| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
To align with old iptables-based ss-rules implementation.
Supersedes openwrt/packages#20239
Link: https://github.com/openwrt/packages/pull/20239
Signed-off-by: Luis Liou <liouluis@gmail.com>
[minor fixup on commit title, version bump, etc.]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Convert package to PCRE2 by porting a pending patch from a closed PR.
The PR is old but the code never changed and is simple enough to check
the changes. The patch apply directly with no changes (aside from
commenting out the travis CI file)
The PR was never merged as PCRE2 at times was too new and they were
trying to find a better regex lib.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
| |
Link: https://github.com/openwrt/packages/pull/20647
Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com>
[indentation fix]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
See commit 07730ff3 "treewide: add support for "lto" in PKG_BUILD_FLAGS"
on the main repository.
Note: Some packages only added `-flto` to CFLAGS and not LDFLAGS. This
fixes it and properly enables LTO.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
|
| |
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
|
| |
Link: https://github.com/openwrt/packages/pull/19872
Signed-off-by: Li Xin <i@crzidea.com>
(squash commits)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Remove nft rules file generated by ss-rules if ss-rules was or should be
turned off for by configuration. Use "fw4 restart" instead of "fw4
reload" to force the runtime rule reloading
Ref: https://github.com/openwrt/packages/pull/17937#issuecomment-1207357037
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
| |
Supersedes: https://github.com/openwrt/packages/pull/18852
Fixes: https://github.com/openwrt/packages/issues/18850
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
| |
This reverts commit 0d18bd49f1ad1a9a52e2485680f026173d0854ee.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
| |
Link: https://github.com/openwrt/packages/issues/18393
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| | |
|
| |
|
|
|
|
|
| |
It was leftover from the previous rewrite of ss-rules. The built
package has no ref to it so no need to update PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To add extra statement to tcp/udp forward rule, example:
```
config ss_rules 'ss_rules'
...
option nft_tcp_extra 'tcp dport { 80, 443 }' # tcp only forward connections with dport 80 or 443
option nft_udp_extra 'udp dport { 53 }' # udp only forward connections with dport 53
```
This somewhat restores the old ipt_args functionality.
Signed-off-by: Zhong Jianxin <azuwis@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(Amend README.md a bit)
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It will be mostly implemented with ucode templates installed at
/usr/share/ss-rules and called from init script. The generated nftables
rules will be stored at /etc/nftables.d/
Incompatible changes were introduced as described in the README.md file
- Netfilter ipset was replaced with nftables sets
- UCI options ipt_args and dst_forward_recentrst of section ss_rules
are now deprecated. The former does not apply to nftables. The
later not yet implemented with nftables.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ss-rules with iptables needs presence of netfilter nat table to work.
ss-rules works before without explicitly requesting it as a dependency
because it's present by default on a pre-firewall4/nftables OpenWrt
install. We request it explicitly now to make life easier in case
people would like to try ss-rules/iptables on firewall4/nftables enabled
OpenWrt system
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
| |
Patch removed because the relevant code was removed upstream
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment ss-server seems to be the only component using these two
options. It also accepts "local_address" of either ip4 or ip6 address,
but the meaning is different from that of ss-local, ss-tunnel etc.
where it is for listen bind
With this commit, we start deprecation process of uci option
"bind_address". The name was replaced with "local_addr" in upstream
project commit 5fa98a66 ("Fix #1911") and available as json config
option "local_address". This upstream change was released in 3.2.0
Link: https://github.com/shadowsocks/shadowsocks-libev/commit/4a42da641b6e0039497998614e84c94205939c24
Link: https://github.com/openwrt/packages/issues/12931
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.
Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".
Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")
Error scene
root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated
root@OpenWrt:/# echo $?
2
Fixes: https://github.com/openwrt/packages/issues/12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
| |
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
| |
|
|
|
|
|
| |
This should fix openwrt/packages#9346 ("shadowsocks-libev: undefined
behavior from unaligned access")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
| |
The most notable change was that socket data buffer has been increased
from 2KB to 16KB
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Use link-time optimization and --gc-sections --as-needed ldflags
Reduces ipk size by 20%
Remove unnecessary dependencies
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Plugin options are properties of shadowsocks deployment as a whole,
including both server and each client components. Multiple client
instances accessing the same server will need to share the same plugin
settings
With this change, plugin options will need to specified to "server" and
"ss-server" section, not to each component section.
Fixes: c19e949 ("shadowsocks-libev: add plugin options support")
Reference: https://github.com/openwrt/packages/issues/8903#issuecomment-489674137
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
| |
Reference: https://github.com/openwrt/packages/issues/8903
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
| |
It was introduced in 3.1.0 as a command line argument and was part of
the json config since 3.1.1
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
| |
As suggested by Jeffery To in openwrt/packages#8233
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
| |
"-6" has to be the first argument
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
| |
- quash errors on detection of ipv6 nat
- remove unnecessary rule args "--comment ..." and "-p ..."
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
| |
Fixes issue reported in openwrt/luci#2527
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It will require support from ip6tables-mod-nat. The added functionality
will be skipped otherwise.
For $o_dst_bypass6_, include only address blocks in link [1] whose
"Globally Reachable" field are explicitly "False"
Closes openwrt/packages#7508
[1] IANA IPv6 Special-Purpose Address Registry,
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
| |
A short while after 3.2.2 was tagged, it was superseded by 3.2.3 with a
minor fix for aligned memory allocation for 32-bit arch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changes summarized by upstream maintainer
* Add MinGW support by @linusyang.
* Refine c-ares integration by @xnoreq.
* Fix building issues with GCC8 by @FlyingheartCN.
* Minor bug fixes.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|