update builder-linux

docs/compile/build_howto_unix.txt

@@ -1,11 +1,17 @@
-debian,ubuntu :
+* debian,ubuntu :
 
 apt install make gcc zlib1g-dev libcap-dev libnetfilter-queue-dev libmnl-dev libsystemd-dev libluajit2-5.1-dev
 make -C /opt/zapret2 systemd
 
-linux static :
+* linux static :
+
+need any x86_64 classic linux distribution
+
+optionally review "common.inc" for Lua and LuaJIT versions
+
+debian/ubuntu: apt install curl xz-utils bzip2 unzip make gcc gcc-multilib libc6-dev libcap-dev pkg-config
+fedora: dnf install curl xz bzip2 unzip make gcc glibc-devel glibc-devel.i686 libcap-devel pkg-config
 
-need any x86_64 classic linux distribution with curl, unzip, make, gcc, gcc-multilib
 copy directory "builder-linux" somethere with enough free disk space (up to 2G for all toolchains)
 run "get_toolchains.sh"
 select architectures you need or "ALL"
@@ -15,9 +21,7 @@ get static musl bins from "binaries" folder
 "zapret2" is downloaded from github master branch. if you need specific version - download manually to "zapret2" dir
 i586 and riscv64 targets are built with classic PUC Lua
 
-optionally review "common.inc" for Lua and LuaJIT versions
-
-FreeBSD :
+* FreeBSD :
 
 pkg install pkgconf
 pkg search luajit-2
@@ -25,7 +29,7 @@ pkg search luajit-2
 pkg install luajit-2.1.0.20250728
 make -C /opt/zapret2
 
-OpenBSD :
+* OpenBSD :
 
 pkg_add luajit gmake
 gmake -C /opt/zapret2 bsd

docs/compile/builder-linux/build_deps.sh

@@ -7,22 +7,22 @@ EXEDIR="$(cd "$EXEDIR"; pwd)"
 
 dl_deps()
 {
-	if [ -d "$DEPS" ]; then
-		dir_is_not_empty "$DEPS" && {
-			echo "deps dir is not empty. if you want to redownload - delete it."
-			return
-		}
-	else
-		mkdir "$DEPS"
-	fi
-	pushd "$DEPS"
-	curl -Lo - https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj
-	curl -Lo - https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj
-	curl -Lo - https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj
-	curl -Lo - https://zlib.net/zlib-1.3.1.tar.gz | tar -xz
-	curl -Lo - https://github.com/openresty/luajit2/archive/refs/tags/v${LUAJIT_RELEASE}.tar.gz | tar -xz
-	curl -Lo - https://www.lua.org/ftp/lua-${LUA_RELEASE}.tar.gz | tar -xz
-	popd
+	[ -d "$DEPS" ] || mkdir -p "$DEPS"
+	(
+	cd "$DEPS"
+	exists_dir libnfnetlink-* ||
+		curl -Lo - https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj || exit 5
+	exists_dir libmnl-* ||
+		curl -Lo - https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj || exit 5
+	exists_dir libnetfilter_queue-* ||
+		curl -Lo - https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj || exit 5
+	exists_dir zlib-* ||
+		curl -Lo - https://zlib.net/fossils/zlib-1.3.1.tar.gz | tar -xz || exit 5
+	exists_dir luajit2-* ||
+		curl -Lo - https://github.com/openresty/luajit2/archive/refs/tags/v${LUAJIT_RELEASE}.tar.gz | tar -xz || exit 5
+	exists_dir lua-* ||
+		curl -Lo - https://www.lua.org/ftp/lua-${LUA_RELEASE}.tar.gz | tar -xz || exit 5
+	)
 }
 
 build_netlink()
@@ -83,6 +83,8 @@ build_luajit_for_target()
 	}
 }
 
+check_prog curl tar gzip bzip2 sed make cc pkg-config
+check_h_files
 dl_deps
 check_toolchains
 ask_target
@@ -90,7 +92,7 @@ ask_target
 for t in $TGT; do
 	buildenv $t
 	pushd "$DEPS"
-	bsd_files
+	install_h_files
 	build_netlink
 	build_zlib
 	build_lua

