OpenWrt
/
small-package
mirror of https://github.com/kenzok8/small-package
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update 2025-03-01 00:26:24

This commit is contained in:
kenzok8 2025-03-01 00:26:24 +08:00
parent d7de9f49da
commit bdd4406384
9 changed files with 61 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
homebox/Makefile
View File

@ -5,11 +5,9 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=homebox PKG_NAME:=homebox
PKG_VERSION:=0.1.0.20241126 PKG_VERSION:=0.0.0.20241013
PKG_REAL_VER:=0.1.0-dev.2024112600 PKG_REAL_VER:=0.0.0-dev.2024101306
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_FLAGS:=nonshared
RSTRIP:=:
ifeq ($(ARCH),aarch64) ifeq ($(ARCH),aarch64)
H_ARCH:=arm64 H_ARCH:=arm64
@ -37,7 +35,7 @@ define Package/$(PKG_NAME)
CATEGORY:=Network CATEGORY:=Network
TITLE:=A Toolbox for Home Local Networks Speed Test TITLE:=A Toolbox for Home Local Networks Speed Test
URL:=https://github.com/XGHeaven/homebox URL:=https://github.com/XGHeaven/homebox
DEPENDS:=@(i386||x86_64||arm||aarch64||mipsel||mips) +libstdcpp +libatomic +libpthread +libc DEPENDS:=@(i386||x86_64||arm||aarch64||mipsel||mips) +libstdcpp
endef endef
define Package/$(PKG_NAME)/description define Package/$(PKG_NAME)/description
@ -46,8 +44,8 @@ endef
define Build/Prepare define Build/Prepare
mkdir -p $(PKG_BUILD_DIR) mkdir -p $(PKG_BUILD_DIR)
[ ! -f $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH).tar.gz ] && wget https://github.com/XGHeaven/homebox/releases/download/v$(PKG_REAL_VER)/homebox-linux-$(H_ARCH).tar.gz -O $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH).tar.gz [ ! -f $(PKG_BUILD_DIR)/server-linux-$(H_ARCH).tar.gz ] && wget https://github.com/XGHeaven/homebox/releases/download/v$(PKG_REAL_VER)/server-linux-$(H_ARCH).tar.gz -O $(PKG_BUILD_DIR)/server-linux-$(H_ARCH).tar.gz
tar -xzvf $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH).tar.gz -C $(PKG_BUILD_DIR) tar -xzvf $(PKG_BUILD_DIR)/server-linux-$(H_ARCH).tar.gz -C $(PKG_BUILD_DIR)
endef endef
define Build/Compile define Build/Compile
@ -55,18 +53,7 @@ endef
define Package/$(PKG_NAME)/install define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/bin $(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/homebox-linux-$(H_ARCH) $(1)/usr/bin/homebox $(INSTALL_BIN) $(PKG_BUILD_DIR)/server-linux-$(H_ARCH) $(1)/usr/bin/homebox
endef
# 使用force-depends选项强制忽略依赖检查
define Package/$(PKG_NAME)/preinst
#!/bin/sh
exit 0
endef
# 添加"force-depends=1"到包控制文件中
define Package/$(PKG_NAME)/extra_provides
echo "libc.so.6"; echo "libm.so.6"
endef endef
$(eval $(call BuildPackage,$(PKG_NAME))) $(eval $(call BuildPackage,$(PKG_NAME)))

1
oaf/src/af_conntrack.c
View File

@ -68,6 +68,7 @@ af_conn_t *af_conn_add(u32 src_ip, u32 dst_ip, u16 src_port, u16 dst_port, u8 pr
conn->protocol = protocol; conn->protocol = protocol;
conn->total_pkts = 0; conn->total_pkts = 0;
conn->app_id = 0; conn->app_id = 0;
conn->client_hello = 0;
conn->drop = 0; conn->drop = 0;
conn->state = AF_CONN_NEW; conn->state = AF_CONN_NEW;
conn->last_jiffies = jiffies; conn->last_jiffies = jiffies;

3
oaf/src/af_conntrack.h
View File

@ -22,6 +22,7 @@ typedef struct {
u8 protocol; u8 protocol;
u32 total_pkts; u32 total_pkts;
u32 app_id; u32 app_id;
u8 client_hello;
u8 drop; u8 drop;
af_conn_state_t state; af_conn_state_t state;
unsigned long last_jiffies; unsigned long last_jiffies;
@ -48,4 +49,4 @@ void af_conn_clean_timeout(void);
void af_conn_exit(void); void af_conn_exit(void);
#endif #endif

