Merge remote-tracking branch 'origin/next' into fifteen
authorArne Fitzenreiter <arne_f@ipfire.org>
Wed, 13 Nov 2013 13:05:15 +0000 (14:05 +0100)
committerArne Fitzenreiter <arne_f@ipfire.org>
Wed, 13 Nov 2013 13:05:15 +0000 (14:05 +0100)
Conflicts:
lfs/samba
lfs/strongswan

316 files changed:
config/backup/backup.pl
config/backup/exclude
config/backup/include
config/cfgroot/ethernet-vlans
config/cfgroot/general-functions.pl
config/cfgroot/graphs.pl
config/cfgroot/header.pl
config/cfgroot/p2protocols [deleted file]
config/collectd/collectd.conf
config/firewall/convert-dmz [new file with mode: 0755]
config/firewall/convert-outgoingfw [new file with mode: 0755]
config/firewall/convert-portfw [new file with mode: 0755]
config/firewall/convert-xtaccess [new file with mode: 0755]
config/firewall/firewall-lib.pl [new file with mode: 0755]
config/firewall/firewall-policy [new file with mode: 0755]
config/firewall/p2protocols [new file with mode: 0644]
config/firewall/rules.pl [new file with mode: 0755]
config/fwhosts/customservices [new file with mode: 0644]
config/fwhosts/icmp-types [new file with mode: 0755]
config/kernel/kernel.config.armv5tel-ipfire-kirkwood
config/kernel/kernel.config.armv5tel-ipfire-multi [new file with mode: 0644]
config/kernel/kernel.config.armv5tel-ipfire-omap [deleted file]
config/kernel/kernel.config.armv5tel-ipfire-rpi
config/kernel/kernel.config.i586-ipfire
config/kernel/kernel.config.i586-ipfire-pae
config/kernel/kernel.config.i586-ipfire-xen [deleted file]
config/menu/50-firewall.menu
config/outgoingfw/defaultservices [deleted file]
config/outgoingfw/outgoingfw.pl [deleted file]
config/rootfiles/common/apache2
config/rootfiles/common/armv5tel/dracut
config/rootfiles/common/armv5tel/initscripts
config/rootfiles/common/armv5tel/installer [deleted file]
config/rootfiles/common/armv5tel/linux-kirkwood
config/rootfiles/common/armv5tel/linux-multi [new file with mode: 0644]
config/rootfiles/common/armv5tel/linux-omap [deleted file]
config/rootfiles/common/armv5tel/rpi-firmware
config/rootfiles/common/armv5tel/u-boot
config/rootfiles/common/armv5tel/u-boot-panda [new file with mode: 0644]
config/rootfiles/common/as86 [deleted file]
config/rootfiles/common/compat-drivers [deleted file]
config/rootfiles/common/configroot
config/rootfiles/common/cyrus-sasl
config/rootfiles/common/fireinfo
config/rootfiles/common/i586/initscripts
config/rootfiles/common/i586/mISDN [deleted file]
config/rootfiles/common/iptables
config/rootfiles/common/jquery [new file with mode: 0644]
config/rootfiles/common/libnl
config/rootfiles/common/libusbx [new file with mode: 0644]
config/rootfiles/common/libxml2
config/rootfiles/common/lzo
config/rootfiles/common/mbr [deleted file]
config/rootfiles/common/misc-progs
config/rootfiles/common/mpage [new file with mode: 0644]
config/rootfiles/common/mysql [deleted file]
config/rootfiles/common/mysql-libs [new file with mode: 0644]
config/rootfiles/common/pakfire
config/rootfiles/common/paxctl [new file with mode: 0644]
config/rootfiles/common/stage2
config/rootfiles/common/strongswan
config/rootfiles/common/vim
config/rootfiles/common/xz
config/rootfiles/core/73/filelists/GeoIP [deleted file]
config/rootfiles/core/73/filelists/hwdata [deleted file]
config/rootfiles/core/73/filelists/php [deleted symlink]
config/rootfiles/core/fifteen/exclude [moved from config/rootfiles/core/70/exclude with 100% similarity]
config/rootfiles/core/fifteen/filelists/armv5tel/glibc [new symlink]
config/rootfiles/core/fifteen/filelists/coreutils [new symlink]
config/rootfiles/core/fifteen/filelists/files [new file with mode: 0644]
config/rootfiles/core/fifteen/filelists/firewall [new file with mode: 0644]
config/rootfiles/core/fifteen/filelists/i586/glibc [new symlink]
config/rootfiles/core/fifteen/filelists/jquery [new symlink]
config/rootfiles/core/fifteen/filelists/libxml2 [new symlink]
config/rootfiles/core/fifteen/filelists/lzo [new symlink]
config/rootfiles/core/fifteen/filelists/misc-progs [new symlink]
config/rootfiles/core/fifteen/filelists/paxctl [new symlink]
config/rootfiles/core/fifteen/filelists/strongswan [moved from config/rootfiles/core/72/filelists/strongswan with 100% similarity]
config/rootfiles/core/fifteen/filelists/vim [new symlink]
config/rootfiles/core/fifteen/meta [moved from config/rootfiles/core/70/meta with 100% similarity]
config/rootfiles/core/fifteen/update.sh [moved from src/paks/linux-xen/update.sh with 56% similarity]
config/rootfiles/oldcore/66/filelists/files
config/rootfiles/oldcore/70/exclude [moved from config/rootfiles/core/71/exclude with 100% similarity]
config/rootfiles/oldcore/70/filelists/armv5tel/linux-kirkwood [moved from config/rootfiles/core/70/filelists/armv5tel/linux-kirkwood with 100% similarity]
config/rootfiles/oldcore/70/filelists/armv5tel/linux-omap [moved from config/rootfiles/core/70/filelists/armv5tel/linux-omap with 100% similarity]
config/rootfiles/oldcore/70/filelists/armv5tel/linux-rpi [moved from config/rootfiles/core/70/filelists/armv5tel/linux-rpi with 100% similarity]
config/rootfiles/oldcore/70/filelists/crda [moved from config/rootfiles/core/70/filelists/crda with 100% similarity]
config/rootfiles/oldcore/70/filelists/files [moved from config/rootfiles/core/70/filelists/files with 100% similarity]
config/rootfiles/oldcore/70/filelists/i586/grub.conf [moved from config/rootfiles/core/70/filelists/i586/grub.conf with 100% similarity]
config/rootfiles/oldcore/70/filelists/i586/linux [moved from config/rootfiles/core/70/filelists/i586/linux with 100% similarity]
config/rootfiles/oldcore/70/filelists/iw [moved from config/rootfiles/core/70/filelists/iw with 100% similarity]
config/rootfiles/oldcore/70/filelists/libjpeg [moved from config/rootfiles/core/70/filelists/libjpeg with 100% similarity]
config/rootfiles/oldcore/70/filelists/wireless-regdb [moved from config/rootfiles/core/70/filelists/wireless-regdb with 100% similarity]
config/rootfiles/oldcore/70/meta [moved from config/rootfiles/core/71/meta with 100% similarity]
config/rootfiles/oldcore/70/update.sh [moved from config/rootfiles/core/70/update.sh with 100% similarity]
config/rootfiles/oldcore/71/exclude [moved from config/rootfiles/core/73/exclude with 100% similarity]
config/rootfiles/oldcore/71/filelists/GeoIP [moved from config/rootfiles/core/71/filelists/GeoIP with 100% similarity]
config/rootfiles/oldcore/71/filelists/curl [moved from config/rootfiles/core/71/filelists/curl with 100% similarity]
config/rootfiles/oldcore/71/filelists/files [moved from config/rootfiles/core/71/filelists/files with 100% similarity]
config/rootfiles/oldcore/71/filelists/hwdata [moved from config/rootfiles/core/71/filelists/hwdata with 100% similarity]
config/rootfiles/oldcore/71/filelists/jwhois [moved from config/rootfiles/core/71/filelists/jwhois with 100% similarity]
config/rootfiles/oldcore/71/filelists/oinkmaster [moved from config/rootfiles/core/71/filelists/oinkmaster with 100% similarity]
config/rootfiles/oldcore/71/filelists/snort [moved from config/rootfiles/core/71/filelists/snort with 100% similarity]
config/rootfiles/oldcore/71/filelists/squid [moved from config/rootfiles/core/71/filelists/squid with 100% similarity]
config/rootfiles/oldcore/71/filelists/usb_modeswitch [moved from config/rootfiles/core/71/filelists/usb_modeswitch with 100% similarity]
config/rootfiles/oldcore/71/filelists/usb_modeswitch_data [moved from config/rootfiles/core/71/filelists/usb_modeswitch_data with 100% similarity]
config/rootfiles/oldcore/71/meta [moved from config/rootfiles/core/72/meta with 100% similarity]
config/rootfiles/oldcore/71/update.sh [moved from config/rootfiles/core/71/update.sh with 100% similarity]
config/rootfiles/oldcore/72/exclude [moved from config/rootfiles/core/72/exclude with 100% similarity]
config/rootfiles/oldcore/72/filelists/daq [moved from config/rootfiles/core/72/filelists/daq with 100% similarity]
config/rootfiles/oldcore/72/filelists/files [moved from config/rootfiles/core/72/filelists/files with 100% similarity]
config/rootfiles/oldcore/72/filelists/i586/strongswan-padlock [moved from config/rootfiles/core/72/filelists/i586/strongswan-padlock with 100% similarity]
config/rootfiles/oldcore/72/filelists/snort [moved from config/rootfiles/core/72/filelists/snort with 100% similarity]
config/rootfiles/oldcore/72/filelists/squid [moved from config/rootfiles/core/72/filelists/squid with 100% similarity]
config/rootfiles/oldcore/72/filelists/strongswan [new symlink]
config/rootfiles/oldcore/72/meta [moved from config/rootfiles/core/73/meta with 100% similarity]
config/rootfiles/oldcore/72/update.sh [moved from config/rootfiles/core/72/update.sh with 100% similarity]
config/rootfiles/oldcore/73/exclude [new file with mode: 0644]
config/rootfiles/oldcore/73/filelists/HTML-Template [moved from config/rootfiles/core/73/filelists/HTML-Template with 100% similarity]
config/rootfiles/oldcore/73/filelists/armv5tel/ath-modul [moved from config/rootfiles/core/73/filelists/armv5tel/ath-modul with 100% similarity]
config/rootfiles/oldcore/73/filelists/files [moved from config/rootfiles/core/73/filelists/files with 100% similarity]
config/rootfiles/oldcore/73/filelists/i586/ath-modul [moved from config/rootfiles/core/73/filelists/i586/ath-modul with 100% similarity]
config/rootfiles/oldcore/73/filelists/squid [moved from config/rootfiles/core/73/filelists/squid with 100% similarity]
config/rootfiles/oldcore/73/meta [new file with mode: 0644]
config/rootfiles/oldcore/73/update.sh [moved from config/rootfiles/core/73/update.sh with 100% similarity]
config/rootfiles/packages/clamav
config/rootfiles/packages/cups
config/rootfiles/packages/foomatic
config/rootfiles/packages/gutenprint
config/rootfiles/packages/iotop [new file with mode: 0644]
config/rootfiles/packages/linux-xen [deleted file]
config/rootfiles/packages/mysql
config/rpi-firmware/config.txt
config/u-boot/boot.scr
config/u-boot/boot.script
config/vdr/etc/setup.conf
config/vim/vimrc [new file with mode: 0644]
config/w_scan/w_scan_start
config/xen-image/README
config/xen-image/ipfire.cfg
config/xen-image/xen-image-maker.sh [new file with mode: 0644]
doc/language_issues.de
doc/language_issues.en
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings
html/cgi-bin/ddns.cgi
html/cgi-bin/dmzholes.cgi [deleted file]
html/cgi-bin/firewall.cgi [new file with mode: 0755]
html/cgi-bin/fwhosts.cgi [new file with mode: 0755]
html/cgi-bin/index.cgi
html/cgi-bin/optionsfw.cgi
html/cgi-bin/outgoingfw.cgi [deleted file]
html/cgi-bin/ovpnmain.cgi
html/cgi-bin/p2p-block.cgi [new file with mode: 0755]
html/cgi-bin/portfw.cgi [deleted file]
html/cgi-bin/speed.cgi
html/cgi-bin/upnp.cgi
html/cgi-bin/vpnmain.cgi
html/html/include/jquery-1.9.1.min.js [deleted file]
html/html/themes/ipfire/include/functions.pl
html/html/themes/maniac/include/functions.pl
langs/de/cgi-bin/de.pl
langs/de/install/lang_de.c
langs/en/cgi-bin/en.pl
langs/en/install/lang_en.c
langs/es/cgi-bin/es.pl
langs/es/install/lang_es.c
langs/fr/cgi-bin/fr.pl
langs/fr/install/lang_fr.c
langs/nl/cgi-bin/nl.pl
langs/nl/install/lang_nl.c
langs/pl/cgi-bin/pl.pl
langs/pl/install/lang_pl.c
langs/ru/cgi-bin/ru.pl
langs/ru/install/lang_ru.c
langs/tr/install/lang_tr.c
lfs/binutils
lfs/bridge-utils
lfs/cdrom
lfs/clamav
lfs/configroot
lfs/cpufrequtils
lfs/cups
lfs/cyrus-sasl
lfs/dracut
lfs/ffmpeg
lfs/fireinfo
lfs/flash-images
lfs/foomatic
lfs/gcc
lfs/glibc
lfs/grub
lfs/gutenprint
lfs/hostapd
lfs/initscripts
lfs/iotop [moved from lfs/as86 with 91% similarity]
lfs/iptables
lfs/iw
lfs/jquery [moved from lfs/linux-xen with 54% similarity]
lfs/keepalived
lfs/libnl
lfs/libusbx [moved from lfs/usb-stick with 51% similarity]
lfs/libxml2
lfs/linux
lfs/linux2 [deleted file]
lfs/lzo
lfs/memtest
lfs/miniupnpd
lfs/mpage [new file with mode: 0644]
lfs/mysql
lfs/net-tools
lfs/openvmtools
lfs/pakfire
lfs/paxctl [moved from lfs/mbr with 89% similarity]
lfs/rpi-firmware
lfs/rsync
lfs/stage2
lfs/strongswan
lfs/transmission
lfs/u-boot
lfs/vdr
lfs/vim
lfs/w_scan
lfs/xen-image
lfs/xz
make.sh
src/initscripts/init.d/firewall
src/initscripts/init.d/firstsetup
src/initscripts/init.d/network
src/initscripts/init.d/network-vlans
src/initscripts/init.d/tor
src/install+setup/install/probenic.sh
src/install+setup/libsmooth/libsmooth.h
src/install+setup/libsmooth/netstuff.c
src/misc-progs/Makefile
src/misc-progs/backupctrl.c
src/misc-progs/fireinfoctrl.c
src/misc-progs/firewallctrl.c [moved from src/misc-progs/outgoingfwctrl.c with 57% similarity]
src/misc-progs/getconntracktable.c
src/misc-progs/iowrap.c
src/misc-progs/ipfiredeath.c
src/misc-progs/ipfirerebirth.c
src/misc-progs/ipfirereboot.c
src/misc-progs/ipsecctrl.c
src/misc-progs/netutil.h [new file with mode: 0644]
src/misc-progs/openvpnctrl.c
src/misc-progs/pakfire.c
src/misc-progs/rebuildhosts.c
src/misc-progs/setaliases.c
src/misc-progs/setdmzholes.c [deleted file]
src/misc-progs/setportfw.c [deleted file]
src/misc-progs/setuid.c
src/misc-progs/setuid.h
src/misc-progs/setxtaccess.c [deleted file]
src/misc-progs/smartctrl.c
src/misc-progs/syslogdctrl.c
src/misc-progs/wirelessctrl.c
src/paks/linux-xen/install.sh [deleted file]
src/paks/linux-xen/uninstall.sh [deleted file]
src/patches/binutils-2.22-pt-pax-flags-20111121.patch [new file with mode: 0644]
src/patches/bridge-utils-1.5-compile-fix-1.patch [new file with mode: 0644]
src/patches/coreutils-5.96-uname-1.patch
src/patches/fireinfo-2.1.7-testing.patch [new file with mode: 0644]
src/patches/gcc-4.4.7-texinfo-5.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh804630.patch [deleted file]
src/patches/glibc/glibc-rh804686.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh806404.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh809726.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh823909.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh826149.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh827362.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh830127.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh832516.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh832694.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh833717.patch [moved from src/patches/glibc/glibc-rh833716.patch with 100% similarity]
src/patches/glibc/glibc-rh837026.patch [deleted file]
src/patches/glibc/glibc-rh837695.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh837918.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh841787.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh843673.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh846342.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh847932.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh848082.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh849203.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh849651.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh852445.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh861167.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh863453.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh864322.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh929388.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh970992.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh989558-2.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh989558.patch [new file with mode: 0644]
src/patches/imq_kernel3.10.patch [new file with mode: 0644]
src/patches/linux-2.6-silence-acpi-blacklist.patch [new file with mode: 0644]
src/patches/linux-2.6.30-no-pcspkr-modalias.patch [new file with mode: 0644]
src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch [new file with mode: 0644]
src/patches/linux-3.10-smsc95xx-add_mac_addr_param.patch [new file with mode: 0644]
src/patches/linux-3.10.10-arm_kirkwood_setups.patch [new file with mode: 0644]
src/patches/linux-3.10.10-mv_cesa_disable_failing_hmac_sha1.patch [new file with mode: 0644]
src/patches/linux-3.10.9-ledtrig-netdev-1.patch [new file with mode: 0644]
src/patches/linux-3.7-disable-compat_vdso.patch [new file with mode: 0644]
src/patches/linux-3.9-dvbsky-wot2.patch [new file with mode: 0644]
src/patches/mpage25-config.patch [new file with mode: 0644]
src/patches/net-tools-1.60-kernel_headers-3.patch [new file with mode: 0644]
src/patches/netfilter_layer7_2.22_kernel3.10-no_proc_interface.patch [new file with mode: 0644]
src/patches/strongswan-5.0.2_ipfire.patch [moved from src/patches/strongswan-4.5.3_ipfire.patch with 91% similarity]
src/patches/vim-7.2-fixes-4.patch [deleted file]
src/patches/vim-7.2-mandir-1.patch [deleted file]
src/scripts/setddns.pl
tools/make-functions

index f9b8302..a56a698 100644 (file)
@@ -22,7 +22,7 @@
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
-
+use File::Path;
 my $debug = 1;
 my @include = "";
 my ($Sekunden, $Minuten, $Stunden, $Monatstag, $Monat, $Jahr, $Wochentag, $Jahrestag, $Sommerzeit) = localtime(time);
@@ -64,7 +64,67 @@ elsif ($ARGV[0] eq 'restore') {
   system("cd / && tar -xvz -p -f /tmp/restore.ipf");
   #Here some converter scripts to correct old Backups (before core 65)
   system("/usr/sbin/ovpn-ccd-convert");
-}
+  #OUTGOINGFW CONVERTER
+  if( -d "${General::swroot}/outgoing"){
+         if( -f "${General::swroot}/firewall/config" ){
+                 unlink("${General::swroot}/firewall/config");
+                 system("touch ${General::swroot}/firewall/config");
+                 chown 99,99,"${General::swroot}/firewall/config";
+         }
+         if( -f "${General::swroot}/firewall/outgoing" ){
+                 unlink("${General::swroot}/firewall/outgoing");
+                 system("touch ${General::swroot}/firewall/outgoing");
+                 chown 99,99,"${General::swroot}/firewall/outgoing";
+         }
+         unlink("${General::swroot}/fwhosts/customgroups");
+         unlink("${General::swroot}/fwhosts/customhosts");
+         unlink("${General::swroot}/fwhosts/customgroups");
+         unlink("${General::swroot}/fwhosts/customnetworks");
+         unlink("${General::swroot}/fwhosts/customservicegrp");
+         unlink("${General::swroot}/fwhosts/customnetworks");
+         system("touch ${General::swroot}/fwhosts/customgroups");
+         system("touch ${General::swroot}/fwhosts/customhosts");
+         system("touch ${General::swroot}/fwhosts/customnetworks");
+         system("touch ${General::swroot}/fwhosts/customservicegrp");
+         #START CONVERTER "OUTGOINGFW"
+         system("/usr/sbin/convert-outgoingfw");
+         chown 99,99,"${General::swroot}/fwhosts/customgroups";
+         chown 99,99,"${General::swroot}/fwhosts/customhosts";
+         chown 99,99,"${General::swroot}/fwhosts/customnetworks";
+         chown 99,99,"${General::swroot}/fwhosts/customservicegrp";
+         #START CONVERTER "OUTGOINGFW"
+         rmtree("${General::swroot}/outgoing");
+  }
+  #XTACCESS CONVERTER
+  if( -d "${General::swroot}/xtaccess"){
+         if( -f "${General::swroot}/firewall/input" ){
+                 unlink("${General::swroot}/firewall/input");
+                 system("touch ${General::swroot}/firewall/input");
+         }
+         #START CONVERTER "XTACCESS"
+         system("/usr/sbin/convert-xtaccess");
+         chown 99,99,"${General::swroot}/firewall/input";
+         rmtree("${General::swroot}/xtaccess");
+  }
+  #DMZ-HOLES CONVERTER
+  if( -d "${General::swroot}/dmzholes" || -d "${General::swroot}/portfw"){
+         if( -f "${General::swroot}/firewall/config" ){
+                 unlink("${General::swroot}/firewall/config");
+                 system("touch ${General::swroot}/firewall/config");
+         }
+         #START CONVERTER "DMZ-HOLES"
+         system("/usr/sbin/convert-dmz");
+         chown 99,99,"${General::swroot}/firewall/config";
+         rmtree("${General::swroot}/dmzholes");
+  }
+  #PORTFORWARD CONVERTER
+  if( -d "${General::swroot}/portfw"){
+       #START CONVERTER "PORTFW"
+       system("/usr/sbin/convert-portfw");
+       rmtree("${General::swroot}/portfw");
+  }
+  system("/usr/local/bin/firewallctrl");
+ }
 elsif ($ARGV[0] eq 'restoreaddon') {
   if ( -e "/tmp/$ARGV[1]" ){system("mv /tmp/$ARGV[1] /var/ipfire/backup/addons/backup/$ARGV[1]");}
   system("cd / && tar -xvz -p -f /var/ipfire/backup/addons/backup/$ARGV[1]");
index 8103bb9..83db234 100644 (file)
@@ -1,5 +1,6 @@
 *.tmp
 /var/ipfire/ethernet/settings
+/var/ipfire/firewall/bin/*
 /var/ipfire/proxy/calamaris/bin/*
 /var/ipfire/qos/bin/qos.pl
 /var/ipfire/urlfilter/blacklists/*/*.db
index c863a0e..1d55e4a 100644 (file)
 /var/ipfire/auth/users
 /var/ipfire/dhcp/*
 /var/ipfire/dnsforward/*
+/var/ipfire/firewall
+/var/ipfire/fwhosts
 /var/ipfire/main/*
-/var/ipfire/outgoing/groups
-/var/ipfire/outgoing/macgroups
-/var/ipfire/outgoing/rules
-/var/ipfire/outgoing/p2protocols
-/var/ipfire/dmzholes
-/var/ipfire/xtaccess
-/var/ipfire/portfw
 /var/ipfire/ovpn
 /var/ipfire/ppp
 /var/ipfire/proxy
index 08cb36a..ae87bfe 100644 (file)
@@ -1,9 +1,9 @@
-#GREEN_PARENT_DEV="eth0"
+#GREEN_PARENT_DEV=eth0
 #GREEN_VLAN_ID=20
-#GREEN_MAC_ADDRESS="00:11:22:33:44:55"
-#BLUE_PARENT_DEV="green0"
+#GREEN_MAC_ADDRESS=00:11:22:33:44:55
+#BLUE_PARENT_DEV=green0
 #BLUE_VLAN_ID=30
-#BLUE_MAC_ADDRESS="00:22:33:44:55:66"
-#ORANGE_PARENT_DEV="green0"
+#BLUE_MAC_ADDRESS=00:22:33:44:55:66
+#ORANGE_PARENT_DEV=green0
 #ORANGE_VLAN_ID=40
-#ORANGE_MAC_ADDRESS="00:33:44:55:66:77"
+#ORANGE_MAC_ADDRESS=00:33:44:55:66:77
index 41643d8..778a39b 100644 (file)
@@ -39,6 +39,96 @@ sub log
        $logmessage = $1;
        system('logger', '-t', $tag, $logmessage);
 }
+sub setup_default_networks
+{
+       my %netsettings=();
+       my $defaultNetworks = shift;
+       
+       &readhash("/var/ipfire/ethernet/settings", \%netsettings);
+       
+       # Get current defined networks (Red, Green, Blue, Orange)
+       $defaultNetworks->{$Lang::tr{'fwhost any'}}{'IPT'} = "0.0.0.0/0.0.0.0";
+       $defaultNetworks->{$Lang::tr{'fwhost any'}}{'NAME'} = "ALL";
+               
+       $defaultNetworks->{$Lang::tr{'green'}}{'IPT'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+       $defaultNetworks->{$Lang::tr{'green'}}{'NET'} = "$netsettings{'GREEN_ADDRESS'}";
+       $defaultNetworks->{$Lang::tr{'green'}}{'NAME'} = "GREEN";
+
+       if ($netsettings{'RED_DEV'} ne ''){
+               $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'IPT'} = "$netsettings{'RED_NETADDRESS'}/$netsettings{'RED_NETMASK'}";
+               $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NET'} = "$netsettings{'RED_ADDRESS'}";
+               $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NAME'} = "RED";
+       }
+       if ($netsettings{'ORANGE_DEV'} ne ''){
+               $defaultNetworks->{$Lang::tr{'orange'}}{'IPT'} = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+               $defaultNetworks->{$Lang::tr{'orange'}}{'NET'} = "$netsettings{'ORANGE_ADDRESS'}";
+               $defaultNetworks->{$Lang::tr{'orange'}}{'NAME'} = "ORANGE";
+       }
+
+       if ($netsettings{'BLUE_DEV'} ne ''){
+               $defaultNetworks->{$Lang::tr{'blue'}}{'IPT'} = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+               $defaultNetworks->{$Lang::tr{'blue'}}{'NET'} = "$netsettings{'BLUE_ADDRESS'}";
+               $defaultNetworks->{$Lang::tr{'blue'}}{'NAME'} = "BLUE";
+       }
+       
+       #IPFire himself
+       $defaultNetworks->{'IPFire'}{'NAME'} = "IPFire";
+
+       # OpenVPN
+       if(-e "${General::swroot}/ovpn/settings")
+       {
+               my %ovpnSettings = ();
+               &readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
+
+               # OpenVPN on Red?
+               if(defined($ovpnSettings{'DOVPN_SUBNET'}))
+               {
+                       my ($ip,$sub) = split(/\//,$ovpnSettings{'DOVPN_SUBNET'});
+                       $sub=&General::iporsubtocidr($sub);
+                       my @tempovpnsubnet = split("\/", $ovpnSettings{'DOVPN_SUBNET'});
+                       $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'ADR'} = $tempovpnsubnet[0];
+                       $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'NAME'} = "OpenVPN-Dyn";
+               }
+       } # end OpenVPN
+       # IPsec RW NET
+       if(-e "${General::swroot}/vpn/settings")
+       {
+               my %ipsecsettings = ();
+               &readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+               if($ipsecsettings{'RW_NET'} ne '')
+               {
+                       my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'});
+                       $sub=&General::iporsubtocidr($sub);
+                       my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'});
+                       $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'ADR'} = $tempipsecsubnet[0];
+                       $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NAME'} = "IPsec RW";
+                       $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NET'} = &getnextip($ip);
+               }
+       }
+}
+sub get_aliases
+{
+       
+       my $defaultNetworks = shift;
+       open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
+       my @current = <FILE>;
+       close(FILE);
+       my $ctr = 0;
+       foreach my $line (@current)
+       {
+               if ($line ne ''){
+                       chomp($line);
+                       my @temp = split(/\,/,$line);
+                       if ($temp[2] eq '') {
+                               $temp[2] = "Alias $ctr : $temp[0]";
+                       }
+                       $defaultNetworks->{$temp[2]}{'IPT'} = "$temp[0]";
+                       $defaultNetworks->{$temp[2]}{'NET'} = "$temp[0]";
+                       
+                       $ctr++;
+               }
+       }
+}
 
 sub readhash
 {
@@ -1053,4 +1143,23 @@ sub write_file_utf8 ($) {
        return; 
 }
 
+my $FIREWALL_RELOAD_INDICATOR = "${General::swroot}/firewall/reread";
+
+sub firewall_config_changed() {
+       open FILE, ">$FIREWALL_RELOAD_INDICATOR" or die "Could not open $FIREWALL_RELOAD_INDICATOR";
+       close FILE;
+}
+
+sub firewall_needs_reload() {
+       if (-e "$FIREWALL_RELOAD_INDICATOR") {
+               return 1;
+       }
+
+       return 0;
+}
+
+sub firewall_reload() {
+       system("/usr/local/bin/firewallctrl");
+}
+
 1;
index c51e882..19c0546 100644 (file)
@@ -602,22 +602,37 @@ sub updatefwhitsgraph {
                "--color=SHADEA".$color{"color19"},
                "--color=SHADEB".$color{"color19"},
                "--color=BACK".$color{"color21"},
-               "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-FORWARD/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
-               "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-INPUT/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+               "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+               "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+               "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
                "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
                "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
-               "CDEF:amount=output,input,newnotsyn,+,+",
-               "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+               "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
                "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
                "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
-               "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+               "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
                "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
-               "AREA:amount".$color{"color24"}."A0:".sprintf("%-20s",$Lang::tr{'firewallhits'}),
-               "GPRINT:amount:MAX:%8.1lf %sBps",
-               "GPRINT:amount:AVERAGE:%8.1lf %sBps",
-               "GPRINT:amount:MIN:%8.1lf %sBps",
-               "GPRINT:amount:LAST:%8.1lf %sBps\\j",
-               "STACK:portscan".$color{"color25"}."A0:".sprintf("%-20s",$Lang::tr{'portscans'}),
+               "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-OUTPUT"),
+               "GPRINT:output:MAX:%8.1lf %sBps",
+               "GPRINT:output:AVERAGE:%8.1lf %sBps",
+               "GPRINT:output:MIN:%8.1lf %sBps",
+               "GPRINT:output:LAST:%8.1lf %sBps\\j",
+               "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-FORWARD"),
+               "GPRINT:forward:MAX:%8.1lf %sBps",
+               "GPRINT:forward:AVERAGE:%8.1lf %sBps",
+               "GPRINT:forward:MIN:%8.1lf %sBps",
+               "GPRINT:forward:LAST:%8.1lf %sBps\\j",
+               "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-INPUT"),
+               "GPRINT:input:MAX:%8.1lf %sBps",
+               "GPRINT:input:AVERAGE:%8.1lf %sBps",
+               "GPRINT:input:MIN:%8.1lf %sBps",
+               "GPRINT:input:LAST:%8.1lf %sBps\\j",
+               "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSyn"),
+               "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+               "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+               "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+               "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+               "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
                "GPRINT:portscan:MAX:%8.1lf %sBps",
                "GPRINT:portscan:MIN:%8.1lf %sBps",
                "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
index 9129c68..299d766 100644 (file)
@@ -88,15 +88,6 @@ if ( -d "/var/ipfire/langs/${language}/" ) {
     };
 };
 
