This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 00567147f9e35983cba0f896a8f3af0995fc9b26 (commit) from 754129b119ee4f97cda77fdf6d8e42352c59e918 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 00567147f9e35983cba0f896a8f3af0995fc9b26 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue May 18 22:30:00 2010 +0200
Cleanup: removed unused patches.
-----------------------------------------------------------------------
Summary of changes: src/patches/atl2_add_tx_bytes_statistic.patch | 15 - src/patches/ccache-2.4.patch | 12 - ...at-wireless-ath5k_fix_setup_for_CAB_queue.patch | 75 -- src/patches/compat-xen-1.patch | 67 - src/patches/compat-xen-2.patch | 67 - src/patches/grub-0.97_grub-install_virtio.patch | 41 - src/patches/hostapd-usb_hw_did_not_ack.patch | 21 - src/patches/imq-skbuff.patch | 65 - .../ip_conntrack_standalone-patch-for-ipfire.patch | 11 - .../iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch | 481 -------- src/patches/iptables-1.4.2-imq.patch | 99 -- src/patches/linux-2.6.24-leds-alix.patch | 203 ---- src/patches/linux-2.6.27-atom-clockmod.patch | 12 - src/patches/linux-2.6.27-atom-coretemp.patch | 58 - src/patches/linux-2.6.27-imq.patch | 1150 ------------------ .../linux-2.6.27.19-ipp2p-0.8.2-pomng.patch | 980 --------------- src/patches/linux-2.6.27.21-imq-test3-xen.patch | 1212 ------------------- src/patches/linux-2.6.27.21-imq-test3.patch | 1279 -------------------- ...ux-2.6.27.25-option_add_vf-k3565-z_usbids.patch | 26 - .../linux-2.6.27.39_e100-wakeonlan-fix.patch | 73 -- ...inux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch | 75 -- src/patches/openssh-4.7p1-padlock.patch | 141 --- src/patches/openssl-0.9.8g-engine-padlock.patch | 24 - src/patches/openssl-0.9.8g-sha-padlock.patch | 620 ---------- src/patches/openswan-2.6.16-clear-1.patch | 21 - src/patches/openswan-2.6.16-startklips-1.patch | 64 - src/patches/openswan-2.6.16-updown.klips-1.patch | 30 - .../openswan-2.6.23-updown-add_ipfire-snat.patch | 24 - src/patches/openswan-2.6.24_noxmlto.patch | 68 - .../portmap-5beta-compilation_fixes-3.patch | 705 ----------- src/patches/portmap-5beta-glibc_errno_fix-1.patch | 17 - src/patches/r8101_add_missing_pciids.patch | 11 - src/patches/r8169_add_missing_pciids.patch | 15 - src/patches/skbuff-xen-imq.diff | 21 - src/patches/sysklogd-1.4.1-8bit-1.patch | 23 - src/patches/sysklogd-1.4.1-fixes-1.patch | 833 ------------- .../sysklogd-1.4.1_xen_empty_buffer_check.patch | 30 - src/patches/xen-co_assignment.patch | 22 - src/patches/xen-cpufreq.patch | 19 - src/patches/xen-passthrough-fix.patch | 36 - src/patches/xend-config.patch | 99 -- 41 files changed, 0 insertions(+), 8845 deletions(-) delete mode 100644 src/patches/atl2_add_tx_bytes_statistic.patch delete mode 100644 src/patches/ccache-2.4.patch delete mode 100644 src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch delete mode 100644 src/patches/compat-xen-1.patch delete mode 100644 src/patches/compat-xen-2.patch delete mode 100644 src/patches/grub-0.97_grub-install_virtio.patch delete mode 100644 src/patches/hostapd-usb_hw_did_not_ack.patch delete mode 100644 src/patches/imq-skbuff.patch delete mode 100644 src/patches/ip_conntrack_standalone-patch-for-ipfire.patch delete mode 100644 src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch delete mode 100644 src/patches/iptables-1.4.2-imq.patch delete mode 100644 src/patches/linux-2.6.24-leds-alix.patch delete mode 100644 src/patches/linux-2.6.27-atom-clockmod.patch delete mode 100644 src/patches/linux-2.6.27-atom-coretemp.patch delete mode 100644 src/patches/linux-2.6.27-imq.patch delete mode 100644 src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch delete mode 100644 src/patches/linux-2.6.27.21-imq-test3-xen.patch delete mode 100644 src/patches/linux-2.6.27.21-imq-test3.patch delete mode 100644 src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch delete mode 100644 src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch delete mode 100644 src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch delete mode 100644 src/patches/openssh-4.7p1-padlock.patch delete mode 100644 src/patches/openssl-0.9.8g-engine-padlock.patch delete mode 100644 src/patches/openssl-0.9.8g-sha-padlock.patch delete mode 100644 src/patches/openswan-2.6.16-clear-1.patch delete mode 100644 src/patches/openswan-2.6.16-startklips-1.patch delete mode 100644 src/patches/openswan-2.6.16-updown.klips-1.patch delete mode 100644 src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch delete mode 100644 src/patches/openswan-2.6.24_noxmlto.patch delete mode 100644 src/patches/portmap-5beta-compilation_fixes-3.patch delete mode 100644 src/patches/portmap-5beta-glibc_errno_fix-1.patch delete mode 100644 src/patches/r8101_add_missing_pciids.patch delete mode 100644 src/patches/r8169_add_missing_pciids.patch delete mode 100644 src/patches/skbuff-xen-imq.diff delete mode 100644 src/patches/sysklogd-1.4.1-8bit-1.patch delete mode 100644 src/patches/sysklogd-1.4.1-fixes-1.patch delete mode 100644 src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch delete mode 100644 src/patches/xen-co_assignment.patch delete mode 100644 src/patches/xen-cpufreq.patch delete mode 100644 src/patches/xen-passthrough-fix.patch delete mode 100644 src/patches/xend-config.patch
Difference in files: diff --git a/src/patches/atl2_add_tx_bytes_statistic.patch b/src/patches/atl2_add_tx_bytes_statistic.patch deleted file mode 100644 index cea68a2..0000000 --- a/src/patches/atl2_add_tx_bytes_statistic.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -Naur atl2-2.0.5.org/atl2_main.c atl2-2.0.5/atl2_main.c ---- atl2-2.0.5.org/atl2_main.c 2008-08-04 17:53:21.000000000 +0200 -+++ atl2-2.0.5/atl2_main.c 2008-10-15 18:53:12.000000000 +0200 -@@ -572,8 +572,10 @@ - atomic_set(&adapter->txd_read_ptr, (int)txd_read_ptr); - - // tx statistics: -- if (txs->ok) -+ if (txs->ok) { -+ adapter->net_stats.tx_bytes += txs->pkt_size; - adapter->net_stats.tx_packets++; -+ } - else - adapter->net_stats.tx_errors++; - diff --git a/src/patches/ccache-2.4.patch b/src/patches/ccache-2.4.patch deleted file mode 100644 index 64d3eda..0000000 --- a/src/patches/ccache-2.4.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- /tmp/ccache.c 2004-04-15 13:49:38.000000000 +0100 -+++ ccache.c 2004-04-15 17:47:59.000000000 +0100 -@@ -322,7 +322,9 @@ - failed(); - } - hash_int(st.st_size); -+#if 0 /* don't hash on the modification time */ - hash_int(st.st_mtime); -+#endif - - /* possibly hash the current working directory */ - if (getenv("CCACHE_HASHDIR")) { diff --git a/src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch b/src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch deleted file mode 100644 index fbe3098..0000000 --- a/src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/drivers/net/wireless/ath/ath5k/ath5k.h b/drivers/net/wireless/ath/ath5k/ath5k.h -index 66bcb50..ad4d446 100644 ---- a/drivers/net/wireless/ath/ath5k/ath5k.h -+++ b/drivers/net/wireless/ath/ath5k/ath5k.h -@@ -535,7 +535,7 @@ struct ath5k_txq_info { - u32 tqi_cbr_period; /* Constant bit rate period */ - u32 tqi_cbr_overflow_limit; - u32 tqi_burst_time; -- u32 tqi_ready_time; /* Not used */ -+ u32 tqi_ready_time; /* Time queue waits after an event */ - }; - - /* -diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c -index b501537..535a6af 100644 ---- a/drivers/net/wireless/ath/ath5k/base.c -+++ b/drivers/net/wireless/ath/ath5k/base.c -@@ -1516,7 +1516,8 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - - ret = ath5k_hw_get_tx_queueprops(ah, sc->bhalq, &qi); - if (ret) -- return ret; -+ goto err; -+ - if (sc->opmode == NL80211_IFTYPE_AP || - sc->opmode == NL80211_IFTYPE_MESH_POINT) { - /* -@@ -1543,10 +1544,25 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - if (ret) { - ATH5K_ERR(sc, "%s: unable to update parameters for beacon " - "hardware queue!\n", __func__); -- return ret; -+ goto err; - } -+ ret = ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */ -+ if (ret) -+ goto err; - -- return ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */; -+ /* reconfigure cabq with ready time to 80% of beacon_interval */ -+ ret = ath5k_hw_get_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ qi.tqi_ready_time = (sc->bintval * 80) / 100; -+ ret = ath5k_hw_set_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ ret = ath5k_hw_reset_tx_queue(ah, AR5K_TX_QUEUE_ID_CAB); -+err: -+ return ret; - } - - static void -diff --git a/drivers/net/wireless/ath/ath5k/qcu.c b/drivers/net/wireless/ath/ath5k/qcu.c -index abe36c0..9122a85 100644 ---- a/drivers/net/wireless/ath/ath5k/qcu.c -+++ b/drivers/net/wireless/ath/ath5k/qcu.c -@@ -408,12 +408,13 @@ int ath5k_hw_reset_tx_queue(struct ath5k_hw *ah, unsigned int queue) - break; - - case AR5K_TX_QUEUE_CAB: -+ /* XXX: use BCN_SENT_GT, if we can figure out how */ - AR5K_REG_ENABLE_BITS(ah, AR5K_QUEUE_MISC(queue), -- AR5K_QCU_MISC_FRSHED_BCN_SENT_GT | -+ AR5K_QCU_MISC_FRSHED_DBA_GT | - AR5K_QCU_MISC_CBREXP_DIS | - AR5K_QCU_MISC_CBREXP_BCN_DIS); - -- ath5k_hw_reg_write(ah, ((AR5K_TUNE_BEACON_INTERVAL - -+ ath5k_hw_reg_write(ah, ((tq->tqi_ready_time - - (AR5K_TUNE_SW_BEACON_RESP - - AR5K_TUNE_DMA_BEACON_RESP) - - AR5K_TUNE_ADDITIONAL_SWBA_BACKOFF) * 1024) | diff --git a/src/patches/compat-xen-1.patch b/src/patches/compat-xen-1.patch deleted file mode 100644 index e73fdda..0000000 --- a/src/patches/compat-xen-1.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- a/linux/include/linux/module.h 2009-07-27 09:17:57.000000000 +0000 -+++ b/linux/include/linux/module.h 2009-07-27 09:39:26.000000000 +0000 -@@ -16,7 +16,6 @@ - #include <linux/kobject.h> - #include <linux/moduleparam.h> - #include <linux/marker.h> --#include <linux/tracepoint.h> - #include <asm/local.h> - - #include <asm/module.h> -@@ -333,11 +332,6 @@ - unsigned int num_markers; - #endif - --#ifdef CONFIG_TRACEPOINTS -- struct tracepoint *tracepoints; -- unsigned int num_tracepoints; --#endif -- - #ifdef CONFIG_MODULE_UNLOAD - /* What modules depend on me? */ - struct list_head modules_which_use_me; -@@ -349,8 +343,9 @@ - void (*exit)(void); - - /* Reference counts */ -- struct module_ref *ref; -+ struct module_ref ref[NR_CPUS]; - #endif -+ - }; - #ifndef MODULE_ARCH_INIT - #define MODULE_ARCH_INIT {} -@@ -368,7 +363,6 @@ - struct module *module_text_address(unsigned long addr); - struct module *__module_text_address(unsigned long addr); - int is_module_address(unsigned long addr); --const char *supported_printable(int taint); - - /* Returns 0 and fills in value, defined and namebuf, or -ERANGE if - symnum out of range. */ -@@ -459,9 +453,6 @@ - - extern void module_update_markers(void); - --extern void module_update_tracepoints(void); --extern int module_get_iter_tracepoints(struct tracepoint_iter *iter); -- - #else /* !CONFIG_MODULES... */ - #define EXPORT_SYMBOL(sym) - #define EXPORT_SYMBOL_GPL(sym) -@@ -566,15 +557,6 @@ - { - } - --static inline void module_update_tracepoints(void) --{ --} -- --static inline int module_get_iter_tracepoints(struct tracepoint_iter *iter) --{ -- return 0; --} -- - #endif /* CONFIG_MODULES */ - - struct device_driver; diff --git a/src/patches/compat-xen-2.patch b/src/patches/compat-xen-2.patch deleted file mode 100644 index ea5f416..0000000 --- a/src/patches/compat-xen-2.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- a/linux/include/linux/module.h 2009-07-27 09:39:26.000000000 +0000 -+++ b/linux/include/linux/module.h 2009-07-27 09:17:57.000000000 +0000 -@@ -16,6 +16,7 @@ - #include <linux/kobject.h> - #include <linux/moduleparam.h> - #include <linux/marker.h> -+#include <linux/tracepoint.h> - #include <asm/local.h> - - #include <asm/module.h> -@@ -332,6 +333,11 @@ - unsigned int num_markers; - #endif - -+#ifdef CONFIG_TRACEPOINTS -+ struct tracepoint *tracepoints; -+ unsigned int num_tracepoints; -+#endif -+ - #ifdef CONFIG_MODULE_UNLOAD - /* What modules depend on me? */ - struct list_head modules_which_use_me; -@@ -343,9 +349,8 @@ - void (*exit)(void); - - /* Reference counts */ -- struct module_ref ref[NR_CPUS]; -+ struct module_ref *ref; - #endif -- - }; - #ifndef MODULE_ARCH_INIT - #define MODULE_ARCH_INIT {} -@@ -363,6 +368,7 @@ - struct module *module_text_address(unsigned long addr); - struct module *__module_text_address(unsigned long addr); - int is_module_address(unsigned long addr); -+const char *supported_printable(int taint); - - /* Returns 0 and fills in value, defined and namebuf, or -ERANGE if - symnum out of range. */ -@@ -453,6 +459,9 @@ - - extern void module_update_markers(void); - -+extern void module_update_tracepoints(void); -+extern int module_get_iter_tracepoints(struct tracepoint_iter *iter); -+ - #else /* !CONFIG_MODULES... */ - #define EXPORT_SYMBOL(sym) - #define EXPORT_SYMBOL_GPL(sym) -@@ -557,6 +566,15 @@ - { - } - -+static inline void module_update_tracepoints(void) -+{ -+} -+ -+static inline int module_get_iter_tracepoints(struct tracepoint_iter *iter) -+{ -+ return 0; -+} -+ - #endif /* CONFIG_MODULES */ - - struct device_driver; diff --git a/src/patches/grub-0.97_grub-install_virtio.patch b/src/patches/grub-0.97_grub-install_virtio.patch deleted file mode 100644 index 7941ca7..0000000 --- a/src/patches/grub-0.97_grub-install_virtio.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -Naur grub-0.97.org/util/grub-install.in grub-0.97/util/grub-install.in ---- grub-0.97.org/util/grub-install.in 2004-07-24 20:57:31.000000000 +0200 -+++ grub-0.97/util/grub-install.in 2009-08-14 20:01:20.000000000 +0200 -@@ -96,12 +96,12 @@ - # Break the device name into the disk part and the partition part. - case "$host_os" in - linux*) -- tmp_disk=`echo "$1" | sed -e 's%([sh]d[a-z])[0-9]*$%\1%' \ -+ tmp_disk=`echo "$1" | sed -e 's%([vsh]d[a-z])[0-9]*$%\1%' \ - -e 's%(d[0-9]*)p[0-9]*$%\1%' \ - -e 's%(fd[0-9]*)$%\1%' \ - -e 's%/part[0-9]*$%/disc%' \ - -e 's%(c[0-7]d[0-9]*).*$%\1%'` -- tmp_part=`echo "$1" | sed -e 's%.*/[sh]d[a-z]([0-9]*)$%\1%' \ -+ tmp_part=`echo "$1" | sed -e 's%.*/[vsh]d[a-z]([0-9]*)$%\1%' \ - -e 's%.*d[0-9]*p%%' \ - -e 's%.*/fd[0-9]*$%%' \ - -e 's%.*/floppy/[0-9]*$%%' \ -@@ -333,6 +333,10 @@ - if test -f "$device_map"; then - : - else -+ -+ tmp_disk=`echo "$install_device" | grep "/dev/vd"` -+ if test "x$tmp_disk" = x; then -+ - # Create a safe temporary file. - test -n "$mklog" && log_file=`$mklog` - -@@ -345,6 +349,11 @@ - fi - - rm -f $log_file -+ -+ else -+ echo "Create fake device.map for vitio device $1" 1>&2 -+ echo "(hd0) $install_device" > $device_map -+ fi - fi - - # Make sure that there is no duplicated entry. diff --git a/src/patches/hostapd-usb_hw_did_not_ack.patch b/src/patches/hostapd-usb_hw_did_not_ack.patch deleted file mode 100644 index 2f555e5..0000000 --- a/src/patches/hostapd-usb_hw_did_not_ack.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur hostapd-0.6.9.org/hostapd/ieee802_11.c hostapd-0.6.9/hostapd/ieee802_11.c ---- hostapd-0.6.9.org/hostapd/ieee802_11.c 2009-03-23 15:06:28.000000000 +0100 -+++ hostapd-0.6.9/hostapd/ieee802_11.c 2009-07-07 23:13:37.000000000 +0200 -@@ -1497,7 +1497,7 @@ - hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, - HOSTAPD_LEVEL_NOTICE, - "did not acknowledge authentication response"); -- return; -+ //return; - } - - if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { -@@ -1571,7 +1571,7 @@ - hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, - HOSTAPD_LEVEL_DEBUG, - "did not acknowledge association response"); -- return; -+ //return; - } - - if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : diff --git a/src/patches/imq-skbuff.patch b/src/patches/imq-skbuff.patch deleted file mode 100644 index fa9b7d6..0000000 --- a/src/patches/imq-skbuff.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- linux-2.6.27.21/include/linux/skbuff.h 2009-07-22 08:06:40.000000000 +0000 -+++ linux-2.6.27.21/include/linux/skbuff.h.imq 2009-07-22 08:12:55.000000000 +0000 -@@ -28,6 +28,9 @@ - #include <linux/rcupdate.h> - #include <linux/dmaengine.h> - #include <linux/hrtimer.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - - #define HAVE_ALLOC_SKB /* For the drivers to know */ - #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ -@@ -274,6 +277,9 @@ - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48]; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned int len, - data_len; -@@ -304,6 +310,9 @@ - struct nf_conntrack *nfct; - struct sk_buff *nfct_reasm; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - struct nf_bridge_info *nf_bridge; - #endif -@@ -330,6 +339,9 @@ - proto_csum_blank:1; - #endif - /* 10-16 bit hole */ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; -@@ -374,6 +386,11 @@ - #endif - } - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern int skb_save_cb(struct sk_buff *skb); -+extern int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern void kfree_skb(struct sk_buff *skb); - extern void __kfree_skb(struct sk_buff *skb); - extern struct sk_buff *__alloc_skb(unsigned int size, -@@ -1688,6 +1705,10 @@ - dst->nfct_reasm = src->nfct_reasm; - nf_conntrack_get_reasm(src->nfct_reasm); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); diff --git a/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch b/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch deleted file mode 100644 index 183d053..0000000 --- a/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net/ipv4/netfilter/ip_conntrack_standalone.c~ 2006-12-12 01:50:40.000000000 +0000 -+++ net/ipv4/netfilter/ip_conntrack_standalone.c 2006-12-16 16:29:28.000000000 +0000 -@@ -804,7 +804,7 @@ - - #ifdef CONFIG_PROC_FS - ret = -ENOMEM; -- proc = proc_net_fops_create("ip_conntrack", 0440, &ct_file_ops); -+ proc = proc_net_fops_create("ip_conntrack", 0444, &ct_file_ops); - if (!proc) goto cleanup_init; - - proc_exp = proc_net_fops_create("ip_conntrack_expect", 0440, diff --git a/src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch b/src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch deleted file mode 100644 index ed71d4d..0000000 --- a/src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch +++ /dev/null @@ -1,481 +0,0 @@ -diff -Naur iptables-1.4.1.1.org/extensions/.ipp2p-test iptables-1.4.1.1/extensions/.ipp2p-test ---- iptables-1.4.1.1.org/extensions/.ipp2p-test 1970-01-01 00:00:00.000000000 +0000 -+++ iptables-1.4.1.1/extensions/.ipp2p-test 2008-09-22 21:58:41.000000000 +0000 -@@ -0,0 +1,2 @@ -+#! /bin/sh -+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p -diff -Naur iptables-1.4.1.1.org/extensions/libipt_ipp2p.c iptables-1.4.1.1/extensions/libipt_ipp2p.c ---- iptables-1.4.1.1.org/extensions/libipt_ipp2p.c 1970-01-01 00:00:00.000000000 +0000 -+++ iptables-1.4.1.1/extensions/libipt_ipp2p.c 2008-09-22 21:58:41.000000000 +0000 -@@ -0,0 +1,424 @@ -+#include <stdio.h> -+#include <netdb.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+#include <ctype.h> -+ -+#include <iptables.h> -+ -+#include <linux/netfilter_ipv4/ipt_ipp2p.h> -+ -+#ifndef XTABLES_VERSION -+#define XTABLES_VERSION IPTABLES_VERSION -+#endif -+ -+#ifdef IPT_LIB_DIR -+#define xtables_target iptables_target -+#define xtables_register_target register_target -+#endif -+ -+static void -+help(void) -+{ -+ printf( -+ "IPP2P v%s options:\n" -+ " --ipp2p Grab all known p2p packets\n" -+ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n" -+ " --dc [TCP] All known Direct Connect packets\n" -+ " --kazaa [TCP&UDP] All known KaZaA packets\n" -+ " --gnu [TCP&UDP] All known Gnutella packets\n" -+ " --bit [TCP&UDP] All known BitTorrent packets\n" -+ " --apple [TCP] All known AppleJuice packets\n" -+ " --winmx [TCP] All known WinMX\n" -+ " --soul [TCP] All known SoulSeek\n" -+ " --ares [TCP] All known Ares\n\n" -+ " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n" -+ " --mute [TCP] All known Mute packets\n" -+ " --waste [TCP] All known Waste packets\n" -+ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n" -+ " DEBUG SUPPPORT, use only if you know why\n" -+ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n" -+ "\nNote that the follwing options will have the same meaning:\n" -+ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n" -+ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n" -+ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n" -+ "\nSee README included with this package for more details or visit http://www.ipp2p.org%5Cn" -+ "\nExamples:\n" -+ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n" -+ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n" -+ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n" -+ , IPP2P_VERSION); -+} -+ -+static struct option opts[] = { -+ { "ipp2p", 0, 0, '1' }, -+ { "edk", 0, 0, '2' }, -+ { "dc", 0, 0, '7' }, -+ { "gnu", 0, 0, '9' }, -+ { "kazaa", 0, 0, 'a' }, -+ { "bit", 0, 0, 'b' }, -+ { "apple", 0, 0, 'c' }, -+ { "soul", 0, 0, 'd' }, -+ { "winmx", 0, 0, 'e' }, -+ { "ares", 0, 0, 'f' }, -+ { "mute", 0, 0, 'g' }, -+ { "waste", 0, 0, 'h' }, -+ { "xdcc", 0, 0, 'i' }, -+ { "debug", 0, 0, 'j' }, -+ {0} -+}; -+ -+ -+static void -+#ifdef _XTABLES_H -+init(struct xt_entry_match *m) -+#else -+init(struct ipt_entry_match *t, unsigned int *nfcache) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data; -+ -+#ifndef _XTABLES_H -+ *nfcache |= NFC_UNKNOWN; -+#endif -+ -+ /*init the module with default values*/ -+ info->cmd = 0; -+ info->debug = 0; -+ -+} -+ -+ -+static int -+parse(int c, char **argv, int invert, unsigned int *flags, -+#ifdef _XTABLES_H -+ const void *entry, struct xt_entry_match **match) -+#else -+ const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data; -+ -+ switch (c) { -+ case '1': /*cmd: ipp2p*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified once!"); -+ -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!"); -+*/ -+ -+ if ((*flags) != 0) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += SHORT_HAND_IPP2P; -+ info->cmd = *flags; -+ break; -+ -+ case '2': /*cmd: edk*/ -+ if ((*flags & IPP2P_EDK) == IPP2P_EDK) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--edk' may only be " -+ "specified once"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--edk' OR `--edk-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_EDK; -+ info->cmd = *flags; -+ break; -+ -+ -+ case '7': /*cmd: dc*/ -+ if ((*flags & IPP2P_DC) == IPP2P_DC) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--dc' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--dc' OR `--dc-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_DC; -+ info->cmd = *flags; -+ break; -+ -+ -+ case '9': /*cmd: gnu*/ -+ if ((*flags & IPP2P_GNU) == IPP2P_GNU) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--gnu' may only be " -+ "specified once!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_GNU; -+ info->cmd = *flags; -+ break; -+ -+ case 'a': /*cmd: kazaa*/ -+ if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--kazaa' may only be " -+ "specified once!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_KAZAA; -+ info->cmd = *flags; -+ break; -+ -+ case 'b': /*cmd: bit*/ -+ if ((*flags & IPP2P_BIT) == IPP2P_BIT) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--bit' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_BIT; -+ info->cmd = *flags; -+ break; -+ -+ case 'c': /*cmd: apple*/ -+ if ((*flags & IPP2P_APPLE) == IPP2P_APPLE) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--apple' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_APPLE; -+ info->cmd = *flags; -+ break; -+ -+ -+ case 'd': /*cmd: soul*/ -+ if ((*flags & IPP2P_SOUL) == IPP2P_SOUL) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--soul' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_SOUL; -+ info->cmd = *flags; -+ break; -+ -+ -+ case 'e': /*cmd: winmx*/ -+ if ((*flags & IPP2P_WINMX) == IPP2P_WINMX) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--winmx' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_WINMX; -+ info->cmd = *flags; -+ break; -+ -+ case 'f': /*cmd: ares*/ -+ if ((*flags & IPP2P_ARES) == IPP2P_ARES) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ares' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_ARES; -+ info->cmd = *flags; -+ break; -+ -+ case 'g': /*cmd: mute*/ -+ if ((*flags & IPP2P_MUTE) == IPP2P_MUTE) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--mute' may only be " -+ "specified once!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_MUTE; -+ info->cmd = *flags; -+ break; -+ case 'h': /*cmd: waste*/ -+ if ((*flags & IPP2P_WASTE) == IPP2P_WASTE) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--waste' may only be " -+ "specified once!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_WASTE; -+ info->cmd = *flags; -+ break; -+ case 'i': /*cmd: xdcc*/ -+ if ((*flags & IPP2P_XDCC) == IPP2P_XDCC) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ares' may only be " -+ "specified once!