drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-29 21:40:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: drygdryg:765770d2c7cdfe3cd5e7168e8a9dd38256b2d3a8
Branches Tags
drygdryg:master
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64
..
compare: drygdryg:53546a8d92cfd1824a7872def83fbdec9a25bc82
Branches Tags
drygdryg:master
drygdryg:v69.3
drygdryg:v69.2
drygdryg:v69.1
drygdryg:v69
drygdryg:v68
drygdryg:v67
drygdryg:v66
drygdryg:v65
drygdryg:v64

No commits in common. "765770d2c7cdfe3cd5e7168e8a9dd38256b2d3a8" and "53546a8d92cfd1824a7872def83fbdec9a25bc82" have entirely different histories.
765770d2c7 ... 53546a8d92

4 changed files with 46 additions and 203 deletions
Show Stats Expand all files Collapse all files

111
.github/workflows/build.yml vendored
View File

@ -87,14 +87,15 @@ jobs:
export LDFLAGS="-Os" export LDFLAGS="-Os"
# netfilter libs # netfilter libs
wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj git clone --depth 1 -b libmnl-1.0.5 git://git.netfilter.org/libmnl
wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj git clone --depth 1 -b libnfnetlink-1.0.2 git://git.netfilter.org/libnfnetlink
wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj git clone --depth 1 -b libnetfilter_queue-1.0.5 git://git.netfilter.org/libnetfilter_queue
for i in libmnl libnfnetlink libnetfilter_queue ; do for i in libmnl libnfnetlink libnetfilter_queue ; do
( (
cd $i-* cd $i
./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking ./autogen.sh && \
./configure --prefix= --host=$TARGET --enable-static --disable-shared && \
make install -j$(nproc) DESTDIR=$DEPS_DIR make install -j$(nproc) DESTDIR=$DEPS_DIR
) )
sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc
@ -105,7 +106,7 @@ jobs:
xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz
( (
cd zlib-* cd zlib-*
./configure --prefix= --static ./configure --prefix= --static && \
make install -j$(nproc) DESTDIR=$DEPS_DIR make install -j$(nproc) DESTDIR=$DEPS_DIR
) )
@ -281,77 +282,9 @@ jobs:
path: zapret-*.zip path: zapret-*.zip
if-no-files-found: error if-no-files-found: error
build-android:
name: Android ${{ matrix.abi }}
runs-on: ubuntu-latest
strategy:
matrix:
include:
- abi: armeabi-v7a
target: armv7a-linux-androideabi
- abi: arm64-v8a
target: aarch64-linux-android
- abi: x86
target: i686-linux-android
- abi: x86_64
target: x86_64-linux-android
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: zapret
- name: Build
env:
ABI: ${{ matrix.abi }}
TARGET: ${{ matrix.target }}
run: |
DEPS_DIR=$GITHUB_WORKSPACE/deps
export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64
export API=21
export CC="$TOOLCHAIN/bin/clang --target=$TARGET$API"
export AR=$TOOLCHAIN/bin/llvm-ar
export AS=$CC
export LD=$TOOLCHAIN/bin/ld
export RANLIB=$TOOLCHAIN/bin/llvm-ranlib
export STRIP=$TOOLCHAIN/bin/llvm-strip
export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig
# optimize for size
export CFLAGS="-Os -flto=auto"
export LDFLAGS="-Os"
# netfilter libs
wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj
patch -p1 -d libnetfilter_queue-* -i ../zapret/.github/workflows/libnetfilter_queue-android.patch
for i in libmnl libnfnetlink libnetfilter_queue ; do
(
cd $i-*
CFLAGS="$CFLAGS -Wno-implicit-function-declaration" \
./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking
make install -j$(nproc) DESTDIR=$DEPS_DIR
)
sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc
done
# zapret
CFLAGS="$CFLAGS -I$DEPS_DIR/include" LDFLAGS="$LDFLAGS -L$DEPS_DIR/lib" \
make -C zapret android -j$(nproc)
zip zapret-android-$ABI.zip -j zapret/binaries/my/*
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: zapret-android-${{ matrix.abi }}
path: zapret-*.zip
if-no-files-found: error
release: release:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
needs: [ build-linux, build-windows, build-macos, build-freebsd, build-android ] needs: [ build-linux, build-windows, build-macos, build-freebsd ]
permissions: permissions:
contents: write contents: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -410,22 +343,18 @@ jobs:
if [ -d $dir ]; then if [ -d $dir ]; then
echo "Processing $dir" echo "Processing $dir"
case $dir in case $dir in
*-android-arm64-v8a ) run_dir android-aarch64 ;; *-freebsd-x86_64 ) run_dir freebsd-x64 ;;
*-android-armeabi-v7a ) run_dir android-arm ;; *-linux-arm ) run_dir arm ;;
*-android-x86 ) run_dir android-x86 ;; *-linux-arm64 ) run_dir aarch64 ;;
*-android-x86_64 ) run_dir android-x86_64 ;; *-linux-mips64 ) run_dir mips64r2-msb ;;
*-freebsd-x86_64 ) run_dir freebsd-x64 ;; *-linux-mipselsf ) run_dir mips32r1-lsb ;;
*-linux-arm ) run_dir arm ;; *-linux-mipssf ) run_dir mips32r1-msb ;;
*-linux-arm64 ) run_dir aarch64 ;; *-linux-ppc ) run_dir ppc ;;
*-linux-mips64 ) run_dir mips64r2-msb ;; *-linux-x86 ) run_dir x86 ;;
*-linux-mipselsf ) run_dir mips32r1-lsb ;; *-linux-x86_64 ) run_dir x86_64 ;;
*-linux-mipssf ) run_dir mips32r1-msb ;; *-mac-x64 ) run_dir mac64 ;;
*-linux-ppc ) run_dir ppc ;; *-win-x86 ) run_dir win32 ;;
*-linux-x86 ) run_dir x86 ;; *-win-x86_64 ) run_dir win64 ;;
*-linux-x86_64 ) run_dir x86_64 ;;
*-mac-x64 ) run_dir mac64 ;;
*-win-x86 ) run_dir win32 ;;
*-win-x86_64 ) run_dir win64 ;;
esac esac
fi fi
done done

