海运的博客

删除qemu-guest-agent软件包：

systemctl stop qemu-guest-agent     
apt-get autoremove --purge qemu-guest-agent -y 

qemu-guest-agent通过virtio_console内核模块建立的虚拟设备和服务器交互：

/dev/virtio-ports/org.qemu.guest_agent.0
/dev/vport1p1

卸载并禁用virtio_console模块：

rmmod virtio_console 
echo "blacklist virtio_console" >> /etc/modprobe.d/blacklist.conf

通过preseed安装时禁止安装qemu-guest-agent:

d-i preseed/late_command string ;\
sed -i '/apt-install --with-recommends qemu-guest-agent/s/^/#/' /usr/lib/finish-install.d/08hw-detect;

登录ssh时将agent sock链接到固定文件：

cat << EOF > ~/.ssh/rc 
#!/bin/bash
if [ -S "\$SSH_AUTH_SOCK" ]; then
    ln -sf \$SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
EOF
chmod +x ~/.ssh/rc 

tmux更新SSH_AUTH_SOCK变量：

cat << EOF >> ~/.tmux.conf 
#先删除SSH_AUTH_SOCK变量，不然设置无效
set -g -u update-environment[3]
setenv -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock
EOF

dropbear可使用此方法：

alias ssh='[ -n "$TMUX" ] && [ -n $SSH_AUTH_SOCK ] && eval $(tmux showenv -s SSH_AUTH_SOCK); /usr/bin/ssh'
alias scp='[ -n "$TMUX" ] && [ -n $SSH_AUTH_SOCK ] && eval $(tmux showenv -s SSH_AUTH_SOCK); /usr/bin/scp'

https://stackoverflow.com/questions/21378569/how-to-auto-update-ssh-agent-environment-variables-when-attaching-to-existing-tm

tc只能对网卡出口(egress)方向限速，如果是单机限制下载速度需将入(ingress)定向到虚拟接口出，然后使用虚拟ifb接口对下载限速。
在限制上传速度时可以直接使用iptables mark数据包，但是下载的时候ingress在iptables mark之前，需要在出的时候对流量mark并save，tc在定向流量到虚拟接口的时候添加connmark。

#!/bin/bash
set -x
#上传限速，使用hfsc模式
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: hfsc default 20
tc class add dev eth0 parent 1:0 classid 1:20 hfsc sc rate 1000mbit ul rate 1000mbit
tc class add dev eth0 parent 1:0 classid 1:21 hfsc sc rate 40mbit ul rate 50mbit
#使用htb模式限速
#tc qdisc add dev eth0 root handle 1: htb default 20
#tc class add dev eth0 parent 1:0 classid 1:20 htb rate 1000mbit
#tc class add dev eth0 parent 1:20 classid 1:21 htb rate 40mbit ceil 50mbit
#给限速队列添加随机公平
#tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
#tc qdisc add dev eth0 parent 1:21 handle 21: sfq perturb 10
#iptables mark 21使用class 1:21
tc filter add dev eth0 parent 1:0 prio 1 handle 21 fw flowid 1:21

#下载限速
modprobe ifb numifbs=1
ip link set dev ifb0 up
tc qdisc del dev eth0 ingress
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: u32 match u32 0 0 action connmark \
action mirred egress redirect dev ifb0
tc qdisc del dev ifb0 root
#tc qdisc add dev ifb0 root handle 2: hfsc default 20
#tc class add dev ifb0 parent 2:0 classid 2:20 hfsc sc rate 1000mbit ul rate 1000mbit
#tc class add dev ifb0 parent 2:0 classid 2:21 hfsc sc rate 80mbit ul rate 80mbit

tc qdisc add dev ifb0 root handle 2: htb default 20
tc class add dev ifb0 parent 2:0 classid 2:20 htb rate 1000mbit
tc class add dev ifb0 parent 2:0 classid 2:21 htb rate 80mbit

