├── .github └── workflows │ └── build-release.yml ├── README.md ├── build.sh ├── openwrt ├── 24-config-common ├── 24-config-minimal-common ├── 24-config-musl-armsr-armv8 ├── 24-config-musl-r4s ├── 24-config-musl-r5s ├── 24-config-musl-r8500 ├── 24-config-musl-r8500-minimal ├── 24-config-musl-x86 ├── build.sh ├── files │ ├── bg │ │ ├── bg.jpg │ │ └── bg.webp │ ├── etc │ │ ├── banner │ │ ├── banner-x86 │ │ ├── board.d │ │ │ └── 03_model │ │ ├── hotplug.d │ │ │ ├── block │ │ │ │ └── 20-usbreset │ │ │ └── iface │ │ │ │ └── 99-tailscale-needs │ │ ├── profile.d │ │ │ └── advanced_banner.sh │ │ ├── sysctl.d │ │ │ ├── 10-default.conf │ │ │ ├── 15-vm-swappiness.conf │ │ │ └── 16-udp-buffer-size.conf │ │ └── uci-defaults │ │ │ ├── 99-dae │ │ │ ├── 99-led │ │ │ ├── 99-nikki │ │ │ └── 99-watchcat │ ├── root │ │ ├── .bash_profile │ │ └── .bashrc │ ├── sbin │ │ └── emmc-install │ └── usr │ │ └── bin │ │ └── advanced_banner ├── generic │ ├── config-bpf │ ├── config-dpdk │ ├── config-glibc │ ├── config-lto │ ├── config-wwan │ └── upx_list.txt ├── nginx │ ├── luci.locations │ └── uci.conf.template ├── patch │ ├── apk-tools │ │ └── 9999-hack-for-linux-pre-releases.patch │ ├── cgroupfs-mount │ │ ├── 0001-fix-cgroupfs-mount.patch │ │ ├── 900-mount-cgroup-v2-hierarchy-to-sys-fs-cgroup-cgroup2.patch │ │ ├── 901-fix-cgroupfs-umount.patch │ │ └── 902-mount-sys-fs-cgroup-systemd-for-docker-systemd-suppo.patch │ ├── coremark │ │ ├── README.md │ │ ├── coremark.aarch64-16-threads │ │ ├── coremark.aarch64-4-threads │ │ └── coremark.aarch64-6-threads │ ├── docker │ │ ├── 0001-dockerd-fix-bridge-network.patch │ │ └── 0002-docker-add-buildkit-experimental-support.patch │ ├── dpdk │ │ ├── dpdk │ │ │ ├── Config.in │ │ │ ├── Makefile │ │ │ └── patches │ │ │ │ ├── 010-dpdk_arm_build_platform_fix.patch │ │ │ │ └── 201-r8125-add-r8125-ethernet-poll-mode-driver.patch │ │ └── numactl │ │ │ └── Makefile │ ├── firewall4 │ │ ├── 100-openwrt-firewall4-add-custom-nft-command-support.patch │ │ ├── firewall4_patches │ │ │ ├── 001-fix-fw4-flow-offload.patch │ │ │ ├── 002-fix-fw4.uc-adept-kernel-version-type-of-x.x.patch │ │ │ ├── 990-unconditionally-allow-ct-status-dnat.patch │ │ │ ├── 999-01-firewall4-add-fullcone-support.patch │ │ │ ├── 999-02-firewall4-add-bcm-fullconenat-support.patch │ │ │ └── README.md │ │ ├── libnftnl │ │ │ ├── 0001-libnftnl-add-fullcone-expression-support.patch │ │ │ └── 0002-libnftnl-add-brcm-fullcone-support.patch │ │ ├── luci-24.10 │ │ │ ├── 0001-luci-app-firewall-add-nft-fullcone-and-bcm-fullcone-.patch │ │ │ ├── 0002-luci-app-firewall-add-shortcut-fe-option.patch │ │ │ ├── 0003-luci-app-firewall-add-ipv6-nat-option.patch │ │ │ ├── 0004-luci-add-firewall-add-custom-nft-rule-support.patch │ │ │ ├── 0005-luci-app-firewall-add-natflow-offload-support.patch │ │ │ ├── 0006-luci-app-firewall-enable-hardware-offload-only-on-de.patch │ │ │ └── 0007-luci-app-firewall-add-fullcone6-option-for-nftables-.patch │ │ └── nftables │ │ │ ├── 0001-nftables-add-fullcone-expression-support.patch │ │ │ ├── 0002-nftables-add-brcm-fullconenat-support.patch │ │ │ └── 0003-drop-rej-file.patch │ ├── generic-24.10 │ │ ├── 0001-tools-add-upx-tools.patch │ │ ├── 0002-rootfs-add-upx-compression-support.patch │ │ ├── 0003-rootfs-add-r-w-permissions-for-UCI-configuration-fil.patch │ │ ├── 0004-rootfs-Add-support-for-local-kmod-installation-sourc.patch │ │ ├── 0005-kernel-Add-support-for-llvm-clang-compiler.patch │ │ ├── 0006-build-kernel-add-out-of-tree-kernel-config.patch │ │ ├── 0007-include-kernel-add-miss-config-for-linux-6.11.patch │ │ ├── 0008-meson-add-platform-variable-to-cross-compilation-fil.patch │ │ ├── 0009-kernel-add-legacy-cgroup-v1-memory-controller.patch │ │ ├── 0010-kernel-add-PREEMPT_RT-support-for-aarch64-x86_64.patch │ │ ├── 0011-tools-squashfs4-enable-zstd-compression-support.patch │ │ ├── 0012-config-include-image-add-support-for-squashfs-zstd-c.patch │ │ └── 202-toolchain-gcc-add-support-for-GCC-15.patch │ ├── glibc │ │ └── glibc-common.patch │ ├── iproute2 │ │ ├── 900-ss-output-TCP-BBRv3-diag-information.patch │ │ ├── 901-ip-introduce-the-ecn_low-per-route-feature.patch │ │ └── 902-ss-display-ecn_low-if-tcp_info-tcpi_options-TCPI_OPT.patch │ ├── irqbalance │ │ └── 011-meson-numa.patch │ ├── kernel-6.12 │ │ ├── arm64 │ │ │ └── 312-arm64-cpuinfo-Add-model-name-in-proc-cpuinfo-for-64bit-ta.patch │ │ ├── bbr3 │ │ │ ├── 010-bbr3-0001-net-tcp_bbr-broaden-app-limited-rate-sample-detectio.patch │ │ │ ├── 010-bbr3-0002-net-tcp_bbr-v2-shrink-delivered_mstamp-first_tx_msta.patch │ │ │ ├── 010-bbr3-0003-net-tcp_bbr-v2-snapshot-packets-in-flight-at-transmi.patch │ │ │ ├── 010-bbr3-0004-net-tcp_bbr-v2-count-packets-lost-over-TCP-rate-samp.patch │ │ │ ├── 010-bbr3-0005-net-tcp_bbr-v2-export-FLAG_ECE-in-rate_sample.is_ece.patch │ │ │ ├── 010-bbr3-0006-net-tcp_bbr-v2-introduce-ca_ops-skb_marked_lost-CC-m.patch │ │ │ ├── 010-bbr3-0007-net-tcp_bbr-v2-adjust-skb-tx.in_flight-upon-merge-in.patch │ │ │ ├── 010-bbr3-0008-net-tcp_bbr-v2-adjust-skb-tx.in_flight-upon-split-in.patch │ │ │ ├── 010-bbr3-0009-net-tcp-add-new-ca-opts-flag-TCP_CONG_WANTS_CE_EVENT.patch │ │ │ ├── 010-bbr3-0010-net-tcp-re-generalize-TSO-sizing-in-TCP-CC-module-AP.patch │ │ │ ├── 010-bbr3-0011-net-tcp-add-fast_ack_mode-1-skip-rwin-check-in-tcp_f.patch │ │ │ ├── 010-bbr3-0012-net-tcp_bbr-v2-record-app-limited-status-of-TLP-repa.patch │ │ │ ├── 010-bbr3-0013-net-tcp_bbr-v2-inform-CC-module-of-losses-repaired-b.patch │ │ │ ├── 010-bbr3-0014-net-tcp_bbr-v2-introduce-is_acking_tlp_retrans_seq-i.patch │ │ │ ├── 010-bbr3-0015-tcp-introduce-per-route-feature-RTAX_FEATURE_ECN_LOW.patch │ │ │ ├── 010-bbr3-0016-net-tcp_bbr-v3-update-TCP-bbr-congestion-control-mod.patch │ │ │ ├── 010-bbr3-0017-net-tcp_bbr-v3-ensure-ECN-enabled-BBR-flows-set-ECT-.patch │ │ │ ├── 010-bbr3-0018-tcp-export-TCPI_OPT_ECN_LOW-in-tcp_info-tcpi_options.patch │ │ │ └── 010-bbr3-0019-x86-cfi-bpf-Add-tso_segs-and-skb_marked_lost-to-bpf_.patch │ │ ├── btf │ │ │ └── 990-btf-silence-btf-module-warning-messages.patch │ │ ├── linux-rt │ │ │ ├── 012-0001-drm-i915-Use-preempt_disable-enable_rt-where-recomme.patch │ │ │ ├── 012-0002-drm-i915-Don-t-disable-interrupts-on-PREEMPT_RT-duri.patch │ │ │ ├── 012-0003-drm-i915-Don-t-check-for-atomic-context-on-PREEMPT_R.patch │ │ │ ├── 012-0004-drm-i915-Disable-tracing-points-on-PREEMPT_RT.patch │ │ │ ├── 012-0005-drm-i915-gt-Use-spin_lock_irq-instead-of-local_irq_d.patch │ │ │ ├── 012-0006-drm-i915-Drop-the-irqs_disabled-check.patch │ │ │ ├── 012-0007-drm-i915-guc-Consider-also-RCU-depth-in-busy-loop.patch │ │ │ └── 012-0008-Revert-drm-i915-Depend-on-PREEMPT_RT.patch │ │ ├── lrng │ │ │ ├── 011-LRNG-0001-LRNG-Entropy-Source-and-DRNG-Manager.patch │ │ │ ├── 011-LRNG-0002-LRNG-allocate-one-DRNG-instance-per-NUMA-node.patch │ │ │ ├── 011-LRNG-0003-LRNG-proc-interface.patch │ │ │ ├── 011-LRNG-0004-LRNG-add-switchable-DRNG-support.patch │ │ │ ├── 011-LRNG-0005-LRNG-add-common-generic-hash-support.patch │ │ │ ├── 011-LRNG-0006-crypto-DRBG-externalize-DRBG-functions-for-LRNG.patch │ │ │ ├── 011-LRNG-0007-LRNG-add-SP800-90A-DRBG-extension.patch │ │ │ ├── 011-LRNG-0008-LRNG-add-kernel-crypto-API-PRNG-extension.patch │ │ │ ├── 011-LRNG-0009-LRNG-add-atomic-DRNG-implementation.patch │ │ │ ├── 011-LRNG-0010-LRNG-add-common-timer-based-entropy-source-code.patch │ │ │ ├── 011-LRNG-0011-LRNG-add-interrupt-entropy-source.patch │ │ │ ├── 011-LRNG-0012-scheduler-add-entropy-sampling-hook.patch │ │ │ ├── 011-LRNG-0013-LRNG-add-scheduler-based-entropy-source.patch │ │ │ ├── 011-LRNG-0014-LRNG-add-SP800-90B-compliant-health-tests.patch │ │ │ ├── 011-LRNG-0015-LRNG-add-random.c-entropy-source-support.patch │ │ │ ├── 011-LRNG-0016-LRNG-CPU-entropy-source.patch │ │ │ ├── 011-LRNG-0017-LRNG-add-Jitter-RNG-fast-noise-source.patch │ │ │ ├── 011-LRNG-0018-LRNG-add-option-to-enable-runtime-entropy-rate-confi.patch │ │ │ ├── 011-LRNG-0019-LRNG-add-interface-for-gathering-of-raw-entropy.patch │ │ │ ├── 011-LRNG-0020-LRNG-add-power-on-and-runtime-self-tests.patch │ │ │ ├── 011-LRNG-0021-LRNG-sysctls-and-proc-interface.patch │ │ │ ├── 011-LRNG-0022-LRMG-add-drop-in-replacement-random-4-API.patch │ │ │ ├── 011-LRNG-0023-LRNG-add-kernel-crypto-API-interface.patch │ │ │ ├── 011-LRNG-0024-LRNG-add-dev-lrng-device-file-support.patch │ │ │ └── 011-LRNG-0025-LRNG-add-hwrand-framework-interface.patch │ │ ├── net │ │ │ ├── 601-netfilter-export-udp_get_timeouts-function.patch │ │ │ ├── 952-net-conntrack-events-support-multiple-registrant.patch │ │ │ ├── 953-net-patch-linux-kernel-to-support-shortcut-fe.patch │ │ │ ├── 982-add-bcm-fullcone-support.patch │ │ │ ├── 983-add-bcm-fullcone-nft_masq-support.patch │ │ │ └── README.md │ │ └── openwrt │ │ │ └── linux-6.12-target-linux-generic.patch │ ├── key.tar.gz │ ├── luci │ │ ├── 0001-luci-mod-system-add-modal-overlay-dialog-to-reboot.patch │ │ ├── 0002-luci-mod-status-displays-actual-process-memory-usage.patch │ │ ├── 0003-luci-mod-status-storage-index-applicable-only-to-val.patch │ │ ├── 0004-luci-mod-status-firewall-disable-legacy-firewall-rul.patch │ │ ├── 0005-luci-mod-system-add-refresh-interval-setting.patch │ │ ├── 0006-luci-mod-system-mounts-add-docker-directory-mount-po.patch │ │ ├── 0007-luci-mod-system-add-ucitrack-luci-mod-system-zram.js.patch │ │ └── applications │ │ │ ├── luci-app-frpc │ │ │ ├── 001-luci-app-frpc-hide-token.patch │ │ │ └── 002-luci-app-frpc-add-enable-flag.patch │ │ │ └── luci-app-natmap │ │ │ └── 0001-luci-app-natmap-add-default-STUN-server-lists.patch │ ├── mt76 │ │ ├── Makefile │ │ ├── README.md │ │ └── patches │ │ │ ├── 100-fix-build-with-mac80211-6.11-backport.patch │ │ │ ├── 101-fix-build-with-linux-6.12rc2.patch │ │ │ └── 102-fix-build-with-mac80211-6.14-backport.patch │ ├── odhcpd │ │ ├── 001-odhcpd-RFC-9096-compliance-openwrt-24.10.patch │ │ └── luci-mod-network-add-option-for-ipv6-max-plt-vlt.patch │ ├── openssl │ │ ├── 901-Revert-speed-Pass-IV-to-EVP_CipherInit_ex-for-evp-ru.patch │ │ ├── 902-Revert-apps-speed.c-Fix-the-benchmarking-for-AEAD-ci.patch │ │ └── quic │ │ │ ├── 0001-QUIC-Add-support-for-BoringSSL-QUIC-APIs.patch │ │ │ ├── 0002-QUIC-New-method-to-get-QUIC-secret-length.patch │ │ │ ├── 0003-QUIC-Make-temp-secret-names-less-confusing.patch │ │ │ ├── 0004-QUIC-Move-QUIC-transport-params-to-encrypted-extensi.patch │ │ │ ├── 0005-QUIC-Use-proper-secrets-for-handshake.patch │ │ │ ├── 0006-QUIC-Handle-partial-handshake-messages.patch │ │ │ ├── 0007-QUIC-Fix-quic_transport-constructors-parsers.patch │ │ │ ├── 0008-QUIC-Reset-init-state-in-SSL_process_quic_post_hands.patch │ │ │ ├── 0009-QUIC-Don-t-process-an-incomplete-message.patch │ │ │ ├── 0010-QUIC-Quick-fix-s2c-to-c2s-for-early-secret.patch │ │ │ ├── 0011-QUIC-Add-client-early-traffic-secret-storage.patch │ │ │ ├── 0012-QUIC-Add-OPENSSL_NO_QUIC-wrapper.patch │ │ │ ├── 0013-QUIC-Correctly-disable-middlebox-compat.patch │ │ │ ├── 0014-QUIC-Move-QUIC-code-out-of-tls13_change_cipher_state.patch │ │ │ ├── 0015-QUIC-Tweeks-to-quic_change_cipher_state.patch │ │ │ ├── 0016-QUIC-Add-support-for-more-secrets.patch │ │ │ ├── 0017-QUIC-Fix-resumption-secret.patch │ │ │ ├── 0018-QUIC-Handle-EndOfEarlyData-and-MaxEarlyData.patch │ │ │ ├── 0019-QUIC-Fall-through-for-0RTT.patch │ │ │ ├── 0020-QUIC-Some-cleanup-for-the-main-QUIC-changes.patch │ │ │ ├── 0021-QUIC-Prevent-KeyUpdate-for-QUIC.patch │ │ │ ├── 0022-QUIC-Test-KeyUpdate-rejection.patch │ │ │ ├── 0023-QUIC-Buffer-all-provided-quic-data.patch │ │ │ ├── 0024-QUIC-Enforce-consistent-encryption-level-for-handsha.patch │ │ │ ├── 0025-QUIC-add-v1-quic_transport_parameters.patch │ │ │ ├── 0026-QUIC-return-success-when-no-post-handshake-data.patch │ │ │ ├── 0027-QUIC-__owur-makes-no-sense-for-void-return-values.patch │ │ │ ├── 0028-QUIC-remove-SSL_R_BAD_DATA_LENGTH-unused.patch │ │ │ ├── 0029-QUIC-SSLerr-ERR_raise-ERR_LIB_SSL.patch │ │ │ ├── 0030-QUIC-Add-compile-run-time-checking-for-QUIC.patch │ │ │ ├── 0031-QUIC-Add-early-data-support.patch │ │ │ ├── 0032-QUIC-Make-SSL_provide_quic_data-accept-0-length-data.patch │ │ │ ├── 0033-QUIC-Process-multiple-post-handshake-messages-in-a-s.patch │ │ │ ├── 0034-QUIC-Fix-CI.patch │ │ │ ├── 0035-QUIC-Break-up-header-body-processing.patch │ │ │ ├── 0036-QUIC-Don-t-muck-with-FIPS-checksums.patch │ │ │ ├── 0037-QUIC-Update-RFC-references.patch │ │ │ ├── 0038-QUIC-revert-white-space-change.patch │ │ │ ├── 0039-QUIC-use-SSL_IS_QUIC-in-more-places.patch │ │ │ ├── 0040-QUIC-Error-when-non-empty-session_id-in-CH.patch │ │ │ ├── 0041-QUIC-Update-SSL_clear-to-clear-quic-data.patch │ │ │ ├── 0042-QUIC-Better-SSL_clear.patch │ │ │ ├── 0043-QUIC-Fix-extension-test.patch │ │ │ └── 0044-QUIC-Update-metadata-version.patch │ ├── openwrt-6.x │ │ ├── 500-world-regd-5GHz.patch │ │ ├── gcc-15-c23 │ │ │ ├── gmp │ │ │ │ └── 001-fix-build-with-gcc-15.patch │ │ │ └── htop │ │ │ │ └── 001-Avoid-compilation-issues-with-ncurses-on-GCC-15.patch │ │ ├── gcc-15 │ │ │ ├── README.md │ │ │ ├── elfutils │ │ │ │ └── 901-backends-fix-string-initialization-error-on-gcc15.patch │ │ │ ├── libwebsockets │ │ │ │ └── 901-fix-string-initialization-error-on-gcc15.patch │ │ │ └── libxcrypt │ │ │ │ └── 901-fix-string-initialization-error-on-gcc15.patch │ │ ├── modules │ │ │ ├── block.mk │ │ │ ├── can.mk │ │ │ ├── crypto.mk │ │ │ ├── firewire.mk │ │ │ ├── fs.mk │ │ │ ├── gpio.mk │ │ │ ├── hwmon.mk │ │ │ ├── i2c.mk │ │ │ ├── iio.mk │ │ │ ├── input.mk │ │ │ ├── leds.mk │ │ │ ├── lib.mk │ │ │ ├── multiplexer.mk │ │ │ ├── netdevices.mk │ │ │ ├── netfilter.mk │ │ │ ├── netsupport.mk │ │ │ ├── nls.mk │ │ │ ├── other.mk │ │ │ ├── pcmcia.mk │ │ │ ├── rtc.mk │ │ │ ├── sound.mk │ │ │ ├── spi.mk │ │ │ ├── usb.mk │ │ │ ├── video.mk │ │ │ ├── virt.mk │ │ │ ├── w1.mk │ │ │ └── wpan.mk │ │ ├── musl │ │ │ └── 990-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch │ │ ├── perf │ │ │ └── Makefile │ │ └── x86 │ │ │ ├── 64 │ │ │ └── config-6.12 │ │ │ ├── base-files │ │ │ └── etc │ │ │ │ └── board.d │ │ │ │ ├── 01_leds │ │ │ │ └── 02_network │ │ │ ├── config-6.12 │ │ │ └── patches-6.12 │ │ │ ├── 100-fix_cs5535_clockevt.patch │ │ │ └── 103-pcengines_apu6_platform.patch │ ├── opkg │ │ ├── 900-opkg-download-disable-hsts.patch │ │ └── 901-libopkg-opkg_install-copy-conffiles-to-the-system-co.patch │ ├── packages-patches │ │ ├── README.md │ │ ├── batman-adv │ │ │ └── 901-fix-linux-6.12rc2-builds.patch │ │ ├── clang │ │ │ ├── macremapper │ │ │ │ └── 100-macremapper-fix-clang-build.patch │ │ │ └── netatop │ │ │ │ └── 900-fix-build-with-clang.patch │ │ ├── cryptodev-linux │ │ │ └── 6.12 │ │ │ │ ├── 0005-Fix-cryptodev_verbosity-sysctl-for-Linux-6.11-rc1.patch │ │ │ │ └── 0006-Exclude-unused-struct-since-Linux-6.5.patch │ │ ├── gpio-button-hotplug │ │ │ └── fix-linux-6.12.patch │ │ ├── jool │ │ │ └── Makefile │ │ ├── kselftests-bpf │ │ │ └── Makefile │ │ ├── libpfring │ │ │ ├── Makefile │ │ │ └── patches │ │ │ │ ├── 0001-fix-cross-compiling.patch │ │ │ │ ├── 100-fix-compilation-warning.patch │ │ │ │ └── 900-fix-linux-6.6.patch │ │ ├── nat46 │ │ │ ├── 100-fix-build-with-kernel-6.9.patch │ │ │ └── 101-fix-build-with-kernel-6.12.patch │ │ ├── ovpn-dco │ │ │ ├── 901-fix-linux-6.11.patch │ │ │ └── 902-fix-linux-6.12.patch │ │ ├── rtpengine │ │ │ └── 900-fix-linux-6.12-11.5.1.18.patch │ │ ├── sms-tools │ │ │ └── 900-fix-incompatible-pointer-type-error-for-signal-function.patch │ │ ├── ubootenv-nvram │ │ │ └── 010-make-ubootenv_remove-return-void-for-linux-6.12.patch │ │ └── xtables-addons │ │ │ ├── 301-fix-build-with-linux-6.12.patch │ │ │ └── 302-fix-build-for-linux-6.12rc2.patch │ ├── pcre │ │ ├── Config.in │ │ └── Makefile │ ├── rtc │ │ └── sysfixtime │ ├── target-modify_for_armsr.patch │ ├── target-modify_for_rockchip.patch │ ├── target-modify_for_x86_64.patch │ └── vim │ │ └── 0001-vim-fix-renamed-defaults-config-file.patch └── scripts │ ├── 00-prepare_base.sh │ ├── 01-prepare_base-mainline.sh │ ├── 02-prepare_package.sh │ ├── 03-convert_translation.sh │ ├── 04-fix_kmod.sh │ ├── 05-fix-source.sh │ ├── 10-custom.sh │ └── 99_clean_build_cache.sh ├── robots.txt ├── rsync_deny.txt └── tags ├── kernel-6.12 ├── kernel-tag.sh ├── openwrt-tag.sh └── v24 /README.md: -------------------------------------------------------------------------------- 1 | # opwrt_build_script 2 | 3 | ## 基于 Linux 6.12 固件下载 4 | 5 | x86_64 & R5S: 6 | [Github](https://github.com/JohnsonRan/opwrt_build_script/releases) 7 | 8 | ```text 9 | 【首次登陆】 10 | 地址:172.16.1.1(默认) 11 | 用户:root 12 | 密码:空 13 | 14 | 【分区挂载】 15 | 系统 -> 磁盘管理 -> 磁盘 -> 编辑 16 | 系统 -> 挂载点 17 | ``` 18 | 19 | --------------- 20 | 21 | |⚙️ 系统 | ⚓ 服务 | 🩺 网络 | 22 | | :---- | :---- | :---- | 23 | | TTYd | Tailscale | 网速测试 | 24 | | DiskMan | Watchcat | WireGuard | 25 | || Nikki |VNStat2| 26 | || InfinityDuck |UPnP| 27 | 28 | --------------- 29 | 30 | ### DDNS 31 | 32 | 固件内置 [kkkgo/UE-DDNS](https://github.com/kkkgo/UE-DDNS) 33 | 34 | - 只需要在终端输入 `ue-ddns` 即可快速配置DDNS脚本,并支持hotplug接口(可实现网卡IP变动时,自动执行脚本) 35 | - 支持消息通知,具体请查看 [官方文档](https://blog.03k.org/post/ue-ddns.html#%E8%87%AA%E5%AE%9A%E4%B9%89%E9%80%89%E9%A1%B9%E5%92%8C%E6%B6%88%E6%81%AF%E9%80%9A%E7%9F%A5) 36 | 37 | ### RTC 硬件时钟 38 | 39 | **本固件支持 RTC 硬件时钟读取/同步,当设备断电时,重新通电启动系统时间不会错乱** *(注意:设备需要安装 RTC 电池后使用)* 40 | 41 | #### 首次安装 RTC 电池写入时间命令 42 | 43 | ```shell 44 | hwclock -w -f /dev/rtc0 45 | ``` 46 | 47 | #### 测试时间读取(返回当前时间表示正常) 48 | 49 | ```shell 50 | hwclock -f /dev/rtc0 51 | ``` 52 | 53 | ### Speedtest-EX 54 | 55 | 56 | 57 | - 配置文件位于 `/etc/speedtest-ex/config.toml` 58 | - 默认运行在: 59 | - 若不需要直接前往软件包处删除 `speedtest-ex` 即可 60 | 61 | ### boltbrowser 62 | 63 | 64 | 65 | - 可视化查看 nikki 的 `cache.db` 66 | 67 | ```shell 68 | boltbrowser /etc/nikki/run/cache.db 69 | ``` 70 | 71 | - 若不需要直接前往软件包处删除 `boltbrowser` 即可 72 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | openwrt/build.sh -------------------------------------------------------------------------------- /openwrt/24-config-musl-armsr-armv8: -------------------------------------------------------------------------------- 1 | ### Init 2 | CONFIG_TARGET_armsr=y 3 | CONFIG_TARGET_armsr_armv8=y 4 | CONFIG_TARGET_armsr_armv8_DEVICE_generic=y 5 | 6 | ### Basic 7 | CONFIG_ALL_KMODS=y 8 | CONFIG_ALL_NONSHARED=y 9 | CONFIG_KERNEL_BUILD_DOMAIN="cooluc.com" 10 | CONFIG_KERNEL_BUILD_USER="admin" 11 | CONFIG_KERNEL_MEMCG_V1=y 12 | CONFIG_KERNEL_MPTCP=y 13 | CONFIG_KERNEL_MPTCP_IPV6=y 14 | # CONFIG_KERNEL_PREEMPT_RT is not set 15 | CONFIG_PACKAGE_autocore-arm=y 16 | CONFIG_PACKAGE_bind-host=y 17 | CONFIG_PACKAGE_block-mount=y 18 | CONFIG_PACKAGE_coremark=y 19 | CONFIG_PACKAGE_default-settings=y 20 | CONFIG_TARGET_KERNEL_PARTSIZE=64 21 | CONFIG_TARGET_ROOTFS_PARTSIZE=944 22 | CONFIG_COREMARK_NUMBER_OF_THREADS=16 23 | # CONFIG_KERNEL_KALLSYMS is not set 24 | -------------------------------------------------------------------------------- /openwrt/24-config-musl-r4s: -------------------------------------------------------------------------------- 1 | ### Init 2 | CONFIG_TARGET_rockchip=y 3 | CONFIG_TARGET_rockchip_armv8=y 4 | CONFIG_TARGET_rockchip_armv8_DEVICE_friendlyarm_nanopi-r4s=y 5 | 6 | ### Basic 7 | CONFIG_ALL_KMODS=y 8 | CONFIG_ALL_NONSHARED=y 9 | CONFIG_KERNEL_BUILD_DOMAIN="cooluc.com" 10 | CONFIG_KERNEL_BUILD_USER="admin" 11 | CONFIG_KERNEL_MEMCG_V1=y 12 | CONFIG_KERNEL_MPTCP=y 13 | CONFIG_KERNEL_MPTCP_IPV6=y 14 | # CONFIG_KERNEL_PREEMPT_RT is not set 15 | CONFIG_PACKAGE_autocore-arm=y 16 | CONFIG_PACKAGE_bind-host=y 17 | CONFIG_PACKAGE_block-mount=y 18 | CONFIG_PACKAGE_coremark=y 19 | CONFIG_PACKAGE_default-settings=y 20 | CONFIG_TARGET_KERNEL_PARTSIZE=16 21 | CONFIG_TARGET_ROOTFS_PARTSIZE=944 22 | CONFIG_COREMARK_NUMBER_OF_THREADS=8 23 | # CONFIG_KERNEL_KALLSYMS is not set 24 | 25 | ### Video Support 26 | CONFIG_PACKAGE_kmod-drm-rockchip=y 27 | CONFIG_PACKAGE_kmod-drm-panfrost=y 28 | -------------------------------------------------------------------------------- /openwrt/24-config-musl-r5s: -------------------------------------------------------------------------------- 1 | ### Init 2 | CONFIG_TARGET_rockchip=y 3 | CONFIG_TARGET_rockchip_armv8=y 4 | CONFIG_TARGET_MULTI_PROFILE=y 5 | CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r5c=y 6 | CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r5s=y 7 | 8 | ### Basic 9 | CONFIG_ALL_KMODS=y 10 | CONFIG_ALL_NONSHARED=y 11 | CONFIG_KERNEL_BUILD_DOMAIN="cooluc.com" 12 | CONFIG_KERNEL_BUILD_USER="admin" 13 | CONFIG_KERNEL_CFLAGS="-march=armv8.2-a+crypto+crc -mcpu=cortex-a55+crypto+crc -mtune=cortex-a55" 14 | CONFIG_KERNEL_MEMCG_V1=y 15 | CONFIG_KERNEL_MPTCP=y 16 | CONFIG_KERNEL_MPTCP_IPV6=y 17 | # CONFIG_KERNEL_PREEMPT_RT is not set 18 | CONFIG_PACKAGE_autocore-arm=y 19 | CONFIG_PACKAGE_bind-host=y 20 | CONFIG_PACKAGE_block-mount=y 21 | CONFIG_PACKAGE_coremark=y 22 | CONFIG_PACKAGE_default-settings=y 23 | CONFIG_TARGET_KERNEL_PARTSIZE=16 24 | CONFIG_TARGET_ROOTFS_PARTSIZE=944 25 | CONFIG_COREMARK_NUMBER_OF_THREADS=6 26 | # CONFIG_KERNEL_KALLSYMS is not set 27 | 28 | ### Video Support 29 | CONFIG_PACKAGE_kmod-drm-rockchip=y 30 | CONFIG_PACKAGE_kmod-drm-panfrost=y 31 | -------------------------------------------------------------------------------- /openwrt/24-config-musl-x86: -------------------------------------------------------------------------------- 1 | ### Init 2 | CONFIG_TARGET_x86=y 3 | CONFIG_TARGET_x86_64=y 4 | CONFIG_TARGET_x86_64_DEVICE_generic=y 5 | CONFIG_GRUB_TIMEOUT="1" 6 | 7 | ### Basic 8 | CONFIG_ALL_KMODS=y 9 | CONFIG_ALL_NONSHARED=y 10 | CONFIG_KERNEL_BUILD_DOMAIN="cooluc.com" 11 | CONFIG_KERNEL_BUILD_USER="admin" 12 | CONFIG_KERNEL_MEMCG_V1=y 13 | CONFIG_KERNEL_MPTCP=y 14 | CONFIG_KERNEL_MPTCP_IPV6=y 15 | # CONFIG_KERNEL_PREEMPT_RT is not set 16 | CONFIG_PACKAGE_autocore-x86=y 17 | CONFIG_PACKAGE_bind-host=y 18 | CONFIG_PACKAGE_block-mount=y 19 | CONFIG_PACKAGE_coremark=y 20 | CONFIG_PACKAGE_default-settings=y 21 | CONFIG_TARGET_KERNEL_PARTSIZE=32 22 | CONFIG_TARGET_ROOTFS_PARTSIZE=944 23 | # CONFIG_KERNEL_KALLSYMS is not set 24 | 25 | ### Kernel driver 26 | CONFIG_PACKAGE_kmod-igb=y 27 | CONFIG_PACKAGE_kmod-igc=y 28 | CONFIG_PACKAGE_kmod-mlx4-core=y 29 | CONFIG_PACKAGE_kmod-mlx5-core=y 30 | CONFIG_PACKAGE_kmod-mt76x2=y 31 | CONFIG_PACKAGE_kmod-mt7921e=y 32 | CONFIG_PACKAGE_kmod-mt7921u=y 33 | CONFIG_PACKAGE_kmod-mt7922-firmware=y 34 | CONFIG_PACKAGE_kmod-ngbe=y 35 | CONFIG_PACKAGE_kmod-r8101=y 36 | CONFIG_PACKAGE_kmod-r8125=y 37 | CONFIG_PACKAGE_kmod-r8126=y 38 | CONFIG_PACKAGE_kmod-r8127=y 39 | CONFIG_PACKAGE_kmod-r8168=y 40 | CONFIG_PACKAGE_kmod-txgbe=y 41 | # CONFIG_PACKAGE_kmod-r8169 is not set 42 | CONFIG_PACKAGE_kmod-nvme=y 43 | 44 | ### Display & Extra Drivers 45 | # CONFIG_PACKAGE_i915-firmware-huc is not set 46 | # CONFIG_PACKAGE_kmod-drm-i915 is not set 47 | # CONFIG_PACKAGE_kmod-sound-hda-codec-realtek is not set 48 | # CONFIG_PACKAGE_kmod-sound-hda-intel is not set 49 | -------------------------------------------------------------------------------- /openwrt/files/bg/bg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnsonRan/opwrt_build_script/098745ef0a5ef0adf042107bfc1d9f0a561de22b/openwrt/files/bg/bg.jpg -------------------------------------------------------------------------------- /openwrt/files/bg/bg.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnsonRan/opwrt_build_script/098745ef0a5ef0adf042107bfc1d9f0a561de22b/openwrt/files/bg/bg.webp -------------------------------------------------------------------------------- /openwrt/files/etc/banner: -------------------------------------------------------------------------------- 1 | .__ __. ___ .__ __. ______ .______ __ 2 | | \ | | / \ | \ | | / __ \ | _ \ | | 3 | | \| | / ^ \ | \| | | | | | | |_) | | | 4 | | . ` | / /_\ \ | . ` | | | | | | ___/ | | 5 | | |\ | / _____ \ | |\ | | `--' | | | | | 6 | |__| \__| /__/ \__\ |__| \__| \______/ | _| |__| 7 | %D %V, %C 8 | .______ _____ _______. 9 | | _ \ | ____| / | 10 | | |_) | | |__ | (----` 11 | | / |___ \ \ \ 12 | | |\ \----.___) | .----) | 13 | | _| `._____|____/ |_______/ 14 | 15 | -------------------------------------------------------------------------------- /openwrt/files/etc/banner-x86: -------------------------------------------------------------------------------- 1 | ___ ___ ___ __ 2 | \ \ / / / _ \ / / 3 | \ V / | (_) | / /_ 4 | > < > _ < | '_ \ 5 | / . \ | (_) | | (_) | 6 | /__/ \__\ \___/ \___/ 7 | %D %V, %C 8 | __ _ _ 9 | / / | || | 10 | / /_ | || |_ 11 | | '_ \ |__ _| 12 | | (_) | | | 13 | \___/ |_| 14 | -------------------------------------------------------------------------------- /openwrt/files/etc/board.d/03_model: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | [ $(grep -c -i -E "Default string" /sys/class/dmi/id/product_name) -ge 1 ] && echo "Generic x86/64" > /tmp/sysinfo/model 4 | 5 | grep -q "nanopi-r5s" /etc/board.json && ucidef_set_interfaces_lan_wan 'eth0 eth1' 'eth2' 6 | 7 | exit 0 -------------------------------------------------------------------------------- /openwrt/files/etc/hotplug.d/block/20-usbreset: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | device=`basename $DEVPATH` 4 | 5 | case $device in 6 | mtdblock*|ubiblock*|zram*) 7 | exit 0 8 | ;; 9 | esac 10 | 11 | case "$ACTION" in 12 | add) 13 | mkdir -p /usb/$device 14 | mount -o rw,noatime,discard /dev/$device /usb/$device 15 | if [ -f "/usb/$device/recovery.txt" ]; then 16 | echo y | firstboot 17 | sleep 2 18 | reboot 19 | else 20 | umount -l /usb/$device 21 | rm -rf /usb 22 | fi 23 | ;; 24 | esac 25 | -------------------------------------------------------------------------------- /openwrt/files/etc/hotplug.d/iface/99-tailscale-needs: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | [ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { 4 | sleep 3 5 | NETDEV=$(ip -o route get 223.5.5.5 | cut -f 5 -d " ") 6 | ethtool -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off 7 | service tailscale restart 8 | service log restart 9 | logger "Configured $NETDEV for tailscale" 10 | } 11 | -------------------------------------------------------------------------------- /openwrt/files/etc/profile.d/advanced_banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -n "$PS1" ]; then 4 | /usr/bin/advanced_banner 5 | fi -------------------------------------------------------------------------------- /openwrt/files/etc/sysctl.d/10-default.conf: -------------------------------------------------------------------------------- 1 | # Do not edit, changes to this file will be lost on upgrades 2 | # /etc/sysctl.conf can be used to customize sysctl settings 3 | 4 | kernel.panic=3 5 | kernel.core_pattern=/tmp/%e.%t.%p.%s.core 6 | fs.suid_dumpable=2 7 | 8 | fs.protected_hardlinks=1 9 | fs.protected_symlinks=1 10 | 11 | net.core.bpf_jit_enable=1 12 | net.core.bpf_jit_kallsyms=1 13 | 14 | net.core.default_qdisc=cake 15 | 16 | net.ipv4.conf.default.arp_ignore=1 17 | net.ipv4.conf.all.arp_ignore=1 18 | net.ipv4.ip_forward=1 19 | net.ipv4.icmp_echo_ignore_broadcasts=1 20 | net.ipv4.icmp_ignore_bogus_error_responses=1 21 | net.ipv4.igmp_max_memberships=100 22 | net.ipv4.tcp_fin_timeout=30 23 | net.ipv4.tcp_keepalive_time=120 24 | net.ipv4.tcp_syncookies=1 25 | net.ipv4.tcp_timestamps=1 26 | net.ipv4.tcp_sack=1 27 | net.ipv4.tcp_dsack=1 28 | net.ipv4.tcp_max_syn_backlog=8192 29 | 30 | net.ipv6.conf.default.forwarding=1 31 | net.ipv6.conf.all.forwarding=1 32 | -------------------------------------------------------------------------------- /openwrt/files/etc/sysctl.d/15-vm-swappiness.conf: -------------------------------------------------------------------------------- 1 | # Do not edit, changes to this file will be lost on upgrades 2 | # /etc/sysctl.conf can be used to customize sysctl settings 3 | 4 | vm.swappiness=5 5 | -------------------------------------------------------------------------------- /openwrt/files/etc/sysctl.d/16-udp-buffer-size.conf: -------------------------------------------------------------------------------- 1 | # Do not edit, changes to this file will be lost on upgrades 2 | # /etc/sysctl.conf can be used to customize sysctl settings 3 | 4 | net.core.rmem_max=7500000 5 | net.core.wmem_max=7500000 6 | -------------------------------------------------------------------------------- /openwrt/files/etc/uci-defaults/99-dae: -------------------------------------------------------------------------------- 1 | uci batch << EOF 2 | del network.globals.ula_prefix 3 | commit 4 | EOF -------------------------------------------------------------------------------- /openwrt/files/etc/uci-defaults/99-led: -------------------------------------------------------------------------------- 1 | uci batch << EOF 2 | set system.led_wan.dev='eth2' 3 | set system.led_lan1.dev='eth1' 4 | set system.led_lan2.dev='eth0' 5 | commit 6 | EOF -------------------------------------------------------------------------------- /openwrt/files/etc/uci-defaults/99-nikki: -------------------------------------------------------------------------------- 1 | uci batch << EOF 2 | set nikki.mixin.dns_mode='redir-host' 3 | set nikki.proxy.transparent_proxy='0' 4 | delete nikki.mixin.ipv6 5 | delete nikki.mixin.dns_ipv6 6 | set nikki.mixin.fake_ip_range='28.0.0.1/8' 7 | set nikki.mixin.ui_url='https://raw.ihtw.moe/https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip' 8 | commit 9 | EOF -------------------------------------------------------------------------------- /openwrt/files/etc/uci-defaults/99-watchcat: -------------------------------------------------------------------------------- 1 | uci batch << EOF 2 | set watchcat.