diff options
120 files changed, 999 insertions, 557 deletions
@@ -1,5 +1,4 @@ -- fix init scripts pidof? vs. killall -- rpm package backend +- make rpm package backend working - freebsd build - win cygwin build - netbsd build @@ -9,4 +8,3 @@ - network scripts for pppoe - customise mconf help texts to better fit for OpenADK - publish via trac - diff --git a/mk/modules.mk b/mk/modules.mk index bdb8fa897..19ab1b14d 100644 --- a/mk/modules.mk +++ b/mk/modules.mk @@ -269,6 +269,45 @@ $(eval $(call KMOD_template,INET_XFRM_MODE_BEET,net-ipsec-beet,\ ## Filtering / Firewalling ## # +# Ethernet Bridging firewall +# +$(eval $(call KMOD_template,BRIDGE_NF_EBTABLES,nf-ebtables,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtables \ +,55)) + +$(eval $(call KMOD_template,BRIDGE_EBT_BROUTE,nf-ebtables-broute,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_broute \ +,60)) + +$(eval $(call KMOD_template,BRIDGE_EBT_T_FILTER,nf-ebtables-filter,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_filter \ +,60)) + +$(eval $(call KMOD_template,BRIDGE_EBT_T_NAT,nf-ebtables-nat,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_nat \ +,60)) + +$(eval $(call KMOD_template,BRIDGE_EBT_802_3,nf-ebtables-802-3,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_802_3 \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_AMONG,nf-ebtables-among,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_among \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_ARP,nf-ebtables-arp,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_arpreply \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_IP,nf-ebtables-ip,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_ip \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_REDIRECT,nf-ebtables-redirect,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_redirect \ +,65)) + +# # Netfilter Core # $(eval $(call KMOD_template,NETFILTER_XT_TARGET_CLASSIFY,nf-classify,\ diff --git a/package/Config.in b/package/Config.in index 8799b3588..898f916d7 100644 --- a/package/Config.in +++ b/package/Config.in @@ -237,6 +237,7 @@ menu "Firewall / Routing / Bridging" source "package/arpd/Config.in" source "package/bridge-utils/Config.in" source "package/cutter/Config.in" +source "package/ebtables/Config.in" source "package/ether-wake/Config.in" source "package/iproute2/Config.in" source "package/ipset/Config.in" diff --git a/package/Makefile b/package/Makefile index 27f9f1fe5..070ecf0ee 100644 --- a/package/Makefile +++ b/package/Makefile @@ -83,6 +83,7 @@ package-$(ADK_PACKAGE_DSNIFF) += dsniff package-$(ADK_PACKAGE_E2FSPROGS) += e2fsprogs package-$(ADK_PACKAGE_LIBUUID) += e2fsprogs package-$(ADK_PACKAGE_LIBBLKID) += e2fsprogs +package-$(ADK_PACKAGE_EBTABLES) += ebtables package-$(ADK_PACKAGE_ELINKS) += elinks package-$(ADK_PACKAGE_ESOUND) += esound package-$(ADK_PACKAGE_ETHER_WAKE) += ether-wake diff --git a/package/axtls/files/axhttpd.init b/package/axtls/files/axhttpd.init index bc11e0b4c..61572bf0f 100644 --- a/package/axtls/files/axhttpd.init +++ b/package/axtls/files/axhttpd.init @@ -17,7 +17,7 @@ start) /usr/sbin/axhttpd >>/var/log/axhttpd.access ;; stop) - killall axhttpd + pkill axhttpd ;; restart) sh $0 stop diff --git a/package/base-files/extra/etc/profile b/package/base-files/extra/etc/profile index 798548a46..1b8f4a6a6 100644 --- a/package/base-files/extra/etc/profile +++ b/package/base-files/extra/etc/profile @@ -1,12 +1,12 @@ export PATH=/bin:/sbin:/usr/bin:/usr/sbin +export TERM=vt220 if [[ $(id -u) = 0 ]]; then export PS1='# ' else export PS1='$ ' + export HOME=/tmp fi -export HOME=/tmp cat /etc/banner 2>&- -[ -x /usr/bin/less ] || alias less=more -[ -x /usr/bin/vim ] || alias vim=vi +[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi [ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; } [ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 "$@"; } diff --git a/package/base-files/extra/init b/package/base-files/extra/init index 9013065d0..db8c3a676 100755 --- a/package/base-files/extra/init +++ b/package/base-files/extra/init @@ -1,5 +1,5 @@ #!/bin/sh -echo "Pre-boot initializing" +echo "Starting system ..." export PATH=/bin:/sbin:/usr/bin:/usr/sbin mount -nt proc proc /proc mount -o nosuid,nodev,noexec -t sysfs sysfs /sys @@ -19,5 +19,4 @@ mount -o remount,rw / cat /etc/.rnd >/dev/urandom 2>&1 [ -f /etc/fstab ] && mount -a [ -x /sbin/cfgfs ] && { cfgfs setup; mount -o remount,ro /;} -echo "Starting system" exec /sbin/init diff --git a/package/base-files/extra/sbin/update b/package/base-files/extra/sbin/update index a812bb23d..10d6e58c2 100755 --- a/package/base-files/extra/sbin/update +++ b/package/base-files/extra/sbin/update @@ -7,9 +7,8 @@ if [ $who -ne 0 ]; then fi cd / - +umount -f /etc mount -o remount,rw / -umount /etc check_exit() { if [ $? -ne 0 ];then @@ -19,17 +18,17 @@ check_exit() { } extract_from_file() { - tar -xzvf $1 + cat $1 | gunzip -c | tar -xf - check_exit } extract_from_ssh() { - ssh $1 "cat $2" | tar -xzvf - + ssh $1 "cat $2" | gunzip -c | tar -xf - check_exit } extract_from_http() { - wget -O - $1 | tar -xzvf - + wget -O - $1 | gunzip -c | tar -xf - check_exit } @@ -60,7 +59,6 @@ case $1 in esac sync -mount --bind /etc /tmp/.cfgfs/root +mount -o bind /etc /tmp/.cfgfs/root -echo "Check with cfgfs status if you need to merge and save any changes in /etc." -echo "You should reboot now." +echo "Update sucessful. You should reboot now." diff --git a/package/bind/files/named.init b/package/bind/files/named.init index ce0c0abfa..b2052c1d3 100644 --- a/package/bind/files/named.init +++ b/package/bind/files/named.init @@ -15,7 +15,7 @@ autostop) ;; fi ;; stop) - killall named + pkill named ;; restart) sh $0 stop diff --git a/package/bitlbee/files/bitlbee.init b/package/bitlbee/files/bitlbee.init index 1ff40c754..491b741c7 100644 --- a/package/bitlbee/files/bitlbee.init +++ b/package/bitlbee/files/bitlbee.init @@ -14,7 +14,7 @@ start) bitlbee -D ;; stop) - killall bitlbee + pkill bitlbee ;; restart) sh $0 stop diff --git a/package/bluez/files/bluez.init b/package/bluez/files/bluez.init index 6a61d38cd..477013d9f 100644 --- a/package/bluez/files/bluez.init +++ b/package/bluez/files/bluez.init @@ -13,7 +13,7 @@ start) bluetoothd ;; stop) - killall bluetoothd + pkill bluetoothd ;; restart) sh $0 stop diff --git a/package/busybox/config/Config.in b/package/busybox/config/Config.in index 6da769cc0..427a45b4a 100644 --- a/package/busybox/config/Config.in +++ b/package/busybox/config/Config.in @@ -65,7 +65,7 @@ config BUSYBOX_SHOW_USAGE config BUSYBOX_FEATURE_VERBOSE_USAGE bool "Show verbose applet usage messages" - default n + default y select BUSYBOX_SHOW_USAGE help All BusyBox applets will show more verbose help messages when @@ -155,7 +155,7 @@ config BUSYBOX_FEATURE_CLEAN_UP config BUSYBOX_FEATURE_PIDFILE bool "Support writing pidfiles" - default n + default y help This option makes some applets (e.g. crond, syslogd, inetd) write a pidfile in /var/run. Some applications rely on them. diff --git a/package/busybox/config/archival/Config.in b/package/busybox/config/archival/Config.in index 0140b7631..124f5887c 100644 --- a/package/busybox/config/archival/Config.in +++ b/package/busybox/config/archival/Config.in @@ -7,19 +7,19 @@ menu "Archival Utilities" config BUSYBOX_FEATURE_SEAMLESS_LZMA bool "Make tar, rpm, modprobe etc understand .lzma data" - default n + default y help Make tar, rpm, modprobe etc understand .lzma data. config BUSYBOX_FEATURE_SEAMLESS_BZ2 bool "Make tar, rpm, modprobe etc understand .bz2 data" - default n + default y help Make tar, rpm, modprobe etc understand .bz2 data. config BUSYBOX_FEATURE_SEAMLESS_GZ bool "Make tar, rpm, modprobe etc understand .gz data" - default n + default y help Make tar, rpm, modprobe etc understand .gz data. @@ -163,7 +163,7 @@ config BUSYBOX_GUNZIP config BUSYBOX_GZIP bool "gzip" - default n + default y help gzip is used to compress files. It's probably the most widely used UNIX compression program. @@ -276,7 +276,7 @@ config BUSYBOX_FEATURE_TAR_LONG_OPTIONS config BUSYBOX_FEATURE_TAR_UNAME_GNAME bool "Enable use of user and group names" - default n + default p depends on BUSYBOX_TAR help Enables use of user and group names in tar. This affects contents diff --git a/package/busybox/config/init/Config.in b/package/busybox/config/init/Config.in index bb2d0aa32..9ca5b2885 100644 --- a/package/busybox/config/init/Config.in +++ b/package/busybox/config/init/Config.in @@ -21,7 +21,7 @@ config BUSYBOX_FEATURE_USE_INITTAB config BUSYBOX_FEATURE_KILL_REMOVED bool "Support killing processes that have been removed from inittab" - default y + default n depends on BUSYBOX_FEATURE_USE_INITTAB help When respawn entries are removed from inittab and a SIGHUP is @@ -41,7 +41,7 @@ config BUSYBOX_FEATURE_KILL_DELAY config BUSYBOX_FEATURE_INIT_SCTTY bool "Run commands with leading dash with controlling tty" - default n + default y depends on BUSYBOX_INIT help If this option is enabled, init will try to give a controlling @@ -56,7 +56,7 @@ config BUSYBOX_FEATURE_INIT_SCTTY config BUSYBOX_FEATURE_INIT_SYSLOG bool "Enable init to write to syslog" - default n + default y depends on BUSYBOX_INIT config BUSYBOX_FEATURE_EXTRA_QUIET diff --git a/package/busybox/config/networking/Config.in b/package/busybox/config/networking/Config.in index 797c21aea..0db95b6d4 100644 --- a/package/busybox/config/networking/Config.in +++ b/package/busybox/config/networking/Config.in @@ -60,7 +60,7 @@ config BUSYBOX_ARPING config BUSYBOX_BRCTL bool "brctl" - depends on !ADK_PACKAGE_BRCTL + depends on !ADK_PACKAGE_BRIDGE_UTILS default n help Manage ethernet bridges. diff --git a/package/busybox/config/procps/Config.in b/package/busybox/config/procps/Config.in index acec4e45e..c0c600b4e 100644 --- a/package/busybox/config/procps/Config.in +++ b/package/busybox/config/procps/Config.in @@ -64,7 +64,7 @@ config BUSYBOX_PIDOF config BUSYBOX_FEATURE_PIDOF_SINGLE bool "Enable argument for single shot (-s)" - default n + default y depends on BUSYBOX_PIDOF help Support argument '-s' for returning only the first pid found. diff --git a/package/busybox/files/inetd.init b/package/busybox/files/inetd.init index ff041aed4..093e81f01 100644 --- a/package/busybox/files/inetd.init +++ b/package/busybox/files/inetd.init @@ -14,7 +14,7 @@ start) autostop) ;; stop) - killall inetd + pkill inetd ;; restart) sh $0 stop diff --git a/package/busybox/files/syslog.init b/package/busybox/files/syslog.init index 9552dfe0a..cbf0165c9 100644 --- a/package/busybox/files/syslog.init +++ b/package/busybox/files/syslog.init @@ -14,8 +14,8 @@ start) klogd ;; stop) - killall klogd - killall syslogd + pkill klogd + pkill syslogd ;; restart) sh $0 stop diff --git a/package/cfinstall/src/cfinstall b/package/cfinstall/src/cfinstall index 0c1a61779..7e9a0d1ad 100644 --- a/package/cfinstall/src/cfinstall +++ b/package/cfinstall/src/cfinstall @@ -35,7 +35,7 @@ chroot /mnt mount -t proc /proc /proc chroot /mnt mount -t sysfs /sys /sys cat << EOF > /mnt/boot/grub/grub.cfg set default=0 -set timeout=5 +set timeout=1 serial --unit=0 --speed=$speed terminal_output serial terminal_input serial diff --git a/package/chillispot/files/chillispot.init b/package/chillispot/files/chillispot.init index 308668fca..8a09a3d35 100644 --- a/package/chillispot/files/chillispot.init +++ b/package/chillispot/files/chillispot.init @@ -13,7 +13,7 @@ start) chilli ;; stop) - killall chilli + pkill chilli ;; restart) sh $0 stop diff --git a/package/collectd/files/collectd.init b/package/collectd/files/collectd.init index 601dd53d4..468c6fa11 100644 --- a/package/collectd/files/collectd.init +++ b/package/collectd/files/collectd.init @@ -14,7 +14,7 @@ start) collectd ;; stop) - killall collectd + pkill collectd ;; restart) sh $0 stop diff --git a/package/cups/files/cupsd.init b/package/cups/files/cupsd.init index 03be3300f..49c37b24f 100644 --- a/package/cups/files/cupsd.init +++ b/package/cups/files/cupsd.init @@ -16,7 +16,7 @@ start) /usr/sbin/cupsd -c /etc/cups/cupsd.conf ;; stop) - killall cupsd + pkill cupsd ;; restart) sh $0 stop diff --git a/package/dansguardian/files/dansguardian.init b/package/dansguardian/files/dansguardian.init index 8c883d4bf..2f2547f12 100644 --- a/package/dansguardian/files/dansguardian.init +++ b/package/dansguardian/files/dansguardian.init @@ -11,10 +11,14 @@ autostart) exec sh $0 start ;; start) + if [ ! -f /var/log/dansguardian-access.log ];then + touch /var/log/dansguardian-access.log + chown proxy:proxy /var/log/dansguardian-access.log + fi dansguardian ;; stop) - killall dansguardian + pkill dansguardian ;; restart) sh $0 stop diff --git a/package/dansguardian/files/dansguardian.postinst b/package/dansguardian/files/dansguardian.postinst index 80272f705..95f5fb639 100644 --- a/package/dansguardian/files/dansguardian.postinst +++ b/package/dansguardian/files/dansguardian.postinst @@ -1,6 +1,6 @@ #!/bin/sh . $IPKG_INSTROOT/etc/functions.sh gid=$(get_next_gid) -add_user proxy $(get_next_uid) $gid /etc/dansguardian -add_group proxy $gid +add_user dansguardian $(get_next_uid) $gid /etc/dansguardian +add_group dansguardian $gid add_rcconf dansguardian dansguardian NO diff --git a/package/dbus/files/dbus.init b/package/dbus/files/dbus.init index 3484c4522..0f7367f38 100644 --- a/package/dbus/files/dbus.init +++ b/package/dbus/files/dbus.init @@ -14,7 +14,7 @@ start) dbus-daemon --config-file=/etc/dbus-1/system.conf ;; stop) - killall dbus-daemon + pkill dbus-daemon ;; restart) sh $0 stop diff --git a/package/dhcp-forwarder/files/dhcp-fwd.init b/package/dhcp-forwarder/files/dhcp-fwd.init index 8e6cda234..1a193f2ae 100644 --- a/package/dhcp-forwarder/files/dhcp-fwd.init +++ b/package/dhcp-forwarder/files/dhcp-fwd.init @@ -13,7 +13,7 @@ start) dhcp-fwd ;; stop) - killall dhcp-fwd + pkill dhcp-fwd ;; restart) sh $0 stop diff --git a/package/dhcp/files/dhcpd.init b/package/dhcp/files/dhcpd.init index 6ba76df9f..acdfc501f 100644 --- a/package/dhcp/files/dhcpd.init +++ b/package/dhcp/files/dhcpd.init @@ -14,7 +14,7 @@ start) dhcpd $dhcpd_flags ;; autostop|stop) - killall dhcpd + pkill dhcpd ;; restart) sh $0 stop diff --git a/package/dnsmasq/files/dnsmasq.init b/package/dnsmasq/files/dnsmasq.init index be9218bcb..01ca2cca6 100644 --- a/package/dnsmasq/files/dnsmasq.init +++ b/package/dnsmasq/files/dnsmasq.init @@ -14,7 +14,7 @@ start) /usr/sbin/dnsmasq ;; stop) - killall dnsmasq + pkill dnsmasq ;; restart) sh $0 stop diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 09eea25e4..1c4c33745 100644 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -30,7 +30,7 @@ start) /usr/sbin/dropbear $dropbear_flags ;; stop) - killall dropbear + pkill dropbear ;; restart) sh $0 stop diff --git a/package/ebtables/Config.in b/package/ebtables/Config.in new file mode 100644 index 000000000..7e78aeedd --- /dev/null +++ b/package/ebtables/Config.in @@ -0,0 +1,6 @@ +config ADK_PACKAGE_EBTABLES + prompt "ebtables.......................... Ethernet bridging firewall tool" + tristate + default n + help + http://ebtables.sourceforge.net/ diff --git a/package/ebtables/Makefile b/package/ebtables/Makefile new file mode 100644 index 000000000..2a2c7dfe3 --- /dev/null +++ b/package/ebtables/Makefile @@ -0,0 +1,32 @@ +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include ${TOPDIR}/rules.mk + +PKG_NAME:= ebtables +PKG_VERSION:= 2.0.9 +PKG_RELEASE:= 1 +PKG_MD5SUM:= 0e0c20adf2bba6d91dbd0b74a1a38c33 +PKG_DESCR:= ethernet bridging firewall tool +PKG_SECTION:= net +PKG_URL:= http://ebtables.sourceforge.net +PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=ebtables/} + +DISTFILES:= ${PKG_NAME}-v${PKG_VERSION}-1.tar.gz +WRKDIST= ${WRKDIR}/${PKG_NAME}-v${PKG_VERSION}-1 + +include ${TOPDIR}/mk/package.mk + +$(eval $(call PKG_template,EBTABLES,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) + +BUILD_STYLE:= auto +INSTALL_STYLE:= auto + +post-install: + ${INSTALL_DIR} ${IDIR_EBTABLES}/etc + ${INSTALL_DIR} ${IDIR_EBTABLES}/usr/sbin ${IDIR_EBTABLES}/usr/lib + ${INSTALL_DATA} ${WRKINST}/etc/ethertypes ${IDIR_EBTABLES}/etc + ${INSTALL_BIN} ${WRKINST}/usr/sbin/ebtables ${IDIR_EBTABLES}/usr/sbin + ${CP} ${WRKINST}/usr/lib/*.so ${IDIR_EBTABLES}/usr/lib + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/ebtables/patches/patch-Makefile b/package/ebtables/patches/patch-Makefile new file mode 100644 index 000000000..62528ec30 --- /dev/null +++ b/package/ebtables/patches/patch-Makefile @@ -0,0 +1,95 @@ +--- ebtables-v2.0.9-1.orig/Makefile 2009-06-21 15:13:25.000000000 +0200 ++++ ebtables-v2.0.9-1/Makefile 2009-11-29 15:39:30.000000000 +0100 +@@ -8,17 +8,16 @@ PROGDATE:=June\ 2009 + + # default paths + LIBDIR:=/usr/lib +-MANDIR:=/usr/local/man +-BINDIR:=/usr/local/sbin ++MANDIR:=/usr/man ++BINDIR:=/usr/sbin + ETCDIR:=/etc +-INITDIR:=/etc/rc.d/init.d ++INITDIR:=/etc/init.d + SYSCONFIGDIR:=/etc/sysconfig + DESTDIR:= + +-CFLAGS:=-Wall -Wunused ++CFLAGS?=-Wall -Wunused + CFLAGS_SH_LIB:=-fPIC +-CC:=gcc +-LD:=ld ++CC?=gcc + + ifeq ($(shell uname -m),sparc64) + CFLAGS+=-DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32 +@@ -85,7 +84,7 @@ ebtables-standalone.o: ebtables-standalo + + .PHONY: libebtc + libebtc: $(OBJECTS2) +- $(LD) -shared -soname libebtc.so -o libebtc.so -lc $(OBJECTS2) ++ $(CC) -shared -o libebtc.so -lc $(OBJECTS2) + + ebtables: $(OBJECTS) ebtables-standalone.o libebtc + $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \ +@@ -154,28 +153,29 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/ + .PHONY: scripts + scripts: ebtables-save ebtables.sysv ebtables-config + cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_ +- install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save ++ install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save + cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_ +- install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables ++ mkdir -p $(DESTDIR)$(INITDIR) ++ install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables + cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_ +- install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config ++ #install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config + rm -f ebtables-save_ ebtables.sysv_ ebtables-config_ + + $(MANDIR)/man8/ebtables.8: ebtables.8 + mkdir -p $(DESTDIR)$(@D) + sed 's/$$(VERSION)/$(PROGVERSION)/' ebtables.8 | sed 's/$$(DATE)/$(PROGDATE)/' > ebtables.8_ +- install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@ ++ install -m 0644 ebtables.8_ $(DESTDIR)$@ + rm -f ebtables.8_ + + $(ETHERTYPESFILE): ethertypes + mkdir -p $(DESTDIR)$(@D) +- install -m 0644 -o root -g root $< $(DESTDIR)$@ ++ install -m 0644 $< $(DESTDIR)$@ + + .PHONY: exec + exec: ebtables ebtables-restore + mkdir -p $(DESTDIR)$(BINDIR) +- install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) +- install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore ++ install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME) ++ install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore + + .PHONY: install + install: $(MANDIR)/man8/ebtables.8 $(ETHERTYPESFILE) exec scripts +@@ -199,18 +199,18 @@ release: + rm -f extensions/ebt_inat.c + rm -rf $(CVSDIRS) + mkdir -p include/linux/netfilter_bridge +- install -m 0644 -o root -g root \ ++ install -m 0644 \ + $(KERNEL_INCLUDES)/linux/netfilter_bridge.h include/linux/ + # To keep possible compile error complaints about undefined ETH_P_8021Q + # off my back +- install -m 0644 -o root -g root \ ++ install -m 0644 \ + $(KERNEL_INCLUDES)/linux/if_ether.h include/linux/ +- install -m 0644 -o root -g root \ ++ install -m 0644 \ + $(KERNEL_INCLUDES)/linux/types.h include/linux/ +- install -m 0644 -o root -g root \ ++ install -m 0644 \ + $(KERNEL_INCLUDES)/linux/netfilter_bridge/*.h \ + include/linux/netfilter_bridge/ +- install -m 0644 -o root -g root \ ++ install -m 0644 \ + include/ebtables.h include/linux/netfilter_bridge/ + make clean + touch * diff --git a/package/esound/files/esd.init b/package/esound/files/esd.init index 0f60c59e5..fd2ebf877 100644 --- a/package/esound/files/esd.init +++ b/package/esound/files/esd.init @@ -12,7 +12,7 @@ start) esd -d /dev/sound/dsp -public -tcp -nobeeps ;; stop) - killall esd + pkill esd ;; restart) sh $0 stop diff --git a/package/ez-ipupdate/files/ez-ipupdate.init b/package/ez-ipupdate/files/ez-ipupdate.init index c6fbfc39e..ea784481c 100644 --- a/package/ez-ipupdate/files/ez-ipupdate.init +++ b/package/ez-ipupdate/files/ez-ipupdate.init @@ -13,7 +13,7 @@ start) /usr/sbin/ez-ipupdate -c /etc/ez-ipupdate.conf -d ;; stop) - killall ez-ipupdate + pkill ez-ipupdate ;; restart) sh $0 stop diff --git a/package/fakeidentd/files/fakeidentd.init b/package/fakeidentd/files/fakeidentd.init index d145a6906..652ee02df 100644 --- a/package/fakeidentd/files/fakeidentd.init +++ b/package/fakeidentd/files/fakeidentd.init @@ -13,7 +13,7 @@ start) fakeidentd ${fakeidentd_flags} ;; stop) - killall fakeidentd + pkill fakeidentd ;; restart) sh $0 stop diff --git a/package/freeradius-server/files/radiusd.init b/package/freeradius-server/files/radiusd.init index 818f803ff..e43c5f94e 100644 --- a/package/freeradius-server/files/radiusd.init +++ b/package/freeradius-server/files/radiusd.init @@ -14,7 +14,7 @@ start) radiusd ;; stop) - killall radiusd + pkill radiusd ;; restart) sh $0 stop diff --git a/package/frickin/files/frickin.init b/package/frickin/files/frickin.init index 4e63232c0..baf5d9c18 100644 --- a/package/frickin/files/frickin.init +++ b/package/frickin/files/frickin.init @@ -13,7 +13,7 @@ start) frickin ${frickin_flags} ;; stop) - killall frickin + pkill frickin ;; restart) sh $0 stop diff --git a/package/gkrellmd/files/gkrellmd.init b/package/gkrellmd/files/gkrellmd.init index dfbf7dc5f..79b998713 100644 --- a/package/gkrellmd/files/gkrellmd.init +++ b/package/gkrellmd/files/gkrellmd.init @@ -13,7 +13,7 @@ start) gkrellmd -d ;; stop) - killall gkrellmd + pkill gkrellmd ;; restart) sh $0 stop diff --git a/package/gmediaserver/files/gmediaserver.init b/package/gmediaserver/files/gmediaserver.init index 81deeb899..1c67e5f40 100644 --- a/package/gmediaserver/files/gmediaserver.init +++ b/package/gmediaserver/files/gmediaserver.init @@ -13,7 +13,7 @@ autostop) ;; gmediaserver $gmediaserver_flags ;; stop) - killall gmediaserver + pkill gmediaserver ;; restart) sh $0 stop diff --git a/package/grub-bin/Makefile b/package/grub-bin/Makefile index 1d2fbb334..24f386acd 100644 --- a/package/grub-bin/Makefile +++ b/package/grub-bin/Makefile @@ -8,7 +8,7 @@ include ${TOPDIR}/rules.mk PKG_NAME:= grub-bin PKG_VERSION:= 1.97.1 PKG_RELEASE:= 1 -PKG_MD5SUM:= 99ddead9dcb689a7ec2431c1e6b3cf0d +PKG_MD5SUM:= 24961a39e63d8ec16d765aad3a301cda PKG_DESCR:= GRUB bootloader PKG_SECTION:= sys PKG_SITES:= http://openadk.org/distfiles/ diff --git a/package/heimdal/files/heimdal.init b/package/heimdal/files/heimdal.init index 2e87f4932..33692f111 100644 --- a/package/heimdal/files/heimdal.init +++ b/package/heimdal/files/heimdal.init @@ -15,9 +15,9 @@ start) /usr/sbin/kpasswdd & ;; stop) - killall kdc - killall kadmind - killall kpasswdd + pkill kdc + pkill kadmind + pkill kpasswdd ;; restart) sh $0 stop diff --git a/package/htpdate/files/htpdate.init b/package/htpdate/files/htpdate.init index 4457e4391..0b3f34ad6 100644 --- a/package/htpdate/files/htpdate.init +++ b/package/htpdate/files/htpdate.init @@ -14,7 +14,7 @@ start) htpdate -l -s -t $htpdate_flags && htpdate -D $htpdate_flags ;; stop) - killall htpdate + pkill htpdate ;; restart) sh $0 stop diff --git a/package/iptables/Makefile b/package/iptables/Makefile index b8e1df9c2..0548aad57 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk PKG_NAME:= iptables PKG_VERSION:= 1.4.5 -PKG_RELEASE:= 1 +PKG_RELEASE:= 2 PKG_MD5SUM:= 44f13990132c20299c1994cd6f425140 PKG_DESCR:= The netfilter firewalling software PKG_SECTION:= net @@ -24,7 +24,6 @@ include ${TOPDIR}/mk/package.mk #include ${LINUX_DIR}/.config $(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -$(eval $(call PKG_template,IPTABLES_UTILS,iptables-utils,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) $(eval $(call PKG_template,IP6TABLES,ip6tables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) CONFIGURE_STYLE:= gnu @@ -32,21 +31,16 @@ CONFIGURE_ARGS+= --enable-devel BUILD_STYLE:= auto INSTALL_STYLE:= auto -SUB_INSTALL-${ADK_PACKAGE_IPTABLES_UTILS}+= iptables-utils-install SUB_INSTALL-${ADK_PACKAGE_IP6TABLES}+= ip6tables-install post-install: ${SUB_INSTALL-m} ${SUB_INSTALL-y} - ${INSTALL_DIR} ${IDIR_IPTABLES}/usr/lib - ${INSTALL_DIR} ${IDIR_IPTABLES}/usr/sbin - ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables ${IDIR_IPTABLES}/usr/sbin/ + ${INSTALL_DIR} ${IDIR_IPTABLES}/{usr/lib,etc,usr/sbin} + ${INSTALL_DATA} ./files/firewall.conf ${IDIR_IPTABLES}/etc + ${CP} ${WRKINST}/usr/sbin/iptables* ${IDIR_IPTABLES}/usr/sbin/ ${CP} ${WRKINST}/usr/lib/libiptc.so* ${IDIR_IPTABLES}/usr/lib ${CP} ${WRKINST}/usr/lib/libip4tc.so* ${IDIR_IPTABLES}/usr/lib ${CP} ${WRKINST}/usr/lib/libxtables.so* ${IDIR_IPTABLES}/usr/lib -iptables-utils-install: - ${INSTALL_DIR} ${IDIR_IPTABLES_UTILS}/usr/sbin - ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables-{save,restore} ${IDIR_IPTABLES_UTILS}/usr/sbin/ - ip6tables-install: ${INSTALL_DIR} ${IDIR_IP6TABLES}/usr/lib ${INSTALL_DIR} ${IDIR_IP6TABLES}/usr/sbin diff --git a/package/iptables/files/firewall.conf b/package/iptables/files/firewall.conf new file mode 100644 index 000000000..bc9a39c41 --- /dev/null +++ b/package/iptables/files/firewall.conf @@ -0,0 +1,119 @@ +#!/bin/sh + + +echo "configure /etc/firewall.conf first." +exit 1 + +### Interfaces +WAN=ppp0 +LAN=br0 +WLAN= + +###################################################################### +### Default ruleset +###################################################################### + +### Create chains +iptables -N input_rule +iptables -N forwarding_rule +iptables -t nat -N prerouting_rule +iptables -t nat -N postrouting_rule + +### Default policy +iptables -P INPUT DROP +iptables -P FORWARD DROP + +### INPUT +### (connections with the router as destination) + +# base case +iptables -A INPUT -m state --state INVALID -j DROP +iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP + +# custom rules +iptables -A INPUT -j input_rule + +# allow access from anything but WAN +iptables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT +# allow icmp messages +iptables -A INPUT -p icmp -j ACCEPT + +# reject +iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset +iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable + +### OUTPUT +### (connections with the router as source) + +# base case +iptables -A OUTPUT -m state --state INVALID -j DROP +iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +### FORWARD +### (connections routed through the router) + +# base case +iptables -A FORWARD -m state --state INVALID -j DROP +iptables -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + +# custom rules +iptables -A FORWARD -j forwarding_rule +iptables -t nat -A PREROUTING -j prerouting_rule +iptables -t nat -A POSTROUTING -j postrouting_rule + +# allow LAN +iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT + +### MASQUERADING +echo 1 > /proc/sys/net/ipv4/ip_dynaddr +iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE + +###################################################################### +### Default ruleset end +###################################################################### + +### +### Connections to the router +### + +# ssh +#iptables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT + +# IPSec +#iptables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT +#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT + +# OpenVPN +#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT + +# PPTP +#iptables -A input_rule -i $WAN -p gre -j ACCEPT +#iptables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT + +### +### VPN traffic +### + +# IPSec +#iptables -A forwarding_rule -o ipsec+ -j ACCEPT +#iptables -A forwarding_rule -i ipsec+ -j ACCEPT + +# OpenVPN +#iptables -A forwarding_rule -o tun+ -j ACCEPT +#iptables -A forwarding_rule -i tun+ -j ACCEPT + +### +### Port forwardings to LAN +### + +#iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 3389 -j DNAT --to 192.168.1.10 +#iptables -A forwarding_rule -i $WAN -p tcp --dport 3389 -d 192.168.1.10 -j ACCEPT + +# Transparent Bridging Proxy +#ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ +# --ip-destination-port 80 -j redirect --redirect-target ACCEPT +#iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \ +# -j REDIRECT --to-port 8080 + diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init new file mode 100755 index 000000000..b3ea698d6 --- /dev/null +++ b/package/iptables/files/firewall.init @@ -0,0 +1,35 @@ +#!/bin/sh +#PKG iptables +#INIT 45 +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${firewall:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + . /etc/firewall.conf + ;; +stop) + ### Clear tables + iptables -F + iptables -X + iptables -t nat -F + iptables -t nat -X + iptables -P INPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -P OUTPUT ACCEPT + iptables -t nat -P PREROUTING ACCEPT + iptables -t nat -P POSTROUTING ACCEPT + ;; +restart) + sh $0 stop + sh $0 start + ;; +*) + echo "Usage: $0 {start | stop | restart}" + ;; +esac +exit $? diff --git a/package/iptables/files/iptables.postinst b/package/iptables/files/iptables.postinst index fd2865a31..89b0af164 100644 --- a/package/iptables/files/iptables.postinst +++ b/package/iptables/files/iptables.postinst @@ -1,7 +1,4 @@ #!/bin/sh . $IPKG_INSTROOT/etc/functions.sh -if [ -f $IPKG_INSTROOT/etc/init.d/S45firewall ]; then - add_rcconf iptables firewall NO -fi - +add_rcconf iptables firewall NO diff --git a/package/iptables/files/l7/aim.pat b/package/iptables/files/l7/aim.pat deleted file mode 100644 index 9768dbbdc..000000000 --- a/package/iptables/files/l7/aim.pat +++ /dev/null @@ -1,27 +0,0 @@ -# AIM - AOL instant messenger (OSCAR and TOC) -# Pattern quality: good notsofast -# Usually runs on port 5190 -# -# This may also match ICQ traffic. -# -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -aim -# See http://gridley.acns.carleton.edu/~straitm/final (and various other places) -# The first bit matches OSCAR signon and data commands, but not sure what -# \x03\x0b matches, but it works apparently. -# The next three bits match various parts of the TOC signon process. -# The third one is the magic number "*", then 0x01 for "signon", then up to four -# bytes ("up to" because l7-filter strips out nulls) which contain a sequence -# number (2 bytes) the data length (2 more) and 3 nulls (which don't count), -# then 0x01 for the version number (not sure if there ever has been another -# version) -# The fourth one is a command string, followed by some stuff, then the -# beginning of the "roasted" password - -# This pattern is too slow! - -^(\*[\x01\x02].