41
.github/workflows/libnetfilter_queue-android.patch vendored
View File

@ -1,41 +0,0 @@
--- a/src/extra/pktbuff.c
+++ b/src/extra/pktbuff.c
@@ -14,7 +14,7 @@
#include <string.h> /* for memcpy */
#include <stdbool.h>
-#include <netinet/if_ether.h>
+#include <linux/if_ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -21,7 +21,7 @@
#include <linux/netfilter/nfnetlink_queue.h>
-#include <libnetfilter_queue/libnetfilter_queue.h>
+// #include <libnetfilter_queue/libnetfilter_queue.h>
#include "internal.h"
--- a/src/extra/tcp.c
+++ b/src/extra/tcp.c
@@ -139,12 +139,16 @@ void nfq_tcp_compute_checksum_ipv6(struc
* (union is compatible to any of its members)
* This means this part of the code is -fstrict-aliasing safe now.
*/
+#ifndef __ANDROID__
union tcp_word_hdr {
struct tcphdr hdr;
uint32_t words[5];
};
+#endif
+#ifndef tcp_flag_word
#define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words[3])
+#endif
/**
* nfq_pkt_snprintf_tcp_hdr - print tcp header into one buffer in a humnan

96
common/installer.sh
View File

@ -190,7 +190,6 @@ check_system()
get_fwtype get_fwtype
OPENWRT_FW3= OPENWRT_FW3=
OPENWRT_FW4=
local info local info
UNAME=$(uname) UNAME=$(uname)
@ -202,29 +201,21 @@ check_system()
# some distros include systemctl without systemd # some distros include systemctl without systemd
if [ -d "$SYSTEMD_DIR" ] && [ -x "$SYSTEMCTL" ] && [ "$INIT" = "systemd" ]; then if [ -d "$SYSTEMD_DIR" ] && [ -x "$SYSTEMCTL" ] && [ "$INIT" = "systemd" ]; then
SYSTEM=systemd SYSTEM=systemd
elif [ -f "/etc/openwrt_release" ] && exists opkg || exists apk && exists uci && [ "$INIT" = "procd" ] ; then elif [ -f "/etc/openwrt_release" ] && exists opkg && exists uci && [ "$INIT" = "procd" ] ; then
{
SYSTEM=openwrt SYSTEM=openwrt
OPENWRT_PACKAGER=opkg
OPENWRT_PACKAGER_INSTALL="opkg install"
OPENWRT_PACKAGER_UPDATE="opkg update"
exists apk && {
OPENWRT_PACKAGER=apk
OPENWRT_PACKAGER_INSTALL="apk add"
OPENWRT_PACKAGER_UPDATE=
}
info="package manager $OPENWRT_PACKAGER\n"
if openwrt_fw3 ; then if openwrt_fw3 ; then
OPENWRT_FW3=1 OPENWRT_FW3=1
info="${info}firewall fw3" info="openwrt firewall uses fw3"
if is_ipt_flow_offload_avail; then if is_ipt_flow_offload_avail; then
info="$info. hardware flow offloading requires iptables." info="$info. hardware flow offloading requires iptables."
else else
info="$info. flow offloading unavailable." info="$info. flow offloading unavailable."
fi fi
elif openwrt_fw4; then elif openwrt_fw4; then
OPENWRT_FW4=1 info="openwrt firewall uses fw4. flow offloading requires nftables."
info="${info}firewall fw4. flow offloading requires nftables."
fi fi
}
elif openrc_test; then elif openrc_test; then
SYSTEM=openrc SYSTEM=openrc
else else
@ -245,7 +236,7 @@ check_system()
exitp 5 exitp 5
fi fi
echo system is based on $SYSTEM echo system is based on $SYSTEM
[ -n "$info" ] && printf "${info}\n" [ -n "$info" ] && echo $info
} }
get_free_space_mb() get_free_space_mb()
@ -429,21 +420,14 @@ check_kmod()
} }
check_package_exists_openwrt() check_package_exists_openwrt()
