海运的博客

armbian默认内核开启REDIRECT涉及的选项较多，不能使用仅编译内核模块方式，可编译内核并替换。

首先开启Netfilter nf_tables support，然后选择nf_tables redirect support，路径见图片顶部。

开启ipv4 nf_tables support、ipv4 redirect support for nf_tables、redirect target support：

开启ipv6 nf_tables support和ipv6 redirect support for nf_tables：

安装编译环境及transmission依赖：

apt-get install ca-certificates libcurl4-openssl-dev libssl-dev pkg-config build-essential checkinstall libevent-dev intltool

下载编译transmission：

wget http://archive.ubuntu.com/ubuntu/pool/main/t/transmission/transmission_2.92.orig.tar.gz
tar zxvf transmission_2.92.orig.tar.gz 
cd transmission-2.92
wget http://archive.ubuntu.com/ubuntu/pool/main/t/transmission/transmission_2.92-3ubuntu2.debian.tar.xz
tar Jxvf transmission_2.92-3ubuntu2.debian.tar.xz 
#打openssl补丁，不然编译失败
patch -p 1 < debian/patches/f91cf5ad8c677b61ceb0bf5877b87f9e93256dd7.patch 
#patch -p 1 < debian/patches/8c8386a7f3f482a9c917f51d28e0042e55f56b3e.patch 
#patch -p 1 < debian/patches/transmission-fix-dns-rebinding-vuln.patch 
#transmission跳过校验patch
wget https://github.com/superlukia/transmission-2.92_skiphashcheck/commit/56e327d1dacb5b3453954b76a6d0edd30edb7a34.patch
patch -p 1 < 56e327d1dacb5b3453954b76a6d0edd30edb7a34.patch
./configure 
make 
#替换已安装的transmission-daemon
mv /usr/bin/transmission-daemon /usr/bin/transmission-daemon.bak
cp daemon/transmission-daemon /usr/bin/transmission-daemon

在WEB界面添加种子后校验时右键点击种子Ask tracker for more peers即可跳过校验。
另类方法：
https://www.jianshu.com/p/ab2df4282e59
参考：
https://github.com/superlukia/transmission-2.92_skiphashcheck

使用前缀为内网机器分配公网IP地址，如果需要在外网通过IPV6访问内网机器资源，由于前缀不固定，后缀是通过mac生成的，可以用ip6tables指定后缀允许访问：

ip6tables -I FORWARD -i pppoe-wan -d ::74f2:eac0:59d4:25ed/::ffff:ffff:ffff:ffff -j ACCEPT

参考：
https://superuser.com/questions/1181445/allow-traffic-through-a-firewall-to-a-dynamic-ipv6-address

基于ubuntu 18.04，安装依赖：

apt install build-essential libncurses5-dev zlib1g-dev gawk git  libssl-dev wget unzip python ocaml-nox help2man texinfo yui-compressor

下载最新版本18.10的ImageBuilder：

https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64.tar.xz
tar Jxf PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64.tar.xz
cd PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64

查看可编译的固件型号及其包含的软件包：

make info

制作固件：

#info显示的所有机型固件
make image
#仅制作k2p固件
make image PROFILE="k2p"
#安装额外的软件包，自编译软件先把软件放到packages/目录下
make image PROFILE="k2p" PACKAGES="wget"
#添加files目录内文件到固件内，如files/etc/config/network网络配置文件
make image PROFILE="k2p" FILES="files"
#查看更多选项
make help

默认的软件包在以下两个文件内：

include/target.mk
.profiles.mk 

开始使用默认配置制作k2p固件：

make image PROFILE="k2p"

遇到以下错误：

 regexp could be something like 'pkgname*' '*file*' or similar
 e.g. opkg info 'libstd*' or opkg search '*libop*' or opkg remove 'libncur*'
Makefile:140: recipe for target 'package_install' failed
make[2]: *** [package_install] Error 1
make[2]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:110: recipe for target '_call_image' failed
make[1]: *** [_call_image] Error 2
make[1]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:196: recipe for target 'image' failed
make: *** [image] Error 2

因为在Makerfile 144行要预先安装kernel文件，而package没kernel软件包，下载kernel：

wget https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/packages/kernel_3.14.79-1_mipsel_1004kc_dsp.ipk -P packages/

再次执行又出现错误：

Collected errors:
 * opkg_install_cmd: Cannot install package dosfsck.
 * opkg_install_cmd: Cannot install package fkmod-leds-gpio.
 * opkg_install_cmd: Cannot install package kmod-ipt-nathelper.
 * opkg_install_cmd: Cannot install package mkdosfs.
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for ralink-utils:
 *      kmod-ipt-nathelper-extra * 
Makefile:140: recipe for target 'package_install' failed
make[2]: *** [package_install] Error 255
make[2]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:110: recipe for target '_call_image' failed
make[1]: *** [_call_image] Error 2
make[1]: Leaving directory '/tmp/PandoraBox-ImageBuilder-ralink-mt7621.Linux-x86_64'
Makefile:196: recipe for target 'image' failed
make: *** [image] Error 2

因为新版的openwrt将kmod-ipt-nathelper-extra 更改为kmod-nf-nathelper-extra，而潘多拉的源package没修改依赖，使用以下脚本在制作时更新源后修改软件依赖项kmod-ipt-nathelper-extra为kmod-nf-nathelper-extra：

#!/bin/bash
for file in `ls dl/18.10*`;do 
        echo $file;
        mv $file $file.gz
        gunzip $file.gz
        sed -i 's/kmod-ipt-nathelper-extra/kmod-nf-nathelper-extra/g' $file
        gzip -9 $file
        mv $file.gz $file
done
sed -i 's/kmod-ipt-nathelper/kmod-nf-nathelper/g' include/target.mk 

将以上保存为fix.sh到image build目录加可执行权限，并修改Makefile文件在122行$(MAKE) package_install前插入：

$(TOPDIR)/fix.sh

再次执行又遇到以下错误：

Collected errors:
 * opkg_install_cmd: Cannot install package dosfsck.
 * opkg_install_cmd: Cannot install package fkmod-leds-gpio.
 * opkg_install_cmd: Cannot install package mkdosfs.

因为上面这3个软件有的改名，有的名字写错，修复下：

sed -i 's/fkmod-leds-gpio/kmod-leds-gpio/g' .profiles.mk
sed -i 's/mkdosfs dosfsck/dosfstools/g' .profiles.mk

再次执行终于制作完成k2p固件，将制作的固件scp到路由/tmp/目录开始刷机：

scp bin/targets/ralink/mt7621/PandoraBox-ralink-mt7621-k2p-2018-10-26-git-85c67caa2-squashfs-sysupgrade.bin 192.168.168.1:/tmp/

k2p路由内使用sysupgrade命令刷机：

sysupgrade -n -v /tmp/PandoraBox-ralink-mt7621-k2p-2018-10-26-git-85c67caa2-squashfs-sysupgrade.bin

openwrt下curl使用mbedtls，校验ssl要安装ca-bundle，wget使用libssl，校验ssl要安装ca-certificates，索性单独下载ca证书文件，curl和wget用配置文件指定ca证书。

curl -k https://www.haiyun.me/download/ss/cacert.pem -o /etc/ssl/certs/ca-certificates.crt
echo 'ca-certificate = /etc/ssl/certs/ca-certificates.crt' > ~/.wgetrc
echo 'cacert=/etc/ssl/certs/ca-certificates.crt' > ~/.curlrc