Menu
▾
▴
astlinux-commits
|
From: <dha...@us...> - 2007-10-01 13:53:12
|
Revision: 1266
http://astlinux.svn.sourceforge.net/astlinux/?rev=1266&view=rev
Author: dhartman
Date: 2007-10-01 06:52:33 -0700 (Mon, 01 Oct 2007)
Log Message:
-----------
more udev changes
Modified Paths:
--------------
trunk/package/udev/init-udev
trunk/package/udev/udev.mk
Added Paths:
-----------
trunk/package/udev/udev-51-usbfs.rules
trunk/package/udev/udev-55-firmware.rules
trunk/package/udev/udev-70-ide.rules
trunk/target/generic/target_skeleton/etc/runlevels/default/S00udev
Modified: trunk/package/udev/init-udev
===================================================================
--- trunk/package/udev/init-udev 2007-09-25 03:50:43 UTC (rev 1265)
+++ trunk/package/udev/init-udev 2007-10-01 13:52:33 UTC (rev 1266)
@@ -64,7 +64,13 @@
echo -n "Populating $udev_root using udev... "
$UDEVSTART_BIN || (echo "FAIL" && exit 1)
mkdir $udev_root/pts $udev_root/shm
+ mount /dev/pts
echo "done"
+
+ # Start udevd
+ echo -n "Starting udevd... "
+ $UDEVD_BIN --daemon || (echo "FAIL" && exit 1)
+ echo "done"
;;
stop)
# do nothing
Added: trunk/package/udev/udev-51-usbfs.rules
===================================================================
--- trunk/package/udev/udev-51-usbfs.rules (rev 0)
+++ trunk/package/udev/udev-51-usbfs.rules 2007-10-01 13:52:33 UTC (rev 1266)
@@ -0,0 +1 @@
+ACTION=="add", KERNEL=="usbfs", RUN+="/bin/mount -t usbfs usbfs /proc/bus/usb"
Added: trunk/package/udev/udev-55-firmware.rules
===================================================================
--- trunk/package/udev/udev-55-firmware.rules (rev 0)
+++ trunk/package/udev/udev-55-firmware.rules 2007-10-01 13:52:33 UTC (rev 1266)
@@ -0,0 +1,3 @@
+# Firmware loading helper (replaces hotplug)
+# Firmware images go into /lib/firmware
+ACTION=="add", SUBSYSTEM=="firmware", RUN+="/lib/udev/firmware_helper"
Added: trunk/package/udev/udev-70-ide.rules
===================================================================
--- trunk/package/udev/udev-70-ide.rules (rev 0)
+++ trunk/package/udev/udev-70-ide.rules 2007-10-01 13:52:33 UTC (rev 1266)
@@ -0,0 +1,2 @@
+# IDE modules -- call script to load appropriate module
+SUBSYSTEM=="ide", ACTION=="add", ATTRS{modalias}=="ide:*", RUN+="/sbin/modprobe $env{MODALIAS}"
Modified: trunk/package/udev/udev.mk
===================================================================
--- trunk/package/udev/udev.mk 2007-09-25 03:50:43 UTC (rev 1265)
+++ trunk/package/udev/udev.mk 2007-10-01 13:52:33 UTC (rev 1266)
@@ -38,17 +38,23 @@
# rule files rely on PROGRAM invocations (e.g. extra /etc/udev/scripts);
# for now we'll avoid having buildroot systems rely on them.
#UDEV_CONF:=etc/udev/frugalware/udev.rules
-UDEV_CONF:=etc/udev/frugalware/50-udev-default.rules
+UDEV_CONF:=etc/udev/frugalware/*
$(TARGET_DIR)/$(UDEV_TARGET_BINARY): $(UDEV_DIR)/$(UDEV_BINARY)
-mkdir $(TARGET_DIR)/sys
-# install -D -m 0644 $(UDEV_DIR)/$(UDEV_CONF) \
-# $(TARGET_DIR)/etc/udev/rules.d/50-udev.rules
+ mkdir -p $(TARGET_DIR)/etc/udev/rules.d
+ $(INSTALL) -m 0644 $(UDEV_DIR)/$(UDEV_CONF) $(TARGET_DIR)/etc/udev/rules.d
$(MAKE) CROSS=$(TARGET_CROSS) GCC=$(TARGET_CC) DESTDIR=$(TARGET_DIR) \
USE_LOG=false USE_SELINUX=false \
EXTRAS="extras/firmware" \
udevdir=$(UDEV_ROOT) -C $(UDEV_DIR) install
$(INSTALL) -m 0755 -D package/udev/init-udev $(TARGET_DIR)/etc/init.d/udev
+ $(INSTALL) -m 0644 -D package/udev/udev-70-ide.rules $(TARGET_DIR)/etc/udev/rules.d/70-ide.rules
+ $(INSTALL) -m 0644 -D package/udev/udev-55-firmware.rules $(TARGET_DIR)/etc/udev/rules.d/55-firmware.rules
+ $(INSTALL) -m 0644 -D package/udev/udev-51-usbfs.rules $(TARGET_DIR)/etc/udev/rules.d/51-usbfs.rules
+ echo 'udev_root=/dev' >> $(TARGET_DIR)/etc/udev/udev.conf
+ $(INSTALL) -m 0755 -D $(UDEV_DIR)/udevstart $(TARGET_DIR)/sbin/udevstart
+ $(INSTALL) -m 0755 -D $(UDEV_DIR)/udev $(TARGET_DIR)/sbin/udev
udev: uclibc $(TARGET_DIR)/$(UDEV_TARGET_BINARY)
Added: trunk/target/generic/target_skeleton/etc/runlevels/default/S00udev
===================================================================
--- trunk/target/generic/target_skeleton/etc/runlevels/default/S00udev (rev 0)
+++ trunk/target/generic/target_skeleton/etc/runlevels/default/S00udev 2007-10-01 13:52:33 UTC (rev 1266)
@@ -0,0 +1 @@
+link ../../init.d/udev
\ No newline at end of file
Property changes on: trunk/target/generic/target_skeleton/etc/runlevels/default/S00udev
___________________________________________________________________
Name: svn:special
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-10-19 03:47:42
|
Revision: 1293
http://astlinux.svn.sourceforge.net/astlinux/?rev=1293&view=rev
Author: krisk84
Date: 2007-10-18 20:47:46 -0700 (Thu, 18 Oct 2007)
Log Message:
-----------
support startup and configuration of wanpipe with zaptel
Modified Paths:
--------------
trunk/package/zaptel/zaptel.init
trunk/target/generic/target_skeleton/etc/rc
Modified: trunk/package/zaptel/zaptel.init
===================================================================
--- trunk/package/zaptel/zaptel.init 2007-10-18 20:35:19 UTC (rev 1292)
+++ trunk/package/zaptel/zaptel.init 2007-10-19 03:47:46 UTC (rev 1293)
@@ -3,6 +3,18 @@
. /etc/rc.conf
init () {
+
+if [ -d /mnt/kd/wanpipe ]
+then
+ln -s /mnt/kd/wanpipe /tmp/etc/wanpipe
+else
+if [ -d /stat/etc/wanpipe ]
+then
+mkdir /tmp/etc/wanpipe
+cp -a /stat/etc/wanpipe/* /tmp/etc/wanpipe/
+fi
+fi
+
if [ ! -d /dev/zap ]
then
mkdir -p /dev/zap
@@ -28,6 +40,12 @@
}
start () {
+
+if [ -r /etc/wanpipe/wanpipe*.conf ]
+then
+/usr/sbin/wanrouter start
+fi
+
if [ -r /etc/zaptel.conf ]
then
@@ -38,6 +56,7 @@
modprobe -q $i
done
fi
+
ztcfg
if [ "$EXTIF" = "hdlc0" ]
@@ -59,6 +78,7 @@
fi
else
+echo "No Zap hardware - loading ztdummy"
modprobe ztdummy
fi
}
@@ -73,6 +93,12 @@
else
modprobe -r ztdummy
fi
+
+if [ -r /etc/wanpipe/wanpipe*.conf ]
+then
+/usr/sbin/wanrouter stop
+fi
+
}
case $1 in
Modified: trunk/target/generic/target_skeleton/etc/rc
===================================================================
--- trunk/target/generic/target_skeleton/etc/rc 2007-10-18 20:35:19 UTC (rev 1292)
+++ trunk/target/generic/target_skeleton/etc/rc 2007-10-19 03:47:46 UTC (rev 1293)
@@ -343,17 +343,6 @@
touch /var/log/wtmp
fi
-if [ -d /mnt/kd/wanpipe ]
-then
-ln -s /mnt/kd/wanpipe /tmp/etc/wanpipe
-else
-if [ -d /stat/etc/wanpipe ]
-then
-mkdir /tmp/etc/wanpipe
-cp -a /stat/etc/wanpipe/* /tmp/etc/wanpipe/
-fi
-fi
-
#Resize filesystems if we need to...
if [ $VAR_SIZE ]
then
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dha...@us...> - 2007-10-19 17:58:17
|
Revision: 1304
http://astlinux.svn.sourceforge.net/astlinux/?rev=1304&view=rev
Author: dhartman
Date: 2007-10-19 10:58:20 -0700 (Fri, 19 Oct 2007)
Log Message:
-----------
make udev do something
Modified Paths:
--------------
trunk/package/udev/udev.mk
trunk/target/generic/target_skeleton/etc/rc
Removed Paths:
-------------
trunk/package/udev/init-udev
Deleted: trunk/package/udev/init-udev
===================================================================
--- trunk/package/udev/init-udev 2007-10-19 16:49:53 UTC (rev 1303)
+++ trunk/package/udev/init-udev 2007-10-19 17:58:20 UTC (rev 1304)
@@ -1,82 +0,0 @@
-#!/bin/sh
-#
-# udev This is a minimal non-LSB version of a UDEV startup script. It
-# was derived by stripping down the udev-058 LSB version for use
-# with buildroot on embedded hardware using Linux 2.6.12+ kernels.
-#
-# You may need to customize this for your system's resource limits
-# (including startup time!) and administration. For example, if
-# your early userspace has a custom initramfs or initrd you might
-# need /dev much earlier; or without hotpluggable busses (like USB,
-# PCMCIA, MMC/SD, and so on) your /dev might be static after boot.
-#
-# This script assumes your system boots right into the eventual root
-# filesystem, and that init runs this udev script before any programs
-# needing more device nodes than the bare-bones set -- /dev/console,
-# /dev/zero, /dev/null -- that's needed to boot and run this script.
-#
-
-# old kernels don't use udev
-case $(uname -r) in
-2.6*|2.7*) ;;
-*) exit 0;;
-esac
-
-# Check for missing binaries
-UDEV_BIN=/sbin/udevd
-test -x $UDEV_BIN || exit 5
-UDEVSTART_BIN=/sbin/udevstart
-test -x $UDEVSTART_BIN || exit 5
-
-# Check for config file and read it
-UDEV_CONFIG=/etc/udev/udev.conf
-test -r $UDEV_CONFIG || exit 6
-. $UDEV_CONFIG
-
-# Directory where sysfs is mounted
-SYSFS_DIR=/sys
-
-case "$1" in
- start)
- # mount sysfs if it's not yet mounted
- if [ ! -d $SYSFS_DIR ]; then
- echo "${0}: SYSFS_DIR \"$SYSFS_DIR\" not found"
- exit 1
- fi
- grep -q "^sysfs $SYSFS_DIR" /proc/mounts ||
- mount -t sysfs /sys /sys ||
- exit 1
-
- # mount $udev_root as ramfs if it's not yet mounted
- # we know 2.6 kernels always support ramfs
- if [ ! -d $udev_root ]; then
- echo "${0}: udev_root \"$udev_root\" not found"
- exit 1
- fi
- grep -q "^udev $udev_root" /proc/mounts ||
- mount -t ramfs udev $udev_root ||
- exit 1
-
- # heck, go whole-hog: use only new style hotplug
- # echo $UDEV_BIN > /proc/sys/kernel/hotplug
-
- # populate /dev (normally)
- echo -n "Populating $udev_root using udev... "
- $UDEVSTART_BIN || (echo "FAIL" && exit 1)
- mkdir $udev_root/pts $udev_root/shm
- mount /dev/pts
- echo "done"
-
- # Start udevd
- echo -n "Starting udevd... "
- $UDEVD_BIN --daemon || (echo "FAIL" && exit 1)
- echo "done"
- ;;
- stop)
- # do nothing
- ;;
- *)
- echo "Usage: $0 {start|stop}"
- exit 1
- ;;
-esac
Modified: trunk/package/udev/udev.mk
===================================================================
--- trunk/package/udev/udev.mk 2007-10-19 16:49:53 UTC (rev 1303)
+++ trunk/package/udev/udev.mk 2007-10-19 17:58:20 UTC (rev 1304)
@@ -48,7 +48,7 @@
USE_LOG=false USE_SELINUX=false \
EXTRAS="extras/firmware" \
udevdir=$(UDEV_ROOT) -C $(UDEV_DIR) install
- $(INSTALL) -m 0755 -D package/udev/init-udev $(TARGET_DIR)/etc/init.d/udev
+# $(INSTALL) -m 0755 -D package/udev/init-udev $(TARGET_DIR)/etc/init.d/udev
$(INSTALL) -m 0644 -D package/udev/udev-70-ide.rules $(TARGET_DIR)/etc/udev/rules.d/70-ide.rules
$(INSTALL) -m 0644 -D package/udev/udev-55-firmware.rules $(TARGET_DIR)/etc/udev/rules.d/55-firmware.rules
$(INSTALL) -m 0644 -D package/udev/udev-51-usbfs.rules $(TARGET_DIR)/etc/udev/rules.d/51-usbfs.rules
Modified: trunk/target/generic/target_skeleton/etc/rc
===================================================================
--- trunk/target/generic/target_skeleton/etc/rc 2007-10-19 16:49:53 UTC (rev 1303)
+++ trunk/target/generic/target_skeleton/etc/rc 2007-10-19 17:58:20 UTC (rev 1304)
@@ -118,8 +118,10 @@
mount -t tmpfs -o size=200k none /dev
mount -t tmpfs -o size=5000k none /var
mount -t tmpfs -o size=10000k none /tmp
+if [ !-x /sbin/udevstart ]
mkdir /dev/pts
mount -t devpts none /dev/pts
+fi
mount -t sysfs none /sys
mount -t usbfs usbfs /proc/bus/usb
mkdir /tmp/etc
@@ -131,10 +133,18 @@
none /var tmpfs size=5000k 0 0
" > /tmp/etc/fstab
+if [ -x /sbin/udevstart ]
+then
+/sbin/udevstart /dev
+mkdir /dev/pts
+mount -t devpts none /dev/pts
+/sbin/udevd --daemon
+else
if [ -d /stat/dev ]
then
cp -a /stat/dev/* /dev/
fi
+fi
if `grep -q "astlinux=net4801" /proc/cmdline`
then
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-10-24 01:57:32
|
Revision: 1311
http://astlinux.svn.sourceforge.net/astlinux/?rev=1311&view=rev
Author: krisk84
Date: 2007-10-23 18:57:34 -0700 (Tue, 23 Oct 2007)
Log Message:
-----------
IMQ support for geni586
Modified Paths:
--------------
trunk/target/device/geni586/linux.config
Added Paths:
-----------
trunk/package/iptables/iptables-imq.patch
trunk/target/device/kernel-patches/linux-2.6.20.18-imq.patch
Added: trunk/package/iptables/iptables-imq.patch
===================================================================
--- trunk/package/iptables/iptables-imq.patch (rev 0)
+++ trunk/package/iptables/iptables-imq.patch 2007-10-24 01:57:34 UTC (rev 1311)
@@ -0,0 +1,221 @@
+--- iptables-1.3.6.orig/extensions.orig/.IMQ-test6 Thu Jan 1 01:00:00 1970
++++ iptables-1.3.6/extensions/.IMQ-test6 Mon Jun 16 10:12:47 2003
+@@ -0,0 +1,3 @@
++#!/bin/sh
++# True if IMQ target patch is applied.
++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ
+--- iptables-1.3.6.orig/extensions.orig/libip6t_IMQ.c Thu Jan 1 01:00:00 1970
++++ iptables-1.3.6/extensions/libip6t_IMQ.c Mon Jun 16 10:12:47 2003
+@@ -0,0 +1,101 @@
++/* Shared library add-on to iptables to add IMQ target support. */
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <ip6tables.h>
++#include <linux/netfilter_ipv6/ip6_tables.h>
++#include <linux/netfilter_ipv6/ip6t_IMQ.h>
++
++/* Function which prints out usage message. */
++static void
++help(void)
++{
++ printf(
++"IMQ target v%s options:\n"
++" --todev <N> enqueue to imq<N>, defaults to 0\n",
++IPTABLES_VERSION);
++}
++
++static struct option opts[] = {
++ { "todev", 1, 0, '1' },
++ { 0 }
++};
++
++/* Initialize the target. */
++static void
++init(struct ip6t_entry_target *t, unsigned int *nfcache)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data;
++
++ mr->todev = 0;
++ *nfcache |= NFC_UNKNOWN;
++}
++
++/* Function which parses command options; returns true if it
++ ate an option */
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++ const struct ip6t_entry *entry,
++ struct ip6t_entry_target **target)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data;
++
++ switch(c) {
++ case '1':
++ if (check_inverse(optarg, &invert, NULL, 0))
++ exit_error(PARAMETER_PROBLEM,
++ "Unexpected `!' after --todev");
++ mr->todev=atoi(optarg);
++ break;
++ default:
++ return 0;
++ }
++ return 1;
++}
++
++static void
++final_check(unsigned int flags)
++{
++}
++
++/* Prints out the targinfo. */
++static void
++print(const struct ip6t_ip6 *ip,
++ const struct ip6t_entry_target *target,
++ int numeric)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
++
++ printf("IMQ: todev %u ", mr->todev);
++}
++
++/* Saves the union ipt_targinfo in parsable form to stdout. */
++static void
++save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
++
++ printf("--todev %u", mr->todev);
++}
++
++static struct ip6tables_target imq = {
++ .next = NULL,
++ .name = "IMQ",
++ .version = IPTABLES_VERSION,
++ .size = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
++ .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++static __attribute__((constructor)) void _init(void)
++{
++ register_target6(&imq);
++}
+--- iptables-1.3.6.orig/extensions.orig/.IMQ-test Thu Jan 1 01:00:00 1970
++++ iptables-1.3.6/extensions/.IMQ-test Mon Jun 16 10:12:47 2003
+@@ -0,0 +1,3 @@
++#!/bin/sh
++# True if IMQ target patch is applied.
++[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ
+--- iptables-1.3.6.orig/extensions.orig/libipt_IMQ.c Thu Jan 1 01:00:00 1970
++++ iptables-1.3.6/extensions/libipt_IMQ.c Mon Jun 16 10:12:47 2003
+@@ -0,0 +1,101 @@
++/* Shared library add-on to iptables to add IMQ target support. */
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <iptables.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_IMQ.h>
++
++/* Function which prints out usage message. */
++static void
++help(void)
++{
++ printf(
++"IMQ target v%s options:\n"
++" --todev <N> enqueue to imq<N>, defaults to 0\n",
++IPTABLES_VERSION);
++}
++
++static struct option opts[] = {
++ { "todev", 1, 0, '1' },
++ { 0 }
++};
++
++/* Initialize the target. */
++static void
++init(struct ipt_entry_target *t, unsigned int *nfcache)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data;
++
++ mr->todev = 0;
++ *nfcache |= NFC_UNKNOWN;
++}
++
++/* Function which parses command options; returns true if it
++ ate an option */
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++ const struct ipt_entry *entry,
++ struct ipt_entry_target **target)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data;
++
++ switch(c) {
++ case '1':
++ if (check_inverse(optarg, &invert, NULL, 0))
++ exit_error(PARAMETER_PROBLEM,
++ "Unexpected `!' after --todev");
++ mr->todev=atoi(optarg);
++ break;
++ default:
++ return 0;
++ }
++ return 1;
++}
++
++static void
++final_check(unsigned int flags)
++{
++}
++
++/* Prints out the targinfo. */
++static void
++print(const struct ipt_ip *ip,
++ const struct ipt_entry_target *target,
++ int numeric)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
++
++ printf("IMQ: todev %u ", mr->todev);
++}
++
++/* Saves the union ipt_targinfo in parsable form to stdout. */
++static void
++save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
++
++ printf("--todev %u", mr->todev);
++}
++
++static struct iptables_target imq = {
++ .next = NULL,
++ .name = "IMQ",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct ipt_imq_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_imq_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++static __attribute__((constructor)) void _init(void)
++{
++ register_target(&imq);
++}
+
Modified: trunk/target/device/geni586/linux.config
===================================================================
--- trunk/target/device/geni586/linux.config 2007-10-21 19:37:12 UTC (rev 1310)
+++ trunk/target/device/geni586/linux.config 2007-10-24 01:57:34 UTC (rev 1311)
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Linux kernel version: 2.6.20.16
-# Thu Aug 23 11:08:42 2007
+# Linux kernel version: 2.6.20.18
+# Tue Oct 23 16:49:22 2007
#
CONFIG_X86_32=y
CONFIG_GENERIC_TIME=y
@@ -460,6 +460,7 @@
CONFIG_NF_NAT_H323=m
CONFIG_NF_NAT_SIP=m
CONFIG_IP_NF_MANGLE=m
+CONFIG_IP_NF_TARGET_IMQ=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
@@ -932,6 +933,12 @@
# CONFIG_DUMMY is not set
CONFIG_BONDING=m
# CONFIG_EQUALIZER is not set
+CONFIG_IMQ=m
+# CONFIG_IMQ_BEHAVIOR_AA is not set
+# CONFIG_IMQ_BEHAVIOR_AB is not set
+CONFIG_IMQ_BEHAVIOR_BA=y
+# CONFIG_IMQ_BEHAVIOR_BB is not set
+CONFIG_IMQ_NUM_DEVS=2
CONFIG_TUN=m
# CONFIG_NET_SB1000 is not set
Added: trunk/target/device/kernel-patches/linux-2.6.20.18-imq.patch
===================================================================
--- trunk/target/device/kernel-patches/linux-2.6.20.18-imq.patch (rev 0)
+++ trunk/target/device/kernel-patches/linux-2.6.20.18-imq.patch 2007-10-24 01:57:34 UTC (rev 1311)
@@ -0,0 +1,4483 @@
+diff -urN linux-2.6.20.18.orig/drivers/net/imq.c linux-2.6.20.18/drivers/net/imq.c
+--- linux-2.6.20.18.orig/drivers/net/imq.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/drivers/net/imq.c 2007-10-23 16:36:54.000000000 -0400
+@@ -0,0 +1,402 @@
++/*
++ * Pseudo-driver for the intermediate queue device.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version
++ * 2 of the License, or (at your option) any later version.
++ *
++ * Authors: Patrick McHardy, <ka...@tr...>
++ *
++ * The first version was written by Martin Devera, <de...@cd...>
++ *
++ * Credits: Jan Rafaj <im...@ce...>
++ * - Update patch to 2.4.21
++ * Sebastian Strollo <sst...@no...>
++ * - Fix "Dead-loop on netdevice imq"-issue
++ * Marcel Sebek <se...@po...>
++ * - Update to 2.6.2-rc1
++ *
++ * After some time of inactivity there is a group taking care
++ * of IMQ again: http://www.linuximq.net
++ *
++ *
++ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 including
++ * the following changes:
++ *
++ * - Correction of ipv6 support "+"s issue (Hasso Tepper)
++ * - Correction of imq_init_devs() issue that resulted in
++ * kernel OOPS unloading IMQ as module (Norbert Buchmuller)
++ * - Addition of functionality to choose number of IMQ devices
++ * during kernel config (Andre Correa)
++ * - Addition of functionality to choose how IMQ hooks on
++ * PRE and POSTROUTING (after or before NAT) (Andre Correa)
++ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa)
++ *
++ *
++ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were
++ * released with almost no problems. 2.6.14-x was released
++ * with some important changes: nfcache was removed; After
++ * some weeks of trouble we figured out that some IMQ fields
++ * in skb were missing in skbuff.c - skb_clone and copy_skb_header.
++ * These functions are correctly patched by this new patch version.
++ *
++ * Thanks for all who helped to figure out all the problems with
++ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX,
++ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully
++ * I didn't forget anybody). I apologize again for my lack of time.
++ *
++ * More info at: http://www.linuximq.net/ (Andre Correa)
++ */
++
++#include <linux/module.h>
++#include <linux/kernel.h>
++#include <linux/moduleparam.h>
++#include <linux/skbuff.h>
++#include <linux/netdevice.h>
++#include <linux/rtnetlink.h>
++#include <linux/if_arp.h>
++#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4.h>
++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
++ #include <linux/netfilter_ipv6.h>
++#endif
++#include <linux/imq.h>
++#include <net/pkt_sched.h>
++
++extern int qdisc_restart1(struct net_device *dev);
++
++static nf_hookfn imq_nf_hook;
++
++static struct nf_hook_ops imq_ingress_ipv4 = {
++ .hook = imq_nf_hook,
++ .owner = THIS_MODULE,
++ .pf = PF_INET,
++ .hooknum = NF_IP_PRE_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++ .priority = NF_IP_PRI_MANGLE + 1
++#else
++ .priority = NF_IP_PRI_NAT_DST + 1
++#endif
++};
++
++static struct nf_hook_ops imq_egress_ipv4 = {
++ .hook = imq_nf_hook,
++ .owner = THIS_MODULE,
++ .pf = PF_INET,
++ .hooknum = NF_IP_POST_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
++ .priority = NF_IP_PRI_LAST
++#else
++ .priority = NF_IP_PRI_NAT_SRC - 1
++#endif
++};
++
++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
++static struct nf_hook_ops imq_ingress_ipv6 = {
++ .hook = imq_nf_hook,
++ .owner = THIS_MODULE,
++ .pf = PF_INET6,
++ .hooknum = NF_IP6_PRE_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++ .priority = NF_IP6_PRI_MANGLE + 1
++#else
++ .priority = NF_IP6_PRI_NAT_DST + 1
++#endif
++};
++
++static struct nf_hook_ops imq_egress_ipv6 = {
++ .hook = imq_nf_hook,
++ .owner = THIS_MODULE,
++ .pf = PF_INET6,
++ .hooknum = NF_IP6_POST_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
++ .priority = NF_IP6_PRI_LAST
++#else
++ .priority = NF_IP6_PRI_NAT_SRC - 1
++#endif
++};
++#endif
++
++#if defined(CONFIG_IMQ_NUM_DEVS)
++static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS;
++#else
++static unsigned int numdevs = 2;
++#endif
++
++static struct net_device *imq_devs;
++
++static struct net_device_stats *imq_get_stats(struct net_device *dev)
++{
++ return (struct net_device_stats *)dev->priv;
++}
++
++/* called for packets kfree'd in qdiscs at places other than enqueue */
++static void imq_skb_destructor(struct sk_buff *skb)
++{
++ struct nf_info *info = skb->nf_info;
++
++ if (info) {
++ if (info->indev)
++ dev_put(info->indev);
++ if (info->outdev)
++ dev_put(info->outdev);
++ kfree(info);
++ }
++}
++
++static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev)
++{
++ struct net_device_stats *stats = (struct net_device_stats*) dev->priv;
++
++ stats->tx_bytes += skb->len;
++ stats->tx_packets++;
++
++ skb->imq_flags = 0;
++ skb->destructor = NULL;
++
++ dev->trans_start = jiffies;
++ nf_reinject(skb, skb->nf_info, NF_ACCEPT);
++ return 0;
++}
++
++static int imq_nf_queue(struct sk_buff *skb, struct nf_info *info, unsigned queue_num, void *data)
++{
++ struct net_device *dev;
++ struct net_device_stats *stats;
++ struct sk_buff *skb2 = NULL;
++ struct Qdisc *q;
++ unsigned int index = skb->imq_flags&IMQ_F_IFMASK;
++ int ret = -1;
++
++ if (index > numdevs)
++ return -1;
++
++ dev = imq_devs + index;
++ if (!(dev->flags & IFF_UP)) {
++ skb->imq_flags = 0;
++ nf_reinject(skb, info, NF_ACCEPT);
++ return 0;
++ }
++ dev->last_rx = jiffies;
++
++ if (skb->destructor) {
++ skb2 = skb;
++ skb = skb_clone(skb, GFP_ATOMIC);
++ if (!skb)
++ return -1;
++ }
++ skb->nf_info = info;
++
++ stats = (struct net_device_stats *)dev->priv;
++ stats->rx_bytes+= skb->len;
++ stats->rx_packets++;
++
++ spin_lock_bh(&dev->queue_lock);
++ q = dev->qdisc;
++ if (q->enqueue) {
++ q->enqueue(skb_get(skb), q);
++ if (skb_shared(skb)) {
++ skb->destructor = imq_skb_destructor;
++ kfree_skb(skb);
++ ret = 0;
++ }
++ }
++ if (spin_is_locked(&dev->_xmit_lock))
++ netif_schedule(dev);
++ else
++ while (!netif_queue_stopped(dev) && qdisc_restart1(dev) < 0)
++ /* NOTHING */;
++
++ spin_unlock_bh(&dev->queue_lock);
++
++ if (skb2)
++ kfree_skb(ret ? skb : skb2);
++
++ return ret;
++}
++
++static struct nf_queue_handler nfqh = {
++ .name = "imq",
++ .outfn = imq_nf_queue,
++};
++
++static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff **pskb,
++ const struct net_device *indev,
++ const struct net_device *outdev,
++ int (*okfn)(struct sk_buff *))
++{
++ if ((*pskb)->imq_flags & IMQ_F_ENQUEUE)
++ return NF_QUEUE;
++
++ return NF_ACCEPT;
++}
++
++
++static int __init imq_init_hooks(void)
++{
++ int err;
++
++ err = nf_register_queue_handler(PF_INET, &nfqh);
++ if (err > 0)
++ goto err1;
++ if ((err = nf_register_hook(&imq_ingress_ipv4)))
++ goto err2;
++ if ((err = nf_register_hook(&imq_egress_ipv4)))
++ goto err3;
++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
++ if ((err = nf_register_queue_handler(PF_INET6, &nfqh)))
++ goto err4;
++ if ((err = nf_register_hook(&imq_ingress_ipv6)))
++ goto err5;
++ if ((err = nf_register_hook(&imq_egress_ipv6)))
++ goto err6;
++#endif
++
++ return 0;
++
++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
++err6:
++ nf_unregister_hook(&imq_ingress_ipv6);
++err5:
++ nf_unregister_queue_handler(PF_INET6);
++err4:
++ nf_unregister_hook(&imq_egress_ipv6);
++#endif
++err3:
++ nf_unregister_hook(&imq_ingress_ipv4);
++err2:
++ nf_unregister_queue_handler(PF_INET);
++err1:
++ return err;
++}
++
++static void __exit imq_unhook(void)
++{
++ nf_unregister_hook(&imq_ingress_ipv4);
++ nf_unregister_hook(&imq_egress_ipv4);
++ nf_unregister_queue_handler(PF_INET);
++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
++ nf_unregister_hook(&imq_ingress_ipv6);
++ nf_unregister_hook(&imq_egress_ipv6);
++ nf_unregister_queue_handler(PF_INET6);
++#endif
++}
++
++static int __init imq_dev_init(struct net_device *dev)
++{
++ dev->hard_start_xmit = imq_dev_xmit;
++ dev->type = ARPHRD_VOID;
++ dev->mtu = 1500;
++ dev->tx_queue_len = 30;
++ dev->flags = IFF_NOARP;
++ dev->priv = kmalloc(sizeof(struct net_device_stats), GFP_KERNEL);
++ if (dev->priv == NULL)
++ return -ENOMEM;
++ memset(dev->priv, 0, sizeof(struct net_device_stats));
++ dev->get_stats = imq_get_stats;
++
++ return 0;
++}
++
++static void imq_dev_uninit(struct net_device *dev)
++{
++ kfree(dev->priv);
++}
++
++static int __init imq_init_devs(void)
++{
++ struct net_device *dev;
++ int i,j;
++ j = numdevs;
++
++ if (!numdevs || numdevs > IMQ_MAX_DEVS) {
++ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n",
++ IMQ_MAX_DEVS);
++ return -EINVAL;
++ }
++
++ imq_devs = kmalloc(sizeof(struct net_device) * numdevs, GFP_KERNEL);
++ if (!imq_devs)
++ return -ENOMEM;
++ memset(imq_devs, 0, sizeof(struct net_device) * numdevs);
++
++ /* we start counting at zero */
++ numdevs--;
++
++ for (i = 0, dev = imq_devs; i <= numdevs; i++, dev++) {
++ SET_MODULE_OWNER(dev);
++ strcpy(dev->name, "imq%d");
++ dev->init = imq_dev_init;
++ dev->uninit = imq_dev_uninit;
++
++ if (register_netdev(dev) < 0)
++ goto err_register;
++ }
++ printk(KERN_INFO "IMQ starting with %u devices...\n", j);
++ return 0;
++
++err_register:
++ for (; i; i--)
++ unregister_netdev(--dev);
++ kfree(imq_devs);
++ return -EIO;
++}
++
++static void imq_cleanup_devs(void)
++{
++ int i;
++ struct net_device *dev = imq_devs;
++
++ for (i = 0; i <= numdevs; i++)
++ unregister_netdev(dev++);
++
++ kfree(imq_devs);
++}
++
++static int __init imq_init_module(void)
++{
++ int err;
++
++ if ((err = imq_init_devs())) {
++ printk(KERN_ERR "IMQ: Error trying imq_init_devs()\n");
++ return err;
++ }
++ if ((err = imq_init_hooks())) {
++ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n");
++ imq_cleanup_devs();
++ return err;
++ }
++
++ printk(KERN_INFO "IMQ driver loaded successfully.\n");
++
++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n");
++#else
++ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n");
++#endif
++#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n");
++#else
++ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n");
++#endif
++
++ return 0;
++}
++
++static void __exit imq_cleanup_module(void)
++{
++ imq_unhook();
++ imq_cleanup_devs();
++ printk(KERN_INFO "IMQ driver unloaded successfully.\n");
++}
++
++
++module_init(imq_init_module);
++module_exit(imq_cleanup_module);
++
++module_param(numdevs, int, 0);
++MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)");
++MODULE_AUTHOR("http://www.linuximq.net");
++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
++MODULE_LICENSE("GPL");
+diff -urN linux-2.6.20.18.orig/drivers/net/Kconfig linux-2.6.20.18/drivers/net/Kconfig
+--- linux-2.6.20.18.orig/drivers/net/Kconfig 2007-08-28 06:15:07.000000000 -0400
++++ linux-2.6.20.18/drivers/net/Kconfig 2007-10-23 16:36:54.000000000 -0400
+@@ -96,6 +96,129 @@
+ To compile this driver as a module, choose M here: the module
+ will be called eql. If unsure, say N.
+
++config IMQ
++ tristate "IMQ (intermediate queueing device) support"
++ depends on NETDEVICES && NETFILTER
++ ---help---
++ The IMQ device(s) is used as placeholder for QoS queueing
++ disciplines. Every packet entering/leaving the IP stack can be
++ directed through the IMQ device where it's enqueued/dequeued to the
++ attached qdisc. This allows you to treat network devices as classes
++ and distribute bandwidth among them. Iptables is used to specify
++ through which IMQ device, if any, packets travel.
++
++ More information at: http://www.linuximq.net/
++
++ To compile this driver as a module, choose M here: the module
++ will be called imq. If unsure, say N.
++
++choice
++ prompt "IMQ behavior (PRE/POSTROUTING)"
++ depends on IMQ
++ default IMQ_BEHAVIOR_BA
++ help
++
++ This settings defines how IMQ behaves in respect to its
++ hooking in PREROUTING and POSTROUTING.
++
++ IMQ can work in any of the following ways:
++
++ PREROUTING | POSTROUTING
++ -----------------|-------------------
++ #1 After NAT | After NAT
++ #2 After NAT | Before NAT
++ #3 Before NAT | After NAT
++ #4 Before NAT | Before NAT
++
++ The default behavior is to hook before NAT on PREROUTING
++ and after NAT on POSTROUTING (#3).
++
++ This settings are specially usefull when trying to use IMQ
++ to shape NATed clients.
++
++ More information can be found at: www.linuximq.net
++
++ If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_AA
++ bool "IMQ AA"
++ help
++ This settings defines how IMQ behaves in respect to its
++ hooking in PREROUTING and POSTROUTING.
++
++ Choosing this option will make IMQ hook like this:
++
++ PREROUTING: After NAT
++ POSTROUTING: After NAT
++
++ More information can be found at: www.linuximq.net
++
++ If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_AB
++ bool "IMQ AB"
++ help
++ This settings defines how IMQ behaves in respect to its
++ hooking in PREROUTING and POSTROUTING.
++
++ Choosing this option will make IMQ hook like this:
++
++ PREROUTING: After NAT
++ POSTROUTING: Before NAT
++
++ More information can be found at: www.linuximq.net
++
++ If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_BA
++ bool "IMQ BA"
++ help
++ This settings defines how IMQ behaves in respect to its
++ hooking in PREROUTING and POSTROUTING.
++
++ Choosing this option will make IMQ hook like this:
++
++ PREROUTING: Before NAT
++ POSTROUTING: After NAT
++
++ More information can be found at: www.linuximq.net
++
++ If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_BB
++ bool "IMQ BB"
++ help
++ This settings defines how IMQ behaves in respect to its
++ hooking in PREROUTING and POSTROUTING.
++
++ Choosing this option will make IMQ hook like this:
++
++ PREROUTING: Before NAT
++ POSTROUTING: Before NAT
++
++ More information can be found at: www.linuximq.net
++
++ If not sure leave the default settings alone.
++
++endchoice
++
++config IMQ_NUM_DEVS
++
++ int "Number of IMQ devices"
++ range 2 8
++ depends on IMQ
++ default "2"
++ help
++
++ This settings defines how many IMQ devices will be
++ created.
++
++ The default value is 2.
++
++ More information can be found at: www.linuximq.net
++
++ If not sure leave the default settings alone.
++
+ config TUN
+ tristate "Universal TUN/TAP device driver support"
+ select CRC32
+diff -urN linux-2.6.20.18.orig/drivers/net/Makefile linux-2.6.20.18/drivers/net/Makefile
+--- linux-2.6.20.18.orig/drivers/net/Makefile 2007-08-28 06:15:07.000000000 -0400
++++ linux-2.6.20.18/drivers/net/Makefile 2007-10-23 16:36:54.000000000 -0400
+@@ -124,6 +124,7 @@
+ obj-$(CONFIG_SLHC) += slhc.o
+
+ obj-$(CONFIG_DUMMY) += dummy.o
++obj-$(CONFIG_IMQ) += imq.o
+ obj-$(CONFIG_IFB) += ifb.o
+ obj-$(CONFIG_DE600) += de600.o
+ obj-$(CONFIG_DE620) += de620.o
+diff -urN linux-2.6.20.18.orig/include/linux/imq.h linux-2.6.20.18/include/linux/imq.h
+--- linux-2.6.20.18.orig/include/linux/imq.h 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/include/linux/imq.h 2007-10-23 16:36:54.000000000 -0400
+@@ -0,0 +1,9 @@
++#ifndef _IMQ_H
++#define _IMQ_H
++
++#define IMQ_MAX_DEVS 16
++
++#define IMQ_F_IFMASK 0x7f
++#define IMQ_F_ENQUEUE 0x80
++
++#endif /* _IMQ_H */
+diff -urN linux-2.6.20.18.orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.6.20.18/include/linux/netfilter_ipv4/ipt_IMQ.h
+--- linux-2.6.20.18.orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/include/linux/netfilter_ipv4/ipt_IMQ.h 2007-10-23 16:36:54.000000000 -0400
+@@ -0,0 +1,8 @@
++#ifndef _IPT_IMQ_H
++#define _IPT_IMQ_H
++
++struct ipt_imq_info {
++ unsigned int todev; /* target imq device */
++};
++
++#endif /* _IPT_IMQ_H */
+diff -urN linux-2.6.20.18.orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.6.20.18/include/linux/netfilter_ipv6/ip6t_IMQ.h
+--- linux-2.6.20.18.orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/include/linux/netfilter_ipv6/ip6t_IMQ.h 2007-10-23 16:36:54.000000000 -0400
+@@ -0,0 +1,8 @@
++#ifndef _IP6T_IMQ_H
++#define _IP6T_IMQ_H
++
++struct ip6t_imq_info {
++ unsigned int todev; /* target imq device */
++};
++
++#endif /* _IP6T_IMQ_H */
+diff -urN linux-2.6.20.18.orig/include/linux/skbuff.h linux-2.6.20.18/include/linux/skbuff.h
+--- linux-2.6.20.18.orig/include/linux/skbuff.h 2007-08-28 06:15:07.000000000 -0400
++++ linux-2.6.20.18/include/linux/skbuff.h 2007-10-23 16:36:54.000000000 -0400
+@@ -294,6 +294,10 @@
+ #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+ struct sk_buff *nfct_reasm;
+ #endif
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++ unsigned char imq_flags;
++ struct nf_info *nf_info;
++#endif
+ #ifdef CONFIG_BRIDGE_NETFILTER
+ struct nf_bridge_info *nf_bridge;
+ #endif
+diff -urN linux-2.6.20.18.orig/include/linux/skbuff.h.orig linux-2.6.20.18/include/linux/skbuff.h.orig
+--- linux-2.6.20.18.orig/include/linux/skbuff.h.orig 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/include/linux/skbuff.h.orig 2007-08-28 06:15:07.000000000 -0400
+@@ -0,0 +1,1486 @@
++/*
++ * Definitions for the 'struct sk_buff' memory handlers.
++ *
++ * Authors:
++ * Alan Cox, <gw...@gw...>
++ * Florian La Roche, <rz...@rz...>
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version
++ * 2 of the License, or (at your option) any later version.
++ */
++
++#ifndef _LINUX_SKBUFF_H
++#define _LINUX_SKBUFF_H
++
++#include <linux/kernel.h>
++#include <linux/compiler.h>
++#include <linux/time.h>
++#include <linux/cache.h>
++
++#include <asm/atomic.h>
++#include <asm/types.h>
++#include <linux/spinlock.h>
++#include <linux/net.h>
++#include <linux/textsearch.h>
++#include <net/checksum.h>
++#include <linux/rcupdate.h>
++#include <linux/dmaengine.h>
++
++#define HAVE_ALLOC_SKB /* For the drivers to know */
++#define HAVE_ALIGNABLE_SKB /* Ditto 8) */
++
++#define CHECKSUM_NONE 0
++#define CHECKSUM_PARTIAL 1
++#define CHECKSUM_UNNECESSARY 2
++#define CHECKSUM_COMPLETE 3
++
++#define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \
++ ~(SMP_CACHE_BYTES - 1))
++#define SKB_MAX_ORDER(X, ORDER) (((PAGE_SIZE << (ORDER)) - (X) - \
++ sizeof(struct skb_shared_info)) & \
++ ~(SMP_CACHE_BYTES - 1))
++#define SKB_MAX_HEAD(X) (SKB_MAX_ORDER((X), 0))
++#define SKB_MAX_ALLOC (SKB_MAX_ORDER(0, 2))
++
++/* A. Checksumming of received packets by device.
++ *
++ * NONE: device failed to checksum this packet.
++ * skb->csum is undefined.
++ *
++ * UNNECESSARY: device parsed packet and wouldbe verified checksum.
++ * skb->csum is undefined.
++ * It is bad option, but, unfortunately, many of vendors do this.
++ * Apparently with secret goal to sell you new device, when you
++ * will add new protocol to your host. F.e. IPv6. 8)
++ *
++ * COMPLETE: the most generic way. Device supplied checksum of _all_
++ * the packet as seen by netif_rx in skb->csum.
++ * NOTE: Even if device supports only some protocols, but
++ * is able to produce some skb->csum, it MUST use COMPLETE,
++ * not UNNECESSARY.
++ *
++ * B. Checksumming on output.
++ *
++ * NONE: skb is checksummed by protocol or csum is not required.
++ *
++ * PARTIAL: device is required to csum packet as seen by hard_start_xmit
++ * from skb->h.raw to the end and to record the checksum
++ * at skb->h.raw+skb->csum.
++ *
++ * Device must show its capabilities in dev->features, set
++ * at device setup time.
++ * NETIF_F_HW_CSUM - it is clever device, it is able to checksum
++ * everything.
++ * NETIF_F_NO_CSUM - loopback or reliable single hop media.
