From 37c63e9b3d9b869728c1cc32ddcea37fa8a189f2 Mon Sep 17 00:00:00 2001
From: coolsnowwolf <coolsnowwolf@gmail.com>
Date: Wed, 8 Jul 2020 14:45:43 +0800
Subject: [PATCH] ppp: add shellsync support
---
feeds.conf.default | 2 +-
package/network/services/ppp/Makefile | 11 +-
package/network/services/ppp/files/ppp.sh | 19 +-
.../ppp/patches/100-debian_ip-ip_option.patch | 2 +-
.../ppp/patches/105-debian_demand.patch | 2 +-
.../ppp/patches/110-debian_defaultroute.patch | 6 +-
.../120-debian_ipv6_updown_option.patch | 2 +-
.../121-debian_adaptive_lcp_echo.patch | 56 +++++
.../services/ppp/patches/200-makefile.patch | 2 +-
.../services/ppp/patches/202-no_strip.patch | 4 +-
.../patches/206-compensate_time_change.patch | 94 ++++++++
.../ppp/patches/208-fix_status_code.patch | 2 +-
.../300-filter-pcap-includes-lib.patch | 2 +-
.../ppp/patches/310-precompile_filter.patch | 4 +-
.../ppp/patches/401-no_record_file.patch | 2 +-
.../404-remove_obsolete_protocol_names.patch | 16 +-
.../services/ppp/patches/511-syncppp.patch | 207 ++++++++++++++++++
...openssl-for-the-DES-instead-of-the-l.patch | 4 +-
...-Prevent-buffer-overflow-in-rc_mksid.patch | 30 +++
...01-pppd-Fix-bounds-check-in-EAP-code.patch | 37 ++++
...ived-EAP-messages-when-not-doing-EAP.patch | 61 ++++++
package/network/services/shellsync/Makefile | 34 +++
.../services/shellsync/src/shellsync.c | 106 +++++++++
23 files changed, 668 insertions(+), 37 deletions(-)
create mode 100644 package/network/services/ppp/patches/121-debian_adaptive_lcp_echo.patch
create mode 100644 package/network/services/ppp/patches/206-compensate_time_change.patch
create mode 100644 package/network/services/ppp/patches/511-syncppp.patch
create mode 100644 package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch
create mode 100644 package/network/services/ppp/patches/701-pppd-Fix-bounds-check-in-EAP-code.patch
create mode 100644 package/network/services/ppp/patches/702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP.patch
create mode 100644 package/network/services/shellsync/Makefile
create mode 100644 package/network/services/shellsync/src/shellsync.c
diff --git a/feeds.conf.default b/feeds.conf.default
index b63d8f2f1..bae9813cf 100644
--- a/feeds.conf.default
+++ b/feeds.conf.default
@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git
+src-git packages https://github.com/coolsnowwolf/packages
src-git luci https://github.com/coolsnowwolf/luci
src-git routing https://git.openwrt.org/feed/routing.git
src-git telephony https://git.openwrt.org/feed/telephony.git
diff --git a/package/network/services/ppp/Makefile b/package/network/services/ppp/Makefile
index bc1eccacb..1fd280032 100644
--- a/package/network/services/ppp/Makefile
+++ b/package/network/services/ppp/Makefile
@@ -9,19 +9,18 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ppp
-PKG_RELEASE:=2
+PKG_RELEASE:=5
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/paulusmack/ppp
-PKG_SOURCE_DATE:=2020-05-25
-PKG_SOURCE_VERSION:=ddd57c279f467e18c4fb3a661f21a069a5a37a1f
-PKG_MIRROR_HASH:=aac65e65dd25eaf8978a7a0b3258c863d90e29e247dd33d95276c0c189bcd424
+PKG_SOURCE_VERSION:=78cd384ce0f48bb5edb84e4fe9a574eab4a4ad14
+PKG_MIRROR_HASH:=cf284c312b0c90974d11f8aeece173bcac8475f5b810911f4feb2c5a4db263fe
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-4-Clause
PKG_CPE_ID:=cpe:/a:samba:ppp
PKG_RELEASE_VERSION:=2.4.8
-PKG_VERSION:=$(PKG_RELEASE_VERSION).git-$(PKG_SOURCE_DATE)
+PKG_VERSION:=$(PKG_RELEASE_VERSION)
PKG_BUILD_DEPENDS:=libpcap
@@ -39,7 +38,7 @@ endef
define Package/ppp
$(call Package/ppp/Default)
- DEPENDS:=+kmod-ppp
+ DEPENDS:=+kmod-ppp +libpthread +shellsync +kmod-mppe
TITLE:=PPP daemon
VARIANT:=default
endef
diff --git a/package/network/services/ppp/files/ppp.sh b/package/network/services/ppp/files/ppp.sh
index b553effd8..78e8c3213 100755
--- a/package/network/services/ppp/files/ppp.sh
+++ b/package/network/services/ppp/files/ppp.sh
@@ -74,7 +74,7 @@ ppp_generic_init_config() {
proto_config_add_string pppd_options
proto_config_add_string 'connect:file'
proto_config_add_string 'disconnect:file'
- [ -e /proc/sys/net/ipv6 ] && proto_config_add_string ipv6
+ proto_config_add_string ipv6
proto_config_add_boolean authfail
proto_config_add_int mtu