-### Read IPFire Buildversion
-$FIREBUILD = "File not found: firebuild\n";
-if (open(MYFile, "<${swroot}/firebuild")) {
-    $FIREBUILD = <MYFile>;
-    chomp($FIREBUILD);
-    $FIREBUILD = "(Build: $FIREBUILD)";
-    close(MYFile);
-};
-
 require "${swroot}/langs/en.pl";
 require "${swroot}/langs/${language}.pl";
 eval `/bin/cat /srv/web/ipfire/html/themes/$settings{'THEME'}/include/functions.pl`;
@@ -149,11 +140,8 @@ sub genmenu {
     eval `/bin/cat /var/ipfire/menu.d/*.menu`;
     eval `/bin/cat /var/ipfire/menu.d/*.main`;
 
-    if (! blue_used() && ! orange_used()) {
-       $menu->{'05.firewall'}{'subMenu'}->{'40.dmz'}{'enabled'} = 0;
-    }
     if (! blue_used()) {
-       $menu->{'05.firewall'}{'subMenu'}->{'30.wireless'}{'enabled'} = 0;
+       $menu->{'05.firewall'}{'subMenu'}->{'60.wireless'}{'enabled'} = 0;
     }
     if ( $ethsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $ethsettings{'RED_TYPE'} eq 'STATIC' ) {
        $menu->{'03.network'}{'subMenu'}->{'70.aliases'}{'enabled'} = 1;
diff --git a/config/cfgroot/p2protocols b/config/cfgroot/p2protocols
deleted file mode 100644 (file)
index 78c6101..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-Bittorrent;bit;on;
-Edonkey;edk;on;
-KaZaA;kazaa;on;
-Gnutella;gnu;on;
-DirectConnect;dc;on;
-Applejuice;apple;on;
-WinMX;winmx;on;
-SoulSeek;soul;on;
-Ares;ares;on;
\ No newline at end of file
index 67d9e19..14dd568 100644 (file)
@@ -45,10 +45,11 @@ include "/etc/collectd.precache"
 </Plugin>
 
 <Plugin iptables>
-       Chain filter INPUT DROP_INPUT
-       Chain filter FORWARD DROP_OUTPUT
        Chain filter PSCAN DROP_PScan
        Chain filter NEWNOTSYN DROP_NEWNOTSYN
+       Chain filter POLICYFWD DROP_FORWARD
+       Chain filter POLICYOUT DROP_OUTPUT
+       Chain filter POLICYIN DROP_INPUT
 </Plugin>
 