++ * NETIF_F_IP_CSUM - device is dumb. It is able to csum only
++ * TCP/UDP over IPv4. Sigh. Vendors like this
++ * way by an unknown reason. Though, see comment above
++ * about CHECKSUM_UNNECESSARY. 8)
++ *
++ * Any questions? No questions, good. --ANK
++ */
++
++struct net_device;
++
++#ifdef CONFIG_NETFILTER
++struct nf_conntrack {
++ atomic_t use;
++ void (*destroy)(struct nf_conntrack *);
++};
++
++#ifdef CONFIG_BRIDGE_NETFILTER
++struct nf_bridge_info {
++ atomic_t use;
++ struct net_device *physindev;
++ struct net_device *physoutdev;
++#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
++ struct net_device *netoutdev;
++#endif
++ unsigned int mask;
++ unsigned long data[32 / sizeof(unsigned long)];
++};
++#endif
++
++#endif
++
++struct sk_buff_head {
++ /* These two members must be first. */
++ struct sk_buff *next;
++ struct sk_buff *prev;
++
++ __u32 qlen;
++ spinlock_t lock;
++};
++
++struct sk_buff;
++
++/* To allow 64K frame to be packed as single skb without frag_list */
++#define MAX_SKB_FRAGS (65536/PAGE_SIZE + 2)
++
++typedef struct skb_frag_struct skb_frag_t;
++
++struct skb_frag_struct {
++ struct page *page;
++ __u16 page_offset;
++ __u16 size;
++};
++
++/* This data is invariant across clones and lives at
++ * the end of the header data, ie. at skb->end.
++ */
++struct skb_shared_info {
++ atomic_t dataref;
++ unsigned short nr_frags;
++ unsigned short gso_size;
++ /* Warning: this field is not always filled in (UFO)! */
++ unsigned short gso_segs;
++ unsigned short gso_type;
++ __be32 ip6_frag_id;
++ struct sk_buff *frag_list;
++ skb_frag_t frags[MAX_SKB_FRAGS];
++};
++
++/* We divide dataref into two halves. The higher 16 bits hold references
++ * to the payload part of skb->data. The lower 16 bits hold references to
++ * the entire skb->data. It is up to the users of the skb to agree on
++ * where the payload starts.
++ *
++ * All users must obey the rule that the skb->data reference count must be
++ * greater than or equal to the payload reference count.
++ *
++ * Holding a reference to the payload part means that the user does not
++ * care about modifications to the header part of skb->data.
++ */
++#define SKB_DATAREF_SHIFT 16
++#define SKB_DATAREF_MASK ((1 << SKB_DATAREF_SHIFT) - 1)
++
++struct skb_timeval {
++ u32 off_sec;
++ u32 off_usec;
++};
++
++
++enum {
++ SKB_FCLONE_UNAVAILABLE,
++ SKB_FCLONE_ORIG,
++ SKB_FCLONE_CLONE,
++};
++
++enum {
++ SKB_GSO_TCPV4 = 1 << 0,
++ SKB_GSO_UDP = 1 << 1,
++
++ /* This indicates the skb is from an untrusted source. */
++ SKB_GSO_DODGY = 1 << 2,
++
++ /* This indicates the tcp segment has CWR set. */
++ SKB_GSO_TCP_ECN = 1 << 3,
++
++ SKB_GSO_TCPV6 = 1 << 4,
++};
++
++/**
++ * struct sk_buff - socket buffer
++ * @next: Next buffer in list
++ * @prev: Previous buffer in list
++ * @sk: Socket we are owned by
++ * @tstamp: Time we arrived
++ * @dev: Device we arrived on/are leaving by
++ * @iif: ifindex of device we arrived on
++ * @h: Transport layer header
++ * @nh: Network layer header
++ * @mac: Link layer header
++ * @dst: destination entry
++ * @sp: the security path, used for xfrm
++ * @cb: Control buffer. Free for use by every layer. Put private vars here
++ * @len: Length of actual data
++ * @data_len: Data length
++ * @mac_len: Length of link layer header
++ * @csum: Checksum
++ * @local_df: allow local fragmentation
++ * @cloned: Head may be cloned (check refcnt to be sure)
++ * @nohdr: Payload reference only, must not modify header
++ * @pkt_type: Packet class
++ * @fclone: skbuff clone status
++ * @ip_summed: Driver fed us an IP checksum
++ * @priority: Packet queueing priority
++ * @users: User count - see {datagram,tcp}.c
++ * @protocol: Packet protocol from driver
++ * @truesize: Buffer size
++ * @head: Head of buffer
++ * @data: Data head pointer
++ * @tail: Tail pointer
++ * @end: End pointer
++ * @destructor: Destruct function
++ * @mark: Generic packet mark
++ * @nfct: Associated connection, if any
++ * @ipvs_property: skbuff is owned by ipvs
++ * @nfctinfo: Relationship of this skb to the connection
++ * @nfct_reasm: netfilter conntrack re-assembly pointer
++ * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c
++ * @tc_index: Traffic control index
++ * @tc_verd: traffic control verdict
++ * @dma_cookie: a cookie to one of several possible DMA operations
++ * done by skb DMA functions
++ * @secmark: security marking
++ */
++
++struct sk_buff {
++ /* These two members must be first. */
++ struct sk_buff *next;
++ struct sk_buff *prev;
++
++ struct sock *sk;
++ struct skb_timeval tstamp;
++ struct net_device *dev;
++ int iif;
++ /* 4 byte hole on 64 bit*/
++
++ union {
++ struct tcphdr *th;
++ struct udphdr *uh;
++ struct icmphdr *icmph;
++ struct igmphdr *igmph;
++ struct iphdr *ipiph;
++ struct ipv6hdr *ipv6h;
++ unsigned char *raw;
++ } h;
++
++ union {
++ struct iphdr *iph;
++ struct ipv6hdr *ipv6h;
++ struct arphdr *arph;
++ unsigned char *raw;
++ } nh;
++
++ union {
++ unsigned char *raw;
++ } mac;
++
++ struct dst_entry *dst;
++ struct sec_path *sp;
++
++ /*
++ * This is the control buffer. It is free to use for every
++ * layer. Please put your private variables there. If you
++ * want to keep them across layers you have to do a skb_clone()
++ * first. This is owned by whoever has the skb queued ATM.
++ */
++ char cb[48];
++
++ unsigned int len,
++ data_len,
++ mac_len;
++ union {
++ __wsum csum;
++ __u32 csum_offset;
++ };
++ __u32 priority;
++ __u8 local_df:1,
++ cloned:1,
++ ip_summed:2,
++ nohdr:1,
++ nfctinfo:3;
++ __u8 pkt_type:3,
++ fclone:2,
++ ipvs_property:1;
++ __be16 protocol;
++
++ void (*destructor)(struct sk_buff *skb);
++#ifdef CONFIG_NETFILTER
++ struct nf_conntrack *nfct;
++#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
++ struct sk_buff *nfct_reasm;
++#endif
++#ifdef CONFIG_BRIDGE_NETFILTER
++ struct nf_bridge_info *nf_bridge;
++#endif
++#endif /* CONFIG_NETFILTER */
++#ifdef CONFIG_NET_SCHED
++ __u16 tc_index; /* traffic control index */
++#ifdef CONFIG_NET_CLS_ACT
++ __u16 tc_verd; /* traffic control verdict */
++#endif
++#endif
++#ifdef CONFIG_NET_DMA
++ dma_cookie_t dma_cookie;
++#endif
++#ifdef CONFIG_NETWORK_SECMARK
++ __u32 secmark;
++#endif
++
++ __u32 mark;
++
++ /* These elements must be at the end, see alloc_skb() for details. */
++ unsigned int truesize;
++ atomic_t users;
++ unsigned char *head,
++ *data,
++ *tail,
++ *end;
++};
++
++#ifdef __KERNEL__
++/*
++ * Handling routines are only of interest to the kernel
++ */
++#include <linux/slab.h>
++
++#include <asm/system.h>
++
++extern void kfree_skb(struct sk_buff *skb);
++extern void __kfree_skb(struct sk_buff *skb);
++extern struct sk_buff *__alloc_skb(unsigned int size,
++ gfp_t priority, int fclone, int node);
++static inline struct sk_buff *alloc_skb(unsigned int size,
++ gfp_t priority)
++{
++ return __alloc_skb(size, priority, 0, -1);
++}
++
++static inline struct sk_buff *alloc_skb_fclone(unsigned int size,
++ gfp_t priority)
++{
++ return __alloc_skb(size, priority, 1, -1);
++}
++
++extern struct sk_buff *alloc_skb_from_cache(struct kmem_cache *cp,
++ unsigned int size,
++ gfp_t priority);
++extern void kfree_skbmem(struct sk_buff *skb);
++extern struct sk_buff *skb_clone(struct sk_buff *skb,
++ gfp_t priority);
++extern struct sk_buff *skb_copy(const struct sk_buff *skb,
++ gfp_t priority);
++extern struct sk_buff *pskb_copy(struct sk_buff *skb,
++ gfp_t gfp_mask);
++extern int pskb_expand_head(struct sk_buff *skb,
++ int nhead, int ntail,
++ gfp_t gfp_mask);
++extern struct sk_buff *skb_realloc_headroom(struct sk_buff *skb,
++ unsigned int headroom);
++extern struct sk_buff *skb_copy_expand(const struct sk_buff *skb,
++ int newheadroom, int newtailroom,
++ gfp_t priority);
++extern int skb_pad(struct sk_buff *skb, int pad);
++#define dev_kfree_skb(a) kfree_skb(a)
++extern void skb_over_panic(struct sk_buff *skb, int len,
++ void *here);
++extern void skb_under_panic(struct sk_buff *skb, int len,
++ void *here);
++extern void skb_truesize_bug(struct sk_buff *skb);
++
++static inline void skb_truesize_check(struct sk_buff *skb)
++{
++ if (unlikely((int)skb->truesize < sizeof(struct sk_buff) + skb->len))
++ skb_truesize_bug(skb);
++}
++
++extern int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
++ int getfrag(void *from, char *to, int offset,
++ int len,int odd, struct sk_buff *skb),
++ void *from, int length);
++
++struct skb_seq_state
++{
++ __u32 lower_offset;
++ __u32 upper_offset;
++ __u32 frag_idx;
++ __u32 stepped_offset;
++ struct sk_buff *root_skb;
++ struct sk_buff *cur_skb;
++ __u8 *frag_data;
++};
++
++extern void skb_prepare_seq_read(struct sk_buff *skb,
++ unsigned int from, unsigned int to,
++ struct skb_seq_state *st);
++extern unsigned int skb_seq_read(unsigned int consumed, const u8 **data,
++ struct skb_seq_state *st);
++extern void skb_abort_seq_read(struct skb_seq_state *st);
++
++extern unsigned int skb_find_text(struct sk_buff *skb, unsigned int from,
++ unsigned int to, struct ts_config *config,
++ struct ts_state *state);
++
++/* Internal */
++#define skb_shinfo(SKB) ((struct skb_shared_info *)((SKB)->end))
++
++/**
++ * skb_queue_empty - check if a queue is empty
++ * @list: queue head
++ *
++ * Returns true if the queue is empty, false otherwise.
++ */
++static inline int skb_queue_empty(const struct sk_buff_head *list)
++{
++ return list->next == (struct sk_buff *)list;
++}
++
++/**
++ * skb_get - reference buffer
++ * @skb: buffer to reference
++ *
++ * Makes another reference to a socket buffer and returns a pointer
++ * to the buffer.
++ */
++static inline struct sk_buff *skb_get(struct sk_buff *skb)
++{
++ atomic_inc(&skb->users);
++ return skb;
++}
++
++/*
++ * If users == 1, we are the only owner and are can avoid redundant
++ * atomic change.
++ */
++
++/**
++ * skb_cloned - is the buffer a clone
++ * @skb: buffer to check
++ *
++ * Returns true if the buffer was generated with skb_clone() and is
++ * one of multiple shared copies of the buffer. Cloned buffers are
++ * shared data so must not be written to under normal circumstances.
++ */
++static inline int skb_cloned(const struct sk_buff *skb)
++{
++ return skb->cloned &&
++ (atomic_read(&skb_shinfo(skb)->dataref) & SKB_DATAREF_MASK) != 1;
++}
++
++/**
++ * skb_header_cloned - is the header a clone
++ * @skb: buffer to check
++ *
++ * Returns true if modifying the header part of the buffer requires
++ * the data to be copied.
++ */
++static inline int skb_header_cloned(const struct sk_buff *skb)
++{
++ int dataref;
++
++ if (!skb->cloned)
++ return 0;
++
++ dataref = atomic_read(&skb_shinfo(skb)->dataref);
++ dataref = (dataref & SKB_DATAREF_MASK) - (dataref >> SKB_DATAREF_SHIFT);
++ return dataref != 1;
++}
++
++/**
++ * skb_header_release - release reference to header
++ * @skb: buffer to operate on
++ *
++ * Drop a reference to the header part of the buffer. This is done
++ * by acquiring a payload reference. You must not read from the header
++ * part of skb->data after this.
++ */
++static inline void skb_header_release(struct sk_buff *skb)
++{
++ BUG_ON(skb->nohdr);
++ skb->nohdr = 1;
++ atomic_add(1 << SKB_DATAREF_SHIFT, &skb_shinfo(skb)->dataref);
++}
++
++/**
++ * skb_shared - is the buffer shared
++ * @skb: buffer to check
++ *
++ * Returns true if more than one person has a reference to this
++ * buffer.
++ */
++static inline int skb_shared(const struct sk_buff *skb)
++{
++ return atomic_read(&skb->users) != 1;
++}
++
++/**
++ * skb_share_check - check if buffer is shared and if so clone it
++ * @skb: buffer to check
++ * @pri: priority for memory allocation
++ *
++ * If the buffer is shared the buffer is cloned and the old copy
++ * drops a reference. A new clone with a single reference is returned.
++ * If the buffer is not shared the original buffer is returned. When
++ * being called from interrupt status or with spinlocks held pri must
++ * be GFP_ATOMIC.
++ *
++ * NULL is returned on a memory allocation failure.
++ */
++static inline struct sk_buff *skb_share_check(struct sk_buff *skb,
++ gfp_t pri)
++{
++ might_sleep_if(pri & __GFP_WAIT);
++ if (skb_shared(skb)) {
++ struct sk_buff *nskb = skb_clone(skb, pri);
++ kfree_skb(skb);
++ skb = nskb;
++ }
++ return skb;
++}
++
++/*
++ * Copy shared buffers into a new sk_buff. We effectively do COW on
++ * packets to handle cases where we have a local reader and forward
++ * and a couple of other messy ones. The normal one is tcpdumping
++ * a packet thats being forwarded.
++ */
++
++/**
++ * skb_unshare - make a copy of a shared buffer
++ * @skb: buffer to check
++ * @pri: priority for memory allocation
++ *
++ * If the socket buffer is a clone then this function creates a new
++ * copy of the data, drops a reference count on the old copy and returns
++ * the new copy with the reference count at 1. If the buffer is not a clone
++ * the original buffer is returned. When called with a spinlock held or
++ * from interrupt state @pri must be %GFP_ATOMIC
++ *
++ * %NULL is returned on a memory allocation failure.
++ */
++static inline struct sk_buff *skb_unshare(struct sk_buff *skb,
++ gfp_t pri)
++{
++ might_sleep_if(pri & __GFP_WAIT);
++ if (skb_cloned(skb)) {
++ struct sk_buff *nskb = skb_copy(skb, pri);
++ kfree_skb(skb); /* Free our shared copy */
++ skb = nskb;
++ }
++ return skb;
++}
++
++/**
++ * skb_peek
++ * @list_: list to peek at
++ *
++ * Peek an &sk_buff. Unlike most other operations you _MUST_
++ * be careful with this one. A peek leaves the buffer on the
++ * list and someone else may run off with it. You must hold
++ * the appropriate locks or have a private queue to do this.
++ *
++ * Returns %NULL for an empty list or a pointer to the head element.
++ * The reference count is not incremented and the reference is therefore
++ * volatile. Use with caution.
++ */
++static inline struct sk_buff *skb_peek(struct sk_buff_head *list_)
++{
++ struct sk_buff *list = ((struct sk_buff *)list_)->next;
++ if (list == (struct sk_buff *)list_)
++ list = NULL;
++ return list;
++}
++
++/**
++ * skb_peek_tail
++ * @list_: list to peek at
++ *
++ * Peek an &sk_buff. Unlike most other operations you _MUST_
++ * be careful with this one. A peek leaves the buffer on the
++ * list and someone else may run off with it. You must hold
++ * the appropriate locks or have a private queue to do this.
++ *
++ * Returns %NULL for an empty list or a pointer to the tail element.
++ * The reference count is not incremented and the reference is therefore
++ * volatile. Use with caution.
++ */
++static inline struct sk_buff *skb_peek_tail(struct sk_buff_head *list_)
++{
++ struct sk_buff *list = ((struct sk_buff *)list_)->prev;
++ if (list == (struct sk_buff *)list_)
++ list = NULL;
++ return list;
++}
++
++/**
++ * skb_queue_len - get queue length
++ * @list_: list to measure
++ *
++ * Return the length of an &sk_buff queue.
++ */
++static inline __u32 skb_queue_len(const struct sk_buff_head *list_)
++{
++ return list_->qlen;
++}
++
++/*
++ * This function creates a split out lock class for each invocation;
++ * this is needed for now since a whole lot of users of the skb-queue
++ * infrastructure in drivers have different locking usage (in hardirq)
++ * than the networking core (in softirq only). In the long run either the
++ * network layer or drivers should need annotation to consolidate the
++ * main types of usage into 3 classes.
++ */
++static inline void skb_queue_head_init(struct sk_buff_head *list)
++{
++ spin_lock_init(&list->lock);
++ list->prev = list->next = (struct sk_buff *)list;
++ list->qlen = 0;
++}
++
++/*
++ * Insert an sk_buff at the start of a list.
++ *
++ * The "__skb_xxxx()" functions are the non-atomic ones that
++ * can only be called with interrupts disabled.
++ */
++
++/**
++ * __skb_queue_after - queue a buffer at the list head
++ * @list: list to use
++ * @prev: place after this buffer
++ * @newsk: buffer to queue
++ *
++ * Queue a buffer int the middle of a list. This function takes no locks
++ * and you must therefore hold required locks before calling it.
++ *
++ * A buffer cannot be placed on two lists at the same time.
++ */
++static inline void __skb_queue_after(struct sk_buff_head *list,
++ struct sk_buff *prev,
++ struct sk_buff *newsk)
++{
++ struct sk_buff *next;
++ list->qlen++;
++
++ next = prev->next;
++ newsk->next = next;
++ newsk->prev = prev;
++ next->prev = prev->next = newsk;
++}
++
++/**
++ * __skb_queue_head - queue a buffer at the list head
++ * @list: list to use
++ * @newsk: buffer to queue
++ *
++ * Queue a buffer at the start of a list. This function takes no locks
++ * and you must therefore hold required locks before calling it.
++ *
++ * A buffer cannot be placed on two lists at the same time.
++ */
++extern void skb_queue_head(struct sk_buff_head *list, struct sk_buff *newsk);
++static inline void __skb_queue_head(struct sk_buff_head *list,
++ struct sk_buff *newsk)
++{
++ __skb_queue_after(list, (struct sk_buff *)list, newsk);
++}
++
++/**
++ * __skb_queue_tail - queue a buffer at the list tail
++ * @list: list to use
++ * @newsk: buffer to queue
++ *
++ * Queue a buffer at the end of a list. This function takes no locks
++ * and you must therefore hold required locks before calling it.
++ *
++ * A buffer cannot be placed on two lists at the same time.
++ */
++extern void skb_queue_tail(struct sk_buff_head *list, struct sk_buff *newsk);
++static inline void __skb_queue_tail(struct sk_buff_head *list,
++ struct sk_buff *newsk)
++{
++ struct sk_buff *prev, *next;
++
++ list->qlen++;
++ next = (struct sk_buff *)list;
++ prev = next->prev;
++ newsk->next = next;
++ newsk->prev = prev;
++ next->prev = prev->next = newsk;
++}
++
++
++/**
++ * __skb_dequeue - remove from the head of the queue
++ * @list: list to dequeue from
++ *
++ * Remove the head of the list. This function does not take any locks
++ * so must be used with appropriate locks held only. The head item is
++ * returned or %NULL if the list is empty.
++ */
++extern struct sk_buff *skb_dequeue(struct sk_buff_head *list);
++static inline struct sk_buff *__skb_dequeue(struct sk_buff_head *list)
++{
++ struct sk_buff *next, *prev, *result;
++
++ prev = (struct sk_buff *) list;
++ next = prev->next;
++ result = NULL;
++ if (next != prev) {
++ result = next;
++ next = next->next;
++ list->qlen--;
++ next->prev = prev;
++ prev->next = next;
++ result->next = result->prev = NULL;
++ }
++ return result;
++}
++
++
++/*
++ * Insert a packet on a list.
++ */
++extern void skb_insert(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list);
++static inline void __skb_insert(struct sk_buff *newsk,
++ struct sk_buff *prev, struct sk_buff *next,
++ struct sk_buff_head *list)
++{
++ newsk->next = next;
++ newsk->prev = prev;
++ next->prev = prev->next = newsk;
++ list->qlen++;
++}
++
++/*
++ * Place a packet after a given packet in a list.
++ */
++extern void skb_append(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list);
++static inline void __skb_append(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
++{
++ __skb_insert(newsk, old, old->next, list);
++}
++
++/*
++ * remove sk_buff from list. _Must_ be called atomically, and with
++ * the list known..
++ */
++extern void skb_unlink(struct sk_buff *skb, struct sk_buff_head *list);
++static inline void __skb_unlink(struct sk_buff *skb, struct sk_buff_head *list)
++{
++ struct sk_buff *next, *prev;
++
++ list->qlen--;
++ next = skb->next;
++ prev = skb->prev;
++ skb->next = skb->prev = NULL;
++ next->prev = prev;
++ prev->next = next;
++}
++
++
++/* XXX: more streamlined implementation */
++
++/**
++ * __skb_dequeue_tail - remove from the tail of the queue
++ * @list: list to dequeue from
++ *
++ * Remove the tail of the list. This function does not take any locks
++ * so must be used with appropriate locks held only. The tail item is
++ * returned or %NULL if the list is empty.
++ */
++extern struct sk_buff *skb_dequeue_tail(struct sk_buff_head *list);
++static inline struct sk_buff *__skb_dequeue_tail(struct sk_buff_head *list)
++{
++ struct sk_buff *skb = skb_peek_tail(list);
++ if (skb)
++ __skb_unlink(skb, list);
++ return skb;
++}
++
++
++static inline int skb_is_nonlinear(const struct sk_buff *skb)
++{
++ return skb->data_len;
++}
++
++static inline unsigned int skb_headlen(const struct sk_buff *skb)
++{
++ return skb->len - skb->data_len;
++}
++
++static inline int skb_pagelen(const struct sk_buff *skb)
++{
++ int i, len = 0;
++
++ for (i = (int)skb_shinfo(skb)->nr_frags - 1; i >= 0; i--)
++ len += skb_shinfo(skb)->frags[i].size;
++ return len + skb_headlen(skb);
++}
++
++static inline void skb_fill_page_desc(struct sk_buff *skb, int i,
++ struct page *page, int off, int size)
++{
++ skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
++
++ frag->page = page;
++ frag->page_offset = off;
++ frag->size = size;
++ skb_shinfo(skb)->nr_frags = i + 1;
++}
++
++#define SKB_PAGE_ASSERT(skb) BUG_ON(skb_shinfo(skb)->nr_frags)
++#define SKB_FRAG_ASSERT(skb) BUG_ON(skb_shinfo(skb)->frag_list)
++#define SKB_LINEAR_ASSERT(skb) BUG_ON(skb_is_nonlinear(skb))
++
++/*
++ * Add data to an sk_buff
++ */
++static inline unsigned char *__skb_put(struct sk_buff *skb, unsigned int len)
++{
++ unsigned char *tmp = skb->tail;
++ SKB_LINEAR_ASSERT(skb);
++ skb->tail += len;
++ skb->len += len;
++ return tmp;
++}
++
++/**
++ * skb_put - add data to a buffer
++ * @skb: buffer to use
++ * @len: amount of data to add
++ *
++ * This function extends the used data area of the buffer. If this would
++ * exceed the total buffer size the kernel will panic. A pointer to the
++ * first byte of the extra data is returned.
++ */
++static inline unsigned char *skb_put(struct sk_buff *skb, unsigned int len)
++{
++ unsigned char *tmp = skb->tail;
++ SKB_LINEAR_ASSERT(skb);
++ skb->tail += len;
++ skb->len += len;
++ if (unlikely(skb->tail>skb->end))
++ skb_over_panic(skb, len, current_text_addr());
++ return tmp;
++}
++
++static inline unsigned char *__skb_push(struct sk_buff *skb, unsigned int len)
++{
++ skb->data -= len;
++ skb->len += len;
++ return skb->data;
++}
++
++/**
++ * skb_push - add data to the start of a buffer
++ * @skb: buffer to use
++ * @len: amount of data to add
++ *
++ * This function extends the used data area of the buffer at the buffer
++ * start. If this would exceed the total buffer headroom the kernel will
++ * panic. A pointer to the first byte of the extra data is returned.
++ */
++static inline unsigned char *skb_push(struct sk_buff *skb, unsigned int len)
++{
++ skb->data -= len;
++ skb->len += len;
++ if (unlikely(skb->data<skb->head))
++ skb_under_panic(skb, len, current_text_addr());
++ return skb->data;
++}
++
++static inline unsigned char *__skb_pull(struct sk_buff *skb, unsigned int len)
++{
++ skb->len -= len;
++ BUG_ON(skb->len < skb->data_len);
++ return skb->data += len;
++}
++
++/**
++ * skb_pull - remove data from the start of a buffer
++ * @skb: buffer to use
++ * @len: amount of data to remove
++ *
++ * This function removes data from the start of a buffer, returning
++ * the memory to the headroom. A pointer to the next data in the buffer
++ * is returned. Once the data has been pulled future pushes will overwrite
++ * the old data.
++ */
++static inline unsigned char *skb_pull(struct sk_buff *skb, unsigned int len)
++{
++ return unlikely(len > skb->len) ? NULL : __skb_pull(skb, len);
++}
++
++extern unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta);
++
++static inline unsigned char *__pskb_pull(struct sk_buff *skb, unsigned int len)
++{
++ if (len > skb_headlen(skb) &&
++ !__pskb_pull_tail(skb, len-skb_headlen(skb)))
++ return NULL;
++ skb->len -= len;
++ return skb->data += len;
++}
++
++static inline unsigned char *pskb_pull(struct sk_buff *skb, unsigned int len)
++{
++ return unlikely(len > skb->len) ? NULL : __pskb_pull(skb, len);
++}
++
++static inline int pskb_may_pull(struct sk_buff *skb, unsigned int len)
++{
++ if (likely(len <= skb_headlen(skb)))
++ return 1;
++ if (unlikely(len > skb->len))
++ return 0;
++ return __pskb_pull_tail(skb, len-skb_headlen(skb)) != NULL;
++}
++
++/**
++ * skb_headroom - bytes at buffer head
++ * @skb: buffer to check
++ *
++ * Return the number of bytes of free space at the head of an &sk_buff.
++ */
++static inline int skb_headroom(const struct sk_buff *skb)
++{
++ return skb->data - skb->head;
++}
++
++/**
++ * skb_tailroom - bytes at buffer end
++ * @skb: buffer to check
++ *
++ * Return the number of bytes of free space at the tail of an sk_buff
++ */
++static inline int skb_tailroom(const struct sk_buff *skb)
++{
++ return skb_is_nonlinear(skb) ? 0 : skb->end - skb->tail;
++}
++
++/**
++ * skb_reserve - adjust headroom
++ * @skb: buffer to alter
++ * @len: bytes to move
++ *
++ * Increase the headroom of an empty &sk_buff by reducing the tail
++ * room. This is only allowed for an empty buffer.
++ */
++static inline void skb_reserve(struct sk_buff *skb, int len)
++{
++ skb->data += len;
++ skb->tail += len;
++}
++
++/*
++ * CPUs often take a performance hit when accessing unaligned memory
++ * locations. The actual performance hit varies, it can be small if the
++ * hardware handles it or large if we have to take an exception and fix it
++ * in software.
++ *
++ * Since an ethernet header is 14 bytes network drivers often end up with
++ * the IP header at an unaligned offset. The IP header can be aligned by
++ * shifting the start of the packet by 2 bytes. Drivers should do this
++ * with:
++ *
++ * skb_reserve(NET_IP_ALIGN);
++ *
++ * The downside to this alignment of the IP header is that the DMA is now
++ * unaligned. On some architectures the cost of an unaligned DMA is high
++ * and this cost outweighs the gains made by aligning the IP header.
++ *
++ * Since this trade off varies between architectures, we allow NET_IP_ALIGN
++ * to be overridden.
++ */
++#ifndef NET_IP_ALIGN
++#define NET_IP_ALIGN 2
++#endif
++
++/*
++ * The networking layer reserves some headroom in skb data (via
++ * dev_alloc_skb). This is used to avoid having to reallocate skb data when
++ * the header has to grow. In the default case, if the header has to grow
++ * 16 bytes or less we avoid the reallocation.
++ *
++ * Unfortunately this headroom changes the DMA alignment of the resulting
++ * network packet. As for NET_IP_ALIGN, this unaligned DMA is expensive
++ * on some architectures. An architecture can override this value,
++ * perhaps setting it to a cacheline in size (since that will maintain
++ * cacheline alignment of the DMA). It must be a power of 2.
++ *
++ * Various parts of the networking layer expect at least 16 bytes of
++ * headroom, you should not reduce this.
++ */
++#ifndef NET_SKB_PAD
++#define NET_SKB_PAD 16
++#endif
++
++extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
++
++static inline void __skb_trim(struct sk_buff *skb, unsigned int len)
++{
++ if (unlikely(skb->data_len)) {
++ WARN_ON(1);
++ return;
++ }
++ skb->len = len;
++ skb->tail = skb->data + len;
++}
++
++/**
++ * skb_trim - remove end from a buffer
++ * @skb: buffer to alter
++ * @len: new length
++ *
++ * Cut the length of a buffer down by removing data from the tail. If
++ * the buffer is already under the length specified it is not modified.
++ * The skb must be linear.
++ */
++static inline void skb_trim(struct sk_buff *skb, unsigned int len)
++{
++ if (skb->len > len)
++ __skb_trim(skb, len);
++}
++
++
++static inline int __pskb_trim(struct sk_buff *skb, unsigned int len)
++{
++ if (skb->data_len)
++ return ___pskb_trim(skb, len);
++ __skb_trim(skb, len);
++ return 0;
++}
++
++static inline int pskb_trim(struct sk_buff *skb, unsigned int len)
++{
++ return (len < skb->len) ? __pskb_trim(skb, len) : 0;
++}
++
++/**
++ * pskb_trim_unique - remove end from a paged unique (not cloned) buffer
++ * @skb: buffer to alter
++ * @len: new length
++ *
++ * This is identical to pskb_trim except that the caller knows that
++ * the skb is not cloned so we should never get an error due to out-
++ * of-memory.
++ */
++static inline void pskb_trim_unique(struct sk_buff *skb, unsigned int len)
++{
++ int err = pskb_trim(skb, len);
++ BUG_ON(err);
++}
++
++/**
++ * skb_orphan - orphan a buffer
++ * @skb: buffer to orphan
++ *
++ * If a buffer currently has an owner then we call the owner's
++ * destructor function and make the @skb unowned. The buffer continues
++ * to exist but is no longer charged to its former owner.
++ */
++static inline void skb_orphan(struct sk_buff *skb)
++{
++ if (skb->destructor)
++ skb->destructor(skb);
++ skb->destructor = NULL;
++ skb->sk = NULL;
++}
++
++/**
++ * __skb_queue_purge - empty a list
++ * @list: list to empty
++ *
++ * Delete all buffers on an &sk_buff list. Each buffer is removed from
++ * the list and one reference dropped. This function does not take the
++ * list lock and the caller must hold the relevant locks to use it.
++ */
++extern void skb_queue_purge(struct sk_buff_head *list);
++static inline void __skb_queue_purge(struct sk_buff_head *list)
++{
++ struct sk_buff *skb;
++ while ((skb = __skb_dequeue(list)) != NULL)
++ kfree_skb(skb);
++}
++
++/**
++ * __dev_alloc_skb - allocate an skbuff for receiving
++ * @length: length to allocate
++ * @gfp_mask: get_free_pages mask, passed to alloc_skb
++ *
++ * Allocate a new &sk_buff and assign it a usage count of one. The
++ * buffer has unspecified headroom built in. Users should allocate
++ * the headroom they think they need without accounting for the
++ * built in space. The built in space is used for optimisations.
++ *
++ * %NULL is returned if there is no free memory.
++ */
++static inline struct sk_buff *__dev_alloc_skb(unsigned int length,
++ gfp_t gfp_mask)
++{
++ struct sk_buff *skb = alloc_skb(length + NET_SKB_PAD, gfp_mask);
++ if (likely(skb))
++ skb_reserve(skb, NET_SKB_PAD);
++ return skb;
++}
++
++/**
++ * dev_alloc_skb - allocate an skbuff for receiving
++ * @length: length to allocate
++ *
++ * Allocate a new &sk_buff and assign it a usage count of one. The
++ * buffer has unspecified headroom built in. Users should allocate
++ * the headroom they think they need without accounting for the
++ * built in space. The built in space is used for optimisations.
++ *
++ * %NULL is returned if there is no free memory. Although this function
++ * allocates memory it can be called from an interrupt.
++ */
++static inline struct sk_buff *dev_alloc_skb(unsigned int length)
++{
++ return __dev_alloc_skb(length, GFP_ATOMIC);
++}
++
++extern struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
++ unsigned int length, gfp_t gfp_mask);
++
++/**
++ * netdev_alloc_skb - allocate an skbuff for rx on a specific device
++ * @dev: network device to receive on
++ * @length: length to allocate
++ *
++ * Allocate a new &sk_buff and assign it a usage count of one. The
++ * buffer has unspecified headroom built in. Users should allocate
++ * the headroom they think they need without accounting for the
++ * built in space. The built in space is used for optimisations.
++ *
++ * %NULL is returned if there is no free memory. Although this function
++ * allocates memory it can be called from an interrupt.
++ */
++static inline struct sk_buff *netdev_alloc_skb(struct net_device *dev,
++ unsigned int length)
++{
++ return __netdev_alloc_skb(dev, length, GFP_ATOMIC);
++}
++
++/**
++ * skb_cow - copy header of skb when it is required
++ * @skb: buffer to c...
[truncated message content] |
|
From: <kr...@us...> - 2007-10-29 20:43:06
|
Revision: 1336
http://astlinux.svn.sourceforge.net/astlinux/?rev=1336&view=rev
Author: krisk84
Date: 2007-10-29 13:43:09 -0700 (Mon, 29 Oct 2007)
Log Message:
-----------
rework EXTMAP and support EXTIPMAP and EXTPORTMAP
Modified Paths:
--------------
trunk/package/iptables/astfw
trunk/target/generic/target_skeleton/stat/etc/rc.conf
Modified: trunk/package/iptables/astfw
===================================================================
--- trunk/package/iptables/astfw 2007-10-29 18:45:41 UTC (rev 1335)
+++ trunk/package/iptables/astfw 2007-10-29 20:43:09 UTC (rev 1336)
@@ -195,53 +195,48 @@
iptables -t nat -A PREROUTING -j USER-PREROUTING
#Setup 1:1 Maps...
-for i in $EXTIFS
-do
if [ "$EXTMAP10" ]
then
-COUNT=10
+echo "The old EXTMAP variables are deprecated. Please see EXTIPMAP in /stat/etc/rc.conf"
+fi
-while [ "$COUNT" ]
+if [ "$EXTIPMAP" ]
+then
+for i in $EXTIPMAP
do
+EIP=`echo $i | cut -d: -f1`
+IIP=`echo $i | cut -d: -f2`
-IPLINE=`set | grep EXTMAP$COUNT|tr -d \'`
-PORTMAP=`set | grep OPENMAP$COUNT|tr -d \'`
-IFALIAS=`expr $COUNT - 9`
+ip addr add $EIP dev $EXTIF
+iptables -t nat -A PREROUTING -d $EIP -i $EXTIF -j DNAT --to-destination $IIP
+iptables -t nat -A POSTROUTING -s $EIP -o $EXTIF -j SNAT --to-source $IIP
+iptables -t nat -A POSTROUTING -s $IIP -o $EXTIF -j SNAT --to-source $EIP
+iptables -A FORWARD -i $EXTIF -o $INTIF -d $IIP -j ACCEPT
+done
+fi
-if [ $IPLINE ]
- then
- NATEXTIP=`echo $IPLINE | cut -d"=" -f2`
- NATINTIP=`echo $IPLINE | cut -d"=" -f3`
- ifconfig $i:$IFALIAS $NATEXTIP netmask $EXTNM
- iptables -t nat -A PREROUTING -d $NATEXTIP -i $i -j DNAT --to-destination $NATINTIP
- iptables -t nat -A POSTROUTING -s $NATEXTIP -o $i -j SNAT --to-source $NATINTIP
- iptables -t nat -A POSTROUTING -s $NATINTIP -o $i -j SNAT --to-source $NATEXTIP
- # iptables -A FORWARD -i $i -o $INTIF -d $NATINTIP -m state --state NEW -j ACCEPT
+if [ "$EXTPORTMAP" ]
+then
+for i in $EXTPORTMAP
+do
+EPORT=`echo $i | cut -d: -f1`
+IIP=`echo $i | cut -d: -f2`
+IPORT=`echo $i | cut -d: -f3`
- if [ $PORTMAP ]
- then
- PORTS=`echo $PORTMAP | cut -d"=" -f2`
- (IFS=:
- for i in $PORTS
- do
- iptables -A FORWARD -i $i -o $INTIF -d $NATINTIP -m state --state NEW -p tcp -m multiport --dport $i -j ACCEPT
- iptables -A FORWARD -i $i -o $INTIF -d $NATINTIP -m state --state NEW -p udp -m multiport --dport $i -j ACCEPT
+if `echo $EPORT | grep -q "u"`
+then
+PROTOCOL=udp
+fi
- done)
- fi
-
- COUNT=`expr $COUNT + 1`
-
-else
-
- COUNT=
-
+if `echo $EPORT | grep -q "t"`
+then
+PROTOCOL=tcp
fi
+iptables -t nat -A PREROUTING -i $EXTIF -p $PROTOCOL -m $PROTOCOL --dport $EPORT -j DNAT --to-destination "$IIP":"$IPORT"
+iptables -A FORWARD -i $EXTIF -o $INTIF -d $IIP -p $PROTOCOL -m $PROTOCOL --dport $EPORT -j ACCEPT
done
-
fi
-done
# DMZ to IP support
if [ "$DMZIP" ]
Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf
===================================================================
--- trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-10-29 18:45:41 UTC (rev 1335)
+++ trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-10-29 20:43:09 UTC (rev 1336)
@@ -249,10 +249,21 @@
### astfw Firewall (iptables)
##If you have more than one IP on the EXTIF, here is where you configure 1:1 NAT maps
-##These have to start at 10!!!!!!
+##These have to start at 10!!!!!! (DEPRECATED)
#EXTMAP10="192.168.25.11=192.168.1.100"
#OPENMAP10="22"
+##If you would like to open some ports on your external interface to internal machines
+##do that here. As usualy multiple entries can be seperated with spaces.
+##In the example - forward external TCP port 222 to 192.168.111.17 port 22
+##and UDP 4569 to 192.168.111.12
+#EXTPORTMAP="t222:192.168.111.17:22 u4569:192.168.111.12:4569"
+
+##If you have multiple IP addresses on your external interface and you want 1:1 NAT
+##sometimes called binat (bidirectional NAT), define that here. Use spaces for
+##multiple address maps. There is no filtering for these, beware!
+#EXTIPMAP="4.2.2.1:192.168.111.20"
+
##Default "deny action" - you want either DROP or REJECT (returns with icmp filtered)
DENYACT="DROP"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-10-30 18:50:54
|
Revision: 1340
http://astlinux.svn.sourceforge.net/astlinux/?rev=1340&view=rev
Author: krisk84
Date: 2007-10-30 11:50:57 -0700 (Tue, 30 Oct 2007)
Log Message:
-----------
more astshape changes
Modified Paths:
--------------
trunk/package/iproute2/astshape
trunk/target/generic/target_skeleton/stat/etc/rc.conf
Modified: trunk/package/iproute2/astshape
===================================================================
--- trunk/package/iproute2/astshape 2007-10-30 16:50:17 UTC (rev 1339)
+++ trunk/package/iproute2/astshape 2007-10-30 18:50:57 UTC (rev 1340)
@@ -49,12 +49,12 @@
# Auto detect QoS on bridges
# Isn't AstLinux nice? :)
-if [ "$EXTIF" = "br0" -a "$BRIDGE0" ]
-then
-DEVICE="$BRIDGE0"
-else
+#if [ "$EXTIF" = "br0" -a "$BRIDGE0" ]
+#then
+#DEVICE="$BRIDGE0"
+#else
DEVICE="$EXTIF"
-fi
+#fi
if [ "$SHAPETYPE" ]
then
@@ -189,7 +189,8 @@
then
if [ "$BRIDGE0" ]
then
-iptables -t mangle -A POSTROUTING -m physdev --physdev-out $DEV -j astshape
+# iptables -t mangle -A POSTROUTING -m physdev --physdev-in eth1 --physdev-out $DEV -j astshape
+iptables -t mangle -A POSTROUTING -m physdev --physdev-is-bridged -j astshape
else
iptables -t mangle -A POSTROUTING -o $DEV -j astshape
fi
@@ -197,9 +198,9 @@
if [ "$TRAFFIC" = "host" -o "$TRAFFIC" = "all" ]
then
-if [ "$BRIDGE0" ]
-then
-iptables -t mangle -A OUTPUT -m physdev --physdev-out $DEV -j astshape
+if [ "$BRIDGE0" ]
+then
+echo -n
else
iptables -t mangle -A OUTPUT -o $DEV -j astshape
fi
@@ -243,8 +244,11 @@
fi
# PRIO TCP ACKs
+if [ ! "$DOWNLINK" = "$UPLINK" ]
+then
iptables -t mangle -A astshape -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK \
-m length --length :64 -j CLASSIFY --set-class 1:20
+fi
# put large (512+) icmp packets in default category
#iptables -t mangle -A astshape -p icmp -m length --length 512: -j CLASSIFY --set-class 1:30
@@ -257,19 +261,19 @@
start)
astshape_iptables
-for i in $DEVICE
-do
-DEV="$i"
+#for i in $DEVICE
+#do
+DEV="$DEVICE"
astshape_start
-done
+#done
;;
stop)
-for i in $DEVICE
-do
-DEV="$i"
+#for i in $DEVICE
+#do
+DEV="$DEVICE"
astshape_stop
-done
+#done
;;
restart)
@@ -282,18 +286,18 @@
;;
status)
-if [ "$BRIDGE0" ]
-then
-echo "Running in bridge mode with $BRIDGE0"
-echo
-fi
+#if [ "$BRIDGE0" ]
+#then
+#echo "Running in bridge mode with $BRIDGE0"
+#echo
+#fi
echo "Showing mangle table:"
iptables -t mangle -L -v
-for i in $DEVICE
-do
-DEV="$i"
+#for i in $DEVICE
+#do
+DEV="$DEVICE"
astshape_status
-done
+#done
;;
*)
Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf
===================================================================
--- trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-10-30 16:50:17 UTC (rev 1339)
+++ trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-10-30 18:50:57 UTC (rev 1340)
@@ -330,9 +330,21 @@
#EXTUP=300
#EXTDOWN=2000
-##Traffic from asterisk is moved into the top Q because I set tos=0x18
-##which is automatically given highest priority by astshape. Perfect, huh?
+##VoIP Ports
+##Traffic in this port range will automatically be mapped into the VoIP queue.
+##Only UDP traffic is marked. Standard iptables syntax is allowed.
+#VOIPPORTS="5060 18000:20000"
+##Interactive Ports
+##Traffic in this port range will automatically be mapped into the interactive
+##queue. TCP and UDP traffic is marked.