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_XDCC; -+ info->cmd = *flags; -+ break; -+ -+ case 'j': /*cmd: debug*/ -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ info->debug = 1; -+ break; -+ -+ default: -+// exit_error(PARAMETER_PROBLEM, -+// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); -+ return 0; -+ } -+ return 1; -+} -+ -+ -+static void -+final_check(unsigned int flags) -+{ -+ if (!flags) -+ exit_error(PARAMETER_PROBLEM, -+ "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); -+} -+ -+static void -+#ifdef _XTABLES_H -+print(const void *ip, -+ const struct xt_entry_match *match, -+#else -+print(const struct ipt_ip *ip, -+ const struct ipt_entry_match *match, -+#endif -+ int numeric) -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; -+ -+ printf("ipp2p v%s", IPP2P_VERSION); -+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p"); -+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data"); -+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa"); -+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data"); -+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data"); -+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu"); -+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk"); -+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data"); -+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data"); -+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc"); -+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit"); -+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple"); -+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul"); -+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx"); -+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares"); -+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); -+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); -+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); -+ if (info->debug != 0) printf(" --debug"); -+ printf(" "); -+} -+ -+static void -+#ifdef _XTABLES_H -+save(const void *ip, -+ const struct xt_entry_match *match) -+#else -+save(const struct ipt_ip *ip, -+ const struct ipt_entry_match *match) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; -+ -+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p "); -+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data "); -+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa "); -+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data "); -+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data "); -+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu "); -+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk "); -+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data "); -+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data "); -+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc "); -+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit "); -+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple "); -+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul "); -+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx "); -+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares "); -+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); -+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); -+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); -+ if (info->debug != 0) printf("--debug "); -+} -+ -+ -+static -+struct xtables_match ipp2p= -+{ -+ .next = NULL, -+ .name = "ipp2p", -+ .version = XTABLES_VERSION, -+ .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)), -+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)), -+ .help = &help, -+ .init = &init, -+ .parse = &parse, -+ .final_check = &final_check, -+ .print = &print, -+ .save = &save, -+ .extra_opts = opts -+}; -+ -+ -+ -+void _init(void) -+{ -+ xtables_register_match(&ipp2p); -+} -+ -diff -Naur iptables-1.4.1.1.org/extensions/libipt_ipp2p.man iptables-1.4.1.1/extensions/libipt_ipp2p.man ---- iptables-1.4.1.1.org/extensions/libipt_ipp2p.man 1970-01-01 00:00:00.000000000 +0000 -+++ iptables-1.4.1.1/extensions/libipt_ipp2p.man 2008-09-22 21:58:41.000000000 +0000 -@@ -0,0 +1,43 @@ -+This module matches certain packets in P2P flows. It is not -+designed to match all packets belonging to a P2P connection - -+use IPP2P together with CONNMARK for this purpose. Also visit -+http://www.ipp2p.org for detailed information. -+ -+Use it together with -p tcp or -p udp to search these protocols -+only or without -p switch to search packets of both protocols. -+ -+IPP2P provides the following options: -+.TP -+.B "--edk " -+Matches as many eDonkey/eMule packets as possible. -+.TP -+.B "--kazaa " -+Matches as many KaZaA packets as possible. -+.TP -+.B "--gnu " -+Matches as many Gnutella packets as possible. -+.TP -+.B "--dc " -+Matches as many Direct Connect packets as possible. -+.TP -+.B "--bit " -+Matches BitTorrent packets. -+.TP -+.B "--apple " -+Matches AppleJuice packets. -+.TP -+.B "--soul " -+Matches some SoulSeek packets. Considered as beta, use careful! -+.TP -+.B "--winmx " -+Matches some WinMX packets. Considered as beta, use careful! -+.TP -+.B "--ares " -+Matches Ares and AresLite packets. Use together with -j DROP only. -+.TP -+.B "--ipp2p " -+Short hand for: --edk --kazaa --gnu --dc -+.TP -+.B "--debug " -+Prints some information about each hit into kernel logfile. May -+produce huge logfiles so beware! diff --git a/src/patches/iptables-1.4.2-imq.patch b/src/patches/iptables-1.4.2-imq.patch deleted file mode 100644 index 7fdcab8..0000000 --- a/src/patches/iptables-1.4.2-imq.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -Naur iptables-1.4.2/extensions/.IMQ-test iptables/extensions/.IMQ-test ---- iptables-1.4.2/extensions/.IMQ-test 1970-01-01 10:00:00.000000000 +1000 -+++ iptables/extensions/.IMQ-test 2008-06-08 22:41:49.000000000 +1000 -@@ -0,0 +1,3 @@ -+#!/bin/sh -+# True if IMQ target patch is applied. -+[ -f $KERNEL_DIR/include/linux/netfilter/xt_IMQ.h ] && echo IMQ -diff -Naur iptables-1.4.2/extensions/libipt_IMQ.c iptables/extensions/libipt_IMQ.c ---- iptables-1.4.2/extensions/libipt_IMQ.c 1970-01-01 10:00:00.000000000 +1000 -+++ iptables/extensions/libipt_IMQ.c 2008-06-08 22:46:25.000000000 +1000 -@@ -0,0 +1,88 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <xtables.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target v%s options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n", -+XTABLES_VERSION); -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+ if (check_inverse(optarg, &invert, NULL, 0)) -+ exit_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+ mr->todev=atoi(optarg); -+ break; -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("--todev %u", mr->todev); -+} -+ -+static struct xtables_target imq = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = PF_INET, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+void _init(void) -+{ -+ xtables_register_target(&imq); -+} diff --git a/src/patches/linux-2.6.24-leds-alix.patch b/src/patches/linux-2.6.24-leds-alix.patch deleted file mode 100644 index 13e5b35..0000000 --- a/src/patches/linux-2.6.24-leds-alix.patch +++ /dev/null @@ -1,203 +0,0 @@ -diff -Nur linux-2.6.24.old/drivers/leds/Kconfig linux-2.6.24/drivers/leds/Kconfig ---- linux-2.6.24.old/drivers/leds/Kconfig 2008-01-24 23:58:37.000000000 +0100 -+++ linux-2.6.24/drivers/leds/Kconfig 2008-05-24 09:32:18.000000000 +0200 -@@ -81,6 +81,12 @@ - help - This option enables support for the PCEngines WRAP programmable LEDs. - -+config LEDS_ALIX -+ tristate "LED Support for the ALIX 2/3 boards" -+ depends on LEDS_CLASS -+ help -+ This option enables support for the three LEDs on the PCEngines ALIX 2/3 boards. -+ - config LEDS_H1940 - tristate "LED Support for iPAQ H1940 device" - depends on LEDS_CLASS && ARCH_H1940 -diff -Nur linux-2.6.24.old/drivers/leds/leds-alix.c linux-2.6.24/drivers/leds/leds-alix.c ---- linux-2.6.24.old/drivers/leds/leds-alix.c 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.6.24/drivers/leds/leds-alix.c 2008-05-24 09:32:18.000000000 +0200 -@@ -0,0 +1,172 @@ -+/* -+ * LEDs driver for PCEngines ALIX 2/3 series -+ * -+ * Copyright (C) 2007 Petr Liebman -+ * -+ * Based on leds-wrap.c -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License version 2 as -+ * published by the Free Software Foundation. -+ */ -+ -+#include <linux/kernel.h> -+#include <linux/init.h> -+#include <linux/platform_device.h> -+#include <linux/leds.h> -+#include <linux/err.h> -+#include <asm/io.h> -+ -+#define DRVNAME "alix-led" -+ -+#define ALIX_LED1_PORT (0x6100) -+#define ALIX_LED1_ON (1<<22) -+#define ALIX_LED1_OFF (1<<6) -+ -+#define ALIX_LED2_PORT (0x6180) -+#define ALIX_LED2_ON (1<<25) -+#define ALIX_LED2_OFF (1<<9) -+ -+#define ALIX_LED3_PORT (0x6180) -+#define ALIX_LED3_ON (1<<27) -+#define ALIX_LED3_OFF (1<<11) -+ -+ -+static struct platform_device *pdev; -+ -+static void alix_led_set_1(struct led_classdev *led_cdev, -+ enum led_brightness value) -+{ -+ if (value) -+ outl(ALIX_LED1_ON, ALIX_LED1_PORT); -+ else -+ outl(ALIX_LED1_OFF, ALIX_LED1_PORT); -+} -+ -+static void alix_led_set_2(struct led_classdev *led_cdev, -+ enum led_brightness value) -+{ -+ if (value) -+ outl(ALIX_LED2_ON, ALIX_LED2_PORT); -+ else -+ outl(ALIX_LED2_OFF, ALIX_LED2_PORT); -+} -+ -+static void alix_led_set_3(struct led_classdev *led_cdev, -+ enum led_brightness value) -+{ -+ if (value) -+ outl(ALIX_LED3_ON, ALIX_LED3_PORT); -+ else -+ outl(ALIX_LED3_OFF, ALIX_LED3_PORT); -+} -+ -+static struct led_classdev alix_led_1 = { -+ .name = "alix:1", -+ .brightness_set = alix_led_set_1, -+}; -+ -+static struct led_classdev alix_led_2 = { -+ .name = "alix:2", -+ .brightness_set = alix_led_set_2, -+}; -+ -+static struct led_classdev alix_led_3 = { -+ .name = "alix:3", -+ .brightness_set = alix_led_set_3, -+}; -+ -+ -+#ifdef CONFIG_PM -+static int alix_led_suspend(struct platform_device *dev, -+ pm_message_t state) -+{ -+ led_classdev_suspend(&alix_led_1); -+ led_classdev_suspend(&alix_led_2); -+ led_classdev_suspend(&alix_led_3); -+ return 0; -+} -+ -+static int alix_led_resume(struct platform_device *dev) -+{ -+ led_classdev_resume(&alix_led_1); -+ led_classdev_resume(&alix_led_2); -+ led_classdev_resume(&alix_led_3); -+ return 0; -+} -+#else -+#define alix_led_suspend NULL -+#define alix_led_resume NULL -+#endif -+ -+static int alix_led_probe(struct platform_device *pdev) -+{ -+ int ret; -+ -+ ret = led_classdev_register(&pdev->dev, &alix_led_1); -+ if (ret >= 0) -+ { -+ ret = led_classdev_register(&pdev->dev, &alix_led_2); -+ if (ret >= 0) -+ { -+ ret = led_classdev_register(&pdev->dev, &alix_led_3); -+ if (ret < 0) -+ led_classdev_unregister(&alix_led_2); -+ } -+ if (ret < 0) -+ led_classdev_unregister(&alix_led_1); -+ } -+ return ret; -+} -+ -+static int alix_led_remove(struct platform_device *pdev) -+{ -+ led_classdev_unregister(&alix_led_1); -+ led_classdev_unregister(&alix_led_2); -+ led_classdev_unregister(&alix_led_3); -+ return 0; -+} -+ -+static struct platform_driver alix_led_driver = { -+ .probe = alix_led_probe, -+ .remove = alix_led_remove, -+ .suspend = alix_led_suspend, -+ .resume = alix_led_resume, -+ .driver = { -+ .name = DRVNAME, -+ .owner = THIS_MODULE, -+ }, -+}; -+ -+static int __init alix_led_init(void) -+{ -+ int ret; -+ -+ ret = platform_driver_register(&alix_led_driver); -+ if (ret < 0) -+ goto out; -+ -+ pdev = platform_device_register_simple(DRVNAME, -1, NULL, 0); -+ if (IS_ERR(pdev)) { -+ ret = PTR_ERR(pdev); -+ platform_driver_unregister(&alix_led_driver); -+ goto out; -+ } -+ -+out: -+ return ret; -+} -+ -+static void __exit alix_led_exit(void) -+{ -+ platform_device_unregister(pdev); -+ platform_driver_unregister(&alix_led_driver); -+} -+ -+module_init(alix_led_init); -+module_exit(alix_led_exit); -+ -+MODULE_AUTHOR("Petr Liebman"); -+MODULE_DESCRIPTION("PCEngines ALIX LED driver"); -+MODULE_LICENSE("GPL"); -+ -diff -Nur linux-2.6.24.old/drivers/leds/Makefile linux-2.6.24/drivers/leds/Makefile ---- linux-2.6.24.old/drivers/leds/Makefile 2008-01-24 23:58:37.000000000 +0100 -+++ linux-2.6.24/drivers/leds/Makefile 2008-05-24 08:34:40.000000000 +0200 -@@ -14,6 +14,7 @@ - obj-$(CONFIG_LEDS_AMS_DELTA) += leds-ams-delta.o - obj-$(CONFIG_LEDS_NET48XX) += leds-net48xx.o - obj-$(CONFIG_LEDS_WRAP) += leds-wrap.o -+obj-$(CONFIG_LEDS_ALIX) += leds-alix.o - obj-$(CONFIG_LEDS_H1940) += leds-h1940.o - obj-$(CONFIG_LEDS_COBALT_QUBE) += leds-cobalt-qube.o - obj-$(CONFIG_LEDS_COBALT_RAQ) += leds-cobalt-raq.o diff --git a/src/patches/linux-2.6.27-atom-clockmod.patch b/src/patches/linux-2.6.27-atom-clockmod.patch deleted file mode 100644 index ef59fef..0000000 --- a/src/patches/linux-2.6.27-atom-clockmod.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur linux-2.6.27.45.org/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c linux-2.6.27.45/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c ---- linux-2.6.27.45.org/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c 2010-01-29 00:21:45.000000000 +0100 -+++ linux-2.6.27.45/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c 2010-02-11 15:21:39.000000000 +0100 -@@ -160,6 +160,8 @@ - switch (c->x86_model) { - case 0x0E: /* Core */ - case 0x0F: /* Core Duo */ -+ case 0x16: /* Celeron Core */ -+ case 0x1c: /* Atom */ - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; - return speedstep_get_processor_frequency(SPEEDSTEP_PROCESSOR_PCORE); - case 0x0D: /* Pentium M (Dothan) */ diff --git a/src/patches/linux-2.6.27-atom-coretemp.patch b/src/patches/linux-2.6.27-atom-coretemp.patch deleted file mode 100644 index 0084311..0000000 --- a/src/patches/linux-2.6.27-atom-coretemp.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff -Naur linux-2.6.27.42.org/drivers/hwmon/coretemp.c linux-2.6.27.42/drivers/hwmon/coretemp.c ---- linux-2.6.27.42.org/drivers/hwmon/coretemp.c 2009-12-18 22:31:34.000000000 +0100 -+++ linux-2.6.27.42/drivers/hwmon/coretemp.c 2010-02-07 12:36:39.000000000 +0100 -@@ -1,7 +1,7 @@ - /* - * coretemp.c - Linux kernel module for hardware monitoring - * -- * Copyright (C) 2007 Rudolf Marek r.marek@assembler.cz -+ * Copyright (C) 2007, 2008 Rudolf Marek r.marek@assembler.cz - * - * Inspired from many hwmon drivers - * -@@ -244,8 +244,14 @@ - } - } - -- data->tjmax = adjust_tjmax(c, data->id, &pdev->dev); -- platform_set_drvdata(pdev, data); -+ /* Intel Atom has only fixed TjMax at 95C */ -+ -+ if (c->x86_model == 0x1c) { -+ data->tjmax = 95000; -+ } else { -+ /* Adjust the TjMax for the rest of Core2 family */ -+ data->tjmax = adjust_tjmax(c, data->id, &pdev->dev); -+ } - - /* read the still undocumented IA32_TEMPERATURE_TARGET it exists - on older CPUs but not in this register */ -@@ -265,6 +271,8 @@ - } - } - -+ platform_set_drvdata(pdev, data); -+ - if ((err = sysfs_create_group(&pdev->dev.kobj, &coretemp_group))) - goto exit_dev; - -@@ -409,15 +417,15 @@ - err = platform_driver_register(&coretemp_driver); - if (err) - goto exit; -- -+ - for_each_online_cpu(i) { - struct cpuinfo_x86 *c = &cpu_data(i); - -- /* check if family 6, models 0xe, 0xf, 0x16, 0x17, 0x1A */ -+ /* check if family 6, models 0xe, 0xf, 0x16, 0x17, 0x1A, 0x1c */ - if ((c->cpuid_level < 0) || (c->x86 != 0x6) || - !((c->x86_model == 0xe) || (c->x86_model == 0xf) || -- (c->x86_model == 0x16) || (c->x86_model == 0x17) || -- (c->x86_model == 0x1A))) { -+ (c->x86_model == 0x16) || (c->x86_model == 0x17) || -+ (c->x86_model == 0x1c) || (c->x86_model == 0x1A))) { - - /* supported CPU not found, but report the unknown - family 6 CPU */ diff --git a/src/patches/linux-2.6.27-imq.patch b/src/patches/linux-2.6.27-imq.patch deleted file mode 100644 index f907a07..0000000 --- a/src/patches/linux-2.6.27-imq.patch +++ /dev/null @@ -1,1150 +0,0 @@ ---- a/drivers/net/Kconfig -+++ b/drivers/net/Kconfig -@@ -109,6 +109,129 @@ config EQUALIZER - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 ---- a/drivers/net/Makefile -+++ b/drivers/net/Makefile -@@ -144,6 +144,7 @@ obj-$(CONFIG_SLHC) += slhc.o - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o ---- /dev/null -+++ b/drivers/net/imq.c -@@ -0,0 +1,533 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, kaber@trash.net -+ * -+ * The first version was written by Martin Devera, devik@cdi.cz -+ * -+ * Credits: Jan Rafaj imq2t@cedric.vabo.cz -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo sstrollo@nortelnetworks.com -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek sebek64@post.cz -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead -+ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. New initialization routines to fix 'rmmod' not -+ * working anymore. Used code from ifb.c. (Jussi Kivilinna) -+ * -+ * 2008/08/06 - 2.6.27 - (JK) -+ * - Replaced tasklet with 'netif_schedule()'. -+ * - Cleaned up and added comments for imq_nf_queue(). -+ * -+ * Also, many thanks to pablo Sebastian Greco for making the initial -+ * patch and to those who helped the testing. -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include <linux/module.h> -+#include <linux/kernel.h> -+#include <linux/moduleparam.h> -+#include <linux/skbuff.h> -+#include <linux/netdevice.h> -+#include <linux/etherdevice.h> -+#include <linux/rtnetlink.h> -+#include <linux/if_arp.h> -+#include <linux/netfilter.h> -+#include <linux/netfilter_ipv4.h> -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include <linux/netfilter_ipv6.h> -+#endif -+#include <linux/imq.h> -+#include <net/pkt_sched.h> -+#include <net/netfilter/nf_queue.h> -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (likely(entry)) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+} -+ -+static void imq_nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) -+{ -+ int status; -+ -+ if (!entry->next_outfn) { -+ nf_reinject(entry, verdict); -+ return; -+ } -+ -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ if (status < 0) { -+ nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); -+ kfree(entry); -+ } -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ BUG_ON(entry == NULL); -+ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ dev->trans_start = jiffies; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct sk_buff *skb_orig, *skb, *skb_shared; -+ struct Qdisc *q; -+ spinlock_t *root_lock; -+ struct netdev_queue *txq; -+ int users, index; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ return -EINVAL; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ dev = dev_get_by_name(&init_net, buf); -+ if (!dev) { -+ /* not found ?!*/ -+ BUG(); -+ return -ENODEV; -+ } -+ -+ imq_devs_cache[index] = dev; -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ return 0; -+ } -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (!skb) -+ return -ENOMEM; -+ entry->skb = skb; -+ } -+ -+ skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ txq = dev_pick_tx(dev, skb); -+ q = txq->qdisc; -+ -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ if (unlikely(!rtnl_trylock())) -+ goto packet_not_eaten_by_imq_dev; -+ -+ root_lock = qdisc_root_lock(q); -+ spin_lock(root_lock); -+ -+ users = atomic_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */ -+ -+ if (likely(atomic_read(&skb_shared->users) == users + 1)) { -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ /* imq_skb_destructor frees the skb and entry */ -+ skb->destructor = &imq_skb_destructor; -+ -+ /* cloned? */ -+ if (skb_orig) -+ kfree_skb(skb_orig); /* free original */ -+ -+ /* schedule qdisc dequeue */ -+ netif_tx_schedule_all(dev); -+ -+ spin_unlock(root_lock); -+ __rtnl_unlock(); -+ return 0; -+ } else { -+ /* qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. */ -+ spin_unlock(root_lock); -+ __rtnl_unlock(); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ /* cloned? restore original */ -+ if (skb_orig) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ return -1; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 1500; -+ dev->tx_queue_len = 10000; -+ dev->flags = IFF_NOARP; -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[]) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ printk(KERN_WARNING "IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ nf_register_queue_imq_handler(&nfqh); -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err2; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err3; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err4; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err4: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err3: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err2: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err1: -+ nf_unregister_queue_imq_handler(); -+ return err; -+} -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev(0, "imq%d", imq_setup); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -+ ---- /dev/null -+++ b/include/linux/imq.h -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ ---- /dev/null -+++ b/include/linux/netfilter/xt_IMQ.h -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ ---- /dev/null -+++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -28,6 +28,9 @@ - #include <linux/rcupdate.h> - #include <linux/dmaengine.h> - #include <linux/hrtimer.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - - #define HAVE_ALLOC_SKB /* For the drivers to know */ - #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ -@@ -302,6 +305,13 @@ struct sk_buff { - struct nf_conntrack *nfct; - struct sk_buff *nfct_reasm; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+/* 2.6.27 started using skb->cb for qdiscs. Problem here is that IMQ run qdisc -+ * on wrong layer and skb->cb is already used by TCP. So we need to make qdisc -+ * not use skb, this adds 4 extra bytes to skbuff. */ -+ unsigned int qdisc_skb_cb_pkt_len; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - struct nf_bridge_info *nf_bridge; - #endif -@@ -321,6 +331,9 @@ struct sk_buff { - __u8 do_not_encrypt:1; - #endif - /* 0/13/14 bit hole */ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; -@@ -1638,6 +1651,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) - dst->nfct_reasm = src->nfct_reasm; - nf_conntrack_get_reasm(src->nfct_reasm); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); ---- a/include/net/netfilter/nf_queue.h -+++ b/include/net/netfilter/nf_queue.h -@@ -13,6 +13,13 @@ struct nf_queue_entry { - struct net_device *indev; - struct net_device *outdev; - int (*okfn)(struct sk_buff *); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* following allow IMQ work when other nf_queue handlers are set up */ -+ int (*next_outfn)(struct nf_queue_entry *entry, -+ unsigned int queuenum); -+ unsigned int next_queuenum; -+#endif - }; - - #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) -@@ -30,5 +37,11 @@ extern int nf_unregister_queue_handler(int pf, - const struct nf_queue_handler *qh); - extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh); - extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+extern void nf_unregister_queue_imq_handler(void); -+#endif - - #endif /* _NF_QUEUE_H */ ---- a/include/net/sch_generic.h -+++ b/include/net/sch_generic.h -@@ -174,7 +174,11 @@ struct tcf_proto - }; - - struct qdisc_skb_cb { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ unsigned int __imq_do_not_use; -+#else - unsigned int pkt_len; -+#endif - char data[]; - }; - -@@ -275,6 +279,8 @@ extern void qdisc_class_hash_remove(struct Qdisc_class_hash *, struct Qdisc_clas - extern void qdisc_class_hash_grow(struct Qdisc *, struct Qdisc_class_hash *); - extern void qdisc_class_hash_destroy(struct Qdisc_class_hash *); - -+extern struct netdev_queue *dev_pick_tx(struct net_device *dev, -+ struct sk_buff *skb); - extern void dev_init_scheduler(struct net_device *dev); - extern void dev_shutdown(struct net_device *dev); - extern void dev_activate(struct net_device *dev); -@@ -340,7 +346,11 @@ static inline bool qdisc_tx_is_noop(const struct net_device *dev) - - static inline unsigned int qdisc_pkt_len(struct sk_buff *skb) - { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ return skb->qdisc_skb_cb_pkt_len; /* see skbuff.h why */ -+#else - return qdisc_skb_cb(skb)->pkt_len; -+#endif - } - - /* additional qdisc xmit flags (NET_XMIT_MASK in linux/netdevice.h) */ -@@ -366,7 +376,11 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch) - - static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch) - { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb->qdisc_skb_cb_pkt_len = skb->len; /* see skbuff.h why */ -+#else - qdisc_skb_cb(skb)->pkt_len = skb->len; -+#endif - return qdisc_enqueue(skb, sch) & NET_XMIT_MASK; - } - ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -96,6 +96,9 @@ - #include <net/net_namespace.h> - #include <net/sock.h> - #include <linux/rtnetlink.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - #include <linux/proc_fs.h> - #include <linux/seq_file.h> - #include <linux/stat.h> -@@ -1619,7 +1622,11 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev, - struct netdev_queue *txq) - { - if (likely(!skb->next)) { -- if (!list_empty(&ptype_all)) -+ if (!list_empty(&ptype_all) -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ && !(skb->imq_flags & IMQ_F_ENQUEUE) -+#endif -+ ) - dev_queue_xmit_nit(skb, dev); - - if (netif_needs_gso(dev, skb)) { -@@ -1709,8 +1716,7 @@ static u16 simple_tx_hash(struct net_device *dev, struct sk_buff *skb) - return (u16) (((u64) hash * dev->real_num_tx_queues) >> 32); - } - --static struct netdev_queue *dev_pick_tx(struct net_device *dev, -- struct sk_buff *skb) -+struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb) - { - u16 queue_index = 0; - -@@ -1722,6 +1728,7 @@ static struct netdev_queue *dev_pick_tx(struct net_device *dev, - skb_set_queue_mapping(skb, queue_index); - return netdev_get_tx_queue(dev, queue_index); - } -+EXPORT_SYMBOL(dev_pick_tx); - - /** - * dev_queue_xmit - transmit a buffer ---- a/net/core/rtnetlink.c -+++ b/net/core/rtnetlink.c -@@ -1406,6 +1406,7 @@ EXPORT_SYMBOL(rtnetlink_put_metrics); - EXPORT_SYMBOL(rtnl_lock); - EXPORT_SYMBOL(rtnl_trylock); - EXPORT_SYMBOL(rtnl_unlock); -+EXPORT_SYMBOL(__rtnl_unlock); - EXPORT_SYMBOL(rtnl_is_locked); - EXPORT_SYMBOL(rtnl_unicast); - EXPORT_SYMBOL(rtnl_notify); ---- a/net/core/skbuff.c -+++ b/net/core/skbufc -@@ -436,6 +436,9 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) - new->sp = secpath_get(old->sp); - #endif - memcpy(new->cb, old->cb, sizeof(old->cb)); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ new->qdisc_skb_cb_pkt_len = old->qdisc_skb_cb_pkt_len; -+#endif - new->csum_start = old->csum_start; - new->csum_offset = old->csum_offset; - new->local_df = old->local_df; -@@ -2258,7 +2258,9 @@ - - __copy_skb_header(nskb, skb); - nskb->mac_len = skb->mac_len; -- -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ nskb->qdisc_skb_cb_pkt_len = skb->qdisc_skb_cb_pkt_len; -+#endif - skb_reserve(nskb, headroom); - skb_reset_mac_header(nskb); - skb_set_network_header(nskb, skb->mac_len); ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -342,6 +342,18 @@ config NETFILTER_XT_TARGET_DSCP - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_XTABLES ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -42,6 +42,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -20,6 +20,26 @@ static const struct nf_queue_handler *queue_handler[NPROTO]; - - static DEFINE_MUTEX(queue_handler_mutex); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler *queue_imq_handler; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, qh); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, NULL); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - int nf_register_queue_handler(int pf, const struct nf_queue_handler *qh) -@@ -80,7 +100,7 @@ void nf_unregister_queue_handlers(const struct nf_queue_handler *qh) - } - EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers); - --static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - { - /* Release those devices we held, or Alexey will kill me. */ - if (entry->indev) -@@ -100,6 +120,7 @@ static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - /* Drop reference to owner of hook which queued us. */ - module_put(entry->elem->owner); - } -+EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs); - - /* - * Any packet that leaves via this function must come back -@@ -121,12 +142,26 @@ static int __nf_queue(struct sk_buff *skb, - #endif - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ const struct nf_queue_handler *qih = NULL; -+#endif - - /* QUEUE == DROP if noone is waiting, to be safe. */ - rcu_read_lock(); - - qh = rcu_dereference(queue_handler[pf]); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ if (pf == PF_INET || pf == PF_INET6) -+#else -+ if (pf == PF_INET) -+#endif -+ qih = rcu_dereference(queue_imq_handler); -+ -+ if (!qh && !qih) -+#else /* !IMQ */ - if (!qh) -+#endif - goto err_unlock; - - afinfo = nf_get_afinfo(pf); -@@ -145,6 +180,10 @@ static int __nf_queue(struct sk_buff *skb, - .indev = indev, - .outdev = outdev, - .okfn = okfn, -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ .next_outfn = qh ? qh->outfn : NULL, -+ .next_queuenum = queuenum, -+#endif - }; - - /* If it's going away, ignore hook. */ -@@ -170,8 +209,19 @@ static int __nf_queue(struct sk_buff *skb, - } - #endif - afinfo->saveroute(skb, entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if (qih) { -+ status = qih->outfn(entry, queuenum); -+ goto imq_skip_queue; -+ } -+#endif -+ - status = qh->outfn(entry, queuenum); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+imq_skip_queue: -+#endif - rcu_read_unlock(); - - if (status < 0) { ---- /dev/null -+++ b/net/netfilter/xt_IMQ.c -@@ -0,0 +1,81 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+#include <linux/imq.h> -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, -+ const void *targinfo) -+{ -+ const struct xt_imq_info *mr = targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static bool imq_checkentry(const char *tablename, -+ const void *entry, -+ const struct xt_target *target, -+ void *targinfo, -+ unsigned int hook_mask) -+{ -+ struct xt_imq_info *mr = targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ ---- a/net/sched/sch_api.c -+++ b/net/sched/sch_api.c -@@ -405,7 +405,11 @@ void qdisc_calculate_pkt_len(struct sk_buff *skb, struct qdisc_size_table *stab) - out: - if (unlikely(pkt_len < 1)) - pkt_len = 1; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb->qdisc_skb_cb_pkt_len = pkt_len; /* see skbuff.h why */ -+#else - qdisc_skb_cb(skb)->pkt_len = pkt_len; -+#endif - } - EXPORT_SYMBOL(qdisc_calculate_pkt_len); - diff --git a/src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch b/src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch deleted file mode 100644 index 4b99aa6..0000000 --- a/src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch +++ /dev/null @@ -1,980 +0,0 @@ -diff -Naur linux-2.6.27.19.org/include/linux/netfilter_ipv4/ipt_ipp2p.h linux-2.6.27.19/include/linux/netfilter_ipv4/ipt_ipp2p.h ---- linux-2.6.27.19.org/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.6.27.19/include/linux/netfilter_ipv4/ipt_ipp2p.h 2009-03-17 19:31:50.000000000 +0100 -@@ -0,0 +1,31 @@ -+#ifndef __IPT_IPP2P_H -+#define __IPT_IPP2P_H -+#define IPP2P_VERSION "0.8.2-pomng" -+ -+struct ipt_p2p_info { -+ int cmd; -+ int debug; -+}; -+ -+#endif //__IPT_IPP2P_H -+ -+#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/ -+//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/ -+#define SHORT_HAND_NONE 5 /* no short hand*/ -+ -+#define IPP2P_EDK (1 << 1) -+#define IPP2P_DATA_KAZAA (1 << 2) -+#define IPP2P_DATA_EDK (1 << 3) -+#define IPP2P_DATA_DC (1 << 4) -+#define IPP2P_DC (1 << 5) -+#define IPP2P_DATA_GNU (1 << 6) -+#define IPP2P_GNU (1 << 7) -+#define IPP2P_KAZAA (1 << 8) -+#define IPP2P_BIT (1 << 9) -+#define IPP2P_APPLE (1 << 10) -+#define IPP2P_SOUL (1 << 11) -+#define IPP2P_WINMX (1 << 12) -+#define IPP2P_ARES (1 << 13) -+#define IPP2P_MUTE (1 << 14) -+#define IPP2P_WASTE (1 << 15) -+#define IPP2P_XDCC (1 << 16) -diff -Naur linux-2.6.27.19.org/net/ipv4/netfilter/ipt_ipp2p.c linux-2.6.27.19/net/ipv4/netfilter/ipt_ipp2p.c ---- linux-2.6.27.19.org/net/ipv4/netfilter/ipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.6.27.19/net/ipv4/netfilter/ipt_ipp2p.c 2009-03-17 19:31:50.000000000 +0100 -@@ -0,0 +1,911 @@ -+#if defined(MODVERSIONS) -+#include <linux/modversions.h> -+#endif -+#include <linux/module.h> -+#include <linux/version.h> -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_ipp2p.h> -+#include <net/tcp.h> -+#include <net/udp.h> -+ -+#define get_u8(X,O) (*(__u8 *)(X + O)) -+#define get_u16(X,O) (*(__u16 *)(X + O)) -+#define get_u32(X,O) (*(__u32 *)(X + O)) -+ -+MODULE_AUTHOR("Eicke Friedrich/Klaus Degner ipp2p@ipp2p.org"); -+MODULE_DESCRIPTION("An extension to iptables to identify P2P traffic."); -+MODULE_LICENSE("GPL"); -+ -+ -+/*Search for UDP eDonkey/eMule/Kad commands*/ -+int -+udp_search_edk (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ t += 8; -+ -+ switch (t[0]) { -+ case 0xe3: -+ { /*edonkey*/ -+ switch (t[1]) -+ { -+ /* client -> server status request */ -+ case 0x96: -+ if (packet_len == 14) return ((IPP2P_EDK * 100) + 50); -+ break; -+ /* server -> client status request */ -+ case 0x97: if (packet_len == 42) return ((IPP2P_EDK * 100) + 51); -+ break; -+ /* server description request */ -+ /* e3 2a ff f0 .. | size == 6 */ -+ case 0xa2: if ( (packet_len == 14) && ( get_u16(t,2) == __constant_htons(0xfff0) ) ) return ((IPP2P_EDK * 100) + 52); -+ break; -+ /* server description response */ -+ /* e3 a3 ff f0 .. | size > 40 && size < 200 */ -+ //case 0xa3: return ((IPP2P_EDK * 100) + 53); -+ // break; -+ case 0x9a: if (packet_len==26) return ((IPP2P_EDK * 100) + 54); -+ break; -+ -+ case 0x92: if (packet_len==18) return ((IPP2P_EDK * 100) + 55); -+ break; -+ } -+ break; -+ } -+ case 0xe4: -+ { -+ switch (t[1]) -+ { -+ /* e4 20 .. | size == 43 */ -+ case 0x20: if ((packet_len == 43) && (t[2] != 0x00) && (t[34] != 0x00)) return ((IPP2P_EDK * 100) + 60); -+ break; -+ /* e4 00 .. 00 | size == 35 ? */ -+ case 0x00: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 61); -+ break; -+ /* e4 10 .. 00 | size == 35 ? */ -+ case 0x10: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 62); -+ break; -+ /* e4 18 .. 00 | size == 35 ? */ -+ case 0x18: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 63); -+ break; -+ /* e4 52 .. | size = 44 */ -+ case 0x52: if (packet_len == 44 ) return ((IPP2P_EDK * 100) + 64); -+ break; -+ /* e4 58 .. | size == 6 */ -+ case 0x58: if (packet_len == 14 ) return ((IPP2P_EDK * 100) + 65); -+ break; -+ /* e4 59 .. | size == 2 */ -+ case 0x59: if (packet_len == 10 )return ((IPP2P_EDK * 100) + 66); -+ break; -+ /* e4 28 .. | packet_len == 52,77,102,127... */ -+ case 0x28: if (((packet_len-52) % 25) == 0) return ((IPP2P_EDK * 100) + 67); -+ break; -+ /* e4 50 xx xx | size == 4 */ -+ case 0x50: if (packet_len == 12) return ((IPP2P_EDK * 100) + 68); -+ break; -+ /* e4 40 xx xx | size == 48 */ -+ case 0x40: if (packet_len == 56) return ((IPP2P_EDK * 100) + 69); -+ break; -+ } -+ break; -+ } -+ } /* end of switch (t[0]) */ -+ return 0; -+}/*udp_search_edk*/ -+ -+ -+/*Search for UDP Gnutella commands*/ -+int -+udp_search_gnu (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ t += 8; -+ -+ if (memcmp(t, "GND", 3) == 0) return ((IPP2P_GNU * 100) + 51); -+ if (memcmp(t, "GNUTELLA ", 9) == 0) return ((IPP2P_GNU * 100) + 52); -+ return 0; -+}/*udp_search_gnu*/ -+ -+ -+/*Search for UDP KaZaA commands*/ -+int -+udp_search_kazaa (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ -+ if (t[packet_len-1] == 0x00){ -+ t += (packet_len - 6); -+ if (memcmp(t, "KaZaA", 5) == 0) return (IPP2P_KAZAA * 100 +50); -+ } -+ -+ return 0; -+}/*udp_search_kazaa*/ -+ -+/*Search for UDP DirectConnect commands*/ -+int -+udp_search_directconnect (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ if ((*(t + 8) == 0x24) && (*(t + packet_len - 1) == 0x7c)) { -+ t+=8; -+ if (memcmp(t, "SR ", 3) == 0) return ((IPP2P_DC * 100) + 60); -+ if (memcmp(t, "Ping ", 5) == 0) return ((IPP2P_DC * 100) + 61); -+ } -+ return 0; -+}/*udp_search_directconnect*/ -+ -+ -+ -+/*Search for UDP BitTorrent commands*/ -+int -+udp_search_bit (unsigned char *haystack, int packet_len) -+{ -+ switch(packet_len) -+ { -+ case 24: -+ /* ^ 00 00 04 17 27 10 19 80 */ -+ if ((ntohl(get_u32(haystack, 8)) == 0x00000417) && (ntohl(get_u32(haystack, 12)) == 0x27101980)) -+ return (IPP2P_BIT * 100 + 50); -+ break; -+ case 44: -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000400) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 51); -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000400)) -+ return (IPP2P_BIT * 100 + 61); -+ break; -+ case 65: -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000404) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 52); -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000404)) -+ return (IPP2P_BIT * 100 + 62); -+ break; -+ case 67: -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000406) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 53); -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000406)) -+ return (IPP2P_BIT * 100 + 63); -+ break; -+ case 211: -+ if (get_u32(haystack, 8) == __constant_htonl(0x00000405)) -+ return (IPP2P_BIT * 100 + 54); -+ break; -+ case 29: -+ if ((get_u32(haystack, 8) == __constant_htonl(0x00000401))) -+ return (IPP2P_BIT * 100 + 55); -+ break; -+ case 52: -+ if (get_u32(haystack,8) == __constant_htonl(0x00000827) && -+ get_u32(haystack,12) == __constant_htonl(0x37502950)) -+ return (IPP2P_BIT * 100 + 80); -+ break; -+ default: -+ /* this packet does not have a constant size */ -+ if (packet_len >= 40 && get_u32(haystack, 16) == __constant_htonl(0x00000402) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 56); -+ break; -+ } -+ -+ /* some extra-bitcomet rules: -+ * "d1:" [a|r] "d2:id20:" -+ */ -+ if (packet_len > 30 && get_u8(haystack, 8) == 'd' && get_u8(haystack, 9) == '1' && get_u8(haystack, 10) == ':' ) -+ { -+ if (get_u8(haystack, 11) == 'a' || get_u8(haystack, 11) == 'r') -+ { -+ if (memcmp(haystack+12,"d2:id20:",8)==0) -+ return (IPP2P_BIT * 100 + 57); -+ } -+ } -+ -+#if 0 -+ /* bitlord rules */ -+ /* packetlen must be bigger than 40 */ -+ /* first 4 bytes are zero */ -+ if (packet_len > 40 && get_u32(haystack, 8) == 0x00000000) -+ { -+ /* first rule: 00 00 00 00 01 00 00 xx xx xx xx 00 00 00 00*/ -+ if (get_u32(haystack, 12) == 0x00000000 && -+ get_u32(haystack, 16) == 0x00010000 && -+ get_u32(haystack, 24) == 0x00000000 ) -+ return (IPP2P_BIT * 100 + 71); -+ -+ /* 00 01 00 00 0d 00 00 xx xx xx xx 00 00 00 00*/ -+ if (get_u32(haystack, 12) == 0x00000001 && -+ get_u32(haystack, 16) == 0x000d0000 && -+ get_u32(haystack, 24) == 0x00000000 ) -+ return (IPP2P_BIT * 100 + 71); -+ -+ -+ } -+#endif -+ -+ return 0; -+}/*udp_search_bit*/ -+ -+ -+ -+/*Search for Ares commands*/ -+//#define IPP2P_DEBUG_ARES -+int -+search_ares (const unsigned char *payload, const u16 plen) -+//int search_ares (unsigned char *haystack, int packet_len, int head_len) -+{ -+// const unsigned char *t = haystack + head_len; -+ -+ /* all ares packets start with */ -+ if (payload[1] == 0 && (plen - payload[0]) == 3) -+ { -+ switch (payload[2]) -+ { -+ case 0x5a: -+ /* ares connect */ -+ if ( plen == 6 && payload[5] == 0x05 ) return ((IPP2P_ARES * 100) + 1); -+ break; -+ case 0x09: -+ /* ares search, min 3 chars --> 14 bytes -+ * lets define a search can be up to 30 chars --> max 34 bytes -+ */ -+ if ( plen >= 14 && plen <= 34 ) return ((IPP2P_ARES * 100) + 1); -+ break; -+#ifdef IPP2P_DEBUG_ARES -+ default: -+ printk(KERN_DEBUG "Unknown Ares command %x recognized, len: %u \n", (unsigned int) payload[2],plen); -+#endif /* IPP2P_DEBUG_ARES */ -+ } -+ } -+ -+#if 0 -+ /* found connect packet: 03 00 5a 04 03 05 */ -+ /* new version ares 1.8: 03 00 5a xx xx 05 */ -+ if ((plen) == 6){ /* possible connect command*/ -+ if ((payload[0] == 0x03) && (payload[1] == 0x00) && (payload[2] == 0x5a) && (payload[5] == 0x05)) -+ return ((IPP2P_ARES * 100) + 1); -+ } -+ if ((plen) == 60){ /* possible download command*/ -+ if ((payload[59] == 0x0a) && (payload[58] == 0x0a)){ -+ if (memcmp(t, "PUSH SHA1:", 10) == 0) /* found download command */ -+ return ((IPP2P_ARES * 100) + 2); -+ } -+ } -+#endif -+ -+ return 0; -+} /*search_ares*/ -+ -+/*Search for SoulSeek commands*/ -+int -+search_soul (const unsigned char *payload, const u16 plen) -+{ -+//#define IPP2P_DEBUG_SOUL -+ /* match: xx xx xx xx | xx = sizeof(payload) - 4 */ -+ if (get_u32(payload, 0) == (plen - 4)){ -+ const __u32 m=get_u32(payload, 4); -+ /* match 00 yy yy 00, yy can be everything */ -+ if ( get_u8(payload, 4) == 0x00 && get_u8(payload, 7) == 0x00 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "0: Soulseek command 0x%x recognized\n",get_u32(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 1); -+ } -+ -+ /* next match: 01 yy 00 00 | yy can be everything */ -+ if ( get_u8(payload, 4) == 0x01 && get_u16(payload, 6) == 0x0000 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "1: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 2); -+ } -+ -+ /* other soulseek commandos are: 1-5,7,9,13-18,22,23,26,28,35-37,40-46,50,51,60,62-69,91,92,1001 */ -+ /* try to do this in an intelligent way */ -+ /* get all small commandos */ -+ switch(m) -+ { -+ case 7: -+ case 9: -+ case 22: -+ case 23: -+ case 26: -+ case 28: -+ case 50: -+ case 51: -+ case 60: -+ case 91: -+ case 92: -+ case 1001: -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "2: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 3); -+ } -+ -+ if (m > 0 && m < 6 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "3: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 4); -+ } -+ if (m > 12 && m < 19 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "4: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 5); -+ } -+ -+ if (m > 34 && m < 38 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "5: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 6); -+ } -+ -+ if (m > 39 && m < 47 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "6: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 7); -+ } -+ -+ if (m > 61 && m < 70 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "7: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 8); -+ } -+ -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "unknown SOULSEEK command: 0x%x, first 16 bit: 0x%x, first 8 bit: 0x%x ,soulseek ???\n",get_u32(payload, 4),get_u16(payload, 4) >> 16,get_u8(payload, 4) >> 24); -+#endif /* IPP2P_DEBUG_SOUL */ -+ } -+ -+ /* match 14 00 00 00 01 yy 00 00 00 STRING(YY) 01 00 00 00 00 46|50 00 00 00 00 */ -+ /* without size at the beginning !!! */ -+ if ( get_u32(payload, 0) == 0x14 && get_u8(payload, 4) == 0x01 ) -+ { -+ __u32 y=get_u32(payload, 5); -+ /* we need 19 chars + string */ -+ if ( (y + 19) <= (plen) ) -+ { -+ const unsigned char *w=payload+9+y; -+ if (get_u32(w, 0) == 0x01 && ( get_u16(w, 4) == 0x4600 || get_u16(w, 4) == 0x5000) && get_u32(w, 6) == 0x00); -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "Soulssek special client command recognized\n"); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 9); -+ } -+ } -+ return 0; -+} -+ -+ -+/*Search for WinMX commands*/ -+int -+search_winmx (const unsigned char *payload, const u16 plen) -+{ -+//#define IPP2P_DEBUG_WINMX -+ if (((plen) == 4) && (memcmp(payload, "SEND", 4) == 0)) return ((IPP2P_WINMX * 100) + 1); -+ if (((plen) == 3) && (memcmp(payload, "GET", 3) == 0)) return ((IPP2P_WINMX * 100) + 2); -+ //if (packet_len < (head_len + 10)) return 0; -+ if (plen < 10) return 0; -+ -+ if ((memcmp(payload, "SEND", 4) == 0) || (memcmp(payload, "GET", 3) == 0)){ -+ u16 c=4; -+ const u16 end=plen-2; -+ u8 count=0; -+ while (c < end) -+ { -+ if (payload[c]== 0x20 && payload[c+1] == 0x22) -+ { -+ c++; -+ count++; -+ if (count>=2) return ((IPP2P_WINMX * 100) + 3); -+ } -+ c++; -+ } -+ } -+ -+ if ( plen == 149 && payload[0] == '8' ) -+ { -+#ifdef IPP2P_DEBUG_WINMX -+ printk(KERN_INFO "maybe WinMX\n"); -+#endif -+ if (get_u32(payload,17) == 0 && get_u32(payload,21) == 0 && get_u32(payload,25) == 0 && -+// get_u32(payload,33) == __constant_htonl(0x71182b1a) && get_u32(payload,37) == __constant_htonl(0x05050000) && -+// get_u32(payload,133) == __constant_htonl(0x31097edf) && get_u32(payload,145) == __constant_htonl(0xdcb8f792)) -+ get_u16(payload,39) == 0 && get_u16(payload,135) == __constant_htons(0x7edf) && get_u16(payload,147) == __constant_htons(0xf792)) -+ -+ { -+#ifdef IPP2P_DEBUG_WINMX -+ printk(KERN_INFO "got WinMX\n"); -+#endif -+ return ((IPP2P_WINMX * 100) + 4); -+ } -+ } -+ return 0; -+} /*search_winmx*/ -+ -+ -+/*Search for appleJuice commands*/ -+int -+search_apple (const unsigned char *payload, const u16 plen) -+{ -+ if ( (plen > 7) && (payload[6] == 0x0d) && (payload[7] == 0x0a) && (memcmp(payload, "ajprot", 6) == 0)) return (IPP2P_APPLE * 100); -+ -+ return 0; -+} -+ -+ -+/*Search for BitTorrent commands*/ -+int -+search_bittorrent (const unsigned char *payload, const u16 plen) -+{ -+ if (plen > 20) -+ { -+ /* test for match 0x13+"BitTorrent protocol" */ -+ if (payload[0] == 0x13) -+ { -+ if (memcmp(payload+1, "BitTorrent protocol", 19) == 0) return (IPP2P_BIT * 100); -+ } -+ -+ /* get tracker commandos, all starts with GET / -+ * then it can follow: scrape| announce -+ * and then ?hash_info= -+ */ -+ if (memcmp(payload,"GET /",5) == 0) -+ { -+ /* message scrape */ -+ if ( memcmp(payload+5,"scrape?info_hash=",17)==0 ) return (IPP2P_BIT * 100 + 1); -+ /* message announce */ -+ if ( memcmp(payload+5,"announce?info_hash=",19)==0 ) return (IPP2P_BIT * 100 + 2); -+ } -+ } -+ else -+ { -+ /* bitcomet encryptes the first packet, so we have to detect another -+ * one later in the flow */ -+ /* first try failed, too many missdetections */ -+ //if ( size == 5 && get_u32(t,0) == __constant_htonl(1) && t[4] < 3) return (IPP2P_BIT * 100 + 3); -+ -+ /* second try: block request packets */ -+ if ( plen == 17 && get_u32(payload,0) == __constant_htonl(0x0d) && payload[4] == 0x06 && get_u32(payload,13) == __constant_htonl(0x4000) ) return (IPP2P_BIT * 100 + 3); -+ } -+ -+ return 0; -+} -+ -+ -+ -+/*check for Kazaa get command*/ -+int -+search_kazaa (const unsigned char *payload, const u16 plen) -+ -+{ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a) && memcmp(payload, "GET /.hash=", 11) == 0) -+ return (IPP2P_DATA_KAZAA * 100); -+ -+ return 0; -+} -+ -+ -+/*check for gnutella get command*/ -+int -+search_gnu (const unsigned char *payload, const u16 plen) -+{ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) -+ { -+ if (memcmp(payload, "GET /get/", 9) == 0) return ((IPP2P_DATA_GNU * 100) + 1); -+ if (memcmp(payload, "GET /uri-res/", 13) == 0) return ((IPP2P_DATA_GNU * 100) + 2); -+ } -+ return 0; -+} -+ -+ -+/*check for gnutella get commands and other typical data*/ -+int -+search_all_gnu (const unsigned char *payload, const u16 plen) -+{ -+ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) -+ { -+ -+ if (memcmp(payload, "GNUTELLA CONNECT/", 17) == 0) return ((IPP2P_GNU * 100) + 1); -+ if (memcmp(payload, "GNUTELLA/", 9) == 0) return ((IPP2P_GNU * 100) + 2); -+ -+ -+ if ((memcmp(payload, "GET /get/", 9) == 0) || (memcmp(payload, "GET /uri-res/", 13) == 0)) -+ { -+ u16 c=8; -+ const u16 end=plen-22; -+ while (c < end) { -+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Gnutella-", 11) == 0) || (memcmp(&payload[c+2], "X-Queue:", 8) == 0))) -+ return ((IPP2P_GNU * 100) + 3); -+ c++; -+ } -+ } -+ } -+ return 0; -+} -+ -+ -+/*check for KaZaA download commands and other typical data*/ -+int -+search_all_kazaa (const unsigned char *payload, const u16 plen) -+{ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) -+ { -+ -+ if (memcmp(payload, "GIVE ", 5) == 0) return ((IPP2P_KAZAA * 100) + 1); -+ -+ if (memcmp(payload, "GET /", 5) == 0) { -+ u16 c = 8; -+ const u16 end=plen-22; -+ while (c < end) { -+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Kazaa-Username: ", 18) == 0) || (memcmp(&payload[c+2], "User-Agent: PeerEnabler/", 24) == 0))) -+ return ((IPP2P_KAZAA * 100) + 2); -+ c++; -+ } -+ } -+ } -+ return 0; -+} -+ -+/*fast check for edonkey file segment transfer command*/ -+int -+search_edk (const unsigned char *payload, const u16 plen) -+{ -+ if (payload[0] != 0xe3) -+ return 0; -+ else { -+ if (payload[5] == 0x47) -+ return (IPP2P_DATA_EDK * 100); -+ else -+ return 0; -+ } -+} -+ -+ -+ -+/*intensive but slower search for some edonkey packets including size-check*/ -+int -+search_all_edk (const unsigned char *payload, const u16 plen) -+{ -+ if (payload[0] != 0xe3) -+ return 0; -+ else { -+ //t += head_len; -+ const u16 cmd = get_u16(payload, 1); -+ if (cmd == (plen - 5)) { -+ switch (payload[5]) { -+ case 0x01: return ((IPP2P_EDK * 100) + 1); /*Client: hello or Server:hello*/ -+ case 0x4c: return ((IPP2P_EDK * 100) + 9); /*Client: Hello-Answer*/ -+ } -+ } -+ return 0; -+ } -+} -+ -+ -+/*fast check for Direct Connect send command*/ -+int -+search_dc (const unsigned char *payload, const u16 plen) -+{ -+ -+ if (payload[0] != 0x24 ) -+ return 0; -+ else { -+ if (memcmp(&payload[1], "Send|", 5) == 0) -+ return (IPP2P_DATA_DC * 100); -+ else -+ return 0; -+ } -+ -+} -+ -+ -+/*intensive but slower check for all direct connect packets*/ -+int -+search_all_dc (const unsigned char *payload, const u16 plen) -+{ -+// unsigned char *t = haystack; -+ -+ if (payload[0] == 0x24 && payload[plen-1] == 0x7c) -+ { -+ const unsigned char *t=&payload[1]; -+ /* Client-Hub-Protocol */ -+ if (memcmp(t, "Lock ", 5) == 0) return ((IPP2P_DC * 100) + 1); -+ /* Client-Client-Protocol, some are already recognized by client-hub (like lock) */ -+ if (memcmp(t, "MyNick ", 7) == 0) return ((IPP2P_DC * 100) + 38); -+ } -+ return 0; -+} -+ -+/*check for mute*/ -+int -+search_mute (const unsigned char *payload, const u16 plen) -+{ -+ if ( plen == 209 || plen == 345 || plen == 473 || plen == 609 || plen == 1121 ) -+ { -+ //printk(KERN_DEBUG "size hit: %u",size); -+ if (memcmp(payload,"PublicKey: ",11) == 0 ) -+ { -+ return ((IPP2P_MUTE * 100) + 0); -+ -+/* if (memcmp(t+size-14,"\x0aEndPublicKey\x0a",14) == 0) -+ { -+ printk(KERN_DEBUG "end pubic key hit: %u",size); -+ -+ }*/ -+ } -+ } -+ return 0; -+} -+ -+ -+/* check for xdcc */ -+int -+search_xdcc (const unsigned char *payload, const u16 plen) -+{ -+ /* search in small packets only */ -+ if (plen > 20 && plen < 200 && payload[plen-1] == 0x0a && payload[plen-2] == 0x0d && memcmp(payload,"PRIVMSG ",8) == 0) -+ { -+ -+ u16 x=10; -+ const u16 end=plen - 13; -+ -+ /* is seems to be a irc private massage, chedck for xdcc command */ -+ while (x < end) -+ { -+ if (payload[x] == ':') -+ { -+ if ( memcmp(&payload[x+1],"xdcc send #",11) == 0 ) -+ return ((IPP2P_XDCC * 100) + 0); -+ } -+ x++; -+ } -+ } -+ return 0; -+} -+ -+/* search for waste */ -+int search_waste(const unsigned char *payload, const u16 plen) -+{ -+ if ( plen >= 8 && memcmp(payload,"GET.sha1:",9) == 0) -+ return ((IPP2P_WASTE * 100) + 0); -+ -+ return 0; -+} -+ -+ -+static struct { -+ int command; -+ __u8 short_hand; /*for fucntions included in short hands*/ -+ int packet_len; -+ int (*function_name) (const unsigned char *, const u16); -+} matchlist[] = { -+ {IPP2P_EDK,SHORT_HAND_IPP2P,20, &search_all_edk}, -+// {IPP2P_DATA_KAZAA,SHORT_HAND_DATA,200, &search_kazaa}, -+// {IPP2P_DATA_EDK,SHORT_HAND_DATA,60, &search_edk}, -+// {IPP2P_DATA_DC,SHORT_HAND_DATA,26, &search_dc}, -+ {IPP2P_DC,SHORT_HAND_IPP2P,5, search_all_dc}, -+// {IPP2P_DATA_GNU,SHORT_HAND_DATA,40, &search_gnu}, -+ {IPP2P_GNU,SHORT_HAND_IPP2P,5, &search_all_gnu}, -+ {IPP2P_KAZAA,SHORT_HAND_IPP2P,5, &search_all_kazaa}, -+ {IPP2P_BIT,SHORT_HAND_IPP2P,20, &search_bittorrent}, -+ {IPP2P_APPLE,SHORT_HAND_IPP2P,5, &search_apple}, -+ {IPP2P_SOUL,SHORT_HAND_IPP2P,5, &search_soul}, -+ {IPP2P_WINMX,SHORT_HAND_IPP2P,2, &search_winmx}, -+ {IPP2P_ARES,SHORT_HAND_IPP2P,5, &search_ares}, -+ {IPP2P_MUTE,SHORT_HAND_NONE,200, &search_mute}, -+ {IPP2P_WASTE,SHORT_HAND_NONE,5, &search_waste}, -+ {IPP2P_XDCC,SHORT_HAND_NONE,5, &search_xdcc}, -+ {0,0,0,NULL} -+}; -+ -+ -+static struct { -+ int command; -+ __u8 short_hand; /*for fucntions included in short hands*/ -+ int packet_len; -+ int (*function_name) (unsigned char *, int); -+} udp_list[] = { -+ { IPP2P_KAZAA, SHORT_HAND_IPP2P, 14, &udp_search_kazaa}, -+ { IPP2P_BIT, SHORT_HAND_IPP2P, 23, &udp_search_bit}, -+ { IPP2P_GNU, SHORT_HAND_IPP2P, 11, &udp_search_gnu}, -+ { IPP2P_EDK, SHORT_HAND_IPP2P, 9, &udp_search_edk}, -+ { IPP2P_DC, SHORT_HAND_IPP2P, 12, &udp_search_directconnect}, -+ { 0, 0, 0, NULL } -+}; -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -+static bool -+#else -+static int -+#endif -+match(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) -+ const struct xt_match *match, -+#endif -+ const void *matchinfo, -+ int offset, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -+ const void *hdr, -+ u_int16_t datalen, -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) -+ unsigned int protoff, -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -+ bool *hotdrop) -+#else -+ bool *hotdrop) -+#endif -+{ -+ const struct ipt_p2p_info *info = matchinfo; -+ unsigned char *haystack; -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) -+ struct iphdr *ip = ip_hdr(skb); -+#else -+ struct iphdr *ip = skb->nh.iph; -+#endif -+ int p2p_result = 0, i = 0; -+// int