Merge remote-tracking branch 'upstream/master'

pmkol · Sep 7, 2024 · 5a17802 · 5a17802
2 parents d982c33 + ddfa153
commit 5a17802
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 3 deletions.
diff --git a/openwrt/23-config-common b/openwrt/23-config-common
@@ -22,6 +22,9 @@ CONFIG_PACKAGE_iptables-nft=y
 CONFIG_PACKAGE_xtables-nft=y
 # CONFIG_PACKAGE_iptables-legacy is not set
 
+# Natflow
+CONFIG_PACKAGE_natflow=m
+
 # SFE
 CONFIG_PACKAGE_kmod-fast-classifier=y
 CONFIG_PACKAGE_kmod-shortcut-fe-cm=y

diff --git a/openwrt/23-config-musl-r8500 b/openwrt/23-config-musl-r8500
@@ -38,6 +38,9 @@ CONFIG_PACKAGE_iptables-nft=y
 CONFIG_PACKAGE_xtables-nft=y
 # CONFIG_PACKAGE_iptables-legacy is not set
 
+# Natflow
+CONFIG_PACKAGE_natflow=m
+
 # SFE
 CONFIG_PACKAGE_kmod-fast-classifier=y
 CONFIG_PACKAGE_kmod-shortcut-fe-cm=y

diff --git a/openwrt/build.sh b/openwrt/build.sh
@@ -464,6 +464,7 @@ if [ "$platform" = "x86_64" ]; then
  rm -f $kmodpkg_name/Packages*
  # driver firmware
  cp -a bin/packages/x86_64/base/*firmware*.ipk $kmodpkg_name/
+ cp -a bin/packages/x86_64/base/*natflow*.ipk $kmodpkg_name/
  bash kmod-sign $kmodpkg_name
  tar zcf x86_64-$kmodpkg_name.tar.gz $kmodpkg_name
  rm -rf $kmodpkg_name
@@ -502,6 +503,7 @@ elif [ "$platform" = "armv8" ]; then
  rm -f $kmodpkg_name/Packages*
  # driver firmware
  cp -a bin/packages/aarch64_generic/base/*firmware*.ipk $kmodpkg_name/
+ cp -a bin/packages/aarch64_generic/base/*natflow*.ipk $kmodpkg_name/
  bash kmod-sign $kmodpkg_name
  tar zcf armv8-$kmodpkg_name.tar.gz $kmodpkg_name
  rm -rf $kmodpkg_name
@@ -530,6 +532,7 @@ elif [ "$platform" = "bcm53xx" ]; then
  rm -f $kmodpkg_name/Packages*
  # driver firmware
  cp -a bin/packages/arm_cortex-a9/base/*firmware*.ipk $kmodpkg_name/
+ cp -a bin/packages/arm_cortex-a9/base/*natflow*.ipk $kmodpkg_name/
  bash kmod-sign $kmodpkg_name
  tar zcf bcm53xx-$kmodpkg_name.tar.gz $kmodpkg_name
  rm -rf $kmodpkg_name
@@ -563,6 +566,7 @@ else
  rm -f $kmodpkg_name/Packages*
  # driver firmware
  cp -a bin/packages/aarch64_generic/base/*firmware*.ipk $kmodpkg_name/
+ cp -a bin/packages/aarch64_generic/base/*natflow*.ipk $kmodpkg_name/
  bash kmod-sign $kmodpkg_name
  tar zcf aarch64-$kmodpkg_name.tar.gz $kmodpkg_name
  rm -rf $kmodpkg_name