#直接使用tc限制特定ip，无需iptables mark
#tc filter add dev ifb0 parent 2:0 protocol ip prio 0 u32 match ip dst 192.168.1.2 flowid 2:21
#tc filter add dev ifb0 parent 2:0 protocol ipv6 prio 0 u32 match ip6 dst 2408::/16 flowid 2:21

tc filter add dev ifb0 parent 2:0 prio 0 handle 21 fw flowid 2:21

iptables -t mangle -F
iptables -t mangle -X
ip6tables -t mangle -F
ip6tables -t mangle -X

iptables -t mangle -A OUTPUT -m owner --uid-owner user -o eth0 -p tcp -m multiport --dport 80,443 -j RETURN
iptables -t mangle -A OUTPUT -m owner --uid-owner user -o eth0 -d 192.168.1.0/24 -j RETURN
iptables -t mangle -A OUTPUT -m owner --uid-owner user -o eth0 -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m owner --uid-owner user -o eth0 -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A OUTPUT -m owner --uid-owner user -o eth0 -j MARK --set-mark 21
iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
ip6tables -t mangle -A OUTPUT -m owner --uid-owner user -o eth0 -j CONNMARK --restore-mark
ip6tables -t mangle -A OUTPUT -m owner --uid-owner user -o eth0 -m mark ! --mark 0 -j ACCEPT
ip6tables -t mangle -A OUTPUT -p tcp --dport 443 -j MARK --set-mark 21
ip6tables -t mangle -A OUTPUT -j CONNMARK --save-mark

查看：

tc -s qdisc show dev eth0
tc -s qdisc show dev eth0 root
tc -s qdisc show dev eth0 ingress
tc -s class show dev eth0 
tc -s filter show dev eth0 

参考：
https://blog.csdn.net/i_scream_/article/details/82776333

下载mips musl交叉编译环境，也可以使用https://toolchains.bootlin.com/。

wget https://musl.cc/mips-linux-musl-cross.tgz
tar zxf mips-linux-musl-cross.tgz
export PATH=$PATH:`pwd`/mips-linux-musl-cross/bin/

编译ncurses，后续要将/lib/terminfo/x/xterm-256color等复制到目标机器/data/terminfo目录，不然运行tmux提示找不到terminfo database。

wget https://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.4.tar.gz
tar zxf ncurses-6.4.tar.gz
cd ncurses-6.4/
./configure --prefix /usr/local/tmux --with-default-terminfo-dir=/data/terminfo --enable-pc-files --host=mips-linux-musl
#解决错误:strip: Unable to recognise the format of the input file `/usr/local/tmux/bin/tic'
ln -s `pwd`/../mips-linux-musl-cross/bin/mips-linux-musl-strip /usr/local/bin/strip
make && make install
rm -rf /usr/local/bin/strip

编译libevent和tmux：

wget https://github.com/libevent/libevent/releases/download/release-2.1.12-stable/libevent-2.1.12-stable.tar.gz
tar zxf libevent-2.1.12-stable.tar.gz 
cd libevent-2.1.12-stable/
./configure --prefix /usr/local/tmux --host=mips-linux-musl --disable-openssl
make && make install

wget https://github.com/tmux/tmux/releases/download/3.3a/tmux-3.3a.tar.gz
tar zxf tmux-3.3a.tar.gz 
cd tmux-3.3a/
export CFLAGS="-I/usr/local/tmux/include -I/usr/local/tmux/include/ncurses"
export LDFLAGS="-L/usr/local/tmux/lib"
./configure --enable-static --prefix=/usr/local/tmux --host=mips-linux-musl
make && make install

静态编译dropbear，当前最新版本使用SRT关闭窗口后dropbear和执行的命令一直在后台不结束，使用dropbear-2020.81版本正常。

wget https://github.com/mkj/dropbear/archive/refs/tags/DROPBEAR_2020.81.tar.gz
tar zxf DROPBEAR_2020.81.tar.gz 
cd dropbear-DROPBEAR_2020.81/
#老版本没有configure使用autoconf生成
./configure --enable-static --prefix=/usr/local/dropbear --host=mips-linux-musl --disable-zlib --disable-syslog --disable-harden --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --disable-loginfunc 
PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" MULTI=1 make strip