+#INTPORTS="110"
+
+##Shapetype. This defines the qdisc type. AstShape currently supports htb
+##(default and well tested) or the new HFSC version (untested). You can
+##select which one you'd like here
+#SHAPETYPE="hfsc"
+
##low priority OUTGOING traffic - you can leave this blank if you want
##low priority source netmasks
NOPRIOHOSTSRC=
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-10-31 16:12:35
|
Revision: 1341
http://astlinux.svn.sourceforge.net/astlinux/?rev=1341&view=rev
Author: krisk84
Date: 2007-10-31 09:12:36 -0700 (Wed, 31 Oct 2007)
Log Message:
-----------
add support for NONAT
Modified Paths:
--------------
trunk/package/iptables/astfw
trunk/target/generic/target_skeleton/stat/etc/rc.conf
Modified: trunk/package/iptables/astfw
===================================================================
--- trunk/package/iptables/astfw 2007-10-30 18:50:57 UTC (rev 1340)
+++ trunk/package/iptables/astfw 2007-10-31 16:12:36 UTC (rev 1341)
@@ -322,17 +322,53 @@
#turn on NAT (PAT) for everything\everyone else...
+if [ "$NONAT" ]
+then
+for i in $NONAT
+do
+
+if [ "$i" = "$INTIF" ]
+then
+INTIFNAT=off
+else
+INTIFNAT=on
+fi
+
+if [ "$i" = "$INT2IF" ]
+then
+INT2IFNAT=off
+else
+INT2IFNAT=on
+fi
+
+if [ "$i" = "$INT3IF" ]
+then
+INT3IFNAT=off
+else
+INT3IF=on
+fi
+
+done
+else
+INTIFNAT=on
+INT2IFNAT=on
+INT3IFNAT=on
+fi
+
for i in $EXTIFS
do
+if [ "$INTIF" -a "$INTIFNAT" = "on" ]
+then
if [ "$MASQPORTS" ]
then
iptables -t nat -A POSTROUTING -s $IPBASE.0/$INTNM -o $i -p udp -j MASQUERADE --to-ports $MASQPORTS
iptables -t nat -A POSTROUTING -s $IPBASE.0/$INTNM -o $i -p tcp -j MASQUERADE --to-ports $MASQPORTS
fi
iptables -t nat -A POSTROUTING -s $IPBASE.0/$INTNM -o $i -j MASQUERADE
+fi
-if [ "$INT2IF" ]
+if [ "$INT2IF" -a "$INT2IFNAT" = "on" ]
then
if [ "$MASQPORTS" ]
then
@@ -342,7 +378,8 @@
iptables -t nat -A POSTROUTING -s $IP2BASE.0/$INT2NM -o $i -j MASQUERADE
fi
-if [ "$INT3IF" ]
+
+if [ "$INT3IF" -a "$INT3IFNAT" = "on" ]
then
if [ "$MASQPORTS" ]
then
Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf
===================================================================
--- trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-10-30 18:50:57 UTC (rev 1340)
+++ trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-10-31 16:12:36 UTC (rev 1341)
@@ -280,6 +280,11 @@
##force TCP and UDP connections to always be natted within the range of ports defined.
#MASQPORTS="30000-60000"
+##NONAT
+##By default we do NAT/PAT on all of the internal interfaces. If you don't want to,
+##define that here. As usual, multiple arguments can be seperated by spaces.
+#NONAT="$INT2IF"
+
##Master NTP server. This is the NTP server that AstLinux will sync against
##upon bootup. It is also the server that the running ntpd process will use
##to maintain that time sync.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-11-02 20:28:16
|
Revision: 1343
http://astlinux.svn.sourceforge.net/astlinux/?rev=1343&view=rev
Author: krisk84
Date: 2007-11-02 13:28:07 -0700 (Fri, 02 Nov 2007)
Log Message:
-----------
asterisk init fixup, support for ASTG729
Modified Paths:
--------------
trunk/package/asterisk/asterisk.init
trunk/target/generic/target_skeleton/stat/etc/rc.conf
Modified: trunk/package/asterisk/asterisk.init
===================================================================
--- trunk/package/asterisk/asterisk.init 2007-11-02 04:44:22 UTC (rev 1342)
+++ trunk/package/asterisk/asterisk.init 2007-11-02 20:28:07 UTC (rev 1343)
@@ -147,8 +147,55 @@
asterisk -p
fi
-if [ -r /tmp/etc/astmanproxy.conf ]
+if [ "$ASTG729" ]
then
+G729MODULE=$ASTG729
+
+if [ "$ASTG729" = "auto" ]
+then
+# Pentium 1 has tsc
+if `grep -q tsc /proc/cpuinfo`
+then
+G729MODULE="codec_g729a-p1.so"
+fi
+
+# Pentium 2 has cmov
+if `grep -q cmov /proc/cpuinfo`
+then
+G729MODULE="codec_g729a-p2.so"
+fi
+
+# Pentium 3 has sse
+if `grep -q sse /proc/cpuinfo`
+then
+G729MODULE="codec_g729a-p3.so"
+fi
+
+# Pentium 4 has sse2
+if `grep -q sse2 /proc/cpuinfo`
+then
+G729MODULE="codec_g729a-p4.so"
+fi
+
+# Some P4s have sse3
+if `grep -q sse3 /proc/cpuinfo`
+then
+G729MODULE="codec_g729a-p4-sse3.so"
+fi
+
+fi
+
+if [ -r /usr/lib/asterisk/modules/$G729MODULE ]
+then
+/usr/sbin/asterisk -rx "load $G729MODULE"
+else
+echo "Error: Asterisk G729 module $G729MODULE not found"
+fi
+
+fi
+
+if [ -r /tmp/etc/astmanproxy.conf -a -r /etc/asterisk/astmanproxy.users ]
+then
echo "Starting astmanproxy..."
/usr/sbin/astmanproxy
fi
Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf
===================================================================
--- trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-11-02 04:44:22 UTC (rev 1342)
+++ trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-11-02 20:28:07 UTC (rev 1343)
@@ -476,6 +476,15 @@
#ASTMANPROXY_USER="admin"
#ASTMANPROXY_PASS="password"
+##Asterisk G729 Support
+##I added code to the init script to support auto detection and loading
+##of different G729 modules based on CPU type. If you don't define this
+##variable, Asterisk will just use modules.conf. If you define this
+##variable, Asterisk will load the module you specify shortly after
+##startup. If you say "auto", the init script will try to detect the
+##best module for you and load it automatically.
+#ASTG729="auto"
+
##FTP support
##vsftpd no longer starts by default. To start it from inetd, set
##inetd. For standalone mode, set vsftpd
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-11-05 08:01:55
|
Revision: 1360
http://astlinux.svn.sourceforge.net/astlinux/?rev=1360&view=rev
Author: krisk84
Date: 2007-11-05 00:01:58 -0800 (Mon, 05 Nov 2007)
Log Message:
-----------
initial support for OCF
Modified Paths:
--------------
trunk/astlinux.config
trunk/package/openssl/Config.in
trunk/package/openssl/openssl.mk
trunk/target/device/geni586/linux.config
trunk/target/device/net4801/linux.config
trunk/target/device/net5501/linux.config
trunk/target/device/via/linux.config
trunk/target/device/via-c7/linux.config
trunk/target/device/wrap/linux.config
Added Paths:
-----------
trunk/package/openssl/ocf.patch
trunk/target/device/kernel-patches/linux-2.6.20.18-ocf.patch
Modified: trunk/astlinux.config
===================================================================
--- trunk/astlinux.config 2007-11-05 07:02:47 UTC (rev 1359)
+++ trunk/astlinux.config 2007-11-05 08:01:58 UTC (rev 1360)
@@ -298,6 +298,7 @@
BR2_PACKAGE_OPENSSH=y
BR2_PACKAGE_OPENSSL=y
# BR2_PACKAGE_OPENSSL_TARGET_HEADERS is not set
+# BR2_PACKAGE_OPENSSL_OCF is not set
BR2_PACKAGE_OPENVPN=y
BR2_PACKAGE_PCIUTILS=y
# BR2_PACKAGE_PCMCIA is not set
Modified: trunk/package/openssl/Config.in
===================================================================
--- trunk/package/openssl/Config.in 2007-11-05 07:02:47 UTC (rev 1359)
+++ trunk/package/openssl/Config.in 2007-11-05 08:01:58 UTC (rev 1360)
@@ -15,3 +15,15 @@
depends on BR2_PACKAGE_OPENSSL
help
Put openssl headers in the target.
+
+config BR2_PACKAGE_OPENSSL_OCF
+ bool "openssl cryptodev engine support from OCF"
+ default y
+ depends on BR2_PACKAGE_OPENSSL
+ help
+ Apply openssl patchset from ocf which provides access
+ to kernel hardware and software cryptographic devices
+ on linux.
+
+ http://ocf-linux.sourceforge.net
+
Added: trunk/package/openssl/ocf.patch
===================================================================
--- trunk/package/openssl/ocf.patch (rev 0)
+++ trunk/package/openssl/ocf.patch 2007-11-05 08:01:58 UTC (rev 1360)
@@ -0,0 +1,425 @@
+diff -ruN openssl-0.9.7m.orig/apps/speed.c openssl-0.9.7m/apps/speed.c
+--- openssl-0.9.7m.orig/apps/speed.c 2005-05-15 21:26:01.000000000 -0400
++++ openssl-0.9.7m/apps/speed.c 2007-08-29 08:09:55.000000000 -0400
+@@ -260,10 +260,88 @@
+ #define START 0
+ #define STOP 1
+
++#ifdef __linux__
++/*
++ * record CPU usage as well
++ */
++
++static int do_cpu = 0;
++
++struct cpu_stat {
++ unsigned int user;
++ unsigned int nice;
++ unsigned int system;
++ unsigned int idle;
++ unsigned int total;
++};
++
++static unsigned int cpu_usage[ALGOR_NUM][SIZE_NUM];
++static unsigned int rsa_cpu_usage[RSA_NUM][2];
++static unsigned int dsa_cpu_usage[DSA_NUM][2];
++static struct cpu_stat cpu_start, cpu_finish;
++
++static void
++get_cpu(int s)
++{
++ FILE *fp = NULL;
++ unsigned char buf[80];
++ struct cpu_stat *st = s == START ? &cpu_start : &cpu_finish;
++
++ memset(st, 0, sizeof(*st));
++
++ if (fp == NULL)
++ fp = fopen("/proc/stat", "r");
++ if (!fp)
++ return;
++ if (fseek(fp, 0, SEEK_SET) == -1) {
++ fclose(fp);
++ return;
++ }
++ fscanf(fp, "%s %d %d %d %d", &buf[0], &st->user, &st->nice,
++ &st->system, &st->idle);
++ st->total = st->user + st->nice + st->system + st->idle;
++ fclose(fp);
++}
++
++static unsigned int
++calc_cpu()
++{
++ unsigned int total, res;
++
++ total = cpu_finish.total - cpu_start.total;
++ if (total <= 0)
++ return 0;
++#if 1 // busy
++ res = ((cpu_finish.system + cpu_finish.user + cpu_finish.nice) -
++ (cpu_start.system + cpu_start.user + cpu_start.nice)) *
++ 100 / total;
++#endif
++#if 0 // system
++ res = (cpu_finish.system - cpu_start.system) * 100 / total;
++#endif
++#if 0 // user
++ res = (cpu_finish.user - cpu_start.user) * 100 / total;
++#endif
++#if 0 // nice
++ res = (cpu_finish.nice - cpu_start.nice) * 100 / total;
++#endif
++#if 0 // idle
++ res = (cpu_finish.idle - cpu_start.idle) * 100 / total;
++#endif
++ return(res);
++}
++
++#endif
++
+ static double Time_F(int s)
+ {
+ double ret;
+
++#ifdef __linux__
++ if (do_cpu)
++ get_cpu(s);
++#endif
++
+ #ifdef USE_TOD
+ if(usertime)
+ {
+@@ -567,6 +645,14 @@
+ j--; /* Otherwise, -elapsed gets confused with
+ an algorithm. */
+ }
++#ifdef __linux__
++ else if ((argc > 0) && (strcmp(*argv,"-cpu") == 0))
++ {
++ do_cpu = 1;
++ j--; /* Otherwise, -cpu gets confused with
++ an algorithm. */
++ }
++#endif
+ else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
+ {
+ argc--;
+@@ -881,6 +967,9 @@
+ #ifdef HAVE_FORK
+ BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
+ #endif
++#ifdef __linux__
++ BIO_printf(bio_err,"-cpu calculate cpu utilisation.\n");
++#endif
+ goto end;
+ }
+ argc--;
+@@ -888,11 +977,6 @@
+ j++;
+ }
+
+-#ifdef HAVE_FORK
+- if(multi && do_multi(multi))
+- goto show_res;
+-#endif
+-
+ if (j == 0)
+ {
+ for (i=0; i<ALGOR_NUM; i++)
+@@ -1091,6 +1175,11 @@
+ signal(SIGALRM,sig_done);
+ #endif /* SIGALRM */
+
++#ifdef HAVE_FORK /* DM */
++ if(multi && do_multi(multi))
++ goto show_res;
++#endif
++
+ #ifndef OPENSSL_NO_MD2
+ if (doit[D_MD2])
+ {
+@@ -1387,8 +1476,6 @@
+ /* -O3 -fschedule-insns messes up an
+ * optimization here! names[D_EVP]
+ * somehow becomes NULL */
+- print_message(names[D_EVP],save_count,
+- lengths[j]);
+
+ EVP_CIPHER_CTX_init(&ctx);
+ if(decrypt)
+@@ -1397,6 +1484,9 @@
+ EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
++ print_message(names[D_EVP],save_count,
++ lengths[j]);
++
+ Time_F(START);
+ if(decrypt)
+ for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+@@ -1461,6 +1551,8 @@
+ }
+ }
+ d=Time_F(STOP);
++ if (do_cpu)
++ rsa_cpu_usage[j][0] = calc_cpu();
+ BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
+ : "%ld %d bit private RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+@@ -1496,6 +1588,8 @@
+ }
+ }
+ d=Time_F(STOP);
++ if (do_cpu)
++ rsa_cpu_usage[j][1] = calc_cpu();
+ BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
+ : "%ld %d bit public RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+@@ -1555,6 +1649,8 @@
+ }
+ }
+ d=Time_F(STOP);
++ if (do_cpu)
++ dsa_cpu_usage[j][0] = calc_cpu();
+ BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA signs in %.2fs\n",
+ count,dsa_bits[j],d);
+@@ -1590,6 +1686,8 @@
+ }
+ }
+ d=Time_F(STOP);
++ if (do_cpu)
++ dsa_cpu_usage[j][1] = calc_cpu();
+ BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA verify in %.2fs\n",
+ count,dsa_bits[j],d);
+@@ -1670,14 +1768,19 @@
+ fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
+ fprintf(stdout,"type ");
+ }
+- for (j=0; j<SIZE_NUM; j++)
++ for (j=0; j<SIZE_NUM; j++) {
+ fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
++ if (do_cpu && !mr)
++ fprintf(stdout, " /cpu");
++ }
+ fprintf(stdout,"\n");
+ }
+
+ for (k=0; k<ALGOR_NUM; k++)
+ {
+ if (!doit[k]) continue;
++ if (k == D_EVP)
++ names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
+ if(mr)
+ fprintf(stdout,"+F:%d:%s",k,names[k]);
+ else
+@@ -1688,6 +1791,8 @@
+ fprintf(stdout," %11.2fk",results[k][j]/1e3);
+ else
+ fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
++ if (do_cpu)
++ fprintf(stdout, mr ? "/%d" : "/%%%-3d", cpu_usage[k][j]);
+ }
+ fprintf(stdout,"\n");
+ }
+@@ -1702,13 +1807,18 @@
+ j=0;
+ }
+ if(mr)
+- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
+- k,rsa_bits[k],rsa_results[k][0],
+- rsa_results[k][1]);
+- else
+- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
++ fprintf(stdout,"+F2:%u:%u:%f", k,rsa_bits[k],rsa_results[k][0]);
++ else
++ fprintf(stdout,"rsa %4u bits %8.4fs",rsa_bits[k],rsa_results[k][0]);
++ if (do_cpu)
++ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][0]);
++ fprintf(stdout, mr ? ":%f" : " %8.4fs", rsa_results[k][1]);
++ if (do_cpu)
++ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][1]);
++ if(!mr)
++ fprintf(stdout, " %8.1f %8.1f",
++ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
++ fprintf(stdout, "\n");
+ }
+ #endif
+ #ifndef OPENSSL_NO_DSA
+@@ -1722,12 +1832,18 @@
+ j=0;
+ }
+ if(mr)
+- fprintf(stdout,"+F3:%u:%u:%f:%f\n",
+- k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
++ fprintf(stdout,"+F3:%u:%u:%f", k,dsa_bits[k],dsa_results[k][0]);
+ else
+- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
++ fprintf(stdout,"dsa %4u bits %8.4fs",dsa_bits[k],dsa_results[k][0]);
++ if (do_cpu)
++ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][0]);
++ fprintf(stdout, mr ? ":%f" : " %8.4fs", dsa_results[k][1]);
++ if (do_cpu)
++ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][1]);
++ if(!mr)
++ fprintf(stdout, " %8.1f %8.1f",
++ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
++ fprintf(stdout, "\n");
+ }
+ #endif
+ mret=0;
+@@ -1786,6 +1902,8 @@
+
+ static void print_result(int alg,int run_no,int count,double time_used)
+ {
++ if (do_cpu)
++ cpu_usage[alg][run_no] = calc_cpu();
+ BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
+ : "%ld %s's in %.2fs\n",count,names[alg],time_used);
+ results[alg][run_no]=((double)count)/time_used*lengths[run_no];
+@@ -1880,29 +1998,11 @@
+ p=buf+3;
+ alg=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+- for(j=0 ; j < SIZE_NUM ; ++j)
++ for(j=0 ; j < SIZE_NUM ; ++j) {
++ if (do_cpu && strchr(p, '/'))
++ cpu_usage[alg][j] = atoi(strchr(p, '/') + 1);
+ results[alg][j]+=atof(sstrsep(&p,sep));
+ }
+- else if(!strncmp(buf,"+F2:",4))
+- {
+- int k;
+- double d;
+-
+- p=buf+4;
+- k=atoi(sstrsep(&p,sep));
+- sstrsep(&p,sep);
+-
+- d=atof(sstrsep(&p,sep));
+- if(n)
+- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+- else
+- rsa_results[k][0]=d;
+-
+- d=atof(sstrsep(&p,sep));
+- if(n)
+- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+- else
+- rsa_results[k][1]=d;
+ }
+ else if(!strncmp(buf,"+F2:",4))
+ {
+@@ -1913,12 +2013,18 @@
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
++ /* before we move the token along */
++ if (do_cpu && strchr(p, '/'))
++ rsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+ else
+ rsa_results[k][0]=d;
+
++ /* before we move the token along */
++ if (do_cpu && strchr(p, '/'))
++ rsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+@@ -1934,12 +2040,18 @@
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
++ /* before we move the token along */
++ if (do_cpu && strchr(p, '/'))
++ dsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
+ else
+ dsa_results[k][0]=d;
+
++ /* before we move the token along */
++ if (do_cpu && strchr(p, '/'))
++ dsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
+diff -ruN openssl-0.9.7m.orig/crypto/engine/eng_all.c openssl-0.9.7m/crypto/engine/eng_all.c
+--- openssl-0.9.7m.orig/crypto/engine/eng_all.c 2003-01-16 13:29:33.000000000 -0500
++++ openssl-0.9.7m/crypto/engine/eng_all.c 2007-08-29 08:04:22.000000000 -0400
+@@ -95,13 +95,13 @@
+ #ifndef OPENSSL_NO_HW_4758_CCA
+ ENGINE_load_4758cca();
+ #endif
+-#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__linux__)
+ ENGINE_load_cryptodev();
+ #endif
+ #endif
+ }
+
+-#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__linux__)
+ void ENGINE_setup_bsd_cryptodev(void) {
+ static int bsd_cryptodev_default_loaded = 0;
+ if (!bsd_cryptodev_default_loaded) {
+diff -ruN openssl-0.9.7m.orig/crypto/engine/engine.h openssl-0.9.7m/crypto/engine/engine.h
+--- openssl-0.9.7m.orig/crypto/engine/engine.h 2003-11-29 05:25:41.000000000 -0500
++++ openssl-0.9.7m/crypto/engine/engine.h 2007-08-29 08:04:22.000000000 -0400
+@@ -633,7 +633,7 @@
+ if(!fn(e,id)) return 0; \
+ return 1; }
+
+-#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__linux__)
+ void ENGINE_setup_bsd_cryptodev(void);
+ #endif
+
+diff -ruN openssl-0.9.7m.orig/crypto/engine/hw_cryptodev.c openssl-0.9.7m/crypto/engine/hw_cryptodev.c
+--- openssl-0.9.7m.orig/crypto/engine/hw_cryptodev.c 2004-06-15 07:46:06.000000000 -0400
++++ openssl-0.9.7m/crypto/engine/hw_cryptodev.c 2007-08-29 08:04:22.000000000 -0400
+@@ -32,7 +32,7 @@
+
+ #if (defined(__unix__) || defined(unix)) && !defined(USG)
+ #include <sys/param.h>
+-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
++# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__linux__)
+ # define HAVE_CRYPTODEV
+ # endif
+ # if (OpenBSD >= 200110)
+@@ -264,7 +264,7 @@
+ return (0);
+ }
+ memset(&sess, 0, sizeof(sess));
+- sess.key = (caddr_t)"123456781234567812345678";
++ sess.key = (caddr_t)"123456789abcdefghijklmno";
+
+ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (ciphers[i].nid == NID_undef)
+@@ -639,6 +639,7 @@
+ b = malloc(bytes);
+ if (b == NULL)
+ return (1);
++ memset(b, 0, bytes);
+
+ crp->crp_p = b;
+ crp->crp_nbits = bits;
+@@ -683,7 +684,7 @@
+ {
+ int i;
+
+- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
++ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
+ if (kop->crk_param[i].crp_p)
+ free(kop->crk_param[i].crp_p);
+ kop->crk_param[i].crp_p = NULL;
Modified: trunk/package/openssl/openssl.mk
===================================================================
--- trunk/package/openssl/openssl.mk 2007-11-05 07:02:47 UTC (rev 1359)
+++ trunk/package/openssl/openssl.mk 2007-11-05 08:01:58 UTC (rev 1360)
@@ -36,6 +36,9 @@
toolchain/patch-kernel.sh $(OPENSSL_DIR) package/openssl/ padlock\*.patch
endif
toolchain/patch-kernel.sh $(OPENSSL_DIR) package/openssl/ openssl\*.patch
+ifeq ($(BR2_PACKAGE_OPENSSL_OCF),y)
+ toolchain/patch-kernel.sh $(OPENSSL_DIR) package/openssl/ ocf\*.patch
+endif
# sigh... we have to resort to this just to set a gcc flag.
$(SED) 's,/CFLAG=,/CFLAG= $(TARGET_SOFT_FLOAT) ,g' \
$(OPENSSL_DIR)/Configure
Modified: trunk/target/device/geni586/linux.config
===================================================================
--- trunk/target/device/geni586/linux.config 2007-11-05 07:02:47 UTC (rev 1359)
+++ trunk/target/device/geni586/linux.config 2007-11-05 08:01:58 UTC (rev 1360)
@@ -2205,6 +2205,22 @@
CONFIG_CRYPTO_DEV_GEODE=m
#
+# OCF Configuration
+#
+CONFIG_OCF_OCF=m
+CONFIG_OCF_RANDOMHARVEST=m
+CONFIG_OCF_FIPS=m
+CONFIG_OCF_CRYPTODEV=m
+CONFIG_OCF_CRYPTOSOFT=m
+CONFIG_OCF_SAFE=m
+# CONFIG_OCF_IXP4XX is not set
+CONFIG_OCF_HIFN=m
+CONFIG_OCF_HIFNHIPP=m
+# CONFIG_OCF_TALITOS is not set
+CONFIG_OCF_OCFNULL=m
+CONFIG_OCF_BENCH=m
+
+#
# Library routines
#
CONFIG_BITREVERSE=y
Added: trunk/target/device/kernel-patches/linux-2.6.20.18-ocf.patch
===================================================================
--- trunk/target/device/kernel-patches/linux-2.6.20.18-ocf.patch (rev 0)
+++ trunk/target/device/kernel-patches/linux-2.6.20.18-ocf.patch 2007-11-05 08:01:58 UTC (rev 1360)
@@ -0,0 +1,18239 @@
+diff -urN linux-2.6.20.18.orig/crypto/Kconfig linux-2.6.20.18/crypto/Kconfig
+--- linux-2.6.20.18.orig/crypto/Kconfig 2007-08-28 06:15:07.000000000 -0400
++++ linux-2.6.20.18/crypto/Kconfig 2007-11-05 02:25:26.000000000 -0500
+@@ -470,3 +470,6 @@
+ endif # if CRYPTO
+
+ endmenu
++
++source "crypto/ocf/Kconfig"
++
+diff -urN linux-2.6.20.18.orig/crypto/Kconfig.orig linux-2.6.20.18/crypto/Kconfig.orig
+--- linux-2.6.20.18.orig/crypto/Kconfig.orig 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/crypto/Kconfig.orig 2007-08-28 06:15:07.000000000 -0400
+@@ -0,0 +1,472 @@
++#
++# Cryptographic API Configuration
++#
++
++menu "Cryptographic options"
++
++config CRYPTO
++ bool "Cryptographic API"
++ help
++ This option provides the core Cryptographic API.
++
++if CRYPTO
++
++config CRYPTO_ALGAPI
++ tristate
++ help
++ This option provides the API for cryptographic algorithms.
++
++config CRYPTO_BLKCIPHER
++ tristate
++ select CRYPTO_ALGAPI
++
++config CRYPTO_HASH
++ tristate
++ select CRYPTO_ALGAPI
++
++config CRYPTO_MANAGER
++ tristate "Cryptographic algorithm manager"
++ select CRYPTO_ALGAPI
++ help
++ Create default cryptographic template instantiations such as
++ cbc(aes).
++
++config CRYPTO_HMAC
++ tristate "HMAC support"
++ select CRYPTO_HASH
++ select CRYPTO_MANAGER
++ help
++ HMAC: Keyed-Hashing for Message Authentication (RFC2104).
++ This is required for IPSec.
++
++config CRYPTO_XCBC
++ tristate "XCBC support"
++ depends on EXPERIMENTAL
++ select CRYPTO_HASH
++ select CRYPTO_MANAGER
++ help
++ XCBC: Keyed-Hashing with encryption algorithm
++ http://www.ietf.org/rfc/rfc3566.txt
++ http://csrc.nist.gov/encryption/modes/proposedmodes/
++ xcbc-mac/xcbc-mac-spec.pdf
++
++config CRYPTO_NULL
++ tristate "Null algorithms"
++ select CRYPTO_ALGAPI
++ help
++ These are 'Null' algorithms, used by IPsec, which do nothing.
++
++config CRYPTO_MD4
++ tristate "MD4 digest algorithm"
++ select CRYPTO_ALGAPI
++ help
++ MD4 message digest algorithm (RFC1320).
++
++config CRYPTO_MD5
++ tristate "MD5 digest algorithm"
++ select CRYPTO_ALGAPI
++ help
++ MD5 message digest algorithm (RFC1321).
++
++config CRYPTO_SHA1
++ tristate "SHA1 digest algorithm"
++ select CRYPTO_ALGAPI
++ help
++ SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
++
++config CRYPTO_SHA1_S390
++ tristate "SHA1 digest algorithm (s390)"
++ depends on S390
++ select CRYPTO_ALGAPI
++ help
++ This is the s390 hardware accelerated implementation of the
++ SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
++
++config CRYPTO_SHA256
++ tristate "SHA256 digest algorithm"
++ select CRYPTO_ALGAPI
++ help
++ SHA256 secure hash standard (DFIPS 180-2).
++
++ This version of SHA implements a 256 bit hash with 128 bits of
++ security against collision attacks.
++
++config CRYPTO_SHA256_S390
++ tristate "SHA256 digest algorithm (s390)"
++ depends on S390
++ select CRYPTO_ALGAPI
++ help
++ This is the s390 hardware accelerated implementation of the
++ SHA256 secure hash standard (DFIPS 180-2).
++
++ This version of SHA implements a 256 bit hash with 128 bits of
++ security against collision attacks.
++
++config CRYPTO_SHA512
++ tristate "SHA384 and SHA512 digest algorithms"
++ select CRYPTO_ALGAPI
++ help
++ SHA512 secure hash standard (DFIPS 180-2).
++
++ This version of SHA implements a 512 bit hash with 256 bits of
++ security against collision attacks.
++
++ This code also includes SHA-384, a 384 bit hash with 192 bits
++ of security against collision attacks.
++
++config CRYPTO_WP512
++ tristate "Whirlpool digest algorithms"
++ select CRYPTO_ALGAPI
++ help
++ Whirlpool hash algorithm 512, 384 and 256-bit hashes
++
++ Whirlpool-512 is part of the NESSIE cryptographic primitives.
++ Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
++
++ See also:
++ <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
++
++config CRYPTO_TGR192
++ tristate "Tiger digest algorithms"
++ select CRYPTO_ALGAPI
++ help
++ Tiger hash algorithm 192, 160 and 128-bit hashes
++
++ Tiger is a hash function optimized for 64-bit processors while
++ still having decent performance on 32-bit processors.
++ Tiger was developed by Ross Anderson and Eli Biham.
++
++ See also:
++ <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
++
++config CRYPTO_GF128MUL
++ tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
++ depends on EXPERIMENTAL
++ help
++ Efficient table driven implementation of multiplications in the
++ field GF(2^128). This is needed by some cypher modes. This
++ option will be selected automatically if you select such a
++ cipher mode. Only select this option by hand if you expect to load
++ an external module that requires these functions.
++
++config CRYPTO_ECB
++ tristate "ECB support"
++ select CRYPTO_BLKCIPHER
++ select CRYPTO_MANAGER
++ default m
++ help
++ ECB: Electronic CodeBook mode
++ This is the simplest block cipher algorithm. It simply encrypts
++ the input block by block.
++
++config CRYPTO_CBC
++ tristate "CBC support"
++ select CRYPTO_BLKCIPHER
++ select CRYPTO_MANAGER
++ default m
++ help
++ CBC: Cipher Block Chaining mode
++ This block cipher algorithm is required for IPSec.
++
++config CRYPTO_LRW
++ tristate "LRW support (EXPERIMENTAL)"
++ depends on EXPERIMENTAL
++ select CRYPTO_BLKCIPHER
++ select CRYPTO_MANAGER
++ select CRYPTO_GF128MUL
++ help
++ LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
++ narrow block cipher mode for dm-crypt. Use it with cipher
++ specification string aes-lrw-benbi, the key must be 256, 320 or 384.
++ The first 128, 192 or 256 bits in the key are used for AES and the
++ rest is used to tie each cipher block to its logical position.
++
++config CRYPTO_DES
++ tristate "DES and Triple DES EDE cipher algorithms"
++ select CRYPTO_ALGAPI
++ help
++ DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
++
++config CRYPTO_DES_S390
++ tristate "DES and Triple DES cipher algorithms (s390)"
++ depends on S390
++ select CRYPTO_ALGAPI
++ select CRYPTO_BLKCIPHER
++ help
++ DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
++
++config CRYPTO_BLOWFISH
++ tristate "Blowfish cipher algorithm"
++ select CRYPTO_ALGAPI
++ help
++ Blowfish cipher algorithm, by Bruce Schneier.
++
++ This is a variable key length cipher which can use keys from 32
++ bits to 448 bits in length. It's fast, simple and specifically
++ designed for use on "large microprocessors".
++
++ See also:
++ <http://www.schneier.com/blowfish.html>
++
++config CRYPTO_TWOFISH
++ tristate "Twofish cipher algorithm"
++ select CRYPTO_ALGAPI
++ select CRYPTO_TWOFISH_COMMON
++ help
++ Twofish cipher algorithm.
++
++ Twofish was submitted as an AES (Advanced Encryption Standard)
++ candidate cipher by researchers at CounterPane Systems. It is a
++ 16 round block cipher supporting key sizes of 128, 192, and 256
++ bits.
++
++ See also:
++ <http://www.schneier.com/twofish.html>
++
++config CRYPTO_TWOFISH_COMMON
++ tristate
++ help
++ Common parts of the Twofish cipher algorithm shared by the
++ generic c and the assembler implementations.
++
++config CRYPTO_TWOFISH_586
++ tristate "Twofish cipher algorithms (i586)"
++ depends on (X86 || UML_X86) && !64BIT
++ select CRYPTO_ALGAPI
++ select CRYPTO_TWOFISH_COMMON
++ help
++ Twofish cipher algorithm.
++
++ Twofish was submitted as an AES (Advanced Encryption Standard)
++ candidate cipher by researchers at CounterPane Systems. It is a
++ 16 round block cipher supporting key sizes of 128, 192, and 256
++ bits.
++
++ See also:
++ <http://www.schneier.com/twofish.html>
++
++config CRYPTO_TWOFISH_X86_64
++ tristate "Twofish cipher algorithm (x86_64)"
++ depends on (X86 || UML_X86) && 64BIT
++ select CRYPTO_ALGAPI
++ select CRYPTO_TWOFISH_COMMON
++ help
++ Twofish cipher algorithm (x86_64).
++
++ Twofish was submitted as an AES (Advanced Encryption Standard)
++ candidate cipher by researchers at CounterPane Systems. It is a
++ 16 round block cipher supporting key sizes of 128, 192, and 256
++ bits.
++
++ See also:
++ <http://www.schneier.com/twofish.html>
++
++config CRYPTO_SERPENT
++ tristate "Serpent cipher algorithm"
++ select CRYPTO_ALGAPI
++ help
++ Serpent cipher algorithm, by Anderson, Biham & Knudsen.
++
++ Keys are allowed to be from 0 to 256 bits in length, in steps
++ of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
++ variant of Serpent for compatibility with old kerneli code.
++
++ See also:
++ <http://www.cl.cam.ac.uk/~rja14/serpent.html>
++
++config CRYPTO_AES
++ tristate "AES cipher algorithms"
++ select CRYPTO_ALGAPI
++ help
++ AES cipher algorithms (FIPS-197). AES uses the Rijndael
++ algorithm.
++
++ Rijndael appears to be consistently a very good performer in
++ both hardware and software across a wide range of computing
++ environments regardless of its use in feedback or non-feedback
++ modes. Its key setup time is excellent, and its key agility is
++ good. Rijndael's very low memory requirements make it very well
++ suited for restricted-space environments, in which it also
++ demonstrates excellent performance. Rijndael's operations are
++ among the easiest to defend against power and timing attacks.
++
++ The AES specifies three key sizes: 128, 192 and 256 bits
++
++ See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
++
++config CRYPTO_AES_586
++ tristate "AES cipher algorithms (i586)"
++ depends on (X86 || UML_X86) && !64BIT
++ select CRYPTO_ALGAPI
++ help
++ AES cipher algorithms (FIPS-197). AES uses the Rijndael
++ algorithm.
++
++ Rijndael appears to be consistently a very good performer in
++ both hardware and software across a wide range of computing
++ environments regardless of its use in feedback or non-feedback
++ modes. Its key setup time is excellent, and its key agility is
++ good. Rijndael's very low memory requirements make it very well
++ suited for restricted-space environments, in which it also
++ demonstrates excellent performance. Rijndael's operations are
++ among the easiest to defend against power and timing attacks.
++
++ The AES specifies three key sizes: 128, 192 and 256 bits
++
++ See <http://csrc.nist.gov/encryption/aes/> for more information.
++
++config CRYPTO_AES_X86_64
++ tristate "AES cipher algorithms (x86_64)"
++ depends on (X86 || UML_X86) && 64BIT
++ select CRYPTO_ALGAPI
++ help
++ AES cipher algorithms (FIPS-197). AES uses the Rijndael
++ algorithm.
++
++ Rijndael appears to be consistently a very good performer in
++ both hardware and software across a wide range of computing
++ environments regardless of its use in feedback or non-feedback
++ modes. Its key setup time is excellent, and its key agility is
++ good. Rijndael's very low memory requirements make it very well
++ suited for restricted-space environments, in which it also
++ demonstrates excellent performance. Rijndael's operations are
++ among the easiest to defend against power and timing attacks.
++
++ The AES specifies three key sizes: 128, 192 and 256 bits
++
++ See <http://csrc.nist.gov/encryption/aes/> for more information.
++
++config CRYPTO_AES_S390
++ tristate "AES cipher algorithms (s390)"
++ depends on S390
++ select CRYPTO_ALGAPI
++ select CRYPTO_BLKCIPHER
++ help
++ This is the s390 hardware accelerated implementation of the
++ AES cipher algorithms (FIPS-197). AES uses the Rijndael
++ algorithm.
++
++ Rijndael appears to be consistently a very good performer in
++ both hardware and software across a wide range of computing
++ environments regardless of its use in feedback or non-feedback
++ modes. Its key setup time is excellent, and its key agility is
++ good. Rijndael's very low memory requirements make it very well
++ suited for restricted-space environments, in which it also
++ demonstrates excellent performance. Rijndael's operations are
++ among the easiest to defend against power and timing attacks.
++
++ On s390 the System z9-109 currently only supports the key size
++ of 128 bit.
++
++config CRYPTO_CAST5
++ tristate "CAST5 (CAST-128) cipher algorithm"
++ select CRYPTO_ALGAPI
++ help
++ The CAST5 encryption algorithm (synonymous with CAST-128) is
++ described in RFC2144.
++
++config CRYPTO_CAST6
++ tristate "CAST6 (CAST-256) cipher algorithm"
++ select CRYPTO_ALGAPI
++ help
++ The CAST6 encryption algorithm (synonymous with CAST-256) is
++ described in RFC2612.
++
++config CRYPTO_TEA
++ tristate "TEA, XTEA and XETA cipher algorithms"
++ select CRYPTO_ALGAPI
++ help
++ TEA cipher algorithm.
++
++ Tiny Encryption Algorithm is a simple cipher that uses
++ many rounds for security. It is very fast and uses
++ little memory.
++
++ Xtendend Tiny Encryption Algorithm is a modification to
++ the TEA algorithm to address a potential key weakness
++ in the TEA algorithm.
++
++ Xtendend Encryption Tiny Algorithm is a mis-implementation
++ of the XTEA algorithm for compatibility purposes.
++
++config CRYPTO_ARC4
++ tristate "ARC4 cipher algorithm"
++ select CRYPTO_ALGAPI
++ help
++ ARC4 cipher algorithm.
++
++ ARC4 is a stream cipher using keys ranging from 8 bits to 2048
++ bits in length. This algorithm is required for driver-based
++ WEP, but it should not be for other purposes because of the
++ weakness of the algorithm.
++
++config CRYPTO_KHAZAD
++ tristate "Khazad cipher algorithm"
++ select CRYPTO_ALGAPI
++ help
++ Khazad cipher algorithm.
++
++ Khazad was a finalist in the initial NESSIE competition. It is
++ an algorithm optimized for 64-bit processors with good performance
++ on 32-bit processors. Khazad uses an 128 bit key size.
++
++ See also:
++ <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
++
++config CRYPTO_ANUBIS
++ tristate "Anubis cipher algorithm"
++ select CRYPTO_ALGAPI
++ help
++ Anubis cipher algorithm.
++
++ Anubis is a variable key length cipher which can use keys from
++ 128 bits to 320 bits in length. It was evaluated as a entrant
++ in the NESSIE competition.
++
++ See also:
++ <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
++ <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
++
++
++config CRYPTO_DEFLATE
++ tristate "Deflate compression algorithm"
++ select CRYPTO_ALGAPI
++ select ZLIB_INFLATE
++ select ZLIB_DEFLATE
++ help
++ This is the Deflate algorithm (RFC1951), specified for use in
++ IPSec with the IPCOMP protocol (RFC3173, RFC2394).
++
++ You will most probably want this if using IPSec.
++
++config CRYPTO_MICHAEL_MIC
++ tristate "Michael MIC keyed digest algorithm"
++ select CRYPTO_ALGAPI
++ help
++ Michael MIC is used for message integrity protection in TKIP
++ (IEEE 802.11i). This algorithm is required for TKIP, but it
++ should not be used for other purposes because of the weakness
++ of the algorithm.
++
++config CRYPTO_CRC32C
++ tristate "CRC32c CRC algorithm"
++ select CRYPTO_ALGAPI
++ select LIBCRC32C
++ help
++ Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
++ by iSCSI for header and data digests and by others.
++ See Castagnoli93. This implementation uses lib/libcrc32c.
++ Module will be crc32c.
++
++config CRYPTO_TEST
++ tristate "Testing module"
++ depends on m
++ select CRYPTO_ALGAPI
++ help
++ Quick & dirty crypto test module.
++
++source "drivers/crypto/Kconfig"
++
++endif # if CRYPTO
++
++endmenu
+diff -urN linux-2.6.20.18.orig/crypto/Makefile linux-2.6.20.18/crypto/Makefile
+--- linux-2.6.20.18.orig/crypto/Makefile 2007-08-28 06:15:07.000000000 -0400
++++ linux-2.6.20.18/crypto/Makefile 2007-11-05 02:25:26.000000000 -0500
+@@ -45,3 +45,5 @@
+ obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
+
+ obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
++obj-$(CONFIG_OCF_OCF) += ocf/
++
+diff -urN linux-2.6.20.18.orig/crypto/Makefile.orig linux-2.6.20.18/crypto/Makefile.orig
+--- linux-2.6.20.18.orig/crypto/Makefile.orig 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/crypto/Makefile.orig 2007-08-28 06:15:07.000000000 -0400
+@@ -0,0 +1,47 @@
++#
++# Cryptographic API
++#
++
++obj-$(CONFIG_CRYPTO) += api.o scatterwalk.o cipher.o digest.o compress.o
++
++crypto_algapi-$(CONFIG_PROC_FS) += proc.o
++crypto_algapi-objs := algapi.o $(crypto_algapi-y)
++obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o
++
++obj-$(CONFIG_CRYPTO_BLKCIPHER) += blkcipher.o
++
++crypto_hash-objs := hash.o
++obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o
++
++obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o
++obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
++obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
++obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
++obj-$(CONFIG_CRYPTO_MD4) += md4.o
++obj-$(CONFIG_CRYPTO_MD5) += md5.o
++obj-$(CONFIG_CRYPTO_SHA1) += sha1.o
++obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
++obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
++obj-$(CONFIG_CRYPTO_WP512) += wp512.o
++obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
++obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
++obj-$(CONFIG_CRYPTO_ECB) += ecb.o
++obj-$(CONFIG_CRYPTO_CBC) += cbc.o
++obj-$(CONFIG_CRYPTO_LRW) += lrw.o
++obj-$(CONFIG_CRYPTO_DES) += des.o
++obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
++obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
++obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
++obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
++obj-$(CONFIG_CRYPTO_AES) += aes.o
++obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
++obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
++obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
++obj-$(CONFIG_CRYPTO_TEA) += tea.o
++obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
++obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
++obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
++obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
++obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
++
++obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
+diff -urN linux-2.6.20.18.orig/crypto/ocf/Config.in linux-2.6.20.18/crypto/ocf/Config.in
+--- linux-2.6.20.18.orig/crypto/ocf/Config.in 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/crypto/ocf/Config.in 2007-11-05 02:25:26.000000000 -0500
+@@ -0,0 +1,28 @@
++#############################################################################
++
++mainmenu_option next_comment
++comment 'OCF Configuration'
++tristate 'OCF (Open Cryptograhic Framework)' CONFIG_OCF_OCF
++dep_tristate ' enable fips RNG checks (fips check on RNG data before use)' \
++ CONFIG_OCF_FIPS $CONFIG_OCF_OCF
++dep_tristate ' enable harvesting entropy for /dev/random' \
++ CONFIG_OCF_RANDOMHARVEST $CONFIG_OCF_OCF
++dep_tristate ' cryptodev (user space support)' \
++ CONFIG_OCF_CRYPTODEV $CONFIG_OCF_OCF
++dep_tristate ' cryptosoft (software crypto engine)' \
++ CONFIG_OCF_CRYPTOSOFT $CONFIG_OCF_OCF
++dep_tristate ' safenet (HW crypto engine)' \
++ CONFIG_OCF_SAFE $CONFIG_OCF_OCF
++dep_tristate ' IXP4xx (HW crypto engine)' \
++ CONFIG_OCF_IXP4XX $CONFIG_OCF_OCF
++dep_tristate ' hifn (HW crypto engine)' \
++ CONFIG_OCF_HIFN $CONFIG_OCF_OCF
++dep_tristate ' talitos (HW crypto engine)' \
++ CONFIG_OCF_TALITOS $CONFIG_OCF_OCF
++dep_tristate ' ocfnull (does no crypto)' \
++ CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF
++dep_tristate ' ocf-bench (HW crypto in-kernel benchmark)' \
++ CONFIG_OCF_BENCH $CONFIG_OCF_OCF
++endmenu
++
++#############################################################################
+diff -urN linux-2.6.20.18.orig/crypto/ocf/criov.c linux-2.6.20.18/crypto/ocf/criov.c
+--- linux-2.6.20.18.orig/crypto/ocf/criov.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/crypto/ocf/criov.c 2007-11-05 02:25:26.000000000 -0500
+@@ -0,0 +1,215 @@
++/* $OpenBSD: criov.c,v 1.9 2002/01/29 15:48:29 jason Exp $ */
++
++/*
++ * Linux port done by David McCullough <dav...@se...>
++ * Copyright (C) 2006-2007 David McCullough
++ * Copyright (C) 2004-2005 Intel Corporation.