diff --git a/openwrt/files/etc/hotplug.d/block/20-usbreset b/openwrt/files/etc/hotplug.d/block/20-usbreset
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+device=`basename $DEVPATH`
+point=$device
+
+case "$ACTION" in
+ add)
+ mkdir -p /usb/$point
+ mount -o rw,noatime,discard /dev/$device /usb/$point
+ if [ -f "/usb/$point/recovery.txt" ]; then
+ echo y | firstboot
+ sleep 2
+ reboot
+ else
+ umount -l /usb/$point
+ fi
+ ;;
+esac
diff --git a/openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch b/openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch
@@ -0,0 +1,55 @@
+From 518eadc602c8e61621c8c1091585a134d978d596 Mon Sep 17 00:00:00 2001
+From: sbwml <admin@cooluc.com>
+Date: Sun, 8 Sep 2024 03:40:30 +0800
+Subject: [PATCH] luci-app-firewall: add natflow offload support
+
+Signed-off-by: sbwml <admin@cooluc.com>
+---
+ .../resources/view/firewall/zones.js | 20 +++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+index 1bedd2c..522d001 100644
+--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
++++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+@@ -122,6 +122,21 @@ return view.extend({
+ o.depends('shortcut_fe', '1');
+ }
+
++ /* Natflow offload support */
++ if (L.hasSystemFeature('natflow')) {
++ o = s.option(form.Flag, 'natflow',
++ _('Natflow offloading'),
++ _('Natflow based offloading for routing/NAT'));
++ o.optional = true;
++
++ o = s.option(form.Value, 'natflow_delay_pkts',
++ _('Natflow delay packet'),
++ _('Set up the natflow delay packet'));
++ o.datatype = 'and(uinteger,min(0))';
++ o.default = 0;
++ o.depends('natflow', '1');
++ }
++
+ s = m.section(form.GridSection, 'zone', _('Zones'));
+ s.addremove = true;
+ s.anonymous = true;
+@@ -418,12 +433,13 @@ return view.extend({
+ const checkboxes = document.querySelectorAll('.cbi-checkbox input[type="checkbox"]');
+ checkboxes.forEach((checkbox) => {
+ const widgetId = checkbox.getAttribute('data-widget-id');
+- if ((widgetId.includes('flow_offloading') && !widgetId.includes('flow_offloading_hw')) || widgetId.includes('shortcut_fe')) {
++ if ((widgetId.includes('flow_offloading') && !widgetId.includes('flow_offloading_hw')) || widgetId.includes('shortcut_fe') || widgetId.includes('natflow')) {
+ checkbox.addEventListener('change', function() {
+ if (this.checked) {
+ checkboxes.forEach((cb) => {
+ if (cb !== this && (cb.getAttribute('data-widget-id').includes('flow_offloading') ||
+- cb.getAttribute('data-widget-id').includes('shortcut_fe'))) {
++ cb.getAttribute('data-widget-id').includes('shortcut_fe') ||
++ cb.getAttribute('data-widget-id').includes('natflow'))) {
+ cb.checked = false;
+ }
+ });
+-- 
+2.42.0
+
diff --git a/openwrt/scripts/00-prepare_base.sh b/openwrt/scripts/00-prepare_base.sh
@@ -198,12 +198,16 @@ git clone https://$gitea/sbwml/nft-fullcone package/new/nft-fullcone
 # IPv6 NAT
 git clone https://$github/sbwml/packages_new_nat6 package/new/nat6
 
-# Patch Luci add nft_fullcone/bcm_fullcone & shortcut-fe & ipv6-nat & custom nft command option
+# natflow
+git clone https://$github/sbwml/package_new_natflow package/new/natflow
+
+# Patch Luci add nft_fullcone/bcm_fullcone & shortcut-fe & natflow & ipv6-nat & custom nft command option
 pushd feeds/luci
  curl -s https://$mirror/openwrt/patch/firewall4/0001-luci-app-firewall-add-nft-fullcone-and-bcm-fullcone-.patch | patch -p1
  curl -s https://$mirror/openwrt/patch/firewall4/0002-luci-app-firewall-add-shortcut-fe-option.patch | patch -p1
  curl -s https://$mirror/openwrt/patch/firewall4/0003-luci-app-firewall-add-ipv6-nat-option.patch | patch -p1
  curl -s https://$mirror/openwrt/patch/firewall4/0004-luci-add-firewall-add-custom-nft-rule-support.patch | patch -p1
+ curl -s https://$mirror/openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch | patch -p1
 popd
 
 # openssl - quictls
@@ -442,6 +446,10 @@ curl -so files/root/.bashrc https://$mirror/openwrt/files/root/.bashrc
 mkdir -p files/etc/sysctl.d
 curl -so files/etc/sysctl.d/15-vm-swappiness.conf https://$mirror/openwrt/files/etc/sysctl.d/15-vm-swappiness.conf
 curl -so files/etc/sysctl.d/16-udp-buffer-size.conf https://$mirror/openwrt/files/etc/sysctl.d/16-udp-buffer-size.conf
+if [ "$platform" = "bcm53xx" ]; then
+ mkdir -p files/etc/hotplug.d/block
+ curl -so files/etc/hotplug.d/block/20-usbreset https://$mirror/openwrt/files/etc/hotplug.d/block/20-usbreset
+fi
 
 # NTP
 sed -i 's/0.openwrt.pool.ntp.org/ntp1.aliyun.com/g' package/base-files/files/bin/config_generate

diff --git a/tags/kernel-6.6 b/tags/kernel-6.6
@@ -1,2 +1,2 @@
-LINUX_VERSION-6.6 = .48
-LINUX_KERNEL_HASH-6.6.48 = 6b16df7b2aba3116b78fdfd8aea0b6cd7abe8f0cb699b04a66d3169141772029
+LINUX_VERSION-6.6 = .49
+LINUX_KERNEL_HASH-6.6.49 = 2c56dac2b70859c16b4ef651befb0d28c227498bd3eee08e8a45a357f22dd3b7