marionnet-0.90.6+bzr457.orig/0000700000175000017500000000000012356733376014577 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/0000700000175000017500000000000012356733375015373 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/kernel/0000700000175000017500000000000012356733375016653 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/kernel/CONFIG-3.2.480000600000175000017500000006746312356733375020317 0ustar lucaslucas# # Automatically generated file; DO NOT EDIT. # User Mode Linux/i386 3.2.48 Kernel Configuration # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_CMPXCHG_LOCAL is not set # CONFIG_CMPXCHG_DOUBLE is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set CONFIG_M586MMX=y # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MELAN is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MCORE2 is not set # CONFIG_MATOM is not set CONFIG_X86_GENERIC=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_F00F_BUG=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_ALIGNMENT_16=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_TSC=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_X86_32=y # CONFIG_X86_64 is not set # CONFIG_RWSEM_XCHGADD_ALGORITHM is not set CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_COMPACTION is not set # CONFIG_PHYS_ADDR_T_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y # CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_NEED_PER_CPU_KM=y # CONFIG_CLEANCACHE is not set CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=2 # CONFIG_MMAPPER is not set CONFIG_NO_DMA=y # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_CROSS_COMPILE="" CONFIG_LOCALVERSION="" CONFIG_LOCALVERSION_AUTO=y CONFIG_DEFAULT_HOSTNAME="(none)" CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_FHANDLE is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_HAVE_GENERIC_HARDIRQS=y # # IRQ subsystem # CONFIG_GENERIC_HARDIRQS=y CONFIG_GENERIC_IRQ_SHOW=y # # RCU Subsystem # CONFIG_TINY_RCU=y # CONFIG_PREEMPT_RCU is not set # CONFIG_RCU_TRACE is not set # CONFIG_TREE_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y # CONFIG_SCHED_AUTOGROUP is not set CONFIG_SYSFS_DEPRECATED=y # CONFIG_SYSFS_DEPRECATED_V2 is not set CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" CONFIG_RD_GZIP=y CONFIG_RD_BZIP2=y CONFIG_RD_LZMA=y CONFIG_RD_XZ=y CONFIG_RD_LZO=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EXPERT is not set CONFIG_UID16=y # CONFIG_SYSCTL_SYSCALL is not set CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_ALL is not set CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y # CONFIG_EMBEDDED is not set # # Kernel Performance Events And Counters # CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_PROFILING is not set # # GCOV-based kernel profiling # # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 CONFIG_MODULES=y # CONFIG_MODULE_FORCE_LOAD is not set CONFIG_MODULE_UNLOAD=y # CONFIG_MODULE_FORCE_UNLOAD is not set # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set CONFIG_BLOCK=y CONFIG_LBDAF=y CONFIG_BLK_DEV_BSG=y # CONFIG_BLK_DEV_BSGLIB is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y # CONFIG_DEFAULT_DEADLINE is not set CONFIG_DEFAULT_CFQ=y # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="cfq" # CONFIG_INLINE_SPIN_TRYLOCK is not set # CONFIG_INLINE_SPIN_TRYLOCK_BH is not set # CONFIG_INLINE_SPIN_LOCK is not set # CONFIG_INLINE_SPIN_LOCK_BH is not set # CONFIG_INLINE_SPIN_LOCK_IRQ is not set # CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set CONFIG_INLINE_SPIN_UNLOCK=y # CONFIG_INLINE_SPIN_UNLOCK_BH is not set CONFIG_INLINE_SPIN_UNLOCK_IRQ=y # CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set # CONFIG_INLINE_READ_TRYLOCK is not set # CONFIG_INLINE_READ_LOCK is not set # CONFIG_INLINE_READ_LOCK_BH is not set # CONFIG_INLINE_READ_LOCK_IRQ is not set # CONFIG_INLINE_READ_LOCK_IRQSAVE is not set CONFIG_INLINE_READ_UNLOCK=y # CONFIG_INLINE_READ_UNLOCK_BH is not set CONFIG_INLINE_READ_UNLOCK_IRQ=y # CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set # CONFIG_INLINE_WRITE_TRYLOCK is not set # CONFIG_INLINE_WRITE_LOCK is not set # CONFIG_INLINE_WRITE_LOCK_BH is