update 2025-10-06 17:03:41

natflow/Makefile

@@ -1,123 +0,0 @@
-#
-# Copyright (C) 2017-2019 Chen Minqiang <ptpt52@gmail.com>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=natflow
-PKG_VERSION:=20250923
-
-PKG_SOURCE_URL:=https://codeload.github.com/ptpt52/natflow/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=a4fde7ccfa9cd9eb17c259491b5a50d80ea44a04a37b2a12d398bc915a6ef942
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-
-PKG_MAINTAINER:=Chen Minqiang <ptpt52@gmail.com>
-PKG_LICENSE:=GPL-2.0
-
-include $(INCLUDE_DIR)/package.mk
-
-define KernelPackage/natflow
-  CATEGORY:=X
-  SUBMENU:=Fast Forward Stacks
-  TITLE:=natflow kernel driver
-  KCONFIG:= \
-	    CONFIG_NF_CONNTRACK_MARK=y \
-	    CONFIG_NETFILTER_INGRESS=y
-  FILES:=$(PKG_BUILD_DIR)/natflow.ko
-  AUTOLOAD:=$(call AutoLoad,96,natflow)
-  DEPENDS:= +kmod-ipt-conntrack +kmod-ipt-nat +kmod-ipt-ipset +kmod-br-netfilter +LINUX_5_4:kmod-nf-flow
-endef
-
-define KernelPackage/natflow/description
-  fast nat forward kmod
-endef
-
-include $(INCLUDE_DIR)/kernel-defaults.mk
-
-EXTRA_CFLAGS += -Wno-stringop-overread
-
-EXTRA_CFLAGS += -DCONFIG_NATFLOW_PATH -DCONFIG_NATFLOW_URLLOGGER -DNATFLOW_VERSION=\\\"$(PKG_VERSION)-$(shell echo $(PKG_HASH) | head -c7)\\\"
-ifneq ($(CONFIG_TARGET_mediatek_mt7622),)
-EXTRA_CFLAGS += -DCONFIG_HWNAT_EXTDEV_USE_VLAN_HASH
-endif
-
-define Build/Compile/natflow
-	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
-		EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
-		$(KERNEL_MAKE_FLAGS) \
-		ARCH="$(LINUX_KARCH)" \
-		CROSS_COMPILE="$(KERNEL_CROSS)" \
-		M="$(PKG_BUILD_DIR)" \
-		$(if $(CONFIG_KERNEL_DEBUG_INFO),,NO_DEBUG=1) \
-		modules
-endef
-
-define Build/Compile
-	$(call Build/Compile/natflow)
-endef
-
-define Package/natflow-boot
-  CATEGORY:=X
-  SUBMENU:=Fast Forward Stacks
-  TITLE:=natflow boot init script
-  DEPENDS:= +kmod-natflow
-endef
-
-define Package/natflow-boot/install
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/natflow-boot.init $(1)/etc/init.d/natflow-boot
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_DATA) ./files/21-natflow-boot.hotplug $(1)/etc/hotplug.d/iface/21-natflow-boot
-	$(INSTALL_DIR) $(1)/lib/preinit
-	$(INSTALL_DATA) ./files/natflow-boot.preinit $(1)/lib/preinit/95_natflow-boot
-endef
-
-define Package/natflow-auth
-  CATEGORY:=X
-  SUBMENU:=Fast Forward Stacks
-  TITLE:=natflow auth init script
-  DEPENDS:= +kmod-natflow +ipset +lua-ipops
-endef
-
-define Package/natflow-auth/conffiles
-/etc/config/natflow
-endef
-
-define Package/natflow-auth/install
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/natflow-simple-qos.init $(1)/etc/init.d/natflow-simple-qos
-	$(INSTALL_BIN) ./files/natflow-qos.init $(1)/etc/init.d/natflow-qos
-	$(INSTALL_BIN) ./files/natflow-user.init $(1)/etc/init.d/natflow-user
-	$(INSTALL_BIN) ./files/natflow-zone.init $(1)/etc/init.d/natflow-zone
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DATA) ./files/natflow.config $(1)/etc/config/natflow
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_DATA) ./files/20-natflow-zone.hotplug $(1)/etc/hotplug.d/iface/20-natflow-zone
-endef
-
-define Package/natflow-hostacl
-  CATEGORY:=X
-  SUBMENU:=Fast Forward Stacks
-  TITLE:=natflow hostacl init script
-  DEPENDS:= +natflow-auth +urllogger
-endef
-
-define Package/natflow-hostacl/conffiles
-/etc/config/hostacl
-endef
-
-define Package/natflow-hostacl/install
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_BIN) ./files/natflow-hostacl.init $(1)/etc/init.d/natflow-hostacl
-	$(INSTALL_DATA) ./files/hostacl.config $(1)/etc/config/hostacl
-endef
-
-$(eval $(call KernelPackage,natflow))
-$(eval $(call BuildPackage,natflow-boot))
-$(eval $(call BuildPackage,natflow-auth))
-$(eval $(call BuildPackage,natflow-hostacl))