@watchcat[0]=watchcat 3 | set watchcat.@watchcat[0].mode='restart_iface' 4 | set watchcat.@watchcat[0].period='1m' 5 | set watchcat.@watchcat[0].pinghosts='223.5.5.5' 6 | set watchcat.@watchcat[0].addressfamily='ipv4' 7 | set watchcat.@watchcat[0].pingperiod='10' 8 | set watchcat.@watchcat[0].pingsize='standard' 9 | set watchcat.@watchcat[0].interface='pppoe-wan' 10 | commit 11 | EOF -------------------------------------------------------------------------------- /openwrt/files/root/.bash_profile: -------------------------------------------------------------------------------- 1 | # .bash_profile 2 | 3 | # Get the aliases and functions 4 | if [ -f ~/.bashrc ]; then 5 | . ~/.bashrc 6 | fi 7 | 8 | # User specific environment and startup programs 9 | 10 | PATH=$PATH:$HOME/bin 11 | 12 | export PATH 13 | -------------------------------------------------------------------------------- /openwrt/files/root/.bashrc: -------------------------------------------------------------------------------- 1 | # .bashrc 2 | 3 | # User specific aliases and functions 4 | 5 | alias rm='rm -i' 6 | alias cp='cp -i' 7 | alias mv='mv -i' 8 | 9 | # You may uncomment the following lines if you want `ls' to be colorized: 10 | export LS_OPTIONS='--color=auto' 11 | eval "$(dircolors)" 12 | alias ls='ls $LS_OPTIONS' 13 | alias ll='ls $LS_OPTIONS -l' 14 | 15 | # Source global definitions 16 | if [ -f /etc/bashrc ]; then 17 | . /etc/bashrc 18 | fi 19 | -------------------------------------------------------------------------------- /openwrt/files/sbin/emmc-install: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Author: sbwml 4 | # This script helps the automation Flashing the eMMC in a NanoPi R5S. 5 | 6 | # check 7 | commands=("bash" "parted" "awk" "sed" "grep" "zcat" "dd" "fdisk") 8 | for cmd in "${commands[@]}"; do 9 | if ! which "$cmd" >/dev/null 2>&1; then 10 | echo "Command $cmd does not exist." 11 | exit 1 12 | fi 13 | done 14 | 15 | if [ -z "$1" ]; then 16 | echo "Firmware file does not specified." 17 | echo "Usage: $0 " 18 | exit 0 19 | fi 20 | 21 | echo " " 22 | echo "Starting eMMC Flashing ..." 23 | 24 | # eMMC device 25 | echo " " 26 | echo "eMMC info" 27 | emmc_device=$(parted -l 2>/dev/null | grep -A 1 -E 'Model: MMC .*sd/mmc' | tail -n1 | awk '{print $2}' | sed 's/://g') 28 | emmc_size=$(parted -l 2>/dev/null | grep -A 1 -E 'Model: MMC .*sd/mmc' | tail -n1 | awk '{print $3}') 29 | emmc_device_name=$(echo $emmc_device | awk -F/ '{print $3}') 30 | emmc_partition=$(fdisk -l 2>/dev/null | grep "$emmc_device_name"p | wc -l) 31 | if [ "$emmc_partition" -eq 3 ]; then 32 | emmc_p3_start=$(fdisk -l 2>/dev/null | grep "$emmc_device_name"p3 | awk '{print $2}') 33 | emmc_p3_end=$(fdisk -l 2>/dev/null | grep "$emmc_device_name"p3 | awk '{print $3}') 34 | fi 35 | 36 | if [ -n "$emmc_device" ]; then 37 | echo "Device: $emmc_device" 38 | echo "Size: $emmc_size" 39 | else 40 | echo "No available eMMC storage device found." 41 | exit 1 42 | fi 43 | 44 | echo " " 45 | read -p "This script will erase your eMMC. Continue [y/n]? " -n 1 -r 46 | echo " " 47 | if [[ $REPLY =~ ^[Nn]$ ]]; then 48 | echo "Exiting script." 49 | exit 1 50 | fi 51 | 52 | firmware_file="$1" 53 | if [ -e "$firmware_file" ]; then 54 | extension="${firmware_file##*.}" 55 | if [ "$extension" = "gz" ]; then 56 | echo " " 57 | echo "Gzip decompression $firmware_file ..." 58 | zcat "$firmware_file" > /var/firmware.img 59 | firmware_file_path="/var/firmware.img" 60 | elif [ "$extension" = "img" ]; then 61 | firmware_file_path="$firmware_file" 62 | else 63 | echo "Only supports firmware files with .gz or .img suffixes." 64 | exit 1 65 | fi 66 | else 67 | echo "The firmware file does not exist." 68 | exit 1 69 | fi 70 | 71 | echo "Flashing ..." 72 | dd if="$firmware_file_path" of="$emmc_device" bs=1M conv=fsync 73 | if [ "$emmc_partition" -eq 3 ]; then 74 | echo "Recreate eMMC storage partition 3 ..." 75 | fdisk "$emmc_device" << EOM > /dev/null 2>&1 76 | n 77 | p 78 | 79 | $emmc_p3_start 80 | $emmc_p3_end 81 | 82 | wq 83 | EOM 84 | fi 85 | echo " " 86 | echo "Done!" 87 | echo "Please remove the TF card and Power off and restart device." 88 | echo " " 89 | -------------------------------------------------------------------------------- /openwrt/generic/config-bpf: -------------------------------------------------------------------------------- 1 | 2 | ### BPF 3 | CONFIG_DEVEL=y 4 | CONFIG_BPF_TOOLCHAIN_HOST=y 5 | # CONFIG_BPF_TOOLCHAIN_NONE is not set 6 | CONFIG_KERNEL_BPF_EVENTS=y 7 | CONFIG_KERNEL_CGROUP_BPF=y 8 | CONFIG_KERNEL_DEBUG_INFO=y 9 | CONFIG_KERNEL_DEBUG_INFO_BTF=y 10 | # CONFIG_KERNEL_DEBUG_INFO_REDUCED is not set 11 | CONFIG_KERNEL_MODULE_ALLOW_BTF_MISMATCH=y 12 | CONFIG_KERNEL_XDP_SOCKETS=y 13 | 14 | ### BPF Kernel Modules 15 | CONFIG_PACKAGE_kmod-sched-core=y 16 | CONFIG_PACKAGE_kmod-sched-bpf=y 17 | CONFIG_PACKAGE_kmod-xdp-sockets-diag=y 18 | -------------------------------------------------------------------------------- /openwrt/generic/config-dpdk: -------------------------------------------------------------------------------- 1 | 2 | # DPDK 3 | CONFIG_PACKAGE_dpdk-tools=y 4 | CONFIG_PACKAGE_numactl=m 5 | -------------------------------------------------------------------------------- /openwrt/generic/config-glibc: -------------------------------------------------------------------------------- 1 | 2 | # glibc 3 | CONFIG_DEVEL=y 4 | CONFIG_TOOLCHAINOPTS=y 5 | CONFIG_LIBC_USE_GLIBC=y 6 | CONFIG_PACKAGE_glibc-common=y 7 | CONFIG_PACKAGE_ldconfig=y 8 | CONFIG_PACKAGE_ldd=y 9 | CONFIG_PACKAGE_libstdcpp=y 10 | 11 | # musl compatible 12 | CONFIG_PACKAGE_musl-libc=y 13 | -------------------------------------------------------------------------------- /openwrt/generic/config-lto: -------------------------------------------------------------------------------- 1 | 2 | # Link time optimization 3 | CONFIG_USE_GC_SECTIONS=y 4 | CONFIG_USE_LTO=y 5 | -------------------------------------------------------------------------------- /openwrt/generic/config-wwan: -------------------------------------------------------------------------------- 1 | 2 | # wwan 3 | CONFIG_PACKAGE_luci-app-3ginfo-lite=m 4 | CONFIG_PACKAGE_luci-app-modemband=m 5 | CONFIG_PACKAGE_luci-app-sms-tool-js=m 6 | CONFIG_PACKAGE_luci-proto-quectel=m 7 | # CONFIG_PACKAGE_fibocom-dial is not set 8 | CONFIG_PACKAGE_modemband=m 9 | CONFIG_PACKAGE_quectel-cm=m 10 | -------------------------------------------------------------------------------- /openwrt/generic/upx_list.txt: -------------------------------------------------------------------------------- 1 | /usr/bin/aircast 2 | /usr/bin/airupnp 3 | /usr/bin/alist 4 | /usr/bin/frpc 5 | /usr/bin/mosdns 6 | /usr/bin/sslocal 7 | /usr/bin/ssserver 8 | /usr/bin/v2dat 9 | /usr/bin/xray 10 | /usr/bin/xray-plugin 11 | /usr/sbin/haproxy 12 | -------------------------------------------------------------------------------- /openwrt/nginx/luci.locations: -------------------------------------------------------------------------------- 1 | location /cgi-bin/luci { 2 | index index.html; 3 | include uwsgi_params; 4 | uwsgi_param SERVER_ADDR $server_addr; 5 | uwsgi_modifier1 9; 6 | uwsgi_send_timeout 300; 7 | uwsgi_connect_timeout 300; 8 | uwsgi_read_timeout 300; 9 | uwsgi_pass unix:////var/run/luci-webui.socket; 10 | } 11 | location ~ /cgi-bin/cgi-(backup|download|upload|exec) { 12 | include uwsgi_params; 13 | uwsgi_param SERVER_ADDR $server_addr; 14 | uwsgi_modifier1 9; 15 | uwsgi_send_timeout 300; 16 | uwsgi_connect_timeout 300; 17 | uwsgi_read_timeout 300; 18 | uwsgi_pass unix:////var/run/luci-cgi_io.socket; 19 | } 20 | 21 | location /luci-static { 22 | error_log stderr crit; 23 | if ($request_uri ~* \.(jpg|jpeg|png|gif|ico|webp|mp4|webm)$) { 24 | add_header Cache-Control "public, max-age=2592000"; 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /openwrt/nginx/uci.conf.template: -------------------------------------------------------------------------------- 1 | # Consider using UCI or creating files in /etc/nginx/conf.d/ for configuration. 2 | # Parsing UCI configuration is skipped if uci set nginx.global.uci_enable=false 3 | # For details see: https://openwrt.org/docs/guide-user/services/webserver/nginx 4 | # UCI_CONF_VERSION=1.2 5 | 6 | worker_processes 2; 7 | 8 | user root; 9 | 10 | include module.d/*.module; 11 | 12 | events { 13 | worker_connections 1024; 14 | } 15 | 16 | http { 17 | access_log off; 18 | server_names_hash_bucket_size 128; 19 | server_tokens build; 20 | keepalive_timeout 300s; 21 | log_format openwrt 22 | '$request_method $scheme://$host$request_uri => $status' 23 | ' (${body_bytes_sent}B in ${request_time}s) <- $http_referer'; 24 | 25 | include mime.types; 26 | default_type application/octet-stream; 27 | sendfile on; 28 | 29 | client_max_body_size 8192M; 30 | large_client_header_buffers 4 32k; 31 | 32 | gzip on; 33 | gzip_vary on; 34 | gzip_proxied any; 35 | 36 | root /www; 37 | 38 | #UCI_HTTP_CONFIG 39 | include conf.d/*.conf; 40 | } 41 | -------------------------------------------------------------------------------- /openwrt/patch/apk-tools/9999-hack-for-linux-pre-releases.patch: -------------------------------------------------------------------------------- 1 | --- a/src/apk_adb.c 2 | +++ b/src/apk_adb.c 3 | @@ -177,7 +177,6 @@ static struct adb_scalar_schema scalar_n 4 | 5 | static adb_val_t version_fromstring(struct adb *db, apk_blob_t val) 6 | { 7 | - if (!apk_version_validate(val)) return ADB_ERROR(APKE_PKGVERSION_FORMAT); 8 | return adb_w_blob(db, val); 9 | } 10 | 11 | @@ -338,12 +337,6 @@ static int dependency_fromstring(struct 12 | apk_blob_t bname, bver; 13 | int op; 14 | 15 | - if (apk_dep_parse(bdep, &bname, &op, &bver) != 0) goto fail; 16 | - if ((op & APK_DEPMASK_CHECKSUM) != APK_DEPMASK_CHECKSUM && 17 | - !apk_version_validate(bver)) goto fail; 18 | - 19 | - if (apk_blob_spn(bname, APK_CTYPE_DEPENDENCY_NAME, NULL, NULL)) goto fail; 20 | - 21 | adb_wo_blob(obj, ADBI_DEP_NAME, bname); 22 | if (op != APK_DEPMASK_ANY) { 23 | adb_wo_blob(obj, ADBI_DEP_VERSION, bver); 24 | -------------------------------------------------------------------------------- /openwrt/patch/cgroupfs-mount/0001-fix-cgroupfs-mount.patch: -------------------------------------------------------------------------------- 1 | diff --git a/utils/cgroupfs-mount/files/cgroupfs-mount.init b/utils/cgroupfs-mount/files/cgroupfs-mount.init 2 | index 0d6b68d..4ae3185 100755 3 | --- a/utils/cgroupfs-mount/files/cgroupfs-mount.init 4 | +++ b/utils/cgroupfs-mount/files/cgroupfs-mount.init 5 | @@ -4,9 +4,17 @@ START=01 6 | 7 | boot() { 8 | # Procd mounts non-hierarchical cgroupfs so unmount first before cgroupfs-mount 9 | - if mountpoint -q /sys/fs/cgroup; then 10 | - umount /sys/fs/cgroup/ 11 | - fi 12 | + umount_cgroup() { 13 | + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do 14 | + if mountpoint -q /sys/fs/cgroup/$sys; then 15 | + umount /sys/fs/cgroup/$sys || true 16 | + fi 17 | + done 18 | + if mountpoint -q /sys/fs/cgroup; then 19 | + umount /sys/fs/cgroup || true 20 | + fi 21 | + } 22 | 23 | - cgroupfs-mount 24 | + umount_cgroup 25 | + cgroupfs-mount 26 | } 27 | -------------------------------------------------------------------------------- /openwrt/patch/cgroupfs-mount/900-mount-cgroup-v2-hierarchy-to-sys-fs-cgroup-cgroup2.patch: -------------------------------------------------------------------------------- 1 | From 3855430e665c09b8b36d177a39245d0a69453397 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 23 Aug 2023 20:10:30 +0800 4 | Subject: [PATCH 1/2] mount cgroup v2 hierarchy to /sys/fs/cgroup/cgroup2 5 | 6 | --- 7 | cgroupfs-mount | 6 ++++++ 8 | 1 file changed, 6 insertions(+) 9 | 10 | diff --git a/cgroupfs-mount b/cgroupfs-mount 11 | index 40810ba..114f7a1 100755 12 | --- a/cgroupfs-mount 13 | +++ b/cgroupfs-mount 14 | @@ -41,6 +41,12 @@ for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do 15 | fi 16 | done 17 | 18 | +# mount cgroup v2 hierarchy to /sys/fs/cgroup/cgroup2 if kernel support cgroup2 filesystem 19 | +if grep -q cgroup2 /proc/filesystems; then 20 | + mkdir -p /sys/fs/cgroup/cgroup2 21 | + mount -t cgroup2 -o rw,nosuid,nodev,noexec,relatime,nsdelegate cgroup2 /sys/fs/cgroup/cgroup2 22 | +fi 23 | + 24 | # example /proc/cgroups: 25 | # #subsys_name hierarchy num_cgroups enabled 26 | # cpuset 2 3 1 27 | -- 28 | 2.34.8 29 | 30 | -------------------------------------------------------------------------------- /openwrt/patch/cgroupfs-mount/901-fix-cgroupfs-umount.patch: -------------------------------------------------------------------------------- 1 | From 712d45f93d6d499f8c6e6da44084ed2bfdae1605 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 23 Aug 2023 20:11:57 +0800 4 | Subject: [PATCH 2/2] fix cgroupfs-umount 5 | 6 | --- 7 | cgroupfs-umount | 5 ++++- 8 | 1 file changed, 4 insertions(+), 1 deletion(-) 9 | 10 | diff --git a/cgroupfs-umount b/cgroupfs-umount 11 | index ac26b6b..5b4c86e 100755 12 | --- a/cgroupfs-umount 13 | +++ b/cgroupfs-umount 14 | @@ -24,8 +24,11 @@ for sys in *; do 15 | umount $sys 16 | fi 17 | if [ -d $sys ]; then 18 | - rmdir $sys || true 19 | + rm -rf $sys || true 20 | fi 21 | done 22 | 23 | +cd / 24 | +umount /sys/fs/cgroup || true 25 | + 26 | exit 0 27 | -- 28 | 2.34.8 29 | 30 | -------------------------------------------------------------------------------- /openwrt/patch/cgroupfs-mount/902-mount-sys-fs-cgroup-systemd-for-docker-systemd-suppo.patch: -------------------------------------------------------------------------------- 1 | From 7f6837183da98c4ec5697d9c609e7da4ce354dea Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 23 Aug 2023 21:41:37 +0800 4 | Subject: [PATCH] mount /sys/fs/cgroup/systemd for docker systemd support 5 | 6 | --- 7 | cgroupfs-mount | 6 ++++++ 8 | 1 file changed, 6 insertions(+) 9 | 10 | diff --git a/cgroupfs-mount b/cgroupfs-mount 11 | index 8274c7c..4c1f954 100755 12 | --- a/cgroupfs-mount 13 | +++ b/cgroupfs-mount 14 | @@ -47,6 +47,12 @@ if grep -q cgroup2 /proc/filesystems; then 15 | mount -t cgroup2 -o rw,nosuid,nodev,noexec,relatime,nsdelegate cgroup2 /sys/fs/cgroup/cgroup2 16 | fi 17 | 18 | +# mount /sys/fs/cgroup/systemd for docker systemd 19 | +mkdir -p /sys/fs/cgroup/systemd 20 | +if ! mountpoint -q /sys/fs/cgroup/systemd; then 21 | + mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd 22 | +fi 23 | + 24 | # example /proc/cgroups: 25 | # #subsys_name hierarchy num_cgroups enabled 26 | # cpuset 2 3 1 27 | -- 28 | 2.34.8 29 | 30 | -------------------------------------------------------------------------------- /openwrt/patch/coremark/README.md: -------------------------------------------------------------------------------- 1 | # CoreMark (aarch64) prebuilt with GCC15 2 | -------------------------------------------------------------------------------- /openwrt/patch/coremark/coremark.aarch64-16-threads: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnsonRan/opwrt_build_script/098745ef0a5ef0adf042107bfc1d9f0a561de22b/openwrt/patch/coremark/coremark.aarch64-16-threads -------------------------------------------------------------------------------- /openwrt/patch/coremark/coremark.aarch64-4-threads: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnsonRan/opwrt_build_script/098745ef0a5ef0adf042107bfc1d9f0a561de22b/openwrt/patch/coremark/coremark.aarch64-4-threads -------------------------------------------------------------------------------- /openwrt/patch/coremark/coremark.aarch64-6-threads: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnsonRan/opwrt_build_script/098745ef0a5ef0adf042107bfc1d9f0a561de22b/openwrt/patch/coremark/coremark.aarch64-6-threads -------------------------------------------------------------------------------- /openwrt/patch/docker/0001-dockerd-fix-bridge-network.patch: -------------------------------------------------------------------------------- 1 | From 52fd8d3590e62a7a1949e1236cce362fbd7f33c6 Mon Sep 17 00:00:00 2001 2 | From: sbwml <984419930@qq.com> 3 | Date: Fri, 9 Dec 2022 13:01:48 +0800 4 | Subject: [PATCH] dockerd: fix bridge network 5 | 6 | --- 7 | utils/dockerd/files/dockerd.init | 3 +++ 8 | utils/dockerd/files/etc/config/dockerd | 2 +- 9 | 2 files changed, 4 insertions(+), 1 deletion(-) 10 | 11 | diff --git a/utils/dockerd/files/dockerd.init b/utils/dockerd/files/dockerd.init 12 | index 8835a6d..ec83ec5 100755 13 | --- a/utils/dockerd/files/dockerd.init 14 | +++ b/utils/dockerd/files/dockerd.init 15 | @@ -91,6 +91,9 @@ uciadd() { 16 | uci_quiet set firewall.@zone[-1].output="ACCEPT" 17 | uci_quiet set firewall.@zone[-1].forward="ACCEPT" 18 | uci_quiet set firewall.@zone[-1].name="${zone}" 19 | + uci_quiet set firewall.dockerd=forwarding 20 | + uci_quiet set firewall.@forwarding[-1].src="${zone}" 21 | + uci_quiet set firewall.@forwarding[-1].dest='wan' 22 | uci_quiet commit firewall 23 | fi 24 | 25 | diff --git a/utils/dockerd/files/etc/config/dockerd b/utils/dockerd/files/etc/config/dockerd 26 | index 0fa4a56..03fdcf8 100644 27 | --- a/utils/dockerd/files/etc/config/dockerd 28 | +++ b/utils/dockerd/files/etc/config/dockerd 29 | @@ -41,5 +41,5 @@ config proxies 'proxies' 30 | # then docker restarted to load in new changes. 31 | config firewall 'firewall' 32 | option device 'docker0' 33 | - list blocked_interfaces 'wan' 34 | +# list blocked_interfaces 'wan' 35 | # option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' # allow outbound connections 36 | -------------------------------------------------------------------------------- /openwrt/patch/docker/0002-docker-add-buildkit-experimental-support.patch: -------------------------------------------------------------------------------- 1 | From 342451357cc3718748d4a2fed40b480044adb1a7 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 3 Apr 2024 02:38:08 +0800 4 | Subject: [PATCH] docker: add buildkit & experimental support 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | utils/dockerd/files/dockerd.init | 8 ++++++++ 9 | utils/dockerd/files/etc/config/dockerd | 2 ++ 10 | 2 files changed, 10 insertions(+) 11 | 12 | diff --git a/utils/dockerd/files/dockerd.init b/utils/dockerd/files/dockerd.init 13 | index ec83ec5..5762c11 100755 14 | --- a/utils/dockerd/files/dockerd.init 15 | +++ b/utils/dockerd/files/dockerd.init 16 | @@ -193,6 +193,8 @@ process_config() { 17 | config_get https_proxy proxies https_proxy "${https_proxy}" 18 | config_get no_proxy proxies no_proxy "${no_proxy}" 19 | config_get storage_driver globals storage_driver "" 20 | + config_get buildkit globals buildkit "0" 21 | + config_get experimental globals experimental "0" 22 | 23 | . /usr/share/libubox/jshn.sh 24 | json_init 25 | @@ -200,6 +202,12 @@ process_config() { 26 | json_add_string "log-level" "${log_level}" 27 | json_add_boolean "iptables" "${iptables}" 28 | json_add_boolean "ip6tables" "${ip6tables}" 29 | + [ "${buildkit}" = "1" ] && { 30 | + json_add_object 'features' 31 | + json_add_boolean "buildkit" "${buildkit}" 32 | + json_close_object 33 | + } 34 | + [ "${experimental}" = "1" ] && json_add_boolean "experimental" "${experimental}" 35 | [ -z "${log_driver}" ] || json_add_string "log-driver" "${log_driver}" 36 | [ -z "${bip}" ] || json_add_string "bip" "${bip}" 37 | [ -z "${registry_mirrors}" ] || json_add_array "registry-mirrors" 38 | diff --git a/utils/dockerd/files/etc/config/dockerd b/utils/dockerd/files/etc/config/dockerd 39 | index 03fdcf8..8cb08fc 100644 40 | --- a/utils/dockerd/files/etc/config/dockerd 41 | +++ b/utils/dockerd/files/etc/config/dockerd 42 | @@ -20,6 +20,8 @@ config globals 'globals' 43 | # list dns '172.17.0.1' 44 | # list registry_mirrors 'https://' 45 | # list registry_mirrors 'https://hub.docker.com' 46 | + option buildkit '0' 47 | + option experimental '0' 48 | 49 | # If your organization uses a proxy server to connect to the internet, you may need to configure the proxy. 50 | # See https://docs.docker.com/engine/daemon/proxy/ for more details 51 | -- 52 | 2.42.0 53 | 54 | -------------------------------------------------------------------------------- /openwrt/patch/dpdk/dpdk/patches/010-dpdk_arm_build_platform_fix.patch: -------------------------------------------------------------------------------- 1 | --- a/config/arm/meson.build 2 | +++ b/config/arm/meson.build 3 | @@ -718,8 +718,10 @@ if dpdk_conf.get('RTE_ARCH_32') 4 | if meson.is_cross_build() 5 | update_flags = true 6 | soc = meson.get_cross_property('platform', '') 7 | - if soc == '' 8 | - error('Arm SoC must be specified in the cross file.') 9 | + if soc == '' 10 | + soc = platform 11 | + elif soc == '' 12 | + error('Arm SoC must be specified in the cross file or -Dplatform argument.') 13 | endif 14 | soc_config = socs.get(soc, {'not_supported': true}) 15 | flags_common = [] 16 | @@ -773,8 +775,10 @@ else 17 | else 18 | # cross build 19 | soc = meson.get_cross_property('platform', '') 20 | - if soc == '' 21 | - error('Arm SoC must be specified in the cross file.') 22 | + if soc == '' 23 | + soc = platform 24 | + elif soc == '' 25 | + error('Arm SoC must be specified in the cross file or -Dplatform argument.') 26 | endif 27 | soc_config = socs.get(soc, {'not_supported': true}) 28 | endif 29 | -------------------------------------------------------------------------------- /openwrt/patch/dpdk/numactl/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2024 Zbynek Kocur 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | PKG_NAME:=numactl 11 | PKG_VERSION:=2.0.19 12 | PKG_RELEASE:=1 13 | 14 | PKG_SOURCE_URL:=https://codeload.github.com/numactl/numactl/tar.gz/v$(PKG_VERSION)? 15 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 16 | PKG_HASH:=8b84ffdebfa0d730fb2fc71bb7ec96bb2d38bf76fb67246fde416a68e04125e4 17 | 18 | PKG_MAINTAINER:=Zbynek Kocur 19 | PKG_LICENSE:=GPL-2.0-or-later 20 | PKG_LICENSE_FILES:=COPYING 21 | 22 | PKG_FIXUP:=autoreconf 23 | PKG_INSTALL:=1 24 | PKG_BUILD_FLAGS:=no-lto 25 | 26 | PKG_BUILD_PARALLEL:=1 27 | 28 | include $(INCLUDE_DIR)/package.mk 29 | 30 | define Package/numactl 31 | SECTION:=utils 32 | CATEGORY:=Utilities 33 | TITLE:=Control NUMA policy for processes or shared memory 34 | URL:=https://github.com/numactl/numactl 35 | DEPENDS:=@(x86_64||aarch64) +libpthread +libstdcpp +libc +librt +libnuma 36 | endef 37 | 38 | 39 | define Package/numactl/description 40 | Simple NUMA policy support. It consists of a numactl program to 41 | run other programs with a specific NUMA policy. 42 | endef 43 | 44 | define Package/libnuma 45 | SECTION:=libs 46 | CATEGORY:=Libraries 47 | TITLE:=NUMA policy library 48 | DEPENDS:=+libatomic 49 | endef 50 | 51 | define Package/libnuma/description 52 | libnuma shared library ("NUMA API") to set NUMA policy in applications. 53 | The libnuma binary interface is supposed to stay binary compatible. 54 | Incompatible changes will use new symbol version numbers. 55 | endef 56 | 57 | define Build/InstallDev 58 | $(INSTALL_DIR) $(1)/usr/include 59 | $(CP) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include/ 60 | 61 | $(INSTALL_DIR) $(1)/usr/lib 62 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.{a,so*} $(1)/usr/lib/ 63 | 64 | $(INSTALL_DIR) $(1)/usr/lib/pkgconfig 65 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/numa.pc $(1)/usr/lib/pkgconfig/ 66 | endef 67 | 68 | define Package/numactl/install 69 | $(INSTALL_DIR) $(1)/usr/bin 70 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin 71 | endef 72 | 73 | define Package/libnuma/install 74 | $(INSTALL_DIR) $(1)/usr/lib 75 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib 76 | endef 77 | 78 | $(eval $(call BuildPackage,numactl)) 79 | $(eval $(call BuildPackage,libnuma)) 80 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/100-openwrt-firewall4-add-custom-nft-command-support.patch: -------------------------------------------------------------------------------- 1 | From 16eb81b40f5b5f6a6200ec584d9aa6aacdbafa54 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Thu, 14 Mar 2024 12:16:11 +0800 4 | Subject: [PATCH] firewall4: add custom nft command support 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | package/network/config/firewall4/Makefile | 1 + 9 | ...0-fw4-add-custom-nft-command-support.patch | 30 +++++++++++++++++++ 10 | 2 files changed, 31 insertions(+) 11 | create mode 100644 package/network/config/firewall4/patches/100-fw4-add-custom-nft-command-support.patch 12 | 13 | diff --git a/package/network/config/firewall4/Makefile b/package/network/config/firewall4/Makefile 14 | index 8764f5a..0cde6a6 100644 15 | --- a/package/network/config/firewall4/Makefile 16 | +++ b/package/network/config/firewall4/Makefile 17 | @@ -38,6 +38,7 @@ endef 18 | define Package/firewall4/conffiles 19 | /etc/config/firewall 20 | /etc/nftables.d/ 21 | +/etc/firewall4.user 22 | endef 23 | 24 | define Package/firewall4/install 25 | diff --git a/package/network/config/firewall4/patches/100-fw4-add-custom-nft-command-support.patch b/package/network/config/firewall4/patches/100-fw4-add-custom-nft-command-support.patch 26 | new file mode 100644 27 | index 0000000..6030936 28 | --- /dev/null 29 | +++ b/package/network/config/firewall4/patches/100-fw4-add-custom-nft-command-support.patch 30 | @@ -0,0 +1,30 @@ 31 | +From c359ce4457ac48bb65767ae5415f296e3d25a51d Mon Sep 17 00:00:00 2001 32 | +From: sbwml 33 | +Date: Thu, 14 Mar 2024 12:10:03 +0800 34 | +Subject: [PATCH] fw4: add custom nft command support 35 | + 36 | +Signed-off-by: sbwml 37 | +--- 38 | + root/etc/firewall4.user | 3 +++ 39 | + root/sbin/fw4 | 3 ++- 40 | + 2 files changed, 5 insertions(+), 1 deletion(-) 41 | + create mode 100644 root/etc/firewall4.user 42 | + 43 | +--- /dev/null 44 | ++++ b/root/etc/firewall4.user 45 | +@@ -0,0 +1,3 @@ 46 | ++# This file is interpreted as shell script. 47 | ++# Put your custom nft rules here, they will 48 | ++# be executed with each firewall (re-)start. 49 | +--- a/root/sbin/fw4 50 | ++++ b/root/sbin/fw4 51 | +@@ -33,7 +33,8 @@ start() { 52 | + esac 53 | + 54 | + ACTION=start \ 55 | +- utpl -S $MAIN | nft $VERBOSE -f $STDIN 56 | ++ utpl -S $MAIN | nft $VERBOSE -f $STDIN \ 57 | ++ ; /bin/sh /etc/firewall4.user 58 | + 59 | + ACTION=includes \ 60 | + utpl -S $MAIN 61 | -- 62 | 2.42.0 63 | 64 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/firewall4_patches/001-fix-fw4-flow-offload.patch: -------------------------------------------------------------------------------- 1 | --- a/root/usr/share/ucode/fw4.uc 2 | +++ b/root/usr/share/ucode/fw4.uc 3 | @@ -2045,8 +2045,8 @@ return { 4 | }); 5 | } 6 | 7 | - if (net.physdev && !e.invert) 8 | - push(related_physdevs, net.physdev); 9 | + if (net.up && net.device && !e.invert) 10 | + push(related_physdevs, net.device); 11 | 12 | push(related_subnets, ...