not set # CONFIG_INLINE_WRITE_LOCK_IRQ is not set # CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set CONFIG_INLINE_WRITE_UNLOCK=y # CONFIG_INLINE_WRITE_UNLOCK_BH is not set CONFIG_INLINE_WRITE_UNLOCK_IRQ=y # CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set # CONFIG_MUTEX_SPIN_ON_OWNER is not set # CONFIG_FREEZER is not set # # UML Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pty" CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # # Device Drivers # # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" # CONFIG_DEVTMPFS is not set CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_DEVRES is not set # CONFIG_SYS_HYPERVISOR is not set CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y CONFIG_BLK_DEV_UBD_SYNC=y CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 CONFIG_BLK_DEV_CRYPTOLOOP=y # CONFIG_BLK_DEV_DRBD is not set CONFIG_BLK_DEV_NBD=y CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 # CONFIG_BLK_DEV_XIP is not set CONFIG_ATA_OVER_ETH=y # CONFIG_BLK_DEV_RBD is not set # CONFIG_MISC_DEVICES is not set # # SCSI device support # CONFIG_SCSI_MOD=y # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set # CONFIG_MD is not set CONFIG_NETDEVICES=y CONFIG_NET_CORE=y CONFIG_BONDING=y CONFIG_DUMMY=y # CONFIG_EQUALIZER is not set # CONFIG_MII is not set # CONFIG_MACVLAN is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # CAIF transport drivers # CONFIG_ETHERNET=y CONFIG_NET_VENDOR_CHELSIO=y CONFIG_NET_VENDOR_INTEL=y CONFIG_NET_VENDOR_I825XX=y CONFIG_NET_VENDOR_MARVELL=y CONFIG_NET_VENDOR_NATSEMI=y CONFIG_NET_VENDOR_8390=y # CONFIG_PHYLIB is not set CONFIG_PPP=y CONFIG_PPP_BSDCOMP=y CONFIG_PPP_DEFLATE=y CONFIG_PPP_FILTER=y CONFIG_PPP_MPPE=y CONFIG_PPP_MULTILINK=y CONFIG_PPPOE=y CONFIG_PPP_ASYNC=y CONFIG_PPP_SYNC_TTY=y CONFIG_SLIP=y CONFIG_SLHC=y CONFIG_SLIP_COMPRESSED=y CONFIG_SLIP_SMART=y CONFIG_SLIP_MODE_SLIP6=y CONFIG_WLAN=y # CONFIG_HOSTAP is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set # # Character devices # CONFIG_UNIX98_PTYS=y # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set CONFIG_LEGACY_PTYS=y CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_N_GSM is not set # CONFIG_TRACE_SINK is not set CONFIG_DEVKMEM=y CONFIG_HW_RANDOM=y CONFIG_UML_RANDOM=y # CONFIG_R3964 is not set # CONFIG_NSC_GPIO is not set # CONFIG_RAW_DRIVER is not set # # PPS support # # CONFIG_PPS is not set # # PPS generators support # # # PTP clock support # # # Enable Device Drivers -> PPS to see the PTP clock options. # # CONFIG_POWER_SUPPLY is not set # CONFIG_THERMAL is not set # CONFIG_WATCHDOG is not set # CONFIG_REGULATOR is not set CONFIG_SOUND_OSS_CORE_PRECLAIM=y # CONFIG_MEMSTICK is not set # CONFIG_NEW_LEDS is not set # CONFIG_ACCESSIBILITY is not set # CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set # # Virtio drivers # # CONFIG_VIRTIO_BALLOON is not set # CONFIG_STAGING is not set # # Hardware Spinlock drivers # CONFIG_IOMMU_SUPPORT=y # CONFIG_VIRT_DRIVERS is not set # CONFIG_PM_DEVFREQ is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y # CONFIG_IP_FIB_TRIE_STATS is not set CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_CLASSID=y CONFIG_IP_PNP=y CONFIG_IP_PNP_DHCP=y CONFIG_IP_PNP_BOOTP=y CONFIG_IP_PNP_RARP=y CONFIG_NET_IPIP=y # CONFIG_NET_IPGRE_DEMUX is not set CONFIG_IP_MROUTE=y # CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set CONFIG_IP_PIMSM_V1=y # CONFIG_IP_PIMSM_V2 is not set CONFIG_ARPD=y # CONFIG_SYN_COOKIES is not set CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y CONFIG_INET_LRO=y CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=y CONFIG_TCP_CONG_CUBIC=y CONFIG_TCP_CONG_WESTWOOD=y CONFIG_TCP_CONG_HTCP=y CONFIG_TCP_CONG_HSTCP=y CONFIG_TCP_CONG_HYBLA=y CONFIG_TCP_CONG_VEGAS=y CONFIG_TCP_CONG_SCALABLE=y CONFIG_TCP_CONG_LP=y CONFIG_TCP_CONG_VENO=y # CONFIG_TCP_CONG_YEAH is not set # CONFIG_TCP_CONG_ILLINOIS is not set # CONFIG_DEFAULT_BIC is not set CONFIG_DEFAULT_CUBIC=y # CONFIG_DEFAULT_HTCP is not set # CONFIG_DEFAULT_HYBLA is not set # CONFIG_DEFAULT_VEGAS is not set # CONFIG_DEFAULT_VENO is not set # CONFIG_DEFAULT_WESTWOOD is not set # CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y # CONFIG_IPV6_ROUTE_INFO is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set CONFIG_INET6_AH=y CONFIG_INET6_ESP=y CONFIG_INET6_IPCOMP=y # CONFIG_IPV6_MIP6 is not set CONFIG_INET6_XFRM_TUNNEL=y CONFIG_INET6_TUNNEL=y CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=y # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y # CONFIG_NF_CONNTRACK is not set # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y # # Xtables combined modules # CONFIG_NETFILTER_XT_MARK=y # # Xtables targets # # CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y # CONFIG_NETFILTER_XT_TARGET_DSCP is not set CONFIG_NETFILTER_XT_TARGET_HL=y # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set CONFIG_NETFILTER_XT_TARGET_MARK=y # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_TEE is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set # # Xtables matches # # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y # CONFIG_NETFILTER_XT_MATCH_CPU is not set CONFIG_NETFILTER_XT_MATCH_DCCP=y # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set # CONFIG_NETFILTER_XT_MATCH_DSCP is not set CONFIG_NETFILTER_XT_MATCH_ESP=y # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set CONFIG_NETFILTER_XT_MATCH_HL=y # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y # CONFIG_NETFILTER_XT_MATCH_OSF is not set # CONFIG_NETFILTER_XT_MATCH_OWNER is not set CONFIG_NETFILTER_XT_MATCH_POLICY=y # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set # CONFIG_IP_SET is not set # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # # CONFIG_NF_DEFRAG_IPV4 is not set CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # # CONFIG_NF_DEFRAG_IPV6 is not set # CONFIG_IP6_NF_QUEUE is not set CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y # CONFIG_IP6_NF_MATCH_MH is not set CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y # CONFIG_BRIDGE_EBT_IP6 is not set CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y # CONFIG_BRIDGE_EBT_NFLOG is not set CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=y # CONFIG_SCTP_DBG_MSG is not set # CONFIG_SCTP_DBG_OBJCNT is not set # CONFIG_SCTP_HMAC_NONE is not set # CONFIG_SCTP_HMAC_SHA1 is not set CONFIG_SCTP_HMAC_MD5=y # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set # CONFIG_L2TP is not set CONFIG_STP=y CONFIG_BRIDGE=y CONFIG_BRIDGE_IGMP_SNOOPING=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y # CONFIG_VLAN_8021Q_GVRP is not set # CONFIG_DECNET is not set CONFIG_LLC=y # CONFIG_LLC2 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set # CONFIG_IEEE802154 is not set # CONFIG_NET_SCHED is not set # CONFIG_DCB is not set # CONFIG_BATMAN_ADV is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y CONFIG_WIRELESS=y # CONFIG_CFG80211 is not set # CONFIG_LIB80211 is not set # # CFG80211 needs to be enabled for MAC80211 # # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set # CONFIG_CAIF is not set # CONFIG_CEPH_LIB is not set # CONFIG_NFC is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=8 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y # CONFIG_UML_NET_VDE is not set CONFIG_UML_NET_MCAST=y # CONFIG_UML_NET_PCAP is not set CONFIG_UML_NET_SLIRP=y # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set CONFIG_EXT2_FS_XIP=y CONFIG_EXT3_FS=y CONFIG_EXT3_DEFAULTS_TO_ORDERED=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y # CONFIG_EXT3_FS_SECURITY is not set CONFIG_EXT4_FS=y CONFIG_EXT4_FS_XATTR=y CONFIG_EXT4_FS_POSIX_ACL=y # CONFIG_EXT4_FS_SECURITY is not set # CONFIG_EXT4_DEBUG is not set CONFIG_FS_XIP=y CONFIG_JBD=y CONFIG_JBD2=y CONFIG_FS_MBCACHE=y CONFIG_REISERFS_FS=y # CONFIG_REISERFS_CHECK is not set CONFIG_REISERFS_PROC_INFO=y CONFIG_REISERFS_FS_XATTR=y CONFIG_REISERFS_FS_POSIX_ACL=y # CONFIG_REISERFS_FS_SECURITY is not set CONFIG_JFS_FS=y CONFIG_JFS_POSIX_ACL=y # CONFIG_JFS_SECURITY is not set # CONFIG_JFS_DEBUG is not set CONFIG_JFS_STATISTICS=y CONFIG_XFS_FS=y # CONFIG_XFS_QUOTA is not set CONFIG_XFS_POSIX_ACL=y CONFIG_XFS_RT=y # CONFIG_XFS_DEBUG is not set # CONFIG_GFS2_FS is not set CONFIG_OCFS2_FS=y CONFIG_OCFS2_FS_O2CB=y CONFIG_OCFS2_DEBUG_MASKLOG=y # CONFIG_OCFS2_DEBUG_FS is