docs/compile/builder-linux/build_zapret1.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+EXEDIR="$(dirname "$0")"
+EXEDIR="$(cd "$EXEDIR"; pwd)"
+
+. "$EXEDIR/common.inc"
+
+ZDIR="zapret"
+ZBASE="$EXEDIR"
+BRANCH=master
+ZURL=https://github.com/bol-van/zapret/archive/refs/heads/${BRANCH}.zip
+ZBIN="$EXEDIR/binaries"
+
+dl_zapret1()
+{
+	if [ -d "$ZBASE/$ZDIR" ]; then
+		dir_is_not_empty "$ZBASE/$ZDIR" && {
+			echo "zapret dir is not empty. if you want to redownload - delete it."
+			return
+		}
+		rmdir "$ZBASE/$ZDIR"
+	fi
+	(
+	cd "$ZBASE"
+	curl -Lo /tmp/zapret.zip "$ZURL"
+	unzip /tmp/zapret.zip
+	rm /tmp/zapret.zip
+	mv zapret-${BRANCH} $ZDIR
+	)
+}
+
+check_prog curl unzip make
+dl_zapret1
+check_toolchains
+ask_target
+
+[ -d "$ZBIN" ] || mkdir -p "$ZBIN"
+
+for t in $TGT; do
+	buildenv $t
+
+	translate_target $t || {
+		echo COULD NOT TRANSLATE TARGET $t TO BIN DIR
+		continue
+	}
+
+	pushd $ZBASE/$ZDIR
+
+	OPTIMIZE=-Oz \
+	CFLAGS="-static-libgcc -static -I$STAGING_DIR/include $MINSIZE $CFLAGS" \
+	LDFLAGS="-L$STAGING_DIR/lib $LDMINSIZE $LDFLAGS" \
+	make
+
+	[ -d "$ZBIN/$ZBINTARGET" ] || mkdir "$ZBIN/$ZBINTARGET"
+	cp -f binaries/my/* "$ZBIN/$ZBINTARGET"
+
+	popd
+
+	buildenv_clear
+done
+

docs/compile/builder-linux/build_zapret2.sh

@@ -20,53 +20,16 @@ dl_zapret2()
 		}
 		rmdir "$ZBASE/$ZDIR"
 	fi
-	pushd "$ZBASE"
+	(
+	cd "$ZBASE"
 	curl -Lo /tmp/zapret2.zip "$ZURL"
 	unzip /tmp/zapret2.zip
 	rm /tmp/zapret2.zip
 	mv zapret2-${BRANCH} $ZDIR
-	popd
-}
-
-translate_target()
-{
-	case $1 in
-		aarch64-unknown-linux-musl)
-			ZBINTARGET=linux-arm64
-			;;
-		arm-unknown-linux-musleabi)
-			ZBINTARGET=linux-arm
-			;;
-		x86_64-unknown-linux-musl)
-			ZBINTARGET=linux-x86_64
-			;;
-		i586-unknown-linux-musl)
-			ZBINTARGET=linux-x86
-			;;
-		mips-unknown-linux-muslsf)
-			ZBINTARGET=linux-mips
-			;;
-		mipsel-unknown-linux-muslsf)
-			ZBINTARGET=linux-mipsel
-			;;
-		mips64-unknown-linux-musl)
-			ZBINTARGET=linux-mips64
-			;;
-		mips64el-unknown-linux-musl)
-			ZBINTARGET=linux-mipsel64
-			;;
-		powerpc-unknown-linux-musl)
-			ZBINTARGET=linux-ppc
-			;;
-		riscv64-unknown-linux-musl)
-			ZBINTARGET=linux-riscv64
-			;;
-		*)
-			return 1
-	esac
-	return 0
+	)
 }
 
+check_prog curl unzip make
 dl_zapret2
 check_toolchains
 ask_target
@@ -94,7 +57,7 @@ for t in $TGT; do
 