 #<Plugin logfile>
diff --git a/config/firewall/convert-dmz b/config/firewall/convert-dmz
new file mode 100755 (executable)
index 0000000..0f7c68e
--- /dev/null
@@ -0,0 +1,193 @@
+#!/usr/bin/perl
+
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+#                                                                             #
+# This script converts old dmz holes rules from old firewall                  #
+# to the new one. This is a 2-step process.                                   #
+# STEP1: read old config and normalize settings                               #
+# STEP2: check valid ip and save valid rules to new firewall                  #
+#                                                                             #
+###############################################################################
+my @current=();
+my @alias=();
+my %configdmz=();
+my %ifaces=();
+my %configfwdfw=();
+require '/var/ipfire/general-functions.pl';
+my $dmzconfig    = "${General::swroot}/dmzholes/config";
+my $fwdfwconfig   = "${General::swroot}/firewall/config";
+my $ifacesettings = "${General::swroot}/ethernet/settings";
+my $field0     = 'ACCEPT';
+my $field1     = 'FORWARDFW';
+my $field2     = ''; #ON or emtpy
+my $field3     = ''; #std_net_src or src_addr
+my $field4     = ''; #ALL or IP-Address with /32
+my $field5     = ''; #std_net_tgt or tgt_addr
+my $field6     = ''; #IP or network name
+my $field11    = 'ON'; #use target port 
+my $field12    = ''; #TCP or UDP
+my $field13    = 'All ICMP-Types';
+my $field14    = 'TGT_PORT';
+my $field15    = ''; #Port Number
+my $field16    = ''; #remark
+my $field26    = '00:00';
+my $field27    = '00:00';
+my $field28 = '';
+my $field29 = 'ALL';
+my $field30 = '';
+my $field31 = 'dnat';
+
+
+open(FILE, $dmzconfig) or die 'Unable to open config file.';
+my @current = <FILE>;
+close(FILE);
+#open LOGFILE
+open (LOG, ">/var/log/converters/dmz-convert.log") or die $!;
+&General::readhash($ifacesettings, \%ifaces);
+&General::readhasharray($fwdfwconfig,\%configfwdfw);
+&process_rules;
+sub process_rules{
+       foreach my $line (@current){
+               my $now=localtime;
+               #get values from old configfile
+               my ($a,$b,$c,$d,$e,$f,$g,$h) = split (",",$line);
+               $h =~ s/\s*\n//gi;
+               print LOG "$now Processing A: $a   B: $b   C: $c   D: $d   E: $e   F: $f   G: $g   H: $h\n";
+               #Now convert values and check ip addresses
+               $a=uc($a);
+               $e=uc($e);
+               $field2=$e if($e eq 'ON');
+               #SOURCE IP-check
+               $b=&check_ip($b);
+               if (&General::validipandmask($b)){
+                       #When ip valid, check if we have a network
+                       my ($ip,$subnet) = split ("/",$b);
+                       if ($f eq 'orange' && $ip eq $ifaces{'ORANGE_NETADDRESS'}){
+                               $field3='std_net_src';
+                               $field4='ORANGE';
+                       }elsif($f eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
+                               $field3='std_net_src';
+                               $field4='BLUE';
+                       }elsif($f eq 'orange' && &General::IpInSubnet($ip,$ifaces{'ORANGE_NETADDRESS'},$ifaces{'ORANGE_NETMASK'})){
+                               $field3='src_addr';
+                               $field4=$b;
+                       }elsif($f eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
+                               $field3='src_addr';
+                               $field4=$b;
+                       }else{
+                               print LOG "$now ->NOT Converted, source ip $b not part of source network $f \n\n";
+                               next;
+                       }
+               }else{
+                       print LOG "$now -> SOURCE IP INVALID. \n\n";
+                       next;
+               }
+               #TARGET IP-check
+               $c=&check_ip($c);
+               if (&General::validipandmask($c)){
+                       my $now=localtime;
+                       #When ip valid, check if we have a network
+                       my ($ip,$subnet) = split ("/",$c);
+                       if ($g eq 'green' && $ip eq $ifaces{'GREEN_NETADDRESS'}){
+                               $field5='std_net_tgt';
+                               $field6='GREEN';
+                       }elsif($g eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
+                               $field5='std_net_tgt';
+                               $field6='BLUE';
+                       }elsif($g eq 'green' && &General::IpInSubnet($ip,$ifaces{'GREEN_NETADDRESS'},$ifaces{'GREEN_NETMASK'})){
+                               $field5='tgt_addr';
+                               $field6=$c;
+                       }elsif($g eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
+                               $field5='tgt_addr';
+                               $field6=$c;
+                       }else{
+                               print LOG "$now ->NOT Converted, target ip $c not part of target network $g \n\n";
+                               next;
+                       }
+               }else{
+                       print LOG "$now -> TARGET IP INVALID. \n\n";
+                       next;
+               }
+               $field12=$a;
+               #convert portrange
+               $d =~ tr/-/:/;
+               $field15=$d;
+               $field16=$h;
+               my $key = &General::findhasharraykey (\%configfwdfw);
+               foreach my $i (0 .. 27) { $configfwdfw{$key}[$i] = "";}
+               $configfwdfw{$key}[0] = $field0;
+               $configfwdfw{$key}[1] = $field1;
+               $configfwdfw{$key}[2] = $field2;
+               $configfwdfw{$key}[3] = $field3;
+               $configfwdfw{$key}[4] = $field4;
+               $configfwdfw{$key}[5] = $field5;
+               $configfwdfw{$key}[6] = $field6;
+               $configfwdfw{$key}[7] = '';
+               $configfwdfw{$key}[8] = '';
+               $configfwdfw{$key}[9] = '';
+               $configfwdfw{$key}[10] = '';
+               $configfwdfw{$key}[11] = $field11;
+               $configfwdfw{$key}[12] = $field12;
+               $configfwdfw{$key}[13] = $field13;
+               $configfwdfw{$key}[14] = $field14;
+               $configfwdfw{$key}[15] = $field15;
+               $configfwdfw{$key}[16] = $field16;
+               $configfwdfw{$key}[17] = '';
+               $configfwdfw{$key}[18] = '';
+               $configfwdfw{$key}[19] = '';
+               $configfwdfw{$key}[20] = '';
+               $configfwdfw{$key}[21] = '';
+               $configfwdfw{$key}[22] = '';
+               $configfwdfw{$key}[23] = '';
+               $configfwdfw{$key}[24] = '';
+               $configfwdfw{$key}[25] = '';
+               $configfwdfw{$key}[26] = $field26;
+               $configfwdfw{$key}[27] = $field27;
+               $configfwdfw{$key}[28] = $field28;
+               $configfwdfw{$key}[29] = $field29;
+               $configfwdfw{$key}[30] = $field30;
+               $configfwdfw{$key}[31] = $field31;
+               print LOG "$Now -> Converted to $field0,$field1,$field2,$field3,$field4,$field5,$field6,,,,,$field11,$field12,$field13,$field14,$field15,$field16,,,,,,,,,,$field26,$field27\n";
+       }
+       &General::writehasharray($fwdfwconfig,\%configfwdfw);
+close (LOG);
+}
+
+sub check_ip
+{
+       my $adr=shift;
+       my $a;
+       #ip with subnet in decimal
+       if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
+               $adr=int($1).".".int($2).".".int($3).".".int($4);
+               my $b = &General::iporsubtodec($5);
+               $a=$adr."/".$b;
+       }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+               $adr=int($1).".".int($2).".".int($3).".".int($4);
+               if(&General::validip($adr)){
+                       $a=$adr."/32";
+               }
+       }
+       if(&General::validipandmask($adr)){
+               $a=&General::iporsubtodec($adr);
+       }
+       return $a;
+}
diff --git a/config/firewall/convert-outgoingfw b/config/firewall/convert-outgoingfw
new file mode 100755 (executable)
index 0000000..0d7f7d3
--- /dev/null
@@ -0,0 +1,704 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+#                                                                             #
+# This script converts old groups and firewallrules                           #
+# to the new one. This is a 3-step process.                                   #
+# STEP1: convert groups ->LOG /var/log/converters                             #
+# STEP2: convert rules  ->LOG /var/log/converters                             #
+# STEP3: convert P2P rules                                                    #
+#                                                                             #
+###############################################################################
+
+require '/var/ipfire/general-functions.pl';
+
+use Socket;
+use File::Path;
+use File::Copy;
+
+my $ipgrouppath        = "${General::swroot}/outgoing/groups/ipgroups/";
+my $macgrouppath       = "${General::swroot}/outgoing/groups/macgroups/";
+my $outgoingrules      = "${General::swroot}/outgoing/rules";
+my $outfwsettings      = "${General::swroot}/outgoing/settings";
+my $host                       = "Converted ";
+my $confighosts                = "${General::swroot}/fwhosts/customhosts";
+my $confignets         = "${General::swroot}/fwhosts/customnetworks";
+my $configgroups       = "${General::swroot}/fwhosts/customgroups";
+my $ovpnsettings       = "${General::swroot}/ovpn/settings";
+my $ovpnconfig         = "${General::swroot}/ovpn/ovpnconfig";
+my $ccdconfig          = "${General::swroot}/ovpn/ccd.conf";
+my $fwdfwconfig                = "${General::swroot}/firewall/config";
+my $outfwconfig                = "${General::swroot}/firewall/outgoing";
+my $fwdfwsettings      = "${General::swroot}/firewall/settings";
+my @ipgroups = qx(ls $ipgrouppath);
+my @macgroups = qx(ls $macgrouppath);
+my @hostarray=();
+my %outsettings=();
+my %hosts=();
+my %nets=();
+my %groups=();
+my %settingsovpn=();
+my %configovpn=();
+my %ccdconf=();
+my %fwconfig=();
+my %fwconfigout=();
+my %fwdsettings=();
+my %ownnet=();
+my %ovpnSettings = ();
+&General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
+&General::readhash($outfwsettings,\%outsettings);
+&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+#ONLY RUN if /var/ipfire/outgoing exists
+if ( -d "/var/ipfire/outgoing"){
+       &process_groups;
+       &process_rules;
+       &process_p2p;
+}
+system("/usr/local/bin/firewallctrl");
+sub process_groups
+{
+       if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
+       if( -f "/var/log/converters/groups-convert.log"){rmtree("var/log/converters");}
+       open (LOG, ">/var/log/converters/groups-convert.log") or die $!;
+       #IP Group processing
+       foreach my $group (@ipgroups){
+               my $now=localtime;
+               chomp $group;
+               print LOG "\n$now Processing IP-GROUP: $group...\n";
+               open (DATEI, "<$ipgrouppath/$group");
+               my @zeilen = <DATEI>;
+               foreach my $ip (@zeilen){
+                       chomp($ip);
+                       $ip =~ s/\s//gi;
+                       print LOG "$now Check IP $ip from Group $group ";
+                       my $val=&check_ip($ip);
+                       if($val){
+                               push(@hostarray,$val.",ip");
+                               print LOG "$now -> OK\n";
+                       }
+                       else{
+                               print LOG "$now -> IP \"$ip\" from group $group not converted (invalid IP) \n";
+                       }
+                       $val='';
+               }
+               &new_hostgrp($group,'ip');
+               @hostarray=();
+       }
+       $group='';
+       @zeilen=();
+       @hostarray=();
+       #MAC Group processing
+       foreach my $group (@macgroups){
+               chomp $group;
+               print LOG "\nProcessing MAC-GROUP: $group...\n";
+               open (DATEI, "<$macgrouppath/$group");
+               my @zeilen = <DATEI>;
+               foreach my $mac (@zeilen){
+                       chomp($mac);
+                       $mac =~ s/\s//gi;
+                       print LOG "$now Checking MAC $mac from group $group ";
+                       #MAC checking
+                       if(&General::validmac($mac)){
+                               $val=$mac;
+                       }
+                       if($val){
+                               push(@hostarray,$val.",mac");
+                               print LOG "$now -> OK\n";
+                       }
+                       else{
+                               print LOG "$now -> Mac $mac from group $group not converted (invalid MAC)\n";
+                       }
+                       $val='';
+               }
+               &new_hostgrp($group,'mac');
+               @hostarray=();
+               @zeilen=();
+       }
+       close (LOG);
+}
+sub check_ip
+{
+       my $adr=shift;
+       my $a;
+       #ip with subnet in decimal
+       if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
+               $adr=int($1).".".int($2).".".int($3).".".int($4);
+               my $b = &General::iporsubtodec($5);
+               $a=$adr."/".$b;
+       }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+               $adr=int($1).".".int($2).".".int($3).".".int($4);
+               if(&General::validip($adr)){
+                       $a=$adr."/255.255.255.255";
+               }
+       }
+       if(&General::validipandmask($adr)){
+               $a=&General::iporsubtodec($adr);
+       }
+       return $a;
+}
+sub new_hostgrp
+{
+       &General::readhasharray($confighosts,\%hosts);
+       &General::readhasharray($confignets,\%nets);
+       &General::readhasharray($configgroups,\%groups);
+       my $grp=shift;
+       my $run=shift;
+       my $name; #"converted"
+       my $name2;
+       my $name3; #custom host/custom net
+       foreach my $adr (@hostarray){
+               if($run eq 'ip'){
+                       my ($ip,$type)                  = split(",",$adr);
+                       my ($ippart,$subnet)    = split("/",$ip);
+                       my ($byte1,$byte2,$byte3,$byte4) = split(/\./,$subnet);
+                       if($byte4 eq '255'){
+                               print LOG "Processing SINGLE HOST $ippart/$subnet from group $grp\n"; 
+                               if(!&check_host($ip)){
+                                       my $key         = &General::findhasharraykey(\%hosts);
+                                       $name="host ";
+                                       $name2=$name.$ippart;
+                                       $name3="Custom Host";
+                                       $hosts{$key}[0] = $name2;
+                                       $hosts{$key}[1] = $type;
+                                       $hosts{$key}[2] = $ip;
+                                       $hosts{$key}[3] = '';
+                                       $hosts{$key}[4] = 1;
+                                       print LOG "->Host (IP) $ip added to custom hosts\n"
+                               }else{
+                                       print LOG "->Host (IP) $ip already exists in custom hosts\n";
+                                       $name="host ";
+                                       $name2=$name.$ippart;
+                                       foreach my $key (sort keys %hosts){
+                                               if($hosts{$key}[0] eq $name2){
+                                                       $hosts{$key}[4]++;
+                                               }
+                                       }
+                                       $name="host ";
+                                       $name2=$name.$ippart;
+                                       $name3="Custom Host";
+                               }
+                       }elsif($byte4 < '255'){
+                               print LOG "Processing NETWORK $ippart/$subnet from Group $grp\n";
+                               if(!&check_net($ippart,$subnet)){
+                                       #Check if this network is one one of IPFire internal networks
+                                       if (($ownnet{'GREEN_NETADDRESS'}                ne '' && $ownnet{'GREEN_NETADDRESS'}    ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'}))
+                                       {
+                                               $name2='GREEN';
+                                               $name3='Standard Network';
+                                       }elsif (($ownnet{'ORANGE_NETADDRESS'}   ne '' && $ownnet{'ORANGE_NETADDRESS'}   ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'}))
+                                       {
+                                               $name2='ORANGE';
+                                               $name3='Standard Network';
+                                       }elsif (($ownnet{'BLUE_NETADDRESS'}     ne '' && $ownnet{'BLUE_NETADDRESS'}     ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'}))
+                                       {
+                                               $name2='BLUE';
+                                               $name3='Standard Network';
+                                       }elsif ($ippart eq '0.0.0.0')
+                                       {
+                                               $name2='ALL';
+                                               $name3='Standard Network';
+                                       }elsif(defined($ovpnSettings{'DOVPN_SUBNET'}) && "$ippart/".&General::iporsubtodec($subnet) eq $ovpnSettings{'DOVPN_SUBNET'})
+                                       {
+                                               $name2='OpenVPN-Dyn';
+                                               $name3='Standard Network';
+                                       }else{
+                                               my $netkey      =  &General::findhasharraykey(\%nets);
+                                               $name="net ";
+                                               $name2=$name.$ippart;
+                                               $name3="Custom Network";
+                                               $nets{$netkey}[0] = $name2;
+                                               $nets{$netkey}[1] = $ippart;
+                                               $nets{$netkey}[2] = $subnet;
+                                               $nets{$netkey}[3] = '';
+                                               $nets{$netkey}[4] = 1;
+                                               print LOG "->Network $ippart/$subnet added to custom networks\n";
+                                       }
+                               }else{
+                                       print LOG "Network $ippart already exists in custom networks\n";
+                                       $name="net ";
+                                       $name2=$name.$ippart;
+                                       foreach my $key (sort keys %nets){
+                                               if($nets{$key}[0] eq $name2){
+                                                       $nets{$key}[4]++;
+                                               }
+                                       }
+                                       $name="net ";
+                                       $name2=$name.$ippart;
+                                       $name3="Custom Network";
+                               }
+                       }
+                       if($name2 && !&check_grp($grp,$name2)){
+                               my $grpkey      = &General::findhasharraykey(\%groups);
+                               $groups{$grpkey}[0]     = $grp;
+                               $groups{$grpkey}[1]     = '';
+                               $groups{$grpkey}[2]     = $name2;
+                               $groups{$grpkey}[3]     = $name3;
+                               $groups{$grpkey}[4]     = 0;
+                               print LOG "->$name2 added to group $grp\n";
+                       }
+               }elsif($run eq 'mac'){
+                       #MACRUN
+                       my ($mac,$type)                         = split(",",$adr);
+                       print LOG "Processing HOST (MAC) $mac\n";
+                       if(!&check_host($mac)){
+                               my $key         = &General::findhasharraykey(\%hosts);
+                               $name="host ";
+                               $name2=$name.$mac;
+                               $name3="Custom Host";
+                               $hosts{$key}[0] = $name2;
+                               $hosts{$key}[1] = $type;
+                               $hosts{$key}[2] = $mac;
+                               $hosts{$key}[3] = '';
+                               $hosts{$key}[4] = 1;
+                               print LOG "->Host (MAC) $mac added to custom hosts\n";
+                       }else{
+                               print LOG "->Host (MAC) $mac already exists in custom hosts \n";
+                               $name="host ";
+                               $name2=$name.$mac;
+                               foreach my $key (sort keys %hosts){
+                                       if($hosts{$key}[0] eq $name2){
+                                               $hosts{$key}[4]++;
+                                       }
+                               }
+                               $name="host ";
+                               $name2=$name.$mac;
+                               $name3="Custom Host";
+                       }
+                       if($name2 && !&check_grp($grp,$name2)){
+                               my $grpkey      = &General::findhasharraykey(\%groups);
+                               $groups{$grpkey}[0]     = $grp;
+                               $groups{$grpkey}[1]     = '';
+                               $groups{$grpkey}[2]     = $name2;
+                               $groups{$grpkey}[3]     = $name3;
+                               $groups{$grpkey}[4]     = 0;
+                               print LOG "->$name2 added to group $grp\n";
+                       }
+               }
+       }
+       @hostarray=();
+       &General::writehasharray($confighosts,\%hosts);
+       &General::writehasharray($configgroups,\%groups);
+       &General::writehasharray($confignets,\%nets);
+
+}
+sub check_host
+{
+       my $ip=shift;
+       foreach my $key (sort keys %hosts)
+       {
+               if($hosts{$key}[2] eq $ip)
+               {
+                       return 1;
+               }
+       }
+       return 0;
+}
+sub check_net
+{
+       my $ip=shift;
+       my $sub=shift;
+       foreach my $key (sort keys %nets)
+       {
+               if($nets{$key}[1] eq $ip && $nets{$key}[2] eq $sub)
+               {
+                       return 1;
+               }
+       }
+       return 0;
+}
+sub check_grp
+{
+       my $grp=shift;
+       my $value=shift;
+       foreach my $key (sort keys %groups)
+       {
+               if($groups{$key}[0] eq $grp && $groups{$key}[2] eq $value)
+               {
+                       return 1;
+               }
+       }
+       return 0;
+}
+sub process_rules
+{
+       my ($type,$action,$active,$grp1,$source,$grp2,$useport,$port,$prot,$grp3,$target,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to);
+       #open LOG
+       if( -f "/var/log/converters/outgoingfw-convert.log"){unlink ("/var/log/converters/outgoingfw-convert.log");}
+       open (LOG, ">/var/log/converters/outgoingfw-convert.log") or die $!;
+
+       &General::readhash($fwdfwsettings,\%fwdsettings);
+       if ($outsettings{'POLICY'} eq 'MODE1'){
+               $fwdsettings{'POLICY'}='MODE1';
+               $fwdsettings{'POLICY1'}='MODE2';
+               $type='ALLOW';
+               $action='ACCEPT';
+       }else{
+               $fwdsettings{'POLICY'}='MODE2';
+               $fwdsettings{'POLICY1'}='MODE2';
+               $type='DENY';
+               $action='DROP';
+       }
+       &General::writehash($fwdfwsettings,\%fwdsettings);
+       open (DATEI, "<$outgoingrules");
+       my @lines = <DATEI>;
+       foreach my $rule (@lines)
+       {
+               my $now=localtime;
+               chomp($rule);
+               $port='';
+               print LOG "$now processing: $rule\n";
+               my @configline=();
+               @configline = split( /\;/, $rule );
+               my @prot=();
+               if($configline[0] eq $type){
+                       #some variables we can use from old config
+                       if($configline[1] eq 'on'){ $active='ON';}else{$active='';}
+                       if($configline[3] eq 'all' && $configline[8] ne ''){ 
+                               push(@prot,"TCP");
+                               push(@prot,"UDP");
+                       }elsif($configline[3] eq 'all' && $configline[8] eq ''){
+                               push(@prot,"");
+                       }else{
+                               push(@prot,$configline[3]);
+                       }
+                       if($configline[4] ne ''){ 
+                               $configline[4] =~ s/,/;/g;
+                               $remark = $configline[4];
+                       }else{$remark = '';}
+                       if($configline[9] eq 'Active'){ $log='ON';}else{$log='';}
+                       if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){
+                               if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
+                                       $time='';
+                               }else{
+                                       $time='ON';                                     
+                               }
+                       }else{
+                               $time='ON';     
+                       } 
+                       $time_mon=$configline[10];
+                       $time_tue=$configline[11];
+                       $time_wed=$configline[12];
+                       $time_thu=$configline[13];
+                       $time_fri=$configline[14];
+                       $time_sat=$configline[15];
+                       $time_sun=$configline[16];
+                       $time_from=$configline[17];
+                       $time_to=$configline[18];
+                       ############################################################
+                       #sourcepart                     
+                       if ($configline[2] eq 'green') {
+                               $grp1='std_net_src';
+                               $source='GREEN';
+                       }elsif ($configline[2] eq 'orange') {
+                               $grp1='std_net_src';
+                               $source='ORANGE';
+                       }elsif ($configline[2] eq 'red') {
+                               $grp1='std_net_src';
+                               $source='IPFire';
+                               &General::readhash($fwdfwsettings,\%fwdsettings);
+                               $fwdsettings{'POLICY1'}=$outsettings{'POLICY'};
+                               $fwdsettings{'POLICY'}=$outsettings{'POLICY'};
+                               &General::writehash($fwdfwsettings,\%fwdsettings);
+                       }elsif ($configline[2] eq 'blue') {
+                               $grp1='std_net_src';
+                               $source='BLUE';
+                       }elsif ($configline[2] eq 'ipsec') {
+                               print LOG "$now -> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n";
+                               next;
+                       }elsif ($configline[2] eq 'ovpn') {
+                               print LOG "$now ->Creating networks/groups for OpenVPN...\n";
+                               &build_ovpn_grp;                
+                               $grp1='cust_grp_src';
+                               $source='ovpn'          
+                       }elsif ($configline[2] eq 'ip') {
+                               my $z=&check_ip($configline[5]);
+                               if($z){
+                                       my ($ipa,$subn) = split("/",$z);
+                                       $subn=&General::iporsubtocidr($subn);
+                                       $grp1='src_addr';
+                                       $source="$ipa/$subn";
+                               }else{
+                                       print LOG "$now -> Rule not converted, missing/invalid source ip \"$configline[5]\"\n";
+                                       next;
+                               }
+                       }elsif ($configline[2] eq 'mac') {
+                               if(&General::validmac($configline[6])){
+                                       $grp1='src_addr';
+                                       $source=$configline[6];
+                               }else{
+                                       print LOG"$now -> Rule not converted, invalid MAC \"$configline[6]\" \n";
+                                       next;
+                               }
+                       }elsif ($configline[2] eq 'all') {
+                               $grp1='std_net_src';
+                               $source='ALL';
+                       }else{
+                               foreach my $key (sort keys %groups){
+                                       if($groups{$key}[0] eq $configline[2]){
+                                               $grp1='cust_grp_src';
+                                               $source=$configline[2];
+                                       }
+                               }
+                               if ($grp1 eq '' || $source eq ''){
+                                       print LOG "$now -> Rule not converted, no valid source recognised\n";
+                               }
+                       }
+                       ############################################################
+                       #destinationpart
+                       if($configline[7] ne ''){
+                               my $address=&check_ip($configline[7]);
+                                if($address){
+                                        my ($dip,$dsub) = split("/",$address);
+                                        $dsub=&General::iporsubtocidr($dsub);
+                                        $grp2='tgt_addr';
+                                        $target="$dip/$dsub";
+                                }elsif(!$address){
+                                       my $getwebsiteip=&get_ip_from_domain($configline[7]);
+                                       if ($getwebsiteip){
+                                               $grp2='tgt_addr';
+                                               $target=$getwebsiteip;  
+                                               $remark.=" $configline[7]";
+                                       }else{
+                                               print LOG "$now -> Rule not converted, invalid domain \"$configline[7]\"\n";
+                                               next;
+                                       }
+                                }
+                       }else{
+                               $grp2='std_net_tgt';
+                               $target='ALL';
+                       }
+                       if($configline[8] ne '' && $configline[3] ne 'gre' && $configline[3] ne 'esp'){
+                               my @values=();
+                               my @parts=split(",",$configline[8]);
+                               foreach (@parts){
+                                       $_=~ tr/-/:/;
+                                       if (!($_ =~ /^(\d+)\:(\d+)$/)) {
+                                               if(&General::validport($_)){
+                                                       $useport='ON';  
+                                                       push (@values,$_);
+                                                       $grp3='TGT_PORT';
+                                               }else{
+                                                       print LOG "$now -> Rule not converted, invalid destination Port \"$configline[8]\"\n";
+                                                       next;
+                                               }
+                                        }else{
+                                               my ($a1,$a2) = split(/\:/,$_);
+                                               if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){
+                                                       $useport='ON';  
+                                                       push (@values,"$a1:$a2");
+                                                       $grp3='TGT_PORT';
+                                               }else{
+                                                       print LOG "$now -> Rule not converted, invalid destination Port \"$configline[8]\"\n"; 
+                                                       next;
+                                               } 
+                                        }
+                                }
+                               $port=join("|",@values);
+                               @values=();
+                               @parts=();
+                       }
+               }else{
+                       print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n";
+               }
+               &General::readhasharray($fwdfwconfig,\%fwconfig);
+               &General::readhasharray($outfwconfig,\%fwconfigout);
+               my $check;
+               my $chain;
+               foreach my $protocol (@prot){
+                       my $now=localtime;
+                       if ($source eq 'IPFire'){
+                               $chain='OUTGOINGFW';
+                       }else{
+                               $chain='FORWARDFW';
+                       }
+                       $protocol=uc($protocol);
+                       print LOG "$now -> Converted: $action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to\n";
+                       #Put rules into system....
+                       ###########################
+                       #check for double rules
+                       foreach my $key (sort keys %fwconfig){
+                               if("$action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to"
+                                       eq "$fwconfig{$key}[0],$fwconfig{$key}[1],$fwconfig{$key}[2],$fwconfig{$key}[3],$fwconfig{$key}[4],$fwconfig{$key}[5],$fwconfig{$key}[6],,,,,$fwconfig{$key}[11],$fwconfig{$key}[12],,$fwconfig{$key}[14],$fwconfig{$key}[15],$fwconfig{$key}[16],$fwconfig{$key}[17],$fwconfig{$key}[18],$fwconfig{$key}[19],$fwconfig{$key}[20],$fwconfig{$key}[21],$fwconfig{$key}[22],$fwconfig{$key}[23],$fwconfig{$key}[24],$fwconfig{$key}[25],$fwconfig{$key}[26],$fwconfig{$key}[27]"){
+                                               $check='on';
+                                               next;
+                               }
+                       }
+                       if($check ne 'on'){
+                               #increase groupcounter
+                               my $check1;
+                               if($grp1 eq 'cust_grp_src'){
+                                       foreach my $key (sort keys %groups){
+                                               if($groups{$key}[0] eq $source){
+                                                       $groups{$key}[4]++;
+                                                       $check1='on'; 
+                                               }
+                                       }
+                                       if($check1 eq 'on'){
+                                               &General::writehasharray($configgroups,\%groups);
+                                       }
+                               }
+                               if ($chain eq 'FORWARDFW'){
+                                       my $key = &General::findhasharraykey(\%fwconfig);
+                                       $fwconfig{$key}[0]      = $action;
+                                       $fwconfig{$key}[1]      = $chain;
+                                       $fwconfig{$key}[2]      = $active;
+                                       $fwconfig{$key}[3]      = $grp1;
+                                       $fwconfig{$key}[4]      = $source;
+                                       $fwconfig{$key}[5]      = $grp2;
+                                       $fwconfig{$key}[6]      = $target;
+                                       $fwconfig{$key}[11] = $useport;
+                                       $fwconfig{$key}[12] = $protocol;
+                                       $fwconfig{$key}[14] = $grp3;
+                                       $fwconfig{$key}[15] = $port;
+                                       $fwconfig{$key}[16] = $remark;
+                                       $fwconfig{$key}[17] = $log;
+                                       $fwconfig{$key}[18] = $time;
+                                       $fwconfig{$key}[19] = $time_mon;
+                                       $fwconfig{$key}[20] = $time_tue;
+                                       $fwconfig{$key}[21] = $time_wed;
+                                       $fwconfig{$key}[22] = $time_thu;
+                                       $fwconfig{$key}[23] = $time_fri;
+                                       $fwconfig{$key}[24] = $time_sat;
+                                       $fwconfig{$key}[25] = $time_sun;
+                                       $fwconfig{$key}[26] = $time_from;
+                                       $fwconfig{$key}[27] = $time_to;
+                                       $fwconfig{$key}[28] = '';
+                                       $fwconfig{$key}[29] = 'ALL';
+                                       $fwconfig{$key}[30] = '';
+                                       $fwconfig{$key}[31] = 'dnat';
+                               }else{
+                                       my $key = &General::findhasharraykey(\%fwconfigout);
+                                       $fwconfigout{$key}[0]   = $action;
+                                       $fwconfigout{$key}[1]   = $chain;
+                                       $fwconfigout{$key}[2]   = $active;
+                                       $fwconfigout{$key}[3]   = $grp1;
+                                       $fwconfigout{$key}[4]   = $source;
+                                       $fwconfigout{$key}[5]   = $grp2;
+                                       $fwconfigout{$key}[6]   = $target;
+                                       $fwconfigout{$key}[11]  = $useport;
+                                       $fwconfigout{$key}[12]  = $protocol;
+                                       $fwconfigout{$key}[14]  = $grp3;
+                                       $fwconfigout{$key}[15]  = $port;
+                                       $fwconfigout{$key}[16]  = $remark;
+                                       $fwconfigout{$key}[17]  = $log;
+                                       $fwconfigout{$key}[18]  = $time;
+                                       $fwconfigout{$key}[19]  = $time_mon;
+                                       $fwconfigout{$key}[20]  = $time_tue;
+                                       $fwconfigout{$key}[21]  = $time_wed;
+                                       $fwconfigout{$key}[22]  = $time_thu;
+                                       $fwconfigout{$key}[23]  = $time_fri;
+                                       $fwconfigout{$key}[24]  = $time_sat;
+                                       $fwconfigout{$key}[25]  = $time_sun;
+                                       $fwconfigout{$key}[26]  = $time_from;
+                                       $fwconfigout{$key}[27]  = $time_to;
+                                       $fwconfigout{$key}[28]  = '';
+                                       $fwconfigout{$key}[29]  = 'ALL';
+                                       $fwconfigout{$key}[30]  = '';
+                                       $fwconfigout{$key}[31]  = 'dnat';
+                               }
+                               &General::writehasharray($fwdfwconfig,\%fwconfig);
+                               &General::writehasharray($outfwconfig,\%fwconfigout);
+                       }
+               }
+               @prot=();
+       }
+       close(LOG);
+       @lines=();
+}
+sub get_ip_from_domain
+{
+       $web=shift;
+       my $resolvedip;
+       my $checked;
+       my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($web);
+       if(@addrs){
+               $resolvedip=inet_ntoa($addrs[0]);
+               return $resolvedip;
+       }
+       return;
+}
+sub build_ovpn_grp
+{
+       my $now=localtime;
+       &General::readhasharray($confighosts,\%hosts);
+       &General::readhasharray($confignets,\%nets);
+       &General::readhasharray($configgroups,\%groups);
+       &General::readhasharray($ovpnconfig,\%configovpn);
+       &General::readhasharray($ccdconfig,\%ccdconf);
+       &General::readhash($ovpnsettings,\%settingsovpn);
+       #get ovpn nets
+       my @ovpnnets=();
+       if($settingsovpn{'DOVPN_SUBNET'}){
+               my ($net,$subnet)=split("/",$settingsovpn{'DOVPN_SUBNET'});
+               push (@ovpnnets,"$net,$subnet,dynamic");
+               print LOG "$now ->found dynamic OpenVPN net\n"; 
+       }
+       foreach my $key (sort keys %ccdconf){
+               my ($net,$subnet)=split("/",$ccdconf{$key}[1]);
+               $subnet=&General::iporsubtodec($subnet);
+               push (@ovpnnets,"$net,$subnet,$ccdconf{$key}[0]");
+               print LOG "$now ->found OpenVPN static net $net/$subnet\n";
+       }
+       foreach my $key (sort keys %configovpn){
+               if ($configovpn{$key}[3] eq 'net'){
+                       my ($net,$subnet)=split("/",$configovpn{$key}[27]);
+                       push (@ovpnnets,"$net,$subnet,$configovpn{$key}[2]");
+                       print LOG "$now ->found OpenVPN $net/$subnet $configovpn{$key}[2]\n";
+               }
+       }
+       #add ovpn nets to customnetworks/groups
+       foreach my $line (@ovpnnets){
+               my $now=localtime;
+               my ($net,$subnet,$name) = split(",",$line);
+               if (!&check_net($net,$subnet)){
+                       my $netkey      =  &General::findhasharraykey(\%nets);
+                       $name2=$name."(ovpn)".$net;
+                       $name3="Custom Network";
+                       $nets{$netkey}[0] = $name2;
+                       $nets{$netkey}[1] = $net;
+                       $nets{$netkey}[2] = $subnet;
+                       $nets{$netkey}[3] = '';
+                       $nets{$netkey}[4] = 1;
+                       print LOG "$now ->added $name2 $net/$subnet to customnetworks\n";
+               }else{
+                       print LOG "-> Custom Network with same IP already exist \"$net/$subnet\" (you can ignore this, if this run was manual from shell)\n"; 
+               }
+               if($name2){
+                       my $grpkey      = &General::findhasharraykey(\%groups);
+                       $groups{$grpkey}[0]     = "ovpn";
+                       $groups{$grpkey}[1]     = '';
+                       $groups{$grpkey}[2]     = $name2;
+                       $groups{$grpkey}[3]     = "Custom Network";
+                       $groups{$grpkey}[4]     = 0;
+                       print LOG "$now ->added $name2 to customgroup ovpn\n";
+               }
+               $name2='';
+       }
+       @ovpnnets=();
+       &General::writehasharray($confighosts,\%hosts);
+       &General::writehasharray($configgroups,\%groups);
+       &General::writehasharray($confignets,\%nets);
+       print LOG "$now ->finished OVPN\n";
+}
+sub process_p2p
+{
+       copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/firewall/p2protocols");
+       chmod oct('0777'), '/var/ipfire/firewall/p2protocols';
+}
diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw
new file mode 100755 (executable)
index 0000000..f6ddd25
--- /dev/null
@@ -0,0 +1,158 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+#                                                                             #
+# This script converts old portforwarding rules from old Firewall             #
+# to the new one. This is a 3-step process.                                   #
+# STEP1: read old config and normalize settings                               #
+# STEP2: create new rules from old ones                                       #
+# STEP3: check if rule already exists, when not, put it into                  #
+#        /var/ipfire/firewall/config                                          #
+###############################################################################
+require '/var/ipfire/general-functions.pl';
+my @values=();
+my @built_rules=();
+my %nat=();
+my $portfwconfig       = "${General::swroot}/portfw/config";
+my $confignat          = "${General::swroot}/firewall/config";
+my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark);
+my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
+my $count=0;
+my $jump;
+if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
+open(FILE, $portfwconfig) or die 'Unable to open config file.';
+my @current = <FILE>;
+close(FILE);
+open (LOG, ">/var/log/converters/portfw-convert.log") or die $!;
+open(ALIAS, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
+my @alias = <ALIAS>;
+close(ALIAS);
+&get_config;
+&build_rules;
+&write_rules;
+sub get_config
+{
+       print LOG "STEP 1:   Get config from old portforward\n#########################################\n";
+       foreach my $line (@current){
+               if($jump eq '1'){
+                       $jump='';
+                       $count++;
+                       next;
+               }
+               my $u=$count+1;
+               ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line);
+               ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]);
+               if ($flag1 eq '1'){
+                       $source=$source1;
+                       $jump='1';
+               }
+               my $now=localtime;
+               chomp($remark);
+               print LOG "$now   processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n";
+               push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark);
+               $count++;
+       }
+}
+sub build_rules
+{
+       print LOG "\nSTEP 2: Convert old portforwardrules in a useable format\n########################################################\n";
+       my $src;
+       my $src1;
+       my $ipfireip;
+       my $count=0;
+       my $stop;
+       #build rules for new firewall
+       foreach my $line (@values){
+               chomp ($line);
+               ($prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark)=split(",",$line);
+               $count++;
+               #get sourcepart
+               if($source eq '0.0.0.0/0'){
+                       $src  = 'std_net_src';
+                       $src1 = 'ALL';
+               }else{
+                       $src  = 'src_addr';
+                       my ($a,$b) = split("/",$source);
+                       $src1 = $a."/32";
+               }
+               #get ipfire ip
+               if($alias eq '0.0.0.0'){
+                       $alias='ALL';
+               }else{
+                       foreach my $ali (@alias){
+                               my ($alias_ip,$alias_active,$alias_name) = split (",",$ali);
+                               if($alias eq $alias_ip){
+                                       chomp($alias_name);
+                                       $alias=$alias_name;
+                               }
+                       }
+               }
+               $active = uc $active;
+               $prot   = uc $prot;
+               chomp($remark);
+               push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
+               my $now=localtime;
+               print LOG "$now    Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
+       }
+}
+sub write_rules
+{
+       my $skip='';
+       my $id;
+       print LOG "\nSTEP 3: Create DNAT rules in new firewall\n#########################################\n";
+       &General::readhasharray($confignat,\%nat);
+       foreach my $line (@built_rules){
+               $skip='';
+               my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
+               foreach my $key (sort keys %nat){
+                       if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
+                               my $now=localtime;
+                               print LOG "$now         SKIP->  Rule  $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
+                               $skip='1';
+                       }
+               }
+               if ($skip ne '1'){
+                       $id = &General::findhasharraykey(\%nat);
+                       $nat{$id}[0]  = $action;
+                       $nat{$id}[1]  = $chain;
+                       $nat{$id}[2]  = $active;
+                       $nat{$id}[3]  = $src;
+                       $nat{$id}[4]  = $src1;
+                       $nat{$id}[5]  = $tgt;
+                       $nat{$id}[6]  = $tgt1;
+                       $nat{$id}[11] = $use_prot;
+                       $nat{$id}[12] = $prot;
+                       $nat{$id}[13] = $dummy;
+                       $nat{$id}[14] = $tgt_port;
+                       $nat{$id}[15] = $tgt_port1;
+                       $nat{$id}[16] = $remark;
+                       $nat{$id}[26] = $from;
+                       $nat{$id}[27] = $to;
+                       $nat{$id}[28] = $use_port;
+                       $nat{$id}[29] = $alias;
+                       $nat{$id}[30] = $ipfireport;
+                       $nat{$id}[31] = $dnat;
+                       my $now=localtime;
+                       print LOG "$now     NEW RULE->  Rule  $nat{$id}[0],$nat{$id}[1],$nat{$id}[2],$nat{$id}[3],$nat{$id}[4],$nat{$id}[5],$nat{$id}[6],$nat{$id}[11],$nat{$id}[12],$nat{$id}[13],$nat{$id}[14],$nat{$id}[15],$nat{$id}[16],$nat{$id}[26],$nat{$id}[27],$nat{$id}[28],$nat{$id}[29],$nat{$id}[30],$nat{$id}[31]\n";
+               }
+       }
+       &General::writehasharray($confignat,\%nat);
+}
+close (LOG);
diff --git a/config/firewall/convert-xtaccess b/config/firewall/convert-xtaccess
new file mode 100755 (executable)
index 0000000..e04ab6d
--- /dev/null
@@ -0,0 +1,141 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+#                                                                             #
+#This script converts old xtaccess rules to new firewall                      #
+#Logfiles are created under /var/log/converters                               #
+#                                                                             #
+###############################################################################
+my @current=();
+my @alias=();
+my %configinputfw=();
+require '/var/ipfire/general-functions.pl';
+my $xtaccessconfig     = "${General::swroot}/xtaccess/config";
+my $inputfwconfig = "${General::swroot}/firewall/input";
+my $aliasconfig        = "${General::swroot}/ethernet/aliases";
+my $field0='ACCEPT';
+my $field1='INPUTFW';
+my $field2=''; #ON or emtpy
+my $field3=''; #std_net_src or src_addr
+my $field4=''; #ALL or IP-Address with /32
+my $field5='ipfire';
+my $field6=''; #Default IP or alias name
+my $field11='ON'; #use target port 
+my $field12=''; #TCP or UDP
+my $field13='All ICMP-Types';
+my $field14='TGT_PORT';
+my $field15=''; #Port Number
+my $field16=''; #remark
+my $field26='00:00';
+my $field27='00:00';
+my $field28 = '';
+my $field29 = 'ALL';
+my $field30 = '';
+my $field31 = 'dnat';
+open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
+my @current = <FILE>;
+close(FILE);
+open(FILE1, $aliasconfig) or die 'Unable to open config file.';
+my @alias = <FILE1>;
+close(FILE1);
+&General::readhasharray($inputfwconfig,\%configinputfw);
+
+foreach my $line (@current){
+       my ($a,$b,$c,$d,$e,$f) = split (",",$line);
+       $e =~ s/\R//g;
+       if ($f gt ''){
+               $f =~ s/\R//g;
+               $field16=$f;
+       }
+       #active or not
+       $field2=uc($d);
+       #get protocol
+       if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';}
+       #check source address
+       if ($b eq '0.0.0.0/0'){
+               $field3='std_net_src';
+               $field4='ALL';
+       }elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+               $field3='src_addr';
+               $field4=$b."/32";
+       }elsif ($b =~ /^(.*?)\/(.*?)$/) {
+               $field3='src_addr';
+               $field4=$b;
+       }else{
+               print "Regel konnte nicht konvertiert werden!\n";
+       }
+       #check ipfire address
+       if ($e eq '0.0.0.0'){ 
+               $field6 = 'RED1';
+       }else{
+               foreach my $line (@alias){
+                       my ($ip,$state,$aliasname) = split (",",$line);
+                       if ($ip eq $e){
+                               $aliasname =~ s/\R//g; 
+                               $field6 = $aliasname;
+                       }
+               }
+       }
+       #get target port
+       $c=~ s/\R//g;
+       $c=~ tr/-/:/;
+       if ($c =~ /^(\D)\:(\d+)$/) {
+               $c = "1:$2";
+       }
+       if ($c =~ /^(\d+)\:(\D)$/) {
+               $c = "$1:65535";
+       }
+       $field15=$c;
+       my $key = &General::findhasharraykey (\%configinputfw);
+       foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";}
+       $configinputfw{$key}[0] = $field0;
+       $configinputfw{$key}[1] = $field1;
+       $configinputfw{$key}[2] = $field2;
+       $configinputfw{$key}[3] = $field3;
+       $configinputfw{$key}[4] = $field4;
+       $configinputfw{$key}[5] = $field5;
+       $configinputfw{$key}[6] = $field6;
+       $configinputfw{$key}[7] = '';
+       $configinputfw{$key}[8] = '';
+       $configinputfw{$key}[9] = '';
+       $configinputfw{$key}[10] = '';
+       $configinputfw{$key}[11] = $field11;
+       $configinputfw{$key}[12] = $field12;
+       $configinputfw{$key}[13] = $field13;
+       $configinputfw{$key}[14] = $field14;
+       $configinputfw{$key}[15] = $field15;
+       $configinputfw{$key}[16] = $field16;
+       $configinputfw{$key}[17] = '';
+       $configinputfw{$key}[18] = '';
+       $configinputfw{$key}[19] = '';
+       $configinputfw{$key}[20] = '';
+       $configinputfw{$key}[21] = '';
+       $configinputfw{$key}[22] = '';
+       $configinputfw{$key}[23] = '';
+       $configinputfw{$key}[24] = '';
+       $configinputfw{$key}[25] = '';
+       $configinputfw{$key}[26] = $field26;
+       $configinputfw{$key}[27] = $field27;
+       $configinputfw{$key}[28] = $field28;
+       $configinputfw{$key}[29] = $field29;
+       $configinputfw{$key}[30] = $field30;
+       $configinputfw{$key}[31] = $field31;
+       &General::writehasharray($inputfwconfig,\%configinputfw);
+}
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
new file mode 100755 (executable)
index 0000000..8cff76b
--- /dev/null
@@ -0,0 +1,254 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+no warnings 'uninitialized';
+
+package fwlib;
+
+my %customnetwork=();
+my %customhost=();
+my %customgrp=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %ccdhost=();
+my %ipsecconf=();
+my %ipsecsettings=();
+my %netsettings=();
+my %ovpnsettings=();
+
+require '/var/ipfire/general-functions.pl';
+
+my $confignet          = "${General::swroot}/fwhosts/customnetworks";
+my $confighost         = "${General::swroot}/fwhosts/customhosts";
+my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $configsrv          = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet       = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost      = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec                = "${General::swroot}/vpn/config";
+my $configovpn         = "${General::swroot}/ovpn/settings";
+my $val;
+my $field;
+
+&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
+&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+
+
+&General::readhasharray("$confignet", \%customnetwork);
+&General::readhasharray("$confighost", \%customhost);
+&General::readhasharray("$configgrp", \%customgrp);
+&General::readhasharray("$configccdnet", \%ccdnet);
+&General::readhasharray("$configccdhost", \%ccdhost);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhasharray("$configsrv", \%customservice);
+&General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+sub get_srv_prot
+{
+       my $val=shift;
+       foreach my $key (sort {$a <=> $b} keys %customservice){
+               if($customservice{$key}[0] eq $val){
+                       if ($customservice{$key}[0] eq $val){
+                               return $customservice{$key}[2];
+                       }
+               }
+       }
+}
+sub get_srvgrp_prot
+{
+       my $val=shift;
+       my @ips=();
+       my $tcp;
+       my $udp;
+       my $icmp;
+       foreach my $key (sort {$a <=> $b} keys %customservicegrp){
+               if($customservicegrp{$key}[0] eq $val){
+                       if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){ 
+                               $tcp=1;
+                       }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){ 
+                               $udp=1;
+                       }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
+                               $icmp=1;
+                       } 
+               }
+       }
+       if ($tcp eq '1'){push (@ips,'TCP');}
+       if ($udp eq '1'){push (@ips,'UDP');}
+       if ($icmp eq '1'){push (@ips,'ICMP');}
+       my $back=join(",",@ips);
+       return $back;
+       
+}
+
+
+sub get_srv_port
+{
+       my $val=shift;
+       my $field=shift;
+       my $prot=shift;
+       foreach my $key (sort {$a <=> $b} keys %customservice){
+               if($customservice{$key}[0] eq $val && $customservice{$key}[2] eq $prot){
+                       return $customservice{$key}[$field];
+               }
+       }
+}
+sub get_srvgrp_port
+{
+       my $val=shift;
+       my $prot=shift;
+       my $back;
+       my $value;
+       my @ips=();
+       foreach my $key (sort {$a <=> $b} keys %customservicegrp){
+               if($customservicegrp{$key}[0] eq $val){
+                       if ($prot ne 'ICMP'){
+                               $value=&get_srv_port($customservicegrp{$key}[2],1,$prot);
+                       }elsif ($prot eq 'ICMP'){
+                               $value=&get_srv_port($customservicegrp{$key}[2],3,$prot);
+                       }
+                       push (@ips,$value) if ($value ne '') ;
+               }
+       }
+       if($prot ne 'ICMP'){
+               if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";}
+       }elsif ($prot eq 'ICMP'){
+               $back="--icmp-type ";
+       }
+       
+       $back.=join(",",@ips);
+       return $back;
+}
+sub get_ipsec_net_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort {$a <=> $b} keys %ipsecconf){
+               if($ipsecconf{$key}[1] eq $val){
+                       return $ipsecconf{$key}[$field];
+               }
+       }
+}
+sub get_ipsec_host_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort {$a <=> $b} keys %ipsecconf){
+               if($ipsecconf{$key}[1] eq $val){
+                       return $ipsecconf{$key}[$field];
+               }
+       }
+}
+sub get_ovpn_n2n_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort {$a <=> $b} keys %ccdhost){
+               if($ccdhost{$key}[1] eq $val){
+                       return $ccdhost{$key}[$field];
+               }
+       }
+}
+sub get_ovpn_host_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort {$a <=> $b} keys %ccdhost){
+               if($ccdhost{$key}[1] eq $val){
+                       return $ccdhost{$key}[$field];
+               }
+       }
+}
+sub get_ovpn_net_ip
+{
+       
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort {$a <=> $b} keys %ccdnet){
+               if($ccdnet{$key}[0] eq $val){
+                       return $ccdnet{$key}[$field];
+               }
+       }
+}
+sub get_grp_ip
+{
+       my $val=shift;
+       my $src=shift;
+       foreach my $key (sort {$a <=> $b} keys %customgrp){
+               if ($customgrp{$key}[0] eq $val){
+                       &get_address($customgrp{$key}[3],$src);
+               }
+       }               
+       
+}
+sub get_std_net_ip
+{
+       my $val=shift;
+       my $con=shift;
+       if ($val eq 'ALL'){
+               return "0.0.0.0/0.0.0.0";
+       }elsif($val eq 'GREEN'){
+               return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+       }elsif($val eq 'ORANGE'){
+               return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+       }elsif($val eq 'BLUE'){
+               return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+       }elsif($val eq 'RED'){
+               return "0.0.0.0/0 -o $con";
+       }elsif($val =~ /OpenVPN/i){
+               return "$ovpnsettings{'DOVPN_SUBNET'}";
+       }elsif($val =~ /IPsec/i){
+               return "$ipsecsettings{'RW_NET'}";
+       }elsif($val eq 'IPFire'){
+               return ;
+       }
+}
+sub get_net_ip
+{
+       my $val=shift;
+       foreach my $key (sort {$a <=> $b} keys %customnetwork){
+               if($customnetwork{$key}[0] eq $val){
+                       return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
+               }  
+       }
+}
+sub get_host_ip
+{
+       my $val=shift;
+       my $src=shift;
+       foreach my $key (sort {$a <=> $b} keys %customhost){
+               if($customhost{$key}[0] eq $val){
+                       if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){
+                       return "-m mac --mac-source $customhost{$key}[2]";
+                       }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){
+                               return "$customhost{$key}[2]";
+                       }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){
+                               return "$customhost{$key}[2]";
+                       }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){
+                               return "none";
+                       }
+               }  
+       }
+}
+
+return 1;
diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
new file mode 100755 (executable)
index 0000000..6d26d5b
--- /dev/null
@@ -0,0 +1,124 @@
+#!/bin/sh
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/firewall/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+
+iptables -F POLICYFWD
+iptables -F POLICYOUT
+iptables -F POLICYIN
+
+if [ -f "/var/ipfire/red/iface" ]; then
+       IFACE="$(</var/ipfire/red/iface)"
+fi
+
+# Figure out what devices are configured.
+HAVE_BLUE="false"
+HAVE_ORANGE="false"
+
+case "${CONFIG_TYPE}" in
+       2)
+               HAVE_BLUE="true"
+               ;;
+       3)
+               HAVE_ORANGE="true"
+               ;;
+       4)
+               HAVE_BLUE="true"
+               HAVE_ORANGE="true"
+               ;;
+esac
+
+# INPUT
+case "${FWPOLICY2}" in
+       REJECT)
+               if [ "${DROPINPUT}" = "on" ]; then
+                       /sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT"
+               fi
+               /sbin/iptables -A POLICYIN -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_INPUT"
+               ;;
+       *) # DROP
+               if [ "${DROPINPUT}" = "on" ]; then
+                       /sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
+               fi
+               /sbin/iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT"
+               ;;
+esac
+
+# FORWARD
+case "${POLICY}" in
+       MODE1)
+               case "${FWPOLICY}" in
+                       REJECT)
+                               if [ "${DROPFORWARD}" = "on" ]; then
+                                       /sbin/iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
+                               fi
+                               /sbin/iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_FORWARD"
+                               ;;
+                       *) # DROP
+                               if [ "${DROPFORWARD}" = "on" ]; then
+                                       /sbin/iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+                               fi
+                               /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
+                               ;;
+               esac
+               ;;
+
+       *)
+               if [ -n "${IFACE}" ]; then
+                       if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
+                               /sbin/iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -j DROP
+                       fi
+                       if [ "${HAVE_ORANGE}" = "true" ] && [ -n "${ORANGE_DEV}" ]; then
+                               /sbin/iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -j DROP
+                       fi
+               fi
+               /sbin/iptables -A POLICYFWD -j ACCEPT
+               /sbin/iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP
+               ;;
+esac
+
+# OUTGOING
+case "${POLICY1}" in
+       MODE1)
+               case "${FWPOLICY1}" in
+                       REJECT)
+                               if [ "${DROPOUTGOING}" = "on" ]; then
+                                       /sbin/iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT"
+                               fi
+                               /sbin/iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
+                               ;;
+                       *) # DROP
+                               if [ "${DROPOUTGOING}" == "on" ]; then
+                                       /sbin/iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT"
+                               fi
+                               /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
+                               ;;
+               esac
+               ;;
+       *)
+               /sbin/iptables -A POLICYOUT -j ACCEPT
+               /sbin/iptables -A POLICYOUT -m comment --comment "DROP_OUTPUT" -j DROP
+               ;;
+esac
+
+exit 0
diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols
new file mode 100644 (file)
index 0000000..7000581
--- /dev/null
@@ -0,0 +1,9 @@
+Applejuice;apple;off;
+Ares;ares;off;
+Bittorrent;bit;off;
+DirectConnect;dc;off;
+Edonkey;edk;off;
+Gnutella;gnu;off;
+KaZaA;kazaa;off;
+SoulSeek;soul;off;
+WinMX;winmx;off;
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
new file mode 100755 (executable)
index 0000000..f1584f3
--- /dev/null
@@ -0,0 +1,641 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+use Time::Local;
+no warnings 'uninitialized';
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+my %fwdfwsettings=();
+my %defaultNetworks=();
+my %configfwdfw=();
+my %color=();
+my %icmptypes=();
+my %ovpnSettings=();
+my %customgrp=();
+our %sourcehash=();
+our %targethash=();
+my @timeframe=();
+my %configinputfw=();
+my %configoutgoingfw=();
+my %confignatfw=();
+my %aliases=();
+my @DPROT=();
+my @p2ps=();
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/firewall/bin/firewall-lib.pl";
+
+my $configfwdfw                = "${General::swroot}/firewall/config";
+my $configinput            = "${General::swroot}/firewall/input";
+my $configoutgoing  = "${General::swroot}/firewall/outgoing";
+my $p2pfile                    = "${General::swroot}/firewall/p2protocols";
+my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $netsettings                = "${General::swroot}/ethernet/settings";
+my $errormessage       = '';
+my $orange                     = '';
+my $green                      = '';
+my $blue                       = '';
+my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
+my $CHAIN                      = "FORWARDFW";
+my $conexists          = 'off';
+my $command                    = 'iptables -A';
+my $dnat                       ='';
+my $snat                       ='';
+
+&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
+&General::readhash("$netsettings", \%defaultNetworks);
+&General::readhasharray($configfwdfw, \%configfwdfw);
+&General::readhasharray($configinput, \%configinputfw);
+&General::readhasharray($configoutgoing, \%configoutgoingfw);
+&General::readhasharray($configgrp, \%customgrp);
+&General::get_aliases(\%aliases);
+
+#check if we have an internetconnection
+open (CONN,"/var/ipfire/red/iface");
+my $con = <CONN>;
+close(CONN);
+if (-f "/var/ipfire/red/active"){
+       $conexists='on';
+}
+open (CONN1,"/var/ipfire/red/local-ipaddress");
+my $redip = <CONN1>;
+close(CONN1);
+#################
+#    DEBUG/TEST #
+#################
+my $MODE=0;     # 0 - normal operation
+                # 1 - print configline and rules to console
+                #
+#################
+my $param=shift;
+
+if($param eq 'flush'){
+       if ($MODE eq '1'){
+               print " Flushing chains...\n";
+       }
+       &flush;
+}else{
+       if ($MODE eq '1'){
+               print " Flushing chains...\n";
+       }
+       &flush;
+       if ($MODE eq '1'){
+               print " Preparing rules...\n";
+       }
+       &preparerules;
+       if($MODE eq '0'){
+               if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+                       &p2pblock;
+                       system ("/usr/sbin/firewall-policy");
+               }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
+                       &p2pblock;
+                       system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
+                       system ("/usr/sbin/firewall-policy");
+                       system ("/etc/sysconfig/firewall.local reload");
+               }
+       }
+}
+sub flush
+{
+       system ("iptables -F FORWARDFW");
+       system ("iptables -F INPUTFW");
+       system ("iptables -F OUTGOINGFW");
+       system ("iptables -t nat -F NAT_DESTINATION");
+       system ("iptables -t nat -F NAT_SOURCE");
+}
+sub preparerules
+{
+       if (! -z  "${General::swroot}/firewall/config"){
+               &buildrules(\%configfwdfw);
+       }
+       if (! -z  "${General::swroot}/firewall/input"){
+               &buildrules(\%configinputfw);
+       }
+       if (! -z  "${General::swroot}/firewall/outgoing"){
+               &buildrules(\%configoutgoingfw);
+       }
+}
+sub buildrules
+{
+       my $hash=shift;
+       my $STAG;
+       my $natip;
+       my $snatport;
+       my $fireport;
+       my $nat;
+       my $fwaccessdport;
+       my $natchain;
+       my $icmptype;
+       foreach my $key (sort {$a <=> $b} keys %$hash){
+               next if (($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1') && $conexists eq 'off' );
+               $command="iptables -A";
+               if ($$hash{$key}[28] eq 'ON'){
+                       $command='iptables -t nat -A';
+                       $natip=&get_nat_ip($$hash{$key}[29],$$hash{$key}[31]);
+                       if($$hash{$key}[31] eq 'dnat'){
+                               $nat='DNAT';
+                               if ($$hash{$key}[30] =~ /\|/){
+                                       $$hash{$key}[30]=~ tr/|/,/;
+                                       $fireport='-m multiport --dport '.$$hash{$key}[30];
+                               }else{
+                                       $fireport='--dport '.$$hash{$key}[30] if ($$hash{$key}[30]>0);
+                               }
+                       }else{
+                               $nat='SNAT';
+                       }
+               }
+               $STAG='';
+               if($$hash{$key}[2] eq 'ON'){
+                       #get source ip's
+                       if ($$hash{$key}[3] eq 'cust_grp_src'){
+                               foreach my $grp (sort {$a <=> $b} keys %customgrp){
+                                               if($customgrp{$grp}[0] eq $$hash{$key}[4]){
+                                               &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"src");
+                                       }
+                               }
+                       }else{
+                               &get_address($$hash{$key}[3],$$hash{$key}[4],"src");
+                       }
+                       #get target ip's
+                       if ($$hash{$key}[5] eq 'cust_grp_tgt'){
+                               foreach my $grp (sort {$a <=> $b} keys %customgrp){
+                                       if($customgrp{$grp}[0] eq $$hash{$key}[6]){
+                                               &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
+                                       }
+                               }
+                       }elsif($$hash{$key}[5] eq 'ipfire' ){
+                               if($$hash{$key}[6] eq 'GREEN'){
+                                       $targethash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
+                               }
+                               if($$hash{$key}[6] eq 'BLUE'){
+                                       $targethash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
+                               }
+                               if($$hash{$key}[6] eq 'ORANGE'){
+                                       $targethash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
+                               }
+                               if($$hash{$key}[6] eq 'ALL'){
+                                       $targethash{$key}[0]='0.0.0.0/0';
+                               }
+                               if($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1'){
+                                       open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
+                                       $targethash{$key}[0]= <FILE>;
+                                       close(FILE);
+                               }else{
+                                       foreach my $alias (sort keys %aliases){
+                                               if ($$hash{$key}[6] eq $alias){
+                                                       $targethash{$key}[0]=$aliases{$alias}{'IPT'};
+                                               }
+                                       }
+                               }
+                       }else{
+                               &get_address($$hash{$key}[5],$$hash{$key}[6],"tgt");
+                       }
+                       ##get source prot and port
+                       $SRC_TGT='SRC';
+                       $SPORT = &get_port($hash,$key);
+                       $SRC_TGT='';
+
+                       ##get target prot and port
+                       $DPROT=&get_prot($hash,$key);
+
+                       if ($DPROT eq ''){$DPROT=' ';}
+                       @DPROT=split(",",$DPROT);
+
+                       #get time if defined
+                       if($$hash{$key}[18] eq 'ON'){
+                               my ($time1,$time2,$daylight);
+                               my $daylight=$$hash{$key}[28];
+                               $time1=&get_time($$hash{$key}[26],$daylight);
+                               $time2=&get_time($$hash{$key}[27],$daylight);
+                               if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
+                               if($$hash{$key}[20] ne ''){push (@timeframe,"Tue");}
+                               if($$hash{$key}[21] ne ''){push (@timeframe,"Wed");}
+                               if($$hash{$key}[22] ne ''){push (@timeframe,"Thu");}
+                               if($$hash{$key}[23] ne ''){push (@timeframe,"Fri");}
+                               if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
+                               if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
+                               $TIME=join(",",@timeframe);
+
+                               $TIMEFROM="--timestart $time1 ";
+                               $TIMETILL="--timestop $time2 ";
+                               $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
+                       }
+                       if ($MODE eq '1'){
+                               print "NR:$key ";
+                               foreach my $i (0 .. $#{$$hash{$key}}){
+                                       print "$i: $$hash{$key}[$i]  ";
+                               }
+                               print "\n";
+                               print"##################################\n";
+                               #print rules to console
+                               foreach my $DPROT (@DPROT){
+                                       $DPORT = &get_port($hash,$key,$DPROT);
+                                       $PROT=$DPROT;
+                                       $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+                                       foreach my $a (sort keys %sourcehash){
+                                               foreach my $b (sort keys %targethash){
+                                                       if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
+                                                               if($DPROT ne ''){
+                                                                       if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
+                                                                       if(substr($DPORT, 2, 4) eq 'icmp'){
+                                                                               my @icmprule= split(",",substr($DPORT, 12,));
+                                                                               foreach (@icmprule){
+                                                                                       $icmptype="--icmp-type ";
+                                                                                       if ($_ eq "BLANK") {
+                                                                                                       $icmptype="";
+                                                                                                       $_="";
+                                                                                       }
+                                                                                       if ($$hash{$key}[17] eq 'ON'){
+                                                                                               print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j LOG\n";
+                                                                                       }
+                                                                                               print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j $$hash{$key}[0]\n";
+                                                                               }
+                                                                       }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
+                                                                               $natchain='NAT_DESTINATION';
+                                                                               if ($$hash{$key}[17] eq 'ON'){
+                                                                                       print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+                                                                               }
+                                                                               my ($ip,$sub) =split("/",$targethash{$b}[0]);
+                                                                               #Process NAT with servicegroup used
+                                                                               if ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[14] eq 'cust_srvgrp'){
+                                                                                       print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip $DPORT\n";
+                                                                                       $fwaccessdport=$DPORT;
+                                                                               }else{
+                                                                                       print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
+                                                                                       $DPORT =~ s/\-/:/g;
+                                                                                       if ($DPORT){
+                                                                                               $fwaccessdport="--dport ".substr($DPORT,1,);
+                                                                                       }elsif(! $DPORT && $$hash{$key}[30] ne ''){
+                                                                                               if ($$hash{$key}[30]=~m/|/i){
+                                                                                                       $$hash{$key}[30] =~ s/\|/,/g;
+                                                                                                       $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
+                                                                                               }else{
+                                                                                                       $fwaccessdport="--dport $$hash{$key}[30]";
+                                                                                               }
+                                                                                       }
+                                                                               }
+                                                                               print "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+                                                                               next;
+                                                                       }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
+                                                                               $natchain='NAT_SOURCE';
+                                                                               print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
+                                                                       }
+                                                                       if ($$hash{$key}[17] eq 'ON' ){
+                                                                                       print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+                                                                       }
+                                                                       if ($PROT ne '-p ICMP'){
+                                                                               print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+                                                                       }
+                                                                       if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+                                                                               print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+                                                                       }
+                                                               }
+                                                       }
+                                               }
+                                       }
+                                       print"\n";
+                               }
+                       }elsif($MODE eq '0'){
+                               foreach my $DPROT (@DPROT){
+                                       $DPORT = &get_port($hash,$key,$DPROT);
+                                       $PROT=$DPROT;
+                                       $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+                                       foreach my $a (sort keys %sourcehash){
+                                               foreach my $b (sort keys %targethash){
+                                                       if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
+                                                               if($DPROT ne ''){
+                                                                       if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
+                                                                       #Process ICMP RULE
+                                                                       if(substr($DPORT, 2, 4) eq 'icmp'){
+                                                                               my @icmprule= split(",",substr($DPORT, 12,));
+                                                                               foreach (@icmprule){
+                                                                                       $icmptype="--icmp-type ";
+                                                                                       if ($_ eq "BLANK") {
+                                                                                                       $icmptype="";
+                                                                                                       $_="";
+                                                                                       }
+                                                                                       if ($$hash{$key}[17] eq 'ON'){
+                                                                                               system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j LOG");
+                                                                                       }
+                                                                                               system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j $$hash{$key}[0]");
+                                                                               }
+                                                                       #PROCESS DNAT RULE (Portforward)
+                                                                       }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
+                                                                               $natchain='NAT_DESTINATION';
+                                                                               if ($$hash{$key}[17] eq 'ON'){
+                                                                                       system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+                                                                               }
+                                                                               my ($ip,$sub) =split("/",$targethash{$b}[0]);
+                                                                               #Process NAT with servicegroup used
+                                                                               if ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[14] eq 'cust_srvgrp'){
+                                                                                       system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip $DPORT\n";
+                                                                                       $fwaccessdport=$DPORT;
+                                                                               }else{
+                                                                                       system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
+                                                                                       $DPORT =~ s/\-/:/g;
+                                                                                       if ($DPORT){
+                                                                                               $fwaccessdport="--dport ".substr($DPORT,1,);
+                                                                                       }elsif(! $DPORT && $$hash{$key}[30] ne ''){
+                                                                                               if ($$hash{$key}[30]=~m/|/i){
+                                                                                                       $$hash{$key}[30] =~ s/\|/,/g;
+                                                                                                       $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
+                                                                                               }else{
+                                                                                                       $fwaccessdport="--dport $$hash{$key}[30]";
+                                                                                               }
+                                                                                       }
+                                                                               }
+                                                                               system "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+                                                                               next;
+                                                                       #PROCESS SNAT RULE
+                                                                       }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
+                                                                               $natchain='NAT_SOURCE';
+                                                                               system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
+                                                                       }
+                                                                       if ($$hash{$key}[17] eq 'ON' && substr($DPORT, 2, 4) ne 'icmp'){
+                                                                               system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+                                                                       }
+                                                                       #PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be applied double)
+                                                                       if ($PROT ne '-p ICMP'){
+                                                                               system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+                                                                       }
+                                                                       #PROCESS Prot ICMP and type = All ICMP-Types
+                                                                       if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+                                                                               system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+                                                                       }
+                                                               }
+                                                       }
+                                               }
+                                       }
+                               }
+                       }
+               }
+               %sourcehash=();
+               %targethash=();
+               undef $TIME;
+               undef $TIMEFROM;
+               undef $TIMETILL;
+               undef $fireport;
+       }
+}
+sub get_nat_ip
+{
+       my $val=shift;
+       my $type=shift;
+       my $result;
+       if($val eq 'RED' || $val eq 'GREEN' || $val eq 'ORANGE' || $val eq 'BLUE'){
+               $result=$defaultNetworks{$val.'_ADDRESS'};
+       }elsif($val eq 'ALL'){
+               $result='-i '.$con;
+       }elsif($val eq 'Default IP' && $type eq 'dnat'){
+               $result='-d '.$redip;
+       }elsif($val eq 'Default IP' && $type eq 'snat'){
+               $result=$redip;
+       }else{
+               foreach my $al (sort keys %aliases){
+                       if($val eq $al && $type eq 'dnat'){
+                               $result='-d '.$aliases{$al}{'IPT'};
+                       }elsif($val eq $al && $type eq 'snat'){
+                               $result=$aliases{$al}{'IPT'};
+                       }
+               }
+       }
+       return $result;
+}
+sub get_time
+{
+       my $val=shift;
+       my $val1=shift;
+       my $time;
+       my $minutes;
+       my $ruletime;
+       $minutes = &utcmin($val);
+       $ruletime = $minutes + &time_get_utc($val);
+       if ($ruletime < 0){$ruletime +=1440;}
+       if ($ruletime > 1440){$ruletime -=1440;}
+       $time=sprintf "%02d:%02d", $ruletime / 60, $ruletime % 60;
+       return $time;
+}
+sub time_get_utc
+{
+       # Calculates the UTCtime from a given time
+       my $val=shift;
+       my @localtime=localtime(time);
+       my @gmtime=gmtime(time);
+       my $diff = ($gmtime[2]*60+$gmtime[1]%60)-($localtime[2]*60+$localtime[1]%60);
+       return $diff;
+}
+sub utcmin
+{
+       my $ruletime=shift;
+       my ($hrs,$min) = split(":",$ruletime);
+       my $newtime = $hrs*60+$min;
+       return $newtime;
+}
+sub p2pblock
+{
+       my $P2PSTRING;
+       my $DO;
+       open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
+       @p2ps = <FILE>;
+       close FILE;
+       my $CMD = "-m ipp2p";
+       foreach my $p2pentry (sort @p2ps) {
+               my @p2pline = split( /\;/, $p2pentry );
+               if ( $fwdfwsettings{'POLICY'} eq 'MODE1' ) {
+                       $DO = "ACCEPT";
+                       if ("$p2pline[2]" eq "on") {
+                               $P2PSTRING = "$P2PSTRING --$p2pline[1]";
+                       }
+               }else {
+                       $DO = "RETURN";
+                       if ("$p2pline[2]" eq "off") {
+                               $P2PSTRING = "$P2PSTRING --$p2pline[1]";
+                       }
+               }
+       }
+       if ($MODE eq 1){
+               if($P2PSTRING){
+                       print"/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO\n";
+               }
+       }else{
+               if($P2PSTRING){
+                       system("/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO");
+               }
+       }
+}
+sub get_address
+{
+       my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
+       my $base2=shift;
+       my $type=shift; #src or tgt
+       my $hash;
+       if ($type eq 'src'){
+               $hash=\%sourcehash;
+       }else{
+               $hash=\%targethash;
+       }
+       my $key = &General::findhasharraykey($hash);
+       if($base eq 'src_addr' || $base eq 'tgt_addr' ){
+               if (&General::validmac($base2)){
+                       $$hash{$key}[0] = "-m mac --mac-source $base2";
+               }else{
+                       $$hash{$key}[0] = $base2;
+               }
+       }elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){
+               $$hash{$key}[0]=&fwlib::get_std_net_ip($base2,$con);
+       }elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){
+               $$hash{$key}[0]=&fwlib::get_net_ip($base2);
+       }elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){
+               $$hash{$key}[0]=&fwlib::get_host_ip($base2,$type);
+       }elsif($base eq 'ovpn_net_src' || $base eq 'ovpn_net_tgt' || $base eq 'OpenVPN static network'){
+               $$hash{$key}[0]=&fwlib::get_ovpn_net_ip($base2,1);
+       }elsif($base eq 'ovpn_host_src' ||$base eq 'ovpn_host_tgt' || $base eq 'OpenVPN static host'){
+               $$hash{$key}[0]=&fwlib::get_ovpn_host_ip($base2,33);
+       }elsif($base eq 'ovpn_n2n_src' ||$base eq 'ovpn_n2n_tgt' || $base eq 'OpenVPN N-2-N'){
+               $$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,11);
+       }elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){
+               $$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11);
+       }elsif($base eq 'ipfire_src' ){
+               if($base2 eq 'GREEN'){
+                       $$hash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
+               }
+               if($base2 eq 'BLUE'){
+                       $$hash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
+               }
+               if($base2 eq 'ORANGE'){
+                       $$hash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
+               }
+               if($base2 eq 'ALL'){
+                       $$hash{$key}[0]='0.0.0.0/0';
+               }
+               if($base2 eq 'RED' || $base2 eq 'RED1'){
+                       open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
+                       $$hash{$key}[0]= <FILE>;
+                       close(FILE);
+               }else{
+                       foreach my $alias (sort keys %aliases){
+                               if ($base2 eq $alias){
+                                       $$hash{$key}[0]=$aliases{$alias}{'IPT'};
+                               }
+                       }
+               }
+       }
+}
+sub get_prot
+{
+       my $hash=shift;
+       my $key=shift;
+       #check AH,GRE,ESP or ICMP
+       if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON'){
+               return "$$hash{$key}[8]";
+       }
+       if ($$hash{$key}[7] eq 'ON' || $$hash{$key}[11] eq 'ON'){
+               #check if servicegroup or service
+               if($$hash{$key}[14] eq 'cust_srv'){
+                       return &fwlib::get_srv_prot($$hash{$key}[15]);
+               }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+                       return &fwlib::get_srvgrp_prot($$hash{$key}[15]);
+               }elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && $$hash{$key}[8] eq ''){ #when ports are used and prot set to "all"
+                       return "TCP,UDP";
+               }elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && ($$hash{$key}[8] eq 'TCP' || $$hash{$key}[8] eq 'UDP')){ #when ports are used and prot set to "tcp" or "udp"
+                       return "$$hash{$key}[8]";
+               }elsif (($$hash{$key}[10] eq '' && $$hash{$key}[15] eq '') && $$hash{$key}[8] ne 'ICMP'){ #when ports are NOT used and prot NOT set to "ICMP"
+                       return "$$hash{$key}[8]";
+               }else{
+                       return "$$hash{$key}[8]";
+               }
+       }
+       #DNAT
+       if ($SRC_TGT eq '' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[11] eq '' && $$hash{$key}[12] ne ''){
+               return "$$hash{$key}[8]";
+       }
+}
+sub get_port
+{
+       my $hash=shift;
+       my $key=shift;
+       my $prot=shift;
+       #Get manual defined Ports from SOURCE
+       if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
+               if ($$hash{$key}[10] ne ''){
+                       $$hash{$key}[10] =~ s/\|/,/g;
+                       if(index($$hash{$key}[10],",") > 0){
+                               return "-m multiport --sport $$hash{$key}[10] ";
+                       }else{
+                               if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ||($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat')  ){
+                                       return "--sport $$hash{$key}[10] ";
+                               }else{
+                                       return ":$$hash{$key}[10]";
+                               }
+                       }
+               }
+               #Get manual ports from TARGET
+       }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
+               if($$hash{$key}[14] eq 'TGT_PORT'){
+                       if ($$hash{$key}[15] ne ''){
+                               $$hash{$key}[15] =~ s/\|/,/g;
+                               if(index($$hash{$key}[15],",") > 0){
+                                       return "-m multiport --dport $$hash{$key}[15] ";
+                               }else{
+                                       if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){
+                                               return "--dport $$hash{$key}[15] ";
+                                        }else{
+                                                $$hash{$key}[15] =~ s/\:/-/g;
+                                                return ":$$hash{$key}[15]";
+                                        }
+                               }
+                       }
+               #Get ports defined in custom Service (firewall-groups)
+               }elsif($$hash{$key}[14] eq 'cust_srv'){
+                       if ($prot ne 'ICMP'){
+                               if($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
+                                       my $ports =&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+                                       $ports =~ s/\:/-/g;
+                                       return ":".$ports
+                               }else{
+                                       return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+                               }
+                       }elsif($prot eq 'ICMP' && $$hash{$key}[11] eq 'ON'){        #When PROT is ICMP and "use targetport is checked, this is an icmp-service
+                               return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
+                       }
+               #Get ports from services which are used in custom servicegroups (firewall-groups)
+               }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+                       if      ($prot ne 'ICMP'){
+                               return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+                       }
+                       elsif($prot eq 'ICMP'){
+                               return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+                       }
+               }
+       }
+       #CHECK ICMP
+       if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON' && $SRC_TGT eq ''){
+               if($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
+                       return "--icmp-type $$hash{$key}[9] ";
+               }elsif($$hash{$key}[9] eq 'All ICMP-Types'){
+                       return;
+               }
+       }
+}
diff --git a/config/fwhosts/customservices b/config/fwhosts/customservices
new file mode 100644 (file)
index 0000000..07dd3d2
--- /dev/null
@@ -0,0 +1,32 @@
+32,rsync,873,TCP,BLANK,0
+21,IMAPS,993,TCP,BLANK,0
+7,WINS,42,TCP,BLANK,0
+26,LPD,515,TCP,BLANK,0
+17,IRC,194,TCP,BLANK,0
+2,FTP-control,21,TCP,BLANK,0
+1,FTP-data,20,TCP,BLANK,0
+18,HTTPS,443,TCP,BLANK,0
+30,NFS,2049,TCP,BLANK,0
+16,SNMP,161,UDP,BLANK,0
+25,IPP (UDP),631,UDP,BLANK,0
+27,JetDirect,9100,TCP,BLANK,0
+28,LDAP,389,TCP,BLANK,0
+14,NetBIOS Session Service,139,TCP,BLANK,0
+20,FTPS control,990,TCP,BLANK,0
+24,IPP (TCP),631,TCP,BLANK,0
+10,SFTP,115,TCP,BLANK,0
+31,Radius,1812,TCP,BLANK,0
+11,NTP,123,UDP,BLANK,0
+22,POP3S,995,TCP,BLANK,0
+13,NetBIOS Datagram Service,138,TCP,BLANK,0
+23,RDP,3389,TCP,BLANK,0
+29,LDAPS,636,TCP,BLANK,0
+6,Time,37,TCP,BLANK,0
+3,SSH,22,TCP,BLANK,0
+9,POP3,110,TCP,BLANK,0
+12,NetBIOS Name Service,137,TCP,BLANK,0
+15,IMAP,143,TCP,BLANK,0
+8,HTTP,80,TCP,BLANK,0
+4,Telnet,23,UDP,BLANK,0
+19,FTPS data,989,TCP,BLANK,0
+5,SMTP,25,TCP,BLANK,0
diff --git a/config/fwhosts/icmp-types b/config/fwhosts/icmp-types
new file mode 100755 (executable)
index 0000000..a9066a8
--- /dev/null
@@ -0,0 +1,36 @@
+0,echo-reply,0
+1,destination-unreachable,3
+2,network-unreachable,3/0
+3,host-unreachable,3/1
+4,protocol-unreachable,3/2
+5,port-unreachable,3/3
+6,fragmentation-needed,3/4
+7,source-route-failed,3/5
+8,network-unknown,3/6
+9,host-unknown,3/7
+10,network-prohibited,3/9
+11,host-prohibited,3/10
+12,TOS-network-unreachable,3/11
+13,TOS-host-unreachable,3/12
+14,communication-prohibited,3/13
+15,host-precedence-violation,3/14
+16,precedence-cutoff,3/15
+17,source-quench,4
+18,redirect,5
+19,network-redirect,5/0
+20,host-redirect,5/1
+21,TOS-network-redirect,5/2
+22,TOS-host-redirect,5/3
+23,echo-request,8
+24,router-advertisement,9
+25,router-solicitation,10
+26,time-exceeded,11
+27,ttl-zero-during-transit,11/0
+28,ttl-zero-during-reassembly,11/1
+29,parameter-problem,12
+30,ip-header-bad,12/0
+31,required-option-missing,12/1
+32,timestamp-request,13
+33,timestamp-reply,14
+34,address-mask-request,17
+35,address-mask-reply,18
index 70a7e23..626e44e 100644 (file)
@@ -1,38 +1,28 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.2.47 Kernel Configuration
+# Linux/arm 3.10.10-ipfire-kirkwood Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_SYS_SUPPORTS_APM_EMULATION=y
-CONFIG_HAVE_SCHED_CLOCK=y
-CONFIG_GENERIC_GPIO=y
-# CONFIG_ARCH_USES_GETTIMEOFFSET is not set
-CONFIG_GENERIC_CLOCKEVENTS=y
-CONFIG_KTIME_SCALAR=y
 CONFIG_HAVE_PROC_CPU=y
 CONFIG_STACKTRACE_SUPPORT=y
 CONFIG_HAVE_LATENCYTOP_SUPPORT=y
 CONFIG_LOCKDEP_SUPPORT=y
 CONFIG_TRACE_IRQFLAGS_SUPPORT=y
-CONFIG_HARDIRQS_SW_RESEND=y
-CONFIG_GENERIC_IRQ_PROBE=y
 CONFIG_RWSEM_GENERIC_SPINLOCK=y
-CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y
 CONFIG_GENERIC_HWEIGHT=y
 CONFIG_GENERIC_CALIBRATE_DELAY=y
 CONFIG_NEED_DMA_MAP_STATE=y
 CONFIG_VECTORS_BASE=0xffff0000
-# CONFIG_ARM_PATCH_PHYS_VIRT is not set
-CONFIG_PHYS_OFFSET=0x0
+CONFIG_ARM_PATCH_PHYS_VIRT=y
 CONFIG_GENERIC_BUG=y
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
-CONFIG_HAVE_IRQ_WORK=y
 CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
 