natflow/files/20-natflow-zone.hotplug

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
-[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
-
-logger -t natflow "Reloading natflow-zone due to $ACTION of $INTERFACE ($DEVICE)"
-/etc/init.d/natflow-zone start &

natflow/files/21-natflow-boot.hotplug

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
-[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
-
-logger -t natflow "Reloading natflow-boot due to $ACTION of $INTERFACE ($DEVICE)"
-/etc/init.d/natflow-boot start &

natflow/files/hostacl.config

@@ -1,39 +0,0 @@
-
-config main 'default'
-	option enabled '1'
-
-config rule
-	option action 'reset'
-	option host 'baidu.com,360.cn'
-	option ip '0.0.0.0/0'
-	option ipv6 '::/0'
-	option disabled '1'
-
-config rule
-	option action 'reset'
-	option host 'baidu.com,360.cn'
-	option disabled '1'
-	option ip '192.168.15.2-192.168.15.254'
-	option ipv6 '::/0'
-	list mac 'AA:BB:CC:DD:EE:FF'
-
-config rule
-	option host 'baidu.com,360.cn'
-	option action 'drop'
-	option disabled '1'
-
-config rule
-	option host 'baidu.com,360.cn'
-	option action 'redirect'
-	option disabled '1'
-
-config rule
-	option host 'baidu.com,360.cn'
-	option action 'record'
-	option disabled '1'
-
-config rule
-	option host 'baidu.com,360.cn'
-	option action 'reset'
-	option disabled '1'
-

natflow/files/natflow-boot.init

@@ -1,62 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=95
-
-disable_gro_gso() {
-	which ethtool &>/dev/null || return 0
-	for eth in $(ifconfig | grep "^eth\|^dsa" | awk '{print $1}' | sort | uniq); do
-		ethtool -k "$eth" | grep -q "generic-receive-offload: off" || {
-			ethtool -K "$eth" gro off
-			logger -t natflow "disable gro for <$eth>"
-		}
-		ethtool -k "$eth" | grep -q "generic-segmentation-offload: off" || {
-			ethtool -K "$eth" gso off
-			logger -t natflow "disable gso for <$eth>"
-		}
-	done
-}
-
-start() {
-	test -c /dev/natflow_ctl || return 0
-	disable_gro_gso
-	hwnat_wed=$(uci get natflow.main.hwnat_wed 2>/dev/null || echo 0)
-	hwnat=$(uci get natflow.main.hwnat 2>/dev/null || echo 0)
-	enabled=$(uci get natflow.main.enabled 2>/dev/null || echo 0)
-	debug=$(uci get natflow.main.debug 2>/dev/null || echo 3)
-	delay_pkts=$(uci get natflow.main.delay_pkts 2>/dev/null || echo 0)
-	go_slowpath_if_no_qos=$(uci get natflow.main.go_slowpath_if_no_qos 2>/dev/null || echo 0)
-	ifname_group=$(uci get natflow.main.ifname_group 2>/dev/null)
-	ifname_group_type=$(uci get natflow.main.ifname_group_type 2>/dev/null || echo 0)
-
-	echo "debug=$debug" >/dev/natflow_ctl
-	echo "disabled=$((!enabled))" >/dev/natflow_ctl
-	grep -q "hwnat=" </dev/natflow_ctl && echo "hwnat=$hwnat" >/dev/natflow_ctl
-	grep -q "hwnat_wed_disabled=" </dev/natflow_ctl && echo "hwnat_wed_disabled=$((!hwnat_wed))" >/dev/natflow_ctl
-	if [ "${hwnat_wed}" = "1" ]; then
-		for p in /sys/module/*/parameters/wed_enable; do
-			test -e "$p" && echo Y >"$p"
-		done
-	else
-		for p in /sys/module/*/parameters/wed_enable; do
-			test -e "$p" && echo N >"$p"
-		done
-	fi
-
-	echo "delay_pkts=$delay_pkts" >/dev/natflow_ctl
-	echo "go_slowpath_if_no_qos=$go_slowpath_if_no_qos" >/dev/natflow_ctl
-	echo "ifname_group_type=$ifname_group_type" >/dev/natflow_ctl
-	echo "ifname_group_clear=$ifname_group_clear" >/dev/natflow_ctl
-	for ifn in ${ifname_group}; do
-		echo "ifname_group_add=$ifn" >/dev/natflow_ctl
-	done
-}
-
-stop() {
-	test -c /dev/natflow_ctl || return 0
-	echo disabled=1 >/dev/natflow_ctl
-}
-
-restart() {
-	start
-}

