├── BONDING.md ├── README.md ├── bonding-server └── bonding-server.fwb ├── images └── bonding.jpg ├── kernel ├── kmod-igb-c2xxx │ └── Makefile ├── qat-c2xxx │ ├── Config.in │ ├── Makefile │ ├── files │ │ ├── qat.init │ │ └── qat_watchdog.init │ └── patches │ │ ├── 01-remove-inline.patch │ │ ├── 02-netkey-shim.patch │ │ └── series └── qat-netkey │ ├── Makefile │ └── patches │ ├── 01-task_is_dead-undeclared.patch │ └── 02-test-module.patch ├── libs └── openssl │ ├── Config.in │ ├── Makefile │ └── patches │ ├── 110-optimize-for-size.patch │ ├── 130-perl-path.patch │ ├── 140-makefile-dirs.patch │ ├── 160-disable_doc_tests.patch │ ├── 170-bash_path.patch │ ├── 180-fix_link_segfault.patch │ ├── 190-remove_timestamp_check.patch │ └── 200-parallel_build.patch └── net └── bondlink ├── Makefile ├── files ├── etc │ ├── bonding │ │ ├── bonding-preup.sh │ │ ├── bonding-up.sh │ │ ├── ifdown-local │ │ ├── ifup-local │ │ ├── restartbonding.sh │ │ ├── tun0-down.sh │ │ ├── tun0-up.sh │ │ ├── tun1-down.sh │ │ ├── tun1-up.sh │ │ └── watchbond.sh │ ├── config │ │ └── bonding │ ├── hotplug.d │ │ └── iface │ │ │ └── 60-local │ ├── init.d │ │ └── bonding │ └── uci-defaults │ │ └── update-config.sh └── usr │ └── bin │ └── speedtest_cli └── patches-3.18 └── 999-bonding-empty-mac-address.patch /BONDING.md: -------------------------------------------------------------------------------- 1 | # Introduction to bonding two internet links 2 | 3 | This code was used to run two internet links bonded together into a single fast pipe for over a year. When originally investigating this scenario, it became apparent that there were no freely available solutions that worked out of the box. I found a number of commercial services that offered a bonded link, however they all kept their technique a secret. As a result, I decide to roll my own solution using OpenWrt. It took considerable effort to get a working solution and I always meant to document it and package it up. Here it is. 4 | 5 | # Background and Prerequisites 6 | 7 | This howto requires an advanced level of skill. You will need to compile your own image as it requires a kernel modification to the bonding driver in order to allow the bonding of a point-to-point link, something which is normally impossible as the kernel driver will reject an interface with no MAC address. This is also not a hotwo in which every step you need to take is outlined in detail here: some things you will need to know how to do yourself, such as generate x509 certificates and keys for openvpn and manage Linux services. You will also need more than a passing familiarity with firewalls and NAT. 8 | 9 | You will need a hardware platform for OpenWrt that is capable of the necessary AES throughput that can support wire speed encryption. For this project, I built my own router as most commercial consumer routers tend to top out at about 15Mbps of throughput. I used a platform based on the Intel C2558 SoC, using a Supermicro A1SRi-2558F motherboard. This is a 64 bit 4 core Atom processor with AES-NI hardware acceleration capable of sustaining 3 - 4Gbps of AES throughput. It's important to note that if you don't use a powerful enough platform, you simply won't get the performance you're expecting. 10 | 11 | You will also need to get a VM in a datacentre to serve as the endpoint for your bonded connection. The most important thing (apart from the pricing of your host) is the latency between you and the datacentre, as this will impact your maximum achievable speed. The latency between my router and the datacentre is 5ms. You also need to have a sufficiently powerful instance that can support your wirespeed encryption. Depending on the OS you use, you may also need to make a kernel modification (Centos 6 requires no kernel mod, whereas Centos 7 does). Your VM provider will need to be able to allocate you two static IP addresses on your VM. 12 | 13 | In addition, you will need two internet links. I bonded two ADSL links from BT, opting for one of their business class connections with a higher quality of service than the consumer connections (priority over all consumer traffic). For each connection, you will require a static IP address. It's important to get two links that are as symmetrical as possible in terms of latency and sync speed, as the maximum performance is approximately 90% of 2x the slowest link. 14 | 15 | In a nutshell, this is an expensive solution. It's cheaper to get a faster line than to bond two lines together. I only did this because my road was bypassed by fibre. Total cost for the lines and the VM amounts to about £110 pounds sterling per month. The ADSL business class lines are expensive and you could definitely get a cheaper solution by opting for a consumer class connection if your provider can offer static IP addresses (normally only the province of a business class line), but the business class connections offer substantially less latency and so contribute significantly to an improved throughput. 16 | 17 | Performance-wise, it's actually pretty good. I bonded together two annex M ADSL connections that sync at about 12Mbps each. The resulting throughput of the bonded connection is 22Mbps download and a similar combined performance on the upload. Practically speaking, you achieve about a 90% efficiency. However, I would expect this to drop significantly as you add more links. 18 | 19 | Graphically, the setup looks as follows 20 | 21 | ![Bonding Image](https://raw.githubusercontent.com/dl12345/openwrt-packages/for-15.05/images/bonding.jpg) 22 | 23 | The solution I crafted uses a modified kernel bonding driver, some source routing wizardry and a couple of scripts. It's configured with a standard OpenWrt UCI script. I would strongly recommend that you read the scripts carefully in order to understand what they do as otherwise trouble shooting becomes a stab in the dark. 24 | 25 | Your custom image requires a number of command line programs in order to work. In no specific order, these are 26 | 27 | 28 | * /usr/sbin/ip 29 | * /sbin/route 30 | * /usr/sbin/openvpn 31 | * /usr/bin/socat 32 | * /sbin/ifconfig 33 | 34 | 35 | You will also require a number of packages 36 | 37 | 38 | * openvpn 39 | * socat 40 | * logger 41 | * python and python-expat for the speedtest 42 | 43 | The kernel patch, the necessary packages and the scripts are all installed by the bonding package in this repository. **Before** launching a top level make, be sure to run the prepare method of the bonding package to install the kernel patch, otherwise it won't be installed and your bonding won't work. The rest of the steps below are automatically performed on openwrt but the server machine needs to be setup manually. 44 | 45 | ``` 46 | openwrt@openwrt-host.git]$ make package/bondlink/prepare V=s 47 | ``` 48 | 49 | We will deal first with the OpenWrt configuration and then with the configuration of the VM in the data centre. 50 | 51 | # Kernel 52 | 53 | The critical element to this solution is the patch to the kernel bonding driver that allows a point-to-point interface to be made a slave to a bonding master. Normally, the driver will refuse to bond a point-to-point interface in kernels above 2.x. It's a simple patch that just involves commenting out a section of code. This patch will almost certainly break the bonding driver for other applications. Of course, you must also make sure that the bonding driver is activated in the OpenWrt configuration. 54 | 55 | If you're using a kernel on your datacentre VM that is > 2.x, then you will also need to apply this patch to your datacentre VM kernel. Centos 6 works out of the box with no kernel changes needed. 56 | 57 | ``` 58 | --- a/drivers/net/bonding/bond_main.c 59 | +++ b/drivers/net/bonding/bond_main.c 60 | @@ -1303,11 +1303,11 @@ int bond_enslave(struct net_device *bond 61 | if (!bond_has_slaves(bond)) { 62 | bond->params.fail_over_mac = BOND_FOM_ACTIVE; 63 | netdev_warn(bond_dev, "Setting fail_over_mac to active for active-backup mode\n"); 64 | - } else { 65 | + } /*else { 66 | netdev_err(bond_dev, "The slave device specified does not support setting the MAC address, but fail_over_mac is not set to active\n"); 67 | res = -EOPNOTSUPP; 68 | goto err_undo_flags; 69 | - } 70 | + } */ 71 | } 72 | } 73 | 74 | @@ -1355,7 +1355,7 @@ int bond_enslave(struct net_device *bond 75 | memcpy(addr.sa_data, bond_dev->dev_addr, bond_dev->addr_len); 76 | addr.sa_family = slave_dev->type; 77 | res = dev_set_mac_address(slave_dev, &addr); 78 | - if (res) { 79 | + if (res && res != -EOPNOTSUPP) { 80 | netdev_dbg(bond_dev, "Error %d calling set_mac_address\n", res); 81 | goto err_restore_mtu; 82 | } 83 | ``` 84 | 85 | # /etc/config/bonding 86 | 87 | The software configuration is through /etc/config/bonding using standard UCI format. This file will be read by the /etc/init.d/bonding script. You will also need to configure the interfaces and firewall zones as well as setup appropriate openvpn key and certificate stores. Most of the configuration items are self-explanatory. All of these files are installed by the bondlink package and you will only need to edit the config files. 88 | 89 | /etc/config/bonding: 90 | 91 | ``` 92 | 93 | config link 'link0' 94 | option interface 'wan0' 95 | option tunnel 'tun0' 96 | option local_port '1194' # Your separate tunnels need to run on different ports 97 | option remote_port '1194' 98 | option server '' 99 | option routing_table 'link0' 100 | option active '1' 101 | 102 | config link 'link1' 103 | option interface 'wan1' 104 | option tunnel 'tun1' 105 | option local_port '1195' 106 | option remote_port '1195' 107 | option server '' 108 | option routing_table 'link1' 109 | 110 | config interface 'bond' 111 | option ifname 'bond0' 112 | option ipaddr '10.0.0.2' # private ip address of openwrt bonding interface 113 | option netmask '255.255.255.0' 114 | option remote_ipaddr '10.0.0.1' # private ip address of VM bonding interface 115 | option watchdog '1' # watchdog enabled 116 | option watchdog_ip '8.8.8.8' # ping this address to confirm link is up 117 | option watchdog_period '5' # how often to ping in seconds 118 | option watchdog_timeout '30' # restart after not receiving a reply for N seconds 119 | option watchdog_action '/etc/scripts/restartbonding.sh' # restart action 120 | 121 | config openvpn 122 | option client '1' 123 | option dev_type 'tun' 124 | option proto 'udp' 125 | option fragment '1400' 126 | option mssfix '1' 127 | option persist_key '1' 128 | option persist_tun '1' 129 | option replay_window '512' 130 | option mute_replay_warnings '1' 131 | option verb '2' 132 | option cipher 'AES-256-CBC' 133 | option ca '/etc/openvpn/ca.crt' 134 | option cert '/etc/openvpn/router.crt' 135 | option key '/etc/openvpn/router.key' 136 | option dh '/etc/openvpn/dh2048.pem' 137 | option tls_auth '/etc/openvpn/ta.key 1' 138 | option ns_cert_type 'server' 139 | option tls_client '1' 140 | option txqueuelen '1000' 141 | option keepalive '5 30' 142 | option nice '-20' 143 | option fast_io '1' 144 | option replay_window '256 60' 145 | option key_method '2' 146 | option reneg_sec '3600' 147 | option tran_window '900' 148 | option comp_lzo '1' 149 | option script_security '2' 150 | option up_delay '1' 151 | 152 | config openvpn-server 153 | option server '1' 154 | option dev_type 'tun' 155 | option proto 'udp' 156 | option fragment '1400' 157 | option mssfix '1' 158 | option persist_key '1' 159 | option persist_tun '1' 160 | option replay_window '512' 161 | option mute_replay_warnings '1' 162 | option verb '2' 163 | option cipher 'AES-256-CBC' 164 | option ca '/etc/openvpn/ca.crt' 165 | option cert '/etc/openvpn/server.crt' 166 | option key '/etc/openvpn/server.key' 167 | option dh '/etc/openvpn/dh2048.pem' 168 | option tls_auth '/etc/openvpn/ta.key 0' 169 | option ns_cert_type 'server' 170 | option tls_server '1' 171 | option txqueuelen '1000' 172 | option keepalive '5 15' 173 | option nice '-20' 174 | option fast_io '1' 175 | option replay_window '256 60' 176 | option key_method '2' 177 | option reneg_sec '3600' 178 | option tran_window '900' 179 | option comp_lzo '1' 180 | option script_security '2' 181 | option up_delay '1' 182 | ``` 183 | 184 | You will need to use openssl to generate the necessary keys and certificates for the router and the server in your data centre. 185 | 186 | 187 | # /etc/init.d/bonding 188 | 189 | ``` 190 | #!/bin/sh /etc/rc.common 191 | # Copyright (C) 2006-2011 OpenWrt.org 192 | 193 | . /lib/functions.sh 194 | . /lib/functions/network.sh 195 | 196 | START=99 197 | USE_PROCD=1 198 | PROG=bonding 199 | DELAY=5 200 | 201 | LIST_SEP=" 202 | " 203 | 204 | IPBINARY="/usr/sbin/ip" 205 | ROUTEBINARY="/sbin/route" 206 | IFCONFIGBINARY="/sbin/ifconfig" 207 | OPENVPNBINARY="/usr/sbin/openvpn" 208 | SYSFSROOT="/sys/class/net" 209 | BONDING_MASTERS="bonding_masters" 210 | RUNDIR="/var/run" 211 | CONFDIR="/var/etc" 212 | PREUPSCRIPT="/etc/bonding/bonding-preup.sh" 213 | UPSCRIPT="/etc/bonding/bonding-up.sh" 214 | PREDOWNSCRIPT="/etc/bonding/bonding-predown.sh" 215 | DOWNSCRIPT="/etc/bonding/bonding-down.sh" 216 | WATCHBOND="/etc/bonding/watchbond.sh" 217 | WATCHDOGACTION="/etc/init.d/bonding restart" 218 | MANAGEMENT_INTERFACE="1" 219 | 220 | EXTRA_COMMANDS="d_start d_stop status test" 221 | EXTRA_HELP=" d_start Start in debug mode (no action taken) 222 | d_stop Stop in debug mode (no action taken) 223 | status Show bonding status 224 | test Run speedtest (requires python and python-expat)" 225 | 226 | LOGGER="logger -t ${PROG}" 227 | #LOGGER="echo" 228 | 229 | logmessage () 230 | { 231 | ${LOGGER} "$@" 232 | } 233 | 234 | shell_command() 235 | { 236 | if [ -z "${DEBUG}" ]; then 237 | logmessage "${2}" 238 | eval "${2}" 239 | else 240 | debug "${1}: ${2}" 241 | fi 242 | 243 | } 244 | 245 | # add_source_route(routing table, wanip) 246 | del_source_route() 247 | { 248 | 249 | local function_name="del_source_route" 250 | local routecmd 251 | 252 | debug "${function_name}: routing_table=${1} wanip=${2}" 253 | 254 | routecmd="${IPBINARY} rule del from ${2} 2> /dev/null" 255 | shell_command "${function_name}" "${routecmd}" 256 | 257 | routecmd="${IPBINARY} route del default table ${1} 2> /dev/null" 258 | shell_command "${function_name}" "${routecmd}" 259 | 260 | } 261 | 262 | # add_source_route(routing table, wan_interface, wanip, gateway) 263 | add_source_route() 264 | { 265 | 266 | local function_name="add_source_route" 267 | local routecmd 268 | local device 269 | 270 | debug "${function_name}: routing_table=${1} wan_interface=${2} wanip=${3} gateway=${4}" 271 | 272 | network_get_device device ${2} 273 | if [ -z "${device}" ]; then 274 | logmessage "Unable to locate physical device name for logical interface ${2}" 275 | return 1 276 | fi 277 | debug "${function_name}: ${2} has device ${device}" 278 | 279 | routecmd="$IPBINARY rule add from ${3} lookup ${1}" 280 | shell_command "${function_name}" "${routecmd}" 281 | 282 | routecmd="${IPBINARY} route add default via ${4} table ${1} dev ${device}" 283 | shell_command "${function_name}" "${routecmd}" 284 | } 285 | 286 | 287 | 288 | 289 | # setup_default_route $bond_remoteip 290 | setup_default_route() 291 | { 292 | 293 | local function_name="setup_default_route" 294 | local routecmd 295 | local bond_remoteip 296 | 297 | config_get bond_remoteip "bond" remote_ipaddr 298 | if [ -z "${bond_remoteip}" ]; then 299 | logmessage "No bond remote ip specified for ${1}" 300 | return 1 301 | fi 302 | 303 | routecmd="${ROUTEBINARY} delete default" 304 | shell_command "${function_name}" "${routecmd}" 305 | 306 | routecmd="${ROUTEBINARY} add default gw ${bond_remoteip}" 307 | shell_command "${function_name}" "${routecmd}" 308 | } 309 | 310 | setup_bonding_interface() 311 | { 312 | local tunnel_devices_list; eval tunnel_devices_list=\$${1} 313 | local function_name="setup_bonding_interface" 314 | local bondcmd 315 | local bond_interface 316 | local bond_localip 317 | local bond_netmask 318 | local expr 319 | 320 | config_get bond_interface "bond" ifname 321 | if [ -z "${bond_interface}" ]; then 322 | logmessage "No bond interface specified for ${1}" 323 | return 1 324 | fi 325 | config_get bond_localip "bond" ipaddr 326 | if [ -z "${bond_localip}" ]; then 327 | logmessage "No bond ip specified for ${1}" 328 | return 1 329 | fi 330 | 331 | config_get bond_netmask "bond" netmask 332 | if [ -z "${bond_netmask}" ]; then 333 | logmessage "No bond netmask specified for ${1}" 334 | return 1 335 | fi 336 | 337 | debug "${function_name}: interface=${bond_interface} ip=${bond_localip} netmask=${bond_netmask} slaves=${tunnel_devices_list}" 338 | 339 | # reset the bonding by first removing the bond interface if it's already present in bonding_masters 340 | 341 | expr="$(cat ${SYSFSROOT}/${BONDING_MASTERS} | sed -n "s/.