{ {
[ -n "$($OPENWRT_PACKAGER list $1)" ] [ -n "$(opkg list $1)" ]
} }
check_package_openwrt() check_package_openwrt()
{ {
case $OPENWRT_PACKAGER in [ -n "$(opkg list-installed $1)" ] && return 0
opkg) local what="$(opkg whatprovides $1 | tail -n +2 | head -n 1)"
[ -n "$(opkg list-installed $1)" ] && return 0 [ -n "$what" ] || return 1
local what="$(opkg whatprovides $1 | tail -n +2 | head -n 1)" [ -n "$(opkg list-installed $what)" ]
[ -n "$what" ] || return 1
[ -n "$(opkg list-installed $what)" ]
;;
apk)
apk info -e $1
;;
esac
} }
check_packages_openwrt() check_packages_openwrt()
{ {
@ -532,8 +516,9 @@ restart_openwrt_firewall()
local FW=fw4 local FW=fw4
[ -n "$OPENWRT_FW3" ] && FW=fw3 [ -n "$OPENWRT_FW3" ] && FW=fw3
exists $FW && $FW -q restart || { $FW -q restart || {
echo could not restart firewall $FW echo could not restart firewall $FW
exitp 30
} }
} }
remove_openwrt_firewall() remove_openwrt_firewall()
@ -699,23 +684,7 @@ check_prerequisites_linux()
removable_pkgs_openwrt() removable_pkgs_openwrt()
{ {
local pkg PKGS2 PKGS="iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra ip6tables-mod-nat ip6tables-extra kmod-nft-queue gzip coreutils-sort coreutils-sleep curl"
[ -n "$OPENWRT_FW4" ] && PKGS2="$PKGS2 iptables-zz-legacy iptables ip6tables-zz-legacy ip6tables"
[ -n "$OPENWRT_FW3" ] && PKGS2="$PKGS2 nftables-json nftables-nojson nftables"
PKGS=
for pkg in $PKGS2; do
check_package_exists_openwrt $pkg && PKGS="${PKGS:+$PKGS }$pkg"
done
PKGS="ipset iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra ip6tables-mod-nat ip6tables-extra kmod-nft-queue gzip coreutils-sort coreutils-sleep curl $PKGS"
}
openwrt_fix_broken_apk_uninstall_scripts()
{
# at least in early snapshots with apk removing gnu gzip, sort, ... does not restore links to busybox
# system may become unusable
exists sort || { echo fixing missing sort; ln -fs /bin/busybox /usr/bin/sort; }
exists gzip || { echo fixing missing gzip; ln -fs /bin/busybox /bin/gzip; }
exists sleep || { echo fixing missing sleep; ln -fs /bin/busybox /bin/sleep; }
} }
remove_extra_pkgs_openwrt() remove_extra_pkgs_openwrt()
@ -724,32 +693,19 @@ remove_extra_pkgs_openwrt()
echo \* remove dependencies echo \* remove dependencies
removable_pkgs_openwrt removable_pkgs_openwrt
echo these packages may have been installed by install_easy.sh : $PKGS echo these packages may have been installed by install_easy.sh : $PKGS
ask_yes_no N "do you want to remove them" && { ask_yes_no N "do you want to remove them" && opkg remove --autoremove $PKGS
case $OPENWRT_PACKAGER in
opkg)
opkg remove --autoremove $PKGS
;;
apk)
apk del $PKGS
openwrt_fix_broken_apk_uninstall_scripts
;;
esac
}
} }
check_prerequisites_openwrt() check_prerequisites_openwrt()
{ {
echo \* checking prerequisites echo \* checking prerequisites
local PKGS="curl" UPD=0 local pkg_iptables local PKGS="curl" UPD=0
case "$FWTYPE" in case "$FWTYPE" in
iptables) iptables)
pkg_iptables=iptables PKGS="$PKGS ipset iptables iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra"