*\x03\x0b|\*\x01.?.?.?.?\x01)|flapon|toc_signon.*0x diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat deleted file mode 100644 index c1804ee4b..000000000 --- a/package/iptables/files/l7/bittorrent.pat +++ /dev/null @@ -1,14 +0,0 @@ -# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com -# Pattern quality: great veryfast -# -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers -bittorrent - -# Does not attempt to match the HTTP download of the tracker -# 0x13 is the length of "bittorrent protocol" -# Second two bits match UDP wierdness, commented out until it's tested -#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP]) -^\x13bittorrent protocol diff --git a/package/iptables/files/l7/edonkey-dl.pat b/package/iptables/files/l7/edonkey-dl.pat deleted file mode 100644 index d344d169d..000000000 --- a/package/iptables/files/l7/edonkey-dl.pat +++ /dev/null @@ -1,8 +0,0 @@ -# eDonkey2000 - P2P filesharing (download part) - http://edonkey2000.com -# Pattern quality: good veryfast overmatch usepacket - -edonkey-dl - -^[\xe3\xe4\xc5\xe5\xd4](....)?[\x01\x0a\x0e\x0f\x10\x18\x19\x1b\x1c\x47\x4a\x4f\x51\x53\x54\x58\x60\x81\x90\x96\x9a\x9c\xa2] - - diff --git a/package/iptables/files/l7/edonkey.pat b/package/iptables/files/l7/edonkey.pat deleted file mode 100644 index efbc3f361..000000000 --- a/package/iptables/files/l7/edonkey.pat +++ /dev/null @@ -1,29 +0,0 @@ -# eDonkey2000 - P2P filesharing - http://edonkey2000.com -# Pattern quality: good veryfast overmatch -# -# Please post to l7-filter-developers@lists.sf.net as to whether this pattern -# works for you or not. If you believe it could be improved please post your -# suggestions to that list as well. You may subscribe to this list at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -# Thanks to Matt Skidmore <fox AT woozle.org> - -edonkey - -# http://gd.tuwien.ac.at/opsys/linux/sf/p/pdonkey/eDonkey-protocol-0.6 -# -# In addition to \xe3, \xc5 and \xd4, I see a lot of \xe5 -# -# God this is a mess. What an irritating protocol. -# This will match about 1% of streams with random data in them! - -^[\xe3\xc5\xe5\xd4](....)?([\x01\x02\x05\x14\x15\x16\x18\x19\x1a\x1b\x1c\x20\x21\x32\x33\x34\x35\x36\x38\x40\x41\x42\x43\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x5b\x5c\x60\x81\x82\x90\x91\x93\x96\x97\x98\x99\x9a\x9b\x9c\x9e\xa0\xa1\xa2\xa3\xa4]|\x59................?[ -~]|\x96....$) - -# matches everything and too much -# ^(\xe3|\xc5|\xd4) - -# ipp2p essentially uses "\xe3....\x47", which doesn't seem at all right to me. - -# bandwidtharbitrator uses -# e0.*@.*6[a-z].*p$|e0.*@.*[a-z]6[a-z].*p0$|e.*@.*[0-9]6.*p$|emule|edonkey -# no comments to explain what all the mush is, of course... diff --git a/package/iptables/files/l7/fasttrack.pat b/package/iptables/files/l7/fasttrack.pat deleted file mode 100644 index 46295c6bb..000000000 --- a/package/iptables/files/l7/fasttrack.pat +++ /dev/null @@ -1,25 +0,0 @@ -# FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc) -# Pattern quality: good notsofast -# -# Tested with Kazaa Lite Resurrection 0.0.7.6F -# -# This appears to match the download connections well, but not the search -# connections (I think they are encrypted :-( ). -# -# Please post to l7-filter-developers@lists.sf.net as to whether it works -# for you or not. If you believe it could be improved please post your -# suggestions to that list as well. You may subscribe to this list at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -fasttrack -# while this is a valid http request, this will be caught because -# the http pattern matches the response (and therefore the next packet) -# Even so, it's best to put this match earlier in the chain. -# http://cvs.berlios.de/cgi-bin/viewcvs.cgi/gift-fasttrack/giFT-FastTrack/PROTOCOL?rev=HEAD&content-type=text/vnd.viewcvs-markup - -# This pattern is kinda slow, but not too bad. -^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]? - -# This isn't much faster: -#^get (/.download/.*|/.supernode.|/.status.|/.network.*|/.files|/.hash=[0-9a-f]*/.*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]? - diff --git a/package/iptables/files/l7/ftp.pat b/package/iptables/files/l7/ftp.pat deleted file mode 100644 index 9593ffd1b..000000000 --- a/package/iptables/files/l7/ftp.pat +++ /dev/null @@ -1,34 +0,0 @@ -# FTP - File Transfer Protocol - RFC 959 -# Pattern quality: great fast -# -# Usually runs on port 21. Note that the data stream is on a dynamically -# assigned port, which means that you will need the FTP connection -# tracking module in your kernel to usefully match FTP data transfers. -# -# This pattern is well tested. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers -# -# Matches the first two things a server should say. Most servers say -# something after 220, even though they don't have to, and it usually -# includes the string "ftp" (l7-filter is case insensitive). -# This includes proftpd, vsftpd, wuftpd, warftpd, pureftpd, Bulletproof -# FTP Server, and whatever ftp.microsoft.com uses. Just in case, the next -# thing the server sends is a 331. All the above servers also send -# something including "password" after this code. -ftp -# actually, let's just do the first for now, it's faster -^220[\x09-\x0d -~]*ftp - -# This is ~10x faster if the stream starts with "220" -#^220.*ftp - -# This will match more, but much slower -#^220[\x09-\x0d -~]*ftp|331[\x09-\x0d -~]*password - -# This pattern is more precise, but takes longer to match. (3 packets vs. 1) -#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a331 - -# same as above, but slightly less precise and only takes 2 packets. -#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a diff --git a/package/iptables/files/l7/gnutella.pat b/package/iptables/files/l7/gnutella.pat deleted file mode 100644 index ebbd5c621..000000000 --- a/package/iptables/files/l7/gnutella.pat +++ /dev/null @@ -1,36 +0,0 @@ -# Gnutella - P2P filesharing -# Pattern quality: good fast -# -# This should match both Gnutella and "Gnutella2" ("Mike's protocol") -# -# Various clients use this protocol including Mactella, Shareaza, -# GTK-gnutella, Gnucleus, Gnotella, LimeWire, BearShare, and iMesh. -# -# This is tested with gtk-gnutella and Shareaza. -# -# Please report on how this pattern works for you at -# l7-filter-developers@lists.sf.net . If you can improve on this -# pattern, please also post to that list. You may subscribe at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -# http://www.gnutella2.com/tiki-index.php?page=UDP%20Transceiver -# http://rfc-gnutella.sf.net/ -# http://www.gnutella2.com/tiki-index.php?page=Gnutella2%20Specification -# http://en.wikipedia.org/wiki/Shareaza - -gnutella - -# The first part matches UDP messages - All start with "GND", then have -# a flag byte which is either \x00, \x01 or \x02, then two sequence bytes -# that can be anything, then a fragment number, which must start at 1. -# The rest matches TCP first client message or first server message (in case -# we can't see client messages). Some parts of this are empirical rather than -# document based. Assumes version is between 0.0 and 2.9. (usually is -# 0.4 or 0.6). I'm guessing at many of the user-agents. -# The last bit is emprical and probably only matches Limewire. -^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|..................lime) - -# Needlessly precise, at the expense of time -#^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /[\x09-\x0d -~]*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /[\x09-\x0d -~]*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella[\x09-\x0d -~]*content-type: application/x-gnutella|..................lime) - - diff --git a/package/iptables/files/l7/http.pat b/package/iptables/files/l7/http.pat deleted file mode 100644 index 520e7fe21..000000000 --- a/package/iptables/files/l7/http.pat +++ /dev/null @@ -1,28 +0,0 @@ -# HTTP - HyperText Transfer Protocol - RFC 2616 -# Pattern quality: great notsofast -# Usually runs on port 80 -# -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers -# -# this intentionally catches the response from the server -# rather than the request so that other protocols which use -# http (like kazaa) can be caught based on specific http requests -# regardless of the ordering of filters... -# also matches posts - -# Sites that serve really long cookies may break this by pushing the -# server response too far away from the beginning of the connection. To -# fix this, increase the kernel's data buffer length. - -http -# Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF (rfc 2616) -# As specified in rfc 2616 a status code is preceeded and followed by a -# space. -http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019] -# A slightly faster version that might be good enough: -#http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019] -# old pattern(s): -#(http[\x09-\x0d -~]*(200 ok|302 |304 )[\x09-\x0d -~]*(connection:|content-type:|content-length:))|^(post [\x09-\x0d -~]* http/) diff --git a/package/iptables/files/l7/ident.pat b/package/iptables/files/l7/ident.pat deleted file mode 100644 index 672b0753c..000000000 --- a/package/iptables/files/l7/ident.pat +++ /dev/null @@ -1,14 +0,0 @@ -# Ident - Identification Protocol - RFC 1413 -# Pattern quality: good veryfast -# Usually runs on port 113 -# -# This pattern is believed to work. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -ident -# "number , numberCRLF" possibly without the CR and/or LF. -# ^$ is appropriate because the first packet should never have anything -# else in it. -^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\x09-\x0d]*,[\x09-\x0d]*[1-9][0-9]?[0-9]?[0-9]?[0-9]?(\x0d\x0a|[\x0d\x0a])?