head_len; -+ int hlen = ntohs(ip->tot_len)-(ip->ihl*4); /*hlen = packet-data length*/ -+ -+ /*must not be a fragment*/ -+ if (offset) { -+ if (info->debug) printk("IPP2P.match: offset found %i \n",offset); -+ return 0; -+ } -+ -+ /*make sure that skb is linear*/ -+ if(skb_is_nonlinear(skb)){ -+ if (info->debug) printk("IPP2P.match: nonlinear skb found\n"); -+ return 0; -+ } -+ -+ -+ haystack=(char *)ip+(ip->ihl*4); /*haystack = packet data*/ -+ -+ switch (ip->protocol){ -+ case IPPROTO_TCP: /*what to do with a TCP packet*/ -+ { -+ struct tcphdr *tcph = (void *) ip + ip->ihl * 4; -+ -+ if (tcph->fin) return 0; /*if FIN bit is set bail out*/ -+ if (tcph->syn) return 0; /*if SYN bit is set bail out*/ -+ if (tcph->rst) return 0; /*if RST bit is set bail out*/ -+ -+ haystack += tcph->doff * 4; /*get TCP-Header-Size*/ -+ hlen -= tcph->doff * 4; -+ while (matchlist[i].command) { -+ if ((((info->cmd & matchlist[i].command) == matchlist[i].command) || -+ ((info->cmd & matchlist[i].short_hand) == matchlist[i].short_hand)) && -+ (hlen > matchlist[i].packet_len)) { -+ p2p_result = matchlist[i].function_name(haystack, hlen); -+ if (p2p_result) -+ { -+ if (info->debug) printk("IPP2P.debug:TCP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", -+ p2p_result, NIPQUAD(ip->saddr),ntohs(tcph->source), NIPQUAD(ip->daddr),ntohs(tcph->dest),hlen); -+ return p2p_result; -+ } -+ } -+ i++; -+ } -+ return p2p_result; -+ } -+ -+ case IPPROTO_UDP: /*what to do with an UDP packet*/ -+ { -+ struct udphdr *udph = (void *) ip + ip->ihl * 4; -+ -+ while (udp_list[i].command){ -+ if ((((info->cmd & udp_list[i].command) == udp_list[i].command) || -+ ((info->cmd & udp_list[i].short_hand) == udp_list[i].short_hand)) && -+ (hlen > udp_list[i].packet_len)) { -+ p2p_result = udp_list[i].function_name(haystack, hlen); -+ if (p2p_result){ -+ if (info->debug) printk("IPP2P.debug:UDP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", -+ p2p_result, NIPQUAD(ip->saddr),ntohs(udph->source), NIPQUAD(ip->daddr),ntohs(udph->dest),hlen); -+ return p2p_result; -+ } -+ } -+ i++; -+ } -+ return p2p_result; -+ } -+ -+ default: return 0; -+ } -+} -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -+static bool -+#else -+static int -+#endif -+checkentry(const char *tablename, -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) -+ const void *ip, -+#else -+ const struct ipt_ip *ip, -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) -+ const struct xt_match *match, -+#endif -+ void *matchinfo, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) -+ unsigned int matchsize, -+#endif -+ unsigned int hook_mask) -+{ -+ /* Must specify -p tcp */ -+/* if (ip->proto != IPPROTO_TCP || (ip->invflags & IPT_INV_PROTO)) { -+ * printk("ipp2p: Only works on TCP packets, use -p tcp\n"); -+ * return 0; -+ * }*/ -+ return 1; -+} -+ -+ -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+static struct xt_match ipp2p_match = { -+#else -+static struct ipt_match ipp2p_match = { -+#endif -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -+ { NULL, NULL }, -+ "ipp2p", -+ &ipp2p_match, -+ &ipp2p_checkentry, -+ NULL, -+ THIS_MODULE -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) -+ .name = "ipp2p", -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+ .family = AF_INET, -+#endif -+ .match = &match, -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) -+ .matchsize = sizeof(struct ipt_p2p_info), -+#endif -+ .checkentry = &checkentry, -+ .me = THIS_MODULE, -+#endif -+}; -+ -+ -+static int __init init(void) -+{ -+ printk(KERN_INFO "IPP2P v%s loading\n", IPP2P_VERSION); -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+ return xt_register_match(&ipp2p_match); -+#else -+ return ipt_register_match(&ipp2p_match); -+#endif -+} -+ -+static void __exit fini(void) -+{ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+ xt_unregister_match(&ipp2p_match); -+#else -+ ipt_unregister_match(&ipp2p_match); -+#endif -+ printk(KERN_INFO "IPP2P v%s unloaded\n", IPP2P_VERSION); -+} -+ -+module_init(init); -+module_exit(fini); -+ -+ -diff -Naur linux-2.6.27.19.org/net/ipv4/netfilter/Kconfig linux-2.6.27.19/net/ipv4/netfilter/Kconfig ---- linux-2.6.27.19.org/net/ipv4/netfilter/Kconfig 2009-02-20 23:39:34.000000000 +0100 -+++ linux-2.6.27.19/net/ipv4/netfilter/Kconfig 2009-03-17 19:31:50.000000000 +0100 -@@ -406,5 +406,15 @@ - Allows altering the ARP packet payload: source and destination - hardware and network addresses. - -+config IP_NF_MATCH_IPP2P -+ tristate 'IPP2P match support' -+ depends on IP_NF_IPTABLES -+ help -+ This option makes possible to match some P2P packets -+ therefore helps controlling such traffic. -+ -+ If you want to compile it as a module, say M here and read -+ file:Documentation/modules.txt. If unsure, say `N'. -+ - endmenu - -diff -Naur linux-2.6.27.19.org/net/ipv4/netfilter/Makefile linux-2.6.27.19/net/ipv4/netfilter/Makefile ---- linux-2.6.27.19.org/net/ipv4/netfilter/Makefile 2009-02-20 23:39:34.000000000 +0100 -+++ linux-2.6.27.19/net/ipv4/netfilter/Makefile 2009-03-17 19:31:50.000000000 +0100 -@@ -49,6 +49,7 @@ - obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o - obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o - obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o -+obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o - obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o - - # targets diff --git a/src/patches/linux-2.6.27.21-imq-test3-xen.patch b/src/patches/linux-2.6.27.21-imq-test3-xen.patch deleted file mode 100644 index f9401db..0000000 --- a/src/patches/linux-2.6.27.21-imq-test3-xen.patch +++ /dev/null @@ -1,1212 +0,0 @@ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/imq.c linux-2.6.27.21-imq/drivers/net/imq.c ---- linux-2.6.27.21/drivers/net/imq.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/imq.c 2009-04-20 23:52:22.712017559 +0300 -@@ -0,0 +1,566 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, kaber@trash.net -+ * -+ * The first version was written by Martin Devera, devik@cdi.cz -+ * -+ * Credits: Jan Rafaj imq2t@cedric.vabo.cz -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo sstrollo@nortelnetworks.com -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek sebek64@post.cz -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead -+ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. New initialization routines to fix 'rmmod' not -+ * working anymore. Used code from ifb.c. (Jussi Kivilinna) -+ * -+ * 2008/08/06 - 2.6.26 - (JK) -+ * - Replaced tasklet with 'netif_schedule()'. -+ * - Cleaned up and added comments for imq_nf_queue(). -+ * -+ * 2009/04/12 -+ * - Add skb_save_cb/skb_restore_cb helper functions for backuping -+ * control buffer. This is needed because qdisc-layer on kernels -+ * 2.6.27 and newer overwrite control buffer. (Jussi Kivilinna) -+ * - Add better locking for IMQ device. Hopefully this will solve -+ * SMP issues. (Jussi Kivilinna) -+ * - Port to 2.6.27 -+ * -+ * 2009/04/20 - (Jussi Kivilinna) -+ * - Fix rmmod not working -+ * - Use netdevice feature flags to avoid extra packet handling -+ * by core networking layer and possibly increase performance. -+ * -+ * Also, many thanks to pablo Sebastian Greco for making the initial -+ * patch and to those who helped the testing. -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include <linux/module.h> -+#include <linux/kernel.h> -+#include <linux/moduleparam.h> -+#include <linux/list.h> -+#include <linux/skbuff.h> -+#include <linux/netdevice.h> -+#include <linux/etherdevice.h> -+#include <linux/rtnetlink.h> -+#include <linux/if_arp.h> -+#include <linux/netfilter.h> -+#include <linux/netfilter_ipv4.h> -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include <linux/netfilter_ipv6.h> -+#endif -+#include <linux/imq.h> -+#include <net/pkt_sched.h> -+#include <net/netfilter/nf_queue.h> -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static DEFINE_SPINLOCK(imq_nf_queue_lock); -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) -+{ -+ int status; -+ -+ if (!entry->next_outfn) { -+ spin_lock_bh(&imq_nf_queue_lock); -+ nf_reinject(entry, verdict); -+ spin_unlock_bh(&imq_nf_queue_lock); -+ return; -+ } -+ -+ rcu_read_lock(); -+ local_bh_disable(); -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ local_bh_enable(); -+ if (status < 0) { -+ nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); -+ kfree(entry); -+ } -+ -+ rcu_read_unlock(); -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ dev->trans_start = jiffies; -+ imq_nf_reinject(skb->nf_queue_entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct sk_buff *skb_orig, *skb, *skb_shared; -+ struct Qdisc *q; -+ struct netdev_queue *txq; -+ int users, index; -+ int retval = -EINVAL; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ dev = dev_get_by_name(&init_net, buf); -+ if (!dev) { -+ /* not found ?!*/ -+ BUG(); -+ retval = -ENODEV; -+ goto out; -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ retval = 0; -+ goto out; -+ } -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (!skb) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ entry->skb = skb; -+ } -+ -+ skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ txq = dev_pick_tx(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ spin_lock_bh(qdisc_lock(q)); -+ -+ users = atomic_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ skb_save_cb(skb_shared); /* backup skb->cb, as qdisc layer will -+ overwrite it */ -+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */ -+ -+ if (likely(atomic_read(&skb_shared->users) == users + 1)) { -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ /* cloned? */ -+ if (skb_orig) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock_bh(qdisc_lock(q)); -+ -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+ -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ /* qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. */ -+ spin_unlock_bh(qdisc_lock(q)); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ /* cloned? restore original */ -+ if (skb_orig) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ return retval; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[]) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ printk(KERN_WARNING "IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ nf_register_queue_imq_handler(&nfqh); -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err2; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err3; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err4; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err4: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err3: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err2: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err1: -+ nf_unregister_queue_imq_handler(); -+ return err; -+} -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev(0, "imq%d", imq_setup); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -+ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Kconfig linux-2.6.27.21-imq/drivers/net/Kconfig ---- linux-2.6.27.21/drivers/net/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Kconfig 2009-04-20 23:48:35.702017146 +0300 -@@ -109,6 +109,129 @@ - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Makefile linux-2.6.27.21-imq/drivers/net/Makefile ---- linux-2.6.27.21/drivers/net/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Makefile 2009-04-20 23:48:35.702017146 +0300 -@@ -144,6 +144,7 @@ - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/imq.h linux-2.6.27.21-imq/include/linux/imq.h ---- linux-2.6.27.21/include/linux/imq.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/imq.h 2009-04-20 23:48:35.702017146 +0300 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netdevice.h linux-2.6.27.21-imq/include/linux/netdevice.h ---- linux-2.6.27.21/include/linux/netdevice.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netdevice.h 2009-04-20 23:48:35.703017245 +0300 -@@ -915,6 +915,7 @@ - extern int dev_open(struct net_device *dev); - extern int dev_close(struct net_device *dev); - extern void dev_disable_lro(struct net_device *dev); -+extern struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb); - extern int dev_queue_xmit(struct sk_buff *skb); - extern int register_netdevice(struct net_device *dev); - extern void unregister_netdevice(struct net_device *dev); -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h 2009-04-20 23:48:35.704017144 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/net/netfilter/nf_queue.h linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h ---- linux-2.6.27.21/include/net/netfilter/nf_queue.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h 2009-04-20 23:48:35.704017144 +0300 -@@ -13,6 +13,12 @@ - struct net_device *indev; - struct net_device *outdev; - int (*okfn)(struct sk_buff *); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ int (*next_outfn)(struct nf_queue_entry *entry, -+ unsigned int queuenum); -+ unsigned int next_queuenum; -+#endif - }; - - #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) -@@ -30,5 +36,11 @@ - const struct nf_queue_handler *qh); - extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh); - extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+extern void nf_unregister_queue_imq_handler(void); -+#endif - - #endif /* _NF_QUEUE_H */ -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/dev.c linux-2.6.27.21-imq/net/core/dev.c ---- linux-2.6.27.21/net/core/dev.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/dev.c 2009-04-20 23:48:35.706016975 +0300 -@@ -96,6 +96,9 @@ - #include <net/net_namespace.h> - #include <net/sock.h> - #include <linux/rtnetlink.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - #include <linux/proc_fs.h> - #include <linux/seq_file.h> - #include <linux/stat.h> -@@ -1624,7 +1627,11 @@ - struct netdev_queue *txq) - { - if (likely(!skb->next)) { -- if (!list_empty(&ptype_all)) -+ if (!list_empty(&ptype_all) -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ && !(skb->imq_flags & IMQ_F_ENQUEUE) -+#endif -+ ) - dev_queue_xmit_nit(skb, dev); - - if (netif_needs_gso(dev, skb)) { -@@ -1715,8 +1722,7 @@ - return (u16) (((u64) hash * dev->real_num_tx_queues) >> 32); - } - --static struct netdev_queue *dev_pick_tx(struct net_device *dev, -- struct sk_buff *skb) -+struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb) - { - u16 queue_index = 0; - -@@ -1728,6 +1734,7 @@ - skb_set_queue_mapping(skb, queue_index); - return netdev_get_tx_queue(dev, queue_index); - } -+EXPORT_SYMBOL(dev_pick_tx); - - /** - * dev_queue_xmit - transmit a buffer -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/skbuff.c linux-2.6.27.21-imq/net/core/skbuff.c ---- linux-2.6.27.21/net/core/skbuff.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/skbuff.c 2009-04-20 23:48:35.707017089 +0300 -@@ -69,6 +69,9 @@ - - static struct kmem_cache *skbuff_head_cache __read_mostly; - static struct kmem_cache *skbuff_fclone_cache __read_mostly; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif - - static void sock_pipe_buf_release(struct pipe_inode_info *pipe, - struct pipe_buffer *buf) -@@ -88,6 +91,80 @@ - return 1; - } - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ void *cb_next; -+ atomic_t refcnt; -+ char cb[48]; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) { -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ } -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff *new, struct sk_buff *old) -+{ -+ struct skb_cb_table *next; -+ -+ if (!old->cb_next) { -+ new->cb_next = 0; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /* Pipe buffer operations for a socket. */ - static struct pipe_buf_operations sock_pipe_buf_ops = { -@@ -362,6 +439,15 @@ - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* This should not happen. When it does, avoid memleak by restoring -+ the chain of cb-backups. */ -+ while(skb->cb_next != NULL) { -+ printk(KERN_WARNING "kfree_skb: skb->cb_next: %08x\n", -+ skb->cb_next); -+ skb_restore_cb(skb); -+ } -+#endif - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - nf_conntrack_put(skb->nfct); - nf_conntrack_put_reasm(skb->nfct_reasm); -@@ -424,6 +510,9 @@ - new->sp = secpath_get(old->sp); - #endif - memcpy(new->cb, old->cb, sizeof(old->cb)); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb_copy_stored_cb(new, old); -+#endif - new->csum_start = old->csum_start; - new->csum_offset = old->csum_offset; - new->local_df = old->local_df; -@@ -2326,6 +2415,13 @@ - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - /** -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Kconfig linux-2.6.27.21-imq/net/netfilter/Kconfig ---- linux-2.6.27.21/net/netfilter/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Kconfig 2009-04-20 23:48:35.707017089 +0300 -@@ -342,6 +342,18 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_XTABLES -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Makefile linux-2.6.27.21-imq/net/netfilter/Makefile ---- linux-2.6.27.21/net/netfilter/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Makefile 2009-04-20 23:48:35.707017089 +0300 -@@ -42,6 +42,7 @@ - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/nf_queue.c linux-2.6.27.21-imq/net/netfilter/nf_queue.c ---- linux-2.6.27.21/net/netfilter/nf_queue.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/nf_queue.c 2009-04-20 23:48:35.708017126 +0300 -@@ -20,6 +20,26 @@ - - static DEFINE_MUTEX(queue_handler_mutex); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler *queue_imq_handler; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, qh); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, NULL); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - int nf_register_queue_handler(int pf, const struct nf_queue_handler *qh) -@@ -80,7 +100,7 @@ - } - EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers); - --static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - { - /* Release those devices we held, or Alexey will kill me. */ - if (entry->indev) -@@ -100,6 +120,7 @@ - /* Drop reference to owner of hook which queued us. */ - module_put(entry->elem->owner); - } -+EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs); - - /* - * Any packet that leaves via this function must come back -@@ -121,12 +142,26 @@ - #endif - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ const struct nf_queue_handler *qih = NULL; -+#endif - - /* QUEUE == DROP if noone is waiting, to be safe. */ - rcu_read_lock(); - - qh = rcu_dereference(queue_handler[pf]); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ if (pf == PF_INET || pf == PF_INET6) -+#else -+ if (pf == PF_INET) -+#endif -+ qih = rcu_dereference(queue_imq_handler); -+ -+ if (!qh && !qih) -+#else /* !IMQ */ - if (!qh) -+#endif - goto err_unlock; - - afinfo = nf_get_afinfo(pf); -@@ -145,6 +180,10 @@ - .indev = indev, - .outdev = outdev, - .okfn = okfn, -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ .next_outfn = qh ? qh->outfn : NULL, -+ .next_queuenum = queuenum, -+#endif - }; - - /* If it's going away, ignore hook. */ -@@ -170,8 +209,19 @@ - } - #endif - afinfo->saveroute(skb, entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if (qih) { -+ status = qih->outfn(entry, queuenum); -+ goto imq_skip_queue; -+ } -+#endif -+ - status = qh->outfn(entry, queuenum); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+imq_skip_queue: -+#endif - rcu_read_unlock(); - - if (status < 0) { -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/xt_IMQ.c linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c ---- linux-2.6.27.21/net/netfilter/xt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c 2009-04-20 23:48:35.708017126 +0300 -@@ -0,0 +1,81 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+#include <linux/imq.h> -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, -+ const void *targinfo) -+{ -+ const struct xt_imq_info *mr = targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static bool imq_checkentry(const char *tablename, -+ const void *entry, -+ const struct xt_target *target, -+ void *targinfo, -+ unsigned int hook_mask) -+{ -+ struct xt_imq_info *mr = targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ diff --git a/src/patches/linux-2.6.27.21-imq-test3.patch b/src/patches/linux-2.6.27.21-imq-test3.patch deleted file mode 100644 index fb09371..0000000 --- a/src/patches/linux-2.6.27.21-imq-test3.patch +++ /dev/null @@ -1,1279 +0,0 @@ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/imq.c linux-2.6.27.21-imq/drivers/net/imq.c ---- linux-2.6.27.21/drivers/net/imq.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/imq.c 2009-04-20 23:52:22.712017559 +0300 -@@ -0,0 +1,566 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, kaber@trash.net -+ * -+ * The first version was written by Martin Devera, devik@cdi.cz -+ * -+ * Credits: Jan Rafaj imq2t@cedric.vabo.cz -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo sstrollo@nortelnetworks.com -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek sebek64@post.cz -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead -+ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. New initialization routines to fix 'rmmod' not -+ * working anymore. Used code from ifb.c. (Jussi Kivilinna) -+ * -+ * 2008/08/06 - 2.6.26 - (JK) -+ * - Replaced tasklet with 'netif_schedule()'. -+ * - Cleaned up and added comments for imq_nf_queue(). -+ * -+ * 2009/04/12 -+ * - Add skb_save_cb/skb_restore_cb helper functions for backuping -+ * control buffer. This is needed because qdisc-layer on kernels -+ * 2.6.27 and newer overwrite control buffer. (Jussi Kivilinna) -+ * - Add better locking for IMQ device. Hopefully this will solve -+ * SMP issues. (Jussi Kivilinna) -+ * - Port to 2.6.27 -+ * -+ * 2009/04/20 - (Jussi Kivilinna) -+ * - Fix rmmod not working -+ * - Use netdevice feature flags to avoid extra packet handling -+ * by core networking layer and possibly increase performance. -+ * -+ * Also, many thanks to pablo Sebastian Greco for making the initial -+ * patch and to those who helped the testing. -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include <linux/module.h> -+#include <linux/kernel.h> -+#include <linux/moduleparam.h> -+#include <linux/list.h> -+#include <linux/skbuff.h> -+#include <linux/netdevice.h> -+#include <linux/etherdevice.h> -+#include <linux/rtnetlink.h> -+#include <linux/if_arp.h> -+#include <linux/netfilter.h> -+#include <linux/netfilter_ipv4.h> -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include <linux/netfilter_ipv6.h> -+#endif -+#include <linux/imq.h> -+#include <net/pkt_sched.h> -+#include <net/netfilter/nf_queue.h> -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static DEFINE_SPINLOCK(imq_nf_queue_lock); -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) -+{ -+ int status; -+ -+ if (!entry->next_outfn) { -+ spin_lock_bh(&imq_nf_queue_lock); -+ nf_reinject(entry, verdict); -+ spin_unlock_bh(&imq_nf_queue_lock); -+ return; -+ } -+ -+ rcu_read_lock(); -+ local_bh_disable(); -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ local_bh_enable(); -+ if (status < 0) { -+ nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); -+ kfree(entry); -+ } -+ -+ rcu_read_unlock(); -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ dev->trans_start = jiffies; -+ imq_nf_reinject(skb->nf_queue_entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct sk_buff *skb_orig, *skb, *skb_shared; -+ struct Qdisc *q; -+ struct netdev_queue *txq; -+ int users, index; -+ int retval = -EINVAL; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ dev = dev_get_by_name(&init_net, buf); -+ if (!dev) { -+ /* not found ?!*/ -+ BUG(); -+ retval = -ENODEV; -+ goto out; -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ retval = 0; -+ goto out; -+ } -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (!skb) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ entry->skb = skb; -+ } -+ -+ skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ txq = dev_pick_tx(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ spin_lock_bh(qdisc_lock(q)); -+ -+ users = atomic_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ skb_save_cb(skb_shared); /* backup skb->cb, as qdisc layer will -+ overwrite it */ -+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */ -+ -+ if (likely(atomic_read(&skb_shared->users) == users + 1)) { -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ /* cloned? */ -+ if (skb_orig) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock_bh(qdisc_lock(q)); -+ -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+ -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ /* qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. */ -+ spin_unlock_bh(qdisc_lock(q)); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ /* cloned? restore original */ -+ if (skb_orig) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ return retval; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[]) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ printk(KERN_WARNING "IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ nf_register_queue_imq_handler(&nfqh); -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err2; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err3; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err4; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err4: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err3: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err2: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err1: -+ nf_unregister_queue_imq_handler(); -+ return err; -+} -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev(0, "imq%d", imq_setup); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -+ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Kconfig linux-2.6.27.21-imq/drivers/net/Kconfig ---- linux-2.6.27.21/drivers/net/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Kconfig 2009-04-20 23:48:35.702017146 +0300 -@@ -109,6 +109,129 @@ - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Makefile linux-2.6.27.21-imq/drivers/net/Makefile ---- linux-2.6.27.21/drivers/net/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Makefile 2009-04-20 23:48:35.702017146 +0300 -@@ -144,6 +144,7 @@ - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/imq.h linux-2.6.27.21-imq/include/linux/imq.h ---- linux-2.6.27.21/include/linux/imq.