proto_config_add_string pppname
@@ -88,9 +88,7 @@ ppp_generic_setup() {
local config="$1"; shift
local localip
- json_get_vars ip6table demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered persist maxfail holdoff peerdns
-
- [ ! -e /proc/sys/net/ipv6 ] && ipv6=0 || json_get_var ipv6 ipv6
+ json_get_vars ipv6 ip6table demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered persist maxfail holdoff peerdns
if [ "$ipv6" = 0 ]; then
ipv6=""
@@ -151,9 +149,9 @@ ppp_generic_setup() {
${connect:+connect "$connect"} \
${disconnect:+disconnect "$disconnect"} \
ip-up-script /lib/netifd/ppp-up \
- ${ipv6:+ipv6-up-script /lib/netifd/ppp6-up} \
+ ipv6-up-script /lib/netifd/ppp6-up \
ip-down-script /lib/netifd/ppp-down \
- ${ipv6:+ipv6-down-script /lib/netifd/ppp-down} \
+ ipv6-down-script /lib/netifd/ppp-down \
${mtu:+mtu $mtu mru $mtu} \
"$@" $pppd_options
}
@@ -233,7 +231,16 @@ proto_pppoe_setup() {
json_get_var padi_attempts padi_attempts
json_get_var padi_timeout padi_timeout
+#By 蝈蝈:并发拨号同步的前期准备
+ syncppp_option=""
+ [ "$(uci get syncdial.config.enabled)" -eq "1" ] && {
+ ppp_if_cnt=$(uci show network | grep -c "\.proto=\'pppoe\'$")
+ syncppp_option="syncppp $ppp_if_cnt"
+ shellsync $ppp_if_cnt 10
+ }
+
ppp_generic_setup "$config" \
+ $syncppp_option \
plugin rp-pppoe.so \
${ac:+rp_pppoe_ac "$ac"} \
${service:+rp_pppoe_service "$service"} \
diff --git a/package/network/services/ppp/patches/100-debian_ip-ip_option.patch b/package/network/services/ppp/patches/100-debian_ip-ip_option.patch
index a99662292..335ce72b0 100644
--- a/package/network/services/ppp/patches/100-debian_ip-ip_option.patch
+++ b/package/network/services/ppp/patches/100-debian_ip-ip_option.patch
@@ -85,7 +85,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
"Enable multilink operation", OPT_PRIO | 1 },
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -335,6 +335,8 @@ extern int connect_delay; /* Time to del
+@@ -334,6 +334,8 @@ extern int connect_delay; /* Time to del
extern int max_data_rate; /* max bytes/sec through charshunt */
extern int req_unit; /* interface unit number to use */
extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */
diff --git a/package/network/services/ppp/patches/105-debian_demand.patch b/package/network/services/ppp/patches/105-debian_demand.patch
index fb6f39f4b..c68bafa8d 100644
--- a/package/network/services/ppp/patches/105-debian_demand.patch
+++ b/package/network/services/ppp/patches/105-debian_demand.patch
@@ -161,7 +161,7 @@
} else {
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -602,7 +602,7 @@ void demand_conf __P((void)); /* config
+@@ -601,7 +601,7 @@ void demand_conf __P((void)); /* config
void demand_block __P((void)); /* set all NPs to queue up packets */
void demand_unblock __P((void)); /* set all NPs to pass packets */
void demand_discard __P((void)); /* set all NPs to discard packets */
diff --git a/package/network/services/ppp/patches/110-debian_defaultroute.patch b/package/network/services/ppp/patches/110-debian_defaultroute.patch
index e47457176..38739a524 100644
--- a/package/network/services/ppp/patches/110-debian_defaultroute.patch
+++ b/package/network/services/ppp/patches/110-debian_defaultroute.patch
@@ -137,7 +137,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
.B disconnect \fIscript
Execute the command specified by \fIscript\fR, by passing it to a
shell, after
-@@ -751,7 +756,12 @@ disable both forms of hardware flow cont
+@@ -746,7 +751,12 @@ disable both forms of hardware flow cont
.TP
.B nodefaultroute
Disable the \fIdefaultroute\fR option. The system administrator who
@@ -153,7 +153,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
.B nodefaultroute6
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -684,7 +684,7 @@ int sif6addr __P((int, eui64_t, eui64_t
+@@ -683,7 +683,7 @@ int sif6addr __P((int, eui64_t, eui64_t
int cif6addr __P((int, eui64_t, eui64_t));
/* Remove an IPv6 address from i/f */
#endif
@@ -292,7 +292,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
--- a/pppd/sys-solaris.c
+++ b/pppd/sys-solaris.c
-@@ -2120,12 +2120,18 @@ cifaddr(u, o, h)
+@@ -2119,12 +2119,18 @@ cifaddr(u, o, h)
* sifdefaultroute - assign a default route through the address given.