++ * The license and original author are listed below.
++ *
++ * Copyright (c) 1999 Theo de Raadt
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote products
++ * derived from this software without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++__FBSDID("$FreeBSD: src/sys/opencrypto/criov.c,v 1.5 2006/06/04 22:15:13 pjd Exp $");
++ */
++
++#ifndef AUTOCONF_INCLUDED
++#include <linux/config.h>
++#endif
++#include <linux/module.h>
++#include <linux/init.h>
++#include <linux/slab.h>
++#include <linux/uio.h>
++#include <linux/skbuff.h>
++#include <linux/kernel.h>
++#include <linux/mm.h>
++#include <asm/io.h>
++
++#include <uio.h>
++#include <cryptodev.h>
++
++/*
++ * This macro is only for avoiding code duplication, as we need to skip
++ * given number of bytes in the same way in three functions below.
++ */
++#define CUIO_SKIP() do { \
++ KASSERT(off >= 0, ("%s: off %d < 0", __func__, off)); \
++ KASSERT(len >= 0, ("%s: len %d < 0", __func__, len)); \
++ while (off > 0) { \
++ KASSERT(iol >= 0, ("%s: empty in skip", __func__)); \
++ if (off < iov->iov_len) \
++ break; \
++ off -= iov->iov_len; \
++ iol--; \
++ iov++; \
++ } \
++} while (0)
++
++void
++cuio_copydata(struct uio* uio, int off, int len, caddr_t cp)
++{
++ struct iovec *iov = uio->uio_iov;
++ int iol = uio->uio_iovcnt;
++ unsigned count;
++
++ CUIO_SKIP();
++ while (len > 0) {
++ KASSERT(iol >= 0, ("%s: empty", __func__));
++ count = min((int)(iov->iov_len - off), len);
++ memcpy(cp, ((caddr_t)iov->iov_base) + off, count);
++ len -= count;
++ cp += count;
++ off = 0;
++ iol--;
++ iov++;
++ }
++}
++
++void
++cuio_copyback(struct uio* uio, int off, int len, caddr_t cp)
++{
++ struct iovec *iov = uio->uio_iov;
++ int iol = uio->uio_iovcnt;
++ unsigned count;
++
++ CUIO_SKIP();
++ while (len > 0) {
++ KASSERT(iol >= 0, ("%s: empty", __func__));
++ count = min((int)(iov->iov_len - off), len);
++ memcpy(((caddr_t)iov->iov_base) + off, cp, count);
++ len -= count;
++ cp += count;
++ off = 0;
++ iol--;
++ iov++;
++ }
++}
++
++/*
++ * Return a pointer to iov/offset of location in iovec list.
++ */
++struct iovec *
++cuio_getptr(struct uio *uio, int loc, int *off)
++{
++ struct iovec *iov = uio->uio_iov;
++ int iol = uio->uio_iovcnt;
++
++ while (loc >= 0) {
++ /* Normal end of search */
++ if (loc < iov->iov_len) {
++ *off = loc;
++ return (iov);
++ }
++
++ loc -= iov->iov_len;
++ if (iol == 0) {
++ if (loc == 0) {
++ /* Point at the end of valid data */
++ *off = iov->iov_len;
++ return (iov);
++ } else
++ return (NULL);
++ } else {
++ iov++, iol--;
++ }
++ }
++
++ return (NULL);
++}
++
++EXPORT_SYMBOL(cuio_copyback);
++EXPORT_SYMBOL(cuio_copydata);
++EXPORT_SYMBOL(cuio_getptr);
++
++
++static void
++skb_copy_bits_back(struct sk_buff *skb, int offset, caddr_t cp, int len)
++{
++ int i;
++ if (offset < skb_headlen(skb)) {
++ memcpy(skb->data + offset, cp, min_t(int, skb_headlen(skb), len));
++ len -= skb_headlen(skb);
++ cp += skb_headlen(skb);
++ }
++ offset -= skb_headlen(skb);
++ for (i = 0; len > 0 && i < skb_shinfo(skb)->nr_frags; i++) {
++ if (offset < skb_shinfo(skb)->frags[i].size) {
++ memcpy(page_address(skb_shinfo(skb)->frags[i].page) +
++ skb_shinfo(skb)->frags[i].page_offset,
++ cp, min_t(int, skb_shinfo(skb)->frags[i].size, len));
++ len -= skb_shinfo(skb)->frags[i].size;
++ cp += skb_shinfo(skb)->frags[i].size;
++ }
++ offset -= skb_shinfo(skb)->frags[i].size;
++ }
++}
++
++void
++crypto_copyback(int flags, caddr_t buf, int off, int size, caddr_t in)
++{
++
++ if ((flags & CRYPTO_F_SKBUF) != 0)
++ skb_copy_bits_back((struct sk_buff *)buf, off, in, size);
++ else if ((flags & CRYPTO_F_IOV) != 0)
++ cuio_copyback((struct uio *)buf, off, size, in);
++ else
++ bcopy(in, buf + off, size);
++}
++
++void
++crypto_copydata(int flags, caddr_t buf, int off, int size, caddr_t out)
++{
++
++ if ((flags & CRYPTO_F_SKBUF) != 0)
++ skb_copy_bits((struct sk_buff *)buf, off, out, size);
++ else if ((flags & CRYPTO_F_IOV) != 0)
++ cuio_copydata((struct uio *)buf, off, size, out);
++ else
++ bcopy(buf + off, out, size);
++}
++
++int
++crypto_apply(int flags, caddr_t buf, int off, int len,
++ int (*f)(void *, void *, u_int), void *arg)
++{
++#if 0
++ int error;
++
++ if ((flags & CRYPTO_F_SKBUF) != 0)
++ error = XXXXXX((struct mbuf *)buf, off, len, f, arg);
++ else if ((flags & CRYPTO_F_IOV) != 0)
++ error = cuio_apply((struct uio *)buf, off, len, f, arg);
++ else
++ error = (*f)(arg, buf + off, len);
++ return (error);
++#else
++ KASSERT(0, ("crypto_apply not implemented!\n"));
++#endif
++ return 0;
++}
++
++EXPORT_SYMBOL(crypto_copyback);
++EXPORT_SYMBOL(crypto_copydata);
++EXPORT_SYMBOL(crypto_apply);
++
+diff -urN linux-2.6.20.18.orig/crypto/ocf/crypto.c linux-2.6.20.18/crypto/ocf/crypto.c
+--- linux-2.6.20.18.orig/crypto/ocf/crypto.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.20.18/crypto/ocf/crypto.c 2007-11-05 02:25:26.000000000 -0500
+@@ -0,0 +1,1673 @@
++/*-
++ * Linux port done by David McCullough <dav...@se...>
++ * Copyright (C) 2006-2007 David McCullough
++ * Copyright (C) 2004-2005 Intel Corporation.
++ * The license and original author are listed below.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * Copyright (c) 2002-2006 Sam Leffler. All rights reserved.
++ *
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#if 0
++#include <sys/cdefs.h>
++__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.27 2007/03/21 03:42:51 sam Exp $");
++#endif
++
++/*
++ * Cryptographic Subsystem.
++ *
++ * This code is derived from the Openbsd Cryptographic Framework (OCF)
++ * that has the copyright shown below. Very little of the original
++ * code remains.
++ */
++/*-
++ * The author of this code is Angelos D. Keromytis (an...@ci...)
++ *
++ * This code was written by Angelos D. Keromytis in Athens, Greece, in
++ * February 2000. Network Security Technologies Inc. (NSTI) kindly
++ * supported the development of this code.
++ *
++ * Copyright (c) 2000, 2001 Angelos D. Keromytis
++ *
++ * Permission to use, copy, and modify this software with or without fee
++ * is hereby granted, provided that this entire notice is included in
++ * all source code copies of any software which is or includes a copy or
++ * modification of this software.
++ *
++ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
++ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
++ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
++ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
++ * PURPOSE.
++ *
++__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp Exp $");
++ */
++
++
++#ifndef AUTOCONF_INCLUDED
++#include <linux/config.h>
++#endif
++#include <linux/module.h>
++#include <linux/init.h>
++#include <linux/list.h>
++#include <linux/slab.h>
++#include <linux/wait.h>
++#include <linux/sched.h>
++#include <linux/spinlock.h>
++#include <linux/version.h>
++#include <cryptodev.h>
++
++/*
++ * keep track of whether or not we have been initialised, a big
++ * issue if we are linked into the kernel and a driver gets started before
++ * us
++ */
++static int crypto_initted = 0;
++
++/*
++ * Crypto drivers register themselves by allocating a slot in the
++ * crypto_drivers table with crypto_get_driverid() and then registering
++ * each algorithm they support with crypto_register() and crypto_kregister().
++ */
++
++/*
++ * lock on driver table
++ * we track its state as spin_is_locked does not do anything on non-SMP boxes
++ */
++static spinlock_t crypto_drivers_lock;
++static int crypto_drivers_locked; /* for non-SMP boxes */
++
++#define CRYPTO_DRIVER_LOCK() \
++ ({ \
++ spin_lock_irqsave(&crypto_drivers_lock, d_flags); \
++ crypto_drivers_locked = 1; \
++ dprintk("%s,%d: DRIVER_LOCK()\n", __FILE__, __LINE__); \
++ })
++#define CRYPTO_DRIVER_UNLOCK() \
++ ({ \
++ dprintk("%s,%d: DRIVER_UNLOCK()\n", __FILE__, __LINE__); \
++ crypto_drivers_locked = 0; \
++ spin_unlock_irqrestore(&crypto_drivers_lock, d_flags); \
++ })
++#define CRYPTO_DRIVER_ASSERT() \
++ ({ \
++ if (!crypto_drivers_locked) { \
++ dprintk("%s,%d: DRIVER_ASSERT!\n", __FILE__, __LINE__); \
++ } \
++ })
++
++/*
++ * Crypto device/driver capabilities structure.
++ *
++ * Synchronization:
++ * (d) - protected by CRYPTO_DRIVER_LOCK()
++ * (q) - protected by CRYPTO_Q_LOCK()
++ * Not tagged fields are read-only.
++ */
++struct cryptocap {
++ device_t cc_dev; /* (d) device/driver */
++ u_int32_t cc_sessions; /* (d) # of sessions */
++ u_int32_t cc_koperations; /* (d) # os asym operations */
++ /*
++ * Largest possible operator length (in bits) for each type of
++ * encryption algorithm. XXX not used
++ */
++ u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
++ u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1];
++ u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1];
++
++ int cc_flags; /* (d) flags */
++#define CRYPTOCAP_F_CLEANUP 0x80000000 /* needs resource cleanup */
++ int cc_qblocked; /* (q) symmetric q blocked */
++ int cc_kqblocked; /* (q) asymmetric q blocked */
++};
++static struct cryptocap *crypto_drivers = NULL;
++static int crypto_drivers_num = 0;
++
++/*
++ * There are two queues for crypto requests; one for symmetric (e.g.
++ * cipher) operations and one for asymmetric (e.g. MOD)operations.
++ * A single mutex is used to lock access to both queues. We could
++ * have one per-queue but having one simplifies handling of block/unblock
++ * operations.
++ */
++static int crp_sleep = 0;
++static LIST_HEAD(crp_q); /* request queues */
++static LIST_HEAD(crp_kq);
++
++static int crypto_q_locked = 0; /* on !SMP systems, spin locks do nothing :-( */
++static spinlock_t crypto_q_lock;
++#define CRYPTO_Q_LOCK() \
++ ({ \
++ spin_lock_irqsave(&crypto_q_lock, q_flags); \
++ dprintk("%s,%d: Q_LOCK()\n", __FILE__, __LINE__); \
++ crypto_q_locked++; \
++ })
++#define CRYPTO_Q_UNLOCK() \
++ ({ \
++ dprintk("%s,%d: Q_UNLOCK()\n", __FILE__, __LINE__); \
++ crypto_q_locked--; \
++ spin_unlock_irqrestore(&crypto_q_lock, q_flags); \
++ })
++
++/*
++ * There are two queues for processing completed crypto requests; one
++ * for the symmetric and one for the asymmetric ops. We only need one
++ * but have two to avoid type futzing (cryptop vs. cryptkop). A single
++ * mutex is used to lock access to both queues. Note that this lock
++ * must be separate from the lock on request queues to insure driver
++ * callbacks don't generate lock order reversals.
++ */
++static LIST_HEAD(crp_ret_q); /* callback queues */
++static LIST_HEAD(crp_ret_kq);
++
++static spinlock_t crypto_ret_q_lock;
++#define CRYPTO_RETQ_LOCK() \
++ ({ \
++ spin_lock_irqsave(&crypto_ret_q_lock, r_flags); \
++ dprintk("%s,%d: RETQ_LOCK\n", __FILE__, __LINE__); \
++ })
++#define CRYPTO_RETQ_UNLOCK() \
++ ({ \
++ dprintk("%s,%d: RETQ_UNLOCK\n", __FILE__, __LINE__); \
++ spin_unlock_irqrestore(&crypto_ret_q_lock, r_flags); \
++ })
++#define CRYPTO_RETQ_EMPTY() (list_empty(&crp_ret_q) && list_empty(&crp_ret_kq))
++
++static struct kmem_cache *cryptop_zone;
++static struct kmem_cache *cryptodesc_zone;
++
++#define debug crypto_debug
++int crypto_debug = 0;
++module_param(crypto_debug, int, 0644);
++MODULE_PARM_DESC(crypto_debug, "Enable debug");
++EXPORT_SYMBOL(crypto_debug);
++
++/*
++ * Maximum number of outstanding crypto requests before we start
++ * failing requests. We need this to prevent DOS when too many
++ * requests are arriving for us to keep up. Otherwise we will
++ * run the system out of memory. Since crypto is slow, we are
++ * usually the bottleneck that needs to say, enough is enough.
++ *
++ * We cannot print errors when this condition occurs, we are already too
++ * slow, printing anything will just kill us
++ */
++
++static atomic_t crypto_q_cnt;
++static int crypto_q_max = 1000;
++module_param(crypto_q_max, int, 0644);
++MODULE_PARM_DESC(crypto_q_max,
++ "Maximum number of outstanding crypto requests");
++
++#define bootverbose crypto_verbose
++static int crypto_verbose = 0;
++module_param(crypto_verbose, int, 0644);
++MODULE_PARM_DESC(crypto_verbose,
++ "Enable verbose crypto startup");
++
++int crypto_usercrypto = 1; /* userland may do crypto reqs */
++module_param(crypto_usercrypto, int, 0644);
++MODULE_PARM_DESC(crypto_usercrypto,
++ "Enable/disable user-mode access to crypto support");
++
++int crypto_userasymcrypto = 1; /* userland may do asym crypto reqs */
++module_param(crypto_userasymcrypto, int, 0644);
++MODULE_PARM_DESC(crypto_userasymcrypto,
++ "Enable/disable user-mode access to asymmetric crypto support");
++
++int crypto_devallowsoft = 0; /* only use hardware crypto */
++module_param(crypto_devallowsoft, int, 0644);
++MODULE_PARM_DESC(crypto_devallowsoft,
++ "Enable/disable use of software crypto support");
++
++static pid_t cryptoproc = (pid_t) -1;
++static struct completion cryptoproc_exited;
++static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait);
++static pid_t cryptoretproc = (pid_t) -1;
++static struct completion cryptoretproc_exited;
++static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait);
++
++static int crypto_proc(void *arg);
++static int crypto_ret_proc(void *arg);
++static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint);
++static int crypto_kinvoke(struct cryptkop *krp, int flags);
++static void crypto_exit(void);
++static int crypto_init(void);
++
++static struct cryptostats cryptostats;
++
++static struct cryptocap *
++crypto_checkdriver(u_int32_t hid)
++{
++ if (crypto_drivers == NULL)
++ return NULL;
++ return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]);
++}
++
++/*
++ * Compare a driver's list of supported algorithms against another
++ * list; return non-zero if all algorithms are supported.
++ */
++static int
++driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri)
++{
++ const struct cryptoini *cr;
++
++ /* See if all the algorithms are supported. */
++ for (cr = cri; cr; cr = cr->cri_next)
++ if (cap->cc_alg[cr->cri_alg] == 0)
++ return 0;
++ return 1;
++}
++
++/*
++ * Select a driver for a new session that supports the specified
++ * algorithms and, optionally, is constrained according to the flags.
++ * The algorithm we use here is pretty stupid; just use the
++ * first driver that supports all the algorithms we need. If there
++ * are multiple drivers we choose the driver with the fewest active
++ * sessions. We prefer hardware-backed drivers to software ones.
++ *
++ * XXX We need more smarts here (in real life too, but that's
++ * XXX another story altogether).
++ */
++static struct cryptocap *
++crypto_select_driver(const struct cryptoini *cri, int flags)
++{
++ struct cryptocap *cap, *best;
++ int match, hid;
++
++ CRYPTO_DRIVER_ASSERT();
++
++ /*
++ * Look first for hardware crypto devices if permitted.
++ */
++ if (flags & CRYPTOCAP_F_HARDWARE)
++ match = CRYPTOCAP_F_HARDWARE;
++ else
++ match = CRYPTOCAP_F_SOFTWARE;
++ best = NULL;
++again:
++ for (hid = 0; hid < crypto_drivers_num; hid++) {
++ cap = &crypto_drivers[hid];
++ /*
++ * If it's not initialized, is in the process of
++ * going away, or is not appropriate (hardware
++ * or software based on match), then skip.
++ */
++ if (cap->cc_dev == NULL ||
++ (cap->cc_flags & CRYPTOCAP_F_CLEANUP) ||
++ (cap->cc_flags & match) == 0)
++ continue;
++
++ /* verify all the algorithms are supported. */
++ if (driver_suitable(cap, cri)) {
++ if (best == NULL ||
++ cap->cc_sessions < best->cc_sessions)
++ best = cap;
++ }
++ }
++ if (best != NULL)
++ return best;
++ if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) {
++ /* sort of an Algol 68-style for loop */
++ match = CRYPTOCAP_F_SOFTWARE;
++ goto again;
++ }
++ return best;
++}
++
++/*
++ * Create a new session. The crid argument specifies a crypto
++ * driver to use or constraints on a driver to select (hardware
++ * only, software only, either). Whatever driver is selected
++ * must be capable of the requested crypto algorithms.
++ */
++int
++crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int crid)
++{
++ struct cryptocap *cap;
++ u_int32_t hid, lid;
++ int err;
++ unsigned long d_flags;
++
++ CRYPTO_DRIVER_LOCK();
++ if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
++ /*
++ * Use specified driver; verify it is capable.
++ */
++ cap = crypto_checkdriver(crid);
++ if (cap != NULL && !driver_suitable(cap, cri))
++ cap = NULL;
++ } else {
++ /*
++ * No requested driver; select based on crid flags.
++ */
++ cap = crypto_select_driver(cri, crid);
++ /*
++ * if NULL then can't do everything in one session.
++ * XXX Fix this. We need to inject a "virtual" session
++ * XXX layer right about here.
++ */
++ }
++ if (cap != NULL) {
++ /* Call the driver initialization routine. */
++ hid = cap - crypto_drivers;
++ lid = hid; /* Pass the driver ID. */
++ err = CRYPTODEV_NEWSESSION(cap->cc_dev, &lid, cri);
++ if (err == 0) {
++ (*sid) = (cap->cc_flags & 0xff000000)
++ | (hid & 0x00ffffff);
++ (*sid) <<= 32;
++ (*sid) |= (lid & 0xffffffff);
++ cap->cc_sessions++;
++ }
++ } else
++ err = EINVAL;
++ CRYPTO_DRIVER_UNLOCK();
++ return err;
++}
++
++static void
++crypto_remove(struct cryptocap *cap)
++{
++ CRYPTO_DRIVER_ASSERT();
++ if (cap->cc_sessions == 0 && cap->cc_koperations == 0)
++ bzero(cap, sizeof(*cap));
++}
++
++/*
++ * Delete an existing session (or a reserved session on an unregistered
++ * driver).
++ */
++int
++crypto_freesession(u_int64_t sid)
++{
++ struct cryptocap *cap;
++ u_int32_t hid;
++ int err;
++ unsigned long d_flags;
++
++ dprintk("%s()\n", __FUNCTION__);
++ CRYPTO_DRIVER_LOCK();
++
++ if (crypto_drivers == NULL) {
++ err = EINVAL;
++ goto done;
++ }
++
++ /* Determine two IDs. */
++ hid = CRYPTO_SESID2HID(sid);
++
++ if (hid >= crypto_drivers_num) {
++ dprintk("%s - INVALID DRIVER NUM %d\n", __FUNCTION__, hid);
++ err = ENOENT;
++ err = ENOENT;
++ goto done;
++ }
++ cap = &crypto_drivers[hid];
++
++ if (cap->cc_sessions)
++ cap->cc_sessions--;
++
++ /* Call the driver cleanup routine, if available. */
++ err = CRYPTODEV_FREESESSION(cap->cc_dev, sid);
++
++ if (cap->cc_flags & CRYPTOCAP_F_CLEANUP)
++ crypto_remove(cap);
++
++done:
++ CRYPTO_DRIVER_UNLOCK();
++ return err;
++}
++
++/*
++ * Return an unused driver id. Used by drivers prior to registering
++ * support for the algorithms they handle.
++ */
++int32_t
++crypto_get_driverid(device_t dev, int flags)
++{
++ struct cryptocap *newdrv;
++ int i;
++ unsigned long d_flags;
++
++ if ((flags & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
++ printf("%s: no flags specified when registering driver\n",
++ device_get_nameunit(dev));
++ return -1;
++ }
++
++ CRYPTO_DRIVER_LOCK();
++
++ for (i = 0; i < crypto_drivers_num; i++) {
++ if (crypto_drivers[i].cc_dev == NULL &&
++ (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0) {
++ break;
++ }
++ }
++
++ /* Out of entries, allocate some more. */
++ if (i == crypto_drivers_num) {
++ /* Be careful about wrap-around. */
++ if (2 * crypto_drivers_num <= crypto_drivers_num) {
++ CRYPTO_DRIVER_UNLOCK();
++ printk("crypto: driver count wraparound!\n");
++ return -1;
++ }
++
++ newdrv = kmalloc(2 * crypto_drivers_num * sizeof(struct cryptocap),
++ GFP_KERNEL);
++ if (newdrv == NULL) {
++ CRYPTO_DRIVER_UNLOCK();
++ printk("crypto: no space to expand driver table!\n");
++ return -1;
++ }
++
++ memcpy(newdrv, crypto_drivers,
++ crypto_drivers_num * sizeof(struct cryptocap));
++ memset(&newdrv[crypto_drivers_num], 0,
++ crypto_drivers_num * sizeof(struct cryptocap));
++
++ crypto_drivers_num *= 2;
++
++ kfree(crypto_drivers);
++ crypto_drivers = newdrv;
++ }
++
++ /* NB: state is zero'd on free */
++ crypto_drivers[i].cc_sessions = 1; /* Mark */
++ crypto_drivers[i].cc_dev = dev;
++ crypto_drivers[i].cc_flags = flags;
++ if (bootverbose)
++ printf("crypto: assign %s driver id %u, flags %u\n",
++ device_get_nameunit(dev), i, flags);
++
++ CRYPTO_DRIVER_UNLOCK();
++
++ return i;
++}
++
++/*
++ * Lookup a driver by name. We match against the full device
++ * name and unit, and against just the name. The latter gives
++ * us a simple widlcarding by device name. On success return the
++ * driver/hardware identifier; otherwise return -1.
++ */
++int
++crypto_find_driver(const char *match)
++{
++ int i, len = strlen(match);
++ unsigned long d_flags;
++
++ CRYPTO_DRIVER_LOCK();
++ for (i = 0; i < crypto_drivers_num; i++) {
++ device_t dev = crypto_drivers[i].cc_dev;
++ if (dev == NULL ||
++ (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP))
++ continue;
++ if (strncmp(match, device_get_nameunit(dev), len) == 0 ||
++ strncmp(match, device_get_name(dev), len) == 0)
++ break;
++ }
++ CRYPTO_DRIVER_UNLOCK();
++ return i < crypto_drivers_num ? i : -1;
++}
++
++/*
++ * Return the device_t for the specified driver or NULL
++ * if the driver identifier is invalid.
++ */
++device_t
++crypto_find_device_byhid(int hid)
++{
++ struct cryptocap *cap = crypto_checkdriver(hid);
++ return cap != NULL ? cap->cc_dev : NULL;
++}
++
++/*
++ * Return the device/driver capabilities.
++ */
++int
++crypto_getcaps(int hid)
++{
++ struct cryptocap *cap = crypto_checkdriver(hid);
++ return cap != NULL ? cap->cc_flags : 0;
++}
++
++/*
++ * Register support for a key-related algorithm. This routine
++ * is called once for each algorithm supported a driver.
++ */
++int
++crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags)
++{
++ struct cryptocap *cap;
++ int err;
++ unsigned long d_flags;
++
++ dprintk("%s()\n", __FUNCTION__);
++ CRYPTO_DRIVER_LOCK();
++
++ cap = crypto_checkdriver(driverid);
++ if (cap != NULL &&
++ (CRK_ALGORITM_MIN <= kalg && kalg <= CRK_ALGORITHM_MAX)) {
++ /*
++ * XXX Do some performance testing to determine pla...
[truncated message content] |
|
From: <kr...@us...> - 2007-11-08 04:26:14
|
Revision: 1372
http://astlinux.svn.sourceforge.net/astlinux/?rev=1372&view=rev
Author: krisk84
Date: 2007-11-07 20:26:19 -0800 (Wed, 07 Nov 2007)
Log Message:
-----------
multiple astfw fixes and improvements
Modified Paths:
--------------
trunk/package/iptables/astfw
trunk/target/generic/target_skeleton/stat/etc/rc.conf
Modified: trunk/package/iptables/astfw
===================================================================
--- trunk/package/iptables/astfw 2007-11-07 19:57:21 UTC (rev 1371)
+++ trunk/package/iptables/astfw 2007-11-08 04:26:19 UTC (rev 1372)
@@ -134,6 +134,16 @@
fi
+if [ "$EXTOPENSRC" ]
+then
+for i in $EXTOPENSRC
+do
+for j in $EXTIFS
+do
+iptables -A INPUT -m state --state NEW -i $j -s $i -j ACCEPT
+done
+done
+fi
if [ "$EXTOPEN" ]
then
@@ -277,11 +287,11 @@
if [ "$DMZSRC" ]
then
-iptables -t nat -A PREROUTING -i $EXTIF -s "$DMZSRC" -p $PROTOCOL -m $PROTOCOL --dport $PORT -j DNAT --to-destination "$DMZIP":"$PORT"
-iptables -A FORWARD -i $EXTIF -d $DMZIP -s "$DMZSRC" -p $PROTOCOL -m $PROTOCOL --dport $PORT -j ACCEPT
+iptables -t nat -A PREROUTING -i $EXTIF -p $PROTOCOL -m $PROTOCOL --dport $PORT -j DNAT --to-destination "$DMZIP":"$PORT"
+# iptables -A FORWARD -i $EXTIF -d $DMZIP -p $PROTOCOL -m $PROTOCOL --dport $PORT -j ACCEPT
else
iptables -t nat -A PREROUTING -i $EXTIF -p $PROTOCOL -m $PROTOCOL --dport $PORT -j DNAT --to-destination "$DMZIP":"$PORT"
-iptables -A FORWARD -i $EXTIF -d $DMZIP -p $PROTOCOL -m $PROTOCOL --dport $PORT -j ACCEPT
+# iptables -A FORWARD -i $EXTIF -d $DMZIP -p $PROTOCOL -m $PROTOCOL --dport $PORT -j ACCEPT
fi
done
@@ -289,33 +299,54 @@
if [ "$DMZSRC" ]
then
+# Catch the TCP/UDP stuff we need
+for i in $EXTOPEN
+do
-iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s \! "$DMZSRC" -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p udp -i $EXTIF -s \! "$DMZSRC" -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p 47 -i $EXTIF -s \! "$DMZSRC" -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p 50 -i $EXTIF -s \! "$DMZSRC" -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p 51 -i $EXTIF -s \! "$DMZSRC" -j DNAT --to-destination $DMZIP
+if `echo $i | grep -q "u"`
+then
+PROTOCOL=udp
+fi
-iptables -A FORWARD -i $EXTIF -o $IF -s \! "$DMZSRC" -d $DMZIP -m state --state NEW -p tcp -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -s \! "$DMZSRC" -d $DMZIP -m state --state NEW -p udp -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -s \! "$DMZSRC" -d $DMZIP -p 47 -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -s \! "$DMZSRC" -d $DMZIP -p 50 -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -s \! "$DMZSRC" -d $DMZIP -p 51 -j ACCEPT
+if `echo $i | grep -q "t"`
+then
+PROTOCOL=tcp
+fi
+if `echo $i | grep -q "i"`
+then
+PROTOCOL=icmp
+fi
+
+PORT=`echo $i | tr -d itu`
+
+if [ "$PROTOCOL" = "icmp" ]
+then
+iptables -t nat -A PREROUTING -m $PROTOCOL -p $PROTOCOL --icmp-type $PORT -j ACCEPT
else
+iptables -t nat -A PREROUTING -p $PROTOCOL --dport $PORT -i $EXTIF -j ACCEPT
+fi
+done
-iptables -t nat -A PREROUTING -p tcp -i $EXTIF -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p udp -i $EXTIF -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p 47 -i $EXTIF -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p 50 -i $EXTIF -j DNAT --to-destination $DMZIP
-iptables -t nat -A PREROUTING -p 51 -i $EXTIF -j DNAT --to-destination $DMZIP
+# Don't nat anything from DMZSRC ips
+for i in $DMZSRC
+do
+iptables -t nat -A PREROUTING -i $EXTIF -s $i -j ACCEPT
+done
-iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -m state --state NEW -p tcp -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -m state --state NEW -p udp -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -p 47 -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -p 50 -j ACCEPT
-iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -p 51 -j ACCEPT
+# DNAT everything else
+iptables -t nat -A PREROUTING -i $EXTIF -j DNAT --to-destination $DMZIP
+# Pass it
+iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -j ACCEPT
+
+else
+# DNAT everything else
+iptables -t nat -A PREROUTING -j DNAT --to-destination $DMZIP
+
+# Pass it
+iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -j ACCEPT
+
fi
fi
Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf
===================================================================
--- trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-11-07 19:57:21 UTC (rev 1371)
+++ trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-11-08 04:26:19 UTC (rev 1372)
@@ -274,6 +274,12 @@
##t= tcp u= udp
#EXTOPEN="t22 u4569"
+##EXTOPENSRC
+##We will allow any traffic from these IP addresses. As usual, multiple entries
+##can be specified using spaces. Standard iptables netmask and CIDR notation is
+##accepted.
+#EXTOPENSRC="4.2.2.1 4.2.2.2"
+
##MASQPORTS
##By default the Linux kernel will attempt to use the same source and destination port
##for a MASQUERADED connection as long as it is above 1023. This option allows you to
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-11-19 18:36:08
|
Revision: 1380
http://astlinux.svn.sourceforge.net/astlinux/?rev=1380&view=rev
Author: krisk84
Date: 2007-11-19 10:36:03 -0800 (Mon, 19 Nov 2007)
Log Message:
-----------
don't start interfaces if they are configured as none, dnsmasq init fix
Modified Paths:
--------------
trunk/package/dnsmasq/dnsmasq.init
trunk/package/iptables/astfw
trunk/target/generic/target_skeleton/etc/init.d/network
Modified: trunk/package/dnsmasq/dnsmasq.init
===================================================================
--- trunk/package/dnsmasq/dnsmasq.init 2007-11-16 21:58:04 UTC (rev 1379)
+++ trunk/package/dnsmasq/dnsmasq.init 2007-11-19 18:36:03 UTC (rev 1380)
@@ -18,17 +18,17 @@
touch /var/db/dnsmasq.leases
fi
-if [ "$INTIF" -a "$INTIP" ]
+if [ "$INTIF" -a "$INTIP" -a ! "$INTIF" = "none" ]
then
LANIPBASE=`echo $INTIP | cut -d. -f1-3`
fi
-if [ "$INT2IF" -a "$INT2IP" ]
+if [ "$INT2IF" -a "$INT2IP" -a ! "$INT2IF" = "none" ]
then
LAN2IPBASE=`echo $INT2IP | cut -d. -f1-3`
fi
-if [ "$INT3IF" -a "$INT3IP" ]
+if [ "$INT3IF" -a "$INT3IP" -a ! "$INT3IF" = "none" ]
then
LAN3IPBASE=`echo $INT3IP | cut -d. -f1-3`
fi
@@ -162,7 +162,7 @@
echo "# Create /mnt/kd/dnsmasq.static to specify additional settings." >> /tmp/etc/dnsmasq.conf
# read static mappings from a file
-if [ -e /mnt/kd/dnsmasq.static ]
+if [ -r /mnt/kd/dnsmasq.static ]
then
echo "conf-file=/mnt/kd/dnsmasq.static" >> /tmp/etc/dnsmasq.conf
fi
Modified: trunk/package/iptables/astfw
===================================================================
--- trunk/package/iptables/astfw 2007-11-16 21:58:04 UTC (rev 1379)
+++ trunk/package/iptables/astfw 2007-11-19 18:36:03 UTC (rev 1380)
@@ -9,17 +9,17 @@
DACTION=DROP
fi
-if [ "$INTIF" ]
+if [ "$INTIF" -a ! "$INTIF" = "none" ]
then
IPBASE=`echo $INTIP | cut -d. -f1-3`
fi
-if [ "$INT2IF" ]
+if [ "$INT2IF" -a ! "$INT2IF" = "none" ]
then
IP2BASE=`echo $INT2IP | cut -d. -f1-3`
fi
-if [ "$INT3IF" ]
+if [ "$INT3IF" -a ! "$INT3IF" = "none" ]
then
IP3BASE=`echo $INT3IP | cut -d. -f1-3`
fi
@@ -59,17 +59,17 @@
#Allow INPUT from INTIF
-if [ "$INTIF" ]
+if [ "$INTIF" -a ! "$INTIF" = "none" ]
then
iptables -A INPUT -i $INTIF -j ACCEPT
fi
-if [ "$INT2IF" ]
+if [ "$INT2IF" -a ! "$INT2IF" = "none" ]
then
iptables -A INPUT -i $INT2IF -j ACCEPT
fi
-if [ "$INT3IF" ]
+if [ "$INT3IF" -a ! "$INT3IF" = "none" ]
then
iptables -A INPUT -i $INT3IF -j ACCEPT
fi
@@ -94,7 +94,7 @@
fi
#DMZ Support
-if [ "$DMZIF" ]
+if [ "$DMZIF" -a ! "$DMZIF" = "none" ]
then
for i in $EXTIFS
@@ -187,17 +187,17 @@
for i in $EXTIFS
do
-if [ "$INTIF" ]
+if [ "$INTIF" -a ! "$INTIF" = "none" ]
then
iptables -A FORWARD -i $INTIF -o $i -j ACCEPT
fi
-if [ "$INT2IF" ]
+if [ "$INT2IF" -a ! "$INT2IF" = "none" ]
then
iptables -A FORWARD -i $INT2IF -o $i -j ACCEPT
fi
-if [ "$INT3IF" ]
+if [ "$INT3IF" -a ! "$INT3IF" = "none" ]
then
iptables -A FORWARD -i $INT3IF -o $i -j ACCEPT
fi
@@ -393,7 +393,7 @@
for i in $EXTIFS
do
-if [ "$INTIF" -a "$INTIFNAT" = "on" ]
+if [ "$INTIF" -a "$INTIFNAT" = "on" -a ! "$INTIF" = "none" ]
then
if [ "$MASQPORTS" ]
then
@@ -403,7 +403,7 @@
iptables -t nat -A POSTROUTING -s $IPBASE.0/$INTNM -o $i -j MASQUERADE
fi
-if [ "$INT2IF" -a "$INT2IFNAT" = "on" ]
+if [ "$INT2IF" -a "$INT2IFNAT" = "on" -a ! "$INT2IF" = "none" ]
then
if [ "$MASQPORTS" ]
then
@@ -414,7 +414,7 @@
fi
-if [ "$INT3IF" -a "$INT3IFNAT" = "on" ]
+if [ "$INT3IF" -a "$INT3IFNAT" = "on" -a ! "$INT3IF" = "none" ]
then
if [ "$MASQPORTS" ]
then
Modified: trunk/target/generic/target_skeleton/etc/init.d/network
===================================================================
--- trunk/target/generic/target_skeleton/etc/init.d/network 2007-11-16 21:58:04 UTC (rev 1379)
+++ trunk/target/generic/target_skeleton/etc/init.d/network 2007-11-19 18:36:03 UTC (rev 1380)
@@ -186,23 +186,23 @@
done
fi
-if [ "$INTIF" -a "$INTIP" -a "$INTNM" ]
+if [ "$INTIF" -a "$INTIP" -a "$INTNM" -a ! "$INTIF" = "none" ]
then
echo "Bringing up $INTIF as $INTIP"
ifconfig "$INTIF" "$INTIP" netmask "$INTNM"
fi
-if [ "$INT2IF" -a "$INT2IP" -a "$INT2NM" ]
+if [ "$INT2IF" -a "$INT2IP" -a "$INT2NM" -a ! "$INT2IF" = "none" ]
then
ifconfig "$INT2IF" "$INT2IP" netmask "$INT2NM"
fi
-if [ "$INT3IF" -a "$INT3IP" -a "$INT3NM" ]
+if [ "$INT3IF" -a "$INT3IP" -a "$INT3NM" -a ! "$INT3IF" = "none" ]
then
ifconfig "$INT3IF" "$INT3IP" netmask "$INT3NM"
fi
-if [ "$EXTIF" -a "$EXTIFMAC" ]
+if [ "$EXTIF" -a "$EXTIFMAC" -a ! "$EXTIF" = "none" ]
then
ifconfig $EXTIF hw ether $EXTIFMAC 2>/dev/null
fi
@@ -354,7 +354,7 @@
fi
##DMZ Network
-if [ "$DMZIF" -a "$DMZIP" -a "$DMZNM" ]
+if [ "$DMZIF" -a "$DMZIP" -a "$DMZNM" -a ! "$DMZIF" = "none" ]
then
echo "Bringing up $DMZIF as $DMZIP"
ifconfig "$DMZIF" "$DMZIP" netmask "$DMZNM"
@@ -362,31 +362,31 @@
}
stop () {
-if [ "$EXTIF" ]
+if [ "$EXTIF" -a ! "$EXTIF" = "none" ]
then
echo "Bringing down $EXTIF ..."
ifconfig "$EXTIF" down
fi
-if [ "$INTIF" ]
+if [ "$INTIF" -a ! "$EXTIF" = "none" ]
then
echo "Bringing down $INTIF ..."
ifconfig "$INTIF" down
fi
-if [ "$INT2IF" ]
+if [ "$INT2IF" -a ! "$INT2IF" = "none" ]
then
echo "Bringing down $INT2IF ..."
ifconfig "$INT2IF" down
fi
-if [ "$INT3IF" ]
+if [ "$INT3IF" -a ! "$INT3IF" = "none" ]
then
echo "Bringing down $INT3IF ..."
ifconfig "$INT3IF" down
fi
-if [ "$DMZIF" ]
+if [ "$DMZIF" -a ! "$DMZIF" = "none"]
then
echo "Bringing down $DMZIF ..."
ifconfig "$DMZIF" down
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2007-11-29 15:50:13
|
Revision: 1412
http://astlinux.svn.sourceforge.net/astlinux/?rev=1412&view=rev
Author: krisk84
Date: 2007-11-29 07:50:10 -0800 (Thu, 29 Nov 2007)
Log Message:
-----------
support for ASTVERBOSE rc.conf setting
Modified Paths:
--------------
trunk/package/asterisk/asterisk.init
trunk/target/generic/target_skeleton/stat/etc/rc.conf
Modified: trunk/package/asterisk/asterisk.init
===================================================================
--- trunk/package/asterisk/asterisk.init 2007-11-28 19:28:25 UTC (rev 1411)
+++ trunk/package/asterisk/asterisk.init 2007-11-29 15:50:10 UTC (rev 1412)
@@ -147,6 +147,11 @@
asterisk -p
fi
+if [ "$ASTVERBOSE" ]
+then
+asterisk -rx "set verbose $ASTVERBOSE" > /dev/null
+fi
+
if [ "$ASTG729" ]
then
G729MODULE=$ASTG729
Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf
===================================================================
--- trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-11-28 19:28:25 UTC (rev 1411)
+++ trunk/target/generic/target_skeleton/stat/etc/rc.conf 2007-11-29 15:50:10 UTC (rev 1412)
@@ -488,6 +488,11 @@
#ASTMANPROXY_USER="admin"
#ASTMANPROXY_PASS="password"
+##Asterisk Verbose Logging Support
+##This will automatically set the verbosity level after Asterisk
+##starts up.
