├── AntiDNSPoisoning.md ├── DualLinePPTPVPN.md ├── LICENSE ├── OptimizePPTPVPN.md ├── PPTPVPN.md ├── README.md ├── UsePackage.md ├── kernel_patch ├── 12.09 │ ├── 989-pptp_accept_seq_window.patch │ ├── 990-arc4_add_ecd.patch │ ├── 991-arc4_use_u32_for_ctx.patch │ └── 992-arc4_openssl_high_perf.patch ├── 14.07 │ ├── 989-pptp_accept_seq_window.patch │ └── 991-arc4_openssl_high_perf.patch └── 15.05 │ ├── 989-pptp_accept_seq_window.patch │ └── 991-arc4_openssl_high_perf.patch └── packages ├── 12.09 ├── ar71xx │ └── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_ar71xx.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk ├── brcm2708 │ └── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_brcm2708.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk ├── brcm47xx │ └── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_brcm47xx.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk ├── brcm63xx │ └── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_brcm63xx.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk └── x86 │ └── generic │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_x86.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk ├── 14.07 ├── ar71xx │ └── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_ar71xx.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk ├── brcm2708 │ └── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_brcm2708.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk ├── brcm47xx │ ├── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_brcm47xx.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk │ └── mips74k │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_brcm47xx.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk ├── brcm63xx │ └── generic │ │ ├── Packages │ │ ├── Packages.gz │ │ ├── fastdns_0.1.4_brcm63xx.ipk │ │ ├── gfw-dualpptp_0.2_all.ipk │ │ └── gfw-vpn_0.2.2_all.ipk └── x86 │ └── generic │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_x86.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk └── 15.05 ├── ar71xx └── generic │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_ar71xx.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk ├── bcm53xx └── generic │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_bcm53xx.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk ├── brcm2708 ├── bcm2708 │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_brcm2708.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk └── bcm2709 │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_brcm2708.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk ├── brcm47xx ├── generic │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_brcm47xx.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk └── mips74k │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_brcm47xx.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk ├── brcm63xx └── generic │ ├── Packages │ ├── Packages.gz │ ├── fastdns_0.1.4_brcm63xx.ipk │ ├── gfw-dualpptp_0.2_all.ipk │ └── gfw-vpn_0.2.2_all.ipk └── x86 ├── 64 ├── Packages ├── Packages.gz ├── fastdns_0.1.4_x86_64.ipk ├── gfw-dualpptp_0.2_all.ipk └── gfw-vpn_0.2.2_all.ipk └── generic ├── Packages ├── Packages.gz ├── fastdns_0.1.4_x86.ipk ├── gfw-dualpptp_0.2_all.ipk └── gfw-vpn_0.2.2_all.ipk /AntiDNSPoisoning.md: -------------------------------------------------------------------------------- 1 | # 介绍 2 | 由于GFW的域名黑名单是不断变化的,如果所有DNS查询都走VPN会丧失CDN加速功能,经常出现本地电信线路,但是却访问网站的联通线路,而且当VPN线路不稳定的时候,会影响所有网站的访问。如果使用域名白名单或黑名单,对于经常访问外国网站的用户,体验很不好,需要用户自己维护域名列表。 3 | 该文章介绍如何通过自建DNS递归服务器来防止DNS污染,但是又不会失去本地DNS的CDN加速功能。 4 | 5 | # 原理 6 | 分析: 7 | * 对于一个DNS请求,递归服务器是从根域名开始查询的,然后再查询顶级域名服务器,再逐级查到所请求的域名,这个过程如果配合[gfw-vpn](PPTPVPN.md)通过VPN连接位于国外的域名服务器可以避免GFW污染,而如果待查询的域名服务器在国内则通过本地线路连接,这样得到的结果也是经过CDN加速的了(国内域名不存在被污染的问题,有关部门可以直接拔网线)。 8 | 9 | 好处: 10 | * 只要能建立一条到国外的VPN线路,不管GFW怎么折腾,DNS查询结果都不会被污染,同时也是经过CDN加速的 11 | 12 | 坏处: 13 | * DNS查询需要通过VPN通道,如果VPN不稳定,会影响域名解析,进而导致网页打不开 14 | * DNS解析延迟相比直接使用 114.114.114.114 和 8.8.8.8 之类的公共域名解析服务器要高不少,因为 114.114.114.114 和 8.8.8.8 用的人多,很多域名都在缓存里,可以立即返回结果。 15 | 16 | # 解决方法1 - 使用 [fastdns](https://github.com/hackgfw/fastdns) 17 | * **使用预编译的 [fastdns](packages) 或根据 [UsePackage](UsePackage.md) 自己编译安装** 18 | * **执行 /etc/init.d/fastdns enable 将 fastdns 设置为自动启动** 19 | * **修改 /etc/config/dhcp 禁用 dnsmasq 的 DNS 解析功能,在选项里加入一行** 20 | ``` 21 | option port '0' 22 | ``` 23 | * **由于关闭 dnsmasq 的 DNS 功能后,dnsmasq 不会在DHCP应答里推送 DNS 服务器,因此还需要在 /etc/config/dhcp 里手动指定 DNS 服务器,找到类似** 24 | ``` 25 | config dhcp 'lan' 26 | option interface 'lan' 27 | option start '64' 28 | option limit '63' 29 | option leasetime '12h' 30 | ``` 31 | 加入一行 list dhcp_option '6,0.0.0.0' 32 | ``` 33 | config dhcp 'lan' 34 | option interface 'lan' 35 | option start '64' 36 | option limit '63' 37 | option leasetime '12h' 38 | list dhcp_option '6,0.0.0.0' 39 | ``` 40 | 如果还需要指定更多的备用服务器可以用 list dhcp_option '6,0.0.0.0,8.8.8.8' 41 | * **最后重启路由器** 42 | * fastdns 的安全性不如 bind, 如果你对安全比较在意, 请使用解决方法2 43 | * 默认 fastdns 是链接到 libstdcpp(uclibc++性能太差了), 因此安装时需要装两个包, 体积比较大, 如果你之前没有安装过 libstdcpp, 可以考虑静态链接, 将 Makefile 中的 44 | ``` 45 | DEPENDS += +libstdcpp +librt 46 | ``` 47 | 替换为 48 | ``` 49 | DEPENDS += +librt 50 | ``` 51 | 再将 52 | ``` 53 | CXXFLAGS="$$$$CXXFLAGS -DNDEBUG -fno-exceptions -fno-builtin -fno-rtti" \ 54 | ``` 55 | 替换为 56 | ``` 57 | CXXFLAGS="$$$$CXXFLAGS -DNDEBUG -fno-exceptions -fno-builtin -fno-rtti -static-libstdc++" \ 58 | ``` 59 | 60 | # 解决方法2 - 使用 bind 61 | * **执行 opkg update 更新软件仓库列表** 62 | * **执行 opkg install bind-server 安装递归解析服务器** 63 | * **执行 /etc/init.d/named enable 将 bind 设置为自动启动** 64 | * **参照解决方法1禁用 dnsmasq 的 DNS 解析功能并设置推送 DNS 服务器** 65 | * **最后重启路由器** 66 | * bind 的启动顺序比较靠前,有时甚至在网络初始化之前,导致其找不到正确的网络接口,可以在 /etc/bind/named.conf 中找到 67 | ``` 68 | options { 69 | directory "/tmp"; 70 | 71 | // If your ISP provided one or more IP addresses for stable 72 | // nameservers, you probably want to use them as forwarders. 73 | // Uncomment the following block, and insert the addresses replacing 74 | // the all-0's placeholder. 75 | 76 | // forwarders { 77 | // 0.0.0.0; 78 | // }; 79 | ...... 80 | ...... 81 | ...... 82 | }; 83 | ``` 84 | 加入一行 interface-interval 1; 85 | ``` 86 | options { 87 | directory "/tmp"; 88 | 89 | // If your ISP provided one or more IP addresses for stable 90 | // nameservers, you probably want to use them as forwarders. 91 | // Uncomment the following block, and insert the addresses replacing 92 | // the all-0's placeholder. 93 | 94 | // forwarders { 95 | // 0.0.0.0; 96 | // }; 97 | interface-interval 1; 98 | ...... 99 | ...... 100 | ...... 101 | }; 102 | ``` 103 | 另其每分钟都重新查询网络接口 104 | * 如果之前有安装 gfw-dns,可以通过 opkg remove gfw-dns 卸载 105 | -------------------------------------------------------------------------------- /DualLinePPTPVPN.md: -------------------------------------------------------------------------------- 1 | # 介绍 2 | 通常VPN连接都是单线的,而中美线路经常抽风,如果VPN线路遇到丢包或断线会非常影响翻墙体验。该文章介绍如何通过两条冗余的VPN连接来避免断线及丢包 3 | 4 | 5 | # 前期准备 6 | * 两台国外服务器,均需要有root权限以修改服务器设置。OpenVZ服务器即可,不过需要OpenVZ加载对应的内核模块。另外还需要公网ip或位于Stateless NAT后,即只映射ip而不改变端口(例如ec2的NAT) 7 | * 一台运行 Openwrt 12.09、14.07或15.05的路由器且必须能取得公网IP (位于Stateless NAT后或许也可以,不过未测试过) 8 | * 给Openwrt使用的内核pptp打补丁,详见[OptimizePPTPVPN](OptimizePPTPVPN.md) 9 | 10 | 11 | # 原理 12 | 通常的VPN线路: 13 | ``` 14 | 客户端----------VPN服务器---------互联网 15 | ``` 16 | 由于客户端到VPN服务器的线路是跨国界的,经常遇到断线丢包,而VPN服务器到互联网的连接质量相比之下要好很多,所以重点就是如何保证客户端到VPN服务器的连接质量。该文的目标是通过建立冗余的客户端到VPN服务器线路以应对断线和丢包: 17 | ``` 18 | 客户端------------主VPN服务器-----------互联网 19 | | | 20 | ----------------辅VPN服务器 21 | ``` 22 | 主VPN服务器和辅VPN服务器的区别是谁来作为访问互联网的出口。客户端------主VPN服务器----互联网 这部分和普通的VPN连接是相同的,只是客户端还会建立一条到辅VPN服务器的VPN连接,并且把所有发往主VPN服务器的数据通过tee模块抄送一份到辅VPN服务器,而辅VPN服务器收到数据后,会通过主VPN服务器和辅VPN服务器之间预先建立好的VPN连接将数据包路由到主VPN服务器,这样主VPN服务器就会收到两份数据,同理客户端也会收到两份主VPN服务器的数据,最终客户端到互联网的延迟将是两条链路中延迟最低的那条,而丢包也将极大的改善。 23 | 24 | 具体来讲这是依靠pptp程序对于乱序数据包重组来实现的。在两条线路都没有丢包的情况下,或者只有延迟高的线路丢包,那么pptp会直接将后收到的重复数据包丢弃。但是如果延迟低的线路有丢包,比如现在pptp从延迟低的线路上收到了标号为1、2、4、5的数据包,但是没有收到3号数据包,pptp会把4、5号数据包已收到但3号包未收到这3条信息保存下来,如果之后还陆续收到6、7、8、9号包,那么需要保存的信息就越来越多,因此pptp默认只保存最近300ms的信息,如果3号包超过300ms后才从延迟高的线路上,则3号包将直接被丢弃。 25 | 26 | 举例来说吧(以下均假设两条线路的丢包率不相关,即丢包并非因为本地带宽不足或其他等因素): 27 | 1. 客户端到主VPN服务器的丢包率是10%,延迟是150ms,客户端到辅VPN服务器的丢包率是0%,延迟是250ms,那么最终客户端到互联网将没有丢包,延迟会在150ms到250ms之间波动。如果客户端到主VPN服务器的丢包率上升到100%即断线,那么延迟将稳定在250ms 28 | 2. 客户端到主VPN服务器的丢包率是10%,延迟是150ms,客户端到辅VPN服务器的丢包率是10%,延迟是250ms,那么最终客户端到互联网的丢包率=1-10%*10%=1%,延迟会在150ms到250ms之间波动。 29 | 3. 客户端到主VPN服务器的丢包率是10%,延迟是150ms,客户端到辅VPN服务器的丢包率是0%,延迟是550ms,最终客户端到互联网的丢包率将为10%,延迟将保持在150ms,除非客户端到主VPN服务器完全断线。之所以如此是因为pptp默认最多缓存300ms内收到的数据包信息。 30 | 31 | 32 | # 解决方法 33 | * **使用预编译的 [gfw-dualpptp](packages) 或根据 [UsePackage](UsePackage.md) 自己编译安装到Openwrt路由器上** 34 | * **修改所有主机(主/辅VPN服务器和Openwrt)上的 /etc/sysctl.conf 加入** 35 | 36 | ``` 37 | net.ipv4.conf.default.rp_filter=0 38 | net.ipv4.conf.all.rp_filter=0 39 | ``` 40 | * **在主VPN服务器上建立VPN服务,设定分配地址为10.66.6.0/24,** 41 | * **在主VPN服务器上建立到辅VPN拨号,创建 /etc/ppp/peers/bvpn 并输入** 42 | 43 | ``` 44 | pty "pptp secondary.example.com --nolaunchpppd" 45 | noauth 46 | require-mschap-v2 47 | require-mppe-128 48 | name sdual 49 | nodefaultroute 50 | maxfail 0 51 | holdoff 30 52 | persist 53 | remotename bvpn 54 | ipparam bvpn 55 | file /etc/ppp/options.pptp 56 | ``` 57 | 替换 secondary.example.com 为辅VPN的IP地址 58 | * **在主VPN服务器上设定自动拨号到辅VPN并预先建立iptables chain,在 /etc/rc.local 中加入** 59 | 60 | ``` 61 | iptables -t mangle -N dupgre 62 | pon bvpn 63 | ``` 64 | * **在主VPN服务器上建立VPN帐号,在 /etc/ppp/chap-secrets 中加入** 65 | 66 | ``` 67 | sdual * password * 68 | client * password 10.66.6.66 69 | ``` 70 | 上面的password是密码,可以替换成其他值,不过需要保持和辅VPN及客户端的密码一致 71 | * **在主VPN服务器上创建 /etc/ppp/ip-up.d/ip-up-client ,将该文件设置成可执行,并输入如下内容** 72 | 73 | ```bash 74 | #!/bin/bash 75 | 76 | # These variables are for the use of the scripts run by run-parts 77 | PPP_IFACE="$1"; 78 | PPP_TTY="$2"; 79 | PPP_SPEED="$3"; 80 | PPP_LOCAL="$4"; 81 | PPP_REMOTE="$5"; 82 | PPP_IPPARAM="$6"; 83 | 84 | addduprule() { 85 | ifconfig $PPP_IFACE mtu 1380 86 | iptables -t mangle -I OUTPUT -d $PPP_IPPARAM -j dupgre 87 | } 88 | 89 | if [ "$PPP_REMOTE" == "10.66.6.66" ]; then 90 | addduprule 91 | fi 92 | ``` 93 | * **在主VPN服务器上创建 /etc/ppp/ip-down.d/ip-down-client ,将该文件设置成可执行,并输入如下内容** 94 | 95 | ```bash 96 | #!/bin/bash 97 | 98 | # These variables are for the use of the scripts run by run-parts 99 | PPP_IFACE="$1"; 100 | PPP_TTY="$2"; 101 | PPP_SPEED="$3"; 102 | PPP_LOCAL="$4"; 103 | PPP_REMOTE="$5"; 104 | PPP_IPPARAM="$6"; 105 | 106 | delduprule() { 107 | iptables -t mangle -D OUTPUT -d $PPP_IPPARAM -j dupgre 108 | } 109 | 110 | if [ "$PPP_REMOTE" == "10.66.6.66" ]; then 111 | delduprule 112 | fi 113 | ``` 114 | * **在主VPN服务器上创建 /etc/ppp/ip-up.d/ip-up-dupgre ,将该文件设置成可执行,并输入如下内容** 115 | 116 | 注:因为我用了ec2 ubuntu 12.04做主VPN,因此需要NAT内网和外网ip,把10.123.82.34替换成ec2的内网ip,把34.123.238.192替换成ec2的外网ip,另外还需要安装 xtable-addons 以便使用RAWSNAT和RAWDNAT,如果你的服务器是外网ip请把 "# fix ec2 internal address" 后面几行删除 117 | 118 | ```bash 119 | #!/bin/bash 120 | 121 | # These variables are for the use of the scripts run by run-parts 122 | PPP_IFACE="$1"; 123 | PPP_TTY="$2"; 124 | PPP_SPEED="$3"; 125 | PPP_LOCAL="$4"; 126 | PPP_REMOTE="$5"; 127 | PPP_IPPARAM="$6"; 128 | 129 | dupgre() { 130 | ifconfig $PPP_IFACE mtu 1448 131 | 132 | # fix ec2 internal address 133 | iptables -t raw -I OUTPUT -o $PPP_IFACE -s 10.123.82.34 -j RAWSNAT --to-source 34.123.238.192 134 | iptables -t raw -I OUTPUT -o $PPP_IFACE -j NOTRACK 135 | iptables -t raw -I PREROUTING -i $PPP_IFACE -d 34.123.238.192 -j RAWDNAT --to-destination 10.123.82.34 136 | iptables -t raw -I PREROUTING -i $PPP_IFACE -j NOTRACK 137 | 138 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2001880b && 0>>22&0x3C@8>>24=0xFD" -j TEE --gateway $PPP_REMOTE 139 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3001880b && 0>>22&0x3C@12>>24=0xFD" -j TEE --gateway $PPP_REMOTE 140 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2081880b && 0>>22&0x3C@12>>24=0xFD" -j TEE --gateway $PPP_REMOTE 141 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3081880b && 0>>22&0x3C@16>>24=0xFD" -j TEE --gateway $PPP_REMOTE 142 | 143 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2001880b && 0>>22&0x3C@8=0xFF0300FD" -j TEE --gateway $PPP_REMOTE 144 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3001880b && 0>>22&0x3C@12=0xFF0300FD" -j TEE --gateway $PPP_REMOTE 145 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2081880b && 0>>22&0x3C@12=0xFF0300FD" -j TEE --gateway $PPP_REMOTE 146 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3081880b && 0>>22&0x3C@16=0xFF0300FD" -j TEE --gateway $PPP_REMOTE 147 | 148 | iptables -t mangle -I dupgre -p tcp --sport 1723 -m u32 --u32 "0>>22&0x3C@12>>26&0x3C@2>>16=0x1 && 0>>22&0x3C@12>>26&0x3C@8>>16=0x5:0x6" -j TEE --gateway $PPP_REMOTE 149 | iptables -t mangle -I dupgre -p tcp --dport 1723 -m u32 --u32 "0>>22&0x3C@12>>26&0x3C@2>>16=0x1 && 0>>22&0x3C@12>>26&0x3C@8>>16=0x5:0x6" -j TEE --gateway $PPP_REMOTE 150 | 151 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2001880b && 0>>22&0x3C@8>>8=0xC02109:0xC0210A" -j TEE --gateway $PPP_REMOTE 152 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3001880b && 0>>22&0x3C@12>>8=0xC02109:0xC0210A" -j TEE --gateway $PPP_REMOTE 153 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2081880b && 0>>22&0x3C@12>>8=0xC02109:0xC0210A" -j TEE --gateway $PPP_REMOTE 154 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3081880b && 0>>22&0x3C@16>>8=0xC02109:0xC0210A" -j TEE --gateway $PPP_REMOTE 155 | 156 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2001880b && 0>>22&0x3C@8=0xFF03C021 && 0>>22&0x3C@12>>24=0x09:0x0A" -j TEE --gateway $PPP_REMOTE 157 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3001880b && 0>>22&0x3C@12=0xFF03C021 && 0>>22&0x3C@16>>24=0x09:0x0A" -j TEE --gateway $PPP_REMOTE 158 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x2081880b && 0>>22&0x3C@12=0xFF03C021 && 0>>22&0x3C@16>>24=0x09:0x0A" -j TEE --gateway $PPP_REMOTE 159 | iptables -t mangle -I dupgre -p 47 -m u32 --u32 "0>>22&0x3C@4>>16=0x1:0xFFFF && 0>>22&0x3C@0=0x3081880b && 0>>22&0x3C@16=0xFF03C021 && 0>>22&0x3C@20>>24=0x09:0x0A" -j TEE --gateway $PPP_REMOTE 160 | } 161 | 162 | 163 | if [ "$PPP_IPPARAM" == "bvpn" ]; then 164 | dupgre 165 | fi 166 | ``` 167 | * **在主VPN服务器上创建 /etc/ppp/ip-down.d/ip-down-dupgre ,将该文件设置成可执行,并输入如下内容** 168 | **注:如果用ec2的话同样需要将下面的ip替换掉,否则请把 "# fix ec2 internal address" 后面几行删除** 169 | 170 | ```bash 171 | #!