Compare commits

..

No commits in common. "765770d2c7cdfe3cd5e7168e8a9dd38256b2d3a8" and "53546a8d92cfd1824a7872def83fbdec9a25bc82" have entirely different histories.

4 changed files with 46 additions and 203 deletions

View File

@ -87,14 +87,15 @@ jobs:
export LDFLAGS="-Os"
# netfilter libs
wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj
git clone --depth 1 -b libmnl-1.0.5 git://git.netfilter.org/libmnl
git clone --depth 1 -b libnfnetlink-1.0.2 git://git.netfilter.org/libnfnetlink
git clone --depth 1 -b libnetfilter_queue-1.0.5 git://git.netfilter.org/libnetfilter_queue
for i in libmnl libnfnetlink libnetfilter_queue ; do
(
cd $i-*
./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking
cd $i
./autogen.sh && \
./configure --prefix= --host=$TARGET --enable-static --disable-shared && \
make install -j$(nproc) DESTDIR=$DEPS_DIR
)
sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc
@ -105,7 +106,7 @@ jobs:
xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz
(
cd zlib-*
./configure --prefix= --static
./configure --prefix= --static && \
make install -j$(nproc) DESTDIR=$DEPS_DIR
)
@ -281,77 +282,9 @@ jobs:
path: zapret-*.zip
if-no-files-found: error
build-android:
name: Android ${{ matrix.abi }}
runs-on: ubuntu-latest
strategy:
matrix:
include:
- abi: armeabi-v7a
target: armv7a-linux-androideabi
- abi: arm64-v8a
target: aarch64-linux-android
- abi: x86
target: i686-linux-android
- abi: x86_64
target: x86_64-linux-android
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: zapret
- name: Build
env:
ABI: ${{ matrix.abi }}
TARGET: ${{ matrix.target }}
run: |
DEPS_DIR=$GITHUB_WORKSPACE/deps
export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64
export API=21
export CC="$TOOLCHAIN/bin/clang --target=$TARGET$API"
export AR=$TOOLCHAIN/bin/llvm-ar
export AS=$CC
export LD=$TOOLCHAIN/bin/ld
export RANLIB=$TOOLCHAIN/bin/llvm-ranlib
export STRIP=$TOOLCHAIN/bin/llvm-strip
export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig
# optimize for size
export CFLAGS="-Os -flto=auto"
export LDFLAGS="-Os"
# netfilter libs
wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj
patch -p1 -d libnetfilter_queue-* -i ../zapret/.github/workflows/libnetfilter_queue-android.patch
for i in libmnl libnfnetlink libnetfilter_queue ; do
(
cd $i-*
CFLAGS="$CFLAGS -Wno-implicit-function-declaration" \
./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking
make install -j$(nproc) DESTDIR=$DEPS_DIR
)
sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc
done
# zapret
CFLAGS="$CFLAGS -I$DEPS_DIR/include" LDFLAGS="$LDFLAGS -L$DEPS_DIR/lib" \
make -C zapret android -j$(nproc)
zip zapret-android-$ABI.zip -j zapret/binaries/my/*
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: zapret-android-${{ matrix.abi }}
path: zapret-*.zip
if-no-files-found: error
release:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
needs: [ build-linux, build-windows, build-macos, build-freebsd, build-android ]
needs: [ build-linux, build-windows, build-macos, build-freebsd ]
permissions:
contents: write
runs-on: ubuntu-latest
@ -410,10 +343,6 @@ jobs:
if [ -d $dir ]; then
echo "Processing $dir"
case $dir in
*-android-arm64-v8a ) run_dir android-aarch64 ;;
*-android-armeabi-v7a ) run_dir android-arm ;;
*-android-x86 ) run_dir android-x86 ;;
*-android-x86_64 ) run_dir android-x86_64 ;;
*-freebsd-x86_64 ) run_dir freebsd-x64 ;;
*-linux-arm ) run_dir arm ;;
*-linux-arm64 ) run_dir aarch64 ;;