*\(${bond_interface}\).*/\1/p")" 342 | if [ -n "${expr}" ]; then 343 | bondcmd="echo -${expr} > ${SYSFSROOT}/${BONDING_MASTERS}" 344 | shell_command "${function_name}" "${bondcmd}" 345 | fi 346 | 347 | bondcmd="echo +${bond_interface} > ${SYSFSROOT}/${BONDING_MASTERS}" 348 | shell_command "${function_name}" "${bondcmd}" 349 | 350 | # add the previously parsed tunnel devices as slaves 351 | 352 | if [ -n "${tunnel_devices_list}" ]; then 353 | for i in ${tunnel_devices_list} ; do 354 | bondcmd="echo \"${i}\" > ${SYSFSROOT}/${bond_interface}/bonding/slaves" 355 | shell_command "${function_name}" "${bondcmd}" 356 | done 357 | fi 358 | 359 | # ifconfig and up the bonding device 360 | 361 | bondcmd="${IFCONFIGBINARY} ${bond_interface} ${bond_localip} netmask ${bond_netmask}" 362 | shell_command "${function_name}" "${bondcmd}" 363 | 364 | } 365 | 366 | delete_bonding_interface() 367 | { 368 | local function_name="del_bonding_interface" 369 | local bondcmd 370 | local bond_interface 371 | local expr 372 | 373 | config_get bond_interface "bond" ifname 374 | if [ -z "${bond_interface}" ]; then 375 | logmessage "No bond interface specified for ${1}" 376 | return 1 377 | fi 378 | 379 | debug "${function_name}: interface=${bond_interface} ip=${bond_localip} netmask=${bond_netmask} slaves=${tunnel_devices_list}" 380 | 381 | # reset the bonding by removing the bond interface from bonding_masters 382 | 383 | expr="$(cat ${SYSFSROOT}/${BONDING_MASTERS} | sed -n "s/.*\(${bond_interface}\).*/\1/p")" 384 | if [ -n "${expr}" ]; then 385 | bondcmd="echo -${expr} > ${SYSFSROOT}/${BONDING_MASTERS}" 386 | shell_command "${function_name}" "${bondcmd}" 387 | fi 388 | 389 | } 390 | 391 | append_bools() 392 | { 393 | local p; local v; local s="${1}"; shift 394 | for p in $*; do 395 | config_get v "${s}" "${p}" 396 | IFS="${LIST_SEP}" 397 | for v in ${v}; do 398 | [ -n "${v}" ] && ( 399 | echo ""${p}"" | sed -e 's|_|-|g' >> ${config_file} 400 | ) 401 | done 402 | unset IFS 403 | done 404 | } 405 | 406 | append_params() 407 | { 408 | local p; local v; local s="${1}"; shift 409 | for p in $*; do 410 | config_get v "${s}" "${p}" 411 | IFS="${LIST_SEP}" 412 | for v in ${v}; do 413 | [ -n "${v}" ] && ( 414 | echo ""${p}" "${v}"" | sed -e 's|_|-|g' >> ${config_file} 415 | ) 416 | done 417 | unset IFS 418 | done 419 | } 420 | 421 | append_params_quotes() 422 | { 423 | local p; local v; local s="${1}"; shift 424 | for p in $*; do 425 | config_get v "${s}" "${p}" 426 | IFS="${LIST_SEP}" 427 | for v in ${v}; do 428 | [ -n "${v}" ] && ( 429 | echo -n "\""${p} | sed -e 's|/|\\/|g;s|_|-|g' >> ${config_file}; \ 430 | echo "\": \""${v}"\"," >> ${config_file} 431 | ) 432 | done 433 | unset IFS 434 | done 435 | } 436 | 437 | openvpn_add_instance() 438 | { 439 | local function_name="openvpn_add_instance" 440 | local syslog="${1}" 441 | local dir="${2}" 442 | local conf="${3}" 443 | local cmd 444 | 445 | cmd="${OPENVPNBINARY} --syslog \"${syslog}\" --cd ${dir} --config ${conf}" 446 | logmessage "${cmd}" 447 | 448 | procd_open_instance 449 | procd_set_param command "${OPENVPNBINARY}" 450 | procd_append_param command --syslog "${syslog}" --cd "${dir}" --config "${conf}" 451 | #procd_set_param file "${dir}/${conf}" 452 | procd_close_instance 453 | } 454 | 455 | start_openvpn() 456 | { 457 | local function_name="start_openvpn" 458 | local z; eval z=\$${1} 459 | local syslog 460 | 461 | 462 | for i in ${z}; do 463 | syslog="$(echo ${i} | awk -F '\/' '{print $NF}' | sed "s/\([A-Za-z0-9_].*\)\.conf/\1/")" 464 | debug "start_openvpn: ${OPENVPNBINARY} --cd ${CONFDIR} --syslog openvpn(${syslog}) --config ${i}" 465 | if [ -z "${DEBUG}" ]; then 466 | openvpn_add_instance "openvpn(${syslog})" "${CONFDIR}" "${i}" 467 | else 468 | echo "DEBUG is set" 469 | fi 470 | done 471 | 472 | } 473 | 474 | configure_link() 475 | { 476 | local s="${1}"; local v; 477 | local function_name="configure_link" 478 | local expr 479 | local openvpncmd 480 | 481 | local interface 482 | local tunnel 483 | local local_port 484 | local remote_port 485 | local server 486 | local local_ipaddr 487 | local routing_table 488 | local gateway 489 | 490 | [ ! -d "${RUNDIR}" ] && mkdir -p "${RUNDIR}" 491 | [ ! -d "${CONFDIR}" ] && mkdir -p "${CONFDIR}" 492 | 493 | config_file="${CONFDIR}/${1}.conf" 494 | [ -f "${config_file}" ] && rm "${config_file}" 495 | 496 | debug "${function_name}: writing config file ${config_file}" 497 | 498 | config_get interface "${1}" interface 499 | if [ -z "${interface}" ]; then 500 | logmessage "No wan interface specified for ${1}" 501 | return 1 502 | fi 503 | 504 | network_get_ipaddr local_ipaddr ${interface} 505 | if [ -z "${local_ipaddr}" ]; then 506 | logmessage "No ip address specified for interface ${interface}" 507 | return 1 508 | fi 509 | 510 | # wait until the wan link is up 511 | 512 | while ! network_is_up ${interface} ; do 513 | debug "${function_name}" "waiting for interface ${interface} to come up" 514 | sleep $DELAY 515 | done 516 | 517 | config_get tunnel "${1}" tunnel 518 | if [ -z "${tunnel}" ]; then 519 | logmessage "No tunnel device name specified for ${1}" 520 | return 1 521 | fi 522 | config_get local_port "${1}" local_port 523 | if [ -z "${local_port}" ]; then 524 | logmessage "No local port specified for ${1}" 525 | return 1 526 | fi 527 | config_get remote_port "${1}" remote_port 528 | if [ -z "${remote_port}" ]; then 529 | logmessage "No remote port specified for ${1}" 530 | return 1 531 | fi 532 | 533 | config_get server "${1}" server 534 | if [ -z "${server}" ]; then 535 | logmessage "No server ip specified for ${1}" 536 | return 1 537 | fi 538 | 539 | config_get routing_table "${1}" routing_table 540 | if [ -z "${routing_table}" ]; then 541 | logmessage "No routing table specified for ${1}" 542 | return 1 543 | fi 544 | 545 | network_get_gateway gateway ${interface} 1 546 | if [ -z "${gateway}" ]; then 547 | logmessage "No gateway specified for ${1}" 548 | return 1 549 | fi 550 | 551 | echo "dev ${tunnel}" >> ${config_file} 552 | echo "remote ${server} ${remote_port}" >> ${config_file} 553 | echo "port ${local_port}" >> ${config_file} 554 | echo "local ${local_ipaddr}" >> ${config_file} 555 | 556 | if [ "${MANAGEMENT_INTERFACE}" == "1" ]; then 557 | echo "management ${RUNDIR}/openvpn-${1}.sockd unix" >> ${config_file} 558 | fi 559 | 560 | # the tunnel devices list is iteratively built up through successive calls 561 | 562 | bond_tunnel_devices="$bond_tunnel_devices +${tunnel}" 563 | 564 | # create the tunnel devices 565 | 566 | openvpncmd="$OPENVPNBINARY --mktun --dev-type tun --dev ${tunnel} > /dev/null 2>&1" 567 | shell_command "${function_name}" "$openvpncmd" 568 | 569 | # Remove any prior source routes before adding them 570 | 571 | del_source_route ${routing_table} ${local_ipaddr} 572 | add_source_route ${routing_table} ${interface} ${local_ipaddr} ${gateway} 573 | 574 | config_foreach read_openvpn_config 'openvpn' ${config_file} 575 | openvpn_instances="${openvpn_instances} ${config_file}" 576 | 577 | } 578 | 579 | disable_link() 580 | { 581 | local s="${1}"; local v; 582 | local function_name="disable_link" 583 | local cmd 584 | 585 | local interface 586 | local routing_table 587 | local local_ipaddr 588 | local active 589 | local gateway 590 | 591 | config_get interface "${1}" interface 592 | if [ -z "${interface}" ]; then 593 | logmessage "No wan interface specified for ${1}" 594 | return 1 595 | fi 596 | 597 | config_get routing_table "${1}" routing_table 598 | if [ -z "${routing_table}" ]; then 599 | logmessage "No routing table specified for ${1}" 600 | return 1 601 | fi 602 | 603 | network_get_ipaddr local_ipaddr ${interface} 604 | if [ -z "${local_ipaddr}" ]; then 605 | logmessage "No ip address specified for interface ${interface}" 606 | return 1 607 | fi 608 | 609 | # determine if this is the link that would normally hold the default route 610 | 611 | config_get active "${1}" active 612 | 613 | network_get_gateway gateway ${interface} 1 614 | if [ -z "${gateway}" ]; then 615 | logmessage "No gateway specified for ${1}" 616 | return 1 617 | fi 618 | 619 | # Remove any prior source routes before adding them 620 | del_source_route ${routing_table} ${local_ipaddr} 621 | 622 | 623 | if [ "$active" == "1" ]; then 624 | cmd="${ROUTEBINARY} add default gw ${gateway}" 625 | shell_command "${function_name}" "${cmd}" 626 | fi 627 | 628 | } 629 | 630 | read_openvpn_config() 631 | { 632 | local s="${1}" 633 | 634 | config_file=${2} 635 | 636 | 637 | [ ! -d "${RUNDIR}" ] && mkdir -p "${RUNDIR}" 638 | [ ! -d "${CONFDIR}" ] && mkdir -p "${CONFDIR}" 639 | 640 | 641 | # append flags 642 | append_bools "$s" \ 643 | auth_nocache auth_retry auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \ 644 | client_to_client comp_lzo comp_noadapt disable \ 645 | disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \ 646 | ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \ 647 | management_query_passwords management_signal mktun mlock mtu_test mssfix multihome mute_replay_warnings \ 648 | nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \ 649 | persist_remote_ip persist_tun ping_timer_rem pull push_reset \ 650 | remote_random rmtun route_noexec route_nopull single_session socks_proxy_retry \ 651 | suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \ 652 | tun_ipv6 up_restart username_as_common_name 653 | 654 | # append params 655 | append_params "$s" \ 656 | askpass auth auth_user_pass auth_user_pass_verify bcast_buffers ca cert \ 657 | chroot cipher client_config_dir client_connect client_disconnect connect_freq \ 658 | connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \ 659 | engine explicit_exit_notify fragment group hand_window hash_size \ 660 | http_proxy http_proxy_option http_proxy_timeout ifconfig ifconfig_pool \ 661 | ifconfig_pool_persist ifconfig_push inactive ipchange iroute keepalive \ 662 | key key_method keysize learn_address link_mtu lladdr local log log_append \ 663 | lport management management_log_cache max_clients \ 664 | max_routes_per_client mode mtu_disc mute nice ns_cert_type ping \ 665 | ping_exit ping_restart pkcs12 plugin port port_share prng proto rcvbuf \ 666 | redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \ 667 | reneg_bytes reneg_pkts reneg_sec \ 668 | replay_persist replay_window resolv_retry route route_delay route_gateway \ 669 | route_metric route_up rport script_security secret server server_bridge setenv shaper sndbuf \ 670 | socks_proxy status status_version syslog tcp_queue_limit tls_auth \ 671 | tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ 672 | tun_mtu tun_mtu_extra txqueuelen up_delay user verb down push up 673 | 674 | } 675 | 676 | link_status() 677 | { 678 | local function_name="link_status" 679 | local domain_socket 680 | local routing_table 681 | local tunnel 682 | local socatbin 683 | 684 | if [ "${MANAGEMENT_INTERFACE}" != "1" ]; then 685 | return 1 686 | fi 687 | socatbin="$(which socat)" 688 | if [ -z "${socatbin}" ]; then 689 | logmessage "Cannot locate socat binary" 690 | fi 691 | 692 | domain_socket="$RUNDIR/openvpn-${1}.sockd" 693 | if [ -f "${domain_socket}" ]; then 694 | logmessage "No domain socket found for ${1}" 695 | fi 696 | 697 | config_get tunnel "${1}" tunnel 698 | if [ -z "${tunnel}" ]; then 699 | logmessage "Cannot find tunnel device for ${1}" 700 | return 1 701 | fi 702 | 703 | echo 704 | echo -n "${1} connection state: " 705 | echo -e "state" | ${socatbin} - UNIX-CONNECT:\"${domain_socket}\" | sed "3,$ d" | sed "1,1 d" 706 | echo 707 | ifconfig ${tunnel} 708 | echo -e "status" | ${socatbin} - UNIX-CONNECT:\"${domain_socket}\" | sed "1,3 d" | sed "10,$ d" | sed "s/\(^.*\)/\\t \1/" 709 | 710 | config_get bond_interface "bond" ifname 711 | if [ -z "${bond_interface}" ]; then 712 | logmessage "No bond interface specified for ${1}" 713 | return 1 714 | fi 715 | 716 | echo 717 | 718 | } 719 | 720 | start_watchdog() 721 | { 722 | local s="" 723 | local bond_gateway 724 | local watchdog 725 | local watchdog_ip 726 | local watchdog_period='10' 727 | local watchdog_timeout='60' 728 | local watchdog_action="${WATCHDOGACTION}" 729 | 730 | if [ -n "${DEBUG}" ]; then 731 | return 0 732 | fi 733 | 734 | config_get watchdog "bond" watchdog 735 | if [ -z ${watchdog} ]; then 736 | return 0 737 | fi 738 | 739 | config_get bond_gateway "bond" remote_ipaddr 740 | config_get watchdog_ip "bond" watchdog_ip ${bond_gateway} 741 | config_get watchdog_period "bond" watchdog_period '10' 742 | config_get watchdog_timeout "bond" watchdog_timeout '60' 743 | config_get watchdog_action "bond" watchdog_action "/etc/init.d/bonding restart" 744 | 745 | procd_open_instance 746 | procd_set_param command "${WATCHBOND}" 747 | procd_append_param command "${watchdog_timeout}" "${watchdog_ip}" "${watchdog_period}" "${watchdog_action}" 748 | procd_close_instance 749 | } 750 | 751 | 752 | boot() 753 | { 754 | QUIET=1 755 | /usr/sbin/modprobe ${PROG} > /dev/null 2>&1 756 | start 757 | } 758 | 759 | d_start() 760 | { 761 | DEBUG="echo" 762 | start 763 | } 764 | 765 | d_stop() 766 | { 767 | DEBUG="echo" 768 | stop 769 | } 770 | 771 | restart_service() 772 | { 773 | return 0 774 | } 775 | 776 | start_service() 777 | { 778 | local function_name="start" 779 | local expr 780 | 781 | if [ -f "${PREUPSCRIPT}" ]; then 782 | shell_command "start_service" "${PREUPSCRIPT}" 783 | fi 784 | 785 | expr="$(lsmod | grep ${PROG})" 786 | if [ -z "${expr}" ]; then 787 | logmessage "Bonding module not loaded" 788 | return 1 789 | fi 790 | 791 | config_load 'bonding' 792 | 793 | 794 | # this is a little ugly, but we can't pass parameters in to the callback by reference 795 | # and we need to parse the config sections completely before setting up the bond device. 