 #
 # General setup
 #
-CONFIG_EXPERIMENTAL=y
 CONFIG_BROKEN_ON_SMP=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 CONFIG_CROSS_COMPILE=""
@@ -40,9 +30,11 @@ CONFIG_LOCALVERSION=""
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
 CONFIG_HAVE_KERNEL_LZO=y
 # CONFIG_KERNEL_GZIP is not set
-CONFIG_KERNEL_LZMA=y
+# CONFIG_KERNEL_LZMA is not set
+CONFIG_KERNEL_XZ=y
 # CONFIG_KERNEL_LZO is not set
 CONFIG_DEFAULT_HOSTNAME="(none)"
 CONFIG_SWAP=y
@@ -50,43 +42,83 @@ CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
 CONFIG_POSIX_MQUEUE=y
 CONFIG_POSIX_MQUEUE_SYSCTL=y
-CONFIG_BSD_PROCESS_ACCT=y
-CONFIG_BSD_PROCESS_ACCT_V3=y
-# CONFIG_FHANDLE is not set
-# CONFIG_TASKSTATS is not set
+CONFIG_FHANDLE=y
 CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
+CONFIG_AUDIT_LOGINUID_IMMUTABLE=y
 CONFIG_HAVE_GENERIC_HARDIRQS=y
 
 #
 # IRQ subsystem
 #
 CONFIG_GENERIC_HARDIRQS=y
-CONFIG_HAVE_SPARSE_IRQ=y
+CONFIG_GENERIC_IRQ_PROBE=y
 CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_HARDIRQS_SW_RESEND=y
 CONFIG_GENERIC_IRQ_CHIP=y
 CONFIG_IRQ_DOMAIN=y
-CONFIG_SPARSE_IRQ=y
+# CONFIG_IRQ_DOMAIN_DEBUG is not set
+CONFIG_KTIME_SCALAR=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+CONFIG_TASKSTATS=y
+CONFIG_TASK_DELAY_ACCT=y
+CONFIG_TASK_XACCT=y
+CONFIG_TASK_IO_ACCOUNTING=y
 
 #
 # RCU Subsystem
 #
 CONFIG_TINY_RCU=y
 # CONFIG_PREEMPT_RCU is not set
-# CONFIG_RCU_TRACE is not set
+# CONFIG_RCU_STALL_COMMON is not set
 # CONFIG_TREE_RCU_TRACE is not set
 # CONFIG_IKCONFIG is not set
-CONFIG_LOG_BUF_SHIFT=19
-# CONFIG_CGROUPS is not set
+CONFIG_LOG_BUF_SHIFT=18
+CONFIG_CGROUPS=y
+# CONFIG_CGROUP_DEBUG is not set
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CPUSETS=y
+CONFIG_PROC_PID_CPUSET=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_RESOURCE_COUNTERS=y
+# CONFIG_MEMCG is not set
+CONFIG_CGROUP_PERF=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+# CONFIG_CFS_BANDWIDTH is not set
+CONFIG_RT_GROUP_SCHED=y
+CONFIG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
 CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
-# CONFIG_USER_NS is not set
-# CONFIG_PID_NS is not set
-# CONFIG_NET_NS is not set
-# CONFIG_SCHED_AUTOGROUP is not set
-CONFIG_SYSFS_DEPRECATED=y
-CONFIG_SYSFS_DEPRECATED_V2=y
-# CONFIG_RELAY is not set
+CONFIG_PID_NS=y
+CONFIG_NET_NS=y
+CONFIG_SCHED_AUTOGROUP=y
+# CONFIG_SYSFS_DEPRECATED is not set
+CONFIG_RELAY=y
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_INITRAMFS_SOURCE=""
 CONFIG_RD_GZIP=y
@@ -97,12 +129,13 @@ CONFIG_RD_LZO=y
 # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
 CONFIG_SYSCTL=y
 CONFIG_ANON_INODES=y
-# CONFIG_EXPERT is not set
+CONFIG_HAVE_UID16=y
+CONFIG_HOTPLUG=y
+CONFIG_EXPERT=y
 CONFIG_UID16=y
 # CONFIG_SYSCTL_SYSCALL is not set
 CONFIG_KALLSYMS=y
-# CONFIG_KALLSYMS_ALL is not set
-CONFIG_HOTPLUG=y
+CONFIG_KALLSYMS_ALL=y
 CONFIG_PRINTK=y
 CONFIG_BUG=y
 CONFIG_ELF_CORE=y
@@ -114,7 +147,8 @@ CONFIG_TIMERFD=y
 CONFIG_EVENTFD=y
 CONFIG_SHMEM=y
 CONFIG_AIO=y
-# CONFIG_EMBEDDED is not set
+CONFIG_PCI_QUIRKS=y
+CONFIG_EMBEDDED=y
 CONFIG_HAVE_PERF_EVENTS=y
 CONFIG_PERF_USE_VMALLOC=y
 
@@ -122,25 +156,45 @@ CONFIG_PERF_USE_VMALLOC=y
 # Kernel Performance Events And Counters
 #
 CONFIG_PERF_EVENTS=y
-# CONFIG_PERF_COUNTERS is not set
 # CONFIG_DEBUG_PERF_USE_VMALLOC is not set
 CONFIG_VM_EVENT_COUNTERS=y
-CONFIG_PCI_QUIRKS=y
 CONFIG_SLUB_DEBUG=y
 # CONFIG_COMPAT_BRK is not set
 # CONFIG_SLAB is not set
 CONFIG_SLUB=y
+# CONFIG_SLOB is not set
 # CONFIG_PROFILING is not set
+CONFIG_TRACEPOINTS=y
 CONFIG_HAVE_OPROFILE=y
 # CONFIG_KPROBES is not set
+CONFIG_JUMP_LABEL=y
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
 CONFIG_HAVE_KPROBES=y
 CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_GENERIC_IDLE_POLL_SETUP=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_CLK=y
 CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_MOD_ARCH_SPECIFIC=y
+CONFIG_MODULES_USE_ELF_REL=y
+CONFIG_CLONE_BACKWARDS=y
+CONFIG_OLD_SIGSUSPEND3=y
+CONFIG_OLD_SIGACTION=y
 