*/
int
diff --git a/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch
index 5ef09b3f3..4a9ca7d5e 100644
--- a/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch
+++ b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch
@@ -84,7 +84,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -337,6 +337,8 @@ extern int req_unit; /* interface unit n
+@@ -336,6 +336,8 @@ extern int req_unit; /* interface unit n
extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */
extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */
diff --git a/package/network/services/ppp/patches/121-debian_adaptive_lcp_echo.patch b/package/network/services/ppp/patches/121-debian_adaptive_lcp_echo.patch
new file mode 100644
index 000000000..510c96ba9
--- /dev/null
+++ b/package/network/services/ppp/patches/121-debian_adaptive_lcp_echo.patch
@@ -0,0 +1,56 @@
+--- a/pppd/lcp.c
++++ b/pppd/lcp.c
+@@ -72,6 +72,7 @@ static void lcp_delayed_up __P((void *))
+ */
+ int lcp_echo_interval = 0; /* Interval between LCP echo-requests */
+ int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */
++bool lcp_echo_adaptive = 0; /* request echo only if the link was idle */
+ bool lax_recv = 0; /* accept control chars in asyncmap */
+ bool noendpoint = 0; /* don't send/accept endpoint discriminator */
+
+@@ -150,6 +151,8 @@ static option_t lcp_option_list[] = {
+ OPT_PRIO },
+ { "lcp-echo-interval", o_int, &lcp_echo_interval,
+ "Set time in seconds between LCP echo requests", OPT_PRIO },
++ { "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive,
++ "Suppress LCP echo requests if traffic was received", 1 },
+ { "lcp-restart", o_int, &lcp_fsm[0].timeouttime,
+ "Set time in seconds between LCP retransmissions", OPT_PRIO },
+ { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits,
+@@ -2330,6 +2333,22 @@ LcpSendEchoRequest (f)
+ }
+ }
+
++ /*
++ * If adaptive echos have been enabled, only send the echo request if
++ * no traffic was received since the last one.
++ */
++ if (lcp_echo_adaptive) {
++ static unsigned int last_pkts_in = 0;
++
++ update_link_stats(f->unit);
++ link_stats_valid = 0;
++
++ if (link_stats.pkts_in != last_pkts_in) {
++ last_pkts_in = link_stats.pkts_in;
++ return;
++ }
++ }
++
+ /*
+ * Make and send the echo request frame.
+ */
+--- a/pppd/pppd.8
++++ b/pppd/pppd.8
+@@ -575,6 +575,11 @@ to 1) if the \fIproxyarp\fR option is us
+ dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to
+ 1) in demand mode if the local address changes.
+ .TP
++.B lcp\-echo\-adaptive
++If this option is used with the \fIlcp\-echo\-failure\fR option then
++pppd will send LCP echo\-request frames only if no traffic was received
++from the peer since the last echo\-request was sent.
++.TP
+ .B lcp\-echo\-failure \fIn
+ If this option is given, pppd will presume the peer to be dead
+ if \fIn\fR LCP echo\-requests are sent without receiving a valid LCP
diff --git a/package/network/services/ppp/patches/200-makefile.patch b/package/network/services/ppp/patches/200-makefile.patch
index 42351392d..82b1cc67b 100644
--- a/package/network/services/ppp/patches/200-makefile.patch
+++ b/package/network/services/ppp/patches/200-makefile.patch
@@ -34,7 +34,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
-@@ -126,10 +126,10 @@ CFLAGS += -DHAS_SHADOW
+@@ -125,10 +125,10 @@ CFLAGS += -DHAS_SHADOW
#LIBS += -lshadow $(LIBS)
endif
diff --git a/package/network/services/ppp/patches/202-no_strip.patch b/package/network/services/ppp/patches/202-no_strip.patch
index 0af7b2b2a..436085f3b 100644
--- a/package/network/services/ppp/patches/202-no_strip.patch
+++ b/package/network/services/ppp/patches/202-no_strip.patch
@@ -19,7 +19,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
clean:
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
-@@ -108,7 +108,7 @@ ifdef USE_SRP
+@@ -107,7 +107,7 @@ ifdef USE_SRP
CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
TARGETS += srp-entry
@@ -28,7 +28,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
MANPAGES += srp-entry.8
EXTRACLEAN += srp-entry.o
NEEDDES=y
-@@ -220,7 +220,7 @@ all: $(TARGETS)
+@@ -219,7 +219,7 @@ all: $(TARGETS)
install: pppd
mkdir -p $(BINDIR) $(MANDIR)
$(EXTRAINSTALL)
diff --git a/package/network/services/ppp/patches/206-compensate_time_change.patch b/package/network/services/ppp/patches/206-compensate_time_change.patch
new file mode 100644
index 000000000..a1eb6a716
--- /dev/null
+++ b/package/network/services/ppp/patches/206-compensate_time_change.patch
@@ -0,0 +1,94 @@
+pppd: Watch out for time warps
+
+On many embedded systems there is no battery backed RTC and a proper system
+time only becomes available through NTP after establishing a connection.