+#ASTVERBOSE="15"
+
##Asterisk G729 Support
##I added code to the init script to support auto detection and loading
##of different G729 modules based on CPU type. If you don't define this
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2008-01-04 23:32:16
|
Revision: 1482
http://astlinux.svn.sourceforge.net/astlinux/?rev=1482&view=rev
Author: krisk84
Date: 2008-01-04 15:32:19 -0800 (Fri, 04 Jan 2008)
Log Message:
-----------
add oslec, cleanup zaptel - needs some work
Modified Paths:
--------------
trunk/astlinux.config
trunk/package/zaptel/Config.in
trunk/package/zaptel/zaptel.mk
Added Paths:
-----------
trunk/package/oslec/
trunk/package/oslec/oslec.mk
Modified: trunk/astlinux.config
===================================================================
--- trunk/astlinux.config 2008-01-04 20:47:53 UTC (rev 1481)
+++ trunk/astlinux.config 2008-01-04 23:32:19 UTC (rev 1482)
@@ -365,6 +365,7 @@
# BR2_PACKAGE_XFSPROGS is not set
# BR2_PACKAGE_XORG is not set
BR2_PACKAGE_ZAPTEL=y
+BR2_PACKAGE_ZAPTEL_OSLEC=y
BR2_PACKAGE_ZLIB=y
# BR2_PACKAGE_ZLIB_TARGET_HEADERS is not set
BR2_PACKAGE_ZONEINFO=y
Added: trunk/package/oslec/oslec.mk
===================================================================
--- trunk/package/oslec/oslec.mk (rev 0)
+++ trunk/package/oslec/oslec.mk 2008-01-04 23:32:19 UTC (rev 1482)
@@ -0,0 +1,62 @@
+#############################################################
+#
+# oslec
+#
+##############################################################
+OSLEC_VERSION := 1255
+OSLEC_SOURCE:= oslec-$(OSLEC_VERSION)
+OSLEC_SITE := http://svn.astfin.org/software/oslec/trunk
+OSLEC_DIR := $(BUILD_DIR)/oslec-$(OSLEC_VERSION)
+OSLEC_BINARY := kernel/oslec.ko
+OSLEC_TARGET_BINARY := lib/modules/2.6.20.21-astlinux/misc/oslec.ko
+
+OSLEC_TARGET_ARCH:=i386
+
+$(DL_DIR)/$(OSLEC_SOURCE)/.gotsvn:
+ svn co -r $(OSLEC_VERSION) $(OSLEC_SITE) $(DL_DIR)/$(OSLEC_SOURCE)
+ touch $(DL_DIR)/$(OSLEC_SOURCE)/.gotsvn
+
+$(OSLEC_DIR)/.source: $(DL_DIR)/$(OSLEC_SOURCE)/.gotsvn
+ cp -a $(DL_DIR)/$(OSLEC_SOURCE) $(OSLEC_DIR)
+ toolchain/patch-kernel.sh $(OSLEC_DIR) package/oslec/ oslec\*.patch
+ touch $(OSLEC_DIR)/.source
+
+$(OSLEC_DIR)/$(OSLEC_BINARY): $(OSLEC_DIR)/.source
+ $(MAKE) -C $(OSLEC_DIR)/kernel CC=$(TARGET_CC) $(ARCH)=$(OSLEC_TARGET_ARCH) \
+ UNAME=$(LINUX_VERSION) KDIR=$(LINUX_DIR) PWD=$(OSLEC_DIR)/kernel
+
+$(TARGET_DIR)/$(OSLEC_TARGET_BINARY): $(OSLEC_DIR)/$(OSLEC_BINARY)
+ $(INSTALL) -D -m 0644 $(OSLEC_DIR)/$(OSLEC_BINARY) $(TARGET_DIR)/$(OSLEC_TARGET_BINARY)
+ $(INSTALL) -D -m 0755 $(OSLEC_DIR)/kernel/oslec-ctrl-panel.sh \
+ $(TARGET_DIR)/sbin/oslec-ctrl-panel.sh
+ -$(STRIP) $(TARGET_DIR)/$(OSLEC_TARGET_BINARY)
+ $(DEPMOD) -ae -F $(LINUX_DIR)/System.map -b $(TARGET_DIR) -r $(LINUX_VERSION)
+
+$(ZAPTEL_DIR)/.oslecpatch: $(OSLEC_DIR)/.source zaptel-unpack
+ patch -N -p1 -d $(ZAPTEL_DIR) < $(OSLEC_DIR)/kernel/zaptel-$(ZAPTEL_VERSION).patch
+ -cp $(OSLEC_DIR)/kernel/dir/Module.symvers $(ZAPTEL_DIR)/Module.symvers
+ touch $(ZAPTEL_DIR)/.oslecpatch
+
+oslec: uclibc linux $(ZAPTEL_DIR)/.oslecpatch $(TARGET_DIR)/$(OSLEC_TARGET_BINARY)
+
+oslec-source: $(DL_DIR)/$(OSLEC_SOURCE)
+
+oslec-clean:
+ rm -rf $(TARGET_DIR)/$(OSLEC_TARGET_BINARY)
+ rm -rf $(TARGET_DIR)/sbin/oslec-ctrl-panel.sh
+ -patch -RN -p1 -d $(ZAPTEL_DIR) < $(OSLEC_DIR)/kernel/zaptel-$(ZAPTEL_VERSION).patch
+ $(DEPMOD) -ae -F $(LINUX_DIR)/System.map -b $(BUILD_DIR)/root -r $(LINUX_VERSION)
+ -$(MAKE) -C $(OSLEC_DIR)/kernel CC=$(TARGET_CC) $(ARCH)=$(OSLEC_TARGET_ARCH) \
+ UNAME=$(LINUX_VERSION) KDIR=$(LINUX_DIR) PWD=$(OSLEC_DIR)/kernel clean
+
+oslec-dirclean:
+ rm -rf $(OSLEC_DIR)
+
+#############################################################
+#
+# Toplevel Makefile options
+#
+#############################################################
+ifeq ($(strip $(BR2_PACKAGE_ZAPTEL_OSLEC)),y)
+TARGETS+=oslec
+endif
Modified: trunk/package/zaptel/Config.in
===================================================================
--- trunk/package/zaptel/Config.in 2008-01-04 20:47:53 UTC (rev 1481)
+++ trunk/package/zaptel/Config.in 2008-01-04 23:32:19 UTC (rev 1482)
@@ -8,3 +8,12 @@
for use with Asterisk:
http://www.asterisk.org
+
+config BR2_PACKAGE_ZAPTEL_OSLEC
+ bool "oslec"
+ default y
+ depends on BR2_PACKAGE_ZAPTEL
+ help
+ Open Source Line Echo Canceller - improved echo can for zaptel
+
+ http://www.rowetel.com/ucasterisk/oslec.html
Modified: trunk/package/zaptel/zaptel.mk
===================================================================
--- trunk/package/zaptel/zaptel.mk 2008-01-04 20:47:53 UTC (rev 1481)
+++ trunk/package/zaptel/zaptel.mk 2008-01-04 23:32:19 UTC (rev 1482)
@@ -11,33 +11,21 @@
ZAPTEL_TARGET_BINARY := sbin/ztcfg
PERLLIBDIR := $(shell eval `perl -V:sitelib`; echo "$$sitelib")
-LINUX_VER=$(LINUX_VERSION)
-
ifeq ($(strip $(BR2_PACKAGE_WANPIPE)),y)
-ZAPWAN=wanpipe
+ZAPEXTRAS=wanpipe
endif
+ifeq ($(strip $(BR2_PACKAGE_ZAPTEL_OSLEC)),y)
+ZAPEXTRAS+=oslec
+endif
+
ZAPTEL_TARGET_ARCH:=i386
-#ZAPTEL_TARGET_ARCH:=$(shell echo $(ARCH) | sed -e s'/-.*//' \
-# -e 's/i.86/i386/' \
-# -e 's/sparc.*/sparc/' \
-# -e 's/arm.*/arm/g' \
-# -e 's/m68k.*/m68k/' \
-# -e 's/ppc/powerpc/g' \
-# -e 's/v850.*/v850/g' \
-# -e 's/sh[234].*/sh/' \
-# -e 's/mips.*/mips/' \
-# -e 's/mipsel.*/mips/' \
-# -e 's/cris.*/cris/' \
-# -e 's/nios2.*/nios2/' \
-#)
$(DL_DIR)/$(ZAPTEL_SOURCE):
$(WGET) -P $(DL_DIR) $(ZAPTEL_SITE)/$(ZAPTEL_SOURCE)
$(ZAPTEL_DIR)/.source: $(DL_DIR)/$(ZAPTEL_SOURCE)
zcat $(DL_DIR)/$(ZAPTEL_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
- ln -sf $(ZAPTEL_DIR) $(BUILD_DIR)/zaptel
ifeq ($(strip $(BR2_TARGET_RT)),y)
toolchain/patch-kernel.sh $(ZAPTEL_DIR) package/zaptel/ rt\*.patch
endif
@@ -63,25 +51,25 @@
$(ZAPTEL_DIR)/$(ZAPTEL_BINARY): $(ZAPTEL_DIR)/.configured
$(MAKE) -C $(ZAPTEL_DIR) HOSTCC=gcc CC=$(TARGET_CC) DEB_HOST_GNU_TYPE=$(ZAPTEL_TARGET_ARCH) \
- KVERS=$(LINUX_VER) KSRC=$(LINUX_DIR) PWD=$(ZAPTEL_DIR) modules programs
+ KVERS=$(LINUX_VERSION) KSRC=$(LINUX_DIR) PWD=$(ZAPTEL_DIR) modules programs
$(TARGET_DIR)/$(ZAPTEL_TARGET_BINARY): $(ZAPTEL_DIR)/$(ZAPTEL_BINARY)
mkdir -p $(TARGET_DIR)/$(PERLLIBDIR)
$(MAKE1) -C $(ZAPTEL_DIR) HOSTCC=gcc CC=$(TARGET_CC) DEB_HOST_GNU_TYPE=$(ZAPTEL_TARGET_ARCH) \
- DESTDIR=$(STAGING_DIR) KVERS=$(LINUX_VER) KSRC=$(LINUX_DIR) PWD=$(ZAPTEL_DIR) \
+ DESTDIR=$(STAGING_DIR) KVERS=$(LINUX_VERSION) KSRC=$(LINUX_DIR) PWD=$(ZAPTEL_DIR) \
install-libs install-include
$(MAKE1) -C $(ZAPTEL_DIR) HOSTCC=gcc CC=$(TARGET_CC) DEB_HOST_GNU_TYPE=$(ZAPTEL_TARGET_ARCH) \
- DESTDIR=$(TARGET_DIR) KVERS=$(LINUX_VER) KSRC=$(LINUX_DIR) PWD=$(ZAPTEL_DIR) \
+ DESTDIR=$(TARGET_DIR) KVERS=$(LINUX_VERSION) KSRC=$(LINUX_DIR) PWD=$(ZAPTEL_DIR) \
install-programs install-libs install-modules
-rm -rf $(TARGET_DIR)/usr/include
-rm -f $(TARGET_DIR)/usr/lib/*.a
-rm -rf $(TARGET_DIR)/$(PERLLIBDIR)
-$(STRIP) $(TARGET_DIR)/sbin/zt* $(TARGET_DIR)/usr/lib/libtone*
- $(DEPMOD) -ae -F $(LINUX_DIR)/System.map -b $(TARGET_DIR) -r $(LINUX_VER)
+ $(DEPMOD) -ae -F $(LINUX_DIR)/System.map -b $(TARGET_DIR) -r $(LINUX_VERSION)
$(INSTALL) -D -m 755 package/zaptel/zaptel.init $(TARGET_DIR)/etc/init.d/zaptel
ln -sf /tmp/etc/zaptel.conf $(TARGET_DIR)/etc/zaptel.conf
-zaptel: uclibc newt $(TARGET_DIR)/$(ZAPTEL_TARGET_BINARY)
+zaptel: uclibc newt $(ZAPEXTRAS) $(TARGET_DIR)/$(ZAPTEL_TARGET_BINARY)
zaptel-source: $(DL_DIR)/$(ZAPTEL_SOURCE)
@@ -91,15 +79,13 @@
rm -Rf $(STAGING_DIR)/include/zaptel.h
rm -Rf $(STAGING_DIR)/usr/include/zaptel.h
rm -Rf $(TARGET_DIR)/lib/libtone*
- rm -Rf $(STAGING_DIR)/lib/modules/$(LINUX_VER)/misc
- $(DEPMOD) -ae -F $(LINUX_DIR)/System.map -b $(BUILD_DIR)/root -r $(LINUX_VER)
- rm $(BUILD_DIR)/zaptel
- -$(MAKE) -C $(ZAPTEL_DIR) -C $(ZAPTEL_DIR) HOSTCC=gcc CC=$(TARGET_CC) DEB_HOST_GNU_TYPE=$(ZAPTEL_TARGET_ARCH) \
- INSTALL_PREFIX=$(STAGING_DIR) KVERS=$(LINUX_VER) KSRC=$(LINUX_DIR) clean
+ rm -Rf $(STAGING_DIR)/lib/modules/$(LINUX_VERSION)/misc
+ $(DEPMOD) -ae -F $(LINUX_DIR)/System.map -b $(BUILD_DIR)/root -r $(LINUX_VERSION)
+ #-$(MAKE) -C $(ZAPTEL_DIR) -C $(ZAPTEL_DIR) HOSTCC=gcc CC=$(TARGET_CC) DEB_HOST_GNU_TYPE=$(ZAPTEL_TARGET_ARCH) \
+ #INSTALL_PREFIX=$(STAGING_DIR) KVERS=$(LINUX_VERSION) KSRC=$(LINUX_DIR) clean
zaptel-dirclean:
rm -rf $(ZAPTEL_DIR)
- rm $(BUILD_DIR)/zaptel
#############################################################
#
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2008-01-07 16:46:29
|
Revision: 1487
http://astlinux.svn.sourceforge.net/astlinux/?rev=1487&view=rev
Author: krisk84
Date: 2008-01-07 08:46:21 -0800 (Mon, 07 Jan 2008)
Log Message:
-----------
upgrade to busybox 1.8.2
Modified Paths:
--------------
trunk/package/busybox/busybox-astlinux.config
trunk/package/busybox/busybox.mk
trunk/target/initrd/busybox.config
Added Paths:
-----------
trunk/package/busybox/busybox-1.8.2-arping.patch
trunk/package/busybox/busybox-1.8.2-static.patch
trunk/package/busybox/busybox-1.8.2-vi.patch
Removed Paths:
-------------
trunk/package/busybox/busybox-1.4.1-binhex.patch
trunk/package/busybox/busybox-1.4.1-etherwake.patch
trunk/package/busybox/busybox-1.4.1-iproute.patch
trunk/package/busybox/busybox-1.4.1-tar_t.patch
trunk/package/busybox/busybox-1.4.1-trylink.patch
trunk/package/busybox/busybox-1.4.1-wgetSEGV.patch
Deleted: trunk/package/busybox/busybox-1.4.1-binhex.patch
===================================================================
--- trunk/package/busybox/busybox-1.4.1-binhex.patch 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox-1.4.1-binhex.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,24 +0,0 @@
---- busybox-1.4.1/include/libbb.h Wed Jan 24 22:34:48 2007
-+++ busybox-1.4.1-binhex/include/libbb.h Sat Jan 27 00:32:01 2007
-@@ -690,7 +690,7 @@
- extern const char bb_msg_standard_output[];
-
- extern const char bb_str_default[];
--/* NB: (bb_hexdigits_upcase[i] | 0x10) -> lowercase hex digit */
-+/* NB: (bb_hexdigits_upcase[i] | 0x20) -> lowercase hex digit */
- extern const char bb_hexdigits_upcase[];
-
- extern const char bb_path_mtab_file[];
---- busybox-1.4.1/libbb/xfuncs.c Wed Jan 24 22:49:25 2007
-+++ busybox-1.4.1-binhex/libbb/xfuncs.c Sat Jan 27 00:32:01 2007
-@@ -340,8 +340,8 @@
- while (count) {
- unsigned char c = *cp++;
- /* put lowercase hex digits */
-- *p++ = 0x10 | bb_hexdigits_upcase[c >> 4];
-- *p++ = 0x10 | bb_hexdigits_upcase[c & 0xf];
-+ *p++ = 0x20 | bb_hexdigits_upcase[c >> 4];
-+ *p++ = 0x20 | bb_hexdigits_upcase[c & 0xf];
- count--;
- }
- return p;
Deleted: trunk/package/busybox/busybox-1.4.1-etherwake.patch
===================================================================
--- trunk/package/busybox/busybox-1.4.1-etherwake.patch 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox-1.4.1-etherwake.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,11 +0,0 @@
---- busybox-1.4.1.orig/networking/ether-wake.c 2007-01-24 16:34:34.000000000 -0500
-+++ busybox-1.4.1/networking/ether-wake.c 2007-02-07 00:49:29.000000000 -0500
-@@ -223,8 +223,6 @@
- #if !defined(__UCLIBC__)
- } else if (ether_hostton(hostid, eaddr) == 0) {
- bb_debug_msg("Station address for hostname %s is %s\n\n", hostid, ether_ntoa(eaddr));
--#else
--# warning Need to implement ether_hostton() for uClibc
- #endif
- } else
- bb_show_usage();
Deleted: trunk/package/busybox/busybox-1.4.1-iproute.patch
===================================================================
--- trunk/package/busybox/busybox-1.4.1-iproute.patch 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox-1.4.1-iproute.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,71 +0,0 @@
-diff -urN busybox-1.4.1/networking/ip.c busybox-1.4.1-iproute/networking/ip.c
---- busybox-1.4.1/networking/ip.c 2007-01-24 22:34:34.000000000 +0100
-+++ busybox-1.4.1-iproute/networking/ip.c 2007-01-27 14:07:05.000000000 +0100
-@@ -33,8 +33,9 @@
- if (ENABLE_FEATURE_IP_LINK && matches(argv[1], "link") == 0) {
- ret = do_iplink(argc-2, argv+2);
- }
-- if (ENABLE_FEATURE_IP_TUNNEL &&
-- (matches(argv[1], "tunnel") == 0 || strcmp(argv[1], "tunl") == 0)) {
-+ if (ENABLE_FEATURE_IP_TUNNEL
-+ && (matches(argv[1], "tunnel") == 0 || strcmp(argv[1], "tunl") == 0)
-+ ) {
- ret = do_iptunnel(argc-2, argv+2);
- }
- if (ENABLE_FEATURE_IP_RULE && matches(argv[1], "rule") == 0) {
-diff -urN busybox-1.4.1/networking/libiproute/iproute.c busybox-1.4.1-iproute/networking/libiproute/iproute.c
---- busybox-1.4.1/networking/libiproute/iproute.c 2007-01-24 22:34:33.000000000 +0100
-+++ busybox-1.4.1-iproute/networking/libiproute/iproute.c 2007-01-27 14:07:05.000000000 +0100
-@@ -835,9 +835,11 @@
-
- int do_iproute(int argc, char **argv)
- {
-- static const char * const ip_route_commands[] =
-- { "add", "append", "change", "chg", "delete", "get",
-- "list", "show", "prepend", "replace", "test", "flush", 0 };
-+ static const char * const ip_route_commands[] = {
-+ /*0-3*/ "add", "append", "change", "chg",
-+ /*4-7*/ "delete", "get", "list", "show",
-+ /*8..*/ "prepend", "replace", "test", "flush", 0
-+ };
- int command_num = 6;
- unsigned int flags = 0;
- int cmd = RTM_NEWROUTE;
-@@ -848,7 +850,7 @@
- command_num = index_in_substr_array(ip_route_commands, *argv);
- }
- switch (command_num) {
-- case 0: /* add*/
-+ case 0: /* add */
- flags = NLM_F_CREATE|NLM_F_EXCL;
- break;
- case 1: /* append */
-@@ -859,21 +861,20 @@
- flags = NLM_F_REPLACE;
- break;
- case 4: /* delete */
-- case 5: /* del */
- cmd = RTM_DELROUTE;
- break;
-- case 6: /* get */
-+ case 5: /* get */
- return iproute_get(argc-1, argv+1);
-- case 7: /* list */
-- case 8: /* show */
-+ case 6: /* list */
-+ case 7: /* show */
- return iproute_list_or_flush(argc-1, argv+1, 0);
-- case 9: /* prepend */
-+ case 8: /* prepend */
- flags = NLM_F_CREATE;
-- case 10: /* replace */
-+ case 9: /* replace */
- flags = NLM_F_CREATE|NLM_F_REPLACE;
-- case 11: /* test */
-+ case 10: /* test */
- flags = NLM_F_EXCL;
-- case 12: /* flush */
-+ case 11: /* flush */
- return iproute_list_or_flush(argc-1, argv+1, 1);
- default:
- bb_error_msg_and_die("unknown command %s", *argv);
Deleted: trunk/package/busybox/busybox-1.4.1-tar_t.patch
===================================================================
--- trunk/package/busybox/busybox-1.4.1-tar_t.patch 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox-1.4.1-tar_t.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,76 +0,0 @@
---- busybox-1.4.1/archival/tar.c Wed Jan 24 22:49:25 2007
-+++ busybox-1.4.1-tar_t/archival/tar.c Sun Feb 25 21:50:35 2007
-@@ -760,7 +760,9 @@
- const char *tar_filename = "-";
- unsigned opt;
- int verboseFlag = 0;
-+#if ENABLE_FEATURE_TAR_LONG_OPTIONS && ENABLE_FEATURE_TAR_FROM
- llist_t *excludes = NULL;
-+#endif
-
- /* Initialise default values */
- tar_handle = init_handle();
-@@ -773,7 +775,9 @@
- "tt:vv:" // count -t,-v
- "?:" // bail out with usage instead of error return
- "X::T::" // cumulative lists
-+#if ENABLE_FEATURE_TAR_LONG_OPTIONS && ENABLE_FEATURE_TAR_FROM
- "\xff::" // cumulative lists for --exclude
-+#endif
- USE_FEATURE_TAR_CREATE("c:") "t:x:" // at least one of these is reqd
- USE_FEATURE_TAR_CREATE("c--tx:t--cx:x--ct") // mutually exclusive
- SKIP_FEATURE_TAR_CREATE("t--x:x--t"); // mutually exclusive
-@@ -788,14 +792,15 @@
- USE_FEATURE_TAR_FROM( "T:X:")
- USE_FEATURE_TAR_GZIP( "z" )
- USE_FEATURE_TAR_COMPRESS("Z" )
-- ,
-- &base_dir, // -C dir
-- &tar_filename, // -f filename
-- USE_FEATURE_TAR_FROM(&(tar_handle->accept),) // T
-- USE_FEATURE_TAR_FROM(&(tar_handle->reject),) // X
-- USE_FEATURE_TAR_FROM(&excludes ,) // --exclude
-- &verboseFlag, // combined count for -t and -v
-- &verboseFlag // combined count for -t and -v
-+ , &base_dir // -C dir
-+ , &tar_filename // -f filename
-+ USE_FEATURE_TAR_FROM(, &(tar_handle->accept)) // T
-+ USE_FEATURE_TAR_FROM(, &(tar_handle->reject)) // X
-+#if ENABLE_FEATURE_TAR_LONG_OPTIONS && ENABLE_FEATURE_TAR_FROM
-+ , &excludes // --exclude
-+#endif
-+ , &verboseFlag // combined count for -t and -v
-+ , &verboseFlag // combined count for -t and -v
- );
-
- if (verboseFlag) tar_handle->action_header = header_verbose_list;
-@@ -828,17 +833,19 @@
- if (opt & OPT_COMPRESS)
- get_header_ptr = get_header_tar_Z;
-
-- if (ENABLE_FEATURE_TAR_FROM) {
-- tar_handle->reject = append_file_list_to_list(tar_handle->reject);
-- /* Append excludes to reject */
-- while (excludes) {
-- llist_t *temp = excludes->link;
-- excludes->link = tar_handle->reject;
-- tar_handle->reject = excludes;
-- excludes = temp;
-- }
-- tar_handle->accept = append_file_list_to_list(tar_handle->accept);
-+#if ENABLE_FEATURE_TAR_FROM
-+ tar_handle->reject = append_file_list_to_list(tar_handle->reject);
-+#if ENABLE_FEATURE_TAR_LONG_OPTIONS
-+ /* Append excludes to reject */
-+ while (excludes) {
-+ llist_t *next = excludes->link;
-+ excludes->link = tar_handle->reject;
-+ tar_handle->reject = excludes;
-+ excludes = next;
- }
-+#endif
-+ tar_handle->accept = append_file_list_to_list(tar_handle->accept);
-+#endif
-
- /* Check if we are reading from stdin */
- if (argv[optind] && *argv[optind] == '-') {
Deleted: trunk/package/busybox/busybox-1.4.1-trylink.patch
===================================================================
--- trunk/package/busybox/busybox-1.4.1-trylink.patch 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox-1.4.1-trylink.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,14 +0,0 @@
-diff -ur busybox-1.4.1.orig/scripts/trylink busybox-1.4.1/scripts/trylink
---- busybox-1.4.1.orig/scripts/trylink 2007-01-24 16:34:36.000000000 -0500
-+++ busybox-1.4.1/scripts/trylink 2007-04-18 00:57:03.000000000 -0400
-@@ -1,8 +1,8 @@
--#!/bin/sh
-+#!/bin/bash
-
- debug=false
-
--function try {
-+try () {
- added="$1"
- shift
- $debug && echo "Trying: $* $added"
Deleted: trunk/package/busybox/busybox-1.4.1-wgetSEGV.patch
===================================================================
--- trunk/package/busybox/busybox-1.4.1-wgetSEGV.patch 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox-1.4.1-wgetSEGV.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,14 +0,0 @@
-diff -urN busybox-1.4.1/networking/wget.c busybox-1.4.1-wgetSEGV/networking/wget.c
---- busybox-1.4.1/networking/wget.c 2007-01-24 22:34:34.000000000 +0100
-+++ busybox-1.4.1-wgetSEGV/networking/wget.c 2007-02-11 17:21:18.000000000 +0100
-@@ -543,7 +543,9 @@
- p = strchr(h->host, '?'); if (!sp || (p && sp > p)) sp = p;
- p = strchr(h->host, '#'); if (!sp || (p && sp > p)) sp = p;
- if (!sp) {
-- h->path = "";
-+ /* must be writable because of bb_get_last_path_component() */
-+ static char nullstr[] = "";
-+ h->path = nullstr;
- } else if (*sp == '/') {
- *sp = '\0';
- h->path = sp + 1;
Added: trunk/package/busybox/busybox-1.8.2-arping.patch
===================================================================
--- trunk/package/busybox/busybox-1.8.2-arping.patch (rev 0)
+++ trunk/package/busybox/busybox-1.8.2-arping.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -0,0 +1,13 @@
+diff -urN busybox-1.8.2/networking/arping.c busybox-1.8.2-arping/networking/arping.c
+--- busybox-1.8.2/networking/arping.c 2007-11-10 01:40:47.000000000 +0000
++++ busybox-1.8.2-arping/networking/arping.c 2007-12-18 10:31:55.000000000 +0000
+@@ -207,7 +207,8 @@
+ }
+
+ if (last) {
+- printf(" %u.%03ums\n", last / 1000, last % 1000);
++ unsigned diff = MONOTONIC_US() - last;
++ printf(" %u.%03ums\n", diff / 1000, diff % 1000);
+ } else {
+ printf(" UNSOLICITED?\n");
+ }
Added: trunk/package/busybox/busybox-1.8.2-static.patch
===================================================================
--- trunk/package/busybox/busybox-1.8.2-static.patch (rev 0)
+++ trunk/package/busybox/busybox-1.8.2-static.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -0,0 +1,12 @@
+diff -urN busybox-1.8.2/applets/applets.c busybox-1.8.2-static/applets/applets.c
+--- busybox-1.8.2/applets/applets.c 2007-11-10 01:40:53.000000000 +0000
++++ busybox-1.8.2-static/applets/applets.c 2007-12-09 03:46:04.000000000 +0000
+@@ -17,7 +17,7 @@
+ #warning See sources.redhat.com/bugzilla/show_bug.cgi?id=3400
+ #warning Note that glibc is unsuitable for static linking anyway.
+ #warning If you still want to do it, remove -Wl,--gc-sections
+-#warning from top-level Makefile and remove this warning.
++#warning from file scripts/trylink and remove this warning.
+ #error Aborting compilation.
+ #endif
+
Added: trunk/package/busybox/busybox-1.8.2-vi.patch
===================================================================
--- trunk/package/busybox/busybox-1.8.2-vi.patch (rev 0)
+++ trunk/package/busybox/busybox-1.8.2-vi.patch 2008-01-07 16:46:21 UTC (rev 1487)
@@ -0,0 +1,40 @@
+diff -urN busybox-1.8.2/editors/vi.c busybox-1.8.2-vi/editors/vi.c
+--- busybox-1.8.2/editors/vi.c 2007-11-10 01:40:54.000000000 +0000
++++ busybox-1.8.2-vi/editors/vi.c 2007-12-10 16:26:01.000000000 +0000
+@@ -184,6 +184,7 @@
+ #if ENABLE_FEATURE_VI_COLON
+ char *initial_cmds[3]; // currently 2 entries, NULL terminated
+ #endif
++ char readbuffer[MAX_LINELEN];
+ };
+ #define G (*ptr_to_globals)
+ #define text (G.text )
+@@ -200,6 +201,10 @@
+ #define term_orig (G.term_orig )
+ #define term_vi (G.term_vi )
+ #define initial_cmds (G.initial_cmds )
++#define readbuffer (G.readbuffer )
++#define INIT_G() do { \
++ PTR_TO_GLOBALS = xzalloc(sizeof(G)); \
++} while (0)
+
+ static int init_text_buffer(char *); // init from file or create new
+ static void edit_file(char *); // edit one file
+@@ -321,7 +326,7 @@
+ my_pid = getpid();
+ #endif
+
+- PTR_TO_GLOBALS = xzalloc(sizeof(G));
++ INIT_G();
+
+ #if ENABLE_FEATURE_VI_CRASHME
+ srand((long) my_pid);
+@@ -2142,8 +2147,6 @@
+ return safe_poll(pfd, 1, hund*10) > 0;
+ }
+
+-#define readbuffer bb_common_bufsiz1
+-
+ static int readed_for_parse;
+
+ //----- IO Routines --------------------------------------------
Modified: trunk/package/busybox/busybox-astlinux.config
===================================================================
--- trunk/package/busybox/busybox-astlinux.config 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox-astlinux.config 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Busybox version: 1.4.1
-# Mon Jul 9 16:22:39 2007
+# Busybox version: 1.8.2
+# Mon Jan 7 11:38:01 2008
#
CONFIG_HAVE_DOT_CONFIG=y
@@ -25,30 +25,31 @@
CONFIG_GETOPT_LONG=y
CONFIG_FEATURE_DEVPTS=y
# CONFIG_FEATURE_CLEAN_UP is not set
+CONFIG_FEATURE_PIDFILE=y
CONFIG_FEATURE_SUID=y
-CONFIG_FEATURE_SYSLOG=y
# CONFIG_FEATURE_SUID_CONFIG is not set
# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
-CONFIG_FEATURE_HAVE_RPC=y
# CONFIG_SELINUX is not set
+# CONFIG_FEATURE_PREFER_APPLETS is not set
CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
+CONFIG_FEATURE_SYSLOG=y
+CONFIG_FEATURE_HAVE_RPC=y
#
# Build Options
#
# CONFIG_STATIC is not set
# CONFIG_BUILD_LIBBUSYBOX is not set
-# CONFIG_FEATURE_FULL_LIBBUSYBOX is not set
+# CONFIG_FEATURE_INDIVIDUAL is not set
# CONFIG_FEATURE_SHARED_BUSYBOX is not set
CONFIG_LFS=y
-# CONFIG_BUILD_AT_ONCE is not set
#
# Debugging Options
#
# CONFIG_DEBUG is not set
-# CONFIG_DEBUG_PESSIMIZE is not set
-# CONFIG_NO_DEBUG_LIB is not set
+# CONFIG_WERROR is not set
+CONFIG_NO_DEBUG_LIB=y
# CONFIG_DMALLOC is not set
# CONFIG_EFENCE is not set
CONFIG_INCLUDE_SUSv2=y
@@ -59,7 +60,11 @@
# CONFIG_INSTALL_NO_USR is not set
CONFIG_INSTALL_APPLET_SYMLINKS=y
# CONFIG_INSTALL_APPLET_HARDLINKS is not set
+# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set
# CONFIG_INSTALL_APPLET_DONT is not set
+# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set
+# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set
+# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set
CONFIG_PREFIX="/home/kris/projects/astlinux-trunk/build_i586/root"
#
@@ -67,6 +72,19 @@
#
CONFIG_PASSWORD_MINLEN=6
CONFIG_MD5_SIZE_VS_SPEED=2
+CONFIG_FEATURE_FAST_TOP=y
+# CONFIG_FEATURE_ETC_NETWORKS is not set
+# CONFIG_FEATURE_EDITING is not set
+CONFIG_FEATURE_EDITING_MAX_LEN=
+# CONFIG_FEATURE_EDITING_FANCY_KEYS is not set
+# CONFIG_FEATURE_EDITING_VI is not set
+CONFIG_FEATURE_EDITING_HISTORY=
+# CONFIG_FEATURE_EDITING_SAVEHISTORY is not set
+# CONFIG_FEATURE_TAB_COMPLETION is not set
+# CONFIG_FEATURE_USERNAME_COMPLETION is not set
+# CONFIG_FEATURE_EDITING_FANCY_PROMPT is not set
+CONFIG_MONOTONIC_SYSCALL=y
+CONFIG_IOCTL_HEX2STR_ERROR=y
#
# Applets
@@ -78,6 +96,7 @@
# CONFIG_AR is not set
# CONFIG_FEATURE_AR_LONG_FILENAMES is not set
CONFIG_BUNZIP2=y
+CONFIG_BZIP2=y
# CONFIG_CPIO is not set
# CONFIG_DPKG is not set
# CONFIG_DPKG_DEB is not set
@@ -87,6 +106,7 @@
CONFIG_GZIP=y
# CONFIG_RPM2CPIO is not set
# CONFIG_RPM is not set
+# CONFIG_FEATURE_RPM_BZ2 is not set
CONFIG_TAR=y
CONFIG_FEATURE_TAR_CREATE=y
CONFIG_FEATURE_TAR_BZIP2=y
@@ -95,6 +115,7 @@
CONFIG_FEATURE_TAR_GZIP=y
# CONFIG_FEATURE_TAR_COMPRESS is not set
# CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
+# CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y
# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
# CONFIG_UNCOMPRESS is not set
@@ -122,7 +143,6 @@
CONFIG_CHOWN=y
CONFIG_CHROOT=y
# CONFIG_CKSUM is not set
-CONFIG_CMP=y
# CONFIG_COMM is not set
CONFIG_CP=y
CONFIG_CUT=y
@@ -132,10 +152,6 @@
CONFIG_FEATURE_DD_SIGNAL_HANDLING=y
# CONFIG_FEATURE_DD_IBS_OBS is not set
CONFIG_DF=y
-CONFIG_DIFF=y
-CONFIG_FEATURE_DIFF_BINARY=y
-CONFIG_FEATURE_DIFF_DIR=y
-# CONFIG_FEATURE_DIFF_MINIMAL is not set
CONFIG_DIRNAME=y
CONFIG_DOS2UNIX=y
CONFIG_UNIX2DOS=y
@@ -145,6 +161,8 @@
CONFIG_FEATURE_FANCY_ECHO=y
CONFIG_ENV=y
# CONFIG_FEATURE_ENV_LONG_OPTIONS is not set
+# CONFIG_EXPAND is not set
+# CONFIG_FEATURE_EXPAND_LONG_OPTIONS is not set
CONFIG_EXPR=y
# CONFIG_EXPR_MATH_SUPPORT_64 is not set
CONFIG_FALSE=y
@@ -180,6 +198,8 @@
# CONFIG_PRINTENV is not set
# CONFIG_PRINTF is not set
CONFIG_PWD=y
+CONFIG_READLINK=y
+# CONFIG_FEATURE_READLINK_FOLLOW is not set
CONFIG_REALPATH=y
CONFIG_RM=y
CONFIG_RMDIR=y
@@ -189,6 +209,8 @@
# CONFIG_FEATURE_FANCY_SLEEP is not set
CONFIG_SORT=y
CONFIG_FEATURE_SORT_BIG=y
+# CONFIG_SPLIT is not set
+# CONFIG_FEATURE_SPLIT_FANCY is not set
CONFIG_STAT=y
# CONFIG_FEATURE_STAT_FORMAT is not set
CONFIG_STTY=y
@@ -207,11 +229,12 @@
CONFIG_TRUE=y
CONFIG_TTY=y
CONFIG_UNAME=y
+# CONFIG_UNEXPAND is not set
+# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
CONFIG_UNIQ=y
CONFIG_USLEEP=y
CONFIG_UUDECODE=y
CONFIG_UUENCODE=y
-CONFIG_WATCH=y
CONFIG_WC=y
# CONFIG_FEATURE_WC_LARGE is not set
CONFIG_WHO=y
@@ -245,6 +268,7 @@
CONFIG_CLEAR=y
CONFIG_DEALLOCVT=y
# CONFIG_DUMPKMAP is not set
+# CONFIG_KBD_MODE is not set
# CONFIG_LOADFONT is not set
# CONFIG_LOADKMAP is not set
CONFIG_OPENVT=y
@@ -261,10 +285,9 @@
#
CONFIG_MKTEMP=y
# CONFIG_PIPE_PROGRESS is not set
-CONFIG_READLINK=y
-# CONFIG_FEATURE_READLINK_FOLLOW is not set
CONFIG_RUN_PARTS=y
# CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS is not set
+# CONFIG_FEATURE_RUN_PARTS_FANCY is not set
# CONFIG_START_STOP_DAEMON is not set
# CONFIG_FEATURE_START_STOP_DAEMON_FANCY is not set
# CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS is not set
@@ -275,10 +298,16 @@
#
CONFIG_AWK=y
CONFIG_FEATURE_AWK_MATH=y
+CONFIG_CMP=y
+CONFIG_DIFF=y
+CONFIG_FEATURE_DIFF_BINARY=y
+CONFIG_FEATURE_DIFF_DIR=y
+# CONFIG_FEATURE_DIFF_MINIMAL is not set
# CONFIG_ED is not set
CONFIG_PATCH=y
CONFIG_SED=y
CONFIG_VI=y
+CONFIG_FEATURE_VI_MAX_LEN=1024
CONFIG_FEATURE_VI_COLON=y
CONFIG_FEATURE_VI_YANKMARK=y
CONFIG_FEATURE_VI_SEARCH=y
@@ -301,9 +330,21 @@
CONFIG_FEATURE_FIND_PERM=y
CONFIG_FEATURE_FIND_TYPE=y
CONFIG_FEATURE_FIND_XDEV=y
+CONFIG_FEATURE_FIND_MAXDEPTH=y
CONFIG_FEATURE_FIND_NEWER=y
# CONFIG_FEATURE_FIND_INUM is not set
CONFIG_FEATURE_FIND_EXEC=y
+CONFIG_FEATURE_FIND_USER=y
+CONFIG_FEATURE_FIND_GROUP=y
+CONFIG_FEATURE_FIND_NOT=y
+CONFIG_FEATURE_FIND_DEPTH=y
+CONFIG_FEATURE_FIND_PAREN=y
+CONFIG_FEATURE_FIND_SIZE=y
+CONFIG_FEATURE_FIND_PRUNE=y
+CONFIG_FEATURE_FIND_DELETE=y
+CONFIG_FEATURE_FIND_PATH=y
+CONFIG_FEATURE_FIND_REGEX=y
+# CONFIG_FEATURE_FIND_CONTEXT is not set
CONFIG_GREP=y
CONFIG_FEATURE_GREP_EGREP_ALIAS=y
CONFIG_FEATURE_GREP_FGREP_ALIAS=y
@@ -321,6 +362,7 @@
# CONFIG_DEBUG_INIT is not set
CONFIG_FEATURE_USE_INITTAB=y
# CONFIG_FEATURE_INIT_SCTTY is not set
+CONFIG_FEATURE_INIT_SYSLOG=y
# CONFIG_FEATURE_EXTRA_QUIET is not set
# CONFIG_FEATURE_INIT_COREDUMPS is not set
CONFIG_FEATURE_INITRD=y
@@ -334,17 +376,23 @@
# CONFIG_USE_BB_SHADOW is not set
# CONFIG_USE_BB_PWD_GRP is not set
CONFIG_ADDGROUP=y
+CONFIG_FEATURE_ADDUSER_TO_GROUP=y
CONFIG_DELGROUP=y
+CONFIG_FEATURE_DEL_USER_FROM_GROUP=y
CONFIG_ADDUSER=y
CONFIG_DELUSER=y
CONFIG_GETTY=y
CONFIG_FEATURE_UTMP=y
CONFIG_FEATURE_WTMP=y
CONFIG_LOGIN=y
+# CONFIG_PAM is not set
# CONFIG_LOGIN_SCRIPTS is not set
+# CONFIG_FEATURE_NOLOGIN is not set
# CONFIG_FEATURE_SECURETTY is not set
CONFIG_PASSWD=y
# CONFIG_FEATURE_PASSWD_WEAK_CHECK is not set
+CONFIG_CRYPTPW=y
+CONFIG_CHPASSWD=y
CONFIG_SU=y
CONFIG_FEATURE_SU_SYSLOG=y
CONFIG_FEATURE_SU_CHECKS_SHELLS=y
@@ -415,11 +463,13 @@
# CONFIG_MDEV is not set
# CONFIG_FEATURE_MDEV_CONF is not set
# CONFIG_FEATURE_MDEV_EXEC is not set
+# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
CONFIG_MKSWAP=y
# CONFIG_FEATURE_MKSWAP_V0 is not set
CONFIG_MORE=y
CONFIG_FEATURE_USE_TERMIOS=y
CONFIG_MOUNT=y
+# CONFIG_FEATURE_MOUNT_HELPERS is not set
CONFIG_FEATURE_MOUNT_NFS=y
# CONFIG_FEATURE_MOUNT_CIFS is not set
CONFIG_FEATURE_MOUNT_FLAGS=y
@@ -444,6 +494,7 @@
#
# CONFIG_ADJTIMEX is not set
# CONFIG_BBCONFIG is not set
+# CONFIG_CHRT is not set
CONFIG_CROND=y
# CONFIG_DEBUG_CROND_OPTION is not set
CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
@@ -473,9 +524,9 @@
CONFIG_MAKEDEVS=y
# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
CONFIG_FEATURE_MAKEDEVS_TABLE=y
+# CONFIG_MICROCOM is not set
# CONFIG_MOUNTPOINT is not set
CONFIG_MT=y
-CONFIG_NMETER=y
# CONFIG_RAIDAUTORUN is not set
# CONFIG_READAHEAD is not set
# CONFIG_RUNLEVEL is not set
@@ -485,12 +536,14 @@
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
CONFIG_TIME=y
+# CONFIG_TTYSIZE is not set
CONFIG_WATCHDOG=y
#
# Networking Utilities
#
# CONFIG_FEATURE_IPV6 is not set
+CONFIG_VERBOSE_RESOLUTION_ERRORS=y
CONFIG_ARP=y
CONFIG_ARPING=y
# CONFIG_DNSD is not set
@@ -501,6 +554,8 @@
# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set
CONFIG_HOSTNAME=y
# CONFIG_HTTPD is not set
+# CONFIG_FEATURE_HTTPD_RANGES is not set
+# CONFIG_FEATURE_HTTPD_USE_SENDFILE is not set
# CONFIG_FEATURE_HTTPD_RELOAD_CONFIG_SIGHUP is not set
# CONFIG_FEATURE_HTTPD_SETUID is not set
# CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set
@@ -510,6 +565,8 @@
# CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR is not set
# CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV is not set
# CONFIG_FEATURE_HTTPD_ENCODE_URL_STR is not set
+# CONFIG_FEATURE_HTTPD_ERROR_PAGES is not set
+# CONFIG_FEATURE_HTTPD_PROXY is not set
CONFIG_IFCONFIG=y
CONFIG_FEATURE_IFCONFIG_STATUS=y
# CONFIG_FEATURE_IFCONFIG_SLIP is not set
@@ -517,13 +574,14 @@
CONFIG_FEATURE_IFCONFIG_HW=y
CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS=y
CONFIG_IFUPDOWN=y
+CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
# CONFIG_FEATURE_IFUPDOWN_IP is not set
# CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN is not set
CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN=y
CONFIG_FEATURE_IFUPDOWN_IPV4=y
# CONFIG_FEATURE_IFUPDOWN_IPV6 is not set
-# CONFIG_FEATURE_IFUPDOWN_IPX is not set
# CONFIG_FEATURE_IFUPDOWN_MAPPING is not set
+# CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP is not set
CONFIG_INETD=y
CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO=y
CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD=y
@@ -531,32 +589,35 @@
CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME=y
CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN=y
# CONFIG_FEATURE_INETD_RPC is not set
-# CONFIG_IP is not set
-# CONFIG_FEATURE_IP_ADDRESS is not set
-# CONFIG_FEATURE_IP_LINK is not set
-# CONFIG_FEATURE_IP_ROUTE is not set
-# CONFIG_FEATURE_IP_TUNNEL is not set
-# CONFIG_FEATURE_IP_RULE is not set
-# CONFIG_FEATURE_IP_SHORT_FORMS is not set
-# CONFIG_IPADDR is not set
-# CONFIG_IPLINK is not set
-# CONFIG_IPROUTE is not set
-# CONFIG_IPTUNNEL is not set
-# CONFIG_IPRULE is not set
+CONFIG_IP=y
+CONFIG_FEATURE_IP_ADDRESS=y
+CONFIG_FEATURE_IP_LINK=y
+CONFIG_FEATURE_IP_ROUTE=y
+CONFIG_FEATURE_IP_TUNNEL=y
+CONFIG_FEATURE_IP_RULE=y
+CONFIG_FEATURE_IP_SHORT_FORMS=y
+# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
+CONFIG_IPADDR=y
+CONFIG_IPLINK=y
+CONFIG_IPROUTE=y
+CONFIG_IPTUNNEL=y
+CONFIG_IPRULE=y
CONFIG_IPCALC=y
CONFIG_FEATURE_IPCALC_FANCY=y
# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
-# CONFIG_NAMEIF is not set
+CONFIG_NAMEIF=y
CONFIG_NC=y
CONFIG_NC_SERVER=y
# CONFIG_NC_EXTRA is not set
CONFIG_NETSTAT=y
+CONFIG_FEATURE_NETSTAT_WIDE=y
CONFIG_NSLOOKUP=y
CONFIG_PING=y
+# CONFIG_PING6 is not set
+# CONFIG_PSCAN is not set
CONFIG_FEATURE_FANCY_PING=y
-# CONFIG_PING6 is not set
-# CONFIG_FEATURE_FANCY_PING6 is not set
CONFIG_ROUTE=y
+# CONFIG_SLATTACH is not set
CONFIG_TELNET=y
CONFIG_FEATURE_TELNET_TTYPE=y
# CONFIG_FEATURE_TELNET_AUTOLOGIN is not set
@@ -574,14 +635,14 @@
# CONFIG_APP_UDHCPD is not set
# CONFIG_APP_DHCPRELAY is not set
# CONFIG_APP_DUMPLEASES is not set
+# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
CONFIG_APP_UDHCPC=y
-CONFIG_FEATURE_UDHCP_SYSLOG=y
# CONFIG_FEATURE_UDHCP_DEBUG is not set
+# CONFIG_FEATURE_RFC3397 is not set
CONFIG_VCONFIG=y
CONFIG_WGET=y
CONFIG_FEATURE_WGET_STATUSBAR=y
CONFIG_FEATURE_WGET_AUTHENTICATION=y
-# CONFIG_FEATURE_WGET_IP6_LITERAL is not set
# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
CONFIG_ZCIP=y
@@ -593,16 +654,23 @@
CONFIG_KILL=y
CONFIG_KILLALL=y
CONFIG_KILLALL5=y
+CONFIG_NMETER=y
+CONFIG_PGREP=y
CONFIG_PIDOF=y
# CONFIG_FEATURE_PIDOF_SINGLE is not set
# CONFIG_FEATURE_PIDOF_OMIT is not set
+CONFIG_PKILL=y
CONFIG_PS=y
CONFIG_FEATURE_PS_WIDE=y
CONFIG_RENICE=y
CONFIG_BB_SYSCTL=y
CONFIG_TOP=y
CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
+CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
+CONFIG_FEATURE_TOP_DECIMALS=y
+CONFIG_FEATURE_TOPMEM=y
CONFIG_UPTIME=y
+CONFIG_WATCH=y
#
# Shells
@@ -632,6 +700,12 @@
# CONFIG_ASH_RANDOM_SUPPORT is not set
# CONFIG_ASH_EXPAND_PRMT is not set
# CONFIG_HUSH is not set
+# CONFIG_HUSH_HELP is not set
+# CONFIG_HUSH_INTERACTIVE is not set
+# CONFIG_HUSH_JOB is not set
+# CONFIG_HUSH_TICK is not set
+# CONFIG_HUSH_IF is not set
+# CONFIG_HUSH_LOOPS is not set
# CONFIG_LASH is not set
# CONFIG_MSH is not set
@@ -639,14 +713,8 @@
# Bourne Shell Options
#
CONFIG_FEATURE_SH_EXTRA_QUIET=y
-# CONFIG_FEATURE_SH_STANDALONE_SHELL is not set
-CONFIG_FEATURE_COMMAND_EDITING=y
-# CONFIG_FEATURE_COMMAND_EDITING_VI is not set
-CONFIG_FEATURE_COMMAND_HISTORY=100
-CONFIG_FEATURE_COMMAND_SAVEHISTORY=y
-CONFIG_FEATURE_COMMAND_TAB_COMPLETION=y
-CONFIG_FEATURE_COMMAND_USERNAME_COMPLETION=y
-CONFIG_FEATURE_SH_FANCY_PROMPT=y
+# CONFIG_FEATURE_SH_STANDALONE is not set
+CONFIG_CTTYHACK=y
#
# System Logging Utilities
@@ -673,3 +741,23 @@
# CONFIG_ENVUIDGID is not set
# CONFIG_ENVDIR is not set
# CONFIG_SOFTLIMIT is not set
+# CONFIG_CHCON is not set
+# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
+# CONFIG_GETENFORCE is not set
+# CONFIG_GETSEBOOL is not set
+# CONFIG_LOAD_POLICY is not set
+# CONFIG_MATCHPATHCON is not set
+# CONFIG_RESTORECON is not set
+# CONFIG_RUNCON is not set
+# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
+# CONFIG_SELINUXENABLED is not set
+# CONFIG_SETENFORCE is not set
+# CONFIG_SETFILES is not set
+# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
+# CONFIG_SETSEBOOL is not set
+
+#
+# ipsvd utilities
+#
+# CONFIG_TCPSVD is not set
+# CONFIG_UDPSVD is not set
Modified: trunk/package/busybox/busybox.mk
===================================================================
--- trunk/package/busybox/busybox.mk 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/package/busybox/busybox.mk 2008-01-07 16:46:21 UTC (rev 1487)
@@ -4,7 +4,7 @@
#
#############################################################
-BUSYBOX_VER:=1.4.1
+BUSYBOX_VER:=1.8.2
ifeq ($(strip $(BR2_PACKAGE_BUSYBOX_SNAPSHOT)),y)