View File

@ -1,41 +0,0 @@
--- a/src/extra/pktbuff.c
+++ b/src/extra/pktbuff.c
@@ -14,7 +14,7 @@
#include <string.h> /* for memcpy */
#include <stdbool.h>
-#include <netinet/if_ether.h>
+#include <linux/if_ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -21,7 +21,7 @@
#include <linux/netfilter/nfnetlink_queue.h>
-#include <libnetfilter_queue/libnetfilter_queue.h>
+// #include <libnetfilter_queue/libnetfilter_queue.h>
#include "internal.h"
--- a/src/extra/tcp.c
+++ b/src/extra/tcp.c
@@ -139,12 +139,16 @@ void nfq_tcp_compute_checksum_ipv6(struc
* (union is compatible to any of its members)
* This means this part of the code is -fstrict-aliasing safe now.
*/
+#ifndef __ANDROID__
union tcp_word_hdr {
struct tcphdr hdr;
uint32_t words[5];
};
+#endif
+#ifndef tcp_flag_word
#define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words[3])
+#endif
/**
* nfq_pkt_snprintf_tcp_hdr - print tcp header into one buffer in a humnan

View File

@ -190,7 +190,6 @@ check_system()
get_fwtype
OPENWRT_FW3=
OPENWRT_FW4=
local info
UNAME=$(uname)
@ -202,29 +201,21 @@ check_system()
# some distros include systemctl without systemd
if [ -d "$SYSTEMD_DIR" ] && [ -x "$SYSTEMCTL" ] && [ "$INIT" = "systemd" ]; then
SYSTEM=systemd
elif [ -f "/etc/openwrt_release" ] && exists opkg || exists apk && exists uci && [ "$INIT" = "procd" ] ; then
elif [ -f "/etc/openwrt_release" ] && exists opkg && exists uci && [ "$INIT" = "procd" ] ; then
{
SYSTEM=openwrt
OPENWRT_PACKAGER=opkg
OPENWRT_PACKAGER_INSTALL="opkg install"
OPENWRT_PACKAGER_UPDATE="opkg update"
exists apk && {
OPENWRT_PACKAGER=apk
OPENWRT_PACKAGER_INSTALL="apk add"
OPENWRT_PACKAGER_UPDATE=
}
info="package manager $OPENWRT_PACKAGER\n"
if openwrt_fw3 ; then
OPENWRT_FW3=1
info="${info}firewall fw3"
info="openwrt firewall uses fw3"
if is_ipt_flow_offload_avail; then
info="$info. hardware flow offloading requires iptables."
else
info="$info. flow offloading unavailable."
fi
elif openwrt_fw4; then
OPENWRT_FW4=1
info="${info}firewall fw4. flow offloading requires nftables."
info="openwrt firewall uses fw4. flow offloading requires nftables."
fi
}
elif openrc_test; then
SYSTEM=openrc
else
@ -245,7 +236,7 @@ check_system()
exitp 5
fi
echo system is based on $SYSTEM
[ -n "$info" ] && printf "${info}\n"
[ -n "$info" ] && echo $info
}
get_free_space_mb()
@ -429,21 +420,14 @@ check_kmod()
}
check_package_exists_openwrt()
{
[ -n "$($OPENWRT_PACKAGER list $1)" ]
[ -n "$(opkg list $1)" ]
}
check_package_openwrt()
{
case $OPENWRT_PACKAGER in
opkg)
[ -n "$(opkg list-installed $1)" ] && return 0
local what="$(opkg whatprovides $1 | tail -n +2 | head -n 1)"
[ -n "$what" ] || return 1
[ -n "$(opkg list-installed $what)" ]
;;
apk)
apk info -e $1
;;
esac
}
check_packages_openwrt()
{
@ -532,8 +516,9 @@ restart_openwrt_firewall()
local FW=fw4
[ -n "$OPENWRT_FW3" ] && FW=fw3
exists $FW && $FW -q restart || {
$FW -q restart || {
echo could not restart firewall $FW
exitp 30
}
}
remove_openwrt_firewall()
@ -699,23 +684,7 @@ check_prerequisites_linux()
removable_pkgs_openwrt()
{
local pkg PKGS2
[ -n "$OPENWRT_FW4" ] && PKGS2="$PKGS2 iptables-zz-legacy iptables ip6tables-zz-legacy ip6tables"
[ -n "$OPENWRT_FW3" ] && PKGS2="$PKGS2 nftables-json nftables-nojson nftables"
PKGS=
for pkg in $PKGS2; do
check_package_exists_openwrt $pkg && PKGS="${PKGS:+$PKGS }$pkg"
done
PKGS="ipset iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra ip6tables-mod-nat ip6tables-extra kmod-nft-queue gzip coreutils-sort coreutils-sleep curl $PKGS"