+
+When the clock suddenly jumps forward, the internal accounting (connect time)
+is confused resulting in unreliable data.
+
+This patch implements periodic clock checking to look for time warps, if one
+is detected, the internal counters are adjusted accordingly.
+
+Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+
+--- a/pppd/main.c
++++ b/pppd/main.c
+@@ -89,6 +89,7 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
++#include <sys/sysinfo.h>
+
+ #include "pppd.h"
+ #include "magic.h"
+@@ -226,6 +227,7 @@ static struct subprocess *children;
+
+ /* Prototypes for procedures local to this file. */
+
++static void check_time(void);
+ static void setup_signals __P((void));
+ static void create_pidfile __P((int pid));
+ static void create_linkpidfile __P((int pid));
+@@ -525,6 +527,7 @@ main(argc, argv)
+ info("Starting link");
+ }
+
++ check_time();
+ gettimeofday(&start_time, NULL);
+ script_unsetenv("CONNECT_TIME");
+ script_unsetenv("BYTES_SENT");
+@@ -1274,6 +1277,36 @@ struct callout {
+
+ static struct callout *callout = NULL; /* Callout list */
+ static struct timeval timenow; /* Current time */
++static long uptime_diff = 0;
++static int uptime_diff_set = 0;
++
++static void check_time(void)
++{
++ long new_diff;
++ struct timeval t;
++ struct sysinfo i;
++ struct callout *p;
++
++ gettimeofday(&t, NULL);
++ sysinfo(&i);
++ new_diff = t.tv_sec - i.uptime;
++
++ if (!uptime_diff_set) {
++ uptime_diff = new_diff;
++ uptime_diff_set = 1;
++ return;
++ }
++
++ if ((new_diff - 5 > uptime_diff) || (new_diff + 5 < uptime_diff)) {
++ /* system time has changed, update counters and timeouts */
++ info("System time change detected.");
++ start_time.tv_sec += new_diff - uptime_diff;
++
++ for (p = callout; p != NULL; p = p->c_next)
++ p->c_time.tv_sec += new_diff - uptime_diff;
++ }
++ uptime_diff = new_diff;
++}
+
+ /*
+ * timeout - Schedule a timeout.
+@@ -1344,6 +1377,8 @@ calltimeout()
+ {
+ struct callout *p;
+
++ check_time();
++
+ while (callout != NULL) {
+ p = callout;
+
+@@ -1371,6 +1406,8 @@ timeleft(tvp)
+ {
+ if (callout == NULL)
+ return NULL;
++
++ check_time();
+
+ gettimeofday(&timenow, NULL);
+ tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec;
diff --git a/package/network/services/ppp/patches/208-fix_status_code.patch b/package/network/services/ppp/patches/208-fix_status_code.patch
index f1a12006a..31460148a 100644
--- a/package/network/services/ppp/patches/208-fix_status_code.patch
+++ b/package/network/services/ppp/patches/208-fix_status_code.patch
@@ -12,7 +12,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/main.c
+++ b/pppd/main.c
-@@ -1052,7 +1052,8 @@ get_input()
+@@ -1055,7 +1055,8 @@ get_input()
}
notice("Modem hangup");
hungup = 1;
diff --git a/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch b/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch
index 40866132e..00fb83502 100644
--- a/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch
+++ b/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch
@@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
-@@ -190,8 +190,8 @@ endif
+@@ -189,8 +189,8 @@ endif
ifdef FILTER
ifneq ($(wildcard /usr/include/pcap-bpf.h),)
diff --git a/package/network/services/ppp/patches/310-precompile_filter.patch b/package/network/services/ppp/patches/310-precompile_filter.patch
