update 2025-03-01 00:26:24
This commit is contained in:
kenzok8
parent
d7de9f49da
commit
bdd4406384
|
|
@ -5,11 +5,9 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=homebox
|
||||
PKG_VERSION:=0.1.0.20241126
|
||||
PKG_REAL_VER:=0.1.0-dev.2024112600
|
||||
PKG_VERSION:=0.0.0.20241013
|
||||
PKG_REAL_VER:=0.0.0-dev.2024101306
|
||||
PKG_RELEASE:=1
|
||||
PKG_FLAGS:=nonshared
|
||||
RSTRIP:=:
|
||||
|
||||
ifeq ($(ARCH),aarch64)
|
||||
H_ARCH:=arm64
|
||||
|
|
@ -37,7 +35,7 @@ define Package/$(PKG_NAME)
|
|||
CATEGORY:=Network
|
||||
TITLE:=A Toolbox for Home Local Networks Speed Test
|
||||
URL:=https://github.com/XGHeaven/homebox
|
||||
DEPENDS:=@(i386||x86_64||arm||aarch64||mipsel||mips) +libstdcpp +libatomic +libpthread +libc
|
||||
DEPENDS:=@(i386||x86_64||arm||aarch64||mipsel||mips) +libstdcpp
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/description
|
||||
|
|
@ -46,8 +44,8 @@ endef
|
|||
|
||||
define Build/Prepare
|
||||
mkdir -p $(PKG_BUILD_DIR)
|
||||
[ ! -f $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH).tar.gz ] && wget https://github.com/XGHeaven/homebox/releases/download/v$(PKG_REAL_VER)/homebox-linux-$(H_ARCH).tar.gz -O $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH).tar.gz
|
||||
tar -xzvf $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH).tar.gz -C $(PKG_BUILD_DIR)
|
||||
[ ! -f $(PKG_BUILD_DIR)/server-linux-$(H_ARCH).tar.gz ] && wget https://github.com/XGHeaven/homebox/releases/download/v$(PKG_REAL_VER)/server-linux-$(H_ARCH).tar.gz -O $(PKG_BUILD_DIR)/server-linux-$(H_ARCH).tar.gz
|
||||
tar -xzvf $(PKG_BUILD_DIR)/server-linux-$(H_ARCH).tar.gz -C $(PKG_BUILD_DIR)
|
||||
endef
|
||||
|
||||
define Build/Compile
|
||||
|
|
@ -55,18 +53,7 @@ endef
|
|||
|
||||
define Package/$(PKG_NAME)/install
|
||||
$(INSTALL_DIR) $(1)/usr/bin
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH) $(1)/usr/bin/homebox
|
||||
endef
|
||||
|
||||
# 使用force-depends选项强制忽略依赖检查
|
||||
define Package/$(PKG_NAME)/preinst
|
||||
#!/bin/sh
|
||||
exit 0
|
||||
endef
|
||||
|
||||
# 添加"force-depends=1"到包控制文件中
|
||||
define Package/$(PKG_NAME)/extra_provides
|
||||
echo "libc.so.6"; echo "libm.so.6"
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/server-linux-$(H_ARCH) $(1)/usr/bin/homebox
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,$(PKG_NAME)))
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ af_conn_t *af_conn_add(u32 src_ip, u32 dst_ip, u16 src_port, u16 dst_port, u8 pr
|
|||
conn->protocol = protocol;
|
||||
conn->total_pkts = 0;
|
||||
conn->app_id = 0;
|
||||
conn->client_hello = 0;
|
||||
conn->drop = 0;
|
||||
conn->state = AF_CONN_NEW;
|
||||
conn->last_jiffies = jiffies;
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ typedef struct {
|
|||
u8 protocol;
|
||||
u32 total_pkts;
|
||||
u32 app_id;
|
||||
u8 client_hello;
|
||||
u8 drop;
|
||||
af_conn_state_t state;
|
||||
unsigned long last_jiffies;
|
||||
|
|
@ -48,4 +49,4 @@ void af_conn_clean_timeout(void);
|
|||
|
||||
|
||||
void af_conn_exit(void);
|
||||
#endif
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ int af_test_mode = 0;
|
|||
int g_oaf_filter_enable __read_mostly = 0;
|
||||