(net.ipaddrs || [])); 13 | } 14 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/firewall4_patches/002-fix-fw4.uc-adept-kernel-version-type-of-x.x.patch: -------------------------------------------------------------------------------- 1 | From ba78896dffc386e641ac0eb9397761a24f4b5d87 Mon Sep 17 00:00:00 2001 2 | From: ZiMing Mo 3 | Date: Sun, 7 Aug 2022 15:52:55 +0800 4 | Subject: [PATCH] fix(fw4.uc): adept kernel version type of x.x 5 | 6 | fix kernel version match if the kernel version type is x.x (not x.x.x) 7 | 8 | Signed-off-by: ZiMing Mo 9 | --- 10 | root/usr/share/ucode/fw4.uc | 2 +- 11 | 1 file changed, 1 insertion(+), 1 deletion(-) 12 | 13 | --- a/root/usr/share/ucode/fw4.uc 14 | +++ b/root/usr/share/ucode/fw4.uc 15 | @@ -496,7 +496,7 @@ return { 16 | v = 0; 17 | 18 | if (fd) { 19 | - let m = match(fd.read("line"), /^Linux version ([0-9]+)\.([0-9]+)\.([0-9]+)/); 20 | + let m = match(fd.read("line"), /^Linux version ([0-9]+)\.([0-9]+)\.?([0-9]+)?/); 21 | 22 | v = m ? (+m[1] << 24) | (+m[2] << 16) | (+m[3] << 8) : 0; 23 | fd.close(); 24 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/firewall4_patches/990-unconditionally-allow-ct-status-dnat.patch: -------------------------------------------------------------------------------- 1 | From 38423fae4ba0f116ae7b5853b1c459202fe2c9a4 Mon Sep 17 00:00:00 2001 2 | From: Stijn Tintel 3 | Date: Tue, 22 Mar 2022 21:20:40 +0200 4 | Subject: [PATCH] test: unconditionally allow ct status dnat 5 | 6 | --- 7 | root/usr/share/firewall4/templates/ruleset.uc | 4 ---- 8 | 1 file changed, 4 deletions(-) 9 | 10 | --- a/root/usr/share/firewall4/templates/ruleset.uc 11 | +++ b/root/usr/share/firewall4/templates/ruleset.uc 12 | @@ -224,9 +224,7 @@ table inet fw4 { 13 | {% for (let rule in fw4.rules(`input_${zone.name}`)): %} 14 | {%+ include("rule.uc", { fw4, zone, rule }) %} 15 | {% endfor %} 16 | -{% if (zone.dflags.dnat): %} 17 | ct status dnat accept comment "!fw4: Accept port redirections" 18 | -{% endif %} 19 | {% fw4.includes('chain-append', `input_${zone.name}`) %} 20 | jump {{ zone.input }}_from_{{ zone.name }} 21 | } 22 | @@ -245,9 +243,7 @@ table inet fw4 { 23 | {% for (let rule in fw4.rules(`forward_${zone.name}`)): %} 24 | {%+ include("rule.uc", { fw4, zone, rule }) %} 25 | {% endfor %} 26 | -{% if (zone.dflags.dnat): %} 27 | ct status dnat accept comment "!fw4: Accept port forwards" 28 | -{% endif %} 29 | {% fw4.includes('chain-append', `forward_${zone.name}`) %} 30 | jump {{ zone.forward }}_to_{{ zone.name }} 31 | {% if (fw4.forward_policy() != "accept" && (zone.log & 1)): %} 32 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/firewall4_patches/README.md: -------------------------------------------------------------------------------- 1 | ### Patches for `package/network/config/firewall4` -------------------------------------------------------------------------------- /openwrt/patch/firewall4/luci-24.10/0001-luci-app-firewall-add-nft-fullcone-and-bcm-fullcone-.patch: -------------------------------------------------------------------------------- 1 | From 314fbe82b79b19499507ec5e8043a4b32c9885a8 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sat, 26 Oct 2024 03:35:05 +0800 4 | Subject: [PATCH 1/6] luci-app-firewall: add nft-fullcone and bcm-fullcone 5 | option 6 | 7 | Signed-off-by: sbwml 8 | --- 9 | .../resources/view/firewall/zones.js | 21 +++++++++++++++++++ 10 | 1 file changed, 21 insertions(+) 11 | 12 | diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 13 | index 41b9834..b41ebae 100644 14 | --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 15 | +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 16 | @@ -58,6 +58,27 @@ return view.extend({ 17 | 18 | o = s.option(form.Flag, 'drop_invalid', _('Drop invalid packets')); 19 | 20 | + /* Netfilter FullCone NAT support */ 21 | + 22 | + if (L.hasSystemFeature('fullcone')) { 23 | + o = s.option(form.RichListValue, "fullcone_type", _("Full Cone NAT")); 24 | + o.value('0', _("Disable")); 25 | + o.value('1', _("Nftables Fullcone nat"), _('Nftables based fullcone nat scheme.')); 26 | + o.value('2', _("Broadcom Fullcone nat"), _('Broadcom based fullcone nat scheme.')); 27 | + o.optional = false; 28 | + o.load = function (section_id) { 29 | + var fullcone = uci.get('firewall', section_id, 'fullcone'); 30 | + var brcmfullcone = uci.get('firewall', section_id, 'brcmfullcone'); 31 | + return (fullcone === '1') 32 | + ? (brcmfullcone === '1' ? '2' : '1') 33 | + : '0'; 34 | + }; 35 | + o.write = function(section_id, value) { 36 | + uci.set('firewall', section_id, 'fullcone', value === '0' ? null : '1'); 37 | + uci.set('firewall', section_id, 'brcmfullcone', value === '2' ? '1' : null); 38 | + }; 39 | + } 40 | + 41 | var p = [ 42 | s.option(form.ListValue, 'input', _('Input')), 43 | s.option(form.ListValue, 'output', _('Output')), 44 | -- 45 | 2.42.0 46 | 47 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/luci-24.10/0003-luci-app-firewall-add-ipv6-nat-option.patch: -------------------------------------------------------------------------------- 1 | From fdf42e33bb356f2cf86edc42926f508a1c74624d Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sat, 26 Oct 2024 03:37:02 +0800 4 | Subject: [PATCH 3/6] luci-app-firewall: add ipv6 nat option 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | .../htdocs/luci-static/resources/view/firewall/zones.js | 6 ++++++ 9 | 1 file changed, 6 insertions(+) 10 | 11 | diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 12 | index 12626c5..a1fb06d 100644 13 | --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 14 | +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 15 | @@ -79,6 +79,12 @@ return view.extend({ 16 | }; 17 | } 18 | 19 | + if (L.hasSystemFeature('ipv6')) { 20 | + o = s.option(form.Flag, 'nat6', 21 | + _('IPv6 NAT'), 22 | + _('Applicable to internet environments where the router is not assigned an IPv6 prefix, such as when using an upstream optical modem for dial-up.')); 23 | + }; 24 | + 25 | var p = [ 26 | s.option(form.ListValue, 'input', _('Input')), 27 | s.option(form.ListValue, 'output', _('Output')), 28 | -- 29 | 2.42.0 30 | 31 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/luci-24.10/0006-luci-app-firewall-enable-hardware-offload-only-on-de.patch: -------------------------------------------------------------------------------- 1 | From 8fd15c7ea624ba143176caeca61fd34cbbb6a195 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 25 Oct 2024 21:04:10 +0800 4 | Subject: [PATCH 6/6] luci-app-firewall: enable hardware offload only on 5 | devices with `offload_hw` system feature 6 | 7 | Signed-off-by: sbwml 8 | --- 9 | .../htdocs/luci-static/resources/view/firewall/zones.js | 4 +++- 10 | 1 file changed, 3 insertions(+), 1 deletion(-) 11 | 12 | diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 13 | index 447c42b..a527abb 100644 14 | --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 15 | +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 16 | @@ -109,7 +109,9 @@ return view.extend({ 17 | o = s.option(form.RichListValue, "offloading_type", _("Flow offloading type")); 18 | o.value('0', _("None")); 19 | o.value('1', _("Software flow offloading"), _('Software based offloading for routing/NAT.')); 20 | - o.value('2', _("Hardware flow offloading"), _('Hardware based offloading for routing with/without NAT.') + ' ' + _(' Requires hardware NAT support.')); 21 | + if (L.hasSystemFeature('offload_hw')) { 22 | + o.value('2', _("Hardware flow offloading"), _('Hardware based offloading for routing with/without NAT.') + ' ' + _(' Requires hardware NAT support.')); 23 | + } 24 | if (L.hasSystemFeature('shortcutfe')) { 25 | o.value('3', _("Shortcut-FE flow offloading"), _('Shortcut-FE based offloading for routing/NAT')); 26 | } 27 | -- 28 | 2.42.0 29 | 30 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/luci-24.10/0007-luci-app-firewall-add-fullcone6-option-for-nftables-.patch: -------------------------------------------------------------------------------- 1 | From 6d3223164d85f83b7568e0859e4cdcbbb7136f6c Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 18 Dec 2024 23:38:26 +0800 4 | Subject: [PATCH] luci-app-firewall: add fullcone6 option for nftables based 5 | fullcone 6 | 7 | Signed-off-by: sbwml 8 | --- 9 | .../resources/view/firewall/zones.js | 19 +++++++++++++++++++ 10 | 1 file changed, 19 insertions(+) 11 | 12 | diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 13 | index 3fe1065..37dfaf2 100644 14 | --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 15 | +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js 16 | @@ -77,6 +77,25 @@ return view.extend({ 17 | uci.set('firewall', section_id, 'fullcone', value === '0' ? null : '1'); 18 | uci.set('firewall', section_id, 'brcmfullcone', value === '2' ? '1' : null); 19 | }; 20 | + 21 | + /* nft-fullcone 6 */ 22 | + o = s.option(form.RichListValue, "fullcone6", _("Full Cone NAT6")); 23 | + o.value('0', _("Disable")); 24 | + o.value('1', _("Enable")); 25 | + o.optional = false; 26 | + o.depends('fullcone_type', '1'); 27 | + o.load = function (section_id) { 28 | + var fullcone6 = uci.get('firewall', section_id, 'fullcone6'); 29 | + if (fullcone6 === '1') { 30 | + return '1'; 31 | + } else { 32 | + return '0'; 33 | + } 34 | + }; 35 | + o.write = function(section_id, value) { 36 | + uci.set('firewall', section_id, 'fullcone6', value === '1' ? '1' : '0'); 37 | + uci.set('firewall', '@zone[1]', 'fullcone6', value === '1' ? '1' : '0'); 38 | + }; 39 | } 40 | 41 | if (L.hasSystemFeature('ipv6')) { 42 | -- 43 | 2.43.5 44 | 45 | -------------------------------------------------------------------------------- /openwrt/patch/firewall4/nftables/0003-drop-rej-file.patch: -------------------------------------------------------------------------------- 1 | From ffe0a07aaf5534cf1047238f52d7cda346444046 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sun, 17 Nov 2024 21:19:18 +0800 4 | Subject: [PATCH 3/3] drop rej file 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | tests/shell/run-tests.sh.rej | 15 --------------- 9 | 1 file changed, 15 deletions(-) 10 | delete mode 100644 tests/shell/run-tests.sh.rej 11 | 12 | --- a/tests/shell/run-tests.sh.rej 13 | +++ /dev/null 14 | @@ -1,15 +0,0 @@ 15 | ---- run-tests.sh 16 | -+++ run-tests.sh 17 | -@@ -565,11 +565,8 @@ feature_probe() 18 | - fi 19 | - 20 | - if [ -x "$with_path.sh" ] ; then 21 | -- echo $with_path 22 | - NFT="$NFT_REAL" $NFT_TEST_UNSHARE_CMD "$with_path.sh" &>/dev/null 23 | -- RET=$? 24 | -- echo $? 25 | -- return $RET 26 | -+ return $? 27 | - fi 28 | - 29 | - return 1 30 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0001-tools-add-upx-tools.patch: -------------------------------------------------------------------------------- 1 | From d9fe4db89fcc215510319db72e415a83c861a040 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 4 Oct 2024 10:39:25 +0800 4 | Subject: [PATCH 01/10] tools: add upx tools 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | tools/Makefile | 1 + 9 | tools/upx/Makefile | 30 ++++++++++++++++++++++++++++++ 10 | 2 files changed, 31 insertions(+) 11 | create mode 100644 tools/upx/Makefile 12 | 13 | diff --git a/tools/Makefile b/tools/Makefile 14 | index b16c5d9..702184a 100644 15 | --- a/tools/Makefile 16 | +++ b/tools/Makefile 17 | @@ -66,6 +66,7 @@ tools-y += pkgconf 18 | tools-y += quilt 19 | tools-y += squashfs4 20 | tools-y += sstrip 21 | +tools-y += upx 22 | tools-y += util-linux 23 | tools-y += xz 24 | tools-y += zip 25 | diff --git a/tools/upx/Makefile b/tools/upx/Makefile 26 | new file mode 100644 27 | index 0000000..9004514 28 | --- /dev/null 29 | +++ b/tools/upx/Makefile 30 | @@ -0,0 +1,30 @@ 31 | +include $(TOPDIR)/rules.mk 32 | + 33 | +PKG_NAME:=upx 34 | +PKG_VERSION:=4.2.4 35 | + 36 | +PKG_SOURCE:=upx-$(PKG_VERSION)-src.tar.xz 37 | +PKG_SOURCE_URL:=https://github.com/upx/upx/releases/download/v$(PKG_VERSION)/ 38 | +PKG_HASH:=5ed6561607d27fb4ef346fc19f08a93696fa8fa127081e7a7114068306b8e1c4 39 | + 40 | +HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-$(PKG_VERSION)-src 41 | +HOST_BUILD_PARALLEL:=1 42 | + 43 | +include $(INCLUDE_DIR)/host-build.mk 44 | + 45 | +define Host/Compile 46 | + $(MAKE) -C $(HOST_BUILD_DIR)/src \ 47 | + LDFLAGS="$(HOST_LDFLAGS)" \ 48 | + CXX="$(HOSTCXX)" 49 | +endef 50 | + 51 | +define Host/Install 52 | + $(INSTALL_DIR) $(STAGING_DIR_HOST)/bin 53 | + $(INSTALL_BIN) $(HOST_BUILD_DIR)/build/release/upx $(STAGING_DIR_HOST)/bin/upx 54 | +endef 55 | + 56 | +define Host/Clean 57 | + rm -f $(STAGING_DIR_HOST)/bin/upx 58 | +endef 59 | + 60 | +$(eval $(call HostBuild)) 61 | -- 62 | 2.43.5 63 | 64 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0002-rootfs-add-upx-compression-support.patch: -------------------------------------------------------------------------------- 1 | From a85660738779248ea2c2cd44a11b7f4602875671 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 4 Oct 2024 10:46:49 +0800 4 | Subject: [PATCH 02/10] rootfs: add upx compression support 5 | 6 | * When the upx_list.txt file exists in the source code root directory, 7 | it will be compressed by upx. 8 | 9 | * fill in the binary path with rootfs as the absolute path, like this: 10 | 11 | /usr/bin/xray 12 | /usr/bin/xray-plugin 13 | /usr/sbin/haproxy 14 | 15 | Signed-off-by: sbwml 16 | --- 17 | include/rootfs.mk | 5 +++++ 18 | 1 file changed, 5 insertions(+) 19 | 20 | diff --git a/include/rootfs.mk b/include/rootfs.mk 21 | index e6cadc5..574e3fe 100644 22 | --- a/include/rootfs.mk 23 | +++ b/include/rootfs.mk 24 | @@ -120,6 +120,11 @@ define prepare_rootfs 25 | $(1)/usr/lib/opkg/info/*.postinst* \ 26 | $(1)/usr/lib/opkg/lists/* \ 27 | $(1)/var/lock/*.lock 28 | + @if [ -f "$(TOPDIR)/upx_list.txt" ]; then \ 29 | + while IFS= read -r file; do \ 30 | + $(STAGING_DIR_HOST)/bin/upx --lzma --best "$(1)$$file" || true; \ 31 | + done < "$(TOPDIR)/upx_list.txt"; \ 32 | + fi 33 | $(call clean_ipkg,$(1)) 34 | $(call mklibs,$(1)) 35 | $(if $(SOURCE_DATE_EPOCH),find $(1)/ -mindepth 1 -execdir touch -hcd "@$(SOURCE_DATE_EPOCH)" "{}" +) 36 | -- 37 | 2.43.5 38 | 39 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0003-rootfs-add-r-w-permissions-for-UCI-configuration-fil.patch: -------------------------------------------------------------------------------- 1 | From b557005f9d3164de1f23a0239647f25d07b0b389 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 4 Oct 2024 10:47:41 +0800 4 | Subject: [PATCH 03/10] rootfs: add r/w permissions for UCI configuration files 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | include/rootfs.mk | 1 + 9 | 1 file changed, 1 insertion(+) 10 | 11 | diff --git a/include/rootfs.mk b/include/rootfs.mk 12 | index 574e3fe..00203a4 100644 13 | --- a/include/rootfs.mk 14 | +++ b/include/rootfs.mk 15 | @@ -125,6 +125,7 @@ define prepare_rootfs 16 | $(STAGING_DIR_HOST)/bin/upx --lzma --best "$(1)$$file" || true; \ 17 | done < "$(TOPDIR)/upx_list.txt"; \ 18 | fi 19 | + chmod 600 $(1)/etc/config/* 20 | $(call clean_ipkg,$(1)) 21 | $(call mklibs,$(1)) 22 | $(if $(SOURCE_DATE_EPOCH),find $(1)/ -mindepth 1 -execdir touch -hcd "@$(SOURCE_DATE_EPOCH)" "{}" +) 23 | -- 24 | 2.43.5 25 | 26 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0004-rootfs-Add-support-for-local-kmod-installation-sourc.patch: -------------------------------------------------------------------------------- 1 | From 5c52ffb8e9e708c663359d5f8a8d609ca8cfd409 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 4 Oct 2024 10:48:29 +0800 4 | Subject: [PATCH 04/10] rootfs: Add support for local kmod installation sources 5 | 6 | * CONFIG_TARGET_ROOTFS_LOCAL_PACKAGES=y 7 | 8 | Signed-off-by: sbwml 9 | --- 10 | config/Config-images.in | 8 ++++++++ 11 | include/rootfs.mk | 6 ++++++ 12 | 2 files changed, 14 insertions(+) 13 | 14 | diff --git a/config/Config-images.in b/config/Config-images.in 15 | index 47f3dfc..ed9ecb2 100644 16 | --- a/config/Config-images.in 17 | +++ b/config/Config-images.in 18 | @@ -322,4 +322,12 @@ menu "Target Images" 19 | across reboots. When enabled, /var/run will still be linked 20 | to /tmp/run. 21 | 22 | + config TARGET_ROOTFS_LOCAL_PACKAGES 23 | + bool "Create a local target package opkg installation source" 24 | + select ALL_KMODS 25 | + default n 26 | + help 27 | + Copy target packages to rootfs and overwrite the original 28 | + openwrt_core installation source with local files. 29 | + 30 | endmenu 31 | diff --git a/include/rootfs.mk b/include/rootfs.mk 32 | index 00203a4..0bea0c1 100644 33 | --- a/include/rootfs.mk 34 | +++ b/include/rootfs.mk 35 | @@ -126,6 +126,12 @@ define prepare_rootfs 36 | done < "$(TOPDIR)/upx_list.txt"; \ 37 | fi 38 | chmod 600 $(1)/etc/config/* 39 | + @( \ 40 | + if [ "$(call qstrip,$(CONFIG_TARGET_ROOTFS_LOCAL_PACKAGES))" = y ]; then \ 41 | + $(CP) $(TOPDIR)/bin/targets/$(BOARD)/$(SUBTARGET)/packages $(1)/usr/share/openwrt_core; \ 42 | + $(SED) "/openwrt_core/c\src/gz openwrt_core file:///usr/share/openwrt_core" $(1)/etc/opkg/distfeeds.conf; \ 43 | + fi; \ 44 | + ) 45 | $(call clean_ipkg,$(1)) 46 | $(call mklibs,$(1)) 47 | $(if $(SOURCE_DATE_EPOCH),find $(1)/ -mindepth 1 -execdir touch -hcd "@$(SOURCE_DATE_EPOCH)" "{}" +) 48 | -- 49 | 2.43.5 50 | 51 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0005-kernel-Add-support-for-llvm-clang-compiler.patch: -------------------------------------------------------------------------------- 1 | From b196c42657703b93c93210bf6743f2aa745a88bc Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 4 Oct 2024 10:51:22 +0800 4 | Subject: [PATCH 05/10] kernel: Add support for llvm/clang compiler 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | config/Config-devel.in | 7 +++++++ 9 | include/kernel.mk | 13 ++++++++++++- 10 | include/package.mk | 4 ++++ 11 | 3 files changed, 23 insertions(+), 1 deletion(-) 12 | 13 | diff --git a/config/Config-devel.in b/config/Config-devel.in 14 | index cbac91c..9079303 100644 15 | --- a/config/Config-devel.in 16 | +++ b/config/Config-devel.in 17 | @@ -95,6 +95,13 @@ menuconfig DEVEL 18 | default "-falign-functions=32" if TARGET_bcm53xx 19 | default "" 20 | 21 | + config KERNEL_CC 22 | + string "Set kernel C compiler" if DEVEL 23 | + default "\$(TARGET_CC)" 24 | + help 25 | + Enter C compiler name or full pathname i.e.: clang 26 | + If not set, uses '$(TARGET_CC)' 27 | + 28 | config EXTERNAL_KERNEL_TREE 29 | string "Use external kernel tree" if DEVEL 30 | default "" 31 | diff --git a/include/kernel.mk b/include/kernel.mk 32 | index 6ef7663..1648a6f 100644 33 | --- a/include/kernel.mk 34 | +++ b/include/kernel.mk 35 | @@ -35,7 +35,7 @@ else 36 | KERNEL_CC?=$(HOSTCC) 37 | KERNEL_CROSS?= 38 | else 39 | - KERNEL_CC?=$(TARGET_CC) 40 | + KERNEL_CC?=$(call qstrip,$(CONFIG_KERNEL_CC)) 41 | KERNEL_CROSS?=$(TARGET_CROSS) 42 | endif 43 | 44 | @@ -125,6 +125,17 @@ ifneq (,$(KERNEL_CC)) 45 | KERNEL_MAKE_FLAGS += CC="$(KERNEL_CC)" 46 | endif 47 | 48 | +ifneq (,$(findstring clang,$(KERNEL_CC))) 49 | + ifneq (,$(filter clang-%,$(KERNEL_CC))) 50 | + LLVM := $(subst clang-,,$(KERNEL_CC)) 51 | + LLVM_LLD := ld.lld-$(subst clang-,,$(KERNEL_CC)) 52 | + else 53 | + LLVM := 1 54 | + LLVM_LLD := ld.lld 55 | + endif 56 | + KERNEL_MAKE_FLAGS += LD="$(LLVM_LLD)" LLVM=$(LLVM) LLVM_IAS=1 57 | +endif 58 | + 59 | KERNEL_NOSTDINC_FLAGS = \ 60 | -nostdinc $(if $(DUMP),, -isystem $(shell $(TARGET_CC) -print-file-name=include)) 61 | 62 | diff --git a/include/package.mk b/include/package.mk 63 | index 7fbecf9..3e988ed 100644 64 | --- a/include/package.mk 65 | +++ b/include/package.mk 66 | @@ -23,6 +23,10 @@ else 67 | PKG_JOBS?=$(if $(PKG_BUILD_PARALLEL),$(MAKE_J),-j1) 68 | endif 69 | 70 | +ifneq (,$(findstring clang,$(KERNEL_CC))) 71 | + MAKE := $(KERNEL_MAKE) 72 | +endif 73 | + 74 | PKG_BUILD_FLAGS?= 75 | __unknown_flags=$(filter-out no-iremap no-mips16 gc-sections no-gc-sections lto no-lto no-mold,$(PKG_BUILD_FLAGS)) 76 | ifneq ($(__unknown_flags),) 77 | -- 78 | 2.43.5 79 | 80 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0007-include-kernel-add-miss-config-for-linux-6.11.patch: -------------------------------------------------------------------------------- 1 | From 6243d903b853abbc81a3258356155f207e2c0853 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 4 Oct 2024 10:58:29 +0800 4 | Subject: [PATCH 07/10] include: kernel: add miss config for linux-6.11 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | include/kernel-defaults.mk | 1 + 9 | 1 file changed, 1 insertion(+) 10 | 11 | diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk 12 | index 6ec2e75..ea97998 100644 13 | --- a/include/kernel-defaults.mk 14 | +++ b/include/kernel-defaults.mk 15 | @@ -108,6 +108,7 @@ define Kernel/SetNoInitramfs 16 | echo 'CONFIG_INITRAMFS_SOURCE=""' >> $(LINUX_DIR)/.config.set 17 | echo '# CONFIG_INITRAMFS_FORCE is not set' >> $(LINUX_DIR)/.config.set 18 | echo "# CONFIG_INITRAMFS_PRESERVE_MTIME is not set" >> $(LINUX_DIR)/.config.set 19 | + echo '# CONFIG_FSCACHE is not set' >> $(LINUX_DIR)/.config.set 20 | # CLANG 21 | mv $(LINUX_DIR)/.config.set $(LINUX_DIR)/.config.old 22 | grep -v CONFIG_LTO $(LINUX_DIR)/.config.old > $(LINUX_DIR)/.config.set 23 | -- 24 | 2.43.5 25 | 26 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0008-meson-add-platform-variable-to-cross-compilation-fil.patch: -------------------------------------------------------------------------------- 1 | From dc0aa15d94e848f1f96e70a9e8068ad798aaba22 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 4 Oct 2024 10:58:54 +0800 4 | Subject: [PATCH 08/10] meson: add platform variable to cross-compilation file 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | include/meson.mk | 1 + 9 | tools/meson/files/openwrt-cross.txt.in | 1 + 10 | 2 files changed, 2 insertions(+) 11 | 12 | diff --git a/include/meson.mk b/include/meson.mk 13 | index ff452d8..8ac801b 100644 14 | --- a/include/meson.mk 15 | +++ b/include/meson.mk 16 | @@ -90,6 +90,7 @@ define Meson/CreateCrossFile 17 | -e "s|@LDFLAGS@|$(foreach FLAG,$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS),'$(FLAG)',)|" \ 18 | -e "s|@ARCH@|$(MESON_ARCH)|" \ 19 | -e "s|@CPU@|$(MESON_CPU)|" \ 20 | + -e "s|@PLAT@|$(MESON_CPU)|" \ 21 | -e "s|@ENDIAN@|$(if $(CONFIG_BIG_ENDIAN),big,little)|" \ 22 | < $(MESON_DIR)/openwrt-cross.txt.in \ 23 | > $(1) 24 | diff --git a/tools/meson/files/openwrt-cross.txt.in b/tools/meson/files/openwrt-cross.txt.in 25 | index 836a0e5..cc83bc8 100644 26 | --- a/tools/meson/files/openwrt-cross.txt.in 27 | +++ b/tools/meson/files/openwrt-cross.txt.in 28 | @@ -24,4 +24,5 @@ cpu = '@CPU@' 29 | endian = '@ENDIAN@' 30 | 31 | [properties] 32 | +platform = '@PLAT@' 33 | needs_exe_wrapper = true 34 | -- 35 | 2.43.5 36 | 37 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0009-kernel-add-legacy-cgroup-v1-memory-controller.patch: -------------------------------------------------------------------------------- 1 | From 360c76c16bb63cd2a7a5eb188c063468ce99073c Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Thu, 10 Oct 2024 21:40:05 +0800 4 | Subject: [PATCH 09/10] kernel: add legacy cgroup v1 memory controller 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | config/Config-kernel.in | 10 ++++++++++ 9 | 1 file changed, 10 insertions(+) 10 | 11 | diff --git a/config/Config-kernel.in b/config/Config-kernel.in 12 | index 91678cf..eb0f000 100644 13 | --- a/config/Config-kernel.in 14 | +++ b/config/Config-kernel.in 15 | @@ -953,6 +953,16 @@ if KERNEL_CGROUPS 16 | the kmem extension can use it to guarantee that no group of processes 17 | will ever exhaust kernel resources alone. 18 | 19 | + config KERNEL_MEMCG_V1 20 | + bool "Legacy cgroup v1 memory controller" 21 | + depends on KERNEL_MEMCG 22 | + help 23 | + Legacy cgroup v1 memory controller which has been deprecated by 24 | + cgroup v2 implementation. The v1 is there for legacy applications 25 | + which haven't migrated to the new cgroup v2 interface yet. If you 26 | + do not have any such application then you are completely fine leaving 27 | + this option disabled. 28 | + 29 | config KERNEL_CGROUP_PERF 30 | bool "Enable perf_event per-cpu per-container group (cgroup) monitoring" 31 | select KERNEL_PERF_EVENTS 32 | -- 33 | 2.43.5 34 | 35 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0010-kernel-add-PREEMPT_RT-support-for-aarch64-x86_64.patch: -------------------------------------------------------------------------------- 1 | From 53ff6a6a2bdeb5173d5ea0b3795b36737af8abb3 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sat, 12 Oct 2024 08:36:46 +0800 4 | Subject: [PATCH 10/10] kernel: add PREEMPT_RT support for aarch64/x86_64 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | config/Config-kernel.in | 13 +++++++++++++ 9 | 1 file changed, 13 insertions(+) 10 | 11 | diff --git a/config/Config-kernel.in b/config/Config-kernel.in 12 | index eb0f000..76092d4 100644 13 | --- a/config/Config-kernel.in 14 | +++ b/config/Config-kernel.in 15 | @@ -20,6 +20,19 @@ config KERNEL_BUILD_DOMAIN 16 | returned by 'uname -a' on running systems. 17 | If not set, uses system hostname at build time. 18 | 19 | +config KERNEL_PREEMPT_RT 20 | + bool "Fully Preemptible Kernel (Real-Time)" 21 | + depends on (aarch64 || x86_64) && LINUX_6_12 22 | + help 23 | + This option turns the kernel into a real-time kernel by replacing 24 | + various locking primitives (spinlocks, rwlocks, etc.) with 25 | + preemptible priority-inheritance aware variants, enforcing 26 | + interrupt threading and introducing mechanisms to break up long 27 | + non-preemptible sections. This makes the kernel, except for very 28 | + low level and critical code paths (entry code, scheduler, low 29 | + level interrupt handling) fully preemptible and brings most 30 | + execution contexts under scheduler control. 31 | + 32 | config KERNEL_PRINTK 33 | bool "Enable support for printk" 34 | default y 35 | -- 36 | 2.43.5 37 | 38 | -------------------------------------------------------------------------------- /openwrt/patch/generic-24.10/0012-config-include-image-add-support-for-squashfs-zstd-c.patch: -------------------------------------------------------------------------------- 1 | From 6b33c9bae79c972a711da6b719c2e924ba76b16a Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Thu, 29 May 2025 17:12:37 +0800 4 | Subject: [PATCH 12/12] config/include: image: add support for squashfs zstd 5 | compression algorithm 6 | 7 | Signed-off-by: sbwml 8 | --- 9 | config/Config-images.in | 7 +++++++ 10 | include/image.mk | 3 +++ 11 | 2 files changed, 10 insertions(+) 12 | 13 | diff --git a/config/Config-images.in b/config/Config-images.in 14 | index ed9ecb2..8b91b7f 100644 15 | --- a/config/Config-images.in 16 | +++ b/config/Config-images.in 17 | @@ -160,6 +160,13 @@ menu "Target Images" 18 | Select squashfs block size, must be one of: 19 | 4, 8, 16, 32, 64, 128, 256, 512, 1024 20 | 21 | + config TARGET_ROOTFS_SQUASHFS_ZSTD 22 | + bool "SquashFS Zstd" 23 | + depends on TARGET_ROOTFS_SQUASHFS 24 | + default n 25 | + help 26 | + Build a squashfs root filesystem using zstd compression. 27 | + 28 | menuconfig TARGET_ROOTFS_UBIFS 29 | bool "ubifs" 30 | default y if USES_UBIFS 31 | diff --git a/include/image.mk b/include/image.mk 32 | index 9a4dff2..b121622 100644 33 | --- a/include/image.mk 34 | +++ b/include/image.mk 35 | @@ -94,6 +94,9 @@ ifeq ($(CONFIG_SQUASHFS_XZ),y) 36 | endif 37 | SQUASHFSCOMP := xz $(LZMA_XZ_OPTIONS) $(BCJ_FILTER) 38 | endif 39 | +ifeq ($(CONFIG_TARGET_ROOTFS_SQUASHFS_ZSTD),y) 40 | + SQUASHFSCOMP := zstd -Xcompression-level 22 41 | +endif 42 | 43 | JFFS2_BLOCKSIZE ?= 64k 128k 44 | 45 | -- 46 | 2.43.5 47 | 48 | -------------------------------------------------------------------------------- /openwrt/patch/glibc/glibc-common.patch: -------------------------------------------------------------------------------- 1 | diff --git a/package/libs/toolchain/Makefile b/package/libs/toolchain/Makefile 2 | index f9f8ac9..ce7337b 100644 3 | --- a/package/libs/toolchain/Makefile 4 | +++ b/package/libs/toolchain/Makefile 5 | @@ -450,6 +450,14 @@ define Package/ldconfig/config 6 | endmenu 7 | endef 8 | 9 | +define Package/glibc-common 10 | +$(call Package/libc/Default) 11 | + DEPENDS:=@!USE_MUSL 12 | + SECTION:=utils 13 | + CATEGORY:=Utilities 14 | + TITLE:=Common binaries and locale data for glibc 15 | +endef 16 | + 17 | define Build/Prepare 18 | mkdir -p $(PKG_BUILD_DIR) 19 | endef 20 | @@ -587,7 +595,6 @@ ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),) 21 | define Package/ldd/install 22 | $(INSTALL_DIR) $(1)/usr/bin/ 23 | $(CP) $(TOOLCHAIN_DIR)/bin/ldd $(1)/usr/bin/ 24 | - sed -i 's,^#!.*,#!