index ec6110442..a65c19cf1 100644
--- a/package/network/services/ppp/patches/310-precompile_filter.patch
+++ b/package/network/services/ppp/patches/310-precompile_filter.patch
@@ -23,7 +23,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
# Uncomment the next line to enable multilink PPP (enabled by default)
# Linux distributions: Please leave multilink ENABLED in your builds
# of pppd!
-@@ -195,6 +198,14 @@ CFLAGS += -DPPP_FILTER -I$(STAGING_DIR)
+@@ -194,6 +197,14 @@ CFLAGS += -DPPP_FILTER -I$(STAGING_DIR)
endif
endif
@@ -77,7 +77,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
#ifdef MAXOCTETS
{ "maxoctets", o_int, &maxoctets,
"Set connection traffic limit",
-@@ -1516,6 +1532,29 @@ callfile(argv)
+@@ -1511,6 +1527,29 @@ callfile(argv)
return ok;
}
diff --git a/package/network/services/ppp/patches/401-no_record_file.patch b/package/network/services/ppp/patches/401-no_record_file.patch
index f707fda8a..56a9f02eb 100644
--- a/package/network/services/ppp/patches/401-no_record_file.patch
+++ b/package/network/services/ppp/patches/401-no_record_file.patch
@@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -326,7 +326,6 @@ extern int holdoff; /* Dead time before
+@@ -325,7 +325,6 @@ extern int holdoff; /* Dead time before
extern bool holdoff_specified; /* true if user gave a holdoff value */
extern bool notty; /* Stdin/out is not a tty */
extern char *pty_socket; /* Socket to connect to pty */
diff --git a/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch b/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch
index d37fc0353..1d94873f3 100644
--- a/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch
+++ b/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch
@@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/main.c
+++ b/pppd/main.c
-@@ -883,14 +883,17 @@ struct protocol_list {
+@@ -886,14 +886,17 @@ struct protocol_list {
const char *name;
} protocol_list[] = {
{ 0x21, "IP" },
@@ -25,7 +25,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
{ 0x33, "Stream Protocol ST-II" },
{ 0x35, "Banyan Vines" },
{ 0x39, "AppleTalk EDDP" },
-@@ -904,8 +907,11 @@ struct protocol_list {
+@@ -907,8 +910,11 @@ struct protocol_list {
{ 0x49, "Serial Data Transport Protocol (PPP-SDTP)" },
{ 0x4b, "SNA over 802.2" },
{ 0x4d, "SNA" },
@@ -37,7 +37,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
{ 0x53, "Encryption" },
{ 0x55, "Individual Link Encryption" },
{ 0x57, "IPv6" },
-@@ -916,12 +922,15 @@ struct protocol_list {
+@@ -919,12 +925,15 @@ struct protocol_list {
{ 0x65, "RTP IPHC Compressed non-TCP" },
{ 0x67, "RTP IPHC Compressed UDP 8" },
{ 0x69, "RTP IPHC Compressed RTP 8" },
@@ -53,7 +53,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
{ 0x0203, "IBM Source Routing BPDU" },
{ 0x0205, "DEC LANBridge100 Spanning Tree" },
{ 0x0207, "Cisco Discovery Protocol" },
-@@ -933,15 +942,19 @@ struct protocol_list {
+@@ -936,15 +945,19 @@ struct protocol_list {
{ 0x0231, "Luxcom" },
{ 0x0233, "Sigma Network Systems" },
{ 0x0235, "Apple Client Server Protocol" },
@@ -73,7 +73,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
{ 0x4001, "Cray Communications Control Protocol" },
{ 0x4003, "CDPD Mobile Network Registration Protocol" },
{ 0x4005, "Expand accelerator protocol" },
-@@ -952,8 +965,10 @@ struct protocol_list {
+@@ -955,8 +968,10 @@ struct protocol_list {
{ 0x4023, "RefTek Protocol" },
{ 0x4025, "Fibre Channel" },
{ 0x4027, "EMIT Protocols" },
@@ -84,7 +84,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
{ 0x8023, "OSI Network Layer Control Protocol" },
{ 0x8025, "Xerox NS IDP Control Protocol" },
{ 0x8027, "DECnet Phase IV Control Protocol" },
-@@ -962,7 +977,9 @@ struct protocol_list {
+@@ -965,7 +980,9 @@ struct protocol_list {
{ 0x8031, "Bridging NCP" },
{ 0x8033, "Stream Protocol Control Protocol" },
{ 0x8035, "Banyan Vines Control Protocol" },
@@ -94,7 +94,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
{ 0x803f, "NETBIOS Framing Control Protocol" },
{ 0x8041, "Cisco Systems Control Protocol" },
{ 0x8043, "Ascom Timeplex" },
-@@ -971,18 +988,24 @@ struct protocol_list {
+@@ -974,18 +991,24 @@ struct protocol_list {
{ 0x8049, "Serial Data Control Protocol (PPP-SDCP)" },
{ 0x804b, "SNA over 802.2 Control Protocol" },
{ 0x804d, "SNA Control Protocol" },
@@ -119,7 +119,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
{ 0x8207, "Cisco Discovery Protocol Control" },
{ 0x8209, "Netcs Twin Routing" },
{ 0x820b, "STP - Control Protocol" },
-@@ -991,24 +1014,29 @@ struct protocol_list {
+@@ -994,24 +1017,29 @@ struct protocol_list {
{ 0x8281, "MPLSCP" },
{ 0x8285, "IEEE p1284.4 standard - Protocol Control" },
{ 0x8287, "ETSI TETRA TNP1 Control Protocol" },
diff --git a/package/network/services/ppp/patches/511-syncppp.patch b/package/network/services/ppp/patches/511-syncppp.patch
new file mode 100644
index 000000000..8b8b6cce6
--- /dev/null
+++ b/package/network/services/ppp/patches/511-syncppp.patch
@@ -0,0 +1,207 @@
+--- a/pppd/chap-new.c
++++ b/pppd/chap-new.c
+@@ -37,6 +37,8 @@
+ #include "chap-new.h"
+ #include "chap-md5.h"
+
++#include "syncppp.h"
++
+ #ifdef CHAPMS
+ #include "chap_ms.h"
+ #define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
+@@ -492,6 +494,19 @@ chap_respond(struct chap_client_state *c
+ p[2] = len >> 8;