796 | # append the tunnel devices and config files onto a local variable that we can use later 797 | 798 | local bond_tunnel_devices="" 799 | local openvpn_instances="" 800 | config_foreach configure_link 'link' 801 | 802 | setup_bonding_interface bond_tunnel_devices 803 | 804 | start_openvpn openvpn_instances 805 | 806 | setup_default_route 807 | 808 | start_watchdog 809 | 810 | if [ -f "${UPSCRIPT}" ]; then 811 | shell_command "start_service" "${UPSCRIPT}" 812 | fi 813 | } 814 | 815 | stop_service() 816 | { 817 | local function_name="stop" 818 | local expr 819 | 820 | if [ -f "${PREDOWNSCRIPT}" ]; then 821 | shell_command "start_service" "${PREDOWNSCRIPT}" 822 | fi 823 | 824 | config_load 'bonding' 825 | 826 | local bond_tunnel_devices="" 827 | local openvpn_instances="" 828 | config_foreach disable_link 'link' 829 | 830 | delete_bonding_interface 831 | 832 | if [ -f "${DOWNSCRIPT}" ]; then 833 | shell_command "start_service" "${DOWNSCRIPT}" 834 | fi 835 | } 836 | 837 | 838 | status() 839 | { 840 | local function_name="status" 841 | 842 | config_load 'bonding' 843 | 844 | config_foreach link_status 'link' 845 | 846 | config_get bond_interface "bond" ifname 847 | if [ -z "${bond_interface}" ]; then 848 | logmessage "No bond interface specified for ${1}" 849 | return 1 850 | fi 851 | 852 | echo 853 | echo "Bonding device ${bond_interface} status:" 854 | echo 855 | ifconfig ${bond_interface} 856 | } 857 | 858 | test() 859 | { 860 | local function_name="status" 861 | local pythonbin="$(which python)" 862 | local pythonexpat="$(opkg find python-expat)" 863 | local speedtest="$(which speedtest_cli)" 864 | 865 | if [ -z "${pythonbin}" ]; then 866 | logmessage "Python is not installed" 867 | return 1 868 | fi 869 | 870 | if [ -z "${pythonexpat}" ]; then 871 | logmessage "Python expat module is not installed" 872 | return 1 873 | fi 874 | 875 | if [ -z "${speedtest}" ]; then 876 | wget -O /usr/bin/speedtest_cli --no-check-certificate \ 877 | https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py 878 | chmod 755 /usr/bin/speedtest_cli 879 | fi 880 | 881 | local bond_interface 882 | local bond_ipaddr 883 | 884 | config_load 'bonding' 885 | 886 | config_get bond_interface "bond" ifname 887 | if [ -z "${bond_interface}" ]; then 888 | logmessage "No bond interface specified" 889 | return 1 890 | fi 891 | 892 | if ! network_is_up "${bond_interface}" ; then 893 | logmessage "Bond interface ${bond_interface} is not up" 894 | return 1 895 | fi 896 | 897 | config_get bond_ipaddr "bond" ipaddr 898 | if [ -z "${bond_ipaddr}" ]; then 899 | logmessage "Cannot retrieve ip address for ${bond_interface}" 900 | return 1 901 | fi 902 | 903 | echo "Testing speed from source ip ${bond_ipaddr}..." 904 | 905 | speedtest_cli --source ${bond_ipaddr} ${@} 906 | } 907 | 908 | ``` 909 | 910 | # /etc/bonding/watchbond.sh 911 | 912 | ``` 913 | 914 | #!/bin/sh 915 | # Adapted from /usr/bin/watchcat.sh 916 | 917 | watchbond() 918 | { 919 | local period="$1"; local pinghosts="$2"; local pingperiod="$3"; local command="${4}" 920 | 921 | time_now="$(cat /proc/uptime)" 922 | time_now="${time_now%%.*}" 923 | time_lastcheck="$time_now" 924 | time_lastcheck_withinternet="$time_now" 925 | 926 | logger -p daemon.info -t "watchbond[$$]" "Monitoring bond link every ${pingperiod} seconds. Restart enabled after ${period} seconds" 927 | 928 | # sleep for 10 seconds to give the tunnels time to initialize 929 | 930 | sleep 10 931 | 932 | while true 933 | do 934 | # account for the time ping took to return. With a ping time of 5s, ping might take more 935 | # than that, so it is important to avoid even more delay. 936 | 937 | time_now="$(cat /proc/uptime)" 938 | time_now="${time_now%%.*}" 939 | time_diff="$((time_now-time_lastcheck))" 940 | 941 | [ "$time_diff" -lt "$pingperiod" ] && { 942 | sleep_time="$((pingperiod-time_diff))" 943 | sleep "$sleep_time" 944 | } 945 | 946 | time_now="$(cat /proc/uptime)" 947 | time_now="${time_now%%.*}" 948 | time_lastcheck="$time_now" 949 | 950 | for host in "$pinghosts" 951 | do 952 | if ping -c 1 "$host" &> /dev/null 953 | then 954 | time_lastcheck_withinternet="$time_now" 955 | else 956 | time_diff="$((time_now-time_lastcheck_withinternet))" 957 | logger -p daemon.info -t "watchbond[$$]" "no internet connectivity for $time_diff seconds. Resetting bond when reaching $period" 958 | fi 959 | done 960 | 961 | time_diff="$((time_now-time_lastcheck_withinternet))" 962 | if [ "$time_diff" -ge "$period" ]; then 963 | logger -p daemon.info -t "watchbond[$$]" "Resetting with ${4}" 964 | eval "${4}" 965 | fi 966 | 967 | done 968 | } 969 | 970 | watchbond "$1" "$2" "$3" "$4" 971 | 972 | ``` 973 | 974 | The scripts in /etc/bonding are run pre-up, post-up and pre-down, post-down of the bonding links if these scripts exits. 975 | 976 | # /etc/bonding/restartbonding.sh 977 | 978 | ``` 979 | 980 | #!/bin/sh 981 | 982 | ifdown wan0 983 | ifdown wan1 984 | sleep 3 985 | ifup wan0 986 | ipup wan1 987 | /etc/init.d/bonding restart 988 | 989 | ``` 990 | 991 | # /etc/config/network 992 | 993 | ``` 994 | config interface 'bond0' 995 | option ifname 'bond0' 996 | option _orig_ifname 'bond0' 997 | option _orig_bridge 'false' 998 | option proto 'none' 999 | 1000 | config interface 'ov0' 1001 | option proto 'none' 1002 | option ifname 'tun0' 1003 | 1004 | config interface 'ov1' 1005 | option proto 'none' 1006 | option ifname 'tun1' 1007 | ``` 1008 | 1009 | # /etc/config/openvpn 1010 | 1011 | ``` 1012 | 1013 | config openvpn tun0 1014 | option enabled 1 1015 | option config /etc/openvpn/tun0.conf 1016 | 1017 | config openvpn tun1 1018 | option enabled 1 1019 | option config /etc/openvpn/tun1.conf 1020 | 1021 | 1022 | ``` 1023 | 1024 | # /etc/config/firewall 1025 | 1026 | ``` 1027 | 1028 | # Modify your wan zone 1029 | 1030 | option name 'wan' 1031 | option conntrack '1' 1032 | option log '1' 1033 | option masq '1' 1034 | option mtu_fix '1' 1035 | option input 'DROP' 1036 | option output 'ACCEPT' 1037 | option forward 'DROP' 1038 | option log_limit '100/minute' 1039 | option network 'wan0 wan1 bond0' 1040 | 1041 | # Add the following to your /etc/config/firewall 1042 | 1043 | config rule 1044 | option name 'openvpn-udp-link0' 1045 | option src 'wan' 1046 | option dest_port '1194' 1047 | option proto 'udp' 1048 | option src_ip '' 1049 | 1050 | config rule 1051 | option name 'openvpn-udp-link1' 1052 | option src 'wan' 1053 | option dest_port '1195' 1054 | option proto 'udp' 1055 | option src_ip '' 1056 | option target 'ACCEPT' 1057 | 1058 | config zone 1059 | option name 'bondnet' 1060 | option output 'ACCEPT' 1061 | option mtu_fix '1' 1062 | option forward 'DROP' 1063 | option input 'DROP' 1064 | option masq '1' 1065 | option conntrack '1' 1066 | option log '1' 1067 | option network 'ov0 ov1' 1068 | 1069 | config forwarding 1070 | option dest 'bondnet' 1071 | option src 'wan' 1072 | 1073 | config forwarding 1074 | option dest 'wan' 1075 | option src 'bondnet' 1076 | 1077 | ``` 1078 | 1079 | # Datacentre VM configuration 1080 | 1081 | This configuration is for Centos. I'm still using Centos 6, however Centos 7 can be used if you apply the same kernel patch. 1082 | 1083 | # /etc/sysconfig/network-scripts/ifcfg-bond0 1084 | 1085 | ``` 1086 | DEVICE=bond0 1087 | IPADDR=10.0.0.1 1088 | NETMASK=255.255.255.0 1089 | ONBOOT=yes 1090 | BOOTPROTO=none 1091 | USERCTL=no 1092 | BONDING_OPTS="mode=0" 1093 | ``` 1094 | 1095 | # /etc/sysconfig/network-scripts/ifcfg-tun0 1096 | 1097 | ``` 1098 | DEVICE=tun0 1099 | ONBOOT=yes 1100 | BOOTPROTO=none 1101 | USERCTL=no 1102 | MASTER=bond0 1103 | SLAVE=yes 1104 | ``` 1105 | 1106 | # /etc/sysconfig/network-scripts/ifcfg-tun1 1107 | 1108 | ``` 1109 | DEVICE=tun1 1110 | ONBOOT=yes 1111 | BOOTPROTO=none 1112 | USERCTL=no 1113 | MASTER=bond0 1114 | SLAVE=yes 1115 | ``` 1116 | 1117 | # /etc/sysconfig/network-scripts/ifcfg-eth0 1118 | 1119 | ``` 1120 | DEVICE=eth0 1121 | BOOTPROTO=static 1122 | HWADDR=00:16:3e:2e:d2:d7 1123 | IPADDR=
1124 | NETMASK=255.255.255.0 1125 | ONBOOT=yes 1126 | ``` 1127 | 1128 | # /etc/sysconfig/network-scripts/ifcfg-eth0:1 1129 | 1130 | ``` 1131 | DEVICE=eth0:1 1132 | BOOTPROTO=static 1133 | # This IP address will be the one which appears to be your ip address to the internet 1134 | IPADDR= 1135 | NETMASK=255.255.255.0 1136 | ONBOOT=yes 1137 | ``` 1138 | 1139 | # /etc/openvpn/tun0.conf 1140 | 1141 | ``` 1142 | local 1143 | port 1194 1144 | proto udp 1145 | dev-type tun 1146 | dev tun0 1147 | 1148 | ca /etc/openvpn/ca.crt 1149 | cert /etc/openvpn/server.crt 1150 | key /etc/openvpn/server.key 1151 | dh /etc/openvpn/dh2048.pem 1152 | tls-auth /etc/openvpn/ta.key 0 1153 | tls-server 1154 | cipher AES-256-CBC 1155 | 1156 | fragment 1400 1157 | mssfix 1158 | 1159 | keepalive 5 15 1160 | max-clients 1 1161 | user nobody 1162 | group nobody 1163 | persist-key 1164 | persist-tun 1165 | status /var/run/openvpn-status-tun0.log 1166 | verb 4 1167 | ;mute 20 1168 | 1169 | 1170 | 1171 | txqueuelen 1000 1172 | script-security 2 1173 | nice -20 1174 | fast-io 1175 | replay-window 256 60 1176 | reneg-sec 3600 1177 | tran-window 900 1178 | comp-lzo 1179 | log /var/log/openvpn-tun0.log 1180 | ``` 1181 | 1182 | # /etc/openvpn/tun1.conf 1183 | 1184 | ``` 1185 | local 1186 | port 1195 1187 | proto udp 1188 | dev-type tun 1189 | dev tun1 1190 | 1191 | ca /etc/openvpn/ca.crt 1192 | cert /etc/openvpn/server.crt 1193 | key /etc/openvpn/server.key 1194 | dh /etc/openvpn/dh2048.pem 1195 | tls-auth /etc/openvpn/ta.key 0 1196 | tls-server 1197 | cipher AES-256-CBC 1198 | 1199 | fragment 1400 1200 | mssfix 1201 | 1202 | keepalive 5 30 1203 | 1204 | max-clients 1 1205 | user nobody 1206 | group nobody 1207 | persist-key 1208 | persist-tun 1209 | status /var/run/openvpn-status-tun1.log 1210 | verb 4 1211 | ;mute 20 1212 | 1213 | txqueuelen 1000 1214 | script-security 2 1215 | nice -20 1216 | fast-io 1217 | replay-window 256 60 1218 | reneg-sec 3600 1219 | tran-window 900 1220 | comp-lzo 1221 | log /var/log/openvpn-tun1.log 1222 | 1223 | ``` 1224 | 1225 | Make sure to enable the openvpn service using chkconfig. 1226 | 1227 | # Server firewall configuration 1228 | 1229 | A firewall builder configuration for the datacentre server is available in this repository in the bonding-server folder. You simply need to change the ip addresses to the relevant ones for your configuration. Should you be using Centos 6 which uses iptables for firewalling, you can use this file to generate an appropriate configuration and install it on your server. Should you be using another distribution which uses firewalld, you will need to look at the rules in this file and duplicate them appropriately. I suggest you install firewall builder and read the rules to see what you need. 1230 | 1231 | 1232 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OpenWrt package repository for Intel C2558 and C2758 on Supermicro A1SRi-2558F and A1SRi-2758F 2 | 3 | ## Introduction 4 | 5 | Then Intel Atom C2000 is a low power 22nm SoC formerly known as Rangely, based on the Silvermont architecture and specially optimized for communication and cryptographic functions. The C2558 is a four core and the C2578 is an eight core processor. Both CPUs contain specific instructions and technology for cryptographic and communications acceleration. These technologies include Intel Quick Assist (QAT), AES-NI, PCLMULQDQ (used in GCM and EC algorithms) and Secure Key (formerly Bull Mountain) for hardware generated random numbers. The integrated hardware acceleration includes support for AES, DES/3DES, Kasumi, RC4, Snow3G, MD5, SHA1, SHA2, AES-XCBC, Diffie-Hellman, RSA, DSA, ECC. The SoC has four gigabit ethernet ports and is capable of sustaining around 3 - 4 Gbps of IPsec throughput (equipped with a 10Gbps card). 6 | 7 | This repository contains packages for the target build that can be [found at GitHub](https://github.com/dl12345/openwrt-c2xxx-subtarget). 8 | 9 | It also contains the bondlink driver for bonding two internet links together. Please review to the [BONDING.md](https://github.com/dl12345/openwrt-packages/blob/master/BONDING.md) 10 | 11 | -------------------------------------------------------------------------------- /images/bonding.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dl12345/openwrt-bondlinks/d1e3a465a6c21178d63e36dcc75c61acf33b2b89/images/bonding.jpg -------------------------------------------------------------------------------- /kernel/kmod-igb-c2xxx/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2010 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | PKG_BASE:=igb 11 | KMOD_NAME:=$(PKG_BASE)-c2xxx 12 | PKG_NAME:=kmod-$(KMOD_NAME) 13 | PKG_VERSION:=5.3.5.3 14 | PKG_RELEASE:=1 15 | 16 | PKG_SOURCE:=$(PKG_BASE)-$(PKG_VERSION).tar.gz 17 | PKG_SOURCE_URL:=http://downloads.sourceforge.net/project/e1000/igb%20stable/5.3.5.3/ 18 | PKG_MD5SUM:=3e74ca3ac738413ced9adb00d3f69977 19 | 20 | PKG_MAINTAINER:=DL 21 | PKG_LICENSE:=GPL v3 22 | 23 | include $(INCLUDE_DIR)/kernel.mk 24 | include $(INCLUDE_DIR)/package.mk 25 | 26 | PKG_UNPACK:=zcat $(DL_DIR)/$(PKG_SOURCE) | $(TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xf - 27 | 28 | MAKE_PATH:=src 29 | 30 | MAKE_VARS:= \ 31 | KSRC="$(LINUX_DIR)" 32 | 33 | MAKE_OPTS:= \ 34 | ARCH="$(LINUX_KARCH)" \ 35 | CROSS_COMPILE="$(KERNEL_CROSS)" 36 | 37 | # If the +kmod-ptp dependency goes before the @PCI_SUPPORT dependency 38 | # a missing dependencies error will result. 39 | 40 | define KernelPackage/$(KMOD_NAME) 41 | SUBMENU:=Network Devices 42 | TITLE:=Intel(R) I354 Quad GbE Controller 43 | DEPENDS:=+kmod-ptp @PCI_SUPPORT 44 | KCONFIG:=CONFIG_IGB \ 45 | CONFIG_IGB_HWMON=n \ 46 | CONFIG_IGB_DCA=n 47 | FILES:=$(PKG_BUILD_DIR)/src/$(PKG_BASE).ko 48 | AUTOLOAD:=$(call AutoLoad,35,$(PKG_BASE)) 49 | endef 50 | 51 | define KernelPackage/$(KMOD_NAME)/description 52 | Kernel modules for Intel(R) I354 Quad Gigabit Ethernet Controller 53 | Warning: do not select the core package kmod-igb as this is an 54 | updated version of the igb driver that shares the same module name 55 | endef 56 | 57 | $(eval $(call KernelPackage,$(KMOD_NAME))) 58 | -------------------------------------------------------------------------------- /kernel/qat-c2xxx/Config.in: -------------------------------------------------------------------------------- 1 | menu "Configuration" 2 | depends on PACKAGE_kmod-crypto-qat-c2xxx 3 | 4 | config CRYPTO_QAT_c2xxx_DEBUG 5 | bool 6 | default n 7 | prompt "Build with debugging support enabled" 8 | 9 | endmenu 10 | -------------------------------------------------------------------------------- /kernel/qat-c2xxx/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2010 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | PKG_NAME:=qat-c2xxx 11 | PKG_VERSION:=1.5 12 | PKG_RELEASE:=1 13 | 14 | PKG_SOURCE_VERSION:=l.2.5.0-80 15 | PKG_SOURCE:=qatmux.$(PKG_SOURCE_VERSION).tar_1.gz 16 | PKG_SOURCE_URL:=https://01.org/sites/default/files/downloads/packet-processing/ 17 | PKG_MD5SUM:=e3c2ceeec7ed8b36d75682742caff81e 18 | 19 | PKG_MAINTAINER:=Felix Fietkau 20 | PKG_LICENSE:=GPL v3 21 | 22 | include $(INCLUDE_DIR)/kernel.mk 23 | include $(INCLUDE_DIR)/package.mk 24 | 25 | PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) 26 | 27 | QAT_VERSION:=1.5 28 | QAT_RELEASE:=L.1.10.0-80 29 | QAT_SOURCE:=QAT$(QAT_VERSION).