/bin/sh,' $(1)/usr/bin/ldd 25 | endef 26 | 27 | define Package/ldconfig/install 28 | @@ -595,6 +602,29 @@ ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),) 29 | $(CP) $(TOOLCHAIN_DIR)/sbin/ldconfig $(1)/sbin/ 30 | endef 31 | 32 | + define Package/glibc-common/install 33 | + $(INSTALL_DIR) $(1)/lib/locale/ 34 | + $(CP) ./glibc-locale/locale-archive $(1)/lib/locale/ 35 | + $(INSTALL_DIR) $(1)/usr/bin/ 36 | + $(CP) $(TOOLCHAIN_DIR)/bin/gencat $(1)/usr/bin/ 37 | + $(CP) $(TOOLCHAIN_DIR)/bin/getconf $(1)/usr/bin/ 38 | + $(CP) $(TOOLCHAIN_DIR)/bin/getent $(1)/usr/bin/ 39 | + $(CP) $(TOOLCHAIN_DIR)/bin/iconv $(1)/usr/bin/ 40 | + $(CP) $(TOOLCHAIN_DIR)/bin/locale $(1)/usr/bin/ 41 | + $(CP) $(TOOLCHAIN_DIR)/bin/localedef $(1)/usr/bin/ 42 | + $(CP) $(TOOLCHAIN_DIR)/bin/makedb $(1)/usr/bin/ 43 | + $(CP) $(TOOLCHAIN_DIR)/bin/pldd $(1)/usr/bin/ 44 | + $(CP) $(TOOLCHAIN_DIR)/bin/sotruss $(1)/usr/bin/ 45 | + $(CP) $(TOOLCHAIN_DIR)/bin/sprof $(1)/usr/bin/ 46 | + $(CP) $(TOOLCHAIN_DIR)/bin/tzselect $(1)/usr/bin/ 47 | + $(CP) $(TOOLCHAIN_DIR)/bin/zdump $(1)/usr/bin/ 48 | + $(INSTALL_DIR) $(1)/sbin/ 49 | + $(CP) $(TOOLCHAIN_DIR)/sbin/zic $(1)/sbin/ 50 | + $(INSTALL_DIR) $(1)/usr/share/ 51 | + $(CP) $(TOOLCHAIN_DIR)/share/i18n $(1)/usr/share/ 52 | + $(CP) $(TOOLCHAIN_DIR)/share/locale $(1)/usr/share/ 53 | + endef 54 | + 55 | else 56 | 57 | define Package/libgcc/install 58 | @@ -735,3 +765,4 @@ $(eval $(call BuildPackage,libgfortran)) 59 | $(eval $(call BuildPackage,libgomp)) 60 | $(eval $(call BuildPackage,ldd)) 61 | $(eval $(call BuildPackage,ldconfig)) 62 | +$(eval $(call BuildPackage,glibc-common)) 63 | -------------------------------------------------------------------------------- /openwrt/patch/iproute2/902-ss-display-ecn_low-if-tcp_info-tcpi_options-TCPI_OPT.patch: -------------------------------------------------------------------------------- 1 | From 107339d7f48c95ae8a7461150e143fc53b08fea9 Mon Sep 17 00:00:00 2001 2 | From: Neal Cardwell 3 | Date: Sun, 23 Jul 2023 23:33:21 -0400 4 | Subject: [PATCH] ss: display "ecn_low" if tcp_info tcpi_options 5 | TCPI_OPT_ECN_LOW bit is set 6 | 7 | Display "ecn_low" if the TCPI_OPT_ECN_LOW bit is set in the 8 | tcpi_options field in tcp_info. 9 | 10 | Signed-off-by: Neal Cardwell 11 | --- 12 | include/uapi/linux/tcp.h | 1 + 13 | misc/ss.c | 4 ++++ 14 | 2 files changed, 5 insertions(+) 15 | 16 | --- a/include/uapi/linux/tcp.h 17 | +++ b/include/uapi/linux/tcp.h 18 | @@ -178,6 +178,7 @@ enum tcp_fastopen_client_fail { 19 | #define TCPI_OPT_ECN_SEEN 16 /* we received at least one packet with ECT */ 20 | #define TCPI_OPT_SYN_DATA 32 /* SYN-ACK acked data in SYN sent or rcvd */ 21 | #define TCPI_OPT_USEC_TS 64 /* usec timestamps */ 22 | +#define TCPI_OPT_ECN_LOW 64 /* Low-latency ECN configured at init */ 23 | 24 | /* 25 | * Sender's congestion state indicating normal or abnormal situations 26 | --- a/misc/ss.c 27 | +++ b/misc/ss.c 28 | @@ -890,6 +890,7 @@ struct tcpstat { 29 | bool has_sack_opt; 30 | bool has_ecn_opt; 31 | bool has_ecnseen_opt; 32 | + bool has_ecn_low_opt; 33 | bool has_fastopen_opt; 34 | bool has_wscale_opt; 35 | bool app_limited; 36 | @@ -2635,6 +2636,8 @@ static void tcp_stats_print(struct tcpst 37 | out(" ecn"); 38 | if (s->has_ecnseen_opt) 39 | out(" ecnseen"); 40 | + if (s->has_ecn_low_opt) 41 | + out(" ecn_low"); 42 | if (s->has_fastopen_opt) 43 | out(" fastopen"); 44 | if (s->cong_alg[0]) 45 | @@ -3161,6 +3164,7 @@ static void tcp_show_info(const struct n 46 | s.has_sack_opt = TCPI_HAS_OPT(info, TCPI_OPT_SACK); 47 | s.has_ecn_opt = TCPI_HAS_OPT(info, TCPI_OPT_ECN); 48 | s.has_ecnseen_opt = TCPI_HAS_OPT(info, TCPI_OPT_ECN_SEEN); 49 | + s.has_ecn_low_opt = TCPI_HAS_OPT(info, TCPI_OPT_ECN_LOW); 50 | s.has_fastopen_opt = TCPI_HAS_OPT(info, TCPI_OPT_SYN_DATA); 51 | } 52 | 53 | -------------------------------------------------------------------------------- /openwrt/patch/irqbalance/011-meson-numa.patch: -------------------------------------------------------------------------------- 1 | --- a/meson.build 2 | +++ b/meson.build 3 | @@ -10,11 +10,12 @@ m_dep = cc.find_library('m', required: false) 4 | capng_dep = dependency('libcap-ng', required: get_option('capng')) 5 | ncurses_dep = dependency('curses', required: get_option('ui')) 6 | systemd_dep = dependency('libsystemd', required: get_option('systemd')) 7 | +numa_dep = dependency('libnuma', required: get_option('numa')) 8 | 9 | cdata = configuration_data() 10 | cdata.set('HAVE_GETOPT_LONG', cc.has_function('getopt_long')) 11 | cdata.set('HAVE_IRQBALANCEUI', ncurses_dep.found()) 12 | -cdata.set('HAVE_NUMA_H', cc.has_header('numa.h')) 13 | +cdata.set('HAVE_NUMA_H', numa_dep.found()) 14 | cdata.set('HAVE_LIBCAP_NG', capng_dep.found()) 15 | cdata.set('HAVE_LIBSYSTEMD', systemd_dep.found()) 16 | cdata.set_quoted('VERSION', meson.project_version()) 17 | --- a/meson_options.txt 18 | +++ b/meson_options.txt 19 | @@ -9,3 +9,7 @@ option('systemd', type : 'feature', 20 | option('ui', type : 'feature', 21 | description : 'Build the UI component', 22 | ) 23 | + 24 | +option('numa', type : 'feature', 25 | + description : 'Build with numa support', 26 | +) 27 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/arm64/312-arm64-cpuinfo-Add-model-name-in-proc-cpuinfo-for-64bit-ta.patch: -------------------------------------------------------------------------------- 1 | From b2277680a6fbb06e7af2b1583d72a587ca4c637a Mon Sep 17 00:00:00 2001 2 | From: Sumit Gupta 3 | Date: Mon, 29 Aug 2016 14:32:25 +0530 4 | Subject: [PATCH 1/2] arm64: cpuinfo: Add "model name" in /proc/cpuinfo for 5 | 64bit tasks also 6 | 7 | Removed restriction of displaying model name for 32 bit tasks only. 8 | Because of this Processor details were not displayed in 9 | "System setting -> Details" in Ubuntu model name display is generic 10 | and can be printed for 64 bit also. 11 | 12 | model name : ARMv8 Processor rev X (v8l) 13 | 14 | Signed-off-by: Sumit Gupta 15 | --- 16 | arch/arm64/kernel/cpuinfo.c | 5 ++--- 17 | 1 file changed, 2 insertions(+), 3 deletions(-) 18 | 19 | --- a/arch/arm64/kernel/cpuinfo.c 20 | +++ b/arch/arm64/kernel/cpuinfo.c 21 | @@ -206,9 +206,8 @@ static int c_show(struct seq_file *m, vo 22 | * "processor". Give glibc what it expects. 23 | */ 24 | seq_printf(m, "processor\t: %d\n", i); 25 | - if (compat) 26 | - seq_printf(m, "model name\t: ARMv8 Processor rev %d (%s)\n", 27 | - MIDR_REVISION(midr), COMPAT_ELF_PLATFORM); 28 | + seq_printf(m, "model name\t: ARMv8 Processor rev %d (%s)\n", 29 | + MIDR_REVISION(midr), COMPAT_ELF_PLATFORM); 30 | 31 | seq_printf(m, "BogoMIPS\t: %lu.%02lu\n", 32 | loops_per_jiffy / (500000UL/HZ), 33 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0001-net-tcp_bbr-broaden-app-limited-rate-sample-detectio.patch: -------------------------------------------------------------------------------- 1 | From 2343b8617207cb536de6a7165188c681263f3407 Mon Sep 17 00:00:00 2001 2 | From: Neal Cardwell 3 | Date: Tue, 11 Jun 2019 12:26:55 -0400 4 | Subject: [PATCH 01/19] net-tcp_bbr: broaden app-limited rate sample detection 5 | 6 | This commit is a bug fix for the Linux TCP app-limited 7 | (application-limited) logic that is used for collecting rate 8 | (bandwidth) samples. 9 | 10 | Previously the app-limited logic only looked for "bubbles" of 11 | silence in between application writes, by checking at the start 12 | of each sendmsg. But "bubbles" of silence can also happen before 13 | retransmits: e.g. bubbles can happen between an application write 14 | and a retransmit, or between two retransmits. 15 | 16 | Retransmits are triggered by ACKs or timers. So this commit checks 17 | for bubbles of app-limited silence upon ACKs or timers. 18 | 19 | Why does this commit check for app-limited state at the start of 20 | ACKs and timer handling? Because at that point we know whether 21 | inflight was fully using the cwnd. During processing the ACK or 22 | timer event we often change the cwnd; after changing the cwnd we 23 | can't know whether inflight was fully using the old cwnd. 24 | 25 | Origin-9xx-SHA1: 3fe9b53291e018407780fb8c356adb5666722cbc 26 | Change-Id: I37221506f5166877c2b110753d39bb0757985e68 27 | Signed-off-by: Alexandre Frade 28 | --- 29 | net/ipv4/tcp_input.c | 1 + 30 | net/ipv4/tcp_timer.c | 1 + 31 | 2 files changed, 2 insertions(+) 32 | 33 | --- a/net/ipv4/tcp_input.c 34 | +++ b/net/ipv4/tcp_input.c 35 | @@ -3967,6 +3967,7 @@ static int tcp_ack(struct sock *sk, cons 36 | 37 | prior_fack = tcp_is_sack(tp) ? tcp_highest_sack_seq(tp) : tp->snd_una; 38 | rs.prior_in_flight = tcp_packets_in_flight(tp); 39 | + tcp_rate_check_app_limited(sk); 40 | 41 | /* ts_recent update must be made after we are sure that the packet 42 | * is in window. 43 | --- a/net/ipv4/tcp_timer.c 44 | +++ b/net/ipv4/tcp_timer.c 45 | @@ -690,6 +690,7 @@ void tcp_write_timer_handler(struct sock 46 | return; 47 | } 48 | 49 | + tcp_rate_check_app_limited(sk); 50 | tcp_mstamp_refresh(tcp_sk(sk)); 51 | event = icsk->icsk_pending; 52 | 53 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0005-net-tcp_bbr-v2-export-FLAG_ECE-in-rate_sample.is_ece.patch: -------------------------------------------------------------------------------- 1 | From 27fa5566204ef20bb34b2e5b68a7f6807afce447 Mon Sep 17 00:00:00 2001 2 | From: Neal Cardwell 3 | Date: Mon, 19 Nov 2018 13:48:36 -0500 4 | Subject: [PATCH 05/19] net-tcp_bbr: v2: export FLAG_ECE in rate_sample.is_ece 5 | 6 | For understanding the relationship between inflight and ECN signals, 7 | to try to find the highest inflight value that has acceptable levels 8 | ECN marking. 9 | 10 | Effort: net-tcp_bbr 11 | Origin-9xx-SHA1: 3eba998f2898541406c2666781182200934965a8 12 | Change-Id: I3a964e04cee83e11649a54507043d2dfe769a3b3 13 | Signed-off-by: Alexandre Frade 14 | --- 15 | include/net/tcp.h | 1 + 16 | net/ipv4/tcp_input.c | 1 + 17 | 2 files changed, 2 insertions(+) 18 | 19 | --- a/include/net/tcp.h 20 | +++ b/include/net/tcp.h 21 | @@ -1175,6 +1175,7 @@ struct rate_sample { 22 | bool is_app_limited; /* is sample from packet with bubble in pipe? */ 23 | bool is_retrans; /* is sample from retransmission? */ 24 | bool is_ack_delayed; /* is this (likely) a delayed ACK? */ 25 | + bool is_ece; /* did this ACK have ECN marked? */ 26 | }; 27 | 28 | struct tcp_congestion_ops { 29 | --- a/net/ipv4/tcp_input.c 30 | +++ b/net/ipv4/tcp_input.c 31 | @@ -4066,6 +4066,7 @@ static int tcp_ack(struct sock *sk, cons 32 | delivered = tcp_newly_delivered(sk, delivered, flag); 33 | lost = tp->lost - lost; /* freshly marked lost */ 34 | rs.is_ack_delayed = !!(flag & FLAG_ACK_MAYBE_DELAYED); 35 | + rs.is_ece = !!(flag & FLAG_ECE); 36 | tcp_rate_gen(sk, delivered, lost, is_sack_reneg, sack_state.rate); 37 | tcp_cong_control(sk, ack, delivered, flag, sack_state.rate); 38 | tcp_xmit_recovery(sk, rexmit); 39 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0006-net-tcp_bbr-v2-introduce-ca_ops-skb_marked_lost-CC-m.patch: -------------------------------------------------------------------------------- 1 | From c083bc8abfefbee48922f6ff7976020abc71253f Mon Sep 17 00:00:00 2001 2 | From: Neal Cardwell 3 | Date: Tue, 7 Aug 2018 21:52:06 -0400 4 | Subject: [PATCH 06/19] net-tcp_bbr: v2: introduce ca_ops->skb_marked_lost() CC 5 | module callback API 6 | 7 | For connections experiencing reordering, RACK can mark packets lost 8 | long after we receive the SACKs/ACKs hinting that the packets were 9 | actually lost. 10 | 11 | This means that CC modules cannot easily learn the volume of inflight 12 | data at which packet loss happens by looking at the current inflight 13 | or even the packets in flight when the most recently SACKed packet was 14 | sent. To learn this, CC modules need to know how many packets were in 15 | flight at the time lost packets were sent. This new callback, combined 16 | with TCP_SKB_CB(skb)->tx.in_flight, allows them to learn this. 17 | 18 | This also provides a consistent callback that is invoked whether 19 | packets are marked lost upon ACK processing, using the RACK reordering 20 | timer, or at RTO time. 21 | 22 | Effort: net-tcp_bbr 23 | Origin-9xx-SHA1: afcbebe3374e4632ac6714d39e4dc8a8455956f4 24 | Change-Id: I54826ab53df636be537e5d3c618a46145d12d51a 25 | Signed-off-by: Alexandre Frade 26 | --- 27 | include/net/tcp.h | 3 +++ 28 | net/ipv4/tcp_input.c | 5 +++++ 29 | 2 files changed, 8 insertions(+) 30 | 31 | --- a/include/net/tcp.h 32 | +++ b/include/net/tcp.h 33 | @@ -1202,6 +1202,9 @@ struct tcp_congestion_ops { 34 | /* override sysctl_tcp_min_tso_segs */ 35 | u32 (*min_tso_segs)(struct sock *sk); 36 | 37 | + /* react to a specific lost skb (optional) */ 38 | + void (*skb_marked_lost)(struct sock *sk, const struct sk_buff *skb); 39 | + 40 | /* call when packets are delivered to update cwnd and pacing rate, 41 | * after all the ca_state processing. (optional) 42 | */ 43 | --- a/net/ipv4/tcp_input.c 44 | +++ b/net/ipv4/tcp_input.c 45 | @@ -1126,7 +1126,12 @@ static void tcp_verify_retransmit_hint(s 46 | */ 47 | static void tcp_notify_skb_loss_event(struct tcp_sock *tp, const struct sk_buff *skb) 48 | { 49 | + struct sock *sk = (struct sock *)tp; 50 | + const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops; 51 | + 52 | tp->lost += tcp_skb_pcount(skb); 53 | + if (ca_ops->skb_marked_lost) 54 | + ca_ops->skb_marked_lost(sk, skb); 55 | } 56 | 57 | void tcp_mark_skb_lost(struct sock *sk, struct sk_buff *skb) 58 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0007-net-tcp_bbr-v2-adjust-skb-tx.in_flight-upon-merge-in.patch: -------------------------------------------------------------------------------- 1 | From 74522518932db459e21108dede9f1354cc2bb6b8 Mon Sep 17 00:00:00 2001 2 | From: Neal Cardwell 3 | Date: Wed, 1 May 2019 20:16:33 -0400 4 | Subject: [PATCH 07/19] net-tcp_bbr: v2: adjust skb tx.in_flight upon merge in 5 | tcp_shifted_skb() 6 | 7 | When tcp_shifted_skb() updates state as adjacent SACKed skbs are 8 | coalesced, previously the tx.in_flight was not adjusted, so we could 9 | get contradictory state where the skb's recorded pcount was bigger 10 | than the tx.in_flight (the number of segments that were in_flight 11 | after sending the skb). 12 | 13 | Normally have a SACKed skb with contradictory pcount/tx.in_flight 14 | would not matter. However, with SACK reneging, the SACKed bit is 15 | removed, and an skb once again becomes eligible for retransmitting, 16 | fragmenting, SACKing, etc. Packetdrill testing verified the following 17 | sequence is possible in a kernel that does not have this commit: 18 | 19 | - skb N is SACKed 20 | - skb N+1 is SACKed and combined with skb N using tcp_shifted_skb() 21 | - tcp_shifted_skb() will increase the pcount of prev, 22 | but leave tx.in_flight as-is 23 | - so prev skb can have pcount > tx.in_flight 24 | - RTO, tcp_timeout_mark_lost(), detect reneg, 25 | remove "SACKed" bit, mark skb N as lost 26 | - find pcount of skb N is greater than its tx.in_flight 27 | 28 | I suspect this issue iw what caused the bbr2_inflight_hi_from_lost_skb(): 29 | WARN_ON_ONCE(inflight_prev < 0) 30 | to fire in production machines using bbr2. 31 | 32 | Effort: net-tcp_bbr 33 | Origin-9xx-SHA1: 1a3e997e613d2dcf32b947992882854ebe873715 34 | Change-Id: I1b0b75c27519953430c7db51c6f358f104c7af55 35 | Signed-off-by: Alexandre Frade 36 | --- 37 | net/ipv4/tcp_input.c | 11 +++++++++++ 38 | 1 file changed, 11 insertions(+) 39 | 40 | --- a/net/ipv4/tcp_input.c 41 | +++ b/net/ipv4/tcp_input.c 42 | @@ -1512,6 +1512,17 @@ static bool tcp_shifted_skb(struct sock 43 | WARN_ON_ONCE(tcp_skb_pcount(skb) < pcount); 44 | tcp_skb_pcount_add(skb, -pcount); 45 | 46 | + /* Adjust tx.in_flight as pcount is shifted from skb to prev. */ 47 | + if (WARN_ONCE(TCP_SKB_CB(skb)->tx.in_flight < pcount, 48 | + "prev in_flight: %u skb in_flight: %u pcount: %u", 49 | + TCP_SKB_CB(prev)->tx.in_flight, 50 | + TCP_SKB_CB(skb)->tx.in_flight, 51 | + pcount)) 52 | + TCP_SKB_CB(skb)->tx.in_flight = 0; 53 | + else 54 | + TCP_SKB_CB(skb)->tx.in_flight -= pcount; 55 | + TCP_SKB_CB(prev)->tx.in_flight += pcount; 56 | + 57 | /* When we're adding to gso_segs == 1, gso_size will be zero, 58 | * in theory this shouldn't be necessary but as long as DSACK 59 | * code can come after this skb later on it's better to keep 60 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0009-net-tcp-add-new-ca-opts-flag-TCP_CONG_WANTS_CE_EVENT.patch: -------------------------------------------------------------------------------- 1 | From d39a6429c0ec67f51478737f7a13f6295ca8b3c0 Mon Sep 17 00:00:00 2001 2 | From: Yousuk Seung 3 | Date: Wed, 23 May 2018 17:55:54 -0700 4 | Subject: [PATCH 09/19] net-tcp: add new ca opts flag TCP_CONG_WANTS_CE_EVENTS 5 | 6 | Add a a new ca opts flag TCP_CONG_WANTS_CE_EVENTS that allows a 7 | congestion control module to receive CE events. 8 | 9 | Currently congestion control modules have to set the TCP_CONG_NEEDS_ECN 10 | bit in opts flag to receive CE events but this may incur changes in ECN 11 | behavior elsewhere. This patch adds a new bit TCP_CONG_WANTS_CE_EVENTS 12 | that allows congestion control modules to receive CE events 13 | independently of TCP_CONG_NEEDS_ECN. 14 | 15 | Effort: net-tcp 16 | Origin-9xx-SHA1: 9f7e14716cde760bc6c67ef8ef7e1ee48501d95b 17 | Change-Id: I2255506985242f376d910c6fd37daabaf4744f24 18 | Signed-off-by: Alexandre Frade 19 | --- 20 | include/net/tcp.h | 14 +++++++++++++- 21 | net/ipv4/tcp_input.c | 4 ++-- 22 | 2 files changed, 15 insertions(+), 3 deletions(-) 23 | 24 | --- a/include/net/tcp.h 25 | +++ b/include/net/tcp.h 26 | @@ -1137,7 +1137,11 @@ enum tcp_ca_ack_event_flags { 27 | #define TCP_CONG_NON_RESTRICTED 0x1 28 | /* Requires ECN/ECT set on all packets */ 29 | #define TCP_CONG_NEEDS_ECN 0x2 30 | -#define TCP_CONG_MASK (TCP_CONG_NON_RESTRICTED | TCP_CONG_NEEDS_ECN) 31 | +/* Wants notification of CE events (CA_EVENT_ECN_IS_CE, CA_EVENT_ECN_NO_CE). */ 32 | +#define TCP_CONG_WANTS_CE_EVENTS 0x4 33 | +#define TCP_CONG_MASK (TCP_CONG_NON_RESTRICTED | \ 34 | + TCP_CONG_NEEDS_ECN | \ 35 | + TCP_CONG_WANTS_CE_EVENTS) 36 | 37 | union tcp_cc_info; 38 | 39 | @@ -1269,6 +1273,14 @@ static inline char *tcp_ca_get_name_by_k 40 | } 41 | #endif 42 | 43 | +static inline bool tcp_ca_wants_ce_events(const struct sock *sk) 44 | +{ 45 | + const struct inet_connection_sock *icsk = inet_csk(sk); 46 | + 47 | + return icsk->icsk_ca_ops->flags & (TCP_CONG_NEEDS_ECN | 48 | + TCP_CONG_WANTS_CE_EVENTS); 49 | +} 50 | + 51 | static inline bool tcp_ca_needs_ecn(const struct sock *sk) 52 | { 53 | const struct inet_connection_sock *icsk = inet_csk(sk); 54 | --- a/net/ipv4/tcp_input.c 55 | +++ b/net/ipv4/tcp_input.c 56 | @@ -376,7 +376,7 @@ static void __tcp_ecn_check_ce(struct so 57 | tcp_enter_quickack_mode(sk, 2); 58 | break; 59 | case INET_ECN_CE: 60 | - if (tcp_ca_needs_ecn(sk)) 61 | + if (tcp_ca_wants_ce_events(sk)) 62 | tcp_ca_event(sk, CA_EVENT_ECN_IS_CE); 63 | 64 | if (!(tp->ecn_flags & TCP_ECN_DEMAND_CWR)) { 65 | @@ -387,7 +387,7 @@ static void __tcp_ecn_check_ce(struct so 66 | tp->ecn_flags |= TCP_ECN_SEEN; 67 | break; 68 | default: 69 | - if (tcp_ca_needs_ecn(sk)) 70 | + if (tcp_ca_wants_ce_events(sk)) 71 | tcp_ca_event(sk, CA_EVENT_ECN_NO_CE); 72 | tp->ecn_flags |= TCP_ECN_SEEN; 73 | break; 74 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0012-net-tcp_bbr-v2-record-app-limited-status-of-TLP-repa.patch: -------------------------------------------------------------------------------- 1 | From 399c324888acd78cd0cac5407e2dc27bb2225ba0 Mon Sep 17 00:00:00 2001 2 | From: Jianfeng Wang 3 | Date: Fri, 19 Jun 2020 17:33:45 +0000 4 | Subject: [PATCH 12/19] net-tcp_bbr: v2: record app-limited status of 5 | TLP-repaired flight 6 | 7 | When sending a TLP retransmit, record whether the outstanding flight 8 | of data is application limited. This is important for congestion 9 | control modules that want to respond to losses repaired by TLP 10 | retransmits. This is important because the following scenarios convey 11 | very different information: 12 | (1) a packet loss with a small number of packets in flight; 13 | (2) a packet loss with the maximum amount of data in flight allowed 14 | by the CC module; 15 | 16 | Effort: net-tcp_bbr 17 | Change-Id: Ic8ae567caa4e4bfd5fd82c3d4be12a5d9171655e 18 | Signed-off-by: Alexandre Frade 19 | --- 20 | include/linux/tcp.h | 3 ++- 21 | net/ipv4/tcp_output.c | 1 + 22 | 2 files changed, 3 insertions(+), 1 deletion(-) 23 | 24 | --- a/include/linux/tcp.h 25 | +++ b/include/linux/tcp.h 26 | @@ -370,7 +370,8 @@ struct tcp_sock { 27 | u8 dup_ack_counter:2, 28 | tlp_retrans:1, /* TLP is a retransmission */ 29 | fast_ack_mode:2, /* which fast ack mode ? */ 30 | - unused:3; 31 | + tlp_orig_data_app_limited:1, /* app-limited before TLP rtx? */ 32 | + unused:2; 33 | u8 thin_lto : 1,/* Use linear timeouts for thin streams */ 34 | fastopen_connect:1, /* FASTOPEN_CONNECT sockopt */ 35 | fastopen_no_cookie:1, /* Allow send/recv SYN+data without a cookie */ 36 | --- a/net/ipv4/tcp_output.c 37 | +++ b/net/ipv4/tcp_output.c 38 | @@ -3008,6 +3008,7 @@ void tcp_send_loss_probe(struct sock *sk 39 | if (WARN_ON(!skb || !tcp_skb_pcount(skb))) 40 | goto rearm_timer; 41 | 42 | + tp->tlp_orig_data_app_limited = TCP_SKB_CB(skb)->tx.is_app_limited; 43 | if (__tcp_retransmit_skb(sk, skb, 1)) 44 | goto rearm_timer; 45 | 46 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0013-net-tcp_bbr-v2-inform-CC-module-of-losses-repaired-b.patch: -------------------------------------------------------------------------------- 1 | From 43e59a05c78564807876ae8529c71b261e8cceff Mon Sep 17 00:00:00 2001 2 | From: Jianfeng Wang 3 | Date: Tue, 16 Jun 2020 17:41:19 +0000 4 | Subject: [PATCH 13/19] net-tcp_bbr: v2: inform CC module of losses repaired by 5 | TLP probe 6 | 7 | Before this commit, when there is a packet loss that creates a sequence 8 | hole that is filled by a TLP loss probe, then tcp_process_tlp_ack() 9 | only informs the congestion control (CC) module via a back-to-back entry 10 | and exit of CWR. But some congestion control modules (e.g. BBR) do not 11 | respond to CWR events. 12 | 13 | This commit adds a new CA event with which the core TCP stack notifies 14 | the CC module when a loss is repaired by a TLP. This will allow CC 15 | modules that do not use the CWR mechanism to have a custom handler for 16 | such TLP recoveries. 17 | 18 | Effort: net-tcp_bbr 19 | Change-Id: Ieba72332b401b329bff5a641d2b2043a3fb8f632 20 | Signed-off-by: Alexandre Frade 21 | --- 22 | include/net/tcp.h | 1 + 23 | net/ipv4/tcp_input.c | 1 + 24 | 2 files changed, 2 insertions(+) 25 | 26 | --- a/include/net/tcp.h 27 | +++ b/include/net/tcp.h 28 | @@ -1115,6 +1115,7 @@ enum tcp_ca_event { 29 | CA_EVENT_LOSS, /* loss timeout */ 30 | CA_EVENT_ECN_NO_CE, /* ECT set, but not CE marked */ 31 | CA_EVENT_ECN_IS_CE, /* received CE marked IP packet */ 32 | + CA_EVENT_TLP_RECOVERY, /* a lost segment was repaired by TLP probe */ 33 | }; 34 | 35 | /* Information about inbound ACK, passed to cong_ops->in_ack_event() */ 36 | --- a/net/ipv4/tcp_input.c 37 | +++ b/net/ipv4/tcp_input.c 38 | @@ -3865,6 +3865,7 @@ static void tcp_process_tlp_ack(struct s 39 | /* ACK advances: there was a loss, so reduce cwnd. Reset 40 | * tlp_high_seq in tcp_init_cwnd_reduction() 41 | */ 42 | + tcp_ca_event(sk, CA_EVENT_TLP_RECOVERY); 43 | tcp_init_cwnd_reduction(sk); 44 | tcp_set_ca_state(sk, TCP_CA_CWR); 45 | tcp_end_cwnd_reduction(sk); 46 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0017-net-tcp_bbr-v3-ensure-ECN-enabled-BBR-flows-set-ECT-.patch: -------------------------------------------------------------------------------- 1 | From 34211656d13a329fe2adbf7d9932c805338062b7 Mon Sep 17 00:00:00 2001 2 | From: Adithya Abraham Philip 3 | Date: Fri, 11 Jun 2021 21:56:10 +0000 4 | Subject: [PATCH 17/19] net-tcp_bbr: v3: ensure ECN-enabled BBR flows set ECT 5 | on retransmits 6 | 7 | Adds a new flag TCP_ECN_ECT_PERMANENT that is used by CCAs to 8 | indicate that retransmitted packets and pure ACKs must have the 9 | ECT bit set. This is necessary for BBR, which when using 10 | ECN expects ECT to be set even on retransmitted packets and ACKs. 11 | 12 | Previous to this addition of TCP_ECN_ECT_PERMANENT, CCAs which can use 13 | ECN but don't "need" it did not have a way to indicate that ECT should 14 | be set on retransmissions/ACKs. 15 | 16 | Signed-off-by: Adithya Abraham Philip 17 | Signed-off-by: Neal Cardwell 18 | Change-Id: I8b048eaab35e136fe6501ef6cd89fd9faa15e6d2 19 | Signed-off-by: Alexandre Frade 20 | --- 21 | include/net/tcp.h | 1 + 22 | net/ipv4/tcp_bbr.c | 3 +++ 23 | net/ipv4/tcp_output.c | 3 ++- 24 | 3 files changed, 6 insertions(+), 1 deletion(-) 25 | 26 | --- a/include/net/tcp.h 27 | +++ b/include/net/tcp.h 28 | @@ -377,6 +377,7 @@ static inline void tcp_dec_quickack_mode 29 | #define TCP_ECN_DEMAND_CWR 4 30 | #define TCP_ECN_SEEN 8 31 | #define TCP_ECN_LOW 16 32 | +#define TCP_ECN_ECT_PERMANENT 32 33 | 34 | enum tcp_tw_status { 35 | TCP_TW_SUCCESS = 0, 36 | --- a/net/ipv4/tcp_bbr.c 37 | +++ b/net/ipv4/tcp_bbr.c 38 | @@ -2151,6 +2151,9 @@ __bpf_kfunc static void bbr_init(struct 39 | bbr->plb.pause_until = 0; 40 | 41 | tp->fast_ack_mode = bbr_fast_ack_mode ? 1 : 0; 42 | + 43 | + if (bbr_can_use_ecn(sk)) 44 | + tp->ecn_flags |= TCP_ECN_ECT_PERMANENT; 45 | } 46 | 47 | /* BBR marks the current round trip as a loss round. */ 48 | --- a/net/ipv4/tcp_output.c 49 | +++ b/net/ipv4/tcp_output.c 50 | @@ -393,7 +393,8 @@ static void tcp_ecn_send(struct sock *sk 51 | th->cwr = 1; 52 | skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN; 53 | } 54 | - } else if (!tcp_ca_needs_ecn(sk)) { 55 | + } else if (!(tp->ecn_flags & TCP_ECN_ECT_PERMANENT) && 56 | + !tcp_ca_needs_ecn(sk)) { 57 | /* ACK or retransmitted segment: clear ECT|CE */ 58 | INET_ECN_dontxmit(sk); 59 | } 60 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0018-tcp-export-TCPI_OPT_ECN_LOW-in-tcp_info-tcpi_options.patch: -------------------------------------------------------------------------------- 1 | From 9d940cabd1eed8cdfa009d1530255578a1acd43c Mon Sep 17 00:00:00 2001 2 | From: Neal Cardwell 3 | Date: Sun, 23 Jul 2023 23:25:34 -0400 4 | Subject: [PATCH 18/19] tcp: export TCPI_OPT_ECN_LOW in tcp_info tcpi_options 5 | field 6 | 7 | Analogous to other important ECN information, export TCPI_OPT_ECN_LOW 8 | in tcp_info tcpi_options field. 