natflow/files/natflow-boot.preinit

@@ -1,28 +0,0 @@
-# Copyright (C) 2022 X-WRT.COM
-
-do_pre_kmodload()
-{
-	test -e /etc/modules.d/mt7915e && {
-		cat /etc/modules.d/mt7915e | grep -q wed_enable=Y || echo mt7915e wed_enable=Y >/etc/modules.d/mt7915e
-		. /lib/functions/system.sh
-		case "$(board_name)" in
-		zyxel,ex5700-telenor)
-			cat /etc/modules.d/mt7915e | grep -q enable_6ghz=Y || {
-				echo mt7915e wed_enable=Y enable_6ghz=Y >/etc/modules.d/mt7915e
-				uci set wireless.radio1.band='6g'
-				uci commit wireless
-			}
-			;;
-		*)
-			;;
-		esac
-	}
-	# help to update wo firmware
-	test -d /lib/firmware/mediatek/update && {
-		cd /lib/firmware/mediatek && {
-			ln -sf /lib/firmware/mediatek/update/* .
-		}
-	}
-}
-
-boot_hook_add preinit_main do_pre_kmodload

natflow/files/natflow-hostacl.init

@@ -1,113 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2018-2024 X-WRT
-
-START=95
-
-IPOPS="lua /usr/lib/lua/ipops.lua"
-test -e /usr/share/natflow/ipops.lua && IPOPS="lua /usr/share/natflow/ipops.lua"
-
-stop()
-{
-	test -c /dev/hostacl_ctl || return 0
-	echo clear >/dev/hostacl_ctl
-	for i in $(seq 0 31); do
-		ipset destroy host_acl_rule${i}_mac 2>/dev/null
-		ipset destroy host_acl_rule${i}_ipv4 2>/dev/null
-		ipset destroy host_acl_rule${i}_ipv6 2>/dev/null
-	done
-}
-
-# ipset_add ipsetname net
-ipv4set_add()
-{
-	local ipsetname=$1
-	local net=$2
-	#hack for 0.0.0.0/0
-	[ "$net" = "0.0.0.0/0" ] && net="0.0.0.0/1 128.0.0.0/1"
-	for n in $net; do
-		ipset add $ipsetname $n
-	done
-}
-
-# ipset_add ipsetname net
-ipv6set_add()
-{
-	local ipsetname=$1
-	local net=$2
-	#hack for ::/0
-	[ "$net" = "::/0" ] && net="::/1 8000::/1"
-	for n in $net; do
-		ipset add $ipsetname $n
-	done
-}
-
-start()
-{
-	test -c /dev/hostacl_ctl || return 0
-	stop
-	enabled=$(uci get hostacl.@main[0].enabled 2>/dev/null || echo 0)
-	[ $enabled = "0" ] && return 0
-
-	idx=0
-	while uci get hostacl.@rule[$idx] &>/dev/null; do
-		disabled=$(uci get hostacl.@rule[$idx].disabled 2>/dev/null || echo 0)
-		if [ "$disabled" = "1" ]; then
-			idx=$((idx+1))
-			continue
-		fi
-
-		ip=$(uci get hostacl.@rule[$idx].ip 2>/dev/null)
-		ip=$($IPOPS netStrings2ipcidrStrings "$ip")
-		if [ "$(echo $ip | sed 's/,/ /g' | wc -w)" -ge 1 ]; then
-			ipset create host_acl_rule${idx}_ipv4 hash:net family inet 2>/dev/null
-			ipset flush host_acl_rule${idx}_ipv4
-			for net in $(echo $ip | sed 's/,/ /g'); do
-				ipv4set_add host_acl_rule${idx}_ipv4 $net
-			done
-		fi
-
-		ipv6=$(uci get hostacl.@rule[$idx].ipv6 2>/dev/null)
-		if test -n "$ipv6"; then
-			ipset create host_acl_rule${idx}_ipv6 hash:net family inet6 2>/dev/null
-			ipset flush host_acl_rule${idx}_ipv6
-			for net in $(echo $ipv6 | sed "s/,/ /g;s/'/ /g"); do
-				ipv6set_add host_acl_rule${idx}_ipv6 $net
-			done
-		fi
-
-		mac=$(uci get hostacl.@rule[$idx].mac 2>/dev/null)
-		if test -n "$mac"; then
-			ipset create host_acl_rule${idx}_mac hash:mac 2>/dev/null
-			ipset flush host_acl_rule${idx}_mac
-			for net in $(echo $mac | sed "s/,/ /g;s/'/ /g"); do
-				ipset add host_acl_rule${idx}_mac $net
-			done
-		fi
-
-		action=$(uci get hostacl.@rule[$idx].action 2>/dev/null)
-		if [ "$action" = "record" ]; then
-			action=0
-		elif [ "$action" = "drop" ]; then
-			action=1
-		elif [ "$action" = "reset" ]; then
-			action=2
-		elif [ "$action" = "redirect" ]; then
-			action=3
-		else
-			action=0
-		fi
-
-		host=$(uci get hostacl.@rule[$idx].host 2>/dev/null)
-		host=$(echo $host | sed "s/,/ /g;s/'/ /g")
-		for HOST in $host; do
-			echo add acl=${idx},${action},$HOST >/dev/hostacl_ctl
-		done
-
-		idx=$((idx+1))
-	done
-}
-
-restart()
-{
-	start
-}