/bin/bash 172 | 173 | # These variables are for the use of the scripts run by run-parts 174 | PPP_IFACE="$1"; 175 | PPP_TTY="$2"; 176 | PPP_SPEED="$3"; 177 | PPP_LOCAL="$4"; 178 | PPP_REMOTE="$5"; 179 | PPP_IPPARAM="$6"; 180 | 181 | deldupgre() { 182 | iptables -t mangle -F dupgre 183 | 184 | # fix ec2 internal address 185 | iptables -t raw -D OUTPUT -o $PPP_IFACE -s 10.123.82.34 -j RAWSNAT --to-source 34.123.238.192 186 | iptables -t raw -D OUTPUT -o $PPP_IFACE -j NOTRACK 187 | iptables -t raw -D PREROUTING -i $PPP_IFACE -d 34.123.238.192 -j RAWDNAT --to-destination 10.123.82.34 188 | iptables -t raw -D PREROUTING -i $PPP_IFACE -j NOTRACK 189 | 190 | } 191 | 192 | if [ "$PPP_IPPARAM" == "bvpn" ]; then 193 | deldupgre 194 | fi 195 | 196 | ``` 197 | * **在辅VPN服务器上建立VPN服务,设定分配地址为10.66.4.0/24,** 198 | * **在辅VPN服务器上建立VPN帐号,在 /etc/ppp/chap-secrets 中加入** 199 | 200 | ``` 201 | sdual * password 10.66.4.67 202 | cdual * password 10.66.4.65 203 | ``` 204 | 上面的password是密码,可以替换成其他值,不过需要保持和主VPN及客户端的密码一致 205 | * **在辅VPN服务器上创建 /etc/ppp/ip-up.d/ip-up-dual ,将该文件设置成可执行,并输入如下内容** 206 | 207 | 注:该脚本允许多个主VPN服务器共用同一个辅VPN服务器 208 | 209 | ```bash 210 | #!/bin/bash 211 | 212 | # These variables are for the use of the scripts run by run-parts 213 | PPP_IFACE="$1"; 214 | PPP_TTY="$2"; 215 | PPP_SPEED="$3"; 216 | PPP_LOCAL="$4"; 217 | PPP_REMOTE="$5"; 218 | PPP_IPPARAM="$6"; 219 | 220 | dual() { 221 | CHKIPROUTE=$(grep dual /etc/iproute2/rt_tables) 222 | if [ -z "$CHKIPROUTE" ]; then 223 | echo "30 dual" >> /etc/iproute2/rt_tables 224 | fi 225 | 226 | ifconfig $PPP_IFACE mtu 1448 227 | 228 | iptables -t mangle -I PREROUTING -i $PPP_IFACE -j MARK --set-mark 0xf222 229 | ip route add table dual $PPP_IPPARAM via $PPP_LOCAL dev $PPP_IFACE 230 | ip rule add fwmark 0xf222 table dual priority 2 231 | } 232 | 233 | if [[ "$PPP_REMOTE" != "${PPP_REMOTE/10.66.4.6/}" ]]; then 234 | dual 235 | fi 236 | ``` 237 | * **在辅VPN服务器上创建 /etc/ppp/ip-down.d/ip-down-dual ,将该文件设置成可执行,并输入如下内容** 238 | 239 | ```bash 240 | #!/bin/bash 241 | 242 | # These variables are for the use of the scripts run by run-parts 243 | PPP_IFACE="$1"; 244 | PPP_TTY="$2"; 245 | PPP_SPEED="$3"; 246 | PPP_LOCAL="$4"; 247 | PPP_REMOTE="$5"; 248 | PPP_IPPARAM="$6"; 249 | 250 | deldual() { 251 | iptables -t mangle -D PREROUTING -i $PPP_IFACE -j MARK --set-mark 0xf222 252 | ip route del table dual $PPP_IPPARAM 253 | ip rule del fwmark 0xf222 table dual priority 2 254 | } 255 | 256 | if [[ "$PPP_REMOTE" != "${PPP_REMOTE/10.66.4.6/}" ]]; then 257 | deldual 258 | fi 259 | ``` 260 | * **参照 [PPTPVPN](PPTPVPN.md) 在Openwrt上创建主/辅VPN链接(可以使用gfw-vpn中的VPN链接作为主VPN,这样只需要创建辅VPN即可),主VPN使用client帐号,辅VPN使用cdual帐号,并将主VPN链接加入到防火墙的wan区域(辅VPN链接不要加入到任何区域中),并在 /etc/config/gfw-vpn 中设置相应的规则** 261 | * **修改Openwrt上的 /etc/config/gfw-dualpptp 使主/辅VPN链接名称和上一步设置中的一致** 262 | * **全部设置好后重启主/辅VPN服务器和Openwrt即可使用双线VPN了** 263 | 264 | # 后记 265 | * 在实际使用中可能需要调整上面脚本及配置中的mtu值以保证ip包不会被拆分, 或因为mtu过小而被丢弃 266 | * 为了更好的性能,也可以给服务器打内核补丁并使用 accel-pptp 作为pptp服务器和客户端。由于服务器的版本众多,如果你感兴趣的话可以手动移植 [kernel_patch](kernel_patch) 到你所使用的服务器上 267 | * **注:如果你同时还在使用multiwan的话可能需要修改Openwrt上 ip-up-wall 脚本中的mark以兼容multiwan** 268 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. {http://fsf.org/} 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | {one line to give the program's name and a brief idea of what it does.} 635 | Copyright (C) {year} {name of author} 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see {http://www.gnu.org/licenses/}. 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | openwrt-gfw Copyright (C) 2012-2014 hackgfw 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | {http://www.gnu.org/licenses/}. 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | {http://www.gnu.org/philosophy/why-not-lgpl.html}. 675 | -------------------------------------------------------------------------------- /OptimizePPTPVPN.md: -------------------------------------------------------------------------------- 1 | # 介绍 2 | Openwrt 12.09、14.07和15.05所用的内核pptp不支持缓存数据包,而这个功能对于双线VPN至关重要,因此该文将解决这个问题,同时优化下性能。 3 | 补丁放在了 [kernel_patch](kernel_patch): 4 | **pptp_accept_seq_window.patch** 为内核pptp加入了缓存数据包的功能,默认是最多缓存0.333秒和最多2048个包,如果你修改该值,请务必保证其为2的N次方,否则在序列号由0xffffffff变为0的时候会出bug。另外判断超时没有使用timer,而是需要有数据包到达,这么做的理由是如果数据包重要的话,对方也会重新发送的,即使对方不发,链路上的定时echo请求也会触发超时判断。 5 | **arc4_add_ecd.patch** 和 **arc4_use_u32_for_ctx.patch** 是backport上游的修改到Openwrt 12.09所用的内核,提升了mppe加密的性能,Openwrt 14.07和15.05不需要打这两个补丁 6 | **arc4_openssl_high_perf.patch** 是将openssl的加密代码移植到内核,加/解密性能提升在路由器上非常明显 7 | 8 | # 解决方法 9 | * 如果使用的是Openwrt 12.09,则将 [12.09](kernel_patch/12.09) 下的4个文件复制到编译环境的 target/linux/generic/patches-3.3 目录,重新编译即可 10 | * 如果使用的是Openwrt 14.07,则将 [14.07](kernel_patch/14.07) 下的2个文件复制到编译环境的 target/linux/generic/patches-3.10 目录,重新编译即可 11 | * 如果使用的是Openwrt 15.05,则将 [15.05](kernel_patch/15.05) 下的2个文件复制到编译环境的 target/linux/generic/patches-3.18 目录,重新编译即可 12 | * 打上补丁后VPN链接的统计信息会放到 /proc/pptp/ 下,例如执行 cat /proc/pptp/pptp-wall 会显示 13 | 14 | ``` 15 | Accepted: 8748724 16 | Under Window: 8654920 17 | Buffered: 238735 18 | Duplicated: 3944 19 | Lost: 1 20 | ``` 21 | 22 | 其中 **Accepted** 是收到实际有效的数据包数量(既交给上层应用的数据包数量) 23 | **Under Window** 有两种情况触发,一种是从较快的VPN链路上已经收到了所有包,之后从较慢的VPN链路上收到的重复包会计入该值。第二种情况是某个包在超时之后才收到,虽然对于VPN链路来说不算丢包,但对于上层应用在之前触发超时的时候就已经发生了丢包 24 | **Buffered** 是收到不连续包的数量,通常是由于其中一条或多条VPN链路不稳定导致,Buffered/Accepted的比值越大说明越不稳定 25 | **Duplicated** 是收到的确定重复的数据包数量。和 Under Window 的区别在于 Under Window 不能确定就是重复包导致的,而 Duplicated 可以保证是重复包造成的。如果没有发生某个包在超时之后才收到,那么 Under Window + Duplicated = 收到的总重复包数量 26 | **Lost** 是最终的丢包数量(既上层应用感知到的丢包数量),这个值通常是从1开始的。如果你发现这个值为0,则说明你使用的VPN服务器有bug 27 | 28 | 对于双线VPN的主链接,Accepted + (Lost - 1) * 2 - Under Window - Duplicated = 主VPN链路的丢包数量 + 辅VPN链路的丢包数量 29 | 对于单线VPN或双线VPN的辅链接,Duplicated应为0,(Lost - 1) - Under Window = VPN链路的丢包数量 30 | 31 | 32 | # 性能测试 33 | 关于pptp在Openwrt 12.09路由器上的性能: 34 | * 不使用VPN直连局域网的测试机器,用iperf(以下测试均在路由器上使用该工具)下载速度 220Mbits/s 35 | * 使用用户态pptp不打任何补丁,下载速度 10Mbits/s 36 | * 使用内核pptp,但不打arc4相关补丁,下载速度 41Mbits/s 37 | * 使用内核pptp,打了arc4_add_ecd和arc4_use_u32_for_ctx两个arc4的补丁,下载速度 46Mbits/s 38 | * 使用内核pptp,打了arc4_openssl_high_perf的arc4的补丁,下载速度 52Mbits/s 39 | * 不使用VPN直连局域网的测试机器,但测试机器使用tc设置发包延迟为3ms±1ms(会造成乱序包,以下均记为3ms±1ms)下载速度 95Mbits/s 40 | * 3ms±1ms,使用内核pptp,但不打arc4相关补丁,下载速度 38Mbits/s 41 | 42 | 关于arc4在Openwrt 12.09路由器上的性能: 43 | * 打了arc4_add_ecd和arc4_use_u32_for_ctx两个补丁,arc4 19.4MBytes/s,对比测试了 AES 128位 8.3MBytes/s,AES 256位 6.1MBytes/s 44 | * 打了arc4_openssl_high_perf补丁后,arc4 28.8MBytes/s,提升接近50% 45 | * 使用 openssl speed测试用户态加密结果为:arc4 34.2MBytes/s; AES 128位 8.4MBytes/s;AES 256位 6.5MBytes/s 46 | 47 | 48 | 路由器上的测试做得不多,因为一旦出问题,我就无网可上了,大部分的测试都是在虚拟机中做的,测试环境为主机E3-1230,虚拟机ubuntu 12.04分配双核及虚拟机openwrt 12.09基于官方固件编译分配单核 49 | 50 | 关于内核加密在ubuntu 12.04上的性能: 51 | AES-128: 233MBytes/s 52 | AES-256: 166MBytes/s 53 | 未打任何补丁的arc4: 182MBytes/s 54 | 打了arc4_add_ecd和arc4_use_u32_for_ctx补丁的arc4: 449MBytes/s 提升147% 55 | 打了arc4_openssl_high_perf补丁的arc4: 515MBytes/s 可以看到在x86上arc4_openssl_high_perf补丁的性能提升远没有在路由器上的提升多,其实补丁里的注释已经解释了原因 56 | 57 | openssl的用户态加密在ubuntu 12.04上的性能: 58 | AES-128: 258MBytes/s 59 | AES-256: 189MBytes/s 60 | arc4: 761MBytes/s 61 | 62 | 63 | 以下测试是虚拟机ubuntu 12.04做VPN服务器(使用用户态pptp),虚拟机openwrt 12.09做客户端,raw表示不经过VPN直连,kvpn表示使用12.09自带的内核VPN,不打任何补丁,pkvpn表示使用打过pptp_accept_seq_window但是没有打arc4相关补丁的内核pptp,以下速度均为在openwrt上测试的下载速度(tcp窗口大小256k) 64 | 65 | | | raw | kvpn | pkvpn | 66 | | -----------------|:-------:| --------:|--------:| 67 | | 无延迟 | 4.5Gb/s | 320Mb/s | 350Mb/s | 68 | | 3ms 延迟 | 300Mb/s | 250Mb/s | 260Mb/s | 69 | | 3ms±1ms 延迟 | 200Mb/s | 3Mb/s | 210Mb/s | 70 | | 200ms 延迟 | 3Mb/s | 3Mb/s | 4.5Mb/s | 71 | | 200ms±50ms 延迟 | 3Mb/s | 0.2Mb/s | 3.5Mb/s | 72 | | 将tcp窗口大小改为8M后 | 73 | | 200ms 延迟 | 12Mb/s | 12Mb/s | 16Mb/s | 74 | | 200ms±50ms 延迟 | 9Mb/s | 2Mb/s | 9Mb/s | 75 | 76 | 可见在有乱序包的情况下,打了补丁的内核vpn速度提升了1-2个数量级。 77 | -------------------------------------------------------------------------------- /PPTPVPN.md: -------------------------------------------------------------------------------- 1 | # 介绍 2 | 该文章介绍如何通过VPN翻墙的同时又能使用本地线路访问国内网络。另外对比其他类似方案通常只是基于ip而不考虑端口,造成p2p流量也走vpn,该文章介绍的方法同时使用目标端口做限定条件,p2p流量即使发往国外,也走本地线路。 3 | 4 | 5 | # 原理 6 | 通过策略路由根据目标/源ip及目标端口来决定走vpn线路还是本地线路。将中国ip加入特定的 ipset 中, 在数据包通过 iptables mangle 表时根据源/目标ip及目标端口判断是否走vpn,并打上mark。使用ip rule设定规则,不同的 mark 走不同的路由表,从而实现访问国内ip使用本地线路,访问外国网站使用vpn线路。同时因为使用了 ip-up ip-down 脚本,当VPN断线时会自动切换至本地线路。 7 | 8 | # 局限 9 | 本地进程发送数据包前需要先选择源IP地址并将其填到数据包中,然后经过netfilter并最终到达网卡,但是策略路由是发生在数据包经过netfilter时,因此之前选择的源IP地址是错误的,需通过NAT更正,但NAT的结果在每个连接的第一个数据包经过netfilter时就已经确定下来了,即使之后路由发生改变,其NAT之后的源IP地址也不会变,导致数据包发往新路由时使用了错误的源IP地址,FORWARD的数据包也有类似的问题。 10 | 目前 gfw-vpn 在vpn连接建立后会清空所有udp连接信息,强制之后的udp包重新NAT,副作用就是即使不需要重新NAT的连接也会被重置,该行为可以通过flush_conntrack选项控制 11 | 12 | # 解决方法 13 | * **使用预编译的 [gfw-vpn](packages) 或根据 [UsePackage](UsePackage.md) 自己编译安装** 14 | * **在 /etc/config/network 中添加vpn连接** 15 | 16 | ``` 17 | config interface 'wall' 18 | option proto 'pptp' 19 | option server 'vpn.example.com' 20 | option username 'username' 21 | option password 'password' 22 | option defaultroute '0' 23 | option auto '1' 24 | ``` 25 | 26 | 替换上面的 server,username,password 为vpn服务器地址、用户名及密码,另外注意上面defaultroute设为0,因为之后会通过 ip-up-wall 脚本添加路由,所以这里不开启默认路由 27 | 28 | * **在 /etc/config/firewall 的wan区域中加入vpn接口,找到类似** 29 | 30 | ``` 31 | config zone 32 | option name wan 33 | option network 'wan' 34 | option input REJECT 35 | option output ACCEPT 36 | option forward REJECT 37 | option masq 1 38 | option mtu_fix 1 39 | ``` 40 | 41 | 在 network 选项中加入 wall 42 | 43 | ``` 44 | config zone 45 | option name wan 46 | option network 'wan wall' 47 | option input REJECT 48 | option output ACCEPT 49 | option forward REJECT 50 | option masq 1 51 | option mtu_fix 1 52 | ``` 53 | 54 | 注:如果你看到的是 list network 'wan' 的话,则再加一行 list network 'wall' 即可 55 | 56 | * 可以根据需要添加/修改/删除 /etc/config/gfw-vpn 中的rule,符合rule的数据包会走VPN,目前只支持tcp和udp协议。其中的interface选项为之前添加的VPN接口名称,不同的rule可以走不同的VPN接口(例如:上网走vpn1,游戏走vpn2) 57 | * 可以根据需要把不翻墙的源ip或目标ip加入 /etc/config/gfw-vpn.whiteip ,例如 58 | 59 | ``` 60 | 192.168.1.129 61 | 65.55.58.201 62 | ``` 63 | 64 | 上面表示所有从192.168.1.129发起的流量以及所有发往65.55.58.201的流量都强制走本地线路。如果不需要的话可以留空 65 | 66 | # 后记 67 | * 上述脚本在每个数据包通过时都会判断条件,如果使用 CONNMARK 仅在连接建立的时候判断条件会导致vpn建立之前就已经存在的连接一直使用本地线路,达不到翻墙的效果 68 | * **注:如果你同时还在使用multiwan的话可能需要修改 ip-up-wall 脚本中的mark以兼容multiwan** 69 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Openwrt的翻墙解决方案 2 | =========== 3 | 4 | # 使用方法 5 | 根据所使用的 Openwrt 版本和 CPU 架构从 [packages](packages) 下载预编译好的ipk包上传到路由器上并执行 opkg update 和 opkg install 安装,如果有兴趣重新编译的话可以参见: [UsePackage](UsePackage.md) 6 | 7 | * fastdns: 使用VPN避免DNS污染,同时还能使用本地CDN: [AntiDNSPoisoning](AntiDNSPoisoning.md) 8 | * gfw-vpn: 通过VPN翻墙的同时又能使用本地线路访问国内网络: [PPTPVPN](PPTPVPN.md) 9 | * gfw-dualpptp: 使用双线VPN翻墙,即使其中一条线路断线也能正常翻墙,同时还能降低丢包率: [DualLinePPTPVPN](DualLinePPTPVPN.md) 10 | * 优化内核pptp性能,同时使其支持缓存数据包功能: [OptimizePPTPVPN](OptimizePPTPVPN.md) 11 | 12 | 13 | # 关于为何写该系列 14 | 我理想中的翻墙方案应该是对用户完全透明,让上网体验就像墙根本不存在一样,只需设置一次,其后不需要任何维护。其次是不能降低安全性,不能因为翻墙而引入新的安全隐患。最后还需要有全平台多设备的支持。但是看目前各翻墙方法都或多或少有些问题,比如: 15 | * Host翻墙:没法上被封ip的网站,需要手动更新,或者等发布者更新,而且更新都是事后的。有安全隐患,发布者可以恶意(或者因为账号被黑)放钓鱼ip在其中。在手机上设置并不容易。 16 | * SSH代理:有tcp over tcp的性能问题,如果软件不支持代理就比较麻烦,需要经常更新代理规则。 17 | * 各种其他代理:自由门、无界之类不开源的都有安全隐患,开源的像goagent会引入中间人攻击隐患,例如2013年初对GitHub的中间人攻击,如果不翻墙的话就会看到浏览器警告,而用goagent使用国内的gae就不会有任何警告,另外同样需要经常更新代理规则。 18 | * 各种VPN:虽然可以通过修改路由表区分国内国外流量,但是没法区分p2p和上网流量,如果挂bt或者emule会有大量流量走VPN。另外虽然可以通过autoddvpn提供DNS CDN功能,但是需要维护域名列表。 19 | 20 | 而本系列解决了: 21 | * DNS CDN的问题,而且不需要维护域名列表,虽然我天天都在用GitHub,但是Github被域名污染我是看了新闻才知道的。整个解决方案只需一次设置,其后就可以不管了。 22 | * 没有引入新的安全问题(fastdns除外),虽然PPTP不安全,但是提供了至少和不翻墙一样的安全程度,HTTP依然是HTTP,HTTPS依然是HTTPS,也不需要在翻墙终端上装任何软件或进行任何设置。 23 | * 全平台多设备支持,因为是设置在路由器上的,所以对路由器后的设备完全透明。 24 | * 基本没有性能损耗,和正常上网的平均(注1)速度一样。 25 | * 虽然用到了中国地区的ip段,但是鉴于ipv4地址也分配的差不多了,这个数据的更新并不频繁,这次更新本系列做了个最新的cn.zone,和我两年前生成的只有20多行不一样。另外即使不更新,也不会撞墙。 26 | * 可以在路由器上安装VPN服务器,这样只要在其他地方拨路由器的VPN即可翻墙 27 | 28 | 注1:不翻墙访问国外网站会遇到有的卡,有的不卡,而用VPN则是要么全部都卡,要么全部都不卡,所以这里说平均。另外用双线VPN可以以本地带宽减半为代价使得访问所有网站都不卡。 29 | 注2:本来想将文章发到国内相关论坛,发现不是邀请注册就是各种发贴限制。其中一个论坛好不容易等了一小时过了见习期,结果要发贴必须上传头像,而头像只能通过flash上传。GFW就是为了阻挡信息传播而生,而这么折腾用户在挡住spam的同时又阻挡了多少信息的传播呢? 30 | -------------------------------------------------------------------------------- /UsePackage.md: -------------------------------------------------------------------------------- 1 | # 使用软件包 2 | 在OpenWrt编译环境下的 feeds.conf 中加入一行 3 | 4 | src-git gfw https://github.com/hackgfw/openwrt-gfw-packages.git 5 | 6 | 然后执行 7 | 8 | ./scripts/feeds update -a 9 | ./scripts/feeds install -a 10 | 11 | 就可以在 make menuconfig 里的 Network 类别下找到 gfw-vpn gfw-dualpptp 及 fastdns 12 | 13 | 关于各包的配置可参见 [README](README.md) 14 | -------------------------------------------------------------------------------- /kernel_patch/12.09/989-pptp_accept_seq_window.patch: -------------------------------------------------------------------------------- 1 | --- a/include/linux/if_pppox.h 2 | +++ b/include/linux/if_pppox.h 3 | @@ -28,6 +28,7 @@ 4 | #include 5 | #endif /* __KERNEL__ */ 6 | #include 7 | +#include 8 | 9 | /* For user-space programs to pick up these definitions 10 | * which they wouldn't get otherwise without defining __KERNEL__ 11 | @@ -167,6 +168,16 @@ struct pptp_opt { 12 | u32 ack_sent, ack_recv; 13 | u32 seq_sent, seq_recv; 14 | int ppp_flags; 15 | + struct sk_buff **skb_buff; 16 | + u32 seq_ahead; 17 | + struct proc_dir_entry *statistics; 18 | + u32 rx_accepted; /* data packet was passed to pptp */ 19 | + u32 rx_underwin; /* data packet was under window (arrived too late 20 | + or duplicate packet) */ 21 | + u32 rx_buffered; /* data packet arrived earlier than expected, 22 | + packet(s) before it were lost or reordered */ 23 | + u32 rx_dup; /* duplicate packet while in buffer */ 24 | + u32 rx_lost; /* packet did not arrive before timeout or buffer is full */ 25 | }; 26 | #include 27 | 28 | --- a/drivers/net/ppp/pptp.c 29 | +++ b/drivers/net/ppp/pptp.c 30 | @@ -12,6 +12,10 @@ 31 | 32 | #include 33 | #include 34 | +#include 35 | +#include 36 | +#include 37 | +#include 38 | #include 39 | #include 40 | #include 41 | @@ -55,11 +59,14 @@ static struct proto pptp_sk_proto __read 42 | static const struct ppp_channel_ops pptp_chan_ops; 43 | static const struct proto_ops pptp_ops; 44 | 45 | +static struct proc_dir_entry *root_proc_entry; 46 | + 47 | #define PPP_LCP_ECHOREQ 0x09 48 | #define PPP_LCP_ECHOREP 0x0A 49 | #define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP) 50 | 51 | -#define MISSING_WINDOW 20 52 | +#define MISSING_WINDOW 2048 /* must be 2^N */ 53 | +#define WINDOWS_TIMEOUT 3 /* in 1/N seconds */ 54 | #define WRAPPED(curseq, lastseq)\ 55 | ((((curseq) & 0xffffff00) == 0) &&\ 56 | (((lastseq) & 0xffffff00) == 0xffffff00)) 57 | @@ -90,6 +97,35 @@ struct pptp_gre_header { 58 | u32 ack; 59 | } __packed; 60 | 61 | +struct pptp_meta { 62 | + u32 seq; 63 | + u32 timestamp; 64 | +}; 65 | + 66 | +static inline struct pptp_meta *get_pptp_meta(struct sk_buff *skb) 67 | +{ 68 | + return (struct pptp_meta *)skb->cb; 69 | +} 70 | + 71 | +static inline void proc_queue(struct pppox_sock *po) 72 | +{ 73 | + struct pptp_opt *opt = &po->proto.pptp; 74 | + struct pptp_meta *meta; 75 | + u32 nowtime=jiffies; 76 | + u32 i; 77 | + for (i=opt->seq_recv+1;i!