int g_oaf_record_enable __read_mostly = 0;
|
||||
int g_by_pass_accl = 1;
|
||||
int g_user_mode = 0;
|
||||
int af_work_mode = AF_MODE_GATEWAY;
|
||||
unsigned int af_lan_ip = 0;
|
||||
unsigned int af_lan_mask = 0;
|
||||
|
|
@ -86,6 +87,13 @@ static struct ctl_table oaf_table[] = {
|
|||
.mode = 0666,
|
||||
.proc_handler = proc_dointvec,
|
||||
},
|
||||
{
|
||||
.procname = "user_mode",
|
||||
.data = &g_user_mode,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0666,
|
||||
.proc_handler = proc_dointvec,
|
||||
},
|
||||
{
|
||||
.procname = "work_mode",
|
||||
.data = &af_work_mode,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ extern int g_by_pass_accl;
|
|||
extern unsigned int af_lan_ip;
|
||||
extern unsigned int af_lan_mask;
|
||||
extern int g_feature_init;
|
||||
extern int g_user_mode;
|
||||
|
||||
extern char g_lan_ifname[64];
|
||||
extern int g_tcp_rst;
|
||||
|
|
|
|||
|
|
@ -632,13 +632,18 @@ int dpi_https_proto(flow_info_t *flow)
|
|||
{
|
||||
return -1;
|
||||
}
|
||||
if (!(p[0] == 0x16 && p[1] == 0x03 && p[2] == 0x01))
|
||||
if (!((p[0] == 0x16 && p[1] == 0x03 && p[2] == 0x01) || flow->client_hello))
|
||||
return -1;
|
||||
|
||||
for (i = 0; i < data_len; i++)
|
||||
{
|
||||
if (i + HTTPS_URL_OFFSET >= data_len)
|
||||
{
|
||||
AF_LMT_INFO("match https host failed, data_len = %d, sport:%d, dport:%d\n", data_len, flow->sport,flow->dport);
|
||||
if ((TEST_MODE())){
|
||||
print_hex_ascii(flow->l4_data, flow->l4_len);
|
||||
}
|
||||
flow->client_hello = 1;
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -660,6 +665,8 @@ int dpi_https_proto(flow_info_t *flow)
|
|||
flow->https.match = AF_TRUE;
|
||||
flow->https.url_pos = p + i + HTTPS_URL_OFFSET;
|
||||
flow->https.url_len = ntohs(url_len);
|
||||
AF_LMT_INFO("match https host ok, data_len = %d, client hello = %d\n", data_len, flow->client_hello);
|
||||
flow->client_hello = 0;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -975,7 +982,7 @@ int match_feature(flow_info_t *flow)
|
|||
|
||||
int match_app_filter_rule(int appid, af_client_info_t *client)
|
||||
{
|
||||
if (is_user_match_enable() && !find_af_mac(client->mac))
|
||||
if (g_user_mode && !find_af_mac(client->mac))
|
||||
{
|
||||
return AF_FALSE;
|
||||
}
|
||||
|
|
@ -989,6 +996,8 @@ int match_app_filter_rule(int appid, af_client_info_t *client)
|
|||
|
||||
|
||||
#define NF_DROP_BIT 0x80000000
|
||||
#define NF_CLIENT_HELLO_BIT 0x40000000
|
||||
|
||||
|
||||
static int af_get_visit_index(af_client_info_t *node, int app_id)
|
||||
{
|
||||
|
|
@ -1163,13 +1172,16 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device *
|
|||
}
|
||||
#endif
|
||||
|
||||
|
||||
if (skb_is_nonlinear(skb) && flow.l4_len < MAX_AF_SUPPORT_DATA_LEN)
|
||||
{
|
||||
flow.l4_data = read_skb(skb, flow.l4_data - skb->data, flow.l4_len);
|
||||
if (!flow.l4_data)
|
||||
return NF_ACCEPT;
|
||||
AF_LMT_DEBUG("##match nonlinear skb, len = %d\n", flow.l4_len);
|
||||
malloc_data = 1;
|
||||
}
|
||||
flow.client_hello = conn->client_hello;
|
||||
|
||||
if (conn->app_id != 0)
|
||||
{
|
||||
|
|
@ -1177,8 +1189,8 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device *
|
|||
flow.drop = conn->drop;
|
||||
}
