From 00567147f9e35983cba0f896a8f3af0995fc9b26 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 18 May 2010 22:30:00 +0200 Subject: [PATCH] Cleanup: removed unused patches. --- src/patches/atl2_add_tx_bytes_statistic.patch | 15 - src/patches/ccache-2.4.patch | 12 - ...reless-ath5k_fix_setup_for_CAB_queue.patch | 75 - src/patches/compat-xen-1.patch | 67 - src/patches/compat-xen-2.patch | 67 - .../grub-0.97_grub-install_virtio.patch | 41 - src/patches/hostapd-usb_hw_did_not_ack.patch | 21 - src/patches/imq-skbuff.patch | 65 - ...onntrack_standalone-patch-for-ipfire.patch | 11 - .../iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch | 481 ------- src/patches/iptables-1.4.2-imq.patch | 99 -- src/patches/linux-2.6.24-leds-alix.patch | 203 --- src/patches/linux-2.6.27-atom-clockmod.patch | 12 - src/patches/linux-2.6.27-atom-coretemp.patch | 58 - src/patches/linux-2.6.27-imq.patch | 1150 --------------- .../linux-2.6.27.19-ipp2p-0.8.2-pomng.patch | 980 ------------- .../linux-2.6.27.21-imq-test3-xen.patch | 1212 ---------------- src/patches/linux-2.6.27.21-imq-test3.patch | 1279 ----------------- ...6.27.25-option_add_vf-k3565-z_usbids.patch | 26 - .../linux-2.6.27.39_e100-wakeonlan-fix.patch | 73 - ...2.6.32-ath5k_fix_setup_for_CAB_queue.patch | 75 - src/patches/openssh-4.7p1-padlock.patch | 141 -- .../openssl-0.9.8g-engine-padlock.patch | 24 - src/patches/openssl-0.9.8g-sha-padlock.patch | 620 -------- src/patches/openswan-2.6.16-clear-1.patch | 21 - .../openswan-2.6.16-startklips-1.patch | 64 - .../openswan-2.6.16-updown.klips-1.patch | 30 - ...enswan-2.6.23-updown-add_ipfire-snat.patch | 24 - src/patches/openswan-2.6.24_noxmlto.patch | 68 - .../portmap-5beta-compilation_fixes-3.patch | 705 --------- .../portmap-5beta-glibc_errno_fix-1.patch | 17 - src/patches/r8101_add_missing_pciids.patch | 11 - src/patches/r8169_add_missing_pciids.patch | 15 - src/patches/skbuff-xen-imq.diff | 21 - src/patches/sysklogd-1.4.1-8bit-1.patch | 23 - src/patches/sysklogd-1.4.1-fixes-1.patch | 833 ----------- ...ysklogd-1.4.1_xen_empty_buffer_check.patch | 30 - src/patches/xen-co_assignment.patch | 22 - src/patches/xen-cpufreq.patch | 19 - src/patches/xen-passthrough-fix.patch | 36 - src/patches/xend-config.patch | 99 -- 41 files changed, 8845 deletions(-) delete mode 100644 src/patches/atl2_add_tx_bytes_statistic.patch delete mode 100644 src/patches/ccache-2.4.patch delete mode 100644 src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch delete mode 100644 src/patches/compat-xen-1.patch delete mode 100644 src/patches/compat-xen-2.patch delete mode 100644 src/patches/grub-0.97_grub-install_virtio.patch delete mode 100644 src/patches/hostapd-usb_hw_did_not_ack.patch delete mode 100644 src/patches/imq-skbuff.patch delete mode 100644 src/patches/ip_conntrack_standalone-patch-for-ipfire.patch delete mode 100644 src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch delete mode 100644 src/patches/iptables-1.4.2-imq.patch delete mode 100644 src/patches/linux-2.6.24-leds-alix.patch delete mode 100644 src/patches/linux-2.6.27-atom-clockmod.patch delete mode 100644 src/patches/linux-2.6.27-atom-coretemp.patch delete mode 100644 src/patches/linux-2.6.27-imq.patch delete mode 100644 src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch delete mode 100644 src/patches/linux-2.6.27.21-imq-test3-xen.patch delete mode 100644 src/patches/linux-2.6.27.21-imq-test3.patch delete mode 100644 src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch delete mode 100644 src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch delete mode 100644 src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch delete mode 100644 src/patches/openssh-4.7p1-padlock.patch delete mode 100644 src/patches/openssl-0.9.8g-engine-padlock.patch delete mode 100644 src/patches/openssl-0.9.8g-sha-padlock.patch delete mode 100644 src/patches/openswan-2.6.16-clear-1.patch delete mode 100644 src/patches/openswan-2.6.16-startklips-1.patch delete mode 100644 src/patches/openswan-2.6.16-updown.klips-1.patch delete mode 100644 src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch delete mode 100644 src/patches/openswan-2.6.24_noxmlto.patch delete mode 100644 src/patches/portmap-5beta-compilation_fixes-3.patch delete mode 100644 src/patches/portmap-5beta-glibc_errno_fix-1.patch delete mode 100644 src/patches/r8101_add_missing_pciids.patch delete mode 100644 src/patches/r8169_add_missing_pciids.patch delete mode 100644 src/patches/skbuff-xen-imq.diff delete mode 100644 src/patches/sysklogd-1.4.1-8bit-1.patch delete mode 100644 src/patches/sysklogd-1.4.1-fixes-1.patch delete mode 100644 src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch delete mode 100644 src/patches/xen-co_assignment.patch delete mode 100644 src/patches/xen-cpufreq.patch delete mode 100644 src/patches/xen-passthrough-fix.patch delete mode 100644 src/patches/xend-config.patch diff --git a/src/patches/atl2_add_tx_bytes_statistic.patch b/src/patches/atl2_add_tx_bytes_statistic.patch deleted file mode 100644 index cea68a2736..0000000000 --- a/src/patches/atl2_add_tx_bytes_statistic.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -Naur atl2-2.0.5.org/atl2_main.c atl2-2.0.5/atl2_main.c ---- atl2-2.0.5.org/atl2_main.c 2008-08-04 17:53:21.000000000 +0200 -+++ atl2-2.0.5/atl2_main.c 2008-10-15 18:53:12.000000000 +0200 -@@ -572,8 +572,10 @@ - atomic_set(&adapter->txd_read_ptr, (int)txd_read_ptr); - - // tx statistics: -- if (txs->ok) -+ if (txs->ok) { -+ adapter->net_stats.tx_bytes += txs->pkt_size; - adapter->net_stats.tx_packets++; -+ } - else - adapter->net_stats.tx_errors++; - diff --git a/src/patches/ccache-2.4.patch b/src/patches/ccache-2.4.patch deleted file mode 100644 index 64d3edaf2d..0000000000 --- a/src/patches/ccache-2.4.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- /tmp/ccache.c 2004-04-15 13:49:38.000000000 +0100 -+++ ccache.c 2004-04-15 17:47:59.000000000 +0100 -@@ -322,7 +322,9 @@ - failed(); - } - hash_int(st.st_size); -+#if 0 /* don't hash on the modification time */ - hash_int(st.st_mtime); -+#endif - - /* possibly hash the current working directory */ - if (getenv("CCACHE_HASHDIR")) { diff --git a/src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch b/src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch deleted file mode 100644 index fbe3098712..0000000000 --- a/src/patches/compat-wireless-ath5k_fix_setup_for_CAB_queue.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/drivers/net/wireless/ath/ath5k/ath5k.h b/drivers/net/wireless/ath/ath5k/ath5k.h -index 66bcb50..ad4d446 100644 ---- a/drivers/net/wireless/ath/ath5k/ath5k.h -+++ b/drivers/net/wireless/ath/ath5k/ath5k.h -@@ -535,7 +535,7 @@ struct ath5k_txq_info { - u32 tqi_cbr_period; /* Constant bit rate period */ - u32 tqi_cbr_overflow_limit; - u32 tqi_burst_time; -- u32 tqi_ready_time; /* Not used */ -+ u32 tqi_ready_time; /* Time queue waits after an event */ - }; - - /* -diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c -index b501537..535a6af 100644 ---- a/drivers/net/wireless/ath/ath5k/base.c -+++ b/drivers/net/wireless/ath/ath5k/base.c -@@ -1516,7 +1516,8 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - - ret = ath5k_hw_get_tx_queueprops(ah, sc->bhalq, &qi); - if (ret) -- return ret; -+ goto err; -+ - if (sc->opmode == NL80211_IFTYPE_AP || - sc->opmode == NL80211_IFTYPE_MESH_POINT) { - /* -@@ -1543,10 +1544,25 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - if (ret) { - ATH5K_ERR(sc, "%s: unable to update parameters for beacon " - "hardware queue!\n", __func__); -- return ret; -+ goto err; - } -+ ret = ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */ -+ if (ret) -+ goto err; - -- return ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */; -+ /* reconfigure cabq with ready time to 80% of beacon_interval */ -+ ret = ath5k_hw_get_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ qi.tqi_ready_time = (sc->bintval * 80) / 100; -+ ret = ath5k_hw_set_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ ret = ath5k_hw_reset_tx_queue(ah, AR5K_TX_QUEUE_ID_CAB); -+err: -+ return ret; - } - - static void -diff --git a/drivers/net/wireless/ath/ath5k/qcu.c b/drivers/net/wireless/ath/ath5k/qcu.c -index abe36c0..9122a85 100644 ---- a/drivers/net/wireless/ath/ath5k/qcu.c -+++ b/drivers/net/wireless/ath/ath5k/qcu.c -@@ -408,12 +408,13 @@ int ath5k_hw_reset_tx_queue(struct ath5k_hw *ah, unsigned int queue) - break; - - case AR5K_TX_QUEUE_CAB: -+ /* XXX: use BCN_SENT_GT, if we can figure out how */ - AR5K_REG_ENABLE_BITS(ah, AR5K_QUEUE_MISC(queue), -- AR5K_QCU_MISC_FRSHED_BCN_SENT_GT | -+ AR5K_QCU_MISC_FRSHED_DBA_GT | - AR5K_QCU_MISC_CBREXP_DIS | - AR5K_QCU_MISC_CBREXP_BCN_DIS); - -- ath5k_hw_reg_write(ah, ((AR5K_TUNE_BEACON_INTERVAL - -+ ath5k_hw_reg_write(ah, ((tq->tqi_ready_time - - (AR5K_TUNE_SW_BEACON_RESP - - AR5K_TUNE_DMA_BEACON_RESP) - - AR5K_TUNE_ADDITIONAL_SWBA_BACKOFF) * 1024) | diff --git a/src/patches/compat-xen-1.patch b/src/patches/compat-xen-1.patch deleted file mode 100644 index e73fddaad8..0000000000 --- a/src/patches/compat-xen-1.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- a/linux/include/linux/module.h 2009-07-27 09:17:57.000000000 +0000 -+++ b/linux/include/linux/module.h 2009-07-27 09:39:26.000000000 +0000 -@@ -16,7 +16,6 @@ - #include - #include - #include --#include - #include - - #include -@@ -333,11 +332,6 @@ - unsigned int num_markers; - #endif - --#ifdef CONFIG_TRACEPOINTS -- struct tracepoint *tracepoints; -- unsigned int num_tracepoints; --#endif -- - #ifdef CONFIG_MODULE_UNLOAD - /* What modules depend on me? */ - struct list_head modules_which_use_me; -@@ -349,8 +343,9 @@ - void (*exit)(void); - - /* Reference counts */ -- struct module_ref *ref; -+ struct module_ref ref[NR_CPUS]; - #endif -+ - }; - #ifndef MODULE_ARCH_INIT - #define MODULE_ARCH_INIT {} -@@ -368,7 +363,6 @@ - struct module *module_text_address(unsigned long addr); - struct module *__module_text_address(unsigned long addr); - int is_module_address(unsigned long addr); --const char *supported_printable(int taint); - - /* Returns 0 and fills in value, defined and namebuf, or -ERANGE if - symnum out of range. */ -@@ -459,9 +453,6 @@ - - extern void module_update_markers(void); - --extern void module_update_tracepoints(void); --extern int module_get_iter_tracepoints(struct tracepoint_iter *iter); -- - #else /* !CONFIG_MODULES... */ - #define EXPORT_SYMBOL(sym) - #define EXPORT_SYMBOL_GPL(sym) -@@ -566,15 +557,6 @@ - { - } - --static inline void module_update_tracepoints(void) --{ --} -- --static inline int module_get_iter_tracepoints(struct tracepoint_iter *iter) --{ -- return 0; --} -- - #endif /* CONFIG_MODULES */ - - struct device_driver; diff --git a/src/patches/compat-xen-2.patch b/src/patches/compat-xen-2.patch deleted file mode 100644 index ea5f416320..0000000000 --- a/src/patches/compat-xen-2.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- a/linux/include/linux/module.h 2009-07-27 09:39:26.000000000 +0000 -+++ b/linux/include/linux/module.h 2009-07-27 09:17:57.000000000 +0000 -@@ -16,6 +16,7 @@ - #include - #include - #include -+#include - #include - - #include -@@ -332,6 +333,11 @@ - unsigned int num_markers; - #endif - -+#ifdef CONFIG_TRACEPOINTS -+ struct tracepoint *tracepoints; -+ unsigned int num_tracepoints; -+#endif -+ - #ifdef CONFIG_MODULE_UNLOAD - /* What modules depend on me? */ - struct list_head modules_which_use_me; -@@ -343,9 +349,8 @@ - void (*exit)(void); - - /* Reference counts */ -- struct module_ref ref[NR_CPUS]; -+ struct module_ref *ref; - #endif -- - }; - #ifndef MODULE_ARCH_INIT - #define MODULE_ARCH_INIT {} -@@ -363,6 +368,7 @@ - struct module *module_text_address(unsigned long addr); - struct module *__module_text_address(unsigned long addr); - int is_module_address(unsigned long addr); -+const char *supported_printable(int taint); - - /* Returns 0 and fills in value, defined and namebuf, or -ERANGE if - symnum out of range. */ -@@ -453,6 +459,9 @@ - - extern void module_update_markers(void); - -+extern void module_update_tracepoints(void); -+extern int module_get_iter_tracepoints(struct tracepoint_iter *iter); -+ - #else /* !CONFIG_MODULES... */ - #define EXPORT_SYMBOL(sym) - #define EXPORT_SYMBOL_GPL(sym) -@@ -557,6 +566,15 @@ - { - } - -+static inline void module_update_tracepoints(void) -+{ -+} -+ -+static inline int module_get_iter_tracepoints(struct tracepoint_iter *iter) -+{ -+ return 0; -+} -+ - #endif /* CONFIG_MODULES */ - - struct device_driver; diff --git a/src/patches/grub-0.97_grub-install_virtio.patch b/src/patches/grub-0.97_grub-install_virtio.patch deleted file mode 100644 index 7941ca7418..0000000000 --- a/src/patches/grub-0.97_grub-install_virtio.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -Naur grub-0.97.org/util/grub-install.in grub-0.97/util/grub-install.in ---- grub-0.97.org/util/grub-install.in 2004-07-24 20:57:31.000000000 +0200 -+++ grub-0.97/util/grub-install.in 2009-08-14 20:01:20.000000000 +0200 -@@ -96,12 +96,12 @@ - # Break the device name into the disk part and the partition part. - case "$host_os" in - linux*) -- tmp_disk=`echo "$1" | sed -e 's%\([sh]d[a-z]\)[0-9]*$%\1%' \ -+ tmp_disk=`echo "$1" | sed -e 's%\([vsh]d[a-z]\)[0-9]*$%\1%' \ - -e 's%\(d[0-9]*\)p[0-9]*$%\1%' \ - -e 's%\(fd[0-9]*\)$%\1%' \ - -e 's%/part[0-9]*$%/disc%' \ - -e 's%\(c[0-7]d[0-9]*\).*$%\1%'` -- tmp_part=`echo "$1" | sed -e 's%.*/[sh]d[a-z]\([0-9]*\)$%\1%' \ -+ tmp_part=`echo "$1" | sed -e 's%.*/[vsh]d[a-z]\([0-9]*\)$%\1%' \ - -e 's%.*d[0-9]*p%%' \ - -e 's%.*/fd[0-9]*$%%' \ - -e 's%.*/floppy/[0-9]*$%%' \ -@@ -333,6 +333,10 @@ - if test -f "$device_map"; then - : - else -+ -+ tmp_disk=`echo "$install_device" | grep "/dev/vd"` -+ if test "x$tmp_disk" = x; then -+ - # Create a safe temporary file. - test -n "$mklog" && log_file=`$mklog` - -@@ -345,6 +349,11 @@ - fi - - rm -f $log_file -+ -+ else -+ echo "Create fake device.map for vitio device $1" 1>&2 -+ echo "(hd0) $install_device" > $device_map -+ fi - fi - - # Make sure that there is no duplicated entry. diff --git a/src/patches/hostapd-usb_hw_did_not_ack.patch b/src/patches/hostapd-usb_hw_did_not_ack.patch deleted file mode 100644 index 2f555e5399..0000000000 --- a/src/patches/hostapd-usb_hw_did_not_ack.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur hostapd-0.6.9.org/hostapd/ieee802_11.c hostapd-0.6.9/hostapd/ieee802_11.c ---- hostapd-0.6.9.org/hostapd/ieee802_11.c 2009-03-23 15:06:28.000000000 +0100 -+++ hostapd-0.6.9/hostapd/ieee802_11.c 2009-07-07 23:13:37.000000000 +0200 -@@ -1497,7 +1497,7 @@ - hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, - HOSTAPD_LEVEL_NOTICE, - "did not acknowledge authentication response"); -- return; -+ //return; - } - - if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { -@@ -1571,7 +1571,7 @@ - hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, - HOSTAPD_LEVEL_DEBUG, - "did not acknowledge association response"); -- return; -+ //return; - } - - if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : diff --git a/src/patches/imq-skbuff.patch b/src/patches/imq-skbuff.patch deleted file mode 100644 index fa9b7d675a..0000000000 --- a/src/patches/imq-skbuff.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- linux-2.6.27.21/include/linux/skbuff.h 2009-07-22 08:06:40.000000000 +0000 -+++ linux-2.6.27.21/include/linux/skbuff.h.imq 2009-07-22 08:12:55.000000000 +0000 -@@ -28,6 +28,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - - #define HAVE_ALLOC_SKB /* For the drivers to know */ - #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ -@@ -274,6 +277,9 @@ - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48]; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned int len, - data_len; -@@ -304,6 +310,9 @@ - struct nf_conntrack *nfct; - struct sk_buff *nfct_reasm; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - struct nf_bridge_info *nf_bridge; - #endif -@@ -330,6 +339,9 @@ - proto_csum_blank:1; - #endif - /* 10-16 bit hole */ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; -@@ -374,6 +386,11 @@ - #endif - } - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern int skb_save_cb(struct sk_buff *skb); -+extern int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern void kfree_skb(struct sk_buff *skb); - extern void __kfree_skb(struct sk_buff *skb); - extern struct sk_buff *__alloc_skb(unsigned int size, -@@ -1688,6 +1705,10 @@ - dst->nfct_reasm = src->nfct_reasm; - nf_conntrack_get_reasm(src->nfct_reasm); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); diff --git a/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch b/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch deleted file mode 100644 index 183d0534c6..0000000000 --- a/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net/ipv4/netfilter/ip_conntrack_standalone.c~ 2006-12-12 01:50:40.000000000 +0000 -+++ net/ipv4/netfilter/ip_conntrack_standalone.c 2006-12-16 16:29:28.000000000 +0000 -@@ -804,7 +804,7 @@ - - #ifdef CONFIG_PROC_FS - ret = -ENOMEM; -- proc = proc_net_fops_create("ip_conntrack", 0440, &ct_file_ops); -+ proc = proc_net_fops_create("ip_conntrack", 0444, &ct_file_ops); - if (!proc) goto cleanup_init; - - proc_exp = proc_net_fops_create("ip_conntrack_expect", 0440, diff --git a/src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch b/src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch deleted file mode 100644 index ed71d4de25..0000000000 --- a/src/patches/iptables-1.4.1.1-ipp2p-0.8.2-pomng.patch +++ /dev/null @@ -1,481 +0,0 @@ -diff -Naur iptables-1.4.1.1.org/extensions/.ipp2p-test iptables-1.4.1.1/extensions/.ipp2p-test ---- iptables-1.4.1.1.org/extensions/.ipp2p-test 1970-01-01 00:00:00.000000000 +0000 -+++ iptables-1.4.1.1/extensions/.ipp2p-test 2008-09-22 21:58:41.000000000 +0000 -@@ -0,0 +1,2 @@ -+#! /bin/sh -+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p -diff -Naur iptables-1.4.1.1.org/extensions/libipt_ipp2p.c iptables-1.4.1.1/extensions/libipt_ipp2p.c ---- iptables-1.4.1.1.org/extensions/libipt_ipp2p.c 1970-01-01 00:00:00.000000000 +0000 -+++ iptables-1.4.1.1/extensions/libipt_ipp2p.c 2008-09-22 21:58:41.000000000 +0000 -@@ -0,0 +1,424 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+#include -+ -+#ifndef XTABLES_VERSION -+#define XTABLES_VERSION IPTABLES_VERSION -+#endif -+ -+#ifdef IPT_LIB_DIR -+#define xtables_target iptables_target -+#define xtables_register_target register_target -+#endif -+ -+static void -+help(void) -+{ -+ printf( -+ "IPP2P v%s options:\n" -+ " --ipp2p Grab all known p2p packets\n" -+ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n" -+ " --dc [TCP] All known Direct Connect packets\n" -+ " --kazaa [TCP&UDP] All known KaZaA packets\n" -+ " --gnu [TCP&UDP] All known Gnutella packets\n" -+ " --bit [TCP&UDP] All known BitTorrent packets\n" -+ " --apple [TCP] All known AppleJuice packets\n" -+ " --winmx [TCP] All known WinMX\n" -+ " --soul [TCP] All known SoulSeek\n" -+ " --ares [TCP] All known Ares\n\n" -+ " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n" -+ " --mute [TCP] All known Mute packets\n" -+ " --waste [TCP] All known Waste packets\n" -+ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n" -+ " DEBUG SUPPPORT, use only if you know why\n" -+ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n" -+ "\nNote that the follwing options will have the same meaning:\n" -+ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n" -+ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n" -+ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n" -+ "\nSee README included with this package for more details or visit http://www.ipp2p.org\n" -+ "\nExamples:\n" -+ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n" -+ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n" -+ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n" -+ , IPP2P_VERSION); -+} -+ -+static struct option opts[] = { -+ { "ipp2p", 0, 0, '1' }, -+ { "edk", 0, 0, '2' }, -+ { "dc", 0, 0, '7' }, -+ { "gnu", 0, 0, '9' }, -+ { "kazaa", 0, 0, 'a' }, -+ { "bit", 0, 0, 'b' }, -+ { "apple", 0, 0, 'c' }, -+ { "soul", 0, 0, 'd' }, -+ { "winmx", 0, 0, 'e' }, -+ { "ares", 0, 0, 'f' }, -+ { "mute", 0, 0, 'g' }, -+ { "waste", 0, 0, 'h' }, -+ { "xdcc", 0, 0, 'i' }, -+ { "debug", 0, 0, 'j' }, -+ {0} -+}; -+ -+ -+static void -+#ifdef _XTABLES_H -+init(struct xt_entry_match *m) -+#else -+init(struct ipt_entry_match *t, unsigned int *nfcache) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data; -+ -+#ifndef _XTABLES_H -+ *nfcache |= NFC_UNKNOWN; -+#endif -+ -+ /*init the module with default values*/ -+ info->cmd = 0; -+ info->debug = 0; -+ -+} -+ -+ -+static int -+parse(int c, char **argv, int invert, unsigned int *flags, -+#ifdef _XTABLES_H -+ const void *entry, struct xt_entry_match **match) -+#else -+ const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data; -+ -+ switch (c) { -+ case '1': /*cmd: ipp2p*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified once!"); -+ -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!"); -+*/ -+ -+ if ((*flags) != 0) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += SHORT_HAND_IPP2P; -+ info->cmd = *flags; -+ break; -+ -+ case '2': /*cmd: edk*/ -+ if ((*flags & IPP2P_EDK) == IPP2P_EDK) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--edk' may only be " -+ "specified once"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--edk' OR `--edk-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_EDK; -+ info->cmd = *flags; -+ break; -+ -+ -+ case '7': /*cmd: dc*/ -+ if ((*flags & IPP2P_DC) == IPP2P_DC) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--dc' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--dc' OR `--dc-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_DC; -+ info->cmd = *flags; -+ break; -+ -+ -+ case '9': /*cmd: gnu*/ -+ if ((*flags & IPP2P_GNU) == IPP2P_GNU) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--gnu' may only be " -+ "specified once!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_GNU; -+ info->cmd = *flags; -+ break; -+ -+ case 'a': /*cmd: kazaa*/ -+ if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--kazaa' may only be " -+ "specified once!"); -+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p-data' may only be " -+ "specified alone!");*/ -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_KAZAA; -+ info->cmd = *flags; -+ break; -+ -+ case 'b': /*cmd: bit*/ -+ if ((*flags & IPP2P_BIT) == IPP2P_BIT) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--bit' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_BIT; -+ info->cmd = *flags; -+ break; -+ -+ case 'c': /*cmd: apple*/ -+ if ((*flags & IPP2P_APPLE) == IPP2P_APPLE) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--apple' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_APPLE; -+ info->cmd = *flags; -+ break; -+ -+ -+ case 'd': /*cmd: soul*/ -+ if ((*flags & IPP2P_SOUL) == IPP2P_SOUL) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--soul' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_SOUL; -+ info->cmd = *flags; -+ break; -+ -+ -+ case 'e': /*cmd: winmx*/ -+ if ((*flags & IPP2P_WINMX) == IPP2P_WINMX) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--winmx' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_WINMX; -+ info->cmd = *flags; -+ break; -+ -+ case 'f': /*cmd: ares*/ -+ if ((*flags & IPP2P_ARES) == IPP2P_ARES) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ares' may only be " -+ "specified once!"); -+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ipp2p' may only be " -+ "specified alone!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_ARES; -+ info->cmd = *flags; -+ break; -+ -+ case 'g': /*cmd: mute*/ -+ if ((*flags & IPP2P_MUTE) == IPP2P_MUTE) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--mute' may only be " -+ "specified once!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_MUTE; -+ info->cmd = *flags; -+ break; -+ case 'h': /*cmd: waste*/ -+ if ((*flags & IPP2P_WASTE) == IPP2P_WASTE) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--waste' may only be " -+ "specified once!