编译前可修改default_options.h定义dropbear运行时的PATH用来查找scp执行文件，sftp-server执行文件路径使用SFTP。

#define SFTPSERVER_PATH "/data/bin/sftp-server"
#define DROPBEAR_PATH_SSH_PROGRAM "/data/bin/dbclient"
#define DEFAULT_ROOT_PATH "/usr/sbin:/usr/bin:/sbin:/bin:/data/bin"
#define DEFAULT_PATH "/usr/bin:/bin:/data/bin"

编译的为单个文件dropbearmulti，使用时创建软链接：

ln -s /data/bin/dropbearmulti /data/bin/dropbear
ln -s /data/bin/dropbearmulti /data/bin/dropbearkey 
ln -s /data/bin/dropbearmulti /data/bin/scp     

使用：

mkdir /etc/dropbear/
./dropbearkey -t ecdsa -s 256 -f /etc/dropbear/dropbear_ecdsa_host_key
./dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key
./dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
./dropbearkey -t rsa -s 3072 -f /etc/dropbear/dropbear_rsa_host_key
./dropbear -r /etc/dropbear/dropbear_rsa_host_key

静态编译openssl/openssh/sshd：

wget https://github.com/madler/zlib/releases/download/v1.2.13/zlib-1.2.13.tar.gz
tar zxf zlib-1.2.13.tar.gz 
cd zlib-1.2.13/
CC=mips-linux-musl-gcc  ./configure --prefix=/usr/local/openssh --static 
make && make install

wget https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1t/openssl-1.1.1t.tar.gz
tar zxf openssl-1.1.1t.tar.gz 
cd openssl-1.1.1t
#./config no-asm no-shared --prefix=/usr/local/openssh --cross-compile-prefix=mips-linux-musl-
#sed -i 's/-m64//g' Makefile
./Configure linux-mips32 no-asm no-shared --prefix=/usr/local/openssh --cross-compile-prefix=mips-linux-musl-
make && make install

export CFLAGS="-I/usr/local/openssh/include/"
export LDFLAGS="-L/usr/local/openssh/lib/"
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz
tar zxf openssh-9.3p1.tar.gz 
cd openssh-9.3p1/
./configure --prefix=/usr/local/openssh --host=mips-linux-musl --with-ldflags=-static --disable-lastlog --disable-utmp  --disable-utmpx --disable-wtmp  --disable-wtmpx --disable-libutil --disable-pututline --disable-pututxline --with-default-path=/usr/bin:/bin:/usr/sbin:/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/data/bin
make && make install

使用：

mkdir /etc/ssh
ssh-keygen -A
cat <<EOF > /etc/ssh/sshd.conf
Port 22
PermitRootLogin yes
ChallengeResponseAuthentication no
Subsystem       sftp    /data/bin/sftp-server

PubkeyAuthentication yes

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
EOF

/src/openssh-9.3p1/sshd -f /etc/ssh/sshd.conf

静态编译bash:

wget https://ftp.gnu.org/gnu/bash/bash-5.1.tar.gz
tar zxf bash-5.1.tar.gz 
cd bash-5.1/
./configure --enable-static-link --host=mips-linux-musl --without-bash-malloc
make
mips-linux-musl-strip -s bash

静态编译iperf3：

wget https://github.com/esnet/iperf/releases/download/3.15/iperf-3.15.tar.gz
tar zxf iperf-3.15.tar.gz 
cd iperf-3.15/
./configure --prefix=/usr/local/iperf3 --host=mips-linux-musl "LDFLAGS=--static" --disable-shared 
make