$ diff --git a/package/iptables/files/l7/irc.pat b/package/iptables/files/l7/irc.pat deleted file mode 100644 index 6643f6c2f..000000000 --- a/package/iptables/files/l7/irc.pat +++ /dev/null @@ -1,20 +0,0 @@ -# IRC - Internet Relay Chat - RFC 1459 -# Pattern quality: good veryfast -# -# Usually runs on port 6666 or 6667 -# Note that chat traffic runs on these ports, but IRC-DCC traffic (which -# can use much more bandwidth) uses a dynamically assigned port, so you -# must have the IRC connection tracking module in your kernel to classify -# this. -# -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -irc -# First thing that happens is that the client sends NICK and USER, in -# either order. This allows MIRC color codes (\x02-\x0d instead of -# \x09-\x0d). -^(nick[\x09-\x0d -~]*user[\x09-\x0d -~]*:|user[\x09-\x0d -~]*:[\x02-\x0d -~]*nick[\x09-\x0d -~]*\x0d\x0a) - diff --git a/package/iptables/files/l7/jabber.pat b/package/iptables/files/l7/jabber.pat deleted file mode 100644 index 7a0c6840e..000000000 --- a/package/iptables/files/l7/jabber.pat +++ /dev/null @@ -1,24 +0,0 @@ -# Jabber (XMPP) - an open instant messenger protocol - http://jabber.org -# Pattern quality: good fast -# -# This pattern has been tested with Gaim and Gabber. It is only tested -# with non-SSL mode Jabber with no proxies. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -# Thanks to Jan Hudec for some improvements. - -# Jabber seems to take a long time to set up a connection. I'm -# connecting with Gabber 0.8.8 to 12jabber.org and the first 8 packets -# is this: -# <stream:stream to='12jabber.com' xmlns='jabber:client' -# xmlns:stream='http://etherx.jabber.org/streams'><?xml -# version='1.0'?><stream:stream -# xmlns:stream='http://etherx.jabber.org/streams' id='3f73e951' -# xmlns='jabber:client' from='12jabber.com'> -# -# No mention of my username or password yet, you'll note. - -jabber -<stream:stream[\x09-\x0d ][ -~]*[\x09-\x0d ]xmlns=['"]jabber diff --git a/package/iptables/files/l7/msnmessenger.pat b/package/iptables/files/l7/msnmessenger.pat deleted file mode 100644 index e07f71f31..000000000 --- a/package/iptables/files/l7/msnmessenger.pat +++ /dev/null @@ -1,15 +0,0 @@ -# MSN Messenger - Microsoft Network chat client -# Pattern quality: good veryfast -# -# Usually uses port 1863 -# http://www.hypothetic.org/docs/msn/index.php -# -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -msnmessenger -# ver: allow versions up to 99. -# usr (in case ver didn't work): -^(ver [0-9]+ msnp[1-9][0-9]? [\x09-\x0d -~]* cvr|usr md5 i [ -~]*) diff --git a/package/iptables/files/l7/ntp.pat b/package/iptables/files/l7/ntp.pat deleted file mode 100644 index b7e443e21..000000000 --- a/package/iptables/files/l7/ntp.pat +++ /dev/null @@ -1,17 +0,0 @@ -# (S)NTP - (Simple) Network Time Protocol - RFCs 1305 and 2030 -# Pattern quality: good veryfast overmatch -# -# This pattern is tested and is believed to work. If this does not work -# for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . Subscribe at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -# client|server -# Requires the server's timestamp to be in the present or future (of 2005). -# Tested with ntpdate on Linux. -# Assumes version 2, 3 or 4. - -# Note that ntp packets are always 48 bytes, so you should match on that too. - -ntp -^([\x13\x1b\x23\xd3\xdb\xe3]|[\x14\x1c$].......?.?.?.?.?.?.?.?.?[\xc6-\xff]) diff --git a/package/iptables/files/l7/pop3.pat b/package/iptables/files/l7/pop3.pat deleted file mode 100644 index f6bb63061..000000000 --- a/package/iptables/files/l7/pop3.pat +++ /dev/null @@ -1,50 +0,0 @@ -# POP3 - Post Office Protocol version 3 (popular e-mail protocol) - RFC 1939 -# Pattern quality: good veryfast -# -# This pattern has been tested somewhat. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -# this is a difficult protocol to match because of the relative lack of -# distinguishing information. Read on. -pop3 - -# this the most conservative pattern. It should definitely work. -#^(\+ok|-err) - -# this pattern assumes that the server says _something_ after +ok or -err -# I think this is probably the way to go. -^(\+ok |-err ) - -# more that 90% of servers seem to say "pop" after "+ok", but not all. -#^(\+ok .*pop) - -# Here's another tack. I think this is my second favorite. -#^(\+ok [\x09-\x0d -~]*(ready|hello|pop|starting)|-err [\x09-\x0d -~]*(invalid|unknown|unimplemented|unrecognized|command)) - -# this matches the server saying "you have N messages that are M bytes", -# which the client probably asks for early in the session (not tested) -#\+ok [0-9]+ [0-9]+ - -# some sample servers: -# RFC example: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us> -# mail.dreamhost.com: +OK Hello there. -# pop.carleton.edu: +OK POP3D(*) Server PMDFV6.2.2 at Fri, 12 Sep 2003 19:28:10 -0500 (CDT) (APOP disabled) -# mail.earthlink.net: +OK NGPopper vEL_4_38 at earthlink.net ready <25509.1063412951@falcon> -# *.email.umn.edu: +OK Cubic Circle's v1.22 1998/04/11 POP3 ready <7d1e0000da67623f@aquamarine.tc.umn.edu> -# mail.yale.edu: +OK POP3 pantheon-po01 v2002.81 server ready -# mail.gustavus.edu: +OK POP3 solen v2001.78 server ready -# mail.reed.edu: +OK POP3 letra.reed.edu v2002.81 server ready -# mail.bowdoin.edu: +OK mail.bowdoin.edu POP3 service (iPlanet Messaging Server 5.2 HotFix 1.15 (built Apr 28 2003)) -# pop.colby.edu: +OK Qpopper (version 4.0.5) at basalt starting. -# mail.mac.com: +OK Netscape Messaging Multiplexor ready - -# various error strings: -#-ERR Invalid command. -#-ERR invalid command -#-ERR unimplemented -#-ERR Invalid command, try one of: USER name, PASS string, QUIT -#-ERR Unknown AUTHORIZATION state command -#-ERR Unrecognized command -#-ERR Unknown command: "sadf'". diff --git a/package/iptables/files/l7/smtp.pat b/package/iptables/files/l7/smtp.pat deleted file mode 100644 index 1bab7a1df..000000000 --- a/package/iptables/files/l7/smtp.pat +++ /dev/null @@ -1,39 +0,0 @@ -# SMTP - Simple Mail Transfer Protocol - RFC 2821 (See also RFC 1869) -# Pattern quality: great fast -# usually runs on port 25 -# -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -smtp -# As usual, no text is required after "220", but all known servers have some -# there. It (almost?) always has string "smtp" in it. The RFC examples -# does not, so we match those too, just in case anyone has copied them -# literally. -^220[\x09-\x0d -~]* (e?smtp|simple mail) - -# This is ~3x faster if the stream starts with "220" -#^220.* (e?smtp|simple mail) - -# Some examples: -# 220 mail.stalker.com ESMTP CommuniGate Pro 4.1.3 -# 220 mail.vieodata.com ESMTP Merak 6.1.0; Mon, 15 Sep 2003 13:48:11 -0400 -# 220 mail.ut.caldera.com ESMTP -# 220 persephone.pmail.gen.nz ESMTP server ready. -# 220 smtp1.superb.net ESMTP -# 220 mail.kerio.com Kerio MailServer 5.6.7 ESMTP ready -# 220-mail.deerfield.com ESMTP VisNetic.MailServer.v6.0.9.0; Mon, 15 Sep 2003 13:4 -# 220 altn.com ESMTP MDaemon 6.8.5; Mon, 15 Sep 2003 12:46:42 -0500 -# 220 X1 NT-ESMTP Server ipsmin0165atl2.interland.net (IMail 6.06 73062-3) -# 220 mail.icewarp.com ESMTP Merak 6.1.1; Mon, 15 Sep 2003 19:43:23 +0200 -# 220-mail.email-scan.com ESMTP -# 220 smaug.dreamhost.com ESMTP -# 220 kona.carleton.edu -- Server ESMTP (PMDF V6.2#30648) -# 220 letra.reed.edu ESMTP Sendmail 8.12.9/8.12.9; Mon, 15 Sep 2003 10:35:57 -0700 (PDT) -# 220-swan.mail.pas.earthlink.net ESMTP Exim 3.33 #1 Mon, 15 Sep 2003 10:32:15 -0700 -# -# RFC examples: -# 220 xyz.com Simple Mail Transfer Service Ready (RFC example) -# 220 dbc.mtview.ca.us SMTP service ready diff --git a/package/iptables/files/l7/ssl.pat b/package/iptables/files/l7/ssl.pat deleted file mode 100644 index ab5f62caa..000000000 --- a/package/iptables/files/l7/ssl.pat +++ /dev/null @@ -1,15 +0,0 @@ -# SSL and TLS - Secure Socket Layer / Transport Layer Security - RFC 2246 -# Pattern quality: good fast -# Usually runs on port 443 -# -# This is a superset validcertssl. For it to match, it must be first. -# -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers - -ssl -# Client Hello | Server Hello with certificate -# This allows SSL 3.X, which includes TLS 1.0, known internally as SSL 3.1 -^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b) diff --git a/package/iptables/files/l7/vnc.pat b/package/iptables/files/l7/vnc.pat deleted file mode 100644 index 35bfbd4ba..000000000 --- a/package/iptables/files/l7/vnc.pat +++ /dev/null @@ -1,23 +0,0 @@ -# VNC - Virtual Network Computing. Also known as RFB - Remote Frame Buffer -# Pattern quality: good fast -# http://www.realvnc.com/documentation.html -# -# This pattern has been verified with vnc v3.3.7 on WinXP and Linux -# Please report on how this pattern works for you at -# l7-filter-developers@lists.sf.net . If you can improve on this pattern, -# please also post to that list. You may subscribe at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers -# -# Thanks to Trevor Paskett <tpaskett AT cymphonix.com> for this pattern. - -vnc -# Assumes single digit major and minor version numbers -# This message should be all alone in the first packet, so ^$ is appropriate -^rfb 00[1-9]\.00[0-9]\x0a$ - -# This is a more restrictive version which assumes the version numbers -# are ones actually in existance at the time of this writing, i.e. 3.3, -# 3.7 and 3.8 (with some clients wrongly reporting 3.5). It should be -# slightly faster, but probably not worth the extra maintenance. -# ^rfb 003\.00[3578]\x0a$ - diff --git a/package/krb5/files/krb5.init b/package/krb5/files/krb5.init index f91d0427b..259c03651 100644 --- a/package/krb5/files/krb5.init +++ b/package/krb5/files/krb5.init @@ -14,8 +14,8 @@ start) /usr/sbin/kadmind & ;; stop) - killall krb5kdc - killall kadmind + pkill krb5kdc + pkill kadmind ;; restart) sh $0 stop diff --git a/package/lighttpd/files/lighttpd.init b/package/lighttpd/files/lighttpd.init index cdfd3183d..37b543fd2 100644 --- a/package/lighttpd/files/lighttpd.init +++ b/package/lighttpd/files/lighttpd.init @@ -14,7 +14,7 @@ start) lighttpd $lighttpd_flags ;; stop) - killall lighttpd + pkill lighttpd ;; restart) sh $0 stop diff --git a/package/maradns/files/maradns.init b/package/maradns/files/maradns.init index 960ae15e0..ca256f517 100644 --- a/package/maradns/files/maradns.init +++ b/package/maradns/files/maradns.init @@ -16,7 +16,7 @@ start) maradns & ;; stop) - killall maradns + pkill maradns ;; restart) sh $0 stop diff --git a/package/mini_httpd/files/mini_httpd.init