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_WASTE; -+ info->cmd = *flags; -+ break; -+ case 'i': /*cmd: xdcc*/ -+ if ((*flags & IPP2P_XDCC) == IPP2P_XDCC) -+ exit_error(PARAMETER_PROBLEM, -+ "ipp2p: `--ares' may only be " -+ "specified once!"); -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ *flags += IPP2P_XDCC; -+ info->cmd = *flags; -+ break; -+ -+ case 'j': /*cmd: debug*/ -+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); -+ info->debug = 1; -+ break; -+ -+ default: -+// exit_error(PARAMETER_PROBLEM, -+// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); -+ return 0; -+ } -+ return 1; -+} -+ -+ -+static void -+final_check(unsigned int flags) -+{ -+ if (!flags) -+ exit_error(PARAMETER_PROBLEM, -+ "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); -+} -+ -+static void -+#ifdef _XTABLES_H -+print(const void *ip, -+ const struct xt_entry_match *match, -+#else -+print(const struct ipt_ip *ip, -+ const struct ipt_entry_match *match, -+#endif -+ int numeric) -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; -+ -+ printf("ipp2p v%s", IPP2P_VERSION); -+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p"); -+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data"); -+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa"); -+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data"); -+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data"); -+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu"); -+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk"); -+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data"); -+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data"); -+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc"); -+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit"); -+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple"); -+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul"); -+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx"); -+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares"); -+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); -+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); -+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); -+ if (info->debug != 0) printf(" --debug"); -+ printf(" "); -+} -+ -+static void -+#ifdef _XTABLES_H -+save(const void *ip, -+ const struct xt_entry_match *match) -+#else -+save(const struct ipt_ip *ip, -+ const struct ipt_entry_match *match) -+#endif -+{ -+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; -+ -+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p "); -+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data "); -+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa "); -+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data "); -+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data "); -+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu "); -+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk "); -+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data "); -+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data "); -+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc "); -+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit "); -+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple "); -+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul "); -+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx "); -+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares "); -+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); -+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); -+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); -+ if (info->debug != 0) printf("--debug "); -+} -+ -+ -+static -+struct xtables_match ipp2p= -+{ -+ .next = NULL, -+ .name = "ipp2p", -+ .version = XTABLES_VERSION, -+ .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)), -+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)), -+ .help = &help, -+ .init = &init, -+ .parse = &parse, -+ .final_check = &final_check, -+ .print = &print, -+ .save = &save, -+ .extra_opts = opts -+}; -+ -+ -+ -+void _init(void) -+{ -+ xtables_register_match(&ipp2p); -+} -+ -diff -Naur iptables-1.4.1.1.org/extensions/libipt_ipp2p.man iptables-1.4.1.1/extensions/libipt_ipp2p.man ---- iptables-1.4.1.1.org/extensions/libipt_ipp2p.man 1970-01-01 00:00:00.000000000 +0000 -+++ iptables-1.4.1.1/extensions/libipt_ipp2p.man 2008-09-22 21:58:41.000000000 +0000 -@@ -0,0 +1,43 @@ -+This module matches certain packets in P2P flows. It is not -+designed to match all packets belonging to a P2P connection - -+use IPP2P together with CONNMARK for this purpose. Also visit -+http://www.ipp2p.org for detailed information. -+ -+Use it together with -p tcp or -p udp to search these protocols -+only or without -p switch to search packets of both protocols. -+ -+IPP2P provides the following options: -+.TP -+.B "--edk " -+Matches as many eDonkey/eMule packets as possible. -+.TP -+.B "--kazaa " -+Matches as many KaZaA packets as possible. -+.TP -+.B "--gnu " -+Matches as many Gnutella packets as possible. -+.TP -+.B "--dc " -+Matches as many Direct Connect packets as possible. -+.TP -+.B "--bit " -+Matches BitTorrent packets. -+.TP -+.B "--apple " -+Matches AppleJuice packets. -+.TP -+.B "--soul " -+Matches some SoulSeek packets. Considered as beta, use careful! -+.TP -+.B "--winmx " -+Matches some WinMX packets. Considered as beta, use careful! -+.TP -+.B "--ares " -+Matches Ares and AresLite packets. Use together with -j DROP only. -+.TP -+.B "--ipp2p " -+Short hand for: --edk --kazaa --gnu --dc -+.TP -+.B "--debug " -+Prints some information about each hit into kernel logfile. May -+produce huge logfiles so beware! diff --git a/src/patches/iptables-1.4.2-imq.patch b/src/patches/iptables-1.4.2-imq.patch deleted file mode 100644 index 7fdcab8f9c..0000000000 --- a/src/patches/iptables-1.4.2-imq.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -Naur iptables-1.4.2/extensions/.IMQ-test iptables/extensions/.IMQ-test ---- iptables-1.4.2/extensions/.IMQ-test 1970-01-01 10:00:00.000000000 +1000 -+++ iptables/extensions/.IMQ-test 2008-06-08 22:41:49.000000000 +1000 -@@ -0,0 +1,3 @@ -+#!/bin/sh -+# True if IMQ target patch is applied. -+[ -f $KERNEL_DIR/include/linux/netfilter/xt_IMQ.h ] && echo IMQ -diff -Naur iptables-1.4.2/extensions/libipt_IMQ.c iptables/extensions/libipt_IMQ.c ---- iptables-1.4.2/extensions/libipt_IMQ.c 1970-01-01 10:00:00.000000000 +1000 -+++ iptables/extensions/libipt_IMQ.c 2008-06-08 22:46:25.000000000 +1000 -@@ -0,0 +1,88 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target v%s options:\n" -+" --todev enqueue to imq, defaults to 0\n", -+XTABLES_VERSION); -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+ if (check_inverse(optarg, &invert, NULL, 0)) -+ exit_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+ mr->todev=atoi(optarg); -+ break; -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("--todev %u", mr->todev); -+} -+ -+static struct xtables_target imq = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = PF_INET, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+void _init(void) -+{ -+ xtables_register_target(&imq); -+} diff --git a/src/patches/linux-2.6.24-leds-alix.patch b/src/patches/linux-2.6.24-leds-alix.patch deleted file mode 100644 index 13e5b3523e..0000000000 --- a/src/patches/linux-2.6.24-leds-alix.patch +++ /dev/null @@ -1,203 +0,0 @@ -diff -Nur linux-2.6.24.old/drivers/leds/Kconfig linux-2.6.24/drivers/leds/Kconfig ---- linux-2.6.24.old/drivers/leds/Kconfig 2008-01-24 23:58:37.000000000 +0100 -+++ linux-2.6.24/drivers/leds/Kconfig 2008-05-24 09:32:18.000000000 +0200 -@@ -81,6 +81,12 @@ - help - This option enables support for the PCEngines WRAP programmable LEDs. - -+config LEDS_ALIX -+ tristate "LED Support for the ALIX 2/3 boards" -+ depends on LEDS_CLASS -+ help -+ This option enables support for the three LEDs on the PCEngines ALIX 2/3 boards. -+ - config LEDS_H1940 - tristate "LED Support for iPAQ H1940 device" - depends on LEDS_CLASS && ARCH_H1940 -diff -Nur linux-2.6.24.old/drivers/leds/leds-alix.c linux-2.6.24/drivers/leds/leds-alix.c ---- linux-2.6.24.old/drivers/leds/leds-alix.c 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.6.24/drivers/leds/leds-alix.c 2008-05-24 09:32:18.000000000 +0200 -@@ -0,0 +1,172 @@ -+/* -+ * LEDs driver for PCEngines ALIX 2/3 series -+ * -+ * Copyright (C) 2007 Petr Liebman -+ * -+ * Based on leds-wrap.c -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License version 2 as -+ * published by the Free Software Foundation. -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define DRVNAME "alix-led" -+ -+#define ALIX_LED1_PORT (0x6100) -+#define ALIX_LED1_ON (1<<22) -+#define ALIX_LED1_OFF (1<<6) -+ -+#define ALIX_LED2_PORT (0x6180) -+#define ALIX_LED2_ON (1<<25) -+#define ALIX_LED2_OFF (1<<9) -+ -+#define ALIX_LED3_PORT (0x6180) -+#define ALIX_LED3_ON (1<<27) -+#define ALIX_LED3_OFF (1<<11) -+ -+ -+static struct platform_device *pdev; -+ -+static void alix_led_set_1(struct led_classdev *led_cdev, -+ enum led_brightness value) -+{ -+ if (value) -+ outl(ALIX_LED1_ON, ALIX_LED1_PORT); -+ else -+ outl(ALIX_LED1_OFF, ALIX_LED1_PORT); -+} -+ -+static void alix_led_set_2(struct led_classdev *led_cdev, -+ enum led_brightness value) -+{ -+ if (value) -+ outl(ALIX_LED2_ON, ALIX_LED2_PORT); -+ else -+ outl(ALIX_LED2_OFF, ALIX_LED2_PORT); -+} -+ -+static void alix_led_set_3(struct led_classdev *led_cdev, -+ enum led_brightness value) -+{ -+ if (value) -+ outl(ALIX_LED3_ON, ALIX_LED3_PORT); -+ else -+ outl(ALIX_LED3_OFF, ALIX_LED3_PORT); -+} -+ -+static struct led_classdev alix_led_1 = { -+ .name = "alix:1", -+ .brightness_set = alix_led_set_1, -+}; -+ -+static struct led_classdev alix_led_2 = { -+ .name = "alix:2", -+ .brightness_set = alix_led_set_2, -+}; -+ -+static struct led_classdev alix_led_3 = { -+ .name = "alix:3", -+ .brightness_set = alix_led_set_3, -+}; -+ -+ -+#ifdef CONFIG_PM -+static int alix_led_suspend(struct platform_device *dev, -+ pm_message_t state) -+{ -+ led_classdev_suspend(&alix_led_1); -+ led_classdev_suspend(&alix_led_2); -+ led_classdev_suspend(&alix_led_3); -+ return 0; -+} -+ -+static int alix_led_resume(struct platform_device *dev) -+{ -+ led_classdev_resume(&alix_led_1); -+ led_classdev_resume(&alix_led_2); -+ led_classdev_resume(&alix_led_3); -+ return 0; -+} -+#else -+#define alix_led_suspend NULL -+#define alix_led_resume NULL -+#endif -+ -+static int alix_led_probe(struct platform_device *pdev) -+{ -+ int ret; -+ -+ ret = led_classdev_register(&pdev->dev, &alix_led_1); -+ if (ret >= 0) -+ { -+ ret = led_classdev_register(&pdev->dev, &alix_led_2); -+ if (ret >= 0) -+ { -+ ret = led_classdev_register(&pdev->dev, &alix_led_3); -+ if (ret < 0) -+ led_classdev_unregister(&alix_led_2); -+ } -+ if (ret < 0) -+ led_classdev_unregister(&alix_led_1); -+ } -+ return ret; -+} -+ -+static int alix_led_remove(struct platform_device *pdev) -+{ -+ led_classdev_unregister(&alix_led_1); -+ led_classdev_unregister(&alix_led_2); -+ led_classdev_unregister(&alix_led_3); -+ return 0; -+} -+ -+static struct platform_driver alix_led_driver = { -+ .probe = alix_led_probe, -+ .remove = alix_led_remove, -+ .suspend = alix_led_suspend, -+ .resume = alix_led_resume, -+ .driver = { -+ .name = DRVNAME, -+ .owner = THIS_MODULE, -+ }, -+}; -+ -+static int __init alix_led_init(void) -+{ -+ int ret; -+ -+ ret = platform_driver_register(&alix_led_driver); -+ if (ret < 0) -+ goto out; -+ -+ pdev = platform_device_register_simple(DRVNAME, -1, NULL, 0); -+ if (IS_ERR(pdev)) { -+ ret = PTR_ERR(pdev); -+ platform_driver_unregister(&alix_led_driver); -+ goto out; -+ } -+ -+out: -+ return ret; -+} -+ -+static void __exit alix_led_exit(void) -+{ -+ platform_device_unregister(pdev); -+ platform_driver_unregister(&alix_led_driver); -+} -+ -+module_init(alix_led_init); -+module_exit(alix_led_exit); -+ -+MODULE_AUTHOR("Petr Liebman"); -+MODULE_DESCRIPTION("PCEngines ALIX LED driver"); -+MODULE_LICENSE("GPL"); -+ -diff -Nur linux-2.6.24.old/drivers/leds/Makefile linux-2.6.24/drivers/leds/Makefile ---- linux-2.6.24.old/drivers/leds/Makefile 2008-01-24 23:58:37.000000000 +0100 -+++ linux-2.6.24/drivers/leds/Makefile 2008-05-24 08:34:40.000000000 +0200 -@@ -14,6 +14,7 @@ - obj-$(CONFIG_LEDS_AMS_DELTA) += leds-ams-delta.o - obj-$(CONFIG_LEDS_NET48XX) += leds-net48xx.o - obj-$(CONFIG_LEDS_WRAP) += leds-wrap.o -+obj-$(CONFIG_LEDS_ALIX) += leds-alix.o - obj-$(CONFIG_LEDS_H1940) += leds-h1940.o - obj-$(CONFIG_LEDS_COBALT_QUBE) += leds-cobalt-qube.o - obj-$(CONFIG_LEDS_COBALT_RAQ) += leds-cobalt-raq.o diff --git a/src/patches/linux-2.6.27-atom-clockmod.patch b/src/patches/linux-2.6.27-atom-clockmod.patch deleted file mode 100644 index ef59fef3ea..0000000000 --- a/src/patches/linux-2.6.27-atom-clockmod.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur linux-2.6.27.45.org/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c linux-2.6.27.45/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c ---- linux-2.6.27.45.org/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c 2010-01-29 00:21:45.000000000 +0100 -+++ linux-2.6.27.45/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c 2010-02-11 15:21:39.000000000 +0100 -@@ -160,6 +160,8 @@ - switch (c->x86_model) { - case 0x0E: /* Core */ - case 0x0F: /* Core Duo */ -+ case 0x16: /* Celeron Core */ -+ case 0x1c: /* Atom */ - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; - return speedstep_get_processor_frequency(SPEEDSTEP_PROCESSOR_PCORE); - case 0x0D: /* Pentium M (Dothan) */ diff --git a/src/patches/linux-2.6.27-atom-coretemp.patch b/src/patches/linux-2.6.27-atom-coretemp.patch deleted file mode 100644 index 0084311aaa..0000000000 --- a/src/patches/linux-2.6.27-atom-coretemp.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff -Naur linux-2.6.27.42.org/drivers/hwmon/coretemp.c linux-2.6.27.42/drivers/hwmon/coretemp.c ---- linux-2.6.27.42.org/drivers/hwmon/coretemp.c 2009-12-18 22:31:34.000000000 +0100 -+++ linux-2.6.27.42/drivers/hwmon/coretemp.c 2010-02-07 12:36:39.000000000 +0100 -@@ -1,7 +1,7 @@ - /* - * coretemp.c - Linux kernel module for hardware monitoring - * -- * Copyright (C) 2007 Rudolf Marek -+ * Copyright (C) 2007, 2008 Rudolf Marek - * - * Inspired from many hwmon drivers - * -@@ -244,8 +244,14 @@ - } - } - -- data->tjmax = adjust_tjmax(c, data->id, &pdev->dev); -- platform_set_drvdata(pdev, data); -+ /* Intel Atom has only fixed TjMax at 95C */ -+ -+ if (c->x86_model == 0x1c) { -+ data->tjmax = 95000; -+ } else { -+ /* Adjust the TjMax for the rest of Core2 family */ -+ data->tjmax = adjust_tjmax(c, data->id, &pdev->dev); -+ } - - /* read the still undocumented IA32_TEMPERATURE_TARGET it exists - on older CPUs but not in this register */ -@@ -265,6 +271,8 @@ - } - } - -+ platform_set_drvdata(pdev, data); -+ - if ((err = sysfs_create_group(&pdev->dev.kobj, &coretemp_group))) - goto exit_dev; - -@@ -409,15 +417,15 @@ - err = platform_driver_register(&coretemp_driver); - if (err) - goto exit; -- -+ - for_each_online_cpu(i) { - struct cpuinfo_x86 *c = &cpu_data(i); - -- /* check if family 6, models 0xe, 0xf, 0x16, 0x17, 0x1A */ -+ /* check if family 6, models 0xe, 0xf, 0x16, 0x17, 0x1A, 0x1c */ - if ((c->cpuid_level < 0) || (c->x86 != 0x6) || - !((c->x86_model == 0xe) || (c->x86_model == 0xf) || -- (c->x86_model == 0x16) || (c->x86_model == 0x17) || -- (c->x86_model == 0x1A))) { -+ (c->x86_model == 0x16) || (c->x86_model == 0x17) || -+ (c->x86_model == 0x1c) || (c->x86_model == 0x1A))) { - - /* supported CPU not found, but report the unknown - family 6 CPU */ diff --git a/src/patches/linux-2.6.27-imq.patch b/src/patches/linux-2.6.27-imq.patch deleted file mode 100644 index f907a07364..0000000000 --- a/src/patches/linux-2.6.27-imq.patch +++ /dev/null @@ -1,1150 +0,0 @@ ---- a/drivers/net/Kconfig -+++ b/drivers/net/Kconfig -@@ -109,6 +109,129 @@ config EQUALIZER - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 ---- a/drivers/net/Makefile -+++ b/drivers/net/Makefile -@@ -144,6 +144,7 @@ obj-$(CONFIG_SLHC) += slhc.o - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o ---- /dev/null -+++ b/drivers/net/imq.c -@@ -0,0 +1,533 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, -+ * -+ * The first version was written by Martin Devera, -+ * -+ * Credits: Jan Rafaj -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead -+ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. New initialization routines to fix 'rmmod' not -+ * working anymore. Used code from ifb.c. (Jussi Kivilinna) -+ * -+ * 2008/08/06 - 2.6.27 - (JK) -+ * - Replaced tasklet with 'netif_schedule()'. -+ * - Cleaned up and added comments for imq_nf_queue(). -+ * -+ * Also, many thanks to pablo Sebastian Greco for making the initial -+ * patch and to those who helped the testing. -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include -+#endif -+#include -+#include -+#include -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (likely(entry)) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+} -+ -+static void imq_nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) -+{ -+ int status; -+ -+ if (!entry->next_outfn) { -+ nf_reinject(entry, verdict); -+ return; -+ } -+ -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ if (status < 0) { -+ nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); -+ kfree(entry); -+ } -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ BUG_ON(entry == NULL); -+ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ dev->trans_start = jiffies; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct sk_buff *skb_orig, *skb, *skb_shared; -+ struct Qdisc *q; -+ spinlock_t *root_lock; -+ struct netdev_queue *txq; -+ int users, index; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ return -EINVAL; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ dev = dev_get_by_name(&init_net, buf); -+ if (!dev) { -+ /* not found ?!*/ -+ BUG(); -+ return -ENODEV; -+ } -+ -+ imq_devs_cache[index] = dev; -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ return 0; -+ } -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (!skb) -+ return -ENOMEM; -+ entry->skb = skb; -+ } -+ -+ skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ txq = dev_pick_tx(dev, skb); -+ q = txq->qdisc; -+ -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ if (unlikely(!rtnl_trylock())) -+ goto packet_not_eaten_by_imq_dev; -+ -+ root_lock = qdisc_root_lock(q); -+ spin_lock(root_lock); -+ -+ users = atomic_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */ -+ -+ if (likely(atomic_read(&skb_shared->users) == users + 1)) { -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ /* imq_skb_destructor frees the skb and entry */ -+ skb->destructor = &imq_skb_destructor; -+ -+ /* cloned? */ -+ if (skb_orig) -+ kfree_skb(skb_orig); /* free original */ -+ -+ /* schedule qdisc dequeue */ -+ netif_tx_schedule_all(dev); -+ -+ spin_unlock(root_lock); -+ __rtnl_unlock(); -+ return 0; -+ } else { -+ /* qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. */ -+ spin_unlock(root_lock); -+ __rtnl_unlock(); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ /* cloned? restore original */ -+ if (skb_orig) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ return -1; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 1500; -+ dev->tx_queue_len = 10000; -+ dev->flags = IFF_NOARP; -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[]) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ printk(KERN_WARNING "IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ nf_register_queue_imq_handler(&nfqh); -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err2; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err3; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err4; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err4: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err3: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err2: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err1: -+ nf_unregister_queue_imq_handler(); -+ return err; -+} -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev(0, "imq%d", imq_setup); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -+ ---- /dev/null -+++ b/include/linux/imq.h -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ ---- /dev/null -+++ b/include/linux/netfilter/xt_IMQ.h -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ ---- /dev/null -+++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -28,6 +28,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - - #define HAVE_ALLOC_SKB /* For the drivers to know */ - #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ -@@ -302,6 +305,13 @@ struct sk_buff { - struct nf_conntrack *nfct; - struct sk_buff *nfct_reasm; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+/* 2.6.27 started using skb->cb for qdiscs. Problem here is that IMQ run qdisc -+ * on wrong layer and skb->cb is already used by TCP. So we need to make qdisc -+ * not use skb, this adds 4 extra bytes to skbuff. */ -+ unsigned int qdisc_skb_cb_pkt_len; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - struct nf_bridge_info *nf_bridge; - #endif -@@ -321,6 +331,9 @@ struct sk_buff { - __u8 do_not_encrypt:1; - #endif - /* 0/13/14 bit hole */ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; -@@ -1638,6 +1651,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) - dst->nfct_reasm = src->nfct_reasm; - nf_conntrack_get_reasm(src->nfct_reasm); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); ---- a/include/net/netfilter/nf_queue.h -+++ b/include/net/netfilter/nf_queue.h -@@ -13,6 +13,13 @@ struct nf_queue_entry { - struct net_device *indev; - struct net_device *outdev; - int (*okfn)(struct sk_buff *); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* following allow IMQ work when other nf_queue handlers are set up */ -+ int (*next_outfn)(struct nf_queue_entry *entry, -+ unsigned int queuenum); -+ unsigned int next_queuenum; -+#endif - }; - - #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) -@@ -30,5 +37,11 @@ extern int nf_unregister_queue_handler(int pf, - const struct nf_queue_handler *qh); - extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh); - extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+extern void nf_unregister_queue_imq_handler(void); -+#endif - - #endif /* _NF_QUEUE_H */ ---- a/include/net/sch_generic.h -+++ b/include/net/sch_generic.h -@@ -174,7 +174,11 @@ struct tcf_proto - }; - - struct qdisc_skb_cb { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ unsigned int __imq_do_not_use; -+#else - unsigned int pkt_len; -+#endif - char data[]; - }; - -@@ -275,6 +279,8 @@ extern void qdisc_class_hash_remove(struct Qdisc_class_hash *, struct Qdisc_clas - extern void qdisc_class_hash_grow(struct Qdisc *, struct Qdisc_class_hash *); - extern void qdisc_class_hash_destroy(struct Qdisc_class_hash *); - -+extern struct netdev_queue *dev_pick_tx(struct net_device *dev, -+ struct sk_buff *skb); - extern void dev_init_scheduler(struct net_device *dev); - extern void dev_shutdown(struct net_device *dev); - extern void dev_activate(struct net_device *dev); -@@ -340,7 +346,11 @@ static inline bool qdisc_tx_is_noop(const struct net_device *dev) - - static inline unsigned int qdisc_pkt_len(struct sk_buff *skb) - { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ return skb->qdisc_skb_cb_pkt_len; /* see skbuff.h why */ -+#else - return qdisc_skb_cb(skb)->pkt_len; -+#endif - } - - /* additional qdisc xmit flags (NET_XMIT_MASK in linux/netdevice.h) */ -@@ -366,7 +376,11 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch) - - static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch) - { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb->qdisc_skb_cb_pkt_len = skb->len; /* see skbuff.h why */ -+#else - qdisc_skb_cb(skb)->pkt_len = skb->len; -+#endif - return qdisc_enqueue(skb, sch) & NET_XMIT_MASK; - } - ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -96,6 +96,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - #include - #include - #include -@@ -1619,7 +1622,11 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev, - struct netdev_queue *txq) - { - if (likely(!skb->next)) { -- if (!list_empty(&ptype_all)) -+ if (!list_empty(&ptype_all) -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ && !(skb->imq_flags & IMQ_F_ENQUEUE) -+#endif -+ ) - dev_queue_xmit_nit(skb, dev); - - if (netif_needs_gso(dev, skb)) { -@@ -1709,8 +1716,7 @@ static u16 simple_tx_hash(struct net_device *dev, struct sk_buff *skb) - return (u16) (((u64) hash * dev->real_num_tx_queues) >> 32); - } - --static struct netdev_queue *dev_pick_tx(struct net_device *dev, -- struct sk_buff *skb) -+struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb) - { - u16 queue_index = 0; - -@@ -1722,6 +1728,7 @@ static struct netdev_queue *dev_pick_tx(struct net_device *dev, - skb_set_queue_mapping(skb, queue_index); - return netdev_get_tx_queue(dev, queue_index); - } -+EXPORT_SYMBOL(dev_pick_tx); - - /** - * dev_queue_xmit - transmit a buffer ---- a/net/core/rtnetlink.c -+++ b/net/core/rtnetlink.c -@@ -1406,6 +1406,7 @@ EXPORT_SYMBOL(rtnetlink_put_metrics); - EXPORT_SYMBOL(rtnl_lock); - EXPORT_SYMBOL(rtnl_trylock); - EXPORT_SYMBOL(rtnl_unlock); -+EXPORT_SYMBOL(__rtnl_unlock); - EXPORT_SYMBOL(rtnl_is_locked); - EXPORT_SYMBOL(rtnl_unicast); - EXPORT_SYMBOL(rtnl_notify); ---- a/net/core/skbuff.c -+++ b/net/core/skbufc -@@ -436,6 +436,9 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) - new->sp = secpath_get(old->sp); - #endif - memcpy(new->cb, old->cb, sizeof(old->cb)); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ new->qdisc_skb_cb_pkt_len = old->qdisc_skb_cb_pkt_len; -+#endif - new->csum_start = old->csum_start; - new->csum_offset = old->csum_offset; - new->local_df = old->local_df; -@@ -2258,7 +2258,9 @@ - - __copy_skb_header(nskb, skb); - nskb->mac_len = skb->mac_len; -- -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ nskb->qdisc_skb_cb_pkt_len = skb->qdisc_skb_cb_pkt_len; -+#endif - skb_reserve(nskb, headroom); - skb_reset_mac_header(nskb); - skb_set_network_header(nskb, skb->mac_len); ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -342,6 +342,18 @@ config NETFILTER_XT_TARGET_DSCP - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_XTABLES ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -42,6 +42,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -20,6 +20,26 @@ static const struct nf_queue_handler *queue_handler[NPROTO]; - - static DEFINE_MUTEX(queue_handler_mutex); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler *queue_imq_handler; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, qh); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, NULL); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - int nf_register_queue_handler(int pf, const struct nf_queue_handler *qh) -@@ -80,7 +100,7 @@ void nf_unregister_queue_handlers(const struct nf_queue_handler *qh) - } - EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers); - --static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - { - /* Release those devices we held, or Alexey will kill me. */ - if (entry->indev) -@@ -100,6 +120,7 @@ static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - /* Drop reference to owner of hook which queued us. */ - module_put(entry->elem->owner); - } -+EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs); - - /* - * Any packet that leaves via this function must come back -@@ -121,12 +142,26 @@ static int __nf_queue(struct sk_buff *skb, - #endif - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ const struct nf_queue_handler *qih = NULL; -+#endif - - /* QUEUE == DROP if noone is waiting, to be safe. */ - rcu_read_lock(); - - qh = rcu_dereference(queue_handler[pf]); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ if (pf == PF_INET || pf == PF_INET6) -+#else -+ if (pf == PF_INET) -+#endif -+ qih = rcu_dereference(queue_imq_handler); -+ -+ if (!qh && !qih) -+#else /* !IMQ */ - if (!qh) -+#endif - goto err_unlock; - - afinfo = nf_get_afinfo(pf); -@@ -145,6 +180,10 @@ static int __nf_queue(struct sk_buff *skb, - .indev = indev, - .outdev = outdev, - .okfn = okfn, -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ .next_outfn = qh ? qh->outfn : NULL, -+ .next_queuenum = queuenum, -+#endif - }; - - /* If it's going away, ignore hook. */ -@@ -170,8 +209,19 @@ static int __nf_queue(struct sk_buff *skb, - } - #endif - afinfo->saveroute(skb, entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if (qih) { -+ status = qih->outfn(entry, queuenum); -+ goto imq_skip_queue; -+ } -+#endif -+ - status = qh->outfn(entry, queuenum); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+imq_skip_queue: -+#endif - rcu_read_unlock(); - - if (status < 0) { ---- /dev/null -+++ b/net/netfilter/xt_IMQ.c -@@ -0,0 +1,81 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include -+#include -+#include -+#include -+#include -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, -+ const void *targinfo) -+{ -+ const struct xt_imq_info *mr = targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static bool imq_checkentry(const char *tablename, -+ const void *entry, -+ const struct xt_target *target, -+ void *targinfo, -+ unsigned int hook_mask) -+{ -+ struct xt_imq_info *mr = targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ ---- a/net/sched/sch_api.c -+++ b/net/sched/sch_api.c -@@ -405,7 +405,11 @@ void qdisc_calculate_pkt_len(struct sk_buff *skb, struct qdisc_size_table *stab) - out: - if (unlikely(pkt_len < 1)) - pkt_len = 1; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb->qdisc_skb_cb_pkt_len = pkt_len; /* see skbuff.h why */ -+#else - qdisc_skb_cb(skb)->pkt_len = pkt_len; -+#endif - } - EXPORT_SYMBOL(qdisc_calculate_pkt_len); - diff --git a/src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch b/src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch deleted file mode 100644 index 4b99aa629b..0000000000 --- a/src/patches/linux-2.6.27.19-ipp2p-0.8.2-pomng.patch +++ /dev/null @@ -1,980 +0,0 @@ -diff -Naur linux-2.6.27.19.org/include/linux/netfilter_ipv4/ipt_ipp2p.h linux-2.6.27.19/include/linux/netfilter_ipv4/ipt_ipp2p.h ---- linux-2.6.27.19.org/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.6.27.19/include/linux/netfilter_ipv4/ipt_ipp2p.h 2009-03-17 19:31:50.000000000 +0100 -@@ -0,0 +1,31 @@ -+#ifndef __IPT_IPP2P_H -+#define __IPT_IPP2P_H -+#define IPP2P_VERSION "0.8.2-pomng" -+ -+struct ipt_p2p_info { -+ int cmd; -+ int debug; -+}; -+ -+#endif //__IPT_IPP2P_H -+ -+#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/ -+//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/ -+#define SHORT_HAND_NONE 5 /* no short hand*/ -+ -+#define IPP2P_EDK (1 << 1) -+#define IPP2P_DATA_KAZAA (1 << 2) -+#define IPP2P_DATA_EDK (1 << 3) -+#define IPP2P_DATA_DC (1 << 4) -+#define IPP2P_DC (1 << 5) -+#define IPP2P_DATA_GNU (1 << 6) -+#define IPP2P_GNU (1 << 7) -+#define IPP2P_KAZAA (1 << 8) -+#define IPP2P_BIT (1 << 9) -+#define IPP2P_APPLE (1 << 10) -+#define IPP2P_SOUL (1 << 11) -+#define IPP2P_WINMX (1 << 12) -+#define IPP2P_ARES (1 << 13) -+#define IPP2P_MUTE (1 << 14) -+#define IPP2P_WASTE (1 << 15) -+#define IPP2P_XDCC (1 << 16) -diff -Naur linux-2.6.27.19.org/net/ipv4/netfilter/ipt_ipp2p.c linux-2.6.27.19/net/ipv4/netfilter/ipt_ipp2p.c ---- linux-2.6.27.19.org/net/ipv4/netfilter/ipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.6.27.19/net/ipv4/netfilter/ipt_ipp2p.c 2009-03-17 19:31:50.000000000 +0100 -@@ -0,0 +1,911 @@ -+#if defined(MODVERSIONS) -+#include -+#endif -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define get_u8(X,O) (*(__u8 *)(X + O)) -+#define get_u16(X,O) (*(__u16 *)(X + O)) -+#define get_u32(X,O) (*(__u32 *)(X + O)) -+ -+MODULE_AUTHOR("Eicke Friedrich/Klaus Degner "); -+MODULE_DESCRIPTION("An extension to iptables to identify P2P traffic."); -+MODULE_LICENSE("GPL"); -+ -+ -+/*Search for UDP eDonkey/eMule/Kad commands*/ -+int -+udp_search_edk (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ t += 8; -+ -+ switch (t[0]) { -+ case 0xe3: -+ { /*edonkey*/ -+ switch (t[1]) -+ { -+ /* client -> server status request */ -+ case 0x96: -+ if (packet_len == 14) return ((IPP2P_EDK * 100) + 50); -+ break; -+ /* server -> client status request */ -+ case 0x97: if (packet_len == 42) return ((IPP2P_EDK * 100) + 51); -+ break; -+ /* server description request */ -+ /* e3 2a ff f0 .. | size == 6 */ -+ case 0xa2: if ( (packet_len == 14) && ( get_u16(t,2) == __constant_htons(0xfff0) ) ) return ((IPP2P_EDK * 100) + 52); -+ break; -+ /* server description response */ -+ /* e3 a3 ff f0 .. | size > 40 && size < 200 */ -+ //case 0xa3: return ((IPP2P_EDK * 100) + 53); -+ // break; -+ case 0x9a: if (packet_len==26) return ((IPP2P_EDK * 100) + 54); -+ break; -+ -+ case 0x92: if (packet_len==18) return ((IPP2P_EDK * 100) + 55); -+ break; -+ } -+ break; -+ } -+ case 0xe4: -+ { -+ switch (t[1]) -+ { -+ /* e4 20 .. | size == 43 */ -+ case 0x20: if ((packet_len == 43) && (t[2] != 0x00) && (t[34] != 0x00)) return ((IPP2P_EDK * 100) + 60); -+ break; -+ /* e4 00 .. 00 | size == 35 ? */ -+ case 0x00: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 61); -+ break; -+ /* e4 10 .. 00 | size == 35 ? */ -+ case 0x10: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 62); -+ break; -+ /* e4 18 .. 00 | size == 35 ? */ -+ case 0x18: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 63); -+ break; -+ /* e4 52 .. | size = 44 */ -+ case 0x52: if (packet_len == 44 ) return ((IPP2P_EDK * 100) + 64); -+ break; -+ /* e4 58 .. | size == 6 */ -+ case 0x58: if (packet_len == 14 ) return ((IPP2P_EDK * 100) + 65); -+ break; -+ /* e4 59 .. | size == 2 */ -+ case 0x59: if (packet_len == 10 )return ((IPP2P_EDK * 100) + 66); -+ break; -+ /* e4 28 .. | packet_len == 52,77,102,127... */ -+ case 0x28: if (((packet_len-52) % 25) == 0) return ((IPP2P_EDK * 100) + 67); -+ break; -+ /* e4 50 xx xx | size == 4 */ -+ case 0x50: if (packet_len == 12) return ((IPP2P_EDK * 100) + 68); -+ break; -+ /* e4 40 xx xx | size == 48 */ -+ case 0x40: if (packet_len == 56) return ((IPP2P_EDK * 100) + 69); -+ break; -+ } -+ break; -+ } -+ } /* end of switch (t[0]) */ -+ return 0; -+}/*udp_search_edk*/ -+ -+ -+/*Search for UDP Gnutella commands*/ -+int -+udp_search_gnu (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ t += 8; -+ -+ if (memcmp(t, "GND", 3) == 0) return ((IPP2P_GNU * 100) + 51); -+ if (memcmp(t, "GNUTELLA ", 9) == 0) return ((IPP2P_GNU * 100) + 52); -+ return 0; -+}/*udp_search_gnu*/ -+ -+ -+/*Search for UDP KaZaA commands*/ -+int -+udp_search_kazaa (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ -+ if (t[packet_len-1] == 0x00){ -+ t += (packet_len - 6); -+ if (memcmp(t, "KaZaA", 5) == 0) return (IPP2P_KAZAA * 100 +50); -+ } -+ -+ return 0; -+}/*udp_search_kazaa*/ -+ -+/*Search for UDP DirectConnect commands*/ -+int -+udp_search_directconnect (unsigned char *haystack, int packet_len) -+{ -+ unsigned char *t = haystack; -+ if ((*(t + 8) == 0x24) && (*(t + packet_len - 1) == 0x7c)) { -+ t+=8; -+ if (memcmp(t, "SR ", 3) == 0) return ((IPP2P_DC * 100) + 60); -+ if (memcmp(t, "Ping ", 5) == 0) return ((IPP2P_DC * 100) + 61); -+ } -+ return 0; -+}/*udp_search_directconnect*/ -+ -+ -+ -+/*Search for UDP BitTorrent commands*/ -+int -+udp_search_bit (unsigned char *haystack, int packet_len) -+{ -+ switch(packet_len) -+ { -+ case 24: -+ /* ^ 00 00 04 17 27 10 19 80 */ -+ if ((ntohl(get_u32(haystack, 8)) == 0x00000417) && (ntohl(get_u32(haystack, 12)) == 0x27101980)) -+ return (IPP2P_BIT * 100 + 50); -+ break; -+ case 44: -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000400) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 51); -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000400)) -+ return (IPP2P_BIT * 100 + 61); -+ break; -+ case 65: -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000404) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 52); -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000404)) -+ return (IPP2P_BIT * 100 + 62); -+ break; -+ case 67: -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000406) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 53); -+ if (get_u32(haystack, 16) == __constant_htonl(0x00000406)) -+ return (IPP2P_BIT * 100 + 63); -+ break; -+ case 211: -+ if (get_u32(haystack, 8) == __constant_htonl(0x00000405)) -+ return (IPP2P_BIT * 100 + 54); -+ break; -+ case 29: -+ if ((get_u32(haystack, 8) == __constant_htonl(0x00000401))) -+ return (IPP2P_BIT * 100 + 55); -+ break; -+ case 52: -+ if (get_u32(haystack,8) == __constant_htonl(0x00000827) && -+ get_u32(haystack,12) == __constant_htonl(0x37502950)) -+ return (IPP2P_BIT * 100 + 80); -+ break; -+ default: -+ /* this packet does not have a constant size */ -+ if (packet_len >= 40 && get_u32(haystack, 16) == __constant_htonl(0x00000402) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) -+ return (IPP2P_BIT * 100 + 56); -+ break; -+ } -+ -+ /* some extra-bitcomet rules: -+ * "d1:" [a|r] "d2:id20:" -+ */ -+ if (packet_len > 30 && get_u8(haystack, 8) == 'd' && get_u8(haystack, 9) == '1' && get_u8(haystack, 10) == ':' ) -+ { -+ if (get_u8(haystack, 11) == 'a' || get_u8(haystack, 11) == 'r') -+ { -+ if (memcmp(haystack+12,"d2:id20:",8)==0) -+ return (IPP2P_BIT * 100 + 57); -+ } -+ } -+ -+#if 0 -+ /* bitlord rules */ -+ /* packetlen must be bigger than 40 */ -+ /* first 4 bytes are zero */ -+ if (packet_len > 40 && get_u32(haystack, 8) == 0x00000000) -+ { -+ /* first rule: 00 00 00 00 01 00 00 xx xx xx xx 00 00 00 00*/ -+ if (get_u32(haystack, 12) == 0x00000000 && -+ get_u32(haystack, 16) == 0x00010000 && -+ get_u32(haystack, 24) == 0x00000000 ) -+ return (IPP2P_BIT * 100 + 71); -+ -+ /* 00 01 00 00 0d 00 00 xx xx xx xx 00 00 00 00*/ -+ if (get_u32(haystack, 12) == 0x00000001 && -+ get_u32(haystack, 16) == 0x000d0000 && -+ get_u32(haystack, 24) == 0x00000000 ) -+ return (IPP2P_BIT * 100 + 71); -+ -+ -+ } -+#endif -+ -+ return 0; -+}/*udp_search_bit*/ -+ -+ -+ -+/*Search for Ares commands*/ -+//#define IPP2P_DEBUG_ARES -+int -+search_ares (const unsigned char *payload, const u16 plen) -+//int search_ares (unsigned char *haystack, int packet_len, int head_len) -+{ -+// const unsigned char *t = haystack + head_len; -+ -+ /* all ares packets start with */ -+ if (payload[1] == 0 && (plen - payload[0]) == 3) -+ { -+ switch (payload[2]) -+ { -+ case 0x5a: -+ /* ares connect */ -+ if ( plen == 6 && payload[5] == 0x05 ) return ((IPP2P_ARES * 100) + 1); -+ break; -+ case 0x09: -+ /* ares search, min 3 chars --> 14 bytes -+ * lets define a search can be up to 30 chars --> max 34 bytes -+ */ -+ if ( plen >= 14 && plen <= 34 ) return ((IPP2P_ARES * 100) + 1); -+ break; -+#ifdef IPP2P_DEBUG_ARES -+ default: -+ printk(KERN_DEBUG "Unknown Ares command %x recognized, len: %u \n", (unsigned int) payload[2],plen); -+#endif /* IPP2P_DEBUG_ARES */ -+ } -+ } -+ -+#if 0 -+ /* found connect packet: 03 00 5a 04 03 05 */ -+ /* new version ares 1.8: 03 00 5a xx xx 05 */ -+ if ((plen) == 6){ /* possible connect command*/ -+ if ((payload[0] == 0x03) && (payload[1] == 0x00) && (payload[2] == 0x5a) && (payload[5] == 0x05)) -+ return ((IPP2P_ARES * 100) + 1); -+ } -+ if ((plen) == 60){ /* possible download command*/ -+ if ((payload[59] == 0x0a) && (payload[58] == 0x0a)){ -+ if (memcmp(t, "PUSH SHA1:", 10) == 0) /* found download command */ -+ return ((IPP2P_ARES * 100) + 2); -+ } -+ } -+#endif -+ -+ return 0; -+} /*search_ares*/ -+ -+/*Search for SoulSeek commands*/ -+int -+search_soul (const unsigned char *payload, const u16 plen) -+{ -+//#define IPP2P_DEBUG_SOUL -+ /* match: xx xx xx xx | xx = sizeof(payload) - 4 */ -+ if (get_u32(payload, 0) == (plen - 4)){ -+ const __u32 m=get_u32(payload, 4); -+ /* match 00 yy yy 00, yy can be everything */ -+ if ( get_u8(payload, 4) == 0x00 && get_u8(payload, 7) == 0x00 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "0: Soulseek command 0x%x recognized\n",get_u32(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 1); -+ } -+ -+ /* next match: 01 yy 00 00 | yy can be everything */ -+ if ( get_u8(payload, 4) == 0x01 && get_u16(payload, 6) == 0x0000 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "1: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 2); -+ } -+ -+ /* other soulseek commandos are: 1-5,7,9,13-18,22,23,26,28,35-37,40-46,50,51,60,62-69,91,92,1001 */ -+ /* try to do this in an intelligent way */ -+ /* get all small commandos */ -+ switch(m) -+ { -+ case 7: -+ case 9: -+ case 22: -+ case 23: -+ case 26: -+ case 28: -+ case 50: -+ case 51: -+ case 60: -+ case 91: -+ case 92: -+ case 1001: -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "2: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 3); -+ } -+ -+ if (m > 0 && m < 6 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "3: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 4); -+ } -+ if (m > 12 && m < 19 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "4: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 5); -+ } -+ -+ if (m > 34 && m < 38 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "5: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 6); -+ } -+ -+ if (m > 39 && m < 47 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "6: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 7); -+ } -+ -+ if (m > 61 && m < 70 ) -+ { -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "7: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 8); -+ } -+ -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "unknown SOULSEEK command: 0x%x, first 16 bit: 0x%x, first 8 bit: 0x%x ,soulseek ???\n",get_u32(payload, 4),get_u16(payload, 4) >> 16,get_u8(payload, 4) >> 24); -+#endif /* IPP2P_DEBUG_SOUL */ -+ } -+ -+ /* match 14 00 00 00 01 yy 00 00 00 STRING(YY) 01 00 00 00 00 46|50 00 00 00 00 */ -+ /* without size at the beginning !!! */ -+ if ( get_u32(payload, 0) == 0x14 && get_u8(payload, 4) == 0x01 ) -+ { -+ __u32 y=get_u32(payload, 5); -+ /* we need 19 chars + string */ -+ if ( (y + 19) <= (plen) ) -+ { -+ const unsigned char *w=payload+9+y; -+ if (get_u32(w, 0) == 0x01 && ( get_u16(w, 4) == 0x4600 || get_u16(w, 4) == 0x5000) && get_u32(w, 6) == 0x00); -+#ifdef IPP2P_DEBUG_SOUL -+ printk(KERN_DEBUG "Soulssek special client command recognized\n"); -+#endif /* IPP2P_DEBUG_SOUL */ -+ return ((IPP2P_SOUL * 100) + 9); -+ } -+ } -+ return 0; -+} -+ -+ -+/*Search for WinMX commands*/ -+int -+search_winmx (const unsigned char *payload, const u16 plen) -+{ -+//#define IPP2P_DEBUG_WINMX -+ if (((plen) == 4) && (memcmp(payload, "SEND", 4) == 0)) return ((IPP2P_WINMX * 100) + 1); -+ if (((plen) == 3) && (memcmp(payload, "GET", 3) == 0)) return ((IPP2P_WINMX * 100) + 2); -+ //if (packet_len < (head_len + 10)) return 0; -+ if (plen < 10) return 0; -+ -+ if ((memcmp(payload, "SEND", 4) == 0) || (memcmp(payload, "GET", 3) == 0)){ -+ u16 c=4; -+ const u16 end=plen-2; -+ u8 count=0; -+ while (c < end) -+ { -+ if (payload[c]== 0x20 && payload[c+1] == 0x22) -+ { -+ c++; -+ count++; -+ if (count>=2) return ((IPP2P_WINMX * 100) + 3); -+ } -+ c++; -+ } -+ } -+ -+ if ( plen == 149 && payload[0] == '8' ) -+ { -+#ifdef IPP2P_DEBUG_WINMX -+ printk(KERN_INFO "maybe WinMX\n"); -+#endif -+ if (get_u32(payload,17) == 0 && get_u32(payload,21) == 0 && get_u32(payload,25) == 0 && -+// get_u32(payload,33) == __constant_htonl(0x71182b1a) && get_u32(payload,37) == __constant_htonl(0x05050000) && -+// get_u32(payload,133) == __constant_htonl(0x31097edf) && get_u32(payload,145) == __constant_htonl(0xdcb8f792)) -+ get_u16(payload,39) == 0 && get_u16(payload,135) == __constant_htons(0x7edf) && get_u16(payload,147) == __constant_htons(0xf792)) -+ -+ { -+#ifdef IPP2P_DEBUG_WINMX -+ printk(KERN_INFO "got WinMX\n"); -+#endif -+ return ((IPP2P_WINMX * 100) + 4); -+ } -+ } -+ return 0; -+} /*search_winmx*/ -+ -+ -+/*Search for appleJuice commands*/ -+int -+search_apple (const unsigned char *payload, const u16 plen) -+{ -+ if ( (plen > 7) && (payload[6] == 0x0d) && (payload[7] == 0x0a) && (memcmp(payload, "ajprot", 6) == 0)) return (IPP2P_APPLE * 100); -+ -+ return 0; -+} -+ -+ -+/*Search for BitTorrent commands*/ -+int -+search_bittorrent (const unsigned char *payload, const u16 plen) -+{ -+ if (plen > 20) -+ { -+ /* test for match 0x13+"BitTorrent protocol" */ -+ if (payload[0] == 0x13) -+ { -+ if (memcmp(payload+1, "BitTorrent protocol", 19) == 0) return (IPP2P_BIT * 100); -+ } -+ -+ /* get tracker commandos, all starts with GET / -+ * then it can follow: scrape| announce -+ * and then ?hash_info= -+ */ -+ if (memcmp(payload,"GET /",5) == 0) -+ { -+ /* message scrape */ -+ if ( memcmp(payload+5,"scrape?info_hash=",17)==0 ) return (IPP2P_BIT * 100 + 1); -+ /* message announce */ -+ if ( memcmp(payload+5,"announce?info_hash=",19)==0 ) return (IPP2P_BIT * 100 + 2); -+ } -+ } -+ else -+ { -+ /* bitcomet encryptes the first packet, so we have to detect another -+ * one later in the flow */ -+ /* first try failed, too many missdetections */ -+ //if ( size == 5 && get_u32(t,0) == __constant_htonl(1) && t[4] < 3) return (IPP2P_BIT * 100 + 3); -+ -+ /* second try: block request packets */ -+ if ( plen == 17 && get_u32(payload,0) == __constant_htonl(0x0d) && payload[4] == 0x06 && get_u32(payload,13) == __constant_htonl(0x4000) ) return (IPP2P_BIT * 100 + 3); -+ } -+ -+ return 0; -+} -+ -+ -+ -+/*check for Kazaa get command*/ -+int -+search_kazaa (const unsigned char *payload, const u16 plen) -+ -+{ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a) && memcmp(payload, "GET /.hash=", 11) == 0) -+ return (IPP2P_DATA_KAZAA * 100); -+ -+ return 0; -+} -+ -+ -+/*check for gnutella get command*/ -+int -+search_gnu (const unsigned char *payload, const u16 plen) -+{ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) -+ { -+ if (memcmp(payload, "GET /get/", 9) == 0) return ((IPP2P_DATA_GNU * 100) + 1); -+ if (memcmp(payload, "GET /uri-res/", 13) == 0) return ((IPP2P_DATA_GNU * 100) + 2); -+ } -+ return 0; -+} -+ -+ -+/*check for gnutella get commands and other typical data*/ -+int -+search_all_gnu (const unsigned char *payload, const u16 plen) -+{ -+ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) -+ { -+ -+ if (memcmp(payload, "GNUTELLA CONNECT/", 17) == 0) return ((IPP2P_GNU * 100) + 1); -+ if (memcmp(payload, "GNUTELLA/", 9) == 0) return ((IPP2P_GNU * 100) + 2); -+ -+ -+ if ((memcmp(payload, "GET /get/", 9) == 0) || (memcmp(payload, "GET /uri-res/", 13) == 0)) -+ { -+ u16 c=8; -+ const u16 end=plen-22; -+ while (c < end) { -+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Gnutella-", 11) == 0) || (memcmp(&payload[c+2], "X-Queue:", 8) == 0))) -+ return ((IPP2P_GNU * 100) + 3); -+ c++; -+ } -+ } -+ } -+ return 0; -+} -+ -+ -+/*check for KaZaA download commands and other typical data*/ -+int -+search_all_kazaa (const unsigned char *payload, const u16 plen) -+{ -+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) -+ { -+ -+ if (memcmp(payload, "GIVE ", 5) == 0) return ((IPP2P_KAZAA * 100) + 1); -+ -+ if (memcmp(payload, "GET /", 5) == 0) { -+ u16 c = 8; -+ const u16 end=plen-22; -+ while (c < end) { -+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Kazaa-Username: ", 18) == 0) || (memcmp(&payload[c+2], "User-Agent: PeerEnabler/", 24) == 0))) -+ return ((IPP2P_KAZAA * 100) + 2); -+ c++; -+ } -+ } -+ } -+ return 0; -+} -+ -+/*fast check for edonkey file segment transfer command*/ -+int -+search_edk (const unsigned char *payload, const u16 plen) -+{ -+ if (payload[0] != 0xe3) -+ return 0; -+ else { -+ if (payload[5] == 0x47) -+ return (IPP2P_DATA_EDK * 100); -+ else -+ return 0; -+ } -+} -+ -+ -+ -+/*intensive but slower search for some edonkey packets including size-check*/ -+int -+search_all_edk (const unsigned char *payload, const u16 plen) -+{ -+ if (payload[0] != 0xe3) -+ return 0; -+ else { -+ //t += head_len; -+ const u16 cmd = get_u16(payload, 1); -+ if (cmd == (plen - 5)) { -+ switch (payload[5]) { -+ case 0x01: return ((IPP2P_EDK * 100) + 1); /*Client: hello or Server:hello*/ -+ case 0x4c: return ((IPP2P_EDK * 100) + 9); /*Client: Hello-Answer*/ -+ } -+ } -+ return 0; -+ } -+} -+ -+ -+/*fast check for Direct Connect send command*/ -+int -+search_dc (const unsigned char *payload, const u16 plen) -+{ -+ -+ if (payload[0] != 0x24 ) -+ return 0; -+ else { -+ if (memcmp(&payload[1], "Send|", 5) == 0) -+ return (IPP2P_DATA_DC * 100); -+ else -+ return 0; -+ } -+ -+} -+ -+ -+/*intensive but slower check for all direct connect packets*/ -+int -+search_all_dc (const unsigned char *payload, const u16 plen) -+{ -+// unsigned char *t = haystack; -+ -+ if (payload[0] == 0x24 && payload[plen-1] == 0x7c) -+ { -+ const unsigned char *t=&payload[1]; -+ /* Client-Hub-Protocol */ -+ if (memcmp(t, "Lock ", 5) == 0) return ((IPP2P_DC * 100) + 1); -+ /* Client-Client-Protocol, some are already recognized by client-hub (like lock) */ -+ if (memcmp(t, "MyNick ", 7) == 0) return ((IPP2P_DC * 100) + 38); -+ } -+ return 0; -+} -+ -+/*check for mute*/ -+int -+search_mute (const unsigned char *payload, const u16 plen) -+{ -+ if ( plen == 209 || plen == 345 || plen == 473 || plen == 609 || plen == 1121 ) -+ { -+ //printk(KERN_DEBUG "size hit: %u",size); -+ if (memcmp(payload,"PublicKey: ",11) == 0 ) -+ { -+ return ((IPP2P_MUTE * 100) + 0); -+ -+/* if (memcmp(t+size-14,"\x0aEndPublicKey\x0a",14) == 0) -+ { -+ printk(KERN_DEBUG "end pubic key hit: %u",size); -+ -+ }*/ -+ } -+ } -+ return 0; -+} -+ -+ -+/* check for xdcc */ -+int -+search_xdcc (const unsigned char *payload, const u16 plen) -+{ -+ /* search in small packets only */ -+ if (plen > 20 && plen < 200 && payload[plen-1] == 0x0a && payload[plen-2] == 0x0d && memcmp(payload,"PRIVMSG ",8) == 0) -+ { -+ -+ u16 x=10; -+ const u16 end=plen - 13; -+ -+ /* is seems to be a irc private massage, chedck for xdcc command */ -+ while (x < end) -+ { -+ if (payload[x] == ':') -+ { -+ if ( memcmp(&payload[x+1],"xdcc send #",11) == 0 ) -+ return ((IPP2P_XDCC * 100) + 0); -+ } -+ x++; -+ } -+ } -+ return 0; -+} -+ -+/* search for waste */ -+int search_waste(const unsigned char *payload, const u16 plen) -+{ -+ if ( plen >= 8 && memcmp(payload,"GET.sha1:",9) == 0) -+ return ((IPP2P_WASTE * 100) + 0); -+ -+ return 0; -+} -+ -+ -+static struct { -+ int command; -+ __u8 short_hand; /*for fucntions included in short hands*/ -+ int packet_len; -+ int (*function_name) (const unsigned char *, const u16); -+} matchlist[] = { -+ {IPP2P_EDK,SHORT_HAND_IPP2P,20, &search_all_edk}, -+// {IPP2P_DATA_KAZAA,SHORT_HAND_DATA,200, &search_kazaa}, -+// {IPP2P_DATA_EDK,SHORT_HAND_DATA,60, &search_edk}, -+// {IPP2P_DATA_DC,SHORT_HAND_DATA,26, &search_dc}, -+ {IPP2P_DC,SHORT_HAND_IPP2P,5, search_all_dc}, -+// {IPP2P_DATA_GNU,SHORT_HAND_DATA,40, &search_gnu}, -+ {IPP2P_GNU,SHORT_HAND_IPP2P,5, &search_all_gnu}, -+ {IPP2P_KAZAA,SHORT_HAND_IPP2P,5, &search_all_kazaa}, -+ {IPP2P_BIT,SHORT_HAND_IPP2P,20, &search_bittorrent}, -+ {IPP2P_APPLE,SHORT_HAND_IPP2P,5, &search_apple}, -+ {IPP2P_SOUL,SHORT_HAND_IPP2P,5, &search_soul}, -+ {IPP2P_WINMX,SHORT_HAND_IPP2P,2, &search_winmx}, -+ {IPP2P_ARES,SHORT_HAND_IPP2P,5, &search_ares}, -+ {IPP2P_MUTE,SHORT_HAND_NONE,200, &search_mute}, -+ {IPP2P_WASTE,SHORT_HAND_NONE,5, &search_waste}, -+ {IPP2P_XDCC,SHORT_HAND_NONE,5, &search_xdcc}, -+ {0,0,0,NULL} -+}; -+ -+ -+static struct { -+ int command; -+ __u8 short_hand; /*for fucntions included in short hands*/ -+ int packet_len; -+ int (*function_name) (unsigned char *, int); -+} udp_list[] = { -+ { IPP2P_KAZAA, SHORT_HAND_IPP2P, 14, &udp_search_kazaa}, -+ { IPP2P_BIT, SHORT_HAND_IPP2P, 23, &udp_search_bit}, -+ { IPP2P_GNU, SHORT_HAND_IPP2P, 11, &udp_search_gnu}, -+ { IPP2P_EDK, SHORT_HAND_IPP2P, 9, &udp_search_edk}, -+ { IPP2P_DC, SHORT_HAND_IPP2P, 12, &udp_search_directconnect}, -+ { 0, 0, 0, NULL } -+}; -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -+static bool -+#else -+static int -+#endif -+match(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) -+ const struct xt_match *match, -+#endif -+ const void *matchinfo, -+ int offset, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -+ const void *hdr, -+ u_int16_t datalen, -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) -+ unsigned int protoff, -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -+ bool *hotdrop) -+#else -+ bool *hotdrop) -+#endif -+{ -+ const struct ipt_p2p_info *info = matchinfo; -+ unsigned char *haystack; -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) -+ struct iphdr *ip = ip_hdr(skb); -+#else -+ struct iphdr *ip = skb->nh.iph; -+#endif -+ int p2p_result = 0, i = 0; -+// int head_len; -+ int hlen = ntohs(ip->tot_len)-(ip->ihl*4); /*hlen = packet-data length*/ -+ -+ /*must not be a fragment*/ -+ if (offset) { -+ if (info->debug) printk("IPP2P.match: offset found %i \n",offset); -+ return 0; -+ } -+ -+ /*make sure that skb is linear*/ -+ if(skb_is_nonlinear(skb)){ -+ if (info->debug) printk("IPP2P.match: nonlinear skb found\n"); -+ return 0; -+ } -+ -+ -+ haystack=(char *)ip+(ip->ihl*4); /*haystack = packet data*/ -+ -+ switch (ip->protocol){ -+ case IPPROTO_TCP: /*what to do with a TCP packet*/ -+ { -+ struct tcphdr *tcph = (void *) ip + ip->ihl * 4; -+ -+ if (tcph->fin) return 0; /*if FIN bit is set bail out*/ -+ if (tcph->syn) return 0; /*if SYN bit is set bail out*/ -+ if (tcph->rst) return 0; /*if RST bit is set bail out*/ -+ -+ haystack += tcph->doff * 4; /*get TCP-Header-Size*/ -+ hlen -= tcph->doff * 4; -+ while (matchlist[i].command) { -+ if ((((info->cmd & matchlist[i].command) == matchlist[i].command) || -+ ((info->cmd & matchlist[i].short_hand) == matchlist[i].short_hand)) && -+ (hlen > matchlist[i].packet_len)) { -+ p2p_result = matchlist[i].function_name(haystack, hlen); -+ if (p2p_result) -+ { -+ if (info->debug) printk("IPP2P.debug:TCP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", -+ p2p_result, NIPQUAD(ip->saddr),ntohs(tcph->source), NIPQUAD(ip->daddr),ntohs(tcph->dest),hlen); -+ return p2p_result; -+ } -+ } -+ i++; -+ } -+ return p2p_result; -+ } -+ -+ case IPPROTO_UDP: /*what to do with an UDP packet*/ -+ { -+ struct udphdr *udph = (void *) ip + ip->ihl * 4; -+ -+ while (udp_list[i].command){ -+ if ((((info->cmd & udp_list[i].command) == udp_list[i].command) || -+ ((info->cmd & udp_list[i].short_hand) == udp_list[i].short_hand)) && -+ (hlen > udp_list[i].packet_len)) { -+ p2p_result = udp_list[i].function_name(haystack, hlen); -+ if (p2p_result){ -+ if (info->debug) printk("IPP2P.debug:UDP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", -+ p2p_result, NIPQUAD(ip->saddr),ntohs(udph->source), NIPQUAD(ip->daddr),ntohs(udph->dest),hlen); -+ return p2p_result; -+ } -+ } -+ i++; -+ } -+ return p2p_result; -+ } -+ -+ default: return 0; -+ } -+} -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -+static bool -+#else -+static int -+#endif -+checkentry(const char *tablename, -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) -+ const void *ip, -+#else -+ const struct ipt_ip *ip, -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) -+ const struct xt_match *match, -+#endif -+ void *matchinfo, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) -+ unsigned int matchsize, -+#endif -+ unsigned int hook_mask) -+{ -+ /* Must specify -p tcp */ -+/* if (ip->proto != IPPROTO_TCP || (ip->invflags & IPT_INV_PROTO)) { -+ * printk("ipp2p: Only works on TCP packets, use -p tcp\n"); -+ * return 0; -+ * }*/ -+ return 1; -+} -+ -+ -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+static struct xt_match ipp2p_match = { -+#else -+static struct ipt_match ipp2p_match = { -+#endif -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -+ { NULL, NULL }, -+ "ipp2p", -+ &ipp2p_match, -+ &ipp2p_checkentry, -+ NULL, -+ THIS_MODULE -+#endif -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) -+ .name = "ipp2p", -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+ .family = AF_INET, -+#endif -+ .match = &match, -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) -+ .matchsize = sizeof(struct ipt_p2p_info), -+#endif -+ .checkentry = &checkentry, -+ .me = THIS_MODULE, -+#endif -+}; -+ -+ -+static int __init init(void) -+{ -+ printk(KERN_INFO "IPP2P v%s loading\n", IPP2P_VERSION); -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+ return xt_register_match(&ipp2p_match); -+#else -+ return ipt_register_match(&ipp2p_match); -+#endif -+} -+ -+static void __exit fini(void) -+{ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -+ xt_unregister_match(&ipp2p_match); -+#else -+ ipt_unregister_match(&ipp2p_match); -+#endif -+ printk(KERN_INFO "IPP2P v%s unloaded\n", IPP2P_VERSION); -+} -+ -+module_init(init); -+module_exit(fini); -+ -+ -diff -Naur linux-2.6.27.19.org/net/ipv4/netfilter/Kconfig linux-2.6.27.19/net/ipv4/netfilter/Kconfig ---- linux-2.6.27.19.org/net/ipv4/netfilter/Kconfig 2009-02-20 23:39:34.000000000 +0100 -+++ linux-2.6.27.19/net/ipv4/netfilter/Kconfig 2009-03-17 19:31:50.000000000 +0100 -@@ -406,5 +406,15 @@ - Allows altering the ARP packet payload: source and destination - hardware and network addresses. - -+config IP_NF_MATCH_IPP2P -+ tristate 'IPP2P match support' -+ depends on IP_NF_IPTABLES -+ help -+ This option makes possible to match some P2P packets -+ therefore helps controlling such traffic. -+ -+ If you want to compile it as a module, say M here and read -+ . If unsure, say `N'. -+ - endmenu - -diff -Naur linux-2.6.27.19.org/net/ipv4/netfilter/Makefile linux-2.6.27.19/net/ipv4/netfilter/Makefile ---- linux-2.6.27.19.org/net/ipv4/netfilter/Makefile 2009-02-20 23:39:34.000000000 +0100 -+++ linux-2.6.27.19/net/ipv4/netfilter/Makefile 2009-03-17 19:31:50.000000000 +0100 -@@ -49,6 +49,7 @@ - obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o - obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o - obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o -+obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o - obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o - - # targets diff --git a/src/patches/linux-2.6.27.21-imq-test3-xen.patch b/src/patches/linux-2.6.27.21-imq-test3-xen.patch deleted file mode 100644 index f9401dbf8e..0000000000 --- a/src/patches/linux-2.6.27.21-imq-test3-xen.patch +++ /dev/null @@ -1,1212 +0,0 @@ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/imq.c linux-2.6.27.21-imq/drivers/net/imq.c ---- linux-2.6.27.21/drivers/net/imq.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/imq.c 2009-04-20 23:52:22.712017559 +0300 -@@ -0,0 +1,566 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, -+ * -+ * The first version was written by Martin Devera, -+ * -+ * Credits: Jan Rafaj -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead -+ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. New initialization routines to fix 'rmmod' not -+ * working anymore. Used code from ifb.c. (Jussi Kivilinna) -+ * -+ * 2008/08/06 - 2.6.26 - (JK) -+ * - Replaced tasklet with 'netif_schedule()'. -+ * - Cleaned up and added comments for imq_nf_queue(). -+ * -+ * 2009/04/12 -+ * - Add skb_save_cb/skb_restore_cb helper functions for backuping -+ * control buffer. This is needed because qdisc-layer on kernels -+ * 2.6.27 and newer overwrite control buffer. (Jussi Kivilinna) -+ * - Add better locking for IMQ device. Hopefully this will solve -+ * SMP issues. (Jussi Kivilinna) -+ * - Port to 2.6.27 -+ * -+ * 2009/04/20 - (Jussi Kivilinna) -+ * - Fix rmmod not working -+ * - Use netdevice feature flags to avoid extra packet handling -+ * by core networking layer and possibly increase performance. -+ * -+ * Also, many thanks to pablo Sebastian Greco for making the initial -+ * patch and to those who helped the testing. -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include -+#endif -+#include -+#include -+#include -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static DEFINE_SPINLOCK(imq_nf_queue_lock); -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) -+{ -+ int status; -+ -+ if (!entry->next_outfn) { -+ spin_lock_bh(&imq_nf_queue_lock); -+ nf_reinject(entry, verdict); -+ spin_unlock_bh(&imq_nf_queue_lock); -+ return; -+ } -+ -+ rcu_read_lock(); -+ local_bh_disable(); -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ local_bh_enable(); -+ if (status < 0) { -+ nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); -+ kfree(entry); -+ } -+ -+ rcu_read_unlock(); -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ dev->trans_start = jiffies; -+ imq_nf_reinject(skb->nf_queue_entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct sk_buff *skb_orig, *skb, *skb_shared; -+ struct Qdisc *q; -+ struct netdev_queue *txq; -+ int users, index; -+ int retval = -EINVAL; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ dev = dev_get_by_name(&init_net, buf); -+ if (!dev) { -+ /* not found ?!*/ -+ BUG(); -+ retval = -ENODEV; -+ goto out; -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ retval = 0; -+ goto out; -+ } -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (!skb) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ entry->skb = skb; -+ } -+ -+ skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ txq = dev_pick_tx(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ spin_lock_bh(qdisc_lock(q)); -+ -+ users = atomic_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ skb_save_cb(skb_shared); /* backup skb->cb, as qdisc layer will -+ overwrite it */ -+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */ -+ -+ if (likely(atomic_read(&skb_shared->users) == users + 1)) { -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ /* cloned? */ -+ if (skb_orig) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock_bh(qdisc_lock(q)); -+ -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+ -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ /* qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. */ -+ spin_unlock_bh(qdisc_lock(q)); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ /* cloned? restore original */ -+ if (skb_orig) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ return retval; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[]) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ printk(KERN_WARNING "IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ nf_register_queue_imq_handler(&nfqh); -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err2; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err3; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err4; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err4: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err3: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err2: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err1: -+ nf_unregister_queue_imq_handler(); -+ return err; -+} -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev(0, "imq%d", imq_setup); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -+ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Kconfig linux-2.6.27.21-imq/drivers/net/Kconfig ---- linux-2.6.27.21/drivers/net/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Kconfig 2009-04-20 23:48:35.702017146 +0300 -@@ -109,6 +109,129 @@ - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Makefile linux-2.6.27.21-imq/drivers/net/Makefile ---- linux-2.6.27.21/drivers/net/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Makefile 2009-04-20 23:48:35.702017146 +0300 -@@ -144,6 +144,7 @@ - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/imq.h linux-2.6.27.21-imq/include/linux/imq.h ---- linux-2.6.27.21/include/linux/imq.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/imq.h 2009-04-20 23:48:35.702017146 +0300 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netdevice.h linux-2.6.27.21-imq/include/linux/netdevice.h ---- linux-2.6.27.21/include/linux/netdevice.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netdevice.h 2009-04-20 23:48:35.703017245 +0300 -@@ -915,6 +915,7 @@ - extern int dev_open(struct net_device *dev); - extern int dev_close(struct net_device *dev); - extern void dev_disable_lro(struct net_device *dev); -+extern struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb); - extern int dev_queue_xmit(struct sk_buff *skb); - extern int register_netdevice(struct net_device *dev); - extern void unregister_netdevice(struct net_device *dev); -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h 2009-04-20 23:48:35.704017144 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/net/netfilter/nf_queue.h linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h ---- linux-2.6.27.21/include/net/netfilter/nf_queue.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h 2009-04-20 23:48:35.704017144 +0300 -@@ -13,6 +13,12 @@ - struct net_device *indev; - struct net_device *outdev; - int (*okfn)(struct sk_buff *); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ int (*next_outfn)(struct nf_queue_entry *entry, -+ unsigned int queuenum); -+ unsigned int next_queuenum; -+#endif - }; - - #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) -@@ -30,5 +36,11 @@ - const struct nf_queue_handler *qh); - extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh); - extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+extern void nf_unregister_queue_imq_handler(void); -+#endif - - #endif /* _NF_QUEUE_H */ -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/dev.c linux-2.6.27.21-imq/net/core/dev.c ---- linux-2.6.27.21/net/core/dev.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/dev.c 2009-04-20 23:48:35.706016975 +0300 -@@ -96,6 +96,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - #include - #include - #include -@@ -1624,7 +1627,11 @@ - struct netdev_queue *txq) - { - if (likely(!skb->next)) { -- if (!list_empty(&ptype_all)) -+ if (!list_empty(&ptype_all) -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ && !(skb->imq_flags & IMQ_F_ENQUEUE) -+#endif -+ ) - dev_queue_xmit_nit(skb, dev); - - if (netif_needs_gso(dev, skb)) { -@@ -1715,8 +1722,7 @@ - return (u16) (((u64) hash * dev->real_num_tx_queues) >> 32); - } - --static struct netdev_queue *dev_pick_tx(struct net_device *dev, -- struct sk_buff *skb) -+struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb) - { - u16 queue_index = 0; - -@@ -1728,6 +1734,7 @@ - skb_set_queue_mapping(skb, queue_index); - return netdev_get_tx_queue(dev, queue_index); - } -+EXPORT_SYMBOL(dev_pick_tx); - - /** - * dev_queue_xmit - transmit a buffer -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/skbuff.c linux-2.6.27.21-imq/net/core/skbuff.c ---- linux-2.6.27.21/net/core/skbuff.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/skbuff.c 2009-04-20 23:48:35.707017089 +0300 -@@ -69,6 +69,9 @@ - - static struct kmem_cache *skbuff_head_cache __read_mostly; - static struct kmem_cache *skbuff_fclone_cache __read_mostly; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif - - static void sock_pipe_buf_release(struct pipe_inode_info *pipe, - struct pipe_buffer *buf) -@@ -88,6 +91,80 @@ - return 1; - } - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ void *cb_next; -+ atomic_t refcnt; -+ char cb[48]; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) { -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ } -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff *new, struct sk_buff *old) -+{ -+ struct skb_cb_table *next; -+ -+ if (!old->cb_next) { -+ new->cb_next = 0; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /* Pipe buffer operations for a socket. */ - static struct pipe_buf_operations sock_pipe_buf_ops = { -@@ -362,6 +439,15 @@ - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* This should not happen. When it does, avoid memleak by restoring -+ the chain of cb-backups. */ -+ while(skb->cb_next != NULL) { -+ printk(KERN_WARNING "kfree_skb: skb->cb_next: %08x\n", -+ skb->cb_next); -+ skb_restore_cb(skb); -+ } -+#endif - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - nf_conntrack_put(skb->nfct); - nf_conntrack_put_reasm(skb->nfct_reasm); -@@ -424,6 +510,9 @@ - new->sp = secpath_get(old->sp); - #endif - memcpy(new->cb, old->cb, sizeof(old->cb)); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb_copy_stored_cb(new, old); -+#endif - new->csum_start = old->csum_start; - new->csum_offset = old->csum_offset; - new->local_df = old->local_df; -@@ -2326,6 +2415,13 @@ - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - /** -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Kconfig linux-2.6.27.21-imq/net/netfilter/Kconfig ---- linux-2.6.27.21/net/netfilter/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Kconfig 2009-04-20 23:48:35.707017089 +0300 -@@ -342,6 +342,18 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_XTABLES -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Makefile linux-2.6.27.21-imq/net/netfilter/Makefile ---- linux-2.6.27.21/net/netfilter/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Makefile 2009-04-20 23:48:35.707017089 +0300 -@@ -42,6 +42,7 @@ - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/nf_queue.c linux-2.6.27.21-imq/net/netfilter/nf_queue.c ---- linux-2.6.27.21/net/netfilter/nf_queue.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/nf_queue.c 2009-04-20 23:48:35.708017126 +0300 -@@ -20,6 +20,26 @@ - - static DEFINE_MUTEX(queue_handler_mutex); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler *queue_imq_handler; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, qh); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, NULL); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - int nf_register_queue_handler(int pf, const struct nf_queue_handler *qh) -@@ -80,7 +100,7 @@ - } - EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers); - --static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - { - /* Release those devices we held, or Alexey will kill me. */ - if (entry->indev) -@@ -100,6 +120,7 @@ - /* Drop reference to owner of hook which queued us. */ - module_put(entry->elem->owner); - } -+EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs); - - /* - * Any packet that leaves via this function must come back -@@ -121,12 +142,26 @@ - #endif - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ const struct nf_queue_handler *qih = NULL; -+#endif - - /* QUEUE == DROP if noone is waiting, to be safe. */ - rcu_read_lock(); - - qh = rcu_dereference(queue_handler[pf]); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ if (pf == PF_INET || pf == PF_INET6) -+#else -+ if (pf == PF_INET) -+#endif -+ qih = rcu_dereference(queue_imq_handler); -+ -+ if (!qh && !qih) -+#else /* !IMQ */ - if (!qh) -+#endif - goto err_unlock; - - afinfo = nf_get_afinfo(pf); -@@ -145,6 +180,10 @@ - .indev = indev, - .outdev = outdev, - .okfn = okfn, -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ .next_outfn = qh ? qh->outfn : NULL, -+ .next_queuenum = queuenum, -+#endif - }; - - /* If it's going away, ignore hook. */ -@@ -170,8 +209,19 @@ - } - #endif - afinfo->saveroute(skb, entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if (qih) { -+ status = qih->outfn(entry, queuenum); -+ goto imq_skip_queue; -+ } -+#endif -+ - status = qh->outfn(entry, queuenum); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+imq_skip_queue: -+#endif - rcu_read_unlock(); - - if (status < 0) { -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/xt_IMQ.c linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c ---- linux-2.6.27.21/net/netfilter/xt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c 2009-04-20 23:48:35.708017126 +0300 -@@ -0,0 +1,81 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include -+#include -+#include -+#include -+#include -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, -+ const void *targinfo) -+{ -+ const struct xt_imq_info *mr = targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static bool imq_checkentry(const char *tablename, -+ const void *entry, -+ const struct xt_target *target, -+ void *targinfo, -+ unsigned int hook_mask) -+{ -+ struct xt_imq_info *mr = targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ diff --git a/src/patches/linux-2.6.27.21-imq-test3.patch b/src/patches/linux-2.6.27.21-imq-test3.patch deleted file mode 100644 index fb09371b57..0000000000 --- a/src/patches/linux-2.6.27.21-imq-test3.patch +++ /dev/null @@ -1,1279 +0,0 @@ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/imq.c linux-2.6.27.21-imq/drivers/net/imq.c ---- linux-2.6.27.21/drivers/net/imq.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/imq.c 2009-04-20 23:52:22.712017559 +0300 -@@ -0,0 +1,566 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, -+ * -+ * The first version was written by Martin Devera, -+ * -+ * Credits: Jan Rafaj -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead -+ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. New initialization routines to fix 'rmmod' not -+ * working anymore. Used code from ifb.c. (Jussi Kivilinna) -+ * -+ * 2008/08/06 - 2.6.26 - (JK) -+ * - Replaced tasklet with 'netif_schedule()'. -+ * - Cleaned up and added comments for imq_nf_queue(). -+ * -+ * 2009/04/12 -+ * - Add skb_save_cb/skb_restore_cb helper functions for backuping -+ * control buffer. This is needed because qdisc-layer on kernels -+ * 2.6.27 and newer overwrite control buffer. (Jussi Kivilinna) -+ * - Add better locking for IMQ device. Hopefully this will solve -+ * SMP issues. (Jussi Kivilinna) -+ * - Port to 2.6.27 -+ * -+ * 2009/04/20 - (Jussi Kivilinna) -+ * - Fix rmmod not working -+ * - Use netdevice feature flags to avoid extra packet handling -+ * by core networking layer and possibly increase performance. -+ * -+ * Also, many thanks to pablo Sebastian Greco for making the initial -+ * patch and to those who helped the testing. -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include -+#endif -+#include -+#include -+#include -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static DEFINE_SPINLOCK(imq_nf_queue_lock); -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) -+{ -+ int status; -+ -+ if (!entry->next_outfn) { -+ spin_lock_bh(&imq_nf_queue_lock); -+ nf_reinject(entry, verdict); -+ spin_unlock_bh(&imq_nf_queue_lock); -+ return; -+ } -+ -+ rcu_read_lock(); -+ local_bh_disable(); -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ local_bh_enable(); -+ if (status < 0) { -+ nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); -+ kfree(entry); -+ } -+ -+ rcu_read_unlock(); -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ dev->trans_start = jiffies; -+ imq_nf_reinject(skb->nf_queue_entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct sk_buff *skb_orig, *skb, *skb_shared; -+ struct Qdisc *q; -+ struct netdev_queue *txq; -+ int users, index; -+ int retval = -EINVAL; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ dev = dev_get_by_name(&init_net, buf); -+ if (!dev) { -+ /* not found ?!*/ -+ BUG(); -+ retval = -ENODEV; -+ goto out; -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ imq_nf_reinject(entry, NF_ACCEPT); -+ retval = 0; -+ goto out; -+ } -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (!skb) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ entry->skb = skb; -+ } -+ -+ skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ txq = dev_pick_tx(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ spin_lock_bh(qdisc_lock(q)); -+ -+ users = atomic_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ skb_save_cb(skb_shared); /* backup skb->cb, as qdisc layer will -+ overwrite it */ -+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */ -+ -+ if (likely(atomic_read(&skb_shared->users) == users + 1)) { -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ /* cloned? */ -+ if (skb_orig) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock_bh(qdisc_lock(q)); -+ -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+ -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ /* qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. */ -+ spin_unlock_bh(qdisc_lock(q)); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ /* cloned? restore original */ -+ if (skb_orig) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ return retval; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[]) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ printk(KERN_WARNING "IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ nf_register_queue_imq_handler(&nfqh); -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err2; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err3; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err4; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err4: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err3: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err2: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err1: -+ nf_unregister_queue_imq_handler(); -+ return err; -+} -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev(0, "imq%d", imq_setup); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -+ -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Kconfig linux-2.6.27.21-imq/drivers/net/Kconfig ---- linux-2.6.27.21/drivers/net/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Kconfig 2009-04-20 23:48:35.702017146 +0300 -@@ -109,6 +109,129 @@ - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 -diff -uNr --exclude='*~' linux-2.6.27.21/drivers/net/Makefile linux-2.6.27.21-imq/drivers/net/Makefile ---- linux-2.6.27.21/drivers/net/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/drivers/net/Makefile 2009-04-20 23:48:35.702017146 +0300 -@@ -144,6 +144,7 @@ - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/imq.h linux-2.6.27.21-imq/include/linux/imq.h ---- linux-2.6.27.21/include/linux/imq.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/imq.h 2009-04-20 23:48:35.702017146 +0300 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netdevice.h linux-2.6.27.21-imq/include/linux/netdevice.h ---- linux-2.6.27.21/include/linux/netdevice.