=opt->seq_ahead+1;i++) 78 | + { 79 | + if (opt->skb_buff[i % MISSING_WINDOW] == NULL) continue; 80 | + meta=get_pptp_meta(opt->skb_buff[i % MISSING_WINDOW]); 81 | + /* check timeout */ 82 | + if (nowtime - meta->timestamp < HZ / WINDOWS_TIMEOUT && i != opt->seq_recv+1) break; 83 | + opt->rx_lost+=i-opt->seq_recv-1; 84 | + opt->seq_recv=i; 85 | + ppp_input(&po->chan, opt->skb_buff[i % MISSING_WINDOW]); 86 | + opt->skb_buff[i % MISSING_WINDOW] = NULL; 87 | + } 88 | +} 89 | + 90 | static struct pppox_sock *lookup_chan(u16 call_id, __be32 s_addr) 91 | { 92 | struct pppox_sock *sock; 93 | @@ -167,6 +203,42 @@ static void del_chan(struct pppox_sock * 94 | synchronize_rcu(); 95 | } 96 | 97 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 10, 0) 98 | +static inline void proc_remove(struct proc_dir_entry *proc_entry) 99 | +{ 100 | + remove_proc_entry(proc_entry->name, root_proc_entry); 101 | +} 102 | +static inline void *PDE_DATA(const struct inode *inode) 103 | +{ 104 | + return PDE(inode)->data; 105 | +} 106 | +#endif 107 | + 108 | +static int pptp_proc_show(struct seq_file *m, void *v) 109 | +{ 110 | + struct pptp_opt *opt = (struct pptp_opt *)m->private; 111 | + seq_printf(m, "Accepted: %u\nUnder Window: %u\nBuffered: %u\nDuplicated: %u\nLost: %u\n", 112 | + opt->rx_accepted, 113 | + opt->rx_underwin, 114 | + opt->rx_buffered, 115 | + opt->rx_dup, 116 | + opt->rx_lost); 117 | + return 0; 118 | +} 119 | + 120 | +static int pptp_proc_open(struct inode *inode, struct file *file) 121 | +{ 122 | + return single_open(file, pptp_proc_show, PDE_DATA(inode)); 123 | +} 124 | + 125 | +static const struct file_operations proc_file_fops = { 126 | + .owner = THIS_MODULE, 127 | + .open = pptp_proc_open, 128 | + .read = seq_read, 129 | + .llseek = seq_lseek, 130 | + .release = single_release, 131 | +}; 132 | + 133 | static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) 134 | { 135 | struct sock *sk = (struct sock *) chan->private; 136 | @@ -296,7 +368,9 @@ static int pptp_rcv_core(struct sock *sk 137 | { 138 | struct pppox_sock *po = pppox_sk(sk); 139 | struct pptp_opt *opt = &po->proto.pptp; 140 | - int headersize, payload_len, seq; 141 | + struct pptp_meta *meta=get_pptp_meta(skb); 142 | + int headersize, payload_len; 143 | + u32 seq, seqdiff; 144 | __u8 *payload; 145 | struct pptp_gre_header *header; 146 | 147 | @@ -342,15 +416,37 @@ static int pptp_rcv_core(struct sock *sk 148 | goto drop; 149 | 150 | payload = skb->data + headersize; 151 | - /* check for expected sequence number */ 152 | - if (seq < opt->seq_recv + 1 || WRAPPED(opt->seq_recv, seq)) { 153 | - if ((payload[0] == PPP_ALLSTATIONS) && (payload[1] == PPP_UI) && 154 | - (PPP_PROTOCOL(payload) == PPP_LCP) && 155 | - ((payload[4] == PPP_LCP_ECHOREQ) || (payload[4] == PPP_LCP_ECHOREP))) 156 | + seqdiff=opt->seq_ahead - seq; 157 | + /* check if sequence number too old */ 158 | + if (seqdiff >= opt->seq_ahead - opt->seq_recv && seqdiff < 0x80000000) { 159 | + opt->rx_underwin++; 160 | + } 161 | + /* check if sequence number in window */ 162 | + else if (seqdiff < MISSING_WINDOW) { 163 | + if (opt->skb_buff[seq%MISSING_WINDOW] == NULL) { 164 | goto allow_packet; 165 | + } 166 | + else { 167 | + opt->rx_dup++; 168 | + } 169 | + /* update ahead */ 170 | } else { 171 | - opt->seq_recv = seq; 172 | + for (;opt->seq_ahead != seq;) { 173 | + opt->seq_ahead++; 174 | + if (opt->seq_ahead - opt->seq_recv == MISSING_WINDOW + 1) { 175 | + opt->seq_recv++; 176 | + /* not enough buff, call back anyway */ 177 | + if (opt->skb_buff[opt->seq_recv%MISSING_WINDOW]) ppp_input(&po->chan, opt->skb_buff[opt->seq_recv%MISSING_WINDOW]); 178 | + else opt->rx_lost++; 179 | + opt->skb_buff[opt->seq_recv%MISSING_WINDOW] = NULL; 180 | + } 181 | + } 182 | allow_packet: 183 | + if (!opt->statistics && ppp_dev_name(&po->chan)) opt->statistics = proc_create_data(ppp_dev_name(&po->chan),0444,root_proc_entry,&proc_file_fops,opt); 184 | + opt->rx_accepted++; 185 | + if (opt->seq_recv + 1 != seq) opt->rx_buffered++; 186 | + meta->seq=seq; 187 | + meta->timestamp=jiffies; 188 | skb_pull(skb, headersize); 189 | 190 | if (payload[0] == PPP_ALLSTATIONS && payload[1] == PPP_UI) { 191 | @@ -367,7 +463,8 @@ allow_packet: 192 | 193 | skb->ip_summed = CHECKSUM_NONE; 194 | skb_set_network_header(skb, skb->head-skb->data); 195 | - ppp_input(&po->chan, skb); 196 | + opt->skb_buff[seq%MISSING_WINDOW] = skb; 197 | + proc_queue(po); 198 | 199 | return NET_RX_SUCCESS; 200 | } 201 | @@ -552,6 +649,8 @@ static int pptp_release(struct socket *s 202 | 203 | static void pptp_sock_destruct(struct sock *sk) 204 | { 205 | + if (pppox_sk(sk)->proto.pptp.skb_buff) kfree(pppox_sk(sk)->proto.pptp.skb_buff); 206 | + if (pppox_sk(sk)->proto.pptp.statistics) proc_remove(pppox_sk(sk)->proto.pptp.statistics); 207 | if (!(sk->sk_state & PPPOX_DEAD)) { 208 | del_chan(pppox_sk(sk)); 209 | pppox_unbind_sock(sk); 210 | @@ -585,8 +684,18 @@ static int pptp_create(struct net *net, 211 | po = pppox_sk(sk); 212 | opt = &po->proto.pptp; 213 | 214 | + opt->skb_buff=(struct sk_buff **)kmalloc(sizeof(struct sk_buff *)*MISSING_WINDOW,GFP_KERNEL); 215 | + if (opt->skb_buff == NULL) goto out; 216 | + memset(opt->skb_buff,0,sizeof(struct sk_buff *)*MISSING_WINDOW); 217 | opt->seq_sent = 0; opt->seq_recv = 0xffffffff; 218 | opt->ack_recv = 0; opt->ack_sent = 0xffffffff; 219 | + opt->seq_ahead = 0xffffffff; 220 | + opt->statistics = NULL; 221 | + opt->rx_accepted = 0; 222 | + opt->rx_underwin = 0; 223 | + opt->rx_buffered = 0; 224 | + opt->rx_dup = 0; 225 | + opt->rx_lost = 0; 226 | 227 | error = 0; 228 | out: 229 | @@ -669,10 +778,17 @@ static int __init pptp_init_module(void) 230 | int err = 0; 231 | pr_info("PPTP driver version " PPTP_DRIVER_VERSION "\n"); 232 | 233 | + root_proc_entry = proc_mkdir("pptp", NULL); 234 | + if (!root_proc_entry) { 235 | + pr_err("PPTP: cann't creating /proc/pptp\n"); 236 | + return -EEXIST; 237 | + } 238 | + 239 | callid_sock = vzalloc((MAX_CALLID + 1) * sizeof(void *)); 240 | if (!callid_sock) { 241 | pr_err("PPTP: cann't allocate memory\n"); 242 | - return -ENOMEM; 243 | + err = -ENOMEM; 244 | + goto out_proc_existed; 245 | } 246 | 247 | err = gre_add_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 248 | @@ -701,6 +817,11 @@ out_gre_del_protocol: 249 | gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 250 | out_mem_free: 251 | vfree(callid_sock); 252 | +out_proc_existed: 253 | + if (root_proc_entry) { 254 | + remove_proc_entry("pptp", NULL); 255 | + root_proc_entry = NULL; 256 | + } 257 | 258 | return err; 259 | } 260 | @@ -711,6 +832,10 @@ static void __exit pptp_exit_module(void 261 | proto_unregister(&pptp_sk_proto); 262 | gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 263 | vfree(callid_sock); 264 | + if (root_proc_entry) { 265 | + remove_proc_entry("pptp", NULL); 266 | + root_proc_entry = NULL; 267 | + } 268 | } 269 | 270 | module_init(pptp_init_module); 271 | -------------------------------------------------------------------------------- /kernel_patch/12.09/990-arc4_add_ecd.patch: -------------------------------------------------------------------------------- 1 | --- a/crypto/arc4.c 2 | +++ b/crypto/arc4.c 3 | @@ -11,9 +11,11 @@ 4 | * (at your option) any later version. 5 | * 6 | */ 7 | + 8 | #include 9 | #include 10 | #include 11 | +#include 12 | 13 | #define ARC4_MIN_KEY_SIZE 1 14 | #define ARC4_MAX_KEY_SIZE 256 15 | @@ -48,51 +50,147 @@ static int arc4_set_key(struct crypto_tf 16 | return 0; 17 | } 18 | 19 | -static void arc4_crypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 20 | +static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, 21 | + unsigned int len) 22 | { 23 | - struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); 24 | - 25 | u8 *const S = ctx->S; 26 | - u8 x = ctx->x; 27 | - u8 y = ctx->y; 28 | - u8 a, b; 29 | + u8 x, y, a, b; 30 | + u8 ty, ta, tb; 31 | + 32 | + if (len == 0) 33 | + return; 34 | + 35 | + x = ctx->x; 36 | + y = ctx->y; 37 | 38 | a = S[x]; 39 | y = (y + a) & 0xff; 40 | b = S[y]; 41 | - S[x] = b; 42 | - S[y] = a; 43 | - x = (x + 1) & 0xff; 44 | - *out++ = *in ^ S[(a + b) & 0xff]; 45 | + 46 | + do { 47 | + S[y] = a; 48 | + a = (a + b) & 0xff; 49 | + S[x] = b; 50 | + x = (x + 1) & 0xff; 51 | + ta = S[x]; 52 | + ty = (y + ta) & 0xff; 53 | + tb = S[ty]; 54 | + *out++ = *in++ ^ S[a]; 55 | + if (--len == 0) 56 | + break; 57 | + y = ty; 58 | + a = ta; 59 | + b = tb; 60 | + } while (true); 61 | 62 | ctx->x = x; 63 | ctx->y = y; 64 | } 65 | 66 | -static struct crypto_alg arc4_alg = { 67 | +static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in) 68 | +{ 69 | + arc4_crypt(crypto_tfm_ctx(tfm), out, in, 1); 70 | +} 71 | + 72 | +static int ecb_arc4_crypt(struct blkcipher_desc *desc, struct scatterlist *dst, 73 | + struct scatterlist *src, unsigned int nbytes) 74 | +{ 75 | + struct arc4_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 76 | + struct blkcipher_walk walk; 77 | + int err; 78 | + 79 | + blkcipher_walk_init(&walk, dst, src, nbytes); 80 | + 81 | + err = blkcipher_walk_virt(desc, &walk); 82 | + 83 | + while (walk.nbytes > 0) { 84 | + u8 *wsrc = walk.src.virt.addr; 85 | + u8 *wdst = walk.dst.virt.addr; 86 | + 87 | + arc4_crypt(ctx, wdst, wsrc, walk.nbytes); 88 | + 89 | + err = blkcipher_walk_done(desc, &walk, 0); 90 | + } 91 | + 92 | + return err; 93 | +} 94 | + 95 | +static struct crypto_alg arc4_algs[2] = { { 96 | .cra_name = "arc4", 97 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 98 | .cra_blocksize = ARC4_BLOCK_SIZE, 99 | .cra_ctxsize = sizeof(struct arc4_ctx), 100 | .cra_module = THIS_MODULE, 101 | - .cra_list = LIST_HEAD_INIT(arc4_alg.cra_list), 102 | - .cra_u = { .cipher = { 103 | - .cia_min_keysize = ARC4_MIN_KEY_SIZE, 104 | - .cia_max_keysize = ARC4_MAX_KEY_SIZE, 105 | - .cia_setkey = arc4_set_key, 106 | - .cia_encrypt = arc4_crypt, 107 | - .cia_decrypt = arc4_crypt } } 108 | -}; 109 | + .cra_u = { 110 | + .cipher = { 111 | + .cia_min_keysize = ARC4_MIN_KEY_SIZE, 112 | + .cia_max_keysize = ARC4_MAX_KEY_SIZE, 113 | + .cia_setkey = arc4_set_key, 114 | + .cia_encrypt = arc4_crypt_one, 115 | + .cia_decrypt = arc4_crypt_one, 116 | + }, 117 | + }, 118 | +}, { 119 | + .cra_name = "ecb(arc4)", 120 | + .cra_priority = 100, 121 | + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 122 | + .cra_blocksize = ARC4_BLOCK_SIZE, 123 | + .cra_ctxsize = sizeof(struct arc4_ctx), 124 | + .cra_alignmask = 0, 125 | + .cra_type = &crypto_blkcipher_type, 126 | + .cra_module = THIS_MODULE, 127 | + .cra_u = { 128 | + .blkcipher = { 129 | + .min_keysize = ARC4_MIN_KEY_SIZE, 130 | + .max_keysize = ARC4_MAX_KEY_SIZE, 131 | + .setkey = arc4_set_key, 132 | + .encrypt = ecb_arc4_crypt, 133 | + .decrypt = ecb_arc4_crypt, 134 | + }, 135 | + }, 136 | +} }; 137 | 138 | -static int __init arc4_init(void) 139 | +int crypto_register_algs(struct crypto_alg *algs, int count) 140 | +{ 141 | + int i, ret; 142 | + 143 | + for (i = 0; i < count; i++) { 144 | + ret = crypto_register_alg(&algs[i]); 145 | + if (ret) 146 | + goto err; 147 | + } 148 | + 149 | + return 0; 150 | + 151 | +err: 152 | + for (--i; i >= 0; --i) 153 | + crypto_unregister_alg(&algs[i]); 154 | + 155 | + return ret; 156 | +} 157 | + 158 | +int crypto_unregister_algs(struct crypto_alg *algs, int count) 159 | { 160 | - return crypto_register_alg(&arc4_alg); 161 | + int i, ret; 162 | + 163 | + for (i = 0; i < count; i++) { 164 | + ret = crypto_unregister_alg(&algs[i]); 165 | + if (ret) 166 | + pr_err("Failed to unregister %s %s: %d\n", 167 | + algs[i].cra_driver_name, algs[i].cra_name, ret); 168 | + } 169 | + 170 | + return 0; 171 | } 172 | 173 | +static int __init arc4_init(void) 174 | +{ 175 | + return crypto_register_algs(arc4_algs, ARRAY_SIZE(arc4_algs)); 176 | +} 177 | 178 | static void __exit arc4_exit(void) 179 | { 180 | - crypto_unregister_alg(&arc4_alg); 181 | + crypto_unregister_algs(arc4_algs, ARRAY_SIZE(arc4_algs)); 182 | } 183 | 184 | module_init(arc4_init); 185 | -------------------------------------------------------------------------------- /kernel_patch/12.09/991-arc4_use_u32_for_ctx.patch: -------------------------------------------------------------------------------- 1 | --- a/crypto/arc4.c 2 | +++ b/crypto/arc4.c 3 | @@ -22,8 +22,8 @@ 4 | #define ARC4_BLOCK_SIZE 1 5 | 6 | struct arc4_ctx { 7 | - u8 S[256]; 8 | - u8 x, y; 9 | + u32 S[256]; 10 | + u32 x, y; 11 | }; 12 | 13 | static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, 14 | @@ -39,7 +39,7 @@ static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, 15 | ctx->S[i] = i; 16 | 17 | for (i = 0; i < 256; i++) { 18 | - u8 a = ctx->S[i]; 19 | + u32 a = ctx->S[i]; 20 | j = (j + in_key[k] + a) & 0xff; 21 | ctx->S[i] = ctx->S[j]; 22 | ctx->S[j] = a; 23 | @@ -53,9 +53,9 @@ static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, 24 | static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, 25 | unsigned int len) 26 | { 27 | - u8 *const S = ctx->S; 28 | - u8 x, y, a, b; 29 | - u8 ty, ta, tb; 30 | + u32 *const S = ctx->S; 31 | + u32 x, y, a, b; 32 | + u32 ty, ta, tb; 33 | 34 | if (len == 0) 35 | return; 36 | -------------------------------------------------------------------------------- /kernel_patch/12.09/992-arc4_openssl_high_perf.patch: -------------------------------------------------------------------------------- 1 | --- a/crypto/arc4.c 2 | +++ b/crypto/arc4.c 3 | @@ -30,22 +30,32 @@ static int arc4_set_key(struct crypto_tf 4 | unsigned int key_len) 5 | { 6 | struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); 7 | - int i, j = 0, k = 0; 8 | + register u32 tmp; 9 | + register u32 * d; 10 | + register int id1, id2; 11 | + unsigned int i; 12 | 13 | - ctx->x = 1; 14 | + ctx->x = 0; 15 | ctx->y = 0; 16 | + d=ctx->S; 17 | + id1=id2=0; 18 | 19 | - for (i = 0; i < 256; i++) 20 | - ctx->S[i] = i; 21 | 22 | - for (i = 0; i < 256; i++) { 23 | - u32 a = ctx->S[i]; 24 | - j = (j + in_key[k] + a) & 0xff; 25 | - ctx->S[i] = ctx->S[j]; 26 | - ctx->S[j] = a; 27 | - if (++k >= key_len) 28 | - k = 0; 29 | - } 30 | +#define SK_LOOP(d,n) { \ 31 | + tmp=d[(n)]; \ 32 | + id2 = (in_key[id1] + tmp + id2) & 0xff; \ 33 | + if (++id1 == key_len) id1=0; \ 34 | + d[(n)]=d[id2]; \ 35 | + d[id2]=tmp; } 36 | + 37 | + for (i=0; i < 256; i++) d[i]=i; 38 | + for (i=0; i < 256; i+=4) 39 | + { 40 | + SK_LOOP(d,i+0); 41 | + SK_LOOP(d,i+1); 42 | + SK_LOOP(d,i+2); 43 | + SK_LOOP(d,i+3); 44 | + } 45 | 46 | return 0; 47 | } 48 | @@ -53,38 +63,251 @@ static int arc4_set_key(struct crypto_tf 49 | static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, 50 | unsigned int len) 51 | { 52 | - u32 *const S = ctx->S; 53 | - u32 x, y, a, b; 54 | - u32 ty, ta, tb; 55 | + register u32 *const d = ctx->S; 56 | + register u32 x, y, tx, ty; 57 | + size_t i; 58 | 59 | if (len == 0) 60 | return; 61 | 62 | x = ctx->x; 63 | y = ctx->y; 64 | +#define RC4_CHUNK unsigned long 65 | +#if defined(RC4_CHUNK) 66 | + /* 67 | + * The original reason for implementing this(*) was the fact that 68 | + * pre-21164a Alpha CPUs don't have byte load/store instructions 69 | + * and e.g. a byte store has to be done with 64-bit load, shift, 70 | + * and, or and finally 64-bit store. Peaking data and operating 71 | + * at natural word size made it possible to reduce amount of 72 | + * instructions as well as to perform early read-ahead without 73 | + * suffering from RAW (read-after-write) hazard. This resulted 74 | + * in ~40%(**) performance improvement on 21064 box with gcc. 75 | + * But it's not only Alpha users who win here:-) Thanks to the 76 | + * early-n-wide read-ahead this implementation also exhibits 77 | + * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending 78 | + * on sizeof(RC4_INT)). 