4" LUA_LIB="$(STAGING_DIR)/usr/lib" \ SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \ USE_ZLIB=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_PTHREAD_PSHARED=1 USE_LIBATOMIC=1 USE_PROMEX=1 \ VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \ From 6df4c936d6f8968f4d864ec4da37cbea2bb72eed Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Fri, 22 Nov 2024 16:01:31 +0100 Subject: [PATCH 13/22] luajit2: update to v2.1-20241113 Signed-off-by: Javier Marcet --- lang/luajit2/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/luajit2/Makefile b/lang/luajit2/Makefile index dc3cb7c37b..e9defd1921 100644 --- a/lang/luajit2/Makefile +++ b/lang/luajit2/Makefile @@ -1,14 +1,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luajit2 -PKG_SOURCE_DATE:=2024-11-04 +PKG_SOURCE_DATE:=2024-11-13 PKG_VERSION:=2.1.$(subst -,.,$(PKG_SOURCE_DATE)) PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/openresty/luajit2 -PKG_SOURCE_VERSION:=24d0c668883b65b13c8b5357805c6d4113e0ba6a -PKG_MIRROR_HASH:=d4e2743d7e92be51b1773fba997564a5b229f1b1cb2f3863bb7e27d4fd8a5cdb +PKG_SOURCE_VERSION:=098183d9d24b8942a26dcc720fe8725b287ec77f +PKG_MIRROR_HASH:=a177f59e47ce45b84fe51c736121d03c39dd3273a6aac0c429d16cc8448deb5c PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=MIT From d6c644c5f534e677444846ad291f828c69a33223 Mon Sep 17 00:00:00 2001 From: Austin Lane Date: Thu, 5 Dec 2024 00:27:45 -0500 Subject: [PATCH 14/22] python-urllib3: add hostbuild Signed-off-by: Austin Lane --- lang/python/python-urllib3/Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lang/python/python-urllib3/Makefile b/lang/python/python-urllib3/Makefile index 323e7cda29..a2739c47ba 100644 --- a/lang/python/python-urllib3/Makefile +++ b/lang/python/python-urllib3/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-urllib3 PKG_VERSION:=2.0.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=MIT @@ -20,10 +20,13 @@ PYPI_NAME:=urllib3 PKG_HASH:=8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11 PKG_BUILD_DEPENDS:=python-hatchling/host +HOST_BUILD_DEPENDS:=python-hatchling/host include ../pypi.mk include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk include ../python3-package.mk +include ../python3-host-build.mk define Package/python3-urllib3 SUBMENU:=Python @@ -41,3 +44,4 @@ endef $(eval $(call Py3Package,python3-urllib3)) $(eval $(call BuildPackage,python3-urllib3)) $(eval $(call BuildPackage,python3-urllib3-src)) +$(eval $(call HostBuild)) From 1f24c07d0a558fa525aa920cad392a6fe09af65c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=A1k?= Date: Mon, 9 Dec 2024 10:46:16 +0100 Subject: [PATCH 15/22] knot: update to version 3.4.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Hák --- net/knot/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/knot/Makefile b/net/knot/Makefile index 0df88e369d..c3c5edf158 100644 --- a/net/knot/Makefile +++ b/net/knot/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=knot -PKG_VERSION:=3.4.2 +PKG_VERSION:=3.4.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/ -PKG_HASH:=d835285c1057d45effa1479cfe1f107a50e83d11c1c6d36f270deda88799883e +PKG_HASH:=fb153f07805f4679e836f143a74f5cd204ae71c3acbea7ab05ef8e012c6e905c PKG_MAINTAINER:=Daniel Salzman PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8 From 87ecce39da6e8275c61e1ab3907dac79af8d337e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 9 Dec 2024 17:06:09 +0100 Subject: [PATCH 16/22] tailscale: update to 1.78.