9 | 10 | Signed-off-by: Neal Cardwell 11 | Change-Id: I08d8d8c7e8780e6e37df54038ee50301ac5a0320 12 | Signed-off-by: Alexandre Frade 13 | --- 14 | include/uapi/linux/tcp.h | 1 + 15 | net/ipv4/tcp.c | 2 ++ 16 | 2 files changed, 3 insertions(+) 17 | 18 | --- a/include/uapi/linux/tcp.h 19 | +++ b/include/uapi/linux/tcp.h 20 | @@ -178,6 +178,7 @@ enum tcp_fastopen_client_fail { 21 | #define TCPI_OPT_ECN_SEEN 16 /* we received at least one packet with ECT */ 22 | #define TCPI_OPT_SYN_DATA 32 /* SYN-ACK acked data in SYN sent or rcvd */ 23 | #define TCPI_OPT_USEC_TS 64 /* usec timestamps */ 24 | +#define TCPI_OPT_ECN_LOW 128 /* Low-latency ECN configured at init */ 25 | 26 | /* 27 | * Sender's congestion state indicating normal or abnormal situations 28 | --- a/net/ipv4/tcp.c 29 | +++ b/net/ipv4/tcp.c 30 | @@ -4124,6 +4124,8 @@ void tcp_get_info(struct sock *sk, struc 31 | info->tcpi_options |= TCPI_OPT_ECN; 32 | if (tp->ecn_flags & TCP_ECN_SEEN) 33 | info->tcpi_options |= TCPI_OPT_ECN_SEEN; 34 | + if (tp->ecn_flags & TCP_ECN_LOW) 35 | + info->tcpi_options |= TCPI_OPT_ECN_LOW; 36 | if (tp->syn_data_acked) 37 | info->tcpi_options |= TCPI_OPT_SYN_DATA; 38 | if (tp->tcp_usec_ts) 39 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/bbr3/010-bbr3-0019-x86-cfi-bpf-Add-tso_segs-and-skb_marked_lost-to-bpf_.patch: -------------------------------------------------------------------------------- 1 | From 98a0fa5ab307df750c73790f9db0ce883af26982 Mon Sep 17 00:00:00 2001 2 | From: Oleksandr Natalenko 3 | Date: Mon, 22 Jan 2024 20:21:40 +0100 4 | Subject: [PATCH 19/19] x86/cfi,bpf: Add tso_segs and skb_marked_lost to 5 | bpf_struct_ops CFI 6 | 7 | --- 8 | net/ipv4/bpf_tcp_ca.c | 9 +++++++-- 9 | 1 file changed, 7 insertions(+), 2 deletions(-) 10 | 11 | --- a/net/ipv4/bpf_tcp_ca.c 12 | +++ b/net/ipv4/bpf_tcp_ca.c 13 | @@ -280,11 +280,15 @@ static void bpf_tcp_ca_pkts_acked(struct 14 | { 15 | } 16 | 17 | -static u32 bpf_tcp_ca_min_tso_segs(struct sock *sk) 18 | +static u32 bpf_tcp_ca_tso_segs(struct sock *sk, unsigned int mss_now) 19 | { 20 | return 0; 21 | } 22 | 23 | +static void bpf_tcp_ca_skb_marked_lost(struct sock *sk, const struct sk_buff *skb) 24 | +{ 25 | +} 26 | + 27 | static void bpf_tcp_ca_cong_control(struct sock *sk, u32 ack, int flag, 28 | const struct rate_sample *rs) 29 | { 30 | @@ -315,7 +319,8 @@ static struct tcp_congestion_ops __bpf_o 31 | .cwnd_event = bpf_tcp_ca_cwnd_event, 32 | .in_ack_event = bpf_tcp_ca_in_ack_event, 33 | .pkts_acked = bpf_tcp_ca_pkts_acked, 34 | - .min_tso_segs = bpf_tcp_ca_min_tso_segs, 35 | + .tso_segs = bpf_tcp_ca_tso_segs, 36 | + .skb_marked_lost = bpf_tcp_ca_skb_marked_lost, 37 | .cong_control = bpf_tcp_ca_cong_control, 38 | .undo_cwnd = bpf_tcp_ca_undo_cwnd, 39 | .sndbuf_expand = bpf_tcp_ca_sndbuf_expand, 40 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/btf/990-btf-silence-btf-module-warning-messages.patch: -------------------------------------------------------------------------------- 1 | From 5e5aa2d2722f835878447e93f7bc623d344611ae Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sun, 14 Jan 2024 04:35:39 +0800 4 | Subject: [PATCH] btf: silence btf module warning messages 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | kernel/bpf/btf.c | 2 -- 9 | 1 file changed, 2 deletions(-) 10 | 11 | --- a/kernel/bpf/btf.c 12 | +++ b/kernel/bpf/btf.c 13 | @@ -8025,8 +8025,6 @@ static int btf_module_notify(struct noti 14 | pr_warn("failed to validate module [%s] BTF: %ld\n", 15 | mod->name, PTR_ERR(btf)); 16 | err = PTR_ERR(btf); 17 | - } else { 18 | - pr_warn_once("Kernel module BTF mismatch detected, BTF debug info may be unavailable for some modules\n"); 19 | } 20 | goto out; 21 | } 22 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/linux-rt/012-0003-drm-i915-Don-t-check-for-atomic-context-on-PREEMPT_R.patch: -------------------------------------------------------------------------------- 1 | From 34a01264ed3fab72c699f6fa8c999bb4ed907931 Mon Sep 17 00:00:00 2001 2 | From: Sebastian Andrzej Siewior 3 | Date: Mon, 25 Oct 2021 15:05:18 +0200 4 | Subject: [PATCH 3/8] drm/i915: Don't check for atomic context on PREEMPT_RT 5 | 6 | The !in_atomic() check in _wait_for_atomic() triggers on PREEMPT_RT 7 | because the uncore::lock is a spinlock_t and does not disable 8 | preemption or interrupts. 9 | 10 | Changing the uncore:lock to a raw_spinlock_t doubles the worst case 11 | latency on an otherwise idle testbox during testing. 12 | 13 | Ignore _WAIT_FOR_ATOMIC_CHECK() on PREEMPT_RT. 14 | 15 | Reviewed-by: Tvrtko Ursulin 16 | Link: https://lore.kernel.org/all/20211006164628.s2mtsdd2jdbfyf7g@linutronix.de/ 17 | Signed-off-by: Sebastian Andrzej Siewior 18 | --- 19 | drivers/gpu/drm/i915/i915_utils.h | 9 +++++++-- 20 | 1 file changed, 7 insertions(+), 2 deletions(-) 21 | 22 | --- a/drivers/gpu/drm/i915/i915_utils.h 23 | +++ b/drivers/gpu/drm/i915/i915_utils.h 24 | @@ -269,8 +269,13 @@ wait_remaining_ms_from_jiffies(unsigned 25 | (Wmax)) 26 | #define wait_for(COND, MS) _wait_for((COND), (MS) * 1000, 10, 1000) 27 | 28 | -/* If CONFIG_PREEMPT_COUNT is disabled, in_atomic() always reports false. */ 29 | -#if defined(CONFIG_DRM_I915_DEBUG) && defined(CONFIG_PREEMPT_COUNT) 30 | +/* 31 | + * If CONFIG_PREEMPT_COUNT is disabled, in_atomic() always reports false. 32 | + * On PREEMPT_RT the context isn't becoming atomic because it is used in an 33 | + * interrupt handler or because a spinlock_t is acquired. This leads to 34 | + * warnings which don't occur otherwise and therefore the check is disabled. 35 | + */ 36 | +#if defined(CONFIG_DRM_I915_DEBUG) && defined(CONFIG_PREEMPT_COUNT) && !defined(CONFIG_PREEMPT_RT) 37 | # define _WAIT_FOR_ATOMIC_CHECK(ATOMIC) WARN_ON_ONCE((ATOMIC) && !in_atomic()) 38 | #else 39 | # define _WAIT_FOR_ATOMIC_CHECK(ATOMIC) do { } while (0) 40 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/linux-rt/012-0004-drm-i915-Disable-tracing-points-on-PREEMPT_RT.patch: -------------------------------------------------------------------------------- 1 | From 7e6152f775a4a6f3e2b36898056252a639b60ec7 Mon Sep 17 00:00:00 2001 2 | From: Sebastian Andrzej Siewior 3 | Date: Thu, 6 Dec 2018 09:52:20 +0100 4 | Subject: [PATCH 4/8] drm/i915: Disable tracing points on PREEMPT_RT 5 | 6 | Luca Abeni reported this: 7 | | BUG: scheduling while atomic: kworker/u8:2/15203/0x00000003 8 | | CPU: 1 PID: 15203 Comm: kworker/u8:2 Not tainted 4.19.1-rt3 #10 9 | | Call Trace: 10 | | rt_spin_lock+0x3f/0x50 11 | | gen6_read32+0x45/0x1d0 [i915] 12 | | g4x_get_vblank_counter+0x36/0x40 [i915] 13 | | trace_event_raw_event_i915_pipe_update_start+0x7d/0xf0 [i915] 14 | 15 | The tracing events use trace_intel_pipe_update_start() among other events 16 | use functions acquire spinlock_t locks which are transformed into 17 | sleeping locks on PREEMPT_RT. A few trace points use 18 | intel_get_crtc_scanline(), others use ->get_vblank_counter() wich also 19 | might acquire a sleeping locks on PREEMPT_RT. 20 | At the time the arguments are evaluated within trace point, preemption 21 | is disabled and so the locks must not be acquired on PREEMPT_RT. 22 | 23 | Based on this I don't see any other way than disable trace points on 24 | PREMPT_RT. 25 | 26 | Acked-by: Tvrtko Ursulin 27 | Reported-by: Luca Abeni 28 | Cc: Steven Rostedt 29 | Signed-off-by: Sebastian Andrzej Siewior 30 | --- 31 | drivers/gpu/drm/i915/display/intel_display_trace.h | 4 ++++ 32 | drivers/gpu/drm/i915/i915_trace.h | 4 ++++ 33 | 2 files changed, 8 insertions(+) 34 | 35 | --- a/drivers/gpu/drm/i915/display/intel_display_trace.h 36 | +++ b/drivers/gpu/drm/i915/display/intel_display_trace.h 37 | @@ -9,6 +9,10 @@ 38 | #if !defined(__INTEL_DISPLAY_TRACE_H__) || defined(TRACE_HEADER_MULTI_READ) 39 | #define __INTEL_DISPLAY_TRACE_H__ 40 | 41 | +#if defined(CONFIG_PREEMPT_RT) && !defined(NOTRACE) 42 | +#define NOTRACE 43 | +#endif 44 | + 45 | #include 46 | #include 47 | #include 48 | --- a/drivers/gpu/drm/i915/i915_trace.h 49 | +++ b/drivers/gpu/drm/i915/i915_trace.h 50 | @@ -6,6 +6,10 @@ 51 | #if !defined(_I915_TRACE_H_) || defined(TRACE_HEADER_MULTI_READ) 52 | #define _I915_TRACE_H_ 53 | 54 | +#if defined(CONFIG_PREEMPT_RT) && !defined(NOTRACE) 55 | +#define NOTRACE 56 | +#endif 57 | + 58 | #include 59 | #include 60 | #include 61 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/linux-rt/012-0006-drm-i915-Drop-the-irqs_disabled-check.patch: -------------------------------------------------------------------------------- 1 | From 9c2e94663607f6db53df8f5a347a71e10ffa4dc3 Mon Sep 17 00:00:00 2001 2 | From: Sebastian Andrzej Siewior 3 | Date: Fri, 1 Oct 2021 20:01:03 +0200 4 | Subject: [PATCH 6/8] drm/i915: Drop the irqs_disabled() check 5 | 6 | The !irqs_disabled() check triggers on PREEMPT_RT even with 7 | i915_sched_engine::lock acquired. The reason is the lock is transformed 8 | into a sleeping lock on PREEMPT_RT and does not disable interrupts. 9 | 10 | There is no need to check for disabled interrupts. The lockdep 11 | annotation below already check if the lock has been acquired by the 12 | caller and will yell if the interrupts are not disabled. 13 | 14 | Remove the !irqs_disabled() check. 15 | 16 | Reported-by: Maarten Lankhorst 17 | Acked-by: Tvrtko Ursulin 18 | Signed-off-by: Sebastian Andrzej Siewior 19 | --- 20 | drivers/gpu/drm/i915/i915_request.c | 2 -- 21 | 1 file changed, 2 deletions(-) 22 | 23 | --- a/drivers/gpu/drm/i915/i915_request.c 24 | +++ b/drivers/gpu/drm/i915/i915_request.c 25 | @@ -608,7 +608,6 @@ bool __i915_request_submit(struct i915_r 26 | 27 | RQ_TRACE(request, "\n"); 28 | 29 | - GEM_BUG_ON(!irqs_disabled()); 30 | lockdep_assert_held(&engine->sched_engine->lock); 31 | 32 | /* 33 | @@ -717,7 +716,6 @@ void __i915_request_unsubmit(struct i915 34 | */ 35 | RQ_TRACE(request, "\n"); 36 | 37 | - GEM_BUG_ON(!irqs_disabled()); 38 | lockdep_assert_held(&engine->sched_engine->lock); 39 | 40 | /* 41 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/linux-rt/012-0007-drm-i915-guc-Consider-also-RCU-depth-in-busy-loop.patch: -------------------------------------------------------------------------------- 1 | From 192d322a13f7fa4419cbedbd315ed42c7462e4e9 Mon Sep 17 00:00:00 2001 2 | From: Sebastian Andrzej Siewior 3 | Date: Tue, 3 Oct 2023 21:37:21 +0200 4 | Subject: [PATCH 7/8] drm/i915/guc: Consider also RCU depth in busy loop. 5 | 6 | intel_guc_send_busy_loop() looks at in_atomic() and irqs_disabled() to 7 | decide if it should busy-spin while waiting or if it may sleep. 8 | Both checks will report false on PREEMPT_RT if sleeping spinlocks are 9 | acquired leading to RCU splats while the function sleeps. 10 | 11 | Check also if RCU has been disabled. 12 | 13 | Reported-by: "John B. Wyatt IV" 14 | Reviewed-by: Rodrigo Vivi 15 | Signed-off-by: Sebastian Andrzej Siewior 16 | --- 17 | drivers/gpu/drm/i915/gt/uc/intel_guc.h | 2 +- 18 | 1 file changed, 1 insertion(+), 1 deletion(-) 19 | 20 | --- a/drivers/gpu/drm/i915/gt/uc/intel_guc.h 21 | +++ b/drivers/gpu/drm/i915/gt/uc/intel_guc.h 22 | @@ -362,7 +362,7 @@ static inline int intel_guc_send_busy_lo 23 | { 24 | int err; 25 | unsigned int sleep_period_ms = 1; 26 | - bool not_atomic = !in_atomic() && !irqs_disabled(); 27 | + bool not_atomic = !in_atomic() && !irqs_disabled() && !rcu_preempt_depth(); 28 | 29 | /* 30 | * FIXME: Have caller pass in if we are in an atomic context to avoid 31 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/linux-rt/012-0008-Revert-drm-i915-Depend-on-PREEMPT_RT.patch: -------------------------------------------------------------------------------- 1 | From d387c5c9e6666a0d14dafdb51675d583ab55e7d8 Mon Sep 17 00:00:00 2001 2 | From: Sebastian Andrzej Siewior 3 | Date: Mon, 21 Feb 2022 17:59:14 +0100 4 | Subject: [PATCH 8/8] Revert "drm/i915: Depend on !PREEMPT_RT." 5 | 6 | Once the known issues are addressed, it should be safe to enable the 7 | driver. 8 | 9 | Acked-by: Tvrtko Ursulin 10 | Signed-off-by: Sebastian Andrzej Siewior 11 | --- 12 | drivers/gpu/drm/i915/Kconfig | 1 - 13 | 1 file changed, 1 deletion(-) 14 | 15 | --- a/drivers/gpu/drm/i915/Kconfig 16 | +++ b/drivers/gpu/drm/i915/Kconfig 17 | @@ -3,7 +3,6 @@ config DRM_I915 18 | tristate "Intel 8xx/9xx/G3x/G4x/HD Graphics" 19 | depends on DRM 20 | depends on X86 && PCI 21 | - depends on !PREEMPT_RT 22 | select INTEL_GTT if X86 23 | select INTERVAL_TREE 24 | # we need shmfs for the swappable backing store, and in particular 25 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/lrng/011-LRNG-0012-scheduler-add-entropy-sampling-hook.patch: -------------------------------------------------------------------------------- 1 | From 3f214277bf0fc706f883719b5f56a25955487e9c Mon Sep 17 00:00:00 2001 2 | From: Stephan Mueller 3 | Date: Sun, 15 May 2022 16:39:02 +0200 4 | Subject: [PATCH 12/25] scheduler - add entropy sampling hook 5 | 6 | The scheduler can be used as a source of entropy. This requires the 7 | presence of a hook that invokes the entropy source implementation. 8 | 9 | When the scheduler-based entropy source is not compiled, the hook is 10 | folded into a noop which does not affect the scheduler in any way. 11 | 12 | Signed-off-by: Stephan Mueller 13 | --- 14 | kernel/sched/core.c | 3 +++ 15 | 1 file changed, 3 insertions(+) 16 | 17 | --- a/kernel/sched/core.c 18 | +++ b/kernel/sched/core.c 19 | @@ -7,6 +7,7 @@ 20 | * Copyright (C) 1991-2002 Linus Torvalds 21 | * Copyright (C) 1998-2024 Ingo Molnar, Red Hat 22 | */ 23 | +#include 24 | #include 25 | #include 26 | #include 27 | @@ -3613,6 +3614,8 @@ ttwu_stat(struct task_struct *p, int cpu 28 | { 29 | struct rq *rq; 30 | 31 | + add_sched_randomness(p, cpu); 32 | + 33 | if (!schedstat_enabled()) 34 | return; 35 | 36 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/lrng/011-LRNG-0018-LRNG-add-option-to-enable-runtime-entropy-rate-confi.patch: -------------------------------------------------------------------------------- 1 | From 718c21ecd7a9ac35fbdf28d2dcd2310634c669ef Mon Sep 17 00:00:00 2001 2 | From: Stephan Mueller 3 | Date: Sun, 15 May 2022 17:56:56 +0200 4 | Subject: [PATCH 18/25] LRNG - add option to enable runtime entropy rate 5 | configuration 6 | 7 | The entropy rate for the different entropy sources is configured at 8 | compile time. Enabling the option CONFIG_LRNG_RUNTIME_ES_CONFIG allows 9 | the entropy sources' entropy rate to be adjusted at runtime or boot 10 | time. The different options are: 11 | 12 | - IRQ ES: lrng_es_irq.irq_entropy 13 | 14 | - Scheduler ES: lrng_es_sched.sched_entropy 15 | 16 | - CPU ES: lrng_es_cpu.cpu_entropy 17 | 18 | - Kernel ES: lrng_es_krng.krng_entropy 19 | 20 | - Jitter RNG ES: lrng_es_jent.jent_entropy 21 | 22 | The values to be specified there must apply the rationale given for the 23 | different CONFIG_LRNG_*_ENTROPY_RATE kernel configuration options. 24 | 25 | Signed-off-by: Stephan Mueller 26 | --- 27 | drivers/char/lrng/Kconfig | 22 +++++++++++----------- 28 | 1 file changed, 11 insertions(+), 11 deletions(-) 29 | 30 | --- a/drivers/char/lrng/Kconfig 31 | +++ b/drivers/char/lrng/Kconfig 32 | @@ -124,17 +124,17 @@ endmenu # "Specific DRNG seeding strateg 33 | 34 | menu "Entropy Source Configuration" 35 | 36 | -# config LRNG_RUNTIME_ES_CONFIG 37 | -# bool "Enable runtime configuration of entropy sources" 38 | -# help 39 | -# When enabling this option, the LRNG provides the mechanism 40 | -# allowing to alter the entropy rate of each entropy source 41 | -# during boot time and runtime. 42 | -# 43 | -# Each entropy source allows its entropy rate changed with 44 | -# a kernel command line option. When not providing any 45 | -# option, the default specified during kernel compilation 46 | -# is applied. 47 | +config LRNG_RUNTIME_ES_CONFIG 48 | + bool "Enable runtime configuration of entropy sources" 49 | + help 50 | + When enabling this option, the LRNG provides the mechanism 51 | + allowing to alter the entropy rate of each entropy source 52 | + during boot time and runtime. 53 | + 54 | + Each entropy source allows its entropy rate changed with 55 | + a kernel command line option. When not providing any 56 | + option, the default specified during kernel compilation 57 | + is applied. 58 | 59 | comment "Common Timer-based Entropy Source Configuration" 60 | 61 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/net/601-netfilter-export-udp_get_timeouts-function.patch: -------------------------------------------------------------------------------- 1 | From e38488fd0a8a11b4bae4ccad9a7a8cfcf9eb5ab7 Mon Sep 17 00:00:00 2001 2 | From: Murat Sezgin 3 | Date: Mon, 6 Apr 2020 11:08:09 -0700 4 | Subject: [PATCH] netfilter: export udp_get_timeouts function 5 | 6 | This function is required for acceleration support. 7 | 8 | Signed-off-by: Murat Sezgin 9 | Change-Id: Ibca4f402735764e7e6fb3ce2678e670753c6ef9c 10 | --- 11 | include/net/netfilter/nf_conntrack_timeout.h | 1 + 12 | net/netfilter/nf_conntrack_proto_udp.c | 3 ++- 13 | 2 files changed, 3 insertions(+), 1 deletion(-) 14 | 15 | --- a/include/net/netfilter/nf_conntrack_timeout.h 16 | +++ b/include/net/netfilter/nf_conntrack_timeout.h 17 | @@ -107,5 +107,6 @@ struct nf_ct_timeout_hooks { 18 | 19 | extern const struct nf_ct_timeout_hooks __rcu *nf_ct_timeout_hook; 20 | #endif 21 | +extern unsigned int *udp_get_timeouts(struct net *net); 22 | 23 | #endif /* _NF_CONNTRACK_TIMEOUT_H */ 24 | --- a/net/netfilter/nf_conntrack_proto_udp.c 25 | +++ b/net/netfilter/nf_conntrack_proto_udp.c 26 | @@ -29,10 +29,11 @@ static const unsigned int udp_timeouts[U 27 | [UDP_CT_REPLIED] = 120*HZ, 28 | }; 29 | 30 | -static unsigned int *udp_get_timeouts(struct net *net) 31 | +unsigned int *udp_get_timeouts(struct net *net) 32 | { 33 | return nf_udp_pernet(net)->timeouts; 34 | } 35 | +EXPORT_SYMBOL(udp_get_timeouts); 36 | 37 | static void udp_error_log(const struct sk_buff *skb, 38 | const struct nf_hook_state *state, 39 | -------------------------------------------------------------------------------- /openwrt/patch/kernel-6.12/net/README.md: -------------------------------------------------------------------------------- 1 | # Patches 2 | 3 | ## Fullcone 4 | 5 | - [x] Patch 1: [952-net-conntrack-events-support-multiple-registrant.patch](./952-net-conntrack-events-support-multiple-registrant.patch) 6 | 7 | ## BCM-Fullcone 8 | 9 | - [x] Patch 1: [982-add-bcm-fullcone-support.patch](./982-add-bcm-fullcone-support.patch) 10 | - [x] Patch 2: [983-add-bcm-fullcone-nft_masq-support.patch](./983-add-bcm-fullcone-nft_masq-support.patch) 11 | 12 | ## Shortcut Forwarding Engine 13 | 14 | - [x] Patch 1: [601-netfilter-export-udp_get_timeouts-function.patch](./601-netfilter-export-udp_get_timeouts-function.patch) 15 | - [x] Patch 2: [953-net-patch-linux-kernel-to-support-shortcut-fe.patch](./953-net-patch-linux-kernel-to-support-shortcut-fe.patch) 16 | -------------------------------------------------------------------------------- /openwrt/patch/key.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JohnsonRan/opwrt_build_script/098745ef0a5ef0adf042107bfc1d9f0a561de22b/openwrt/patch/key.tar.gz -------------------------------------------------------------------------------- /openwrt/patch/luci/0001-luci-mod-system-add-modal-overlay-dialog-to-reboot.patch: -------------------------------------------------------------------------------- 1 | From 0c1f0e62e72e4c89b0db25aa6f6baa19c7e91e75 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 13 Sep 2024 19:36:44 +0800 4 | Subject: [PATCH 1/5] luci-mod-system: add modal overlay dialog to reboot 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | .../resources/view/system/reboot.js | 21 ++++++++++++++++++- 9 | 1 file changed, 20 insertions(+), 1 deletion(-) 10 | 11 | diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/reboot.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/reboot.js 12 | index 92e1dd4..c106f78 100644 13 | --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/reboot.js 14 | +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/reboot.js 15 | @@ -30,7 +30,26 @@ return view.extend({ 16 | body.appendChild(E('hr')); 17 | body.appendChild(E('button', { 18 | 'class': 'cbi-button cbi-button-action important', 19 | - 'click': ui.createHandlerFn(this, 'handleReboot') 20 | + 'click': function () { 21 | + ui.showModal(_('Confirm Reboot'), [ 22 | + E('p', {}, _('Are you sure you want to reboot the system?')), 23 | + E('button', { 24 | + 'class': 'cbi-button cbi-button-action important', 25 | + 'style': 'margin-left: 0px; background: red!important; border-color: red!important', 26 | + 'click': function () { 27 | + ui.hideModal(); 28 | + this.handleReboot(); 29 | + }.bind(this) 30 | + }, _('Confirm')), 31 | + E('button', { 32 | + 'class': 'btn cbi-button cbi-button-apply', 33 | + 'style': 'margin-left: 20px', 34 | + 'click': function () { 35 | + ui.hideModal(); 36 | + } 37 | + }, _('Cancel')) 38 | + ]); 39 | + }.bind(this) 40 | }, _('Perform reboot'))); 41 | 42 | return body; 43 | -- 44 | 2.42.0 45 | 46 | -------------------------------------------------------------------------------- /openwrt/patch/luci/0002-luci-mod-status-displays-actual-process-memory-usage.patch: -------------------------------------------------------------------------------- 1 | From fb9d1a301136922a624e1eb2927ad60260ee11f8 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 13 Sep 2024 19:43:19 +0800 4 | Subject: [PATCH 2/5] luci-mod-status: displays actual process memory usage 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | .../luci-static/resources/view/status/include/20_memory.js | 4 ++-- 9 | 1 file changed, 2 insertions(+), 2 deletions(-) 10 | 11 | diff --git a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/20_memory.js b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/20_memory.js 12 | index 0a885c0..d3302ff 100644 13 | --- a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/20_memory.js 14 | +++ b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/20_memory.js 15 | @@ -32,8 +32,8 @@ return baseclass.extend({ 16 | swap = L.isObject(systeminfo.swap) ? systeminfo.swap : {}; 17 | 18 | var fields = [ 19 | - _('Total Available'), (mem.available) ? mem.available : (mem.total && mem.free && mem.buffered) ? mem.free + mem.buffered : null, mem.total, 20 | - _('Used'), (mem.total && mem.free) ? (mem.total - mem.free) : null, mem.total, 21 | + _('Used'), (mem.total && mem.free && mem.cached) ? (mem.total - mem.free - mem.cached) : null, mem.total, 22 | + _('Total Available'), (mem.total && mem.free && mem.cached) ? (mem.free + mem.cached) : null, mem.total, 23 | ]; 24 | 25 | if (mem.buffered) 26 | -- 27 | 2.42.0 28 | 29 | -------------------------------------------------------------------------------- /openwrt/patch/luci/0003-luci-mod-status-storage-index-applicable-only-to-val.patch: -------------------------------------------------------------------------------- 1 | From 2543713322fa4f7b404a673429ce36f4319c4749 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sun, 24 Mar 2024 00:12:45 +0800 4 | Subject: [PATCH 3/5] luci-mod-status: storage index applicable only to valid 5 | devices 6 | 7 | Signed-off-by: sbwml 8 | --- 9 | .../luci-static/resources/view/status/include/25_storage.js | 6 ++++-- 10 | 1 file changed, 4 insertions(+), 2 deletions(-) 11 | 12 | diff --git a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/25_storage.js b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/25_storage.js 13 | index 60661f6..aac6711 100644 14 | --- a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/25_storage.js 15 | +++ b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/25_storage.js 16 | @@ -13,12 +13,14 @@ var callMountPoints = rpc.declare({ 17 | expect: { result: [] } 18 | }); 19 | 20 | -var MountSkipList = [ 21 | +var MountSkipPath = [ 22 | "/rom", 23 | "/tmp", 24 | "/dev", 25 | "/overlay", 26 | "/", 27 | + "/boot", 28 | + "/root", 29 | ] 30 | 31 | function progressbar(value, max, byte) { 32 | @@ -62,7 +64,7 @@ return baseclass.extend({ 33 | for (var i = 0; i < mounts.length; i++) { 34 | var entry = mounts[i]; 35 | 36 | - if (MountSkipList.includes(entry.mount)) 37 | + if (!entry.device.includes("/dev/") || MountSkipPath.includes(entry.mount)) 38 | continue; 39 | 40 | var name = entry.device + ' (' + entry.mount +')', 41 | -- 42 | 2.42.0 43 | 44 | -------------------------------------------------------------------------------- /openwrt/patch/luci/0005-luci-mod-system-add-refresh-interval-setting.patch: -------------------------------------------------------------------------------- 1 | From 8596f6d48c24c063fd75f007b8e24cd011ac93fb Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Fri, 13 Sep 2024 19:47:13 +0800 4 | Subject: [PATCH 5/5] luci-mod-system: add refresh interval setting 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | .../htdocs/luci-static/resources/view/system/system.js | 8 ++++++++ 9 | 1 file changed, 8 insertions(+) 10 | 11 | diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js 12 | index 767bc8c..c8969ac 100644 13 | --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js 14 | +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/system.js 15 | @@ -244,6 +244,14 @@ return view.extend({ 16 | if (k[i].charAt(0) != '.') 17 | o.value(uci.get('luci', 'themes', k[i]), k[i]); 18 | 19 | + o = s.taboption('language', form.Value, 'pollinterval', _('Refresh interval'), _('Refresh interval in seconds')); 20 | + o.uciconfig = 'luci'; 21 | + o.ucisection = 'main'; 22 | + o.ucioption = 'pollinterval'; 23 | + o.optional = true 24 | + o.placeholder = 5 25 | + o.datatype = 'and(uinteger,min(1),max(30))' 26 | + 27 | /* 28 | * NTP 29 | */ 30 | -- 31 | 2.42.0 32 | 33 | -------------------------------------------------------------------------------- /openwrt/patch/luci/0006-luci-mod-system-mounts-add-docker-directory-mount-po.patch: -------------------------------------------------------------------------------- 1 | From b5423aca7403dc8b5662bc3e13bf22115fb6b2eb Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sat, 2 Nov 2024 19:13:53 +0800 4 | Subject: [PATCH] luci-mod-system: mounts: add docker directory mount point 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | .../htdocs/luci-static/resources/view/system/mounts.js | 1 + 9 | 1 file changed, 1 insertion(+) 10 | 11 | diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/mounts.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/mounts.js 12 | index 269b4a9..72f20c2 100644 13 | --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/mounts.js 14 | +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/mounts.js 15 | @@ -293,6 +293,7 @@ return view.extend({ 16 | o = s.taboption('general', form.Value, 'target', _('Mount point'), _('Specifies the directory the device is attached to')); 17 | o.value('/', _('Use as root filesystem (/)')); 18 | o.value('/overlay', _('Use as external overlay (/overlay)')); 19 | + o.value('/opt', _('Use as docker root directory (/opt)')); 20 | o.rmempty = false; 21 | 22 | o = s.taboption('general', form.DummyValue, '__notice', _('Root preparation')); 23 | -- 24 | 2.43.5 25 | 26 | -------------------------------------------------------------------------------- /openwrt/patch/luci/0007-luci-mod-system-add-ucitrack-luci-mod-system-zram.js.patch: -------------------------------------------------------------------------------- 1 | From 433eec85db3ec6ca6185eb077ff694ba9b9db2d8 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Mon, 5 May 2025 22:24:52 +0800 4 | Subject: [PATCH] luci-mod-system: add ucitrack luci-mod-system-zram.json 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | .../root/usr/share/ucitrack/luci-mod-system-zram.json | 4 ++++ 9 | 1 file changed, 4 insertions(+) 10 | create mode 100644 modules/luci-mod-system/root/usr/share/ucitrack/luci-mod-system-zram.json 11 | 12 | diff --git a/modules/luci-mod-system/root/usr/share/ucitrack/luci-mod-system-zram.json b/modules/luci-mod-system/root/usr/share/ucitrack/luci-mod-system-zram.json 13 | new file mode 100644 14 | index 0000000..56da09e 15 | --- /dev/null 16 | +++ b/modules/luci-mod-system/root/usr/share/ucitrack/luci-mod-system-zram.json 17 | @@ -0,0 +1,4 @@ 18 | +{ 19 | + "config": "system", 20 | + "init": "zram" 21 | +} 22 | -- 23 | 2.36.0 24 | 25 | -------------------------------------------------------------------------------- /openwrt/patch/luci/applications/luci-app-frpc/001-luci-app-frpc-hide-token.patch: -------------------------------------------------------------------------------- 1 | --- a/feeds/luci/applications/luci-app-frpc/htdocs/luci-static/resources/view/frpc.js 2 | +++ b/feeds/luci/applications/luci-app-frpc/htdocs/luci-static/resources/view/frpc.js 3 | @@ -24,7 +24,7 @@ var commonConf = [ 4 | [form.ListValue, 'log_level', _('Log level'), _('LogLevel specifies the minimum log level. Valid values are "trace", "debug", "info", "warn", and "error".
By default, this value is "info".'), {values: ['trace', 'debug', 'info', 'warn', 'error']}], 5 | [form.Value, 'log_max_days', _('Log max days'), _('LogMaxDays specifies the maximum number of days to store log information before deletion. This is only used if LogWay == "file".
By default, this value is 0.'), {datatype: 'uinteger'}], 6 | [form.Flag, 'disable_log_color', _('Disable log color'), _('DisableLogColor disables log colors when LogWay == "console" when set to true.'), {datatype: 'bool', default: 'false'}], 7 | - [form.Value, 'token', _('Token'), _('Token specifies the authorization token used to create keys to be sent to the server. The server must have a matching token for authorization to succeed.
By default, this value is "".')], 8 | + [form.Value, 'token', _('Token'), _('Token specifies the authorization token used to create keys to be sent to the server. The server must have a matching token for authorization to succeed.
By default, this value is "".'), {password: true}], 9 | [form.Value, 'admin_addr', _('Admin address'), _('AdminAddr specifies the address that the admin server binds to.
By default, this value is "0.0.0.0".'), {datatype: 'ipaddr'}], 10 | [form.Value, 'admin_port', _('Admin port'), _('AdminPort specifies the port for the admin server to listen on. If this value is 0, the admin server will not be started.
By default, this value is 0.'), {datatype: 'port'}], 11 | [form.Value, 'admin_user', _('Admin user'), _('AdminUser specifies the username that the admin server will use for login.