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/imq.h 2009-04-20 23:48:35.702017146 +0300 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netdevice.h linux-2.6.27.21-imq/include/linux/netdevice.h ---- linux-2.6.27.21/include/linux/netdevice.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netdevice.h 2009-04-20 23:48:35.703017245 +0300 -@@ -915,6 +915,7 @@ - extern int dev_open(struct net_device *dev); - extern int dev_close(struct net_device *dev); - extern void dev_disable_lro(struct net_device *dev); -+extern struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb); - extern int dev_queue_xmit(struct sk_buff *skb); - extern int register_netdevice(struct net_device *dev); - extern void unregister_netdevice(struct net_device *dev); -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h 2009-04-20 23:48:35.704017144 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/skbuff.h linux-2.6.27.21-imq/include/linux/skbuff.h ---- linux-2.6.27.21/include/linux/skbuff.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/skbuff.h 2009-04-20 23:48:35.704017144 +0300 -@@ -28,6 +28,9 @@ - #include <linux/rcupdate.h> - #include <linux/dmaengine.h> - #include <linux/hrtimer.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - - #define HAVE_ALLOC_SKB /* For the drivers to know */ - #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ -@@ -272,6 +275,9 @@ - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48]; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned int len, - data_len; -@@ -302,6 +308,9 @@ - struct nf_conntrack *nfct; - struct sk_buff *nfct_reasm; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - struct nf_bridge_info *nf_bridge; - #endif -@@ -321,6 +330,9 @@ - __u8 do_not_encrypt:1; - #endif - /* 0/13/14 bit hole */ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; -@@ -353,6 +365,12 @@ - - #include <asm/system.h> - -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern int skb_save_cb(struct sk_buff *skb); -+extern int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern void kfree_skb(struct sk_buff *skb); - extern void __kfree_skb(struct sk_buff *skb); - extern struct sk_buff *__alloc_skb(unsigned int size, -@@ -1633,6 +1651,10 @@ - dst->nfct_reasm = src->nfct_reasm; - nf_conntrack_get_reasm(src->nfct_reasm); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); -diff -uNr --exclude='*~' linux-2.6.27.21/include/net/netfilter/nf_queue.h linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h ---- linux-2.6.27.21/include/net/netfilter/nf_queue.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h 2009-04-20 23:48:35.704017144 +0300 -@@ -13,6 +13,12 @@ - struct net_device *indev; - struct net_device *outdev; - int (*okfn)(struct sk_buff *); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ int (*next_outfn)(struct nf_queue_entry *entry, -+ unsigned int queuenum); -+ unsigned int next_queuenum; -+#endif - }; - - #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) -@@ -30,5 +36,11 @@ - const struct nf_queue_handler *qh); - extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh); - extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+extern void nf_unregister_queue_imq_handler(void); -+#endif - - #endif /* _NF_QUEUE_H */ -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/dev.c linux-2.6.27.21-imq/net/core/dev.c ---- linux-2.6.27.21/net/core/dev.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/dev.c 2009-04-20 23:48:35.706016975 +0300 -@@ -96,6 +96,9 @@ - #include <net/net_namespace.h> - #include <net/sock.h> - #include <linux/rtnetlink.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - #include <linux/proc_fs.h> - #include <linux/seq_file.h> - #include <linux/stat.h> -@@ -1624,7 +1627,11 @@ - struct netdev_queue *txq) - { - if (likely(!skb->next)) { -- if (!list_empty(&ptype_all)) -+ if (!list_empty(&ptype_all) -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ && !(skb->imq_flags & IMQ_F_ENQUEUE) -+#endif -+ ) - dev_queue_xmit_nit(skb, dev); - - if (netif_needs_gso(dev, skb)) { -@@ -1715,8 +1722,7 @@ - return (u16) (((u64) hash * dev->real_num_tx_queues) >> 32); - } - --static struct netdev_queue *dev_pick_tx(struct net_device *dev, -- struct sk_buff *skb) -+struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb) - { - u16 queue_index = 0; - -@@ -1728,6 +1734,7 @@ - skb_set_queue_mapping(skb, queue_index); - return netdev_get_tx_queue(dev, queue_index); - } -+EXPORT_SYMBOL(dev_pick_tx); - - /** - * dev_queue_xmit - transmit a buffer -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/skbuff.c linux-2.6.27.21-imq/net/core/skbuff.c ---- linux-2.6.27.21/net/core/skbuff.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/skbuff.c 2009-04-20 23:48:35.707017089 +0300 -@@ -69,6 +69,9 @@ - - static struct kmem_cache *skbuff_head_cache __read_mostly; - static struct kmem_cache *skbuff_fclone_cache __read_mostly; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif - - static void sock_pipe_buf_release(struct pipe_inode_info *pipe, - struct pipe_buffer *buf) -@@ -88,6 +91,80 @@ - return 1; - } - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ void *cb_next; -+ atomic_t refcnt; -+ char cb[48]; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) { -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ } -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff *new, struct sk_buff *old) -+{ -+ struct skb_cb_table *next; -+ -+ if (!old->cb_next) { -+ new->cb_next = 0; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /* Pipe buffer operations for a socket. */ - static struct pipe_buf_operations sock_pipe_buf_ops = { -@@ -362,6 +439,15 @@ - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* This should not happen. When it does, avoid memleak by restoring -+ the chain of cb-backups. */ -+ while(skb->cb_next != NULL) { -+ printk(KERN_WARNING "kfree_skb: skb->cb_next: %08x\n", -+ skb->cb_next); -+ skb_restore_cb(skb); -+ } -+#endif - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - nf_conntrack_put(skb->nfct); - nf_conntrack_put_reasm(skb->nfct_reasm); -@@ -424,6 +510,9 @@ - new->sp = secpath_get(old->sp); - #endif - memcpy(new->cb, old->cb, sizeof(old->cb)); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb_copy_stored_cb(new, old); -+#endif - new->csum_start = old->csum_start; - new->csum_offset = old->csum_offset; - new->local_df = old->local_df; -@@ -2326,6 +2415,13 @@ - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - /** -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Kconfig linux-2.6.27.21-imq/net/netfilter/Kconfig ---- linux-2.6.27.21/net/netfilter/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Kconfig 2009-04-20 23:48:35.707017089 +0300 -@@ -342,6 +342,18 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_XTABLES -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Makefile linux-2.6.27.21-imq/net/netfilter/Makefile ---- linux-2.6.27.21/net/netfilter/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Makefile 2009-04-20 23:48:35.707017089 +0300 -@@ -42,6 +42,7 @@ - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/nf_queue.c linux-2.6.27.21-imq/net/netfilter/nf_queue.c ---- linux-2.6.27.21/net/netfilter/nf_queue.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/nf_queue.c 2009-04-20 23:48:35.708017126 +0300 -@@ -20,6 +20,26 @@ - - static DEFINE_MUTEX(queue_handler_mutex); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler *queue_imq_handler; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, qh); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, NULL); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - int nf_register_queue_handler(int pf, const struct nf_queue_handler *qh) -@@ -80,7 +100,7 @@ - } - EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers); - --static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - { - /* Release those devices we held, or Alexey will kill me. */ - if (entry->indev) -@@ -100,6 +120,7 @@ - /* Drop reference to owner of hook which queued us. */ - module_put(entry->elem->owner); - } -+EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs); - - /* - * Any packet that leaves via this function must come back -@@ -121,12 +142,26 @@ - #endif - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ const struct nf_queue_handler *qih = NULL; -+#endif - - /* QUEUE == DROP if noone is waiting, to be safe. */ - rcu_read_lock(); - - qh = rcu_dereference(queue_handler[pf]); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ if (pf == PF_INET || pf == PF_INET6) -+#else -+ if (pf == PF_INET) -+#endif -+ qih = rcu_dereference(queue_imq_handler); -+ -+ if (!qh && !qih) -+#else /* !IMQ */ - if (!qh) -+#endif - goto err_unlock; - - afinfo = nf_get_afinfo(pf); -@@ -145,6 +180,10 @@ - .indev = indev, - .outdev = outdev, - .okfn = okfn, -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ .next_outfn = qh ? qh->outfn : NULL, -+ .next_queuenum = queuenum, -+#endif - }; - - /* If it's going away, ignore hook. */ -@@ -170,8 +209,19 @@ - } - #endif - afinfo->saveroute(skb, entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if (qih) { -+ status = qih->outfn(entry, queuenum); -+ goto imq_skip_queue; -+ } -+#endif -+ - status = qh->outfn(entry, queuenum); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+imq_skip_queue: -+#endif - rcu_read_unlock(); - - if (status < 0) { -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/xt_IMQ.c linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c ---- linux-2.6.27.21/net/netfilter/xt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c 2009-04-20 23:48:35.708017126 +0300 -@@ -0,0 +1,81 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+#include <linux/imq.h> -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, -+ const void *targinfo) -+{ -+ const struct xt_imq_info *mr = targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static bool imq_checkentry(const char *tablename, -+ const void *entry, -+ const struct xt_target *target, -+ void *targinfo, -+ unsigned int hook_mask) -+{ -+ struct xt_imq_info *mr = targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ diff --git a/src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch b/src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch deleted file mode 100644 index 08df38e..0000000 --- a/src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Naur linux-2.6.27.25.org/drivers/usb/serial/option.c linux-2.6.27.25/drivers/usb/serial/option.c ---- linux-2.6.27.25.org/drivers/usb/serial/option.c 2009-06-12 05:04:50.000000000 +0200 -+++ linux-2.6.27.25/drivers/usb/serial/option.c 2009-07-30 10:19:36.000000000 +0200 -@@ -286,6 +286,12 @@ - #define ZTE_PRODUCT_MF622 0x0001 - #define ZTE_PRODUCT_MF628 0x0015 - #define ZTE_PRODUCT_MF626 0x0031 -+ -+/* Vodafone K3565-Z - pid depends on firmware version */ -+#define ZTE_PRODUCT_VFK3565_1 0x0049 -+#define ZTE_PRODUCT_VFK3565_2 0x0052 -+#define ZTE_PRODUCT_VFK3565_3 0x0063 -+ - #define ZTE_PRODUCT_CDMA_TECH 0xfffe - - #define BENQ_VENDOR_ID 0x04a5 -@@ -500,6 +506,9 @@ - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622) }, - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_MF626) }, - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_MF628) }, -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_VFK3565_1) }, -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_VFK3565_2) }, -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_VFK3565_3) }, - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_CDMA_TECH) }, - { USB_DEVICE(BENQ_VENDOR_ID, BENQ_PRODUCT_H10) }, - { USB_DEVICE(0x1da5, 0x4515) }, /* BenQ H20 */ diff --git a/src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch b/src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch deleted file mode 100644 index 5a43f73..0000000 --- a/src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Rafael J. Wysocki rjw@sisk.pl -Date: Wed, 29 Oct 2008 21:22:18 +0000 (-0700) -Subject: e100: adapt to the reworked PCI PM -X-Git-Tag: v2.6.29-rc1~581^2~935 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=c... - -e100: adapt to the reworked PCI PM - -Adapt the e100 driver to the reworked PCI PM - -* Use the observation that it is sufficient to call pci_enable_wake() - once, unless it fails - -Signed-off-by: Rafael J. Wysocki rjw@sisk.pl -Tested-by: Jeff Kirsher jeffrey.t.kirsher@intel.com -Acked-by: Jeff Kirsher jeffrey.t.kirsher@intel.com -Cc: Jesse Barnes jbarnes@virtuousgeek.org -Cc: Jeff Garzik jeff@garzik.org -Cc: Frans Pop elendil@planet.nl -Signed-off-by: Andrew Morton akpm@linux-foundation.org -Signed-off-by: Jeff Garzik jgarzik@redhat.com ---- - -diff --git a/drivers/net/e100.c b/drivers/net/e100.c -index bb4b6e2..084127f 100644 ---- a/drivers/net/e100.c -+++ b/drivers/net/e100.c -@@ -2322,7 +2322,8 @@ static int e100_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) - { - struct nic *nic = netdev_priv(netdev); - -- if(wol->wolopts != WAKE_MAGIC && wol->wolopts != 0) -+ if ((wol->wolopts && wol->wolopts != WAKE_MAGIC) || -+ !device_can_wakeup(&nic->pdev->dev)) - return -EOPNOTSUPP; - - if(wol->wolopts) -@@ -2330,6 +2331,8 @@ static int e100_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) - else - nic->flags &= ~wol_magic; - -+ device_set_wakeup_enable(&nic->pdev->dev, wol->wolopts); -+ - e100_exec_cb(nic, NULL, e100_configure); - - return 0; -@@ -2733,8 +2736,10 @@ static int __devinit e100_probe(struct pci_dev *pdev, - - /* Wol magic packet can be enabled from eeprom */ - if((nic->mac >= mac_82558_D101_A4) && -- (nic->eeprom[eeprom_id] & eeprom_id_wol)) -+ (nic->eeprom[eeprom_id] & eeprom_id_wol)) { - nic->flags |= wol_magic; -+ device_set_wakeup_enable(&pdev->dev, true); -+ } - - /* ack any pending wake events, disable PME */ - pci_pme_active(pdev, false); -@@ -2793,11 +2798,10 @@ static int e100_suspend(struct pci_dev *pdev, pm_message_t state) - pci_save_state(pdev); - - if ((nic->flags & wol_magic) | e100_asf(nic)) { -- pci_enable_wake(pdev, PCI_D3hot, 1); -- pci_enable_wake(pdev, PCI_D3cold, 1); -+ if (pci_enable_wake(pdev, PCI_D3cold, true)) -+ pci_enable_wake(pdev, PCI_D3hot, true); - } else { -- pci_enable_wake(pdev, PCI_D3hot, 0); -- pci_enable_wake(pdev, PCI_D3cold, 0); -+ pci_enable_wake(pdev, PCI_D3hot, false); - } - - pci_disable_device(pdev); diff --git a/src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch b/src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch deleted file mode 100644 index fbe3098..0000000 --- a/src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/drivers/net/wireless/ath/ath5k/ath5k.h b/drivers/net/wireless/ath/ath5k/ath5k.h -index 66bcb50..ad4d446 100644 ---- a/drivers/net/wireless/ath/ath5k/ath5k.h -+++ b/drivers/net/wireless/ath/ath5k/ath5k.h -@@ -535,7 +535,7 @@ struct ath5k_txq_info { - u32 tqi_cbr_period; /* Constant bit rate period */ - u32 tqi_cbr_overflow_limit; - u32 tqi_burst_time; -- u32 tqi_ready_time; /* Not used */ -+ u32 tqi_ready_time; /* Time queue waits after an event */ - }; - - /* -diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c -index b501537..535a6af 100644 ---- a/drivers/net/wireless/ath/ath5k/base.c -+++ b/drivers/net/wireless/ath/ath5k/base.c -@@ -1516,7 +1516,8 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - - ret = ath5k_hw_get_tx_queueprops(ah, sc->bhalq, &qi); - if (ret) -- return ret; -+ goto err; -+ - if (sc->opmode == NL80211_IFTYPE_AP || - sc->opmode == NL80211_IFTYPE_MESH_POINT) { - /* -@@ -1543,10 +1544,25 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - if (ret) { - ATH5K_ERR(sc, "%s: unable to update parameters for beacon " - "hardware queue!\n", __func__); -- return ret; -+ goto err; - } -+ ret = ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */ -+ if (ret) -+ goto err; - -- return ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */; -+ /* reconfigure cabq with ready time to 80% of beacon_interval */ -+ ret = ath5k_hw_get_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ qi.tqi_ready_time = (sc->bintval * 80) / 100; -+ ret = ath5k_hw_set_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ ret = ath5k_hw_reset_tx_queue(ah, AR5K_TX_QUEUE_ID_CAB); -+err: -+ return ret; - } - - static void -diff --git a/drivers/net/wireless/ath/ath5k/qcu.c b/drivers/net/wireless/ath/ath5k/qcu.c -index abe36c0..9122a85 100644 ---- a/drivers/net/wireless/ath/ath5k/qcu.c -+++ b/drivers/net/wireless/ath/ath5k/qcu.c -@@ -408,12 +408,13 @@ int ath5k_hw_reset_tx_queue(struct ath5k_hw *ah, unsigned int queue) - break; - - case AR5K_TX_QUEUE_CAB: -+ /* XXX: use BCN_SENT_GT, if we can figure out how */ - AR5K_REG_ENABLE_BITS(ah, AR5K_QUEUE_MISC(queue), -- AR5K_QCU_MISC_FRSHED_BCN_SENT_GT | -+ AR5K_QCU_MISC_FRSHED_DBA_GT | - AR5K_QCU_MISC_CBREXP_DIS | - AR5K_QCU_MISC_CBREXP_BCN_DIS); - -- ath5k_hw_reg_write(ah, ((AR5K_TUNE_BEACON_INTERVAL - -+ ath5k_hw_reg_write(ah, ((tq->tqi_ready_time - - (AR5K_TUNE_SW_BEACON_RESP - - AR5K_TUNE_DMA_BEACON_RESP) - - AR5K_TUNE_ADDITIONAL_SWBA_BACKOFF) * 1024) | diff --git a/src/patches/openssh-4.7p1-padlock.patch b/src/patches/openssh-4.7p1-padlock.patch deleted file mode 100644 index d0708f4..0000000 --- a/src/patches/openssh-4.7p1-padlock.patch +++ /dev/null @@ -1,141 +0,0 @@ -diff -urN openssh-4.7p1.orig/ssh-add.c openssh-4.7p1/ssh-add.c ---- openssh-4.7p1.orig/ssh-add.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-add.c 2007-09-06 15:21:26.489159294 +0200 -@@ -42,6 +42,7 @@ - #include <sys/param.h> - - #include <openssl/evp.h> -+#include <openssl/engine.h> - - #include <fcntl.h> - #include <pwd.h> -@@ -343,7 +344,11 @@ - - SSLeay_add_all_algorithms(); - -- /* At first, get a connection to the authentication agent. */ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - ac = ssh_get_authentication_connection(); - if (ac == NULL) { - fprintf(stderr, -diff -urN openssh-4.7p1.orig/ssh-agent.c openssh-4.7p1/ssh-agent.c ---- openssh-4.7p1.orig/ssh-agent.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-agent.c 2007-09-06 15:23:21.495713144 +0200 -@@ -51,6 +51,7 @@ - - #include <openssl/evp.h> - #include <openssl/md5.h> -+#include <openssl/engine.h> - - #include <errno.h> - #include <fcntl.h> -@@ -1061,6 +1062,11 @@ - - SSLeay_add_all_algorithms(); - -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - __progname = ssh_get_progname(av[0]); - init_rng(); - seed_rng(); -diff -urN openssh-4.7p1.orig/ssh.c openssh-4.7p1/ssh.c ---- openssh-4.7p1.orig/ssh.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh.c 2007-09-06 15:24:18.498961574 +0200 -@@ -72,6 +72,7 @@ - - #include <openssl/evp.h> - #include <openssl/err.h> -+#include <openssl/engine.h> - - #include "xmalloc.h" - #include "ssh.h" -@@ -560,6 +561,11 @@ - SSLeay_add_all_algorithms(); - ERR_load_crypto_strings(); - -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - /* Initialize the command to execute on remote host. */ - buffer_init(&command); - -diff -urN openssh-4.7p1.orig/sshd.c openssh-4.7p1/sshd.c ---- openssh-4.7p1.orig/sshd.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/sshd.c 2007-09-06 15:25:03.001497629 +0200 -@@ -75,6 +75,7 @@ - #include <openssl/bn.h> - #include <openssl/md5.h> - #include <openssl/rand.h> -+#include <openssl/engine.h> - #ifdef HAVE_SECUREWARE - #include <sys/security.h> - #include <prot.h> -@@ -1376,6 +1377,11 @@ - - SSLeay_add_all_algorithms(); - -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - /* - * Force logging to stderr until we have loaded the private host - * key (unless started from inetd) -diff -urN openssh-4.7p1.orig/ssh-keygen.c openssh-4.7p1/ssh-keygen.c ---- openssh-4.7p1.orig/ssh-keygen.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-keygen.c 2007-09-06 15:25:52.982847129 +0200 -@@ -21,6 +21,7 @@ - - #include <openssl/evp.h> - #include <openssl/pem.h> -+#include <openssl/engine.h> - - #include <errno.h> - #include <fcntl.h> -@@ -1073,6 +1074,12 @@ - __progname = ssh_get_progname(argv[0]); - - SSLeay_add_all_algorithms(); -+ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - - init_rng(); -diff -urN openssh-4.7p1.orig/ssh-keysign.c openssh-4.7p1/ssh-keysign.c ---- openssh-4.7p1.orig/ssh-keysign.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-keysign.c 2007-09-06 15:26:18.971328869 +0200 -@@ -38,6 +38,7 @@ - #include <openssl/evp.h> - #include <openssl/rand.h> - #include <openssl/rsa.h> -+#include <openssl/engine.h> - - #include "xmalloc.h" - #include "log.h" -@@ -195,6 +196,12 @@ - fatal("could not open any host key"); - - SSLeay_add_all_algorithms(); -+ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - for (i = 0; i < 256; i++) - rnd[i] = arc4random(); - RAND_seed(rnd, sizeof(rnd)); diff --git a/src/patches/openssl-0.9.8g-engine-padlock.patch b/src/patches/openssl-0.9.8g-engine-padlock.patch deleted file mode 100644 index 37f4558..0000000 --- a/src/patches/openssl-0.9.8g-engine-padlock.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -urN openssl-0.9.8g.orig/ssl/ssl_algs.c openssl-0.9.8g/ssl/ssl_algs.c -+++ openssl-0.9.8g/ssl/ssl_algs.c 2007-11-13 19:50:35.356816442 +0100 ---- openssl-0.9.8g.orig/ssl/ssl_algs.c 2007-11-13 19:40:02.820770267 +0100 -@@ -57,6 +57,7 @@ - */ - - #include <stdio.h> -+#include <openssl/engine.h> - #include <openssl/objects.h> - #include <openssl/lhash.h> - #include "ssl_locl.h" -@@ -127,6 +128,12 @@ - #endif - /* initialize cipher/digest methods table */ - ssl_load_ciphers(); -+ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - return(1); - } - diff --git a/src/patches/openssl-0.9.8g-sha-padlock.patch b/src/patches/openssl-0.9.8g-sha-padlock.patch deleted file mode 100644 index 9b1bb2a..0000000 --- a/src/patches/openssl-0.9.8g-sha-padlock.patch +++ /dev/null @@ -1,620 +0,0 @@ -diff -urN openssl-0.9.8g.orig/crypto/engine/eng_padlock.c openssl-0.9.8g/crypto/engine/eng_padlock.c ---- openssl-0.9.8g.orig/crypto/engine/eng_padlock.c 2007-11-13 20:00:28.390611512 +0100 -+++ openssl-0.9.8g/crypto/engine/eng_padlock.c 2007-11-13 20:02:52.398818072 +0100 -@@ -74,12 +74,23 @@ - #ifndef OPENSSL_NO_AES - #include <openssl/aes.h> - #endif -+#ifndef OPENSSL_NO_SHA -+#include <openssl/sha.h> -+#endif - #include <openssl/rand.h> - #include <openssl/err.h> - - #ifndef OPENSSL_NO_HW - #ifndef OPENSSL_NO_HW_PADLOCK - -+/* PadLock RNG is disabled by default */ -+#define PADLOCK_NO_RNG 1 -+ -+/* No ASM routines for SHA in MSC yet */ -+#ifdef _MSC_VER -+#define OPENSSL_NO_SHA -+#endif -+ - /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ - #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) - # ifndef OPENSSL_NO_DYNAMIC_ENGINE -@@ -135,52 +146,89 @@ - static int padlock_init(ENGINE *e); - - /* RNG Stuff */ -+#ifndef PADLOCK_NO_RNG - static RAND_METHOD padlock_rand; -+#endif - - /* Cipher Stuff */ - #ifndef OPENSSL_NO_AES - static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); - #endif - -+/* Digest Stuff */ -+#ifndef OPENSSL_NO_SHA -+static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -+#endif -+ - /* Engine names */ - static const char *padlock_id = "padlock"; - static char padlock_name[100]; - - /* Available features */ --static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ --static int padlock_use_rng = 0; /* Random Number Generator */ -+enum padlock_flags { -+ PADLOCK_RNG = 0x01, -+ PADLOCK_ACE = 0x02, -+ PADLOCK_ACE2 = 0x04, -+ PADLOCK_PHE = 0x08, -+ PADLOCK_PMM = 0x10 -+}; -+enum padlock_flags padlock_flags; -+ -+#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) -+#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) -+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) -+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) -+#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) -+#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) -+ - #ifndef OPENSSL_NO_AES - static int padlock_aes_align_required = 1; - #endif - -+/* Init / Max buffer sizes for SHA */ -+#define PADLOCK_SHA_INIT_ORD 13 /* = 8192 */ -+#define PADLOCK_SHA_MAX_ORD 13 /* = 8192 */ -+ - /* ===== Engine "management" functions ===== */ - - /* Prepare the ENGINE structure for registration */ - static int - padlock_bind_helper(ENGINE *e) - { -+ char phe_string[20]; -+ - /* Check available features */ - padlock_available(); - --#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ -- padlock_use_rng=0; --#endif -+ /* Build PHE info with buffer size argument */ -+ if (PADLOCK_HAVE_PHE) -+ BIO_snprintf(phe_string, sizeof(phe_string), -+ "PHE(%lu) ", 1UL << PADLOCK_SHA_MAX_ORD); - - /* Generate a nice engine name with available features */ - BIO_snprintf(padlock_name, sizeof(padlock_name), -- "VIA PadLock (%s, %s)", -- padlock_use_rng ? "RNG" : "no-RNG", -- padlock_use_ace ? "ACE" : "no-ACE"); -+ "VIA PadLock: %s%s%s%s%s", -+ padlock_flags ? "" : "not supported", -+ PADLOCK_HAVE_RNG ? "RNG " : "", -+ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", -+ PADLOCK_HAVE_PHE ? phe_string : "", -+ PADLOCK_HAVE_PMM ? "PMM " : ""); - - /* Register everything or return with an error */ - if (!ENGINE_set_id(e, padlock_id) || - !ENGINE_set_name(e, padlock_name) || - -- !ENGINE_set_init_function(e, padlock_init) || -+ !ENGINE_set_init_function(e, padlock_init) - #ifndef OPENSSL_NO_AES -- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || -+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif -+#ifndef OPENSSL_NO_SHA -+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) -+#endif -+#ifndef PADLOCK_NO_RNG -+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) - #endif -- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { -+ ) { - return 0; - } - -@@ -210,7 +258,7 @@ - static int - padlock_init(ENGINE *e) - { -- return (padlock_use_rng || padlock_use_ace); -+ return (padlock_flags); - } - - /* This stuff is needed if this ENGINE is being compiled into a self-contained -@@ -237,6 +285,17 @@ - - /* ===== Here comes the "real" engine ===== */ - -+#ifdef __GNUC__ -+#define likely(x) __builtin_expect(!!