$(QAT_RELEASE).tar.gz 30 | QAT_BUILD_DIR:=$(PKG_BUILD_DIR)/quickassist 31 | 32 | CRYPTO_MENU=Cryptographic API modules 33 | 34 | define KernelPackage/crypto-qat-c2xxx 35 | SUBMENU:=$(CRYPTO_MENU) 36 | TITLE:=Intel Quick Assist Technology for c2xxx 37 | DEPENDS:= \ 38 | +libc +libpthread +libopenssl \ 39 | +kmod-crypto-manager +kmod-crypto-aes \ 40 | +kmod-crypto-sha256 +kmod-crypto-sha512 \ 41 | @TARGET_x86_c2xxx 42 | FILES:=$(PKG_BUILD_DIR)/build/icp_qa_al.ko 43 | endef 44 | 45 | define KernelPackage/crypto-qat-c2xxx/description 46 | Kernel drivers for Intel c2xxx Quick Assist Technology 47 | endef 48 | 49 | define KernelPackage/crypto-qat-c2xxx/config 50 | source "$(SOURCE)/Config.in" 51 | endef 52 | 53 | ifdef CONFIG_CRYPTO_QAT_c2xxx_DEBUG 54 | 55 | DEBUG_FLAGS = \ 56 | ICP_DEBUG="1" \ 57 | ADF_ACCEL_MGR_DEBUG="1" \ 58 | ADF_DRIVERS_DEBUG="1" \ 59 | ADF_PLATFORM_DEBUG="1" \ 60 | ADF_TRANSPORT_DEBUG="1" \ 61 | ADF_CONFIG_DEBUG="1" \ 62 | ADF_USER_PROXY_DEBUG="1" \ 63 | EXTRA_CFLAGS="-D_DEBUG_" 64 | 65 | else 66 | 67 | DEBUG_FLAGS = 68 | 69 | endif 70 | 71 | MAKE_VARS += ICP_ROOT="$(PKG_BUILD_DIR)" \ 72 | $(DEBUG_FLAGS) \ 73 | CROSS_COMPILE="$(KERNEL_CROSS)" \ 74 | CC="$(KERNEL_CROSS)gcc" \ 75 | LD="$(KERNEL_CROSS)ld" \ 76 | KERNEL_SOURCE_ROOT="$(LINUX_DIR)" \ 77 | MACHINE="x86_64" \ 78 | ICP_BUILD_OUTPUT="$(PKG_BUILD_DIR)/build" \ 79 | ICP_ENV_DIR="$(PKG_BUILD_DIR)/quickassist/build_system/build_files/env_files" \ 80 | ICP_BUILDSYSTEM_PATH="$(PKG_BUILD_DIR)/quickassist/build_system" \ 81 | ICP_TOOLS_TARGET="accelcomp" \ 82 | LIB_SHARED_FLAGS="-L$(STAGING_DIR)/usr/lib" \ 83 | LD_LIBRARY_PATH="$(LD_LIBRARY_PATH):$(PKG_BUILD_DIR)/build" 84 | 85 | define Build/Prepare 86 | (mkdir -p '$(PKG_BUILD_DIR)' && zcat '$(DL_DIR)/$(PKG_SOURCE)' | tar -C '$(PKG_BUILD_DIR)' -xf -) 87 | (cd '$(PKG_BUILD_DIR)' && tar xzf 'QAT$(QAT_VERSION)/$(QAT_SOURCE)') 88 | $(Build/Patch) 89 | endef 90 | 91 | define Build/Compile 92 | $(call Build/Compile/Default,-C $(QAT_BUILD_DIR) ARCH_USER=x86_64) 93 | endef 94 | 95 | define Build/InstallDev 96 | $(INSTALL_DIR) $(STAGING_DIR)/usr/include 97 | $(INSTALL_DIR) $(STAGING_DIR)/usr/lib 98 | $(INSTALL_DIR) $(STAGING_DIR)/usr/icp/quickassist 99 | $(INSTALL_DIR) $(STAGING_DIR)/usr/icp/build 100 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/build/*.a $(STAGING_DIR)/usr/lib/ 101 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/build/*.so $(STAGING_DIR)/usr/lib/ 102 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/quickassist/include/*.h $(STAGING_DIR)/usr/include/ 103 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/quickassist/include/dc/*.h $(STAGING_DIR)/usr/include/ 104 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/quickassist/include/lac/*.h $(STAGING_DIR)/usr/include/ 105 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/quickassist/lookaside/access_layer/include/*.h $(STAGING_DIR)/usr/include 106 | $(CP) $(PKG_BUILD_DIR)/quickassist $(STAGING_DIR)/usr/icp 107 | $(CP) $(PKG_BUILD_DIR)/build $(STAGING_DIR)/usr/icp 108 | endef 109 | 110 | define KernelPackage/crypto-qat-c2xxx/install 111 | $(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION) 112 | $(INSTALL_DIR) $(1)/etc/init.d 113 | $(INSTALL_DIR) $(1)/lib/firmware 114 | $(INSTALL_DIR) $(1)/usr/sbin 115 | $(INSTALL_CONF) $(PKG_BUILD_DIR)/quickassist/config/c2xxx_qa_dev0_single_ae.conf $(1)/etc/c2xxx_qa_dev0.conf 116 | $(INSTALL_BIN) ./files/qat.init $(1)/etc/init.d/qat 117 | $(INSTALL_BIN) ./files/qat_watchdog.init $(1)/etc/init.d/qat_watchdog 118 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/adf_ctl $(1)/usr/sbin/adf_ctl 119 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/icp_gige_watchdog $(1)/usr/sbin/icp_gige_watchdog 120 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/build/*.a $(1)/lib/ 121 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/build/*.so $(1)/lib/ 122 | $(INSTALL_DATA) $(PKG_BUILD_DIR)/build/*.bin $(1)/lib/firmware/ 123 | endef 124 | 125 | $(eval $(call KernelPackage,crypto-qat-c2xxx)) 126 | -------------------------------------------------------------------------------- /kernel/qat-c2xxx/files/qat.init: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | 3 | # Adapted from Intel QAT1.5 qat_service. Portions copyright Intel Corporation 4 | 5 | ################################################################# 6 | # 7 | # This file is provided under a dual BSD/GPLv2 license. When using or 8 | # redistributing this file, you may do so under either license. 9 | # 10 | # GPL LICENSE SUMMARY 11 | # 12 | # Copyright(c) 2007-2013 Intel Corporation. All rights reserved. 13 | # 14 | # This program is free software; you can redistribute it and/or modify 15 | # it under the terms of version 2 of the GNU General Public License as 16 | # published by the Free Software Foundation. 17 | # 18 | # This program is distributed in the hope that it will be useful, but 19 | # WITHOUT ANY WARRANTY; without even the implied warranty of 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 | # General Public License for more details. 22 | # 23 | # You should have received a copy of the GNU General Public License 24 | # along with this program; if not, write to the Free Software 25 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 26 | # The full GNU General Public License is included in this distribution 27 | # in the file called LICENSE.GPL. 28 | # 29 | # Contact Information: 30 | # Intel Corporation 31 | # 32 | # BSD LICENSE 33 | # 34 | # Copyright(c) 2007-2013 Intel Corporation. All rights reserved. 35 | # All rights reserved. 36 | # 37 | # Redistribution and use in source and binary forms, with or without 38 | # modification, are permitted provided that the following conditions 39 | # are met: 40 | # 41 | # * Redistributions of source code must retain the above copyright 42 | # notice, this list of conditions and the following disclaimer. 43 | # * Redistributions in binary form must reproduce the above copyright 44 | # notice, this list of conditions and the following disclaimer in 45 | # the documentation and/or other materials provided with the 46 | # distribution. 47 | # * Neither the name of Intel Corporation nor the names of its 48 | # contributors may be used to endorse or promote products derived 49 | # from this software without specific prior written permission. 50 | # 51 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 52 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 53 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 54 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 55 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 56 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 57 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 58 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 59 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 60 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 61 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 62 | # 63 | # 64 | # version: QAT1.5.L.1.10.0-80 65 | # 66 | ################################################################# 67 | 68 | # qat Start/Stop the Intel QAT. 69 | # 70 | # description: modprobe the QAT icp_qa_al.ko, which loads dependant \ 71 | # modules, before calling the user space \ 72 | # utility to pass configuration parameters 73 | 74 | START=99 75 | STOP=99 76 | 77 | PROG=/usr/sbin/adf_ctl 78 | KMOD=icp_qa_al 79 | NETKEY=icp_qat_netkey.ko 80 | 81 | EXTRA_COMMANDS="status" 82 | EXTRA_HELP=" status Show the status of the qat device" 83 | 84 | status() { 85 | 86 | ${PROG} status 87 | if [ "$?" -ne 0 ] 88 | then 89 | echo "No devices found. Please start the driver using:" 90 | echo "$0 start" 91 | fi 92 | 93 | } 94 | 95 | start() { 96 | 97 | # First check if the modules are already installed 98 | # install them as necessary and if they are LKMs 99 | # and not built-in kernel modules 100 | 101 | if [ `lsmod | grep -c "sha512"` == 0 ]; then 102 | if [ `cat /proc/kallsyms |grep -c sha512_generic` == 0 ]; then 103 | `modprobe sha512` 104 | fi 105 | fi 106 | 107 | if [ `lsmod | grep -c "sha256"` == 0 ]; then 108 | if [ `cat /proc/kallsyms |grep -c sha256_generic` == 0 ]; then 109 | `modprobe sha256` 110 | fi 111 | fi 112 | 113 | lsmod | grep ${KMOD} >/dev/null 2>&1 || modprobe ${KMOD} 114 | 115 | # Check device status, try to turn it on only if driver is loaded 116 | 117 | ${PROG} $2 status | grep state=down >/dev/null 2>&1 118 | if [ $? = 0 ]; then 119 | ${PROG} $2 up 120 | fi 121 | 122 | lsmod | grep ${NETKEY} >/dev/null 2>&1 || modprobe ${NETKEY} 2> /dev/null 123 | 124 | # Show device status 125 | 126 | ${PROG} $2 status 127 | } 128 | 129 | stop() { 130 | 131 | ${PROG} $2 down 132 | 133 | } 134 | 135 | restart() { 136 | 137 | ${PROG} $2 down && ${PROG} $2 up 138 | 139 | } 140 | 141 | -------------------------------------------------------------------------------- /kernel/qat-c2xxx/files/qat_watchdog.init: -------------------------------------------------------------------------------- 1 | #!/bin/bash /etc/rc.common 2 | 3 | ################################################################# 4 | # 5 | # This file is provided under a dual BSD/GPLv2 license. When using or 6 | # redistributing this file, you may do so under either license. 7 | # 8 | # GPL LICENSE SUMMARY 9 | # 10 | # Copyright(c) 2007-2013 Intel Corporation. All rights reserved. 11 | # 12 | # This program is free software; you can redistribute it and/or modify 13 | # it under the terms of version 2 of the GNU General Public License as 14 | # published by the Free Software Foundation. 15 | # 16 | # This program is distributed in the hope that it will be useful, but 17 | # WITHOUT ANY WARRANTY; without even the implied warranty of 18 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | # General Public License for more details. 20 | # 21 | # You should have received a copy of the GNU General Public License 22 | # along with this program; if not, write to the Free Software 23 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 24 | # The full GNU General Public License is included in this distribution 25 | # in the file called LICENSE.GPL. 26 | # 27 | # Contact Information: 28 | # Intel Corporation 29 | # 30 | # BSD LICENSE 31 | # 32 | # Copyright(c) 2007-2013 Intel Corporation. All rights reserved. 33 | # All rights reserved. 34 | # 35 | # Redistribution and use in source and binary forms, with or without 36 | # modification, are permitted provided that the following conditions 37 | # are met: 38 | # 39 | # * Redistributions of source code must retain the above copyright 40 | # notice, this list of conditions and the following disclaimer. 41 | # * Redistributions in binary form must reproduce the above copyright 42 | # notice, this list of conditions and the following disclaimer in 43 | # the documentation and/or other materials provided with the 44 | # distribution. 45 | # * Neither the name of Intel Corporation nor the names of its 46 | # contributors may be used to endorse or promote products derived 47 | # from this software without specific prior written permission. 48 | # 49 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 50 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 51 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 52 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 53 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 54 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 55 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 56 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 57 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 58 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 59 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 60 | # 61 | # 62 | # version: QAT1.5.L.1.10.0-80 63 | # 64 | ################################################################# 65 | 66 | 67 | 68 | START=99 69 | STOP=99 70 | 71 | PROG=/usr/sbin/icp_gige_watchdog 72 | PID="`ps | grep ${PROG} | grep -v grep | awk '{print $1}'`" 73 | 74 | EXTRA_COMMANDS="status" 75 | EXTRA_HELP=" status Show the status of the qat device" 76 | 77 | status() { 78 | 79 | if [ -z "$PID" ] 80 | then 81 | echo "${PROG} not running" 82 | else 83 | echo "${PROG} running: ${PID}" 84 | fi 85 | 86 | } 87 | 88 | start() { 89 | 90 | if [ -z "$PID" ] 91 | then 92 | ${PROG} & 93 | else 94 | echo "Already running pid: ${PID}" 95 | fi 96 | 97 | } 98 | 99 | stop() { 100 | 101 | if [ -z "$PID" ] 102 | then 103 | echo "${PROG} not running" 104 | else 105 | kill -USR1 ${PID} 106 | fi 107 | 108 | } 109 | 110 | restart() { 111 | 112 | stop 113 | start 114 | 115 | } 116 | 117 | 118 | 119 | 120 | -------------------------------------------------------------------------------- /kernel/qat-c2xxx/patches/01-remove-inline.patch: -------------------------------------------------------------------------------- 1 | --- a/quickassist/adf/include/icp_adf_transport_dp.h 2 | +++ b/quickassist/adf/include/icp_adf_transport_dp.h 3 | @@ -79,7 +79,7 @@ 4 | * Data plain support function - returns the pointer to next message on the ring 5 | * or NULL if there is not enough space. 6 | */ 7 | -inline void icp_adf_getQueueMemory(icp_comms_trans_handle trans_handle, 8 | +void icp_adf_getQueueMemory(icp_comms_trans_handle trans_handle, 9 | Cpa32U numberRequests, 10 | void** pCurrentQatMsg); 11 | /* 12 | @@ -87,7 +87,7 @@ inline void icp_adf_getQueueMemory(icp_c 13 | * Data plain support function - returns the pointer to next message on the ring 14 | * or NULL if there is not enough space - it also updates the shadow tail copy. 15 | */ 16 | -inline void icp_adf_getSingleQueueAddr(icp_comms_trans_handle trans_handle, 17 | +void icp_adf_getSingleQueueAddr(icp_comms_trans_handle trans_handle, 18 | void** pCurrentQatMsg); 19 | 20 | /* 21 | @@ -95,26 +95,26 @@ inline void icp_adf_getSingleQueueAddr(i 22 | * Data plain support function - increments the tail pointer and returns 23 | * the pointer to next message on the ring. 24 | */ 25 | -inline void icp_adf_getQueueNext(icp_comms_trans_handle trans_handle, 26 | +void icp_adf_getQueueNext(icp_comms_trans_handle trans_handle, 27 | void** pCurrentQatMsg); 28 | 29 | /* 30 | * icp_adf_updateQueueTail 31 | * Data plain support function - Writes the tail shadow copy to the device. 32 | */ 33 | -inline void icp_adf_updateQueueTail(icp_comms_trans_handle trans_handle); 34 | +void icp_adf_updateQueueTail(icp_comms_trans_handle trans_handle); 35 | 36 | /* 37 | * icp_adf_isRingEmpty 38 | * Data plain support function - check if the ring is empty 39 | */ 40 | -inline CpaBoolean icp_adf_isRingEmpty(icp_comms_trans_handle trans_handle); 41 | +CpaBoolean icp_adf_isRingEmpty(icp_comms_trans_handle trans_handle); 42 | 43 | /* 44 | * icp_adf_pollQueue 45 | * Data plain support function - Poll messages from the queue. 46 | */ 47 | -inline CpaStatus icp_adf_pollQueue(icp_comms_trans_handle trans_handle, 48 | +CpaStatus icp_adf_pollQueue(icp_comms_trans_handle trans_handle, 49 | Cpa32U response_quota); 50 | 51 | /* 52 | @@ -123,6 +123,6 @@ inline CpaStatus icp_adf_pollQueue(icp_c 53 | * send. This should only be called on request rings. If the function returns 54 | * true then it is ok to call icp_adf_updateQueueTail() function on this ring. 55 | */ 56 | -inline CpaBoolean icp_adf_queueDataToSend(icp_comms_trans_handle trans_hnd); 57 | +CpaBoolean icp_adf_queueDataToSend(icp_comms_trans_handle trans_hnd); 58 | 59 | #endif /* ICP_ADF_TRANSPORT_DP_H */ 60 | -------------------------------------------------------------------------------- /kernel/qat-c2xxx/patches/02-netkey-shim.patch: -------------------------------------------------------------------------------- 1 | --- a/quickassist/utilities/osal/src/linux/kernel_space/OsalDevOperations.c 2 | +++ b/quickassist/utilities/osal/src/linux/kernel_space/OsalDevOperations.c 3 | @@ -145,7 +145,7 @@ OSAL_STATUS osalPCIStateRestore(void* de 4 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) 5 | #if (((!defined(RHEL_MAJOR)) && (LINUX_VERSION_CODE < KERNEL_VERSION(3,14,0))) \ 6 | || defined(RHEL_70)) 7 | - if ( pci_load_saved_state(pdev, pstate) ){ 8 | + if ( pci_load_and_free_saved_state(pdev, &pstate) ){ 9 | return OSAL_FAIL; 10 | } 11 | #endif 12 | -------------------------------------------------------------------------------- /kernel/qat-c2xxx/patches/series: -------------------------------------------------------------------------------- 1 | 01-remove-inline.patch 2 | 02-netkey-shim.patch 3 | -------------------------------------------------------------------------------- /kernel/qat-netkey/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2010 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | PKG_NAME:=qat-netkey 11 | PKG_VERSION:=1.0 12 | PKG_RELEASE:=1 13 | 14 | PKG_SOURCE_VERSION:=L.0.4.2-10 15 | PKG_TAR_SOURCE:=icp_qat_netkey.