By default, this value is "admin".')], 12 | -------------------------------------------------------------------------------- /openwrt/patch/luci/applications/luci-app-frpc/002-luci-app-frpc-add-enable-flag.patch: -------------------------------------------------------------------------------- 1 | --- a/feeds/luci/applications/luci-app-frpc/htdocs/luci-static/resources/view/frpc.js 2 | +++ b/feeds/luci/applications/luci-app-frpc/htdocs/luci-static/resources/view/frpc.js 3 | @@ -7,11 +7,10 @@ 4 | 5 | // [Widget, Option, Title, Description, {Param: 'Value'}], 6 | var startupConf = [ 7 | - [form.Flag, 'stdout', _('Log stdout')], 8 | - [form.Flag, 'stderr', _('Log stderr')], 9 | + [form.Flag, 'enable', _('Enable'), undefined, {datatype: 'bool', default: 'true', rmempty: false}], 10 | [widgets.UserSelect, 'user', _('Run daemon as user')], 11 | [widgets.GroupSelect, 'group', _('Run daemon as group')], 12 | - [form.Flag, 'respawn', _('Respawn when crashed')], 13 | + [form.Flag, 'respawn', _('Respawn when crashed'), undefined, {datatype: 'bool', default: 'true', rmempty: false}], 14 | [form.DynamicList, 'env', _('Environment variable'), _('OS environments pass to frp for config file template, see frp README'), {placeholder: 'ENV_NAME=value'}], 15 | [form.DynamicList, 'conf_inc', _('Additional configs'), _('Config files include in temporary config file'), {placeholder: '/etc/frp/frpc.d/frpc_full.ini'}] 16 | ]; 17 | -------------------------------------------------------------------------------- /openwrt/patch/luci/applications/luci-app-natmap/0001-luci-app-natmap-add-default-STUN-server-lists.patch: -------------------------------------------------------------------------------- 1 | From 9c27ce31bb6e561af47e2b6c1f47f1cbd96bdabd Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Sun, 27 Oct 2024 06:14:22 +0800 4 | Subject: [PATCH] luci-app-natmap: add default STUN server lists 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | .../htdocs/luci-static/resources/view/natmap.js | 14 ++++++++++++++ 9 | 1 file changed, 14 insertions(+) 10 | 11 | diff --git a/applications/luci-app-natmap/htdocs/luci-static/resources/view/natmap.js b/applications/luci-app-natmap/htdocs/luci-static/resources/view/natmap.js 12 | index e837fbf..14451bf 100644 13 | --- a/applications/luci-app-natmap/htdocs/luci-static/resources/view/natmap.js 14 | +++ b/applications/luci-app-natmap/htdocs/luci-static/resources/view/natmap.js 15 | @@ -80,12 +80,26 @@ return view.extend({ 16 | o.modalonly = true; 17 | 18 | o = s.option(form.Value, 'stun_server', _('STUN server')); 19 | + o.value('stun.voipia.net'); 20 | + o.value('stun.m-online.net'); 21 | + o.value('stun.siptrunk.com'); 22 | + o.value('stun.hot-chilli.net'); 23 | + o.value('stun.fitauto.ru'); 24 | + o.value('stun.cooluc.com'); 25 | + o.default = 'stun.voipia.net'; 26 | o.datatype = 'host'; 27 | o.modalonly = true; 28 | o.optional = false; 29 | o.rmempty = false; 30 | 31 | o = s.option(form.Value, 'http_server', _('HTTP server'), _('For TCP mode')); 32 | + o.value('stun.voipia.net'); 33 | + o.value('stun.m-online.net'); 34 | + o.value('stun.siptrunk.com'); 35 | + o.value('stun.hot-chilli.net'); 36 | + o.value('stun.fitauto.ru'); 37 | + o.value('stun.cooluc.com'); 38 | + o.default = 'stun.voipia.net'; 39 | o.datatype = 'host'; 40 | o.modalonly = true; 41 | o.rmempty = false; 42 | -- 43 | 2.42.0 44 | 45 | -------------------------------------------------------------------------------- /openwrt/patch/mt76/README.md: -------------------------------------------------------------------------------- 1 | # mt76 - fix work for linux-6.12 2 | -------------------------------------------------------------------------------- /openwrt/patch/mt76/patches/101-fix-build-with-linux-6.12rc2.patch: -------------------------------------------------------------------------------- 1 | --- a/mt76x0/eeprom.c 2 | +++ b/mt76x0/eeprom.c 3 | @@ -10,7 +10,11 @@ 4 | #include 5 | #include 6 | #include 7 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) 8 | +#include 9 | +#else 10 | #include 11 | +#endif 12 | #include "mt76x0.h" 13 | #include "eeprom.h" 14 | #include "../mt76x02_phy.h" 15 | --- a/mt76x02_eeprom.c 16 | +++ b/mt76x02_eeprom.c 17 | @@ -4,7 +4,11 @@ 18 | * Copyright (C) 2018 Lorenzo Bianconi 19 | */ 20 | 21 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) 22 | +#include 23 | +#else 24 | #include 25 | +#endif 26 | 27 | #include "mt76x02_eeprom.h" 28 | 29 | --- a/mt76x2/eeprom.c 30 | +++ b/mt76x2/eeprom.c 31 | @@ -5,7 +5,11 @@ 32 | 33 | #include 34 | #include 35 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) 36 | +#include 37 | +#else 38 | #include 39 | +#endif 40 | #include "mt76x2.h" 41 | #include "eeprom.h" 42 | 43 | -------------------------------------------------------------------------------- /openwrt/patch/mt76/patches/102-fix-build-with-mac80211-6.14-backport.patch: -------------------------------------------------------------------------------- 1 | --- a/mac80211.c 2 | +++ b/mac80211.c 3 | @@ -1704,7 +1704,7 @@ s8 mt76_get_power_bound(struct mt76_phy 4 | EXPORT_SYMBOL_GPL(mt76_get_power_bound); 5 | 6 | int mt76_get_txpower(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 7 | - int *dbm) 8 | + unsigned int link_id, int *dbm) 9 | { 10 | struct mt76_phy *phy = mt76_vif_phy(hw, vif); 11 | int n_chains, delta; 12 | --- a/mt76.h 13 | +++ b/mt76.h 14 | @@ -1508,7 +1508,7 @@ int mt76_get_min_avg_rssi(struct mt76_de 15 | s8 mt76_get_power_bound(struct mt76_phy *phy, s8 txpower); 16 | 17 | int mt76_get_txpower(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 18 | - int *dbm); 19 | + unsigned int link_id, int *dbm); 20 | int mt76_init_sar_power(struct ieee80211_hw *hw, 21 | const struct cfg80211_sar_specs *sar); 22 | int mt76_get_sar_power(struct mt76_phy *phy, 23 | --- a/mt7996/main.c 24 | +++ b/mt7996/main.c 25 | @@ -668,7 +668,8 @@ static void mt7996_configure_filter(stru 26 | } 27 | 28 | static int 29 | -mt7996_get_txpower(struct ieee80211_hw *hw, struct ieee80211_vif *vif, int *dbm) 30 | +mt7996_get_txpower(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 31 | + unsigned int link_id, int *dbm) 32 | { 33 | struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv; 34 | struct mt7996_phy *phy = mt7996_vif_link_phy(&mvif->deflink); 35 | -------------------------------------------------------------------------------- /openwrt/patch/odhcpd/luci-mod-network-add-option-for-ipv6-max-plt-vlt.patch: -------------------------------------------------------------------------------- 1 | --- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js 2 | +++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js 3 | @@ -854,6 +854,20 @@ return view.extend({ 4 | so.depends('ra', 'server'); 5 | so.depends({ ra: 'hybrid', master: '0' }); 6 | 7 | + so = ss.taboption('ipv6-ra', form.Value, 'max_preferred_lifetime', _('Max preferred lifetime')); 8 | + so.optional = true; 9 | + so.datatype = 'range(0, 2700)'; 10 | + so.placeholder = '2700'; 11 | + so.depends('ra', 'server'); 12 | + so.depends({ ra: 'hybrid', master: '0' }); 13 | + 14 | + so = ss.taboption('ipv6-ra', form.Value, 'max_valid_lifetime', _('Max valid lifetime')); 15 | + so.optional = true; 16 | + so.datatype = 'range(0, 5400)'; 17 | + so.placeholder = '5400'; 18 | + so.depends('ra', 'server'); 19 | + so.depends({ ra: 'hybrid', master: '0' }); 20 | + 21 | so = ss.taboption('ipv6-ra', form.Value, 'ra_maxinterval', _('Max RA interval'), _('Maximum time allowed between sending unsolicited RA. Default is 600 seconds.')); 22 | so.optional = true; 23 | so.datatype = 'uinteger'; 24 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/901-Revert-speed-Pass-IV-to-EVP_CipherInit_ex-for-evp-ru.patch: -------------------------------------------------------------------------------- 1 | From 6cef85935b825ee477553594d36c9627df95a8c6 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 28 May 2025 14:49:44 +0800 4 | Subject: [PATCH 1/2] Revert "speed: Pass IV to EVP_CipherInit_ex for -evp runs 5 | with non-AEAD ciphers" 6 | 7 | This reverts commit 4836c042d500da503b7f50db2aa65e0bfea1c451. 8 | --- 9 | apps/speed.c | 2 +- 10 | 1 file changed, 1 insertion(+), 1 deletion(-) 11 | 12 | --- a/apps/speed.c 13 | +++ b/apps/speed.c 14 | @@ -2378,7 +2378,7 @@ skip_hmac: 15 | 16 | if (!ae_mode) { 17 | if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, 18 | - loopargs[k].key, iv, -1)) { 19 | + loopargs[k].key, NULL, -1)) { 20 | BIO_printf(bio_err, "\nFailed to set the key\n"); 21 | ERR_print_errors(bio_err); 22 | exit(1); 23 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0004-QUIC-Move-QUIC-transport-params-to-encrypted-extensi.patch: -------------------------------------------------------------------------------- 1 | From 53f22b3eaa410edb8f1b26ce2a61b76d2485090d Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Thu, 15 Aug 2019 11:35:10 -0400 4 | Subject: [PATCH 04/43] QUIC: Move QUIC transport params to encrypted 5 | extensions 6 | 7 | --- 8 | ssl/statem/extensions.c | 2 +- 9 | 1 file changed, 1 insertion(+), 1 deletion(-) 10 | 11 | --- a/ssl/statem/extensions.c 12 | +++ b/ssl/statem/extensions.c 13 | @@ -377,7 +377,7 @@ static const EXTENSION_DEFINITION ext_de 14 | #ifndef OPENSSL_NO_QUIC 15 | { 16 | TLSEXT_TYPE_quic_transport_parameters, 17 | - SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO 18 | + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 19 | | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, 20 | init_quic_transport_params, 21 | tls_parse_ctos_quic_transport_params, tls_parse_stoc_quic_transport_params, 22 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0005-QUIC-Use-proper-secrets-for-handshake.patch: -------------------------------------------------------------------------------- 1 | From 73ef78a611eb40a0a74c60aa9fe9850ae69d08b6 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Thu, 15 Aug 2019 12:37:03 -0400 4 | Subject: [PATCH 05/43] QUIC: Use proper secrets for handshake 5 | 6 | --- 7 | ssl/ssl_local.h | 2 ++ 8 | ssl/ssl_quic.c | 4 ++-- 9 | ssl/tls13_enc.c | 6 ++++++ 10 | 3 files changed, 10 insertions(+), 2 deletions(-) 11 | 12 | --- a/ssl/ssl_local.h 13 | +++ b/ssl/ssl_local.h 14 | @@ -1490,6 +1490,8 @@ struct ssl_st { 15 | unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; 16 | unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; 17 | unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; 18 | + unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; 19 | + unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; 20 | unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; 21 | unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; 22 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 23 | --- a/ssl/ssl_quic.c 24 | +++ b/ssl/ssl_quic.c 25 | @@ -194,8 +194,8 @@ int quic_set_encryption_secrets(SSL *ssl 26 | s2c_secret = ssl->early_secret; 27 | break; 28 | case ssl_encryption_handshake: 29 | - c2s_secret = ssl->client_finished_secret; 30 | - s2c_secret = ssl->server_finished_secret; 31 | + c2s_secret = ssl->client_hand_traffic_secret; 32 | + s2c_secret = ssl->server_hand_traffic_secret; 33 | break; 34 | case ssl_encryption_application: 35 | c2s_secret = ssl->client_app_traffic_secret; 36 | --- a/ssl/tls13_enc.c 37 | +++ b/ssl/tls13_enc.c 38 | @@ -723,6 +723,12 @@ int tls13_change_cipher_state(SSL *s, in 39 | } 40 | } else if (label == client_application_traffic) 41 | memcpy(s->client_app_traffic_secret, secret, hashlen); 42 | +#ifndef OPENSSL_NO_QUIC 43 | + else if (label == client_handshake_traffic) 44 | + memcpy(s->client_hand_traffic_secret, secret, hashlen); 45 | + else if (label == server_handshake_traffic) 46 | + memcpy(s->server_hand_traffic_secret, secret, hashlen); 47 | +#endif 48 | 49 | if (!ssl_log_secret(s, log_label, secret, hashlen)) { 50 | /* SSLfatal() already called */ 51 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0006-QUIC-Handle-partial-handshake-messages.patch: -------------------------------------------------------------------------------- 1 | From 0c9c5b370c5d5d7d0adf8defacd68aa0455f2cbf Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Thu, 15 Aug 2019 13:26:32 -0400 4 | Subject: [PATCH 06/43] QUIC: Handle partial handshake messages 5 | 6 | --- 7 | ssl/ssl_local.h | 1 + 8 | ssl/ssl_quic.c | 28 ++++++++++++++++++++++------ 9 | 2 files changed, 23 insertions(+), 6 deletions(-) 10 | 11 | --- a/ssl/ssl_local.h 12 | +++ b/ssl/ssl_local.h 13 | @@ -1225,6 +1225,7 @@ typedef struct cert_pkey_st CERT_PKEY; 14 | struct quic_data_st { 15 | struct quic_data_st *next; 16 | OSSL_ENCRYPTION_LEVEL level; 17 | + size_t offset; 18 | size_t length; 19 | }; 20 | typedef struct quic_data_st QUIC_DATA; 21 | --- a/ssl/ssl_quic.c 22 | +++ b/ssl/ssl_quic.c 23 | @@ -114,15 +114,26 @@ int SSL_provide_quic_data(SSL *ssl, OSSL 24 | QUIC_DATA *qd; 25 | const uint8_t *p = data + 1; 26 | 27 | + /* Check for an incomplete block */ 28 | + qd = ssl->quic_input_data_tail; 29 | + if (qd != NULL) { 30 | + l = qd->length - qd->offset; 31 | + if (l != 0) { 32 | + /* we still need to copy `l` bytes into the last data block */ 33 | + if (l > len) 34 | + l = len; 35 | + memcpy((char*)(qd+1) + qd->offset, data, l); 36 | + qd->offset += l; 37 | + len -= l; 38 | + data += l; 39 | + continue; 40 | + } 41 | + } 42 | + 43 | n2l3(p, l); 44 | l += SSL3_HM_HEADER_LENGTH; 45 | 46 | - if (l > len) { 47 | - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_BAD_DATA_LENGTH); 48 | - return 0; 49 | - } 50 | - 51 | - qd = OPENSSL_malloc(sizeof(QUIC_DATA) + l); 52 | + qd = OPENSSL_zalloc(sizeof(QUIC_DATA) + l); 53 | if (qd == NULL) { 54 | SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, ERR_R_INTERNAL_ERROR); 55 | return 0; 56 | @@ -131,6 +142,11 @@ int SSL_provide_quic_data(SSL *ssl, OSSL 57 | qd->next = NULL; 58 | qd->length = l; 59 | qd->level = level; 60 | + /* partial data received? */ 61 | + if (l > len) 62 | + l = len; 63 | + qd->offset = l; 64 | + 65 | memcpy((void*)(qd + 1), data, l); 66 | if (ssl->quic_input_data_tail != NULL) 67 | ssl->quic_input_data_tail->next = qd; 68 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0008-QUIC-Reset-init-state-in-SSL_process_quic_post_hands.patch: -------------------------------------------------------------------------------- 1 | From 2e492e056b68540c5ff222bd53ee4ebe2f4a0181 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Thu, 29 Aug 2019 11:53:41 -0400 4 | Subject: [PATCH 08/43] QUIC: Reset init state in 5 | SSL_process_quic_post_handshake() 6 | 7 | --- 8 | ssl/ssl_quic.c | 7 +++++-- 9 | 1 file changed, 5 insertions(+), 2 deletions(-) 10 | 11 | --- a/ssl/ssl_quic.c 12 | +++ b/ssl/ssl_quic.c 13 | @@ -265,16 +265,19 @@ int quic_set_encryption_secrets(SSL *ssl 14 | 15 | int SSL_process_quic_post_handshake(SSL *ssl) 16 | { 17 | + int ret; 18 | + 19 | if (SSL_in_init(ssl) || !SSL_IS_QUIC(ssl)) { 20 | SSLerr(SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 21 | return 0; 22 | } 23 | 24 | ossl_statem_set_in_init(ssl, 1); 25 | + ret = ssl->handshake_func(ssl); 26 | + ossl_statem_set_in_init(ssl, 0); 27 | 28 | - if (ssl->handshake_func(ssl) <= 0) 29 | + if (ret <= 0) 30 | return 0; 31 | - 32 | return 1; 33 | } 34 | 35 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0009-QUIC-Don-t-process-an-incomplete-message.patch: -------------------------------------------------------------------------------- 1 | From 059e2a654d4226a8419407cfeb8a8e15d48733c6 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Thu, 29 Aug 2019 12:03:48 -0400 4 | Subject: [PATCH 09/43] QUIC: Don't process an incomplete message 5 | 6 | --- 7 | ssl/statem/statem_quic.c | 9 ++++----- 8 | 1 file changed, 4 insertions(+), 5 deletions(-) 9 | 10 | --- a/ssl/statem/statem_quic.c 11 | +++ b/ssl/statem/statem_quic.c 12 | @@ -18,30 +18,29 @@ NON_EMPTY_TRANSLATION_UNIT 13 | int quic_get_message(SSL *s, int *mt, size_t *len) 14 | { 15 | size_t l; 16 | - QUIC_DATA *qd; 17 | + QUIC_DATA *qd = s->quic_input_data_head; 18 | uint8_t *p; 19 | 20 | - if (s->quic_input_data_head == NULL) { 21 | + if (qd == NULL || (qd->length - qd->offset) != 0) { 22 | s->rwstate = SSL_READING; 23 | *len = 0; 24 | return 0; 25 | } 26 | 27 | /* This is where we check for the proper level, not when data is given */ 28 | - if (s->quic_input_data_head->level != s->quic_read_level) { 29 | + if (qd->level != s->quic_read_level) { 30 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); 31 | *len = 0; 32 | return 0; 33 | } 34 | 35 | - if (!BUF_MEM_grow_clean(s->init_buf, (int)s->quic_input_data_head->length)) { 36 | + if (!BUF_MEM_grow_clean(s->init_buf, (int)qd->length)) { 37 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); 38 | *len = 0; 39 | return 0; 40 | } 41 | 42 | /* Copy buffered data */ 43 | - qd = s->quic_input_data_head; 44 | memcpy(s->init_buf->data, (void*)(qd + 1), qd->length); 45 | s->init_buf->length = qd->length; 46 | s->quic_input_data_head = qd->next; 47 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0010-QUIC-Quick-fix-s2c-to-c2s-for-early-secret.patch: -------------------------------------------------------------------------------- 1 | From 8ff2c79869c1ab3aa3f9c565197111809a482599 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Thu, 29 Aug 2019 20:21:58 -0400 4 | Subject: [PATCH 10/43] QUIC: Quick fix: s2c to c2s for early secret 5 | 6 | --- 7 | ssl/ssl_quic.c | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | --- a/ssl/ssl_quic.c 11 | +++ b/ssl/ssl_quic.c 12 | @@ -207,7 +207,7 @@ int quic_set_encryption_secrets(SSL *ssl 13 | /* secrets from the POV of the client */ 14 | switch (level) { 15 | case ssl_encryption_early_data: 16 | - s2c_secret = ssl->early_secret; 17 | + c2s_secret = ssl->early_secret; 18 | break; 19 | case ssl_encryption_handshake: 20 | c2s_secret = ssl->client_hand_traffic_secret; 21 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0011-QUIC-Add-client-early-traffic-secret-storage.patch: -------------------------------------------------------------------------------- 1 | From 9796392fbe8d7cb0540176de2ad602610f066b61 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Fri, 30 Aug 2019 09:09:42 -0400 4 | Subject: [PATCH 11/43] QUIC: Add client early traffic secret storage 5 | 6 | --- 7 | ssl/ssl_local.h | 1 + 8 | ssl/ssl_quic.c | 2 +- 9 | ssl/tls13_enc.c | 2 ++ 10 | 3 files changed, 4 insertions(+), 1 deletion(-) 11 | 12 | --- a/ssl/ssl_local.h 13 | +++ b/ssl/ssl_local.h 14 | @@ -1493,6 +1493,7 @@ struct ssl_st { 15 | unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; 16 | unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; 17 | unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; 18 | + unsigned char client_early_traffic_secret[EVP_MAX_MD_SIZE]; 19 | unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; 20 | unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; 21 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 22 | --- a/ssl/ssl_quic.c 23 | +++ b/ssl/ssl_quic.c 24 | @@ -207,7 +207,7 @@ int quic_set_encryption_secrets(SSL *ssl 25 | /* secrets from the POV of the client */ 26 | switch (level) { 27 | case ssl_encryption_early_data: 28 | - c2s_secret = ssl->early_secret; 29 | + c2s_secret = ssl->client_early_traffic_secret; 30 | break; 31 | case ssl_encryption_handshake: 32 | c2s_secret = ssl->client_hand_traffic_secret; 33 | --- a/ssl/tls13_enc.c 34 | +++ b/ssl/tls13_enc.c 35 | @@ -728,6 +728,8 @@ int tls13_change_cipher_state(SSL *s, in 36 | memcpy(s->client_hand_traffic_secret, secret, hashlen); 37 | else if (label == server_handshake_traffic) 38 | memcpy(s->server_hand_traffic_secret, secret, hashlen); 39 | + else if (label == client_early_traffic) 40 | + memcpy(s->client_early_traffic_secret, secret, hashlen); 41 | #endif 42 | 43 | if (!ssl_log_secret(s, log_label, secret, hashlen)) { 44 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0012-QUIC-Add-OPENSSL_NO_QUIC-wrapper.patch: -------------------------------------------------------------------------------- 1 | From 41e5fc307ef92a747a5b81758185cca47307faf6 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Fri, 30 Aug 2019 09:15:31 -0400 4 | Subject: [PATCH 12/43] QUIC: Add OPENSSL_NO_QUIC wrapper 5 | 6 | --- 7 | ssl/ssl_local.h | 2 ++ 8 | 1 file changed, 2 insertions(+) 9 | 10 | --- a/ssl/ssl_local.h 11 | +++ b/ssl/ssl_local.h 12 | @@ -1491,9 +1491,11 @@ struct ssl_st { 13 | unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; 14 | unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; 15 | unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; 16 | +# ifndef OPENSSL_NO_QUIC 17 | unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; 18 | unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; 19 | unsigned char client_early_traffic_secret[EVP_MAX_MD_SIZE]; 20 | +# endif 21 | unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; 22 | unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; 23 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 24 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0013-QUIC-Correctly-disable-middlebox-compat.patch: -------------------------------------------------------------------------------- 1 | From 9103ae64bb8f2abc4d4f146293bd104b641209cc Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Fri, 30 Aug 2019 09:47:48 -0400 4 | Subject: [PATCH 13/43] QUIC: Correctly disable middlebox compat 5 | 6 | --- 7 | ssl/ssl_quic.c | 4 ++-- 8 | 1 file changed, 2 insertions(+), 2 deletions(-) 9 | 10 | --- a/ssl/ssl_quic.c 11 | +++ b/ssl/ssl_quic.c 12 | @@ -173,7 +173,7 @@ int SSL_CTX_set_quic_method(SSL_CTX *ctx 13 | break; 14 | } 15 | ctx->quic_method = quic_method; 16 | - ctx->options &= SSL_OP_ENABLE_MIDDLEBOX_COMPAT; 17 | + ctx->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; 18 | return 1; 19 | } 20 | 21 | @@ -189,7 +189,7 @@ int SSL_set_quic_method(SSL *ssl, const 22 | break; 23 | } 24 | ssl->quic_method = quic_method; 25 | - ssl->options &= SSL_OP_ENABLE_MIDDLEBOX_COMPAT; 26 | + ssl->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; 27 | return 1; 28 | } 29 | 30 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0016-QUIC-Add-support-for-more-secrets.patch: -------------------------------------------------------------------------------- 1 | From fadf42665c7a7c3f57477391d121ad2ca8698164 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Tue, 24 Sep 2019 10:26:42 -0400 4 | Subject: [PATCH 16/43] QUIC: Add support for more secrets 5 | 6 | --- 7 | ssl/tls13_enc.c | 11 +++++++++-- 8 | 1 file changed, 9 insertions(+), 2 deletions(-) 9 | 10 | --- a/ssl/tls13_enc.c 11 | +++ b/ssl/tls13_enc.c 12 | @@ -456,10 +456,14 @@ static int quic_change_cipher_state(SSL 13 | sizeof(client_handshake_traffic)-1, hash, hashlen, 14 | s->client_hand_traffic_secret, hashlen, 1) 15 | || !ssl_log_secret(s, CLIENT_HANDSHAKE_LABEL, s->client_hand_traffic_secret, hashlen) 16 | + || !tls13_derive_finishedkey(s, md, s->client_hand_traffic_secret, 17 | + s->client_finished_secret, hashlen) 18 | || !tls13_hkdf_expand(s, md, s->handshake_secret, server_handshake_traffic, 19 | sizeof(server_handshake_traffic)-1, hash, hashlen, 20 | s->server_hand_traffic_secret, hashlen, 1) 21 | - || !ssl_log_secret(s, SERVER_HANDSHAKE_LABEL, s->server_hand_traffic_secret, hashlen)) { 22 | + || !ssl_log_secret(s, SERVER_HANDSHAKE_LABEL, s->server_hand_traffic_secret, hashlen) 23 | + || !tls13_derive_finishedkey(s, md, s->server_hand_traffic_secret, 24 | + s->server_finished_secret, hashlen)) { 25 | /* SSLfatal() already called */ 26 | goto err; 27 | } 28 | @@ -473,7 +477,10 @@ static int quic_change_cipher_state(SSL 29 | || !tls13_hkdf_expand(s, md, s->master_secret, server_application_traffic, 30 | sizeof(server_application_traffic)-1, hash, hashlen, 31 | s->server_app_traffic_secret, hashlen, 1) 32 | - || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, s->server_app_traffic_secret, hashlen)) { 33 | + || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, s->server_app_traffic_secret, hashlen) 34 | + || !tls13_hkdf_expand(s, md, s->master_secret, resumption_master_secret, 35 | + sizeof(resumption_master_secret)-1, hash, hashlen, 36 | + s->resumption_master_secret, hashlen, 1)) { 37 | /* SSLfatal() already called */ 38 | goto err; 39 | } 40 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0017-QUIC-Fix-resumption-secret.patch: -------------------------------------------------------------------------------- 1 | From a86dc6757fdd4129d08a46fc3604cdbad3c0be41 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Tue, 12 Nov 2019 13:52:35 -0500 4 | Subject: [PATCH 17/43] QUIC: Fix resumption secret 5 | 6 | --- 7 | ssl/tls13_enc.c | 17 +++++++++++++---- 8 | 1 file changed, 13 insertions(+), 4 deletions(-) 9 | 10 | --- a/ssl/tls13_enc.c 11 | +++ b/ssl/tls13_enc.c 12 | @@ -477,10 +477,7 @@ static int quic_change_cipher_state(SSL 13 | || !tls13_hkdf_expand(s, md, s->master_secret, server_application_traffic, 14 | sizeof(server_application_traffic)-1, hash, hashlen, 15 | s->server_app_traffic_secret, hashlen, 1) 16 | - || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, s->server_app_traffic_secret, hashlen) 17 | - || !tls13_hkdf_expand(s, md, s->master_secret, resumption_master_secret, 18 | - sizeof(resumption_master_secret)-1, hash, hashlen, 19 | - s->resumption_master_secret, hashlen, 1)) { 20 | + || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, s->server_app_traffic_secret, hashlen)) { 21 | /* SSLfatal() already called */ 22 | goto err; 23 | } 24 | @@ -494,6 +491,8 @@ static int quic_change_cipher_state(SSL 25 | else 26 | s->quic_read_level = level; 27 | } else { 28 | + /* is_client_write || is_server_read */ 29 | + 30 | if (is_early) { 31 | level = ssl_encryption_early_data; 32 | 33 | @@ -509,6 +508,16 @@ static int quic_change_cipher_state(SSL 34 | level = ssl_encryption_handshake; 35 | } else { 36 | level = ssl_encryption_application; 37 | + /* 38 | + * We also create the resumption master secret, but this time use the 39 | + * hash for the whole handshake including the Client Finished 40 | + */ 41 | + if (!tls13_hkdf_expand(s, md, s->master_secret, resumption_master_secret, 42 | + sizeof(resumption_master_secret)-1, hash, hashlen, 43 | + s->resumption_master_secret, hashlen, 1)) { 44 | + /* SSLfatal() already called */ 45 | + goto err; 46 | + } 47 | } 48 | 49 | if (s->server) 50 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0019-QUIC-Fall-through-for-0RTT.patch: -------------------------------------------------------------------------------- 1 | From 40a5be75bb65d1fc4e40052e19ff54f0974397d9 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Tue, 7 Jan 2020 10:59:08 -0500 4 | Subject: [PATCH 19/43] QUIC: Fall-through for 0RTT 5 | 6 | --- 7 | ssl/statem/statem_srvr.c | 7 ++----- 8 | 1 file changed, 2 insertions(+), 5 deletions(-) 9 | 10 | --- a/ssl/statem/statem_srvr.c 11 | +++ b/ssl/statem/statem_srvr.c 12 | @@ -74,12 +74,9 @@ static int ossl_statem_server13_read_tra 13 | return 1; 14 | } 15 | break; 16 | - } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { 17 | + } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED 18 | + && !SSL_IS_QUIC(s)) { 19 | if (mt == SSL3_MT_END_OF_EARLY_DATA) { 20 | -#ifndef OPENSSL_NO_QUIC 21 | - if (s->quic_method != NULL) 22 | - return 0; 23 | -#endif 24 | st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA; 25 | return 1; 26 | } 27 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0021-QUIC-Prevent-KeyUpdate-for-QUIC.patch: -------------------------------------------------------------------------------- 1 | From 0749642cb0df330f91388a2fe72dc9b2824b7da7 Mon Sep 17 00:00:00 2001 2 | From: Benjamin Kaduk 3 | Date: Mon, 11 May 2020 13:13:01 -0700 4 | Subject: [PATCH 21/43] QUIC: Prevent KeyUpdate for QUIC 5 | 6 | QUIC does not use the TLS KeyUpdate message/mechanism, and indeed 7 | it is an error to generate or receive such a message. Add the 8 | necessary checks (noting that the check for receipt should be 9 | redundant since SSL_provide_quic_data() is the only way to provide 10 | input to the TLS layer for a QUIC connection). 11 | --- 12 | ssl/ssl_quic.c | 6 ++++++ 13 | ssl/statem/statem_lib.c | 14 ++++++++++++++ 14 | 2 files changed, 20 insertions(+) 15 | 16 | --- a/ssl/ssl_quic.c 17 | +++ b/ssl/ssl_quic.c 18 | @@ -92,6 +92,7 @@ int SSL_provide_quic_data(SSL *ssl, OSSL 19 | const uint8_t *data, size_t len) 20 | { 21 | size_t l; 22 | + uint8_t mt; 23 | 24 | if (!SSL_IS_QUIC(ssl)) { 25 | SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 26 | @@ -131,9 +132,14 @@ int SSL_provide_quic_data(SSL *ssl, OSSL 27 | return 0; 28 | } 29 | /* TLS Handshake message header has 1-byte type and 3-byte length */ 30 | + mt = *data; 31 | p = data + 1; 32 | n2l3(p, l); 33 | l += SSL3_HM_HEADER_LENGTH; 34 | + if (mt == SSL3_MT_KEY_UPDATE) { 35 | + SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_UNEXPECTED_MESSAGE); 36 | + return 0; 37 | + } 38 | 39 | qd = OPENSSL_zalloc(sizeof(QUIC_DATA) + l); 40 | if (qd == NULL) { 41 | --- a/ssl/statem/statem_lib.c 42 | +++ b/ssl/statem/statem_lib.c 43 | @@ -666,6 +666,13 @@ int tls_construct_finished(SSL *s, WPACK 44 | 45 | int tls_construct_key_update(SSL *s, WPACKET *pkt) 46 | { 47 | +#ifndef OPENSSL_NO_QUIC 48 | + if (SSL_is_quic(s)) { 49 | + /* TLS KeyUpdate is not used for QUIC, so this is an error. */ 50 | + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 51 | + return 0; 52 | + } 53 | +#endif 54 | if (!WPACKET_put_bytes_u8(pkt, s->key_update)) { 55 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 56 | return 0; 57 | @@ -688,6 +695,13 @@ MSG_PROCESS_RETURN tls_process_key_updat 58 | return MSG_PROCESS_ERROR; 59 | } 60 | 61 | +#ifndef OPENSSL_NO_QUIC 62 | + if (SSL_is_quic(s)) { 63 | + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); 64 | + return MSG_PROCESS_ERROR; 65 | + } 66 | +#endif 67 | + 68 | if (!PACKET_get_1(pkt, &updatetype) 69 | || PACKET_remaining(pkt) != 0) { 70 | SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_KEY_UPDATE); 71 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0022-QUIC-Test-KeyUpdate-rejection.patch: -------------------------------------------------------------------------------- 1 | From 0d6350e28e3b684ce10693dc6921f46441a0da21 Mon Sep 17 00:00:00 2001 2 | From: Benjamin Kaduk 3 | Date: Mon, 11 May 2020 13:26:07 -0700 4 | Subject: [PATCH 22/43] QUIC: Test KeyUpdate rejection 5 | 6 | For now, just test that we don't generate any, since we don't really 7 | expose the mechanics for encrypting one and the QUIC API is not 8 | integrated into the TLSProxy setup. 