 	OPTIMIZE=-Oz \
 	CFLAGS="-static-libgcc -static -I$STAGING_DIR/include $CFLAGS" \
-	LDFLAGS="-L$DEPS_DIR/lib $LDFLAGS" \
+	LDFLAGS="-L$STAGING_DIR/lib $LDFLAGS" \
 	make LUA_JIT=$LJIT LUA_CFLAGS="$LCFLAGS" LUA_LIB="$LLIB"
 
 	[ -d "$ZBIN/$ZBINTARGET" ] || mkdir "$ZBIN/$ZBINTARGET"

docs/compile/builder-linux/common.inc

@@ -46,9 +46,26 @@ target_has_luajit()
 	return 1
 }
 
-bsd_files()
+REQD_H_FILES="/usr/include/sys/capability.h /usr/include/bits/libc-header-start.h"
+REQD_QUEUE_1="/usr/include/sys/queue.h"
+REQD_QUEUE_2="/usr/include/x86_64-linux-gnu/sys/queue.h"
+check_h_files()
 {
-	install -Dm644 -t $STAGING_DIR/include/sys /usr/include/x86_64-linux-gnu/sys/queue.h /usr/include/sys/capability.h
+	[ ! -f "$REQD_QUEUE_1" -a ! -f  "$REQD_QUEUE_2" ] && {
+		echo "could not find $REQD_QUEUE_1 or $REQD_QUEUE_2"
+		help_pkg
+		exit 10
+	}
+	check_file $REQD_H_FILES
+}
+install_h_files()
+{
+	if [ -f "$REQD_QUEUE_1" ]; then
+		install -Dm644 -t $STAGING_DIR/include/sys $REQD_QUEUE_1
+	elif [ -f "$REQD_QUEUE_2" ]; then
+		install -Dm644 -t $STAGING_DIR/include/sys $REQD_QUEUE_2
+	fi
+	install -Dm644 -t $STAGING_DIR/include/sys $REQD_H_FILES
 }
 
 buildenv()
@@ -78,6 +95,33 @@ buildenv_clear()
 	OLDPATH=
 }
 
+which()
+{
+	# on some systems 'which' command is considered deprecated and not installed by default
+	# 'command -v' replacement does not work exactly the same way. it outputs shell aliases if present
+	# $1 - executable name
+	local IFS=:
+	[ "$1" != "${1#/}" ] && [ -x "$1" ] && {
+		echo "$1"
+		return 0
+	}
+	for p in $PATH; do
+	    [ -x "$p/$1" ] && {
+		echo "$p/$1"
+		return 0
+	    }
+	done
+	return 1
+}
+exists()
+{
+	which "$1" >/dev/null 2>/dev/null
+}
+exists_dir()
+{
+	# use $1, ignore other args
+	[ -d "$1" ]
+}
 
 dir_is_not_empty()
 {
@@ -168,3 +212,71 @@ check_toolchains()
 		exit 1
 	}
 }
+
+help_pkg()
+{
+	echo "debian/ubuntu: apt install curl xz-utils bzip2 unzip make gcc gcc-multilib libc6-dev libcap-dev pkg-config"
+	echo "fedora: dnf install curl xz bzip2 unzip make gcc glibc-devel glibc-devel.i686 libcap-devel pkg-config"
+}
+
+check_prog()
+{
+	while [ -n "$1" ]; do
+		exists $1 || {
+			echo $1 is not available
+			help_pkg
+			exit 10
+		}
+		shift
+	done
+}
+check_file()
+{
+	while [ -n "$1" ]; do
+		[ -f "$1" ] || {
+			echo $1 is not available
+			help_pkg
+			exit 10
+		}
+		shift
+	done
+}
+
+translate_target()
+{
+	case $1 in
+		aarch64-unknown-linux-musl)
+			ZBINTARGET=linux-arm64
+			;;
+		arm-unknown-linux-musleabi)
+			ZBINTARGET=linux-arm
+			;;
+		x86_64-unknown-linux-musl)
+			ZBINTARGET=linux-x86_64
+			;;
+		i586-unknown-linux-musl)
+			ZBINTARGET=linux-x86
+			;;
+		mips-unknown-linux-muslsf)
+			ZBINTARGET=linux-mips
+			;;
+		mipsel-unknown-linux-muslsf)
+			ZBINTARGET=linux-mipsel
+			;;
+		mips64-unknown-linux-musl)
+			ZBINTARGET=linux-mips64
+			;;
+		mips64el-unknown-linux-musl)
+			ZBINTARGET=linux-mipsel64
+			;;
+		powerpc-unknown-linux-musl)
+			ZBINTARGET=linux-ppc
+			;;
+		riscv64-unknown-linux-musl)
+			ZBINTARGET=linux-riscv64
+			;;
+		*)
+			return 1
+	esac
+	return 0
+}