natflow/files/natflow-qos.init

@@ -1,246 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=95
-
-DEVCTL=/dev/qos_ctl
-IPOPS="lua /usr/lib/lua/ipops.lua"
-test -e /usr/share/natflow/ipops.lua && IPOPS="lua /usr/share/natflow/ipops.lua"
-
-qos_idx=0
-
-# ipset_add ipsetname net
-ipv4set_add()
-{
-	local ipsetname=$1
-	local net=$2
-	#hack for 0.0.0.0/0
-	[ "$net" = "0.0.0.0/0" ] && net="0.0.0.0/1 128.0.0.0/1"
-	for n in $net; do
-		ipset add $ipsetname $n
-	done
-}
-
-get_rate_data()
-{
-	local cnt num unit
-	echo -n $1 | grep -qi "bps$" || {
-		num=$1
-		echo -n $((num)) # assume num B/s
-		return
-	}
-	cnt=`echo -n $1 | wc -c || echo 0`
-	test $cnt -le 4 && echo -n 0 && return # assume 0 B/s
-
-	num=`echo -n $1 | cut -c0-$((cnt-4))`
-	unit=`echo -n $1 | cut -c$((cnt-3))-$cnt | tr A-Z a-z`
-	case $unit in
-		"kbps")
-			num=$((num*128))
-		;;
-		"mbps")
-			num=$((num*128*1024))
-		;;
-		"gbps")
-			num=$((num*128*1024*1024))
-		;;
-		*)
-			num=$((num/8))
-		;;
-	esac
-	echo -n $num # assume num bps
-}
-
-natflow_qos_setup()
-{
-	local idx=$qos_idx
-	qos_idx=$((qos_idx+1))
-	local cfg="$1"
-	local disabled user user_port remote remote_port proto rx_rate tx_rate
-
-	config_get disabled "$cfg" disabled 0
-	config_get user "$cfg" user
-	config_get user_port "$cfg" user_port
-	config_get remote "$cfg" remote
-	config_get remote_port "$cfg" remote_port
-	config_get proto "$cfg" proto
-	config_get rx_rate "$cfg" rx_rate 0
-	config_get tx_rate "$cfg" tx_rate 0
-
-	[ "$disabled" = "1" ] && return 0
-
-	#echo add user=<ipset/ip/ipcidr>,user_port=<portset/port>,remote=<ipset/ip/ipcidr>,remote_port=<portset/port>,proto=<tcp/udp>,rxbytes=Bytes,txbytes=Bytes
-
-	user=$($IPOPS netStrings2ipcidrStrings "$user")
-	if [ "$(echo $user | sed 's/,/ /g' | wc -w)" -gt 1 ]; then
-		ipset create qos_u$idx nethash 2>/dev/null
-		ipset flush qos_u$idx
-		for net in $(echo $user | sed 's/,/ /g'); do
-			ipv4set_add qos_u$idx $net
-		done
-		user=qos_u$idx
-	fi
-
-	if [ "$(echo $user_port | sed 's/,/ /g;s/-/ /g' | wc -w)" -gt 1 ]; then
-		ipset create qos_up$idx bitmap:port range 0-65535 2>/dev/null
-		ipset flush qos_up$idx
-		for port in $(echo $user_port | sed 's/,/ /g'); do
-			ipset add qos_up$idx $port
-		done
-		user_port=qos_up$idx
-	fi
-
-	remote=$($IPOPS netStrings2ipcidrStrings "$remote")
-	if [ "$(echo $remote | sed 's/,/ /g' | wc -w)" -gt 1 ]; then
-		ipset create qos_r$idx nethash 2>/dev/null
-		ipset flush qos_r$idx
-		for net in $(echo $remote | sed 's/,/ /g'); do
-			ipv4set_add qos_r$idx $net
-		done
-		remote=qos_r$idx
-	fi
-
-	if [ "$(echo $remote_port | sed 's/,/ /g;s/-/ /g' | wc -w)" -gt 1 ]; then
-		ipset create qos_rp$idx bitmap:port range 0-65535 2>/dev/null
-		ipset flush qos_rp$idx
-		for port in $(echo $remote_port | sed 's/,/ /g'); do
-			ipset add qos_rp$idx $port
-		done
-		remote_port=qos_rp$idx
-	fi
-
-	rx_rate=$(get_rate_data "$rx_rate")
-	tx_rate=$(get_rate_data "$tx_rate")
-
-	cmd="add user=$user,user_port=$user_port,remote=$remote,remote_port=$remote_port,proto=$proto,rxbytes=$rx_rate,txbytes=$tx_rate"
-
-	echo "$cmd" >$DEVCTL
-}
-
-natflow_qos_zone_setup_tc()
-{
-	local idx=$zone_idx
-	zone_idx=$((zone_idx+1))
-	local cfg="$1"
-	local fw_zone ifname type
-
-	config_get fw_zone "$cfg" fw_zone
-	config_get ifname "$cfg" ifname
-	config_get type "$cfg" type
-
-	(for fwz in $fw_zone; do
-		fw3 -q zone $fwz
-	done; \
-	for ifn in $ifname; do
-		echo $ifn
-	done) | sed 's/+$/\.\*/' | sort | uniq | while read IFN; do
-		#echo $type $idx=$IFN >$DEVCTL
-		l2dev=$(ubus call network.interface dump | grep "\"l3_device\": \"${IFN}\"" -A2 | grep "\"device\"" | cut -d\" -f4)