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netdevice.h 2009-04-20 23:48:35.703017245 +0300 -@@ -915,6 +915,7 @@ - extern int dev_open(struct net_device *dev); - extern int dev_close(struct net_device *dev); - extern void dev_disable_lro(struct net_device *dev); -+extern struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb); - extern int dev_queue_xmit(struct sk_buff *skb); - extern int register_netdevice(struct net_device *dev); - extern void unregister_netdevice(struct net_device *dev); -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter/xt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv4/ipt_IMQ.h 2009-04-20 23:48:35.703017245 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-2.6.27.21/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h 2009-04-20 23:48:35.704017144 +0300 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -uNr --exclude='*~' linux-2.6.27.21/include/linux/skbuff.h linux-2.6.27.21-imq/include/linux/skbuff.h ---- linux-2.6.27.21/include/linux/skbuff.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/linux/skbuff.h 2009-04-20 23:48:35.704017144 +0300 -@@ -28,6 +28,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - - #define HAVE_ALLOC_SKB /* For the drivers to know */ - #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ -@@ -272,6 +275,9 @@ - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48]; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned int len, - data_len; -@@ -302,6 +308,9 @@ - struct nf_conntrack *nfct; - struct sk_buff *nfct_reasm; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - struct nf_bridge_info *nf_bridge; - #endif -@@ -321,6 +330,9 @@ - __u8 do_not_encrypt:1; - #endif - /* 0/13/14 bit hole */ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; -@@ -353,6 +365,12 @@ - - #include - -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern int skb_save_cb(struct sk_buff *skb); -+extern int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern void kfree_skb(struct sk_buff *skb); - extern void __kfree_skb(struct sk_buff *skb); - extern struct sk_buff *__alloc_skb(unsigned int size, -@@ -1633,6 +1651,10 @@ - dst->nfct_reasm = src->nfct_reasm; - nf_conntrack_get_reasm(src->nfct_reasm); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #ifdef CONFIG_BRIDGE_NETFILTER - dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); -diff -uNr --exclude='*~' linux-2.6.27.21/include/net/netfilter/nf_queue.h linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h ---- linux-2.6.27.21/include/net/netfilter/nf_queue.h 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/include/net/netfilter/nf_queue.h 2009-04-20 23:48:35.704017144 +0300 -@@ -13,6 +13,12 @@ - struct net_device *indev; - struct net_device *outdev; - int (*okfn)(struct sk_buff *); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ int (*next_outfn)(struct nf_queue_entry *entry, -+ unsigned int queuenum); -+ unsigned int next_queuenum; -+#endif - }; - - #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) -@@ -30,5 +36,11 @@ - const struct nf_queue_handler *qh); - extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh); - extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+extern void nf_unregister_queue_imq_handler(void); -+#endif - - #endif /* _NF_QUEUE_H */ -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/dev.c linux-2.6.27.21-imq/net/core/dev.c ---- linux-2.6.27.21/net/core/dev.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/dev.c 2009-04-20 23:48:35.706016975 +0300 -@@ -96,6 +96,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - #include - #include - #include -@@ -1624,7 +1627,11 @@ - struct netdev_queue *txq) - { - if (likely(!skb->next)) { -- if (!list_empty(&ptype_all)) -+ if (!list_empty(&ptype_all) -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ && !(skb->imq_flags & IMQ_F_ENQUEUE) -+#endif -+ ) - dev_queue_xmit_nit(skb, dev); - - if (netif_needs_gso(dev, skb)) { -@@ -1715,8 +1722,7 @@ - return (u16) (((u64) hash * dev->real_num_tx_queues) >> 32); - } - --static struct netdev_queue *dev_pick_tx(struct net_device *dev, -- struct sk_buff *skb) -+struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb) - { - u16 queue_index = 0; - -@@ -1728,6 +1734,7 @@ - skb_set_queue_mapping(skb, queue_index); - return netdev_get_tx_queue(dev, queue_index); - } -+EXPORT_SYMBOL(dev_pick_tx); - - /** - * dev_queue_xmit - transmit a buffer -diff -uNr --exclude='*~' linux-2.6.27.21/net/core/skbuff.c linux-2.6.27.21-imq/net/core/skbuff.c ---- linux-2.6.27.21/net/core/skbuff.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/core/skbuff.c 2009-04-20 23:48:35.707017089 +0300 -@@ -69,6 +69,9 @@ - - static struct kmem_cache *skbuff_head_cache __read_mostly; - static struct kmem_cache *skbuff_fclone_cache __read_mostly; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif - - static void sock_pipe_buf_release(struct pipe_inode_info *pipe, - struct pipe_buffer *buf) -@@ -88,6 +91,80 @@ - return 1; - } - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ void *cb_next; -+ atomic_t refcnt; -+ char cb[48]; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) { -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ } -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff *new, struct sk_buff *old) -+{ -+ struct skb_cb_table *next; -+ -+ if (!old->cb_next) { -+ new->cb_next = 0; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /* Pipe buffer operations for a socket. */ - static struct pipe_buf_operations sock_pipe_buf_ops = { -@@ -362,6 +439,15 @@ - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* This should not happen. When it does, avoid memleak by restoring -+ the chain of cb-backups. */ -+ while(skb->cb_next != NULL) { -+ printk(KERN_WARNING "kfree_skb: skb->cb_next: %08x\n", -+ skb->cb_next); -+ skb_restore_cb(skb); -+ } -+#endif - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - nf_conntrack_put(skb->nfct); - nf_conntrack_put_reasm(skb->nfct_reasm); -@@ -424,6 +510,9 @@ - new->sp = secpath_get(old->sp); - #endif - memcpy(new->cb, old->cb, sizeof(old->cb)); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb_copy_stored_cb(new, old); -+#endif - new->csum_start = old->csum_start; - new->csum_offset = old->csum_offset; - new->local_df = old->local_df; -@@ -2326,6 +2415,13 @@ - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - /** -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Kconfig linux-2.6.27.21-imq/net/netfilter/Kconfig ---- linux-2.6.27.21/net/netfilter/Kconfig 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Kconfig 2009-04-20 23:48:35.707017089 +0300 -@@ -342,6 +342,18 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_XTABLES -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/Makefile linux-2.6.27.21-imq/net/netfilter/Makefile ---- linux-2.6.27.21/net/netfilter/Makefile 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/Makefile 2009-04-20 23:48:35.707017089 +0300 -@@ -42,6 +42,7 @@ - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/nf_queue.c linux-2.6.27.21-imq/net/netfilter/nf_queue.c ---- linux-2.6.27.21/net/netfilter/nf_queue.c 2009-03-24 00:04:09.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/nf_queue.c 2009-04-20 23:48:35.708017126 +0300 -@@ -20,6 +20,26 @@ - - static DEFINE_MUTEX(queue_handler_mutex); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler *queue_imq_handler; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, qh); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, NULL); -+ mutex_unlock(&queue_handler_mutex); -+} -+EXPORT_SYMBOL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - int nf_register_queue_handler(int pf, const struct nf_queue_handler *qh) -@@ -80,7 +100,7 @@ - } - EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers); - --static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry) - { - /* Release those devices we held, or Alexey will kill me. */ - if (entry->indev) -@@ -100,6 +120,7 @@ - /* Drop reference to owner of hook which queued us. */ - module_put(entry->elem->owner); - } -+EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs); - - /* - * Any packet that leaves via this function must come back -@@ -121,12 +142,26 @@ - #endif - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ const struct nf_queue_handler *qih = NULL; -+#endif - - /* QUEUE == DROP if noone is waiting, to be safe. */ - rcu_read_lock(); - - qh = rcu_dereference(queue_handler[pf]); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ if (pf == PF_INET || pf == PF_INET6) -+#else -+ if (pf == PF_INET) -+#endif -+ qih = rcu_dereference(queue_imq_handler); -+ -+ if (!qh && !qih) -+#else /* !IMQ */ - if (!qh) -+#endif - goto err_unlock; - - afinfo = nf_get_afinfo(pf); -@@ -145,6 +180,10 @@ - .indev = indev, - .outdev = outdev, - .okfn = okfn, -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ .next_outfn = qh ? qh->outfn : NULL, -+ .next_queuenum = queuenum, -+#endif - }; - - /* If it's going away, ignore hook. */ -@@ -170,8 +209,19 @@ - } - #endif - afinfo->saveroute(skb, entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if (qih) { -+ status = qih->outfn(entry, queuenum); -+ goto imq_skip_queue; -+ } -+#endif -+ - status = qh->outfn(entry, queuenum); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+imq_skip_queue: -+#endif - rcu_read_unlock(); - - if (status < 0) { -diff -uNr --exclude='*~' linux-2.6.27.21/net/netfilter/xt_IMQ.c linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c ---- linux-2.6.27.21/net/netfilter/xt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.27.21-imq/net/netfilter/xt_IMQ.c 2009-04-20 23:48:35.708017126 +0300 -@@ -0,0 +1,81 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include -+#include -+#include -+#include -+#include -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, -+ const void *targinfo) -+{ -+ const struct xt_imq_info *mr = targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static bool imq_checkentry(const char *tablename, -+ const void *entry, -+ const struct xt_target *target, -+ void *targinfo, -+ unsigned int hook_mask) -+{ -+ struct xt_imq_info *mr = targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .checkentry = imq_checkentry, -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ diff --git a/src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch b/src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch deleted file mode 100644 index 08df38e990..0000000000 --- a/src/patches/linux-2.6.27.25-option_add_vf-k3565-z_usbids.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Naur linux-2.6.27.25.org/drivers/usb/serial/option.c linux-2.6.27.25/drivers/usb/serial/option.c ---- linux-2.6.27.25.org/drivers/usb/serial/option.c 2009-06-12 05:04:50.000000000 +0200 -+++ linux-2.6.27.25/drivers/usb/serial/option.c 2009-07-30 10:19:36.000000000 +0200 -@@ -286,6 +286,12 @@ - #define ZTE_PRODUCT_MF622 0x0001 - #define ZTE_PRODUCT_MF628 0x0015 - #define ZTE_PRODUCT_MF626 0x0031 -+ -+/* Vodafone K3565-Z - pid depends on firmware version */ -+#define ZTE_PRODUCT_VFK3565_1 0x0049 -+#define ZTE_PRODUCT_VFK3565_2 0x0052 -+#define ZTE_PRODUCT_VFK3565_3 0x0063 -+ - #define ZTE_PRODUCT_CDMA_TECH 0xfffe - - #define BENQ_VENDOR_ID 0x04a5 -@@ -500,6 +506,9 @@ - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622) }, - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_MF626) }, - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_MF628) }, -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_VFK3565_1) }, -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_VFK3565_2) }, -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_VFK3565_3) }, - { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_CDMA_TECH) }, - { USB_DEVICE(BENQ_VENDOR_ID, BENQ_PRODUCT_H10) }, - { USB_DEVICE(0x1da5, 0x4515) }, /* BenQ H20 */ diff --git a/src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch b/src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch deleted file mode 100644 index 5a43f73531..0000000000 --- a/src/patches/linux-2.6.27.39_e100-wakeonlan-fix.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Rafael J. Wysocki -Date: Wed, 29 Oct 2008 21:22:18 +0000 (-0700) -Subject: e100: adapt to the reworked PCI PM -X-Git-Tag: v2.6.29-rc1~581^2~935 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=bc79fc8409b3dccbde072e8113cc1fb3fd876fc5 - -e100: adapt to the reworked PCI PM - -Adapt the e100 driver to the reworked PCI PM - -* Use the observation that it is sufficient to call pci_enable_wake() - once, unless it fails - -Signed-off-by: Rafael J. Wysocki -Tested-by: Jeff Kirsher -Acked-by: Jeff Kirsher -Cc: Jesse Barnes -Cc: Jeff Garzik -Cc: Frans Pop -Signed-off-by: Andrew Morton -Signed-off-by: Jeff Garzik ---- - -diff --git a/drivers/net/e100.c b/drivers/net/e100.c -index bb4b6e2..084127f 100644 ---- a/drivers/net/e100.c -+++ b/drivers/net/e100.c -@@ -2322,7 +2322,8 @@ static int e100_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) - { - struct nic *nic = netdev_priv(netdev); - -- if(wol->wolopts != WAKE_MAGIC && wol->wolopts != 0) -+ if ((wol->wolopts && wol->wolopts != WAKE_MAGIC) || -+ !device_can_wakeup(&nic->pdev->dev)) - return -EOPNOTSUPP; - - if(wol->wolopts) -@@ -2330,6 +2331,8 @@ static int e100_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) - else - nic->flags &= ~wol_magic; - -+ device_set_wakeup_enable(&nic->pdev->dev, wol->wolopts); -+ - e100_exec_cb(nic, NULL, e100_configure); - - return 0; -@@ -2733,8 +2736,10 @@ static int __devinit e100_probe(struct pci_dev *pdev, - - /* Wol magic packet can be enabled from eeprom */ - if((nic->mac >= mac_82558_D101_A4) && -- (nic->eeprom[eeprom_id] & eeprom_id_wol)) -+ (nic->eeprom[eeprom_id] & eeprom_id_wol)) { - nic->flags |= wol_magic; -+ device_set_wakeup_enable(&pdev->dev, true); -+ } - - /* ack any pending wake events, disable PME */ - pci_pme_active(pdev, false); -@@ -2793,11 +2798,10 @@ static int e100_suspend(struct pci_dev *pdev, pm_message_t state) - pci_save_state(pdev); - - if ((nic->flags & wol_magic) | e100_asf(nic)) { -- pci_enable_wake(pdev, PCI_D3hot, 1); -- pci_enable_wake(pdev, PCI_D3cold, 1); -+ if (pci_enable_wake(pdev, PCI_D3cold, true)) -+ pci_enable_wake(pdev, PCI_D3hot, true); - } else { -- pci_enable_wake(pdev, PCI_D3hot, 0); -- pci_enable_wake(pdev, PCI_D3cold, 0); -+ pci_enable_wake(pdev, PCI_D3hot, false); - } - - pci_disable_device(pdev); diff --git a/src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch b/src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch deleted file mode 100644 index fbe3098712..0000000000 --- a/src/patches/linux-2.6.32-ath5k_fix_setup_for_CAB_queue.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/drivers/net/wireless/ath/ath5k/ath5k.h b/drivers/net/wireless/ath/ath5k/ath5k.h -index 66bcb50..ad4d446 100644 ---- a/drivers/net/wireless/ath/ath5k/ath5k.h -+++ b/drivers/net/wireless/ath/ath5k/ath5k.h -@@ -535,7 +535,7 @@ struct ath5k_txq_info { - u32 tqi_cbr_period; /* Constant bit rate period */ - u32 tqi_cbr_overflow_limit; - u32 tqi_burst_time; -- u32 tqi_ready_time; /* Not used */ -+ u32 tqi_ready_time; /* Time queue waits after an event */ - }; - - /* -diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c -index b501537..535a6af 100644 ---- a/drivers/net/wireless/ath/ath5k/base.c -+++ b/drivers/net/wireless/ath/ath5k/base.c -@@ -1516,7 +1516,8 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - - ret = ath5k_hw_get_tx_queueprops(ah, sc->bhalq, &qi); - if (ret) -- return ret; -+ goto err; -+ - if (sc->opmode == NL80211_IFTYPE_AP || - sc->opmode == NL80211_IFTYPE_MESH_POINT) { - /* -@@ -1543,10 +1544,25 @@ ath5k_beaconq_config(struct ath5k_softc *sc) - if (ret) { - ATH5K_ERR(sc, "%s: unable to update parameters for beacon " - "hardware queue!\n", __func__); -- return ret; -+ goto err; - } -+ ret = ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */ -+ if (ret) -+ goto err; - -- return ath5k_hw_reset_tx_queue(ah, sc->bhalq); /* push to h/w */; -+ /* reconfigure cabq with ready time to 80% of beacon_interval */ -+ ret = ath5k_hw_get_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ qi.tqi_ready_time = (sc->bintval * 80) / 100; -+ ret = ath5k_hw_set_tx_queueprops(ah, AR5K_TX_QUEUE_ID_CAB, &qi); -+ if (ret) -+ goto err; -+ -+ ret = ath5k_hw_reset_tx_queue(ah, AR5K_TX_QUEUE_ID_CAB); -+err: -+ return ret; - } - - static void -diff --git a/drivers/net/wireless/ath/ath5k/qcu.c b/drivers/net/wireless/ath/ath5k/qcu.c -index abe36c0..9122a85 100644 ---- a/drivers/net/wireless/ath/ath5k/qcu.c -+++ b/drivers/net/wireless/ath/ath5k/qcu.c -@@ -408,12 +408,13 @@ int ath5k_hw_reset_tx_queue(struct ath5k_hw *ah, unsigned int queue) - break; - - case AR5K_TX_QUEUE_CAB: -+ /* XXX: use BCN_SENT_GT, if we can figure out how */ - AR5K_REG_ENABLE_BITS(ah, AR5K_QUEUE_MISC(queue), -- AR5K_QCU_MISC_FRSHED_BCN_SENT_GT | -+ AR5K_QCU_MISC_FRSHED_DBA_GT | - AR5K_QCU_MISC_CBREXP_DIS | - AR5K_QCU_MISC_CBREXP_BCN_DIS); - -- ath5k_hw_reg_write(ah, ((AR5K_TUNE_BEACON_INTERVAL - -+ ath5k_hw_reg_write(ah, ((tq->tqi_ready_time - - (AR5K_TUNE_SW_BEACON_RESP - - AR5K_TUNE_DMA_BEACON_RESP) - - AR5K_TUNE_ADDITIONAL_SWBA_BACKOFF) * 1024) | diff --git a/src/patches/openssh-4.7p1-padlock.patch b/src/patches/openssh-4.7p1-padlock.patch deleted file mode 100644 index d0708f453a..0000000000 --- a/src/patches/openssh-4.7p1-padlock.patch +++ /dev/null @@ -1,141 +0,0 @@ -diff -urN openssh-4.7p1.orig/ssh-add.c openssh-4.7p1/ssh-add.c ---- openssh-4.7p1.orig/ssh-add.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-add.c 2007-09-06 15:21:26.489159294 +0200 -@@ -42,6 +42,7 @@ - #include - - #include -+#include - - #include - #include -@@ -343,7 +344,11 @@ - - SSLeay_add_all_algorithms(); - -- /* At first, get a connection to the authentication agent. */ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - ac = ssh_get_authentication_connection(); - if (ac == NULL) { - fprintf(stderr, -diff -urN openssh-4.7p1.orig/ssh-agent.c openssh-4.7p1/ssh-agent.c ---- openssh-4.7p1.orig/ssh-agent.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-agent.c 2007-09-06 15:23:21.495713144 +0200 -@@ -51,6 +51,7 @@ - - #include - #include -+#include - - #include - #include -@@ -1061,6 +1062,11 @@ - - SSLeay_add_all_algorithms(); - -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - __progname = ssh_get_progname(av[0]); - init_rng(); - seed_rng(); -diff -urN openssh-4.7p1.orig/ssh.c openssh-4.7p1/ssh.c ---- openssh-4.7p1.orig/ssh.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh.c 2007-09-06 15:24:18.498961574 +0200 -@@ -72,6 +72,7 @@ - - #include - #include -+#include - - #include "xmalloc.h" - #include "ssh.h" -@@ -560,6 +561,11 @@ - SSLeay_add_all_algorithms(); - ERR_load_crypto_strings(); - -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - /* Initialize the command to execute on remote host. */ - buffer_init(&command); - -diff -urN openssh-4.7p1.orig/sshd.c openssh-4.7p1/sshd.c ---- openssh-4.7p1.orig/sshd.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/sshd.c 2007-09-06 15:25:03.001497629 +0200 -@@ -75,6 +75,7 @@ - #include - #include - #include -+#include - #ifdef HAVE_SECUREWARE - #include - #include -@@ -1376,6 +1377,11 @@ - - SSLeay_add_all_algorithms(); - -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - /* - * Force logging to stderr until we have loaded the private host - * key (unless started from inetd) -diff -urN openssh-4.7p1.orig/ssh-keygen.c openssh-4.7p1/ssh-keygen.c ---- openssh-4.7p1.orig/ssh-keygen.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-keygen.c 2007-09-06 15:25:52.982847129 +0200 -@@ -21,6 +21,7 @@ - - #include - #include -+#include - - #include - #include -@@ -1073,6 +1074,12 @@ - __progname = ssh_get_progname(argv[0]); - - SSLeay_add_all_algorithms(); -+ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - - init_rng(); -diff -urN openssh-4.7p1.orig/ssh-keysign.c openssh-4.7p1/ssh-keysign.c ---- openssh-4.7p1.orig/ssh-keysign.c 2007-09-06 15:16:42.472974134 +0200 -+++ openssh-4.7p1/ssh-keysign.c 2007-09-06 15:26:18.971328869 +0200 -@@ -38,6 +38,7 @@ - #include - #include - #include -+#include - - #include "xmalloc.h" - #include "log.h" -@@ -195,6 +196,12 @@ - fatal("could not open any host key"); - - SSLeay_add_all_algorithms(); -+ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - for (i = 0; i < 256; i++) - rnd[i] = arc4random(); - RAND_seed(rnd, sizeof(rnd)); diff --git a/src/patches/openssl-0.9.8g-engine-padlock.patch b/src/patches/openssl-0.9.8g-engine-padlock.patch deleted file mode 100644 index 37f45581f9..0000000000 --- a/src/patches/openssl-0.9.8g-engine-padlock.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -urN openssl-0.9.8g.orig/ssl/ssl_algs.c openssl-0.9.8g/ssl/ssl_algs.c -+++ openssl-0.9.8g/ssl/ssl_algs.c 2007-11-13 19:50:35.356816442 +0100 ---- openssl-0.9.8g.orig/ssl/ssl_algs.c 2007-11-13 19:40:02.820770267 +0100 -@@ -57,6 +57,7 @@ - */ - - #include -+#include - #include - #include - #include "ssl_locl.h" -@@ -127,6 +128,12 @@ - #endif - /* initialize cipher/digest methods table */ - ssl_load_ciphers(); -+ -+ /* Init available hardware crypto engines. */ -+ ENGINE_load_builtin_engines(); -+ ENGINE_register_all_complete(); -+ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); -+ - return(1); - } - diff --git a/src/patches/openssl-0.9.8g-sha-padlock.patch b/src/patches/openssl-0.9.8g-sha-padlock.patch deleted file mode 100644 index 9b1bb2a2a5..0000000000 --- a/src/patches/openssl-0.9.8g-sha-padlock.patch +++ /dev/null @@ -1,620 +0,0 @@ -diff -urN openssl-0.9.8g.orig/crypto/engine/eng_padlock.c openssl-0.9.8g/crypto/engine/eng_padlock.c ---- openssl-0.9.8g.orig/crypto/engine/eng_padlock.c 2007-11-13 20:00:28.390611512 +0100 -+++ openssl-0.9.8g/crypto/engine/eng_padlock.c 2007-11-13 20:02:52.398818072 +0100 -@@ -74,12 +74,23 @@ - #ifndef OPENSSL_NO_AES - #include - #endif -+#ifndef OPENSSL_NO_SHA -+#include -+#endif - #include - #include - - #ifndef OPENSSL_NO_HW - #ifndef OPENSSL_NO_HW_PADLOCK - -+/* PadLock RNG is disabled by default */ -+#define PADLOCK_NO_RNG 1 -+ -+/* No ASM routines for SHA in MSC yet */ -+#ifdef _MSC_VER -+#define OPENSSL_NO_SHA -+#endif -+ - /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ - #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) - # ifndef OPENSSL_NO_DYNAMIC_ENGINE -@@ -135,52 +146,89 @@ - static int padlock_init(ENGINE *e); - - /* RNG Stuff */ -+#ifndef PADLOCK_NO_RNG - static RAND_METHOD padlock_rand; -+#endif - - /* Cipher Stuff */ - #ifndef OPENSSL_NO_AES - static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); - #endif - -+/* Digest Stuff */ -+#ifndef OPENSSL_NO_SHA -+static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -+#endif -+ - /* Engine names */ - static const char *padlock_id = "padlock"; - static char padlock_name[100]; - - /* Available features */ --static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ --static int padlock_use_rng = 0; /* Random Number Generator */ -+enum padlock_flags { -+ PADLOCK_RNG = 0x01, -+ PADLOCK_ACE = 0x02, -+ PADLOCK_ACE2 = 0x04, -+ PADLOCK_PHE = 0x08, -+ PADLOCK_PMM = 0x10 -+}; -+enum padlock_flags padlock_flags; -+ -+#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) -+#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) -+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) -+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) -+#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) -+#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) -+ - #ifndef OPENSSL_NO_AES - static int padlock_aes_align_required = 1; - #endif - -+/* Init / Max buffer sizes for SHA */ -+#define PADLOCK_SHA_INIT_ORD 13 /* = 8192 */ -+#define PADLOCK_SHA_MAX_ORD 13 /* = 8192 */ -+ - /* ===== Engine "management" functions ===== */ - - /* Prepare the ENGINE structure for registration */ - static int - padlock_bind_helper(ENGINE *e) - { -+ char phe_string[20]; -+ - /* Check available features */ - padlock_available(); - --#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ -- padlock_use_rng=0; --#endif -+ /* Build PHE info with buffer size argument */ -+ if (PADLOCK_HAVE_PHE) -+ BIO_snprintf(phe_string, sizeof(phe_string), -+ "PHE(%lu) ", 1UL << PADLOCK_SHA_MAX_ORD); - - /* Generate a nice engine name with available features */ - BIO_snprintf(padlock_name, sizeof(padlock_name), -- "VIA PadLock (%s, %s)", -- padlock_use_rng ? "RNG" : "no-RNG", -- padlock_use_ace ? "ACE" : "no-ACE"); -+ "VIA PadLock: %s%s%s%s%s", -+ padlock_flags ? "" : "not supported", -+ PADLOCK_HAVE_RNG ? "RNG " : "", -+ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", -+ PADLOCK_HAVE_PHE ? phe_string : "", -+ PADLOCK_HAVE_PMM ? "PMM " : ""); - - /* Register everything or return with an error */ - if (!ENGINE_set_id(e, padlock_id) || - !ENGINE_set_name(e, padlock_name) || - -- !ENGINE_set_init_function(e, padlock_init) || -+ !ENGINE_set_init_function(e, padlock_init) - #ifndef OPENSSL_NO_AES -- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || -+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif -+#ifndef OPENSSL_NO_SHA -+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) -+#endif -+#ifndef PADLOCK_NO_RNG -+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) - #endif -- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { -+ ) { - return 0; - } - -@@ -210,7 +258,7 @@ - static int - padlock_init(ENGINE *e) - { -- return (padlock_use_rng || padlock_use_ace); -+ return (padlock_flags); - } - - /* This stuff is needed if this ENGINE is being compiled into a self-contained -@@ -237,6 +285,17 @@ - - /* ===== Here comes the "real" engine ===== */ - -+#ifdef __GNUC__ -+#define likely(x) __builtin_expect(!!