 #
 # GCOV-based kernel profiling
 #
+# CONFIG_GCOV_KERNEL is not set
 CONFIG_HAVE_GENERIC_DMA_COHERENT=y
 CONFIG_SLABINFO=y
 CONFIG_RT_MUTEXES=y
@@ -148,14 +202,40 @@ CONFIG_BASE_SMALL=0
 CONFIG_MODULES=y
 # CONFIG_MODULE_FORCE_LOAD is not set
 CONFIG_MODULE_UNLOAD=y
-CONFIG_MODULE_FORCE_UNLOAD=y
+# CONFIG_MODULE_FORCE_UNLOAD is not set
 # CONFIG_MODVERSIONS is not set
-# CONFIG_MODULE_SRCVERSION_ALL is not set
+CONFIG_MODULE_SRCVERSION_ALL=y
+# CONFIG_MODULE_SIG is not set
+CONFIG_STOP_MACHINE=y
 CONFIG_BLOCK=y
 CONFIG_LBDAF=y
 CONFIG_BLK_DEV_BSG=y
 CONFIG_BLK_DEV_BSGLIB=y
-# CONFIG_BLK_DEV_INTEGRITY is not set
+CONFIG_BLK_DEV_INTEGRITY=y
+CONFIG_BLK_DEV_THROTTLING=y
+
+#
+# Partition Types
+#
+CONFIG_PARTITION_ADVANCED=y
+# CONFIG_ACORN_PARTITION is not set
+# CONFIG_OSF_PARTITION is not set
+# CONFIG_AMIGA_PARTITION is not set
+# CONFIG_ATARI_PARTITION is not set
+# CONFIG_MAC_PARTITION is not set
+CONFIG_MSDOS_PARTITION=y
+# CONFIG_BSD_DISKLABEL is not set
+# CONFIG_MINIX_SUBPARTITION is not set
+# CONFIG_SOLARIS_X86_PARTITION is not set
+# CONFIG_UNIXWARE_DISKLABEL is not set
+CONFIG_LDM_PARTITION=y
+# CONFIG_LDM_DEBUG is not set
+# CONFIG_SGI_PARTITION is not set
+# CONFIG_ULTRIX_PARTITION is not set
+# CONFIG_SUN_PARTITION is not set
+# CONFIG_KARMA_PARTITION is not set
+CONFIG_EFI_PARTITION=y
+# CONFIG_SYSV68_PARTITION is not set
 
 #
 # IO Schedulers
@@ -163,136 +243,121 @@ CONFIG_BLK_DEV_BSGLIB=y
 CONFIG_IOSCHED_NOOP=y
 CONFIG_IOSCHED_DEADLINE=y
 CONFIG_IOSCHED_CFQ=y
+CONFIG_CFQ_GROUP_IOSCHED=y
 # CONFIG_DEFAULT_DEADLINE is not set
 CONFIG_DEFAULT_CFQ=y
 # CONFIG_DEFAULT_NOOP is not set
 CONFIG_DEFAULT_IOSCHED="cfq"
-# CONFIG_INLINE_SPIN_TRYLOCK is not set
-# CONFIG_INLINE_SPIN_TRYLOCK_BH is not set
-# CONFIG_INLINE_SPIN_LOCK is not set
-# CONFIG_INLINE_SPIN_LOCK_BH is not set
-# CONFIG_INLINE_SPIN_LOCK_IRQ is not set
-# CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set
-CONFIG_INLINE_SPIN_UNLOCK=y
-# CONFIG_INLINE_SPIN_UNLOCK_BH is not set
+CONFIG_ASN1=m
 CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
-# CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set
-# CONFIG_INLINE_READ_TRYLOCK is not set
-# CONFIG_INLINE_READ_LOCK is not set
-# CONFIG_INLINE_READ_LOCK_BH is not set
-# CONFIG_INLINE_READ_LOCK_IRQ is not set
-# CONFIG_INLINE_READ_LOCK_IRQSAVE is not set
 CONFIG_INLINE_READ_UNLOCK=y
-# CONFIG_INLINE_READ_UNLOCK_BH is not set
 CONFIG_INLINE_READ_UNLOCK_IRQ=y
-# CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set
-# CONFIG_INLINE_WRITE_TRYLOCK is not set
-# CONFIG_INLINE_WRITE_LOCK is not set
-# CONFIG_INLINE_WRITE_LOCK_BH is not set
-# CONFIG_INLINE_WRITE_LOCK_IRQ is not set
-# CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set
 CONFIG_INLINE_WRITE_UNLOCK=y
-# CONFIG_INLINE_WRITE_UNLOCK_BH is not set
 CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
-# CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set
-# CONFIG_MUTEX_SPIN_ON_OWNER is not set
-# CONFIG_FREEZER is not set
+CONFIG_FREEZER=y
 
 #
 # System Type
 #
 CONFIG_MMU=y
+# CONFIG_ARCH_MULTIPLATFORM is not set
 # CONFIG_ARCH_INTEGRATOR is not set
 # CONFIG_ARCH_REALVIEW is not set
 # CONFIG_ARCH_VERSATILE is not set
-# CONFIG_ARCH_VEXPRESS is not set
 # CONFIG_ARCH_AT91 is not set
-# CONFIG_ARCH_BCMRING is not set
-# CONFIG_ARCH_HIGHBANK is not set
 # CONFIG_ARCH_CLPS711X is not set
-# CONFIG_ARCH_CNS3XXX is not set
 # CONFIG_ARCH_GEMINI is not set
-# CONFIG_ARCH_PRIMA2 is not set
 # CONFIG_ARCH_EBSA110 is not set
 # CONFIG_ARCH_EP93XX is not set
 # CONFIG_ARCH_FOOTBRIDGE is not set
-# CONFIG_ARCH_MXC is not set
-# CONFIG_ARCH_MXS is not set
 # CONFIG_ARCH_NETX is not set
-# CONFIG_ARCH_H720X is not set
 # CONFIG_ARCH_IOP13XX is not set
 # CONFIG_ARCH_IOP32X is not set
 # CONFIG_ARCH_IOP33X is not set
-# CONFIG_ARCH_IXP23XX is not set
-# CONFIG_ARCH_IXP2000 is not set
 # CONFIG_ARCH_IXP4XX is not set
 # CONFIG_ARCH_DOVE is not set
 CONFIG_ARCH_KIRKWOOD=y
-# CONFIG_ARCH_LPC32XX is not set
 # CONFIG_ARCH_MV78XX0 is not set
 # CONFIG_ARCH_ORION5X is not set
 # CONFIG_ARCH_MMP is not set
 # CONFIG_ARCH_KS8695 is not set
 # CONFIG_ARCH_W90X900 is not set
-# CONFIG_ARCH_TEGRA is not set
-# CONFIG_ARCH_PICOXCELL is not set
-# CONFIG_ARCH_PNX4008 is not set
+# CONFIG_ARCH_LPC32XX is not set
 # CONFIG_ARCH_PXA is not set
 # CONFIG_ARCH_MSM is not set
 # CONFIG_ARCH_SHMOBILE is not set
 # CONFIG_ARCH_RPC is not set
 # CONFIG_ARCH_SA1100 is not set
-# CONFIG_ARCH_S3C2410 is not set
+# CONFIG_ARCH_S3C24XX is not set
 # CONFIG_ARCH_S3C64XX is not set
 # CONFIG_ARCH_S5P64X0 is not set
 # CONFIG_ARCH_S5PC100 is not set
 # CONFIG_ARCH_S5PV210 is not set
 # CONFIG_ARCH_EXYNOS is not set
 # CONFIG_ARCH_SHARK is not set
-# CONFIG_ARCH_TCC_926 is not set
 # CONFIG_ARCH_U300 is not set
-# CONFIG_ARCH_U8500 is not set
-# CONFIG_ARCH_NOMADIK is not set
 # CONFIG_ARCH_DAVINCI is not set
-# CONFIG_ARCH_OMAP is not set
-# CONFIG_PLAT_SPEAR is not set
-# CONFIG_ARCH_VT8500 is not set
-# CONFIG_ARCH_ZYNQ is not set
-CONFIG_GPIO_PCA953X=m
-CONFIG_KEYBOARD_GPIO_POLLED=m
+# CONFIG_ARCH_OMAP1 is not set
+# CONFIG_GPIO_PCA953X is not set
+CONFIG_KEYBOARD_GPIO_POLLED=y
 
 #
 # Marvell Kirkwood Implementations
 #
+CONFIG_MACH_D2NET_V2=y
 CONFIG_MACH_DB88F6281_BP=y
-CONFIG_MACH_RD88F6192_NAS=y
-CONFIG_MACH_RD88F6281=y
-CONFIG_MACH_MV88F6281GTW_GE=y
-CONFIG_MACH_SHEEVAPLUG=y
+CONFIG_MACH_DOCKSTAR=y
 CONFIG_MACH_ESATA_SHEEVAPLUG=y
 CONFIG_MACH_GURUPLUG=y
-CONFIG_MACH_DREAMPLUG=y
-CONFIG_MACH_TS219=y
-CONFIG_MACH_TS41X=y
-CONFIG_MACH_DOCKSTAR=y
+CONFIG_MACH_INETSPACE_V2=y
+CONFIG_MACH_MV88F6281GTW_GE=y
+CONFIG_MACH_NET2BIG_V2=y
+CONFIG_MACH_NET5BIG_V2=y
+CONFIG_MACH_NETSPACE_MAX_V2=y
+CONFIG_MACH_NETSPACE_V2=y
 CONFIG_MACH_OPENRD=y
 CONFIG_MACH_OPENRD_BASE=y
 CONFIG_MACH_OPENRD_CLIENT=y
 CONFIG_MACH_OPENRD_ULTIMATE=y
-CONFIG_MACH_NETSPACE_V2=y
-CONFIG_MACH_INETSPACE_V2=y
-CONFIG_MACH_NETSPACE_MAX_V2=y
-CONFIG_MACH_D2NET_V2=y
-CONFIG_MACH_NET2BIG_V2=y
-CONFIG_MACH_NET5BIG_V2=y
+CONFIG_MACH_RD88F6192_NAS=y
+CONFIG_MACH_RD88F6281=y
+CONFIG_MACH_SHEEVAPLUG=y
 CONFIG_MACH_T5325=y
-CONFIG_MACH_ICONNECT=y
-CONFIG_MACH_NAS6210=y
+CONFIG_MACH_DREAMPLUG=y
+CONFIG_MACH_TS219=y
+CONFIG_MACH_TS41X=y
 
 #
-# System MMU
-#
+# Device tree entries
+#
+CONFIG_ARCH_KIRKWOOD_DT=y
+CONFIG_MACH_CLOUDBOX_DT=y
+CONFIG_MACH_DLINK_KIRKWOOD_DT=y
+CONFIG_MACH_DOCKSTAR_DT=y
+CONFIG_MACH_DREAMPLUG_DT=y
+CONFIG_MACH_GOFLEXNET_DT=y
+CONFIG_MACH_GURUPLUG_DT=y
+CONFIG_MACH_IB62X0_DT=y
+CONFIG_MACH_ICONNECT_DT=y
+CONFIG_MACH_INETSPACE_V2_DT=y
+CONFIG_MACH_IOMEGA_IX2_200_DT=y
+CONFIG_MACH_KM_KIRKWOOD_DT=y
+CONFIG_MACH_LSXL_DT=y
+CONFIG_MACH_MPLCEC4_DT=y
+CONFIG_MACH_NETSPACE_LITE_V2_DT=y
+CONFIG_MACH_NETSPACE_MAX_V2_DT=y
+CONFIG_MACH_NETSPACE_MINI_V2_DT=y
+CONFIG_MACH_NETSPACE_V2_DT=y
+CONFIG_MACH_NSA310_DT=y
+CONFIG_MACH_OPENBLOCKS_A6_DT=y
+CONFIG_MACH_READYNAS_DT=y
+CONFIG_MACH_TOPKICK_DT=y
+CONFIG_MACH_TS219_DT=y
+CONFIG_MACH_ICONNECT=y
+CONFIG_MACH_NAS6210=y
+# CONFIG_PLAT_SPEAR is not set
 CONFIG_PLAT_ORION=y
+CONFIG_PLAT_ORION_LEGACY=y
 
 #
 # Processor Type
@@ -312,29 +377,33 @@ CONFIG_CPU_USE_DOMAINS=y
 #
 # Processor Features
 #
+# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set
 CONFIG_ARM_THUMB=y
 # CONFIG_CPU_ICACHE_DISABLE is not set
 # CONFIG_CPU_DCACHE_DISABLE is not set
+CONFIG_NEED_KUSER_HELPERS=y
+CONFIG_KUSER_HELPERS=y
 CONFIG_OUTER_CACHE=y
 CONFIG_CACHE_FEROCEON_L2=y
 # CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
+# CONFIG_CACHE_L2X0 is not set
 CONFIG_ARM_L1_CACHE_SHIFT=5
+CONFIG_ARM_NR_BANKS=8
 
 #
 # Bus support
 #
 CONFIG_PCI=y
 CONFIG_PCI_SYSCALL=y
-# CONFIG_ARCH_SUPPORTS_MSI is not set
 # CONFIG_PCI_DEBUG is not set
-CONFIG_PCI_STUB=m
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+CONFIG_PCI_STUB=y
 CONFIG_PCI_ATS=y
 CONFIG_PCI_IOV=y
-CONFIG_PCI_PRI=y
+# CONFIG_PCI_PRI is not set
 # CONFIG_PCI_PASID is not set
 CONFIG_PCCARD=m
-CONFIG_PCMCIA=m
-CONFIG_PCMCIA_LOAD_CIS=y
+# CONFIG_PCMCIA is not set
 CONFIG_CARDBUS=y
 
 #
@@ -346,25 +415,20 @@ CONFIG_YENTA_RICOH=y
 CONFIG_YENTA_TI=y
 CONFIG_YENTA_ENE_TUNE=y
 CONFIG_YENTA_TOSHIBA=y
-CONFIG_PD6729=m
-CONFIG_I82092=m
-CONFIG_PCCARD_NONSTATIC=y
 
 #
 # Kernel Features
 #
-CONFIG_TICK_ONESHOT=y
-CONFIG_NO_HZ=y
-CONFIG_HIGH_RES_TIMERS=y
-CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
 CONFIG_VMSPLIT_3G=y
 # CONFIG_VMSPLIT_2G is not set
 # CONFIG_VMSPLIT_1G is not set
 CONFIG_PAGE_OFFSET=0xC0000000
+CONFIG_ARCH_NR_GPIO=0
 CONFIG_PREEMPT_NONE=y
 # CONFIG_PREEMPT_VOLUNTARY is not set
 # CONFIG_PREEMPT is not set
 CONFIG_HZ=100
+CONFIG_SCHED_HRTICK=y
 CONFIG_AEABI=y
 # CONFIG_OABI_COMPAT is not set
 # CONFIG_ARCH_SPARSEMEM_DEFAULT is not set
@@ -372,48 +436,57 @@ CONFIG_AEABI=y
 CONFIG_HAVE_ARCH_PFN_VALID=y
 CONFIG_HIGHMEM=y
 # CONFIG_HIGHPTE is not set
-CONFIG_SELECT_MEMORY_MODEL=y
-CONFIG_FLATMEM_MANUAL=y
+CONFIG_HW_PERF_EVENTS=y
 CONFIG_FLATMEM=y
 CONFIG_FLAT_NODE_MEM_MAP=y
 CONFIG_HAVE_MEMBLOCK=y
+# CONFIG_HAVE_BOOTMEM_INFO_NODE is not set
 CONFIG_PAGEFLAGS_EXTENDED=y
 CONFIG_SPLIT_PTLOCK_CPUS=999999
-# CONFIG_COMPACTION is not set
+CONFIG_COMPACTION=y
+CONFIG_MIGRATION=y
 # CONFIG_PHYS_ADDR_T_64BIT is not set
 CONFIG_ZONE_DMA_FLAG=0
 CONFIG_BOUNCE=y
-CONFIG_VIRT_TO_BUS=y
 CONFIG_KSM=y
-CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+CONFIG_DEFAULT_MMAP_MIN_ADDR=32768
+CONFIG_CROSS_MEMORY_ATTACH=y
 CONFIG_NEED_PER_CPU_KM=y
-# CONFIG_CLEANCACHE is not set
+CONFIG_CLEANCACHE=y
+# CONFIG_FRONTSWAP is not set
 CONFIG_FORCE_MAX_ZONEORDER=11
 CONFIG_ALIGNMENT_TRAP=y
-CONFIG_UACCESS_WITH_MEMCPY=y
+# CONFIG_UACCESS_WITH_MEMCPY is not set
 CONFIG_SECCOMP=y
 CONFIG_CC_STACKPROTECTOR=y
-# CONFIG_DEPRECATED_PARAM_STRUCT is not set
 
 #
 # Boot options
 #
 CONFIG_USE_OF=y
-CONFIG_ZBOOT_ROM_TEXT=0x0
-CONFIG_ZBOOT_ROM_BSS=0x0
-# CONFIG_ARM_APPENDED_DTB is not set
-CONFIG_CMDLINE=""
+CONFIG_ATAGS=y
+# CONFIG_DEPRECATED_PARAM_STRUCT is not set
+CONFIG_ZBOOT_ROM_TEXT=0
+CONFIG_ZBOOT_ROM_BSS=0
+CONFIG_ARM_APPENDED_DTB=y
+CONFIG_ARM_ATAG_DTB_COMPAT=y
+CONFIG_ARM_ATAG_DTB_COMPAT_CMDLINE_FROM_BOOTLOADER=y
+# CONFIG_ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEND is not set
+CONFIG_CMDLINE="console=ttyAM0,115200 root=/dev/sda1 rootdelay=20"
+CONFIG_CMDLINE_FROM_BOOTLOADER=y
+# CONFIG_CMDLINE_EXTEND is not set
+# CONFIG_CMDLINE_FORCE is not set
 # CONFIG_XIP_KERNEL is not set
-# CONFIG_KEXEC is not set
-# CONFIG_CRASH_DUMP is not set
+CONFIG_KEXEC=y
+CONFIG_ATAGS_PROC=y
+CONFIG_CRASH_DUMP=y
 CONFIG_AUTO_ZRELADDR=y
 
 #
 # CPU Power Management
 #
-CONFIG_CPU_IDLE=y
-CONFIG_CPU_IDLE_GOV_LADDER=y
-CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_CPU_IDLE is not set
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
 
 #
 # Floating point emulation
@@ -422,16 +495,18 @@ CONFIG_CPU_IDLE_GOV_MENU=y
 #
 # At least one emulation must be selected
 #
-# CONFIG_VFP is not set
+CONFIG_VFP=y
 
 #
 # Userspace binary formats
 #
 CONFIG_BINFMT_ELF=y
-# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
-CONFIG_HAVE_AOUT=y
-# CONFIG_BINFMT_AOUT is not set
-# CONFIG_BINFMT_MISC is not set
+CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
+CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+CONFIG_BINFMT_MISC=y
+CONFIG_COREDUMP=y
 
 #
 # Power management options
@@ -439,8 +514,8 @@ CONFIG_HAVE_AOUT=y
 CONFIG_PM_RUNTIME=y
 CONFIG_PM=y
 # CONFIG_PM_DEBUG is not set
-# CONFIG_APM_EMULATION is not set
-CONFIG_CPU_PM=y
+CONFIG_APM_EMULATION=y
+CONFIG_PM_CLK=y
 # CONFIG_ARM_CPU_SUSPEND is not set
 CONFIG_NET=y
 
@@ -448,10 +523,13 @@ CONFIG_NET=y
 # Networking options
 #
 CONFIG_PACKET=y
+CONFIG_PACKET_DIAG=y
 CONFIG_UNIX=y
+CONFIG_UNIX_DIAG=m
 CONFIG_XFRM=y
-CONFIG_XFRM_USER=m
-# CONFIG_XFRM_SUB_POLICY is not set
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
 CONFIG_XFRM_MIGRATE=y
 CONFIG_XFRM_STATISTICS=y
 CONFIG_XFRM_IPCOMP=m
@@ -460,7 +538,7 @@ CONFIG_NET_KEY_MIGRATE=y
 CONFIG_INET=y
 CONFIG_IP_MULTICAST=y
 CONFIG_IP_ADVANCED_ROUTER=y
-# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_FIB_TRIE_STATS=y
 CONFIG_IP_MULTIPLE_TABLES=y
 CONFIG_IP_ROUTE_MULTIPATH=y
 CONFIG_IP_ROUTE_VERBOSE=y
@@ -468,28 +546,31 @@ CONFIG_IP_ROUTE_CLASSID=y
 # CONFIG_IP_PNP is not set
 CONFIG_NET_IPIP=m
 CONFIG_NET_IPGRE_DEMUX=m
+CONFIG_NET_IP_TUNNEL=m
 CONFIG_NET_IPGRE=m
 CONFIG_NET_IPGRE_BROADCAST=y
 CONFIG_IP_MROUTE=y
-# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set
+CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
 CONFIG_IP_PIMSM_V1=y
 CONFIG_IP_PIMSM_V2=y
-CONFIG_ARPD=y
+# CONFIG_ARPD is not set
 CONFIG_SYN_COOKIES=y
+CONFIG_NET_IPVTI=m
 CONFIG_INET_AH=m
 CONFIG_INET_ESP=m
 CONFIG_INET_IPCOMP=m
 CONFIG_INET_XFRM_TUNNEL=m
 CONFIG_INET_TUNNEL=m
-CONFIG_INET_XFRM_MODE_TRANSPORT=y
-CONFIG_INET_XFRM_MODE_TUNNEL=y
-CONFIG_INET_XFRM_MODE_BEET=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=m
+CONFIG_INET_XFRM_MODE_TUNNEL=m
+CONFIG_INET_XFRM_MODE_BEET=m
 CONFIG_INET_LRO=y
 CONFIG_INET_DIAG=m
 CONFIG_INET_TCP_DIAG=m
+CONFIG_INET_UDP_DIAG=m
 CONFIG_TCP_CONG_ADVANCED=y
 CONFIG_TCP_CONG_BIC=m
-CONFIG_TCP_CONG_CUBIC=m
+CONFIG_TCP_CONG_CUBIC=y
 CONFIG_TCP_CONG_WESTWOOD=m
 CONFIG_TCP_CONG_HTCP=m
 CONFIG_TCP_CONG_HSTCP=m
@@ -500,13 +581,15 @@ CONFIG_TCP_CONG_LP=m
 CONFIG_TCP_CONG_VENO=m
 CONFIG_TCP_CONG_YEAH=m
 CONFIG_TCP_CONG_ILLINOIS=m
-CONFIG_DEFAULT_RENO=y
-CONFIG_DEFAULT_TCP_CONG="reno"
-# CONFIG_TCP_MD5SIG is not set
+CONFIG_DEFAULT_CUBIC=y
+# CONFIG_DEFAULT_RENO is not set
+CONFIG_DEFAULT_TCP_CONG="cubic"
+CONFIG_TCP_MD5SIG=y
 CONFIG_IPV6=y
-# CONFIG_IPV6_PRIVACY is not set
-# CONFIG_IPV6_ROUTER_PREF is not set
-# CONFIG_IPV6_OPTIMISTIC_DAD is not set
+CONFIG_IPV6_PRIVACY=y
+CONFIG_IPV6_ROUTER_PREF=y
+CONFIG_IPV6_ROUTE_INFO=y
+CONFIG_IPV6_OPTIMISTIC_DAD=y
 CONFIG_INET6_AH=m
 CONFIG_INET6_ESP=m
 CONFIG_INET6_IPCOMP=m
@@ -518,14 +601,18 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET6_XFRM_MODE_BEET=m
 CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
 CONFIG_IPV6_SIT=m
-# CONFIG_IPV6_SIT_6RD is not set
+CONFIG_IPV6_SIT_6RD=y
 CONFIG_IPV6_NDISC_NODETYPE=y
 CONFIG_IPV6_TUNNEL=m
+CONFIG_IPV6_GRE=m
 CONFIG_IPV6_MULTIPLE_TABLES=y
-# CONFIG_IPV6_SUBTREES is not set
-# CONFIG_IPV6_MROUTE is not set
-# CONFIG_NETWORK_SECMARK is not set
-CONFIG_NETWORK_PHY_TIMESTAMPING=y
+CONFIG_IPV6_SUBTREES=y
+CONFIG_IPV6_MROUTE=y
+CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
+CONFIG_IPV6_PIMSM_V2=y
+# CONFIG_NETLABEL is not set
+CONFIG_NETWORK_SECMARK=y
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
 CONFIG_NETFILTER=y
 # CONFIG_NETFILTER_DEBUG is not set
 CONFIG_NETFILTER_ADVANCED=y
@@ -535,13 +622,18 @@ CONFIG_BRIDGE_NETFILTER=y
 # Core Netfilter Configuration
 #
 CONFIG_NETFILTER_NETLINK=m
+CONFIG_NETFILTER_NETLINK_ACCT=m
 CONFIG_NETFILTER_NETLINK_QUEUE=m
 CONFIG_NETFILTER_NETLINK_LOG=m
-CONFIG_NF_CONNTRACK=m
+CONFIG_NF_CONNTRACK=y
 CONFIG_NF_CONNTRACK_MARK=y
-# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_SECMARK=y
+CONFIG_NF_CONNTRACK_ZONES=y
+CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
+CONFIG_NF_CONNTRACK_TIMEOUT=y
 CONFIG_NF_CONNTRACK_TIMESTAMP=y
+CONFIG_NF_CONNTRACK_LABELS=y
 CONFIG_NF_CT_PROTO_DCCP=m
 CONFIG_NF_CT_PROTO_GRE=m
 CONFIG_NF_CT_PROTO_SCTP=m
@@ -558,14 +650,28 @@ CONFIG_NF_CONNTRACK_SANE=m
 CONFIG_NF_CONNTRACK_SIP=m
 CONFIG_NF_CONNTRACK_TFTP=m
 CONFIG_NF_CT_NETLINK=m
+CONFIG_NF_CT_NETLINK_TIMEOUT=m
+CONFIG_NF_CT_NETLINK_HELPER=m
+CONFIG_NETFILTER_NETLINK_QUEUE_CT=y
+CONFIG_NF_NAT=m
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_DCCP=m
+CONFIG_NF_NAT_PROTO_UDPLITE=m
+CONFIG_NF_NAT_PROTO_SCTP=m
+CONFIG_NF_NAT_AMANDA=m
+CONFIG_NF_NAT_FTP=m
+CONFIG_NF_NAT_IRC=m
+CONFIG_NF_NAT_SIP=m
+CONFIG_NF_NAT_TFTP=m
 CONFIG_NETFILTER_TPROXY=m
-CONFIG_NETFILTER_XTABLES=m
+CONFIG_NETFILTER_XTABLES=y
 
 #
 # Xtables combined modules
 #
 CONFIG_NETFILTER_XT_MARK=m
 CONFIG_NETFILTER_XT_CONNMARK=m
+CONFIG_NETFILTER_XT_SET=m
 
 #
 # Xtables targets
@@ -574,20 +680,26 @@ CONFIG_NETFILTER_XT_TARGET_AUDIT=m
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
+CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
 CONFIG_NETFILTER_XT_TARGET_CT=m
 CONFIG_NETFILTER_XT_TARGET_DSCP=m
 CONFIG_NETFILTER_XT_TARGET_HL=m
+CONFIG_NETFILTER_XT_TARGET_HMARK=m
 CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
 CONFIG_NETFILTER_XT_TARGET_LED=m
+CONFIG_NETFILTER_XT_TARGET_LOG=m
 CONFIG_NETFILTER_XT_TARGET_IMQ=m
 CONFIG_NETFILTER_XT_TARGET_MARK=m
+CONFIG_NETFILTER_XT_TARGET_NETMAP=m
 CONFIG_NETFILTER_XT_TARGET_NFLOG=m
 CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
 CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
 CONFIG_NETFILTER_XT_TARGET_RATEEST=m
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
 CONFIG_NETFILTER_XT_TARGET_TEE=m
 CONFIG_NETFILTER_XT_TARGET_TPROXY=m
 CONFIG_NETFILTER_XT_TARGET_TRACE=m
+CONFIG_NETFILTER_XT_TARGET_SECMARK=m
 CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
 CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
 
@@ -595,9 +707,11 @@ CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
 # Xtables matches
 #
 CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
+CONFIG_NETFILTER_XT_MATCH_BPF=m
 CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
 CONFIG_NETFILTER_XT_MATCH_COMMENT=m
 CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
+CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m
 CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
 CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
 CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
@@ -605,17 +719,19 @@ CONFIG_NETFILTER_XT_MATCH_CPU=m
 CONFIG_NETFILTER_XT_MATCH_DCCP=m
 CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
 CONFIG_NETFILTER_XT_MATCH_DSCP=m
+CONFIG_NETFILTER_XT_MATCH_ECN=m
 CONFIG_NETFILTER_XT_MATCH_ESP=m
 CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
 CONFIG_NETFILTER_XT_MATCH_HELPER=m
 CONFIG_NETFILTER_XT_MATCH_HL=m
 CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
-CONFIG_NETFILTER_XT_MATCH_IPVS=m
+# CONFIG_NETFILTER_XT_MATCH_IPVS is not set
 CONFIG_NETFILTER_XT_MATCH_LENGTH=m
 CONFIG_NETFILTER_XT_MATCH_LIMIT=m
 CONFIG_NETFILTER_XT_MATCH_MAC=m
 CONFIG_NETFILTER_XT_MATCH_MARK=m
 CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
+CONFIG_NETFILTER_XT_MATCH_NFACCT=m
 CONFIG_NETFILTER_XT_MATCH_OSF=m
 CONFIG_NETFILTER_XT_MATCH_OWNER=m
 CONFIG_NETFILTER_XT_MATCH_POLICY=m
@@ -635,7 +751,19 @@ CONFIG_NETFILTER_XT_MATCH_STRING=m
 CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
 CONFIG_NETFILTER_XT_MATCH_TIME=m
 CONFIG_NETFILTER_XT_MATCH_U32=m
-# CONFIG_IP_SET is not set
+CONFIG_IP_SET=m
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=m
+CONFIG_IP_SET_BITMAP_IPMAC=m
+CONFIG_IP_SET_BITMAP_PORT=m
+CONFIG_IP_SET_HASH_IP=m
+CONFIG_IP_SET_HASH_IPPORT=m
+CONFIG_IP_SET_HASH_IPPORTIP=m
+CONFIG_IP_SET_HASH_IPPORTNET=m
+CONFIG_IP_SET_HASH_NET=m
+CONFIG_IP_SET_HASH_NETPORT=m
+CONFIG_IP_SET_HASH_NETIFACE=m
+CONFIG_IP_SET_LIST_SET=m
 CONFIG_IP_VS=m
 CONFIG_IP_VS_IPV6=y
 # CONFIG_IP_VS_DEBUG is not set
@@ -665,6 +793,11 @@ CONFIG_IP_VS_SH=m
 CONFIG_IP_VS_SED=m
 CONFIG_IP_VS_NQ=m
 