(x), 1) -+#define unlikely(x) __builtin_expect(!!(x), 0) -+#else -+#define likely(x) (x) -+#define unlikely(x) (x) -+#endif -+ -+/* How to test if we need to typedef uint32_t ??? */ -+typedef unsigned long uint32_t; -+ - #ifndef OPENSSL_NO_AES - /* Some AES-related constants */ - #define AES_BLOCK_SIZE 16 -@@ -362,10 +421,22 @@ - : "+a"(eax), "=d"(edx) : : "ecx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); - -- return padlock_use_ace + padlock_use_rng; -+ return padlock_flags; -+} -+ -+static inline void -+padlock_htonl_block(uint32_t *data, size_t count) -+{ -+ while (count--) { -+ asm volatile ("bswapl %0" : "+r"(*data)); -+ data++; -+ } - } - - #ifndef OPENSSL_NO_AES -@@ -374,12 +445,9 @@ - padlock_bswapl(AES_KEY *ks) - { - size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -+ uint32_t *key = (uint32_t*) ks->rd_key; - -- while (i--) { -- asm volatile ("bswapl %0" : "+r"(*key)); -- key++; -- } -+ padlock_htonl_block(key, i); - } - #endif - -@@ -1154,6 +1222,415 @@ - - #endif /* OPENSSL_NO_AES */ - -+#ifndef OPENSSL_NO_SHA -+ -+// #define PADLOCK_SHA_STAT 1 -+ -+union sha_all_ctx { -+ SHA_CTX sha_ctx; -+ SHA256_CTX sha256_ctx; /* shared with SHA224 */ -+}; -+ -+typedef int (*f_sha_init)(void *c); -+typedef int (*f_sha_update)(void *c, const void *_data, size_t len); -+typedef int (*f_sha_final)(unsigned char *md, void *c); -+typedef void (*f_sha_padlock)(char *in, unsigned char *out, int count); -+ -+struct sha_digest_functions { -+ f_sha_init init; -+ f_sha_update update; -+ f_sha_final final; -+ f_sha_padlock padlock; -+}; -+ -+/* Don't forget to initialize all relevant -+ * fields in padlock_sha_init() or face the -+ * consequences!!! -+ * BTW We don't use bzero() on this structure -+ * because zeroing fallback_ctx is -+ * a waste of time. */ -+struct padlock_digest_data { -+ void *buf_start, *buf_alloc; -+ ssize_t used; -+ unsigned long order:8, bypass:1; -+ /* Fallback support */ -+ struct sha_digest_functions fallback_fcs; -+ union sha_all_ctx fallback_ctx; -+#ifdef PADLOCK_SHA_STAT -+ size_t stat_count, stat_total; -+#endif -+}; -+ -+#ifdef PADLOCK_SHA_STAT -+size_t all_count, all_total; -+#endif -+ -+#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data)) -+#define DDATA_FREE(ddata) ((size_t)(1L << ddata->order) - ddata->used) -+ -+static void -+padlock_sha_bypass(struct padlock_digest_data *ddata) -+{ -+ if (ddata->bypass) -+ return; -+ -+ ddata->fallback_fcs.init(&ddata->fallback_ctx); -+ if (ddata->buf_start && ddata->used > 0) { -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, ddata->buf_start, ddata->used); -+ if (ddata->buf_alloc) { -+ memset(ddata->buf_start, 0, ddata->used); -+ free(ddata->buf_alloc); -+ ddata->buf_alloc = 0; -+ } -+ } -+ ddata->buf_start = 0; -+ ddata->used = 0; -+ ddata->bypass = 1; -+ -+ return; -+} -+ -+static void -+padlock_do_sha1(char *in, char *out, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0x67452301; -+ ((uint32_t*)output)[1] = 0xEFCDAB89; -+ ((uint32_t*)output)[2] = 0x98BADCFE; -+ ((uint32_t*)output)[3] = 0x10325476; -+ ((uint32_t*)output)[4] = 0xC3D2E1F0; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xc8" /* rep xsha1 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 5 * sizeof(uint32_t)); -+ -+ padlock_htonl_block((uint32_t*)out, 5); -+} -+ -+static void -+padlock_do_sha224(char *in, char *out, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0xC1059ED8UL; -+ ((uint32_t*)output)[1] = 0x367CD507UL; -+ ((uint32_t*)output)[2] = 0x3070DD17UL; -+ ((uint32_t*)output)[3] = 0xF70E5939UL; -+ ((uint32_t*)output)[4] = 0xFFC00B31UL; -+ ((uint32_t*)output)[5] = 0x68581511UL; -+ ((uint32_t*)output)[6] = 0x64F98FA7UL; -+ ((uint32_t*)output)[7] = 0xBEFA4FA4UL; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 7 * sizeof(uint32_t)); -+ -+ padlock_htonl_block((uint32_t*)out, 7); -+} -+ -+static void -+padlock_do_sha256(char *in, char *out, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0x6A09E667; -+ ((uint32_t*)output)[1] = 0xBB67AE85; -+ ((uint32_t*)output)[2] = 0x3C6EF372; -+ ((uint32_t*)output)[3] = 0xA54FF53A; -+ ((uint32_t*)output)[4] = 0x510E527F; -+ ((uint32_t*)output)[5] = 0x9B05688C; -+ ((uint32_t*)output)[6] = 0x1F83D9AB; -+ ((uint32_t*)output)[7] = 0x5BE0CD19; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 8 * sizeof(uint32_t)); -+ -+ padlock_htonl_block((uint32_t*)out, 8); -+} -+ -+static int -+padlock_sha_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->used = 0; -+ ddata->bypass = 0; -+ -+ ddata->order = PADLOCK_SHA_INIT_ORD; -+ ddata->buf_alloc = malloc((1L << ddata->order) + 16); -+ ddata->buf_start = NEAREST_ALIGNED(ddata->buf_alloc); -+ -+ return 1; -+} -+ -+static int -+padlock_sha1_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->fallback_fcs.init = (f_sha_init)SHA1_Init; -+ ddata->fallback_fcs.update = (f_sha_update)SHA1_Update; -+ ddata->fallback_fcs.final = (f_sha_final)SHA1_Final; -+ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha1; -+ -+ return padlock_sha_init(ctx); -+} -+ -+static int -+padlock_sha224_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->fallback_fcs.init = (f_sha_init)SHA224_Init; -+ ddata->fallback_fcs.update = (f_sha_update)SHA224_Update; -+ ddata->fallback_fcs.final = (f_sha_final)SHA224_Final; -+ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha224; -+ -+ return padlock_sha_init(ctx); -+} -+ -+static int -+padlock_sha256_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->fallback_fcs.init = (f_sha_init)SHA256_Init; -+ ddata->fallback_fcs.update = (f_sha_update)SHA256_Update; -+ ddata->fallback_fcs.final = (f_sha_final)SHA256_Final; -+ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha256; -+ -+ return padlock_sha_init(ctx); -+} -+ -+static int -+padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+#ifdef PADLOCK_SHA_STAT -+ ddata->stat_count++; -+ ddata->stat_total += length; -+ all_count++; -+ all_total += length; -+#endif -+ if (unlikely(ddata->bypass)) { -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); -+ return 1; -+ } -+ if (unlikely(DDATA_FREE(ddata) < length)) { -+ if (likely(ddata->used + length > (1 << PADLOCK_SHA_MAX_ORD))) { -+ /* Too much data to be stored -> bypass to SW SHA */ -+ padlock_sha_bypass(ddata); -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); -+ return 1; -+ } else { -+ /* Resize the alocated buffer */ -+ char *new_buf; -+ size_t new_size; -+ -+ while ((1<<++ddata->order) < (ddata->used + length)); -+ new_size = (1<<ddata->order); -+ if(!(new_buf = realloc(ddata->buf_alloc, new_size + 16))) { -+ /* fallback plan again */ -+ padlock_sha_bypass(ddata); -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); -+ return 1; -+ } -+ ddata->buf_alloc = new_buf; -+ ddata->buf_start = NEAREST_ALIGNED(new_buf); -+ } -+ } -+ -+ memcpy(ddata->buf_start + ddata->used, data, length); -+ ddata->used += length; -+ -+ return 1; -+} -+ -+static int -+padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+#ifdef PADLOCK_SHA_STAT -+ fprintf(stderr, "PadLock CTX: cnt=%zu, tot=%zu, avg=%zu\n", -+ ddata->stat_count, ddata->stat_total, -+ ddata->stat_count ? (ddata->stat_total/ddata->stat_count) : 0); -+ fprintf(stderr, "PadLock ALL: cnt=%zu, tot=%zu, avg=%zu\n", -+ all_count, all_total, all_count ? (all_total/all_count) : 0); -+#endif -+ -+ if (ddata->bypass) { -+ ddata->fallback_fcs.final(md, &ddata->fallback_ctx); -+ return 1; -+ } -+ -+ /* Pass the input buffer to PadLock microcode... */ -+ ddata->fallback_fcs.padlock(ddata->buf_start, md, ddata->used); -+ memset(ddata->buf_start, 0, ddata->used); -+ free(ddata->buf_alloc); -+ ddata->buf_start = 0; -+ ddata->buf_alloc = 0; -+ ddata->used = 0; -+ -+ return 1; -+} -+ -+static int -+padlock_sha_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) -+{ -+ struct padlock_digest_data *ddata_from = DIGEST_DATA(from); -+ struct padlock_digest_data *ddata_to = DIGEST_DATA(to); -+ -+ memcpy(ddata_to, ddata_from, sizeof(struct padlock_digest_data)); -+ if (ddata_from->buf_alloc) { -+ ddata_to->buf_alloc = malloc(1L << ddata_to->order); -+ if (!ddata_to->buf_start) { -+ fprintf(stderr, "%s(): malloc() failed\n", __func__); -+ exit(1); -+ } -+ ddata_to->buf_start = NEAREST_ALIGNED(ddata_to->buf_alloc); -+ memcpy(ddata_to->buf_start, ddata_from->buf_start, ddata_from->used); -+ } -+ return 1; -+} -+ -+static int -+padlock_sha_cleanup(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ if (ddata->buf_alloc) { -+ memset(ddata->buf_start, 0, ddata->used); -+ free(ddata->buf_alloc); -+ } -+ -+ memset(ddata, 0, sizeof(struct padlock_digest_data)); -+ -+ return 1; -+} -+ -+static const EVP_MD padlock_sha1_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ 0, -+ padlock_sha1_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static const EVP_MD padlock_sha224_md = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+ 0, -+ padlock_sha224_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static const EVP_MD padlock_sha256_md = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ 0, -+ padlock_sha256_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static int padlock_digest_nids[] = { -+#if !defined(OPENSSL_NO_SHA) -+ NID_sha1, -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ NID_sha224, -+#endif -+ NID_sha256, -+#endif -+}; -+ -+static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); -+ -+static int -+padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) -+{ -+ /* No specific digest => return a list of supported nids ... */ -+ if (!digest) { -+ *nids = padlock_digest_nids; -+ return padlock_digest_nids_num; -+ } -+ -+ /* ... or the requested "digest" otherwise */ -+ switch (nid) { -+#if !defined(OPENSSL_NO_SHA) -+ case NID_sha1: -+ *digest = &padlock_sha1_md; -+ break; -+#endif -+ -+ -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ case NID_sha224: -+ *digest = &padlock_sha224_md; -+ break; -+#endif /* OPENSSL_NO_SHA224 */ -+ -+ case NID_sha256: -+ *digest = &padlock_sha256_md; -+ break; -+#endif /* OPENSSL_NO_SHA256 */ -+ -+ default: -+ /* Sorry, we don't support this NID */ -+ *digest = NULL; -+ return 0; -+ } -+ -+ return 1; -+} -+ -+#endif /* OPENSSL_NO_SHA */ -+ -+#ifndef PADLOCK_NO_RNG - /* ===== Random Number Generator ===== */ - /* - * This code is not engaged. The reason is that it does not comply -@@ -1209,6 +1686,7 @@ - padlock_rand_bytes, /* pseudorand */ - padlock_rand_status, /* rand status */ - }; -+#endif /* PADLOCK_NO_RNG */ - - #endif /* COMPILE_HW_PADLOCK */ - diff --git a/src/patches/openswan-2.6.16-clear-1.patch b/src/patches/openswan-2.6.16-clear-1.patch deleted file mode 100644 index 41175c1..0000000 --- a/src/patches/openswan-2.6.16-clear-1.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- clear.org 2008-09-07 01:10:26.000000000 +0200 -+++ clear 2008-09-07 01:12:23.000000000 +0200 -@@ -3,18 +3,3 @@ - # - # See /usr/share/doc/openswan/policygroups.html for details. - # -- --# root name servers should be in the clear --192.58.128.30/32 --198.41.0.4/32 --192.228.79.201/32 --192.33.4.12/32 --128.8.10.90/32 --192.203.230.10/32 --192.5.5.241/32 --192.112.36.4/32 --128.63.2.53/32 --192.36.148.17/32 --193.0.14.129/32 --199.7.83.42/32 --202.12.27.33/32 diff --git a/src/patches/openswan-2.6.16-startklips-1.patch b/src/patches/openswan-2.6.16-startklips-1.patch deleted file mode 100644 index ff05bbb..0000000 --- a/src/patches/openswan-2.6.16-startklips-1.patch +++ /dev/null @@ -1,64 +0,0 @@ ---- _startklips.old 2008-09-07 00:50:40.000000000 +0200 -+++ _startklips 2008-09-07 00:50:42.000000000 +0200 -@@ -146,23 +146,35 @@ - - # figure out ifconfig for interface - addr= -- eval `ifconfig $phys | -- awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { -- gsub(/:/, " ", $0) -- print "addr=" $3 -- other = $5 -- if ($4 == "Bcast") -- print "type=broadcast" -- else if ($4 == "P-t-P") -- print "type=pointopoint" -- else if (NF == 5) { -- print "type=" -- other = "" -- } else -- print "type=unknown" -- print "otheraddr=" other -- print "mask=" $NF -- }'` -+ eval `ip addr show $phys | awk '$3 ~ /BROADCAST|POINTOPOINT/ { -+ if ($3 ~ /BROADCAST/) -+ print "type=broadcast"; -+ else if ($3 ~ /POINTOPOINT/) -+ print "type=pointopoint"; -+ else { -+ print "type="; -+ } -+ }'` -+ -+ if [ "$type" == "broadcast" ]; then -+ eval `ip addr show $phys | awk '$1 == "inet" { gsub(///, " "); -+ print "addr=" $2; -+ print "mask=" $3; -+ print "otheraddr=" $5; -+ }'` -+ elif [ "$type" == "pointopoint" ]; then -+ eval `ip addr show $phys | awk '$1 == "inet" { gsub(///, " "); -+ print "addr=" $2; -+ print "mask=" $5; -+ print "otheraddr=" $4; -+ }'` -+ else -+ type="unknown" -+ otheraddr= -+ fi -+ -+ eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'` -+ - if test " $addr" = " " - then - echo "unable to determine address of `$phys'" -@@ -171,7 +183,7 @@ - if test " $type" = " unknown" - then - echo "`$phys' is of an unknown type" -- exit 1 -+ exit 1 - fi - if test " $omtu" != " " - then diff --git a/src/patches/openswan-2.6.16-updown.klips-1.patch b/src/patches/openswan-2.6.16-updown.klips-1.patch deleted file mode 100644 index f587dea..0000000 --- a/src/patches/openswan-2.6.16-updown.klips-1.patch +++ /dev/null @@ -1,30 +0,0 @@ ---- /usr/lib/ipsec/_updown.klips 2007-10-14 00:56:15.000000000 +0200 -+++ /usr/lib/ipsec/_updown.klips 2007-10-27 00:00:26.000000000 +0200 -@@ -376,8 +376,8 @@ - # opportunistic encryption work around - # need to provide route that eclipses default, without - # replacing it. -- it="ip route $1 0.0.0.0/1 $parms2 $parms3 && -- ip route $1 128.0.0.0/1 $parms2 $parms3" -+ #it="ip route $1 0.0.0.0/1 $parms2 $parms3 && -+ # ip route $1 128.0.0.0/1 $parms2 $parms3" - ;; - *) it="ip route $1 $parms $parms2 $parms3" - ;; -@@ -401,13 +401,13 @@ - prepare-host:*|prepare-client:*) - # delete possibly-existing route (preliminary to adding a route) - case "$PLUTO_PEER_CLIENT" in -- "0.0.0.0/0") -+ "0.0.0.0/0") - # need to provide route that eclipses default, without - # replacing it. - parms1="0.0.0.0/1" - parms2="128.0.0.0/1" -- it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1" -- oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`" -+ # it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1" -+ # oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`" - ;; - *) - parms="$PLUTO_PEER_CLIENT $IPROUTEARGS" diff --git a/src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch b/src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch deleted file mode 100644 index 1663bbe..0000000 --- a/src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- /usr/lib/ipsec/_updown 2009-10-08 01:43:58.000000000 +0200 -+++ /usr/lib/ipsec/_updown 2009-12-20 23:13:24.000000000 +0100 -@@ -128,6 +128,21 @@ - 2.*) ;; - esac - -+# add/remove rules to reach vpn-peers from ipfire -+src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src)) -+ -+case "$PLUTO_VERB" in -+"route-client") -+ logger -t "ipsec_updown" "iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src" -+ /sbin/iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src -+ ;; -+ -+"unroute-client") -+ logger -t "ipsec_updown" "iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src" -+ /sbin/iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src -+ ;; -+esac -+ - if [ -x /usr/lib/ipsec/_updown.${PLUTO_STACK} ] - then - exec /usr/lib/ipsec/_updown.${PLUTO_STACK} $* diff --git a/src/patches/openswan-2.6.24_noxmlto.patch b/src/patches/openswan-2.6.24_noxmlto.patch deleted file mode 100644 index dc0c30c..0000000 --- a/src/patches/openswan-2.6.24_noxmlto.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff -Naur openswan-2.6.24.org/programs/_confread/Makefile openswan-2.6.24/programs/_confread/Makefile ---- openswan-2.6.24.org/programs/_confread/Makefile 2010-01-10 02:34:38.000000000 +0100 -+++ openswan-2.6.24/programs/_confread/Makefile 2010-01-10 22:44:33.000000000 +0100 -@@ -16,7 +16,13 @@ - OPENSWANSRCDIR?=$(shell cd ../..; pwd) - include ${OPENSWANSRCDIR}/Makefile.inc - --EXTRA5MAN=ipsec.conf.5 -+SUBDIRS=doc lib programs testing -+ifeq ($(findstring $(SUBDIRS),doc),doc) -+ EXTRA5MAN=ipsec.conf.5 -+else -+ EXTRA5MAN= -+endif -+ - CONFFILES=ipsec.conf - EXCONFILES=ipsec.win2k.conf - SOURCEDIR=_confread -diff -Naur openswan-2.6.24.org/programs/pluto/Makefile openswan-2.6.24/programs/pluto/Makefile ---- openswan-2.6.24.org/programs/pluto/Makefile 2010-01-10 02:34:38.000000000 +0100 -+++ openswan-2.6.24/programs/pluto/Makefile 2010-01-10 22:51:15.000000000 +0100 -@@ -172,7 +172,7 @@ - all: $(BINNAMEPLUTO) $(BINNAMEADNSIFNEEDED) $(BINNAMEWHACK) #$(BINNAMEWHACKINIT) - programs: $(BINNAMEPLUTO) $(BINNAMEADNSIFNEEDED) $(BINNAMEWHACK) #$(BINNAMEWHACKINIT) - clean: cleanall --install: doinstall -+install: doinstall doinstalldoc - endif - - doinstall: all -@@ -188,6 +188,9 @@ - $(INSTALL) $(INSTBINFLAGS) $(BINNAMEPLUTO) $(BINNAMEWHACK) $(LIBEXECDIR) - #$(INSTALL) $(INSTSUIDFLAGS) $(BINNAMEWHACKINIT) $(LIBEXECDIR) - if $(USE_ADNS) ; then $(INSTALL) $(INSTBINFLAGS) $(BINNAMEADNS) $(LIBEXECDIR) ; fi -+ -+ifeq ($(findstring $(SUBDIRS),doc),doc) -+doinstalldoc: - $(INSTALL) $(INSTMANFLAGS) ${srcdir}pluto.8 $(PMANDIR)/ipsec_pluto.8 - sh ${OPENSWANSRCDIR}/packaging/utils/manlink ${srcdir}pluto.8 | \ - while read from to ; \ -@@ -201,10 +204,7 @@ - ln -s -f $$from $(FMANDIR)/$$to; \ - done - --install_file_list: -- @echo $(LIBEXECDIR)/$(BINNAMEPLUTO) -- @if $(USE_ADNS) ; then echo $(LIBDIR)/$(BINNAMEADNS) ; fi -- @echo $(LIBEXECDIR)/$(BINNAMEWHACK) -+install_file_listdoc: - @echo $(PMANDIR)/ipsec_pluto.8 - @sh ${OPENSWANSRCDIR}/packaging/utils/manlink pluto.8 | \ - while read from to; \ -@@ -217,6 +217,15 @@ - do \ - echo $(FMANDIR)/$$to; \ - done -+else -+doinstalldoc: -+install_file_listdoc: -+endif -+ -+install_file_list: install_file_listdoc -+ @echo $(LIBEXECDIR)/$(BINNAMEPLUTO) -+ @if $(USE_ADNS) ; then echo $(LIBDIR)/$(BINNAMEADNS) ; fi -+ @echo $(LIBEXECDIR)/$(BINNAMEWHACK) - - alg_info_test: alg_info_test.o ike_alg.o constants.o defs.o log.o db_ops.o crypto.o $(LIBDESLITE) $(OPENSWANLIB) - $(CC) -o $@ $^ $(LDFLAGS) $(LIBSPLUTO) diff --git a/src/patches/portmap-5beta-compilation_fixes-3.patch b/src/patches/portmap-5beta-compilation_fixes-3.patch deleted file mode 100644 index 45fc2c6..0000000 --- a/src/patches/portmap-5beta-compilation_fixes-3.patch +++ /dev/null @@ -1,705 +0,0 @@ -Submitted By: Kevin P. Fleming <kpfleming at linuxfromscratch dot org> -Date: 2004-05-02 -Initial Package Version: 5beta -Origin: http://archives.linuxfromscratch.org/mail-archives/blfs-dev/2003-January/001... -Description: The patch was created from the portmap modified package by Mark Heerdink. -This patch provides the following improvements: - * Link against dynamic tcp_wrappers. - * Create an install target for portmap. - * Compilation and security fixes. - * Documentation fixes. - -Originally created by Tushar Teredesai, updated by kpfleming to ensure -portmap will compile without tcp_wrappers installed. -diff -Naur portmap_5beta/BLURB portmap_5beta.gimli/BLURB ---- portmap_5beta/BLURB 1996-07-06 16:09:46.000000000 -0500 -+++ portmap_5beta.gimli/BLURB 2002-01-07 09:13:58.000000000 -0600 -@@ -1,3 +1,6 @@ -+ -+############################################################################### -+ - @(#) BLURB 1.5 96/07/06 23:09:45 - - This is the fifth replacement portmapper release. -diff -Naur portmap_5beta/Makefile portmap_5beta.gimli/Makefile ---- portmap_5beta/Makefile 1996-07-06 16:06:19.000000000 -0500 -+++ portmap_5beta.gimli/Makefile 2002-07-15 16:00:07.000000000 -0500 -@@ -8,7 +8,7 @@ - # if you disagree. See `man 3 syslog' for examples. Some syslog versions - # do not provide this flexibility. - # --FACILITY=LOG_MAIL -+FACILITY=LOG_DAEMON - - # To disable tcp-wrapper style access control, comment out the following - # macro definitions. Access control can also be turned off by providing -@@ -16,7 +16,8 @@ - # daemon, is always treated as an authorized host. - - HOSTS_ACCESS= -DHOSTS_ACCESS --WRAP_LIB = $(WRAP_DIR)/libwrap.a -+#WRAP_LIB = $(WRAP_DIR)/libwrap.a -+WRAP_LIB = -lwrap - - # Comment out if your RPC library does not allocate privileged ports for - # requests from processes with root privilege, or the new portmap will -@@ -71,7 +72,7 @@ - # With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when - # SIGCHLD is not ignored. Enable next macro for a fix. - # --# ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x -+ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x - - # Uncomment the following macro if your system does not have u_long. - # -@@ -81,7 +82,7 @@ - # libwrap.a object library. WRAP_DIR should specify the directory with - # that library. - --WRAP_DIR= ../tcp_wrappers -+WRAP_DIR= $(TCPD_DIR) - - # Auxiliary object files that may be missing from your C library. - # -@@ -99,22 +100,31 @@ - - # Comment out if your compiler talks ANSI and understands const - # --CONST = -Dconst= -+#CONST = -Dconst= - - ### End of configurable stuff. - ############################## - -+GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h) -+ -+ifeq ($(GLIBC),0) -+LIBS += # -lbsd -+else -+LIBS += -lnsl -+endif -+ -+ - SHELL = /bin/sh - --COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \ -+COPT = $(CONST) $(HOSTS_ACCESS) $(CHECK_PORT) \ - $(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \ - $(LOOPBACK) $(SETPGRP) --CFLAGS = $(COPT) -O $(NSARCHS) -+CFLAGS = -Wall $(COPT) -O2 $(NSARCHS) - OBJECTS = portmap.o pmap_check.o from_local.o $(AUX) - - all: portmap pmap_dump pmap_set - --portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a -+portmap: $(OBJECTS) # $(WRAP_DIR)/libwrap.a - $(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS) - - pmap_dump: pmap_dump.c -@@ -129,6 +139,17 @@ - get_myaddress: get_myaddress.c - cc $(CFLAGS) -DTEST -o $@ get_myaddress.c $(LIBS) - -+install: all -+ install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin -+ install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/usr/sbin -+ install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/usr/sbin -+ install -o root -g root -m 0644 portmap.8 ${BASEDIR}/usr/share/man/man8 -+ install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8 -+ install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8 -+# cat README BLURB >${BASEDIR}/usr/share/doc/portmap/portmapper.txt -+# gzip -9f ${BASEDIR}/usr/share/doc/portmap/portmapper.txt -+ -+ - lint: - lint $(COPT) $(OBJECTS:%.o=%.c) - -diff -Naur portmap_5beta/daemon.c portmap_5beta.gimli/daemon.c ---- portmap_5beta/daemon.c 1992-06-11 15:53:12.000000000 -0500 -+++ portmap_5beta.gimli/daemon.c 2002-01-07 09:22:24.000000000 -0600 -@@ -36,16 +36,13 @@ - #endif /* LIBC_SCCS and not lint */ - - #include <fcntl.h> -- --/* From unistd.h */ --#define STDIN_FILENO 0 --#define STDOUT_FILENO 1 --#define STDERR_FILENO 2 -+#include <unistd.h> -+#include <sys/types.h> - - /* From paths.h */ - #define _PATH_DEVNULL "/dev/null" - --daemon(nochdir, noclose) -+int daemon(nochdir, noclose) - int nochdir, noclose; - { - int cpid; -diff -Naur portmap_5beta/from_local.c portmap_5beta.gimli/from_local.c ---- portmap_5beta/from_local.c 1996-05-31 08:52:58.000000000 -0500 -+++ portmap_5beta.gimli/from_local.c 2002-01-07 09:25:49.000000000 -0600 -@@ -35,7 +35,7 @@ - * Mountain View, California 94043 - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) from_local.c 1.3 96/05/31 15:52:57"; - #endif - -@@ -51,6 +51,9 @@ - #include <net/if.h> - #include <sys/ioctl.h> - #include <syslog.h> -+#include <stdlib.h> -+#include <string.h> -+#include <unistd.h> - - #ifndef TRUE - #define TRUE 1 -@@ -96,7 +99,7 @@ - - /* find_local - find all IP addresses for this host */ - --find_local() -+int find_local() - { - struct ifconf ifc; - struct ifreq ifreq; -@@ -154,7 +157,7 @@ - - /* from_local - determine whether request comes from the local system */ - --from_local(addr) -+int from_local(addr) - struct sockaddr_in *addr; - { - int i; -diff -Naur portmap_5beta/pmap_check.c portmap_5beta.gimli/pmap_check.c ---- portmap_5beta/pmap_check.c 1996-07-07 03:49:10.000000000 -0500 -+++ portmap_5beta.gimli/pmap_check.c 2002-01-07 09:37:58.000000000 -0600 -@@ -32,7 +32,7 @@ - * Computing Science, Eindhoven University of Technology, The Netherlands. - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) pmap_check.c 1.8 96/07/07 10:49:10"; - #endif - -@@ -45,6 +45,11 @@ - #include <netinet/in.h> - #include <rpc/rpcent.h> - #endif -+#include <sys/types.h> -+#include <unistd.h> -+#ifdef HOSTS_ACCESS -+#include <tcpd.h> -+#endif - - extern char *inet_ntoa(); - -@@ -110,7 +113,7 @@ - - /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */ - --check_default(addr, proc, prog) -+int check_default(addr, proc, prog) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -128,7 +131,7 @@ - - /* check_privileged_port - additional checks for privileged-port updates */ - --check_privileged_port(addr, proc, prog, port) -+int check_privileged_port(addr, proc, prog, port) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -173,7 +176,7 @@ - - #else - --check_setunset(addr, proc, prog, port) -+int check_setunset(addr, proc, prog, port) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -197,7 +200,7 @@ - - /* check_callit - additional checks for forwarded requests */ - --check_callit(addr, proc, prog, aproc) -+int check_callit(addr, proc, prog, aproc) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -249,13 +252,13 @@ - }; - struct proc_map *procp; - static struct proc_map procmap[] = { -- PMAPPROC_CALLIT, "callit", -- PMAPPROC_DUMP, "dump", -- PMAPPROC_GETPORT, "getport", -- PMAPPROC_NULL, "null", -- PMAPPROC_SET, "set", -- PMAPPROC_UNSET, "unset", -- 0, 0, -+ { PMAPPROC_CALLIT, "callit" }, -+ { PMAPPROC_DUMP, "dump" }, -+ { PMAPPROC_GETPORT, "getport" }, -+ { PMAPPROC_NULL, "null" }, -+ { PMAPPROC_SET, "set" }, -+ { PMAPPROC_UNSET, "unset" }, -+ { 0, 0 } - }; - - /* -@@ -269,7 +272,7 @@ - - if (prognum == 0) { - progname = ""; -- } else if (rpc = getrpcbynumber((int) prognum)) { -+ } else if ((rpc = getrpcbynumber((int) prognum)) != NULL) { - progname = rpc->r_name; - } else { - sprintf(progname = progbuf, "%lu", prognum); -diff -Naur portmap_5beta/pmap_dump.8 portmap_5beta.gimli/pmap_dump.8 ---- portmap_5beta/pmap_dump.8 1969-12-31 18:00:00.000000000 -0600 -+++ portmap_5beta.gimli/pmap_dump.8 2002-01-07 09:13:58.000000000 -0600 -@@ -0,0 +1,24 @@ -+.TH PMAP_DUMP 8 "21th June 1997" Linux "Linux Programmer's Manual" -+.SH NAME -+pmap_dump - print a list of all registered RPC programs -+.SH SYNOPSIS -+.B pmap_dump -+.SH DESCRIPTION -+The -+.B pmap_dump -+command can be used to restart a running portmapper or to print -+a list of all registered RPC programs on the local host. If you -+want to use the program to restart the portmapper you have to -+redirect the output of -+.B pmap_dump -+to a file. After this you can restart the portmapper and restore -+the list of the registered RPC programs by feeding the output -+of -+.B pmap_dump -+to the -+.B pmap_set -+command. -+.SH SEE ALSO -+.BR pmap_set (8), -+.BR rpc.portmap (8) -+ -diff -Naur portmap_5beta/pmap_dump.c portmap_5beta.gimli/pmap_dump.c ---- portmap_5beta/pmap_dump.c 1992-06-11 15:53:16.000000000 -0500 -+++ portmap_5beta.gimli/pmap_dump.c 2002-01-07 09:20:19.000000000 -0600 -@@ -5,7 +5,7 @@ - * Computing Science, Eindhoven University of Technology, The Netherlands. - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) pmap_dump.c 1.1 92/06/11 22:53:15"; - #endif - -@@ -23,7 +23,20 @@ - - static char *protoname(); - --main(argc, argv) -+#ifndef INADDR_LOOPBACK -+#define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1")) -+#endif -+ -+static void get_myloopaddress(addrp) -+struct sockaddr_in *addrp; -+{ -+ memset((char *) addrp, 0, sizeof(*addrp)); -+ addrp->sin_family = AF_INET; -+ addrp->sin_port = htons(PMAPPORT); -+ addrp->sin_addr.s_addr = htonl(INADDR_LOOPBACK); -+} -+ -+int main(argc, argv) - int argc; - char **argv; - { -@@ -31,7 +44,7 @@ - register struct pmaplist *list; - register struct rpcent *rpc; - -- get_myaddress(&addr); -+ get_myloopaddress(&addr); - - for (list = pmap_getmaps(&addr); list; list = list->pml_next) { - rpc = getrpcbynumber((int) list->pml_map.pm_prog); -diff -Naur portmap_5beta/pmap_set.8 portmap_5beta.gimli/pmap_set.8 ---- portmap_5beta/pmap_set.8 1969-12-31 18:00:00.000000000 -0600 -+++ portmap_5beta.gimli/pmap_set.8 2002-01-07 09:13:58.000000000 -0600 -@@ -0,0 +1,24 @@ -+.TH PMAP_SET 8 "21th June 1997" Linux "Linux Programmer's Manual" -+.SH NAME -+pmap_set - set the list of registered RPC programs -+.SH SYNOPSIS -+.B pmap_set -+.SH DESCRIPTION -+The -+.B pmap_set -+command can be used to restart a running portmapper or to set -+the list of registered RPC programs on the local host. If you -+want to use the program to restart the portmapper you have to -+redirect the output of -+.B pmap_dump -+to a file. After this you can restart the portmapper and restore -+the list of the registered RPC programs by feeding the output -+of -+.B pmap_dump -+to the -+.B pmap_set -+command. -+.SH SEE ALSO -+.BR pmap_dump (8), -+.BR rpc.portmap (8) -+ -diff -Naur portmap_5beta/pmap_set.c portmap_5beta.gimli/pmap_set.c ---- portmap_5beta/pmap_set.c 1996-07-06 16:06:23.000000000 -0500 -+++ portmap_5beta.gimli/pmap_set.c 2002-01-07 09:22:10.000000000 -0600 -@@ -5,7 +5,7 @@ - * Computing Science, Eindhoven University of Technology, The Netherlands. - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) pmap_set.c 1.2 96/07/06 23:06:23"; - #endif - -@@ -17,7 +17,9 @@ - #include <rpc/rpc.h> - #include <rpc/pmap_clnt.h> - --main(argc, argv) -+int parse_line(char *buf, u_long *prog, u_long *vers, int *prot, unsigned *port); -+ -+int main(argc, argv) - int argc; - char **argv; - { -@@ -40,16 +42,16 @@ - - /* parse_line - convert line to numbers */ - --parse_line(buf, prog, vers, prot, port) -+int parse_line(buf, prog, vers, prot, port) - char *buf; - u_long *prog; - u_long *vers; - int *prot; - unsigned *port; - { -- char proto_name[BUFSIZ]; -+ char proto_name[256]; - -- if (sscanf(buf, "%lu %lu %s %u", prog, vers, proto_name, port) != 4) { -+ if (sscanf(buf, "%lu %lu %255s %u", prog, vers, proto_name, port) != 4) { - return (0); - } - if (strcmp(proto_name, "tcp") == 0) { -diff -Naur portmap_5beta/portmap.8 portmap_5beta.gimli/portmap.8 ---- portmap_5beta/portmap.8 1969-12-31 18:00:00.000000000 -0600 -+++ portmap_5beta.gimli/portmap.8 2002-01-07 09:13:58.000000000 -0600 -@@ -0,0 +1,146 @@ -+." Copyright (c) 1987 Sun Microsystems -+." Copyright (c) 1990, 1991 The Regents of the University of California. -+." All rights reserved. -+." -+." Redistribution and use in source and binary forms, with or without -+." modification, are permitted provided that the following conditions -+." are met: -+." 1. Redistributions of source code must retain the above copyright -+." notice, this list of conditions and the following disclaimer. -+." 2. Redistributions in binary form must reproduce the above copyright -+." notice, this list of conditions and the following disclaimer in the -+." documentation and/or other materials provided with the distribution. -+." 3. All advertising materials mentioning features or use of this software -+." must display the following acknowledgement: -+." This product includes software developed by the University of -+." California, Berkeley and its contributors. -+." 4. Neither the name of the University nor the names of its contributors -+." may be used to endorse or promote products derived from this software -+." without specific prior written permission. -+." -+." THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -+." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+." IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+." ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+." FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+." DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+." OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+." HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+." LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+." OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+." SUCH DAMAGE. -+." -+." from: @(#)portmap.8 5.3 (Berkeley) 3/16/91 -+." $Id: portmap-5beta-compilation_fixes-3.patch,v 1.1 2004/06/08 04:53:09 jim Exp $ -+." -+.Dd March 16, 1991 -+.Dt PORTMAP 8 -+.Os BSD 4.3 -+.Sh NAME -+.Nm portmap -+.Nd -+.Tn DARPA -+port to -+.Tn RPC -+program number mapper -+.Sh SYNOPSIS -+.Nm portmap -+.Op Fl d -+.Op Fl v -+.Sh DESCRIPTION -+.Nm Portmap -+is a server that converts -+.Tn RPC -+program numbers into -+.Tn DARPA -+protocol port numbers. -+It must be running in order to make -+.Tn RPC -+calls. -+.Pp -+When an -+.Tn RPC -+server is started, it will tell -+.Nm portmap -+what port number it is listening to, and what -+.Tn RPC -+program numbers it is prepared to serve. -+When a client wishes to make an -+.Tn RPC -+call to a given program number, -+it will first contact -+.Nm portmap -+on the server machine to determine -+the port number where -+.Tn RPC -+packets should be sent. -+.Pp -+.Nm Portmap -+must be started before any -+.Tn RPC -+servers are invoked. -+.Pp -+Normally -+.Nm portmap -+forks and dissociates itself from the terminal -+like any other daemon. -+.Nm Portmap -+then logs errors using -+.Xr syslog 3 . -+.Pp -+Option available: -+.Bl -tag -width Ds -+.It Fl d -+(debug) prevents -+.Nm portmap -+from running as a daemon, -+and causes errors and debugging information -+to be printed to the standard error output. -+.It Fl v -+(verbose) run -+.Nm portmap -+in verbose mode. -+.El -+ -+This -+.Nm portmap -+version is protected by the -+.Nm tcp_wrapper -+library. You have to give the clients access to -+.Nm portmap -+if they should be allowed to use it. To allow connects from clients of -+the .bar.com domain you could use the following line in /etc/hosts.allow: -+ -+portmap: .bar.com -+ -+You have to use the daemon name -+.Nm portmap -+for the daemon name (even if the binary has a different name). For the -+client names you can only use the keyword ALL or IP addresses (NOT -+host or domain names). -+ -+For further information please have a look at the -+.Xr tcpd 8 , -+.Xr hosts_allow 5 -+and -+.Xr hosts_access 5 -+manual pages. -+ -+.Sh SEE ALSO -+.Xr inetd.conf 5 , -+.Xr rpcinfo 8 , -+.Xr pmap_set 8 , -+.Xr pmap_dump 8 , -+.Xr inetd 8 -+.Xr tcpd 8 -+.Xr hosts_access 5 -+.Xr hosts_options 5 -+.Sh BUGS -+If -+.Nm portmap -+crashes, all servers must be restarted. -+.Sh HISTORY -+The -+.Nm -+command appeared in -+.Bx 4.3 -diff -Naur portmap_5beta/portmap.c portmap_5beta.gimli/portmap.c ---- portmap_5beta/portmap.c 1996-07-06 16:06:24.000000000 -0500 -+++ portmap_5beta.gimli/portmap.c 2002-01-07 09:26:41.000000000 -0600 -@@ -37,7 +37,7 @@ - All rights reserved.\n"; - #endif /* not lint */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) portmap.c 1.6 96/07/06 23:06:23"; - #endif /* not lint */ - -@@ -80,6 +80,9 @@ - * Mountain View, California 94043 - */ - -+#if defined(__GLIBC__) -+#include <rpc/xdr.h> -+#endif /* __GLIBC__ */ - #include <rpc/rpc.h> - #include <rpc/pmap_prot.h> - #include <stdio.h> -@@ -94,6 +97,8 @@ - #ifdef SYSV40 - #include <netinet/in.h> - #endif -+#include <sys/types.h> -+#include <unistd.h> - - extern char *strerror(); - #include <stdlib.h> -@@ -148,7 +153,7 @@ - #endif - #endif - --main(argc, argv) -+int main(argc, argv) - int argc; - char **argv; - { -@@ -350,7 +355,7 @@ - */ - /* remote host authorization check */ - check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0); -- if (!svc_sendreply(xprt, xdr_void, (caddr_t)0) && debugging) { -+ if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0) && debugging) { - abort(); - } - break; -@@ -359,7 +364,7 @@ - /* - * Set a program,version to port mapping - */ -- if (!svc_getargs(xprt, xdr_pmap, ®)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) - svcerr_decode(xprt); - else { - /* reject non-local requests, protect priv. ports */ -@@ -401,7 +406,7 @@ - ans = 1; - } - done: -- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) && -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) && - debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -413,7 +418,7 @@ - /* - * Remove a program,version to port mapping. - */ -- if (!svc_getargs(xprt, xdr_pmap, ®)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) - svcerr_decode(xprt); - else { - ans = 0; -@@ -447,7 +452,7 @@ - prevpml->pml_next = pml; - free(t); - } -- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) && -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) && - debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -459,7 +464,7 @@ - /* - * Lookup the mapping for a program,version and return its port - */ -- if (!svc_getargs(xprt, xdr_pmap, ®)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) - svcerr_decode(xprt); - else { - /* remote host authorization check */ -@@ -474,7 +479,7 @@ - port = fnd->pml_map.pm_port; - else - port = 0; -- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&port)) && -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&port)) && - debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -486,7 +491,7 @@ - /* - * Return the current set of mapped program,version - */ -- if (!svc_getargs(xprt, xdr_void, NULL)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_void, (caddr_t) NULL)) - svcerr_decode(xprt); - else { - /* remote host authorization check */ -@@ -497,7 +502,7 @@ - } else { - p = pmaplist; - } -- if ((!svc_sendreply(xprt, xdr_pmaplist, -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist, - (caddr_t)&p)) && debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -645,7 +650,7 @@ - timeout.tv_sec = 5; - timeout.tv_usec = 0; - a.rmt_args.args = buf; -- if (!svc_getargs(xprt, xdr_rmtcall_args, &a)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_rmtcall_args, (caddr_t) &a)) - return; - /* host and service access control */ - if (!check_callit(svc_getcaller(xprt), -@@ -674,9 +679,9 @@ - au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids); - } - a.rmt_port = (u_long)port; -- if (clnt_call(client, a.rmt_proc, xdr_opaque_parms, &a, -- xdr_len_opaque_parms, &a, timeout) == RPC_SUCCESS) { -- svc_sendreply(xprt, xdr_rmtcall_result, (caddr_t)&a); -+ if (clnt_call(client, a.rmt_proc, (xdrproc_t) xdr_opaque_parms, (char*) &a, -+ (xdrproc_t) xdr_len_opaque_parms, (char*) &a, timeout) == RPC_SUCCESS) { -+ svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (caddr_t)&a); - } - AUTH_DESTROY(client->cl_auth); - clnt_destroy(client); diff --git a/src/patches/portmap-5beta-glibc_errno_fix-1.patch b/src/patches/portmap-5beta-glibc_errno_fix-1.patch deleted file mode 100644 index e38b7ae..0000000 --- a/src/patches/portmap-5beta-glibc_errno_fix-1.patch +++ /dev/null @@ -1,17 +0,0 @@ -Submitted By: Tushar Teredesai tushar@linuxfromscratch.org -Date: 2003-10-04 -Initial Package Version: 5beta -Origin: None -Description: Fix compilation with recent glibc versions. ---- portmap_5beta/portmap.c 2003-03-10 12:32:26.000000000 -0600 -+++ portmap_5beta/portmap.c.new 2003-03-10 12:38:01.000000000 -0600 -@@ -129,7 +129,8 @@ - static void callit(); - struct pmaplist *pmaplist; - int debugging = 0; --extern int errno; -+#include <errno.h> -+/* extern int errno; */ - - #include "pmap_check.h" - diff --git a/src/patches/r8101_add_missing_pciids.patch b/src/patches/r8101_add_missing_pciids.patch deleted file mode 100644 index a065493..0000000 --- a/src/patches/r8101_add_missing_pciids.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur r8101-1.013.00.org/src/r8101_n.c r8101-1.013.00/src/r8101_n.c ---- r8101-1.013.00.org/src/r8101_n.c 2009-07-14 09:10:53.000000000 +0200 -+++ r8101-1.013.00/src/r8101_n.c 2009-10-22 18:19:07.000000000 +0200 -@@ -103,6 +103,7 @@ - - static struct pci_device_id rtl8101_pci_tbl[] = { - { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8136), }, -+ { 0x0001, 0x8168, PCI_ANY_ID, 0x2410, }, - {0,}, - }; - diff --git a/src/patches/r8169_add_missing_pciids.patch b/src/patches/r8169_add_missing_pciids.patch deleted file mode 100644 index dab3af0..0000000 --- a/src/patches/r8169_add_missing_pciids.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -Naur r8169-6.011.00.org/src/r8169_n.c r8169-6.011.00/src/r8169_n.c ---- r8169-6.011.00.org/src/r8169_n.c 2009-07-14 08:39:25.000000000 +0200 -+++ r8169-6.011.00/src/r8169_n.c 2009-10-22 19:18:42.000000000 +0200 -@@ -114,6 +114,11 @@ - static struct pci_device_id rtl8169_pci_tbl[] = { - { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8167), 0, 0, RTL_CFG_0 }, - { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8169), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8129), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(PCI_VENDOR_ID_DLINK, 0x4300), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(PCI_VENDOR_ID_AT, 0xC107), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(0x16EC, 0x0116), 0, 0, RTL_CFG_0 }, -+ { PCI_VENDOR_ID_LINKSYS, 0x1032, PCI_ANY_ID, 0x0024, 0, 0, RTL_CFG_0 }, - {0,}, - }; - diff --git a/src/patches/skbuff-xen-imq.diff b/src/patches/skbuff-xen-imq.diff deleted file mode 100644 index 8db010d..0000000 --- a/src/patches/skbuff-xen-imq.diff +++ /dev/null @@ -1,21 +0,0 @@ ---- linux-2.6.27.21/include/linux/skbuff.h 2009-04-03 10:39:10.000000000 +0000 -+++ linux-2.6.27.21/include/linux/skbuff.h 2009-04-03 10:41:59.000000000 +0000 -@@ -330,11 +330,17 @@ - #if defined(CONFIG_MAC80211) || defined(CONFIG_MAC80211_MODULE) - __u8 do_not_encrypt:1; - #endif -- /* 0/13/14 bit hole */ -+ - #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) - __u8 imq_flags:IMQ_F_BITS; - #endif - -+#ifdef CONFIG_XEN -+ __u8 proto_data_valid:1, -+ proto_csum_blank:1; -+#endif -+ /* 10-16 bit hole */ -+ - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; - #endif diff --git a/src/patches/sysklogd-1.4.1-8bit-1.patch b/src/patches/sysklogd-1.4.1-8bit-1.patch deleted file mode 100644 index de12167..0000000 --- a/src/patches/sysklogd-1.4.1-8bit-1.patch +++ /dev/null @@ -1,23 +0,0 @@ -Submitted By: Alexander E. Patrakov -Date: 2004-05-09 -Initial Package Version: 1.4.1 -Origin: Alexander E. Patrakov -Upstream status: not submitted yet, probably will not be accepted -Description: Weakens rules for determining whether a character is printable. -Now only bytes < 0x20 and the 0x7f byte are considered to be unprintable. -The original rules were valid for ISO-8859-* and KOI*. - -Without this fix, logging meaningful Russian messages in UTF-8 is impossible. - -diff -u sysklogd-1.4.1/syslogd.c sysklogd-1.4.1.fixed/syslogd.c ---- sysklogd-1.4.1/syslogd.c 2001-03-12 00:40:10.000000000 +0500 -+++ sysklogd-1.4.1.fixed/syslogd.c 2004-05-09 09:05:42.972864104 +0600 -@@ -1449,7 +1449,7 @@ - else if (c < 040) { - *q++ = '^'; - *q++ = c ^ 0100; -- } else if (c == 0177 || (c & 0177) < 040) { -+ } else if (c == 0177) { - *q++ = '\'; - *q++ = '0' + ((c & 0300) >> 6); - *q++ = '0' + ((c & 0070) >> 3); diff --git a/src/patches/sysklogd-1.4.1-fixes-1.patch b/src/patches/sysklogd-1.4.1-fixes-1.patch deleted file mode 100644 index 68ac87c..0000000 --- a/src/patches/sysklogd-1.4.1-fixes-1.patch +++ /dev/null @@ -1,833 +0,0 @@ -Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) -Date: 2005-01-23 -Initial Package Version: 1.4.1 -Upstream Status: Not submitted -Origin: http://www.infodrom.org/projects/sysklogd/cvs.php3 -Description: This patch is a cvs snapshot update as of 20050123. -Minus the debain and CVS directories. See the CHANGES. - -diff -Naur sysklogd-1.4.1/CHANGES sysklogd-20050123/CHANGES ---- sysklogd-1.4.1/CHANGES 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/CHANGES 2005-01-15 14:14:21.000000000 -0500 -@@ -1,3 +1,42 @@ -+Version 1.4.2 -+ -+ . Dmitry V. Levin ldv@altlinux.org -+ - Close file descriptor in FindSymbolFile() in ksym.c in order not to -+ leak file descriptors. -+ . Solar Designer solar@openwall.com -+ - improve crunch_list() -+ - Prevent potential buffer overflow in reading messages from the -+ kernel log ringbuffer. -+ - Ensure that "len" is not placed in a register, and that the -+ endtty() signal handler is not installed too early which could -+ cause a segmentation fault or worse. -+ . Steve Grubb linux_4ever@yahoo.com -+ - fix memory calculation in crunch_list() -+ . Martin Schulze joey@infodrom.org -+ - klogd will reconnect to the logger (mostly syslogd) after it went -+ away -+ - On heavily loaded system syslog will not spit out error messages -+ anymore when recvfrom() results in EAGAIN -+ - Makefile improvements -+ - Local copy of module.h -+ - Improved sysklogd.8 -+ - Always log with syslogd's timezone and locale -+ - Remove trailing newline when forwarding messages -+ . Jon Burgess Jon_Burgess@eur.3com.com -+ - Moved the installation of the signal handler up a little bit so it -+ guaranteed to be available when the child is forked, hence, fixing a -+ race condition. This used to create problems with UML and fast -+ machines. -+ . Greg Trounson gregt@maths.otago.ac.nz -+ - Improved README.linux -+ . Ulf Härnhammar Ulf.Harnhammar.9485@student.uu.se -+ - Bondary check for fscanf() in InitKsyms() and CheckMapVersion() -+ . Colin Phipps cph@cph.demon.co.uk -+ - Don't block on the network socket in case of package los -+ . Dirk Mueller mueller@kde.org -+ - Don't crash when filesize limit is reached (e.g. without LFS) -+ -+ - Version 1.4.1 - - . klogd will set the console log level only if `-c' is given on the -@@ -30,3 +69,9 @@ - . Olaf Kirch okir@caldera.de - - Remove Unix Domain Sockets and switch to Datagram Unix Sockets - . Several bugfixes and improvements, please refer to the .c files -+ -+ -+Local variables: -+mode: indented-text -+fill-column: 72 -+End: -diff -Naur sysklogd-1.4.1/klogd.8 sysklogd-20050123/klogd.8 ---- sysklogd-1.4.1/klogd.8 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/klogd.8 2001-03-11 18:00:51.000000000 -0500 -@@ -321,7 +321,7 @@ - .B klogd - to reload the module symbol information whenever a protection fault - is detected. Caution should be used before invoking the program in --'paranoid' mode. The stability of the kernel and the operating -+&'paranoid&' mode. The stability of the kernel and the operating - environment is always under question when a protection fault occurs. - Since the klogd daemon must execute system calls in order to read the - module symbol information there is the possibility that the system may -diff -Naur sysklogd-1.4.1/klogd.c sysklogd-20050123/klogd.c ---- sysklogd-1.4.1/klogd.c 2001-03-11 14:40:10.000000000 -0500 -+++ sysklogd-20050123/klogd.c 2004-04-29 09:29:03.000000000 -0400 -@@ -243,6 +243,9 @@ - * people have submitted patches: Troels Walsted Hansen - * troels@thule.no, Wolfgang Oertl Wolfgang.Oertl@uibk.ac.at - * and Thomas Roessler. -+ * Thu Apr 29 15:24:07 2004: Solar Designer solar@openwall.com -+ * Prevent potential buffer overflow in reading messages from the -+ * kernel log rinbuffer. - */ - - -@@ -938,7 +941,7 @@ - * messages into this fresh buffer. - */ - memset(log_buffer, '\0', sizeof(log_buffer)); -- if ( (rdcnt = ksyslog(2, log_buffer, sizeof(log_buffer))) < 0 ) -+ if ( (rdcnt = ksyslog(2, log_buffer, sizeof(log_buffer)-1)) < 0 ) - { - if ( errno == EINTR ) - return; -diff -Naur sysklogd-1.4.1/ksym.c sysklogd-20050123/ksym.c ---- sysklogd-1.4.1/ksym.c 2000-09-12 17:53:31.000000000 -0400 -+++ sysklogd-20050123/ksym.c 2004-07-16 02:48:27.000000000 -0400 -@@ -105,6 +105,15 @@ - * - * Tue Sep 12 23:48:12 CEST 2000: Martin Schulze joey@infodrom.ffis.de - * Close symbol file in InitKsyms() when an error occurred. -+ * -+ * Thu Apr 29 18:07:16 CEST 2004: Dmitry Levin ldv@altlinux.org -+ * Close file descriptor in FindSymbolFile() in order not to leak -+ * file descriptors. -+ * -+ * Fri Jul 16 08:32:49 CEST 2004: Ulf Härnhammar Ulf.Harnhammar.9485@student.uu.se -+ * Added boundary check for fscanf() in InitKsyms() and -+ * CheckMapVersion() to prevent an unintended crash when reading -+ * an incorrect System.map. - */ - - -@@ -236,7 +245,7 @@ - */ - while ( !feof(sym_file) ) - { -- if ( fscanf(sym_file, "%lx %c %s\n", &address, &type, sym) -+ if ( fscanf(sym_file, "%lx %c %511s\n", &address, &type, sym) - != 3 ) - { - Syslog(LOG_ERR, "Error in symbol table input (#1)."); -@@ -344,6 +353,7 @@ - if ( (sym_file = fopen(symfile, "r")) != (FILE *) 0 ) { - if (CheckMapVersion(symfile) == 1) - file = symfile; -+ fclose (sym_file); - } - if (sym_file == (FILE *) 0 || file == (char *) 0) { - sprintf (symfile, "%s", *mf); -@@ -352,6 +362,7 @@ - if ( (sym_file = fopen(symfile, "r")) != (FILE *) 0 ) { - if (CheckMapVersion(symfile) == 1) - file = symfile; -+ fclose (sym_file); - } - } - -@@ -533,7 +544,7 @@ - version = 0; - while ( !feof(sym_file) && (version == 0) ) - { -- if ( fscanf(sym_file, "%lx %c %s\n", &address, \ -+ if ( fscanf(sym_file, "%lx %c %511s\n", &address, \ - &type, sym) != 3 ) - { - Syslog(LOG_ERR, "Error in symbol table input (#2)."); -@@ -899,3 +910,11 @@ - return; - } - #endif -+ -+/* -+ * Local variables: -+ * c-indent-level: 8 -+ * c-basic-offset: 8 -+ * tab-width: 8 -+ * End: -+ */ -diff -Naur sysklogd-1.4.1/ksym_mod.c sysklogd-20050123/ksym_mod.c ---- sysklogd-1.4.1/ksym_mod.c 2000-09-12 17:15:28.000000000 -0400 -+++ sysklogd-20050123/ksym_mod.c 2004-03-31 10:47:08.000000000 -0500 -@@ -78,6 +78,11 @@ - * - * Tue Sep 12 23:11:13 CEST 2000: Martin Schulze joey@infodrom.ffis.de - * Changed llseek() to lseek64() in order to skip a libc warning. -+ * -+ * Wed Mar 31 17:35:01 CEST 2004: Martin Schulze joey@infodrom.org -+ * Removed references to <linux/module.h> since it doesn't work -+ * anymore with its recent content from Linux 2.4/2.6, created -+ * module.h locally instead. - */ - - -@@ -89,11 +94,12 @@ - #include <errno.h> - #include <sys/fcntl.h> - #include <sys/stat.h> -+#include "module.h" - #if !defined(__GLIBC__) - #include <linux/time.h> --#include <linux/module.h> -+#include <linux/linkage.h> - #else /* __GLIBC__ */ --#include <linux/module.h> -+#include <linux/linkage.h> - extern __off64_t lseek64 __P ((int __fd, __off64_t __offset, int __whence)); - extern int get_kernel_syms __P ((struct kernel_sym *__table)); - #endif /* __GLIBC__ */ -@@ -107,7 +113,7 @@ - - #if !defined(__GLIBC__) - /* -- * The following bit uses some kernel/library magic to product what -+ * The following bit uses some kernel/library magic to produce what - * looks like a function call to user level code. This function is - * actually a system call in disguise. The purpose of the getsyms - * call is to return a current copy of the in-kernel symbol table. -diff -Naur sysklogd-1.4.1/Makefile sysklogd-20050123/Makefile ---- sysklogd-1.4.1/Makefile 1998-10-12 16:25:15.000000000 -0400 -+++ sysklogd-20050123/Makefile 2004-04-29 07:04:03.000000000 -0400 -@@ -4,12 +4,15 @@ - #CFLAGS= -g -DSYSV -Wall - #LDFLAGS= -g - CFLAGS= $(RPM_OPT_FLAGS) -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce -+# -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE - LDFLAGS= -s - - # Look where your install program is. - INSTALL = /usr/bin/install --BINDIR = /usr/sbin --MANDIR = /usr/man -+ -+# Destination paths, set prefix=/opt if required -+BINDIR = $(prefix)/usr/sbin -+MANDIR = $(prefix)/usr/share/man - - # There is one report that under an all ELF system there may be a need to - # explicilty link with libresolv.a. If linking syslogd fails you may wish -@@ -34,8 +37,9 @@ - # The following define establishes ownership for the man pages. - # Avery tells me that there is a difference between Debian and - # Slackware. Rather than choose sides I am leaving it up to the user. --MAN_OWNER = root --# MAN_OWNER = man -+MAN_USER = root -+MAN_GROUP = root -+MAN_PERMS = 644 - - # The following define establishes the name of the pid file for the - # syslogd daemon. The library include file (paths.h) defines the -@@ -116,7 +120,7 @@ - ${INSTALL} -m 500 -s klogd ${BINDIR}/klogd - - install_man: -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 sysklogd.8 ${MANDIR}/man8/sysklogd.8 -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 syslogd.8 ${MANDIR}/man8/syslogd.8 -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 syslog.conf.5 ${MANDIR}/man5/syslog.conf.5 -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 klogd.8 ${MANDIR}/man8/klogd.8 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} sysklogd.8 ${MANDIR}/man8/sysklogd.8 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} syslogd.8 ${MANDIR}/man8/syslogd.8 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} syslog.conf.5 ${MANDIR}/man5/syslog.conf.5 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} klogd.8 ${MANDIR}/man8/klogd.8 -diff -Naur sysklogd-1.4.1/module.h sysklogd-20050123/module.h ---- sysklogd-1.4.1/module.h 1969-12-31 19:00:00.000000000 -0500 -+++ sysklogd-20050123/module.h 2004-07-27 07:36:10.000000000 -0400 -@@ -0,0 +1,90 @@ -+/* -+ module.h - Miscellaneous module definitions -+ Copyright (c) 1996 Richard Henderson rth@tamu.edu -+ Copyright (c) 2004 Martin Schulze joey@infodrom.org -+ -+ This file is part of the sysklogd package. -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+*/ -+ -+/* ChangeLog: -+ * -+ * Wed Mar 31 17:35:01 CEST 2004: Martin Schulze joey@infodrom.org -+ * Created local copy of module.h based on the content of Linux -+ * 2.2 since <linux/module.h> doesn't work anymore with its -+ * recent content from Linux 2.4/2.6. -+ */ -+ -+#include <asm/atomic.h> -+ -+#define MODULE_NAME_LEN 60 -+ -+struct kernel_sym -+{ -+ unsigned long value; -+ char name[MODULE_NAME_LEN]; -+}; -+ -+ -+struct list_head { -+ struct list_head *next, *prev; -+}; -+ -+ -+struct module_info -+{ -+ unsigned long addr; -+ unsigned long size; -+ unsigned long flags; -+ long usecount; -+}; -+ -+ -+struct module -+{ -+ unsigned long size_of_struct; /* == sizeof(module) */ -+ struct module *next; -+ const char *name; -+ unsigned long size; -+ -+ union -+ { -+ int usecount; -+ long pad; -+ } uc; /* Needs to keep its size - so says rth */ -+ -+ unsigned long flags; /* AUTOCLEAN et al */ -+ -+ unsigned nsyms; -+ unsigned ndeps; -+ -+ struct module_symbol *syms; -+ struct module_ref *deps; -+ struct module_ref *refs; -+ int (*init)(void); -+ void (*cleanup)(void); -+ const struct exception_table_entry *ex_table_start; -+ const struct exception_table_entry *ex_table_end; -+#ifdef __alpha__ -+ unsigned long gp; -+#endif -+ /* Members past this point are extensions to the basic -+ module support and are optional. Use mod_opt_member() -+ to examine them. */ -+ const struct module_persist *persist_start; -+ const struct module_persist *persist_end; -+ int (*can_unload)(void); -+}; -diff -Naur sysklogd-1.4.1/pidfile.c sysklogd-20050123/pidfile.c ---- sysklogd-1.4.1/pidfile.c 1998-02-10 17:37:12.000000000 -0500 -+++ sysklogd-20050123/pidfile.c 2003-09-27 22:38:18.000000000 -0400 -@@ -87,7 +87,7 @@ - int fd; - int pid; - -- if ( ((fd = open(pidfile, O_RDWR|O_CREAT, 0644)) == -1) -+ if ( ((fd = open(pidfile, O_RDWR|O_CREAT|O_TRUNC, 0644)) == -1) - || ((f = fdopen(fd, "r+")) == NULL) ) { - fprintf(stderr, "Can't open or create %s.