+ p[3] = len;
+
++ if (npppd > 1) {
++ if (syncppp(npppd) < 0) {
++ error("syncppp sync fail");
++ sem_unlink(SEM_COUNT_NAME);
++ sem_unlink(SEM_BLOCK_NAME);
++ } else {
++ info("syncppp sync succeeded");
++ }
++ } else {
++ info("syncppp not active");
++ }
++
++
+ output(0, response, PPP_HDRLEN + len);
+ }
+
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -13,16 +13,16 @@ TARGETS = pppd
+
+ PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c md5.c ccp.c \
+ ecp.c ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c \
+- demand.c utils.c tty.c eap.c chap-md5.c session.c
++ demand.c utils.c tty.c eap.c chap-md5.c session.c syncppp.c
+
+ HEADERS = ccp.h session.h chap-new.h ecp.h fsm.h ipcp.h \
+ ipxcp.h lcp.h magic.h md5.h patchlevel.h pathnames.h pppd.h \
+- upap.h eap.h
++ upap.h eap.h syncppp.h
+
+ MANPAGES = pppd.8
+ PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o \
+ ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o \
+- eap.o chap-md5.o session.o
++ eap.o chap-md5.o session.o syncppp.o
+
+ #
+ # include dependencies if present
+@@ -33,7 +33,7 @@ endif
+ # CC = gcc
+ #
+ COPTS = -O2 -pipe -Wall -g
+-LIBS =
++LIBS = -lpthread
+
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
+--- a/pppd/options.c
++++ b/pppd/options.c
+@@ -128,6 +128,7 @@ bool dump_options; /* print out option
+ bool dryrun; /* print out option values and exit */
+ char *domain; /* domain name set by domain option */
+ int child_wait = 5; /* # seconds to wait for children at exit */
++int npppd = 0; /* synchronize between multiple pppd */
+ struct userenv *userenv_list; /* user environment variables */
+ int dfl_route_metric = -1; /* metric of the default route to set over the PPP link */
+
+@@ -342,6 +343,10 @@ option_t general_options[] = {
+ "Set pathname of ipv6-down script",
+ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
+
++ { "syncppp", o_int, &npppd,
++ "sync among multiple pppd when sending chap/pap respond", OPT_PRIO },
++
++
+ #ifdef HAVE_MULTILINK
+ { "multilink", o_bool, &multilink,
+ "Enable multilink operation", OPT_PRIO | 1 },
+--- a/pppd/pppd.h
++++ b/pppd/pppd.h
+@@ -343,6 +343,7 @@ extern char *bundle_name; /* bundle name
+ extern bool dump_options; /* print out option values */
+ extern bool dryrun; /* check everything, print options, exit */
+ extern int child_wait; /* # seconds to wait for children at end */
++extern int npppd; /* synchronize between multiple pppd */
+
+ #ifdef MAXOCTETS
+ extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
+--- /dev/null
++++ b/pppd/syncppp.c
+@@ -0,0 +1,75 @@
++#include<stdio.h>
++#include<semaphore.h>
++#include<fcntl.h>
++#include<stdlib.h>
++#include<time.h>
++#include<errno.h>
++#include "pppd.h"
++#include "syncppp.h"
++
++int syncppp(int nproc)
++{
++ int flags;
++ int value;
++ sem_t *block;
++ sem_t *count;
++ struct timespec ts;
++
++ if (nproc <= 1) {
++ error("syncppp: number of pppd should be larger than 1");
++ return -1;
++ }
++
++ if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
++ error("clock_gettime error");
++ return -1;
++ }
++ ts.tv_sec += SYNCPPP_TIMEOUT;
++
++
++ flags = O_RDWR | O_CREAT;
++ block = sem_open(SEM_BLOCK_NAME, flags, 0644, 0);
++ count = sem_open(SEM_COUNT_NAME, flags, 0644, 0);
++ if (block == SEM_FAILED || count == SEM_FAILED) {
++ error("syncppp: sem_open failed");
++ return -1;
++ }
++
++ if (sem_post(count) < 0) {
++ error("syncppp: sem_post failed");
++ return -1;
++ }
++ if (sem_getvalue(count, &value) < 0) {
++ error("syncppp: sem_getvalue failed");
++ return -1;
++ }
++ info("%d pppd have arrived, waiting for the left %d", value, nproc-value);
++ if (value >= nproc) {
++ while (nproc-1 > 0) {
++ if (sem_post(block) < 0) {
++ error("syncppp: sem_post failed");
++ return -1;
++ }
++ nproc--;
++ }
++ } else {
++ if (sem_timedwait(block, &ts) < 0) {
++ if (errno == ETIMEDOUT) {
++ error("syncppp: sem_timewait time out");
++ } else {
++ error("syncppp: sem_timewait error");
++ }
++ return -1;
++ }
++
++ }
++
++ sem_close(count);
++ sem_close(block);
++
++ sem_unlink(SEM_COUNT_NAME);
++ sem_unlink(SEM_BLOCK_NAME);
++
++ return 0;
++}
++
+--- /dev/null
++++ b/pppd/syncppp.h
+@@ -0,0 +1,3 @@
++#define SEM_BLOCK_NAME "block"
++#define SEM_COUNT_NAME "count"
++#define SYNCPPP_TIMEOUT 5
+--- a/pppd/upap.c
++++ b/pppd/upap.c
+@@ -52,6 +52,7 @@
+ #include "pppd.h"
+ #include "upap.h"
+
++#include "syncppp.h"
+
+ static bool hide_password = 1;
+
+@@ -567,6 +568,18 @@ upap_sauthreq(u)
+ PUTCHAR(u->us_passwdlen, outp);
+ BCOPY(u->us_passwd, outp, u->us_passwdlen);
+
++ if (npppd > 1) {
++ if (syncppp(npppd) < 0) {
++ error("syncppp sync fail");
++ sem_unlink(SEM_COUNT_NAME);
++ sem_unlink(SEM_BLOCK_NAME);
++ } else {
++ info("syncppp sync succeeded");
++ }
++ } else {
++ info("syncppp not active");
++ }
++
+ output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
+
+ TIMEOUT(upap_timeout, u, u->us_timeouttime);
+
diff --git a/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch b/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch
index 5802d6158..9676824f5 100644
--- a/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch
+++ b/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch
@@ -17,7 +17,7 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875.