8
oaf/src/af_log.c
View File

@ -12,6 +12,7 @@ int af_test_mode = 0;
int g_oaf_filter_enable __read_mostly = 0; int g_oaf_filter_enable __read_mostly = 0;
int g_oaf_record_enable __read_mostly = 0; int g_oaf_record_enable __read_mostly = 0;
int g_by_pass_accl = 1; int g_by_pass_accl = 1;
int g_user_mode = 0;
int af_work_mode = AF_MODE_GATEWAY; int af_work_mode = AF_MODE_GATEWAY;
unsigned int af_lan_ip = 0; unsigned int af_lan_ip = 0;
unsigned int af_lan_mask = 0; unsigned int af_lan_mask = 0;
@ -86,6 +87,13 @@ static struct ctl_table oaf_table[] = {
.mode = 0666, .mode = 0666,
.proc_handler = proc_dointvec, .proc_handler = proc_dointvec,
}, },
{
.procname = "user_mode",
.data = &g_user_mode,
.maxlen = sizeof(int),
.mode = 0666,
.proc_handler = proc_dointvec,
},
{ {
.procname = "work_mode", .procname = "work_mode",
.data = &af_work_mode, .data = &af_work_mode,

1
oaf/src/af_log.h
View File

@ -9,6 +9,7 @@ extern int g_by_pass_accl;
extern unsigned int af_lan_ip; extern unsigned int af_lan_ip;
extern unsigned int af_lan_mask; extern unsigned int af_lan_mask;
extern int g_feature_init; extern int g_feature_init;
extern int g_user_mode;
extern char g_lan_ifname[64]; extern char g_lan_ifname[64];
extern int g_tcp_rst; extern int g_tcp_rst;

47
oaf/src/app_filter.c
View File

@ -632,13 +632,18 @@ int dpi_https_proto(flow_info_t *flow)
{ {
return -1; return -1;
} }
if (!(p[0] == 0x16 && p[1] == 0x03 && p[2] == 0x01)) if (!((p[0] == 0x16 && p[1] == 0x03 && p[2] == 0x01) || flow->client_hello))
return -1; return -1;
for (i = 0; i < data_len; i++) for (i = 0; i < data_len; i++)
{ {
if (i + HTTPS_URL_OFFSET >= data_len) if (i + HTTPS_URL_OFFSET >= data_len)
{ {
AF_LMT_INFO("match https host failed, data_len = %d, sport:%d, dport:%d\n", data_len, flow->sport,flow->dport);
if ((TEST_MODE())){
print_hex_ascii(flow->l4_data, flow->l4_len);
}
flow->client_hello = 1;
return -1; return -1;
} }
@ -660,6 +665,8 @@ int dpi_https_proto(flow_info_t *flow)
flow->https.match = AF_TRUE; flow->https.match = AF_TRUE;
flow->https.url_pos = p + i + HTTPS_URL_OFFSET; flow->https.url_pos = p + i + HTTPS_URL_OFFSET;
flow->https.url_len = ntohs(url_len); flow->https.url_len = ntohs(url_len);
AF_LMT_INFO("match https host ok, data_len = %d, client hello = %d\n", data_len, flow->client_hello);
flow->client_hello = 0;
return 0; return 0;
} }
} }
@ -975,7 +982,7 @@ int match_feature(flow_info_t *flow)
int match_app_filter_rule(int appid, af_client_info_t *client) int match_app_filter_rule(int appid, af_client_info_t *client)
{ {
if (is_user_match_enable() && !find_af_mac(client->mac)) if (g_user_mode && !find_af_mac(client->mac))
{ {
return AF_FALSE; return AF_FALSE;
} }
@ -989,6 +996,8 @@ int match_app_filter_rule(int appid, af_client_info_t *client)
#define NF_DROP_BIT 0x80000000 #define NF_DROP_BIT 0x80000000
#define NF_CLIENT_HELLO_BIT 0x40000000
static int af_get_visit_index(af_client_info_t *node, int app_id) static int af_get_visit_index(af_client_info_t *node, int app_id)
{ {
@ -1163,13 +1172,16 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device *
} }
#endif #endif
if (skb_is_nonlinear(skb) && flow.l4_len < MAX_AF_SUPPORT_DATA_LEN) if (skb_is_nonlinear(skb) && flow.l4_len < MAX_AF_SUPPORT_DATA_LEN)
{ {
flow.l4_data = read_skb(skb, flow.l4_data - skb->data, flow.l4_len); flow.l4_data = read_skb(skb, flow.l4_data - skb->data, flow.l4_len);
if (!flow.l4_data) if (!flow.l4_data)
return NF_ACCEPT; return NF_ACCEPT;
AF_LMT_DEBUG("##match nonlinear skb, len = %d\n", flow.l4_len);
malloc_data = 1; malloc_data = 1;
} }
flow.client_hello = conn->client_hello;
if (conn->app_id != 0) if (conn->app_id != 0)
{ {
@ -1177,8 +1189,8 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device *
flow.drop = conn->drop; flow.drop = conn->drop;
} }
else{ else{
if (0 != dpi_main(skb, &flow)) dpi_main(skb, &flow);
goto EXIT; conn->client_hello = flow.client_hello;
if (!match_feature(&flow)) if (!match_feature(&flow))
goto EXIT; goto EXIT;
@ -1266,12 +1278,12 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
if (ct->mark != 0) if (ct->mark != 0)
{ {
app_id = ct->mark & (~NF_DROP_BIT); app_id = ct->mark & 0xffff;
if (app_id > 1000 && app_id < 9999) if (app_id > 1000 && app_id < 9999)
{ {
if (g_oaf_filter_enable){ if (g_oaf_filter_enable) {
if (NF_DROP_BIT == (ct->mark & NF_DROP_BIT)) if (NF_DROP_BIT == (ct->mark & NF_DROP_BIT))
drop = 1; drop = 1;
} }
if (g_oaf_record_enable){ if (g_oaf_record_enable){
AF_CLIENT_LOCK_W(); AF_CLIENT_LOCK_W();
@ -1284,6 +1296,13 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
return NF_DROP; return NF_DROP;
} }
} }
else {
AF_LMT_DEBUG("ct->mark = %x\n", ct->mark);
if (ct->mark & NF_CLIENT_HELLO_BIT) {
AF_LMT_INFO("match ct client hello...\n");
flow.client_hello = 1;
}
}
} }
acct = nf_conn_acct_find(ct); acct = nf_conn_acct_find(ct);
if (!acct) if (!acct)
@ -1300,8 +1319,14 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
return NF_ACCEPT; return NF_ACCEPT;
malloc_data = 1; malloc_data = 1;
} }
if (0 != dpi_main(skb, &flow)) dpi_main(skb, &flow);
goto EXIT;
if (flow.client_hello) {
ct->mark |= NF_CLIENT_HELLO_BIT;
}
else {
ct->mark &= ~NF_CLIENT_HELLO_BIT;
}
if (!match_feature(&flow)) if (!match_feature(&flow))
goto EXIT; goto EXIT;
@ -1316,7 +1341,9 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
} }
} }
} }
ct->mark = flow.app_id; ct->mark = (ct->mark & 0xFFFF0000) | (flow.app_id & 0xFFFF);
if (g_oaf_filter_enable){ if (g_oaf_filter_enable){
if (match_app_filter_rule(flow.app_id, client)) if (match_app_filter_rule(flow.app_id, client))
{ {