not set CONFIG_BTRFS_FS=y CONFIG_BTRFS_FS_POSIX_ACL=y # CONFIG_NILFS2_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y CONFIG_FILE_LOCKING=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY_USER=y # CONFIG_FANOTIFY is not set CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QUOTA_DEBUG is not set CONFIG_QUOTA_TREE=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS4_FS=y CONFIG_FUSE_FS=y # CONFIG_CUSE is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # CONFIG_ISO9660_FS=y CONFIG_JOLIET=y CONFIG_ZISOFS=y CONFIG_UDF_FS=y CONFIG_UDF_NLS=y # # DOS/FAT/NT Filesystems # CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" CONFIG_NTFS_FS=y # CONFIG_NTFS_DEBUG is not set CONFIG_NTFS_RW=y # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_TMPFS_XATTR is not set # CONFIG_HUGETLB_PAGE is not set CONFIG_CONFIGFS_FS=y CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_LOGFS is not set CONFIG_CRAMFS=y # CONFIG_SQUASHFS is not set # CONFIG_SQUASHFS_XATTR is not set # CONFIG_SQUASHFS_ZLIB is not set # CONFIG_SQUASHFS_LZO is not set # CONFIG_SQUASHFS_XZ is not set # CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set # CONFIG_SQUASHFS_EMBEDDED is not set # CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE is not set # CONFIG_VXFS_FS is not set CONFIG_MINIX_FS=y # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set CONFIG_ROMFS_FS=y CONFIG_ROMFS_BACKED_BY_BLOCK=y CONFIG_ROMFS_ON_BLOCK=y # CONFIG_PSTORE is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y # CONFIG_NFS_V3_ACL is not set # CONFIG_NFS_V4 is not set # CONFIG_ROOT_NFS is not set CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y # CONFIG_NFSD_V4 is not set CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y # CONFIG_CEPH_FS is not set CONFIG_CIFS=y CONFIG_CIFS_STATS=y CONFIG_CIFS_STATS2=y # CONFIG_CIFS_WEAK_PW_HASH is not set # CONFIG_CIFS_XATTR is not set # CONFIG_CIFS_DEBUG2 is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y CONFIG_BSD_DISKLABEL=y # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set CONFIG_LDM_PARTITION=y CONFIG_LDM_DEBUG=y # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" CONFIG_NLS_CODEPAGE_437=y # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set CONFIG_NLS_CODEPAGE_850=y # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set CONFIG_NLS_CODEPAGE_936=y CONFIG_NLS_CODEPAGE_950=y # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set CONFIG_NLS_ISO8859_1=y # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set CONFIG_NLS_ISO8859_6=y # CONFIG_NLS_ISO8859_7 is not set CONFIG_NLS_ISO8859_9=y # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set CONFIG_NLS_UTF8=y # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_USER is not set CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y # CONFIG_CRYPTO_GF128MUL is not set CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # CONFIG_CRYPTO_TEST is not set # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set CONFIG_CRYPTO_ECB=y # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # CONFIG_CRYPTO_VMAC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_GHASH is not set CONFIG_CRYPTO_MD4=y CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=y # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_TGR192=y CONFIG_CRYPTO_WP512=y # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_586=y CONFIG_CRYPTO_ANUBIS=y CONFIG_CRYPTO_ARC4=y CONFIG_CRYPTO_BLOWFISH=y CONFIG_CRYPTO_BLOWFISH_COMMON=y # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y CONFIG_CRYPTO_CAST6=y CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set CONFIG_CRYPTO_KHAZAD=y # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set CONFIG_CRYPTO_SERPENT=y CONFIG_CRYPTO_TEA=y CONFIG_CRYPTO_TWOFISH=y CONFIG_CRYPTO_TWOFISH_COMMON=y # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # CONFIG_CRYPTO_ANSI_CPRNG=y # CONFIG_CRYPTO_USER_API_HASH is not set # CONFIG_CRYPTO_USER_API_SKCIPHER is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set CONFIG_CRC_ITU_T=y CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y # CONFIG_CRC8 is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y CONFIG_LZO_DECOMPRESS=y