docs/compile/builder-linux/get_toolchains.sh

@@ -7,13 +7,16 @@ EXEDIR="$(cd "$EXEDIR"; pwd)"
 
 BASEURL=https://github.com/bol-van/musl-cross/releases/download/latest
 
+check_prog curl tar xz
+
 [ -d "$TOOLCHAINS" ] || mkdir -p "$TOOLCHAINS"
 
 ask_target 1
 
-pushd "$TOOLCHAINS"
+(
+cd "$TOOLCHAINS"
 for t in $TGT; do
 	[ -d "$t" ] && rm -r "$t"
 	curl -Lo - "${BASEURL}/${t}.tar.xz" | tar -Jx
 done
-popd
+)

nfq2/darkmagic.c

@@ -2093,6 +2093,7 @@ static uint16_t wlan_get_family_id(struct mnl_socket* nl)
 static int wlan_info_attr_cb(const struct nlattr *attr, void *data)
 {
 	struct wlan_interface *wlan = (struct wlan_interface *)data;
+	size_t len;
 	switch(mnl_attr_get_type(attr))
 	{
 		case NL80211_ATTR_IFINDEX:
@@ -2104,12 +2105,10 @@ static int wlan_info_attr_cb(const struct nlattr *attr, void *data)
 			wlan->ifindex = mnl_attr_get_u32(attr);
 			break;
 		case NL80211_ATTR_SSID:
-			if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
-			{
-				DLOG_PERROR("mnl_attr_validate(ssid)");
-				return MNL_CB_ERROR;
-			}
-			snprintf(wlan->ssid,sizeof(wlan->ssid),"%s",mnl_attr_get_str(attr));
+			len = mnl_attr_get_payload_len(attr);
+			if (len>=sizeof(wlan->ssid)) len=sizeof(wlan->ssid)-1;
+			memcpy(wlan->ssid, mnl_attr_get_payload(attr), len);
+			wlan->ssid[len]=0;
 			break;
 		case NL80211_ATTR_IFNAME:
 			if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)

nfq2/desync.c

@@ -1648,6 +1648,7 @@ static const uint8_t *dns_extract_name(const uint8_t *a, const uint8_t *b, const
 	size_t nl, off;
 	const uint8_t *p;
 	bool bptr = (*a & 0xC0)==0xC0;
+	uint8_t x,y;
 
 	if (bptr)
 	{
@@ -1666,9 +1667,8 @@ static const uint8_t *dns_extract_name(const uint8_t *a, const uint8_t *b, const
 		// do not support mixed ptr+real
 		if ((*p & 0xC0) || (p+*p+1)>=e || (*p+1)>=(name_size-nl)) return NULL;
 		if (nl)	name[nl++] = '.';
-		memcpy(name + nl, p + 1, *p);
-		nl += *p;
-		p += *p + 1;
+		for(y=*p++,x=0 ; x<y ; x++,p++) name[nl+x] = tolower(*p);
+		nl += y;
 	}
 	name[nl] = 0;
 	return bptr ? a+2 : p+1;

nfq2/protocol.c

@@ -248,7 +248,7 @@ void ResolveMultiPos(const uint8_t *data, size_t sz, t_l7payload l7payload, cons
 }
 
 
-static const char *http_methods[] = { "GET ","POST ","HEAD ","OPTIONS ","PUT ","DELETE ","CONNECT ","TRACE ",NULL };
+static const char *http_methods[] = { "GET ","POST ","HEAD ","OPTIONS ","PUT ","DELETE ","CONNECT ","TRACE ", "PATCH ", NULL };
 static const char *HttpMethod(const uint8_t *data, size_t len)
 {
 	const char **method;