静态编译dnsmasq:

wget https://thekelleys.org.uk/dnsmasq/dnsmasq-2.89.tar.gz
tar zxf dnsmasq-2.89.tar.gz 
cd dnsmasq-2.89/
CC=mips-linux-musl-gcc make CFLAGS=-Os LDFLAGS=-static

EcoNet EN751221 SOC MIPS 34Kc uclibc编译vnstat:

#gcc版本太高vnstat编译失败,由于目标是uclibc，使用上面的musl编译后不能运行
wget https://toolchains.bootlin.com/downloads/releases/toolchains/mips32/tarballs/mips32--uclibc--stable-2022.08-1.tar.bz2
tar jxf mips32--uclibc--stable-2022.08-1.tar.bz2
export PATH=$PATH:`pwd`/mips32--uclibc--stable-2022.08-1/bin/

wget https://www.sqlite.org/2025/sqlite-autoconf-3490100.tar.gz
tar zxf sqlite-autoconf-3490100.tar.gz 
cd sqlite-autoconf-3490100/
./configure --host=mips-linux --disable-shared --enable-static --prefix=/usr/local/sqlite
make && make install
  
cd ../
wget https://humdi.net/vnstat/vnstat-2.13.tar.gz
tar zxf vnstat-2.13.tar.gz 
cd vnstat-2.13/
CPPFLAGS="-I/usr/local/sqlite/include/" LDFLAGS="-L/usr/local/sqlite/lib/ -static" ./configure --host=mips-linux --disable-shared --enable-static --prefix=/usr/local/vnstat
make && make install

编译aarch64版本coreutils，内核版本4.1.52：

wget https://toolchains.bootlin.com/downloads/releases/toolchains/aarch64/tarballs/aarch64--glibc--stable-2018.11-1.tar.bz2
tar jxf aarch64--glibc--stable-2018.11-1.tar.bz2 
export PATH=$PATH:`pwd`/aarch64--glibc--stable-2018.11-1/bin/

wget http://ftp.gnu.org/gnu/coreutils/coreutils-8.30.tar.xz
tar Jxf coreutils-8.30.tar.xz 
cd coreutils-8.30/
./configure --host=aarch64-linux --prefix=/usr/local/coreutils

查看rootfs所在分区：

cat /proc/mtd 
dev:    size   erasesize  name
mtd0: 00040000 00020000 "bootloader"
mtd1: 00040000 00020000 "romfile"
mtd2: 00300000 00020000 "kernel"
mtd3: 01400000 00020000 "rootfs"

通过nc将mtd rootfs分区发送到远程机器上：

nc -l -p 3333 > rootfs.bin
cat /dev/mtd3 | nc 192.168.1.8 3333

查看确认备份的文件头部是squashfs格式：

head -c 4 rootfs.bin |hexdump -C
00000000  68 73 71 73                                       |hsqs|

查看squashfs打包参数：

binwalk rootfs.bin 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Squashfs filesystem, little endian, version 4.0, compression:lzma, size: 17975011 bytes, 2288 inodes, blocksize: 131072 bytes, created: 2020-06-22 04:04:58

用binwalk解压：

binwalk -e rootfs.bin 
ls _rootfs.bin.extracted/
#0.squashfs为真正大小文件，其它空间为FF填充
0.squashfs  squashfs-root

用unsquashfs解压，推荐使用：

unsquashfs rootfs.bin 

修改squashfs-root目录内文件后重新打包，使用之前查看的参数：

mksquashfs squashfs-root rootfs-new.bin -comp lzma -b 131072

将修改的rootfs用mtd刷入：

mtd write rootfs-new.bin rootfs

校验下：

mtd verify rootfs-new.bin rootfs

注意：有的机器固件包含签名验证，修改后不能正常开机。

参考：
https://www.callmewing.com/2018/10/03/%E9%80%86%E5%90%91PT632_G2%E5%85%89%E7%8C%AB%E5%9B%BA%E4%BB%B6/
https://akbwe.com/posts/trying-to-modify-f7607p-rootfs/
https://github.com/csersoft/HWFW_GUI