-		l2dev=$(for ifn in $IFN $l2dev; do echo $ifn; done | sort | uniq)
-		for ifn in $l2dev; do
-		case $type in
-		lan_zone)
-			ifconfig -a | grep "^$ifn " | awk '{print $1}' | while read lan; do
-				if [ "${lan}" = "${lan//:}" ]; then
-					qos_id=0
-					cat /dev/qos_ctl | grep "^add user=" | while read line; do
-						line="${line/*rxbytes=}"
-						rxbytes="${line/,*}"
-						quantum=$(($rxbytes/1000))
-						if test $quantum -lt 256; then
-							quantum=256
-						fi
-						qos_id=$((qos_id+1))
-						QOSID=$((qos_id*2-1))
-						lower1=$(for vif in /sys/class/net/$lan/lower_*; do test -e $vif && echo ${vif##/sys/class/net/*/lower_}; done)
-						lower2=$(for dev in $lower1; do for vif in /sys/class/net/$dev/lower_*; do test -e $vif && echo ${vif##/sys/class/net/*/lower_}; done; done)
-						devs=$(for dev in $lan $lower1 $lower2; do echo $dev; done | sort | uniq);
-						echo setup tc for @lan=[`echo $devs`] rxbytes=$rxbytes quantum=$quantum rule_id=${qos_id} QOSID=${QOSID}
-						for DEVICE in $devs; do
-							tc qdisc add dev $DEVICE root handle 1: htb &>/dev/null
-							tc class add dev $DEVICE parent 1: classid 1:${QOSID} htb rate ${rxbytes}Bps quantum $quantum &>/dev/null
-							tc filter add dev $DEVICE parent 1: protocol all prio 1 handle ${QOSID} fw classid 1:${QOSID} &>/dev/null
-						done
-					done
-				fi
-			done
-		;;
-		wan_zone)
-			ifconfig -a | grep "^$ifn " | awk '{print $1}' | while read wan; do
-				if [ "${wan}" = "${wan//:}" ]; then
-					qos_id=0
-					cat /dev/qos_ctl | grep "^add user=" | while read line; do
-						txbytes="${line/*,txbytes=}"
-						quantum=$(($txbytes/1000))
-						if test $quantum -lt 256; then
-							quantum=256
-						fi
-						qos_id=$((qos_id+1))
-						QOSID=$((qos_id*2))
-						lower1=$(for vif in /sys/class/net/$wan/lower_*; do test -e $vif && echo ${vif##/sys/class/net/*/lower_}; done)
-						lower2=$(for dev in $lower1; do for vif in /sys/class/net/$dev/lower_*; do test -e $vif && echo ${vif##/sys/class/net/*/lower_}; done; done)
-						devs=$(for dev in $wan $lower1 $lower2; do echo $dev; done | sort | uniq);
-						echo setup tc for @wan=[`echo $devs`] txbytes=$txbytes quantum=$quantum rule_id=${qos_id} QOSID=${QOSID}
-						for DEVICE in $devs; do
-							tc qdisc add dev $DEVICE root handle 1: htb &>/dev/null
-							tc class add dev $DEVICE parent 1: classid 1:${QOSID} htb rate ${txbytes}Bps quantum $quantum &>/dev/null
-							tc filter add dev $DEVICE parent 1: protocol all prio 1 handle ${QOSID} fw classid 1:${QOSID} &>/dev/null
-						done
-					done
-				fi
-			done
-		;;
-		esac
-		done
-	done
-}
-
-natflow_qos_clear_tc()
-{
-	which tc &>/dev/null || return
-	ifconfig | grep "^[^ ]" | awk '{print $1}' | while read ifname; do
-		if [ "${ifname}" = "${ifname//:}" ]; then
-			tc qdisc del dev $ifname root &>/dev/null
-		fi
-	done
-}
-
-start() {
-	test -c $DEVCTL || return 0
-
-	echo clear >$DEVCTL
-
-	config_load natflow
-	config_foreach natflow_qos_setup qos
-
-	natflow_qos_clear_tc
-
-	if [ "$(uci get natflow.main.tc_classid_mode 2>/dev/null || echo 0)" = "1" ] && which tc &>/dev/null; then
-		echo tc_classid_mode=1 >/dev/qos_ctl
-		config_foreach natflow_qos_zone_setup_tc zone
-	else
-		echo tc_classid_mode=0 >/dev/qos_ctl
-	fi
-
-	mkdir -p /tmp/config
-	touch /tmp/config/natflow-qos
-	ln -s /tmp/config/natflow-qos /etc/config/natflow-qos &>/dev/null
-	config_load natflow-qos
-	config_foreach natflow_qos_setup qos
-}
-
-stop() {
-	test -c $DEVCTL || return 0
-
-	echo clear >$DEVCTL
-	ipset list -n | grep ^qos_ | while read ipset; do
-		ipset destroy $ipset
-	done
-
-	natflow_qos_clear_tc
-}
-
-restart() {
-	stop
-	start
-}

