diff --git a/openwrt-23.05/patches/package/libpfring/Makefile b/openwrt-23.05/patches/package/libpfring/Makefile new file mode 100644 index 0000000..1083d6e --- /dev/null +++ b/openwrt-23.05/patches/package/libpfring/Makefile @@ -0,0 +1,90 @@ +# +# Copyright (C) 2017 Banglang Huang +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=libpfring +PKG_VERSION:=8.4.0 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/ntop/PF_RING/tar.gz/$(PKG_VERSION)? +PKG_HASH:=2756a45ab250da11850160beb62aa879075aedfb49bf8f323b404f02b0c36670 +PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/PF_RING-$(PKG_VERSION) + +PKG_MAINTAINER:=Banglang Huang + +PKG_FIXUP:=patch-libtool +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +CONFIGURE_PATH:=userland +MAKE_PATH:=userland/lib + +define Package/libpfring + SECTION:=libs + CATEGORY:=Libraries + TITLE:=Library for PR_RING (package process framework) + URL:=https://github.com/ntop/pf_ring + DEPENDS:=+kmod-pf-ring +libpcap +libpthread + LICENSE:=LGPL-2.1-or-later + LICENSE_FILES:=LICENSE +endef + +define Package/libpfring/description + PF_RING is a high speed packet capture library that turns a commodity PC into an efficient and cheap + network measurement box suitable for both packet and active traffic analysis and manipulation. + Moreover, PF_RING opens totally new markets as it enables the creation of efficient application such as + traffic balancers or packet filters in a matter of lines of codes. +endef + +define KernelPackage/pf-ring + SUBMENU:=Network Support + TITLE:=PF_RING Kernel driver + FILES:=$(PKG_BUILD_DIR)/kernel/pf_ring.ko + AUTOLOAD:=$(call AutoLoad,90,pf_ring,1) + LICENSE:=GPL-2.0-or-later +endef + +define KernelPackage/pf-ring/description + Kernel module for libpf-ring package +endef + +CONFIGURE_VARS += \ + MACHINE="$(ARCH)" \ + ac_cv_lib_nl_3_nl_socket_alloc=no + +define Build/Compile + $(MAKE) -C "$(LINUX_DIR)" \ + KERNEL_DIR="$(LINUX_DIR)" \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + M="$(PKG_BUILD_DIR)/kernel" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS) -I$(PKG_BUILD_DIR)/kernel" \ + modules + $(call Build/Compile/Default) +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/ + $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ + + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpfring.so* $(1)/usr/lib/ +endef + +define Package/libpfring/install + $(INSTALL_DIR) $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpfring.so* $(1)/usr/lib/ + $(LN) libpfring.so $(1)/usr/lib/libpfring.so.1 +endef + +$(eval $(call BuildPackage,libpfring)) +$(eval $(call KernelPackage,pf-ring)) diff --git a/openwrt-23.05/patches/package/libpfring/patches/0001-fix-cross-compiling.patch b/openwrt-23.05/patches/package/libpfring/patches/0001-fix-cross-compiling.patch new file mode 100644 index 0000000..021162b --- /dev/null +++ b/openwrt-23.05/patches/package/libpfring/patches/0001-fix-cross-compiling.patch @@ -0,0 +1,32 @@ +--- a/userland/configure ++++ b/userland/configure +@@ -3868,12 +3868,6 @@ $as_echo "no" >&6; } + if test "$IS_FREEBSD" != "1" && test "$cross_compiling" != "yes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if r/w locks are supported" >&5 + $as_echo_n "checking if r/w locks are supported... " >&6; } +- if test "$cross_compiling" = yes; then : +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "cannot run test program while cross compiling +-See \`config.log' for more details" "$LINENO" 5; } +-else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -3886,7 +3880,7 @@ else + + + _ACEOF +-if ac_fn_c_try_run "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + cat >>confdefs.h <<_ACEOF +@@ -3900,7 +3894,6 @@ $as_echo "no" >&6; } + fi + rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +-fi + + fi + diff --git