79 | + * 80 | + * (*) "this" means code which recognizes the case when input 81 | + * and output pointers appear to be aligned at natural CPU 82 | + * word boundary 83 | + * (**) i.e. according to 'apps/openssl speed rc4' benchmark, 84 | + * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... 85 | + * 86 | + * Cavets. 87 | + * 88 | + * - RC4_CHUNK="unsigned long long" should be a #1 choice for 89 | + * UltraSPARC. Unfortunately gcc generates very slow code 90 | + * (2.5-3 times slower than one generated by Sun's WorkShop 91 | + * C) and therefore gcc (at least 2.95 and earlier) should 92 | + * always be told that RC4_CHUNK="unsigned long". 93 | + * 94 | + * 95 | + */ 96 | + 97 | +# define RC4_STEP ( \ 98 | + x=(x+1) &0xff, \ 99 | + tx=d[x], \ 100 | + y=(tx+y)&0xff, \ 101 | + ty=d[y], \ 102 | + d[y]=tx, \ 103 | + d[x]=ty, \ 104 | + (RC4_CHUNK)d[(tx+ty)&0xff]\ 105 | + ) 106 | + 107 | + if ( ( ((size_t)in & (sizeof(RC4_CHUNK)-1)) | 108 | + ((size_t)out & (sizeof(RC4_CHUNK)-1)) ) == 0 ) 109 | + { 110 | + RC4_CHUNK ichunk,otp; 111 | + const union { long one; char little; } is_endian = {1}; 112 | + 113 | + /* 114 | + * I reckon we can afford to implement both endian 115 | + * cases and to decide which way to take at run-time 116 | + * because the machine code appears to be very compact 117 | + * and redundant 1-2KB is perfectly tolerable (i.e. 118 | + * in case the compiler fails to eliminate it:-). By 119 | + * suggestion from Terrel Larson 120 | + * who also stands for the is_endian union:-) 121 | + * 122 | + * Special notes. 123 | + * 124 | + * - is_endian is declared automatic as doing otherwise 125 | + * (declaring static) prevents gcc from eliminating 126 | + * the redundant code; 127 | + * - compilers (those I've tried) don't seem to have 128 | + * problems eliminating either the operators guarded 129 | + * by "if (sizeof(RC4_CHUNK)==8)" or the condition 130 | + * expressions themselves so I've got 'em to replace 131 | + * corresponding #ifdefs from the previous version; 132 | + * - I chose to let the redundant switch cases when 133 | + * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed 134 | + * before); 135 | + * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in 136 | + * [LB]ESHFT guards against "shift is out of range" 137 | + * warnings when sizeof(RC4_CHUNK)!=8 138 | + * 139 | + * 140 | + */ 141 | + if (!is_endian.little) 142 | + { /* BIG-ENDIAN CASE */ 143 | +# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) 144 | + for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK)) 145 | + { 146 | + ichunk = *(RC4_CHUNK *)in; 147 | + otp = RC4_STEP<x=x; 191 | + ctx->y=y; 192 | + return; 193 | + } 194 | + else 195 | + { /* LITTLE-ENDIAN CASE */ 196 | +# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) 197 | + for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK)) 198 | + { 199 | + ichunk = *(RC4_CHUNK *)in; 200 | + otp = RC4_STEP; 201 | + otp |= RC4_STEP<<8; 202 | + otp |= RC4_STEP<<16; 203 | + otp |= RC4_STEP<<24; 204 | + if (sizeof(RC4_CHUNK)==8) 205 | + { 206 | + otp |= RC4_STEP<>= (sizeof(RC4_CHUNK)-len)<<3; 224 | + switch (len&(sizeof(RC4_CHUNK)-1)) 225 | + { 226 | + case 7: otp = RC4_STEP, i+=8; 227 | + case 6: otp |= RC4_STEP<x=x; 244 | + ctx->y=y; 245 | + return; 246 | + } 247 | + } 248 | +#endif 249 | +#define LOOP(in,out) \ 250 | + x=((x+1)&0xff); \ 251 | + tx=d[x]; \ 252 | + y=(tx+y)&0xff; \ 253 | + d[x]=ty=d[y]; \ 254 | + d[y]=tx; \ 255 | + (out) = d[(tx+ty)&0xff]^ (in); 256 | + 257 | +#ifndef RC4_INDEX 258 | +#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) 259 | +#else 260 | +#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) 261 | +#endif 262 | + 263 | + i=len>>3; 264 | + if (i) 265 | + { 266 | + for (;;) 267 | + { 268 | + RC4_LOOP(in,out,0); 269 | + RC4_LOOP(in,out,1); 270 | + RC4_LOOP(in,out,2); 271 | + RC4_LOOP(in,out,3); 272 | + RC4_LOOP(in,out,4); 273 | + RC4_LOOP(in,out,5); 274 | + RC4_LOOP(in,out,6); 275 | + RC4_LOOP(in,out,7); 276 | +#ifdef RC4_INDEX 277 | + in+=8; 278 | + out+=8; 279 | +#endif 280 | + if (--i == 0) break; 281 | + } 282 | + } 283 | + i=len&0x07; 284 | + if (i) 285 | + { 286 | + for (;;) 287 | + { 288 | + RC4_LOOP(in,out,0); if (--i == 0) break; 289 | + RC4_LOOP(in,out,1); if (--i == 0) break; 290 | + RC4_LOOP(in,out,2); if (--i == 0) break; 291 | + RC4_LOOP(in,out,3); if (--i == 0) break; 292 | + RC4_LOOP(in,out,4); if (--i == 0) break; 293 | + RC4_LOOP(in,out,5); if (--i == 0) break; 294 | + RC4_LOOP(in,out,6); if (--i == 0) break; 295 | + } 296 | + } 297 | + ctx->x=x; 298 | + ctx->y=y; 299 | 300 | - a = S[x]; 301 | - y = (y + a) & 0xff; 302 | - b = S[y]; 303 | - 304 | - do { 305 | - S[y] = a; 306 | - a = (a + b) & 0xff; 307 | - S[x] = b; 308 | - x = (x + 1) & 0xff; 309 | - ta = S[x]; 310 | - ty = (y + ta) & 0xff; 311 | - tb = S[ty]; 312 | - *out++ = *in++ ^ S[a]; 313 | - if (--len == 0) 314 | - break; 315 | - y = ty; 316 | - a = ta; 317 | - b = tb; 318 | - } while (true); 319 | - 320 | - ctx->x = x; 321 | - ctx->y = y; 322 | } 323 | 324 | static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in) 325 | -------------------------------------------------------------------------------- /kernel_patch/14.07/989-pptp_accept_seq_window.patch: -------------------------------------------------------------------------------- 1 | --- a/drivers/net/ppp/pptp.c 2 | +++ b/drivers/net/ppp/pptp.c 3 | @@ -12,6 +12,10 @@ 4 | 5 | #include 6 | #include 7 | +#include 8 | +#include 9 | +#include 10 | +#include 11 | #include 12 | #include 13 | #include 14 | @@ -55,11 +59,14 @@ static struct proto pptp_sk_proto __read 15 | static const struct ppp_channel_ops pptp_chan_ops; 16 | static const struct proto_ops pptp_ops; 17 | 18 | +static struct proc_dir_entry *root_proc_entry; 19 | + 20 | #define PPP_LCP_ECHOREQ 0x09 21 | #define PPP_LCP_ECHOREP 0x0A 22 | #define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP) 23 | 24 | -#define MISSING_WINDOW 20 25 | +#define MISSING_WINDOW 2048 /* must be 2^N */ 26 | +#define WINDOWS_TIMEOUT 3 /* in 1/N seconds */ 27 | #define WRAPPED(curseq, lastseq)\ 28 | ((((curseq) & 0xffffff00) == 0) &&\ 29 | (((lastseq) & 0xffffff00) == 0xffffff00)) 30 | @@ -90,6 +97,35 @@ struct pptp_gre_header { 31 | u32 ack; 32 | } __packed; 33 | 34 | +struct pptp_meta { 35 | + u32 seq; 36 | + u32 timestamp; 37 | +}; 38 | + 39 | +static inline struct pptp_meta *get_pptp_meta(struct sk_buff *skb) 40 | +{ 41 | + return (struct pptp_meta *)skb->cb; 42 | +} 43 | + 44 | +static inline void proc_queue(struct pppox_sock *po) 45 | +{ 46 | + struct pptp_opt *opt = &po->proto.pptp; 47 | + struct pptp_meta *meta; 48 | + u32 nowtime=jiffies; 49 | + u32 i; 50 | + for (i=opt->seq_recv+1;i!=opt->seq_ahead+1;i++) 51 | + { 52 | + if (opt->skb_buff[i % MISSING_WINDOW] == NULL) continue; 53 | + meta=get_pptp_meta(opt->skb_buff[i % MISSING_WINDOW]); 54 | + /* check timeout */ 55 | + if (nowtime - meta->timestamp < HZ / WINDOWS_TIMEOUT && i != opt->seq_recv+1) break; 56 | + opt->rx_lost+=i-opt->seq_recv-1; 57 | + opt->seq_recv=i; 58 | + ppp_input(&po->chan, opt->skb_buff[i % MISSING_WINDOW]); 59 | + opt->skb_buff[i % MISSING_WINDOW] = NULL; 60 | + } 61 | +} 62 | + 63 | static struct pppox_sock *lookup_chan(u16 call_id, __be32 s_addr) 64 | { 65 | struct pppox_sock *sock; 66 | @@ -167,6 +203,31 @@ static void del_chan(struct pppox_sock * 67 | synchronize_rcu(); 68 | } 69 | 70 | +static int pptp_proc_show(struct seq_file *m, void *v) 71 | +{ 72 | + struct pptp_opt *opt = (struct pptp_opt *)m->private; 73 | + seq_printf(m, "Accepted: %u\nUnder Window: %u\nBuffered: %u\nDuplicated: %u\nLost: %u\n", 74 | + opt->rx_accepted, 75 | + opt->rx_underwin, 76 | + opt->rx_buffered, 77 | + opt->rx_dup, 78 | + opt->rx_lost); 79 | + return 0; 80 | +} 81 | + 82 | +static int pptp_proc_open(struct inode *inode, struct file *file) 83 | +{ 84 | + return single_open(file, pptp_proc_show, PDE_DATA(inode)); 85 | +} 86 | + 87 | +static const struct file_operations proc_file_fops = { 88 | + .owner = THIS_MODULE, 89 | + .open = pptp_proc_open, 90 | + .read = seq_read, 91 | + .llseek = seq_lseek, 92 | + .release = single_release, 93 | +}; 94 | + 95 | static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) 96 | { 97 | struct sock *sk = (struct sock *) chan->private; 98 | @@ -296,7 +357,9 @@ static int pptp_rcv_core(struct sock *sk 99 | { 100 | struct pppox_sock *po = pppox_sk(sk); 101 | struct pptp_opt *opt = &po->proto.pptp; 102 | - int headersize, payload_len, seq; 103 | + struct pptp_meta *meta=get_pptp_meta(skb); 104 | + int headersize, payload_len; 105 | + u32 seq, seqdiff; 106 | __u8 *payload; 107 | struct pptp_gre_header *header; 108 | 109 | @@ -342,15 +405,37 @@ static int pptp_rcv_core(struct sock *sk 110 | goto drop; 111 | 112 | payload = skb->data + headersize; 113 | - /* check for expected sequence number */ 114 | - if (seq < opt->seq_recv + 1 || WRAPPED(opt->seq_recv, seq)) { 115 | - if ((payload[0] == PPP_ALLSTATIONS) && (payload[1] == PPP_UI) && 116 | - (PPP_PROTOCOL(payload) == PPP_LCP) && 117 | - ((payload[4] == PPP_LCP_ECHOREQ) || (payload[4] == PPP_LCP_ECHOREP))) 118 | + seqdiff=opt->seq_ahead - seq; 119 | + /* check if sequence number too old */ 120 | + if (seqdiff >= opt->seq_ahead - opt->seq_recv && seqdiff < 0x80000000) { 121 | + opt->rx_underwin++; 122 | + } 123 | + /* check if sequence number in window */ 124 | + else if (seqdiff < MISSING_WINDOW) { 125 | + if (opt->skb_buff[seq%MISSING_WINDOW] == NULL) { 126 | goto allow_packet; 127 | + } 128 | + else { 129 | + opt->rx_dup++; 130 | + } 131 | + /* update ahead */ 132 | } else { 133 | - opt->seq_recv = seq; 134 | + for (;opt->seq_ahead != seq;) { 135 | + opt->seq_ahead++; 136 | + if (opt->seq_ahead - opt->seq_recv == MISSING_WINDOW + 1) { 137 | + opt->seq_recv++; 138 | + /* not enough buff, call back anyway */ 139 | + if (opt->skb_buff[opt->seq_recv%MISSING_WINDOW]) ppp_input(&po->chan, opt->skb_buff[opt->seq_recv%MISSING_WINDOW]); 140 | + else opt->rx_lost++; 141 | + opt->skb_buff[opt->seq_recv%MISSING_WINDOW] = NULL; 142 | + } 143 | + } 144 | allow_packet: 145 | + if (!opt->statistics && ppp_dev_name(&po->chan)) opt->statistics = proc_create_data(ppp_dev_name(&po->chan),0444,root_proc_entry,&proc_file_fops,opt); 146 | + opt->rx_accepted++; 147 | + if (opt->seq_recv + 1 != seq) opt->rx_buffered++; 148 | + meta->seq=seq; 149 | + meta->timestamp=jiffies; 150 | skb_pull(skb, headersize); 151 | 152 | if (payload[0] == PPP_ALLSTATIONS && payload[1] == PPP_UI) { 153 | @@ -367,7 +452,8 @@ allow_packet: 154 | 155 | skb->ip_summed = CHECKSUM_NONE; 156 | skb_set_network_header(skb, skb->head-skb->data); 157 | - ppp_input(&po->chan, skb); 158 | + opt->skb_buff[seq%MISSING_WINDOW] = skb; 159 | + proc_queue(po); 160 | 161 | return NET_RX_SUCCESS; 162 | } 163 | @@ -552,6 +638,8 @@ static int pptp_release(struct socket *s 164 | 165 | static void pptp_sock_destruct(struct sock *sk) 166 | { 167 | + if (pppox_sk(sk)->proto.pptp.skb_buff) kfree(pppox_sk(sk)->proto.pptp.skb_buff); 168 | + if (pppox_sk(sk)->proto.pptp.statistics) proc_remove(pppox_sk(sk)->proto.pptp.statistics); 169 | if (!