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandro Jäckel --- net/tailscale/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile index b2b6ee0190..59a183bf67 100644 --- a/net/tailscale/Makefile +++ b/net/tailscale/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tailscale -PKG_VERSION:=1.76.6 +PKG_VERSION:=1.78.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1603c78a6a5e9f83b278d305e1196fbfdeeb841be10ac2ddb7ea433c2701234b +PKG_HASH:=dbc25cc241bb233f183475f003d5508af7b45add1ca548b35a6a6fea91fb91af PKG_MAINTAINER:=Zephyr Lykos , \ Sandro Jäckel From e3681cececeef6774c4c1a6abea26df7d9e4496b Mon Sep 17 00:00:00 2001 From: Wesley Gimenes Date: Tue, 12 Nov 2024 07:13:04 -0300 Subject: [PATCH 17/22] netbird: update to 0.34.1 changelog: https://github.com/netbirdio/netbird/releases/tag/v0.34.1 Signed-off-by: Wesley Gimenes --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 7dc29aec2a..cb572583dc 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.31.0 +PKG_VERSION:=0.34.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=7da075c5e1962b9118d2d17500bf9b22e6f70c595a356ed290b4f7b1d1b84919 +PKG_HASH:=5eb78e815c73b197f36141dbc071520171cd660a1f64a010c5ec5c4db4d006e4 PKG_MAINTAINER:=Oskari Rauta PKG_LICENSE:=BSD-3-Clause From 0ca4794564eb7294832636cf46ade680372edebf Mon Sep 17 00:00:00 2001 From: Andrea Pesaresi Date: Sun, 8 Dec 2024 14:04:06 +0100 Subject: [PATCH 18/22] ksmbd-tools: adjust smb2 max read/write/trans and cache Now for all devices with every size of RAM it is set to: `smb2 max read = 64K` `smb2 max write = 64K` `smb2 max trans = 64K` Instead of fixed value to 64K is better to check RAM size and adjust to: 32 ~ 64MB RAM, set the value to 64K 64 ~ 128MB, set it to 128KB 128 ~ 256MB, set it to 1MB More than 256MB leave default size to 4MB With 64MB and 128MB is better also to disable the read/write cache `cache read buffers = no` `cache write buffers = no` Signed-off-by: Andrea Pesaresi --- net/ksmbd-tools/Makefile | 2 +- net/ksmbd-tools/files/ksmbd.conf.template | 5 ----- net/ksmbd-tools/files/ksmbd.init | 24 +++++++++++++++++++++++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile index a08fe368cb..9150acf93d 100644 --- a/net/ksmbd-tools/Makefile +++ b/net/ksmbd-tools/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd-tools PKG_VERSION:=3.5.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cifsd-team/ksmbd-tools/releases/download/$(PKG_VERSION) diff --git a/net/ksmbd-tools/files/ksmbd.conf.template b/net/ksmbd-tools/files/ksmbd.conf.template index 4cb7be3c07..2da98b16e2 100644 --- a/net/ksmbd-tools/files/ksmbd.conf.template +++ b/net/ksmbd-tools/files/ksmbd.conf.template @@ -7,8 +7,3 @@ ipc timeout = 20 deadtime = 15 map to guest = Bad User - smb2 max read = 64K - smb2 max write = 64K - smb2 max trans = 64K - cache read buffers = no - cache trans buffers = no diff --git a/net/ksmbd-tools/files/ksmbd.init b/net/ksmbd-tools/files/ksmbd.init index a14183d585..1a43d99537 100644 --- a/net/ksmbd-tools/files/ksmbd.init +++ b/net/ksmbd-tools/files/ksmbd.init @@ -12,6 +12,28 @@ config_get_sane() set -- "$(echo "$1" | tr -d '<>[]{};%?=#\n')" } +config_get_ram() +{ + ramsize=$(grep MemTotal /proc/meminfo | awk '{print $2}') + if [ "$ramsize" -lt 65537 ];then + printf "\tsmb2 max read = 64K\n" + printf "\tsmb2 max write = 64K\n" + printf "\tsmb2 max trans = 64K\n" + printf "\tcache read buffers = no\n" + printf "\tcache trans buffers = no\n" + elif [ "$ramsize" -lt 134073 ];then + printf "\tsmb2 max read = 128K\n" + printf "\tsmb2 max write = 128K\n" + printf "\tsmb2 max trans = 128K\n" + printf "\tcache read buffers = no\n" + printf "\tcache trans buffers = no\n" + elif [ "$ramsize" -lt 262146 ];then + printf "\tsmb2 max read = 1M\n" + printf "\tsmb2 max write = 1M\n" + printf "\tsmb2 max trans = 1M\n" + fi +} + smb_header() { config_get_sane SMBD_IFACE "$1" interface "lan" @@ -41,6 +63,8 @@ smb_header() /etc/ksmbd/ksmbd.conf.template > /var/etc/ksmbd/ksmbd.conf { + config_get_ram + printf "\n######### Dynamic written config options #########\n" if [ "$ALLOW_LEGACY_PROTOCOLS" -eq 1 ]; then From cdf711b89935ad85430197ff329267cafbdf2270 Mon Sep 17 00:00:00 2001 From: Interesting Gang <31793080+SakuraFallingMad@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:22:32 +0800 Subject: [PATCH 19/22] geoview: update to 0.1.0 --- net/geoview/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/geoview/Makefile b/net/geoview/Makefile index ee9c10c9e0..3c43b5f196 100644 --- a/net/geoview/Makefile +++ b/net/geoview/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=geoview -PKG_VERSION:=0.0.7 +PKG_VERSION:=0.1.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snowie2000/geoview/tar.gz/$(PKG_VERSION)? -PKG_HASH:=1099149d24b74ba6f4d4bca18aba4ffa0e29f8b3debb7f09b5972729ed11ca9c +PKG_HASH:=f957ccda8177657ce386c2a823cdf0d2746a0c03ce2e1a767cf9da12dccc476b PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From b3c0a6412247616e0eb6859981c67cbf82405c93 Mon Sep 17 00:00:00 2001 From: ImmortalWrt-Bot Date: Wed, 11 Dec 2024 16:44:56 +0800 Subject: [PATCH 20/22] xray-core: Update to 24.11.30 (#1415) Signed-off-by: ImmortalWrt AutoUpdate Bot --- net/xray-core/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xray-core/Makefile b/net/xray-core/Makefile index 4651625851..7a54210041 100644 --- a/net/xray-core/Makefile +++ b/net/xray-core/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=xray-core -PKG_VERSION:=24.11.21 +PKG_VERSION:=24.11.30 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=e45ad1fa11457101776d2c0d7ed8ed7c669b714e7687a85830e44a6e4a52fe05 +PKG_HASH:=1ed728cf32cf9227c73e1b3651465eb089c6d2f42367cf40df62c4ba0edfc765 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=MPL-2.0 From bf4c4eb24966261e3c5a626db3b826abcb27355e Mon Sep 17 00:00:00 2001 From: ImmortalWrt AutoUpdate Bot Date: Wed, 11 Dec 2024 06:34:55 +0000 Subject: [PATCH 21/22] cloudflared: Update to 2024.12.1 Signed-off-by: ImmortalWrt AutoUpdate Bot --- net/cloudflared/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudflared/Makefile b/net/cloudflared/Makefile index 420bcc9652..4211301020 100644 --- a/net/cloudflared/Makefile +++ b/net/cloudflared/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudflared -PKG_VERSION:=2024.11.1 +PKG_VERSION:=2024.12.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)? -PKG_HASH:=1bf729c225701f6864b31bb6c251293caa06f9f1a6e671f3326dd20c3c9719ff +PKG_HASH:=74794fbcdd7b71131799100d493cf70a8e126cb109f3d9e2abce55593df6a737 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 667f476de4614c50bc598e2e52404f3bbdf12281 Mon Sep 17 00:00:00 2001 From: ImmortalWrt AutoUpdate Bot Date: Wed, 11 Dec 2024 06:35:22 +0000 Subject: [PATCH 22/22] yq: Update to 4.44.6 Signed-off-by: ImmortalWrt AutoUpdate Bot --- utils/yq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/yq/Makefile b/utils/yq/Makefile index 2cef8c3b42..a17dee3df7 100644 --- a/utils/yq/Makefile +++ b/utils/yq/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yq -PKG_VERSION:=4.44.5 +PKG_VERSION:=4.44.6 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1505367f4a6c0c4f3b91c6197ffed4112d29ef97c48d0b5e66530cfa851d3f0e +PKG_HASH:=c0acef928168e5fdb26cd7e8320eddde822f30cf1942817f3f6b854dd721653f PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=MIT