$(PKG_SOURCE_VERSION).tar.gz 16 | PKG_SOURCE:=qat_patches_netkeyshim.zip 17 | PKG_SOURCE_URL:=https://01.org/sites/default/files/page/ 18 | PKG_MD5SUM:=48f20c019bb462643b91946984f8faf3 19 | 20 | PKG_MAINTAINER:=dl12345 21 | PKG_LICENSE:=GPL v3 22 | 23 | include $(INCLUDE_DIR)/kernel.mk 24 | include $(INCLUDE_DIR)/package.mk 25 | 26 | PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) 27 | PKG_UNPACK:=unzip -pl $(DL_DIR)/$(PKG_SOURCE) */$(PKG_TAR_SOURCE) \ 28 | | zcat | $(TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xf - 29 | 30 | define KernelPackage/crypto-qat-netkey 31 | SUBMENU:=Cryptographic API modules 32 | TITLE:=Intel Quick Assist netkey shim for c2xxx 33 | DEPENDS:=kmod-crypto-qat-c2xxx +kmod-crypto-rng @TARGET_x86_c2xxx 34 | FILES:=$(PKG_BUILD_DIR)/icp_qat_netkey.ko $(PKG_BUILD_DIR)/test/icp_perf_aead.ko 35 | endef 36 | 37 | define KernelPackage/crypto-qat-netkey/description 38 | Kernel drivers for Intel c2xxx Quick Assist Technology 39 | AEAD crypto acceleration (IPSEC) 40 | endef 41 | 42 | MAKE_VARS += ICP_ROOT="$(STAGING_DIR)/usr/icp" \ 43 | CROSS_COMPILE="$(KERNEL_CROSS)" \ 44 | KERNEL_SOURCE_ROOT="$(LINUX_DIR)" 45 | 46 | NETKEY_OPTS = PWD="$(PKG_BUILD_DIR)" 47 | TEST_OPTS = PWD="$(PKG_BUILD_DIR)/test" 48 | 49 | define Build/Compile 50 | $(call Build/Compile/Default,$(NETKEY_OPTS)) 51 | $(call Build/Compile/Default,-C $(PKG_BUILD_DIR)/test $(TEST_OPTS)) 52 | endef 53 | 54 | $(eval $(call KernelPackage,crypto-qat-netkey)) 55 | -------------------------------------------------------------------------------- /kernel/qat-netkey/patches/01-task_is_dead-undeclared.patch: -------------------------------------------------------------------------------- 1 | --- a/test/icp_aead_perf_module.c 2 | +++ b/test/icp_aead_perf_module.c 3 | @@ -64,6 +64,7 @@ 4 | #include "icp_aead_perf.h" 5 | 6 | #define DIGEST_SIZE_96bits 12 /* Digest size = 96 bits -> 12 bytes */ 7 | +#define task_is_dead(task) ((task)->exit_state != 0) 8 | 9 | MODULE_DESCRIPTION("ICP AEAD perf test module"); 10 | MODULE_AUTHOR("Intel Corporation"); 11 | -------------------------------------------------------------------------------- /kernel/qat-netkey/patches/02-test-module.patch: -------------------------------------------------------------------------------- 1 | --- a/test/icp_aead_perf_module.c 2 | +++ b/test/icp_aead_perf_module.c 3 | @@ -140,14 +140,14 @@ static void icp_aead_output_res(icp_aead 4 | } 5 | 6 | printk("-----------------------------------------------\n"); 7 | - printk("Number threads: %d\n", 8 | + printk("Number threads: %d\n", 9 | kp_numThreads); 10 | - printk("Number of requests per thread: %llu\n", 11 | + printk("Number of requests per thread: %llu\n", 12 | pThreadData->cs.totalRequestsSent); 13 | - printk("Pkt Size: %u\n", 14 | + printk("Pkt Size: %u\n", 15 | pThreadData->cs.dataLengthInBytes); 16 | if (pThreadData->cs.totalRequestsSent > 1000) { 17 | - printk("Total number of Cycles: %llu\n", 18 | + printk("Total number of Cycles: %llu\n", 19 | totalCycles); 20 | if ((cpu_freq != 0) && (time != 0)) { 21 | printk 22 | @@ -214,7 +214,7 @@ static int icp_aead_perf_run(u32 keysize 23 | 24 | if (kp_givenc) { 25 | printk 26 | - ("\nAEAD givencrypt performance: alg %s\n", alg_name); 27 | + ("\nAEAD givencrypt performance: alg %s - keysize(%u)\n", alg_name, keysize*8); 28 | 29 | pThreadDataTemp = pThreadData; 30 | /* Create and start threads */ 31 | @@ -261,7 +261,7 @@ static int icp_aead_perf_run(u32 keysize 32 | } 33 | if (kp_dec) { 34 | printk 35 | - ("\nAEAD decrypt performance: alg %s\n", alg_name); 36 | + ("\nAEAD decrypt performance: alg %s - keysize(%u)\n", alg_name, keysize*8); 37 | 38 | pThreadDataTemp = pThreadData; 39 | /* Create and start threads */ 40 | @@ -392,6 +392,14 @@ static int _icp_aead_perf_init(void) 41 | AES_BLOCK_SIZE, "authenc(hmac(sha512),cbc(aes))"); 42 | icp_aead_perf_run(AES_KEYSIZE_128, DIGEST_SIZE_96bits, ICP_AEAD_PERF_AUTH_KEY_LEN, 43 | AES_BLOCK_SIZE, "authenc(hmac(md5),cbc(aes))"); 44 | + icp_aead_perf_run(AES_KEYSIZE_256, DIGEST_SIZE_96bits, ICP_AEAD_PERF_AUTH_KEY_LEN, 45 | + AES_BLOCK_SIZE, "authenc(hmac(sha1),cbc(aes))"); 46 | + icp_aead_perf_run(AES_KEYSIZE_256, SHA256_DIGEST_SIZE, ICP_AEAD_PERF_AUTH_KEY_LEN, 47 | + AES_BLOCK_SIZE, "authenc(hmac(sha256),cbc(aes))"); 48 | + icp_aead_perf_run(AES_KEYSIZE_256, SHA512_DIGEST_SIZE, ICP_AEAD_PERF_AUTH_KEY_LEN, 49 | + AES_BLOCK_SIZE, "authenc(hmac(sha512),cbc(aes))"); 50 | + icp_aead_perf_run(AES_KEYSIZE_256, DIGEST_SIZE_96bits, ICP_AEAD_PERF_AUTH_KEY_LEN, 51 | + AES_BLOCK_SIZE, "authenc(hmac(md5),cbc(aes))"); 52 | icp_aead_perf_run(DES3_EDE_KEY_SIZE, DIGEST_SIZE_96bits, ICP_AEAD_PERF_AUTH_KEY_LEN, 53 | DES3_EDE_BLOCK_SIZE, "authenc(hmac(sha1),cbc(des3_ede))"); 54 | icp_aead_perf_run(DES3_EDE_KEY_SIZE, SHA256_DIGEST_SIZE, ICP_AEAD_PERF_AUTH_KEY_LEN, 55 | -------------------------------------------------------------------------------- /libs/openssl/Config.in: -------------------------------------------------------------------------------- 1 | menu "Configuration" 2 | depends on PACKAGE_libopenssl 3 | 4 | config OPENSSL_WITH_EC 5 | bool 6 | default y 7 | prompt "Enable elliptic curve support" 8 | 9 | config OPENSSL_WITH_EC2M 10 | bool 11 | depends on OPENSSL_WITH_EC 12 | prompt "Enable ec2m support" 13 | 14 | config OPENSSL_WITH_SSL3 15 | bool 16 | default n 17 | prompt "Enable sslv3 support" 18 | 19 | config OPENSSL_ENGINE_CRYPTO 20 | bool 21 | prompt "Crypto acceleration support" 22 | 23 | config OPENSSL_ENGINE_DIGEST 24 | bool 25 | depends on OPENSSL_ENGINE_CRYPTO 26 | prompt "Digests acceleration support" 27 | 28 | endmenu 29 | -------------------------------------------------------------------------------- /libs/openssl/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2006-2016 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | PKG_NAME:=openssl 11 | PKG_BASE:=1.0.2 12 | PKG_BUGFIX:=h 13 | PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) 14 | PKG_RELEASE:=1 15 | PKG_USE_MIPS16:=0 16 | 17 | PKG_BUILD_PARALLEL:=1 18 | 19 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 20 | PKG_SOURCE_URL:=http://www.openssl.org/source/ \ 21 | http://www.openssl.org/source/old/$(PKG_BASE)/ \ 22 | ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ 23 | ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ 24 | PKG_MD5SUM:=9392e65072ce4b614c1392eefc1f23d0 25 | 26 | PKG_LICENSE:=OpenSSL 27 | PKG_LICENSE_FILES:=LICENSE 28 | PKG_BUILD_DEPENDS:=ocf-crypto-headers 29 | PKG_CONFIG_DEPENDS:= \ 30 | CONFIG_OPENSSL_ENGINE_CRYPTO \ 31 | CONFIG_OPENSSL_ENGINE_DIGEST \ 32 | CONFIG_OPENSSL_WITH_EC \ 33 | CONFIG_OPENSSL_WITH_EC2M \ 34 | CONFIG_OPENSSL_WITH_SSL3 35 | 36 | include $(INCLUDE_DIR)/package.mk 37 | 38 | ifneq ($(CONFIG_CCACHE),) 39 | HOSTCC=$(HOSTCC_NOCACHE) 40 | HOSTCXX=$(HOSTCXX_NOCACHE) 41 | endif 42 | 43 | define Package/openssl/Default 44 | TITLE:=Open source SSL toolkit 45 | URL:=http://www.openssl.org/ 46 | endef 47 | 48 | define Package/libopenssl/config 49 | source "$(SOURCE)/Config.in" 50 | endef 51 | 52 | define Package/openssl/Default/description 53 | The OpenSSL Project is a collaborative effort to develop a robust, 54 | commercial-grade, full-featured, and Open Source toolkit implementing the Secure 55 | Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well 56 | as a full-strength general purpose cryptography library. 57 | endef 58 | 59 | define Package/libopenssl 60 | $(call Package/openssl/Default) 61 | SECTION:=libs 62 | SUBMENU:=SSL 63 | CATEGORY:=Libraries 64 | DEPENDS:=+zlib 65 | TITLE+= (libraries) 66 | ABI_VERSION:=$(PKG_VERSION) 67 | MENU:=1 68 | endef 69 | 70 | define Package/libopenssl/description 71 | $(call Package/openssl/Default/description) 72 | This package contains the OpenSSL shared libraries, needed by other programs. 73 | endef 74 | 75 | define Package/openssl-util 76 | $(call Package/openssl/Default) 77 | SECTION:=utils 78 | CATEGORY:=Utilities 79 | DEPENDS:=+libopenssl 80 | TITLE+= (utility) 81 | endef 82 | 83 | define Package/openssl-util/conffiles 84 | /etc/ssl/openssl.cnf 85 | endef 86 | 87 | define Package/openssl-util/description 88 | $(call Package/openssl/Default/description) 89 | This package contains the OpenSSL command-line utility. 90 | endef 91 | 92 | 93 | OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-camellia no-krb5 94 | OPENSSL_OPTIONS:= shared no-err no-hw zlib-dynamic no-sse2 no-ssl2 95 | 96 | ifdef CONFIG_OPENSSL_ENGINE_CRYPTO 97 | OPENSSL_OPTIONS += -DHAVE_CRYPTODEV 98 | ifdef CONFIG_OPENSSL_ENGINE_DIGEST 99 | OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS 100 | endif 101 | else 102 | OPENSSL_OPTIONS += no-engines 103 | endif 104 | 105 | ifndef CONFIG_OPENSSL_WITH_EC 106 | OPENSSL_OPTIONS += no-ec 107 | endif 108 | 109 | ifndef CONFIG_OPENSSL_WITH_EC2M 110 | OPENSSL_OPTIONS += no-ec2m 111 | endif 112 | 113 | ifndef CONFIG_OPENSSL_WITH_SSL3 114 | OPENSSL_OPTIONS += no-ssl3 115 | endif 116 | 117 | ifeq ($(CONFIG_x86_64),y) 118 | OPENSSL_TARGET:=linux-x86_64-openwrt 119 | OPENSSL_MAKEFLAGS += LIBDIR=lib 120 | else 121 | OPENSSL_OPTIONS+=no-sse2 122 | ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y) 123 | OPENSSL_TARGET:=linux-mips-openwrt 124 | # else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y) 125 | # OPENSSL_TARGET:=linux-armv4-openwrt 126 | else 127 | OPENSSL_TARGET:=linux-generic-openwrt 128 | OPENSSL_OPTIONS+=no-perlasm 129 | endif 130 | endif 131 | 132 | STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(subst $(space),_,$(OPENSSL_OPTIONS)) 133 | 134 | define Build/Configure 135 | [ -f $(STAMP_CONFIGURED) ] || { \ 136 | rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \ 137 | find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \ 138 | } 139 | (cd $(PKG_BUILD_DIR); \ 140 | ./Configure $(OPENSSL_TARGET) \ 141 | --prefix=/usr \ 142 | --openssldir=/etc/ssl \ 143 | $(TARGET_CPPFLAGS) \ 144 | $(TARGET_LDFLAGS) -ldl \ 145 | -DOPENSSL_SMALL_FOOTPRINT \ 146 | $(OPENSSL_NO_CIPHERS) \ 147 | $(OPENSSL_OPTIONS) \ 148 | ) 149 | # XXX: OpenSSL "make depend" will look for installed headers before its own, 150 | # so remove installed stuff first 151 | -$(SUBMAKE) -j1 clean-staging 152 | +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ 153 | MAKEDEPPROG="$(TARGET_CROSS)gcc" \ 154 | OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ 155 | $(OPENSSL_MAKEFLAGS) \ 156 | depend 157 | endef 158 | 159 | TARGET_CFLAGS += $(FPIC) 160 | 161 | define Build/Compile 162 | +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ 163 | CC="$(TARGET_CC)" \ 164 | ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \ 165 | AR="$(TARGET_CROSS)ar r" \ 166 | RANLIB="$(TARGET_CROSS)ranlib" \ 167 | OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ 168 | $(OPENSSL_MAKEFLAGS) \ 169 | all 170 | +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ 171 | CC="$(TARGET_CC)" \ 172 | ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \ 173 | AR="$(TARGET_CROSS)ar r" \ 174 | RANLIB="$(TARGET_CROSS)ranlib" \ 175 | OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ 176 | $(OPENSSL_MAKEFLAGS) \ 177 | build-shared 178 | # Work around openssl build bug to link libssl.so with libcrypto.so. 179 | -rm $(PKG_BUILD_DIR)/libssl.so.*.*.* 180 | +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ 181 | CC="$(TARGET_CC)" \ 182 | OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ 183 | $(OPENSSL_MAKEFLAGS) \ 184 | do_linux-shared 185 | $(MAKE) -C $(PKG_BUILD_DIR) \ 186 | CC="$(TARGET_CC)" \ 187 | INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \ 188 | $(OPENSSL_MAKEFLAGS) \ 189 | install 190 | endef 191 | 192 | define Build/InstallDev 193 | $(INSTALL_DIR) $(1)/usr/include 194 | $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/ 195 | $(INSTALL_DIR) $(1)/usr/lib/ 196 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/ 197 | $(INSTALL_DIR) $(1)/usr/lib/pkgconfig 198 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/ 199 | [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true 200 | endef 201 | 202 | define Package/libopenssl/install 203 | $(INSTALL_DIR) $(1)/usr/lib 204 | $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/ 205 | $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/ 206 | endef 207 | 208 | define Package/openssl-util/install 209 | $(INSTALL_DIR) $(1)/etc/ssl 210 | $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ 211 | $(INSTALL_DIR) $(1)/etc/ssl/certs 212 | $(INSTALL_DIR) $(1)/etc/ssl/private 213 | chmod 0700 $(1)/etc/ssl/private 214 | $(INSTALL_DIR) $(1)/usr/bin 215 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/ 216 | endef 217 | 218 | $(eval $(call BuildPackage,libopenssl)) 219 | $(eval $(call BuildPackage,openssl-util)) 220 | -------------------------------------------------------------------------------- /libs/openssl/patches/110-optimize-for-size.patch: -------------------------------------------------------------------------------- 1 | --- a/Configure 2 | +++ b/Configure 3 | @@ -468,6 +468,12 @@ my %table=( 4 | "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", 5 | "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", 6 | 7 | +# OpenWrt targets 8 | +"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 9 | +"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", 10 | +"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 11 | +"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 12 | + 13 | # Android: linux-* but without pointers to headers and libs. 14 | "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 15 | "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 16 | -------------------------------------------------------------------------------- /libs/openssl/patches/130-perl-path.patch: -------------------------------------------------------------------------------- 1 | --- a/Configure 2 | +++ b/Configure 3 | @@ -1,4 +1,4 @@ 4 | -: 5 | +#!/usr/bin/perl 6 | eval 'exec perl -S $0 ${1+"$@"}' 7 | if $running_under_some_shell; 8 | ## 9 | --- a/tools/c_rehash.in 10 | +++ b/tools/c_rehash.in 11 | @@ -1,4 +1,4 @@ 12 | -#!/usr/local/bin/perl 13 | +#!/usr/bin/perl 14 | 15 | # Perl c_rehash script, scan all files in a directory 16 | # and add symbolic links to their hash values. 17 | --- a/util/clean-depend.pl 18 | +++ b/util/clean-depend.pl 19 | @@ -1,4 +1,4 @@ 20 | -#!/usr/local/bin/perl -w 21 | +#!/usr/bin/perl 22 | # Clean the dependency list in a makefile of standard includes... 23 | # Written by Ben Laurie 19 Jan 1999 24 | 25 | --- a/util/mkdef.pl 26 | +++ b/util/mkdef.pl 27 | @@ -1,4 +1,4 @@ 28 | -#!/usr/local/bin/perl -w 29 | +#!/usr/bin/perl 30 | # 31 | # generate a .def file 32 | # 33 | --- a/util/mkerr.pl 34 | +++ b/util/mkerr.pl 35 | @@ -1,4 +1,4 @@ 36 | -#!/usr/local/bin/perl -w 37 | +#!/usr/bin/perl 38 | 39 | my $config = "crypto/err/openssl.ec"; 40 | my $hprefix = "openssl/"; 41 | --- a/util/mkstack.pl 42 | +++ b/util/mkstack.pl 43 | @@ -1,4 +1,4 @@ 44 | -#!/usr/local/bin/perl -w 45 | +#!/usr/bin/perl 46 | 47 | # This is a utility that searches out "DECLARE_STACK_OF()" 48 | # declarations in .h and .c files, and updates/creates/replaces 49 | --- a/util/pod2man.pl 50 | +++ b/util/pod2man.pl 51 | @@ -1,4 +1,4 @@ 52 | -: #!/usr/bin/perl-5.005 53 | +#!