+++ b/pppd/Makefile.linux
@@ -35,10 +35,10 @@ endif
COPTS = -O2 -pipe -Wall -g
- LIBS = -lrt
+ LIBS =
-# Uncomment the next line to include support for Microsoft's
+# Uncomment the next 2 lines to include support for Microsoft's
@@ -28,7 +28,7 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875.
# Don't use MSLANMAN unless you really know what you're doing.
#MSLANMAN=y
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
-@@ -141,8 +141,7 @@ endif
+@@ -140,8 +140,7 @@ endif
ifdef NEEDDES
ifndef USE_CRYPT
diff --git a/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch b/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch
new file mode 100644
index 000000000..1c5722e6d
--- /dev/null
+++ b/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch
@@ -0,0 +1,30 @@
+From 858976b1fc3107f1261aae337831959b511b83c2 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Sat, 4 Jan 2020 12:01:32 +1100
+Subject: [PATCH] radius: Prevent buffer overflow in rc_mksid()
+
+On some systems getpid() can return a value greater than 65535.
+Increase the size of buf[] to allow for this, and use slprintf()
+to make sure we never overflow it.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/plugins/radius/util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c
+index 6f976a712951..740131e8377c 100644
+--- a/pppd/plugins/radius/util.c
++++ b/pppd/plugins/radius/util.c
+@@ -73,9 +73,9 @@ void rc_mdelay(int msecs)
+ char *
+ rc_mksid (void)
+ {
+- static char buf[15];
++ static char buf[32];
+ static unsigned short int cnt = 0;
+- sprintf (buf, "%08lX%04X%02hX",
++ slprintf(buf, sizeof(buf), "%08lX%04X%02hX",
+ (unsigned long int) time (NULL),
+ (unsigned int) getpid (),
+ cnt & 0xFF);
diff --git a/package/network/services/ppp/patches/701-pppd-Fix-bounds-check-in-EAP-code.patch b/package/network/services/ppp/patches/701-pppd-Fix-bounds-check-in-EAP-code.patch
new file mode 100644
index 000000000..c2ca9729e
--- /dev/null
+++ b/package/network/services/ppp/patches/701-pppd-Fix-bounds-check-in-EAP-code.patch
@@ -0,0 +1,37 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname). This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f56a336..1b93db01aebd 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
diff --git a/package/network/services/ppp/patches/702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP.patch b/package/network/services/ppp/patches/702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP.patch
new file mode 100644
index 000000000..7286d81a5
--- /dev/null
+++ b/package/network/services/ppp/patches/702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP.patch
@@ -0,0 +1,61 @@
+From 8d45443bb5c9372b4c6a362ba2f443d41c5636af Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 16:31:42 +1100
+Subject: [PATCH] pppd: Ignore received EAP messages when not doing EAP
+
+This adds some basic checks to the subroutines of eap_input to check
+that we have requested or agreed to doing EAP authentication before
+doing any processing on the received packet. The motivation is to
+make it harder for a malicious peer to disrupt the operation of pppd
+by sending unsolicited EAP packets. Note that eap_success() already
+has a check that the EAP client state is reasonable, and does nothing
+(apart from possibly printing a debug message) if not.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 1b93db01aebd..082e95343120 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1328,6 +1328,12 @@ int len;
+ int fd;
+ #endif /* USE_SRP */
+
++ /*
++ * Ignore requests if we're not open
++ */
++ if (esp->es_client.ea_state <= eapClosed)
++ return;
++
+ /*
+ * Note: we update es_client.ea_id *only if* a Response
+ * message is being generated. Otherwise, we leave it the
+@@ -1736,6 +1742,12 @@ int len;
+ u_char dig[SHA_DIGESTSIZE];
+ #endif /* USE_SRP */
+
++ /*
++ * Ignore responses if we're not open
++ */
++ if (esp->es_server.ea_state <= eapClosed)
++ return;
++
+ if (esp->es_server.ea_id != id) {
+ dbglog("EAP: discarding Response %d; expected ID %d", id,
+ esp->es_server.ea_id);
+@@ -2047,6 +2059,12 @@ u_char *inp;
+ int id;
+ int len;
+ {
++ /*
++ * Ignore failure messages if we're not open
++ */
++ if (esp->es_client.ea_state <= eapClosed)
++ return;
++
+ if (!eap_client_active(esp)) {
+ dbglog("EAP unexpected failure message in state %s (%d)",
+ eap_state_name(esp->es_client.ea_state),
diff --git a/package/network/services/shellsync/Makefile b/package/network/services/shellsync/Makefile
new file mode 100644
index 000000000..dcbce1d21
--- /dev/null
+++ b/package/network/services/shellsync/Makefile
@@ -0,0 +1,34 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=shellsync
+PKG_VERSION:=0.2
+PKG_RELEASE:=2
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shellsync
+ CATEGORY:=Utilities
+ TITLE:=shellsync
+ DEPENDS:=+libpthread +kmod-macvlan
+endef
+
+define Build/Prepare
+ mkdir -p $(PKG_BUILD_DIR)
+ $(CP) ./src/* $(PKG_BUILD_DIR)/
+endef
+
+define Package/shellsync/description
+A tool to sync different shell scripts.Based on syncppp patch by morfast.