\n", pidfile); - return 0; -diff -Naur sysklogd-1.4.1/README.1st sysklogd-20050123/README.1st ---- sysklogd-1.4.1/README.1st 1997-06-02 13:21:39.000000000 -0400 -+++ sysklogd-20050123/README.1st 2003-09-04 09:22:23.000000000 -0400 -@@ -1,5 +1,5 @@ --Very important information before using version 1.3 ----------------------------------------------------- -+Important information -+--------------------- - - The included version of syslogd behaves in a slightly different manner - to the one in former releases. Please review the following important -@@ -63,3 +63,10 @@ - these scripts should remove all old .pid files found in /var/run. - This will insure that klogd and syslogd start properly even if prior - executions have been terminated harshly. -+ -+* Large file support, i.e. support to write to log files that are -+ larger than 2 GB is not part of syslogd, but a matter of the Glibc -+ emitting different system calls to the kernel interface. To support -+ large files you'll have to compile syslogd with the compiler defines -+ -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE so that glibc adjusts the -+ system calls. -diff -Naur sysklogd-1.4.1/README.linux sysklogd-20050123/README.linux ---- sysklogd-1.4.1/README.linux 1999-01-18 19:09:12.000000000 -0500 -+++ sysklogd-20050123/README.linux 2004-07-09 13:22:29.000000000 -0400 -@@ -40,12 +40,17 @@ - a useful addition to the software gene pool. - - There is a mailing list covering this package and syslog in general. --The lists address is sysklogd@Infodrom.North.DE . To subscribe send a --mail to Majordomo@Infodrom.North.DE with a line "subscribe sysklogd" -+The lists address is infodrom-sysklogd@lists.infodrom.org . To subscribe send a -+mail to majordomo@lists.infodrom.org with a line "subscribe infodrom-sysklogd" - in the message body. - --New versions of this package will be available at Joey's ftp server. --ftp://ftp.infodrom.north.de/pub/people/joey/sysklogd/ -+A second mailing list exists as infodrom-sysklogd-cvs@lists.infodrom.org. Only -+CVS messages and diffs are distributed there. Whenever new code is added to -+sysklogd, CVS generates a mail from these changes which will be sent to -+this list. Discussions will take place on the first list. -+ -+The latest version of this software can be found at: -+http://www.infodrom.org/projects/sysklogd/download.php3 - - Best regards, - -@@ -67,6 +72,6 @@ - - Martin Schulze - Infodrom Oldenburg --joey@linux.de -+joey@infodrom.org - --And a host of bug reporters whose contributions cannot be underestimated. -+And a number of bug reporters whose contributions cannot be underestimated. -diff -Naur sysklogd-1.4.1/sysklogd.8 sysklogd-20050123/sysklogd.8 ---- sysklogd-1.4.1/sysklogd.8 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/sysklogd.8 2004-07-09 13:33:32.000000000 -0400 -@@ -84,7 +84,7 @@ - .B MAXFUNIX - within the syslogd.c source file. An example for a chroot() daemon is - described by the people from OpenBSD at --http://www.psionic.com/papers/dns.html. -+http://www.guides.sk/psionic/dns/. - .TP - .B "-d" - Turns on debug mode. Using this the daemon will not proceed a -@@ -117,7 +117,8 @@ - between two \fI-- MARK --\fR lines is 20 minutes. This can be changed - with this option. Setting the - .I interval --to zero turns it off entirely. -+to zero turns it off entirely. Depending on other log messages -+generated these lines may not be written consecutively. - .TP - .B "-n" - Avoid auto-backgrounding. This is needed especially if the -@@ -364,8 +365,10 @@ - - To avoid this in further times no messages that were received from a - remote host are sent out to another (or the same) remote host --anymore. If there are scenarios where this doesn't make sense, please --drop me (Joey) a line. -+anymore. If you experience are setup in which this doesn't make -+sense, please use the -+.B -h -+commandline switch. - - If the remote host is located in the same domain as the host, - .B syslogd -diff -Naur sysklogd-1.4.1/syslog.c sysklogd-20050123/syslog.c ---- sysklogd-1.4.1/syslog.c 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/syslog.c 2003-08-27 11:56:01.000000000 -0400 -@@ -47,6 +47,9 @@ - * Sun Mar 11 20:23:44 CET 2001: Martin Schulze joey@infodrom.ffis.de - * Use SOCK_DGRAM for loggin, renables it to work. - * -+ * Wed Aug 27 17:48:16 CEST 2003: Martin Schulze joey@Infodrom.org -+ * Improved patch by Michael Pomraning mjp@securepipe.com to -+ * reconnect klogd to the logger after it went away. - */ - - #include <sys/types.h> -@@ -98,6 +101,7 @@ - register char *p; - time_t now; - int fd, saved_errno; -+ int result; - char tbuf[2048], fmt_cpy[1024], *stdp = (char *) 0; - - saved_errno = errno; -@@ -167,7 +171,16 @@ - } - - /* output the message to the local logger */ -- if (write(LogFile, tbuf, cnt + 1) >= 0 || !(LogStat&LOG_CONS)) -+ result = write(LogFile, tbuf, cnt + 1); -+ -+ if (result == -1 -+ && (errno == ECONNRESET || errno == ENOTCONN || errno == ECONNREFUSED)) { -+ closelog(); -+ openlog(LogTag, LogStat | LOG_NDELAY, LogFacility); -+ result = write(LogFile, tbuf, cnt + 1); -+ } -+ -+ if (result >= 0 || !(LogStat&LOG_CONS)) - return; - - /* -diff -Naur sysklogd-1.4.1/syslog.conf.5 sysklogd-20050123/syslog.conf.5 ---- sysklogd-1.4.1/syslog.conf.5 1999-08-21 06:49:14.000000000 -0400 -+++ sysklogd-20050123/syslog.conf.5 2003-05-22 15:31:20.000000000 -0400 -@@ -64,7 +64,7 @@ - The - .I facility - is one of the following keywords: --.BR auth ", " authpriv ", " cron ", " daemon ", " kern ", " lpr ", " -+.BR auth ", " authpriv ", " cron ", " daemon ", " ftp ", " kern ", " lpr ", " - .BR mail ", " mark ", " news ", " security " (same as " auth "), " - .BR syslog ", " user ", " uucp " and " local0 " through " local7 . - The keyword -@@ -121,12 +121,21 @@ - - This - .BR syslogd (8) --has a syntax extension to the original BSD source, that makes its use -+has a syntax extension to the original BSD source, which makes its use - more intuitively. You may precede every priority with an equation sign --(``='') to specify only this single priority and not any of the --above. You may also (both is valid, too) precede the priority with an --exclamation mark (``!'') to ignore all that priorities, either exact --this one or this and any higher priority. If you use both extensions -+(``='') to specify that -+.B syslogd -+should only refer to this single priority and not this priority and -+all higher priorities. -+ -+You may also precide the priority with an exclamation mark (``!'') if -+you want -+.B syslogd -+to ignore this priority and all higher priorities. -+You may even use both, the exclamation mark and the equation sign if -+you want -+.B syslogd -+to ignore only this single priority. If you use both extensions - than the exclamation mark must occur before the equation sign, just - use it intuitively. - -@@ -300,7 +309,7 @@ - .B syslogd - log all messages that come with either the - .BR info " or the " notice --facility into the file -+priority into the file - .IR /var/log/messages , - except for all messages that use the - .B mail -diff -Naur sysklogd-1.4.1/syslogd.c sysklogd-20050123/syslogd.c ---- sysklogd-1.4.1/syslogd.c 2001-03-11 14:40:10.000000000 -0500 -+++ sysklogd-20050123/syslogd.c 2005-01-15 14:13:08.000000000 -0500 -@@ -441,6 +441,39 @@ - * Don't return a closed fd if `-a' is called with a wrong path. - * Thanks to Bill Nottingham notting@redhat.com for providing - * a patch. -+ * Thu Apr 13 05:08:10 CEST 2001: Jon Burgess Jon_Burgess@eur.3com.com -+ * Moved the installation of the signal handler up a little bit -+ * so it guaranteed to be available when the child is forked, -+ * hence, fixing a race condition. This used to create problems -+ * with UML and fast machines. -+ * -+ * Sat Apr 17 18:03:05 CEST 2004: Steve Grubb linux_4ever@yahoo.com -+ * Correct memory allocation for for commandline arguments in -+ * crunch_list(). -+ * -+ * Thu Apr 29 12:38:39 CEST 2004: Solar Designer solar@openwall.com -+ * Applied Openwall paranoia patches to improve crunch_list(). -+ * -+ * Tue May 4 16:47:30 CEST 2004: Solar Designer solar@openwall.com -+ * Ensure that "len" is not placed in a register, and that the -+ * endtty() signal handler is not installed too early which could -+ * cause a segmentation fault or worse. -+ * -+ * Tue May 4 16:52:01 CEST 2004: Solar Designer solar@openwall.com -+ * Adjust the size of a variable to prevent a buffer overflow -+ * should _PATH_DEV ever contain something different than "/dev/". -+ * -+ * Tue Nov 2 20:28:23 CET 2004: Colin Phipps cph@cph.demon.co.uk -+ * Don't block on the network socket, in case a packet gets lost -+ * between select and recv. -+ * -+ * Sun Nov 7 12:28:47 CET 2004: Martin Schulze joey@infodrom.org -+ * Discard any timestamp information found in received syslog -+ * messages. This will affect local messages sent from a -+ * different timezone. -+ * -+ * Sun Nov 7 13:47:00 CET 2004: Martin Schulze joey@infodrom.org -+ * Remove trailing newline when forwarding messages. - */ - - -@@ -890,11 +923,11 @@ - dprintf("Checking pidfile.\n"); - if (!check_pid(PidFile)) - { -+ signal (SIGTERM, doexit); - if (fork()) { - /* - * Parent process - */ -- signal (SIGTERM, doexit); - sleep(300); - /* - * Not reached unless something major went wrong. 5 -@@ -992,6 +1025,7 @@ - (void) signal(SIGCHLD, reapchild); - (void) signal(SIGALRM, domark); - (void) signal(SIGUSR1, Debug ? debug_switch : SIG_IGN); -+ (void) signal(SIGXFSZ, SIG_IGN); - (void) alarm(TIMERINTVL); - - /* Create a partial message table for all file descriptors. */ -@@ -1141,13 +1175,13 @@ - */ - printchopped(from, line, \ - i + 2, finet); -- } else if (i < 0 && errno != EINTR) { -+ } else if (i < 0 && errno != EINTR && errno != EAGAIN) { - dprintf("INET socket error: %d = %s.\n", \ - errno, strerror(errno)); - logerror("recvfrom inet"); - /* should be harmless now that we set - * BSDCOMPAT on the socket */ -- sleep(10); -+ sleep(1); - } - } - #endif -@@ -1216,6 +1250,7 @@ - { - int fd, on = 1; - struct sockaddr_in sin; -+ int sockflags; - - fd = socket(AF_INET, SOCK_DGRAM, 0); - if (fd < 0) { -@@ -1241,6 +1276,24 @@ - close(fd); - return -1; - } -+ /* We must not block on the network socket, in case a packet -+ * gets lost between select and recv, otherise the process -+ * will stall until the timeout, and other processes trying to -+ * log will also stall. -+ */ -+ if ((sockflags = fcntl(fd, F_GETFL)) != -1) { -+ sockflags |= O_NONBLOCK; -+ /* -+ * SETFL could fail too, so get it caught by the subsequent -+ * error check. -+ */ -+ sockflags = fcntl(fd, F_SETFL, sockflags); -+ } -+ if (sockflags == -1) { -+ logerror("fcntl(O_NONBLOCK), suspending inet"); -+ close(fd); -+ return -1; -+ } - if (bind(fd, (struct sockaddr *) &sin, sizeof(sin)) < 0) { - logerror("bind, suspending inet"); - close(fd); -@@ -1254,30 +1307,26 @@ - crunch_list(list) - char *list; - { -- int count, i; -+ int i, m, n; - char *p, *q; - char **result = NULL; - - p = list; - - /* strip off trailing delimiters */ -- while (p[strlen(p)-1] == LIST_DELIMITER) { -- count--; -+ while (*p && p[strlen(p)-1] == LIST_DELIMITER) - p[strlen(p)-1] = '\0'; -- } - /* cut off leading delimiters */ -- while (p[0] == LIST_DELIMITER) { -- count--; -+ while (p[0] == LIST_DELIMITER) - p++; -- } - -- /* count delimiters to calculate elements */ -- for (count=i=0; p[i]; i++) -- if (p[i] == LIST_DELIMITER) count++; -+ /* count delimiters to calculate the number of elements */ -+ for (n = i = 0; p[i]; i++) -+ if (p[i] == LIST_DELIMITER) n++; - -- if ((result = (char **)malloc(sizeof(char *) * count+2)) == NULL) { -+ if ((result = (char **)malloc(sizeof(char *) * (n + 2))) == NULL) { - printf ("Sorry, can't get enough memory, exiting.\n"); -- exit(0); -+ exit(1); - } - - /* -@@ -1285,30 +1334,28 @@ - * characters are different from any delimiters, - * so we don't have to care about this. - */ -- count = 0; -- while ((q=strchr(p, LIST_DELIMITER))) { -- result[count] = (char *) malloc((q - p + 1) * sizeof(char)); -- if (result[count] == NULL) { -+ m = 0; -+ while ((q = strchr(p, LIST_DELIMITER)) && m < n) { -+ result[m] = (char *) malloc((q - p + 1) * sizeof(char)); -+ if (result[m] == NULL) { - printf ("Sorry, can't get enough memory, exiting.\n"); -- exit(0); -+ exit(1); - } -- strncpy(result[count], p, q - p); -- result[count][q - p] = '\0'; -+ memcpy(result[m], p, q - p); -+ result[m][q - p] = '\0'; - p = q; p++; -- count++; -+ m++; - } -- if ((result[count] = \ -- (char *)malloc(sizeof(char) * strlen(p) + 1)) == NULL) { -+ if ((result[m] = strdup(p)) == NULL) { - printf ("Sorry, can't get enough memory, exiting.\n"); -- exit(0); -+ exit(1); - } -- strcpy(result[count],p); -- result[++count] = NULL; -+ result[++m] = NULL; - - #if 0 -- count=0; -- while (result[count]) -- dprintf ("#%d: %s\n", count, StripDomains[count++]); -+ m = 0; -+ while (result[m]) -+ dprintf ("#%d: %s\n", m, result[m++]); - #endif - return result; - } -@@ -1548,21 +1595,25 @@ - - /* - * Check to see if msg looks non-standard. -+ * -+ * A message looks like -+ * Nov 17 11:42:33 CRON[ -+ * 01234567890123456 -+ * ^ ^ ^ ^ ^ -+ * -+ * Remote messages are not accompanied by a timestamp. -+ * Local messages are accompanied by a timestamp (program's timezone) - */ - msglen = strlen(msg); -- if (msglen < 16 || msg[3] != ' ' || msg[6] != ' ' || -- msg[9] != ':' || msg[12] != ':' || msg[15] != ' ') -- flags |= ADDDATE; -- -- (void) time(&now); -- if (flags & ADDDATE) -- timestamp = ctime(&now) + 4; -- else { -- timestamp = msg; -+ if (!(msglen < 16 || msg[3] != ' ' || msg[6] != ' ' || -+ msg[9] != ':' || msg[12] != ':' || msg[15] != ' ')) { - msg += 16; - msglen -= 16; - } - -+ (void) time(&now); -+ timestamp = ctime(&now) + 4; -+ - /* extract facility and priority level */ - if (flags & MARK) - fac = LOG_NFACILITIES; -@@ -1771,7 +1822,7 @@ - dprintf("Not sending message to remote.\n"); - else { - f->f_time = now; -- (void) snprintf(line, sizeof(line), "<%d>%s\n", f->f_prevpri, \ -+ (void) snprintf(line, sizeof(line), "<%d>%s", f->f_prevpri, \ - (char *) iov[4].iov_base); - l = strlen(line); - if (l > MAXLINE) -@@ -1815,7 +1866,7 @@ - v->iov_len = 1; - } - again: -- /* f->f_file == -1 is an indicator that the we couldn't -+ /* f->f_file == -1 is an indicator that we couldn't - open the file at startup. */ - if (f->f_file == -1) - break; -@@ -1852,7 +1903,7 @@ - errno = e; - logerror(f->f_un.f_fname); - } -- } else if (f->f_flags & SYNC_FILE) -+ } else if (f->f_type == F_FILE && (f->f_flags & SYNC_FILE)) - (void) fsync(f->f_file); - break; - -@@ -1891,7 +1942,7 @@ - register struct filed *f; - struct iovec *iov; - { -- char p[6 + UNAMESZ]; -+ char p[sizeof (_PATH_DEV) + UNAMESZ]; - register int i; - int ttyf, len; - static int reenter = 0; -@@ -1899,6 +1950,8 @@ - struct utmp *uptr; - char greetings[200]; - -+ (void) &len; -+ - if (reenter++) - return; - -@@ -1913,7 +1966,6 @@ - if (fork() == 0) { - (void) signal(SIGTERM, SIG_DFL); - (void) alarm(0); -- (void) signal(SIGALRM, endtty); - #ifndef SYSV - (void) signal(SIGTTOU, SIG_IGN); - (void) sigsetmask(0); -@@ -1929,7 +1981,7 @@ - /* is this slot used? */ - if (ut.ut_name[0] == '\0') - continue; -- if (ut.ut_type == LOGIN_PROCESS) -+ if (ut.ut_type != USER_PROCESS) - continue; - if (!(strcmp (ut.ut_name,"LOGIN"))) /* paranoia */ - continue; -@@ -1959,6 +2011,7 @@ - iov[1].iov_len = 0; - } - if (setjmp(ttybuf) == 0) { -+ (void) signal(SIGALRM, endtty); - (void) alarm(15); - /* open the terminal */ - ttyf = open(p, O_WRONLY|O_NOCTTY); diff --git a/src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch b/src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch deleted file mode 100644 index 3aece3a..0000000 --- a/src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -Naur sysklogd-1.4.1.org/klogd.c sysklogd-1.4.1/klogd.c ---- sysklogd-1.4.1.org/klogd.c 2001-03-11 20:40:10.000000000 +0100 -+++ sysklogd-1.4.1/klogd.c 2010-01-20 19:49:36.000000000 +0100 -@@ -1171,10 +1171,24 @@ - switch ( logsrc ) - { - case kernel: -- LogKernelLine(); -+ if (ksyslog(9, NULL, 0)>0) -+ { -+ LogKernelLine(); -+ } -+ else -+ { -+ usleep(100000); -+ } - break; - case proc: -- LogProcLine(); -+ if (ksyslog(9, NULL, 0)>0) -+ { -+ LogProcLine(); -+ } -+ else -+ { -+ usleep(100000); -+ } - break; - case none: - pause(); diff --git a/src/patches/xen-co_assignment.patch b/src/patches/xen-co_assignment.patch deleted file mode 100644 index f0b59f0..0000000 --- a/src/patches/xen-co_assignment.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -r 6ab55f716ce3 tools/python/xen/util/pci.py ---- a/tools/python/xen/util/pci.py Thu Oct 09 17:18:11 2008 +0100 -+++ b/tools/python/xen/util/pci.py Fri Oct 10 13:16:00 2008 +0800 -@@ -696,6 +696,7 @@ class PciDevice: - def do_FLR(self): - """ Perform FLR (Functional Level Reset) for the device. - """ -+ return - if self.dev_type == DEV_TYPE_PCIe_ENDPOINT: - # If PCIe device supports FLR, we use it. - if self.pcie_flr: -diff -r 6ab55f716ce3 tools/python/xen/xend/server/pciif.py ---- a/tools/python/xen/xend/server/pciif.py Thu Oct 09 17:18:11 2008 +0100 -+++ b/tools/python/xen/xend/server/pciif.py Fri Oct 10 13:18:25 2008 +0800 -@@ -375,6 +375,7 @@ class PciController(DevController): - pci_dev_list = pci_dev_list + [(domain, bus, slot, func)] - - for (domain, bus, slot, func) in pci_dev_list: -+ continue - try: - dev = PciDevice(domain, bus, slot, func) - except Exception, e: diff --git a/src/patches/xen-cpufreq.patch b/src/patches/xen-cpufreq.patch deleted file mode 100644 index 4a8f3f3..0000000 --- a/src/patches/xen-cpufreq.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/xen/arch/x86/platform_hypercall.c 2009-07-23 07:26:18.000000000 +0000 -+++ b/xen/arch/x86/platform_hypercall.c 2009-07-23 07:28:30.000000000 +0000 -@@ -313,7 +313,6 @@ - { - uint32_t cpu; - uint64_t idletime, now = NOW(); -- struct vcpu *v; - struct xenctl_cpumap ctlmap; - cpumask_t cpumap; - XEN_GUEST_HANDLE(uint8) cpumap_bitmap; -@@ -336,7 +335,7 @@ - - for_each_cpu_mask ( cpu, cpumap ) - { -- if ( (v = idle_vcpu[cpu]) != NULL ) -+ if ( !idle_vcpu[cpu] ) - cpu_clear(cpu, cpumap); - idletime = get_cpu_idle_time(cpu); - diff --git a/src/patches/xen-passthrough-fix.patch b/src/patches/xen-passthrough-fix.patch deleted file mode 100644 index 75abd77..0000000 --- a/src/patches/xen-passthrough-fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: jbeulich@novell.com -Subject: also register pirq for DomU (which doesn't use the IO-APIC code) -References: bnc#463596 -Patch-mainline: obsolete - -Additionally make sure IRQ chip and handler aren't getting set twice -for an IRQ possibly in use by more than one device. - ---- head-2009-02-02.orig/arch/x86/pci/pcifront.c 2009-02-03 17:27:59.000000000 +0100 -+++ head-2009-02-02/arch/x86/pci/pcifront.c 2009-02-03 11:22:28.000000000 +0100 -@@ -8,12 +8,14 @@ - #include <linux/init.h> - #include <linux/pci.h> - #include <asm/acpi.h> -+#include <xen/evtchn.h> - #include "pci.h" - - static int pcifront_enable_irq(struct pci_dev *dev) - { - u8 irq; - pci_read_config_byte(dev, PCI_INTERRUPT_LINE, &irq); -+ evtchn_register_pirq(irq); - dev->irq = irq; - - return 0; ---- head-2009-02-02.orig/drivers/xen/core/evtchn.c 2009-01-14 15:16:43.000000000 +0100 -+++ head-2009-02-02/drivers/xen/core/evtchn.c 2009-02-03 17:34:44.000000000 +0100 -@@ -1561,7 +1561,7 @@ core_initcall(evtchn_register); - void evtchn_register_pirq(int irq) - { - BUG_ON(irq < PIRQ_BASE || irq - PIRQ_BASE > NR_PIRQS); -- if (identity_mapped_irq(irq)) -+ if (identity_mapped_irq(irq) || type_from_irq(irq) != IRQT_UNBOUND) - return; - irq_info[irq] = mk_irq_info(IRQT_PIRQ, irq, 0); - set_irq_chip_and_handler_name(irq, &pirq_chip, handle_level_irq, diff --git a/src/patches/xend-config.patch b/src/patches/xend-config.patch deleted file mode 100644 index fce98f9..0000000 --- a/src/patches/xend-config.patch +++ /dev/null @@ -1,99 +0,0 @@ ---- a/tools/examples/xend-config.sxp 2009-05-18 11:05:38.000000000 +0000 -+++ b/tools/examples/xend-config.sxp 2009-07-23 08:00:23.000000000 +0000 -@@ -14,10 +14,6 @@ - #(logfile /var/log/xen/xend.log) - #(loglevel DEBUG) - --# Uncomment the line below. Set the value to flask, acm, or dummy to --# select a security module. -- --#(xsm_module_name dummy) - - # The Xen-API server configuration. - # -@@ -58,21 +54,20 @@ - - - #(xend-http-server no) --#(xend-unix-server no) --#(xend-tcp-xmlrpc-server no) --#(xend-unix-xmlrpc-server yes) -+(xend-unix-server yes) -+(xend-tcp-xmlrpc-server yes) -+(xend-unix-xmlrpc-server yes) - #(xend-relocation-server no) - (xend-relocation-server yes) - #(xend-relocation-ssl-server no) --#(xend-udev-event-server no) - - #(xend-unix-path /var/lib/xend/xend-socket) - - - # Address and port xend should use for the legacy TCP XMLRPC interface, - # if xend-tcp-xmlrpc-server is set. --#(xend-tcp-xmlrpc-server-address 'localhost') --#(xend-tcp-xmlrpc-server-port 8006) -+(xend-tcp-xmlrpc-server-address 'localhost') -+(xend-tcp-xmlrpc-server-port 8006) - - # SSL key and certificate to use for the legacy TCP XMLRPC interface. - # Setting these will mean that this port serves only SSL connections as -@@ -82,11 +77,11 @@ - - - # Port xend should use for the HTTP interface, if xend-http-server is set. --#(xend-port 8000) -+(xend-port 8000) - - # Port xend should use for the relocation interface, if xend-relocation-server - # is set. --#(xend-relocation-port 8002) -+(xend-relocation-port 8002) - - # Port xend should use for the ssl relocation interface, if - # xend-relocation-ssl-server is set. -@@ -154,7 +149,7 @@ - # two fake interfaces per guest domain. To do things like this, write - # yourself a wrapper script, and call network-bridge from it, as appropriate. - # --(network-script network-bridge) -+(network-script network-dummy) - - # The script used to control virtual interfaces. This can be overridden on a - # per-vif basis when creating a domain or a configuring a new vif. The -@@ -169,7 +164,7 @@ - # If you are using only one bridge, the vif-bridge script will discover that, - # so there is no need to specify it explicitly. - # --(vif-script vif-bridge) -+#(vif-script vif-bridge) - - - ## Use the following if network traffic is routed, as an alternative to the -@@ -194,7 +189,7 @@ - - # In SMP system, dom0 will use dom0-cpus # of CPUS - # If dom0-cpus = 0, dom0 will take all cpus available --(dom0-cpus 0) -+#(dom0-cpus 0) - - # Whether to enable core-dumps when domains crash. - #(enable-dump no) -@@ -205,7 +200,7 @@ - # The interface for VNC servers to listen on. Defaults - # to 127.0.0.1 To restore old 'listen everywhere' behaviour - # set this to 0.0.0.0 --#(vnc-listen '127.0.0.1') -+(vnc-listen '0.0.0.0') - - # The default password for VNC console on HVM domain. - # Empty string is no authentication. -@@ -243,7 +238,7 @@ - - # The default keymap to use for the VM's virtual keyboard - # when not specififed in VM's configuration --#(keymap 'en-us') -+(keymap 'de') - - # Script to run when the label of a resource has changed. - #(resource-label-change-script '')
hooks/post-receive -- IPFire 2.x development tree