+#
+# IPVS SH scheduler
+#
+CONFIG_IP_VS_SH_TAB_BITS=8
+
 #
 # IPVS application helper
 #
@@ -675,40 +808,31 @@ CONFIG_IP_VS_PE_SIP=m
 #
 # IP: Netfilter Configuration
 #
-CONFIG_NF_DEFRAG_IPV4=m
-CONFIG_NF_CONNTRACK_IPV4=m
-CONFIG_NF_CONNTRACK_PROC_COMPAT=y
-CONFIG_IP_NF_QUEUE=m
-CONFIG_IP_NF_IPTABLES=m
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
+CONFIG_IP_NF_IPTABLES=y
 CONFIG_IP_NF_MATCH_AH=m
 CONFIG_IP_NF_MATCH_ECN=m
+CONFIG_IP_NF_MATCH_RPFILTER=m
 CONFIG_IP_NF_MATCH_TTL=m
 CONFIG_IP_NF_FILTER=m
 CONFIG_IP_NF_TARGET_REJECT=m
-CONFIG_IP_NF_TARGET_LOG=m
-CONFIG_IP_NF_TARGET_ULOG=m
-CONFIG_NF_NAT=m
-CONFIG_NF_NAT_NEEDED=y
+# CONFIG_IP_NF_TARGET_ULOG is not set
+CONFIG_NF_NAT_IPV4=m
 CONFIG_IP_NF_TARGET_MASQUERADE=m
 CONFIG_IP_NF_TARGET_NETMAP=m
 CONFIG_IP_NF_TARGET_REDIRECT=m
 CONFIG_NF_NAT_SNMP_BASIC=m
-CONFIG_NF_NAT_PROTO_DCCP=m
 CONFIG_NF_NAT_PROTO_GRE=m
-CONFIG_NF_NAT_PROTO_UDPLITE=m
-CONFIG_NF_NAT_PROTO_SCTP=m
-CONFIG_NF_NAT_FTP=m
-CONFIG_NF_NAT_IRC=m
-CONFIG_NF_NAT_TFTP=m
-CONFIG_NF_NAT_AMANDA=m
 CONFIG_NF_NAT_PPTP=m
 CONFIG_NF_NAT_H323=m
-CONFIG_NF_NAT_SIP=m
 CONFIG_IP_NF_MANGLE=m
 CONFIG_IP_NF_TARGET_CLUSTERIP=m
 CONFIG_IP_NF_TARGET_ECN=m
 CONFIG_IP_NF_TARGET_TTL=m
 CONFIG_IP_NF_RAW=m
+CONFIG_IP_NF_SECURITY=m
 CONFIG_IP_NF_ARPTABLES=m
 CONFIG_IP_NF_ARPFILTER=m
 CONFIG_IP_NF_ARP_MANGLE=m
@@ -717,10 +841,9 @@ CONFIG_IP_NF_MATCH_IPP2P=m
 #
 # IPv6: Netfilter Configuration
 #
-CONFIG_NF_DEFRAG_IPV6=m
-CONFIG_NF_CONNTRACK_IPV6=m
-CONFIG_IP6_NF_QUEUE=m
-CONFIG_IP6_NF_IPTABLES=m
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
 CONFIG_IP6_NF_MATCH_AH=m
 CONFIG_IP6_NF_MATCH_EUI64=m
 CONFIG_IP6_NF_MATCH_FRAG=m
@@ -728,13 +851,17 @@ CONFIG_IP6_NF_MATCH_OPTS=m
 CONFIG_IP6_NF_MATCH_HL=m
 CONFIG_IP6_NF_MATCH_IPV6HEADER=m
 CONFIG_IP6_NF_MATCH_MH=m
+CONFIG_IP6_NF_MATCH_RPFILTER=m
 CONFIG_IP6_NF_MATCH_RT=m
 CONFIG_IP6_NF_TARGET_HL=m
-CONFIG_IP6_NF_TARGET_LOG=m
 CONFIG_IP6_NF_FILTER=m
 CONFIG_IP6_NF_TARGET_REJECT=m
 CONFIG_IP6_NF_MANGLE=m
 CONFIG_IP6_NF_RAW=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_NF_NAT_IPV6=m
+CONFIG_IP6_NF_TARGET_MASQUERADE=m
+CONFIG_IP6_NF_TARGET_NPT=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_EBT_BROUTE=m
 CONFIG_BRIDGE_EBT_T_FILTER=m
@@ -755,49 +882,52 @@ CONFIG_BRIDGE_EBT_MARK_T=m
 CONFIG_BRIDGE_EBT_REDIRECT=m
 CONFIG_BRIDGE_EBT_SNAT=m
 CONFIG_BRIDGE_EBT_LOG=m
-CONFIG_BRIDGE_EBT_ULOG=m
+# CONFIG_BRIDGE_EBT_ULOG is not set
 CONFIG_BRIDGE_EBT_NFLOG=m
 # CONFIG_IP_DCCP is not set
-# CONFIG_IP_SCTP is not set
+CONFIG_IP_SCTP=m
+# CONFIG_SCTP_DBG_MSG is not set
+# CONFIG_SCTP_DBG_OBJCNT is not set
+# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5 is not set
+CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1=y
+# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set
+CONFIG_SCTP_COOKIE_HMAC_MD5=y
+CONFIG_SCTP_COOKIE_HMAC_SHA1=y
 # CONFIG_RDS is not set
 # CONFIG_TIPC is not set
 CONFIG_ATM=m
 CONFIG_ATM_CLIP=m
-CONFIG_ATM_CLIP_NO_ICMP=y
+# CONFIG_ATM_CLIP_NO_ICMP is not set
 # CONFIG_ATM_LANE is not set
 CONFIG_ATM_BR2684=m
 # CONFIG_ATM_BR2684_IPFILTER is not set
 CONFIG_L2TP=m
+# CONFIG_L2TP_DEBUGFS is not set
 CONFIG_L2TP_V3=y
 CONFIG_L2TP_IP=m
 CONFIG_L2TP_ETH=m
-CONFIG_STP=m
-CONFIG_GARP=m
-CONFIG_BRIDGE=m
+CONFIG_STP=y
+CONFIG_GARP=y
+CONFIG_BRIDGE=y
 CONFIG_BRIDGE_IGMP_SNOOPING=y
+CONFIG_BRIDGE_VLAN_FILTERING=y
+CONFIG_HAVE_NET_DSA=y
 CONFIG_NET_DSA=y
 CONFIG_NET_DSA_TAG_DSA=y
 CONFIG_NET_DSA_TAG_EDSA=y
 CONFIG_NET_DSA_TAG_TRAILER=y
-CONFIG_NET_DSA_MV88E6XXX=y
-CONFIG_NET_DSA_MV88E6060=y
-CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y
-CONFIG_NET_DSA_MV88E6131=y
-CONFIG_NET_DSA_MV88E6123_61_65=y
 CONFIG_VLAN_8021Q=m
 CONFIG_VLAN_8021Q_GVRP=y
+# CONFIG_VLAN_8021Q_MVRP is not set
 # CONFIG_DECNET is not set
-CONFIG_LLC=m
+CONFIG_LLC=y
 # CONFIG_LLC2 is not set
 # CONFIG_IPX is not set
 # CONFIG_ATALK is not set
 # CONFIG_X25 is not set
 # CONFIG_LAPB is not set
-# CONFIG_ECONET is not set
-# CONFIG_WAN_ROUTER is not set
 # CONFIG_PHONET is not set
-CONFIG_IEEE802154=m
-CONFIG_IEEE802154_6LOWPAN=m
+# CONFIG_IEEE802154 is not set
 CONFIG_NET_SCHED=y
 
 #
@@ -821,7 +951,10 @@ CONFIG_NET_SCH_DRR=m
 CONFIG_NET_SCH_MQPRIO=m
 CONFIG_NET_SCH_CHOKE=m
 CONFIG_NET_SCH_QFQ=m
+CONFIG_NET_SCH_CODEL=m
+CONFIG_NET_SCH_FQ_CODEL=m
 CONFIG_NET_SCH_INGRESS=m
+CONFIG_NET_SCH_PLUG=m
 
 #
 # Classification
@@ -837,6 +970,7 @@ CONFIG_CLS_U32_MARK=y
 CONFIG_NET_CLS_RSVP=m
 CONFIG_NET_CLS_RSVP6=m
 CONFIG_NET_CLS_FLOW=m
+CONFIG_NET_CLS_CGROUP=m
 CONFIG_NET_EMATCH=y
 CONFIG_NET_EMATCH_STACK=32
 CONFIG_NET_EMATCH_CMP=m
@@ -844,6 +978,7 @@ CONFIG_NET_EMATCH_NBYTE=m
 CONFIG_NET_EMATCH_U32=m
 CONFIG_NET_EMATCH_META=m
 CONFIG_NET_EMATCH_TEXT=m
+CONFIG_NET_EMATCH_IPSET=m
 CONFIG_NET_CLS_ACT=y
 CONFIG_NET_ACT_POLICE=m
 CONFIG_NET_ACT_GACT=m
@@ -860,59 +995,27 @@ CONFIG_NET_SCH_FIFO=y
 # CONFIG_DCB is not set
 CONFIG_DNS_RESOLVER=y
 CONFIG_BATMAN_ADV=m
+CONFIG_BATMAN_ADV_BLA=y
+CONFIG_BATMAN_ADV_DAT=y
+CONFIG_BATMAN_ADV_NC=y
 # CONFIG_BATMAN_ADV_DEBUG is not set
+CONFIG_OPENVSWITCH=m
+CONFIG_VSOCKETS=m
+CONFIG_NETLINK_MMAP=y
+CONFIG_NETLINK_DIAG=m
+CONFIG_NETPRIO_CGROUP=m
+CONFIG_BQL=y
+CONFIG_BPF_JIT=y
 
 #
 # Network testing
 #
 # CONFIG_NET_PKTGEN is not set
+# CONFIG_NET_DROP_MONITOR is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_CAN is not set
-CONFIG_IRDA=m
-
-#
-# IrDA protocols
-#
-CONFIG_IRLAN=m
-CONFIG_IRNET=m
-CONFIG_IRCOMM=m
-# CONFIG_IRDA_ULTRA is not set
-
-#
-# IrDA options
-#
-# CONFIG_IRDA_CACHE_LAST_LSAP is not set
-# CONFIG_IRDA_FAST_RR is not set
-# CONFIG_IRDA_DEBUG is not set
-
-#
-# Infrared-port device drivers
-#
-
-#
-# SIR device drivers
-#
-CONFIG_IRTTY_SIR=m
-
-#
-# Dongle support
-#
-# CONFIG_DONGLE is not set
-CONFIG_KINGSUN_DONGLE=m
-CONFIG_KSDAZZLE_DONGLE=m
-CONFIG_KS959_DONGLE=m
-
-#
-# FIR device drivers
-#
-CONFIG_USB_IRDA=m
-CONFIG_SIGMATEL_FIR=m
-# CONFIG_TOSHIBA_FIR is not set
-CONFIG_VLSI_FIR=m
-CONFIG_MCS_FIR=m
+# CONFIG_IRDA is not set
 CONFIG_BT=m
-CONFIG_BT_L2CAP=y
-CONFIG_BT_SCO=y
 CONFIG_BT_RFCOMM=m
 CONFIG_BT_RFCOMM_TTY=y
 CONFIG_BT_BNEP=m
@@ -931,21 +1034,16 @@ CONFIG_BT_HCIUART_H4=y
 CONFIG_BT_HCIUART_BCSP=y
 CONFIG_BT_HCIUART_ATH3K=y
 CONFIG_BT_HCIUART_LL=y
+CONFIG_BT_HCIUART_3WIRE=y
 CONFIG_BT_HCIBCM203X=m
 CONFIG_BT_HCIBPA10X=m
 CONFIG_BT_HCIBFUSB=m
-CONFIG_BT_HCIDTL1=m
-CONFIG_BT_HCIBT3C=m
-CONFIG_BT_HCIBLUECARD=m
-CONFIG_BT_HCIBTUART=m
 CONFIG_BT_HCIVHCI=m
 CONFIG_BT_MRVL=m
 CONFIG_BT_MRVL_SDIO=m
 CONFIG_BT_ATH3K=m
 CONFIG_BT_WILINK=m
-CONFIG_AF_RXRPC=m
-# CONFIG_AF_RXRPC_DEBUG is not set
-CONFIG_RXKAD=m
+# CONFIG_AF_RXRPC is not set
 CONFIG_FIB_RULES=y
 CONFIG_WIRELESS=y
 CONFIG_WIRELESS_EXT=y
@@ -957,10 +1055,11 @@ CONFIG_CFG80211=m
 # CONFIG_NL80211_TESTMODE is not set
 # CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
 # CONFIG_CFG80211_REG_DEBUG is not set
-# CONFIG_CFG80211_DEFAULT_PS is not set
+# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
+CONFIG_CFG80211_DEFAULT_PS=y
+# CONFIG_CFG80211_DEBUGFS is not set
 # CONFIG_CFG80211_INTERNAL_REGDB is not set
 CONFIG_CFG80211_WEXT=y
-CONFIG_WIRELESS_EXT_SYSFS=y
 CONFIG_LIB80211=m
 CONFIG_LIB80211_CRYPT_WEP=m
 CONFIG_LIB80211_CRYPT_CCMP=m
@@ -968,24 +1067,27 @@ CONFIG_LIB80211_CRYPT_TKIP=m
 # CONFIG_LIB80211_DEBUG is not set
 CONFIG_MAC80211=m
 CONFIG_MAC80211_HAS_RC=y
+# CONFIG_MAC80211_RC_PID is not set
 CONFIG_MAC80211_RC_MINSTREL=y
 CONFIG_MAC80211_RC_MINSTREL_HT=y
 CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y
 CONFIG_MAC80211_RC_DEFAULT="minstrel_ht"
 CONFIG_MAC80211_MESH=y
 CONFIG_MAC80211_LEDS=y
+# CONFIG_MAC80211_DEBUGFS is not set
+# CONFIG_MAC80211_MESSAGE_TRACING is not set
 # CONFIG_MAC80211_DEBUG_MENU is not set
 # CONFIG_WIMAX is not set
 CONFIG_RFKILL=m
 CONFIG_RFKILL_LEDS=y
 CONFIG_RFKILL_INPUT=y
 CONFIG_RFKILL_REGULATOR=m
+# CONFIG_RFKILL_GPIO is not set
 # CONFIG_NET_9P is not set
 # CONFIG_CAIF is not set
-CONFIG_CEPH_LIB=m
-# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
-# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set
+# CONFIG_CEPH_LIB is not set
 # CONFIG_NFC is not set
+CONFIG_HAVE_BPF_JIT=y
 
 #
 # Device Drivers
@@ -994,39 +1096,51 @@ CONFIG_CEPH_LIB=m
 #
 # Generic Driver Options
 #
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
-# CONFIG_STANDALONE is not set
-# CONFIG_PREVENT_FIRMWARE_BUILD is not set
+CONFIG_UEVENT_HELPER_PATH=""
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
 CONFIG_FW_LOADER=y
 # CONFIG_FIRMWARE_IN_KERNEL is not set
 CONFIG_EXTRA_FIRMWARE=""
+CONFIG_FW_LOADER_USER_HELPER=y
 # CONFIG_DEBUG_DRIVER is not set
 # CONFIG_DEBUG_DEVRES is not set
 # CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
 CONFIG_REGMAP=y
-CONFIG_REGMAP_I2C=m
-CONFIG_CONNECTOR=m
-CONFIG_MTD=m
-CONFIG_MTD_TESTS=m
+CONFIG_REGMAP_I2C=y
+CONFIG_REGMAP_IRQ=y
+CONFIG_DMA_SHARED_BUFFER=y
+# CONFIG_CMA is not set
+
+#
+# Bus devices
+#
+CONFIG_MVEBU_MBUS=y
+CONFIG_CONNECTOR=y
+CONFIG_PROC_EVENTS=y
+CONFIG_MTD=y
+# CONFIG_MTD_TESTS is not set
 # CONFIG_MTD_REDBOOT_PARTS is not set
+CONFIG_MTD_CMDLINE_PARTS=y
 # CONFIG_MTD_AFS_PARTS is not set
-CONFIG_MTD_OF_PARTS=m
-CONFIG_MTD_AR7_PARTS=m
+CONFIG_MTD_OF_PARTS=y
+# CONFIG_MTD_AR7_PARTS is not set
 
 #
 # User Modules And Translation Layers
 #
-CONFIG_MTD_CHAR=m
-CONFIG_MTD_BLKDEVS=m
-CONFIG_MTD_BLOCK=m
+# CONFIG_MTD_BLKDEVS is not set
+# CONFIG_MTD_BLOCK is not set
 # CONFIG_MTD_BLOCK_RO is not set
 # CONFIG_FTL is not set
 # CONFIG_NFTL is not set
 # CONFIG_INFTL is not set
 # CONFIG_RFD_FTL is not set
 # CONFIG_SSFDC is not set
-CONFIG_SM_FTL=m
+# CONFIG_SM_FTL is not set
 # CONFIG_MTD_OOPS is not set
 # CONFIG_MTD_SWAP is not set
 
@@ -1053,8 +1167,6 @@ CONFIG_MTD_CFI_I2=y
 # Mapping drivers for chip access
 #
 # CONFIG_MTD_COMPLEX_MAPPINGS is not set
-CONFIG_MTD_PHYSMAP=m
-# CONFIG_MTD_PHYSMAP_COMPAT is not set
 # CONFIG_MTD_INTEL_VR_NOR is not set
 # CONFIG_MTD_PLATRAM is not set
 
@@ -1070,39 +1182,34 @@ CONFIG_MTD_PHYSMAP=m
 #
 # Disk-On-Chip Device Drivers
 #
-# CONFIG_MTD_DOC2000 is not set
-# CONFIG_MTD_DOC2001 is not set
-# CONFIG_MTD_DOC2001PLUS is not set
 # CONFIG_MTD_DOCG3 is not set
-CONFIG_MTD_NAND_ECC=m
+CONFIG_MTD_NAND_ECC=y
 # CONFIG_MTD_NAND_ECC_SMC is not set
-CONFIG_MTD_NAND=m
-# CONFIG_MTD_NAND_VERIFY_WRITE is not set
+CONFIG_MTD_NAND=y
 # CONFIG_MTD_NAND_ECC_BCH is not set
 # CONFIG_MTD_SM_COMMON is not set
-# CONFIG_MTD_NAND_MUSEUM_IDS is not set
 # CONFIG_MTD_NAND_DENALI is not set
 # CONFIG_MTD_NAND_GPIO is not set
-CONFIG_MTD_NAND_IDS=m
+CONFIG_MTD_NAND_IDS=y
 # CONFIG_MTD_NAND_RICOH is not set
 # CONFIG_MTD_NAND_DISKONCHIP is not set
+# CONFIG_MTD_NAND_DOCG4 is not set
 # CONFIG_MTD_NAND_CAFE is not set
 # CONFIG_MTD_NAND_NANDSIM is not set
-CONFIG_MTD_NAND_PLATFORM=m
+# CONFIG_MTD_NAND_PLATFORM is not set
 # CONFIG_MTD_ALAUDA is not set
-CONFIG_MTD_NAND_ORION=m
+CONFIG_MTD_NAND_ORION=y
 # CONFIG_MTD_ONENAND is not set
 
 #
 # LPDDR flash memory drivers
 #
-CONFIG_MTD_LPDDR=m
-CONFIG_MTD_QINFO_PROBE=m
-CONFIG_MTD_UBI=m
+# CONFIG_MTD_LPDDR is not set
+CONFIG_MTD_UBI=y
 CONFIG_MTD_UBI_WL_THRESHOLD=4096
-CONFIG_MTD_UBI_BEB_RESERVE=1
+CONFIG_MTD_UBI_BEB_LIMIT=20
+# CONFIG_MTD_UBI_FASTMAP is not set
 # CONFIG_MTD_UBI_GLUEBI is not set
-# CONFIG_MTD_UBI_DEBUG is not set
 CONFIG_DTC=y
 CONFIG_OF=y
 
@@ -1110,71 +1217,84 @@ CONFIG_OF=y
 # Device Tree and Open Firmware support
 #
 CONFIG_PROC_DEVICETREE=y
+# CONFIG_OF_SELFTEST is not set
 CONFIG_OF_FLATTREE=y
 CONFIG_OF_EARLY_FLATTREE=y
 CONFIG_OF_ADDRESS=y
 CONFIG_OF_IRQ=y
 CONFIG_OF_DEVICE=y
-CONFIG_OF_GPIO=y
 CONFIG_OF_I2C=y
 CONFIG_OF_NET=y
 CONFIG_OF_MDIO=y
 CONFIG_OF_PCI=y
 CONFIG_OF_PCI_IRQ=y
+CONFIG_OF_MTD=y
 CONFIG_PARPORT=m
-# CONFIG_PARPORT_PC is not set
+CONFIG_PARPORT_PC=m
+CONFIG_PARPORT_SERIAL=m
+# CONFIG_PARPORT_PC_FIFO is not set
+# CONFIG_PARPORT_PC_SUPERIO is not set
 # CONFIG_PARPORT_GSC is not set
-CONFIG_PARPORT_AX88796=m
+# CONFIG_PARPORT_AX88796 is not set
 CONFIG_PARPORT_1284=y
 CONFIG_PARPORT_NOT_PC=y
 CONFIG_BLK_DEV=y
-CONFIG_BLK_CPQ_DA=m
+# CONFIG_PARIDE is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
 CONFIG_BLK_CPQ_CISS_DA=m
 # CONFIG_CISS_SCSI_TAPE is not set
 CONFIG_BLK_DEV_DAC960=m
-# CONFIG_BLK_DEV_UMEM is not set
+CONFIG_BLK_DEV_UMEM=m
 # CONFIG_BLK_DEV_COW_COMMON is not set
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
 CONFIG_BLK_DEV_CRYPTOLOOP=m
 # CONFIG_BLK_DEV_DRBD is not set
-CONFIG_BLK_DEV_NBD=m
-CONFIG_BLK_DEV_OSD=m
+# CONFIG_BLK_DEV_NBD is not set
+CONFIG_BLK_DEV_NVME=m
+# CONFIG_BLK_DEV_OSD is not set
 CONFIG_BLK_DEV_SX8=m
-# CONFIG_BLK_DEV_UB is not set
 CONFIG_BLK_DEV_RAM=y
-CONFIG_BLK_DEV_RAM_COUNT=8
+CONFIG_BLK_DEV_RAM_COUNT=16
 CONFIG_BLK_DEV_RAM_SIZE=16384
 # CONFIG_BLK_DEV_XIP is not set
 # CONFIG_CDROM_PKTCDVD is not set
-CONFIG_ATA_OVER_ETH=m
-CONFIG_MG_DISK=m
-CONFIG_MG_DISK_RES=0
-CONFIG_BLK_DEV_RBD=m
-CONFIG_SENSORS_LIS3LV02D=m
-CONFIG_MISC_DEVICES=y
+# CONFIG_ATA_OVER_ETH is not set
+# CONFIG_MG_DISK is not set
+# CONFIG_BLK_DEV_RBD is not set
+CONFIG_BLK_DEV_RSXX=m
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
 # CONFIG_AD525X_DPOT is not set
+# CONFIG_ATMEL_PWM is not set
+CONFIG_DUMMY_IRQ=m
 # CONFIG_PHANTOM is not set
 # CONFIG_INTEL_MID_PTI is not set
 # CONFIG_SGI_IOC4 is not set
 CONFIG_TIFM_CORE=m
 CONFIG_TIFM_7XX1=m
 CONFIG_ICS932S401=m
+# CONFIG_ATMEL_SSC is not set
 CONFIG_ENCLOSURE_SERVICES=m
 CONFIG_HP_ILO=m
-CONFIG_APDS9802ALS=m
-CONFIG_ISL29003=m
-CONFIG_ISL29020=m
-CONFIG_SENSORS_TSL2550=m
-CONFIG_SENSORS_BH1780=m
-CONFIG_SENSORS_BH1770=m
-CONFIG_SENSORS_APDS990X=m
-CONFIG_HMC6352=m
+# CONFIG_APDS9802ALS is not set
+# CONFIG_ISL29003 is not set
+# CONFIG_ISL29020 is not set
+# CONFIG_SENSORS_TSL2550 is not set
+# CONFIG_SENSORS_BH1780 is not set
+# CONFIG_SENSORS_BH1770 is not set
+# CONFIG_SENSORS_APDS990X is not set
+# CONFIG_HMC6352 is not set
 CONFIG_DS1682=m
-CONFIG_BMP085=m
+CONFIG_BMP085=y
+CONFIG_BMP085_I2C=m
 CONFIG_PCH_PHUB=m
 CONFIG_USB_SWITCH_FSA9480=m
-CONFIG_C2PORT=m
+# CONFIG_SRAM is not set
+# CONFIG_C2PORT is not set
 
 #
 # EEPROM support
@@ -1186,62 +1306,60 @@ CONFIG_EEPROM_93CX6=m
 CONFIG_CB710_CORE=m
 # CONFIG_CB710_DEBUG is not set
 CONFIG_CB710_DEBUG_ASSUMPTIONS=y
-CONFIG_IWMC3200TOP=m
-# CONFIG_IWMC3200TOP_DEBUG is not set
-# CONFIG_IWMC3200TOP_DEBUGFS is not set
 
 #
 # Texas Instruments shared transport line discipline
 #
 CONFIG_TI_ST=m
-CONFIG_SENSORS_LIS3_I2C=m
+# CONFIG_SENSORS_LIS3_I2C is not set
 
 #
 # Altera FPGA firmware download module
 #
-# CONFIG_ALTERA_STAPL is not set
+CONFIG_ALTERA_STAPL=m
 CONFIG_HAVE_IDE=y
 # CONFIG_IDE is not set
 
 #
 # SCSI device support
 #
-CONFIG_SCSI_MOD=m
+CONFIG_SCSI_MOD=y
 CONFIG_RAID_ATTRS=m
-CONFIG_SCSI=m
+CONFIG_SCSI=y
 CONFIG_SCSI_DMA=y
-# CONFIG_SCSI_TGT is not set
+CONFIG_SCSI_TGT=m
 CONFIG_SCSI_NETLINK=y
 CONFIG_SCSI_PROC_FS=y
 
 #
 # SCSI support type (disk, tape, CD-ROM)
 #
-CONFIG_BLK_DEV_SD=m
-# CONFIG_CHR_DEV_ST is not set
-# CONFIG_CHR_DEV_OSST is not set
-CONFIG_BLK_DEV_SR=m
+CONFIG_BLK_DEV_SD=y
+CONFIG_CHR_DEV_ST=m
+CONFIG_CHR_DEV_OSST=m
+CONFIG_BLK_DEV_SR=y
 CONFIG_BLK_DEV_SR_VENDOR=y
-CONFIG_CHR_DEV_SG=m
+CONFIG_CHR_DEV_SG=y
 CONFIG_CHR_DEV_SCH=m
 CONFIG_SCSI_ENCLOSURE=m
 CONFIG_SCSI_MULTI_LUN=y
-# CONFIG_SCSI_CONSTANTS is not set
-# CONFIG_SCSI_LOGGING is not set
-# CONFIG_SCSI_SCAN_ASYNC is not set
-CONFIG_SCSI_WAIT_SCAN=m
+CONFIG_SCSI_CONSTANTS=y
+CONFIG_SCSI_LOGGING=y
+CONFIG_SCSI_SCAN_ASYNC=y
 
