From 27c0c88936ed1a4c1f7f9f6be74420b967b324a4 Mon Sep 17 00:00:00 2001 From: Eric Long Date: Thu, 16 Jan 2025 17:39:23 +0800 Subject: [PATCH] docs: update OpenWrt support info --- README.md | 2 ++ docs/checksum-hacks.md | 2 +- docs/openwrt.md | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 29bd31f..1e20935 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,8 @@ To install, download both `mimic` and `mimic-dkms` packages (the first two of th # apt install ./*_mimic_*.deb ./*_mimic-dkms_*.deb ``` +OpenWrt support is currently experimental and waiting for 24.10 release, see [`openwrt` branch](https://github.com/hack3ric/mimic/tree/openwrt) and [OpenWrt Support](docs/openwrt.md) documentation. + For building from source (including AUR and other Debian and Ubuntu versions), see [Building from Source](docs/building.md) for more information. ## Details diff --git a/docs/checksum-hacks.md b/docs/checksum-hacks.md index 02e4344..78578c3 100644 --- a/docs/checksum-hacks.md +++ b/docs/checksum-hacks.md @@ -28,7 +28,7 @@ When the two conditions below both matches, checksum hack is not necessary. 2. UDP socket in userspace. - Kernel `udptunnel{4,6}`, used by many in-kernel tunnels such as [WireGuard](https://www.wireguard.com/), and encapsulation protocols like [FOU](https://www.man7.org/linux/man-pages/man8/ip-fou.8.html) and [GENEVE](https://github.com/torvalds/linux/blob/master/drivers/net/geneve.c), is always `CSUM_PARTIAL` (see [udp4](https://github.com/torvalds/linux/blob/b86545e02e8c22fb89218f29d381fa8e8b91d815/net/ipv4/udp.c#L1041) and [udp6](https://github.com/torvalds/linux/blob/b86545e02e8c22fb89218f29d381fa8e8b91d815/net/ipv6/ip6_checksum.c#L115)). Userspace implementations are not affected, like [wireguard-go](https://git.zx2c4.com/wireguard-go), [OpenVPN](https://openvpn.net/) and [Hysteria](https://hysteria.network/). (However, since Hysteria uses (modified) QUIC, it is sometimes better to keep it as-is than turning it to something unknown to the middleboxes.) + Kernel `udptunnel{4,6}`, used by many in-kernel tunnels such as [WireGuard](https://www.wireguard.com/), and encapsulation protocols like [FOU](https://www.man7.org/linux/man-pages/man8/ip-fou.8.html) and [GENEVE](https://github.com/torvalds/linux/blob/master/drivers/net/geneve.c), is always `CSUM_PARTIAL` (see [udp4](https://github.com/torvalds/linux/blob/b86545e02e8c22fb89218f29d381fa8e8b91d815/net/ipv4/udp.c#L1041) and [udp6](https://github.com/torvalds/linux/blob/b86545e02e8c22fb89218f29d381fa8e8b91d815/net/ipv6/ip6_checksum.c#L115)). Userspace implementations are not affected, like [wireguard-go](https://git.zx2c4.com/wireguard-go), [OpenVPN](https://openvpn.net/) and [Hysteria](https://hysteria.network/). (However, since Hysteria uses (modified) QUIC, it is sometimes better to keep it as-is than using Mimic or other fake TCP solutions and turning it to something unknown to the middleboxes.) ## Platform Support diff --git a/docs/openwrt.md b/docs/openwrt.md index 087a257..c108510 100644 --- a/docs/openwrt.md +++ b/docs/openwrt.md @@ -1,7 +1,7 @@ # OpenWrt Support -We are trying to bring Mimic to OpenWrt. The packaging effort is going on in the [`openwrt` branch](https://github.com/hack3ric/mimic/tree/openwrt). However, OpenWrt does not come with both kernel BTF and kprobe configuration enabled, and [checksum hacks](checksum-hacks.md) cannot be applied without recompiling the kernel. +We are trying to bring Mimic to OpenWrt. The packaging effort is going on in the [`openwrt` branch](https://github.com/hack3ric/mimic/tree/openwrt), where one can download build artifacts from each commit's [GitHub Actions](https://github.com/hack3ric/mimic/actions/workflows/openwrt.yml), or build it locally according to [OpenWrt documentation](https://openwrt.org/docs/guide-developer/toolchain/single.package). -As some of the scenarios [does not require checksum hack](checksum-hacks.md#when-is-checksum-hack-not-necessary), we build Mimic on OpenWrt with `CHECKSUM_HACK=kprobe`. You can use Mimic normally without the kernel module, but if you do need the checksum hacks, you have to build the OpenWrt image manually. +However, OpenWrt does not come with both kernel BTF and kprobe configuration enabled, and [checksum hacks](checksum-hacks.md) cannot be applied without recompiling the kernel. -*TODO: image build tutorial* +As some of the scenarios [does not require checksum hack](checksum-hacks.md#when-is-checksum-hack-not-necessary), we build Mimic on OpenWrt with `CHECKSUM_HACK=kprobe`. You can use Mimic normally without the kernel module using prebuilts, but if you do need the checksum hacks, you have to [build the OpenWrt image manually](https://openwrt.org/docs/guide-developer/toolchain/beginners-build-guide).