/usr/bin/perl 54 | eval 'exec /usr/bin/perl -S $0 ${1+"$@"}' 55 | if $running_under_some_shell; 56 | 57 | --- a/util/selftest.pl 58 | +++ b/util/selftest.pl 59 | @@ -1,4 +1,4 @@ 60 | -#!/usr/local/bin/perl -w 61 | +#!/usr/bin/perl 62 | # 63 | # Run the test suite and generate a report 64 | # 65 | -------------------------------------------------------------------------------- /libs/openssl/patches/140-makefile-dirs.patch: -------------------------------------------------------------------------------- 1 | --- a/Makefile.org 2 | +++ b/Makefile.org 3 | @@ -136,7 +136,7 @@ FIPSCANLIB= 4 | 5 | BASEADDR= 6 | 7 | -DIRS= crypto ssl engines apps test tools 8 | +DIRS= crypto ssl apps 9 | ENGDIRS= ccgost 10 | SHLIBDIRS= crypto ssl 11 | 12 | -------------------------------------------------------------------------------- /libs/openssl/patches/160-disable_doc_tests.patch: -------------------------------------------------------------------------------- 1 | --- a/Makefile 2 | +++ b/Makefile 3 | @@ -138,7 +138,7 @@ FIPSCANLIB= 4 | 5 | BASEADDR=0xFB00000 6 | 7 | -DIRS= crypto ssl engines apps test tools 8 | +DIRS= crypto ssl engines apps tools 9 | ENGDIRS= ccgost 10 | SHLIBDIRS= crypto ssl 11 | 12 | @@ -156,7 +156,7 @@ SDIRS= \ 13 | 14 | # tests to perform. "alltests" is a special word indicating that all tests 15 | # should be performed. 16 | -TESTS = alltests 17 | +TESTS = 18 | 19 | MAKEFILE= Makefile 20 | 21 | @@ -170,7 +170,7 @@ SHELL=/bin/sh 22 | 23 | TOP= . 24 | ONEDIRS=out tmp 25 | -EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS 26 | +EDIRS= times bugs util include certs ms shlib mt demos perl sf dep VMS 27 | WDIRS= windows 28 | LIBS= libcrypto.a libssl.a 29 | SHARED_CRYPTO=libcrypto$(SHLIB_EXT) 30 | @@ -273,7 +273,7 @@ reflect: 31 | 32 | sub_all: build_all 33 | 34 | -build_all: build_libs build_apps build_tests build_tools 35 | +build_all: build_libs build_apps build_tools 36 | 37 | build_libs: build_libcrypto build_libssl openssl.pc 38 | 39 | @@ -530,7 +530,7 @@ dist: 40 | @$(MAKE) SDIRS='$(SDIRS)' clean 41 | @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar 42 | 43 | -install: all install_docs install_sw 44 | +install: all install_sw 45 | 46 | install_sw: 47 | @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ 48 | --- a/Makefile.org 49 | +++ b/Makefile.org 50 | @@ -528,7 +528,7 @@ dist: 51 | @$(MAKE) SDIRS='$(SDIRS)' clean 52 | @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar 53 | 54 | -install: all install_docs install_sw 55 | +install: all install_sw 56 | 57 | install_sw: 58 | @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ 59 | -------------------------------------------------------------------------------- /libs/openssl/patches/170-bash_path.patch: -------------------------------------------------------------------------------- 1 | --- a/util/domd 2 | +++ b/util/domd 3 | @@ -1,4 +1,4 @@ 4 | -#!/bin/sh 5 | +#!/usr/bin/env bash 6 | # Do a makedepend, only leave out the standard headers 7 | # Written by Ben Laurie 19 Jan 1999 8 | 9 | -------------------------------------------------------------------------------- /libs/openssl/patches/180-fix_link_segfault.patch: -------------------------------------------------------------------------------- 1 | --- a/Makefile.shared 2 | +++ b/Makefile.shared 3 | @@ -95,7 +95,6 @@ LINK_APP= \ 4 | LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ 5 | LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ 6 | LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ 7 | - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ 8 | $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} ) 9 | 10 | LINK_SO= \ 11 | @@ -105,7 +104,6 @@ LINK_SO= \ 12 | SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ 13 | LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ 14 | LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ 15 | - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ 16 | $${SHAREDCMD} $${SHAREDFLAGS} \ 17 | -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ 18 | $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ 19 | -------------------------------------------------------------------------------- /libs/openssl/patches/190-remove_timestamp_check.patch: -------------------------------------------------------------------------------- 1 | --- a/Makefile.org 2 | +++ b/Makefile.org 3 | @@ -184,7 +184,7 @@ TARFILE= ../$(NAME).tar 4 | EXHEADER= e_os2.h 5 | HEADER= e_os.h 6 | 7 | -all: Makefile build_all 8 | +all: build_all 9 | 10 | # as we stick to -e, CLEARENV ensures that local variables in lower 11 | # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn 12 | @@ -400,11 +400,6 @@ openssl.pc: Makefile 13 | echo 'Version: '$(VERSION); \ 14 | echo 'Requires: libssl libcrypto' ) > openssl.pc 15 | 16 | -Makefile: Makefile.org Configure config 17 | - @echo "Makefile is older than Makefile.org, Configure or config." 18 | - @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." 19 | - @false 20 | - 21 | libclean: 22 | rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib 23 | 24 | -------------------------------------------------------------------------------- /libs/openssl/patches/200-parallel_build.patch: -------------------------------------------------------------------------------- 1 | --- a/Makefile.org 2 | +++ b/Makefile.org 3 | @@ -279,17 +279,17 @@ build_libcrypto: build_crypto build_engi 4 | build_libssl: build_ssl libssl.pc 5 | 6 | build_crypto: 7 | - @dir=crypto; target=all; $(BUILD_ONE_CMD) 8 | + +@dir=crypto; target=all; $(BUILD_ONE_CMD) 9 | build_ssl: build_crypto 10 | - @dir=ssl; target=all; $(BUILD_ONE_CMD) 11 | + +@dir=ssl; target=all; $(BUILD_ONE_CMD) 12 | build_engines: build_crypto 13 | - @dir=engines; target=all; $(BUILD_ONE_CMD) 14 | + +@dir=engines; target=all; $(BUILD_ONE_CMD) 15 | build_apps: build_libs 16 | - @dir=apps; target=all; $(BUILD_ONE_CMD) 17 | + +@dir=apps; target=all; $(BUILD_ONE_CMD) 18 | build_tests: build_libs 19 | - @dir=test; target=all; $(BUILD_ONE_CMD) 20 | + +@dir=test; target=all; $(BUILD_ONE_CMD) 21 | build_tools: build_libs 22 | - @dir=tools; target=all; $(BUILD_ONE_CMD) 23 | + +@dir=tools; target=all; $(BUILD_ONE_CMD) 24 | 25 | all_testapps: build_libs build_testapps 26 | build_testapps: 27 | @@ -461,7 +461,7 @@ update: errors stacks util/libeay.num ut 28 | @set -e; target=update; $(RECURSIVE_BUILD_CMD) 29 | 30 | depend: 31 | - @set -e; target=depend; $(RECURSIVE_BUILD_CMD) 32 | + +@set -e; target=depend; $(RECURSIVE_BUILD_CMD) 33 | 34 | lint: 35 | @set -e; target=lint; $(RECURSIVE_BUILD_CMD) 36 | @@ -523,9 +523,9 @@ dist: 37 | @$(MAKE) SDIRS='$(SDIRS)' clean 38 | @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar 39 | 40 | -install: all install_sw 41 | +install: install_sw 42 | 43 | -install_sw: 44 | +install_dirs: 45 | @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ 46 | $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ 47 | $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ 48 | @@ -534,12 +534,19 @@ install_sw: 49 | $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ 50 | $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ 51 | $(INSTALL_PREFIX)$(OPENSSLDIR)/private 52 | + @$(PERL) $(TOP)/util/mkdir-p.pl \ 53 | + $(INSTALL_PREFIX)$(MANDIR)/man1 \ 54 | + $(INSTALL_PREFIX)$(MANDIR)/man3 \ 55 | + $(INSTALL_PREFIX)$(MANDIR)/man5 \ 56 | + $(INSTALL_PREFIX)$(MANDIR)/man7 57 | + 58 | +install_sw: install_dirs 59 | @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ 60 | do \ 61 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ 62 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ 63 | done; 64 | - @set -e; target=install; $(RECURSIVE_BUILD_CMD) 65 | + +@set -e; target=install; $(RECURSIVE_BUILD_CMD) 66 | @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ 67 | do \ 68 | if [ -f "$$i" ]; then \ 69 | @@ -623,12 +630,7 @@ install_html_docs: 70 | done; \ 71 | done 72 | 73 | -install_docs: 74 | - @$(PERL) $(TOP)/util/mkdir-p.pl \ 75 | - $(INSTALL_PREFIX)$(MANDIR)/man1 \ 76 | - $(INSTALL_PREFIX)$(MANDIR)/man3 \ 77 | - $(INSTALL_PREFIX)$(MANDIR)/man5 \ 78 | - $(INSTALL_PREFIX)$(MANDIR)/man7 79 | +install_docs: install_dirs 80 | @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ 81 | here="`pwd`"; \ 82 | filecase=; \ 83 | --- a/Makefile.shared 84 | +++ b/Makefile.shared 85 | @@ -120,6 +120,7 @@ SYMLINK_SO= \ 86 | done; \ 87 | fi; \ 88 | if [ -n "$$SHLIB_SOVER" ]; then \ 89 | + [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ 90 | ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ 91 | ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ 92 | fi; \ 93 | --- a/crypto/Makefile 94 | +++ b/crypto/Makefile 95 | @@ -85,11 +85,11 @@ testapps: 96 | @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi 97 | 98 | subdirs: 99 | - @target=all; $(RECURSIVE_MAKE) 100 | + +@target=all; $(RECURSIVE_MAKE) 101 | 102 | files: 103 | $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO 104 | - @target=files; $(RECURSIVE_MAKE) 105 | + +@target=files; $(RECURSIVE_MAKE) 106 | 107 | links: 108 | @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) 109 | @@ -100,7 +100,7 @@ links: 110 | # lib: $(LIB): are splitted to avoid end-less loop 111 | lib: $(LIB) 112 | @touch lib 113 | -$(LIB): $(LIBOBJ) 114 | +$(LIB): $(LIBOBJ) | subdirs 115 | $(AR) $(LIB) $(LIBOBJ) 116 | test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o 117 | $(RANLIB) $(LIB) || echo Never mind. 118 | @@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs 119 | fi 120 | 121 | libs: 122 | - @target=lib; $(RECURSIVE_MAKE) 123 | + +@target=lib; $(RECURSIVE_MAKE) 124 | 125 | install: 126 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... 127 | @@ -120,7 +120,7 @@ install: 128 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ 129 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ 130 | done; 131 | - @target=install; $(RECURSIVE_MAKE) 132 | + +@target=install; $(RECURSIVE_MAKE) 133 | 134 | lint: 135 | @target=lint; $(RECURSIVE_MAKE) 136 | --- a/engines/Makefile 137 | +++ b/engines/Makefile 138 | @@ -72,7 +72,7 @@ top: 139 | 140 | all: lib subdirs 141 | 142 | -lib: $(LIBOBJ) 143 | +lib: $(LIBOBJ) | subdirs 144 | @if [ -n "$(SHARED_LIBS)" ]; then \ 145 | set -e; \ 146 | for l in $(LIBNAMES); do \ 147 | @@ -89,7 +89,7 @@ lib: $(LIBOBJ) 148 | 149 | subdirs: 150 | echo $(EDIRS) 151 | - @target=all; $(RECURSIVE_MAKE) 152 | + +@target=all; $(RECURSIVE_MAKE) 153 | 154 | files: 155 | $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO 156 | @@ -128,7 +128,7 @@ install: 157 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ 158 | done; \ 159 | fi 160 | - @target=install; $(RECURSIVE_MAKE) 161 | + +@target=install; $(RECURSIVE_MAKE) 162 | 163 | tags: 164 | ctags $(SRC) 165 | --- a/test/Makefile 166 | +++ b/test/Makefile 167 | @@ -139,7 +139,7 @@ install: 168 | tags: 169 | ctags $(SRC) 170 | 171 | -tests: exe apps $(TESTS) 172 | +tests: exe $(TESTS) 173 | 174 | apps: 175 | @(cd ..; $(MAKE) DIRS=apps all) 176 | @@ -557,7 +557,7 @@ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFT 177 | # fi 178 | 179 | dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) 180 | - @target=dummytest; $(BUILD_CMD) 181 | + +@target=dummytest; $(BUILD_CMD) 182 | 183 | # DO NOT DELETE THIS LINE -- make depend depends on it. 184 | 185 | -------------------------------------------------------------------------------- /net/bondlink/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2016 OpenWrt.org 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | PKG_NAME:=bondlink 11 | PKG_VERSION:=1.0 12 | PKG_RELEASE:=1 13 | 14 | PKG_SOURCE:= 15 | PKG_SOURCE_URL:= 16 | PKG_MD5SUM:= 17 | 18 | PKG_MAINTAINER:=dl12345 dl12345@github.com 19 | PKG_LICENSE:=GPL v3 20 | 21 | PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) 22 | 23 | include $(INCLUDE_DIR)/kernel.mk 24 | include $(INCLUDE_DIR)/package.mk 25 | 26 | PATCH_NAME:=999-bonding-empty-mac-address.patch 27 | PATCH_FILE:=patches-$(KERNEL_PATCHVER)/$(PATCH_NAME) 28 | PATCH_TARGET:=$(TOPDIR)/target/linux/generic/patches-$(KERNEL_PATCHVER) 29 | 30 | define Package/bondlink 31 | CATEGORY:=Network 32 | TITLE:=Link bonding support 33 | DEPENDS:=+kmod-bonding +firewall +openvpn-openssl +ip-full +socat +python 34 | endef 35 | 36 | define Package/bondlink/description 37 | Kernel module for bonding multiple internet links 38 | This module replaces the kernel bonding driver with a 39 | modified version patched to allow the bonding of point 40 | to point interfaces. This driver will likely break 41 | other bonding applications. 42 | 43 | BEFORE launching a top-level or a kernel make, you 44 | MUST call this package's prepare target in order to 45 | install the patch in the kernel source. The patch will 46 | be installed in the kernel package target patches 47 | folder and will persist across a make clean 48 | 49 | make package/bondlink/prepare V=s 50 | 51 | Failure to perform this step will not install the patch 52 | to the bonding driver and the scripts will not work. 53 | endef 54 | 55 | define Build/Prepare 56 | $(CP) $(PATCH_FILE) $(PATCH_TARGET) 57 | endef 58 | 59 | define Build/Configure 60 | endef 61 | 62 | define Build/Compile 63 | endef 64 | 65 | define Package/bondlink/conffiles 66 | /etc/config/bonding 67 | endef 68 | 69 | define Package/bondlink-base-files/description 70 | This package contains base files for the bondlink package 71 | endef 72 | 73 | define Package/bondlink/install 74 | $(INSTALL_DIR) $(1)/etc/init.d 75 | $(INSTALL_DIR) $(1)/etc/bonding 76 | $(INSTALL_DIR) $(1)/etc/config 77 | $(INSTALL_DIR) $(1)/etc/hotplug.d/iface 78 | $(INSTALL_DIR) $(1)/etc/uci-defaults 79 | $(INSTALL_DIR) $(1)/usr/bin 80 | $(INSTALL_CONF) files/etc/config/bonding $(1)/etc/config/bonding 81 | $(INSTALL_BIN) files/etc/uci-defaults/update-config.sh $(1)/etc/uci-defaults/update-config.sh 82 | $(INSTALL_BIN) files/etc/init.d/bonding $(1)/etc/init.d/bonding 83 | $(INSTALL_BIN) files/etc/bonding/bonding-preup.sh $(1)/etc/bonding/bonding-preup.sh 84 | $(INSTALL_BIN) files/etc/bonding/bonding-up.sh $(1)/etc/bonding/bonding-up.sh 85 | $(INSTALL_BIN) files/etc/bonding/ifdown-local $(1)/etc/bonding/ifdown-local 86 | $(INSTALL_BIN) files/etc/bonding/tun0-down.sh $(1)/etc/bonding/tun0-down.sh 87 | $(INSTALL_BIN) files/etc/bonding/tun0-up.sh $(1)/etc/bonding/tun0-up.sh 88 | $(INSTALL_BIN) files/etc/bonding/tun1-down.sh $(1)/etc/bonding/tun1-down.sh 89 | $(INSTALL_BIN) files/etc/bonding/tun1-up.sh $(1)/etc/bonding/tun1-up.sh 90 | $(INSTALL_BIN) files/etc/bonding/watchbond.sh $(1)/etc/bonding/watchbond.sh 91 | $(INSTALL_BIN) files/etc/bonding/ifup-local $(1)/etc/bonding/ifup-local 92 | $(INSTALL_BIN) files/etc/bonding/restartbonding.sh $(1)/etc/bonding/restartbonding.sh 93 | $(INSTALL_BIN) files/etc/hotplug.d/iface/60-local $(1)/etc/hotplug.d/iface/60-local 94 | $(INSTALL_BIN) files/usr/bin/speedtest_cli $(1)/usr/bin/speedtest_cli 95 | endef 96 | 97 | define Package/bondlink/postinst 98 | #!/bin/sh /etc/rc.common 99 | 100 | # Add the bonding interface to the WAN zone 101 | # and basic configuration to network and 102 | # firewall config to support the bonding 103 | # of two internet links 104 | 105 | if [ -n "$${IPKG_INSTROOT}" ]; then 106 | rm -f /etc/uci_defaults/upgrade-config.sh 107 | exit 0 108 | fi 109 | 110 | append_to_firewall_and_network_config() { 111 | 112 | 113 | cat >> /etc/config/network <> /etc/config/firewall <> /etc/config/openvpn < /dev/null 16 | echo "-${1}" > /sys/class/net/${BONDIF}/bonding/slaves 2> /dev/null 17 | 18 | exit $? 19 | 20 | fi 21 | 22 | done 23 | 24 | # Otherwise do nothing 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/bonding/tun0-up.