natflow/files/natflow-simple-qos.init

@@ -1,129 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=95
-
-IPOPS="lua /usr/lib/lua/ipops.lua"
-test -e /usr/share/natflow/ipops.lua && IPOPS="lua /usr/share/natflow/ipops.lua"
-
-get_rate_data()
-{
-	local cnt num unit
-	echo -n $1 | grep -qi "bps$" || {
-		num=$1
-		echo -n $((num)) # assume num B/s
-		return
-	}
-	cnt=`echo -n $1 | wc -c || echo 0`
-	test $cnt -le 4 && echo -n 0 && return # assume 0 B/s
-
-	num=`echo -n $1 | cut -c0-$((cnt-4))`
-	unit=`echo -n $1 | cut -c$((cnt-3))-$cnt | tr A-Z a-z`
-	case $unit in
-		"kbps")
-			num=$((num*128))
-		;;
-		"mbps")
-			num=$((num*128*1024))
-		;;
-		"gbps")
-			num=$((num*128*1024*1024))
-		;;
-		*)
-			num=$((num/8))
-		;;
-	esac
-	echo -n $num # assume num bps
-}
-
-dispatch_userinfo_event_fifo()
-{
-	pgrep -f "sh -c echo .*>/tmp/userinfo_event_fifo" >/dev/null && {
-		#event fifo is busy
-		return
-	}
-	sh -c "echo $1>/tmp/userinfo_event_fifo" &
-	return 0
-}
-
-qos_simple_watch()
-{
-	dispatch_userinfo_event_fifo ""
-
-	cat /dev/userinfo_event_ctl 2>/dev/null | while read line; do
-		dispatch_userinfo_event_fifo "$line"
-		ip=${line//,*}
-		idx=0
-		if test -n "${ip//*:*}"; then
-		while uci get natflow.@qos_simple[$idx] &>/dev/null; do
-			disabled=$(uci get natflow.@qos_simple[$idx].disabled 2>/dev/null || echo 0)
-			if [ "$disabled" = "0" ]; then
-				user=$(uci get natflow.@qos_simple[$idx].user 2>/dev/null)
-				if test -z "$user" || $IPOPS netStrings_test_netStrings "$user" "$ip"; then
-					rx_rate=$(uci get natflow.@qos_simple[$idx].rx_rate 2>/dev/null)
-					tx_rate=$(uci get natflow.@qos_simple[$idx].tx_rate 2>/dev/null)
-					rx_rate=$(get_rate_data "$rx_rate")
-					tx_rate=$(get_rate_data "$tx_rate")
-					echo set-token-ctrl $ip $rx_rate $tx_rate >/dev/userinfo_ctl
-					break
-				fi
-			fi
-			idx=$((idx+1))
-		done
-		fi
-		test -z "${ip//*:*}" && {
-			mac=$(echo $line | cut -d, -f2)
-			for iface in $(ip -6 neigh show $ip | grep -o "dev .*" | awk '{print $2}'); do
-				[ "$(fw3 -q device $iface 2>/dev/null)" = "lan" ] && ip -6 neigh replace $ip lladdr $mac dev $iface nud reachable
-			done
-		}
-	done
-}
-
-start() {
-	cat /dev/userinfo_ctl | while read line; do
-		ip=${line//,*}
-		idx=0
-		if test -n "${ip//*:*}"; then
-		while uci get natflow.@qos_simple[$idx] &>/dev/null; do
-			disabled=$(uci get natflow.@qos_simple[$idx].disabled 2>/dev/null || echo 0)
-			if [ "$disabled" = "0" ]; then
-				user=$(uci get natflow.@qos_simple[$idx].user 2>/dev/null)
-				if test -z "$user" || $IPOPS netStrings_test_netStrings "$user" "$ip"; then
-					rx_rate=$(uci get natflow.@qos_simple[$idx].rx_rate 2>/dev/null)
-					tx_rate=$(uci get natflow.@qos_simple[$idx].tx_rate 2>/dev/null)
-					rx_rate=$(get_rate_data "$rx_rate")
-					tx_rate=$(get_rate_data "$tx_rate")
-					echo set-token-ctrl $ip $rx_rate $tx_rate
-					echo set-token-ctrl $ip $rx_rate $tx_rate >/dev/userinfo_ctl
-					break
-				fi
-			fi
-			idx=$((idx+1))
-		done
-		fi
-		test -z "${ip//*:*}" && {
-			mac=$(echo $line | cut -d, -f2)
-			for iface in $(ip -6 neigh show $ip | grep -o "dev .*" | awk '{print $2}'); do
-				[ "$(fw3 -q device $iface 2>/dev/null)" = "lan" ] && ip -6 neigh replace $ip lladdr $mac dev $iface nud reachable
-			done
-		}
-	done
-
-	test -e /tmp/userinfo_event_fifo || mkfifo /tmp/userinfo_event_fifo
-	qos_simple_watch &
-}
-
-stop() {
-	kill -TERM $(pgrep -f "cat /dev/userinfo_event_ctl") &>/dev/null
-	kill -TERM $(pgrep -f "sh -c echo .*>/tmp/userinfo_event_fifo") &>/dev/null
-	cat /dev/userinfo_ctl | while read line; do
-		ip=${line//,*}
-		echo set-token-ctrl $ip 0 0 >/dev/userinfo_ctl
-	done
-}
-
-restart() {
-	stop
-	start
-}