check_package_exists_openwrt iptables-zz-legacy && pkg_iptables=iptables-zz-legacy [ "$DISABLE_IPV6" != "1" ] && PKGS="$PKGS ip6tables ip6tables-mod-nat ip6tables-extra"
PKGS="$PKGS ipset $pkg_iptables iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra"
check_package_exists_openwrt ip6tables-zz-legacy && pkg_iptables=ip6tables-zz-legacy
[ "$DISABLE_IPV6" = 1 ] || PKGS="$PKGS $pkg_iptables ip6tables-mod-nat ip6tables-extra"
;; ;;
nftables) nftables)
PKGS="$PKGS nftables kmod-nft-nat kmod-nft-offload kmod-nft-queue" PKGS="$PKGS nftables kmod-nft-nat kmod-nft-offload kmod-nft-queue"
@ -761,9 +717,9 @@ check_prerequisites_openwrt()
else else
echo \* installing prerequisites echo \* installing prerequisites
$OPENWRT_PACKAGER_UPDATE opkg update
UPD=1 UPD=1
$OPENWRT_PACKAGER_INSTALL $PKGS || { opkg install $PKGS || {
echo could not install prerequisites echo could not install prerequisites
exitp 6 exitp 6
} }
@ -776,10 +732,10 @@ check_prerequisites_openwrt()
echo installer can install GNU gzip but it requires about 100 Kb space echo installer can install GNU gzip but it requires about 100 Kb space
if ask_yes_no N "do you want to install GNU gzip"; then if ask_yes_no N "do you want to install GNU gzip"; then
[ "$UPD" = "0" ] && { [ "$UPD" = "0" ] && {
$OPENWRT_PACKAGER_UPDATE opkg update
UPD=1 UPD=1
} }
$OPENWRT_PACKAGER_INSTALL --force-overwrite gzip opkg install --force-overwrite gzip
fi fi
} }
is_linked_to_busybox sort && { is_linked_to_busybox sort && {
@ -789,10 +745,10 @@ check_prerequisites_openwrt()
echo installer can install GNU sort but it requires about 100 Kb space echo installer can install GNU sort but it requires about 100 Kb space
if ask_yes_no N "do you want to install GNU sort"; then if ask_yes_no N "do you want to install GNU sort"; then
[ "$UPD" = "0" ] && { [ "$UPD" = "0" ] && {
$OPENWRT_PACKAGER_UPDATE opkg update
UPD=1 UPD=1
} }
$OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sort opkg install --force-overwrite coreutils-sort
fi fi
} }
[ "$FSLEEP" = 0 ] && is_linked_to_busybox sleep && { [ "$FSLEEP" = 0 ] && is_linked_to_busybox sleep && {
@ -801,10 +757,10 @@ check_prerequisites_openwrt()
echo if you want to speed up blockcheck install coreutils-sleep. it requires about 40 Kb space echo if you want to speed up blockcheck install coreutils-sleep. it requires about 40 Kb space
if ask_yes_no N "do you want to install COREUTILS sleep"; then if ask_yes_no N "do you want to install COREUTILS sleep"; then
[ "$UPD" = "0" ] && { [ "$UPD" = "0" ] && {
$OPENWRT_PACKAGER_UPDATE opkg update
UPD=1 UPD=1
} }
$OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sleep opkg install --force-overwrite coreutils-sleep
fsleep_setup fsleep_setup
fi fi
} }

1
docs/compile/build_howto_openwrt.txt
View File

@ -33,4 +33,3 @@ make package/{tpws,nfqws,mdig,ip2net}/compile
ls -l bin/packages/*/base ls -l bin/packages/*/base
# take your ipk or apk from there # take your ipk or apk from there
# zlib-dev is not required