CONFIG_XZ_DEC=y CONFIG_XZ_DEC_X86=y CONFIG_XZ_DEC_POWERPC=y CONFIG_XZ_DEC_IA64=y CONFIG_XZ_DEC_ARM=y CONFIG_XZ_DEC_ARMTHUMB=y CONFIG_XZ_DEC_SPARC=y CONFIG_XZ_DEC_BCJ=y # CONFIG_XZ_DEC_TEST is not set CONFIG_DECOMPRESS_GZIP=y CONFIG_DECOMPRESS_BZIP2=y CONFIG_DECOMPRESS_LZMA=y CONFIG_DECOMPRESS_XZ=y CONFIG_DECOMPRESS_LZO=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_NLATTR=y # CONFIG_AVERAGE is not set # CONFIG_CORDIC is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set CONFIG_DEFAULT_MESSAGE_LOGLEVEL=4 CONFIG_ENABLE_WARN_DEPRECATED=y CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048 # CONFIG_STRIP_ASM_SYMS is not set # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_SHIRQ is not set # CONFIG_LOCKUP_DETECTOR is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_DETECT_HUNG_TASK is not set CONFIG_SCHED_DEBUG=y # CONFIG_SCHEDSTATS is not set # CONFIG_TIMER_STATS is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_SLAB is not set # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set # CONFIG_SPARSE_RCU_POINTER is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set # CONFIG_DEBUG_STACK_USAGE is not set # CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_INFO=y # CONFIG_DEBUG_INFO_REDUCED is not set # CONFIG_DEBUG_VM is not set # CONFIG_DEBUG_WRITECOUNT is not set CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_DEBUG_LIST is not set # CONFIG_TEST_LIST_SORT is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set # CONFIG_DEBUG_CREDENTIALS is not set CONFIG_FRAME_POINTER=y # CONFIG_BOOT_PRINTK_DELAY is not set # CONFIG_RCU_TORTURE_TEST is not set # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set # CONFIG_FAULT_INJECTION is not set # CONFIG_SYSCTL_SYSCALL_CHECK is not set # CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_ATOMIC64_SELFTEST is not set # CONFIG_SAMPLES is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_GPROF is not set # CONFIG_GCOV is not set CONFIG_EARLY_PRINTK=y marionnet-0.90.6+bzr457.orig/uml/kernel/README0000600000175000017500000000507312356733375017542 0ustar lucaslucasThis directory contains patch files and .config files. .config files ------------- Each DOT-config-* file is specific to one certain kernel version -- the file name cleraly says which one. A DOT-config-* file should be renamed to .config and copied into the main directory of unpacked kernel sources. patch files ----------- We distribute patch files, hopefully applicable to several kernel versions, but named after a specific version we tested. History and current status --------------------------- Since unfortunately Jonathan Roudiere is no longer very active in the project, we (Luca Saiu and Jean-Vincent Loddo) have taken over maintenance. I (Luca Saiu) had the original idea and wrote the original ghostification kernel patch in 2007, against Linux 2.6.18; the idea of modifying the kernel in order to shield students from the frighteningly complex reality of X11 network communication started as a joke between me and Jean-Vincent; but then he encouraged me to actually do it, and of course I was happy to accept the challenge. When Jonathan joined the project (was it 2009 or 2010?) he ported my patch to more recent kernel versions, and in particular to the new internal network infrastructure. He also cleaned up the sources, correctly interfaced them to the Linux configuration system, rewrote from scratch the userland utilties (my version was just a hacked-up ifconfig), and generally made the code much more powerful. Jonathan released patches for Linux 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31 and 2.6.32. Now in 2011 those versions have become old, and more importantly are starting to become problematic to compile on new hosts; that's why I've taken Jonathan's last patch and ported it to the most recent stable kernel available as of this writing, Linux 3.0.8. Of course the code changes rapidly, and some changes were required: for example the filed named "u" in struct rtable, defined in include/net/route.h, has been removed some versions ago; we used to use "u" to access its field "dst", but now dst is directly referred by a new