natflow/files/natflow-user.init

@@ -1,109 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=95
-
-DEVCTL=/dev/natflow_user_ctl
-IPOPS="lua /usr/lib/lua/ipops.lua"
-test -e /usr/share/natflow/ipops.lua && IPOPS="lua /usr/share/natflow/ipops.lua"
-
-auth_idx=0
-
-# ipset_add ipsetname net
-ipv4set_add()
-{
-	local ipsetname=$1
-	local net=$2
-	#hack for 0.0.0.0/0
-	[ "$net" = "0.0.0.0/0" ] && net="0.0.0.0/1 128.0.0.0/1"
-	for n in $net; do
-		ipset add $ipsetname $n
-	done
-}
-
-natflow_user_setup()
-{
-	local idx=$auth_idx
-	auth_idx=$((auth_idx+1))
-	local cfg="$1"
-	local enabled szone type sipgrp ipwhite macwhite
-
-	config_get enabled "$cfg" enabled
-	config_get szone "$cfg" szone
-	config_get type "$cfg" type
-	config_get sipgrp "$cfg" sipgrp
-	config_get ipwhite "$cfg" ipwhite
-	config_get macwhite "$cfg" macwhite
-
-	[ "$enabled" = "1" ] || return 0
-
-	#echo auth id=0,szone=0,type=auto,sipgrp=auth_sipgrp,ipwhite=,macwhite=
-
-	sipgrp=$($IPOPS netStrings2ipcidrStrings "$sipgrp")
-	ipset create auth_sipgrp_$idx nethash 2>/dev/null
-	ipset flush auth_sipgrp_$idx
-	for net in $(echo "$sipgrp" | sed 's/,/ /g'); do
-		ipv4set_add auth_sipgrp_$idx $net
-	done
-
-	cmd="auth id=$idx,szone=$szone,type=$type,sipgrp=auth_sipgrp_$idx"
-	if test -n "$ipwhite"; then
-		ipwhite=$($IPOPS netStrings2ipcidrStrings "$ipwhite")
-		ipset create auth_ipwhite_$idx nethash 2>/dev/null
-		ipset flush auth_ipwhite_$idx
-		for net in $(echo "$ipwhite" | sed 's/,/ /g'); do
-			ipv4set_add auth_ipwhite_$idx $net
-		done
-		cmd="$cmd,ipwhite=auth_ipwhite_$idx"
-	else
-		cmd="$cmd,ipwhite="
-	fi
-
-	if test -n "$macwhite"; then
-		ipset create auth_macwhite_$idx machash 2>/dev/null
-		ipset flush auth_macwhite_$idx
-		for mac in $(echo "$macwhite" | sed 's/,/ /g'); do
-			ipset add auth_macwhite_$idx $mac
-		done
-		cmd="$cmd,macwhite=auth_macwhite_$idx"
-	else
-		cmd="$cmd,macwhite="
-	fi
-
-	echo "$cmd" >$DEVCTL
-}
-
-start() {
-	test -c $DEVCTL || return 0
-
-	echo clean >$DEVCTL
-	echo disabled=0 >$DEVCTL
-
-	config_load natflow
-	config_foreach natflow_user_setup auth
-
-	no_flow_timeout=$(uci get natflow.globals.no_flow_timeout 2>/dev/null || echo 1800)
-	echo no_flow_timeout=${no_flow_timeout} >$DEVCTL
-	redirect_ip=$(uci get natflow.globals.redirect_ip 2>/dev/null || echo 10.10.10.10)
-	echo redirect_ip=${redirect_ip} >$DEVCTL
-	https_redirect_en=$(uci get natflow.globals.https_redirect_en 2>/dev/null || echo 0)
-	echo https_redirect_en=${https_redirect_en} >$DEVCTL
-	https_redirect_port=$(uci get natflow.globals.https_redirect_port 2>/dev/null || echo 443)
-	echo https_redirect_port=${https_redirect_port} >$DEVCTL
-
-	echo update_magic >$DEVCTL
-}
-
-stop() {
-	test -c $DEVCTL || return 0
-
-	echo disabled=1 >$DEVCTL
-	ipset list -n | grep ^auth_ | while read ipset; do
-		ipset destroy $ipset
-	done
-}
-
-restart() {
-	stop
-	start
-}