1
oaf/src/app_filter.h
View File

@ -166,6 +166,7 @@ typedef struct flow_info{
u_int8_t drop; u_int8_t drop;
u_int8_t dir; u_int8_t dir;
u_int16_t total_len; u_int16_t total_len;
u_int8_t client_hello;
af_feature_node_t *feature; af_feature_node_t *feature;
}flow_info_t; }flow_info_t;

4
oaf/src/app_filter_config.c
View File

@ -1,4 +1,3 @@
#include <linux/init.h> #include <linux/init.h>
#include <linux/module.h> #include <linux/module.h>
#include <net/tcp.h> #include <net/tcp.h>
@ -155,8 +154,7 @@ int hash_mac(unsigned char *mac)
{ {
if (!mac) if (!mac)
return 0; return 0;
else return ((mac[0] ^ mac[1]) + (mac[2] ^ mac[3]) + (mac[4] ^ mac[5])) % MAX_AF_MAC_HASH_SIZE;
return mac[5] & (MAX_AF_MAC_HASH_SIZE - 1);
} }
af_mac_info_t *find_af_mac(unsigned char *mac) af_mac_info_t *find_af_mac(unsigned char *mac)

5
open-app-filter/files/oaf_rule
View File

@ -76,12 +76,15 @@ reload_rule(){
load_mac_list load_mac_list
} }
reload_base_config(){ reload_base_config(){
! test -d /proc/sys/oaf && return ! test -d /proc/sys/oaf && return
config_load appfilter config_load appfilter
config_get work_mode "global" "work_mode" config_get work_mode "global" "work_mode"
config_get lan_ifname "global" "lan_ifname" config_get lan_ifname "global" "lan_ifname"
config_get user_mode "global" "user_mode"
echo "$work_mode" >/proc/sys/oaf/work_mode echo "$work_mode" >/proc/sys/oaf/work_mode
echo "$user_mode" >/proc/sys/oaf/user_mode
if [ x"" != x"$lan_ifname" ];then if [ x"" != x"$lan_ifname" ];then
echo "$lan_ifname" >/proc/sys/oaf/lan_ifname echo "$lan_ifname" >/proc/sys/oaf/lan_ifname