pointer field in struct rtable. Even without studying the kernel code in detail as Jonathan did I've fixed some problems such as this, and the result seems to work reliably. I have not cleaned up the code unless it was necessary for building: what I have done until this moment is just porting work. In the future we plan to drop support for old kernel versions, but for the time being we prefer to keep the older patches around, since the latest one hasn't been tested much yet. Have fun with ghostification. -- Luca Saiu, October 2011 marionnet-0.90.6+bzr457.orig/uml/kernel/doc/0000700000175000017500000000000012356733375017420 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/kernel/doc/README0000600000175000017500000000162012356733375020301 0ustar lucaslucas# Written by Jonathan Roudiere in 2009. # To do: add copyright notice. Ghost-kernel-2.0 ================ Ghost-kernel-2.0 is a part of the Marionnet project, Ghostification sub-project has been initiated by Luca Saiu and taken back Jonathan Roudiere . Ghost-kernel-2.0 is just a shell encapsulating the pathing and building a ghostified Kernel (and providing the ghost2 user tool). It allows to help user to build Ghost kernel for Marionnet/UML or to your host and that all ;). For more information about ghostification see README.Ghostification. For more information about Marionnet project see its website at . Copyright and license precised in this archive are just relative to the Ghost patch and the ghost2 utility, about kernel copyright or documentation, etc ... see kernel archive or kernel.org website. marionnet-0.90.6+bzr457.orig/uml/kernel/doc/README.Ghostification0000600000175000017500000002422212356733375023255 0ustar lucaslucas# Written by Jonathan Roudiere in 2009. # To do: add copyright notice. # To do: update Informations about Ghostification support ========================================= 1. Authors 2. Ghostification support 3. What ghostification means 4. User interface 5. Limitations 6. Implementation 7. Implementation rationale 8. Contact information 9. License 1. Authors ========== Copyright (C) 2007 Luca Saiu (original author) Copyright (C) 2009 Jonathan Roudiere This patch is released under the GNU General Public License v2 or any later version published by the Free Software Foundation, Inc. See the added comments in the patch for information about who wrote what. 2. Ghostification support ========================= This project consists in a small kernel patch allowing the user to "ghostify" one or several network interfaces. This patch was originally developed for kernel 2.6.18, is now available for the following kernel versions : 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31 (soon 2.6.32). 3. What ghostification means ============================ A network interface in "ghostified" state continues to operate as usual and can be normally employed by user applications for communication. Sockets can be opened and closed and packets are normally sent, received and routed. However a ghostified interface is different from a non-ghostified network interface in the following respects: * Its presence can not be *detected* by user processes: kernel ioctl's don't report the interface presence, and when they receive its name as parameter they fail as if the interface didn't exist, with -ENODEV. The /proc virtual filesystem doesn't contain references to its name. * Its configuration can't be *queried* by user processes: the kernel answers with an error when receiving any configuration query ioctl. Routes involving a ghostified interface are not shown to user processes, although they continue to be normally followed by the kernel. * Its configuration can't be *changed* by user processes: the network interface can't be disabled if currently enabled, or vice-versa. Its address (at all levels, from network down to hardware) can't be changed. Routes involving it cannot be added or removed. * Its configuration can't be *queried* or *changed* by user processes using the kernel netlink interface, so tools as iproute2 cann't obtain more information than ifconfig, route, etc (tools using ioctl request). * Packets received or emited