natflow/files/natflow-zone.init

@@ -1,49 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=95
-
-DEVCTL=/dev/natflow_zone_ctl
-
-zone_idx=0
-
-natflow_zone_setup()
-{
-	local idx=$zone_idx
-	zone_idx=$((zone_idx+1))
-	local cfg="$1"
-	local fw_zone ifname type
-
-	config_get fw_zone "$cfg" fw_zone
-	config_get ifname "$cfg" ifname
-	config_get type "$cfg" type
-
-	(for fwz in $fw_zone; do
-		fw3 -q zone $fwz
-	done; \
-	for ifn in $ifname; do
-		echo $ifn
-	done) | sed 's/\*$/+/' | sort | uniq | while read IFN; do
-		echo $type $idx=$IFN >$DEVCTL
-	done
-}
-
-start() {
-	test -c $DEVCTL || return 0
-
-	echo clean >$DEVCTL
-
-	config_load natflow
-	config_foreach natflow_zone_setup zone
-
-	echo update_match >$DEVCTL
-}
-
-stop() {
-	test -c $DEVCTL || return 0
-}
-
-restart()
-{
-	start
-}

natflow/files/natflow.config

@@ -1,49 +0,0 @@
-config natflow 'main'
-	option hwnat '1'
-	option hwnat_wed '1'
-	option enabled '1'
-	option debug '3'
-	option delay_pkts '0'
-	option go_slowpath_if_no_qos '0'
-	option ifname_group_type '0' #0:fastnat_for_all 1:fastnat_ifname_group_only 2:fastnat_ifname_group_bypass
-	list ifname_group ''
-	option tc_classid_mode '1'
-
-config globals 'globals'
-	option redirect_ip '10.10.10.10'
-	option no_flow_timeout '1800'
-	option https_redirect_en '0'
-	option https_redirect_port '443'
-
-config auth
-	option enabled '1'
-	option szone '0'
-	option type 'auto'
-	option sipgrp '192.168.15.2-192.168.15.254'
-	option ipwhite ''
-	option macwhite ''
-
-config zone
-	option type 'lan_zone'
-	list fw_zone 'lan'
-	list ifname 'tun+'
-
-config zone
-	option type 'wan_zone'
-	list fw_zone 'wan'
-
-config qos 'example'
-	option user '192.168.15.0/24' #ip,iprange,ipcidr or ''
-	option user_port ''
-	option remote ''
-	option remote_port '80,443'
-	option proto 'tcp' # tcp or udp or ''
-	option rx_rate '10Mbps'
-	option tx_rate '5Mbps'
-	option disabled '1'
-
-config qos_simple "simple1"
-	option user '192.168.15.0/24'
-	option rx_rate '10Mbps'
-	option tx_rate '5Mbps'
-	option disabled '1'