9 | --- 10 | test/sslapitest.c | 11 +++++++++++ 11 | 1 file changed, 11 insertions(+) 12 | 13 | --- a/test/sslapitest.c 14 | +++ b/test/sslapitest.c 15 | @@ -10889,6 +10889,17 @@ static int test_quic_api(void) 16 | || !TEST_true(SSL_process_quic_post_handshake(clientssl))) 17 | goto end; 18 | 19 | + /* Dummy handshake call should succeed */ 20 | + if (!TEST_true(SSL_do_handshake(clientssl))) 21 | + goto end; 22 | + /* Test that we (correctly) fail to send KeyUpdate */ 23 | + if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)) 24 | + || !TEST_int_le(SSL_do_handshake(clientssl), 0)) 25 | + goto end; 26 | + if (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_NOT_REQUESTED)) 27 | + || !TEST_int_le(SSL_do_handshake(serverssl), 0)) 28 | + goto end; 29 | + 30 | testresult = 1; 31 | 32 | end: 33 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0024-QUIC-Enforce-consistent-encryption-level-for-handsha.patch: -------------------------------------------------------------------------------- 1 | From 6e4c15e6bd52743d79956d3d149c70e021f47d11 Mon Sep 17 00:00:00 2001 2 | From: Benjamin Kaduk 3 | Date: Tue, 1 Sep 2020 15:10:41 -0700 4 | Subject: [PATCH 24/43] QUIC: Enforce consistent encryption level for handshake 5 | messages 6 | 7 | The QUIC-TLS spec requires that TLS handshake messages do not cross 8 | encryption level boundaries, but we were not previously enforcing this. 9 | --- 10 | ssl/ssl_local.h | 1 + 11 | ssl/ssl_quic.c | 12 +++++++++++- 12 | 2 files changed, 12 insertions(+), 1 deletion(-) 13 | 14 | --- a/ssl/ssl_local.h 15 | +++ b/ssl/ssl_local.h 16 | @@ -1720,6 +1720,7 @@ struct ssl_st { 17 | #ifndef OPENSSL_NO_QUIC 18 | OSSL_ENCRYPTION_LEVEL quic_read_level; 19 | OSSL_ENCRYPTION_LEVEL quic_write_level; 20 | + OSSL_ENCRYPTION_LEVEL quic_latest_level_received; 21 | BUF_MEM *quic_buf; /* buffer incoming handshake messages */ 22 | QUIC_DATA *quic_input_data_head; 23 | QUIC_DATA *quic_input_data_tail; 24 | --- a/ssl/ssl_quic.c 25 | +++ b/ssl/ssl_quic.c 26 | @@ -100,7 +100,8 @@ int SSL_provide_quic_data(SSL *ssl, OSSL 27 | 28 | /* Level can be different than the current read, but not less */ 29 | if (level < ssl->quic_read_level 30 | - || (ssl->quic_input_data_tail != NULL && level < ssl->quic_input_data_tail->level)) { 31 | + || (ssl->quic_input_data_tail != NULL && level < ssl->quic_input_data_tail->level) 32 | + || level < ssl->quic_latest_level_received) { 33 | SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); 34 | return 0; 35 | } 36 | @@ -122,6 +123,15 @@ int SSL_provide_quic_data(SSL *ssl, OSSL 37 | buf = NULL; 38 | } 39 | 40 | + /* A TLS message must not cross an encryption level boundary */ 41 | + if (ssl->quic_buf->length != ssl->quic_next_record_start 42 | + && level != ssl->quic_latest_level_received) { 43 | + SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, 44 | + SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); 45 | + return 0; 46 | + } 47 | + ssl->quic_latest_level_received = level; 48 | + 49 | offset = ssl->quic_buf->length; 50 | if (!BUF_MEM_grow(ssl->quic_buf, offset + len)) { 51 | SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, ERR_R_INTERNAL_ERROR); 52 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0026-QUIC-return-success-when-no-post-handshake-data.patch: -------------------------------------------------------------------------------- 1 | From a68e084550b8863d3f6b809ddfb26cb4c3e2307e Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Tue, 5 Jan 2021 13:50:21 -0500 4 | Subject: [PATCH 26/43] QUIC: return success when no post-handshake data 5 | 6 | --- 7 | ssl/ssl_quic.c | 4 ++++ 8 | 1 file changed, 4 insertions(+) 9 | 10 | --- a/ssl/ssl_quic.c 11 | +++ b/ssl/ssl_quic.c 12 | @@ -309,6 +309,10 @@ int SSL_process_quic_post_handshake(SSL 13 | return 0; 14 | } 15 | 16 | + /* if there is no data, return success as BoringSSL */ 17 | + if (ssl->quic_input_data_head == NULL) 18 | + return 1; 19 | + 20 | /* 21 | * This is always safe (we are sure to be at a record boundary) because 22 | * SSL_read()/SSL_write() are never used for QUIC connections -- the 23 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0027-QUIC-__owur-makes-no-sense-for-void-return-values.patch: -------------------------------------------------------------------------------- 1 | From 244d4b0ebd3ab4102f3e1892623bb96adcdef150 Mon Sep 17 00:00:00 2001 2 | From: Benjamin Kaduk 3 | Date: Fri, 15 Jan 2021 15:04:00 -0800 4 | Subject: [PATCH 27/43] QUIC: __owur makes no sense for void return values 5 | 6 | --- 7 | include/openssl/ssl.h.in | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | --- a/include/openssl/ssl.h.in 11 | +++ b/include/openssl/ssl.h.in 12 | @@ -2563,7 +2563,7 @@ __owur int SSL_process_quic_post_handsha 13 | __owur int SSL_is_quic(SSL *ssl); 14 | 15 | /* BoringSSL API */ 16 | -__owur void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); 17 | +void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); 18 | 19 | /* 20 | * Set an explicit value that you want to use 21 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0028-QUIC-remove-SSL_R_BAD_DATA_LENGTH-unused.patch: -------------------------------------------------------------------------------- 1 | From 86793f1d5a316687aea683127d7d5a3a09b0c692 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Fri, 19 Feb 2021 10:12:15 -0500 4 | Subject: [PATCH 28/43] QUIC: remove SSL_R_BAD_DATA_LENGTH (unused) 5 | 6 | --- 7 | crypto/err/openssl.txt | 1 - 8 | include/openssl/sslerr.h | 1 - 9 | ssl/ssl_err.c | 1 - 10 | 3 files changed, 3 deletions(-) 11 | 12 | --- a/crypto/err/openssl.txt 13 | +++ b/crypto/err/openssl.txt 14 | @@ -1251,7 +1251,6 @@ SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_ 15 | SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec 16 | SSL_R_BAD_CIPHER:186:bad cipher 17 | SSL_R_BAD_DATA:390:bad data 18 | -SSL_R_BAD_DATA_LENGTH:802:bad data length 19 | SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback 20 | SSL_R_BAD_DECOMPRESSION:107:bad decompression 21 | SSL_R_BAD_DH_VALUE:102:bad dh value 22 | --- a/include/openssl/sslerr.h 23 | +++ b/include/openssl/sslerr.h 24 | @@ -28,7 +28,6 @@ 25 | # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 26 | # define SSL_R_BAD_CIPHER 186 27 | # define SSL_R_BAD_DATA 390 28 | -# define SSL_R_BAD_DATA_LENGTH 802 29 | # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 30 | # define SSL_R_BAD_DECOMPRESSION 107 31 | # define SSL_R_BAD_DH_VALUE 102 32 | --- a/ssl/ssl_err.c 33 | +++ b/ssl/ssl_err.c 34 | @@ -27,7 +27,6 @@ static const ERR_STRING_DATA SSL_str_rea 35 | "bad change cipher spec"}, 36 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"}, 37 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"}, 38 | - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_LENGTH), "bad data length"}, 39 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), 40 | "bad data returned by callback"}, 41 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"}, 42 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0032-QUIC-Make-SSL_provide_quic_data-accept-0-length-data.patch: -------------------------------------------------------------------------------- 1 | From 01bc5c3a5aa160c2e9bba9c0c45a94eb5702772d Mon Sep 17 00:00:00 2001 2 | From: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> 3 | Date: Fri, 12 Mar 2021 00:39:20 +0900 4 | Subject: [PATCH 32/43] QUIC: Make SSL_provide_quic_data accept 0 length data 5 | 6 | This commit makes SSL_provide_quic_data accept 0 length data, which 7 | matches BoringSSL behavior. 8 | --- 9 | ssl/ssl_quic.c | 3 +++ 10 | 1 file changed, 3 insertions(+) 11 | 12 | --- a/ssl/ssl_quic.c 13 | +++ b/ssl/ssl_quic.c 14 | @@ -143,6 +143,9 @@ int SSL_provide_quic_data(SSL *ssl, OSSL 15 | return 0; 16 | } 17 | 18 | + if (len == 0) 19 | + return 1; 20 | + 21 | if (ssl->quic_buf == NULL) { 22 | BUF_MEM *buf; 23 | if ((buf = BUF_MEM_new()) == NULL) { 24 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0033-QUIC-Process-multiple-post-handshake-messages-in-a-s.patch: -------------------------------------------------------------------------------- 1 | From d286825de6b6243fab9b5ad6c7d522067c4d0e3a Mon Sep 17 00:00:00 2001 2 | From: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> 3 | Date: Sat, 13 Mar 2021 05:37:34 +0900 4 | Subject: [PATCH 33/43] QUIC: Process multiple post-handshake messages in a 5 | single call 6 | 7 | --- 8 | ssl/ssl_quic.c | 27 +++++++++++++-------------- 9 | test/sslapitest.c | 6 ++---- 10 | 2 files changed, 15 insertions(+), 18 deletions(-) 11 | 12 | --- a/ssl/ssl_quic.c 13 | +++ b/ssl/ssl_quic.c 14 | @@ -334,20 +334,19 @@ int SSL_process_quic_post_handshake(SSL 15 | } 16 | 17 | /* if there is no data, return success as BoringSSL */ 18 | - if (ssl->quic_input_data_head == NULL) 19 | - return 1; 20 | - 21 | - /* 22 | - * This is always safe (we are sure to be at a record boundary) because 23 | - * SSL_read()/SSL_write() are never used for QUIC connections -- the 24 | - * application data is handled at the QUIC layer instead. 25 | - */ 26 | - ossl_statem_set_in_init(ssl, 1); 27 | - ret = ssl->handshake_func(ssl); 28 | - ossl_statem_set_in_init(ssl, 0); 29 | + while (ssl->quic_input_data_head != NULL) { 30 | + /* 31 | + * This is always safe (we are sure to be at a record boundary) because 32 | + * SSL_read()/SSL_write() are never used for QUIC connections -- the 33 | + * application data is handled at the QUIC layer instead. 34 | + */ 35 | + ossl_statem_set_in_init(ssl, 1); 36 | + ret = ssl->handshake_func(ssl); 37 | + ossl_statem_set_in_init(ssl, 0); 38 | 39 | - if (ret <= 0) 40 | - return 0; 41 | + if (ret <= 0) 42 | + return 0; 43 | + } 44 | return 1; 45 | } 46 | 47 | --- a/test/sslapitest.c 48 | +++ b/test/sslapitest.c 49 | @@ -10871,8 +10871,7 @@ static int test_quic_api_version(int cln 50 | goto end; 51 | 52 | /* Deal with two NewSessionTickets */ 53 | - if (!TEST_true(SSL_process_quic_post_handshake(clientssl)) 54 | - || !TEST_true(SSL_process_quic_post_handshake(clientssl))) 55 | + if (!TEST_true(SSL_process_quic_post_handshake(clientssl))) 56 | goto end; 57 | 58 | /* Dummy handshake call should succeed */ 59 | @@ -11059,8 +11058,7 @@ static int quic_setupearly_data_test(SSL 60 | return 0; 61 | 62 | /* Deal with two NewSessionTickets */ 63 | - if (!TEST_true(SSL_process_quic_post_handshake(*clientssl)) 64 | - || !TEST_true(SSL_process_quic_post_handshake(*clientssl))) 65 | + if (!TEST_true(SSL_process_quic_post_handshake(*clientssl))) 66 | return 0; 67 | 68 | *sess = SSL_get1_session(*clientssl); 69 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0038-QUIC-revert-white-space-change.patch: -------------------------------------------------------------------------------- 1 | From d25cdd9dfed870991d6eeca1f76ed805eecbf184 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Tue, 7 Sep 2021 12:29:37 -0400 4 | Subject: [PATCH 38/43] QUIC: revert white-space change 5 | 6 | --- 7 | include/openssl/evp.h | 1 - 8 | 1 file changed, 1 deletion(-) 9 | 10 | --- a/include/openssl/evp.h 11 | +++ b/include/openssl/evp.h 12 | @@ -1741,7 +1741,6 @@ int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CT 13 | * Method handles all operations: don't assume any digest related defaults. 14 | */ 15 | # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 16 | - 17 | # ifndef OPENSSL_NO_DEPRECATED_3_0 18 | OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); 19 | OSSL_DEPRECATEDIN_3_0 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); 20 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0039-QUIC-use-SSL_IS_QUIC-in-more-places.patch: -------------------------------------------------------------------------------- 1 | From b240c965d1c7c1d2095c2af798c4853d3379480a Mon Sep 17 00:00:00 2001 2 | From: Benjamin Kaduk 3 | Date: Tue, 7 Sep 2021 14:21:22 -0700 4 | Subject: [PATCH 39/43] QUIC: use SSL_IS_QUIC() in more places 5 | 6 | --- 7 | doc/man3/SSL_CTX_set_quic_method.pod | 2 +- 8 | ssl/statem/extensions_clnt.c | 2 +- 9 | ssl/statem/statem_clnt.c | 2 +- 10 | 3 files changed, 3 insertions(+), 3 deletions(-) 11 | 12 | --- a/doc/man3/SSL_CTX_set_quic_method.pod 13 | +++ b/doc/man3/SSL_CTX_set_quic_method.pod 14 | @@ -105,7 +105,7 @@ the client will send both extensions. 15 | SSL_get_quic_transport_version() returns the value set by 16 | SSL_set_quic_transport_version(). 17 | 18 | -SSL_get_peer_quic_transport_version() returns the version the that was 19 | +SSL_get_peer_quic_transport_version() returns the version the that was 20 | negotiated. 21 | 22 | SSL_set_quic_early_data_enabled() enables QUIC early data if a nonzero 23 | --- a/ssl/statem/extensions_clnt.c 24 | +++ b/ssl/statem/extensions_clnt.c 25 | @@ -1969,7 +1969,7 @@ int tls_parse_stoc_early_data(SSL *s, PA 26 | * QUIC server must send 0xFFFFFFFF or it's a PROTOCOL_VIOLATION 27 | * per RFC9001 S4.6.1 28 | */ 29 | - if (s->quic_method != NULL && max_early_data != 0xFFFFFFFF) { 30 | + if (SSL_IS_QUIC(s) && max_early_data != 0xFFFFFFFF) { 31 | SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INVALID_MAX_EARLY_DATA); 32 | return 0; 33 | } 34 | --- a/ssl/statem/statem_clnt.c 35 | +++ b/ssl/statem/statem_clnt.c 36 | @@ -906,7 +906,7 @@ int ossl_statem_client_construct_message 37 | case TLS_ST_CW_END_OF_EARLY_DATA: 38 | #ifndef OPENSSL_NO_QUIC 39 | /* QUIC does not send EndOfEarlyData, RFC9001 S8.3 */ 40 | - if (s->quic_method != NULL) { 41 | + if (SSL_IS_QUIC(s)) { 42 | *confunc = NULL; 43 | *mt = SSL3_MT_DUMMY; 44 | break; 45 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0040-QUIC-Error-when-non-empty-session_id-in-CH.patch: -------------------------------------------------------------------------------- 1 | From ed45a1c6b04d0a2f8b4cd3a43cc9f14de8f3c374 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Mon, 18 Oct 2021 16:54:31 -0400 4 | Subject: [PATCH 40/43] QUIC: Error when non-empty session_id in CH 5 | 6 | --- 7 | ssl/statem/statem_srvr.c | 9 +++++++++ 8 | 1 file changed, 9 insertions(+) 9 | 10 | --- a/ssl/statem/statem_srvr.c 11 | +++ b/ssl/statem/statem_srvr.c 12 | @@ -1566,6 +1566,15 @@ MSG_PROCESS_RETURN tls_process_client_he 13 | goto err; 14 | } 15 | } 16 | +#ifndef OPENSSL_NO_QUIC 17 | + if (SSL_IS_QUIC(s)) { 18 | + /* Any other QUIC checks on ClientHello here */ 19 | + if (clienthello->session_id_len > 0) { 20 | + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_LENGTH_MISMATCH); 21 | + goto err; 22 | + } 23 | + } 24 | +#endif 25 | } 26 | 27 | if (!PACKET_copy_all(&compression, clienthello->compressions, 28 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0043-QUIC-Fix-extension-test.patch: -------------------------------------------------------------------------------- 1 | From 83da964dc2da67fe779feddfc3a8d3baa9e446c5 Mon Sep 17 00:00:00 2001 2 | From: Todd Short 3 | Date: Tue, 1 Nov 2022 12:55:46 -0400 4 | Subject: [PATCH 43/43] QUIC: Fix extension test 5 | 6 | --- 7 | ssl/ssl_local.h | 4 ++-- 8 | test/ext_internal_test.c | 7 +++++++ 9 | 2 files changed, 9 insertions(+), 2 deletions(-) 10 | 11 | --- a/ssl/ssl_local.h 12 | +++ b/ssl/ssl_local.h 13 | @@ -773,8 +773,8 @@ typedef enum tlsext_index_en { 14 | TLSEXT_IDX_cryptopro_bug, 15 | TLSEXT_IDX_early_data, 16 | TLSEXT_IDX_certificate_authorities, 17 | - TLSEXT_IDX_quic_transport_params_draft, 18 | - TLSEXT_IDX_quic_transport_params, 19 | + TLSEXT_IDX_quic_transport_parameters_draft, 20 | + TLSEXT_IDX_quic_transport_parameters, 21 | TLSEXT_IDX_padding, 22 | TLSEXT_IDX_psk, 23 | /* Dummy index - must always be the last entry */ 24 | --- a/test/ext_internal_test.c 25 | +++ b/test/ext_internal_test.c 26 | @@ -69,6 +69,13 @@ static EXT_LIST ext_list[] = { 27 | EXT_ENTRY(cryptopro_bug), 28 | EXT_ENTRY(early_data), 29 | EXT_ENTRY(certificate_authorities), 30 | +#ifndef OPENSSL_NO_QUIC 31 | + EXT_ENTRY(quic_transport_parameters_draft), 32 | + EXT_ENTRY(quic_transport_parameters), 33 | +#else 34 | + EXT_EXCEPTION(quic_transport_parameters_draft), 35 | + EXT_EXCEPTION(quic_transport_parameters), 36 | +#endif 37 | EXT_ENTRY(padding), 38 | EXT_ENTRY(psk), 39 | EXT_END(num_builtins) 40 | -------------------------------------------------------------------------------- /openwrt/patch/openssl/quic/0044-QUIC-Update-metadata-version.patch: -------------------------------------------------------------------------------- 1 | --- a/VERSION.dat 2 | +++ b/VERSION.dat 3 | @@ -5,1 +5,1 @@ 4 | -BUILD_METADATA= 5 | +BUILD_METADATA=quic 6 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/500-world-regd-5GHz.patch: -------------------------------------------------------------------------------- 1 | Remove the NO-IR flag from channels 36-48 on the World domain, 2 | to make it usable for AP mode. 3 | 4 | Signed-off-by: Felix Fietkau 5 | --- 6 | --- a/db.txt 7 | +++ b/db.txt 8 | @@ -19,13 +19,15 @@ country 00: 9 | # Channel 14. Only JP enables this and for 802.11b only 10 | (2474 - 2494 @ 20), (20), NO-IR, NO-OFDM 11 | # Channel 36 - 48 12 | - (5170 - 5250 @ 80), (20), NO-IR, AUTO-BW 13 | + (5170 - 5250 @ 80), (20), AUTO-BW 14 | # Channel 52 - 64 15 | (5250 - 5330 @ 80), (20), NO-IR, DFS, AUTO-BW 16 | # Channel 100 - 144 17 | (5490 - 5730 @ 160), (20), NO-IR, DFS 18 | # Channel 149 - 165 19 | (5735 - 5835 @ 80), (20), NO-IR 20 | + # Channel 1 - 223 21 | + (5925 - 7125 @ 320), (12), AUTO-BW 22 | # IEEE 802.11ad (60GHz), channels 1..3 23 | (57240 - 63720 @ 2160), (0) 24 | 25 | @@ -1736,7 +1736,7 @@ country US: DFS-FCC 26 | (5850 - 5895 @ 40), (27), NO-OUTDOOR, AUTO-BW, NO-IR 27 | # 6g band 28 | # https://www.federalregister.gov/documents/2020/05/26/2020-11236/unlicensed-use-of-the-6ghz-band 29 | - (5925 - 7125 @ 320), (12), NO-OUTDOOR, NO-IR 30 | + (5925 - 7125 @ 320), (12), AUTO-BW 31 | # 60g band 32 | # reference: section IV-D https://docs.fcc.gov/public/attachments/FCC-16-89A1.pdf 33 | # channels 1-6 EIRP=40dBm(43dBm peak) 34 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/gcc-15-c23/gmp/001-fix-build-with-gcc-15.patch: -------------------------------------------------------------------------------- 1 | --- a/acinclude.m4 2 | +++ b/acinclude.m4 3 | @@ -609,7 +609,7 @@ GMP_PROG_CC_WORKS_PART([$1], [long long 4 | 5 | #if defined (__GNUC__) && ! defined (__cplusplus) 6 | typedef unsigned long long t1;typedef t1*t2; 7 | -void g(){} 8 | +void g(int,t1 const*,t1,t2,t1 const*,int){} 9 | void h(){} 10 | static __inline__ t1 e(t2 rp,t2 up,int n,t1 v0) 11 | {t1 c,x,r;int i;if(v0){c=1;for(i=1;i 3 | Date: Mon, 9 Dec 2024 22:18:08 +0100 4 | Subject: [PATCH] Avoid compilation issues with ncurses on GCC 15 5 | 6 | Fixes: #1567 7 | --- 8 | configure.ac | 1 + 9 | 1 file changed, 1 insertion(+) 10 | 11 | --- a/configure.ac 12 | +++ b/configure.ac 13 | @@ -449,6 +449,7 @@ if test "$my_htop_platform" = "solaris"; 14 | fi 15 | AC_CHECK_FUNCS( [set_escdelay] ) 16 | AC_CHECK_FUNCS( [getmouse] ) 17 | +AC_DEFINE([NCURSES_ENABLE_STDBOOL_H], [1], [Define to enable stdbool.h in ncurses]) 18 | 19 | 20 | AC_ARG_ENABLE([affinity], 21 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/gcc-15/README.md: -------------------------------------------------------------------------------- 1 | ### Fix build for GCC15 Snapshot 2 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/gcc-15/elfutils/901-backends-fix-string-initialization-error-on-gcc15.patch: -------------------------------------------------------------------------------- 1 | From 40676fd44153c3d153db0fef3075daf665990764 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 17 Jul 2024 17:46:42 +0800 4 | Subject: [PATCH] backends: fix string initialization error on gcc15 5 | 6 | Signed-off-by: sbwml 7 | --- 8 | backends/i386_regs.c | 2 +- 9 | backends/x86_64_regs.c | 2 +- 10 | 2 files changed, 2 insertions(+), 2 deletions(-) 11 | 12 | diff --git a/backends/i386_regs.c b/backends/i386_regs.c 13 | index 7ec93bb..4bca1b1 100644 14 | --- a/backends/i386_regs.c 15 | +++ b/backends/i386_regs.c 16 | @@ -83,7 +83,7 @@ i386_register_info (Ebl *ebl __attribute__ ((unused)), 17 | 18 | switch (regno) 19 | { 20 | - static const char baseregs[][2] = 21 | + static const char baseregs[][3] = 22 | { 23 | "ax", "cx", "dx", "bx", "sp", "bp", "si", "di", "ip" 24 | }; 25 | diff --git a/backends/x86_64_regs.c b/backends/x86_64_regs.c 26 | index ef987da..c92c862 100644 27 | --- a/backends/x86_64_regs.c 28 | +++ b/backends/x86_64_regs.c 29 | @@ -80,7 +80,7 @@ x86_64_register_info (Ebl *ebl __attribute__ ((unused)), 30 | 31 | switch (regno) 32 | { 33 | - static const char baseregs[][2] = 34 | + static const char baseregs[][3] = 35 | { 36 | "ax", "dx", "cx", "bx", "si", "di", "bp", "sp" 37 | }; 38 | -- 39 | 2.43.5 40 | 41 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/gcc-15/libwebsockets/901-fix-string-initialization-error-on-gcc15.patch: -------------------------------------------------------------------------------- 1 | diff --git a/plugins/ssh-base/crypto/chacha.c b/plugins/ssh-base/crypto/chacha.c 2 | index 182280d..cb4c5bf 100644 3 | --- a/plugins/ssh-base/crypto/chacha.c 4 | +++ b/plugins/ssh-base/crypto/chacha.c 5 | @@ -59,8 +59,8 @@ typedef struct chacha_ctx chacha_ctx; 6 | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ 7 | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); 8 | 9 | -static const char sigma[16] = "expand 32-byte k"; 10 | -static const char tau[16] = "expand 16-byte k"; 11 | +static const char sigma[18] = "expand 32-byte k"; 12 | +static const char tau[18] = "expand 16-byte k"; 13 | 14 | void 15 | chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) 16 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/gcc-15/libxcrypt/901-fix-string-initialization-error-on-gcc15.patch: -------------------------------------------------------------------------------- 1 | diff --git a/lib/crypt-port.h b/lib/crypt-port.h 2 | index a707939..928a854 100644 3 | --- a/lib/crypt-port.h 4 | +++ b/lib/crypt-port.h 5 | @@ -473,7 +473,7 @@ make_failure_token (const char *setting, char *output, int size); 6 | /* The base-64 encoding table used by most hashing methods. 7 | (bcrypt uses a slightly different encoding.) Size 65 8 | because it's used as a C string in a few places. */ 9 | -extern const unsigned char ascii64[65]; 10 | +extern const unsigned char ascii64[68]; 11 | 12 | /* Same table gets used with other names in various places. */ 13 | #define b64t ((const char *) ascii64) 14 | diff --git a/lib/util-base64.c b/lib/util-base64.c 15 | index d55461f..fdd545d 100644 16 | --- a/lib/util-base64.c 17 | +++ b/lib/util-base64.c 18 | @@ -20,7 +20,7 @@ 19 | 20 | #include "crypt-port.h" 21 | 22 | -const unsigned char ascii64[65] = 23 | +const unsigned char ascii64[68] = 24 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 25 | /* 0000000000111111111122222222223333333333444444444455555555556666 */ 26 | /* 0123456789012345678901234567890123456789012345678901234567890123 */ 27 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/modules/firewire.mk: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2008-2011 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | FIREWIRE_MENU:=FireWire support 9 | 10 | define KernelPackage/firewire 11 | SUBMENU:=$(FIREWIRE_MENU) 12 | TITLE:=Support for FireWire (new stack) 13 | DEPENDS:=@PCI_SUPPORT +kmod-lib-crc-itu-t 14 | KCONFIG:=CONFIG_FIREWIRE 15 | FILES:=$(LINUX_DIR)/drivers/firewire/firewire-core.ko 16 | endef 17 | 18 | define KernelPackage/firewire/description 19 | Kernel support for FireWire (new stack) 20 | endef 21 | 22 | $(eval $(call KernelPackage,firewire)) 23 | 24 | 25 | define KernelPackage/firewire-net 26 | SUBMENU:=$(FIREWIRE_MENU) 27 | TITLE:=Support for IP networking over FireWire 28 | DEPENDS:=kmod-firewire 29 | KCONFIG:=CONFIG_FIREWIRE_NET 30 | FILES:=$(LINUX_DIR)/drivers/firewire/firewire-net.ko 31 | AUTOLOAD:=$(call AutoProbe,firewire-net) 32 | endef 33 | 34 | define KernelPackage/firewire-net/description 35 | Kernel support for IPv4 over FireWire 36 | endef 37 | 38 | $(eval $(call KernelPackage,firewire-net)) 39 | 40 | 41 | define KernelPackage/firewire-ohci 42 | SUBMENU:=$(FIREWIRE_MENU) 43 | TITLE:=Support for OHCI-1394 controllers 44 | DEPENDS:=kmod-firewire 45 | KCONFIG:= \ 46 | CONFIG_FIREWIRE_OHCI \ 47 | CONFIG_FIREWIRE_OHCI_DEBUG=n \ 48 | CONFIG_FIREWIRE_OHCI_REMOTE_DMA=n 49 | FILES:=$(LINUX_DIR)/drivers/firewire/firewire-ohci.ko 50 | AUTOLOAD:=$(call AutoProbe,firewire-ohci) 51 | endef 52 | 53 | 54 | define KernelPackage/firewire-ohci/description 55 | Kernel support for FireWire OHCI-1394 controllers 56 | endef 57 | 58 | $(eval $(call KernelPackage,firewire-ohci)) 59 | 60 | 61 | define KernelPackage/firewire-sbp2 62 | SUBMENU:=$(FIREWIRE_MENU) 63 | TITLE:=Support for SBP-2 devices over FireWire 64 | DEPENDS:=kmod-firewire +kmod-scsi-core 65 | KCONFIG:=CONFIG_FIREWIRE_SBP2 66 | FILES:=$(LINUX_DIR)/drivers/firewire/firewire-sbp2.ko 67 | AUTOLOAD:=$(call AutoProbe,firewire-sbp2) 68 | endef 69 | 70 | define KernelPackage/firewire-sbp2/description 71 | Kernel support for SBP-2 devices over FireWire 72 | endef 73 | 74 | $(eval $(call KernelPackage,firewire-sbp2)) 75 | 76 | 77 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/modules/multiplexer.mk: -------------------------------------------------------------------------------- 1 | # This is free software, licensed under the GNU General Public License v2. 2 | # See /LICENSE for more information. 3 | # 4 | 5 | MENU_TITLE:=Multiplexer Support 6 | 7 | define KernelPackage/mux-core 8 | SUBMENU:=$(MENU_TITLE) 9 | TITLE:=Multiplexer Support 10 | KCONFIG:=CONFIG_MULTIPLEXER 11 | FILES:=$(LINUX_DIR)/drivers/mux/mux-core.ko 12 | AUTOLOAD:=$(call AutoLoad,25,mux-core,1) 13 | endef 14 | 15 | define KernelPackage/mux-core/description 16 | Kernel module for multiplexer support 17 | endef 18 | 19 | $(eval $(call KernelPackage,mux-core)) 20 | 21 | define KernelPackage/mux-gpio 22 | SUBMENU:=$(MENU_TITLE) 23 | TITLE:=GPIO-controlled Multiplexer controller 24 | KCONFIG:=CONFIG_MUX_GPIO 25 | DEPENDS:=@GPIO_SUPPORT kmod-mux-core 26 | FILES:=$(LINUX_DIR)/drivers/mux/mux-gpio.ko 27 | AUTOLOAD:=$(call AutoLoad,25,mux-gpio,1) 28 | endef 29 | 30 | define KernelPackage/mux-gpio/description 31 | Kernel modules for GPIO-controlled Multiplexer controller 32 | endef 33 | 34 | $(eval $(call KernelPackage,mux-gpio)) 35 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/modules/spi.mk: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2006-2011 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | SPI_MENU:=SPI Support 9 | 10 | define KernelPackage/mmc-spi 11 | SUBMENU:=$(SPI_MENU) 12 | TITLE:=MMC/SD over SPI Support 13 | DEPENDS:=+kmod-mmc +kmod-lib-crc-itu-t +kmod-lib-crc7 14 | KCONFIG:=CONFIG_MMC_SPI \ 15 | CONFIG_SPI=y \ 16 | CONFIG_SPI_MASTER=y 17 | FILES:=\ 18 | $(LINUX_DIR)/drivers/mmc/host/of_mmc_spi.ko \ 19 | $(LINUX_DIR)/drivers/mmc/host/mmc_spi.ko 20 | AUTOLOAD:=$(call AutoProbe,of_mmc_spi mmc_spi) 21 | endef 22 | 23 | define KernelPackage/mmc-spi/description 24 | Kernel support for MMC/SD over SPI 25 | endef 26 | 27 | $(eval $(call KernelPackage,mmc-spi)) 28 | 29 | 30 | define KernelPackage/spi-bitbang 31 | SUBMENU:=$(SPI_MENU) 32 | TITLE:=Serial Peripheral Interface bitbanging library 33 | KCONFIG:=CONFIG_SPI_BITBANG \ 34 | CONFIG_SPI=y \ 35 | CONFIG_SPI_MASTER=y 36 | FILES:=$(LINUX_DIR)/drivers/spi/spi-bitbang.ko 37 | endef 38 | 39 | define KernelPackage/spi-bitbang/description 40 | This package contains the SPI bitbanging library 41 | endef 42 | 43 | $(eval $(call KernelPackage,spi-bitbang)) 44 | 45 | 46 | define KernelPackage/spi-gpio 47 | SUBMENU:=$(SPI_MENU) 48 | TITLE:=GPIO-based bitbanging SPI Master 49 | DEPENDS:=@GPIO_SUPPORT +kmod-spi-bitbang 50 | KCONFIG:=CONFIG_SPI_GPIO 51 | FILES:=$(LINUX_DIR)/drivers/spi/spi-gpio.ko 52 | AUTOLOAD:=$(call AutoProbe,spi-gpio) 53 | endef 54 | 55 | define KernelPackage/spi-gpio/description 56 | This package contains the GPIO-based bitbanging SPI Master 57 | endef 58 | 59 | $(eval $(call KernelPackage,spi-gpio)) 60 | 61 | define KernelPackage/spi-dev 62 | SUBMENU:=$(SPI_MENU) 63 | TITLE:=User mode SPI device driver 64 | KCONFIG:=CONFIG_SPI_SPIDEV \ 65 | CONFIG_SPI=y \ 66 | CONFIG_SPI_MASTER=y 67 | FILES:=$(LINUX_DIR)/drivers/spi/spidev.ko 68 | AUTOLOAD:=$(call AutoProbe,spidev) 69 | endef 70 | 71 | define KernelPackage/spi-dev/description 72 | This package contains the user mode SPI device driver 73 | endef 74 | 75 | $(eval $(call KernelPackage,spi-dev)) 76 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/musl/990-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch: -------------------------------------------------------------------------------- 1 | From 6be76895f6863100a311d474a42abdbb6466189d Mon Sep 17 00:00:00 2001 2 | From: Violet Purcell 3 | Date: Sat, 4 Nov 2023 12:09:20 -0400 4 | Subject: [PATCH] elf.h: add typedefs for Elf64_Relr and Elf32_Relr 5 | 6 | These were overlooked when DT_RELR was added in commit 7 | d32dadd60efb9d3b255351a3b532f8e4c3dd0db1, potentially breaking 8 | software that treats presence of the DT_RELR macro as implying they 9 | exist. 10 | --- 11 | include/elf.h | 5 +++++ 12 | 1 file changed, 5 insertions(+) 13 | 14 | diff --git a/include/elf.h b/include/elf.h 15 | index 23f2c4bc1..72d17c3ad 100644 16 | --- a/include/elf.h 17 | +++ b/include/elf.h 18 | @@ -558,6 +558,11 @@ typedef struct { 19 | 20 | 21 | 22 | +typedef Elf32_Word Elf32_Relr; 23 | +typedef Elf64_Xword Elf64_Relr; 24 | + 25 | + 26 | + 27 | #define ELF32_R_SYM(val) ((val) >> 8) 28 | #define ELF32_R_TYPE(val) ((val) & 0xff) 29 | #define ELF32_R_INFO(sym, type) (((sym) << 8) + ((type) & 0xff)) 30 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/perf/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2011-2013 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | include $(INCLUDE_DIR)/kernel.mk 10 | 11 | PKG_NAME:=perf 12 | PKG_VERSION:=$(LINUX_VERSION) 13 | PKG_RELEASE:=5 14 | 15 | PKG_BUILD_FLAGS:=no-mips16 no-lto 16 | PKG_BUILD_PARALLEL:=1 17 | PKG_MAINTAINER:=Felix Fietkau 18 | PKG_FLAGS:=nonshared 19 | 20 | # Perf's makefile and headers are not relocatable and must be built from the 21 | # Linux sources directory 22 | PKG_BUILD_DIR:=$(LINUX_DIR)/tools/perf-$(TARGET_DIR_NAME) 23 | 24 | include $(INCLUDE_DIR)/package.mk 25 | include $(INCLUDE_DIR)/nls.mk 26 | 27 | define Package/perf 28 | SECTION:=devel 29 | CATEGORY:=Development 30 | DEPENDS:= +libelf +libdw +PACKAGE_libunwind:libunwind +libpthread +librt +objdump @!IN_SDK @KERNEL_PERF_EVENTS \ 31 | +PACKAGE_libbfd:libbfd +PACKAGE_libopcodes:libopcodes +libtraceevent 32 | TITLE:=Linux performance monitoring tool 33 | VERSION:=$(LINUX_VERSION)-$(PKG_RELEASE) 34 | URL:=http://www.kernel.org 35 | endef 36 | 37 | define Package/perf/description 38 | perf is the Linux performance monitoring tool 39 | endef 40 | 41 | HOST_CFLAGS += -I$(LINUX_DIR)/tools/include 42 | 43 | TARGET_LDFLAGS += $(INTL_LDFLAGS) 44 | 45 | MAKE_FLAGS = \ 46 | ARCH="$(LINUX_KARCH)" \ 47 | NO_LIBPERL=1 \ 48 | NO_LIBPYTHON=1 \ 49 | NO_NEWT=1 \ 50 | NO_LZMA=1 \ 51 | NO_BACKTRACE=1 \ 52 | NO_LIBNUMA=1 \ 53 | NO_GTK2=1 \ 54 | NO_LIBAUDIT=1 \ 55 | NO_LIBCRYPTO=1 \ 56 | NO_LIBUNWIND=1 \ 57 | NO_LIBZSTD=1 \ 58 | NO_LIBCAP=1 \ 59 | CROSS_COMPILE="$(TARGET_CROSS)" \ 60 | CC="$(TARGET_CC)" \ 61 | LD="$(TARGET_CROSS)ld" \ 62 | EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \ 63 | LDFLAGS="$(TARGET_LDFLAGS)" \ 64 | KBUILD_HOSTCFLAGS="$(HOST_CFLAGS)" \ 65 | $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') \ 66 | PKG_CONFIG="$(PKG_CONFIG)" \ 67 | PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \ 68 | EXCLUDE_EXTLIBS="-lstdc++" \ 69 | EXTRA_PERFLIBS="$(shell $(TARGET_CC) -print-file-name=libstdc++.a)" \ 70 | WERROR=0 \ 71 | O=$(PKG_BUILD_DIR) \ 72 | prefix=/usr 73 | 74 | ifeq ($(LINUX_KARCH),powerpc) 75 | MAKE_FLAGS += NO_AUXTRACE=1 76 | endif 77 | 78 | ifneq (,$(findstring clang,$(KERNEL_CC))) 79 | MAKE_FLAGS += NO_LIBELF=1 80 | endif 81 | 82 | define Build/Compile 83 | +$(MAKE) $(PKG_JOBS) $(MAKE_FLAGS) \ 84 | --no-print-directory \ 85 | -C $(LINUX_DIR)/tools/perf \ 86 | -f Makefile.perf 87 | endef 88 | 89 | define Package/perf/install 90 | $(INSTALL_DIR) $(1)/usr/bin 91 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/perf $(1)/usr/bin/ 92 | endef 93 | 94 | $(eval $(call BuildPackage,perf)) 95 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/x86/base-files/etc/board.d/01_leds: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2017 OpenWrt.org 3 | # 4 | 5 | . /lib/functions/uci-defaults.sh 6 | 7 | board_config_update 8 | 9 | case "$(board_name)" in 10 | cisco-mx100-hw) 11 | ucidef_set_led_usbport "usb" "USB" "mx100:green:usb" "1-1-port2" 12 | ucidef_set_led_default "diag" "DIAG" "mx100:green:tricolor" "1" 13 | ;; 14 | pc-engines-apu1|pc-engines-apu2|pc-engines-apu3|pc-engines-apu4|pc-engines-apu5|pc-engines-apu6) 15 | ucidef_set_led_netdev "wan" "WAN" "apu:green:3" "eth0" 16 | ucidef_set_led_netdev "lan" "LAN" "apu:green:2" "br-lan" 17 | ucidef_set_led_default "diag" "DIAG" "apu:green:1" "1" 18 | ;; 19 | sophos-sg-105wr1|sophos-sg-125wr1|sophos-sg-135wr1|sophos-xg-105wr1|sophos-xg-125wr1|sophos-xg-135wr1) 20 | ucidef_set_led_netdev "wlan" "WiFi" "ath9k-phy0" "phy0tpt" 21 | ;; 22 | sophos-sg-105wr2|sophos-sg-125wr2|sophos-sg-135wr2|sophos-xg-105wr2|sophos-xg-125wr2|sophos-xg-135wr2|\ 23 | sophos-sg-105wr3|sophos-sg-125wr3|sophos-sg-135wr3|sophos-xg-105wr3|sophos-xg-125wr3|sophos-xg-135wr3) 24 | ucidef_set_led_netdev "wlan" "WiFi" "ath10k-phy0" "phy0tpt" 25 | ;; 26 | traverse-technologies-geos) 27 | ucidef_set_led_netdev "lan" "LAN" "geos:1" "br-lan" "tx rx" 28 | ucidef_set_led_netdev "wlan" "WiFi" "geos:2" "phy0tpt" 29 | ucidef_set_led_default "diag" "DIAG" "geos:3" "1" 30 | ;; 31 | silicom-80500-0214-*) 32 | ucidef_set_led_netdev "wan" "WAN" "multicolor:fp_center" "wan0" 33 | ucidef_set_led_netdev "lan" "LAN" "multicolor:fp_right" "br-lan" 34 | ;; 35 | esac 36 | board_config_flush 37 | 38 | exit 0 39 | -------------------------------------------------------------------------------- /openwrt/patch/openwrt-6.x/x86/patches-6.12/100-fix_cs5535_clockevt.patch: -------------------------------------------------------------------------------- 1 | --- a/drivers/clocksource/timer-cs5535.c 2 | +++ b/drivers/clocksource/timer-cs5535.c 3 | @@ -127,7 +127,9 @@ static irqreturn_t mfgpt_tick(int irq, v 4 | cs5535_mfgpt_write(cs5535_event_clock, MFGPT_REG_SETUP, 5 | MFGPT_SETUP_CNTEN | MFGPT_SETUP_CMP2); 6 | 7 | - cs5535_clockevent.event_handler(&cs5535_clockevent); 8 | + if (cs5535_clockevent.event_handler) 9 | + cs5535_clockevent.event_handler(&cs5535_clockevent); 10 | + 11 | return IRQ_HANDLED; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /openwrt/patch/opkg/900-opkg-download-disable-hsts.patch: -------------------------------------------------------------------------------- 1 | --- a/libopkg/opkg_download.c 2 | +++ b/libopkg/opkg_download.c 3 | @@ -159,6 +159,7 @@ opkg_download(const char *src, const cha 4 | 5 | argv[i++] = "wget"; 6 | argv[i++] = "-q"; 7 | + argv[i++] = "--no-hsts"; 8 | if (conf->no_check_certificate) { 9 | argv[i++] = "--no-check-certificate"; 10 | } 11 | -------------------------------------------------------------------------------- /openwrt/patch/opkg/901-libopkg-opkg_install-copy-conffiles-to-the-system-co.patch: -------------------------------------------------------------------------------- 1 | From 74dbda351198a9028a69a912be85cefd72c0cec9 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Thu, 13 Mar 2025 22:07:10 +0800 4 | Subject: [PATCH] libopkg: opkg_install: copy conffiles to the system 5 | configuration preserved list 6 | 7 | Signed-off-by: sbwml 8 | --- 9 | libopkg/opkg_install.c | 32 ++++++++++++++++++++++++++++++++ 10 | 1 file changed, 32 insertions(+) 11 | 12 | diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c 13 | index 68fb9ea..b4d18a2 100644 14 | --- a/libopkg/opkg_install.c 15 | +++ b/libopkg/opkg_install.c 16 | @@ -1394,6 +1394,38 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade) 17 | } 18 | } 19 | 20 | + /* Handle conffiles for sysupgrade */ 21 | + { 22 | + const char *tmp_dir = pkg_get_string(pkg, PKG_TMP_UNPACK_DIR); 23 | + if (tmp_dir) { 24 | + char *conffiles_path; 25 | + asprintf(&conffiles_path, "%s/conffiles", tmp_dir); 26 | + if (file_exists(conffiles_path)) { 27 | + char *keep_dir = "/lib/upgrade/keep.d"; 28 | + char *keep_file; 29 | + asprintf(&keep_file, "%s/%s", keep_dir, pkg->name); 30 | + 31 | + if (file_mkdir_hier(keep_dir, 0755) != 0) { 32 | + opkg_msg(ERROR, "Failed to create directory %s: %s\n", 33 | + keep_dir, strerror(errno)); 34 | + goto cleanup_conffiles; 35 | + } 36 | + 37 | + if (file_copy(conffiles_path, keep_file) != 0) { 38 | + opkg_msg(ERROR, "Failed to copy %s to %s\n", 39 | + conffiles_path, keep_file); 40 | + goto cleanup_conffiles; 41 | + } 42 | + opkg_msg(DEBUG, "Copied conffiles to %s for sysupgrade\n", 43 | + keep_file); 44 | + 45 | + cleanup_conffiles: 46 | + free(keep_file); 47 | + } 48 | + free(conffiles_path); 49 | + } 50 | + } 51 | + 52 | err = update_file_ownership(pkg, old_pkg); 53 | if (err) 54 | return -1; 55 | -- 56 | 2.43.5 57 | 58 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/README.md: -------------------------------------------------------------------------------- 1 | ### Fix build for linux-6.6 -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/batman-adv/901-fix-linux-6.12rc2-builds.patch: -------------------------------------------------------------------------------- 1 | --- a/net/batman-adv/distributed-arp-table.c 2 | +++ b/net/batman-adv/distributed-arp-table.c 3 | @@ -7,7 +7,13 @@ 4 | #include "distributed-arp-table.h" 5 | #include "main.h" 6 | 7 | +#include 8 | + 9 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) 10 | +#include 11 | +#else 12 | #include 13 | +#endif 14 | #include 15 | #include 16 | #include 17 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/clang/macremapper/100-macremapper-fix-clang-build.patch: -------------------------------------------------------------------------------- 1 | --- a/feeds/packages/kernel/macremapper/Makefile 2 | +++ b/feeds/packages/kernel/macremapper/Makefile 3 | @@ -38,4 +38,15 @@ endef 4 | MAKE_FLAGS += KERNEL_SRC=$(LINUX_DIR) ARCH=$(LINUX_KARCH) 5 | MAKE_PATH:=kernelmod 6 | 7 | +KERNEL_CC:= $(filter-out ccache,$(KERNEL_CC)) 8 | + 9 | +ifneq (,$(findstring clang,$(KERNEL_CC))) 10 | + ifneq (,$(filter clang-%,$(KERNEL_CC))) 11 | + LLVM:=-$(subst clang-,,$(KERNEL_CC)) 12 | + else 13 | + LLVM:= 14 | + endif 15 | + MAKE_FLAGS += CC=$(KERNEL_CC) LD=ld.lld$(LLVM) 16 | +endif 17 | + 18 | $(eval $(call KernelPackage,macremapper)) 19 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/clang/netatop/900-fix-build-with-clang.patch: -------------------------------------------------------------------------------- 1 | diff --git a/module/Makefile b/module/Makefile 2 | index 6994666..72b5fc1 100644 3 | --- a/module/Makefile 4 | +++ b/module/Makefile 5 | @@ -18,3 +18,6 @@ clean: 6 | rm -fr .tmp_versions 7 | 8 | netatop.o: ../netatop.h ../netatopversion.h 9 | + 10 | +# clang 11 | +ccflags-y += -Wno-strict-prototypes 12 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/cryptodev-linux/6.12/0005-Fix-cryptodev_verbosity-sysctl-for-Linux-6.11-rc1.patch: -------------------------------------------------------------------------------- 1 | From 3d256971a2a532c974b88418927dd3b3831c27cc Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Joan=20Bruguera=20Mic=C3=B3?