(sk->sk_state & PPPOX_DEAD)) { 170 | del_chan(pppox_sk(sk)); 171 | pppox_unbind_sock(sk); 172 | @@ -585,8 +673,18 @@ static int pptp_create(struct net *net, 173 | po = pppox_sk(sk); 174 | opt = &po->proto.pptp; 175 | 176 | + opt->skb_buff=(struct sk_buff **)kmalloc(sizeof(struct sk_buff *)*MISSING_WINDOW,GFP_KERNEL); 177 | + if (opt->skb_buff == NULL) goto out; 178 | + memset(opt->skb_buff,0,sizeof(struct sk_buff *)*MISSING_WINDOW); 179 | opt->seq_sent = 0; opt->seq_recv = 0xffffffff; 180 | opt->ack_recv = 0; opt->ack_sent = 0xffffffff; 181 | + opt->seq_ahead = 0xffffffff; 182 | + opt->statistics = NULL; 183 | + opt->rx_accepted = 0; 184 | + opt->rx_underwin = 0; 185 | + opt->rx_buffered = 0; 186 | + opt->rx_dup = 0; 187 | + opt->rx_lost = 0; 188 | 189 | error = 0; 190 | out: 191 | @@ -669,9 +767,17 @@ static int __init pptp_init_module(void) 192 | int err = 0; 193 | pr_info("PPTP driver version " PPTP_DRIVER_VERSION "\n"); 194 | 195 | + root_proc_entry = proc_mkdir("pptp", NULL); 196 | + if (!root_proc_entry) { 197 | + pr_err("PPTP: cann't creating /proc/pptp\n"); 198 | + return -EEXIST; 199 | + } 200 | + 201 | callid_sock = vzalloc((MAX_CALLID + 1) * sizeof(void *)); 202 | - if (!callid_sock) 203 | - return -ENOMEM; 204 | + if (!callid_sock) { 205 | + err = -ENOMEM; 206 | + goto out_proc_existed; 207 | + } 208 | 209 | err = gre_add_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 210 | if (err) { 211 | @@ -699,6 +805,11 @@ out_gre_del_protocol: 212 | gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 213 | out_mem_free: 214 | vfree(callid_sock); 215 | +out_proc_existed: 216 | + if (root_proc_entry) { 217 | + proc_remove(root_proc_entry); 218 | + root_proc_entry = NULL; 219 | + } 220 | 221 | return err; 222 | } 223 | @@ -709,6 +820,10 @@ static void __exit pptp_exit_module(void 224 | proto_unregister(&pptp_sk_proto); 225 | gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 226 | vfree(callid_sock); 227 | + if (root_proc_entry) { 228 | + proc_remove(root_proc_entry); 229 | + root_proc_entry = NULL; 230 | + } 231 | } 232 | 233 | module_init(pptp_init_module); 234 | --- a/include/linux/if_pppox.h 235 | +++ b/include/linux/if_pppox.h 236 | @@ -20,6 +20,7 @@ 237 | #include 238 | #include 239 | #include 240 | +#include 241 | 242 | static inline struct pppoe_hdr *pppoe_hdr(const struct sk_buff *skb) 243 | { 244 | @@ -40,6 +41,16 @@ struct pptp_opt { 245 | u32 ack_sent, ack_recv; 246 | u32 seq_sent, seq_recv; 247 | int ppp_flags; 248 | + struct sk_buff **skb_buff; 249 | + u32 seq_ahead; 250 | + struct proc_dir_entry *statistics; 251 | + u32 rx_accepted; /* data packet was passed to pptp */ 252 | + u32 rx_underwin; /* data packet was under window (arrived too late 253 | + or duplicate packet) */ 254 | + u32 rx_buffered; /* data packet arrived earlier than expected, 255 | + packet(s) before it were lost or reordered */ 256 | + u32 rx_dup; /* duplicate packet while in buffer */ 257 | + u32 rx_lost; /* packet did not arrive before timeout or buffer is full */ 258 | }; 259 | #include 260 | 261 | -------------------------------------------------------------------------------- /kernel_patch/14.07/991-arc4_openssl_high_perf.patch: -------------------------------------------------------------------------------- 1 | --- a/crypto/arc4.c 2 | +++ b/crypto/arc4.c 3 | @@ -30,22 +30,32 @@ static int arc4_set_key(struct crypto_tf 4 | unsigned int key_len) 5 | { 6 | struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); 7 | - int i, j = 0, k = 0; 8 | + register u32 tmp; 9 | + register u32 * d; 10 | + register int id1, id2; 11 | + unsigned int i; 12 | 13 | - ctx->x = 1; 14 | + ctx->x = 0; 15 | ctx->y = 0; 16 | + d=ctx->S; 17 | + id1=id2=0; 18 | 19 | - for (i = 0; i < 256; i++) 20 | - ctx->S[i] = i; 21 | 22 | - for (i = 0; i < 256; i++) { 23 | - u32 a = ctx->S[i]; 24 | - j = (j + in_key[k] + a) & 0xff; 25 | - ctx->S[i] = ctx->S[j]; 26 | - ctx->S[j] = a; 27 | - if (++k >= key_len) 28 | - k = 0; 29 | - } 30 | +#define SK_LOOP(d,n) { \ 31 | + tmp=d[(n)]; \ 32 | + id2 = (in_key[id1] + tmp + id2) & 0xff; \ 33 | + if (++id1 == key_len) id1=0; \ 34 | + d[(n)]=d[id2]; \ 35 | + d[id2]=tmp; } 36 | + 37 | + for (i=0; i < 256; i++) d[i]=i; 38 | + for (i=0; i < 256; i+=4) 39 | + { 40 | + SK_LOOP(d,i+0); 41 | + SK_LOOP(d,i+1); 42 | + SK_LOOP(d,i+2); 43 | + SK_LOOP(d,i+3); 44 | + } 45 | 46 | return 0; 47 | } 48 | @@ -53,38 +63,251 @@ static int arc4_set_key(struct crypto_tf 49 | static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, 50 | unsigned int len) 51 | { 52 | - u32 *const S = ctx->S; 53 | - u32 x, y, a, b; 54 | - u32 ty, ta, tb; 55 | + register u32 *const d = ctx->S; 56 | + register u32 x, y, tx, ty; 57 | + size_t i; 58 | 59 | if (len == 0) 60 | return; 61 | 62 | x = ctx->x; 63 | y = ctx->y; 64 | +#define RC4_CHUNK unsigned long 65 | +#if defined(RC4_CHUNK) 66 | + /* 67 | + * The original reason for implementing this(*) was the fact that 68 | + * pre-21164a Alpha CPUs don't have byte load/store instructions 69 | + * and e.g. a byte store has to be done with 64-bit load, shift, 70 | + * and, or and finally 64-bit store. Peaking data and operating 71 | + * at natural word size made it possible to reduce amount of 72 | + * instructions as well as to perform early read-ahead without 73 | + * suffering from RAW (read-after-write) hazard. This resulted 74 | + * in ~40%(**) performance improvement on 21064 box with gcc. 75 | + * But it's not only Alpha users who win here:-) Thanks to the 76 | + * early-n-wide read-ahead this implementation also exhibits 77 | + * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending 78 | + * on sizeof(RC4_INT)). 79 | + * 80 | + * (*) "this" means code which recognizes the case when input 81 | + * and output pointers appear to be aligned at natural CPU 82 | + * word boundary 83 | + * (**) i.e. according to 'apps/openssl speed rc4' benchmark, 84 | + * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... 85 | + * 86 | + * Cavets. 87 | + * 88 | + * - RC4_CHUNK="unsigned long long" should be a #1 choice for 89 | + * UltraSPARC. Unfortunately gcc generates very slow code 90 | + * (2.5-3 times slower than one generated by Sun's WorkShop 91 | + * C) and therefore gcc (at least 2.95 and earlier) should 92 | + * always be told that RC4_CHUNK="unsigned long". 93 | + * 94 | + * 95 | + */ 96 | + 97 | +# define RC4_STEP ( \ 98 | + x=(x+1) &0xff, \ 99 | + tx=d[x], \ 100 | + y=(tx+y)&0xff, \ 101 | + ty=d[y], \ 102 | + d[y]=tx, \ 103 | + d[x]=ty, \ 104 | + (RC4_CHUNK)d[(tx+ty)&0xff]\ 105 | + ) 106 | + 107 | + if ( ( ((size_t)in & (sizeof(RC4_CHUNK)-1)) | 108 | + ((size_t)out & (sizeof(RC4_CHUNK)-1)) ) == 0 ) 109 | + { 110 | + RC4_CHUNK ichunk,otp; 111 | + const union { long one; char little; } is_endian = {1}; 112 | + 113 | + /* 114 | + * I reckon we can afford to implement both endian 115 | + * cases and to decide which way to take at run-time 116 | + * because the machine code appears to be very compact 117 | + * and redundant 1-2KB is perfectly tolerable (i.e. 118 | + * in case the compiler fails to eliminate it:-). By 119 | + * suggestion from Terrel Larson 120 | + * who also stands for the is_endian union:-) 121 | + * 122 | + * Special notes. 123 | + * 124 | + * - is_endian is declared automatic as doing otherwise 125 | + * (declaring static) prevents gcc from eliminating 126 | + * the redundant code; 127 | + * - compilers (those I've tried) don't seem to have 128 | + * problems eliminating either the operators guarded 129 | + * by "if (sizeof(RC4_CHUNK)==8)" or the condition 130 | + * expressions themselves so I've got 'em to replace 131 | + * corresponding #ifdefs from the previous version; 132 | + * - I chose to let the redundant switch cases when 133 | + * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed 134 | + * before); 135 | + * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in 136 | + * [LB]ESHFT guards against "shift is out of range" 137 | + * warnings when sizeof(RC4_CHUNK)!=8 138 | + * 139 | + * 140 | + */ 141 | + if (!is_endian.little) 142 | + { /* BIG-ENDIAN CASE */ 143 | +# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) 144 | + for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK)) 145 | + { 146 | + ichunk = *(RC4_CHUNK *)in; 147 | + otp = RC4_STEP<x=x; 191 | + ctx->y=y; 192 | + return; 193 | + } 194 | + else 195 | + { /* LITTLE-ENDIAN CASE */ 196 | +# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) 197 | + for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK)) 198 | + { 199 | + ichunk = *(RC4_CHUNK *)in; 200 | + otp = RC4_STEP; 201 | + otp |= RC4_STEP<<8; 202 | + otp |= RC4_STEP<<16; 203 | + otp |= RC4_STEP<<24; 204 | + if (sizeof(RC4_CHUNK)==8) 205 | + { 206 | + otp |= RC4_STEP<>= (sizeof(RC4_CHUNK)-len)<<3; 224 | + switch (len&(sizeof(RC4_CHUNK)-1)) 225 | + { 226 | + case 7: otp = RC4_STEP, i+=8; 227 | + case 6: otp |= RC4_STEP<x=x; 244 | + ctx->y=y; 245 | + return; 246 | + } 247 | + } 248 | +#endif 249 | +#define LOOP(in,out) \ 250 | + x=((x+1)&0xff); \ 251 | + tx=d[x]; \ 252 | + y=(tx+y)&0xff; \ 253 | + d[x]=ty=d[y]; \ 254 | + d[y]=tx; \ 255 | + (out) = d[(tx+ty)&0xff]^ (in); 256 | + 257 | +#ifndef RC4_INDEX 258 | +#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) 259 | +#else 260 | +#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) 261 | +#endif 262 | + 263 | + i=len>>3; 264 | + if (i) 265 | + { 266 | + for (;;) 267 | + { 268 | + RC4_LOOP(in,out,0); 269 | + RC4_LOOP(in,out,1); 270 | + RC4_LOOP(in,out,2); 271 | + RC4_LOOP(in,out,3); 272 | + RC4_LOOP(in,out,4); 273 | + RC4_LOOP(in,out,5); 274 | + RC4_LOOP(in,out,6); 275 | + RC4_LOOP(in,out,7); 276 | +#ifdef RC4_INDEX 277 | + in+=8; 278 | + out+=8; 279 | +#endif 280 | + if (--i == 0) break; 281 | + } 282 | + } 283 | + i=len&0x07; 284 | + if (i) 285 | + { 286 | + for (;;) 287 | + { 288 | + RC4_LOOP(in,out,0); if (--i == 0) break; 289 | + RC4_LOOP(in,out,1); if (--i == 0) break; 290 | + RC4_LOOP(in,out,2); if (--i == 0) break; 291 | + RC4_LOOP(in,out,3); if (--i == 0) break; 292 | + RC4_LOOP(in,out,4); if (--i == 0) break; 293 | + RC4_LOOP(in,out,5); if (--i == 0) break; 294 | + RC4_LOOP(in,out,6); if (--i == 0) break; 295 | + } 296 | + } 297 | + ctx->x=x; 298 | + ctx->y=y; 299 | 300 | - a = S[x]; 301 | - y = (y + a) & 0xff; 302 | - b = S[y]; 303 | - 304 | - do { 305 | - S[y] = a; 306 | - a = (a + b) & 0xff; 307 | - S[x] = b; 308 | - x = (x + 1) & 0xff; 309 | - ta = S[x]; 310 | - ty = (y + ta) & 0xff; 311 | - tb = S[ty]; 312 | - *out++ = *in++ ^ S[a]; 313 | - if (--len == 0) 314 | - break; 315 | - y = ty; 316 | - a = ta; 317 | - b = tb; 318 | - } while (true); 319 | - 320 | - ctx->x = x; 321 | - ctx->y = y; 322 | } 323 | 324 | static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in) 325 | -------------------------------------------------------------------------------- /kernel_patch/15.05/989-pptp_accept_seq_window.patch: -------------------------------------------------------------------------------- 1 | --- a/drivers/net/ppp/pptp.c 2 | +++ b/drivers/net/ppp/pptp.c 3 | @@ -12,6 +12,10 @@ 4 | 5 | #include 6 | #include 7 | +#include 8 | +#include 9 | +#include 10 | +#include 11 | #include 12 | #include 13 | #include 14 | @@ -55,11 +59,14 @@ static struct proto pptp_sk_proto __read 15 | static const struct ppp_channel_ops pptp_chan_ops; 16 | static const struct proto_ops pptp_ops; 17 | 18 | +static struct proc_dir_entry *root_proc_entry; 19 | + 20 | #define PPP_LCP_ECHOREQ 0x09 21 | #define PPP_LCP_ECHOREP 0x0A 22 | #define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP) 23 | 24 | -#define MISSING_WINDOW 20 25 | +#define MISSING_WINDOW 2048 /* must be 2^N */ 26 | +#define WINDOWS_TIMEOUT 3 /* in 1/N seconds */ 27 | #define WRAPPED(curseq, lastseq)\ 28 | ((((curseq) & 0xffffff00) == 0) &&\ 29 | (((lastseq) & 0xffffff00) == 0xffffff00)) 30 | @@ -90,6 +97,35 @@ struct pptp_gre_header { 31 | __be32 ack; 32 | } __packed; 33 | 34 | +struct pptp_meta { 35 | + u32 seq; 36 | + u32 timestamp; 37 | +}; 38 | + 39 | +static inline struct pptp_meta *get_pptp_meta(struct sk_buff *skb) 40 | +{ 41 | + return (struct pptp_meta *)skb->cb; 42 | +} 43 | + 44 | +static inline void proc_queue(struct pppox_sock *po) 45 | +{ 46 | + struct pptp_opt *opt = &po->proto.pptp; 47 | + struct pptp_meta *meta; 48 | + u32 nowtime=jiffies; 49 | + u32 i; 50 | + for (i=opt->seq_recv+1;i!=opt->seq_ahead+1;i++) 51 | + { 52 | + if (opt->skb_buff[i % MISSING_WINDOW] == NULL) continue; 53 | + meta=get_pptp_meta(opt->skb_buff[i % MISSING_WINDOW]); 54 | + /* check timeout */ 55 | + if (nowtime - meta->timestamp < HZ / WINDOWS_TIMEOUT && i != opt->seq_recv+1) break; 56 | + opt->rx_lost+=i-opt->seq_recv-1; 57 | + opt->seq_recv=i; 58 | + ppp_input(&po->chan, opt->skb_buff[i % MISSING_WINDOW]); 59 | + opt->skb_buff[i % MISSING_WINDOW] = NULL; 60 | + } 61 | +} 62 | + 63 | static struct pppox_sock *lookup_chan(u16 call_id, __be32 s_addr) 64 | { 65 | struct pppox_sock *sock; 66 | @@ -167,6 +203,31 @@ static void del_chan(struct pppox_sock * 67 | synchronize_rcu(); 68 | } 69 | 70 | +static int pptp_proc_show(struct seq_file *m, void *v) 71 | +{ 72 | + struct pptp_opt *opt = (struct pptp_opt *)m->private; 73 | + seq_printf(m, "Accepted: %u\nUnder Window: %u\nBuffered: %u\nDuplicated: %u\nLost: %u\n", 74 | + opt->rx_accepted, 75 | + opt->rx_underwin, 76 | + opt->rx_buffered, 77 | + opt->rx_dup, 78 | + opt->rx_lost); 79 | + return 0; 80 | +} 81 | + 82 | +static int pptp_proc_open(struct inode *inode, struct file *file) 83 | +{ 84 | + return single_open(file, pptp_proc_show, PDE_DATA(inode)); 85 | +} 86 | + 87 | +static const struct file_operations proc_file_fops = { 88 | + .owner = THIS_MODULE, 89 | + .open = pptp_proc_open, 90 | + .read = seq_read, 91 | + .llseek = seq_lseek, 92 | + .release = single_release, 93 | +}; 94 | + 95 | static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) 96 | { 97 | struct sock *sk = (struct sock *) chan->private; 98 | @@ -296,7 +357,9 @@ static int pptp_rcv_core(struct sock *sk 99 | { 100 | struct pppox_sock *po = pppox_sk(sk); 101 | struct pptp_opt *opt = &po->proto.pptp; 102 | - int headersize, payload_len, seq; 103 | + struct pptp_meta *meta=get_pptp_meta(skb); 104 | + int headersize, payload_len; 105 | + u32 seq, seqdiff; 106 | __u8 *payload; 107 | struct pptp_gre_header *header; 108 | 109 | @@ -342,15 +405,37 @@ static int pptp_rcv_core(struct sock *sk 110 | goto drop; 111 | 112 | payload = skb->data + headersize; 113 | - /* check for expected sequence number */ 114 | - if (seq < opt->seq_recv + 1 || WRAPPED(opt->seq_recv, seq)) { 115 | - if ((payload[0] == PPP_ALLSTATIONS) && (payload[1] == PPP_UI) && 116 | - (PPP_PROTOCOL(payload) == PPP_LCP) && 117 | - ((payload[4] == PPP_LCP_ECHOREQ) || (payload[4] == PPP_LCP_ECHOREP))) 118 | + seqdiff=opt->seq_ahead - seq; 119 | + /* check if sequence number too old */ 120 | + if (seqdiff >= opt->seq_ahead - opt->seq_recv && seqdiff < 0x80000000) { 121 | + opt->rx_underwin++; 122 | + } 123 | + /* check if sequence number in window */ 124 | + else if (seqdiff < MISSING_WINDOW) { 125 | + if (opt->skb_buff[seq%MISSING_WINDOW] == NULL) { 126 | goto allow_packet; 127 | + } 128 | + else { 129 | + opt->rx_dup++; 130 | + } 131 | + /* update ahead */ 132 | } else { 133 | - opt->seq_recv = seq; 134 | + for (;opt->seq_ahead != seq;) { 135 | + opt->seq_ahead++; 136 | + if (opt->seq_ahead - opt->seq_recv == MISSING_WINDOW + 1) { 137 | + opt->seq_recv++; 138 | + /* not enough buff, call back anyway */ 139 | + if (opt->skb_buff[opt->seq_recv%MISSING_WINDOW]) ppp_input(&po->chan, opt->skb_buff[opt->seq_recv%MISSING_WINDOW]); 140 | + else opt->rx_lost++; 141 | + opt->skb_buff[opt->seq_recv%MISSING_WINDOW] = NULL; 142 | + } 143 | + } 144 | allow_packet: 145 | + if (!opt->statistics && ppp_dev_name(&po->chan)) opt->statistics = proc_create_data(ppp_dev_name(&po->chan),0444,root_proc_entry,&proc_file_fops,opt); 146 | + opt->rx_accepted++; 147 | + if (opt->seq_recv + 1 != seq) opt->rx_buffered++; 148 | + meta->seq=seq; 149 | + meta->timestamp=jiffies; 150 | skb_pull(skb, headersize); 151 | 152 | if (payload[0] == PPP_ALLSTATIONS && payload[1] == PPP_UI) { 153 | @@ -367,7 +452,8 @@ allow_packet: 154 | 155 | skb->ip_summed = CHECKSUM_NONE; 156 | skb_set_network_header(skb, skb->head-skb->data); 157 | - ppp_input(&po->chan, skb); 158 | + opt->skb_buff[seq%MISSING_WINDOW] = skb; 159 | + proc_queue(po); 160 | 161 | return NET_RX_SUCCESS; 162 | } 163 | @@ -554,6 +640,8 @@ static int pptp_release(struct socket *s 164 | 165 | static void pptp_sock_destruct(struct sock *sk) 166 | { 167 | + if (pppox_sk(sk)->proto.pptp.skb_buff) kfree(pppox_sk(sk)->proto.pptp.skb_buff); 168 | + if (pppox_sk(sk)->proto.pptp.statistics) proc_remove(pppox_sk(sk)->proto.pptp.statistics); 169 | if (!