|
||||
else{
|
||||
if (0 != dpi_main(skb, &flow))
|
||||
goto EXIT;
|
||||
dpi_main(skb, &flow);
|
||||
conn->client_hello = flow.client_hello;
|
||||
|
||||
if (!match_feature(&flow))
|
||||
goto EXIT;
|
||||
|
|
@ -1266,12 +1278,12 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
|
|||
|
||||
if (ct->mark != 0)
|
||||
{
|
||||
app_id = ct->mark & (~NF_DROP_BIT);
|
||||
app_id = ct->mark & 0xffff;
|
||||
if (app_id > 1000 && app_id < 9999)
|
||||
{
|
||||
if (g_oaf_filter_enable){
|
||||
if (g_oaf_filter_enable) {
|
||||
if (NF_DROP_BIT == (ct->mark & NF_DROP_BIT))
|
||||
drop = 1;
|
||||
drop = 1;
|
||||
}
|
||||
if (g_oaf_record_enable){
|
||||
AF_CLIENT_LOCK_W();
|
||||
|
|
@ -1284,6 +1296,13 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
|
|||
return NF_DROP;
|
||||
}
|
||||
}
|
||||
else {
|
||||
AF_LMT_DEBUG("ct->mark = %x\n", ct->mark);
|
||||
if (ct->mark & NF_CLIENT_HELLO_BIT) {
|
||||
AF_LMT_INFO("match ct client hello...\n");
|
||||
flow.client_hello = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
acct = nf_conn_acct_find(ct);
|
||||
if (!acct)
|
||||
|
|
@ -1300,8 +1319,14 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
|
|||
return NF_ACCEPT;
|
||||
malloc_data = 1;
|
||||
}
|
||||
if (0 != dpi_main(skb, &flow))
|
||||
goto EXIT;
|
||||
dpi_main(skb, &flow);
|
||||
|
||||
if (flow.client_hello) {
|
||||
ct->mark |= NF_CLIENT_HELLO_BIT;
|
||||
}
|
||||
else {
|
||||
ct->mark &= ~NF_CLIENT_HELLO_BIT;
|
||||
}
|
||||
|
||||
if (!match_feature(&flow))
|
||||
goto EXIT;
|
||||
|
|
@ -1316,7 +1341,9 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
|
|||
}
|
||||
}
|
||||
}
|
||||
ct->mark = flow.app_id;
|
||||
ct->mark = (ct->mark & 0xFFFF0000) | (flow.app_id & 0xFFFF);
|
||||
|
||||
|
||||
if (g_oaf_filter_enable){
|
||||
if (match_app_filter_rule(flow.app_id, client))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -166,6 +166,7 @@ typedef struct flow_info{
|
|||
u_int8_t drop;
|
||||
u_int8_t dir;
|
||||
u_int16_t total_len;
|
||||
u_int8_t client_hello;
|
||||
af_feature_node_t *feature;
|
||||
}flow_info_t;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
#include <linux/init.h>
|
||||
#include <linux/module.h>
|
||||
#include <net/tcp.h>
|
||||
|
|
@ -155,8 +154,7 @@ int hash_mac(unsigned char *mac)
|
|||
{
|
||||
if (!mac)
|
||||
return 0;
|
||||
else
|
||||
return mac[5] & (MAX_AF_MAC_HASH_SIZE - 1);
|
||||
return ((mac[0] ^ mac[1]) + (mac[2] ^ mac[3]) + (mac[4] ^ mac[5])) % MAX_AF_MAC_HASH_SIZE;
|
||||
}
|
||||
|
||||
af_mac_info_t *find_af_mac(unsigned char *mac)
|
||||
|
|
|
|||
|
|
@ -76,12 +76,15 @@ reload_rule(){
|
|||
load_mac_list
|
||||
}
|
||||
|
||||
reload_base_config(){
|
||||
reload_base_config(){
|
||||
! test -d /proc/sys/oaf && return
|
||||
config_load appfilter
|
||||
config_get work_mode "global" "work_mode"
|
||||
config_get lan_ifname "global" "lan_ifname"
|
||||
config_get user_mode "global" "user_mode"
|
||||
|
||||
echo "$work_mode" >/proc/sys/oaf/work_mode
|
||||
echo "$user_mode" >/proc/sys/oaf/user_mode
|
||||
|
||||
if [ x"" != x"$lan_ifname" ];then
|
||||
echo "$lan_ifname" >/proc/sys/oaf/lan_ifname
|
||||
|
|
|
|||
Loading…
Reference in New Issue