# Be aware that this changes daily....
@@ -71,6 +71,9 @@
ifeq ($(strip $(BR2_PACKAGE_VIM)),y)
$(SED) "s/^.*CONFIG_VI.*/CONFIG_VI=n/" $(BUSYBOX_DIR)/.config
endif
+ifeq ($(strip $(BR2_PACKAGE_WGET)),y)
+ $(SED) "s/^.*CONFIG_WGET.*/CONFIG_WGET=n/" $(BUSYBOX_DIR)/.config
+endif
yes "" | $(MAKE) CC=$(TARGET_CC) CROSS_COMPILE="$(TARGET_CROSS)" \
CROSS="$(TARGET_CROSS)" -C $(BUSYBOX_DIR) oldconfig
touch $@
Modified: trunk/target/initrd/busybox.config
===================================================================
--- trunk/target/initrd/busybox.config 2008-01-06 11:47:18 UTC (rev 1486)
+++ trunk/target/initrd/busybox.config 2008-01-07 16:46:21 UTC (rev 1487)
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Busybox version: 1.4.1
-# Thu Jun 14 12:39:14 2007
+# Busybox version: 1.8.2
+# Mon Jan 7 11:44:07 2008
#
CONFIG_HAVE_DOT_CONFIG=y
@@ -25,30 +25,31 @@
CONFIG_GETOPT_LONG=y
# CONFIG_FEATURE_DEVPTS is not set
# CONFIG_FEATURE_CLEAN_UP is not set
+# CONFIG_FEATURE_PIDFILE is not set
CONFIG_FEATURE_SUID=y
-CONFIG_FEATURE_SYSLOG=y
# CONFIG_FEATURE_SUID_CONFIG is not set
# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
-# CONFIG_FEATURE_HAVE_RPC is not set
# CONFIG_SELINUX is not set
+# CONFIG_FEATURE_PREFER_APPLETS is not set
CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
+CONFIG_FEATURE_SYSLOG=y
+# CONFIG_FEATURE_HAVE_RPC is not set
#
# Build Options
#
CONFIG_STATIC=y
# CONFIG_BUILD_LIBBUSYBOX is not set
-# CONFIG_FEATURE_FULL_LIBBUSYBOX is not set
+# CONFIG_FEATURE_INDIVIDUAL is not set
# CONFIG_FEATURE_SHARED_BUSYBOX is not set
CONFIG_LFS=y
-# CONFIG_BUILD_AT_ONCE is not set
#
# Debugging Options
#
# CONFIG_DEBUG is not set
-# CONFIG_DEBUG_PESSIMIZE is not set
-# CONFIG_NO_DEBUG_LIB is not set
+# CONFIG_WERROR is not set
+CONFIG_NO_DEBUG_LIB=y
# CONFIG_DMALLOC is not set
# CONFIG_EFENCE is not set
CONFIG_INCLUDE_SUSv2=y
@@ -59,7 +60,11 @@
CONFIG_INSTALL_NO_USR=y
CONFIG_INSTALL_APPLET_SYMLINKS=y
# CONFIG_INSTALL_APPLET_HARDLINKS is not set
+# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set
# CONFIG_INSTALL_APPLET_DONT is not set
+# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set
+# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set
+# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set
CONFIG_PREFIX="./_install"
#
@@ -67,6 +72,19 @@
#
CONFIG_PASSWORD_MINLEN=6
CONFIG_MD5_SIZE_VS_SPEED=2
+# CONFIG_FEATURE_FAST_TOP is not set
+# CONFIG_FEATURE_ETC_NETWORKS is not set
+# CONFIG_FEATURE_EDITING is not set
+CONFIG_FEATURE_EDITING_MAX_LEN=
+# CONFIG_FEATURE_EDITING_FANCY_KEYS is not set
+# CONFIG_FEATURE_EDITING_VI is not set
+CONFIG_FEATURE_EDITING_HISTORY=
+# CONFIG_FEATURE_EDITING_SAVEHISTORY is not set
+# CONFIG_FEATURE_TAB_COMPLETION is not set
+# CONFIG_FEATURE_USERNAME_COMPLETION is not set
+# CONFIG_FEATURE_EDITING_FANCY_PROMPT is not set
+CONFIG_MONOTONIC_SYSCALL=y
+CONFIG_IOCTL_HEX2STR_ERROR=y
#
# Applets
@@ -78,6 +96,7 @@
# CONFIG_AR is not set
# CONFIG_FEATURE_AR_LONG_FILENAMES is not set
CONFIG_BUNZIP2=y
+# CONFIG_BZIP2 is not set
# CONFIG_CPIO is not set
# CONFIG_DPKG is not set
# CONFIG_DPKG_DEB is not set
@@ -87,6 +106,7 @@
# CONFIG_GZIP is not set
# CONFIG_RPM2CPIO is not set
# CONFIG_RPM is not set
+# CONFIG_FEATURE_RPM_BZ2 is not set
# CONFIG_TAR is not set
# CONFIG_FEATURE_TAR_CREATE is not set
# CONFIG_FEATURE_TAR_BZIP2 is not set
@@ -95,6 +115,7 @@
# CONFIG_FEATURE_TAR_GZIP is not set
# CONFIG_FEATURE_TAR_COMPRESS is not set
# CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
+# CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
# CONFIG_FEATURE_TAR_GNU_EXTENSIONS is not set
# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
# CONFIG_UNCOMPRESS is not set
@@ -118,7 +139,6 @@
CONFIG_CHOWN=y
CONFIG_CHROOT=y
# CONFIG_CKSUM is not set
-# CONFIG_CMP is not set
# CONFIG_COMM is not set
CONFIG_CP=y
CONFIG_CUT=y
@@ -128,10 +148,6 @@
CONFIG_FEATURE_DD_SIGNAL_HANDLING=y
# CONFIG_FEATURE_DD_IBS_OBS is not set
# CONFIG_DF is not set
-# CONFIG_DIFF is not set
-# CONFIG_FEATURE_DIFF_BINARY is not set
-# CONFIG_FEATURE_DIFF_DIR is not set
-# CONFIG_FEATURE_DIFF_MINIMAL is not set
# CONFIG_DIRNAME is not set
# CONFIG_DOS2UNIX is not set
# CONFIG_UNIX2DOS is not set
@@ -141,6 +157,8 @@
CONFIG_FEATURE_FANCY_ECHO=y
# CONFIG_ENV is not set
# CONFIG_FEATURE_ENV_LONG_OPTIONS is not set
+# CONFIG_EXPAND is not set
+# CONFIG_FEATURE_EXPAND_LONG_OPTIONS is not set
CONFIG_EXPR=y
# CONFIG_EXPR_MATH_SUPPORT_64 is not set
CONFIG_FALSE=y
@@ -176,6 +194,8 @@
# CONFIG_PRINTENV is not set
# CONFIG_PRINTF is not set
CONFIG_PWD=y
+CONFIG_READLINK=y
+# CONFIG_FEATURE_READLINK_FOLLOW is not set
CONFIG_REALPATH=y
CONFIG_RM=y
CONFIG_RMDIR=y
@@ -185,6 +205,8 @@
# CONFIG_FEATURE_FANCY_SLEEP is not set
# CONFIG_SORT is not set
# CONFIG_FEATURE_SORT_BIG is not set
+# CONFIG_SPLIT is not set
+# CONFIG_FEATURE_SPLIT_FANCY is not set
# CONFIG_STAT is not set
# CONFIG_FEATURE_STAT_FORMAT is not set
# CONFIG_STTY is not set
@@ -203,11 +225,12 @@
CONFIG_TRUE=y
# CONFIG_TTY is not set
CONFIG_UNAME=y
+# CONFIG_UNEXPAND is not set
+# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
# CONFIG_UNIQ is not set
# CONFIG_USLEEP is not set
# CONFIG_UUDECODE is not set
# CONFIG_UUENCODE is not set
-# CONFIG_WATCH is not set
CONFIG_WC=y
# CONFIG_FEATURE_WC_LARGE is not set
# CONFIG_WHO is not set
@@ -241,6 +264,7 @@
CONFIG_CLEAR=y
# CONFIG_DEALLOCVT is not set
# CONFIG_DUMPKMAP is not set
+# CONFIG_KBD_MODE is not set
# CONFIG_LOADFONT is not set
# CONFIG_LOADKMAP is not set
# CONFIG_OPENVT is not set
@@ -257,10 +281,9 @@
#
CONFIG_MKTEMP=y
# CONFIG_PIPE_PROGRESS is not set
-CONFIG_READLINK=y
-# CONFIG_FEATURE_READLINK_FOLLOW is not set
# CONFIG_RUN_PARTS is not set
# CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS is not set
+# CONFIG_FEATURE_RUN_PARTS_FANCY is not set
# CONFIG_START_STOP_DAEMON is not set
# CONFIG_FEATURE_START_STOP_DAEMON_FANCY is not set
# CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS is not set
@@ -271,10 +294,16 @@
#
CONFIG_AWK=y
CONFIG_FEATURE_AWK_MATH=y
+# CONFIG_CMP is not set
+# CONFIG_DIFF is not set
+# CONFIG_FEATURE_DIFF_BINARY is not set
+# CONFIG_FEATURE_DIFF_DIR is not set
+# CONFIG_FEATURE_DIFF_MINIMAL is not set
# CONFIG_ED is not set
# CONFIG_PATCH is not set
CONFIG_SED=y
# CONFIG_VI is not set
+CONFIG_FEATURE_VI_MAX_LEN=
# CONFIG_FEATURE_VI_COLON is not set
# CONFIG_FEATURE_VI_YANKMARK is not set
# CONFIG_FEATURE_VI_SEARCH is not set
@@ -297,9 +326,21 @@
CONFIG_FEATURE_FIND_PERM=y
CONFIG_FEATURE_FIND_TYPE=y
CONFIG_FEATURE_FIND_XDEV=y
+CONFIG_FEATURE_FIND_MAXDEPTH=y
# CONFIG_FEATURE_FIND_NEWER is not set
# CONFIG_FEATURE_FIND_INUM is not set
CONFIG_FEATURE_FIND_EXEC=y
+CONFIG_FEATURE_FIND_USER=y
+CONFIG_FEATURE_FIND_GROUP=y
+CONFIG_FEATURE_FIND_NOT=y
+CONFIG_FEATURE_FIND_DEPTH=y
+CONFIG_FEATURE_FIND_PAREN=y
+CONFIG_FEATURE_FIND_SIZE=y
+CONFIG_FEATURE_FIND_PRUNE=y
+CONFIG_FEATURE_FIND_DELETE=y
+CONFIG_FEATURE_FIND_PATH=y
+CONFIG_FEATURE_FIND_REGEX=y
+# CONFIG_FEATURE_FIND_CONTEXT is not set
CONFIG_GREP=y
CONFIG_FEATURE_GREP_EGREP_ALIAS=y
CONFIG_FEATURE_GREP_FGREP_ALIAS=y
@@ -317,6 +358,7 @@
# CONFIG_DEBUG_INIT is not set
CONFIG_FEATURE_USE_INITTAB=y
# CONFIG_FEATURE_INIT_SCTTY is not set
+# CONFIG_FEATURE_INIT_SYSLOG is not set
# CONFIG_FEATURE_EXTRA_QUIET is not set
# CONFIG_FEATURE_INIT_COREDUMPS is not set
CONFIG_FEATURE_INITRD=y
@@ -330,17 +372,23 @@
# CONFIG_USE_BB_SHADOW is not set
# CONFIG_USE_BB_PWD_GRP is not set
# CONFIG_ADDGROUP is not set
+# CONFIG_FEATURE_ADDUSER_TO_GROUP is not set
# CONFIG_DELGROUP is not set
+# CONFIG_FEATURE_DEL_USER_FROM_GROUP is not set
# CONFIG_ADDUSER is not set
# CONFIG_DELUSER is not set
CONFIG_GETTY=y
CONFIG_FEATURE_UTMP=y
CONFIG_FEATURE_WTMP=y
CONFIG_LOGIN=y
+# CONFIG_PAM is not set
# CONFIG_LOGIN_SCRIPTS is not set
+# CONFIG_FEATURE_NOLOGIN is not set
# CONFIG_FEATURE_SECURETTY is not set
# CONFIG_PASSWD is not set
# CONFIG_FEATURE_PASSWD_WEAK_CHECK is not set
+# CONFIG_CRYPTPW is not set
+# CONFIG_CHPASSWD is not set
# CONFIG_SU is not set
# CONFIG_FEATURE_SU_SYSLOG is not set
# CONFIG_FEATURE_SU_CHECKS_SHELLS is not set
@@ -411,11 +459,13 @@
# CONFIG_MDEV is not set
# CONFIG_FEATURE_MDEV_CONF is not set
# CONFIG_FEATURE_MDEV_EXEC is not set
+# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
# CONFIG_MKSWAP is not set
# CONFIG_FEATURE_MKSWAP_V0 is not set
CONFIG_MORE=y
CONFIG_FEATURE_USE_TERMIOS=y
CONFIG_MOUNT=y
+# CONFIG_FEATURE_MOUNT_HELPERS is not set
# CONFIG_FEATURE_MOUNT_NFS is not set
# CONFIG_FEATURE_MOUNT_CIFS is not set
CONFIG_FEATURE_MOUNT_FLAGS=y
@@ -440,6 +490,7 @@
#
# CONFIG_ADJTIMEX is not set
# CONFIG_BBCONFIG is not set
+# CONFIG_CHRT is not set
# CONFIG_CROND is not set
# CONFIG_DEBUG_CROND_OPTION is not set
# CONFIG_FEATURE_CROND_CALL_SENDMAIL is not set
@@ -469,9 +520,9 @@
# CONFIG_MAKEDEVS is not set
# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
# CONFIG_FEATURE_MAKEDEVS_TABLE is not set
+# CONFIG_MICROCOM is not set
# CONFIG_MOUNTPOINT is not set
# CONFIG_MT is not set
-# CONFIG_NMETER is not set
# CONFIG_RAIDAUTORUN is not set
# CONFIG_READAHEAD is not set
# CONFIG_RUNLEVEL is not set
@@ -481,12 +532,14 @@
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
# CONFIG_TIME is not set
+# CONFIG_TTYSIZE is not set
# CONFIG_WATCHDOG is not set
#
# Networking Utilities
#
# CONFIG_FEATURE_IPV6 is not set
+# CONFIG_VERBOSE_RESOLUTION_ERRORS is not set
# CONFIG_ARP is not set
# CONFIG_ARPING is not set
# CONFIG_DNSD is not set
@@ -497,6 +550,8 @@
# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set
# CONFIG_HOSTNAME is not set
# CONFIG_HTTPD is not set
+# CONFIG_FEATURE_HTTPD_RANGES is not set
+# CONFIG_FEATURE_HTTPD_USE_SENDFILE is not set
# CONFIG_FEATURE_HTTPD_RELOAD_CONFIG_SIGHUP is not set
# CONFIG_FEATURE_HTTPD_SETUID is not set
# CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set
@@ -506,6 +561,8 @@
# CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR is not set
# CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV is not set
# CONFIG_FEATURE_HTTPD_ENCODE_URL_STR is not set
+# CONFIG_FEATURE_HTTPD_ERROR_PAGES is not set
+# CONFIG_FEATURE_HTTPD_PROXY is not set
# CONFIG_IFCONFIG is not set
# CONFIG_FEATURE_IFCONFIG_STATUS is not set
# CONFIG_FEATURE_IFCONFIG_SLIP is not set
@@ -513,13 +570,14 @@
# CONFIG_FEATURE_IFCONFIG_HW is not set
# CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS is not set
# CONFIG_IFUPDOWN is not set
+CONFIG_IFUPDOWN_IFSTATE_PATH=""
# CONFIG_FEATURE_IFUPDOWN_IP is not set
# CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN is not set
# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
# CONFIG_FEATURE_IFUPDOWN_IPV4 is not set
# CONFIG_FEATURE_IFUPDOWN_IPV6 is not set
-# CONFIG_FEATURE_IFUPDOWN_IPX is not set
# CONFIG_FEATURE_IFUPDOWN_MAPPING is not set
+# CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP is not set
# CONFIG_INETD is not set
# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO is not set
# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD is not set
@@ -534,6 +592,7 @@
# CONFIG_FEATURE_IP_TUNNEL is not set
# CONFIG_FEATURE_IP_RULE is not set
# CONFIG_FEATURE_IP_SHORT_FORMS is not set
+# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
# CONFIG_IPADDR is not set
# CONFIG_IPLINK is not set
# CONFIG_IPROUTE is not set
@@ -547,12 +606,14 @@
# CONFIG_NC_SERVER is not set
# CONFIG_NC_EXTRA is not set
# CONFIG_NETSTAT is not set
+# CONFIG_FEATURE_NETSTAT_WIDE is not set
# CONFIG_NSLOOKUP is not set
# CONFIG_PING is not set
+# CONFIG_PING6 is not set
+# CONFIG_PSCAN is not set
# CONFIG_FEATURE_FANCY_PING is not set
-# CONFIG_PING6 is not set
-# CONFIG_FEATURE_FANCY_PING6 is not set
# CONFIG_ROUTE is not set
+# CONFIG_SLATTACH is not set
# CONFIG_TELNET is not set
# CONFIG_FEATURE_TELNET_TTYPE is not set
# CONFIG_FEATURE_TELNET_AUTOLOGIN is not set
@@ -570,14 +631,14 @@
# CONFIG_APP_UDHCPD is not set
# CONFIG_APP_DHCPRELAY is not set
# CONFIG_APP_DUMPLEASES is not set
+# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_APP_UDHCPC is not set
-# CONFIG_FEATURE_UDHCP_SYSLOG is not set
# CONFIG_FEATURE_UDHCP_DEBUG is not set
+# CONFIG_FEATURE_RFC3397 is not set
# CONFIG_VCONFIG is not set
# CONFIG_WGET is not set
# CONFIG_FEATURE_WGET_STATUSBAR is not set
# CONFIG_FEATURE_WGET_AUTHENTICATION is not set
-# CONFIG_FEATURE_WGET_IP6_LITERAL is not set
# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
# CONFIG_ZCIP is not set
@@ -589,16 +650,23 @@
CONFIG_KILL=y
CONFIG_KILLALL=y
# CONFIG_KILLALL5 is not set
+# CONFIG_NMETER is not set
+# CONFIG_PGREP is not set
# CONFIG_PIDOF is not set
# CONFIG_FEATURE_PIDOF_SINGLE is not set
# CONFIG_FEATURE_PIDOF_OMIT is not set
+# CONFIG_PKILL is not set
CONFIG_PS=y
CONFIG_FEATURE_PS_WIDE=y
# CONFIG_RENICE is not set
CONFIG_BB_SYSCTL=y
# CONFIG_TOP is not set
# CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE is not set
+# CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS is not set
+# CONFIG_FEATURE_TOP_DECIMALS is not set
+# CONFIG_FEATURE_TOPMEM is not set
# CONFIG_UPTIME is not set
+# CONFIG_WATCH is not set
#
# Shells
@@ -628,6 +696,12 @@
# CONFIG_ASH_RANDOM_SUPPORT is not set
# CONFIG_ASH_EXPAND_PRMT is not set
# CONFIG_HUSH is not set
+# CONFIG_HUSH_HELP is not set
+# CONFIG_HUSH_INTERACTIVE is not set
+# CONFIG_HUSH_JOB is not set
+# CONFIG_HUSH_TICK is not set
+# CONFIG_HUSH_IF is not set
+# CONFIG_HUSH_LOOPS is not set
# CONFIG_LASH is not set
# CONFIG_MSH is not set
@@ -635,14 +709,8 @@
# Bourne Shell Options
#
CONFIG_FEATURE_SH_EXTRA_QUIET=y
-# CONFIG_FEATURE_SH_STANDALONE_SHELL is not set
-# CONFIG_FEATURE_COMMAND_EDITING is not set
-# CONFIG_FEATURE_COMMAND_EDITING_VI is not set
-CONFIG_FEATURE_COMMAND_HISTORY=
-# CONFIG_FEATURE_COMMAND_SAVEHISTORY is not set
-# CONFIG_FEATURE_COMMAND_TAB_COMPLETION is not set
-# CONFIG_FEATURE_COMMAND_USERNAME_COMPLETION is not set
-# CONFIG_FEATURE_SH_FANCY_PROMPT is not set
+# CONFIG_FEATURE_SH_STANDALONE is not set
+CONFIG_CTTYHACK=y
#
# System Logging Utilities
@@ -669,3 +737,23 @@
# CONFIG_ENVUIDGID is not set
# CONFIG_ENVDIR is not set
# CONFIG_SOFTLIMIT is not set
+# CONFIG_CHCON is not set
+# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
+# CONFIG_GETENFORCE is not set
+# CONFIG_GETSEBOOL is not set
+# CONFIG_LOAD_POLICY is not set
+# CONFIG_MATCHPATHCON is not set
+# CONFIG_RESTORECON is not set
+# CONFIG_RUNCON is not set
+# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
+# CONFIG_SELINUXENABLED is not set
+# CONFIG_SETENFORCE is not set
+# CONFIG_SETFILES is not set
+# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
+# CONFIG_SETSEBOOL is not set
+
+#
+# ipsvd utilities
+#
+# CONFIG_TCPSVD is not set
+# CONFIG_UDPSVD is not set
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2008-01-11 17:38:55
|
Revision: 1510
http://astlinux.svn.sourceforge.net/astlinux/?rev=1510&view=rev
Author: krisk84
Date: 2008-01-11 09:38:44 -0800 (Fri, 11 Jan 2008)
Log Message:
-----------
first run at sndvol support - not done yet
Modified Paths:
--------------
trunk/package/asterisk/Config.in
trunk/package/asterisk/asterisk.mk
Added Paths:
-----------
trunk/toolchain/sndvol
Modified: trunk/package/asterisk/Config.in
===================================================================
--- trunk/package/asterisk/Config.in 2008-01-11 04:45:09 UTC (rev 1509)
+++ trunk/package/asterisk/Config.in 2008-01-11 17:38:44 UTC (rev 1510)
@@ -57,3 +57,23 @@
depends BR2_PACKAGE_ASTERISK
help
Run interactive menuselect to select custom Asterisk options
+
+config BR2_PACKAGE_ASTERISK_SNDVOL
+ bool "Asterisk MOH sound volume"
+ default n
+ depends BR2_PACKAGE_ASTERISK
+ help
+ Some people think the volume of the music on hold files included
+ with Asterisk is too high. This will let you change it before
+ the files get copied into your image. You will need to have sox
+ installed on your build machine.
+
+ Thanks to Lonnie Abelbeck for the tip and sox command line
+
+config BR2_PACKAGE_ASTERISK_SNDVOL_LEVEL
+ string "The actual volume adjustment"
+ default 0.3
+ depends BR2_PACKAGE_ASTERISK_SNDVOL
+ help
+ The actual volume adjustment passed to sox (-v). See the sox man
+ page for more help.
Modified: trunk/package/asterisk/asterisk.mk
===================================================================
--- trunk/package/asterisk/asterisk.mk 2008-01-11 04:45:09 UTC (rev 1509)
+++ trunk/package/asterisk/asterisk.mk 2008-01-11 17:38:44 UTC (rev 1510)
@@ -154,6 +154,12 @@
cp -f package/asterisk/custom/*.conf $(TARGET_DIR)/stat/etc/asterisk/
endif
+$(TARGET_DIR)/stat/var/lib/asterisk/moh-sndvol:
+ toolchain/sndvol $(BR2_PACKAGE_ASTERISK_SNDVOL_LEVEL) $(TARGET_DIR)/stat/var/lib/asterisk/moh \
+ $(TARGET_DIR)/stat/var/lib/asterisk/moh-sndvol
+
+sndvol: $(TARGET_DIR)/stat/var/lib/asterisk/moh-sndvol
+
asterisk: uclibc libelf ncurses zlib openssl libtool $(ASTERISK_EXTRAS) $(TARGET_DIR)/$(ASTERISK_TARGET_BINARY)
asterisk-source: $(DL_DIR)/$(ASTERISK_SOURCE)
@@ -199,3 +205,6 @@
TARGETS+=asterisk
endif
+ifeq ($(strip $(BR2_PACKAGE_ASTERISK_SNDVOL)),y)
+TARGETS+=sndvol
+endif
Added: trunk/toolchain/sndvol
===================================================================
--- trunk/toolchain/sndvol (rev 0)
+++ trunk/toolchain/sndvol 2008-01-11 17:38:44 UTC (rev 1510)
@@ -0,0 +1,37 @@
+#!/bin/bash
+FORMATS=".wav .ulaw"
+
+
+if [ ! $2 ]
+then
+echo "Usage:
+
+$0 [volume] [indir] [outdir]"
+exit 1
+fi
+
+if `which sox > /dev/null 2> /dev/null`
+then
+SOX=`which sox`
+else
+echo "You need to have sox installed"
+exit 1
+fi
+
+INDIR=$2
+OUTDIR=$3
+VOLUME=$1
+
+if [ ! -d $OUTDIR ]
+then
+mkdir -p $OUTDIR
+fi
+
+for i in $FORMATS
+do
+for i in `ls $1/*.$FORMATS`
+do
+OUTFILE=`basename $i`
+sox -v $VOLUME $i "$OUTDIR"/"$OUTFILE"
+done
+done
Property changes on: trunk/toolchain/sndvol
___________________________________________________________________
Name: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2008-01-16 08:03:19
|
Revision: 1533
http://astlinux.svn.sourceforge.net/astlinux/?rev=1533&view=rev
Author: krisk84
Date: 2008-01-16 00:03:25 -0800 (Wed, 16 Jan 2008)
Log Message:
-----------
nprobe init script
Added Paths:
-----------
trunk/package/nprobe/nprobe.init
trunk/target/generic/target_skeleton/etc/runlevels/default/K06nprobe
trunk/target/generic/target_skeleton/etc/runlevels/default/S93nprobe
Added: trunk/package/nprobe/nprobe.init
===================================================================
--- trunk/package/nprobe/nprobe.init (rev 0)
+++ trunk/package/nprobe/nprobe.init 2008-01-16 08:03:25 UTC (rev 1533)
@@ -0,0 +1,95 @@
+#!/bin/sh
+
+. /etc/rc.conf
+
+start () {
+
+if [ "$FLOW_DIR" ]
+then
+
+if [ ! -d "$FLOW_DIR" ]
+then
+mkdir -p "$FLOW_DIR"
+fi
+
+else
+exit
+fi
+
+if [ ! "$FLOW_INT" ]
+then
+exit
+fi
+
+if [ ! "$FLOW_COLLECTOR" ]
+then
+FLOW_COLLECTOR="none"
+fi
+
+if [ ! "$FLOW_DUMP_FREQUENCY" ]
+then
+FLOW_DUMP_FREQUENCY="60"
+fi
+
+if [ ! "$FLOW_FORMAT" ]
+then
+FLOW_FORMAT="%PROTOCOL_MAP %IPV4_SRC_ADDR %L4_SRC_PORT_MAP %IPV4_DST_ADDR %L4_DST_PORT_MAP %FIRST_SWITCHED %LAST_SWITCHED %IN_PKTS %OUT_PKTS %IN_BYTES %OUT_BYTES %TCP_FLAGS"
+fi
+
+if [ ! "$FLOW_DUMP_FORMAT" ]
+then
+FLOW_DUMP_FORMAT="%PROTOCOL_MAP %IPV4_SRC_ADDR %L4_SRC_PORT_MAP %IPV4_DST_ADDR %L4_DST_PORT_MAP %FIRST_SWITCHED %LAST_SWITCHED %IN_PKTS %OUT_PKTS %IN_BYTES %OUT_BYTES %TCP_FLAGS"
+fi
+
+if [ ! "$FLOW_MAX_FLOWS" ]
+then
+FLOW_MAX_FLOWS="4294967295"
+fi
+
+if [ ! "$FLOW_VERSION" ]
+then
+FLOW_VERSION="9"
+fi
+
+# Extra options to use: -f "bpf-filter"
+
+echo "Starting nprobe..."
+nprobe -G -g /var/run/nprobe.pid -i "$FLOW_INT" -n "$FLOW_COLLECTOR" -T "$FLOW_FORMAT" -D "$FLOW_DUMP_FORMAT" \
+-P "$FLOW_DIR" -F "$FLOW_DUMP_FREQUENCY" -M "$FLOW_MAX_FLOWS" -V "$FLOW_VERSION"
+
+}
+
+stop () {
+if [ -r /var/run/nprobe.pid ]
+then
+echo "Stopping nprobe..."
+kill `cat /var/run/nprobe.pid`
+fi
+
+}
+
+case $1 in
+
+start)
+start
+;;
+
+stop)
+stop
+;;
+
+init)
+start
+;;
+
+restart)
+stop
+sleep 2
+start
+;;
+
+*)
+echo "Usage: start|stop|restart"
+;;
+
+esac
Added: trunk/target/generic/target_skeleton/etc/runlevels/default/K06nprobe
===================================================================
--- trunk/target/generic/target_skeleton/etc/runlevels/default/K06nprobe (rev 0)
+++ trunk/target/generic/target_skeleton/etc/runlevels/default/K06nprobe 2008-01-16 08:03:25 UTC (rev 1533)
@@ -0,0 +1 @@
+link ../../init.d/nprobe
\ No newline at end of file
Property changes on: trunk/target/generic/target_skeleton/etc/runlevels/default/K06nprobe
___________________________________________________________________
Name: svn:special
+ *
Added: trunk/target/generic/target_skeleton/etc/runlevels/default/S93nprobe
===================================================================
--- trunk/target/generic/target_skeleton/etc/runlevels/default/S93nprobe (rev 0)
+++ trunk/target/generic/target_skeleton/etc/runlevels/default/S93nprobe 2008-01-16 08:03:25 UTC (rev 1533)
@@ -0,0 +1 @@
+link ../../init.d/nprobe
\ No newline at end of file
Property changes on: trunk/target/generic/target_skeleton/etc/runlevels/default/S93nprobe
___________________________________________________________________
Name: svn:special
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2008-01-22 19:27:40
|
Revision: 1541
http://astlinux.svn.sourceforge.net/astlinux/?rev=1541&view=rev
Author: krisk84
Date: 2008-01-22 11:27:40 -0800 (Tue, 22 Jan 2008)
Log Message:
-----------
changes and cleanups from Philip - thanks
Modified Paths:
--------------
trunk/package/arno-fw/arno-iptables-firewall
trunk/package/arno-fw/arno-iptables-firewall.conf
trunk/package/arno-fw/arnofw.mk
trunk/package/iptables/iptables.init
trunk/package/vim/vim.mk
trunk/target/device/geni586/linux.mk
trunk/target/device/net4801/linux.mk
trunk/target/device/net5501/linux.mk
trunk/target/device/via/linux.mk
trunk/target/device/via-c7/linux.mk
trunk/target/device/wrap/linux.mk
trunk/target/generic/target_skeleton/usr/sbin/genkd
trunk/target/x86/runnix/runnix.mk
Added Paths:
-----------
trunk/package/arno-fw/arno.wrapper
Modified: trunk/package/arno-fw/arno-iptables-firewall
===================================================================
--- trunk/package/arno-fw/arno-iptables-firewall 2008-01-21 18:47:16 UTC (rev 1540)
+++ trunk/package/arno-fw/arno-iptables-firewall 2008-01-22 19:27:40 UTC (rev 1541)
@@ -1,4661 +0,0 @@
-#!/bin/sh
-
-# chkconfig: 2345 11 89
-# description: Arno's iptables firewall
-
-### BEGIN INIT INFO
-# Provides: arno-iptables-firewall
-# Required-Start: $syslog $local_fs
-# Required-Stop: $syslog $local_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Setup iptables firewall configuration
-### END INIT INFO
-
-############################################################################################
-# You should put this script in eg. "/etc/init.d/" (or "/etc/rc.d/"). #
-# Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it #
-# If you want to run it upon boot, either add an entry in your "/etc/rc.d/rc.local" or #
-# (for ie. Debian) in "/etc/rcS.d/" create a symlink to the arno-iptables-firewall script #
-# ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script"). #
-############################################################################################
-
-MY_VERSION="1.8.8i"
-
-# Location of the configuration file for this firewall:
-#######################################################
-CONFIG_FILE=/etc/arno-iptables-firewall.conf
-
-# ------------------------------------------------------------------------------------------
-# -= Arno's iptables firewall =-
-# Single- & multi-homed firewall script with DSL/ADSL support
-#
-# ~ In memory of my dear father ~
-#
-# (C) Copyright 2001-2007 by Arno van Amersfoort
-# Homepage : http://rocky.eld.leidenuniv.nl/
-# Freshmeat homepage : http://freshmeat.net/projects/iptables-firewall/?topic_id=151
-# Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
-# (note: you must remove all spaces and substitute the @ and the .
-# at the proper locations!)
-# ------------------------------------------------------------------------------------------
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# version 2 as published by the Free Software Foundation.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-# ------------------------------------------------------------------------------------------
-
-#
-# Astlinux modifications by Darrick Hartman
-#
-
-# Some predefined variables:
-anyhost="0/0"
-anyport="0:65535"
-
-printf "\033[40m\033[1;32mArno's Iptables Firewall Script v$MY_VERSION\033[0m\n"
-echo "-------------------------------------------------------------------------------"
-
-# Astlinux mod: check if config file is on key disk or use default from stat
-#############################################################################
-if [ ! -e /tmp/etc/arno-iptables-firewall.conf ]; then
-if [ -e /mnt/kd/arno-iptables-firewall.conf ]; then
- ln -s /mnt/kd/arno-iptables-firewall.conf /tmp/etc/arno-iptables-firewall.conf
-else
- cp /stat/etc/arno-iptables-firewall.conf /tmp/etc/arno-iptables-firewall.conf
-fi
-fi
-
-# Check if config file exists and if so load it
-###############################################
-if [ -e "$CONFIG_FILE" ]; then
- . $CONFIG_FILE
- # Check whether we also need to drop messages in a dedicated firewall log file
- if [ -z "$FIREWALL_LOG" ]; then FIREWALL_LOG="/dev/null"; fi
-else
- printf "\033[40m\033[1;31mERROR: Could not read configuration file $CONFIG_FILE!\033[0m\n" >&2
- printf "\033[40m\033[1;31m Please, check the file's location and (root) rights.\033[0m\n" >&2
- exit 2
-fi
-
-# if $LOGLEVEL is not set, default to "info"
-############################################
-if [ -z "$LOGLEVEL" ]; then
- LOGLEVEL="info"
-fi
-
-
-sanity_check()
-{
- # root check
- if [ "$(id -u)" != "0" ]; then
- printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\033[0m\n" >&2
- exit 1
- fi
-
- # Check whether the iptables binary exists and if it's executable
- #################################################################
- if [ ! -x $IPTABLES ]; then
- printf "\033[40m\033[1;31mERROR: Binary \"$IPTABLES\" does not exist or is not executable!\033[0m\n" >&2
- printf "\033[40m\033[1;31m Please, make sure that IPTABLES is (properly) installed!\033[0m\n" >&2
- exit 13
- fi
-
- # Check that we have at least kernel 2.4 else generate a warning (no error as 2.2 kernels could be iptables patched)
- ####################################################################################################################
- KERNELMAJ=`uname -r |sed -e 's,\..*,,'`
- KERNELMIN=`uname -r |sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
- if [ "$KERNELMAJ" -lt 2 ] || [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ]; then
- printf "\033[40m\033[1;31mWARNING: Your kernel version is older than 2.4! Your kernel probably doesn't\033[0m\n" >&2
- printf "\033[40m\033[1;31m support IPTABLES unless an IPTABLES patch is compiled in it.\033[0m\n" >&2
- fi
-
- # Make sure EXT_IF != ""
- ########################
- if [ -z "$EXT_IF" ]; then
- printf "\033[40m\033[1;31mERROR: The required variable EXT_IF is empty!\033[0m\n" >&2
- printf "\033[40m\033[1;31m Please, check the configuration file.\033[0m\n" >&2
- exit 2
- fi
-
- # Check whether EXT_IF's exists
- ###############################
- for interface in $EXT_IF; do
- if [ -z "$(echo $interface |grep '\+')" ]; then
- result=`ifconfig $interface >/dev/null 2>&1`
- return_val=$?
- if [ "$return_val" != "0" ]; then
- printf "\033[40m\033[1;31mNOTE: External interface $interface does NOT exist (yet?)\033[0m\n"
- printf "\033[40m\033[1;31mResult was: $result\033[0m\n"
- fi
- fi
- done
-
- # Check whether MODEM_IF exists
- ###############################
- if [ -n "$MODEM_IF" ]; then
- result=`ifconfig $MODEM_IF >/dev/null 2>&1`
- return_val=$?
- if [ "$return_val" != "0" ]; then
- printf "\033[40m\033[1;31mNOTE: Modem interface $interface does NOT exist (yet?)\033[0m\n"
- printf "\033[40m\033[1;31mResult was: $result\033[0m\n"
- fi
- fi
-
- # Check whether INT_IF's exists
- ###############################
- for interface in $INT_IF; do
- if [ -z "$(echo $interface |grep '\+')" ]; then
- result=`ifconfig $MODEM_IF >/dev/null 2>&1`
- return_val=$?
- if [ "$return_val" != "0" ]; then
- printf "\033[40m\033[1;31mNOTE: Internal interface $interface does NOT exist (yet?)\033[0m\n"
- printf "\033[40m\033[1;31mResult was: $result\033[0m\n"
- fi
- fi
- done
-
- # Check whether DMZ_IF's exists
- ###############################
- for interface in $DMZ_IF; do
- if [ -z "$(echo $interface |grep '\+')" ]; then
- result=`ifconfig $MODEM_IF >/dev/null 2>&1`
- return_val=$?
- if [ "$return_val" != "0" ]; then
- printf "\033[40m\033[1;31mNOTE: DMZ interface $interface does NOT exist (yet?)\033[0m\n"
- printf "\033[40m\033[1;31mResult was: $result\033[0m\n"
- fi
- fi
- done
-
- # Check whether TRUSTED_IF's exists
- ###################################
- for interface in $TRUSTED_IF; do
- if [ -z "$(echo $interface |grep '\+')" ]; then
- result=`ifconfig $MODEM_IF >/dev/null 2>&1`
- return_val=$?
- if [ "$return_val" != "0" ]; then
- printf "\033[40m\033[1;31mNOTE: Trusted interface $interface does NOT exist (yet?)\033[0m\n"
- printf "\033[40m\033[1;31mResult was: $result\033[0m\n"
- fi
- fi
- done
-
- # Make sure INT_IF != EXT_IF
- ############################
- for eif in $EXT_IF; do
- for iif in $INT_IF; do
- if [ "$iif" = "$eif" ]; then
- printf "\033[40m\033[1;31mERROR: One or more interfaces specified in EXT_IF is the same as one in\033[0m\n" >&2
- printf "\033[40m\033[1;31m INT_IF! Please, check the configuration file.\033[0m\n" >&2
- exit 3
- fi
- done
- done
-
- # Make sure EXT_IF != MODEM_IF
- ##############################
- for eif in $EXT_IF; do
- if [ "$eif" = "$MODEM_IF" ]; then
- printf "\033[40m\033[1;31mERROR: One or more interfaces specified in EXT_IF is the same as the\033[0m\n" >&2
- printf "\033[40m\033[1;31m MODEM_IF! Please, check the configuration file.\033[0m\n" >&2
- exit 4
- fi
- done
-
- # Make sure INT_IF != MODEM_IF
- ##############################
- if [ -n "$MODEM_IF" ]; then
- for iif in $INT_IF; do
- if [ "$iif" = "$MODEM_IF" ]; then
- printf "\033[40m\033[1;31mERROR: One or more interfaces specified in INT_IF is the same as the one in\033[0m\n" >&2
- printf "\033[40m\033[1;31m MODEM_IF! Please, check the configuration file.\033[0m\n" >&2
- exit 5
- fi
- done
- fi
-
- # Make sure EXT_IF != lo / 127.0.0.1
- ####################################
- for eif in $EXT_IF; do
- if [ "$eif" = "lo" ] || [ "$eif" = "127.0.0.1" ]; then
- printf "\033[40m\033[1;31mERROR: One or more interfaces specified in EXT_IF has the address or name of the\033[0m\n" >&2
- printf "\033[40m\033[1;31m local loopback device! Please, check the configuration file.\033[0m\n" >&2
- exit 6
- fi
- done
-
- # Make sure INT_IF != lo / 127.0.0.1
- ####################################
- for iif in $INT_IF; do
- if [ "$iif" = "lo" ] || [ "$iif" = "127.0.0.1" ]; then
- printf "\033[40m\033[1;31mERROR: At least one of the interfaces specified in INT_IF has the address or\033[0m\n" >&2
- printf "\033[40m\033[1;31m name of the local loopback device! Please, check the configuration file.\033[0m\n" >&2
- exit 7
- fi
- done
-
- # Make sure MODEM_IF != lo / 127.0.0.1
- ######################################
- if [ "$MODEM_IF" = "lo" ] || [ "$MODEM_IF" = "127.0.0.1" ]; then
- printf "\033[40m\033[1;31mERROR: The interface specified in MODEM_IF has the address or name of the local\033[0m\n" >&2
- printf "\033[40m\033[1;31m loopback device! Please, check the configuration file.\033[0m\n" >&2
- exit 8
- fi
-
- # If support for an DHCP server serving an external net is enabled, we
- # also need to know what the external net is.