b/package/mini_httpd/files/mini_httpd.init index 9cf60b3ee..53411d41c 100644 --- a/package/mini_httpd/files/mini_httpd.init +++ b/package/mini_httpd/files/mini_httpd.init @@ -14,7 +14,7 @@ start) mini_httpd $mini_httpd_flags ;; stop) - killall mini_httpd + pkill mini_httpd ;; restart) sh $0 stop diff --git a/package/miredo/files/miredo-server.init b/package/miredo/files/miredo-server.init index 6231573a4..b77e62af6 100644 --- a/package/miredo/files/miredo-server.init +++ b/package/miredo/files/miredo-server.init @@ -14,7 +14,7 @@ start) miredo-server ;; stop) - killall miredo-server + pkill miredo-server ;; restart) sh $0 stop diff --git a/package/miredo/files/miredo.init b/package/miredo/files/miredo.init index d1e846ad7..23285fb86 100644 --- a/package/miredo/files/miredo.init +++ b/package/miredo/files/miredo.init @@ -14,7 +14,7 @@ start) miredo ;; stop) - killall miredo + pkill miredo ;; restart) sh $0 stop diff --git a/package/monit/files/monit.init b/package/monit/files/monit.init index 712e7899b..d4d914f95 100644 --- a/package/monit/files/monit.init +++ b/package/monit/files/monit.init @@ -14,7 +14,7 @@ start) monit $monit_flags ;; stop) - killall monit + pkill monit ;; restart) sh $0 stop diff --git a/package/mpd/files/mpd.conf b/package/mpd/files/mpd.conf index 4e3725119..10b1e6918 100644 --- a/package/mpd/files/mpd.conf +++ b/package/mpd/files/mpd.conf @@ -3,6 +3,7 @@ user "mpd" music_directory "~/music" playlist_directory "~/.mpd/playlists" db_file "~/.mpd/database" +pid_file "/var/run/mpd/mpd.pid" log_file "~/.mpd/log" error_file "~/.mpd/error-log" # An example of an ALSA output diff --git a/package/mpd/files/mpd.init b/package/mpd/files/mpd.init index 97b883a11..29482b365 100644 --- a/package/mpd/files/mpd.init +++ b/package/mpd/files/mpd.init @@ -17,6 +17,10 @@ start) echo "mpd user must be in group audio." exit 1 fi + if [ ! -d /var/run/mpd ];then + mkdir -p /var/run/mpd + chown mpd:mpd /var/run/mpd + fi mpd ;; stop) diff --git a/package/mpd/files/mpd.postinst b/package/mpd/files/mpd.postinst index 361adeec0..957d973cb 100644 --- a/package/mpd/files/mpd.postinst +++ b/package/mpd/files/mpd.postinst @@ -2,5 +2,5 @@ . $IPKG_INSTROOT/etc/functions.sh gid=$(get_next_gid) add_group mpd $gid -add_user mpd $(get_next_uid) $gid /mnt +add_user mpd $(get_next_uid) $gid /mnt/media add_rcconf mpd diff --git a/package/mrd6/files/mrd6.init b/package/mrd6/files/mrd6.init index 710cde814..da6b5eea3 100644 --- a/package/mrd6/files/mrd6.init +++ b/package/mrd6/files/mrd6.init @@ -14,7 +14,7 @@ start) /usr/sbin/mrd6 -f /etc/mrd6.conf -D ;; stop) - killall mrd6 + pkill mrd6 ;; restart) sh $0 stop diff --git a/package/mt-daapd/files/mt-daapd.init b/package/mt-daapd/files/mt-daapd.init index 84ab61d11..a7632388a 100644 --- a/package/mt-daapd/files/mt-daapd.init +++ b/package/mt-daapd/files/mt-daapd.init @@ -14,7 +14,7 @@ start) mt-daapd ;; stop) - killall mt-daapd + pkill mt-daapd ;; restart) sh $0 stop diff --git a/package/net-snmp/files/snmpd.init b/package/net-snmp/files/snmpd.init index 4a3d2671f..a1c4503ac 100644 --- a/package/net-snmp/files/snmpd.init +++ b/package/net-snmp/files/snmpd.init @@ -15,7 +15,7 @@ start) snmpd $snmpd_flags ;; stop) - killall snmpd + pkill snmpd ;; restart) sh $0 stop diff --git a/package/netperf/files/netserver.init b/package/netperf/files/netserver.init index e5fe31a51..eea806a67 100644 --- a/package/netperf/files/netserver.init +++ b/package/netperf/files/netserver.init @@ -14,7 +14,7 @@ start) netserver ;; stop) - killall netserver + pkill netserver ;; restart) sh $0 stop diff --git a/package/nfs-utils/files/nfsd.init b/package/nfs-utils/files/nfsd.init index af8a4b94a..9379d6a39 100644 --- a/package/nfs-utils/files/nfsd.init +++ b/package/nfs-utils/files/nfsd.init @@ -30,12 +30,12 @@ start) fi ;; stop) - killall nfsd - killall mountd - killall statd + pkill nfsd + pkill mountd + pkill statd if [ ${nfs_server_version} -eq 4 ];then - killall idmapd - killall svcgssd + pkill idmapd + pkill svcgssd fi ;; restart) diff --git a/package/nut/files/upsd.init b/package/nut/files/upsd.init index a65d1ad81..edd023eff 100644 --- a/package/nut/files/upsd.init +++ b/package/nut/files/upsd.init @@ -16,7 +16,7 @@ start) /usr/sbin/upsd || exit 2 ;; stop) - /usr/sbin/upsd -c stop || killall upsd + /usr/sbin/upsd -c stop || pkill upsd /usr/bin/upsdrvctl stop ;; restart) diff --git a/package/opensips/files/opensips.init b/package/opensips/files/opensips.init index 389bb7f64..3f60f8be6 100644 --- a/package/opensips/files/opensips.init +++ b/package/opensips/files/opensips.init @@ -14,7 +14,7 @@ start) /usr/sbin/opensips ;; stop) - killall opensips + pkill opensips ;; restart) sh $0 stop diff --git a/package/openvpn/files/openvpn.init b/package/openvpn/files/openvpn.init index 4c147b4bd..9998742e2 100644 --- a/package/openvpn/files/openvpn.init +++ b/package/openvpn/files/openvpn.init @@ -16,7 +16,7 @@ start) done ;; stop) - killall openvpn + pkill openvpn ;; restart) sh $0 stop diff --git a/package/osiris/files/osirisd.init b/package/osiris/files/osirisd.init index 6d6b4d443..1b1106967 100644 --- a/package/osiris/files/osirisd.init +++ b/package/osiris/files/osirisd.init @@ -15,7 +15,7 @@ start) osirisd ;; stop) - killall osirisd + pkill osirisd ;; restart) sh $0 stop diff --git a/package/p910nd/files/p910nd.init b/package/p910nd/files/p910nd.init index 9d0c227a7..5107579bc 100644 --- a/package/p910nd/files/p910nd.init +++ b/package/p910nd/files/p910nd.init @@ -14,7 +14,7 @@ start) p910nd $p910nd_flags ;; stop) - killall p910nd + pkill p910nd ;; restart) sh $0 stop diff --git a/package/parprouted/files/parprouted.init b/package/parprouted/files/parprouted.init index 98a901408..a0c82d1a1 100644 --- a/package/parprouted/files/parprouted.init +++ b/package/parprouted/files/parprouted.init @@ -14,7 +14,7 @@ start) parprouted ${parprouted_flags} ;; stop) - killall parprouted + pkill parprouted ;; restart) sh $0 stop diff --git a/package/php/files/php.init b/package/php/files/php.init index 63a91d4c7..3d404ac79 100644 --- a/package/php/files/php.init +++ b/package/php/files/php.init @@ -16,7 +16,7 @@ start) php ${php_flags} & ;; stop) - killall php + pkill php ;; restart) sh $0 stop diff --git a/package/pmacct/files/nfacctd.init b/package/pmacct/files/nfacctd.init index 3e768474d..911184d21 100644 --- a/package/pmacct/files/nfacctd.init +++ b/package/pmacct/files/nfacctd.init @@ -14,7 +14,7 @@ autostop) ;; nfacctd $nfaccd_flags ;; stop) - killall nfacctd + pkill nfacctd ;; restart) sh $0 stop diff --git a/package/pmacct/files/pmacctd.init b/package/pmacct/files/pmacctd.init index 2e9a01dd1..5a44474c0 100644 --- a/package/pmacct/files/pmacctd.init +++ b/package/pmacct/files/pmacctd.init @@ -14,7 +14,7 @@ autostop) ;; pmacctd $pmacctd_flags ;; stop) - killall pmacctd + pkill pmacctd ;; restart) sh $0 stop diff --git a/package/pptpd/files/pptpd.init b/package/pptpd/files/pptpd.init index f4f37613f..e26b1f072 100644 --- a/package/pptpd/files/pptpd.init +++ b/package/pptpd/files/pptpd.init @@ -14,7 +14,7 @@ start) pptpd ;; stop) - killall pptpd + pkill pptpd ;; restart) sh $0 stop diff --git a/package/radvd/files/radvd.init b/package/radvd/files/radvd.init index c6722a29e..cfb4125bc 100644 --- a/package/radvd/files/radvd.init +++ b/package/radvd/files/radvd.init @@ -16,7 +16,7 @@ start) ;; stop) - killall radvd + pkill radvd echo 0 > /proc/sys/net/ipv6/conf/all/forwarding ;; diff --git a/package/rarpd/files/rarpd.init b/package/rarpd/files/rarpd.init index 7af906b46..2b8e0f876 100644 --- a/package/rarpd/files/rarpd.init +++ b/package/rarpd/files/rarpd.init @@ -14,7 +14,7 @@ start) rarpd $rarpd_flags ;; stop) - killall rarpd + pkill rarpd ;; restart) sh $0 stop diff --git a/package/reaim/files/reaim.init b/package/reaim/files/reaim.init index 7450b7e08..71a1336b0 100644 --- a/package/reaim/files/reaim.init +++ b/package/reaim/files/reaim.init @@ -21,7 +21,7 @@ start) reaim ;; stop) - killall reaim + pkill reaim ;; restart) sh $0 stop diff --git a/package/rp-pppoe/files/pppoe-relay.init b/package/rp-pppoe/files/pppoe-relay.init index 5998b5291..458a47eaf 100644 --- a/package/rp-pppoe/files/pppoe-relay.init +++ b/package/rp-pppoe/files/pppoe-relay.init @@ -14,7 +14,7 @@ start) pppoe-relay $pppoe_relay_flags ;; stop) - killall pppoe-relay + pkill pppoe-relay ;; restart) sh $0 stop diff --git a/package/rp-pppoe/files/pppoe-server.init b/package/rp-pppoe/files/pppoe-server.init index f8c7c7fd5..b078110a0 100644 --- a/package/rp-pppoe/files/pppoe-server.init +++ b/package/rp-pppoe/files/pppoe-server.init @@ -14,7 +14,7 @@ start) pppoe-server ;; stop) - killall pppoe-server + pkill pppoe-server ;; restart) sh $0 stop diff --git a/package/rrdcollect/files/rrdcollect.init b/package/rrdcollect/files/rrdcollect.init index 0f9d00ab1..5c83ae013 100644 --- a/package/rrdcollect/files/rrdcollect.init +++ b/package/rrdcollect/files/rrdcollect.init @@ -22,7 +22,7 @@ start) rrdcollect ;; stop) - killall rrdcollect + pkill rrdcollect ;; restart) sh $0 stop diff --git a/package/samba/files/samba.init b/package/samba/files/samba.init index 862a63515..a8279e366 100644 --- a/package/samba/files/samba.init +++ b/package/samba/files/samba.init @@ -17,8 +17,8 @@ start) smbd -D ;; stop) - killall nmbd - killall smbd + pkill nmbd + pkill smbd ;; restart) sh $0 stop diff --git a/package/scanlogd/files/scanlogd.init b/package/scanlogd/files/scanlogd.init index cd4279e4c..696ee8d77 100644 --- a/package/scanlogd/files/scanlogd.init +++ b/package/scanlogd/files/scanlogd.init @@ -15,7 +15,7 @@ start) scanlogd $scanlogd_flags ;; stop) - killall scanlogd + pkill scanlogd ;; restart) sh $0 stop diff --git a/package/siproxd/files/siproxd.init b/package/siproxd/files/siproxd.init index f29921f52..e186ec934 100644 --- a/package/siproxd/files/siproxd.init +++ b/package/siproxd/files/siproxd.init @@ -14,7 +14,7 @@ autostop) ;; siproxd ;; stop) - killall siproxd + pkill siproxd ;; restart) sh $0 stop diff --git a/package/snort-wireless/files/snort-wireless.init b/package/snort-wireless/files/snort-wireless.init index 3d7376bbe..1a07d1be2 100644 --- a/package/snort-wireless/files/snort-wireless.init +++ b/package/snort-wireless/files/snort-wireless.init @@ -15,7 +15,7 @@ start) snort ${snort_wireless_flags} ;; stop) - killall snort + pkill snort ;; restart) sh $0 stop diff --git a/package/snort/files/snort.init b/package/snort/files/snort.init index 6228cc13e..b426a9fe7 100644 --- a/package/snort/files/snort.init +++ b/package/snort/files/snort.init @@ -14,7 +14,7 @@ start) snort $snort_flags ;; stop) - killall snort + pkill snort ;; *) echo "usage: $0 {start | stop | restart}" diff --git a/package/squid/Config.in b/package/squid/Config.in index c0cc8f818..c597986d8 100644 --- a/package/squid/Config.in +++ b/package/squid/Config.in @@ -4,6 +4,7 @@ config ADK_PACKAGE_SQUID tristate default n select ADK_PACKAGE_LIBOPENSSL + select ADK_PACKAGE_LIBPTHREAD help Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional diff --git a/package/squid/Makefile b/package/squid/Makefile index 80f97c032..cfc35061c 100644 --- a/package/squid/Makefile +++ b/package/squid/Makefile @@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk PKG_NAME:= squid PKG_VERSION:= 3.0.STABLE20 -PKG_RELEASE:= 1 +PKG_RELEASE:= 2 PKG_MD5SUM:= b69577cfc5cfb6808ec426e3a933220d PKG_DESCR:= squid web and cache proxy PKG_SECTION:= net @@ -113,12 +113,9 @@ CONFIGURE_ARGS+= --datadir=/usr/share/squid \ --enable-x-accelerator-vary \ --with-pthreads \ --with-dl \ - --enable-icmp \ --enable-kill-parent-hack \ --enable-arp-acl \ --enable-ssl \ - --disable-htcp \ - --disable-esi \ --enable-err-languages=English \ --enable-default-err-language=English \ --enable-linux-netfilter \ @@ -128,6 +125,9 @@ CONFIGURE_ARGS+= --datadir=/usr/share/squid \ --enable-cache-digests \ --enable-referer-log \ --enable-delay-pools \ + --disable-snmp \ + --disable-esi \ + --disable-htcp \ --disable-wccp \ --disable-wccpv2 \ --enable-useragent-log \ @@ -146,11 +146,14 @@ post-configure: ${SED} 's#postdeps="-lstdc.*#postdeps="-lm"#' \ ${WRKBUILD}/libtool endif +post-configure: + ${SED} 's#\(hardcode_into_libs=\).*$$#\1no#' \ + ${WRKBUILD}/libtool post-install: ${INSTALL_MODS_y} ${INSTALL_MODS_m} ${INSTALL_DIR} ${IDIR_SQUID}/etc/squid - ${INSTALL_DATA} ${WRKINST}/etc/squid/mime.conf \ - ${WRKINST}/etc/squid/squid.conf ${IDIR_SQUID}/etc/squid/ + ${INSTALL_DATA} ${WRKINST}/etc/squid/mime.conf ${IDIR_SQUID}/etc/squid/ + ${INSTALL_DATA} ./files/squid.conf ${IDIR_SQUID}/etc/squid/ ${INSTALL_DIR} ${IDIR_SQUID}/usr/share/squid ${CP} ${WRKINST}/usr/share/squid/* ${IDIR_SQUID}/usr/share/squid/ ${INSTALL_DIR} ${IDIR_SQUID}/usr/sbin ${IDIR_SQUID}/usr/lib/squid diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf new file mode 100644 index 000000000..9e6571192 --- /dev/null +++ b/package/squid/files/squid.conf @@ -0,0 +1,16 @@ +visible_hostname linux +# for transparent proxy use following +# http_port 3128 transparent +http_port 3128 +pid_filename /var/run/squid.pid +# logging +access_log syslog +cache_store_log none +cache_log /var/log/squid-cache.log +# security +cache_effective_user squid +cache_effective_group squid +# cache dir +cache_dir ufs /var/squid/cache 10M 16 256 +# allow all +http_access allow all diff --git a/package/squid/files/squid.init b/package/squid/files/squid.init new file mode 100644 index 000000000..5fd8e4c13 --- /dev/null +++ b/package/squid/files/squid.init @@ -0,0 +1,37 @@ +#!/bin/sh +#PKG squid +#INIT 70 + +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${squid:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + if [ ! -f /var/log/squid-cache.log ];then + touch /var/log/squid-cache.log + chown squid:squid /var/log/squid-cache.log + fi + if [ ! -d /var/squid/cache ];then + mkdir -p /var/squid/cache + chown squid:squid /var/squid/cache + squid -z + fi + squid + ;; +stop) + squid -k kill + ;; +restart) + sh $0 stop + sh $0 start + ;; + +*) + echo "usage: $0 {start | stop | restart}" + exit 1 +esac +exit $? diff --git a/package/squid/files/squid.postinst b/package/squid/files/squid.postinst new file mode 100644 index 000000000..6a08126c9 --- /dev/null +++ b/package/squid/files/squid.postinst @@ -0,0 +1,6 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +gid=$(get_next_gid) +add_user squid $(get_next_uid) $gid /var/squid/cache +add_group squid $gid +add_rcconf squid squid NO diff --git a/package/srelay/files/srelay.init b/package/srelay/files/srelay.init index 5cae3c161..d7aa908f5 100644 --- a/package/srelay/files/srelay.init +++ b/package/srelay/files/srelay.init @@ -15,7 +15,7 @@ start) srelay ${srelay_flags} ;; stop) - killall srelay + pkill srelay ;; restart) sh $0 stop diff --git a/package/subversion/files/svnserve.init b/package/subversion/files/svnserve.init index a52fdb43a..1cfb1e0dd 100644 --- a/package/subversion/files/svnserve.init +++ b/package/subversion/files/svnserve.init @@ -25,7 +25,7 @@ start) /usr/bin/svnserve -d -r $svnserve_path ;; stop) - killall svnserve + pkill svnserve ;; restart) sh $0 stop diff --git a/package/syslog-ng/files/syslog-ng.init b/package/syslog-ng/files/syslog-ng.init index a613e8e9b..2cc6ab8b6 100644 --- a/package/syslog-ng/files/syslog-ng.init +++ b/package/syslog-ng/files/syslog-ng.init @@ -18,7 +18,7 @@ start) [ -x /usr/sbin/syslog-ng ] && /usr/sbin/syslog-ng ;; stop) - killall syslog-ng + pkill syslog-ng ;; restart) sh $0 stop diff --git a/package/tinyproxy/Makefile b/package/tinyproxy/Makefile index b359bbb75..5bf6a8af8 100644 --- a/package/tinyproxy/Makefile +++ b/package/tinyproxy/Makefile @@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk PKG_NAME:= tinyproxy PKG_VERSION:= 1.6.5 -PKG_RELEASE:= 1 +PKG_RELEASE:= 2 PKG_MD5SUM:= 2b2862ba33d2939e4572688d442ba415 PKG_DESCR:= Tinyproxy is a lightweight HTTP and HTTPS proxy. PKG_SECTION:= net @@ -37,9 +37,9 @@ post-install: ${INSTALL_DIR} ${IDIR_TINYPROXY}/usr/sbin \ ${IDIR_TINYPROXY}/etc/tinyproxy \ ${IDIR_TINYPROXY}/usr/share/tinyproxy + ${INSTALL_DATA} ./files/tinyproxy.conf ${IDIR_TINYPROXY}/etc/tinyproxy ${INSTALL_BIN} ${WRKINST}/usr/sbin/tinyproxy ${IDIR_TINYPROXY}/usr/sbin/ ${INSTALL_DATA} ${WRKINST}/usr/share/tinyproxy/{debug,default,stats}.html ${IDIR_TINYPROXY}/usr/share/tinyproxy/ ${INSTALL_DATA} ${WRKINST}/usr/share/tinyproxy/HTML_VARIABLES ${IDIR_TINYPROXY}/usr/share/tinyproxy/ - ${INSTALL_DATA} ${WRKINST}/etc/tinyproxy/tinyproxy.conf ${IDIR_TINYPROXY}/etc/tinyproxy/ include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/tinyproxy/files/tinyproxy.conf b/package/tinyproxy/files/tinyproxy.conf new file mode 100644 index 000000000..6460a2c88 --- /dev/null +++ b/package/tinyproxy/files/tinyproxy.conf @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User tinyproxy +Group tinyproxy + +# +# Port to listen on. +# +Port 8888 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Critical + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 192.168.1.0/25 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +#Filter "/etc/tinyproxy/filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 diff --git a/package/tinyproxy/files/tinyproxy.init b/package/tinyproxy/files/tinyproxy.init index 8cf6fbb6a..cdf86e049 100644 --- a/package/tinyproxy/files/tinyproxy.init +++ b/package/tinyproxy/files/tinyproxy.init @@ -14,7 +14,8 @@ start) tinyproxy ;; stop) - killall tinyproxy + pkill tinyproxy + rm /var/run/tinyproxy.pid ;; restart) sh $0 stop diff --git a/package/tinyproxy/files/tinyproxy.postinst b/package/tinyproxy/files/tinyproxy.postinst index 4965f625d..903927e49 100644 --- a/package/tinyproxy/files/tinyproxy.postinst +++ b/package/tinyproxy/files/tinyproxy.postinst @@ -1,3 +1,6 @@ #!/bin/sh . $IPKG_INSTROOT/etc/functions.sh +gid=$(get_next_gid) +add_user tinyproxy $(get_next_uid) $gid /etc/tinyproxy +add_group tinyproxy $gid add_rcconf tinyproxy tinyproxy NO diff --git a/package/tor/files/tor.init b/package/tor/files/tor.init index dd3759252..fcc8c144b 100644 --- a/package/tor/files/tor.init +++ b/package/tor/files/tor.init @@ -15,7 +15,7 @@ start) tor ;; stop) - killall tor + pkill tor ;; restart) sh $0 stop diff --git a/package/vrrpd/files/vrrpd.init b/package/vrrpd/files/vrrpd.init index cbac88074..9e8170643 100644 --- a/package/vrrpd/files/vrrpd.init +++ b/package/vrrpd/files/vrrpd.init @@ -14,7 +14,7 @@ autostop) ;; vrrpd $vrrpd_flags ;; stop) - killall vrrpd + pkill vrrpd ;; restart) sh $0 stop diff --git a/package/vsftpd/files/vsftpd.init b/package/vsftpd/files/vsftpd.init index 7d5e5cccb..7bc01c965 100644 --- a/package/vsftpd/files/vsftpd.init +++ b/package/vsftpd/files/vsftpd.init @@ -15,7 +15,7 @@ start) vsftpd ;; stop) - killall vsftpd + pkill vsftpd ;; restart) sh $0 stop diff --git a/package/watchdog/files/watchdog.init b/package/watchdog/files/watchdog.init index c5be0f768..5c3351d6b 100644 --- a/package/watchdog/files/watchdog.init +++ b/package/watchdog/files/watchdog.init @@ -14,7 +14,7 @@ start) /usr/sbin/watchdog ;; stop) - killall watchdog + pkill watchdog ;; restart) sh $0 stop diff --git a/package/xinetd/files/xinetd.init b/package/xinetd/files/xinetd.init index d0b8c0517..a7a7db8d5 100644 --- a/package/xinetd/files/xinetd.init +++ b/package/xinetd/files/xinetd.init @@ -14,7 +14,7 @@ start) xinetd ;; stop) - killall xinetd + pkill xinetd ;; restart) sh $0 stop diff --git a/scripts/install.sh b/scripts/install.sh index 2be010c0b..44a261e67 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -132,8 +132,8 @@ if [ $($sfdisk -l $1 2>/dev/null|grep Empty|wc -l) -ne 4 ];then fi fi -printf "Create partition and filesystem\n" if [ $rb532 -ne 0 ];then + printf "Create partition and filesystem for rb532\n" rootpart=${1}2 $parted -s $1 mklabel msdos sleep 2 @@ -153,6 +153,7 @@ if [ $rb532 -ne 0 ];then else rootpart=${1}1 if [ $cfgfs -eq 0 ];then + printf "Create partition and filesystem without cfgfs\n" $sfdisk $1 << EOF ,,L ; @@ -162,6 +163,7 @@ y EOF $mke2fs ${rootpart} else + printf "Create partition and filesystem with cfgfs\n" $parted -s $1 mklabel msdos sleep 2 maxsize=$(env LC_ALL=C $parted $1 -s unit cyl print |awk '/^Disk/ { print $3 }'|sed -e 's/cyl//') @@ -182,7 +184,7 @@ else fi sleep 2 -$tune2fs -c 0 -i 0 ${rootpart} >/dev/null +$tune2fs -c 0 -i 0 -m 1 ${rootpart} >/dev/null if [ $? -eq 0 ];then printf "Successfully disabled filesystem checks on ${rootpart}\n" else @@ -199,13 +201,14 @@ chmod 1777 $tmp/tmp chmod 4755 $tmp/bin/busybox if [ $rb532 -eq 0 ];then + printf "Installing GRUB bootloader\n" mkdir -p $tmp/boot/grub mount -o bind /dev $tmp/dev chroot $tmp mount -t proc /proc /proc chroot $tmp mount -t sysfs /sys /sys cat << EOF > $tmp/boot/grub/grub.cfg set default=0 -set timeout=5 +set timeout=1 serial --unit=0 --speed=115200 terminal_output serial terminal_input serial diff --git a/target/alix1c/Makefile b/target/alix1c/Makefile index 93a7c6642..4278c90f9 100644 --- a/target/alix1c/Makefile +++ b/target/alix1c/Makefile @@ -13,7 +13,7 @@ kernel-install: ifeq ($(FS),ext2-cf) imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) @echo - @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)," + @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)" @echo "To install everything to CompactFlash use scripts/install.sh" @echo 'Login as user root with password linux123 via ssh or console' endif diff --git a/target/alix2d/Makefile b/target/alix2d/Makefile index 93a7c6642..4278c90f9 100644 --- a/target/alix2d/Makefile +++ b/target/alix2d/Makefile @@ -13,7 +13,7 @@ kernel-install: ifeq ($(FS),ext2-cf) imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) @echo - @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)," + @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)" @echo "To install everything to CompactFlash use scripts/install.sh" @echo 'Login as user root with password linux123 via ssh or console' endif diff --git a/target/linux/config/Config.in.netfilter b/target/linux/config/Config.in.netfilter index a4dc9b7c7..fc3c2682f 100644 --- a/target/linux/config/Config.in.netfilter +++ b/target/linux/config/Config.in.netfilter @@ -8,6 +8,10 @@ config ADK_KERNEL_NETFILTER_ADVANCED bool default n +config ADK_KERNEL_BRIDGE_NETFILTER + bool + default n + config ADK_KERNEL_NETFILTER_XTABLES bool select ADK_KERNEL_NETFILTER @@ -397,7 +401,7 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ULOG config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT tristate 'REDIRECT target support' - depends on ADK_KPACKAGE_KMOD_IP_NF_NAT + depends on ADK_KPACKAGE_KMOD_NF_NAT help REDIRECT is a special case of NAT: all incoming connections are mapped onto the incoming interface's address, causing the packets to @@ -406,7 +410,7 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP tristate 'NETMAP target support' - depends on ADK_KPACKAGE_KMOD_IP_NF_NAT + depends on ADK_KPACKAGE_KMOD_NF_NAT help NETMAP is an implementation of static 1:1 NAT mapping of network addresses. It maps the network address part, while keeping the host @@ -415,14 +419,14 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP config ADK_KPACKAGE_KMOD_IP_NF_TARGET_SAME tristate 'SAME target support' - depends on ADK_KPACKAGE_KMOD_IP_NF_NAT + depends on ADK_KPACKAGE_KMOD_NF_NAT help This option adds a `SAME' target, which works like the standard SNAT target, but attempts to give clients the same IP for all connections. config ADK_KPACKAGE_KMOD_IP_NF_MANGLE tristate 'Packet mangling' - depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES + depends on ADK_KPACKAGE_KMOD_NF_NAT help This option adds a `mangle' table to iptables: see the man page for iptables(8). This table is used for various packet alterations @@ -441,4 +445,239 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ECN ECN support in general. endmenu + +menu "Ethernet bridge firewalling" + +config ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + tristate 'Ethernet Bridge tables (ebtables) support' + select ADK_KERNEL_BRIDGE_NETFILTER + help + ebtables is a general, extensible frame/packet identification + framework. Say 'Y' or 'M' here if you want to do Ethernet + filtering/NAT/brouting on the Ethernet bridge. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_BROUTE + tristate "ebt: broute table support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + The ebtables broute table is used to define rules that decide between + bridging and routing frames, giving Linux the functionality of a + brouter. See the man page for ebtables(8) and examples on the ebtables + website. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_FILTER + tristate "ebt: filter table support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + The ebtables filter table is used to define frame filtering rules at + local input, forwarding and local output. See the man page for + ebtables(8). + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_NAT + tristate "ebt: nat table support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + The ebtables nat table is used to define rules that alter the MAC + source address (MAC SNAT) or the MAC destination address (MAC DNAT). + See the man page for ebtables(8). + + To compile it as a module, choose M here. If unsure, say N. +# +# matches +# +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_802_3 + tristate "ebt: 802.3 filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds matching support for 802.3 Ethernet frames. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_AMONG + tristate "ebt: among filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the among match, which allows matching the MAC source + and/or destination address on a list of addresses. Optionally, + MAC/IP address pairs can be matched, f.e. for anti-spoofing rules. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARP + tristate "ebt: ARP filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the ARP match, which allows ARP and RARP header field + filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP + tristate "ebt: IP filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the IP match, which allows basic IP header field + filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP6 + tristate "ebt: IP6 filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES && ADK_KPACKAGE_KMOD_IPV6 + help + This option adds the IP6 match, which allows basic IPV6 header field + filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LIMIT + tristate "ebt: limit match support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the limit match, which allows you to control + the rate at which a rule can be matched. This match is the + equivalent of the iptables limit match. + + If you want to compile it as a module, say M here and read + <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK + tristate "ebt: mark filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the mark match, which allows matching frames based on + the 'nfmark' value in the frame. This can be set by the mark target. + This value is the same as the one used in the iptables mark match and + target. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_PKTTYPE + tristate "ebt: packet type filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the packet type match, which allows matching on the + type of packet based on its Ethernet "class" (as determined by + the generic networking code): broadcast, multicast, + for this host alone or for another host. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_STP + tristate "ebt: STP filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the Spanning Tree Protocol match, which + allows STP header field filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_VLAN + tristate "ebt: 802.1Q VLAN filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the 802.1Q vlan match, which allows the filtering of + 802.1Q vlan fields. + + To compile it as a module, choose M here. If unsure, say N. +# +# targets +# +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARPREPLY + tristate "ebt: arp reply target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the arp reply target, which allows + automatically sending arp replies to arp requests. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_DNAT + tristate "ebt: dnat target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the MAC DNAT target, which allows altering the MAC + destination address of frames. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK_T + tristate "ebt: mark target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the mark target, which allows marking frames by + setting the 'nfmark' value in the frame. + This value is the same as the one used in the iptables mark match and + target. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_REDIRECT + tristate "ebt: redirect target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the MAC redirect target, which allows altering the MAC + destination address of a frame to that of the device it arrived on. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_SNAT + tristate "ebt: snat target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the MAC SNAT target, which allows altering the MAC + source address of frames. + + To compile it as a module, choose M here. If unsure, say N. +# +# watchers +# +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LOG + tristate "ebt: log support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the log watcher, that you can use in any rule + in any ebtables table. It records info about the frame header + to the syslog. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ULOG + tristate "ebt: ulog support (OBSOLETE)" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option enables the old bridge-specific "ebt_ulog" implementation + which has been obsoleted by the new "nfnetlink_log" code (see + CONFIG_NETFILTER_NETLINK_LOG). + + This option adds the ulog watcher, that you can use in any rule + in any ebtables table. The packet is passed to a userspace + logging daemon using netlink multicast sockets. This differs + from the log watcher in the sense that the complete packet is + sent to userspace instead of a descriptive text and that + netlink multicast sockets are used instead of the syslog. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_NFLOG + tristate "ebt: nflog support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option enables the nflog watcher, which allows to LOG + messages through the netfilter logging API, which can use + either the old LOG target, the old ULOG target or nfnetlink_log + as backend. + + This option adds the nflog watcher, that you can use in any rule + in any ebtables table. + + To compile it as a module, choose M here. If unsure, say N. + + +endmenu + endmenu |