 #
 # SCSI Transports
 #
 CONFIG_SCSI_SPI_ATTRS=m
 CONFIG_SCSI_FC_ATTRS=m
+CONFIG_SCSI_FC_TGT_ATTRS=y
 CONFIG_SCSI_ISCSI_ATTRS=m
 CONFIG_SCSI_SAS_ATTRS=m
 CONFIG_SCSI_SAS_LIBSAS=m
 CONFIG_SCSI_SAS_ATA=y
 CONFIG_SCSI_SAS_HOST_SMP=y
 CONFIG_SCSI_SRP_ATTRS=m
+CONFIG_SCSI_SRP_TGT_ATTRS=y
 CONFIG_SCSI_LOWLEVEL=y
 CONFIG_ISCSI_TCP=m
 CONFIG_ISCSI_BOOT_SYSFS=m
@@ -1257,28 +1375,24 @@ CONFIG_SCSI_3W_SAS=m
 # CONFIG_SCSI_ACARD is not set
 CONFIG_SCSI_AACRAID=m
 CONFIG_SCSI_AIC7XXX=m
-CONFIG_AIC7XXX_CMDS_PER_DEVICE=253
-CONFIG_AIC7XXX_RESET_DELAY_MS=15000
-# CONFIG_AIC7XXX_BUILD_FIRMWARE is not set
-# CONFIG_AIC7XXX_DEBUG_ENABLE is not set
+CONFIG_AIC7XXX_CMDS_PER_DEVICE=32
+CONFIG_AIC7XXX_RESET_DELAY_MS=5000
+CONFIG_AIC7XXX_DEBUG_ENABLE=y
 CONFIG_AIC7XXX_DEBUG_MASK=0
-# CONFIG_AIC7XXX_REG_PRETTY_PRINT is not set
+CONFIG_AIC7XXX_REG_PRETTY_PRINT=y
 # CONFIG_SCSI_AIC7XXX_OLD is not set
 CONFIG_SCSI_AIC79XX=m
 CONFIG_AIC79XX_CMDS_PER_DEVICE=32
-CONFIG_AIC79XX_RESET_DELAY_MS=15000
-# CONFIG_AIC79XX_BUILD_FIRMWARE is not set
+CONFIG_AIC79XX_RESET_DELAY_MS=4000
 # CONFIG_AIC79XX_DEBUG_ENABLE is not set
 CONFIG_AIC79XX_DEBUG_MASK=0
 # CONFIG_AIC79XX_REG_PRETTY_PRINT is not set
 CONFIG_SCSI_AIC94XX=m
 # CONFIG_AIC94XX_DEBUG is not set
 CONFIG_SCSI_MVSAS=m
-CONFIG_SCSI_MVSAS_DEBUG=y
-# CONFIG_SCSI_MVSAS_TASKLET is not set
-CONFIG_SCSI_MVUMI=m
-CONFIG_SCSI_DPT_I2O=m
-# CONFIG_SCSI_ADVANSYS is not set
+# CONFIG_SCSI_MVSAS_DEBUG is not set
+CONFIG_SCSI_MVSAS_TASKLET=y
+# CONFIG_SCSI_MVUMI is not set
 CONFIG_SCSI_ARCMSR=m
 CONFIG_MEGARAID_NEWGEN=y
 CONFIG_MEGARAID_MM=m
@@ -1288,6 +1402,12 @@ CONFIG_MEGARAID_SAS=m
 CONFIG_SCSI_MPT2SAS=m
 CONFIG_SCSI_MPT2SAS_MAX_SGE=128
 # CONFIG_SCSI_MPT2SAS_LOGGING is not set
+CONFIG_SCSI_MPT3SAS=m
+CONFIG_SCSI_MPT3SAS_MAX_SGE=128
+# CONFIG_SCSI_MPT3SAS_LOGGING is not set
+CONFIG_SCSI_UFSHCD=m
+CONFIG_SCSI_UFSHCD_PCI=m
+CONFIG_SCSI_UFSHCD_PLATFORM=m
 CONFIG_SCSI_HPTIOP=m
 CONFIG_LIBFC=m
 CONFIG_LIBFCOE=m
@@ -1297,6 +1417,10 @@ CONFIG_SCSI_FUTURE_DOMAIN=m
 CONFIG_SCSI_IPS=m
 CONFIG_SCSI_INITIO=m
 CONFIG_SCSI_INIA100=m
+CONFIG_SCSI_PPA=m
+CONFIG_SCSI_IMM=m
+# CONFIG_SCSI_IZIP_EPP16 is not set
+# CONFIG_SCSI_IZIP_SLOW_CTR is not set
 CONFIG_SCSI_STEX=m
 CONFIG_SCSI_SYM53C8XX_2=m
 CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
@@ -1310,6 +1434,7 @@ CONFIG_SCSI_QLOGIC_1280=m
 CONFIG_SCSI_QLA_FC=m
 CONFIG_SCSI_QLA_ISCSI=m
 CONFIG_SCSI_LPFC=m
+# CONFIG_SCSI_LPFC_DEBUG_FS is not set
 CONFIG_SCSI_DC395x=m
 CONFIG_SCSI_DC390T=m
 # CONFIG_SCSI_NSP32 is not set
@@ -1318,13 +1443,8 @@ CONFIG_SCSI_PMCRAID=m
 CONFIG_SCSI_PM8001=m
 # CONFIG_SCSI_SRP is not set
 CONFIG_SCSI_BFA_FC=m
-CONFIG_SCSI_LOWLEVEL_PCMCIA=y
-CONFIG_PCMCIA_AHA152X=m
-CONFIG_PCMCIA_FDOMAIN=m
-CONFIG_PCMCIA_NINJA_SCSI=m
-CONFIG_PCMCIA_QLOGIC=m
-CONFIG_PCMCIA_SYM53C500=m
-CONFIG_SCSI_DH=m
+CONFIG_SCSI_CHELSIO_FCOE=m
+CONFIG_SCSI_DH=y
 CONFIG_SCSI_DH_RDAC=m
 CONFIG_SCSI_DH_HP_SW=m
 CONFIG_SCSI_DH_EMC=m
@@ -1333,7 +1453,7 @@ CONFIG_SCSI_OSD_INITIATOR=m
 CONFIG_SCSI_OSD_ULD=m
 CONFIG_SCSI_OSD_DPRINT_SENSE=1
 # CONFIG_SCSI_OSD_DEBUG is not set
-CONFIG_ATA=m
+CONFIG_ATA=y
 # CONFIG_ATA_NONSTANDARD is not set
 CONFIG_ATA_VERBOSE_ERROR=y
 CONFIG_SATA_PMP=y
@@ -1341,7 +1461,7 @@ CONFIG_SATA_PMP=y
 #
 # Controllers with non-SFF native interface
 #
-CONFIG_SATA_AHCI=m
+CONFIG_SATA_AHCI=y
 CONFIG_SATA_AHCI_PLATFORM=m
 CONFIG_SATA_INIC162X=m
 CONFIG_SATA_ACARD_AHCI=m
@@ -1359,7 +1479,8 @@ CONFIG_ATA_BMDMA=y
 #
 # SATA SFF controllers with BMDMA
 #
-CONFIG_ATA_PIIX=m
+CONFIG_ATA_PIIX=y
+CONFIG_SATA_HIGHBANK=m
 CONFIG_SATA_MV=m
 CONFIG_SATA_NV=m
 CONFIG_SATA_PROMISE=m
@@ -1389,7 +1510,7 @@ CONFIG_PATA_HPT366=m
 CONFIG_PATA_HPT37X=m
 CONFIG_PATA_HPT3X2N=m
 CONFIG_PATA_HPT3X3=m
-CONFIG_PATA_HPT3X3_DMA=y
+# CONFIG_PATA_HPT3X3_DMA is not set
 CONFIG_PATA_IT8213=m
 CONFIG_PATA_IT821X=m
 CONFIG_PATA_JMICRON=m
@@ -1401,9 +1522,9 @@ CONFIG_PATA_OLDPIIX=m
 CONFIG_PATA_OPTIDMA=m
 CONFIG_PATA_PDC2027X=m
 CONFIG_PATA_PDC_OLD=m
-CONFIG_PATA_RADISYS=m
+# CONFIG_PATA_RADISYS is not set
 CONFIG_PATA_RDC=m
-CONFIG_PATA_SC1200=m
+# CONFIG_PATA_SC1200 is not set
 CONFIG_PATA_SCH=m
 CONFIG_PATA_SERVERWORKS=m
 CONFIG_PATA_SIL680=m
@@ -1420,82 +1541,97 @@ CONFIG_PATA_CMD640_PCI=m
 CONFIG_PATA_MPIIX=m
 CONFIG_PATA_NS87410=m
 CONFIG_PATA_OPTI=m
-CONFIG_PATA_PCMCIA=m
+# CONFIG_PATA_PLATFORM is not set
 CONFIG_PATA_RZ1000=m
 
 #
 # Generic fallback / legacy drivers
 #
 CONFIG_ATA_GENERIC=m
-CONFIG_PATA_LEGACY=m
+# CONFIG_PATA_LEGACY is not set
 CONFIG_MD=y
-CONFIG_BLK_DEV_MD=m
+CONFIG_BLK_DEV_MD=y
+CONFIG_MD_AUTODETECT=y
 CONFIG_MD_LINEAR=m
 CONFIG_MD_RAID0=m
 CONFIG_MD_RAID1=m
 CONFIG_MD_RAID10=m
 CONFIG_MD_RAID456=m
 CONFIG_MD_MULTIPATH=m
-# CONFIG_MD_FAULTY is not set
-CONFIG_BLK_DEV_DM=m
+CONFIG_MD_FAULTY=m
+CONFIG_BCACHE=m
+# CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_EDEBUG is not set
+# CONFIG_BCACHE_CLOSURES_DEBUG is not set
+CONFIG_BLK_DEV_DM=y
 # CONFIG_DM_DEBUG is not set
 CONFIG_DM_BUFIO=m
+CONFIG_DM_BIO_PRISON=m
 CONFIG_DM_PERSISTENT_DATA=m
 CONFIG_DM_CRYPT=m
-CONFIG_DM_SNAPSHOT=m
-CONFIG_DM_THIN_PROVISIONING=m
-# CONFIG_DM_DEBUG_BLOCK_STACK_TRACING is not set
-# CONFIG_DM_DEBUG_SPACE_MAPS is not set
-CONFIG_DM_MIRROR=m
+CONFIG_DM_SNAPSHOT=y
+# CONFIG_DM_THIN_PROVISIONING is not set
+CONFIG_DM_CACHE=m
+CONFIG_DM_CACHE_MQ=m
+CONFIG_DM_CACHE_CLEANER=m
+CONFIG_DM_MIRROR=y
 CONFIG_DM_RAID=m
 CONFIG_DM_LOG_USERSPACE=m
-CONFIG_DM_ZERO=m
+CONFIG_DM_ZERO=y
 CONFIG_DM_MULTIPATH=m
 CONFIG_DM_MULTIPATH_QL=m
 CONFIG_DM_MULTIPATH_ST=m
-CONFIG_DM_DELAY=m
+# CONFIG_DM_DELAY is not set
 CONFIG_DM_UEVENT=y
-CONFIG_DM_FLAKEY=m
+# CONFIG_DM_FLAKEY is not set
+CONFIG_DM_VERITY=m
 # CONFIG_TARGET_CORE is not set
 CONFIG_FUSION=y
 CONFIG_FUSION_SPI=m
 CONFIG_FUSION_FC=m
 CONFIG_FUSION_SAS=m
-CONFIG_FUSION_MAX_SGE=128
+CONFIG_FUSION_MAX_SGE=40
 CONFIG_FUSION_CTL=m
-# CONFIG_FUSION_LOGGING is not set
+CONFIG_FUSION_LOGGING=y
 
 #
 # IEEE 1394 (FireWire) support
 #
 CONFIG_FIREWIRE=m
 CONFIG_FIREWIRE_OHCI=m
-CONFIG_FIREWIRE_OHCI_DEBUG=y
 CONFIG_FIREWIRE_SBP2=m
-CONFIG_FIREWIRE_NET=m
+# CONFIG_FIREWIRE_NET is not set
 # CONFIG_FIREWIRE_NOSY is not set
-# CONFIG_I2O is not set
+CONFIG_I2O=m
+# CONFIG_I2O_LCT_NOTIFY_ON_CHANGES is not set
+CONFIG_I2O_EXT_ADAPTEC=y
+CONFIG_I2O_BUS=m
+CONFIG_I2O_BLOCK=m
+CONFIG_I2O_SCSI=m
+CONFIG_I2O_PROC=m
 CONFIG_NETDEVICES=y
 CONFIG_NET_CORE=y
 CONFIG_BONDING=m
 CONFIG_DUMMY=m
-CONFIG_EQUALIZER=m
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_FC is not set
+CONFIG_MII=m
+CONFIG_IFB=m
+# CONFIG_NET_TEAM is not set
+CONFIG_MACVLAN=m
+CONFIG_MACVTAP=m
+CONFIG_VXLAN=m
+CONFIG_NETCONSOLE=m
+CONFIG_NETCONSOLE_DYNAMIC=y
+CONFIG_NETPOLL=y
+CONFIG_NETPOLL_TRAP=y
+CONFIG_NET_POLL_CONTROLLER=y
 CONFIG_IMQ=m
 # CONFIG_IMQ_BEHAVIOR_AA is not set
 CONFIG_IMQ_BEHAVIOR_AB=y
 # CONFIG_IMQ_BEHAVIOR_BA is not set
 # CONFIG_IMQ_BEHAVIOR_BB is not set
 CONFIG_IMQ_NUM_DEVS=2
-# CONFIG_NET_FC is not set
-CONFIG_MII=m
-CONFIG_IEEE802154_DRIVERS=m
-CONFIG_IEEE802154_FAKEHARD=m
-CONFIG_IFB=m
-CONFIG_MACVLAN=m
-CONFIG_MACVTAP=m
-# CONFIG_NETCONSOLE is not set
-# CONFIG_NETPOLL is not set
-# CONFIG_NET_POLL_CONTROLLER is not set
 CONFIG_TUN=m
 CONFIG_VETH=m
 # CONFIG_ARCNET is not set
@@ -1504,47 +1640,35 @@ CONFIG_ATM_DRIVERS=y
 CONFIG_ATM_TCP=m
 CONFIG_ATM_LANAI=m
 CONFIG_ATM_ENI=m
-CONFIG_ATM_ENI_DEBUG=y
-CONFIG_ATM_ENI_TUNE_BURST=y
-CONFIG_ATM_ENI_BURST_TX_16W=y
-CONFIG_ATM_ENI_BURST_TX_8W=y
-CONFIG_ATM_ENI_BURST_TX_4W=y
-CONFIG_ATM_ENI_BURST_TX_2W=y
-CONFIG_ATM_ENI_BURST_RX_16W=y
-CONFIG_ATM_ENI_BURST_RX_8W=y
-CONFIG_ATM_ENI_BURST_RX_4W=y
-CONFIG_ATM_ENI_BURST_RX_2W=y
-CONFIG_ATM_FIRESTREAM=m
-CONFIG_ATM_ZATM=m
-# CONFIG_ATM_ZATM_DEBUG is not set
+# CONFIG_ATM_ENI_DEBUG is not set
+# CONFIG_ATM_ENI_TUNE_BURST is not set
 CONFIG_ATM_NICSTAR=m
-CONFIG_ATM_NICSTAR_USE_SUNI=y
-CONFIG_ATM_NICSTAR_USE_IDT77105=y
+# CONFIG_ATM_NICSTAR_USE_SUNI is not set
+# CONFIG_ATM_NICSTAR_USE_IDT77105 is not set
 CONFIG_ATM_IDT77252=m
 # CONFIG_ATM_IDT77252_DEBUG is not set
 # CONFIG_ATM_IDT77252_RCV_ALL is not set
 CONFIG_ATM_IDT77252_USE_SUNI=y
-CONFIG_ATM_AMBASSADOR=m
-# CONFIG_ATM_AMBASSADOR_DEBUG is not set
-CONFIG_ATM_HORIZON=m
-# CONFIG_ATM_HORIZON_DEBUG is not set
-CONFIG_ATM_IA=m
-# CONFIG_ATM_IA_DEBUG is not set
-CONFIG_ATM_FORE200E=m
-CONFIG_ATM_FORE200E_USE_TASKLET=y
-CONFIG_ATM_FORE200E_TX_RETRY=16
-CONFIG_ATM_FORE200E_DEBUG=0
+# CONFIG_ATM_IA is not set
+# CONFIG_ATM_FORE200E is not set
 # CONFIG_ATM_HE is not set
 CONFIG_ATM_SOLOS=m
 
 #
 # CAIF transport drivers
 #
+
+#
+# Distributed Switch Architecture drivers
+#
+CONFIG_NET_DSA_MV88E6XXX=y
+CONFIG_NET_DSA_MV88E6060=y
+CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y
+CONFIG_NET_DSA_MV88E6131=y
+CONFIG_NET_DSA_MV88E6123_61_65=y
 CONFIG_ETHERNET=y
 CONFIG_MDIO=m
 CONFIG_NET_VENDOR_3COM=y
-CONFIG_PCMCIA_3C574=m
-CONFIG_PCMCIA_3C589=m
 CONFIG_VORTEX=m
 CONFIG_TYPHOON=m
 CONFIG_NET_VENDOR_ADAPTEC=y
@@ -1555,12 +1679,15 @@ CONFIG_ACENIC=m
 CONFIG_NET_VENDOR_AMD=y
 CONFIG_AMD8111_ETH=m
 CONFIG_PCNET32=m
-CONFIG_PCMCIA_NMCLAN=m
 CONFIG_NET_VENDOR_ATHEROS=y
 CONFIG_ATL2=m
 CONFIG_ATL1=m
 CONFIG_ATL1E=m
 CONFIG_ATL1C=m
+CONFIG_ALX=m
+CONFIG_NET_CADENCE=y
+CONFIG_ARM_AT91_ETHER=m
+CONFIG_MACB=m
 CONFIG_NET_VENDOR_BROADCOM=y
 CONFIG_B44=m
 CONFIG_B44_PCI_AUTOSELECT=y
@@ -1570,14 +1697,19 @@ CONFIG_BNX2=m
 CONFIG_CNIC=m
 CONFIG_TIGON3=m
 CONFIG_BNX2X=m
+CONFIG_BNX2X_SRIOV=y
 CONFIG_NET_VENDOR_BROCADE=y
 CONFIG_BNA=m
+CONFIG_NET_CALXEDA_XGMAC=m
 CONFIG_NET_VENDOR_CHELSIO=y
 CONFIG_CHELSIO_T1=m
 CONFIG_CHELSIO_T1_1G=y
 CONFIG_CHELSIO_T3=m
 CONFIG_CHELSIO_T4=m
 CONFIG_CHELSIO_T4VF=m
+CONFIG_NET_VENDOR_CIRRUS=y
+CONFIG_CS89x0=m
+CONFIG_CS89x0_PLATFORM=y
 CONFIG_NET_VENDOR_CISCO=y
 CONFIG_ENIC=m
 CONFIG_DM9000=m
@@ -1589,16 +1721,14 @@ CONFIG_DE2104X=m
 CONFIG_DE2104X_DSL=0
 CONFIG_TULIP=m
 # CONFIG_TULIP_MWI is not set
-# CONFIG_TULIP_MMIO is not set
-# CONFIG_TULIP_NAPI is not set
-CONFIG_DE4X5=m
+CONFIG_TULIP_MMIO=y
+CONFIG_TULIP_NAPI=y
+CONFIG_TULIP_NAPI_HW_MITIGATION=y
 CONFIG_WINBOND_840=m
 CONFIG_DM9102=m
 CONFIG_ULI526X=m
 CONFIG_PCMCIA_XIRCOM=m
 CONFIG_NET_VENDOR_DLINK=y
-CONFIG_DE600=m
-CONFIG_DE620=m
 CONFIG_DL2K=m
 CONFIG_SUNDANCE=m
 # CONFIG_SUNDANCE_MMIO is not set
@@ -1611,8 +1741,6 @@ CONFIG_VXGE=m
 CONFIG_NET_VENDOR_FARADAY=y
 # CONFIG_FTMAC100 is not set
 # CONFIG_FTGMAC100 is not set
-CONFIG_NET_VENDOR_FUJITSU=y
-CONFIG_PCMCIA_FMVJ18X=m
 CONFIG_NET_VENDOR_HP=y
 CONFIG_HP100=m
 CONFIG_NET_VENDOR_INTEL=y
@@ -1620,24 +1748,28 @@ CONFIG_E100=m
 CONFIG_E1000=m
 CONFIG_E1000E=m
 CONFIG_IGB=m
+CONFIG_IGB_HWMON=y
 CONFIG_IGBVF=m
 CONFIG_IXGB=m
 CONFIG_IXGBE=m
+CONFIG_IXGBE_HWMON=y
 CONFIG_NET_VENDOR_I825XX=y
 CONFIG_IP1000=m
 CONFIG_JME=m
 CONFIG_NET_VENDOR_MARVELL=y
 CONFIG_MV643XX_ETH=m
+CONFIG_MVMDIO=m
 CONFIG_SKGE=m
+# CONFIG_SKGE_DEBUG is not set
 CONFIG_SKGE_GENESIS=y
 CONFIG_SKY2=m
+# CONFIG_SKY2_DEBUG is not set
 CONFIG_NET_VENDOR_MELLANOX=y
-CONFIG_MLX4_EN=m
-CONFIG_MLX4_CORE=m
-CONFIG_MLX4_DEBUG=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
 CONFIG_NET_VENDOR_MICREL=y
-CONFIG_KS8842=m
-CONFIG_KS8851_MLL=m
+# CONFIG_KS8842 is not set
+# CONFIG_KS8851_MLL is not set
 CONFIG_KSZ884X_PCI=m
 CONFIG_NET_VENDOR_MYRI=y
 CONFIG_MYRI10GE=m
@@ -1646,36 +1778,32 @@ CONFIG_NET_VENDOR_NATSEMI=y
 CONFIG_NATSEMI=m
 CONFIG_NS83820=m
 CONFIG_NET_VENDOR_8390=y
-CONFIG_PCMCIA_AXNET=m
 CONFIG_AX88796=m
 CONFIG_AX88796_93CX6=y
 CONFIG_NE2K_PCI=m
-CONFIG_PCMCIA_PCNET=m
 CONFIG_NET_VENDOR_NVIDIA=y
 CONFIG_FORCEDETH=m
 CONFIG_NET_VENDOR_OKI=y
 CONFIG_PCH_GBE=m
 CONFIG_ETHOC=m
-CONFIG_NET_PACKET_ENGINE=y
-CONFIG_HAMACHI=m
-CONFIG_YELLOWFIN=m
+# CONFIG_NET_PACKET_ENGINE is not set
 CONFIG_NET_VENDOR_QLOGIC=y
 CONFIG_QLA3XXX=m
 CONFIG_QLCNIC=m
+CONFIG_QLCNIC_SRIOV=y
 CONFIG_QLGE=m
 CONFIG_NETXEN_NIC=m
 CONFIG_NET_VENDOR_REALTEK=y
 CONFIG_8139CP=m
 CONFIG_8139TOO=m
 # CONFIG_8139TOO_PIO is not set
-CONFIG_8139TOO_TUNE_TWISTER=y
+# CONFIG_8139TOO_TUNE_TWISTER is not set
 CONFIG_8139TOO_8129=y
 # CONFIG_8139_OLD_RX_RESET is not set
 CONFIG_R8169=m
 CONFIG_NET_VENDOR_RDC=y
 CONFIG_R6040=m
 CONFIG_NET_VENDOR_SEEQ=y
-CONFIG_SEEQ8005=m
 CONFIG_NET_VENDOR_SILAN=y
 CONFIG_SC92031=m
 CONFIG_NET_VENDOR_SIS=y
@@ -1683,9 +1811,10 @@ CONFIG_SIS900=m
 CONFIG_SIS190=m
 CONFIG_SFC=m
 CONFIG_SFC_MTD=y
+CONFIG_SFC_MCDI_MON=y
+CONFIG_SFC_SRIOV=y
 CONFIG_NET_VENDOR_SMSC=y
 CONFIG_SMC91X=m
-CONFIG_PCMCIA_SMC91C92=m
 CONFIG_EPIC100=m
 CONFIG_SMC911X=m
 CONFIG_SMSC911X=m
@@ -1693,9 +1822,10 @@ CONFIG_SMSC911X=m
 CONFIG_SMSC9420=m
 CONFIG_NET_VENDOR_STMICRO=y
 CONFIG_STMMAC_ETH=m
+CONFIG_STMMAC_PLATFORM=y
+CONFIG_STMMAC_PCI=y
+# CONFIG_STMMAC_DEBUG_FS is not set
 # CONFIG_STMMAC_DA is not set
-CONFIG_STMMAC_RING=y
-# CONFIG_STMMAC_CHAINED is not set
 CONFIG_NET_VENDOR_SUN=y
 CONFIG_HAPPYMEAL=m
 # CONFIG_SUNGEM is not set
@@ -1709,8 +1839,12 @@ CONFIG_NET_VENDOR_VIA=y
 CONFIG_VIA_RHINE=m
 CONFIG_VIA_RHINE_MMIO=y
 CONFIG_VIA_VELOCITY=m
-CONFIG_NET_VENDOR_XIRCOM=y
-CONFIG_PCMCIA_XIRC2PS=m
+CONFIG_NET_VENDOR_WIZNET=y
+CONFIG_WIZNET_W5100=m
+CONFIG_WIZNET_W5300=m
+# CONFIG_WIZNET_BUS_DIRECT is not set
+# CONFIG_WIZNET_BUS_INDIRECT is not set
+CONFIG_WIZNET_BUS_ANY=y
 # CONFIG_FDDI is not set
 # CONFIG_HIPPI is not set
 CONFIG_PHYLIB=y
@@ -1718,6 +1852,8 @@ CONFIG_PHYLIB=y
 #
 # MII PHY device drivers
 #
+CONFIG_AT803X_PHY=m
+CONFIG_AMD_PHY=m
 CONFIG_MARVELL_PHY=m
 CONFIG_DAVICOM_PHY=m
 CONFIG_QSEMI_PHY=m
@@ -1726,15 +1862,19 @@ CONFIG_CICADA_PHY=m
 CONFIG_VITESSE_PHY=m
 CONFIG_SMSC_PHY=m
 CONFIG_BROADCOM_PHY=m
+CONFIG_BCM87XX_PHY=m
 CONFIG_ICPLUS_PHY=m
 CONFIG_REALTEK_PHY=m
 CONFIG_NATIONAL_PHY=m
 CONFIG_STE10XP=m
 CONFIG_LSI_ET1011C_PHY=m
 CONFIG_MICREL_PHY=m
-# CONFIG_FIXED_PHY is not set
+CONFIG_FIXED_PHY=y
 CONFIG_MDIO_BITBANG=m
-CONFIG_MDIO_GPIO=m
+# CONFIG_MDIO_GPIO is not set
+CONFIG_MDIO_BUS_MUX=m
+CONFIG_MDIO_BUS_MUX_GPIO=m
+CONFIG_MDIO_BUS_MUX_MMIOREG=m
 # CONFIG_PLIP is not set
 CONFIG_PPP=m
 CONFIG_PPP_BSDCOMP=m
@@ -1748,12 +1888,8 @@ CONFIG_PPTP=m
 CONFIG_PPPOL2TP=m
 CONFIG_PPP_ASYNC=m
 CONFIG_PPP_SYNC_TTY=m
-CONFIG_SLIP=m
+# CONFIG_SLIP is not set
 CONFIG_SLHC=m
-CONFIG_SLIP_COMPRESSED=y
-CONFIG_SLIP_SMART=y
-CONFIG_SLIP_MODE_SLIP6=y
-# CONFIG_TR is not set
 
 #
 # USB Network Adapters
@@ -1762,11 +1898,14 @@ CONFIG_USB_CATC=m
 CONFIG_USB_KAWETH=m
 CONFIG_USB_PEGASUS=m
 CONFIG_USB_RTL8150=m
+CONFIG_USB_RTL8152=m
 CONFIG_USB_USBNET=m
 CONFIG_USB_NET_AX8817X=m
+CONFIG_USB_NET_AX88179_178A=m
 CONFIG_USB_NET_CDCETHER=m
 CONFIG_USB_NET_CDC_EEM=m
 CONFIG_USB_NET_CDC_NCM=m
+CONFIG_USB_NET_CDC_MBIM=m
 CONFIG_USB_NET_DM9601=m
 CONFIG_USB_NET_SMSC75XX=m
 CONFIG_USB_NET_SMSC95XX=m
@@ -1785,82 +1924,171 @@ CONFIG_USB_KC2190=y
 CONFIG_USB_NET_ZAURUS=m
 CONFIG_USB_NET_CX82310_ETH=m
 CONFIG_USB_NET_KALMIA=m
+CONFIG_USB_NET_QMI_WWAN=m
 CONFIG_USB_HSO=m
 CONFIG_USB_NET_INT51X1=m
-# CONFIG_USB_IPHETH is not set
+CONFIG_USB_IPHETH=m
 CONFIG_USB_SIERRA_NET=m
 CONFIG_USB_VL600=m
 CONFIG_WLAN=y
-CONFIG_PCMCIA_RAYCS=m
-# CONFIG_LIBERTAS_THINFIRM is not set
+CONFIG_LIBERTAS_THINFIRM=m
+# CONFIG_LIBERTAS_THINFIRM_DEBUG is not set
+CONFIG_LIBERTAS_THINFIRM_USB=m
 CONFIG_ATMEL=m
 CONFIG_PCI_ATMEL=m
-CONFIG_PCMCIA_ATMEL=m
 CONFIG_AT76C50X_USB=m
-CONFIG_AIRO_CS=m
-CONFIG_PCMCIA_WL3501=m
 # CONFIG_PRISM54 is not set
 CONFIG_USB_ZD1201=m
 CONFIG_USB_NET_RNDIS_WLAN=m
-# CONFIG_RTL8180 is not set
-# CONFIG_RTL8187 is not set
-# CONFIG_ADM8211 is not set
-# CONFIG_MAC80211_HWSIM is not set
-# CONFIG_MWL8K is not set
-# CONFIG_ATH_COMMON is not set
-# CONFIG_B43 is not set
-# CONFIG_B43LEGACY is not set
+CONFIG_RTL8180=m
+CONFIG_RTL8187=m
+CONFIG_RTL8187_LEDS=y
+CONFIG_ADM8211=m
+CONFIG_MAC80211_HWSIM=m
+CONFIG_MWL8K=m
+CONFIG_ATH_COMMON=m
+CONFIG_ATH_CARDS=m
+# CONFIG_ATH_DEBUG is not set
+CONFIG_ATH5K=m
+CONFIG_ATH5K_DEBUG=y
+# CONFIG_ATH5K_TRACER is not set
+CONFIG_ATH5K_PCI=y
+CONFIG_ATH9K_HW=m
+CONFIG_ATH9K_COMMON=m
+CONFIG_ATH9K_BTCOEX_SUPPORT=y
+CONFIG_ATH9K=m
+CONFIG_ATH9K_PCI=y
+CONFIG_ATH9K_AHB=y
+# CONFIG_ATH9K_DEBUGFS is not set
+# CONFIG_ATH9K_LEGACY_RATE_CONTROL is not set
+CONFIG_ATH9K_HTC=m
+# CONFIG_ATH9K_HTC_DEBUGFS is not set
+CONFIG_CARL9170=m
+CONFIG_CARL9170_LEDS=y
+CONFIG_CARL9170_WPC=y
+# CONFIG_CARL9170_HWRNG is not set
+# CONFIG_ATH6KL is not set
+CONFIG_AR5523=m
+CONFIG_WIL6210=m
+CONFIG_WIL6210_ISR_COR=y
+CONFIG_B43=m
+CONFIG_B43_SSB=y
+CONFIG_B43_PCI_AUTOSELECT=y
+CONFIG_B43_PCICORE_AUTOSELECT=y
+CONFIG_B43_SDIO=y
+CONFIG_B43_PIO=y
+CONFIG_B43_PHY_N=y
+CONFIG_B43_PHY_LP=y
+CONFIG_B43_LEDS=y
+CONFIG_B43_HWRNG=y
+# CONFIG_B43_DEBUG is not set
+CONFIG_B43LEGACY=m
+CONFIG_B43LEGACY_PCI_AUTOSELECT=y
+CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
+CONFIG_B43LEGACY_LEDS=y
+CONFIG_B43LEGACY_HWRNG=y
+# CONFIG_B43LEGACY_DEBUG is not set
+CONFIG_B43LEGACY_DMA=y
+CONFIG_B43LEGACY_PIO=y
+CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
+# CONFIG_B43LEGACY_DMA_MODE is not set
+# CONFIG_B43LEGACY_PIO_MODE is not set
 # CONFIG_BRCMFMAC is not set
 CONFIG_HOSTAP=m
 CONFIG_HOSTAP_FIRMWARE=y
-# CONFIG_HOSTAP_FIRMWARE_NVRAM is not set
+CONFIG_HOSTAP_FIRMWARE_NVRAM=y
 CONFIG_HOSTAP_PLX=m
 CONFIG_HOSTAP_PCI=m
-CONFIG_HOSTAP_CS=m
-# CONFIG_IPW2100 is not set
-# CONFIG_IPW2200 is not set
+CONFIG_IPW2100=m
+CONFIG_IPW2100_MONITOR=y
+# CONFIG_IPW2100_DEBUG is not set
+CONFIG_IPW2200=m
+CONFIG_IPW2200_MONITOR=y
+CONFIG_IPW2200_RADIOTAP=y
+CONFIG_IPW2200_PROMISCUOUS=y
+CONFIG_IPW2200_QOS=y
+# CONFIG_IPW2200_DEBUG is not set
+CONFIG_LIBIPW=m
+# CONFIG_LIBIPW_DEBUG is not set
 # CONFIG_IWLWIFI is not set
-# CONFIG_IWL4965 is not set
-# CONFIG_IWL3945 is not set
-# CONFIG_IWM is not set
-# CONFIG_LIBERTAS is not set
-# CONFIG_HERMES is not set
-# CONFIG_P54_COMMON is not set
-# CONFIG_RT2X00 is not set
-# CONFIG_RTL8192CE is not set
-# CONFIG_RTL8192SE is not set
-# CONFIG_RTL8192DE is not set
-# CONFIG_RTL8192CU is not set
-# CONFIG_WL1251 is not set
-# CONFIG_WL12XX_MENU is not set
-# CONFIG_ZD1211RW is not set
-# CONFIG_MWIFIEX is not set
+CONFIG_IWLEGACY=m
+CONFIG_IWL4965=m
+CONFIG_IWL3945=m
+
+#
+# iwl3945 / iwl4965 Debugging Options
+#
+# CONFIG_IWLEGACY_DEBUG is not set
+CONFIG_LIBERTAS=m
+CONFIG_LIBERTAS_USB=m
+CONFIG_LIBERTAS_SDIO=m
+# CONFIG_LIBERTAS_DEBUG is not set
+CONFIG_LIBERTAS_MESH=y
+CONFIG_HERMES=m
+# CONFIG_HERMES_PRISM is not set
+CONFIG_HERMES_CACHE_FW_ON_INIT=y
+CONFIG_PLX_HERMES=m
+CONFIG_TMD_HERMES=m
+CONFIG_NORTEL_HERMES=m
+CONFIG_ORINOCO_USB=m
+CONFIG_P54_COMMON=m
+CONFIG_P54_USB=m
+CONFIG_P54_PCI=m
+CONFIG_P54_LEDS=y
+CONFIG_RT2X00=m
+CONFIG_RT2400PCI=m
+CONFIG_RT2500PCI=m
+CONFIG_RT61PCI=m
+CONFIG_RT2800PCI=m
+CONFIG_RT2800PCI_RT33XX=y
+CONFIG_RT2800PCI_RT35XX=y
+CONFIG_RT2800PCI_RT53XX=y
+CONFIG_RT2800PCI_RT3290=y
+CONFIG_RT2500USB=m
+CONFIG_RT73USB=m
+CONFIG_RT2800USB=m
+CONFIG_RT2800USB_RT33XX=y
+CONFIG_RT2800USB_RT35XX=y
+CONFIG_RT2800USB_RT53XX=y
+CONFIG_RT2800USB_RT55XX=y
+CONFIG_RT2800USB_UNKNOWN=y
+CONFIG_RT2800_LIB=m
+CONFIG_RT2X00_LIB_MMIO=m
+CONFIG_RT2X00_LIB_PCI=m
+CONFIG_RT2X00_LIB_USB=m
+CONFIG_RT2X00_LIB=m
+CONFIG_RT2X00_LIB_FIRMWARE=y
+CONFIG_RT2X00_LIB_CRYPTO=y
+CONFIG_RT2X00_LIB_LEDS=y
+# CONFIG_RT2X00_DEBUG is not set
+CONFIG_RTLWIFI=m
+# CONFIG_RTLWIFI_DEBUG is not set
+CONFIG_RTL8192CE=m
+CONFIG_RTL8192SE=m
+CONFIG_RTL8192DE=m
+CONFIG_RTL8723AE=m
+CONFIG_RTL8188EE=m
+CONFIG_RTL8192CU=m
+CONFIG_RTL8192C_COMMON=m
+CONFIG_WL_TI=y
+CONFIG_WL1251=m
+CONFIG_WL1251_SDIO=m
+CONFIG_WL12XX=m
+CONFIG_WL18XX=m
+CONFIG_WLCORE=m
+CONFIG_WLCORE_SDIO=m
+CONFIG_WILINK_PLATFORM_DATA=y
+CONFIG_ZD1211RW=m
+# CONFIG_ZD1211RW_DEBUG is not set
+CONFIG_MWIFIEX=m
+CONFIG_MWIFIEX_SDIO=m
+# CONFIG_MWIFIEX_PCIE is not set
+CONFIG_MWIFIEX_USB=m
 