a/openwrt-23.05/patches/package/libpfring/patches/002-implement-probabilistic-sampling.patch b/openwrt-23.05/patches/package/libpfring/patches/002-implement-probabilistic-sampling.patch new file mode 100644 index 0000000..d7b3e83 --- /dev/null +++ b/openwrt-23.05/patches/package/libpfring/patches/002-implement-probabilistic-sampling.patch @@ -0,0 +1,89 @@ +From 405caa1424358032574230ec5479e64834869298 Mon Sep 17 00:00:00 2001 +From: Alfredo Cardigliano +Date: Thu, 13 Apr 2023 13:03:28 +0200 +Subject: [PATCH] Implement probabilistic sampling + +--- + kernel/linux/pf_ring.h | 4 +++- + kernel/pf_ring.c | 34 ++++++++++++++++++++++++---------- + 2 files changed, 27 insertions(+), 11 deletions(-) + +--- a/kernel/linux/pf_ring.h ++++ b/kernel/linux/pf_ring.h +@@ -1310,7 +1310,9 @@ struct pf_ring_socket { + u_char *ring_slots; /* Points to ring_memory+sizeof(FlowSlotInfo) */ + + /* Packet Sampling */ +- u_int32_t pktToSample, sample_rate; ++ u_int32_t sample_rate; ++ u_int32_t pkts_to_sample; ++ u_int32_t sample_rnd_shift; + + /* Virtual Filtering Device */ + virtual_filtering_device_element *v_filtering_dev; +--- a/kernel/pf_ring.c ++++ b/kernel/pf_ring.c +@@ -3695,6 +3695,26 @@ int bpf_filter_skb(struct sk_buff *skb, + + /* ********************************** */ + ++int sample_packet(struct pf_ring_socket *pfr) { ++ if(pfr->pkts_to_sample <= 1) { ++ u_int32_t rnd = 0; ++ ++ get_random_bytes(&rnd, sizeof(u_int32_t)); ++ rnd = rnd % pfr->sample_rate; ++ ++ pfr->pkts_to_sample = pfr->sample_rate - pfr->sample_rnd_shift + rnd; ++ ++ pfr->sample_rnd_shift = rnd; ++ ++ return 1; /* Pass packet */ ++ } else { ++ pfr->pkts_to_sample--; ++ return 0; /* Discard packet */ ++ } ++} ++ ++/* ********************************** */ ++ + u_int32_t default_rehash_rss_func(struct sk_buff *skb, struct pfring_pkthdr *hdr) + { + return hash_pkt_header(hdr, 0); +@@ -3805,12 +3825,9 @@ static int add_skb_to_ring(struct sk_buf + if(pfr->sample_rate > 1) { + spin_lock_bh(&pfr->ring_index_lock); + +- if(pfr->pktToSample <= 1) { +- pfr->pktToSample = pfr->sample_rate; +- } else { ++ if(!sample_packet(pfr)) { ++ /* Discard packet */ + pfr->slots_info->tot_pkts++; +- pfr->pktToSample--; +- + spin_unlock_bh(&pfr->ring_index_lock); + atomic_dec(&pfr->num_ring_users); + return(-1); +@@ -4161,11 +4178,8 @@ int pf_ring_skb_ring_handler(struct sk_b + + if(pfr->sample_rate > 1) { + spin_lock_bh(&pfr->ring_index_lock); +- if(pfr->pktToSample <= 1) { +- pfr->pktToSample = pfr->sample_rate; +- } else { ++ if (!sample_packet(pfr)) { + pfr->slots_info->tot_pkts++; +- pfr->pktToSample--; + rc = 0; + } + spin_unlock_bh(&pfr->ring_index_lock); +@@ -7957,7 +7971,7 @@ static int ring_getsockopt(struct socket + if(copy_to_user(optval, lowest_if_mac, ETH_ALEN)) + return(-EFAULT); + } else { +- char *dev_addr = pfr->ring_dev->dev->dev_addr; ++ const char *dev_addr = pfr->ring_dev->dev->dev_addr; + + if (dev_addr == NULL) /* e.g. 'any' device */ + dev_addr = empty_mac; diff --git a/openwrt-23.05/patches/package/libpfring/patches/100-fix-compilation-warning.patch b/openwrt-23.05/patches/package/libpfring/patches/100-fix-compilation-warning.patch new file mode 100644 index 0000000..97115b1 --- /dev/null +++ b/openwrt-23.05/patches/package/libpfring/patches/100-fix-compilation-warning.patch @@ -0,0 +1,11 @@ +--- a/kernel/pf_ring.c ++++ b/kernel/pf_ring.c +@@ -3902,7 +3902,7 @@ static int hash_pkt_cluster(ring_cluster + break; + } + /* else, fall through, because it's like 2-tuple for non-TCP packets */ +- ++ fallthrough; + case cluster_per_flow_2_tuple: + case cluster_per_inner_flow_2_tuple: + flags |= mask_2_tuple; diff --git a/openwrt-23.05/patches/package/libpfring/patches/101-kernel-pf_ring-better-define-sa_data-size.patch b/openwrt-23.05/patches/package/libpfring/patches/101-kernel-pf_ring-better-define-sa_data-size.patch new file mode 100644 index 