(x), 1) -+#define unlikely(x) __builtin_expect(!!(x), 0) -+#else -+#define likely(x) (x) -+#define unlikely(x) (x) -+#endif -+ -+/* How to test if we need to typedef uint32_t ??? */ -+typedef unsigned long uint32_t; -+ - #ifndef OPENSSL_NO_AES - /* Some AES-related constants */ - #define AES_BLOCK_SIZE 16 -@@ -362,10 +421,22 @@ - : "+a"(eax), "=d"(edx) : : "ecx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); - -- return padlock_use_ace + padlock_use_rng; -+ return padlock_flags; -+} -+ -+static inline void -+padlock_htonl_block(uint32_t *data, size_t count) -+{ -+ while (count--) { -+ asm volatile ("bswapl %0" : "+r"(*data)); -+ data++; -+ } - } - - #ifndef OPENSSL_NO_AES -@@ -374,12 +445,9 @@ - padlock_bswapl(AES_KEY *ks) - { - size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -+ uint32_t *key = (uint32_t*) ks->rd_key; - -- while (i--) { -- asm volatile ("bswapl %0" : "+r"(*key)); -- key++; -- } -+ padlock_htonl_block(key, i); - } - #endif - -@@ -1154,6 +1222,415 @@ - - #endif /* OPENSSL_NO_AES */ - -+#ifndef OPENSSL_NO_SHA -+ -+// #define PADLOCK_SHA_STAT 1 -+ -+union sha_all_ctx { -+ SHA_CTX sha_ctx; -+ SHA256_CTX sha256_ctx; /* shared with SHA224 */ -+}; -+ -+typedef int (*f_sha_init)(void *c); -+typedef int (*f_sha_update)(void *c, const void *_data, size_t len); -+typedef int (*f_sha_final)(unsigned char *md, void *c); -+typedef void (*f_sha_padlock)(char *in, unsigned char *out, int count); -+ -+struct sha_digest_functions { -+ f_sha_init init; -+ f_sha_update update; -+ f_sha_final final; -+ f_sha_padlock padlock; -+}; -+ -+/* Don't forget to initialize all relevant -+ * fields in padlock_sha_init() or face the -+ * consequences!!! -+ * BTW We don't use bzero() on this structure -+ * because zeroing fallback_ctx is -+ * a waste of time. */ -+struct padlock_digest_data { -+ void *buf_start, *buf_alloc; -+ ssize_t used; -+ unsigned long order:8, bypass:1; -+ /* Fallback support */ -+ struct sha_digest_functions fallback_fcs; -+ union sha_all_ctx fallback_ctx; -+#ifdef PADLOCK_SHA_STAT -+ size_t stat_count, stat_total; -+#endif -+}; -+ -+#ifdef PADLOCK_SHA_STAT -+size_t all_count, all_total; -+#endif -+ -+#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data)) -+#define DDATA_FREE(ddata) ((size_t)(1L << ddata->order) - ddata->used) -+ -+static void -+padlock_sha_bypass(struct padlock_digest_data *ddata) -+{ -+ if (ddata->bypass) -+ return; -+ -+ ddata->fallback_fcs.init(&ddata->fallback_ctx); -+ if (ddata->buf_start && ddata->used > 0) { -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, ddata->buf_start, ddata->used); -+ if (ddata->buf_alloc) { -+ memset(ddata->buf_start, 0, ddata->used); -+ free(ddata->buf_alloc); -+ ddata->buf_alloc = 0; -+ } -+ } -+ ddata->buf_start = 0; -+ ddata->used = 0; -+ ddata->bypass = 1; -+ -+ return; -+} -+ -+static void -+padlock_do_sha1(char *in, char *out, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0x67452301; -+ ((uint32_t*)output)[1] = 0xEFCDAB89; -+ ((uint32_t*)output)[2] = 0x98BADCFE; -+ ((uint32_t*)output)[3] = 0x10325476; -+ ((uint32_t*)output)[4] = 0xC3D2E1F0; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xc8" /* rep xsha1 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 5 * sizeof(uint32_t)); -+ -+ padlock_htonl_block((uint32_t*)out, 5); -+} -+ -+static void -+padlock_do_sha224(char *in, char *out, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0xC1059ED8UL; -+ ((uint32_t*)output)[1] = 0x367CD507UL; -+ ((uint32_t*)output)[2] = 0x3070DD17UL; -+ ((uint32_t*)output)[3] = 0xF70E5939UL; -+ ((uint32_t*)output)[4] = 0xFFC00B31UL; -+ ((uint32_t*)output)[5] = 0x68581511UL; -+ ((uint32_t*)output)[6] = 0x64F98FA7UL; -+ ((uint32_t*)output)[7] = 0xBEFA4FA4UL; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 7 * sizeof(uint32_t)); -+ -+ padlock_htonl_block((uint32_t*)out, 7); -+} -+ -+static void -+padlock_do_sha256(char *in, char *out, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0x6A09E667; -+ ((uint32_t*)output)[1] = 0xBB67AE85; -+ ((uint32_t*)output)[2] = 0x3C6EF372; -+ ((uint32_t*)output)[3] = 0xA54FF53A; -+ ((uint32_t*)output)[4] = 0x510E527F; -+ ((uint32_t*)output)[5] = 0x9B05688C; -+ ((uint32_t*)output)[6] = 0x1F83D9AB; -+ ((uint32_t*)output)[7] = 0x5BE0CD19; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 8 * sizeof(uint32_t)); -+ -+ padlock_htonl_block((uint32_t*)out, 8); -+} -+ -+static int -+padlock_sha_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->used = 0; -+ ddata->bypass = 0; -+ -+ ddata->order = PADLOCK_SHA_INIT_ORD; -+ ddata->buf_alloc = malloc((1L << ddata->order) + 16); -+ ddata->buf_start = NEAREST_ALIGNED(ddata->buf_alloc); -+ -+ return 1; -+} -+ -+static int -+padlock_sha1_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->fallback_fcs.init = (f_sha_init)SHA1_Init; -+ ddata->fallback_fcs.update = (f_sha_update)SHA1_Update; -+ ddata->fallback_fcs.final = (f_sha_final)SHA1_Final; -+ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha1; -+ -+ return padlock_sha_init(ctx); -+} -+ -+static int -+padlock_sha224_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->fallback_fcs.init = (f_sha_init)SHA224_Init; -+ ddata->fallback_fcs.update = (f_sha_update)SHA224_Update; -+ ddata->fallback_fcs.final = (f_sha_final)SHA224_Final; -+ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha224; -+ -+ return padlock_sha_init(ctx); -+} -+ -+static int -+padlock_sha256_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ ddata->fallback_fcs.init = (f_sha_init)SHA256_Init; -+ ddata->fallback_fcs.update = (f_sha_update)SHA256_Update; -+ ddata->fallback_fcs.final = (f_sha_final)SHA256_Final; -+ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha256; -+ -+ return padlock_sha_init(ctx); -+} -+ -+static int -+padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+#ifdef PADLOCK_SHA_STAT -+ ddata->stat_count++; -+ ddata->stat_total += length; -+ all_count++; -+ all_total += length; -+#endif -+ if (unlikely(ddata->bypass)) { -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); -+ return 1; -+ } -+ if (unlikely(DDATA_FREE(ddata) < length)) { -+ if (likely(ddata->used + length > (1 << PADLOCK_SHA_MAX_ORD))) { -+ /* Too much data to be stored -> bypass to SW SHA */ -+ padlock_sha_bypass(ddata); -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); -+ return 1; -+ } else { -+ /* Resize the alocated buffer */ -+ char *new_buf; -+ size_t new_size; -+ -+ while ((1<<++ddata->order) < (ddata->used + length)); -+ new_size = (1<order); -+ if(!(new_buf = realloc(ddata->buf_alloc, new_size + 16))) { -+ /* fallback plan again */ -+ padlock_sha_bypass(ddata); -+ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); -+ return 1; -+ } -+ ddata->buf_alloc = new_buf; -+ ddata->buf_start = NEAREST_ALIGNED(new_buf); -+ } -+ } -+ -+ memcpy(ddata->buf_start + ddata->used, data, length); -+ ddata->used += length; -+ -+ return 1; -+} -+ -+static int -+padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+#ifdef PADLOCK_SHA_STAT -+ fprintf(stderr, "PadLock CTX: cnt=%zu, tot=%zu, avg=%zu\n", -+ ddata->stat_count, ddata->stat_total, -+ ddata->stat_count ? (ddata->stat_total/ddata->stat_count) : 0); -+ fprintf(stderr, "PadLock ALL: cnt=%zu, tot=%zu, avg=%zu\n", -+ all_count, all_total, all_count ? (all_total/all_count) : 0); -+#endif -+ -+ if (ddata->bypass) { -+ ddata->fallback_fcs.final(md, &ddata->fallback_ctx); -+ return 1; -+ } -+ -+ /* Pass the input buffer to PadLock microcode... */ -+ ddata->fallback_fcs.padlock(ddata->buf_start, md, ddata->used); -+ memset(ddata->buf_start, 0, ddata->used); -+ free(ddata->buf_alloc); -+ ddata->buf_start = 0; -+ ddata->buf_alloc = 0; -+ ddata->used = 0; -+ -+ return 1; -+} -+ -+static int -+padlock_sha_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) -+{ -+ struct padlock_digest_data *ddata_from = DIGEST_DATA(from); -+ struct padlock_digest_data *ddata_to = DIGEST_DATA(to); -+ -+ memcpy(ddata_to, ddata_from, sizeof(struct padlock_digest_data)); -+ if (ddata_from->buf_alloc) { -+ ddata_to->buf_alloc = malloc(1L << ddata_to->order); -+ if (!ddata_to->buf_start) { -+ fprintf(stderr, "%s(): malloc() failed\n", __func__); -+ exit(1); -+ } -+ ddata_to->buf_start = NEAREST_ALIGNED(ddata_to->buf_alloc); -+ memcpy(ddata_to->buf_start, ddata_from->buf_start, ddata_from->used); -+ } -+ return 1; -+} -+ -+static int -+padlock_sha_cleanup(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ if (ddata->buf_alloc) { -+ memset(ddata->buf_start, 0, ddata->used); -+ free(ddata->buf_alloc); -+ } -+ -+ memset(ddata, 0, sizeof(struct padlock_digest_data)); -+ -+ return 1; -+} -+ -+static const EVP_MD padlock_sha1_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ 0, -+ padlock_sha1_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static const EVP_MD padlock_sha224_md = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+ 0, -+ padlock_sha224_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static const EVP_MD padlock_sha256_md = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ 0, -+ padlock_sha256_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static int padlock_digest_nids[] = { -+#if !defined(OPENSSL_NO_SHA) -+ NID_sha1, -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ NID_sha224, -+#endif -+ NID_sha256, -+#endif -+}; -+ -+static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); -+ -+static int -+padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) -+{ -+ /* No specific digest => return a list of supported nids ... */ -+ if (!digest) { -+ *nids = padlock_digest_nids; -+ return padlock_digest_nids_num; -+ } -+ -+ /* ... or the requested "digest" otherwise */ -+ switch (nid) { -+#if !defined(OPENSSL_NO_SHA) -+ case NID_sha1: -+ *digest = &padlock_sha1_md; -+ break; -+#endif -+ -+ -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ case NID_sha224: -+ *digest = &padlock_sha224_md; -+ break; -+#endif /* OPENSSL_NO_SHA224 */ -+ -+ case NID_sha256: -+ *digest = &padlock_sha256_md; -+ break; -+#endif /* OPENSSL_NO_SHA256 */ -+ -+ default: -+ /* Sorry, we don't support this NID */ -+ *digest = NULL; -+ return 0; -+ } -+ -+ return 1; -+} -+ -+#endif /* OPENSSL_NO_SHA */ -+ -+#ifndef PADLOCK_NO_RNG - /* ===== Random Number Generator ===== */ - /* - * This code is not engaged. The reason is that it does not comply -@@ -1209,6 +1686,7 @@ - padlock_rand_bytes, /* pseudorand */ - padlock_rand_status, /* rand status */ - }; -+#endif /* PADLOCK_NO_RNG */ - - #endif /* COMPILE_HW_PADLOCK */ - diff --git a/src/patches/openswan-2.6.16-clear-1.patch b/src/patches/openswan-2.6.16-clear-1.patch deleted file mode 100644 index 41175c14e0..0000000000 --- a/src/patches/openswan-2.6.16-clear-1.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- clear.org 2008-09-07 01:10:26.000000000 +0200 -+++ clear 2008-09-07 01:12:23.000000000 +0200 -@@ -3,18 +3,3 @@ - # - # See /usr/share/doc/openswan/policygroups.html for details. - # -- --# root name servers should be in the clear --192.58.128.30/32 --198.41.0.4/32 --192.228.79.201/32 --192.33.4.12/32 --128.8.10.90/32 --192.203.230.10/32 --192.5.5.241/32 --192.112.36.4/32 --128.63.2.53/32 --192.36.148.17/32 --193.0.14.129/32 --199.7.83.42/32 --202.12.27.33/32 diff --git a/src/patches/openswan-2.6.16-startklips-1.patch b/src/patches/openswan-2.6.16-startklips-1.patch deleted file mode 100644 index ff05bbb813..0000000000 --- a/src/patches/openswan-2.6.16-startklips-1.patch +++ /dev/null @@ -1,64 +0,0 @@ ---- _startklips.old 2008-09-07 00:50:40.000000000 +0200 -+++ _startklips 2008-09-07 00:50:42.000000000 +0200 -@@ -146,23 +146,35 @@ - - # figure out ifconfig for interface - addr= -- eval `ifconfig $phys | -- awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { -- gsub(/:/, " ", $0) -- print "addr=" $3 -- other = $5 -- if ($4 == "Bcast") -- print "type=broadcast" -- else if ($4 == "P-t-P") -- print "type=pointopoint" -- else if (NF == 5) { -- print "type=" -- other = "" -- } else -- print "type=unknown" -- print "otheraddr=" other -- print "mask=" $NF -- }'` -+ eval `ip addr show $phys | awk '$3 ~ /BROADCAST|POINTOPOINT/ { -+ if ($3 ~ /BROADCAST/) -+ print "type=broadcast"; -+ else if ($3 ~ /POINTOPOINT/) -+ print "type=pointopoint"; -+ else { -+ print "type="; -+ } -+ }'` -+ -+ if [ "$type" == "broadcast" ]; then -+ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " "); -+ print "addr=" $2; -+ print "mask=" $3; -+ print "otheraddr=" $5; -+ }'` -+ elif [ "$type" == "pointopoint" ]; then -+ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " "); -+ print "addr=" $2; -+ print "mask=" $5; -+ print "otheraddr=" $4; -+ }'` -+ else -+ type="unknown" -+ otheraddr= -+ fi -+ -+ eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'` -+ - if test " $addr" = " " - then - echo "unable to determine address of \`$phys'" -@@ -171,7 +183,7 @@ - if test " $type" = " unknown" - then - echo "\`$phys' is of an unknown type" -- exit 1 -+ exit 1 - fi - if test " $omtu" != " " - then diff --git a/src/patches/openswan-2.6.16-updown.klips-1.patch b/src/patches/openswan-2.6.16-updown.klips-1.patch deleted file mode 100644 index f587dea000..0000000000 --- a/src/patches/openswan-2.6.16-updown.klips-1.patch +++ /dev/null @@ -1,30 +0,0 @@ ---- /usr/lib/ipsec/_updown.klips 2007-10-14 00:56:15.000000000 +0200 -+++ /usr/lib/ipsec/_updown.klips 2007-10-27 00:00:26.000000000 +0200 -@@ -376,8 +376,8 @@ - # opportunistic encryption work around - # need to provide route that eclipses default, without - # replacing it. -- it="ip route $1 0.0.0.0/1 $parms2 $parms3 && -- ip route $1 128.0.0.0/1 $parms2 $parms3" -+ #it="ip route $1 0.0.0.0/1 $parms2 $parms3 && -+ # ip route $1 128.0.0.0/1 $parms2 $parms3" - ;; - *) it="ip route $1 $parms $parms2 $parms3" - ;; -@@ -401,13 +401,13 @@ - prepare-host:*|prepare-client:*) - # delete possibly-existing route (preliminary to adding a route) - case "$PLUTO_PEER_CLIENT" in -- "0.0.0.0/0") -+ "0.0.0.0/0") - # need to provide route that eclipses default, without - # replacing it. - parms1="0.0.0.0/1" - parms2="128.0.0.0/1" -- it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1" -- oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`" -+ # it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1" -+ # oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`" - ;; - *) - parms="$PLUTO_PEER_CLIENT $IPROUTEARGS" diff --git a/src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch b/src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch deleted file mode 100644 index 1663bbe709..0000000000 --- a/src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- /usr/lib/ipsec/_updown 2009-10-08 01:43:58.000000000 +0200 -+++ /usr/lib/ipsec/_updown 2009-12-20 23:13:24.000000000 +0100 -@@ -128,6 +128,21 @@ - 2.*) ;; - esac - -+# add/remove rules to reach vpn-peers from ipfire -+src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src)) -+ -+case "$PLUTO_VERB" in -+"route-client") -+ logger -t "ipsec_updown" "iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src" -+ /sbin/iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src -+ ;; -+ -+"unroute-client") -+ logger -t "ipsec_updown" "iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src" -+ /sbin/iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src -+ ;; -+esac -+ - if [ -x /usr/lib/ipsec/_updown.${PLUTO_STACK} ] - then - exec /usr/lib/ipsec/_updown.${PLUTO_STACK} $* diff --git a/src/patches/openswan-2.6.24_noxmlto.patch b/src/patches/openswan-2.6.24_noxmlto.patch deleted file mode 100644 index dc0c30cbb5..0000000000 --- a/src/patches/openswan-2.6.24_noxmlto.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff -Naur openswan-2.6.24.org/programs/_confread/Makefile openswan-2.6.24/programs/_confread/Makefile ---- openswan-2.6.24.org/programs/_confread/Makefile 2010-01-10 02:34:38.000000000 +0100 -+++ openswan-2.6.24/programs/_confread/Makefile 2010-01-10 22:44:33.000000000 +0100 -@@ -16,7 +16,13 @@ - OPENSWANSRCDIR?=$(shell cd ../..; pwd) - include ${OPENSWANSRCDIR}/Makefile.inc - --EXTRA5MAN=ipsec.conf.5 -+SUBDIRS=doc lib programs testing -+ifeq ($(findstring $(SUBDIRS),doc),doc) -+ EXTRA5MAN=ipsec.conf.5 -+else -+ EXTRA5MAN= -+endif -+ - CONFFILES=ipsec.conf - EXCONFILES=ipsec.win2k.conf - SOURCEDIR=_confread -diff -Naur openswan-2.6.24.org/programs/pluto/Makefile openswan-2.6.24/programs/pluto/Makefile ---- openswan-2.6.24.org/programs/pluto/Makefile 2010-01-10 02:34:38.000000000 +0100 -+++ openswan-2.6.24/programs/pluto/Makefile 2010-01-10 22:51:15.000000000 +0100 -@@ -172,7 +172,7 @@ - all: $(BINNAMEPLUTO) $(BINNAMEADNSIFNEEDED) $(BINNAMEWHACK) #$(BINNAMEWHACKINIT) - programs: $(BINNAMEPLUTO) $(BINNAMEADNSIFNEEDED) $(BINNAMEWHACK) #$(BINNAMEWHACKINIT) - clean: cleanall --install: doinstall -+install: doinstall doinstalldoc - endif - - doinstall: all -@@ -188,6 +188,9 @@ - $(INSTALL) $(INSTBINFLAGS) $(BINNAMEPLUTO) $(BINNAMEWHACK) $(LIBEXECDIR) - #$(INSTALL) $(INSTSUIDFLAGS) $(BINNAMEWHACKINIT) $(LIBEXECDIR) - if $(USE_ADNS) ; then $(INSTALL) $(INSTBINFLAGS) $(BINNAMEADNS) $(LIBEXECDIR) ; fi -+ -+ifeq ($(findstring $(SUBDIRS),doc),doc) -+doinstalldoc: - $(INSTALL) $(INSTMANFLAGS) ${srcdir}pluto.8 $(PMANDIR)/ipsec_pluto.8 - sh ${OPENSWANSRCDIR}/packaging/utils/manlink ${srcdir}pluto.8 | \ - while read from to ; \ -@@ -201,10 +204,7 @@ - ln -s -f $$from $(FMANDIR)/$$to; \ - done - --install_file_list: -- @echo $(LIBEXECDIR)/$(BINNAMEPLUTO) -- @if $(USE_ADNS) ; then echo $(LIBDIR)/$(BINNAMEADNS) ; fi -- @echo $(LIBEXECDIR)/$(BINNAMEWHACK) -+install_file_listdoc: - @echo $(PMANDIR)/ipsec_pluto.8 - @sh ${OPENSWANSRCDIR}/packaging/utils/manlink pluto.8 | \ - while read from to; \ -@@ -217,6 +217,15 @@ - do \ - echo $(FMANDIR)/$$to; \ - done -+else -+doinstalldoc: -+install_file_listdoc: -+endif -+ -+install_file_list: install_file_listdoc -+ @echo $(LIBEXECDIR)/$(BINNAMEPLUTO) -+ @if $(USE_ADNS) ; then echo $(LIBDIR)/$(BINNAMEADNS) ; fi -+ @echo $(LIBEXECDIR)/$(BINNAMEWHACK) - - alg_info_test: alg_info_test.o ike_alg.o constants.o defs.o log.o db_ops.o crypto.o $(LIBDESLITE) $(OPENSWANLIB) - $(CC) -o $@ $^ $(LDFLAGS) $(LIBSPLUTO) diff --git a/src/patches/portmap-5beta-compilation_fixes-3.patch b/src/patches/portmap-5beta-compilation_fixes-3.patch deleted file mode 100644 index 45fc2c6352..0000000000 --- a/src/patches/portmap-5beta-compilation_fixes-3.patch +++ /dev/null @@ -1,705 +0,0 @@ -Submitted By: Kevin P. Fleming -Date: 2004-05-02 -Initial Package Version: 5beta -Origin: http://archives.linuxfromscratch.org/mail-archives/blfs-dev/2003-January/001960.html -Description: The patch was created from the portmap modified package by Mark Heerdink. -This patch provides the following improvements: - * Link against dynamic tcp_wrappers. - * Create an install target for portmap. - * Compilation and security fixes. - * Documentation fixes. - -Originally created by Tushar Teredesai, updated by kpfleming to ensure -portmap will compile without tcp_wrappers installed. -diff -Naur portmap_5beta/BLURB portmap_5beta.gimli/BLURB ---- portmap_5beta/BLURB 1996-07-06 16:09:46.000000000 -0500 -+++ portmap_5beta.gimli/BLURB 2002-01-07 09:13:58.000000000 -0600 -@@ -1,3 +1,6 @@ -+ -+############################################################################### -+ - @(#) BLURB 1.5 96/07/06 23:09:45 - - This is the fifth replacement portmapper release. -diff -Naur portmap_5beta/Makefile portmap_5beta.gimli/Makefile ---- portmap_5beta/Makefile 1996-07-06 16:06:19.000000000 -0500 -+++ portmap_5beta.gimli/Makefile 2002-07-15 16:00:07.000000000 -0500 -@@ -8,7 +8,7 @@ - # if you disagree. See `man 3 syslog' for examples. Some syslog versions - # do not provide this flexibility. - # --FACILITY=LOG_MAIL -+FACILITY=LOG_DAEMON - - # To disable tcp-wrapper style access control, comment out the following - # macro definitions. Access control can also be turned off by providing -@@ -16,7 +16,8 @@ - # daemon, is always treated as an authorized host. - - HOSTS_ACCESS= -DHOSTS_ACCESS --WRAP_LIB = $(WRAP_DIR)/libwrap.a -+#WRAP_LIB = $(WRAP_DIR)/libwrap.a -+WRAP_LIB = -lwrap - - # Comment out if your RPC library does not allocate privileged ports for - # requests from processes with root privilege, or the new portmap will -@@ -71,7 +72,7 @@ - # With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when - # SIGCHLD is not ignored. Enable next macro for a fix. - # --# ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x -+ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x - - # Uncomment the following macro if your system does not have u_long. - # -@@ -81,7 +82,7 @@ - # libwrap.a object library. WRAP_DIR should specify the directory with - # that library. - --WRAP_DIR= ../tcp_wrappers -+WRAP_DIR= $(TCPD_DIR) - - # Auxiliary object files that may be missing from your C library. - # -@@ -99,22 +100,31 @@ - - # Comment out if your compiler talks ANSI and understands const - # --CONST = -Dconst= -+#CONST = -Dconst= - - ### End of configurable stuff. - ############################## - -+GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h) -+ -+ifeq ($(GLIBC),0) -+LIBS += # -lbsd -+else -+LIBS += -lnsl -+endif -+ -+ - SHELL = /bin/sh - --COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \ -+COPT = $(CONST) $(HOSTS_ACCESS) $(CHECK_PORT) \ - $(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \ - $(LOOPBACK) $(SETPGRP) --CFLAGS = $(COPT) -O $(NSARCHS) -+CFLAGS = -Wall $(COPT) -O2 $(NSARCHS) - OBJECTS = portmap.o pmap_check.o from_local.o $(AUX) - - all: portmap pmap_dump pmap_set - --portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a -+portmap: $(OBJECTS) # $(WRAP_DIR)/libwrap.a - $(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS) - - pmap_dump: pmap_dump.c -@@ -129,6 +139,17 @@ - get_myaddress: get_myaddress.c - cc $(CFLAGS) -DTEST -o $@ get_myaddress.c $(LIBS) - -+install: all -+ install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin -+ install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/usr/sbin -+ install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/usr/sbin -+ install -o root -g root -m 0644 portmap.8 ${BASEDIR}/usr/share/man/man8 -+ install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8 -+ install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8 -+# cat README BLURB >${BASEDIR}/usr/share/doc/portmap/portmapper.txt -+# gzip -9f ${BASEDIR}/usr/share/doc/portmap/portmapper.txt -+ -+ - lint: - lint $(COPT) $(OBJECTS:%.o=%.c) - -diff -Naur portmap_5beta/daemon.c portmap_5beta.gimli/daemon.c ---- portmap_5beta/daemon.c 1992-06-11 15:53:12.000000000 -0500 -+++ portmap_5beta.gimli/daemon.c 2002-01-07 09:22:24.000000000 -0600 -@@ -36,16 +36,13 @@ - #endif /* LIBC_SCCS and not lint */ - - #include -- --/* From unistd.h */ --#define STDIN_FILENO 0 --#define STDOUT_FILENO 1 --#define STDERR_FILENO 2 -+#include -+#include - - /* From paths.h */ - #define _PATH_DEVNULL "/dev/null" - --daemon(nochdir, noclose) -+int daemon(nochdir, noclose) - int nochdir, noclose; - { - int cpid; -diff -Naur portmap_5beta/from_local.c portmap_5beta.gimli/from_local.c ---- portmap_5beta/from_local.c 1996-05-31 08:52:58.000000000 -0500 -+++ portmap_5beta.gimli/from_local.c 2002-01-07 09:25:49.000000000 -0600 -@@ -35,7 +35,7 @@ - * Mountain View, California 94043 - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) from_local.c 1.3 96/05/31 15:52:57"; - #endif - -@@ -51,6 +51,9 @@ - #include - #include - #include -+#include -+#include -+#include - - #ifndef TRUE - #define TRUE 1 -@@ -96,7 +99,7 @@ - - /* find_local - find all IP addresses for this host */ - --find_local() -+int find_local() - { - struct ifconf ifc; - struct ifreq ifreq; -@@ -154,7 +157,7 @@ - - /* from_local - determine whether request comes from the local system */ - --from_local(addr) -+int from_local(addr) - struct sockaddr_in *addr; - { - int i; -diff -Naur portmap_5beta/pmap_check.c portmap_5beta.gimli/pmap_check.c ---- portmap_5beta/pmap_check.c 1996-07-07 03:49:10.000000000 -0500 -+++ portmap_5beta.gimli/pmap_check.c 2002-01-07 09:37:58.000000000 -0600 -@@ -32,7 +32,7 @@ - * Computing Science, Eindhoven University of Technology, The Netherlands. - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) pmap_check.c 1.8 96/07/07 10:49:10"; - #endif - -@@ -45,6 +45,11 @@ - #include - #include - #endif -+#include -+#include -+#ifdef HOSTS_ACCESS -+#include -+#endif - - extern char *inet_ntoa(); - -@@ -110,7 +113,7 @@ - - /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */ - --check_default(addr, proc, prog) -+int check_default(addr, proc, prog) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -128,7 +131,7 @@ - - /* check_privileged_port - additional checks for privileged-port updates */ - --check_privileged_port(addr, proc, prog, port) -+int check_privileged_port(addr, proc, prog, port) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -173,7 +176,7 @@ - - #else - --check_setunset(addr, proc, prog, port) -+int check_setunset(addr, proc, prog, port) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -197,7 +200,7 @@ - - /* check_callit - additional checks for forwarded requests */ - --check_callit(addr, proc, prog, aproc) -+int check_callit(addr, proc, prog, aproc) - struct sockaddr_in *addr; - u_long proc; - u_long prog; -@@ -249,13 +252,13 @@ - }; - struct proc_map *procp; - static struct proc_map procmap[] = { -- PMAPPROC_CALLIT, "callit", -- PMAPPROC_DUMP, "dump", -- PMAPPROC_GETPORT, "getport", -- PMAPPROC_NULL, "null", -- PMAPPROC_SET, "set", -- PMAPPROC_UNSET, "unset", -- 0, 0, -+ { PMAPPROC_CALLIT, "callit" }, -+ { PMAPPROC_DUMP, "dump" }, -+ { PMAPPROC_GETPORT, "getport" }, -+ { PMAPPROC_NULL, "null" }, -+ { PMAPPROC_SET, "set" }, -+ { PMAPPROC_UNSET, "unset" }, -+ { 0, 0 } - }; - - /* -@@ -269,7 +272,7 @@ - - if (prognum == 0) { - progname = ""; -- } else if (rpc = getrpcbynumber((int) prognum)) { -+ } else if ((rpc = getrpcbynumber((int) prognum)) != NULL) { - progname = rpc->r_name; - } else { - sprintf(progname = progbuf, "%lu", prognum); -diff -Naur portmap_5beta/pmap_dump.8 portmap_5beta.gimli/pmap_dump.8 ---- portmap_5beta/pmap_dump.8 1969-12-31 18:00:00.000000000 -0600 -+++ portmap_5beta.gimli/pmap_dump.8 2002-01-07 09:13:58.000000000 -0600 -@@ -0,0 +1,24 @@ -+.TH PMAP_DUMP 8 "21th June 1997" Linux "Linux Programmer's Manual" -+.SH NAME -+pmap_dump \- print a list of all registered RPC programs -+.SH SYNOPSIS -+.B pmap_dump -+.SH DESCRIPTION -+The -+.B pmap_dump -+command can be used to restart a running portmapper or to print -+a list of all registered RPC programs on the local host. If you -+want to use the program to restart the portmapper you have to -+redirect the output of -+.B pmap_dump -+to a file. After this you can restart the portmapper and restore -+the list of the registered RPC programs by feeding the output -+of -+.B pmap_dump -+to the -+.B pmap_set -+command. -+.SH SEE ALSO -+.BR pmap_set (8), -+.BR rpc.portmap (8) -+ -diff -Naur portmap_5beta/pmap_dump.c portmap_5beta.gimli/pmap_dump.c ---- portmap_5beta/pmap_dump.c 1992-06-11 15:53:16.000000000 -0500 -+++ portmap_5beta.gimli/pmap_dump.c 2002-01-07 09:20:19.000000000 -0600 -@@ -5,7 +5,7 @@ - * Computing Science, Eindhoven University of Technology, The Netherlands. - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) pmap_dump.c 1.1 92/06/11 22:53:15"; - #endif - -@@ -23,7 +23,20 @@ - - static char *protoname(); - --main(argc, argv) -+#ifndef INADDR_LOOPBACK -+#define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1")) -+#endif -+ -+static void get_myloopaddress(addrp) -+struct sockaddr_in *addrp; -+{ -+ memset((char *) addrp, 0, sizeof(*addrp)); -+ addrp->sin_family = AF_INET; -+ addrp->sin_port = htons(PMAPPORT); -+ addrp->sin_addr.s_addr = htonl(INADDR_LOOPBACK); -+} -+ -+int main(argc, argv) - int argc; - char **argv; - { -@@ -31,7 +44,7 @@ - register struct pmaplist *list; - register struct rpcent *rpc; - -- get_myaddress(&addr); -+ get_myloopaddress(&addr); - - for (list = pmap_getmaps(&addr); list; list = list->pml_next) { - rpc = getrpcbynumber((int) list->pml_map.pm_prog); -diff -Naur portmap_5beta/pmap_set.8 portmap_5beta.gimli/pmap_set.8 ---- portmap_5beta/pmap_set.8 1969-12-31 18:00:00.000000000 -0600 -+++ portmap_5beta.gimli/pmap_set.8 2002-01-07 09:13:58.000000000 -0600 -@@ -0,0 +1,24 @@ -+.TH PMAP_SET 8 "21th June 1997" Linux "Linux Programmer's Manual" -+.SH NAME -+pmap_set \- set the list of registered RPC programs -+.SH SYNOPSIS -+.B pmap_set -+.SH DESCRIPTION -+The -+.B pmap_set -+command can be used to restart a running portmapper or to set -+the list of registered RPC programs on the local host. If you -+want to use the program to restart the portmapper you have to -+redirect the output of -+.B pmap_dump -+to a file. After this you can restart the portmapper and restore -+the list of the registered RPC programs by feeding the output -+of -+.B pmap_dump -+to the -+.B pmap_set -+command. -+.SH SEE ALSO -+.BR pmap_dump (8), -+.BR rpc.portmap (8) -+ -diff -Naur portmap_5beta/pmap_set.c portmap_5beta.gimli/pmap_set.c ---- portmap_5beta/pmap_set.c 1996-07-06 16:06:23.000000000 -0500 -+++ portmap_5beta.gimli/pmap_set.c 2002-01-07 09:22:10.000000000 -0600 -@@ -5,7 +5,7 @@ - * Computing Science, Eindhoven University of Technology, The Netherlands. - */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) pmap_set.c 1.2 96/07/06 23:06:23"; - #endif - -@@ -17,7 +17,9 @@ - #include - #include - --main(argc, argv) -+int parse_line(char *buf, u_long *prog, u_long *vers, int *prot, unsigned *port); -+ -+int main(argc, argv) - int argc; - char **argv; - { -@@ -40,16 +42,16 @@ - - /* parse_line - convert line to numbers */ - --parse_line(buf, prog, vers, prot, port) -+int parse_line(buf, prog, vers, prot, port) - char *buf; - u_long *prog; - u_long *vers; - int *prot; - unsigned *port; - { -- char proto_name[BUFSIZ]; -+ char proto_name[256]; - -- if (sscanf(buf, "%lu %lu %s %u", prog, vers, proto_name, port) != 4) { -+ if (sscanf(buf, "%lu %lu %255s %u", prog, vers, proto_name, port) != 4) { - return (0); - } - if (strcmp(proto_name, "tcp") == 0) { -diff -Naur portmap_5beta/portmap.8 portmap_5beta.gimli/portmap.8 ---- portmap_5beta/portmap.8 1969-12-31 18:00:00.000000000 -0600 -+++ portmap_5beta.gimli/portmap.8 2002-01-07 09:13:58.000000000 -0600 -@@ -0,0 +1,146 @@ -+.\" Copyright (c) 1987 Sun Microsystems -+.\" Copyright (c) 1990, 1991 The Regents of the University of California. -+.\" All rights reserved. -+.\" -+.\" Redistribution and use in source and binary forms, with or without -+.\" modification, are permitted provided that the following conditions -+.\" are met: -+.\" 1. Redistributions of source code must retain the above copyright -+.\" notice, this list of conditions and the following disclaimer. -+.\" 2. Redistributions in binary form must reproduce the above copyright -+.\" notice, this list of conditions and the following disclaimer in the -+.\" documentation and/or other materials provided with the distribution. -+.\" 3. All advertising materials mentioning features or use of this software -+.\" must display the following acknowledgement: -+.\" This product includes software developed by the University of -+.\" California, Berkeley and its contributors. -+.\" 4. Neither the name of the University nor the names of its contributors -+.\" may be used to endorse or promote products derived from this software -+.\" without specific prior written permission. -+.\" -+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+.\" SUCH DAMAGE. -+.\" -+.\" from: @(#)portmap.8 5.3 (Berkeley) 3/16/91 -+.\" $Id: portmap-5beta-compilation_fixes-3.patch,v 1.1 2004/06/08 04:53:09 jim Exp $ -+.\" -+.Dd March 16, 1991 -+.Dt PORTMAP 8 -+.Os BSD 4.3 -+.Sh NAME -+.Nm portmap -+.Nd -+.Tn DARPA -+port to -+.Tn RPC -+program number mapper -+.Sh SYNOPSIS -+.Nm portmap -+.Op Fl d -+.Op Fl v -+.Sh DESCRIPTION -+.Nm Portmap -+is a server that converts -+.Tn RPC -+program numbers into -+.Tn DARPA -+protocol port numbers. -+It must be running in order to make -+.Tn RPC -+calls. -+.Pp -+When an -+.Tn RPC -+server is started, it will tell -+.Nm portmap -+what port number it is listening to, and what -+.Tn RPC -+program numbers it is prepared to serve. -+When a client wishes to make an -+.Tn RPC -+call to a given program number, -+it will first contact -+.Nm portmap -+on the server machine to determine -+the port number where -+.Tn RPC -+packets should be sent. -+.Pp -+.Nm Portmap -+must be started before any -+.Tn RPC -+servers are invoked. -+.Pp -+Normally -+.Nm portmap -+forks and dissociates itself from the terminal -+like any other daemon. -+.Nm Portmap -+then logs errors using -+.Xr syslog 3 . -+.Pp -+Option available: -+.Bl -tag -width Ds -+.It Fl d -+(debug) prevents -+.Nm portmap -+from running as a daemon, -+and causes errors and debugging information -+to be printed to the standard error output. -+.It Fl v -+(verbose) run -+.Nm portmap -+in verbose mode. -+.El -+ -+This -+.Nm portmap -+version is protected by the -+.Nm tcp_wrapper -+library. You have to give the clients access to -+.Nm portmap -+if they should be allowed to use it. To allow connects from clients of -+the .bar.com domain you could use the following line in /etc/hosts.allow: -+ -+portmap: .bar.com -+ -+You have to use the daemon name -+.Nm portmap -+for the daemon name (even if the binary has a different name). For the -+client names you can only use the keyword ALL or IP addresses (NOT -+host or domain names). -+ -+For further information please have a look at the -+.Xr tcpd 8 , -+.Xr hosts_allow 5 -+and -+.Xr hosts_access 5 -+manual pages. -+ -+.Sh SEE ALSO -+.Xr inetd.conf 5 , -+.Xr rpcinfo 8 , -+.Xr pmap_set 8 , -+.Xr pmap_dump 8 , -+.Xr inetd 8 -+.Xr tcpd 8 -+.Xr hosts_access 5 -+.Xr hosts_options 5 -+.Sh BUGS -+If -+.Nm portmap -+crashes, all servers must be restarted. -+.Sh HISTORY -+The -+.Nm -+command appeared in -+.Bx 4.3 -diff -Naur portmap_5beta/portmap.c portmap_5beta.gimli/portmap.c ---- portmap_5beta/portmap.c 1996-07-06 16:06:24.000000000 -0500 -+++ portmap_5beta.gimli/portmap.c 2002-01-07 09:26:41.000000000 -0600 -@@ -37,7 +37,7 @@ - All rights reserved.\n"; - #endif /* not lint */ - --#ifndef lint -+#ifdef lint - static char sccsid[] = "@(#) portmap.c 1.6 96/07/06 23:06:23"; - #endif /* not lint */ - -@@ -80,6 +80,9 @@ - * Mountain View, California 94043 - */ - -+#if defined(__GLIBC__) -+#include -+#endif /* __GLIBC__ */ - #include - #include - #include -@@ -94,6 +97,8 @@ - #ifdef SYSV40 - #include - #endif -+#include -+#include - - extern char *strerror(); - #include -@@ -148,7 +153,7 @@ - #endif - #endif - --main(argc, argv) -+int main(argc, argv) - int argc; - char **argv; - { -@@ -350,7 +355,7 @@ - */ - /* remote host authorization check */ - check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0); -- if (!svc_sendreply(xprt, xdr_void, (caddr_t)0) && debugging) { -+ if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0) && debugging) { - abort(); - } - break; -@@ -359,7 +364,7 @@ - /* - * Set a program,version to port mapping - */ -- if (!svc_getargs(xprt, xdr_pmap, ®)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) - svcerr_decode(xprt); - else { - /* reject non-local requests, protect priv. ports */ -@@ -401,7 +406,7 @@ - ans = 1; - } - done: -- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) && -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) && - debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -413,7 +418,7 @@ - /* - * Remove a program,version to port mapping. - */ -- if (!svc_getargs(xprt, xdr_pmap, ®)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) - svcerr_decode(xprt); - else { - ans = 0; -@@ -447,7 +452,7 @@ - prevpml->pml_next = pml; - free(t); - } -- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) && -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) && - debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -459,7 +464,7 @@ - /* - * Lookup the mapping for a program,version and return its port - */ -- if (!svc_getargs(xprt, xdr_pmap, ®)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) - svcerr_decode(xprt); - else { - /* remote host authorization check */ -@@ -474,7 +479,7 @@ - port = fnd->pml_map.pm_port; - else - port = 0; -- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&port)) && -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&port)) && - debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -486,7 +491,7 @@ - /* - * Return the current set of mapped program,version - */ -- if (!svc_getargs(xprt, xdr_void, NULL)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_void, (caddr_t) NULL)) - svcerr_decode(xprt); - else { - /* remote host authorization check */ -@@ -497,7 +502,7 @@ - } else { - p = pmaplist; - } -- if ((!svc_sendreply(xprt, xdr_pmaplist, -+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist, - (caddr_t)&p)) && debugging) { - (void) fprintf(stderr, "svc_sendreply\n"); - abort(); -@@ -645,7 +650,7 @@ - timeout.tv_sec = 5; - timeout.tv_usec = 0; - a.rmt_args.args = buf; -- if (!svc_getargs(xprt, xdr_rmtcall_args, &a)) -+ if (!svc_getargs(xprt, (xdrproc_t) xdr_rmtcall_args, (caddr_t) &a)) - return; - /* host and service access control */ - if (!check_callit(svc_getcaller(xprt), -@@ -674,9 +679,9 @@ - au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids); - } - a.rmt_port = (u_long)port; -- if (clnt_call(client, a.rmt_proc, xdr_opaque_parms, &a, -- xdr_len_opaque_parms, &a, timeout) == RPC_SUCCESS) { -- svc_sendreply(xprt, xdr_rmtcall_result, (caddr_t)&a); -+ if (clnt_call(client, a.rmt_proc, (xdrproc_t) xdr_opaque_parms, (char*) &a, -+ (xdrproc_t) xdr_len_opaque_parms, (char*) &a, timeout) == RPC_SUCCESS) { -+ svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (caddr_t)&a); - } - AUTH_DESTROY(client->cl_auth); - clnt_destroy(client); diff --git a/src/patches/portmap-5beta-glibc_errno_fix-1.patch b/src/patches/portmap-5beta-glibc_errno_fix-1.patch deleted file mode 100644 index e38b7ae214..0000000000 --- a/src/patches/portmap-5beta-glibc_errno_fix-1.patch +++ /dev/null @@ -1,17 +0,0 @@ -Submitted By: Tushar Teredesai -Date: 2003-10-04 -Initial Package Version: 5beta -Origin: None -Description: Fix compilation with recent glibc versions. ---- portmap_5beta/portmap.c 2003-03-10 12:32:26.000000000 -0600 -+++ portmap_5beta/portmap.c.new 2003-03-10 12:38:01.000000000 -0600 -@@ -129,7 +129,8 @@ - static void callit(); - struct pmaplist *pmaplist; - int debugging = 0; --extern int errno; -+#include -+/* extern int errno; */ - - #include "pmap_check.h" - diff --git a/src/patches/r8101_add_missing_pciids.patch b/src/patches/r8101_add_missing_pciids.patch deleted file mode 100644 index a065493e29..0000000000 --- a/src/patches/r8101_add_missing_pciids.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur r8101-1.013.00.org/src/r8101_n.c r8101-1.013.00/src/r8101_n.c ---- r8101-1.013.00.org/src/r8101_n.c 2009-07-14 09:10:53.000000000 +0200 -+++ r8101-1.013.00/src/r8101_n.c 2009-10-22 18:19:07.000000000 +0200 -@@ -103,6 +103,7 @@ - - static struct pci_device_id rtl8101_pci_tbl[] = { - { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8136), }, -+ { 0x0001, 0x8168, PCI_ANY_ID, 0x2410, }, - {0,}, - }; - diff --git a/src/patches/r8169_add_missing_pciids.patch b/src/patches/r8169_add_missing_pciids.patch deleted file mode 100644 index dab3af0d20..0000000000 --- a/src/patches/r8169_add_missing_pciids.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -Naur r8169-6.011.00.org/src/r8169_n.c r8169-6.011.00/src/r8169_n.c ---- r8169-6.011.00.org/src/r8169_n.c 2009-07-14 08:39:25.000000000 +0200 -+++ r8169-6.011.00/src/r8169_n.c 2009-10-22 19:18:42.000000000 +0200 -@@ -114,6 +114,11 @@ - static struct pci_device_id rtl8169_pci_tbl[] = { - { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8167), 0, 0, RTL_CFG_0 }, - { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8169), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8129), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(PCI_VENDOR_ID_DLINK, 0x4300), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(PCI_VENDOR_ID_AT, 0xC107), 0, 0, RTL_CFG_0 }, -+ { PCI_DEVICE(0x16EC, 0x0116), 0, 0, RTL_CFG_0 }, -+ { PCI_VENDOR_ID_LINKSYS, 0x1032, PCI_ANY_ID, 0x0024, 0, 0, RTL_CFG_0 }, - {0,}, - }; - diff --git a/src/patches/skbuff-xen-imq.diff b/src/patches/skbuff-xen-imq.diff deleted file mode 100644 index 8db010d695..0000000000 --- a/src/patches/skbuff-xen-imq.diff +++ /dev/null @@ -1,21 +0,0 @@ ---- linux-2.6.27.21/include/linux/skbuff.h 2009-04-03 10:39:10.000000000 +0000 -+++ linux-2.6.27.21/include/linux/skbuff.h 2009-04-03 10:41:59.000000000 +0000 -@@ -330,11 +330,17 @@ - #if defined(CONFIG_MAC80211) || defined(CONFIG_MAC80211_MODULE) - __u8 do_not_encrypt:1; - #endif -- /* 0/13/14 bit hole */ -+ - #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) - __u8 imq_flags:IMQ_F_BITS; - #endif - -+#ifdef CONFIG_XEN -+ __u8 proto_data_valid:1, -+ proto_csum_blank:1; -+#endif -+ /* 10-16 bit hole */ -+ - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; - #endif diff --git a/src/patches/sysklogd-1.4.1-8bit-1.patch b/src/patches/sysklogd-1.4.1-8bit-1.patch deleted file mode 100644 index de121673d1..0000000000 --- a/src/patches/sysklogd-1.4.1-8bit-1.patch +++ /dev/null @@ -1,23 +0,0 @@ -Submitted By: Alexander E. Patrakov -Date: 2004-05-09 -Initial Package Version: 1.4.1 -Origin: Alexander E. Patrakov -Upstream status: not submitted yet, probably will not be accepted -Description: Weakens rules for determining whether a character is printable. -Now only bytes < 0x20 and the 0x7f byte are considered to be unprintable. -The original rules were valid for ISO-8859-* and KOI*. - -Without this fix, logging meaningful Russian messages in UTF-8 is impossible. - -diff -u sysklogd-1.4.1/syslogd.c sysklogd-1.4.1.fixed/syslogd.c ---- sysklogd-1.4.1/syslogd.c 2001-03-12 00:40:10.000000000 +0500 -+++ sysklogd-1.4.1.fixed/syslogd.c 2004-05-09 09:05:42.972864104 +0600 -@@ -1449,7 +1449,7 @@ - else if (c < 040) { - *q++ = '^'; - *q++ = c ^ 0100; -- } else if (c == 0177 || (c & 0177) < 040) { -+ } else if (c == 0177) { - *q++ = '\\'; - *q++ = '0' + ((c & 0300) >> 6); - *q++ = '0' + ((c & 0070) >> 3); diff --git a/src/patches/sysklogd-1.4.1-fixes-1.patch b/src/patches/sysklogd-1.4.1-fixes-1.patch deleted file mode 100644 index 68ac87c42e..0000000000 --- a/src/patches/sysklogd-1.4.1-fixes-1.patch +++ /dev/null @@ -1,833 +0,0 @@ -Submitted By: Robert Connolly (ashes) -Date: 2005-01-23 -Initial Package Version: 1.4.1 -Upstream Status: Not submitted -Origin: http://www.infodrom.org/projects/sysklogd/cvs.php3 -Description: This patch is a cvs snapshot update as of 20050123. -Minus the debain and CVS directories. See the CHANGES. - -diff -Naur sysklogd-1.4.1/CHANGES sysklogd-20050123/CHANGES ---- sysklogd-1.4.1/CHANGES 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/CHANGES 2005-01-15 14:14:21.000000000 -0500 -@@ -1,3 +1,42 @@ -+Version 1.4.2 -+ -+ . Dmitry V. Levin -+ - Close file descriptor in FindSymbolFile() in ksym.c in order not to -+ leak file descriptors. -+ . Solar Designer -+ - improve crunch_list() -+ - Prevent potential buffer overflow in reading messages from the -+ kernel log ringbuffer. -+ - Ensure that "len" is not placed in a register, and that the -+ endtty() signal handler is not installed too early which could -+ cause a segmentation fault or worse. -+ . Steve Grubb -+ - fix memory calculation in crunch_list() -+ . Martin Schulze -+ - klogd will reconnect to the logger (mostly syslogd) after it went -+ away -+ - On heavily loaded system syslog will not spit out error messages -+ anymore when recvfrom() results in EAGAIN -+ - Makefile improvements -+ - Local copy of module.h -+ - Improved sysklogd.8 -+ - Always log with syslogd's timezone and locale -+ - Remove trailing newline when forwarding messages -+ . Jon Burgess -+ - Moved the installation of the signal handler up a little bit so it -+ guaranteed to be available when the child is forked, hence, fixing a -+ race condition. This used to create problems with UML and fast -+ machines. -+ . Greg Trounson -+ - Improved README.linux -+ . Ulf Härnhammar -+ - Bondary check for fscanf() in InitKsyms() and CheckMapVersion() -+ . Colin Phipps -+ - Don't block on the network socket in case of package los -+ . Dirk Mueller -+ - Don't crash when filesize limit is reached (e.g. without LFS) -+ -+ - Version 1.4.1 - - . klogd will set the console log level only if `-c' is given on the -@@ -30,3 +69,9 @@ - . Olaf Kirch - - Remove Unix Domain Sockets and switch to Datagram Unix Sockets - . Several bugfixes and improvements, please refer to the .c files -+ -+ -+Local variables: -+mode: indented-text -+fill-column: 72 -+End: -diff -Naur sysklogd-1.4.1/klogd.8 sysklogd-20050123/klogd.8 ---- sysklogd-1.4.1/klogd.8 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/klogd.8 2001-03-11 18:00:51.000000000 -0500 -@@ -321,7 +321,7 @@ - .B klogd - to reload the module symbol information whenever a protection fault - is detected. Caution should be used before invoking the program in --\'paranoid\' mode. The stability of the kernel and the operating -+\&'paranoid\&' mode. The stability of the kernel and the operating - environment is always under question when a protection fault occurs. - Since the klogd daemon must execute system calls in order to read the - module symbol information there is the possibility that the system may -diff -Naur sysklogd-1.4.1/klogd.c sysklogd-20050123/klogd.c ---- sysklogd-1.4.1/klogd.c 2001-03-11 14:40:10.000000000 -0500 -+++ sysklogd-20050123/klogd.c 2004-04-29 09:29:03.000000000 -0400 -@@ -243,6 +243,9 @@ - * people have submitted patches: Troels Walsted Hansen - * , Wolfgang Oertl - * and Thomas Roessler. -+ * Thu Apr 29 15:24:07 2004: Solar Designer -+ * Prevent potential buffer overflow in reading messages from the -+ * kernel log rinbuffer. - */ - - -@@ -938,7 +941,7 @@ - * messages into this fresh buffer. - */ - memset(log_buffer, '\0', sizeof(log_buffer)); -- if ( (rdcnt = ksyslog(2, log_buffer, sizeof(log_buffer))) < 0 ) -+ if ( (rdcnt = ksyslog(2, log_buffer, sizeof(log_buffer)-1)) < 0 ) - { - if ( errno == EINTR ) - return; -diff -Naur sysklogd-1.4.1/ksym.c sysklogd-20050123/ksym.c ---- sysklogd-1.4.1/ksym.c 2000-09-12 17:53:31.000000000 -0400 -+++ sysklogd-20050123/ksym.c 2004-07-16 02:48:27.000000000 -0400 -@@ -105,6 +105,15 @@ - * - * Tue Sep 12 23:48:12 CEST 2000: Martin Schulze - * Close symbol file in InitKsyms() when an error occurred. -+ * -+ * Thu Apr 29 18:07:16 CEST 2004: Dmitry Levin -+ * Close file descriptor in FindSymbolFile() in order not to leak -+ * file descriptors. -+ * -+ * Fri Jul 16 08:32:49 CEST 2004: Ulf Härnhammar -+ * Added boundary check for fscanf() in InitKsyms() and -+ * CheckMapVersion() to prevent an unintended crash when reading -+ * an incorrect System.map. - */ - - -@@ -236,7 +245,7 @@ - */ - while ( !feof(sym_file) ) - { -- if ( fscanf(sym_file, "%lx %c %s\n", &address, &type, sym) -+ if ( fscanf(sym_file, "%lx %c %511s\n", &address, &type, sym) - != 3 ) - { - Syslog(LOG_ERR, "Error in symbol table input (#1)."); -@@ -344,6 +353,7 @@ - if ( (sym_file = fopen(symfile, "r")) != (FILE *) 0 ) { - if (CheckMapVersion(symfile) == 1) - file = symfile; -+ fclose (sym_file); - } - if (sym_file == (FILE *) 0 || file == (char *) 0) { - sprintf (symfile, "%s", *mf); -@@ -352,6 +362,7 @@ - if ( (sym_file = fopen(symfile, "r")) != (FILE *) 0 ) { - if (CheckMapVersion(symfile) == 1) - file = symfile; -+ fclose (sym_file); - } - } - -@@ -533,7 +544,7 @@ - version = 0; - while ( !feof(sym_file) && (version == 0) ) - { -- if ( fscanf(sym_file, "%lx %c %s\n", &address, \ -+ if ( fscanf(sym_file, "%lx %c %511s\n", &address, \ - &type, sym) != 3 ) - { - Syslog(LOG_ERR, "Error in symbol table input (#2)."); -@@ -899,3 +910,11 @@ - return; - } - #endif -+ -+/* -+ * Local variables: -+ * c-indent-level: 8 -+ * c-basic-offset: 8 -+ * tab-width: 8 -+ * End: -+ */ -diff -Naur sysklogd-1.4.1/ksym_mod.c sysklogd-20050123/ksym_mod.c ---- sysklogd-1.4.1/ksym_mod.c 2000-09-12 17:15:28.000000000 -0400 -+++ sysklogd-20050123/ksym_mod.c 2004-03-31 10:47:08.000000000 -0500 -@@ -78,6 +78,11 @@ - * - * Tue Sep 12 23:11:13 CEST 2000: Martin Schulze - * Changed llseek() to lseek64() in order to skip a libc warning. -+ * -+ * Wed Mar 31 17:35:01 CEST 2004: Martin Schulze -+ * Removed references to since it doesn't work -+ * anymore with its recent content from Linux 2.4/2.6, created -+ * module.h locally instead. - */ - - -@@ -89,11 +94,12 @@ - #include - #include - #include -+#include "module.h" - #if !defined(__GLIBC__) - #include --#include -+#include - #else /* __GLIBC__ */ --#include -+#include - extern __off64_t lseek64 __P ((int __fd, __off64_t __offset, int __whence)); - extern int get_kernel_syms __P ((struct kernel_sym *__table)); - #endif /* __GLIBC__ */ -@@ -107,7 +113,7 @@ - - #if !defined(__GLIBC__) - /* -- * The following bit uses some kernel/library magic to product what -+ * The following bit uses some kernel/library magic to produce what - * looks like a function call to user level code. This function is - * actually a system call in disguise. The purpose of the getsyms - * call is to return a current copy of the in-kernel symbol table. -diff -Naur sysklogd-1.4.1/Makefile sysklogd-20050123/Makefile ---- sysklogd-1.4.1/Makefile 1998-10-12 16:25:15.000000000 -0400 -+++ sysklogd-20050123/Makefile 2004-04-29 07:04:03.000000000 -0400 -@@ -4,12 +4,15 @@ - #CFLAGS= -g -DSYSV -Wall - #LDFLAGS= -g - CFLAGS= $(RPM_OPT_FLAGS) -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce -+# -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE - LDFLAGS= -s - - # Look where your install program is. - INSTALL = /usr/bin/install --BINDIR = /usr/sbin --MANDIR = /usr/man -+ -+# Destination paths, set prefix=/opt if required -+BINDIR = $(prefix)/usr/sbin -+MANDIR = $(prefix)/usr/share/man - - # There is one report that under an all ELF system there may be a need to - # explicilty link with libresolv.a. If linking syslogd fails you may wish -@@ -34,8 +37,9 @@ - # The following define establishes ownership for the man pages. - # Avery tells me that there is a difference between Debian and - # Slackware. Rather than choose sides I am leaving it up to the user. --MAN_OWNER = root --# MAN_OWNER = man -+MAN_USER = root -+MAN_GROUP = root -+MAN_PERMS = 644 - - # The following define establishes the name of the pid file for the - # syslogd daemon. The library include file (paths.h) defines the -@@ -116,7 +120,7 @@ - ${INSTALL} -m 500 -s klogd ${BINDIR}/klogd - - install_man: -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 sysklogd.8 ${MANDIR}/man8/sysklogd.8 -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 syslogd.8 ${MANDIR}/man8/syslogd.8 -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 syslog.conf.5 ${MANDIR}/man5/syslog.conf.5 -- ${INSTALL} -o ${MAN_OWNER} -g ${MAN_OWNER} -m 644 klogd.8 ${MANDIR}/man8/klogd.8 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} sysklogd.8 ${MANDIR}/man8/sysklogd.8 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} syslogd.8 ${MANDIR}/man8/syslogd.8 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} syslog.conf.5 ${MANDIR}/man5/syslog.conf.5 -+ ${INSTALL} -o ${MAN_USER} -g ${MAN_GROUP} -m ${MAN_PERMS} klogd.8 ${MANDIR}/man8/klogd.8 -diff -Naur sysklogd-1.4.1/module.h sysklogd-20050123/module.h ---- sysklogd-1.4.1/module.h 1969-12-31 19:00:00.000000000 -0500 -+++ sysklogd-20050123/module.h 2004-07-27 07:36:10.000000000 -0400 -@@ -0,0 +1,90 @@ -+/* -+ module.h - Miscellaneous module definitions -+ Copyright (c) 1996 Richard Henderson -+ Copyright (c) 2004 Martin Schulze -+ -+ This file is part of the sysklogd package. -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+*/ -+ -+/* ChangeLog: -+ * -+ * Wed Mar 31 17:35:01 CEST 2004: Martin Schulze -+ * Created local copy of module.h based on the content of Linux -+ * 2.2 since doesn't work anymore with its -+ * recent content from Linux 2.4/2.6. -+ */ -+ -+#include -+ -+#define MODULE_NAME_LEN 60 -+ -+struct kernel_sym -+{ -+ unsigned long value; -+ char name[MODULE_NAME_LEN]; -+}; -+ -+ -+struct list_head { -+ struct list_head *next, *prev; -+}; -+ -+ -+struct module_info -+{ -+ unsigned long addr; -+ unsigned long size; -+ unsigned long flags; -+ long usecount; -+}; -+ -+ -+struct module -+{ -+ unsigned long size_of_struct; /* == sizeof(module) */ -+ struct module *next; -+ const char *name; -+ unsigned long size; -+ -+ union -+ { -+ int usecount; -+ long pad; -+ } uc; /* Needs to keep its size - so says rth */ -+ -+ unsigned long flags; /* AUTOCLEAN et al */ -+ -+ unsigned nsyms; -+ unsigned ndeps; -+ -+ struct module_symbol *syms; -+ struct module_ref *deps; -+ struct module_ref *refs; -+ int (*init)(void); -+ void (*cleanup)(void); -+ const struct exception_table_entry *ex_table_start; -+ const struct exception_table_entry *ex_table_end; -+#ifdef __alpha__ -+ unsigned long gp; -+#endif -+ /* Members past this point are extensions to the basic -+ module support and are optional. Use mod_opt_member() -+ to examine them. */ -+ const struct module_persist *persist_start; -+ const struct module_persist *persist_end; -+ int (*can_unload)(void); -+}; -diff -Naur sysklogd-1.4.1/pidfile.c sysklogd-20050123/pidfile.c ---- sysklogd-1.4.1/pidfile.c 1998-02-10 17:37:12.000000000 -0500 -+++ sysklogd-20050123/pidfile.c 2003-09-27 22:38:18.000000000 -0400 -@@ -87,7 +87,7 @@ - int fd; - int pid; - -- if ( ((fd = open(pidfile, O_RDWR|O_CREAT, 0644)) == -1) -+ if ( ((fd = open(pidfile, O_RDWR|O_CREAT|O_TRUNC, 0644)) == -1) - || ((f = fdopen(fd, "r+")) == NULL) ) { - fprintf(stderr, "Can't open or create %s.