}
openwrt_fix_broken_apk_uninstall_scripts()
{
# at least in early snapshots with apk removing gnu gzip, sort, ... does not restore links to busybox
# system may become unusable
exists sort || { echo fixing missing sort; ln -fs /bin/busybox /usr/bin/sort; }
exists gzip || { echo fixing missing gzip; ln -fs /bin/busybox /bin/gzip; }
exists sleep || { echo fixing missing sleep; ln -fs /bin/busybox /bin/sleep; }
PKGS="iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra ip6tables-mod-nat ip6tables-extra kmod-nft-queue gzip coreutils-sort coreutils-sleep curl"
}
remove_extra_pkgs_openwrt()
@ -724,32 +693,19 @@ remove_extra_pkgs_openwrt()
echo \* remove dependencies
removable_pkgs_openwrt
echo these packages may have been installed by install_easy.sh : $PKGS
ask_yes_no N "do you want to remove them" && {
case $OPENWRT_PACKAGER in
opkg)
opkg remove --autoremove $PKGS
;;
apk)
apk del $PKGS
openwrt_fix_broken_apk_uninstall_scripts
;;
esac
}
ask_yes_no N "do you want to remove them" && opkg remove --autoremove $PKGS
}
check_prerequisites_openwrt()
{
echo \* checking prerequisites
local PKGS="curl" UPD=0 local pkg_iptables
local PKGS="curl" UPD=0
case "$FWTYPE" in
iptables)
pkg_iptables=iptables
check_package_exists_openwrt iptables-zz-legacy && pkg_iptables=iptables-zz-legacy
PKGS="$PKGS ipset $pkg_iptables iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra"
check_package_exists_openwrt ip6tables-zz-legacy && pkg_iptables=ip6tables-zz-legacy
[ "$DISABLE_IPV6" = 1 ] || PKGS="$PKGS $pkg_iptables ip6tables-mod-nat ip6tables-extra"
PKGS="$PKGS ipset iptables iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra"
[ "$DISABLE_IPV6" != "1" ] && PKGS="$PKGS ip6tables ip6tables-mod-nat ip6tables-extra"
;;
nftables)
PKGS="$PKGS nftables kmod-nft-nat kmod-nft-offload kmod-nft-queue"
@ -761,9 +717,9 @@ check_prerequisites_openwrt()
else
echo \* installing prerequisites
$OPENWRT_PACKAGER_UPDATE
opkg update
UPD=1
$OPENWRT_PACKAGER_INSTALL $PKGS || {
opkg install $PKGS || {
echo could not install prerequisites
exitp 6
}
@ -776,10 +732,10 @@ check_prerequisites_openwrt()
echo installer can install GNU gzip but it requires about 100 Kb space
if ask_yes_no N "do you want to install GNU gzip"; then
[ "$UPD" = "0" ] && {
$OPENWRT_PACKAGER_UPDATE
opkg update
UPD=1
}
$OPENWRT_PACKAGER_INSTALL --force-overwrite gzip
opkg install --force-overwrite gzip
fi
}
is_linked_to_busybox sort && {
@ -789,10 +745,10 @@ check_prerequisites_openwrt()
echo installer can install GNU sort but it requires about 100 Kb space
if ask_yes_no N "do you want to install GNU sort"; then
[ "$UPD" = "0" ] && {
$OPENWRT_PACKAGER_UPDATE
opkg update
UPD=1
}
$OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sort
opkg install --force-overwrite coreutils-sort
fi
}
[ "$FSLEEP" = 0 ] && is_linked_to_busybox sleep && {
@ -801,10 +757,10 @@ check_prerequisites_openwrt()
echo if you want to speed up blockcheck install coreutils-sleep. it requires about 40 Kb space
if ask_yes_no N "do you want to install COREUTILS sleep"; then
[ "$UPD" = "0" ] && {
$OPENWRT_PACKAGER_UPDATE
opkg update
UPD=1
}
$OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sleep
opkg install --force-overwrite coreutils-sleep
fsleep_setup
fi
}

View File

@ -33,4 +33,3 @@ make package/{tpws,nfqws,mdig,ip2net}/compile
ls -l bin/packages/*/base
# take your ipk or apk from there
# zlib-dev is not required