- ##########################################################################
- if [ "$EXTERNAL_DHCP_SERVER" = "1" ] && [ -z "$EXTERNAL_NET" ]; then
- printf "\033[40m\033[1;31mERROR: You have enabled external DHCP server support but required variable\033[0m\n" >&2
- printf "\033[40m\033[1;31m EXTERNAL_NET has NOT been defined!\033[0m\n" >&2
- exit 10
- fi
-
- # We can only perform NAT if NAT_INTERNAL_NET is defined
- if [ "$NAT" = "1" ] && [ -z "$NAT_INTERNAL_NET" ]; then
- printf "\033[40m\033[1;31mERROR: Unable to enable NAT because there's no (NAT_)INTERNAL_NET specified!\033[0m\n" >&2
- exit 11
- fi
-
- # If support the nmb_broadcast_fix is enabled we need the EXTERNAL_NET set
- ##########################################################################
- if [ "$NMB_BROADCAST_FIX" = "1" ] && [ -z "$EXTERNAL_NET" ]; then
- printf "\033[40m\033[1;31mERROR: You have enabled the NMB_BROADCAST_FIX but required variable\033[0m\n" >&2
- printf "\033[40m\033[1;31m EXTERNAL_NET has NOT been defined!\033[0m\n" >&2
- exit 12
- fi
-
- # Warn if no_broadcast variables are used and external net is NOT defined
- ##########################################################################
- if [ -n "$BROADCAST_TCP_NOLOG" ] || [ -n "$BROADCAST_UDP_NOLOG" ]; then
- if [ -z "$EXTERNAL_NET" ]; then
- printf "\033[40m\033[1;31mWARNING: You are using the BROADCAST_xxx_NOLOG variables but the EXTERNAL_NET\033[0m\n" >&2
- printf "\033[40m\033[1;31m has NOT been defined! This could be a problem.\033[0m\n" >&2
- fi
- fi
-
-
- # Passed all sanity checks :-)
- ##############################
- echo "Sanity checks passed...OK"
-}
-
-
-# Helper function to load a module
-##################################
-module_probe()
-{
- # Module support available?
- if [ -e /proc/modules ]; then
- if [ -x /sbin/modprobe ]; then
- result=`/sbin/modprobe $* 2>&1`
- return_val=$?
- else
- # Let the path figure it out
- result=`modprobe $* 2>&1`
- return_val=$?
- fi
-
- if [ "$return_val" != "0" ]; then
- if [ -z "$(echo "$result" |grep -e '^FATAL: Module .* not found')" ] ; then
- # Show any (error) messages in red
- printf "\033[40m\033[1;31mmodprobe $*: $result\033[0m\n" >&2
- else
- if [ "$COMPILED_IN_KERNEL_MESSAGES" != "0" ]; then
- echo "NOTE: Module \"$1\" not found. Assuming it is compiled in the kernel"
- fi
- fi
- else
- if [ -n "$(echo "$result" |grep -e '^WARNING:')" ]; then
- # Show any (warning) messages in red
- printf "\033[40m\033[1;31mmodprobe $*: $result\033[0m\n" >&2
- else
- if [ -n "$result" ]; then # If result is not empty, show it
- echo "$result"
- fi
- fi
- fi
- else
- if [ "$COMPILED_IN_KERNEL_MESSAGES" != "0" ]; then
- echo "NOTE: Kernel has no module support. Assuming module \"$1\" is compiled in the kernel"
- fi
- fi
-
- return $return_val
-}
-
-
-load_modules()
-{
- echo "Checking/probing Iptables modules:"
-
- module_probe ip_tables # Required; all ipv4 modules depend on this one
- module_probe ip_conntrack # Allows connection tracking state match, which allows you to
- # write rules matching the state of a connection
- module_probe ip_conntrack_ftp # Permits active FTP; requires ip_conntrack
-
- module_probe ipt_conntrack # Allows tracking for various protocols, placing entries
- # in the conntrack table etc.
- module_probe ipt_limit # Allows log limits
- module_probe ipt_state # Permits packet state checking (SYN, SYN-ACK, ACK, and so on).
- module_probe ipt_multiport # Allows packet specifications on multiple ports
-
- module_probe iptable_filter # Implements the filter table
- module_probe iptable_mangle # Implements the mangle table
- module_probe iptable_nat # Implements the nat table
-
- # Explicitely load some targets
- module_probe ipt_REJECT # Implements the REJECT target
- module_probe ipt_LOG # Implements the LOG target
-
- if [ -n "$MAC_ADDRESS_FILE" ]; then
- module_probe ipt_mac # Allows specifying MAC address
- fi
-
-# (Currently) unused modules:
-# module_probe ipt_iprange # Allows to use IP ranges in rules
-# module_probe ipt_addrtype # Allows matching src/dst address type (BROKEN!)
-# module_probe ipt_pkttype # Permits checking for packet type (BROADCAST, MULTICAST etc.) (BROKEN!)
-# module_probe ipt_recent # Allows checking for recent packets
-# module_probe ip_queue # Allows queuing packets to user space
-# module_probe ipt_owner # Permits user/group checking on OUTPUT packets
-# module_probe ipt_mark # Allows use of mark match
-# module_probe ip_conntrack_egg
-
- if [ "$USE_IRC" = "1" ]; then
-# echo "Enabling IRC DCC module support..."
- module_probe ip_conntrack_irc #ports=6661,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001
-
- if [ "$NAT" = "1" ]; then
- module_probe ip_nat_irc #ports=6661,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001
- fi
- fi
-
- if [ "$SET_MSS" != "0" ]; then
-# module_probe ipt_tcpmss # Enable TCPMSS checking on a packet
- module_probe ipt_TCPMSS # Load the TCPMSS target
- fi
-
- if [ "$NAT" = "1" ]; then
-# module_probe iptable_nat # Implements nat table
- module_probe ip_nat_ftp # Permits active FTP via nat; requires ip_conntrack, iptables_nat
- module_probe ipt_MASQUERADE # Implements the MASQUERADE target
- fi
-
- if [ "$MANGLE_TOS" != "0" ]; then
-# module_probe ipt_tos # Enable TOS checking on a packet
- module_probe ipt_TOS # Load the TOS target
- fi
-
- if [ "$PACKET_TTL" = "1" ] || [ "$TTL_INC" = "1" ]; then
-# module_probe ipt_ttl # Enable TTL checking on a packet
- module_probe ipt_TTL # Load the TTL target
- fi
-
-# if [ "$TRAFFIC_SHAPING" = "1" ]; then
-# module_probe ipt_length
-# fi
-
- echo " Module check done..."
-}
-
-
-setup_misc()
-{
- # Most people don't want to get any firewall logs being spit to the console
- # This option makes the kernel ring buffer to only log messages with level "panic"
- if [ "$DMESG_PANIC_ONLY" = "1" ]; then
- echo "Setting the kernel ring buffer to only log panic messages to the console"
-# dmesg -c # Clear ring buffer
- dmesg -n 1 # Only show panic messages on the console
- fi
-}
-
-
-setup_proc_settings()
-{
- echo "Configuring /proc/.... settings:"
-
- # Use /proc rp_filter values to drop connections from non-routable IPs
- ######################################################################
- if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
- if [ "$RP_FILTER" = "1" ]; then
- echo " Enabling anti-spoof with rp_filter"
- else
- echo " Disabling anti-spoof with rp_filter"
- fi
-
- for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
-# if [ "$i" = "/proc/sys/net/ipv4/conf/$EXT_IF/rp_filter" ] || [ "$RP_FILTER" != "0" ]; then
- if [ "$RP_FILTER" = "1" ]; then
- echo 1 > $i
- else
- echo 0 > $i
- fi
- done
- fi
-
- # Block ALL ICMP echo requests?
- ###############################
- if [ "$ECHO_IGNORE" = "1" ]; then
- echo " Blocking all ICMP echo-requests"
- echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
- else
- echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
- fi
-
- # Add synflood protection?
- ##########################
- if [ -f /proc/sys/net/ipv4/tcp_syncookies ]; then
- if [ "$SYN_PROT" != 0 ]; then
- echo " Enabling SYN-flood protection via SYN-cookies"
- echo 1 > /proc/sys/net/ipv4/tcp_syncookies
- else
- echo " Disabling SYN-flood protection via SYN-cookies"
- echo 0 > /proc/sys/net/ipv4/tcp_syncookies
- fi
- fi
-
- # Log martians?
- ###############
- if [ "$LOG_MARTIANS" = "1" ]; then
- echo " Enabling the logging of martians"
- echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
- else
- echo " Disabling the logging of martians"
- echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
- fi
-
- # Accept ICMP redirect messages?
- ################################
- if [ "$ICMP_REDIRECT" = "1" ]; then
- echo " Enabling the acception of ICMP-redirect messages"
- echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects
- else
- echo " Disabling the acception of ICMP-redirect messages"
- echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
- fi
-
- # Set the maximum number of connections to track.
- # The kernel "default" depends on the available amount of RAM, 128 MB of RAM -> 8192
- # possible entries, 256 MB of RAM --> 16376 possible entries, etc...
- #######################################################################################
- if [ ! -f /proc/sys/net/ipv4/ip_conntrack_max ] && [ ! -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ] \
- && [ -n "$CONNTRACK" ]; then
- printf "\033[40m\033[1;31m WARNING: /proc/../ip_conntrack_max was NOT found. This may be a problem!\033[0m\n" >&2
- else
- if [ -n "$CONNTRACK" ]; then
- echo " Setting the max. amount of simultaneous connections to $CONNTRACK"
- else
- echo " Setting the max. amount of simultaneous connections to 4096 (default)"
- fi
-
- # Default location for ip_conntrack_max
- if [ -f /proc/sys/net/ipv4/ip_conntrack_max ]; then
- if [ -n "$CONNTRACK" ]; then
- echo $CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max
- else
- echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max
- fi
- fi
-
- # Alternate location for ip_conntrack_max
- if [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
- if [ -n "$CONNTRACK" ]; then
- echo $CONNTRACK > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
- else
- echo 4096 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
- fi
- fi
- fi
-
- # Disable ICMP send_redirect
- ############################
- if [ -e /proc/sys/net/ipv4/conf/all/send_redirects ]; then
- for interface in /proc/sys/net/ipv4/conf/*/send_redirects; do
- echo 0 > $interface
- done
- fi
-
- # Don't accept source routed packets.
- # Attackers can use source routing to generate
- # traffic pretending to be from inside your network, but which is routed back along
- # the path from which it came, namely outside, so attackers can compromise your
- # network. Source routing is rarely used for legitimate purposes.
- ###################################################################################
- if [ "$SOURCE_ROUTE_PROTECTION" = "0" ]; then
- echo " DISABLING protection against source routed packets"
- for interface in /proc/sys/net/ipv4/conf/*/accept_source_route; do
- echo 1 > $interface
- done
- else
- echo " Enabling protection against source routed packets"
- for interface in /proc/sys/net/ipv4/conf/*/accept_source_route; do
- echo 0 > $interface
- done
- fi
-
- # ICMP Broadcasting protection (smurf amplifier protection)
- ###########################################################
- if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ]; then
- echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
- fi
-
- # ICMP Dead Error Messages protection
- #####################################
- if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ]; then
- echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
- fi
-
- # Enable automatic IP defragmenting (is obsolete for 2.4 kernels, but still used for 2.2 legacy support)
- ########################################################################################################
- if [ -e /proc/sys/net/ipv4/ip_always_defrag ]; then
- echo 1 > /proc/sys/net/ipv4/ip_always_defrag
- fi
-
- # LooseUDP patch is required by some internet-based games
- #
- # If you are trying to get an internet game to work through your IP MASQ box,
- # and you have set it up to the best of your ability without it working., try
- # enabling this option. This option is disabled by default due to possible
- # internal machine UDP port scanning vulnerabilities.
- #############################################################################
- if [ "$LOOSE_UDP_PATCH" = "1" ]; then
- if [ -e /proc/sys/net/ipv4/ip_masq_udp_dloose ]; then
- echo " Enabling the LOOSE_UDP_PATCH (required for some internet games, but less secure!)"
- echo 1 > /proc/sys/net/ipv4/ip_masq_udp_dloose
- else
- printf "\033[40m\033[1;31m WARNING: /proc/sys/net/ipv4/ip_masq_udp_dloose does not exist!\033[0m\n" >&2
- fi
- else
- if [ -e /proc/sys/net/ipv4/ip_masq_udp_dloose ]; then
- echo " Disabling the LOOSE_UDP_PATCH (more secure)"
- echo 0 > /proc/sys/net/ipv4/ip_masq_udp_dloose
- fi
- fi
-
- # IP forwarding (need it to perform for example NAT)
- ####################################################
- if [ "$IP_FORWARDING" != "0" ]; then
- if [ -e /proc/sys/net/ipv4/ip_forward ]; then
- echo 1 > /proc/sys/net/ipv4/ip_forward
- else
- printf "\033[40m\033[1;31m WARNING: /proc/sys/net/ipv4/ip_forward does not exist! If you're using\033[0m\n" >&2
- printf "\033[40m\033[1;31m NAT or any other type of forwarding this may be a problem.\033[0m\n" >&2
- fi
- else
- if [ -e /proc/sys/net/ipv4/ip_forward ]; then
- echo 0 > /proc/sys/net/ipv4/ip_forward
- fi
- fi
-
- # Change some default timings to fix false logs generated by "lost connections"
- # Defaults:
- # echo "60" > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
- # echo "180" > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
- # echo 10 >/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
- # echo 300 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_max_retrans
- # echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
- # echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
- # echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
- # echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
- # echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_recv
- # echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent
- # echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_icmp_timeout
- # echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
- ###############################################################################
- echo " Setting default conntrack timeouts"
-
- # This is to fix issue's with DNS:
- ##################################
- echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
- echo 180 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
-
- # Enable some general settings
- ##############################
- echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
-# echo 1024 > /proc/sys/net/ipv4/tcp_max_syn_backlog
-
- # Reduce DoS'ing ability by reducing timeouts
- #############################################################
- if [ "$REDUCE_DOS_ABILITY" = "1" ]; then
- echo " Enabling reduction of the DoS'ing ability"
-
-# echo 0 > /proc/sys/net/ipv4/tcp_sack
- echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
- echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
- else
- echo " Disabling reduction of the DoS'ing ability"
-
- # Defaults:
-# echo 1 > /proc/sys/net/ipv4/tcp_sack
- echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
- echo 7200 > /proc/sys/net/ipv4/tcp_keepalive_time
- fi
-
- # Set out local port range. Kernel default = "1024 4999"
- ########################################################
- if [ -z "$LOCAL_PORT_RANGE" ]; then
- LOCAL_PORT_RANGE="32768 61000"
- fi
- echo "$LOCAL_PORT_RANGE" > /proc/sys/net/ipv4/ip_local_port_range
- # Now we change the LOCAL_PORT_RANGE for further use by iptables (replace space with :)
- LOCAL_PORT_RANGE="$(echo $LOCAL_PORT_RANGE |sed s,' ',':',)"
-
- # Time To Live (TTL) is the term for a data field in the internet protocol.
- # TTL is today interpreted to indicate the maximum number of routers a packet may transit.
- # Each router that handles a packet will decrement the TTL field by 1.
- # Raise if you have a huge network.
- # Set the default ttl. (Kernel Default: 64)
- ###########################################################################################
- if [ -n "$DEFAULT_TTL" ]; then
- if [ ! -e /proc/sys/net/ipv4/ip_default_ttl ]; then
- printf "\033[40m\033[1;31m WARNING: /proc/sys/net/ipv4/ip_default_ttl does not exist!\033[0m\n" >&2
- else
- if [ $DEFAULT_TTL -gt 9 ] && [ $DEFAULT_TTL -lt 256 ]; then
- echo " Setting Default TTL=$DEFAULT_TTL"
- echo $DEFAULT_TTL > /proc/sys/net/ipv4/ip_default_ttl
- else
- printf "\033[40m\033[1;31m WARNING: Ingoring invalid value for DEFAULT_TTL ($DEFAULT_TTL), it should be between 10 and 255!\033[0m\n" >&2
- fi
- fi
- else
- # If no Variable is set...
- if [ -e /proc/sys/net/ipv4/ip_default_ttl ]; then
- echo " Setting default TTL to 64"
- echo 64 > /proc/sys/net/ipv4/ip_default_ttl
- fi
- fi
-
- # Increase the default queuelength. (Kernel Default: 1024)
- ##########################################################
- if [ -e /proc/sys/net/ipv4/ip_queue_maxlen ]; then
- echo 2048 > /proc/sys/net/ipv4/ip_queue_maxlen
- fi
-
- # Enable ECN? (Explicit Congestion Notification)
- ################################################
- if [ "$ECN" = "1" ]; then
- if [ -e /proc/sys/net/ipv4/tcp_ecn ]; then
- echo " Enabling ECN (Explicit Congestion Notification)"
- echo 1 > /proc/sys/net/ipv4/tcp_ecn
- else
- printf "\033[40m\033[1;31m WARNING: /proc/sys/net/ipv4/tcp_ecn does not exist!\033[0m\n" >&2
- fi
- else
- if [ -e /proc/sys/net/ipv4/tcp_ecn ]; then
- echo " Disabling ECN (Explicit Congestion Notification)"
- echo 0 > /proc/sys/net/ipv4/tcp_ecn
- fi
- fi
-
- # This enables dynamic-address hacking which makes the
- # life with Diald and similar programs much easier.
- ######################################################
- if [ "$EXT_IF_DHCP_IP" = "1" ]; then
- echo " Enabling support for dynamic IP's"
- echo 1 > /proc/sys/net/ipv4/ip_dynaddr
- else
- echo 0 > /proc/sys/net/ipv4/ip_dynaddr
- fi
-
- # In most cases pmtu discovery is ok, but in some rare cases (when having problems)
- # you might want to disable it.
- if [ "$NO_PMTU_DISCOVERY" = "1" ]; then
- echo " Disabling PMTU discovery"
- echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
- else
- echo 0 > /proc/sys/net/ipv4/ip_no_pmtu_disc
- fi
-
- echo " Flushing route table"
- echo 1 >/proc/sys/net/ipv4/route/flush
-
- echo " /proc/ setup done..."
-}
-
-
-setup_filter_table()
-{
- echo "Flushing rules in the filter table"
-
- # Attempt to flush all rules in filter table
- ############################################
- $IPTABLES -F
- $IPTABLES -X
-
- # Flush built-in rules
- ######################
- $IPTABLES -F INPUT
- $IPTABLES -F OUTPUT
- $IPTABLES -F FORWARD
- $IPTABLES -t nat -F 2>/dev/null
- $IPTABLES -t nat -X 2>/dev/null
- $IPTABLES -t mangle -F 2>/dev/null
- $IPTABLES -t mangle -X 2>/dev/null
-
- # New table named HOST_BLOCK, the block user defined hosts (blackhole)
- ######################################################################
- $IPTABLES -N HOST_BLOCK
-
- # New table named MAC_FILTER, to filter internal hosts using their MAC address
- ##############################################################################
- $IPTABLES -N MAC_FILTER
-
- echo "Setting default (secure) policies"
- # Set standard policies for the built-in tables (drop = very secure)
- ####################################################################
- $IPTABLES -P INPUT DROP
- $IPTABLES -P FORWARD DROP
- $IPTABLES -P OUTPUT ACCEPT
-
- $IPTABLES -t nat -P POSTROUTING ACCEPT 2>/dev/null
- $IPTABLES -t nat -P PREROUTING ACCEPT 2>/dev/null
-
- $IPTABLES -t mangle -P OUTPUT ACCEPT 2>/dev/null
- $IPTABLES -t mangle -P PREROUTING ACCEPT 2>/dev/null
-
- # Reset the iptables counters
- $IPTABLES -Z
- $IPTABLES -t nat -Z 2>/dev/null
- $IPTABLES -t mangle -Z 2>/dev/null
-}
-
-
-# Helper function to get hostname(s) from variable
-get_dhost()
-{
- # Get variable from stdin
- read hosts_ports
-
- CHK_HOST="$(echo "$hosts_ports" |awk -F: '{ print $1 }')"
- # IP or hostname?
- if [ -n "$(echo "$CHK_HOST" |grep -i -e '\.' -e '[a-z]')" ]; then
- echo "$CHK_HOST"
- return 0
- else
- echo "0/0"
- return 1
- fi
-}
-
-
-# Helper function to get port(s) from variable
-get_dport()
-{
- # Get variable from stdin
- read hosts_ports
-
- CHK_HOST="$(echo "$hosts_ports" |awk -F: '{ print $1 }')"
- # IP or hostname?
- if [ -n "$(echo "$CHK_HOST" |grep -i -e '\.' -e '[a-z]')" ]; then
- echo "$hosts_ports" |sed -e s!"^$CHK_HOST:"!! -e s!"^$CHK_HOST"!! -e s!'-'!':'!g
- return 1
- else
- echo "$hosts_ports" |sed s!'-'!':'!g
- return 0
- fi
-}
-
-
-# Helper function to get hostname(s) from variable
-get_shost()
-{
- # Get variable from stdin
- read hosts_ports
-
- CHK_HOST="$(echo "$hosts_ports" |awk -F: '{ print $1 }')"
- # IP or hostname?
- if [ -n "$(echo "$CHK_HOST" |grep -i -e '\.' -e '[a-z]')" ]; then
- echo "$CHK_HOST"
- return 0
- else
- echo "0/0"
- return 1
- fi
-}
-
-
-# Helper function to get port(s) from variable
-get_sport()
-{
- # Get variable from stdin
- read hosts_ports
-
- CHK_HOST="$(echo "$hosts_ports" |awk -F: '{ print $1 }')"
- # IP or hostname?
- if [ -n "$(echo "$CHK_HOST" |grep -i -e '\.' -e '[a-z]')" ]; then
- echo "$hosts_ports" |sed -e s!"^$CHK_HOST:"!! -e s!"^$CHK_HOST"!! -e s!'-'!':'!g
- return 1
- else
- echo "$hosts_ports" |sed s!'-'!':'!g
- return 0
- fi
-}
-
-
-# Helper function to resolve an IP to a DNS name
-# $1 = IP. stdout = DNS name
-get_hostname()
-{
- if [ -n "$(echo "$1" |grep '/')" ]; then
- return 1
- else
- printf "$(dig +short +tries=1 +time=1 -x "$1" 2>/dev/null |grep -v "^;;" |head -n1)"
- fi
-
- return 0
-}
-
-
-##################################################################################################################
-## Chain VALID_CHK - Check packets for invalid flags etc. ##
-##################################################################################################################
-setup_valid_chk_chain()
-{
- # Create new chain:
- $IPTABLES -N VALID_CHK
-
- ## Log scanning of nmap etc.
- ############################
- if [ "$SCAN_LOG" != "0" ]; then
- echo "Logging of stealth scans (nmap probes etc.) enabled"
-
- # (NMAP) FIN/URG/PSH
- ####################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL FIN,URG,PSH \
- -m limit --limit 3/m --limit-burst 5 -j LOG --log-level $LOGLEVEL --log-prefix "Stealth XMAS scan: "
-
- # SYN/RST/ACK/FIN/URG
- #####################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG \
- -m limit --limit 3/m --limit-burst 5 -j LOG --log-level $LOGLEVEL --log-prefix "Stealth XMAS-PSH scan: "
-
- # ALL/ALL
- #########
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL ALL \
- -m limit --limit 3/m --limit-burst 5 -j LOG --log-level $LOGLEVEL --log-prefix "Stealth XMAS-ALL scan: "
-
- # NMAP FIN Stealth
- ##################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL FIN \
- -m limit --limit 3/m --limit-burst 5 -j LOG --log-level $LOGLEVEL --log-prefix "Stealth FIN scan: "
-
- # SYN/RST
- #########
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,RST SYN,RST \
- -m limit --limit 3/m --limit-burst 5 -j LOG --log-level $LOGLEVEL --log-prefix "Stealth SYN/RST scan: "
-
- # SYN/FIN (probably)
- ####################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,FIN SYN,FIN \
- -m limit --limit 3/m --limit-burst 5 -j LOG --log-level $LOGLEVEL --log-prefix "Stealth SYN/FIN scan(?): "
-
- # Null scan
- ###########
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL NONE \
- -m limit --limit 3/m --limit-burst 5 -j LOG --log-level $LOGLEVEL --log-prefix "Stealth Null scan: "
-
- else
- echo "Logging of stealth scans (nmap probes etc.) disabled"
- fi
-
- # Drop (NMAP) scan packets:
- ###########################
-
- # NMAP FIN/URG/PSH
- ##################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
-
- # SYN/RST/ACK/FIN/URG
- #####################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
-
- # ALL/ALL Scan
- ##############
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL ALL -j DROP
-
- # NMAP FIN Stealth
- ##################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL FIN -j DROP
-
- # SYN/RST
- #########
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
-
- # SYN/FIN -- Scan(probably)
- ###########################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
-
- # NMAP Null Scan
- ################
- $IPTABLES -A VALID_CHK -p tcp --tcp-flags ALL NONE -j DROP
-
- # Log packets with bad flags?
- #############################
- if [ "$BAD_FLAGS_LOG" != "0" ]; then
- echo "Logging of packets with bad TCP-flags enabled"
- $IPTABLES -A VALID_CHK -p tcp --tcp-option 64 \
- -m limit --limit 3/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Bad TCP flag(64): "
-
- $IPTABLES -A VALID_CHK -p tcp --tcp-option 128 \
- -m limit --limit 3/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Bad TCP flag(128): "
- else
- echo "Logging of packets with bad TCP-flags disabled"
- fi
-
- # Drop packets with bad tcp flags
- #################################
- $IPTABLES -A VALID_CHK -p tcp --tcp-option 64 -j DROP
- $IPTABLES -A VALID_CHK -p tcp --tcp-option 128 -j DROP
-
- # These packets are normally from "lost connection" and thus can generate false alarms
- # So we might want to ignore such packets
- ######################################################################################
-# if [ "$LOST_CONNECTION_LOG" != "1" ]; then
-# $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,ACK,FIN,RST ACK -j DROP
-# $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,ACK,FIN,RST FIN -j DROP
-# $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j DROP
-# $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,ACK,FIN,RST ACK,FIN -j DROP
-# $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,ACK,FIN,RST ACK,RST -j DROP
-# $IPTABLES -A VALID_CHK -p tcp --tcp-flags SYN,ACK,FIN,RST SYN,ACK -j DROP
-# fi
-
- # Here we add some protection from random packets we receive, such as random sweeps from other
- # (possible) hacked computers, or just packets who are invalid, not belonging to ANY connection
- ###############################################################################################
- if [ "$INVALID_TCP_LOG" = "1" ]; then
- echo "Logging of INVALID TCP packets enabled"
-
- $IPTABLES -A VALID_CHK -p tcp -m state --state INVALID \
- -m limit --limit 1/m --limit-burst 2 -j LOG --log-level $LOGLEVEL --log-prefix "INVALID TCP: "
- else
- echo "Logging of INVALID TCP packets disabled"
- fi
-
- if [ "$INVALID_UDP_LOG" = "1" ]; then
- echo "Logging of INVALID UDP packets enabled"
-
- $IPTABLES -A VALID_CHK -p tcp -m state --state INVALID \
- -m limit --limit 1/m --limit-burst 2 -j LOG --log-level $LOGLEVEL --log-prefix "INVALID UDP: "
- else
- echo "Logging of INVALID UDP packets disabled"
- fi
-
- if [ "$INVALID_ICMP_LOG" = "1" ]; then
- echo "Logging of INVALID ICMP packets enabled"
-
- # Only log INVALID ICMP-request packets when we also want to log "normal" ICMP-request packets
- if [ "$ICMP_REQUEST_LOG" != "0" ]; then
- $IPTABLES -A VALID_CHK -p icmp --icmp-type echo-request -m state --state INVALID \
- -m limit --limit 1/m --limit-burst 2 -j LOG --log-level $LOGLEVEL --log-prefix "INVALID ICMP-request: "
- fi
-
- # Only log INVALID ICMP-other packets when we also want to log "normal" ICMP-other packets
- if [ "$ICMP_OTHER_LOG" != "0" ]; then
- $IPTABLES -A VALID_CHK -p icmp ! --icmp-type echo-request -m state --state INVALID \
- -m limit --limit 1/m --limit-burst 2 -j LOG --log-level $LOGLEVEL --log-prefix "INVALID ICMP-other: "
- fi
- else
- echo "Logging of INVALID ICMP packets disabled"
- fi
-
- # Drop invalid packets
- ######################
- $IPTABLES -A VALID_CHK -m state --state INVALID -j DROP
-
- ## Log fragmented packets
- #########################
- if [ "$FRAG_LOG" = "1" ]; then
- echo "Logging of fragmented packets enabled"
- $IPTABLES -A VALID_CHK -f -m limit --limit 3/m --limit-burst 1 -j LOG --log-prefix "Fragmented packet: "
- else
- echo "Logging of fragmented packets disabled"
- fi
-
- # Drop fragmented packets
- #########################
- $IPTABLES -A VALID_CHK -f -j DROP
-}
-
-
-################################################################################################################
-## Chain RESERVED_NET_CHK - Check if the source addresses of the packets are (in)valid ##
-################################################################################################################
-setup_reserved_net_chk_chain()
-{
- # Create new chain:
- $IPTABLES -N RESERVED_NET_CHK
-
- # Log access from reserved addresses
- ####################################
- if [ "$RESERVED_NET_LOG" != "0" ]; then
- echo "Logging of access from reserved addresses enabled"
- $IPTABLES -A RESERVED_NET_CHK -s 10.0.0.0/8 \
- -m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Class A address: "
-
- $IPTABLES -A RESERVED_NET_CHK -s 172.16.0.0/12 \
- -m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Class B address: "
-
- $IPTABLES -A RESERVED_NET_CHK -s 192.168.0.0/16 \
- -m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Class C address: "
-
- $IPTABLES -A RESERVED_NET_CHK -s 169.254.0.0/16 \
- -m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Class M$ address: "
- else
- echo "Logging of access from reserved addresses disabled"
- fi
-
-
- # rp_filter drops some of these addresses, but just to be sure :)
- ################################################################
- #echo "Denying access from reserved addresses..."
- $IPTABLES -A RESERVED_NET_CHK -s 10.0.0.0/8 -j DROP
- $IPTABLES -A RESERVED_NET_CHK -s 172.16.0.0/12 -j DROP
- $IPTABLES -A RESERVED_NET_CHK -s 192.168.0.0/16 -j DROP
- $IPTABLES -A RESERVED_NET_CHK -s 169.254.0.0/16 -j DROP
-}
-
-
-################################################################################################################
-## Chain SPOOF_CHK - Check if the source address is not spoofed ##
-################################################################################################################
-setup_spoof_chk_chain()
-{
- # Create new chain:
- $IPTABLES -N SPOOF_CHK
-
- echo "Setting up anti-spoof rules"
-
- # Anti-spoof protection for the internal net
- for net in $INTERNAL_NET; do
- for interface in $INT_IF; do
- # Any internal net is valid
- $IPTABLES -A SPOOF_CHK -i $interface -s $net -j RETURN
- done
- $IPTABLES -A SPOOF_CHK -s $net -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Spoofed packet: "
- $IPTABLES -A SPOOF_CHK -s $net -j DROP
- done
-
- # Anti-spoof protection for the DMZ net
- for net in $DMZ_NET; do
- for interface in $DMZ_IF; do
- # Any dmz net is valid
- $IPTABLES -A SPOOF_CHK -i $interface -s $net -j RETURN
- done
- $IPTABLES -A SPOOF_CHK -s $net -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Spoofed packet: "
- $IPTABLES -A SPOOF_CHK -s $net -j DROP
- done
-
- if [ -n "$MODEM_IF" ] && [ -n "$MODEM_IF_IP" ]; then
- # Anti spoof protection for the modem net
- #########################################
- $IPTABLES -A SPOOF_CHK -i ! $MODEM_IF -s "$MODEM_IF_IP/24" \
- -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Spoofed (MODEM) packet: "
- $IPTABLES -A SPOOF_CHK -i ! $MODEM_IF -s "$MODEM_IF_IP/24" -j DROP
- fi
-
- # Everything else is valid
- $IPTABLES -A SPOOF_CHK -j RETURN
-}
-
-
-##################################################
-# Setup chain for the DMZ input traffic #
-##################################################
-setup_dmz_input_chain()
-{
- # Create new chain:
- $IPTABLES -N DMZ_INPUT_CHAIN 2>/dev/null
-
- # Add TCP ports to allow for certain hosts
- ##########################################
- for rule in $DMZ_HOST_OPEN_TCP; do
- echo "$rule" | {
- IFS='>' read hosts ports
-
- echo " Allowing $hosts(DMZ) for TCP port(s): $ports"
-
- IFS=','
- for host in $hosts; do
- for port in $ports; do
- $IPTABLES -A DMZ_INPUT_CHAIN -s $host -p tcp --dport $port -j ACCEPT
- done
- done
- }
- unset IFS
- done
-
- # Add UDP ports to allow for certain hosts
- ##########################################
- for rule in $DMZ_HOST_OPEN_UDP; do
- echo "$rule" | {
- IFS='>' read hosts ports
-
- echo " Allowing $shosts(DMZ) for UDP port(s): $ports"
-
- IFS=','
- for host in $hosts; do
- for port in $ports; do
- $IPTABLES -A DMZ_INPUT_CHAIN -s $host -p udp --dport $port -j ACCEPT
- done
- done
- }
- unset IFS
- done
-
- # Add IP protocols to allow for certain hosts
- #############################################
- for rule in $DMZ_HOST_OPEN_IP; do
- echo "$rule" | {
- IFS='>' read hosts protos
-
- echo " Allowing $hosts(DMZ) for IP protocol(s): $protos"
-
- IFS=','
- for host in $hosts; do
- for proto in $protos; do
- $IPTABLES -A DMZ_INPUT_CHAIN -s $host -p $proto -j ACCEPT
- done
- done
- }
- unset IFS
- done
-
- # Adding TCP ports NOT to be firewalled
- #######################################
- if [ -n "$DMZ_OPEN_TCP" ]; then
- echo " Allowing TCP port(s): $DMZ_OPEN_TCP"
- for port in $DMZ_OPEN_TCP; do
- $IPTABLES -A DMZ_INPUT_CHAIN -p tcp --dport $port -j ACCEPT
- done
- fi
-
- # Adding UDP ports NOT to be firewalled
- #######################################
- if [ -n "$DMZ_OPEN_UDP" ]; then
- echo " Allowing UDP port(s): $DMZ_OPEN_UDP"
- for port in $DMZ_OPEN_UDP; do
- $IPTABLES -A DMZ_INPUT_CHAIN -p udp --dport $port -j ACCEPT
- done
- fi
-
- # Adding IP protocols NOT to be firewalled
- ##########################################
- if [ -n "$DMZ_OPEN_IP" ]; then
- echo " Allowing IP protocol(s): $DMZ_OPEN_IP"
- for proto in $DMZ_OPEN_IP; do
- $IPTABLES -A DMZ_INPUT_CHAIN -p $proto -j ACCEPT
- done
- fi
-
- # Allow to send ICMP packets?
- #############################
- if [ "$DMZ_OPEN_ICMP" != "0" ]; then
- echo " Allowing ICMP-requests(ping)"
- $IPTABLES -A DMZ_INPUT_CHAIN -p icmp --icmp-type echo-request -m limit --limit 20/second --limit-burst 100 -j ACCEPT
- fi
-
- # Log incoming ICMP-request packets?
- ####################################
- if [ "$ICMP_REQUEST_LOG" != "0" ]; then
- $IPTABLES -A DMZ_INPUT_CHAIN -p icmp --icmp-type echo-request \
- -m limit --limit 3/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "ICMP-request: "
- fi
-
- # Drop ICMP packets
- $IPTABLES -A DMZ_INPUT_CHAIN -p icmp --icmp-type echo-request -j DROP
-
- # Log everything else
- $IPTABLES -A DMZ_INPUT_CHAIN -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "DMZ-INPUT denied: "
-
- # Everything else is denied
- $IPTABLES -A DMZ_INPUT_CHAIN -j DROP
-}
-
-
-##################################################
-# Setup chain for the DMZ-to-LAN forward traffic #
-##################################################
-setup_dmz_lan_forward_chain()
-{
- echo " Setting up DMZ->LAN policy:"
-
- # Create new chain:
- $IPTABLES -N DMZ_LAN_FORWARD_CHAIN
-
- # TCP ports to ALLOW for certain DMZ hosts
- #########################################
- for rule in $DMZ_LAN_HOST_OPEN_TCP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_ports
-
- dhosts=`echo "$dhosts_ports" |get_dhost`
- ports=`echo "$dhosts_ports" |get_dport`
-
- # DST ports specified?
- if [ -z "$ports" ]; then
- ports="0:65535"
- fi
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Allowing $shosts(DMZ) to $dhosts(LAN) for TCP port(s): $ports"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for port in $ports; do
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -s $shost -d $dhost -p tcp --dport $port -j ACCEPT
- done
- done
- done
- }
- unset IFS
- done
-
- # UDP ports to ALLOW for certain DMZ hosts
- #########################################
- for rule in $DMZ_LAN_HOST_OPEN_UDP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_ports
-
- dhosts=`echo "$dhosts_ports" |get_dhost`
- ports=`echo "$dhosts_ports" |get_dport`
-
- # DST ports specified?
- if [ -z "$ports" ]; then
- ports="0:65535"
- fi
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Allowing $shosts(DMZ) to $dhosts(LAN) for UDP port(s): $ports"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for port in $ports; do
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -s $shost -d $dhost -p udp --dport $port -j ACCEPT
- done
- done
- done
- }
- unset IFS
- done
-
- # IP protocol(s) to ALLOW for certain DMZ hosts
- ###############################################
- for rule in $DMZ_LAN_HOST_IP_FORWARD; do
- echo "$rule" | {
- IFS='>' read shosts dhost_protos
-
- dhost=`echo "$dhost_protos" |get_dhost`
- protos=`echo "$dhost_protos" |get_dport`
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Allowing $shosts(DMZ) to $dhosts(LAN) for IP protocol(s): $protos"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for proto in $protos; do
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -s $shost -d $dhost -p $proto -j ACCEPT
- done
- done
- done
- }
- unset IFS
- done
-
- # Allow ICMP-requests(ping) for DMZ->LAN?
- ##########################################
- if [ "$DMZ_LAN_OPEN_ICMP" = "1" ]; then
- echo " Allowing ICMP-requests(ping)"
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -p icmp --icmp-type echo-request \
- -m limit --limit 20/second --limit-burst 100 -j ACCEPT
- fi
-
- # Log incoming ICMP-request packets?
- ####################################
- if [ "$ICMP_REQUEST_LOG" != "0" ]; then
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -p icmp --icmp-type echo-request \
- -m limit --limit 3/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "ICMP-request: "
- fi
-
- # Drop ICMP packets
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -p icmp --icmp-type echo-request -j DROP
-
- # Log everything else
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "DMZ->LAN denied: "
-
- # Everything else is denied
- $IPTABLES -A DMZ_LAN_FORWARD_CHAIN -j DROP
-}
-
-
-###################################################
-# Setup chain for the INET-to-DMZ forward traffic #
-###################################################
-setup_inet_dmz_forward_chain()
-{
- echo " Setting up INET->DMZ policy:"
-
- # Create new chain:
- $IPTABLES -N INET_DMZ_FORWARD_CHAIN
-
- # TCP ports to ALLOW for certain INET hosts
- #########################################
- for rule in $INET_DMZ_HOST_OPEN_TCP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_ports
-
- dhosts=`echo "$dhosts_ports" |get_dhost`
- ports=`echo "$dhosts_ports" |get_dport`
-
- # DST ports specified?
- if [ -z "$ports" ]; then
- ports="0:65535"
- fi
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Allowing $shosts(INET) to $dhosts(DMZ) for TCP port(s): $ports"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for port in $ports; do
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p tcp --dport $port -j ACCEPT
- done
- done
- done
- }
- unset IFS
- done
-
- # UDP ports to ALLOW for certain INET hosts
- #########################################
- for rule in $INET_DMZ_HOST_OPEN_UDP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_ports
-
- dhosts=`echo "$dhosts_ports" |get_dhost`
- ports=`echo "$dhosts_ports" |get_dport`
-
- # DST ports specified?
- if [ -z "$ports" ]; then
- ports="0:65535"
- fi
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Allowing $shosts(INET) to $dhosts(DMZ) for UDP port(s): $ports"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for port in $ports; do
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p udp --dport $port -j ACCEPT
- done
- done
- done
- }
- unset IFS
- done
-
- # (Other) IP protocols to ALLOW for certain INET hosts
- #####################################################
- for rule in $INET_DMZ_HOST_OPEN_IP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_protos
-
- dhosts=`echo "$dhosts_protos" |get_dhost`
- protos=`echo "$dhosts_protos" |get_dport`
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Allowing $shosts(INET) to $dhosts(DMZ) for IP protocol(s): $protos"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for proto in $protos; do
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p $proto -j ACCEPT
- done
- done
- done
- }
- unset IFS
- done
-
-
- # TCP ports to DENY for certain INET hosts
- #########################################
- for rule in $INET_DMZ_HOST_DENY_TCP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_ports
-
- dhosts=`echo "$dhosts_ports" |get_dhost`
- ports=`echo "$dhosts_ports" |get_dport`
-
- # DST ports specified?
- if [ -z "$ports" ]; then
- ports="0:65535"
- fi
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Denying $shosts(INET) to $dhosts(DMZ) for TCP port(s): $ports"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for port in $ports; do
- if [ "$DMZ_INPUT_DENY_LOG" != "0" ]; then
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p tcp --dport $port \
- -m limit --limit 1/h --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Hostwise INET->DMZ denied: "
- fi
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p tcp --dport $port -j DROP
- done
- done
- done
- }
- unset IFS
- done
-
- # UDP ports to DENY for certain INET hosts
- #########################################
- for rule in $INET_DMZ_HOST_DENY_UDP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_ports
-
- dhosts=`echo "$dhosts_ports" |get_dhost`
- ports=`echo "$dhosts_ports" |get_dport`
-
- # DST ports specified?
- if [ -z "$ports" ]; then
- ports="0:65535"
- fi
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Denying $shosts(INET) to $dhosts(DMZ) for UDP port(s): $ports"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for port in $ports; do
- if [ "$DMZ_INPUT_DENY_LOG" != "0" ]; then
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p udp --dport $port \
- -m limit --limit 1/h --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Hostwise INET->DMZ denied: "
- fi
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p udp --dport $port -j DROP
- done
- done
- done
- }
- unset IFS
- done
-
- # (Other) IP protocols to DENY for certain INET hosts
- #####################################################
- for rule in $INET_DMZ_HOST_DENY_IP; do
- echo "$rule" | {
- IFS='>' read shosts dhosts_protos
-
- dhosts=`echo "$dhosts_protos" |get_dhost`
- protos=`echo "$dhosts_protos" |get_dport`
-
- # SRC hosts specified?
- if [ -z "$shosts" ]; then
- shosts="0/0"
- fi
-
- echo " Denying $shosts(INET) to $dhosts(DMZ) for IP protocol(s): $protos"
-
- IFS=','
- for shost in $shosts; do
- for dhost in $dhosts; do
- for proto in $protos; do
- if [ "$DMZ_INPUT_DENY_LOG" != "0" ]; then
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p $proto \
- -m limit --limit 1/h --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "Hostwise INET->DMZ denied: "
- fi
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -s $shost -d $dhost -p $proto -j DROP
- done
- done
- done
- }
- unset IFS
- done
-
- # Allow only certain TCP ports to be used from the INET->DMZ?
- #############################################################
- if [ -n "$INET_DMZ_OPEN_TCP" ]; then
- echo " Allowing TCP port(s): $INET_DMZ_OPEN_TCP"
- for port in $INET_DMZ_OPEN_TCP; do
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p tcp --dport $port -j ACCEPT
- done
- fi
-
- # Allow only certain UDP ports to be used from the INET->DMZ?
- #############################################################
- if [ -n "$INET_DMZ_OPEN_UDP" ]; then
- echo " Allowing UDP port(s): $INET_DMZ_OPEN_UDP"
- for port in $INET_DMZ_OPEN_UDP; do
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p udp --dport $port -j ACCEPT
- done
- fi
-
- # Allow only certain IP protocols to be used from the INET->DMZ?