\n", pidfile); - return 0; -diff -Naur sysklogd-1.4.1/README.1st sysklogd-20050123/README.1st ---- sysklogd-1.4.1/README.1st 1997-06-02 13:21:39.000000000 -0400 -+++ sysklogd-20050123/README.1st 2003-09-04 09:22:23.000000000 -0400 -@@ -1,5 +1,5 @@ --Very important information before using version 1.3 ----------------------------------------------------- -+Important information -+--------------------- - - The included version of syslogd behaves in a slightly different manner - to the one in former releases. Please review the following important -@@ -63,3 +63,10 @@ - these scripts should remove all old .pid files found in /var/run. - This will insure that klogd and syslogd start properly even if prior - executions have been terminated harshly. -+ -+* Large file support, i.e. support to write to log files that are -+ larger than 2 GB is not part of syslogd, but a matter of the Glibc -+ emitting different system calls to the kernel interface. To support -+ large files you'll have to compile syslogd with the compiler defines -+ -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE so that glibc adjusts the -+ system calls. -diff -Naur sysklogd-1.4.1/README.linux sysklogd-20050123/README.linux ---- sysklogd-1.4.1/README.linux 1999-01-18 19:09:12.000000000 -0500 -+++ sysklogd-20050123/README.linux 2004-07-09 13:22:29.000000000 -0400 -@@ -40,12 +40,17 @@ - a useful addition to the software gene pool. - - There is a mailing list covering this package and syslog in general. --The lists address is sysklogd@Infodrom.North.DE . To subscribe send a --mail to Majordomo@Infodrom.North.DE with a line "subscribe sysklogd" -+The lists address is infodrom-sysklogd@lists.infodrom.org . To subscribe send a -+mail to majordomo@lists.infodrom.org with a line "subscribe infodrom-sysklogd" - in the message body. - --New versions of this package will be available at Joey's ftp server. --ftp://ftp.infodrom.north.de/pub/people/joey/sysklogd/ -+A second mailing list exists as infodrom-sysklogd-cvs@lists.infodrom.org. Only -+CVS messages and diffs are distributed there. Whenever new code is added to -+sysklogd, CVS generates a mail from these changes which will be sent to -+this list. Discussions will take place on the first list. -+ -+The latest version of this software can be found at: -+http://www.infodrom.org/projects/sysklogd/download.php3 - - Best regards, - -@@ -67,6 +72,6 @@ - - Martin Schulze - Infodrom Oldenburg --joey@linux.de -+joey@infodrom.org - --And a host of bug reporters whose contributions cannot be underestimated. -+And a number of bug reporters whose contributions cannot be underestimated. -diff -Naur sysklogd-1.4.1/sysklogd.8 sysklogd-20050123/sysklogd.8 ---- sysklogd-1.4.1/sysklogd.8 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/sysklogd.8 2004-07-09 13:33:32.000000000 -0400 -@@ -84,7 +84,7 @@ - .B MAXFUNIX - within the syslogd.c source file. An example for a chroot() daemon is - described by the people from OpenBSD at --http://www.psionic.com/papers/dns.html. -+. - .TP - .B "\-d" - Turns on debug mode. Using this the daemon will not proceed a -@@ -117,7 +117,8 @@ - between two \fI-- MARK --\fR lines is 20 minutes. This can be changed - with this option. Setting the - .I interval --to zero turns it off entirely. -+to zero turns it off entirely. Depending on other log messages -+generated these lines may not be written consecutively. - .TP - .B "\-n" - Avoid auto-backgrounding. This is needed especially if the -@@ -364,8 +365,10 @@ - - To avoid this in further times no messages that were received from a - remote host are sent out to another (or the same) remote host --anymore. If there are scenarios where this doesn't make sense, please --drop me (Joey) a line. -+anymore. If you experience are setup in which this doesn't make -+sense, please use the -+.B \-h -+commandline switch. - - If the remote host is located in the same domain as the host, - .B syslogd -diff -Naur sysklogd-1.4.1/syslog.c sysklogd-20050123/syslog.c ---- sysklogd-1.4.1/syslog.c 2001-03-11 14:35:51.000000000 -0500 -+++ sysklogd-20050123/syslog.c 2003-08-27 11:56:01.000000000 -0400 -@@ -47,6 +47,9 @@ - * Sun Mar 11 20:23:44 CET 2001: Martin Schulze - * Use SOCK_DGRAM for loggin, renables it to work. - * -+ * Wed Aug 27 17:48:16 CEST 2003: Martin Schulze -+ * Improved patch by Michael Pomraning to -+ * reconnect klogd to the logger after it went away. - */ - - #include -@@ -98,6 +101,7 @@ - register char *p; - time_t now; - int fd, saved_errno; -+ int result; - char tbuf[2048], fmt_cpy[1024], *stdp = (char *) 0; - - saved_errno = errno; -@@ -167,7 +171,16 @@ - } - - /* output the message to the local logger */ -- if (write(LogFile, tbuf, cnt + 1) >= 0 || !(LogStat&LOG_CONS)) -+ result = write(LogFile, tbuf, cnt + 1); -+ -+ if (result == -1 -+ && (errno == ECONNRESET || errno == ENOTCONN || errno == ECONNREFUSED)) { -+ closelog(); -+ openlog(LogTag, LogStat | LOG_NDELAY, LogFacility); -+ result = write(LogFile, tbuf, cnt + 1); -+ } -+ -+ if (result >= 0 || !(LogStat&LOG_CONS)) - return; - - /* -diff -Naur sysklogd-1.4.1/syslog.conf.5 sysklogd-20050123/syslog.conf.5 ---- sysklogd-1.4.1/syslog.conf.5 1999-08-21 06:49:14.000000000 -0400 -+++ sysklogd-20050123/syslog.conf.5 2003-05-22 15:31:20.000000000 -0400 -@@ -64,7 +64,7 @@ - The - .I facility - is one of the following keywords: --.BR auth ", " authpriv ", " cron ", " daemon ", " kern ", " lpr ", " -+.BR auth ", " authpriv ", " cron ", " daemon ", " ftp ", " kern ", " lpr ", " - .BR mail ", " mark ", " news ", " security " (same as " auth "), " - .BR syslog ", " user ", " uucp " and " local0 " through " local7 . - The keyword -@@ -121,12 +121,21 @@ - - This - .BR syslogd (8) --has a syntax extension to the original BSD source, that makes its use -+has a syntax extension to the original BSD source, which makes its use - more intuitively. You may precede every priority with an equation sign --(``='') to specify only this single priority and not any of the --above. You may also (both is valid, too) precede the priority with an --exclamation mark (``!'') to ignore all that priorities, either exact --this one or this and any higher priority. If you use both extensions -+(``='') to specify that -+.B syslogd -+should only refer to this single priority and not this priority and -+all higher priorities. -+ -+You may also precide the priority with an exclamation mark (``!'') if -+you want -+.B syslogd -+to ignore this priority and all higher priorities. -+You may even use both, the exclamation mark and the equation sign if -+you want -+.B syslogd -+to ignore only this single priority. If you use both extensions - than the exclamation mark must occur before the equation sign, just - use it intuitively. - -@@ -300,7 +309,7 @@ - .B syslogd - log all messages that come with either the - .BR info " or the " notice --facility into the file -+priority into the file - .IR /var/log/messages , - except for all messages that use the - .B mail -diff -Naur sysklogd-1.4.1/syslogd.c sysklogd-20050123/syslogd.c ---- sysklogd-1.4.1/syslogd.c 2001-03-11 14:40:10.000000000 -0500 -+++ sysklogd-20050123/syslogd.c 2005-01-15 14:13:08.000000000 -0500 -@@ -441,6 +441,39 @@ - * Don't return a closed fd if `-a' is called with a wrong path. - * Thanks to Bill Nottingham for providing - * a patch. -+ * Thu Apr 13 05:08:10 CEST 2001: Jon Burgess -+ * Moved the installation of the signal handler up a little bit -+ * so it guaranteed to be available when the child is forked, -+ * hence, fixing a race condition. This used to create problems -+ * with UML and fast machines. -+ * -+ * Sat Apr 17 18:03:05 CEST 2004: Steve Grubb -+ * Correct memory allocation for for commandline arguments in -+ * crunch_list(). -+ * -+ * Thu Apr 29 12:38:39 CEST 2004: Solar Designer -+ * Applied Openwall paranoia patches to improve crunch_list(). -+ * -+ * Tue May 4 16:47:30 CEST 2004: Solar Designer -+ * Ensure that "len" is not placed in a register, and that the -+ * endtty() signal handler is not installed too early which could -+ * cause a segmentation fault or worse. -+ * -+ * Tue May 4 16:52:01 CEST 2004: Solar Designer -+ * Adjust the size of a variable to prevent a buffer overflow -+ * should _PATH_DEV ever contain something different than "/dev/". -+ * -+ * Tue Nov 2 20:28:23 CET 2004: Colin Phipps -+ * Don't block on the network socket, in case a packet gets lost -+ * between select and recv. -+ * -+ * Sun Nov 7 12:28:47 CET 2004: Martin Schulze -+ * Discard any timestamp information found in received syslog -+ * messages. This will affect local messages sent from a -+ * different timezone. -+ * -+ * Sun Nov 7 13:47:00 CET 2004: Martin Schulze -+ * Remove trailing newline when forwarding messages. - */ - - -@@ -890,11 +923,11 @@ - dprintf("Checking pidfile.\n"); - if (!check_pid(PidFile)) - { -+ signal (SIGTERM, doexit); - if (fork()) { - /* - * Parent process - */ -- signal (SIGTERM, doexit); - sleep(300); - /* - * Not reached unless something major went wrong. 5 -@@ -992,6 +1025,7 @@ - (void) signal(SIGCHLD, reapchild); - (void) signal(SIGALRM, domark); - (void) signal(SIGUSR1, Debug ? debug_switch : SIG_IGN); -+ (void) signal(SIGXFSZ, SIG_IGN); - (void) alarm(TIMERINTVL); - - /* Create a partial message table for all file descriptors. */ -@@ -1141,13 +1175,13 @@ - */ - printchopped(from, line, \ - i + 2, finet); -- } else if (i < 0 && errno != EINTR) { -+ } else if (i < 0 && errno != EINTR && errno != EAGAIN) { - dprintf("INET socket error: %d = %s.\n", \ - errno, strerror(errno)); - logerror("recvfrom inet"); - /* should be harmless now that we set - * BSDCOMPAT on the socket */ -- sleep(10); -+ sleep(1); - } - } - #endif -@@ -1216,6 +1250,7 @@ - { - int fd, on = 1; - struct sockaddr_in sin; -+ int sockflags; - - fd = socket(AF_INET, SOCK_DGRAM, 0); - if (fd < 0) { -@@ -1241,6 +1276,24 @@ - close(fd); - return -1; - } -+ /* We must not block on the network socket, in case a packet -+ * gets lost between select and recv, otherise the process -+ * will stall until the timeout, and other processes trying to -+ * log will also stall. -+ */ -+ if ((sockflags = fcntl(fd, F_GETFL)) != -1) { -+ sockflags |= O_NONBLOCK; -+ /* -+ * SETFL could fail too, so get it caught by the subsequent -+ * error check. -+ */ -+ sockflags = fcntl(fd, F_SETFL, sockflags); -+ } -+ if (sockflags == -1) { -+ logerror("fcntl(O_NONBLOCK), suspending inet"); -+ close(fd); -+ return -1; -+ } - if (bind(fd, (struct sockaddr *) &sin, sizeof(sin)) < 0) { - logerror("bind, suspending inet"); - close(fd); -@@ -1254,30 +1307,26 @@ - crunch_list(list) - char *list; - { -- int count, i; -+ int i, m, n; - char *p, *q; - char **result = NULL; - - p = list; - - /* strip off trailing delimiters */ -- while (p[strlen(p)-1] == LIST_DELIMITER) { -- count--; -+ while (*p && p[strlen(p)-1] == LIST_DELIMITER) - p[strlen(p)-1] = '\0'; -- } - /* cut off leading delimiters */ -- while (p[0] == LIST_DELIMITER) { -- count--; -+ while (p[0] == LIST_DELIMITER) - p++; -- } - -- /* count delimiters to calculate elements */ -- for (count=i=0; p[i]; i++) -- if (p[i] == LIST_DELIMITER) count++; -+ /* count delimiters to calculate the number of elements */ -+ for (n = i = 0; p[i]; i++) -+ if (p[i] == LIST_DELIMITER) n++; - -- if ((result = (char **)malloc(sizeof(char *) * count+2)) == NULL) { -+ if ((result = (char **)malloc(sizeof(char *) * (n + 2))) == NULL) { - printf ("Sorry, can't get enough memory, exiting.\n"); -- exit(0); -+ exit(1); - } - - /* -@@ -1285,30 +1334,28 @@ - * characters are different from any delimiters, - * so we don't have to care about this. - */ -- count = 0; -- while ((q=strchr(p, LIST_DELIMITER))) { -- result[count] = (char *) malloc((q - p + 1) * sizeof(char)); -- if (result[count] == NULL) { -+ m = 0; -+ while ((q = strchr(p, LIST_DELIMITER)) && m < n) { -+ result[m] = (char *) malloc((q - p + 1) * sizeof(char)); -+ if (result[m] == NULL) { - printf ("Sorry, can't get enough memory, exiting.\n"); -- exit(0); -+ exit(1); - } -- strncpy(result[count], p, q - p); -- result[count][q - p] = '\0'; -+ memcpy(result[m], p, q - p); -+ result[m][q - p] = '\0'; - p = q; p++; -- count++; -+ m++; - } -- if ((result[count] = \ -- (char *)malloc(sizeof(char) * strlen(p) + 1)) == NULL) { -+ if ((result[m] = strdup(p)) == NULL) { - printf ("Sorry, can't get enough memory, exiting.\n"); -- exit(0); -+ exit(1); - } -- strcpy(result[count],p); -- result[++count] = NULL; -+ result[++m] = NULL; - - #if 0 -- count=0; -- while (result[count]) -- dprintf ("#%d: %s\n", count, StripDomains[count++]); -+ m = 0; -+ while (result[m]) -+ dprintf ("#%d: %s\n", m, result[m++]); - #endif - return result; - } -@@ -1548,21 +1595,25 @@ - - /* - * Check to see if msg looks non-standard. -+ * -+ * A message looks like -+ * Nov 17 11:42:33 CRON[ -+ * 01234567890123456 -+ * ^ ^ ^ ^ ^ -+ * -+ * Remote messages are not accompanied by a timestamp. -+ * Local messages are accompanied by a timestamp (program's timezone) - */ - msglen = strlen(msg); -- if (msglen < 16 || msg[3] != ' ' || msg[6] != ' ' || -- msg[9] != ':' || msg[12] != ':' || msg[15] != ' ') -- flags |= ADDDATE; -- -- (void) time(&now); -- if (flags & ADDDATE) -- timestamp = ctime(&now) + 4; -- else { -- timestamp = msg; -+ if (!(msglen < 16 || msg[3] != ' ' || msg[6] != ' ' || -+ msg[9] != ':' || msg[12] != ':' || msg[15] != ' ')) { - msg += 16; - msglen -= 16; - } - -+ (void) time(&now); -+ timestamp = ctime(&now) + 4; -+ - /* extract facility and priority level */ - if (flags & MARK) - fac = LOG_NFACILITIES; -@@ -1771,7 +1822,7 @@ - dprintf("Not sending message to remote.\n"); - else { - f->f_time = now; -- (void) snprintf(line, sizeof(line), "<%d>%s\n", f->f_prevpri, \ -+ (void) snprintf(line, sizeof(line), "<%d>%s", f->f_prevpri, \ - (char *) iov[4].iov_base); - l = strlen(line); - if (l > MAXLINE) -@@ -1815,7 +1866,7 @@ - v->iov_len = 1; - } - again: -- /* f->f_file == -1 is an indicator that the we couldn't -+ /* f->f_file == -1 is an indicator that we couldn't - open the file at startup. */ - if (f->f_file == -1) - break; -@@ -1852,7 +1903,7 @@ - errno = e; - logerror(f->f_un.f_fname); - } -- } else if (f->f_flags & SYNC_FILE) -+ } else if (f->f_type == F_FILE && (f->f_flags & SYNC_FILE)) - (void) fsync(f->f_file); - break; - -@@ -1891,7 +1942,7 @@ - register struct filed *f; - struct iovec *iov; - { -- char p[6 + UNAMESZ]; -+ char p[sizeof (_PATH_DEV) + UNAMESZ]; - register int i; - int ttyf, len; - static int reenter = 0; -@@ -1899,6 +1950,8 @@ - struct utmp *uptr; - char greetings[200]; - -+ (void) &len; -+ - if (reenter++) - return; - -@@ -1913,7 +1966,6 @@ - if (fork() == 0) { - (void) signal(SIGTERM, SIG_DFL); - (void) alarm(0); -- (void) signal(SIGALRM, endtty); - #ifndef SYSV - (void) signal(SIGTTOU, SIG_IGN); - (void) sigsetmask(0); -@@ -1929,7 +1981,7 @@ - /* is this slot used? */ - if (ut.ut_name[0] == '\0') - continue; -- if (ut.ut_type == LOGIN_PROCESS) -+ if (ut.ut_type != USER_PROCESS) - continue; - if (!(strcmp (ut.ut_name,"LOGIN"))) /* paranoia */ - continue; -@@ -1959,6 +2011,7 @@ - iov[1].iov_len = 0; - } - if (setjmp(ttybuf) == 0) { -+ (void) signal(SIGALRM, endtty); - (void) alarm(15); - /* open the terminal */ - ttyf = open(p, O_WRONLY|O_NOCTTY); diff --git a/src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch b/src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch deleted file mode 100644 index 3aece3abb4..0000000000 --- a/src/patches/sysklogd-1.4.1_xen_empty_buffer_check.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -Naur sysklogd-1.4.1.org/klogd.c sysklogd-1.4.1/klogd.c ---- sysklogd-1.4.1.org/klogd.c 2001-03-11 20:40:10.000000000 +0100 -+++ sysklogd-1.4.1/klogd.c 2010-01-20 19:49:36.000000000 +0100 -@@ -1171,10 +1171,24 @@ - switch ( logsrc ) - { - case kernel: -- LogKernelLine(); -+ if (ksyslog(9, NULL, 0)>0) -+ { -+ LogKernelLine(); -+ } -+ else -+ { -+ usleep(100000); -+ } - break; - case proc: -- LogProcLine(); -+ if (ksyslog(9, NULL, 0)>0) -+ { -+ LogProcLine(); -+ } -+ else -+ { -+ usleep(100000); -+ } - break; - case none: - pause(); diff --git a/src/patches/xen-co_assignment.patch b/src/patches/xen-co_assignment.patch deleted file mode 100644 index f0b59f050f..0000000000 --- a/src/patches/xen-co_assignment.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -r 6ab55f716ce3 tools/python/xen/util/pci.py ---- a/tools/python/xen/util/pci.py Thu Oct 09 17:18:11 2008 +0100 -+++ b/tools/python/xen/util/pci.py Fri Oct 10 13:16:00 2008 +0800 -@@ -696,6 +696,7 @@ class PciDevice: - def do_FLR(self): - """ Perform FLR (Functional Level Reset) for the device. - """ -+ return - if self.dev_type == DEV_TYPE_PCIe_ENDPOINT: - # If PCIe device supports FLR, we use it. - if self.pcie_flr: -diff -r 6ab55f716ce3 tools/python/xen/xend/server/pciif.py ---- a/tools/python/xen/xend/server/pciif.py Thu Oct 09 17:18:11 2008 +0100 -+++ b/tools/python/xen/xend/server/pciif.py Fri Oct 10 13:18:25 2008 +0800 -@@ -375,6 +375,7 @@ class PciController(DevController): - pci_dev_list = pci_dev_list + [(domain, bus, slot, func)] - - for (domain, bus, slot, func) in pci_dev_list: -+ continue - try: - dev = PciDevice(domain, bus, slot, func) - except Exception, e: diff --git a/src/patches/xen-cpufreq.patch b/src/patches/xen-cpufreq.patch deleted file mode 100644 index 4a8f3f3dd3..0000000000 --- a/src/patches/xen-cpufreq.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/xen/arch/x86/platform_hypercall.c 2009-07-23 07:26:18.000000000 +0000 -+++ b/xen/arch/x86/platform_hypercall.c 2009-07-23 07:28:30.000000000 +0000 -@@ -313,7 +313,6 @@ - { - uint32_t cpu; - uint64_t idletime, now = NOW(); -- struct vcpu *v; - struct xenctl_cpumap ctlmap; - cpumask_t cpumap; - XEN_GUEST_HANDLE(uint8) cpumap_bitmap; -@@ -336,7 +335,7 @@ - - for_each_cpu_mask ( cpu, cpumap ) - { -- if ( (v = idle_vcpu[cpu]) != NULL ) -+ if ( !idle_vcpu[cpu] ) - cpu_clear(cpu, cpumap); - idletime = get_cpu_idle_time(cpu); - diff --git a/src/patches/xen-passthrough-fix.patch b/src/patches/xen-passthrough-fix.patch deleted file mode 100644 index 75abd77ecb..0000000000 --- a/src/patches/xen-passthrough-fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: jbeulich@novell.com -Subject: also register pirq for DomU (which doesn't use the IO-APIC code) -References: bnc#463596 -Patch-mainline: obsolete - -Additionally make sure IRQ chip and handler aren't getting set twice -for an IRQ possibly in use by more than one device. - ---- head-2009-02-02.orig/arch/x86/pci/pcifront.c 2009-02-03 17:27:59.000000000 +0100 -+++ head-2009-02-02/arch/x86/pci/pcifront.c 2009-02-03 11:22:28.000000000 +0100 -@@ -8,12 +8,14 @@ - #include - #include - #include -+#include - #include "pci.h" - - static int pcifront_enable_irq(struct pci_dev *dev) - { - u8 irq; - pci_read_config_byte(dev, PCI_INTERRUPT_LINE, &irq); -+ evtchn_register_pirq(irq); - dev->irq = irq; - - return 0; ---- head-2009-02-02.orig/drivers/xen/core/evtchn.c 2009-01-14 15:16:43.000000000 +0100 -+++ head-2009-02-02/drivers/xen/core/evtchn.c 2009-02-03 17:34:44.000000000 +0100 -@@ -1561,7 +1561,7 @@ core_initcall(evtchn_register); - void evtchn_register_pirq(int irq) - { - BUG_ON(irq < PIRQ_BASE || irq - PIRQ_BASE > NR_PIRQS); -- if (identity_mapped_irq(irq)) -+ if (identity_mapped_irq(irq) || type_from_irq(irq) != IRQT_UNBOUND) - return; - irq_info[irq] = mk_irq_info(IRQT_PIRQ, irq, 0); - set_irq_chip_and_handler_name(irq, &pirq_chip, handle_level_irq, diff --git a/src/patches/xend-config.patch b/src/patches/xend-config.patch deleted file mode 100644 index fce98f9173..0000000000 --- a/src/patches/xend-config.patch +++ /dev/null @@ -1,99 +0,0 @@ ---- a/tools/examples/xend-config.sxp 2009-05-18 11:05:38.000000000 +0000 -+++ b/tools/examples/xend-config.sxp 2009-07-23 08:00:23.000000000 +0000 -@@ -14,10 +14,6 @@ - #(logfile /var/log/xen/xend.log) - #(loglevel DEBUG) - --# Uncomment the line below. Set the value to flask, acm, or dummy to --# select a security module. -- --#(xsm_module_name dummy) - - # The Xen-API server configuration. - # -@@ -58,21 +54,20 @@ - - - #(xend-http-server no) --#(xend-unix-server no) --#(xend-tcp-xmlrpc-server no) --#(xend-unix-xmlrpc-server yes) -+(xend-unix-server yes) -+(xend-tcp-xmlrpc-server yes) -+(xend-unix-xmlrpc-server yes) - #(xend-relocation-server no) - (xend-relocation-server yes) - #(xend-relocation-ssl-server no) --#(xend-udev-event-server no) - - #(xend-unix-path /var/lib/xend/xend-socket) - - - # Address and port xend should use for the legacy TCP XMLRPC interface, - # if xend-tcp-xmlrpc-server is set. --#(xend-tcp-xmlrpc-server-address 'localhost') --#(xend-tcp-xmlrpc-server-port 8006) -+(xend-tcp-xmlrpc-server-address 'localhost') -+(xend-tcp-xmlrpc-server-port 8006) - - # SSL key and certificate to use for the legacy TCP XMLRPC interface. - # Setting these will mean that this port serves only SSL connections as -@@ -82,11 +77,11 @@ - - - # Port xend should use for the HTTP interface, if xend-http-server is set. --#(xend-port 8000) -+(xend-port 8000) - - # Port xend should use for the relocation interface, if xend-relocation-server - # is set. --#(xend-relocation-port 8002) -+(xend-relocation-port 8002) - - # Port xend should use for the ssl relocation interface, if - # xend-relocation-ssl-server is set. -@@ -154,7 +149,7 @@ - # two fake interfaces per guest domain. To do things like this, write - # yourself a wrapper script, and call network-bridge from it, as appropriate. - # --(network-script network-bridge) -+(network-script network-dummy) - - # The script used to control virtual interfaces. This can be overridden on a - # per-vif basis when creating a domain or a configuring a new vif. The -@@ -169,7 +164,7 @@ - # If you are using only one bridge, the vif-bridge script will discover that, - # so there is no need to specify it explicitly. - # --(vif-script vif-bridge) -+#(vif-script vif-bridge) - - - ## Use the following if network traffic is routed, as an alternative to the -@@ -194,7 +189,7 @@ - - # In SMP system, dom0 will use dom0-cpus # of CPUS - # If dom0-cpus = 0, dom0 will take all cpus available --(dom0-cpus 0) -+#(dom0-cpus 0) - - # Whether to enable core-dumps when domains crash. - #(enable-dump no) -@@ -205,7 +200,7 @@ - # The interface for VNC servers to listen on. Defaults - # to 127.0.0.1 To restore old 'listen everywhere' behaviour - # set this to 0.0.0.0 --#(vnc-listen '127.0.0.1') -+(vnc-listen '0.0.0.0') - - # The default password for VNC console on HVM domain. - # Empty string is no authentication. -@@ -243,7 +238,7 @@ - - # The default keymap to use for the VM's virtual keyboard - # when not specififed in VM's configuration --#(keymap 'en-us') -+(keymap 'de') - - # Script to run when the label of a resource has changed. - #(resource-label-change-script '') -- 2.39.2