(sk->sk_state & PPPOX_DEAD)) { 170 | del_chan(pppox_sk(sk)); 171 | pppox_unbind_sock(sk); 172 | @@ -587,8 +675,18 @@ static int pptp_create(struct net *net, 173 | po = pppox_sk(sk); 174 | opt = &po->proto.pptp; 175 | 176 | + opt->skb_buff=(struct sk_buff **)kmalloc(sizeof(struct sk_buff *)*MISSING_WINDOW,GFP_KERNEL); 177 | + if (opt->skb_buff == NULL) goto out; 178 | + memset(opt->skb_buff,0,sizeof(struct sk_buff *)*MISSING_WINDOW); 179 | opt->seq_sent = 0; opt->seq_recv = 0xffffffff; 180 | opt->ack_recv = 0; opt->ack_sent = 0xffffffff; 181 | + opt->seq_ahead = 0xffffffff; 182 | + opt->statistics = NULL; 183 | + opt->rx_accepted = 0; 184 | + opt->rx_underwin = 0; 185 | + opt->rx_buffered = 0; 186 | + opt->rx_dup = 0; 187 | + opt->rx_lost = 0; 188 | 189 | error = 0; 190 | out: 191 | @@ -671,9 +769,17 @@ static int __init pptp_init_module(void) 192 | int err = 0; 193 | pr_info("PPTP driver version " PPTP_DRIVER_VERSION "\n"); 194 | 195 | + root_proc_entry = proc_mkdir("pptp", NULL); 196 | + if (!root_proc_entry) { 197 | + pr_err("PPTP: cann't creating /proc/pptp\n"); 198 | + return -EEXIST; 199 | + } 200 | + 201 | callid_sock = vzalloc((MAX_CALLID + 1) * sizeof(void *)); 202 | - if (!callid_sock) 203 | - return -ENOMEM; 204 | + if (!callid_sock) { 205 | + err = -ENOMEM; 206 | + goto out_proc_existed; 207 | + } 208 | 209 | err = gre_add_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 210 | if (err) { 211 | @@ -701,6 +807,11 @@ out_gre_del_protocol: 212 | gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 213 | out_mem_free: 214 | vfree(callid_sock); 215 | +out_proc_existed: 216 | + if (root_proc_entry) { 217 | + proc_remove(root_proc_entry); 218 | + root_proc_entry = NULL; 219 | + } 220 | 221 | return err; 222 | } 223 | @@ -711,6 +822,10 @@ static void __exit pptp_exit_module(void 224 | proto_unregister(&pptp_sk_proto); 225 | gre_del_protocol(&gre_pptp_protocol, GREPROTO_PPTP); 226 | vfree(callid_sock); 227 | + if (root_proc_entry) { 228 | + proc_remove(root_proc_entry); 229 | + root_proc_entry = NULL; 230 | + } 231 | } 232 | 233 | module_init(pptp_init_module); 234 | --- a/include/linux/if_pppox.h 235 | +++ b/include/linux/if_pppox.h 236 | @@ -21,6 +21,7 @@ 237 | #include 238 | #include 239 | #include 240 | +#include 241 | 242 | static inline struct pppoe_hdr *pppoe_hdr(const struct sk_buff *skb) 243 | { 244 | @@ -42,6 +43,16 @@ struct pptp_opt { 245 | u32 ack_sent, ack_recv; 246 | u32 seq_sent, seq_recv; 247 | int ppp_flags; 248 | + struct sk_buff **skb_buff; 249 | + u32 seq_ahead; 250 | + struct proc_dir_entry *statistics; 251 | + u32 rx_accepted; /* data packet was passed to pptp */ 252 | + u32 rx_underwin; /* data packet was under window (arrived too late 253 | + or duplicate packet) */ 254 | + u32 rx_buffered; /* data packet arrived earlier than expected, 255 | + packet(s) before it were lost or reordered */ 256 | + u32 rx_dup; /* duplicate packet while in buffer */ 257 | + u32 rx_lost; /* packet did not arrive before timeout or buffer is full */ 258 | }; 259 | #include 260 | 261 | -------------------------------------------------------------------------------- /kernel_patch/15.05/991-arc4_openssl_high_perf.patch: -------------------------------------------------------------------------------- 1 | --- a/crypto/arc4.c 2 | +++ b/crypto/arc4.c 3 | @@ -30,22 +30,32 @@ static int arc4_set_key(struct crypto_tf 4 | unsigned int key_len) 5 | { 6 | struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); 7 | - int i, j = 0, k = 0; 8 | + register u32 tmp; 9 | + register u32 * d; 10 | + register int id1, id2; 11 | + unsigned int i; 12 | 13 | - ctx->x = 1; 14 | + ctx->x = 0; 15 | ctx->y = 0; 16 | + d=ctx->S; 17 | + id1=id2=0; 18 | 19 | - for (i = 0; i < 256; i++) 20 | - ctx->S[i] = i; 21 | 22 | - for (i = 0; i < 256; i++) { 23 | - u32 a = ctx->S[i]; 24 | - j = (j + in_key[k] + a) & 0xff; 25 | - ctx->S[i] = ctx->S[j]; 26 | - ctx->S[j] = a; 27 | - if (++k >= key_len) 28 | - k = 0; 29 | - } 30 | +#define SK_LOOP(d,n) { \ 31 | + tmp=d[(n)]; \ 32 | + id2 = (in_key[id1] + tmp + id2) & 0xff; \ 33 | + if (++id1 == key_len) id1=0; \ 34 | + d[(n)]=d[id2]; \ 35 | + d[id2]=tmp; } 36 | + 37 | + for (i=0; i < 256; i++) d[i]=i; 38 | + for (i=0; i < 256; i+=4) 39 | + { 40 | + SK_LOOP(d,i+0); 41 | + SK_LOOP(d,i+1); 42 | + SK_LOOP(d,i+2); 43 | + SK_LOOP(d,i+3); 44 | + } 45 | 46 | return 0; 47 | } 48 | @@ -53,38 +63,251 @@ static int arc4_set_key(struct crypto_tf 49 | static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, 50 | unsigned int len) 51 | { 52 | - u32 *const S = ctx->S; 53 | - u32 x, y, a, b; 54 | - u32 ty, ta, tb; 55 | + register u32 *const d = ctx->S; 56 | + register u32 x, y, tx, ty; 57 | + size_t i; 58 | 59 | if (len == 0) 60 | return; 61 | 62 | x = ctx->x; 63 | y = ctx->y; 64 | +#define RC4_CHUNK unsigned long 65 | +#if defined(RC4_CHUNK) 66 | + /* 67 | + * The original reason for implementing this(*) was the fact that 68 | + * pre-21164a Alpha CPUs don't have byte load/store instructions 69 | + * and e.g. a byte store has to be done with 64-bit load, shift, 70 | + * and, or and finally 64-bit store. Peaking data and operating 71 | + * at natural word size made it possible to reduce amount of 72 | + * instructions as well as to perform early read-ahead without 73 | + * suffering from RAW (read-after-write) hazard. This resulted 74 | + * in ~40%(**) performance improvement on 21064 box with gcc. 75 | + * But it's not only Alpha users who win here:-) Thanks to the 76 | + * early-n-wide read-ahead this implementation also exhibits 77 | + * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending 78 | + * on sizeof(RC4_INT)). 79 | + * 80 | + * (*) "this" means code which recognizes the case when input 81 | + * and output pointers appear to be aligned at natural CPU 82 | + * word boundary 83 | + * (**) i.e. according to 'apps/openssl speed rc4' benchmark, 84 | + * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... 85 | + * 86 | + * Cavets. 87 | + * 88 | + * - RC4_CHUNK="unsigned long long" should be a #1 choice for 89 | + * UltraSPARC. Unfortunately gcc generates very slow code 90 | + * (2.5-3 times slower than one generated by Sun's WorkShop 91 | + * C) and therefore gcc (at least 2.95 and earlier) should 92 | + * always be told that RC4_CHUNK="unsigned long". 93 | + * 94 | + * 95 | + */ 96 | + 97 | +# define RC4_STEP ( \ 98 | + x=(x+1) &0xff, \ 99 | + tx=d[x], \ 100 | + y=(tx+y)&0xff, \ 101 | + ty=d[y], \ 102 | + d[y]=tx, \ 103 | + d[x]=ty, \ 104 | + (RC4_CHUNK)d[(tx+ty)&0xff]\ 105 | + ) 106 | + 107 | + if ( ( ((size_t)in & (sizeof(RC4_CHUNK)-1)) | 108 | + ((size_t)out & (sizeof(RC4_CHUNK)-1)) ) == 0 ) 109 | + { 110 | + RC4_CHUNK ichunk,otp; 111 | + const union { long one; char little; } is_endian = {1}; 112 | + 113 | + /* 114 | + * I reckon we can afford to implement both endian 115 | + * cases and to decide which way to take at run-time 116 | + * because the machine code appears to be very compact 117 | + * and redundant 1-2KB is perfectly tolerable (i.e. 118 | + * in case the compiler fails to eliminate it:-). By 119 | + * suggestion from Terrel Larson 120 | + * who also stands for the is_endian union:-) 121 | + * 122 | + * Special notes. 123 | + * 124 | + * - is_endian is declared automatic as doing otherwise 125 | + * (declaring static) prevents gcc from eliminating 126 | + * the redundant code; 127 | + * - compilers (those I've tried) don't seem to have 128 | + * problems eliminating either the operators guarded 129 | + * by "if (sizeof(RC4_CHUNK)==8)" or the condition 130 | + * expressions themselves so I've got 'em to replace 131 | + * corresponding #ifdefs from the previous version; 132 | + * - I chose to let the redundant switch cases when 133 | + * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed 134 | + * before); 135 | + * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in 136 | + * [LB]ESHFT guards against "shift is out of range" 137 | + * warnings when sizeof(RC4_CHUNK)!=8 138 | + * 139 | + * 140 | + */ 141 | + if (!is_endian.little) 142 | + { /* BIG-ENDIAN CASE */ 143 | +# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) 144 | + for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK)) 145 | + { 146 | + ichunk = *(RC4_CHUNK *)in; 147 | + otp = RC4_STEP<x=x; 191 | + ctx->y=y; 192 | + return; 193 | + } 194 | + else 195 | + { /* LITTLE-ENDIAN CASE */ 196 | +# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) 197 | + for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK)) 198 | + { 199 | + ichunk = *(RC4_CHUNK *)in; 200 | + otp = RC4_STEP; 201 | + otp |= RC4_STEP<<8; 202 | + otp |= RC4_STEP<<16; 203 | + otp |= RC4_STEP<<24; 204 | + if (sizeof(RC4_CHUNK)==8) 205 | + { 206 | + otp |= RC4_STEP<>= (sizeof(RC4_CHUNK)-len)<<3; 224 | + switch (len&(sizeof(RC4_CHUNK)-1)) 225 | + { 226 | + case 7: otp = RC4_STEP, i+=8; 227 | + case 6: otp |= RC4_STEP<x=x; 244 | + ctx->y=y; 245 | + return; 246 | + } 247 | + } 248 | +#endif 249 | +#define LOOP(in,out) \ 250 | + x=((x+1)&0xff); \ 251 | + tx=d[x]; \ 252 | + y=(tx+y)&0xff; \ 253 | + d[x]=ty=d[y]; \ 254 | + d[y]=tx; \ 255 | + (out) = d[(tx+ty)&0xff]^ (in); 256 | + 257 | +#ifndef RC4_INDEX 258 | +#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) 259 | +#else 260 | +#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) 261 | +#endif 262 | + 263 | + i=len>>3; 264 | + if (i) 265 | + { 266 | + for (;;) 267 | + { 268 | + RC4_LOOP(in,out,0); 269 | + RC4_LOOP(in,out,1); 270 | + RC4_LOOP(in,out,2); 271 | + RC4_LOOP(in,out,3); 272 | + RC4_LOOP(in,out,4); 273 | + RC4_LOOP(in,out,5); 274 | + RC4_LOOP(in,out,6); 275 | + RC4_LOOP(in,out,7); 276 | +#ifdef RC4_INDEX 277 | + in+=8; 278 | + out+=8; 279 | +#endif 280 | + if (--i == 0) break; 281 | + } 282 | + } 283 | + i=len&0x07; 284 | + if (i) 285 | + { 286 | + for (;;) 287 | + { 288 | + RC4_LOOP(in,out,0); if (--i == 0) break; 289 | + RC4_LOOP(in,out,1); if (--i == 0) break; 290 | + RC4_LOOP(in,out,2); if (--i == 0) break; 291 | + RC4_LOOP(in,out,3); if (--i == 0) break; 292 | + RC4_LOOP(in,out,4); if (--i == 0) break; 293 | + RC4_LOOP(in,out,5); if (--i == 0) break; 294 | + RC4_LOOP(in,out,6); if (--i == 0) break; 295 | + } 296 | + } 297 | + ctx->x=x; 298 | + ctx->y=y; 299 | 300 | - a = S[x]; 301 | - y = (y + a) & 0xff; 302 | - b = S[y]; 303 | - 304 | - do { 305 | - S[y] = a; 306 | - a = (a + b) & 0xff; 307 | - S[x] = b; 308 | - x = (x + 1) & 0xff; 309 | - ta = S[x]; 310 | - ty = (y + ta) & 0xff; 311 | - tb = S[ty]; 312 | - *out++ = *in++ ^ S[a]; 313 | - if (--len == 0) 314 | - break; 315 | - y = ty; 316 | - a = ta; 317 | - b = tb; 318 | - } while (true); 319 | - 320 | - ctx->x = x; 321 | - ctx->y = y; 322 | } 323 | 324 | static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in) 325 | -------------------------------------------------------------------------------- /packages/12.09/ar71xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Provides: 5 | Source: feeds/gfw/fastdns 6 | Section: net 7 | Status: unknown ok not-installed 8 | Essential: no 9 | Priority: optional 10 | Maintainer: hackgfw 11 | Architecture: ar71xx 12 | Installed-Size: 20460 13 | Filename: fastdns_0.1.4_ar71xx.ipk 14 | Size: 21054 15 | MD5Sum: 3eb757ac8979f839cc2841ea469c7e36 16 | Description: Fast Recursive DNS Server 17 | For more information, please refer to https://github.com/hackgfw/fastdns 18 | 19 | Package: gfw-dualpptp 20 | Version: 0.2 21 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 22 | Provides: 23 | Source: feeds/gfw/gfw-dualpptp 24 | Section: net 25 | Status: unknown ok not-installed 26 | Essential: no 27 | Priority: optional 28 | Maintainer: hackgfw 29 | Architecture: all 30 | Installed-Size: 1640 31 | Filename: gfw-dualpptp_0.2_all.ipk 32 | Size: 2613 33 | MD5Sum: a60017506556ccdd8b7db5d0e3313569 34 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 35 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 36 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 37 | 38 | Package: gfw-vpn 39 | Version: 0.2.2 40 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 41 | Provides: 42 | Source: feeds/gfw/gfw-vpn 43 | Section: net 44 | Status: unknown ok not-installed 45 | Essential: no 46 | Priority: optional 47 | Maintainer: hackgfw 48 | Architecture: all 49 | Installed-Size: 14286 50 | Filename: gfw-vpn_0.2.2_all.ipk 51 | Size: 15198 52 | MD5Sum: 8a14393cb7a3d9cbd9ac04fcdb0f6aef 53 | Description: VPN script to tear down gfw 54 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 55 | 56 | -------------------------------------------------------------------------------- /packages/12.09/ar71xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/ar71xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/12.09/ar71xx/generic/fastdns_0.1.4_ar71xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/ar71xx/generic/fastdns_0.1.4_ar71xx.ipk -------------------------------------------------------------------------------- /packages/12.09/ar71xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/ar71xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/ar71xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/ar71xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm2708/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt, libpthread 4 | Provides: 5 | Source: feeds/gfw/fastdns 6 | Section: net 7 | Status: unknown ok not-installed 8 | Essential: no 9 | Priority: optional 10 | Maintainer: hackgfw 11 | Architecture: brcm2708 12 | Installed-Size: 32351 13 | Filename: fastdns_0.1.4_brcm2708.ipk 14 | Size: 33034 15 | MD5Sum: fd04128e60e8af878785f70f29f17c25 16 | Description: Fast Recursive DNS Server 17 | For more information, please refer to https://github.com/hackgfw/fastdns 18 | 19 | Package: gfw-dualpptp 20 | Version: 0.2 21 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 22 | Provides: 23 | Source: feeds/gfw/gfw-dualpptp 24 | Section: net 25 | Status: unknown ok not-installed 26 | Essential: no 27 | Priority: optional 28 | Maintainer: hackgfw 29 | Architecture: all 30 | Installed-Size: 1640 31 | Filename: gfw-dualpptp_0.2_all.ipk 32 | Size: 2624 33 | MD5Sum: 1caaf59e7ebb5ce8700555a0bcb57b08 34 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 35 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 36 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 37 | 38 | Package: gfw-vpn 39 | Version: 0.2.2 40 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 41 | Provides: 42 | Source: feeds/gfw/gfw-vpn 43 | Section: net 44 | Status: unknown ok not-installed 45 | Essential: no 46 | Priority: optional 47 | Maintainer: hackgfw 48 | Architecture: all 49 | Installed-Size: 14288 50 | Filename: gfw-vpn_0.2.2_all.ipk 51 | Size: 15201 52 | MD5Sum: cc08704a88b79acec71e2693ac5c4225 53 | Description: VPN script to tear down gfw 54 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 55 | 56 | -------------------------------------------------------------------------------- /packages/12.09/brcm2708/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm2708/generic/Packages.gz -------------------------------------------------------------------------------- /packages/12.09/brcm2708/generic/fastdns_0.1.4_brcm2708.