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | BONDIF="bond0" 4 | TUN=${1} 5 | SLAVES=$(cat /sys/class/net/${BONDIF}/bonding/slaves) 6 | 7 | # If it's already a slave then do nothing 8 | 9 | for i in ${SLAVES}; do 10 | 11 | if [ $i == ${TUN} ]; then 12 | 13 | exit 0 14 | 15 | fi 16 | 17 | done 18 | 19 | # Otherwise add it as a slave - this will occur if the link goes down and openvpn re-establishes it 20 | # since we're removing it as a slave on a tunnel down event. 21 | 22 | ifconfig ${1} down 2> /dev/null 23 | echo "+${1}" > /sys/class/net/${BONDIF}/bonding/slaves 2> /dev/null 24 | ifconfig ${1} up 2> /dev/null 25 | 26 | 27 | exit $? 28 | 29 | 30 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/bonding/tun1-down.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | BONDIF="bond0" 4 | TUN=${1} 5 | SLAVES=$(cat /sys/class/net/${BONDIF}/bonding/slaves) 6 | 7 | # Check if it's a slave and if so then remove it from the list of slaves 8 | # Failure to do so will result in packet loss as the bonding driver continues 9 | # to round robin packets onto a disconnected interface 10 | 11 | for i in ${SLAVES}; do 12 | 13 | if [ $i == ${TUN} ]; then 14 | 15 | ifconfig ${1} down 2> /dev/null 16 | echo "-${1}" > /sys/class/net/${BONDIF}/bonding/slaves 2> /dev/null 17 | 18 | exit $? 19 | 20 | fi 21 | 22 | done 23 | 24 | # Otherwise do nothing 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/bonding/tun1-up.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | BONDIF="bond0" 4 | TUN=${1} 5 | SLAVES=$(cat /sys/class/net/${BONDIF}/bonding/slaves) 6 | 7 | # If it's already a slave then do nothing 8 | 9 | for i in ${SLAVES}; do 10 | 11 | if [ $i == ${TUN} ]; then 12 | 13 | exit 0 14 | 15 | fi 16 | 17 | done 18 | 19 | # Otherwise add it as a slave - this will occur if the link goes down and openvpn re-establishes it 20 | # since we're removing it as a slave on a tunnel down event. 21 | 22 | ifconfig ${1} down 2> /dev/null 23 | echo "+${1}" > /sys/class/net/${BONDIF}/bonding/slaves 2> /dev/null 24 | ifconfig ${1} up 2> /dev/null 25 | 26 | 27 | exit $? 28 | 29 | 30 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/bonding/watchbond.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Adapted from /usr/bin/watchcat.sh 3 | 4 | watchbond() 5 | { 6 | local period="$1"; local pinghosts="$2"; local pingperiod="$3"; local command="${4}" 7 | 8 | time_now="$(cat /proc/uptime)" 9 | time_now="${time_now%%.*}" 10 | time_lastcheck="$time_now" 11 | time_lastcheck_withinternet="$time_now" 12 | 13 | logger -p daemon.info -t "watchbond[$$]" "Monitoring bond link every ${pingperiod} seconds. Restart enabled after ${period} seconds" 14 | 15 | # sleep for 10 seconds to give the tunnels time to initialize 16 | 17 | sleep 10 18 | 19 | while true 20 | do 21 | # account for the time ping took to return. With a ping time of 5s, ping might take more 22 | # than that, so it is important to avoid even more delay. 23 | 24 | time_now="$(cat /proc/uptime)" 25 | time_now="${time_now%%.*}" 26 | time_diff="$((time_now-time_lastcheck))" 27 | 28 | [ "$time_diff" -lt "$pingperiod" ] && { 29 | sleep_time="$((pingperiod-time_diff))" 30 | sleep "$sleep_time" 31 | } 32 | 33 | time_now="$(cat /proc/uptime)" 34 | time_now="${time_now%%.*}" 35 | time_lastcheck="$time_now" 36 | 37 | for host in "$pinghosts" 38 | do 39 | if ping -c 1 "$host" &> /dev/null 40 | then 41 | time_lastcheck_withinternet="$time_now" 42 | else 43 | time_diff="$((time_now-time_lastcheck_withinternet))" 44 | logger -p daemon.info -t "watchbond[$$]" "no internet connectivity for $time_diff seconds. Resetting bond when reaching $period" 45 | fi 46 | done 47 | 48 | time_diff="$((time_now-time_lastcheck_withinternet))" 49 | if [ "$time_diff" -ge "$period" ]; then 50 | logger -p daemon.info -t "watchbond[$$]" "Resetting with ${4}" 51 | eval "${4}" 52 | fi 53 | 54 | done 55 | } 56 | 57 | watchbond "$1" "$2" "$3" "$4" 58 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/config/bonding: -------------------------------------------------------------------------------- 1 | # Internet link 1 - defaults should be fine. Change the server IP to your server 2 | 3 | config link 'link0' 4 | option interface 'wan0' 5 | option tunnel 'tun0' 6 | option local_port '1194' 7 | option remote_port '1194' 8 | # 9 | # The IP address of the data centre server 10 | # 11 | option server '172.0.0.1' 12 | 13 | option routing_table 'link0' 14 | option active '1' 15 | 16 | # Internet link 2 - defaults should be fine. Change the server IP to your server 17 | 18 | config link 'link1' 19 | option interface 'wan1' 20 | option tunnel 'tun1' 21 | option local_port '1195' 22 | option remote_port '1195' 23 | # 24 | # The IP address of the data centre server 25 | # 26 | option server '172.0.0.1' 27 | 28 | option routing_table 'link1' 29 | 30 | config interface 'bond' 31 | option ifname 'bond0' 32 | # 33 | # A private IP address to assign to the local end of the bond link 34 | # 35 | option ipaddr '10.0.0.2' 36 | option netmask '255.255.255.0' 37 | # 38 | # The private IP address of the remote end of the bond link - this must be on the 39 | # same network as the local IP address 40 | # 41 | option remote_ipaddr '10.0.0.1' 42 | # 43 | # Specifies whether to run the watchdog process that restarts the link on loss of connectivity 44 | # 45 | option watchdog '1' 46 | # 47 | # The IP address of the host to ping. This can be, for example, your server IP of a Google DNS server 48 | # 49 | option watchdog_ip '8.8.8.8' 50 | # 51 | # Amount of seconds between pings 52 | # 53 | option watchdog_period '5' 54 | # 55 | # timeout after which action script is called 56 | # 57 | option watchdog_timeout '30' 58 | # 59 | # Action script to call in case of loss of link connectivity 60 | # 61 | option watchdog_action '/etc/bonding/restartbonding.sh' 62 | 63 | # Don't change the values below unless you have a good reason to do so and you understand what you're doing 64 | 65 | config openvpn 66 | option client '1' 67 | option dev_type 'tun' 68 | option proto 'udp' 69 | option fragment '1400' 70 | option mssfix '1' 71 | option persist_key '1' 72 | option persist_tun '1' 73 | option replay_window '512' 74 | option mute_replay_warnings '1' 75 | option verb '2' 76 | option cipher 'AES-256-CBC' 77 | # 78 | # Generate your certificates and keys with openssl 79 | # These are certificates and keys of your local openwrt router 80 | # 81 | option ca '/etc/openvpn/ca.crt' 82 | option cert '/etc/openvpn/openwrt.crt' 83 | option key '/etc/openvpn/openwrt.key' 84 | option dh '/etc/openvpn/dh.pem' 85 | option tls_auth '/etc/openvpn/ta.key 1' 86 | option ns_cert_type 'server' 87 | option tls_client '1' 88 | option txqueuelen '1000' 89 | option keepalive '5 30' 90 | option nice '-20' 91 | option fast_io '1' 92 | option replay_window '256 60' 93 | option key_method '2' 94 | option reneg_sec '3600' 95 | option tran_window '900' 96 | option comp_lzo '1' 97 | option script_security '2' 98 | option up_delay '1' 99 | 100 | # Don't change the values below unless you have a good reason to do so and you understand what you're doing 101 | 102 | config openvpn-server 103 | option server '1' 104 | option dev_type 'tun' 105 | option proto 'udp' 106 | option fragment '1400' 107 | option mssfix '1' 108 | option persist_key '1' 109 | option persist_tun '1' 110 | option replay_window '512' 111 | option mute_replay_warnings '1' 112 | option verb '2' 113 | option cipher 'AES-256-CBC' 114 | # 115 | # Generate your certificates and keys with openssl 116 | # These are the certificates and keys of the server 117 | # 118 | option ca '/etc/openvpn/ca.crt' 119 | option cert '/etc/openvpn/server.crt' 120 | option key '/etc/openvpn/server.key' 121 | option dh '/etc/openvpn/dh.pem' 122 | option tls_auth '/etc/openvpn/ta.key 0' 123 | option ns_cert_type 'server' 124 | option tls_server '1' 125 | option txqueuelen '1000' 126 | option keepalive '5 15' 127 | option nice '-20' 128 | option fast_io '1' 129 | option replay_window '256 60' 130 | option key_method '2' 131 | option reneg_sec '3600' 132 | option tran_window '900' 133 | option comp_lzo '1' 134 | option script_security '2' 135 | option up_delay '1' 136 | 137 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/hotplug.d/iface/60-local: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [[ "$ACTION" == "ifup" ]] 4 | then 5 | if [ -x /etc/scripts/ifup-$INTERFACE ]; then 6 | source /etc/scripts/ifup-$INTERFACE 7 | fi 8 | fi 9 | if [[ "$ACTION" == "ifdown" ]] 10 | then 11 | if [ -x /etc/scripts/ifdown-$INTERFACE ]; then 12 | source /etc/scripts/ifdown-$INTERFACE 13 | fi 14 | fi 15 | 16 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/init.d/bonding: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # Copyright (C) 2006-2011 OpenWrt.org 3 | 4 | . $IPKG_INSTROOT/lib/functions/network.sh 5 | 6 | START=99 7 | USE_PROCD=1 8 | PROG=bonding 9 | DELAY=5 10 | 11 | LIST_SEP=" 12 | " 13 | 14 | IPBINARY="/usr/sbin/ip" 15 | ROUTEBINARY="/sbin/route" 16 | IFCONFIGBINARY="/sbin/ifconfig" 17 | OPENVPNBINARY="/usr/sbin/openvpn" 18 | SYSFSROOT="/sys/class/net" 19 | BONDING_MASTERS="bonding_masters" 20 | RUNDIR="/var/run" 21 | CONFDIR="/var/etc" 22 | PREUPSCRIPT="/etc/bonding/bonding-preup.sh" 23 | UPSCRIPT="/etc/bonding/bonding-up.sh" 24 | PREDOWNSCRIPT="/etc/bonding/bonding-predown.sh" 25 | DOWNSCRIPT="/etc/bonding/bonding-down.sh" 26 | WATCHBOND="/etc/bonding/watchbond.sh" 27 | WATCHDOGACTION="/etc/init.d/bonding restart" 28 | MANAGEMENT_INTERFACE="1" 29 | 30 | EXTRA_COMMANDS="d_start d_stop status test" 31 | EXTRA_HELP=" d_start Start in debug mode (no action taken) 32 | d_stop Stop in debug mode (no action taken) 33 | status Show bonding status 34 | test Run speedtest (requires python and python-expat)" 35 | 36 | LOGGER="logger -t ${PROG}" 37 | #LOGGER="echo" 38 | 39 | logmessage () 40 | { 41 | ${LOGGER} "$@" 42 | } 43 | 44 | shell_command() 45 | { 46 | if [ -z "${DEBUG}" ]; then 47 | logmessage "${2}" 48 | eval "${2}" 49 | else 50 | debug "${1}: ${2}" 51 | fi 52 | 53 | } 54 | 55 | # add_source_route(routing table, wanip) 56 | del_source_route() 57 | { 58 | 59 | local function_name="del_source_route" 60 | local routecmd 61 | 62 | debug "${function_name}: routing_table=${1} wanip=${2}" 63 | 64 | routecmd="${IPBINARY} rule del from ${2} 2> /dev/null" 65 | shell_command "${function_name}" "${routecmd}" 66 | 67 | routecmd="${IPBINARY} route del default table ${1} 2> /dev/null" 68 | shell_command "${function_name}" "${routecmd}" 69 | 70 | } 71 | 72 | # add_source_route(routing table, wan_interface, wanip, gateway) 73 | add_source_route() 74 | { 75 | 76 | local function_name="add_source_route" 77 | local routecmd 78 | local device 79 | 80 | debug "${function_name}: routing_table=${1} wan_interface=${2} wanip=${3} gateway=${4}" 81 | 82 | network_get_device device ${2} 83 | if [ -z "${device}" ]; then 84 | logmessage "Unable to locate physical device name for logical interface ${2}" 85 | return 1 86 | fi 87 | debug "${function_name}: ${2} has device ${device}" 88 | 89 | routecmd="$IPBINARY rule add from ${3} lookup ${1}" 90 | shell_command "${function_name}" "${routecmd}" 91 | 92 | routecmd="${IPBINARY} route add default via ${4} table ${1} dev ${device}" 93 | shell_command "${function_name}" "${routecmd}" 94 | } 95 | 96 | 97 | 98 | 99 | # setup_default_route $bond_remoteip 100 | setup_default_route() 101 | { 102 | 103 | local function_name="setup_default_route" 104 | local routecmd 105 | local bond_remoteip 106 | 107 | config_get bond_remoteip "bond" remote_ipaddr 108 | if [ -z "${bond_remoteip}" ]; then 109 | logmessage "No bond remote ip specified for ${1}" 110 | return 1 111 | fi 112 | 113 | routecmd="${ROUTEBINARY} delete default" 114 | shell_command "${function_name}" "${routecmd}" 115 | 116 | routecmd="${ROUTEBINARY} add default gw ${bond_remoteip}" 117 | shell_command "${function_name}" "${routecmd}" 118 | } 119 | 120 | setup_bonding_interface() 121 | { 122 | local tunnel_devices_list; eval tunnel_devices_list=\$${1} 123 | local function_name="setup_bonding_interface" 124 | local bondcmd 125 | local bond_interface 126 | local bond_localip 127 | local bond_netmask 128 | local expr 129 | 130 | config_get bond_interface "bond" ifname 131 | if [ -z "${bond_interface}" ]; then 132 | logmessage "No bond interface specified for ${1}" 133 | return 1 134 | fi 135 | config_get bond_localip "bond" ipaddr 136 | if [ -z "${bond_localip}" ]; then 137 | logmessage "No bond ip specified for ${1}" 138 | return 1 139 | fi 140 | 141 | config_get bond_netmask "bond" netmask 142 | if [ -z "${bond_netmask}" ]; then 143 | logmessage "No bond netmask specified for ${1}" 144 | return 1 145 | fi 146 | 147 | debug "${function_name}: interface=${bond_interface} ip=${bond_localip} netmask=${bond_netmask} slaves=${tunnel_devices_list}" 148 | 149 | # reset the bonding by first removing the bond interface if it's already present in bonding_masters 150 | 151 | expr="$(cat ${SYSFSROOT}/${BONDING_MASTERS} | sed -n "s/.*\(${bond_interface}\).*/\1/p")" 152 | if [ -n "${expr}" ]; then 153 | bondcmd="echo -${expr} > ${SYSFSROOT}/${BONDING_MASTERS}" 154 | shell_command "${function_name}" "${bondcmd}" 155 | fi 156 | 157 | bondcmd="echo +${bond_interface} > ${SYSFSROOT}/${BONDING_MASTERS}" 158 | shell_command "${function_name}" "${bondcmd}" 159 | 160 | # add the previously parsed tunnel devices as slaves 161 | 162 | if [ -n "${tunnel_devices_list}" ]; then 163 | for i in ${tunnel_devices_list} ; do 164 | 165 | # must down the tun inferface first otherwise the add will fail 166 | 167 | bondcmd="ifconfig ${i} down" 168 | shell_command "${function_name}" "${bondcmd}" 169 | 170 | bondcmd="echo \"${i}\" > ${SYSFSROOT}/${bond_interface}/bonding/slaves" 171 | shell_command "${function_name}" "${bondcmd}" 172 | 173 | bondcmd="ifconfig ${i} up" 174 | shell_command "${function_name}" "${bondcmd}" 175 | 176 | done 177 | fi 178 | 179 | # ifconfig and up the bonding device 180 | 181 | bondcmd="${IFCONFIGBINARY} ${bond_interface} ${bond_localip} netmask ${bond_netmask}" 182 | shell_command "${function_name}" "${bondcmd}" 183 | 184 | } 185 | 186 | delete_bonding_interface() 187 | { 188 | local function_name="del_bonding_interface" 189 | local bondcmd 190 | local bond_interface 191 | local expr 192 | 193 | config_get bond_interface "bond" ifname 194 | if [ -z "${bond_interface}" ]; then 195 | logmessage "No bond interface specified for ${1}" 196 | return 1 197 | fi 198 | 199 | debug "${function_name}: interface=${bond_interface} ip=${bond_localip} netmask=${bond_netmask} slaves=${tunnel_devices_list}" 200 | 201 | # reset the bonding by removing the bond interface from bonding_masters 202 | 203 | expr="$(cat ${SYSFSROOT}/${BONDING_MASTERS} | sed -n "s/.*\(${bond_interface}\).