= 3 | Date: Fri, 19 Jul 2024 20:18:31 +0000 4 | Subject: [PATCH] Fix cryptodev_verbosity sysctl for Linux 6.11-rc1 5 | MIME-Version: 1.0 6 | Content-Type: text/plain; charset=UTF-8 7 | Content-Transfer-Encoding: 8bit 8 | 9 | There has been a long-running Linux kernel effort to get rid of the 10 | sentinels of `struct ctl_table`. In Linux 6.11 it has been completed, 11 | and registering a sysctl with a sentinel will fail with a dmesg error: 12 | 13 | > sysctl table check failed: ioctl/(null) procname is null 14 | > sysctl table check failed: ioctl/(null) No proc_handler 15 | 16 | Exclude the sentinels since that version. 17 | 18 | See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f8a8b94d0698ccc56c44478169c91ca774540d9f 19 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9edbfe92a0a1355bae1e47c8f542ac0d39f19f8c 20 | 21 | Signed-off-by: Joan Bruguera Micó 22 | --- 23 | ioctl.c | 2 ++ 24 | 1 file changed, 2 insertions(+) 25 | 26 | --- a/ioctl.c 27 | +++ b/ioctl.c 28 | @@ -1239,7 +1239,9 @@ static struct ctl_table verbosity_ctl_di 29 | .mode = 0644, 30 | .proc_handler = proc_dointvec, 31 | }, 32 | +#if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0)) 33 | {}, 34 | +#endif 35 | }; 36 | 37 | static struct ctl_table verbosity_ctl_root[] = { 38 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/cryptodev-linux/6.12/0006-Exclude-unused-struct-since-Linux-6.5.patch: -------------------------------------------------------------------------------- 1 | From 2669a340472e89a521ac6fbc803961124311453b Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Joan=20Bruguera=20Mic=C3=B3?= 3 | Date: Fri, 19 Jul 2024 20:10:32 +0000 4 | Subject: [PATCH] Exclude unused struct since Linux >= 6.5 5 | MIME-Version: 1.0 6 | Content-Type: text/plain; charset=UTF-8 7 | Content-Transfer-Encoding: 8bit 8 | 9 | Since Linux >= 6.5 we don't need `struct ctl_table verbosity_ctl_root`, 10 | only the sysctl path, so move it to a constant and exclude the struct. 11 | 12 | This is just a cosmetic change, intended to make it clear that neither 13 | the struct nor the sentinel that follows are needed on newer kernels. 14 | 15 | Signed-off-by: Joan Bruguera Micó 16 | --- 17 | ioctl.c | 9 +++++---- 18 | 1 file changed, 5 insertions(+), 4 deletions(-) 19 | 20 | --- a/ioctl.c 21 | +++ b/ioctl.c 22 | @@ -1231,6 +1231,7 @@ cryptodev_deregister(void) 23 | } 24 | 25 | /* ====== Module init/exit ====== */ 26 | +static const char verbosity_ctl_path[] = "ioctl"; 27 | static struct ctl_table verbosity_ctl_dir[] = { 28 | { 29 | .procname = "cryptodev_verbosity", 30 | @@ -1244,16 +1245,16 @@ static struct ctl_table verbosity_ctl_di 31 | #endif 32 | }; 33 | 34 | +#if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 5, 0)) 35 | static struct ctl_table verbosity_ctl_root[] = { 36 | { 37 | - .procname = "ioctl", 38 | + .procname = verbosity_ctl_path, 39 | .mode = 0555, 40 | -#if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 5, 0)) 41 | .child = verbosity_ctl_dir, 42 | -#endif 43 | }, 44 | {}, 45 | }; 46 | +#endif 47 | static struct ctl_table_header *verbosity_sysctl_header; 48 | static int __init init_cryptodev(void) 49 | { 50 | @@ -1274,7 +1275,7 @@ static int __init init_cryptodev(void) 51 | #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 5, 0)) 52 | verbosity_sysctl_header = register_sysctl_table(verbosity_ctl_root); 53 | #else 54 | - verbosity_sysctl_header = register_sysctl(verbosity_ctl_root->procname, verbosity_ctl_dir); 55 | + verbosity_sysctl_header = register_sysctl(verbosity_ctl_path, verbosity_ctl_dir); 56 | #endif 57 | 58 | pr_info(PFX "driver %s loaded.\n", VERSION); 59 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/gpio-button-hotplug/fix-linux-6.12.patch: -------------------------------------------------------------------------------- 1 | diff --git a/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c b/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c 2 | index 52346c2..75f6155 100644 3 | --- a/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c 4 | +++ b/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c 5 | @@ -674,7 +674,11 @@ static void gpio_keys_irq_close(struct gpio_keys_button_dev *bdev) 6 | } 7 | } 8 | 9 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) 10 | +static void gpio_keys_remove(struct platform_device *pdev) 11 | +#else 12 | static int gpio_keys_remove(struct platform_device *pdev) 13 | +#endif 14 | { 15 | struct gpio_keys_button_dev *bdev = platform_get_drvdata(pdev); 16 | 17 | @@ -685,7 +689,9 @@ static int gpio_keys_remove(struct platform_device *pdev) 18 | else 19 | gpio_keys_irq_close(bdev); 20 | 21 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0) 22 | return 0; 23 | +#endif 24 | } 25 | 26 | static struct platform_driver gpio_keys_driver = { 27 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/kselftests-bpf/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2021 Tony Ambardar 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | include $(INCLUDE_DIR)/kernel.mk 10 | 11 | PKG_NAME:=kselftests-bpf 12 | PKG_VERSION:=$(LINUX_VERSION) 13 | PKG_RELEASE:=1 14 | PKG_MAINTAINER:=Tony Ambardar 15 | 16 | PKG_BUILD_FLAGS:=no-lto 17 | PKG_BUILD_PARALLEL:=1 18 | PKG_FLAGS:=nonshared 19 | 20 | include $(INCLUDE_DIR)/package.mk 21 | include $(INCLUDE_DIR)/nls.mk 22 | 23 | define Package/kselftests-bpf 24 | SECTION:=devel 25 | CATEGORY:=Development 26 | DEPENDS:= \ 27 | +libelf +zlib +libpthread +librt \ 28 | +kmod-crypto-user +kmod-crypto-sha1 \ 29 | @KERNEL_DEBUG_FS @KERNEL_DEBUG_INFO_BTF @KERNEL_BPF_EVENTS @!IN_SDK 30 | TITLE:=Linux Kernel Selftests (BPF) 31 | URL:=http://www.kernel.org 32 | endef 33 | 34 | define Package/kselftests-bpf/description 35 | kselftests-bpf is the Linux kernel BPF test suite 36 | endef 37 | 38 | EXE_TARGETS = \ 39 | test_verifier \ 40 | test_tag \ 41 | test_lpm_map \ 42 | test_dev_cgroup \ 43 | test_sock \ 44 | test_sockmap \ 45 | get_cgroup_id_user \ 46 | test_cgroup_storage \ 47 | test_tcpnotify_user \ 48 | test_sysctl 49 | 50 | MOD_TARGETS = $(if $(call kernel_patchver_ge,6.4),bpf_testmod.ko) 51 | 52 | MAKE_PATH:=tools/testing/selftests/bpf 53 | 54 | MAKE_VARS = \ 55 | ARCH="$(LINUX_KARCH)" \ 56 | CROSS_COMPILE="$(TARGET_CROSS)" \ 57 | EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \ 58 | LDLIBS="$(TARGET_LDFLAGS)" \ 59 | TOOLCHAIN_INCLUDE="$(TOOLCHAIN_INC_DIRS)" \ 60 | KBUILD_OUTPUT="$(LINUX_DIR)" 61 | 62 | MAKE_FLAGS = \ 63 | $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') \ 64 | OUTPUT=$(PKG_BUILD_DIR) 65 | 66 | define Build/Compile 67 | +$(MAKE_VARS) \ 68 | $(MAKE) $(PKG_JOBS) -C $(LINUX_DIR)/$(MAKE_PATH) \ 69 | $(MAKE_FLAGS) $(EXE_TARGETS) $(MOD_TARGETS) ; 70 | endef 71 | 72 | define Package/kselftests-bpf/install 73 | $(INSTALL_DIR) $(1)/usr/bin 74 | $(INSTALL_DIR) $(1)/usr/libexec/$(PKG_NAME) 75 | $(foreach tgt,$(MOD_TARGETS), \ 76 | $(INSTALL_DATA) \ 77 | $(PKG_BUILD_DIR)/$(tgt) $(1)/usr/libexec/$(PKG_NAME); \ 78 | ) 79 | $(foreach tgt,$(EXE_TARGETS), \ 80 | $(INSTALL_BIN) \ 81 | $(PKG_BUILD_DIR)/$(tgt) $(1)/usr/libexec/$(PKG_NAME); \ 82 | $(LN) /usr/libexec/$(PKG_NAME)/$(tgt) $(1)/usr/bin/$(tgt); \ 83 | ) 84 | endef 85 | 86 | $(eval $(call BuildPackage,kselftests-bpf)) 87 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/libpfring/patches/0001-fix-cross-compiling.patch: -------------------------------------------------------------------------------- 1 | --- a/userland/configure 2 | +++ b/userland/configure 3 | @@ -3868,12 +3868,6 @@ $as_echo "no" >&6; } 4 | if test "$IS_FREEBSD" != "1" && test "$cross_compiling" != "yes" ; then 5 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if r/w locks are supported" >&5 6 | $as_echo_n "checking if r/w locks are supported... " >&6; } 7 | - if test "$cross_compiling" = yes; then : 8 | - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 9 | -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} 10 | -as_fn_error $? "cannot run test program while cross compiling 11 | -See \`config.log' for more details" "$LINENO" 5; } 12 | -else 13 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext 14 | /* end confdefs.h. */ 15 | 16 | @@ -3886,7 +3880,7 @@ else 17 | 18 | 19 | _ACEOF 20 | -if ac_fn_c_try_run "$LINENO"; then : 21 | +if ac_fn_c_try_compile "$LINENO"; then : 22 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 23 | $as_echo "yes" >&6; } 24 | cat >>confdefs.h <<_ACEOF 25 | @@ -3900,7 +3894,6 @@ $as_echo "no" >&6; } 26 | fi 27 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ 28 | conftest.$ac_objext conftest.beam conftest.$ac_ext 29 | -fi 30 | 31 | fi 32 | 33 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/libpfring/patches/100-fix-compilation-warning.patch: -------------------------------------------------------------------------------- 1 | --- a/kernel/pf_ring.c 2 | +++ b/kernel/pf_ring.c 3 | @@ -3902,7 +3902,7 @@ static int hash_pkt_cluster(ring_cluster 4 | break; 5 | } 6 | /* else, fall through, because it's like 2-tuple for non-TCP packets */ 7 | - 8 | + fallthrough; 9 | case cluster_per_flow_2_tuple: 10 | case cluster_per_inner_flow_2_tuple: 11 | flags |= mask_2_tuple; 12 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/libpfring/patches/900-fix-linux-6.6.patch: -------------------------------------------------------------------------------- 1 | From 5557b6ffe8d4eeb93532d043649b40eb10120bf7 Mon Sep 17 00:00:00 2001 2 | From: Gavin 3 | Date: Wed, 25 Oct 2023 11:40:50 +0100 4 | Subject: [PATCH] Update pf_ring.c 5 | 6 | Change to remove .sendpage assignment, as that attribute seems to have gone away in 6.5.3 kernel. 7 | --- 8 | kernel/pf_ring.c | 2 ++ 9 | 1 file changed, 2 insertions(+) 10 | 11 | diff --git a/kernel/pf_ring.c b/kernel/pf_ring.c 12 | index cbaa8d61f..c2406b01f 100644 13 | --- a/kernel/pf_ring.c 14 | +++ b/kernel/pf_ring.c 15 | @@ -8458,7 +8458,9 @@ static struct proto_ops ring_ops = { 16 | .getname = sock_no_getname, 17 | .listen = sock_no_listen, 18 | .shutdown = sock_no_shutdown, 19 | + #if(LINUX_VERSION_CODE < KERNEL_VERSION(6,5,3)) 20 | .sendpage = sock_no_sendpage, 21 | + #endif 22 | 23 | /* Now the operations that really occur. */ 24 | .release = ring_release, 25 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/nat46/100-fix-build-with-kernel-6.9.patch: -------------------------------------------------------------------------------- 1 | --- a/nat46/modules/nat46-netdev.c 2 | +++ b/nat46/modules/nat46-netdev.c 3 | @@ -193,7 +193,11 @@ static struct net_device *find_dev(char 4 | return NULL; 5 | } 6 | 7 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 9, 0) 8 | + rcu_read_lock(); 9 | +#else 10 | read_lock(&dev_base_lock); 11 | +#endif 12 | dev = first_net_device(&init_net); 13 | while (dev) { 14 | if((0 == strcmp(dev->name, name)) && is_nat46(dev)) { 15 | @@ -205,7 +209,11 @@ static struct net_device *find_dev(char 16 | } 17 | dev = next_net_device(dev); 18 | } 19 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 9, 0) 20 | + rcu_read_unlock(); 21 | +#else 22 | read_unlock(&dev_base_lock); 23 | +#endif 24 | return out; 25 | } 26 | 27 | @@ -300,7 +308,11 @@ int nat46_remove(char *devname, char *bu 28 | 29 | void nat64_show_all_configs(struct seq_file *m) { 30 | struct net_device *dev; 31 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 9, 0) 32 | + rcu_read_lock(); 33 | +#else 34 | read_lock(&dev_base_lock); 35 | +#endif 36 | dev = first_net_device(&init_net); 37 | while (dev) { 38 | if(is_nat46(dev)) { 39 | @@ -323,7 +335,11 @@ void nat64_show_all_configs(struct seq_f 40 | } 41 | dev = next_net_device(dev); 42 | } 43 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 9, 0) 44 | + rcu_read_unlock(); 45 | +#else 46 | read_unlock(&dev_base_lock); 47 | +#endif 48 | 49 | } 50 | 51 | @@ -331,7 +347,11 @@ void nat46_destroy_all(void) { 52 | struct net_device *dev; 53 | struct net_device *nat46dev; 54 | do { 55 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 9, 0) 56 | + rcu_read_lock(); 57 | +#else 58 | read_lock(&dev_base_lock); 59 | +#endif 60 | nat46dev = NULL; 61 | dev = first_net_device(&init_net); 62 | while (dev) { 63 | @@ -340,7 +360,11 @@ void nat46_destroy_all(void) { 64 | } 65 | dev = next_net_device(dev); 66 | } 67 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 9, 0) 68 | + rcu_read_unlock(); 69 | +#else 70 | read_unlock(&dev_base_lock); 71 | +#endif 72 | if(nat46dev) { 73 | nat46_netdev_destroy(nat46dev); 74 | } 75 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/nat46/101-fix-build-with-kernel-6.12.patch: -------------------------------------------------------------------------------- 1 | --- a/nat46/modules/nat46-netdev.c 2 | +++ b/nat46/modules/nat46-netdev.c 3 | @@ -110,7 +110,11 @@ static void nat46_netdev_setup(struct ne 4 | dev->hard_header_len = 0; 5 | dev->addr_len = 0; 6 | dev->mtu = 16384; /* iptables does reassembly. Rather than using ETH_DATA_LEN, let's try to get as much mileage as we can with the Linux stack */ 7 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 12, 0) 8 | dev->features = NETIF_F_NETNS_LOCAL; 9 | +#else 10 | + dev->features = dev->netns_local; 11 | +#endif 12 | dev->flags = IFF_NOARP | IFF_POINTOPOINT; 13 | } 14 | 15 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/ovpn-dco/901-fix-linux-6.11.patch: -------------------------------------------------------------------------------- 1 | --- a/drivers/net/ovpn-dco/main.c 2 | +++ b/drivers/net/ovpn-dco/main.c 3 | @@ -268,4 +268,6 @@ MODULE_AUTHOR(DRV_COPYRIGHT); 4 | MODULE_LICENSE("GPL"); 5 | MODULE_VERSION(DRV_VERSION); 6 | MODULE_ALIAS_RTNL_LINK(DRV_NAME); 7 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0) 8 | MODULE_ALIAS_GENL_FAMILY(OVPN_NL_NAME); 9 | +#endif 10 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/ovpn-dco/902-fix-linux-6.12.patch: -------------------------------------------------------------------------------- 1 | --- a/drivers/net/ovpn-dco/main.c 2 | +++ b/drivers/net/ovpn-dco/main.c 3 | @@ -125,7 +125,11 @@ static void ovpn_setup(struct net_device 4 | const int overhead = sizeof(u32) + NONCE_WIRE_SIZE + 16 + sizeof(struct udphdr) + 5 | max(sizeof(struct ipv6hdr), sizeof(struct iphdr)); 6 | 7 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) 8 | + netdev_features_t feat = NETIF_F_SG | dev->lltx | 9 | +#else 10 | netdev_features_t feat = NETIF_F_SG | NETIF_F_LLTX | 11 | +#endif 12 | NETIF_F_HW_CSUM | NETIF_F_RXCSUM | NETIF_F_GSO | 13 | NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA; 14 | 15 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/rtpengine/900-fix-linux-6.12-11.5.1.18.patch: -------------------------------------------------------------------------------- 1 | diff --git a/kernel-module/xt_RTPENGINE.c b/kernel-module/xt_RTPENGINE.c 2 | index 2e5278a..7a3cb09 100644 3 | --- a/kernel-module/xt_RTPENGINE.c 4 | +++ b/kernel-module/xt_RTPENGINE.c 5 | @@ -4017,7 +4017,7 @@ static int send_proxy_packet4(struct sk_buff *skb, struct re_address *src, struc 6 | if (!net) 7 | goto drop; 8 | 9 | - rt = ip_route_output(net, dst->u.ipv4, src->u.ipv4, tos, 0); 10 | + rt = ip_route_output(net, dst->u.ipv4, src->u.ipv4, tos, 0, 0); 11 | if (IS_ERR(rt)) 12 | goto drop; 13 | skb_dst_drop(skb); 14 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/sms-tools/900-fix-incompatible-pointer-type-error-for-signal-function.patch: -------------------------------------------------------------------------------- 1 | --- a/sms_main.c 2 | +++ b/sms_main.c 3 | @@ -111,7 +111,7 @@ static void resetserial() 4 | close(port); 5 | } 6 | 7 | -static void timeout() 8 | +static void timeout(int signo) 9 | { 10 | fprintf(stderr,"No response from modem.\n"); 11 | exit(2); 12 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/ubootenv-nvram/010-make-ubootenv_remove-return-void-for-linux-6.12.patch: -------------------------------------------------------------------------------- 1 | --- a/ubootenv-nvram.c 2 | +++ b/ubootenv-nvram.c 3 | @@ -13,6 +13,7 @@ 4 | #include 5 | #include 6 | #include 7 | +#include 8 | 9 | #define NAME "ubootenv" 10 | 11 | @@ -132,18 +133,30 @@ static int ubootenv_probe(struct platfor 12 | return misc_register(&data->misc); 13 | } 14 | 15 | -static int ubootenv_remove(struct platform_device *pdev) 16 | +static 17 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0) 18 | +int 19 | +#else 20 | +void 21 | +#endif 22 | +ubootenv_remove(struct platform_device *pdev) 23 | { 24 | struct ubootenv_drvdata *data = platform_get_drvdata(pdev); 25 | 26 | data->env = NULL; 27 | misc_deregister(&data->misc); 28 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0) 29 | return 0; 30 | +#endif 31 | } 32 | 33 | static struct platform_driver ubootenv_driver = { 34 | .probe = ubootenv_probe, 35 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0) 36 | .remove = ubootenv_remove, 37 | +#else 38 | + .remove_new = ubootenv_remove, 39 | +#endif 40 | .driver = { 41 | .name = NAME, 42 | .owner = THIS_MODULE, 43 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/xtables-addons/301-fix-build-with-linux-6.12.patch: -------------------------------------------------------------------------------- 1 | --- a/extensions/rtsp/nf_conntrack_rtsp.c 2 | +++ b/extensions/rtsp/nf_conntrack_rtsp.c 3 | @@ -735,8 +735,12 @@ init(void) 4 | } 5 | 6 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0) 7 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0) 8 | strlcpy(hlpr->name, tmpname, sizeof(hlpr->name)); 9 | #else 10 | + strscpy(hlpr->name, tmpname, sizeof(hlpr->name)); 11 | +#endif 12 | +#else 13 | hlpr->name = tmpname; 14 | #endif 15 | pr_debug("port #%d: %d\n", i, ports[i]); 16 | -------------------------------------------------------------------------------- /openwrt/patch/packages-patches/xtables-addons/302-fix-build-for-linux-6.12rc2.patch: -------------------------------------------------------------------------------- 1 | --- a/extensions/xt_ipp2p.c 2 | +++ b/extensions/xt_ipp2p.c 3 | @@ -3,7 +3,11 @@ 4 | #include 5 | #include 6 | #include 7 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) 8 | +#include 9 | +#else 10 | #include 11 | +#endif 12 | #include "xt_ipp2p.h" 13 | #include "compat_xtables.h" 14 | 15 | -------------------------------------------------------------------------------- /openwrt/patch/pcre/Config.in: -------------------------------------------------------------------------------- 1 | config PCRE_JIT_ENABLED 2 | bool 3 | depends on PACKAGE_libpcre && (arm || i386 || i686 || x86_64 || mips || mipsel || powerpc || sparc) 4 | default y if (arm || i686 || x86_64) 5 | prompt "Enable JIT compiler support" 6 | help 7 | Enable JIT (Just-In-Time) compiler support. 8 | 9 | Enabling this option can give an about 10x performance increase on JIT operations. It can be desireable for e.g. high performance Apache mod_rewrite or HA-Proxy reqrep operations. 10 | 11 | However, JIT should _only_ be enabled on architectures that are supported. Enabling JIT on unsupported platforms will result in a compilation failure. A list of supported architectures can be found here: https://pcre.org/original/doc/html/pcrejit.html#SEC3 . 12 | -------------------------------------------------------------------------------- /openwrt/patch/rtc/sysfixtime: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # Copyright (C) 2013-2014 OpenWrt.org 3 | 4 | START=00 5 | STOP=90 6 | 7 | HWCLOCK=/sbin/hwclock 8 | 9 | if [ -e "/dev/rtc1" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -f /dev/rtc1 >/dev/null 2>&1; then 10 | RTC_DEV=/dev/rtc1 11 | else 12 | RTC_DEV=/dev/rtc0 13 | fi 14 | 15 | boot() { 16 | hwclock_load 17 | local maxtime="$(find_max_time)" 18 | local curtime="$(date +%s)" 19 | if [ $curtime -lt $maxtime ]; then 20 | date -s @$maxtime 21 | hwclock_save 22 | fi 23 | } 24 | 25 | start() { 26 | hwclock_load 27 | } 28 | 29 | stop() { 30 | hwclock_save 31 | } 32 | 33 | hwclock_load() { 34 | [ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV 35 | } 36 | 37 | hwclock_save(){ 38 | [ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -w -u -f $RTC_DEV && \ 39 | logger -t sysfixtime "saved '$(date)' to $RTC_DEV" 40 | } 41 | 42 | find_max_time() { 43 | local file newest 44 | 45 | for file in $( find /etc -type f ) ; do 46 | [ -z "$newest" -o "$newest" -ot "$file" ] && newest=$file 47 | done 48 | [ "$newest" ] && date -r "$newest" +%s 49 | } 50 | -------------------------------------------------------------------------------- /openwrt/patch/target-modify_for_armsr.patch: -------------------------------------------------------------------------------- 1 | diff --git a/include/target.mk b/include/target.mk 2 | index 0108bce..4ceb81e 100644 3 | --- a/include/target.mk 4 | +++ b/include/target.mk 5 | @@ -318,6 +318,10 @@ ifeq ($(DUMP),1) 6 | CPU_CFLAGS := -O2 -pipe 7 | CPU_CFLAGS_generic:=-march=loongarch64 8 | endif 9 | + ifeq ($(BOARD),armsr) 10 | + CPU_CFLAGS = -O3 -pipe 11 | + CPU_CFLAGS_generic = -march=armv8-a+crc+crypto 12 | + endif 13 | ifneq ($(CPU_TYPE),) 14 | ifndef CPU_CFLAGS_$(CPU_TYPE) 15 | $(warning CPU_TYPE "$(CPU_TYPE)" doesn't correspond to a known type) 16 | -------------------------------------------------------------------------------- /openwrt/patch/target-modify_for_rockchip.patch: -------------------------------------------------------------------------------- 1 | diff --git a/include/target.mk b/include/target.mk 2 | index 0108bce..5577072 100644 3 | --- a/include/target.mk 4 | +++ b/include/target.mk 5 | @@ -318,6 +318,10 @@ ifeq ($(DUMP),1) 6 | CPU_CFLAGS := -O2 -pipe 7 | CPU_CFLAGS_generic:=-march=loongarch64 8 | endif 9 | + ifeq ($(BOARD),rockchip) 10 | + CPU_CFLAGS = -O3 -Wl,--gc-sections -pipe 11 | + CPU_CFLAGS_generic = -march=armv8-a+crc+crypto 12 | + endif 13 | ifneq ($(CPU_TYPE),) 14 | ifndef CPU_CFLAGS_$(CPU_TYPE) 15 | $(warning CPU_TYPE "$(CPU_TYPE)" doesn't correspond to a known type) 16 | -------------------------------------------------------------------------------- /openwrt/patch/target-modify_for_x86_64.patch: -------------------------------------------------------------------------------- 1 | diff --git a/include/target.mk b/include/target.mk 2 | index 0108bce..45ade4b 100644 3 | --- a/include/target.mk 4 | +++ b/include/target.mk 5 | @@ -257,7 +257,7 @@ LINUX_RECONF_DIFF = $(SCRIPT_DIR)/kconfig.pl - '>' $(call __linux_confcmd,$(filt 6 | ifeq ($(DUMP),1) 7 | BuildTarget=$(BuildTargets/DumpCurrent) 8 | 9 | - CPU_CFLAGS = -Os -pipe 10 | + CPU_CFLAGS = -O3 -mtune=generic -pipe 11 | ifneq ($(findstring mips,$(ARCH)),) 12 | ifneq ($(findstring mips64,$(ARCH)),) 13 | CPU_TYPE ?= mips64 14 | -------------------------------------------------------------------------------- /openwrt/scripts/03-convert_translation.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # [CTCGFW]immortalwrt 3 | # Use it under GPLv3, please. 4 | # -------------------------------------------------------- 5 | # Convert translation files zh-cn to zh_Hans 6 | # The script is still in testing, welcome to report bugs. 7 | 8 | po_file="$({ find |grep -E "[a-z0-9]+\.zh\-cn.+po"; } 2>"/dev/null")" 9 | for a in ${po_file} 10 | do 11 | [ -n "$(grep "Language: zh_CN" "$a")" ] && sed -i "s/Language: zh_CN/Language: zh_Hans/g" "$a" 12 | po_new_file="$(echo -e "$a"|sed "s/zh-cn/zh_Hans/g")" 13 | mv "$a" "${po_new_file}" 2>"/dev/null" 14 | done 15 | 16 | po_file2="$({ find |grep "/zh-cn/" |grep "\.po"; } 2>"/dev/null")" 17 | for b in ${po_file2} 18 | do 19 | [ -n "$(grep "Language: zh_CN" "$b")" ] && sed -i "s/Language: zh_CN/Language: zh_Hans/g" "$b" 20 | po_new_file2="$(echo -e "$b"|sed "s/zh-cn/zh_Hans/g")" 21 | mv "$b" "${po_new_file2}" 2>"/dev/null" 22 | done 23 | 24 | lmo_file="$({ find |grep -E "[a-z0-9]+\.zh_Hans.+lmo"; } 2>"/dev/null")" 25 | for c in ${lmo_file} 26 | do 27 | lmo_new_file="$(echo -e "$c"|sed "s/zh_Hans/zh-cn/g")" 28 | mv "$c" "${lmo_new_file}" 2>"/dev/null" 29 | done 30 | 31 | lmo_file2="$({ find |grep "/zh_Hans/" |grep "\.lmo"; } 2>"/dev/null")" 32 | for d in ${lmo_file2} 33 | do 34 | lmo_new_file2="$(echo -e "$d"|sed "s/zh_Hans/zh-cn/g")" 35 | mv "$d" "${lmo_new_file2}" 2>"/dev/null" 36 | done 37 | 38 | po_dir="$({ find |grep "/zh-cn" |sed "/\.po/d" |sed "/\.lmo/d"; } 2>"/dev/null")" 39 | for e in ${po_dir} 40 | do 41 | po_new_dir="$(echo -e "$e"|sed "s/zh-cn/zh_Hans/g")" 42 | mv "$e" "${po_new_dir}" 2>"/dev/null" 43 | done 44 | 45 | makefile_file="$({ find|grep Makefile |sed "/Makefile./d"; } 2>"/dev/null")" 46 | for f in ${makefile_file} 47 | do 48 | [ -n "$(grep "zh-cn" "$f")" ] && sed -i "s/zh-cn/zh_Hans/g" "$f" 49 | [ -n "$(grep "zh_Hans.lmo" "$f")" ] && sed -i "s/zh_Hans.lmo/zh-cn.lmo/g" "$f" 50 | done 51 | exit 0 52 | -------------------------------------------------------------------------------- /openwrt/scripts/99_clean_build_cache.sh: -------------------------------------------------------------------------------- 1 | rm -rf bin 2 | rm -rf build_dir/target-aarch64_generic_musl/root-rockchip build_dir/target-x86_64_musl/root-x86 build_dir/target-arm_cortex-a9_musl_eabi/root-bcm53xx 3 | rm -rf build_dir/target-aarch64_generic_musl/root.orig-rockchip build_dir/target-x86_64_musl/root.orig-x86 build_dir/target-arm_cortex-a9_musl_eabi/root.orig-bcm53xx 4 | rm -rf staging_dir/target-aarch64_generic_musl/root-rockchip staging_dir/target-x86_64_musl/root-x86 5 | rm -rf staging_dir/packages/rockchip staging_dir/packages/x86 staging_dir/target-arm_cortex-a9_musl_eabi/root-bcm53xx 6 | rm -rf dl/geo* 7 | rm -rf tmp/.config* 8 | CURRENT_DATE=$(date +%s) 9 | sed -i "/BUILD_DATE/d" package/base-files/files/usr/lib/os-release 10 | sed -i "/BUILD_ID/aBUILD_DATE=\"$CURRENT_DATE\"" package/base-files/files/usr/lib/os-release 11 | -------------------------------------------------------------------------------- /robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: / 3 | -------------------------------------------------------------------------------- /rsync_deny.txt: -------------------------------------------------------------------------------- 1 | /build.sh 2 | openwrt/.git 3 | tags/tmp -------------------------------------------------------------------------------- /tags/kernel-6.12: -------------------------------------------------------------------------------- 1 | LINUX_VERSION-6.12 = .31 2 | LINUX_KERNEL_HASH-6.12.31 = b04c5b3e5df6e0aa5e9cd1efe527fac99f9dd39a43b97f13b22f8ca93e524ba7 3 | -------------------------------------------------------------------------------- /tags/kernel-tag.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | ROOT="./" 6 | 7 | # LTS 8 | KERNEL_VERSION=`curl -s https://raw.githubusercontent.com/andreoss/kernel-overlay/refs/heads/master/sources.json | jq -r '.[] | select(.package.name == "6_12") | .version'` 9 | KERNEL_HASH=`curl -s https://raw.githubusercontent.com/andreoss/kernel-overlay/refs/heads/master/sources.json | jq -r '.[] | select(.package.name == "6_12") | .checksum'` 10 | TAG=`echo $KERNEL_VERSION | awk -F"." '{print $3}'` 11 | 12 | [ -z $TAG ] && TAG="" || TAG=.$TAG 13 | echo "LINUX_VERSION-6.12 = $TAG 14 | LINUX_KERNEL_HASH-$KERNEL_VERSION = $KERNEL_HASH" > $ROOT/kernel-6.12 15 | -------------------------------------------------------------------------------- /tags/openwrt-tag.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -s "https://api.github.com/repos/openwrt/openwrt/tags" -o tags.json || exit 1 4 | if [ ! -s tags.json ]; then 5 | echo error 6 | exit 1 7 | else 8 | cat tags.json | jq . > jq.json 2>&1 9 | fi 10 | 11 | grep name jq.json | grep v24 | head -1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g' | sed 's/v//g' > v24 12 | rm -f tags.json jq.json 13 | -------------------------------------------------------------------------------- /tags/v24: -------------------------------------------------------------------------------- 1 | 24.10.1 2 | --------------------------------------------------------------------------------