0000000..7c27515 --- /dev/null +++ b/openwrt-23.05/patches/package/libpfring/patches/101-kernel-pf_ring-better-define-sa_data-size.patch @@ -0,0 +1,72 @@ +From fae2437c2af80d3ea64f5bc9678a5b697772295b Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Mon, 18 Mar 2024 10:03:43 +0100 +Subject: [PATCH] kernel: pf_ring: better define sa_data size + +pfring_mod_bind() needs to specify the interface +name using struct sockaddr that is defined as + +struct sockaddr { ushort sa_family; char sa_data[14]; }; + +so the total interface name length is 13 chars (plus \0 trailer). + +Since sa_data size is arbitrary, define a more precise size for +PF_RING socket use. + +This fix some compilation error with fortify string and makes the array +handling more deterministic. + +Signed-off-by: Christian Marangi +--- + kernel/pf_ring.c | 22 ++++++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +--- a/kernel/pf_ring.c ++++ b/kernel/pf_ring.c +@@ -155,6 +155,18 @@ + #endif + #endif + ++/* ++ pfring_mod_bind() needs to specify the interface ++ name using struct sockaddr that is defined as ++ ++ struct sockaddr { ushort sa_family; char sa_data[14]; }; ++ ++ so the total interface name length is 13 chars (plus \0 trailer). ++ Since sa_data size is arbitrary, define a more precise size for ++ PF_RING socket use. ++*/ ++#define RING_SA_DATA_LEN 14 ++ + /* ************************************************* */ + + #if(LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0)) +@@ -1029,7 +1041,7 @@ pf_ring_device *pf_ring_device_name_look + so the total interface name length is 13 chars (plus \0 trailer). + The check below is to trap this case. + */ +- || ((l >= 13) && (strncmp(dev_ptr->device_name, name, 13) == 0))) ++ || ((l >= RING_SA_DATA_LEN - 1) && (strncmp(dev_ptr->device_name, name, RING_SA_DATA_LEN - 1) == 0))) + && device_net_eq(dev_ptr, net)) + return dev_ptr; + } +@@ -5571,15 +5583,15 @@ static int ring_bind(struct socket *sock + * Check legality + */ + if (addr_len == sizeof(struct sockaddr)) { +- char name[sizeof(sa->sa_data)+1]; ++ char name[RING_SA_DATA_LEN]; + + if (sa->sa_family != PF_RING) + return(-EINVAL); + +- memcpy(name, sa->sa_data, sizeof(sa->sa_data)); ++ memcpy(name, sa->sa_data, RING_SA_DATA_LEN - 1); + + /* Add trailing zero if missing */ +- name[sizeof(name)-1] = '\0'; ++ name[RING_SA_DATA_LEN-1] = '\0'; + + debug_printk(2, "searching device %s\n", name); + diff --git a/openwrt-23.05/patches/package/r8125/Makefile b/openwrt-23.05/patches/package/r8125/Makefile index 9f4a61d..2389500 100644 --- a/openwrt-23.05/patches/package/r8125/Makefile +++ b/openwrt-23.05/patches/package/r8125/Makefile @@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=r8125 -PKG_VERSION:=9.011.00-1 +PKG_VERSION:=9.012.04-1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/awesometic/realtek-r8125-dkms/tar.gz/$(PKG_VERSION)? -PKG_HASH:=750a05c05f318fc5e1e05e6b2d1f61a76fffa3133eae1bf9ce5ff6d03ae29cb7 +PKG_HASH:=470f02f1f3e9a12a0443128f5efd5e254e5e8e94487a5ab949724100fdca6ab4 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/realtek-$(PKG_NAME)-dkms-$(PKG_VERSION) PKG_LICENSE:=GPL-2.0-only diff --git a/openwrt-23.05/steps/04-prepare_package.sh b/openwrt-23.05/steps/04-prepare_package.sh index 01aa2a8..4609c0d 100755 --- a/openwrt-23.05/steps/04-prepare_package.sh +++ b/openwrt-23.05/steps/04-prepare_package.sh @@ -36,6 +36,10 @@ cp -R ../stangri_repo/luci-app-pbr feeds/luci/applications/ rm -rf feeds/packages/net/adguardhome cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/adguardhome feeds/packages/net/ +# replace libpfring that fails compiling +rm -rf feeds/packages/libs/libpfring +cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/libpfring feeds/packages/libs/ + ./scripts/feeds update -i && ./scripts/feeds install -a # Time stamp with $Build_Date=$(date +%Y.%m.%d)