*/\1/p")" 204 | if [ -n "${expr}" ]; then 205 | bondcmd="echo -${expr} > ${SYSFSROOT}/${BONDING_MASTERS}" 206 | shell_command "${function_name}" "${bondcmd}" 207 | fi 208 | 209 | } 210 | 211 | append_bools() 212 | { 213 | local p; local v; local s="${1}"; shift 214 | for p in $*; do 215 | config_get v "${s}" "${p}" 216 | IFS="${LIST_SEP}" 217 | for v in ${v}; do 218 | [ -n "${v}" ] && ( 219 | echo ""${p}"" | sed -e 's|_|-|g' >> ${config_file} 220 | ) 221 | done 222 | unset IFS 223 | done 224 | } 225 | 226 | append_params() 227 | { 228 | local p; local v; local s="${1}"; shift 229 | for p in $*; do 230 | config_get v "${s}" "${p}" 231 | IFS="${LIST_SEP}" 232 | for v in ${v}; do 233 | [ -n "${v}" ] && ( 234 | echo ""${p}" "${v}"" | sed -e 's|_|-|g' >> ${config_file} 235 | ) 236 | done 237 | unset IFS 238 | done 239 | } 240 | 241 | append_params_quotes() 242 | { 243 | local p; local v; local s="${1}"; shift 244 | for p in $*; do 245 | config_get v "${s}" "${p}" 246 | IFS="${LIST_SEP}" 247 | for v in ${v}; do 248 | [ -n "${v}" ] && ( 249 | echo -n "\""${p} | sed -e 's|/|\\/|g;s|_|-|g' >> ${config_file}; \ 250 | echo "\": \""${v}"\"," >> ${config_file} 251 | ) 252 | done 253 | unset IFS 254 | done 255 | } 256 | 257 | openvpn_add_instance() 258 | { 259 | local function_name="openvpn_add_instance" 260 | local syslog="${1}" 261 | local dir="${2}" 262 | local conf="${3}" 263 | local cmd 264 | 265 | cmd="${OPENVPNBINARY} --syslog \"${syslog}\" --cd ${dir} --config ${conf}" 266 | logmessage "${cmd}" 267 | 268 | procd_open_instance 269 | procd_set_param command "${OPENVPNBINARY}" 270 | procd_append_param command --syslog "${syslog}" --cd "${dir}" --config "${conf}" 271 | #procd_set_param file "${dir}/${conf}" 272 | procd_close_instance 273 | } 274 | 275 | start_openvpn() 276 | { 277 | local function_name="start_openvpn" 278 | local z; eval z=\$${1} 279 | local syslog 280 | 281 | 282 | for i in ${z}; do 283 | syslog="$(echo ${i} | awk -F '\/' '{print $NF}' | sed "s/\([A-Za-z0-9_].*\)\.conf/\1/")" 284 | debug "start_openvpn: ${OPENVPNBINARY} --cd ${CONFDIR} --syslog openvpn(${syslog}) --config ${i}" 285 | if [ -z "${DEBUG}" ]; then 286 | openvpn_add_instance "openvpn(${syslog})" "${CONFDIR}" "${i}" 287 | else 288 | echo "DEBUG is set" 289 | fi 290 | done 291 | 292 | } 293 | 294 | configure_link() 295 | { 296 | local s="${1}"; local v; 297 | local function_name="configure_link" 298 | local expr 299 | local openvpncmd 300 | 301 | local interface 302 | local tunnel 303 | local local_port 304 | local remote_port 305 | local server 306 | local local_ipaddr 307 | local routing_table 308 | local gateway 309 | 310 | [ ! -d "${RUNDIR}" ] && mkdir -p "${RUNDIR}" 311 | [ ! -d "${CONFDIR}" ] && mkdir -p "${CONFDIR}" 312 | 313 | config_file="${CONFDIR}/${1}.conf" 314 | [ -f "${config_file}" ] && rm "${config_file}" 315 | 316 | debug "${function_name}: writing config file ${config_file}" 317 | 318 | config_get interface "${1}" interface 319 | if [ -z "${interface}" ]; then 320 | logmessage "No wan interface specified for ${1}" 321 | return 1 322 | fi 323 | 324 | network_get_ipaddr local_ipaddr ${interface} 325 | if [ -z "${local_ipaddr}" ]; then 326 | logmessage "No ip address specified for interface ${interface}" 327 | return 1 328 | fi 329 | 330 | # wait until the wan link is up 331 | 332 | while ! network_is_up ${interface} ; do 333 | debug "${function_name}" "waiting for interface ${interface} to come up" 334 | sleep $DELAY 335 | done 336 | 337 | config_get tunnel "${1}" tunnel 338 | if [ -z "${tunnel}" ]; then 339 | logmessage "No tunnel device name specified for ${1}" 340 | return 1 341 | fi 342 | config_get local_port "${1}" local_port 343 | if [ -z "${local_port}" ]; then 344 | logmessage "No local port specified for ${1}" 345 | return 1 346 | fi 347 | config_get remote_port "${1}" remote_port 348 | if [ -z "${remote_port}" ]; then 349 | logmessage "No remote port specified for ${1}" 350 | return 1 351 | fi 352 | 353 | config_get server "${1}" server 354 | if [ -z "${server}" ]; then 355 | logmessage "No server ip specified for ${1}" 356 | return 1 357 | fi 358 | 359 | config_get routing_table "${1}" routing_table 360 | if [ -z "${routing_table}" ]; then 361 | logmessage "No routing table specified for ${1}" 362 | return 1 363 | fi 364 | 365 | network_get_gateway gateway ${interface} 1 366 | if [ -z "${gateway}" ]; then 367 | logmessage "No gateway specified for ${1}" 368 | return 1 369 | fi 370 | 371 | echo "dev ${tunnel}" >> ${config_file} 372 | echo "remote ${server} ${remote_port}" >> ${config_file} 373 | echo "port ${local_port}" >> ${config_file} 374 | echo "local ${local_ipaddr}" >> ${config_file} 375 | 376 | if [ "${MANAGEMENT_INTERFACE}" == "1" ]; then 377 | echo "management ${RUNDIR}/openvpn-${1}.sockd unix" >> ${config_file} 378 | fi 379 | 380 | # the tunnel devices list is iteratively built up through successive calls 381 | 382 | bond_tunnel_devices="$bond_tunnel_devices +${tunnel}" 383 | 384 | # create the tunnel devices 385 | 386 | openvpncmd="$OPENVPNBINARY --mktun --dev-type tun --dev ${tunnel} > /dev/null 2>&1" 387 | shell_command "${function_name}" "$openvpncmd" 388 | 389 | # Remove any prior source routes before adding them 390 | 391 | del_source_route ${routing_table} ${local_ipaddr} 392 | add_source_route ${routing_table} ${interface} ${local_ipaddr} ${gateway} 393 | 394 | config_foreach read_openvpn_config 'openvpn' ${config_file} 395 | openvpn_instances="${openvpn_instances} ${config_file}" 396 | 397 | } 398 | 399 | disable_link() 400 | { 401 | local s="${1}"; local v; 402 | local function_name="disable_link" 403 | local cmd 404 | 405 | local interface 406 | local routing_table 407 | local local_ipaddr 408 | local active 409 | local gateway 410 | 411 | config_get interface "${1}" interface 412 | if [ -z "${interface}" ]; then 413 | logmessage "No wan interface specified for ${1}" 414 | return 1 415 | fi 416 | 417 | config_get routing_table "${1}" routing_table 418 | if [ -z "${routing_table}" ]; then 419 | logmessage "No routing table specified for ${1}" 420 | return 1 421 | fi 422 | 423 | network_get_ipaddr local_ipaddr ${interface} 424 | if [ -z "${local_ipaddr}" ]; then 425 | logmessage "No ip address specified for interface ${interface}" 426 | return 1 427 | fi 428 | 429 | # determine if this is the link that would normally hold the default route 430 | 431 | config_get active "${1}" active 432 | 433 | network_get_gateway gateway ${interface} 1 434 | if [ -z "${gateway}" ]; then 435 | logmessage "No gateway specified for ${1}" 436 | return 1 437 | fi 438 | 439 | # Remove any prior source routes before adding them 440 | del_source_route ${routing_table} ${local_ipaddr} 441 | 442 | 443 | if [ "$active" == "1" ]; then 444 | cmd="${ROUTEBINARY} add default gw ${gateway}" 445 | shell_command "${function_name}" "${cmd}" 446 | fi 447 | 448 | } 449 | 450 | read_openvpn_config() 451 | { 452 | local s="${1}" 453 | 454 | config_file=${2} 455 | 456 | 457 | [ ! -d "${RUNDIR}" ] && mkdir -p "${RUNDIR}" 458 | [ ! -d "${CONFDIR}" ] && mkdir -p "${CONFDIR}" 459 | 460 | 461 | # append flags 462 | append_bools "$s" \ 463 | auth_nocache auth_retry auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \ 464 | client_to_client comp_lzo comp_noadapt disable \ 465 | disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \ 466 | ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \ 467 | management_query_passwords management_signal mktun mlock mtu_test mssfix multihome mute_replay_warnings \ 468 | nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \ 469 | persist_remote_ip persist_tun ping_timer_rem pull push_reset \ 470 | remote_random rmtun route_noexec route_nopull single_session socks_proxy_retry \ 471 | suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \ 472 | tun_ipv6 up_restart username_as_common_name 473 | 474 | # append params 475 | append_params "$s" \ 476 | askpass auth auth_user_pass auth_user_pass_verify bcast_buffers ca cert \ 477 | chroot cipher client_config_dir client_connect client_disconnect connect_freq \ 478 | connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \ 479 | engine explicit_exit_notify fragment group hand_window hash_size \ 480 | http_proxy http_proxy_option http_proxy_timeout ifconfig ifconfig_pool \ 481 | ifconfig_pool_persist ifconfig_push inactive ipchange iroute keepalive \ 482 | key key_method keysize learn_address link_mtu lladdr local log log_append \ 483 | lport management management_log_cache max_clients \ 484 | max_routes_per_client mode mtu_disc mute nice ns_cert_type ping \ 485 | ping_exit ping_restart pkcs12 plugin port port_share prng proto rcvbuf \ 486 | redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \ 487 | reneg_bytes reneg_pkts reneg_sec \ 488 | replay_persist replay_window resolv_retry route route_delay route_gateway \ 489 | route_metric route_up rport script_security secret server server_bridge setenv shaper sndbuf \ 490 | socks_proxy status status_version syslog tcp_queue_limit tls_auth \ 491 | tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ 492 | tun_mtu tun_mtu_extra txqueuelen up_delay user verb down push up 493 | 494 | } 495 | 496 | link_status() 497 | { 498 | local function_name="link_status" 499 | local domain_socket 500 | local routing_table 501 | local tunnel 502 | local socatbin 503 | 504 | if [ "${MANAGEMENT_INTERFACE}" != "1" ]; then 505 | return 1 506 | fi 507 | socatbin="$(which socat)" 508 | if [ -z "${socatbin}" ]; then 509 | logmessage "Cannot locate socat binary" 510 | fi 511 | 512 | domain_socket="$RUNDIR/openvpn-${1}.sockd" 513 | if [ -f "${domain_socket}" ]; then 514 | logmessage "No domain socket found for ${1}" 515 | fi 516 | 517 | config_get tunnel "${1}" tunnel 518 | if [ -z "${tunnel}" ]; then 519 | logmessage "Cannot find tunnel device for ${1}" 520 | return 1 521 | fi 522 | 523 | echo 524 | echo -n "${1} connection state: " 525 | echo -e "state" | ${socatbin} - UNIX-CONNECT:\"${domain_socket}\" | sed "3,$ d" | sed "1,1 d" 526 | echo 527 | ifconfig ${tunnel} 528 | echo -e "status" | ${socatbin} - UNIX-CONNECT:\"${domain_socket}\" | sed "1,3 d" | sed "10,$ d" | sed "s/\(^.*\)/\\t \1/" 529 | 530 | config_get bond_interface "bond" ifname 531 | if [ -z "${bond_interface}" ]; then 532 | logmessage "No bond interface specified for ${1}" 533 | return 1 534 | fi 535 | 536 | echo 537 | 538 | } 539 | 540 | start_watchdog() 541 | { 542 | local s="" 543 | local bond_gateway 544 | local watchdog 545 | local watchdog_ip 546 | local watchdog_period='10' 547 | local watchdog_timeout='60' 548 | local watchdog_action="${WATCHDOGACTION}" 549 | 550 | if [ -n "${DEBUG}" ]; then 551 | return 0 552 | fi 553 | 554 | config_get watchdog "bond" watchdog 555 | if [ -z ${watchdog} ]; then 556 | return 0 557 | fi 558 | 559 | config_get bond_gateway "bond" remote_ipaddr 560 | config_get watchdog_ip "bond" watchdog_ip ${bond_gateway} 561 | config_get watchdog_period "bond" watchdog_period '10' 562 | config_get watchdog_timeout "bond" watchdog_timeout '60' 563 | config_get watchdog_action "bond" watchdog_action "/etc/init.d/bonding restart" 564 | 565 | procd_open_instance 566 | procd_set_param command "${WATCHBOND}" 567 | procd_append_param command "${watchdog_timeout}" "${watchdog_ip}" "${watchdog_period}" "${watchdog_action}" 568 | procd_close_instance 569 | } 570 | 571 | 572 | boot() 573 | { 574 | QUIET=1 575 | /usr/sbin/modprobe ${PROG} > /dev/null 2>&1 576 | start 577 | } 578 | 579 | d_start() 580 | { 581 | DEBUG="echo" 582 | start 583 | } 584 | 585 | d_stop() 586 | { 587 | DEBUG="echo" 588 | stop 589 | } 590 | 591 | restart_service() 592 | { 593 | return 0 594 | } 595 | 596 | start_service() 597 | { 598 | local function_name="start" 599 | local expr 600 | 601 | if [ -f "${PREUPSCRIPT}" ]; then 602 | shell_command "start_service" "${PREUPSCRIPT}" 603 | fi 604 | 605 | expr="$(lsmod | grep ${PROG})" 606 | if [ -z "${expr}" ]; then 607 | logmessage "Bonding module not loaded" 608 | return 1 609 | fi 610 | 611 | config_load 'bonding' 612 | 613 | 614 | # this is a little ugly, but we can't pass parameters in to the callback by reference 615 | # and we need to parse the config sections completely before setting up the bond device. 616 | # append the tunnel devices and config files onto a local variable that we can use later 617 | 618 | local bond_tunnel_devices="" 619 | local openvpn_instances="" 620 | config_foreach configure_link 'link' 621 | 622 | setup_bonding_interface bond_tunnel_devices 623 | 624 | start_openvpn openvpn_instances 625 | 626 | setup_default_route 627 | 628 | start_watchdog 629 | 630 | if [ -f "${UPSCRIPT}" ]; then 631 | shell_command "start_service" "${UPSCRIPT}" 632 | fi 633 | } 634 | 635 | stop_service() 636 | { 637 | local function_name="stop" 638 | local expr 639 | 640 | if [ -f "${PREDOWNSCRIPT}" ]; then 641 | shell_command "start_service" "${PREDOWNSCRIPT}" 642 | fi 643 | 644 | config_load 'bonding' 645 | 646 | local bond_tunnel_devices="" 647 | local openvpn_instances="" 648 | config_foreach disable_link 'link' 649 | 650 | delete_bonding_interface 651 | 652 | if [ -f "${DOWNSCRIPT}" ]; then 653 | shell_command "start_service" "${DOWNSCRIPT}" 654 | fi 655 | } 656 | 657 | 658 | status() 659 | { 660 | local function_name="status" 661 | 662 | config_load 'bonding' 663 | 664 | config_foreach link_status 'link' 665 | 666 | config_get bond_interface "bond" ifname 667 | if [ -z "${bond_interface}" ]; then 668 | logmessage "No bond interface specified for ${1}" 669 | return 1 670 | fi 671 | 672 | echo 673 | echo "Bonding device ${bond_interface} status:" 674 | echo 675 | ifconfig ${bond_interface} 676 | } 677 | 678 | test() 679 | { 680 | local function_name="status" 681 | local pythonbin="$(which python)" 682 | local pythonexpat="$(opkg find python-expat)" 683 | local speedtest="$(which speedtest_cli)" 684 | 685 | if [ -z "${pythonbin}" ]; then 686 | logmessage "Python is not installed" 687 | return 1 688 | fi 689 | 690 | if [ -z "${pythonexpat}" ]; then 691 | logmessage "Python expat module is not installed" 692 | return 1 693 | fi 694 | 695 | if [ -z "${speedtest}" ]; then 696 | wget -O /usr/bin/speedtest_cli --no-check-certificate \ 697 | https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py 698 | chmod 755 /usr/bin/speedtest_cli 699 | fi 700 | 701 | local bond_interface 702 | local bond_ipaddr 703 | 704 | config_load 'bonding' 705 | 706 | config_get bond_interface "bond" ifname 707 | if [ -z "${bond_interface}" ]; then 708 | logmessage "No bond interface specified" 709 | return 1 710 | fi 711 | 712 | if ! network_is_up "${bond_interface}" ; then 713 | logmessage "Bond interface ${bond_interface} is not up" 714 | return 1 715 | fi 716 | 717 | config_get bond_ipaddr "bond" ipaddr 718 | if [ -z "${bond_ipaddr}" ]; then 719 | logmessage "Cannot retrieve ip address for ${bond_interface}" 720 | return 1 721 | fi 722 | 723 | echo "Testing speed from source ip ${bond_ipaddr}..." 724 | 725 | speedtest_cli --source ${bond_ipaddr} ${@} 726 | } 727 | -------------------------------------------------------------------------------- /net/bondlink/files/etc/uci-defaults/update-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | 3 | # Add the bonding interface to the WAN zone 4 | # and basic configuration to network and 5 | # firewall config to support the bonding 6 | # of two internet links 7 | 8 | . $IPKG_INSTROOT/lib/config/uci.sh 9 | 10 | append_to_firewall_and_network_config() { 11 | 12 | 13 | cat >> /etc/config/network <> /etc/config/firewall <> /etc/config/openvpn <params.fail_over_mac = BOND_FOM_ACTIVE; 6 | netdev_warn(bond_dev, "Setting fail_over_mac to active for active-backup mode\n"); 7 | - } else { 8 | + } /*else { 9 | netdev_err(bond_dev, "The slave device specified does not support setting the MAC address, but fail_over_mac is not set to active\n"); 10 | res = -EOPNOTSUPP; 11 | goto err_undo_flags; 12 | - } 13 | + } */ 14 | } 15 | } 16 | 17 | @@ -1355,7 +1355,7 @@ int bond_enslave(struct net_device *bond 18 | memcpy(addr.sa_data, bond_dev->dev_addr, bond_dev->addr_len); 19 | addr.sa_family = slave_dev->type; 20 | res = dev_set_mac_address(slave_dev, &addr); 21 | - if (res) { 22 | + if (res && res != -EOPNOTSUPP) { 23 | netdev_dbg(bond_dev, "Error %d calling set_mac_address\n", res); 24 | goto err_restore_mtu; 25 | } 26 | --------------------------------------------------------------------------------