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm2708/generic/fastdns_0.1.4_brcm2708.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm2708/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm2708/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm2708/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm2708/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm47xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt, libpthread 4 | Provides: 5 | Source: feeds/gfw/fastdns 6 | Section: net 7 | Status: unknown ok not-installed 8 | Essential: no 9 | Priority: optional 10 | Maintainer: hackgfw 11 | Architecture: brcm47xx 12 | Installed-Size: 20671 13 | Filename: fastdns_0.1.4_brcm47xx.ipk 14 | Size: 21298 15 | MD5Sum: 7ee20fa808428fcbff76a628f9090b7c 16 | Description: Fast Recursive DNS Server 17 | For more information, please refer to https://github.com/hackgfw/fastdns 18 | 19 | Package: gfw-dualpptp 20 | Version: 0.2 21 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 22 | Provides: 23 | Source: feeds/gfw/gfw-dualpptp 24 | Section: net 25 | Status: unknown ok not-installed 26 | Essential: no 27 | Priority: optional 28 | Maintainer: hackgfw 29 | Architecture: all 30 | Installed-Size: 1641 31 | Filename: gfw-dualpptp_0.2_all.ipk 32 | Size: 2606 33 | MD5Sum: 68ae31f67807a1dbe703f068fa48a893 34 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 35 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 36 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 37 | 38 | Package: gfw-vpn 39 | Version: 0.2.2 40 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 41 | Provides: 42 | Source: feeds/gfw/gfw-vpn 43 | Section: net 44 | Status: unknown ok not-installed 45 | Essential: no 46 | Priority: optional 47 | Maintainer: hackgfw 48 | Architecture: all 49 | Installed-Size: 14288 50 | Filename: gfw-vpn_0.2.2_all.ipk 51 | Size: 15197 52 | MD5Sum: 218b6cfedaee7d9c40ed4efedfa2ae7c 53 | Description: VPN script to tear down gfw 54 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 55 | 56 | -------------------------------------------------------------------------------- /packages/12.09/brcm47xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm47xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/12.09/brcm47xx/generic/fastdns_0.1.4_brcm47xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm47xx/generic/fastdns_0.1.4_brcm47xx.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm47xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm47xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm47xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm47xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm63xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Provides: 5 | Source: feeds/gfw/fastdns 6 | Section: net 7 | Status: unknown ok not-installed 8 | Essential: no 9 | Priority: optional 10 | Maintainer: hackgfw 11 | Architecture: brcm63xx 12 | Installed-Size: 20465 13 | Filename: fastdns_0.1.4_brcm63xx.ipk 14 | Size: 21103 15 | MD5Sum: f637ddeef48539b756b8cee8241281fc 16 | Description: Fast Recursive DNS Server 17 | For more information, please refer to https://github.com/hackgfw/fastdns 18 | 19 | Package: gfw-dualpptp 20 | Version: 0.2 21 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 22 | Provides: 23 | Source: feeds/gfw/gfw-dualpptp 24 | Section: net 25 | Status: unknown ok not-installed 26 | Essential: no 27 | Priority: optional 28 | Maintainer: hackgfw 29 | Architecture: all 30 | Installed-Size: 1639 31 | Filename: gfw-dualpptp_0.2_all.ipk 32 | Size: 2612 33 | MD5Sum: b4c2db9ca5ce5634f9f5080e35b72a6a 34 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 35 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 36 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 37 | 38 | Package: gfw-vpn 39 | Version: 0.2.2 40 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 41 | Provides: 42 | Source: feeds/gfw/gfw-vpn 43 | Section: net 44 | Status: unknown ok not-installed 45 | Essential: no 46 | Priority: optional 47 | Maintainer: hackgfw 48 | Architecture: all 49 | Installed-Size: 14287 50 | Filename: gfw-vpn_0.2.2_all.ipk 51 | Size: 15196 52 | MD5Sum: f4a41c9aa201f2128774bc813d2e34f5 53 | Description: VPN script to tear down gfw 54 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 55 | 56 | -------------------------------------------------------------------------------- /packages/12.09/brcm63xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm63xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/12.09/brcm63xx/generic/fastdns_0.1.4_brcm63xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm63xx/generic/fastdns_0.1.4_brcm63xx.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm63xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm63xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/brcm63xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/brcm63xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/x86/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt, libpthread 4 | Provides: 5 | Source: feeds/gfw/fastdns 6 | Section: net 7 | Status: unknown ok not-installed 8 | Essential: no 9 | Priority: optional 10 | Maintainer: hackgfw 11 | Architecture: x86 12 | Installed-Size: 31416 13 | Filename: fastdns_0.1.4_x86.ipk 14 | Size: 32011 15 | MD5Sum: 8b277a46d0d4bc852223cf65626fb5b3 16 | Description: Fast Recursive DNS Server 17 | For more information, please refer to https://github.com/hackgfw/fastdns 18 | 19 | Package: gfw-dualpptp 20 | Version: 0.2 21 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 22 | Provides: 23 | Source: feeds/gfw/gfw-dualpptp 24 | Section: net 25 | Status: unknown ok not-installed 26 | Essential: no 27 | Priority: optional 28 | Maintainer: hackgfw 29 | Architecture: all 30 | Installed-Size: 1640 31 | Filename: gfw-dualpptp_0.2_all.ipk 32 | Size: 2606 33 | MD5Sum: c13c77a027a394c01c119f1288e5f221 34 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 35 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 36 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 37 | 38 | Package: gfw-vpn 39 | Version: 0.2.2 40 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 41 | Provides: 42 | Source: feeds/gfw/gfw-vpn 43 | Section: net 44 | Status: unknown ok not-installed 45 | Essential: no 46 | Priority: optional 47 | Maintainer: hackgfw 48 | Architecture: all 49 | Installed-Size: 14288 50 | Filename: gfw-vpn_0.2.2_all.ipk 51 | Size: 15198 52 | MD5Sum: 3a49f606047daa9b2093d419c8180ff6 53 | Description: VPN script to tear down gfw 54 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 55 | 56 | -------------------------------------------------------------------------------- /packages/12.09/x86/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/x86/generic/Packages.gz -------------------------------------------------------------------------------- /packages/12.09/x86/generic/fastdns_0.1.4_x86.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/x86/generic/fastdns_0.1.4_x86.ipk -------------------------------------------------------------------------------- /packages/12.09/x86/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/x86/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/12.09/x86/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/12.09/x86/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/ar71xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: ar71xx 8 | Installed-Size: 18057 9 | Filename: fastdns_0.1.4_ar71xx.ipk 10 | Size: 18695 11 | MD5Sum: 1761dbe7bbb84dcff6e2902b28b23057 12 | SHA256sum: 74de4a682277c4d08558c15aeec9a5f3286969a23c7d75d10b6d50a1c1709d87 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1639 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2564 26 | MD5Sum: 5464ff43b74666cb11daa740be0fe480 27 | SHA256sum: aef5c7727edff2997d098ff2e123751e5b24573620d8f9fcf69e5984b5d09508 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14288 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15153 42 | MD5Sum: e7bc01a27d6a7d117bb321c170b54fa4 43 | SHA256sum: 9e30a9627d7c4b875564cd7f6c869cacbff1f2714cbc6bd4976afd2b6dac776f 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/14.07/ar71xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/ar71xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/14.07/ar71xx/generic/fastdns_0.1.4_ar71xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/ar71xx/generic/fastdns_0.1.4_ar71xx.ipk -------------------------------------------------------------------------------- /packages/14.07/ar71xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/ar71xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/ar71xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/ar71xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm2708/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm2708 8 | Installed-Size: 19794 9 | Filename: fastdns_0.1.4_brcm2708.ipk 10 | Size: 20407 11 | MD5Sum: 80aeba8e0da218f09bbe8d444b4d1c7a 12 | SHA256sum: b22f168123b640515603fb69efbba4ed9401ae35768fffed061b888b8d8a18fd 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1639 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2569 26 | MD5Sum: c54dac993c0a0d41986027b6eca01fe9 27 | SHA256sum: 8bb82c9dfb705abecbdbdceea738d25fe6d07e2573e02d51cac4cdcc8a93675c 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14286 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15146 42 | MD5Sum: f48312e46b661c587a533873ca668e4e 43 | SHA256sum: 0c7314c04aadd553f646b4090121a595245fe8f3a95b1ea2b644c549c1f3a0ca 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/14.07/brcm2708/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm2708/generic/Packages.gz -------------------------------------------------------------------------------- /packages/14.07/brcm2708/generic/fastdns_0.1.4_brcm2708.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm2708/generic/fastdns_0.1.4_brcm2708.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm2708/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm2708/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm2708/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm2708/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm47xx 8 | Installed-Size: 21238 9 | Filename: fastdns_0.1.4_brcm47xx.ipk 10 | Size: 21779 11 | MD5Sum: 4dff3bd554efd5f25f7f857388ba3db5 12 | SHA256sum: 975ed201e118468eb08be437b81e19075c146b6b744634d862ac85d10f88351c 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1640 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2562 26 | MD5Sum: 02ebb839501d55cf8eee43e451aec010 27 | SHA256sum: 992edecbb5144370adf21f2f0789cd75673c6a44664e00bd531b4990e8340132 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14289 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15144 42 | MD5Sum: 4ba0bb8972d808059815ec319173ab78 43 | SHA256sum: 14ee9c884dabb36f108d8d2e02d36aafc2a21fe2d5fad127d304446a0d7ed5c8 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/generic/fastdns_0.1.4_brcm47xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/generic/fastdns_0.1.4_brcm47xx.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/mips74k/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm47xx 8 | Installed-Size: 18235 9 | Filename: fastdns_0.1.4_brcm47xx.ipk 10 | Size: 18866 11 | MD5Sum: e28f8defb98580e432953b2a5212ee3b 12 | SHA256sum: 9390c661f055d71a1abb25c0a5eed5841b48be85c5678c06d2f489bd1af2d39e 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1641 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2563 26 | MD5Sum: 8902241c287f1851235d510612bc01eb 27 | SHA256sum: 29b7cb463f72280bcec1a130696ce4ab7c5eb7bec93426897fc934c7c2e07198 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14288 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15130 42 | MD5Sum: 7798de049e58ad67b88b6aeb10288956 43 | SHA256sum: 0b7d9424fcf6d8e0f85806b53407b00ce4bc7431fa9975b541cbb17049c99c16 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/mips74k/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/mips74k/Packages.gz -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/mips74k/fastdns_0.1.4_brcm47xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/mips74k/fastdns_0.1.4_brcm47xx.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/mips74k/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/mips74k/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm47xx/mips74k/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm47xx/mips74k/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm63xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm63xx 8 | Installed-Size: 21096 9 | Filename: fastdns_0.1.4_brcm63xx.ipk 10 | Size: 21656 11 | MD5Sum: 65c3a2bb7c8fce9e442f4b7a5926c65a 12 | SHA256sum: f9084d11594550631681b72f59e0c985caeb38334b083f09b6b729c7df75adca 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1638 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2566 26 | MD5Sum: 9c1fa4b47e53be33a794b015cb05cd6a 27 | SHA256sum: e73f6bfa0709592d6972ce64ed84ae079e104c5155b28cbb813cdd06d5bdcd14 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14285 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15149 42 | MD5Sum: 931c19fa1bb6acd10a06146d38613deb 43 | SHA256sum: 86f9a31900c2440c49d4b0d36979c1062689c4dc64b1435f3698281077ca5dd1 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/14.07/brcm63xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm63xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/14.07/brcm63xx/generic/fastdns_0.1.4_brcm63xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm63xx/generic/fastdns_0.1.4_brcm63xx.