+endef
+
+define Build/Compile
+ $(TARGET_CROSS)gcc -pthread -o $(PKG_BUILD_DIR)/shellsync $(PKG_BUILD_DIR)/shellsync.c
+endef
+
+define Package/shellsync/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/shellsync $(1)/usr/bin
+endef
+
+
+$(eval $(call BuildPackage,shellsync))
diff --git a/package/network/services/shellsync/src/shellsync.c b/package/network/services/shellsync/src/shellsync.c
new file mode 100644
index 000000000..4aef1e9ba
--- /dev/null
+++ b/package/network/services/shellsync/src/shellsync.c
@@ -0,0 +1,106 @@
+/*************************************************************************
+ > File Name: shellsync.c
+ > Author: GuoGuo
+ > Mail: gch981213@gmail.com
+ > Created Time: 2014年11月06日 星期四 19时15分30秒
+ ************************************************************************/
+#include<stdio.h>
+#include<semaphore.h>
+#include<fcntl.h>
+#include<stdlib.h>
+#include<time.h>
+#include<errno.h>
+#define SEM_BLOCK_NAME "SYNCSHELL_block"
+#define SEM_COUNT_NAME "SYNCSHELL_count"
+int wait_timeout;
+int sync_wait(int nproc)
+{
+ int flags;
+ int value;
+ sem_t *block;
+ sem_t *count;
+ struct timespec ts;
+
+ if (nproc <= 1) {
+ printf("sync_wait: number of processes should be larger than 1\n");
+ return -1;
+ }
+
+ if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
+ printf("clock_gettime error\n");
+ return -1;
+ }
+ ts.tv_sec += wait_timeout;
+
+
+ flags = O_RDWR | O_CREAT;
+ block = sem_open(SEM_BLOCK_NAME, flags, 0644, 0);
+ count = sem_open(SEM_COUNT_NAME, flags, 0644, 0);
+ if (block == SEM_FAILED || count == SEM_FAILED) {
+ printf("sync_wait: sem_open failed\n");
+ return -1;
+ }
+
+ if (sem_post(count) < 0) {
+ printf("sync_wait: sem_post failed\n");
+ return -1;
+ }
+ if (sem_getvalue(count, &value) < 0) {
+ printf("sync_wait: sem_getvalue failed\n");
+ return -1;
+ }
+ printf("%d processes have arrived, waiting for the left %d\n", value, nproc-value);
+ if (value >= nproc) {
+ while (nproc-1 > 0) {
+ if (sem_post(block) < 0) {
+ printf("sync_wait: sem_post failed\n");
+ return -1;
+ }
+ nproc--;
+ }
+ } else {
+ if (sem_timedwait(block, &ts) < 0) {
+ if (errno == ETIMEDOUT) {
+ printf("sync_wait: sem_timewait time out\n");
+ } else {
+ printf("sync_wait: sem_timewait error\n");
+ }
+ return -1;
+ }
+
+ }
+
+ sem_close(count);
+ sem_close(block);
+
+ sem_unlink(SEM_COUNT_NAME);
+ sem_unlink(SEM_BLOCK_NAME);
+
+ return 0;
+}
+
+int main(int argc,char *argv[])
+{
+ if(argc!=3)
+ {
+ printf("Usage: shellsync <process num> <wait_timeout>\n");
+ }
+ else
+ {
+ int proc_num;
+ sscanf(argv[1],"%d",&proc_num);
+ sscanf(argv[2],"%d",&wait_timeout);
+ if(sync_wait(proc_num)<0)
+ {
+ printf("Processes sync failed.\n");
+ sem_unlink(SEM_COUNT_NAME);
+ sem_unlink(SEM_BLOCK_NAME);
+ return 1;
+ }
+ else
+ {
+ printf("Processes sync succeed.\n");
+ return 0;
+ }
+ }
+}