- ################################################################
- if [ -n "$INET_DMZ_OPEN_IP" ]; then
- echo " Allowing IP protocol(s): $INET_DMZ_OPEN_IP"
- for proto in $INET_DMZ_OPEN_IP; do
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p $proto -j ACCEPT
- done
- fi
-
- # Allow ICMP-requests(ping) for INET->DMZ?
- ##########################################
- if [ "$INET_DMZ_OPEN_ICMP" = "1" ]; then
- echo " Allowing ICMP-requests(ping)"
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p icmp --icmp-type echo-request \
- -m limit --limit 20/second --limit-burst 100 -j ACCEPT
- fi
-
- # TCP ports to DENY for INET->DMZ
- #################################
- if [ -n "$INET_DMZ_DENY_TCP" ]; then
- echo " Denying TCP port(s): $INET_DMZ_DENY_TCP"
- for port in $INET_DMZ_DENY_TCP; do
- if [ "$DMZ_INPUT_DENY_LOG" != "0" ]; then
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p tcp --dport $port -m limit \
- --limit 1/s --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "INET->DMZ denied: "
- fi
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p tcp --dport $port -j DROP
- done
- fi
-
- # UDP ports to DENY for INET->DMZ
- #################################
- if [ -n "$INET_DMZ_DENY_UDP" ]; then
- echo " Denying UDP port(s): $INET_DMZ_DENY_UDP"
- for port in $INET_DMZ_DENY_UDP; do
- if [ "$DMZ_INPUT_DENY_LOG" != "0" ]; then
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p udp --dport $port -m limit \
- --limit 1/s --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "INET->DMZ denied: "
- fi
- $IPTABLES -A INET_DMZ_FORWARD_CHAIN -p udp --dport $port ...
[truncated message content] |
|
From: <dha...@us...> - 2008-01-22 19:37:42
|
Revision: 1542
http://astlinux.svn.sourceforge.net/astlinux/?rev=1542&view=rev
Author: dhartman
Date: 2008-01-22 11:37:48 -0800 (Tue, 22 Jan 2008)
Log Message:
-----------
changes to netsnmp. Some trimming may still be needed
Modified Paths:
--------------
trunk/package/netsnmp/netsnmp.mk
trunk/toolchain/file_exclude
Modified: trunk/package/netsnmp/netsnmp.mk
===================================================================
--- trunk/package/netsnmp/netsnmp.mk 2008-01-22 19:27:40 UTC (rev 1541)
+++ trunk/package/netsnmp/netsnmp.mk 2008-01-22 19:37:48 UTC (rev 1542)
@@ -5,11 +5,15 @@
#############################################################
NETSNMP_URL:=http://$(BR2_SOURCEFORGE_MIRROR).dl.sourceforge.net/sourceforge/net-snmp/
-NETSNMP_DIR:=$(BUILD_DIR)/net-snmp-5.3.1
-NETSNMP_SOURCE:=net-snmp-5.3.1.tar.gz
+NETSNMP_DIR:=$(BUILD_DIR)/net-snmp-5.3.2
+NETSNMP_SOURCE:=net-snmp-5.3.2.tar.gz
-NETSNMP_MODULES:=smux mibII/system_mib mibII/ifTable
+# Modules beyond the standards to include
+NETSNMP_MODULES:=smux
+# Standard modules to exclude
+NETSNMP_EXMODULES:=
+
ifeq ($(strip $(BR2_PACKAGE_LMSENSORS)),y)
NETSNMP_MODULES+=ucd-snmp/lmSensors
LMSENSORS:=lmsensors
@@ -40,7 +44,6 @@
--with-persistent-directory=/var/lib/snmp \
--enable-shared \
--without-root-access \
- --disable-snmpv2c \
--with-logfile=/var/log/snmp/snmpd.log \
--without-rpm \
--with-openssl \
@@ -50,9 +53,8 @@
--disable-debugging \
--disable-des \
--disable-md5 \
- --disable-mibs \
- --enable-mini-agent \
--with-mib-modules="$(NETSNMP_MODULES)" \
+ --with-out-mib-modules ="$(NETSNMP_EXMODULES)" \
--without-dmalloc \
--without-efence \
--without-rsaref \
@@ -121,9 +123,11 @@
rm -rf $(TARGET_DIR)/usr/sbin/snmpd
rm -rf $(TARGET_DIR)/usr/bin/snmp*
rm -rf $(TARGET_DIR)/usr/bin/net-snmp-config
+ rm -rf $(TARGET_DIR)/usr/share/snmp
rm -rf $(STAGING_DIR)/usr/lib/libnetsnmp*
rm -rf $(STAGING_DIR)/usr/bin/net-snmp-config
+
netsnmp-dirclean:
rm -rf $(NETSNMP_DIR)
Modified: trunk/toolchain/file_exclude
===================================================================
--- trunk/toolchain/file_exclude 2008-01-22 19:27:40 UTC (rev 1541)
+++ trunk/toolchain/file_exclude 2008-01-22 19:37:48 UTC (rev 1542)
@@ -1 +1,2 @@
pci.ids.bz2
+libpcap-0.9.7.tar.gz
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dha...@us...> - 2008-01-23 05:39:09
|
Revision: 1549
http://astlinux.svn.sourceforge.net/astlinux/?rev=1549&view=rev
Author: dhartman
Date: 2008-01-22 21:39:10 -0800 (Tue, 22 Jan 2008)
Log Message:
-----------
one more experimental flag and update the default config
Modified Paths:
--------------
trunk/astlinux.config
trunk/package/gzip/Config.in
Modified: trunk/astlinux.config
===================================================================
--- trunk/astlinux.config 2008-01-23 05:30:30 UTC (rev 1548)
+++ trunk/astlinux.config 2008-01-23 05:39:10 UTC (rev 1549)
@@ -134,6 +134,7 @@
#
# Package Selection for the target
#
+# BR2_PACKAGE_EXPERIMENTAL is not set
#
# The default minimal system
@@ -146,29 +147,16 @@
# The minimum needed to build a uClibc development system
#
BR2_PACKAGE_BASH=y
-# BR2_PACKAGE_BZIP2 is not set
-# BR2_PACKAGE_COREUTILS is not set
-# BR2_PACKAGE_DIFFUTILS is not set
-# BR2_PACKAGE_ED is not set
-# BR2_PACKAGE_FINDUTILS is not set
BR2_PACKAGE_FLEX=y
BR2_PACKAGE_FLEX_LIBFL=y
-# BR2_PACKAGE_GAWK is not set
# BR2_PACKAGE_GCC_TARGET is not set
BR2_EXTRA_TARGET_GCC_CONFIG_OPTIONS=""
# BR2_PACKAGE_CCACHE_TARGET is not set
-# BR2_PACKAGE_GREP is not set
-# BR2_PACKAGE_MAKE is not set
-# BR2_PACKAGE_PATCH is not set
-# BR2_PACKAGE_SED is not set
-# BR2_PACKAGE_TAR is not set
#
# Other stuff
#
BR2_PACKAGE_ACPID=y
-# BR2_PACKAGE_ALSA_LIB is not set
-# BR2_PACKAGE_ALSA_UTILS is not set
BR2_PACKAGE_ARNOFW=y
BR2_PACKAGE_ASTERISK=y
BR2_PACKAGE_ASTERISK-GUI=y
@@ -177,51 +165,22 @@
# BR2_PACKAGE_ASTERISK_LIBPQ_CUSTOM is not set
BR2_PACKAGE_ASTERISK_CHANMISDN=y
# BR2_PACKAGE_ASTERISK_MENUSELECT is not set
+# BR2_PACKAGE_ASTERISK_SNDVOL is not set
BR2_PACKAGE_ASTERISKAPPBUNDLE=y
BR2_PACKAGE_MISDN=y
# BR2_PACKAGE_DIGIUMG729 is not set
# BR2_PACKAGE_VM-MESSENGER is not set
BR2_PACKAGE_APCUPSD=y
-# BR2_PACKAGE_APPWEBB is not set
BR2_PACKAGE_ASTMANPROXY=y
-# BR2_PACKAGE_AT is not set
-# BR2_PACKAGE_AUTOCONF is not set
-# BR2_PACKAGE_AUTOMAKE is not set
BR2_PACKAGE_BC=y
-# BR2_PACKAGE_BERKELEYDB is not set
-# BR2_PACKAGE_BIND is not set
-# BR2_PACKAGE_BISON is not set
-# BR2_PACKAGE_BLUEZ is not set
-# BR2_PACKAGE_BOA is not set
BR2_PACKAGE_BRIDGE=y
-# BR2_PACKAGE_CDP-SEND is not set
-# BR2_PACKAGE_CUSTOMIZE is not set
-# BR2_PACKAGE_ISC_DHCP is not set
BR2_PACKAGE_DIALOG=y
-# BR2_PACKAGE_DIRECTFB is not set
-# BR2_PACKAGE_DISTCC is not set
-# BR2_PACKAGE_DM is not set
BR2_PACKAGE_DNSMASQ=y
-# BR2_PACKAGE_DROPBEAR is not set
-# BR2_PACKAGE_EFAX is not set
BR2_PACKAGE_ETHTOOL=y
-# BR2_PACKAGE_EXPAT is not set
BR2_PACKAGE_E2FSPROGS=y
-# BR2_PACKAGE_FAKEROOT is not set
BR2_HOST_FAKEROUTE=y
-# BR2_PACKAGE_FILE is not set
-# BR2_PACKAGE_FLITE is not set
-# BR2_PACKAGE_FREETYPE is not set
-# BR2_PACKAGE_GETTEXT is not set
-# BR2_PACKAGE_LIBINTL is not set
-# BR2_PACKAGE_LIBGMP is not set
-# BR2_PACKAGE_GZIP is not set
-# BR2_PACKAGE_HOSTAP is not set
-# BR2_PACKAGE_HOTPLUG is not set
-# BR2_PACKAGE_IAXMODEM is not set
BR2_PACKAGE_IFTOP=y
BR2_PACKAGE_INADYN=y
-# BR2_PACKAGE_IOSTAT is not set
BR2_PACKAGE_IPROUTE2=y
BR2_PACKAGE_IPSEC_TOOLS=y
BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT=y
@@ -231,48 +190,24 @@
# BR2_PACKAGE_IPSEC_TOOLS_READLINE is not set
BR2_PACKAGE_IPSEC_TOOLS_LIBS=y
BR2_PACKAGE_IPTABLES=y
-# BR2_PACKAGE_JPEG is not set
BR2_PACKAGE_KEXECTOOLS=y
BR2_PACKAGE_LCDPROC=y
-# BR2_PACKAGE_LESS is not set
-# BR2_PACKAGE_LIBCGI is not set
-# BR2_PACKAGE_LIBCGICC is not set
BR2_PACKAGE_LIBELF=y
-# BR2_PACKAGE_LIBFLOAT is not set
-# BR2_PACKAGE_LIBFTDI is not set
-# BR2_PACKAGE_LIBGLIB12 is not set
BR2_PACKAGE_LIBMAD=y
-# BR2_PACKAGE_LIBNET is not set
BR2_PACKAGE_LIBPCAP=y
-# BR2_PACKAGE_LIBPNG is not set
-# BR2_PACKAGE_LIBPQ is not set
-# BR2_PACKAGE_LIBTIFF is not set
+# BR2_PACKAGE_LIBPCAP_PFRING is not set
BR2_PACKAGE_LIBTOOL=y
BR2_PACKAGE_LIBUSB=y
-# BR2_PACKAGE_LIGHTTPD is not set
BR2_PACKAGE_LINKS=y
-# BR2_PACKAGE_LINUX-ATM is not set
BR2_PACKAGE_LMSENSORS=y
-# BR2_PACKAGE_LRZSZ is not set
-# BR2_PACKAGE_LTP-TESTSUITE is not set
-# BR2_PACKAGE_LTRACE is not set
-# BR2_PACKAGE_LTT is not set
BR2_PACKAGE_LZO=y
-# BR2_PACKAGE_M4 is not set
BR2_PACKAGE_MADWIFI=y
-# BR2_PACKAGE_MDADM is not set
BR2_PACKAGE_MDNSRESPONDER=y
-# BR2_PACKAGE_MEMTESTER is not set
BR2_PACKAGE_MICROPERL=y
-# BR2_PACKAGE_MICROWIN is not set
BR2_PACKAGE_MINIHTTPD=y
BR2_PACKAGE_MKDOSFS=y
BR2_PACKAGE_MODULE_INIT_TOOLS=y
-# BR2_PACKAGE_MODUTILS is not set
-# BR2_PACKAGE_LIBMPFR is not set
-# BR2_PACKAGE_MPG123 is not set
BR2_PACKAGE_MSMTP=y
-# BR2_PACKAGE_MTD is not set
BR2_PACKAGE_NANO=y
BR2_PACKAGE_NCURSES=y
# BR2_PACKAGE_NCURSES_TARGET_HEADERS is not set
@@ -280,83 +215,42 @@
BR2_PACKAGE_NETSNMP=y
BR2_PACKAGE_NEWT=y
BR2_PACKAGE_NISTNET=y
-# BR2_PACKAGE_NOCATSPLASH is not set
+# BR2_PACKAGE_NPROBE is not set
# BR2_PACKAGE_NTP is not set
BR2_PACKAGE_OPENNTPD=y
-# BR2_PACKAGE_OPENSER is not set
BR2_PACKAGE_OPENSSH=y
BR2_PACKAGE_OPENSSL=y
-# BR2_PACKAGE_OPENSSL_TARGET_HEADERS is not set
-# BR2_PACKAGE_OPENSSL_OCF is not set
BR2_PACKAGE_OPENVPN=y
BR2_PACKAGE_PCIUTILS=y
-# BR2_PACKAGE_PCMCIA is not set
BR2_PACKAGE_PHP5=y
# BR2_PACKAGE_PIKA_AOB is not set
-# BR2_PACKAGE_PORTAGE is not set
-# BR2_PACKAGE_PORTMAP is not set
BR2_PACKAGE_PPPD=y
-# BR2_PACKAGE_PPTPD is not set
-# BR2_PACKAGE_PROCPS is not set
-# BR2_PACKAGE_PSMISC is not set
-# BR2_PACKAGE_PYTHON is not set
-# BR2_PACKAGE_QTE is not set
BR2_QTE_TMAKE_VERSION="1.13"
-# BR2_PACKAGE_QUAGGA is not set
-# BR2_PACKAGE_RAIDTOOLS is not set
-# BR2_READLINE is not set
BR2_PACKAGE_RHINO=y
# BR2_PACKAGE_RHINO_v1 is not set
BR2_PACKAGE_RHINO_v2=y
BR2_PACKAGE_RP-PPPOE=y
BR2_PACKAGE_RSYNC=y
-# BR2_PACKAGE_RUBY is not set
-# BR2_PACKAGE_RXVT is not set
-# BR2_PACKAGE_SAMBA is not set
BR2_PACKAGE_SCHEDUTILS=y
BR2_PACKAGE_SCREEN=y
-# BR2_PACKAGE_SDL is not set
BR2_PACKAGE_SFDISK=y
BR2_PACKAGE_SIPP=y
-# BR2_PACKAGE_SLANG is not set
-# BR2_PACKAGE_SMARTMONTOOLS is not set
-# BR2_PACKAGE_SOCAT is not set
BR2_PACKAGE_SOX=y
BR2_PACKAGE_SOX_LIBMAD=y
-# BR2_PACKAGE_SPANDSP is not set
-# BR2_PACKAGE_SQLITE is not set
BR2_PACKAGE_STRACE=y
BR2_PACKAGE_STUNNEL=y
BR2_PACKAGE_SYSFSUTILS=y
-# BR2_PACKAGE_SYSVINIT is not set
-# BR2_PACKAGE_TCL is not set
BR2_PACKAGE_TCPDUMP=y
-# BR2_PACKAGE_DHCPDUMP is not set
BR2_PACKAGE_TFTPD=y
-# BR2_PACKAGE_THTTPD is not set
-# BR2_PACKAGE_TINYLOGIN is not set
-# BR2_PACKAGE_TINYX is not set
BR2_PACKAGE_TTCP=y
BR2_PACKAGE_UDEV=y
-# BR2_PACKAGE_UDHCP is not set
-# BR2_PACKAGE_UNIXODBC is not set
BR2_PACKAGE_USBUTILS=y
-# BR2_PACKAGE_UTIL-LINUX is not set
-# BR2_PACKAGE_VALGRIND is not set
-# BR2_PACKAGE_VIM is not set
BR2_PACKAGE_VSFTPD=y
-# BR2_PACKAGE_VTUN is not set
BR2_PACKAGE_WANPIPE=y
-# BR2_PACKAGE_WGET is not set
-# BR2_PACKAGE_WHICH is not set
-# BR2_PACKAGE_WIPE is not set
BR2_PACKAGE_WIRELESS_TOOLS=y
-# BR2_PACKAGE_XFSPROGS is not set
-# BR2_PACKAGE_XORG is not set
BR2_PACKAGE_ZAPTEL=y
-BR2_PACKAGE_ZAPTEL_OSLEC=y
+# BR2_PACKAGE_ZAPTEL_OSLEC is not set
BR2_PACKAGE_ZLIB=y
-# BR2_PACKAGE_ZLIB_TARGET_HEADERS is not set
BR2_PACKAGE_ZONEINFO=y
#
Modified: trunk/package/gzip/Config.in
===================================================================
--- trunk/package/gzip/Config.in 2008-01-23 05:30:30 UTC (rev 1548)
+++ trunk/package/gzip/Config.in 2008-01-23 05:39:10 UTC (rev 1549)
@@ -1,6 +1,7 @@
config BR2_PACKAGE_GZIP
bool "gzip"
default n
+ depends on BR2_PACKAGE_EXPERIMENTAL
help
Standard GNU compressor. Provides things like gzip,
gunzip, gzcat, etc...
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dha...@us...> - 2008-02-06 14:02:30
|
Revision: 1579
http://astlinux.svn.sourceforge.net/astlinux/?rev=1579&view=rev
Author: dhartman
Date: 2008-02-06 06:02:34 -0800 (Wed, 06 Feb 2008)
Log Message:
-----------
misdn changes -- thanks Ingmar
Modified Paths:
--------------
trunk/astlinux.config
trunk/package/Config.in
Removed Paths:
-------------
trunk/package/chan_misdn/
Modified: trunk/astlinux.config
===================================================================
--- trunk/astlinux.config 2008-02-05 21:04:27 UTC (rev 1578)
+++ trunk/astlinux.config 2008-02-06 14:02:34 UTC (rev 1579)
@@ -223,6 +223,7 @@
BR2_PACKAGE_OPENVPN=y
BR2_PACKAGE_PCIUTILS=y
BR2_PACKAGE_PHP5=y
+# BR2_PACKAGE_PHP5_CLI is not set
# BR2_PACKAGE_PIKA_AOB is not set
BR2_PACKAGE_PPPD=y
BR2_QTE_TMAKE_VERSION="1.13"
Modified: trunk/package/Config.in
===================================================================
--- trunk/package/Config.in 2008-02-05 21:04:27 UTC (rev 1578)
+++ trunk/package/Config.in 2008-02-06 14:02:34 UTC (rev 1579)
@@ -44,7 +44,6 @@
source "package/app_bundle/Config.in"
source "package/mqueue-isdn/Config.in"
source "package/digiumg729/Config.in"
-source "package/chan_misdn/Config.in"
source "package/chan_pika/Config.in"
source "package/vm-messenger/Config.in"
source "package/apcupsd/Config.in"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dha...@us...> - 2008-02-15 19:20:30
|
Revision: 1585
http://astlinux.svn.sourceforge.net/astlinux/?rev=1585&view=rev
Author: dhartman
Date: 2008-02-15 11:20:31 -0800 (Fri, 15 Feb 2008)
Log Message:
-----------
various patches applied from Philip
Modified Paths:
--------------
trunk/Makefile
trunk/package/arno-fw/arnofw.mk
trunk/package/arno-fw/arnofw.wrapper
trunk/package/bzip2/bzip2.mk
trunk/package/pppd/pppd.mk
trunk/package/sed/sed.mk
trunk/package/wanpipe/wanpipe.mk
trunk/target/generic/target_skeleton/usr/sbin/genkd
trunk/toolchain/ccache/ccache.mk
trunk/toolchain/file_exclude
Modified: trunk/Makefile
===================================================================
--- trunk/Makefile 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/Makefile 2008-02-15 19:20:31 UTC (rev 1585)
@@ -218,7 +218,13 @@
endif # ifeq ($(strip $(BR2_HAVE_DOT_CONFIG)),y)
+show_targets: var.TARGETS
+
+var.%:
+ @echo '$*="$($*)"'
+
.PHONY: dummy subdirs release distclean clean config oldconfig \
- menuconfig tags check test depend defconfig
+ menuconfig tags check test depend defconfig \
+ show_targets
Modified: trunk/package/arno-fw/arnofw.mk
===================================================================
--- trunk/package/arno-fw/arnofw.mk 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/package/arno-fw/arnofw.mk 2008-02-15 19:20:31 UTC (rev 1585)
@@ -13,6 +13,7 @@
ARNOFW_TARGET_BINARY:=/usr/sbin/arno-iptables-firewall
ARNOFW_CONFIG_DIR:=/etc/arno-iptables-firewall
ARNOFW_CONFIG:=$(ARNOFW_CONFIG_DIR)/firewall.conf
+ARNOFW_CONFIG_SHIM:=$(ARNOFW_CONFIG_DIR)/firewall.shim
ARNOFW_PLUGIN_DIR:=$(ARNOFW_CONFIG_DIR)/plugins
$(DL_DIR)/$(ARNOFW_SOURCE):
@@ -22,9 +23,11 @@
$(ARNOFW_CAT) $(DL_DIR)/$(ARNOFW_SOURCE) \
| tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
ifeq ($(ARNOFW_VER),1.8.8l)
- $(WGET) -P $(ARNOFW_DIR)/$(ARNOFW_PLUGIN_DIR) \
+ $(WGET) -P $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR) \
$(ARNOFW_SITE)/plugins/sip-voip/sip-voip.conf \
- $(ARNOFW_SITE)/plugins/sip-voip/50sip-voip.plugin
+ $(ARNOFW_SITE)/plugins/sip-voip/50sip-voip.plugin \
+ $(ARNOFW_SITE)/plugins/hfsc-traffic-shaper/60hfsc.plugin \
+ $(ARNOFW_SITE)/plugins/hfsc-traffic-shaper/hfsc.conf
endif
touch $(ARNOFW_DIR)/.unpacked
@@ -32,23 +35,31 @@
toolchain/patch-kernel.sh $(ARNOFW_DIR) package/arno-fw/ arnofw-\*.patch
touch $(ARNOFW_DIR)/.patched
+#
+# the second pattern in the 2nd SED command comments out variables that
+# will be handled by the wrapper instead. this is just to avoid confusion.
+#
$(TARGET_DIR)$(ARNOFW_TARGET_BINARY): $(ARNOFW_DIR)/.patched
ln -sf /tmp$(ARNOFW_CONFIG_DIR) $(TARGET_DIR)$(ARNOFW_CONFIG_DIR)
-mkdir $(TARGET_DIR)/stat$(ARNOFW_CONFIG_DIR) \
$(TARGET_DIR)/stat$(ARNOFW_PLUGIN_DIR)
- $(INSTALL) -D -m 0755 package/arno-fw/arnofw.wrapper \
+ $(INSTALL) -D -m 0755 $(ARNOFW_DIR)/$(ARNOFW_BINARY) \
$(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
- cat $(ARNOFW_DIR)/$(ARNOFW_BINARY) >> $(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
- $(INSTALL) -D -m 0600 $(ARNOFW_DIR)$(ARNOFW_CONFIG) \
+ $(SED) \
+ 's:^CONFIG_FILE=("[^"].*"|.*$$):CONFIG_FILE="$(ARNOFW_CONFIG_SHIM)":' \
+ $(TARGET_DIR)/$(ARNOFW_TARGET_BINARY)
+ $(INSTALL) -D -m 0644 package/arno-fw/arnofw.wrapper \
+ $(TARGET_DIR)/stat$(ARNOFW_CONFIG_SHIM)
+ $(INSTALL) -D -m 0644 $(ARNOFW_DIR)$(ARNOFW_CONFIG) \
$(TARGET_DIR)/stat$(ARNOFW_CONFIG)
$(SED) 's:^IPTABLES="[^"]*":IPTABLES="$(IPTABLES_BIN)":' \
- -r -e 's:^(INT_IF|EXT_IF|MODEM_IF|INTERNET_NET):#&:' \
+ -e 's:^(INT_IF|EXT_IF|MODEM_IF|INTERNET_NET|NAT)=:#&:' \
$(TARGET_DIR)/stat$(ARNOFW_CONFIG)
$(INSTALL) -D -m 0755 $(ARNOFW_DIR)$(ARNOFW_CONFIG_DIR)/custom-rules \
$(TARGET_DIR)/stat$(ARNOFW_CONFIG_DIR)
- $(INSTALL) -D -m 0400 $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR)/*.plugin \
+ $(INSTALL) -D -m 0444 $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR)/*.plugin \
$(TARGET_DIR)/stat$(ARNOFW_PLUGIN_DIR)
- $(INSTALL) -D -m 0600 $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR)/*.conf \
+ $(INSTALL) -D -m 0644 $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR)/*.conf \
$(TARGET_DIR)/stat$(ARNOFW_PLUGIN_DIR)
arnofw: linux iptables $(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
Modified: trunk/package/arno-fw/arnofw.wrapper
===================================================================
--- trunk/package/arno-fw/arnofw.wrapper 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/package/arno-fw/arnofw.wrapper 2008-02-15 19:20:31 UTC (rev 1585)
@@ -1,19 +1,47 @@
-#!/bin/sh
+#
+# This is an ugly shim to first load /etc/rc.conf, then
+# /etc/arno-iptables-firewall/firewall.conf, then map values
+# from the former to override values in the latter.
+#
+# You could argue that this will be confusing, and I wouldn't disagree.
+#
+# Ideally, we should have the values in /etc/rc.conf and firewall.conf
+# converge... and possibly finalize on a single firewall project.
+#
. /etc/rc.conf
-export INT_IF="$INTIF $INT2IF $INT3IF"
-export EXT_IF="$EXTIF $EXT2IF"
-export MODEM_IF=""
-export INTERNAL_NET="$INTIP/$INTNM"
+REAL_CONFIG_FILE="`dirname $CONFIG_FILE`/firewall.conf"
-if [ -n "$INT2IP" ]; then
- INTERNAL_NET="$INTERNAL_NET $INT2IP/$INT2NM"
-fi
+. $REAL_CONFIG_FILE
-if [ -n "$INT3IP" ]; then
- INTERNAL_NET="$INTERNAL_NET $INT3IP/$INT3NM"
-fi
+#
+# the attrocious logic below is to make sure that if INTIF='' and INT2IF=''
+# and INT3IF='', then INT_IF='' as well (and not a string of spaces).
+#
+# this is so that tests for [ -n "$INT_IF" ] do exactly what they should.
+#
-# ok, start script below
+INT_IF=""
+for intf in $INTIF $INT2IF $INT3IF; do
+ INT_IF="$INT_IF${INT_IF:+ }$intf"
+done
+EXT_IF=""
+for intf in $EXTIF EXT2IF; do
+ EXT_IF="$EXT_IF${EXT_IF:+ }$intf"
+done
+
+INTERNAL_NET=""
+for pair in ${INTIP:+$INTIP/$INTMN} ${INT2IP:+$INT2IP/$INT2NM} \
+ ${INT3IP:+$INT3IP/$INT3NM}; do
+ INTERNAL_NET="$INTERNAL_NET${INTERNAL_NET:+ }$pair"
+done
+
+MODEM_IF=""
+
+NAT=1
+
+#
+# need to do some work on the NONAT variable as well
+#
Modified: trunk/package/bzip2/bzip2.mk
===================================================================
--- trunk/package/bzip2/bzip2.mk 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/package/bzip2/bzip2.mk 2008-02-15 19:20:31 UTC (rev 1585)
@@ -18,8 +18,8 @@
$(BZIP2_DIR)/.unpacked: $(DL_DIR)/$(BZIP2_SOURCE)
$(BZIP2_CAT) $(DL_DIR)/$(BZIP2_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
- $(SED) "s,ln \$$(,ln -snf \$$(,g" $(BZIP2_DIR)/Makefile
- $(SED) "s,ln -s (lib.*),ln -snf \$$1 ; ln -snf libbz2.so.$(BZIP2_VER) \
+ $(SED) "s,ln \$$\(,ln -snf \$$(,g" $(BZIP2_DIR)/Makefile
+ $(SED) "s,ln -s \(lib.*\),ln -snf \$$1 ; ln -snf libbz2.so.$(BZIP2_VER) \
libbz2.so,g" $(BZIP2_DIR)/Makefile-libbz2_so
ifneq ($(BR2_LARGEFILE),y)
$(SED) "s,^BIGFILES,#BIGFILES,g" $(BZIP2_DIR)/Makefile
Modified: trunk/package/pppd/pppd.mk
===================================================================
--- trunk/package/pppd/pppd.mk 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/package/pppd/pppd.mk 2008-02-15 19:20:31 UTC (rev 1585)
@@ -22,8 +22,8 @@
$(SED) 's/ -DIPX_CHANGE -DHAVE_MMAP//' $(PPPD_DIR)/pppd/Makefile.linux
$(SED) 's/HAVE_MULTILINK=y/#HAVE_MULTILINK=y/' $(PPPD_DIR)/pppd/Makefile.linux
$(SED) 's/FILTER=y/#FILTER=y/' $(PPPD_DIR)/pppd/Makefile.linux
- $(SED) 's,(INSTALL) -s,(INSTALL),' $(PPPD_DIR)/*/Makefile.linux
- $(SED) 's,(INSTALL) -s,(INSTALL),' $(PPPD_DIR)/pppd/plugins/*/Makefile.linux
+ $(SED) 's,\(INSTALL\) -s,(INSTALL),' $(PPPD_DIR)/*/Makefile.linux
+ $(SED) 's,\(INSTALL\) -s,(INSTALL),' $(PPPD_DIR)/pppd/plugins/*/Makefile.linux
$(SED) 's/ -o root//' $(PPPD_DIR)/*/Makefile.linux
$(SED) 's/ -g daemon//' $(PPPD_DIR)/*/Makefile.linux
touch $(PPPD_DIR)/.unpacked
Modified: trunk/package/sed/sed.mk
===================================================================
--- trunk/package/sed/sed.mk 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/package/sed/sed.mk 2008-02-15 19:20:31 UTC (rev 1585)
@@ -16,7 +16,7 @@
endif
#HOST_SED_DIR:=$(STAGING_DIR)
HOST_SED_DIR:=$(TOOL_BUILD_DIR)
-SED:=$(HOST_SED_DIR)/bin/sed -i -e
+SED:=$(HOST_SED_DIR)/bin/sed -i -r -e
HOST_SED_TARGET=$(shell package/sed/sedcheck.sh)
$(DL_DIR)/$(SED_SOURCE):
Modified: trunk/package/wanpipe/wanpipe.mk
===================================================================
--- trunk/package/wanpipe/wanpipe.mk 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/package/wanpipe/wanpipe.mk 2008-02-15 19:20:31 UTC (rev 1585)
@@ -3,7 +3,7 @@
# wanpipe
#
#############################################################
-WANPIPE_VER:=3.2.1
+WANPIPE_VER:=3.2.3
WANPIPE_SOURCE:=wanpipe-$(WANPIPE_VER).tgz
WANPIPE_SITE:= ftp://ftp.sangoma.com/linux/current_wanpipe
WANPIPE_DIR:=$(BUILD_DIR)/wanpipe-$(WANPIPE_VER)
@@ -50,13 +50,11 @@
-$(MAKE1) KVER=$(LINUX_VERSION) KDIR=$(LINUX_DIR) KINSTDIR=lib/modules/$(LINUX_VERSION)/kernel \
ZAPDIR=$(ZAPTEL_DIR) PWD=$(WANPIPE_DIR) $(TARGET_CONFIGURE_OPTS) INSTALLPREFIX=$(TARGET_DIR) \
KMOD=$(TARGET_DIR)/lib/modules/$(LINUX_VERSION) -C $(WANPIPE_DIR) INSTALLPREFIX=$(TARGET_DIR) clean
- -rm -rf $(TARGET_DIR)/etc/wanpipe
- -rm -rf $(TARGET_DIR)/stat/etc/wanpipe
- -rm $(WANPIPE_DIR)/.built
+ rm -rf $(TARGET_DIR)/etc/wanpipe $(TARGET_DIR)/stat/etc/wanpipe
+ rm -f $(WANPIPE_DIR)/.built
-
wanpipe-dirclean:
- -rm -rf $(WANPIPE_DIR)
+ rm -rf $(WANPIPE_DIR)
#############################################################
#
Modified: trunk/target/generic/target_skeleton/usr/sbin/genkd
===================================================================
--- trunk/target/generic/target_skeleton/usr/sbin/genkd 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/target/generic/target_skeleton/usr/sbin/genkd 2008-02-15 19:20:31 UTC (rev 1585)
@@ -100,8 +100,6 @@
cp /stat/etc/dnsmasq.static /mnt/kd/
-cp -a /stat/etc/arno-iptables-firewall /mnt/kd
-
cp -a /var/log/asterisk/cdr-csv /mnt/kd/
if [ -d /stat/etc/wanpipe ]
@@ -120,9 +118,9 @@
if [ "$FWVERS" -a "$FWVERS" = "arno" ]
then
-if [ -f /stat/etc/arno-iptables-firewall.conf ]
+if [ -d /stat/etc/arno-iptables-firewall ]
then
-cp -a /stat/etc/arno-iptables-firewall.conf /mnt/kd/
+cp -a /stat/etc/arno-iptables-firewall /mnt/kd
else
echo "You haven't installed the arno iptables firewall."
fi
Modified: trunk/toolchain/ccache/ccache.mk
===================================================================
--- trunk/toolchain/ccache/ccache.mk 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/toolchain/ccache/ccache.mk 2008-02-15 19:20:31 UTC (rev 1585)
@@ -22,10 +22,10 @@
$(CCACHE_DIR1)/.patched: $(CCACHE_DIR1)/.unpacked
# WARNING - this will break if the toolchain is moved.
# Should probably patch things to use a relative path.
- $(SED) "s,getenv(\"CCACHE_PATH\"),\"$(STAGING_DIR)/bin-ccache\",g" \
+ $(SED) "s,getenv\(\"CCACHE_PATH\"\),\"$(STAGING_DIR)/bin-ccache\",g" \
$(CCACHE_DIR1)/execute.c
# WARNING - this will break if the toolchain build dir is deleted.
- $(SED) "s,getenv(\"CCACHE_DIR\"),\"$(CCACHE_DIR1)/cache\",g" \
+ $(SED) "s,getenv\(\"CCACHE_DIR\"\),\"$(CCACHE_DIR1)/cache\",g" \
$(CCACHE_DIR1)/ccache.c
mkdir -p $(CCACHE_DIR1)/cache
touch $(CCACHE_DIR1)/.patched
Modified: trunk/toolchain/file_exclude
===================================================================
--- trunk/toolchain/file_exclude 2008-02-15 02:31:20 UTC (rev 1584)
+++ trunk/toolchain/file_exclude 2008-02-15 19:20:31 UTC (rev 1585)
@@ -1,3 +1,5 @@
pci.ids.bz2
50sip-voip.plugin
sip-voip.conf
+60hfsc.plugn
+hfsc.conf
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kr...@us...> - 2008-02-23 23:48:22
|
Revision: 1588
http://astlinux.svn.sourceforge.net/astlinux/?rev=1588&view=rev
Author: krisk84
Date: 2008-02-23 15:48:26 -0800 (Sat, 23 Feb 2008)
Log Message:
-----------
update default config for ngrep
Modified Paths:
--------------
trunk/astlinux.config
trunk/package/Config.in
Modified: trunk/astlinux.config
===================================================================
--- trunk/astlinux.config 2008-02-23 23:47:07 UTC (rev 1587)
+++ trunk/astlinux.config 2008-02-23 23:48:26 UTC (rev 1588)
@@ -214,6 +214,7 @@
# BR2_PACKAGE_NETPLUG is not set
BR2_PACKAGE_NETSNMP=y
BR2_PACKAGE_NEWT=y
+BR2_PACKAGE_NGREP=y
BR2_PACKAGE_NISTNET=y
# BR2_PACKAGE_NPROBE is not set
# BR2_PACKAGE_NTP is not set
Modified: trunk/package/Config.in
===================================================================
--- trunk/package/Config.in 2008-02-23 23:47:07 UTC (rev 1587)
+++ trunk/package/Config.in 2008-02-23 23:48:26 UTC (rev 1588)
@@ -135,6 +135,7 @@
source "package/netplug/Config.in"
source "package/netsnmp/Config.in"
source "package/newt/Config.in"
+source "package/ngrep/Config.in"
source "package/nistnet/Config.in"
source "package/nocatsplash/Config.in"
source "package/nprobe/Config.in"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dha...@us...> - 2008-02-25 01:37:01
|
Revision: 1590
http://astlinux.svn.sourceforge.net/astlinux/?rev=1590&view=rev
Author: dhartman
Date: 2008-02-24 17:37:06 -0800 (Sun, 24 Feb 2008)
Log Message:
-----------
various makefile fixes from Philip
Modified Paths:
--------------
trunk/target/x86/runnix/runnix.mk
trunk/toolchain/astrelease/astrelease.mk
Modified: trunk/target/x86/runnix/runnix.mk
===================================================================
--- trunk/target/x86/runnix/runnix.mk 2008-02-25 01:36:04 UTC (rev 1589)
+++ trunk/target/x86/runnix/runnix.mk 2008-02-25 01:37:06 UTC (rev 1590)
@@ -33,7 +33,7 @@
$(RUNFS_DIR)/os/ver: $(wildcard $(ASTVER)/*)
cp $(ASTVER)/* $(RUNFS_DIR)/os/
rm -f $(RUNFS_DIR)/*.sample
- cp $(DEV_PATH)/runnix/syslinux.cfg $(RUNFS_DIR)/syslinux.cfg
+ cp $(TARGET_RUNNIX_DIR)/syslinux.cfg $(RUNFS_DIR)/syslinux.cfg
echo $(ASTVER) > $(RUNFS_DIR)/os/ver
runfs: astrelease runnix $(RUNFS_DIR)/os/ver
Modified: trunk/toolchain/astrelease/astrelease.mk
===================================================================
--- trunk/toolchain/astrelease/astrelease.mk 2008-02-25 01:36:04 UTC (rev 1589)
+++ trunk/toolchain/astrelease/astrelease.mk 2008-02-25 01:37:06 UTC (rev 1590)
@@ -39,11 +39,11 @@
astrelease: astver ext2initrd squashfsroot $(ASTVER).tar.gz.sha1
astrelease-clean:
- -rm -f $(ASTVER).tar.gz
- -rm -f $(ASTVER).tar.gz.sha1
+ rm -f $(ASTVER).tar.gz
+ rm -f $(ASTVER).tar.gz.sha1
astrelease-dirclean:
- -rm -rf $(ASTVER)
+ rm -rf $(ASTVER)
astlinux-config: astlinux.config
cp astlinux.config .config
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dha...@us...> - 2008-02-28 03:05:03
|
Revision: 1606
http://astlinux.svn.sourceforge.net/astlinux/?rev=1606&view=rev
Author: dhartman
Date: 2008-02-27 19:04:52 -0800 (Wed, 27 Feb 2008)
Log Message:
-----------
arno fw updates from Philip
Modified Paths:
--------------
trunk/package/arno-fw/arnofw.mk
trunk/toolchain/file_exclude
Modified: trunk/package/arno-fw/arnofw.mk
===================================================================
--- trunk/package/arno-fw/arnofw.mk 2008-02-28 03:04:27 UTC (rev 1605)
+++ trunk/package/arno-fw/arnofw.mk 2008-02-28 03:04:52 UTC (rev 1606)
@@ -3,7 +3,7 @@
# Arno's IPtables Firewall Script
#
#############################################################
-ARNOFW_VER:=1.8.8m
+ARNOFW_VER:=1.8.8n
ARNOFW_ROOT:=arno-iptables-firewall
ARNOFW_SOURCE:=$(ARNOFW_ROOT)_$(ARNOFW_VER).tar.gz
ARNOFW_SITE:=http://rocky.eld.leidenuniv.nl/iptables-firewall
@@ -22,7 +22,7 @@
$(ARNOFW_DIR)/.unpacked: $(DL_DIR)/$(ARNOFW_SOURCE)
$(ARNOFW_CAT) $(DL_DIR)/$(ARNOFW_SOURCE) \
| tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
-ifeq ($(ARNOFW_VER),1.8.8m)
+ifeq ($(ARNOFW_VER),1.8.8n)
$(WGET) -P $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR) \
$(ARNOFW_SITE)/plugins/hfsc-traffic-shaper/60hfsc.plugin \
$(ARNOFW_SITE)/plugins/hfsc-traffic-shaper/hfsc.conf
@@ -48,7 +48,7 @@
$(INSTALL) -D -m 0644 $(ARNOFW_DIR)$(ARNOFW_CONFIG) \
$(TARGET_DIR)/stat$(ARNOFW_CONFIG)
$(SED) 's:^IPTABLES="[^"]*":IPTABLES="$(IPTABLES_BIN)":' \
- -e 's:^(INT_IF|EXT_IF|MODEM_IF|INTERNET_NET|NAT)=:#&:' \
+ -e 's:^(INT_IF|EXT_IF|MODEM_IF|INTERNAL_NET|NAT|NAT_INTERNAL_NET)=:#&:' \
$(TARGET_DIR)/stat$(ARNOFW_CONFIG)
$(SED) 's:^LOCAL_CONFIG_FILE="":LOCAL_CONFIG_FILE="$(ARNOFW_CONFIG_SHIM)":' \
$(TARGET_DIR)/stat$(ARNOFW_CONFIG)
Modified: trunk/toolchain/file_exclude
===================================================================
--- trunk/toolchain/file_exclude 2008-02-28 03:04:27 UTC (rev 1605)
+++ trunk/toolchain/file_exclude 2008-02-28 03:04:52 UTC (rev 1606)
@@ -1,6 +1,4 @@
pci.ids.bz2
-50sip-voip.plugin
-sip-voip.conf
60hfsc.plugn
hfsc.conf
nProbe-4.9.4.tar.gz
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dha...@us...> - 2008-03-03 03:17:17
|
Revision: 1614
http://astlinux.svn.sourceforge.net/astlinux/?rev=1614&view=rev
Author: dhartman
Date: 2008-03-02 19:17:24 -0800 (Sun, 02 Mar 2008)
Log Message:
-----------
getter script cleanup; disable progress meter, force consistent options--namely passive ftp
Modified Paths:
--------------
trunk/Makefile
trunk/toolchain/getter_script.sh
Modified: trunk/Makefile
===================================================================
--- trunk/Makefile 2008-03-03 03:11:03 UTC (rev 1613)
+++ trunk/Makefile 2008-03-03 03:17:24 UTC (rev 1614)
@@ -220,6 +220,11 @@
show_targets: var.TARGETS
+show_version: val.ASTVER
+
+val.%:
+ @echo "$($*)"
+
var.%:
@echo '$*="$($*)"'
Modified: trunk/toolchain/getter_script.sh
===================================================================
--- trunk/toolchain/getter_script.sh 2008-03-03 03:11:03 UTC (rev 1613)
+++ trunk/toolchain/getter_script.sh 2008-03-03 03:17:24 UTC (rev 1614)
@@ -3,7 +3,9 @@
# what a great idea...
SITE=files.astlinux.org
-wget --passive-ftp --timeout=30 -c -t 2 $@ || (
+WGET_ARGS="--passive-ftp --timeout=30 -c -t 2 -nv"
+
+wget ${WGET_ARGS} $@ || (
echo Retrying from astlinux alternate site...
index=$#-1
# Copy all params into an array
@@ -11,7 +13,7 @@
# Chop all but filename from last param and prepend out URL
a[$index]=${a[index]/*\//http:\/\/$SITE/}
# Now wget that from our server
- wget --timeout=30 -c -t 2 ${a[@]}
+ wget ${WGET_ARGS} ${a[@]}
)
@@ -22,7 +24,7 @@
FILE=`basename $URL`
-wget --timeout=30 -t 2 -P dl -c "$SITE"/"$FILE".sha1
+wget ${WGET_ARGS} -P dl "$SITE"/"$FILE".sha1
if `sha1sum -c --status dl/"$FILE".sha1`
then
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X