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm63xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm63xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/brcm63xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/brcm63xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/x86/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: x86 8 | Installed-Size: 21730 9 | Filename: fastdns_0.1.4_x86.ipk 10 | Size: 22329 11 | MD5Sum: 2ef887de13c90c8184b0f99c5cbc2966 12 | SHA256sum: 1c9b1d5e8f930fae9faf5fe7ff827589ce2973de8f877ecf6730da3904e715d5 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1641 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2559 26 | MD5Sum: 87e135f80558a9d2e56833e69ba44928 27 | SHA256sum: 461b3db7ee10c896e5af35d3f7195cee278d15d42e8146f7af7f1c9e07430c62 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14286 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15146 42 | MD5Sum: dcff780182991b021c339aab6b35519d 43 | SHA256sum: e21c048f3b2fc83d279b81b99a1d7b281afa069ec68951cbc72f4cf3845dd219 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/14.07/x86/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/x86/generic/Packages.gz -------------------------------------------------------------------------------- /packages/14.07/x86/generic/fastdns_0.1.4_x86.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/x86/generic/fastdns_0.1.4_x86.ipk -------------------------------------------------------------------------------- /packages/14.07/x86/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/x86/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/14.07/x86/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/14.07/x86/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/ar71xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: ar71xx 8 | Installed-Size: 18064 9 | Filename: fastdns_0.1.4_ar71xx.ipk 10 | Size: 18829 11 | MD5Sum: f39a0ee026bf9a5be12d165086ee2ea4 12 | SHA256sum: 9c773466abc4f9eefb84085bf854afbc2a5e7ed60e6c8acb41be0f62dc8d6c3a 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1640 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2678 26 | MD5Sum: e85816a3b10e27c554c980bfa6178249 27 | SHA256sum: aed2a5237f22650cba27af387d2bf2e1ce0f5d518ff3a4c785818f28dc59f21d 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14289 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15274 42 | MD5Sum: 17bf8f6936e65a65a64fb3a081ffd474 43 | SHA256sum: 9b869cf26dd445d520b40045a63447c5e56298d97d51a8bcde23945d9ab6cfad 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/ar71xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/ar71xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/ar71xx/generic/fastdns_0.1.4_ar71xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/ar71xx/generic/fastdns_0.1.4_ar71xx.ipk -------------------------------------------------------------------------------- /packages/15.05/ar71xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/ar71xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/ar71xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/ar71xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/bcm53xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: bcm53xx 8 | Installed-Size: 19773 9 | Filename: fastdns_0.1.4_bcm53xx.ipk 10 | Size: 20469 11 | MD5Sum: e7a98d0d872d0064455900b6cf5d6fcb 12 | SHA256sum: 6ebd246ef52c6ec9064aeb1d571a8ce3eeec0fe6b417370ddabce1104cd4f79a 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1641 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2677 26 | MD5Sum: f3ab78da6902bc5f9388257d729b2245 27 | SHA256sum: 363b22921c0ff033894c3d613c94d3835efe8d972ffe21c4f0d0d69be0cc90c7 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14287 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15251 42 | MD5Sum: 481f8cf0a0475aa4b2f2b90ae3f92993 43 | SHA256sum: 6d094ac4f96abf88eca8518a71782f26e68f7010e29c4c2e2ea4a61cf56e76b4 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/bcm53xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/bcm53xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/bcm53xx/generic/fastdns_0.1.4_bcm53xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/bcm53xx/generic/fastdns_0.1.4_bcm53xx.ipk -------------------------------------------------------------------------------- /packages/15.05/bcm53xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/bcm53xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/bcm53xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/bcm53xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2708/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm2708 8 | Installed-Size: 19779 9 | Filename: fastdns_0.1.4_brcm2708.ipk 10 | Size: 20541 11 | MD5Sum: a80d42897628638fd81fc61c6971d75f 12 | SHA256sum: 46188f11146382a9340bb7c39cc44a9a261e8b0f155d3f8f23798eca545f334e 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1640 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2678 26 | MD5Sum: d41156bb93ce6225ec4407382781d4a7 27 | SHA256sum: 50804443a15924234a15f9a02a1ff062502fa6c04c72550827b27dcd01304e48 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14288 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15263 42 | MD5Sum: 6a8f485d6a5126df89b76339ff66189d 43 | SHA256sum: cd1391d572307390f19a6a31eb84e5605aa5d99b2d0e883eb5f214cf0a33b30a 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2708/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2708/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2708/fastdns_0.1.4_brcm2708.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2708/fastdns_0.1.4_brcm2708.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2708/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2708/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2708/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2708/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2709/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm2708 8 | Installed-Size: 19726 9 | Filename: fastdns_0.1.4_brcm2708.ipk 10 | Size: 20484 11 | MD5Sum: 270113897bed911b4d50272527d60e58 12 | SHA256sum: 5f12d99ffcd25533db1171c8017789ae2601228b4a94c6e59a5e5ea954f60d69 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1640 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2678 26 | MD5Sum: 8cde695e70b8d007b6bb78c12fb8d383 27 | SHA256sum: 70e95428c2a7e22c8a20be7a545a0dfccf2ad6922da09aa08b07f5e549ced070 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14286 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15270 42 | MD5Sum: dd90bf67412b185b0ff042b514fa22e2 43 | SHA256sum: c95c6992fc5037a822627c25ffca61137cfbf5577b74f83f78f238c3633e1e77 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2709/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2709/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2709/fastdns_0.1.4_brcm2708.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2709/fastdns_0.1.4_brcm2708.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2709/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2709/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm2708/bcm2709/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm2708/bcm2709/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm47xx 8 | Installed-Size: 21321 9 | Filename: fastdns_0.1.4_brcm47xx.ipk 10 | Size: 22023 11 | MD5Sum: d1985b1947a71a64812b5cd4fbc8d06e 12 | SHA256sum: 5ce0dd0bf82a8179de421d176668978bdb1d4271acfb5c4371750ba51ff995bd 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1640 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2676 26 | MD5Sum: d784b7cb35595b12ebcb162edcb00107 27 | SHA256sum: 8c039f9569f299a03a634b6f5610b40dba811fd6c24d2de8c7d4fb4a9aa232f0 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14288 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15261 42 | MD5Sum: 660d0d4eb5db36ca37c82b553b5c68a3 43 | SHA256sum: 1d48212649b7a282bd87dcfc6323ab8bd400e99219838057a1e21b5e646439bd 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/generic/fastdns_0.1.4_brcm47xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/generic/fastdns_0.1.4_brcm47xx.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/mips74k/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm47xx 8 | Installed-Size: 18254 9 | Filename: fastdns_0.1.4_brcm47xx.ipk 10 | Size: 19024 11 | MD5Sum: 20d94e0cb5e838cc04cc5ddf9d02bf21 12 | SHA256sum: cdd7d41a19e194c145777566326130c4104f72588d663bafadb26230904fd7b8 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1641 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2681 26 | MD5Sum: 7bd434c01b717b236131d9fcd57a8633 27 | SHA256sum: 96c26c8482cf73100ef722d57b42c438254d1cb66732a526b45e989733ffdf6e 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14287 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15264 42 | MD5Sum: 82a7b73089041035caa4420794ab3a63 43 | SHA256sum: 569b51759578f5966caf653cc4c6c209f1eb9daed6f8a722a849c41f3e2136e0 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/mips74k/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/mips74k/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/mips74k/fastdns_0.1.4_brcm47xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/mips74k/fastdns_0.1.4_brcm47xx.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/mips74k/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/mips74k/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm47xx/mips74k/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm47xx/mips74k/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm63xx/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: brcm63xx 8 | Installed-Size: 21177 9 | Filename: fastdns_0.1.4_brcm63xx.ipk 10 | Size: 21884 11 | MD5Sum: ca8dc9c93aa3aeebdf5c459fd8451e03 12 | SHA256sum: e8d4d351a9571a4100db654f2766ef82dc4798b7bead62996620d404c1f3ffb0 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1641 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2676 26 | MD5Sum: 6e0fb34492f0309f37d3ea678c71f36e 27 | SHA256sum: ae36e0c59cc1e8357032f809b5b6157c1f2773c7a52b304b0f631ee79667f025 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14286 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15249 42 | MD5Sum: fad723a9b316a3500f82b5822bc8e8da 43 | SHA256sum: 1082d7983f5bb14b97b234cecda51660d203717213fc305b279429d00f307c07 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/brcm63xx/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm63xx/generic/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/brcm63xx/generic/fastdns_0.1.4_brcm63xx.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm63xx/generic/fastdns_0.1.4_brcm63xx.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm63xx/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm63xx/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/brcm63xx/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/brcm63xx/generic/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/x86/64/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: x86_64 8 | Installed-Size: 22295 9 | Filename: fastdns_0.1.4_x86_64.ipk 10 | Size: 22997 11 | MD5Sum: eb9c134e6c06e3545d699f542724b538 12 | SHA256sum: 2b33225eaa26b011e68f5a22157aa202e04f2e5c619ff3213cf82b00e7e370c1 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1640 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2677 26 | MD5Sum: d21c433301a30faeadd2c4912a7a6485 27 | SHA256sum: 13b08af3155630d74e2f4139b6f2e1e84680f9b34fd273ea246037d732b09c4e 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14287 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15267 42 | MD5Sum: 7e95d7c846698627d69a4c9417e8635f 43 | SHA256sum: b03e4f289d9cf0b2ea281b3a65c1b7d01fa043e9bb9602e7860fc33b71de6eed 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/x86/64/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/64/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/x86/64/fastdns_0.1.4_x86_64.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/64/fastdns_0.1.4_x86_64.ipk -------------------------------------------------------------------------------- /packages/15.05/x86/64/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/64/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/x86/64/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/64/gfw-vpn_0.2.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/x86/generic/Packages: -------------------------------------------------------------------------------- 1 | Package: fastdns 2 | Version: 0.1.4 3 | Depends: libc, libstdcpp, librt 4 | Source: feeds/gfw/fastdns 5 | Section: net 6 | Maintainer: hackgfw 7 | Architecture: x86 8 | Installed-Size: 21858 9 | Filename: fastdns_0.1.4_x86.ipk 10 | Size: 22589 11 | MD5Sum: 48ca2290cb9328584b7baca6ec8e18e0 12 | SHA256sum: 134264b388402d3c6e5ce44b3f95e6e46be0a3ebe74201b285fd4cf077dbee02 13 | Description: Fast Recursive DNS Server 14 | For more information, please refer to https://github.com/hackgfw/fastdns 15 | 16 | Package: gfw-dualpptp 17 | Version: 0.2 18 | Depends: libc, ip, iptables-mod-tee, iptables-mod-u32 19 | Source: feeds/gfw/gfw-dualpptp 20 | Section: net 21 | Maintainer: hackgfw 22 | Architecture: all 23 | Installed-Size: 1641 24 | Filename: gfw-dualpptp_0.2_all.ipk 25 | Size: 2679 26 | MD5Sum: a00f9660cd383e788a53462fdf903cf9 27 | SHA256sum: 66db3beff69259a4e81a9eb286ec4d10ef477d3a1e741ae4a992bafbe374e278 28 | Description: VPN script to use redundant connecions, like RAID1 for VPN. 29 | Only pptp is supported, also need to patch kernel manually for OpenWRT 12.09 or later. 30 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 31 | 32 | Package: gfw-vpn 33 | Version: 0.2.2 34 | Depends: libc, ip, ipset, iptables-mod-ipopt, conntrack-tools 35 | Source: feeds/gfw/gfw-vpn 36 | Section: net 37 | Maintainer: hackgfw 38 | Architecture: all 39 | Installed-Size: 14287 40 | Filename: gfw-vpn_0.2.2_all.ipk 41 | Size: 15256 42 | MD5Sum: 183e58d94e7149f43e27f0b07a0b84cb 43 | SHA256sum: f862a101b0e2fec6574eef817165b3de380e5bad4d0ab939a3ee60b5676d3166 44 | Description: VPN script to tear down gfw 45 | For more information, please refer to https://github.com/hackgfw/openwrt-gfw 46 | 47 | -------------------------------------------------------------------------------- /packages/15.05/x86/generic/Packages.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/generic/Packages.gz -------------------------------------------------------------------------------- /packages/15.05/x86/generic/fastdns_0.1.4_x86.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/generic/fastdns_0.1.4_x86.ipk -------------------------------------------------------------------------------- /packages/15.05/x86/generic/gfw-dualpptp_0.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/generic/gfw-dualpptp_0.2_all.ipk -------------------------------------------------------------------------------- /packages/15.05/x86/generic/gfw-vpn_0.2.2_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackgfw/openwrt-gfw/4443a3358bdcf46fd697314ec9949a84a8189c99/packages/15.05/x86/generic/gfw-vpn_0.2.2_all.ipk --------------------------------------------------------------------------------