 #
 # Enable WiMAX (Networking options) to see the WiMAX drivers
 #
-CONFIG_WAN=y
-CONFIG_LANMEDIA=m
-CONFIG_HDLC=m
-CONFIG_HDLC_RAW=m
-CONFIG_HDLC_RAW_ETH=m
-CONFIG_HDLC_CISCO=m
-CONFIG_HDLC_FR=m
-CONFIG_HDLC_PPP=m
-
-#
-# X.25/LAPB support is disabled
-#
-CONFIG_PCI200SYN=m
-CONFIG_WANXL=m
-# CONFIG_WANXL_BUILD_FIRMWARE is not set
-CONFIG_PC300TOO=m
-CONFIG_FARSYNC=m
-CONFIG_DSCC4=m
-CONFIG_DSCC4_PCISYNC=y
-CONFIG_DSCC4_PCI_RST=y
-CONFIG_DLCI=m
-CONFIG_DLCI_MAX=8
+# CONFIG_WAN is not set
 CONFIG_VMXNET3=m
 CONFIG_ISDN=y
 CONFIG_ISDN_I4L=m
@@ -1892,9 +2120,9 @@ CONFIG_ISDN_DRV_HISAX=m
 #
 CONFIG_HISAX_EURO=y
 CONFIG_DE_AOC=y
-# CONFIG_HISAX_NO_SENDCOMPLETE is not set
-# CONFIG_HISAX_NO_LLC is not set
-# CONFIG_HISAX_NO_KEYPAD is not set
+CONFIG_HISAX_NO_SENDCOMPLETE=y
+CONFIG_HISAX_NO_LLC=y
+CONFIG_HISAX_NO_KEYPAD=y
 CONFIG_HISAX_1TR6=y
 CONFIG_HISAX_NI1=y
 CONFIG_HISAX_MAX_CARDS=8
@@ -1910,8 +2138,6 @@ CONFIG_HISAX_AVM_A1_PCMCIA=y
 CONFIG_HISAX_ELSA=y
 CONFIG_HISAX_DIEHLDIVA=y
 CONFIG_HISAX_SEDLBAUER=y
-CONFIG_HISAX_NETJET=y
-CONFIG_HISAX_NETJET_U=y
 CONFIG_HISAX_NICCY=y
 CONFIG_HISAX_BKM_A4T=y
 CONFIG_HISAX_SCT_QUADRO=y
@@ -1919,16 +2145,11 @@ CONFIG_HISAX_GAZEL=y
 CONFIG_HISAX_HFC_PCI=y
 CONFIG_HISAX_W6692=y
 CONFIG_HISAX_HFC_SX=y
-CONFIG_HISAX_ENTERNOW_PCI=y
-CONFIG_HISAX_DEBUG=y
+# CONFIG_HISAX_DEBUG is not set
 
 #
 # HiSax PCMCIA card service modules
 #
-CONFIG_HISAX_SEDLBAUER_CS=m
-CONFIG_HISAX_ELSA_CS=m
-CONFIG_HISAX_AVM_A1_CS=m
-CONFIG_HISAX_TELES_CS=m
 
 #
 # HiSax sub driver modules
@@ -1954,8 +2175,6 @@ CONFIG_ISDN_CAPI_CAPIDRV=m
 CONFIG_CAPI_AVM=y
 CONFIG_ISDN_DRV_AVMB1_B1PCI=m
 CONFIG_ISDN_DRV_AVMB1_B1PCIV4=y
-CONFIG_ISDN_DRV_AVMB1_B1PCMCIA=m
-CONFIG_ISDN_DRV_AVMB1_AVM_CS=m
 CONFIG_ISDN_DRV_AVMB1_T1PCI=m
 CONFIG_ISDN_DRV_AVMB1_C4=m
 CONFIG_CAPI_EICON=y
@@ -1965,43 +2184,20 @@ CONFIG_ISDN_DIVAS_PRIPCI=y
 CONFIG_ISDN_DIVAS_DIVACAPI=m
 CONFIG_ISDN_DIVAS_USERIDI=m
 CONFIG_ISDN_DIVAS_MAINT=m
-CONFIG_ISDN_DRV_GIGASET=m
-CONFIG_GIGASET_CAPI=y
-# CONFIG_GIGASET_I4L is not set
-# CONFIG_GIGASET_DUMMYLL is not set
-CONFIG_GIGASET_BASE=m
-CONFIG_GIGASET_M105=m
-CONFIG_GIGASET_M101=m
-# CONFIG_GIGASET_DEBUG is not set
+# CONFIG_ISDN_DRV_GIGASET is not set
 CONFIG_HYSDN=m
 CONFIG_HYSDN_CAPI=y
-CONFIG_MISDN=m
-CONFIG_MISDN_DSP=m
-CONFIG_MISDN_L1OIP=m
-
-#
-# mISDN hardware drivers
-#
-CONFIG_MISDN_HFCPCI=m
-CONFIG_MISDN_HFCMULTI=m
-CONFIG_MISDN_HFCUSB=m
-CONFIG_MISDN_AVMFRITZ=m
-CONFIG_MISDN_SPEEDFAX=m
-CONFIG_MISDN_INFINEON=m
-CONFIG_MISDN_W6692=m
-CONFIG_MISDN_NETJET=m
-CONFIG_MISDN_IPAC=m
-CONFIG_MISDN_ISAR=m
+# CONFIG_MISDN is not set
 CONFIG_ISDN_HDLC=m
-# CONFIG_PHONE is not set
 
 #
 # Input device support
 #
 CONFIG_INPUT=y
-CONFIG_INPUT_FF_MEMLESS=m
+# CONFIG_INPUT_FF_MEMLESS is not set
 CONFIG_INPUT_POLLDEV=m
 CONFIG_INPUT_SPARSEKMAP=m
+CONFIG_INPUT_MATRIXKMAP=m
 
 #
 # Userland interfaces
@@ -2011,53 +2207,78 @@ CONFIG_INPUT_MOUSEDEV=y
 CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
 # CONFIG_INPUT_JOYDEV is not set
-# CONFIG_INPUT_EVDEV is not set
+CONFIG_INPUT_EVDEV=y
 # CONFIG_INPUT_EVBUG is not set
+# CONFIG_INPUT_APMPOWER is not set
 
 #
 # Input Device Drivers
 #
 CONFIG_INPUT_KEYBOARD=y
-CONFIG_KEYBOARD_ADP5588=m
-CONFIG_KEYBOARD_ADP5589=m
+# CONFIG_KEYBOARD_ADP5588 is not set
+# CONFIG_KEYBOARD_ADP5589 is not set
 CONFIG_KEYBOARD_ATKBD=y
-CONFIG_KEYBOARD_QT1070=m
-CONFIG_KEYBOARD_QT2160=m
-CONFIG_KEYBOARD_LKKBD=m
-CONFIG_KEYBOARD_GPIO=m
-CONFIG_KEYBOARD_TCA6416=m
-CONFIG_KEYBOARD_MATRIX=m
-CONFIG_KEYBOARD_LM8323=m
-CONFIG_KEYBOARD_MAX7359=m
-CONFIG_KEYBOARD_MCS=m
-CONFIG_KEYBOARD_MPR121=m
-CONFIG_KEYBOARD_NEWTON=m
-CONFIG_KEYBOARD_OPENCORES=m
-CONFIG_KEYBOARD_STOWAWAY=m
-CONFIG_KEYBOARD_SUNKBD=m
-CONFIG_KEYBOARD_XTKBD=m
-# CONFIG_INPUT_MOUSE is not set
+# CONFIG_KEYBOARD_QT1070 is not set
+# CONFIG_KEYBOARD_QT2160 is not set
+# CONFIG_KEYBOARD_LKKBD is not set
+CONFIG_KEYBOARD_GPIO=y
+# CONFIG_KEYBOARD_TCA6416 is not set
+# CONFIG_KEYBOARD_TCA8418 is not set
+# CONFIG_KEYBOARD_MATRIX is not set
+# CONFIG_KEYBOARD_LM8323 is not set
+CONFIG_KEYBOARD_LM8333=m
+# CONFIG_KEYBOARD_MAX7359 is not set
+# CONFIG_KEYBOARD_MCS is not set
+# CONFIG_KEYBOARD_MPR121 is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_SAMSUNG is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=m
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+CONFIG_MOUSE_PS2_ELANTECH=y
+CONFIG_MOUSE_PS2_SENTELIC=y
+CONFIG_MOUSE_PS2_TOUCHKIT=y
+CONFIG_MOUSE_SERIAL=m
+CONFIG_MOUSE_APPLETOUCH=m
+CONFIG_MOUSE_BCM5974=m
+CONFIG_MOUSE_CYAPA=m
+CONFIG_MOUSE_VSXXXAA=m
+# CONFIG_MOUSE_GPIO is not set
+CONFIG_MOUSE_SYNAPTICS_I2C=m
+CONFIG_MOUSE_SYNAPTICS_USB=m
 # CONFIG_INPUT_JOYSTICK is not set
 # CONFIG_INPUT_TABLET is not set
 # CONFIG_INPUT_TOUCHSCREEN is not set
 CONFIG_INPUT_MISC=y
-CONFIG_INPUT_88PM860X_ONKEY=m
-CONFIG_INPUT_AD714X=m
-CONFIG_INPUT_AD714X_I2C=m
-CONFIG_INPUT_BMA150=m
+# CONFIG_INPUT_88PM860X_ONKEY is not set
+# CONFIG_INPUT_88PM80X_ONKEY is not set
+# CONFIG_INPUT_AD714X is not set
+# CONFIG_INPUT_BMA150 is not set
 # CONFIG_INPUT_MMA8450 is not set
 # CONFIG_INPUT_MPU3050 is not set
+# CONFIG_INPUT_GP2A is not set
+# CONFIG_INPUT_GPIO_TILT_POLLED is not set
 CONFIG_INPUT_ATI_REMOTE2=m
 CONFIG_INPUT_KEYSPAN_REMOTE=m
 # CONFIG_INPUT_KXTJ9 is not set
 CONFIG_INPUT_POWERMATE=m
 CONFIG_INPUT_YEALINK=m
 CONFIG_INPUT_CM109=m
-# CONFIG_INPUT_UINPUT is not set
-CONFIG_INPUT_PCF50633_PMU=m
-CONFIG_INPUT_PCF8574=m
+CONFIG_INPUT_RETU_PWRBUTTON=m
+CONFIG_INPUT_UINPUT=m
+# CONFIG_INPUT_PCF8574 is not set
+CONFIG_INPUT_PWM_BEEPER=m
 CONFIG_INPUT_GPIO_ROTARY_ENCODER=m
 # CONFIG_INPUT_ADXL34X is not set
+# CONFIG_INPUT_IMS_PCU is not set
 # CONFIG_INPUT_CMA3000 is not set
 
 #
@@ -2068,100 +2289,104 @@ CONFIG_SERIO_SERPORT=y
 # CONFIG_SERIO_PARKBD is not set
 # CONFIG_SERIO_PCIPS2 is not set
 CONFIG_SERIO_LIBPS2=y
-# CONFIG_SERIO_RAW is not set
+CONFIG_SERIO_RAW=m
 CONFIG_SERIO_ALTERA_PS2=m
-CONFIG_SERIO_PS2MULT=m
+# CONFIG_SERIO_PS2MULT is not set
+CONFIG_SERIO_ARC_PS2=m
+CONFIG_SERIO_APBPS2=m
 # CONFIG_GAMEPORT is not set
 
 #
 # Character devices
 #
+CONFIG_TTY=y
 CONFIG_VT=y
 CONFIG_CONSOLE_TRANSLATIONS=y
 CONFIG_VT_CONSOLE=y
 CONFIG_HW_CONSOLE=y
-# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
-# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
 # CONFIG_LEGACY_PTYS is not set
-# CONFIG_SERIAL_NONSTANDARD is not set
+CONFIG_SERIAL_NONSTANDARD=y
+CONFIG_ROCKETPORT=m
+CONFIG_CYCLADES=m
+# CONFIG_CYZ_INTR is not set
+# CONFIG_MOXA_INTELLIO is not set
+# CONFIG_MOXA_SMARTIO is not set
+CONFIG_SYNCLINKMP=m
+CONFIG_SYNCLINK_GT=m
 CONFIG_NOZOMI=m
+# CONFIG_ISI is not set
+CONFIG_N_HDLC=m
 CONFIG_N_GSM=m
 # CONFIG_TRACE_SINK is not set
-CONFIG_DEVKMEM=y
+# CONFIG_DEVKMEM is not set
+# CONFIG_STALDRV is not set
 
 #
 # Serial drivers
 #
 CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y
 CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_SERIAL_8250_DMA=y
 CONFIG_SERIAL_8250_PCI=y
-CONFIG_SERIAL_8250_CS=m
 CONFIG_SERIAL_8250_NR_UARTS=4
 CONFIG_SERIAL_8250_RUNTIME_UARTS=4
 CONFIG_SERIAL_8250_EXTENDED=y
 CONFIG_SERIAL_8250_MANY_PORTS=y
 CONFIG_SERIAL_8250_SHARE_IRQ=y
-CONFIG_SERIAL_8250_DETECT_IRQ=y
+# CONFIG_SERIAL_8250_DETECT_IRQ is not set
 CONFIG_SERIAL_8250_RSA=y
-CONFIG_SERIAL_8250_DW=m
+# CONFIG_SERIAL_8250_DW is not set
+# CONFIG_SERIAL_8250_EM is not set
 
 #
 # Non-8250 serial port support
 #
-CONFIG_SERIAL_MFD_HSU=m
-CONFIG_SERIAL_UARTLITE=m
+# CONFIG_SERIAL_MFD_HSU is not set
 CONFIG_SERIAL_CORE=y
 CONFIG_SERIAL_CORE_CONSOLE=y
-# CONFIG_SERIAL_JSM is not set
+CONFIG_SERIAL_JSM=m
 CONFIG_SERIAL_OF_PLATFORM=y
-CONFIG_SERIAL_TIMBERDALE=m
-CONFIG_SERIAL_ALTERA_JTAGUART=m
-CONFIG_SERIAL_ALTERA_UART=m
-CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4
-CONFIG_SERIAL_ALTERA_UART_BAUDRATE=115200
-CONFIG_SERIAL_PCH_UART=m
-CONFIG_SERIAL_XILINX_PS_UART=m
+CONFIG_SERIAL_SCCNXP=m
+# CONFIG_SERIAL_TIMBERDALE is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_PCH_UART is not set
+# CONFIG_SERIAL_XILINX_PS_UART is not set
+CONFIG_SERIAL_ARC=m
+CONFIG_SERIAL_ARC_NR_PORTS=1
+CONFIG_SERIAL_RP2=m
+CONFIG_SERIAL_RP2_NR_UARTS=32
+# CONFIG_TTY_PRINTK is not set
 CONFIG_PRINTER=m
-# CONFIG_LP_CONSOLE is not set
+CONFIG_LP_CONSOLE=y
 CONFIG_PPDEV=m
 # CONFIG_HVC_DCC is not set
 CONFIG_IPMI_HANDLER=m
-CONFIG_IPMI_PANIC_EVENT=y
-# CONFIG_IPMI_PANIC_STRING is not set
+# CONFIG_IPMI_PANIC_EVENT is not set
 CONFIG_IPMI_DEVICE_INTERFACE=m
 CONFIG_IPMI_SI=m
 CONFIG_IPMI_WATCHDOG=m
 CONFIG_IPMI_POWEROFF=m
-CONFIG_HW_RANDOM=m
+CONFIG_HW_RANDOM=y
 CONFIG_HW_RANDOM_TIMERIOMEM=m
-CONFIG_NVRAM=m
-# CONFIG_R3964 is not set
+CONFIG_HW_RANDOM_ATMEL=m
+CONFIG_HW_RANDOM_EXYNOS=m
+CONFIG_NVRAM=y
+CONFIG_R3964=m
 # CONFIG_APPLICOM is not set
-
-#
-# PCMCIA character devices
-#
-CONFIG_SYNCLINK_CS=m
-# CONFIG_CARDMAN_4000 is not set
-# CONFIG_CARDMAN_4040 is not set
-CONFIG_IPWIRELESS=m
-# CONFIG_RAW_DRIVER is not set
+CONFIG_RAW_DRIVER=y
+CONFIG_MAX_RAW_DEVS=8192
 # CONFIG_TCG_TPM is not set
 CONFIG_DEVPORT=y
-# CONFIG_RAMOOPS is not set
 CONFIG_I2C=y
 CONFIG_I2C_BOARDINFO=y
 CONFIG_I2C_COMPAT=y
 CONFIG_I2C_CHARDEV=m
-CONFIG_I2C_MUX=m
-
-#
-# Multiplexer I2C Chip support
-#
-CONFIG_I2C_MUX_GPIO=m
-CONFIG_I2C_MUX_PCA9541=m
-CONFIG_I2C_MUX_PCA954x=m
+# CONFIG_I2C_MUX is not set
 CONFIG_I2C_HELPER_AUTO=y
 CONFIG_I2C_SMBUS=m
 CONFIG_I2C_ALGOBIT=m
@@ -2192,17 +2417,18 @@ CONFIG_I2C_VIAPRO=m
 #
 # I2C system bus drivers (mostly embedded / system-on-chip)
 #
-CONFIG_I2C_DESIGNWARE_CORE=m
-CONFIG_I2C_DESIGNWARE_PCI=m
+CONFIG_I2C_CBUS_GPIO=m
+# CONFIG_I2C_DESIGNWARE_PLATFORM is not set
+# CONFIG_I2C_DESIGNWARE_PCI is not set
+# CONFIG_I2C_EG20T is not set
 CONFIG_I2C_GPIO=m
-CONFIG_I2C_INTEL_MID=m
+# CONFIG_I2C_INTEL_MID is not set
 CONFIG_I2C_MV64XXX=y
-CONFIG_I2C_OCORES=m
+# CONFIG_I2C_OCORES is not set
 CONFIG_I2C_PCA_PLATFORM=m
 # CONFIG_I2C_PXA_PCI is not set
 CONFIG_I2C_SIMTEC=m
-CONFIG_I2C_XILINX=m
-CONFIG_I2C_EG20T=m
+# CONFIG_I2C_XILINX is not set
 
 #
 # External I2C/SMBus adapter drivers
@@ -2210,8 +2436,9 @@ CONFIG_I2C_EG20T=m
 CONFIG_I2C_DIOLAN_U2C=m
 CONFIG_I2C_PARPORT=m
 CONFIG_I2C_PARPORT_LIGHT=m
-CONFIG_I2C_TAOS_EVM=m
+# CONFIG_I2C_TAOS_EVM is not set
 CONFIG_I2C_TINY_USB=m
+CONFIG_I2C_VIPERBOARD=m
 
 #
 # Other I2C/SMBus bus drivers
@@ -2222,6 +2449,18 @@ CONFIG_I2C_STUB=m
 # CONFIG_I2C_DEBUG_BUS is not set
 # CONFIG_SPI is not set
 
+#
+# Qualcomm MSM SSBI bus support
+#
+# CONFIG_SSBI is not set
+CONFIG_HSI=m
+CONFIG_HSI_BOARDINFO=y
+
+#
+# HSI clients
+#
+CONFIG_HSI_CHAR=m
+
 #
 # PPS support
 #
@@ -2244,37 +2483,61 @@ CONFIG_PPS=m
 # PTP clock support
 #
 CONFIG_PTP_1588_CLOCK=m
-CONFIG_DP83640_PHY=m
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+CONFIG_PTP_1588_CLOCK_PCH=m
+CONFIG_PINCTRL=y
+
+#
+# Pin controllers
+#
+CONFIG_PINMUX=y
+CONFIG_PINCONF=y
+CONFIG_GENERIC_PINCONF=y
+# CONFIG_DEBUG_PINCTRL is not set
+CONFIG_PINCTRL_SINGLE=m
+# CONFIG_PINCTRL_EXYNOS is not set
+# CONFIG_PINCTRL_EXYNOS5440 is not set
+CONFIG_PINCTRL_MVEBU=y
+CONFIG_PINCTRL_KIRKWOOD=y
+CONFIG_ARCH_HAVE_CUSTOM_GPIO_H=y
 CONFIG_ARCH_REQUIRE_GPIOLIB=y
+CONFIG_GPIO_DEVRES=y
 CONFIG_GPIOLIB=y
+CONFIG_OF_GPIO=y
 # CONFIG_DEBUG_GPIO is not set
 CONFIG_GPIO_SYSFS=y
-CONFIG_GPIO_GENERIC=m
-CONFIG_GPIO_MAX730X=m
+CONFIG_GPIO_GENERIC=y
 
 #
 # Memory mapped GPIO drivers:
 #
-CONFIG_GPIO_GENERIC_PLATFORM=m
-CONFIG_GPIO_IT8761E=m
-CONFIG_GPIO_VX855=m
+CONFIG_GPIO_GENERIC_PLATFORM=y
+# CONFIG_GPIO_EM is not set
+CONFIG_GPIO_MVEBU=y
+# CONFIG_GPIO_RCAR is not set
+CONFIG_GPIO_TS5500=m
+# CONFIG_GPIO_VX855 is not set
+# CONFIG_GPIO_GRGPIO is not set
 
 #
 # I2C GPIO expanders:
 #
-CONFIG_GPIO_MAX7300=m
-CONFIG_GPIO_MAX732X=m
-CONFIG_GPIO_PCF857X=m
+# CONFIG_GPIO_MAX7300 is not set
+# CONFIG_GPIO_MAX732X is not set
+# CONFIG_GPIO_PCF857X is not set
 # CONFIG_GPIO_SX150X is not set
-CONFIG_GPIO_ADP5588=m
+# CONFIG_GPIO_ADP5588 is not set
+CONFIG_GPIO_ADNP=m
 
 #
 # PCI GPIO expanders:
 #
-# CONFIG_GPIO_BT8XX is not set
-CONFIG_GPIO_ML_IOH=m
-# CONFIG_GPIO_TIMBERDALE is not set
-CONFIG_GPIO_RDC321X=m
+# CONFIG_GPIO_AMD8111 is not set
+# CONFIG_GPIO_ML_IOH is not set
+# CONFIG_GPIO_RDC321X is not set
 
 #
 # SPI GPIO expanders:
@@ -2284,23 +2547,26 @@ CONFIG_GPIO_MCP23S08=m
 #
 # AC97 GPIO expanders:
 #
-# CONFIG_GPIO_UCB1400 is not set
 
 #
 # MODULbus GPIO expanders:
 #
-CONFIG_GPIO_JANZ_TTL=m
+
+#
+# USB GPIO expanders:
+#
+CONFIG_GPIO_VIPERBOARD=m
 CONFIG_W1=m
 CONFIG_W1_CON=y
 
 #
 # 1-wire Bus Masters
 #
-CONFIG_W1_MASTER_MATROX=m
+# CONFIG_W1_MASTER_MATROX is not set
 CONFIG_W1_MASTER_DS2490=m
 CONFIG_W1_MASTER_DS2482=m
 CONFIG_W1_MASTER_DS1WM=m
-CONFIG_W1_MASTER_GPIO=m
+# CONFIG_W1_MASTER_GPIO is not set
 
 #
 # 1-wire Slaves
@@ -2308,29 +2574,46 @@ CONFIG_W1_MASTER_GPIO=m
 CONFIG_W1_SLAVE_THERM=m
 CONFIG_W1_SLAVE_SMEM=m
 CONFIG_W1_SLAVE_DS2408=m
+CONFIG_W1_SLAVE_DS2408_READBACK=y
+CONFIG_W1_SLAVE_DS2413=m
 CONFIG_W1_SLAVE_DS2423=m
 CONFIG_W1_SLAVE_DS2431=m
 CONFIG_W1_SLAVE_DS2433=m
 CONFIG_W1_SLAVE_DS2433_CRC=y
 CONFIG_W1_SLAVE_DS2760=m
 CONFIG_W1_SLAVE_DS2780=m
+CONFIG_W1_SLAVE_DS2781=m
+CONFIG_W1_SLAVE_DS28E04=m
 CONFIG_W1_SLAVE_BQ27000=m
 CONFIG_POWER_SUPPLY=y
 # CONFIG_POWER_SUPPLY_DEBUG is not set
 # CONFIG_PDA_POWER is not set
+# CONFIG_APM_POWER is not set
+CONFIG_GENERIC_ADC_BATTERY=m
 # CONFIG_TEST_POWER is not set
+CONFIG_BATTERY_88PM860X=m
 # CONFIG_BATTERY_DS2760 is not set
 # CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
 # CONFIG_BATTERY_DS2782 is not set
-# CONFIG_BATTERY_BQ20Z75 is not set
+# CONFIG_BATTERY_SBS is not set
 # CONFIG_BATTERY_BQ27x00 is not set
 # CONFIG_BATTERY_MAX17040 is not set
 # CONFIG_BATTERY_MAX17042 is not set
-# CONFIG_CHARGER_PCF50633 is not set
-# CONFIG_CHARGER_ISP1704 is not set
+CONFIG_CHARGER_88PM860X=m
 # CONFIG_CHARGER_MAX8903 is not set
+# CONFIG_CHARGER_LP8727 is not set
 # CONFIG_CHARGER_GPIO is not set
-CONFIG_HWMON=m
+# CONFIG_CHARGER_MANAGER is not set
+# CONFIG_CHARGER_BQ2415X is not set
+# CONFIG_CHARGER_SMB347 is not set
+# CONFIG_BATTERY_GOLDFISH is not set
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_GPIO=y
+CONFIG_POWER_RESET_QNAP=y
+CONFIG_POWER_RESET_RESTART=y
+CONFIG_POWER_AVS=y
+CONFIG_HWMON=y
 CONFIG_HWMON_VID=m
 # CONFIG_HWMON_DEBUG_CHIP is not set
 
@@ -2345,6 +2628,8 @@ CONFIG_SENSORS_ADM1026=m
 CONFIG_SENSORS_ADM1029=m
 CONFIG_SENSORS_ADM1031=m
 CONFIG_SENSORS_ADM9240=m