by a ghostified interface cann't be catch through Netfilter (iptables). All Netfilter's hooks are skiped (ARP, Bridge, IPv4, IPv6 and Decnet). * Packets received by a ghostified interface are never copied to AF_PACKET sockets, so that user-level sniffers don't see any traffic when reading from a generic AF_PACKET socket associated to "all" network interfaces. * A ghostified interface can be "unghostified" (see below), after which its state reverts to normal. The implementation has been heavily tested only on Ethernet, loopback, bridge, TUN/TAP devices and dummy interface (and most of virtual interfaces) but is expected to work on any other kind of network interface. The code is architecture-idependent, SMP-safe and also works in User Mode Linux. 4. User interface ================= A normal network interface can be ghostified and a ghostified one can be "unghostified" with the new SIOCGIFGHOSTIFY and SIOCGIFUNGHOSTIFY ioctls. Both take the interface name as parameter and return 0 on success or a negative error code on failure, according to ioctl conventions (see file ghost_kernel_errors.txt for exact return error code for each case). On ghostification and unghostification some lines are written to the system log (only if messages are actived at build time), explaining what happened in an understandable way and listing the currently ghostified network interfaces. Configuration of the Ghostification can be done or adapted by using usual interface to configure the Linux Kernel (make *config); the maximum number of ghostified interface can be changed, the verbosity of messages which are displayed by the ghosfication engine (many or no messages) and the Netfilter support for the ghostification can be enabled or disabled for each hook level (IPv4, IPv6, ARP, Bridge and Decnet). A simple user-level program called "ghost2" is provided for convenience: it take the interface name and an option which specify if user wish to ghostify or unghostify the network interface (two little scripts called "ghostify" and "unghostify" are provided to keep compatibility with old versions). 5. Limitations ============== The current implementation imposes a fixed limit to the number of network interface which can be in ghostified state in any given moment. The limit is currently set to 9, but can be trivially raised by modifying the config of the kernel at build time (through make *config, under -> Networking -> Networking support -> Ghostification support). The implementation was tested on a network using IPv4 and IPv6. Some operations in more exoteric protocols might not be correctly filtered, and in particular the interface name could show up somewhere under /proc if such protocols were employed. In fact, some informations are available under /sys and /proc virtual filesystems. If iproute is used (or any tools using the Netlink interface of the Kernel) then user can notice that the index number of interfaces which are displayed are no contiguous. 6. Implementation ================= The implementation is failry simple and unobtrusive. Its bulk resides in net/core/dev.c, where a simple fixed-length array of fixed-length strings is defined, ghost_interface_names. Such structure is static and always accessed from the outside via is_a_ghost_interface_name() -- which makes changing the implementation fairly easy, should it ever be needed. Structure updates are performed only from within net/core/dev.c, which also contains what essentially is the full implementation of the new ioctls in ghostify_interface() and unghostify_interface(). Their common table lookup functionality is implemented in __lookup_ghost_interface_names(). Such functions (and their unlocked counterparts, where appliable) are of course all static. The data structure initialization is performed in netdev_boot_setup(), in net/core/dev.c . Critical sections are implemented with a spinlock (ghost_interface_spin_lock), and the only exported function, is_a_ghost_interface_name(), is reentrant. The behaviour of several ioctls has been modified according to the specification above, including all SIOCxIFxxx calls (see net/core/dev.c), and SIOCDELRT and SIOCADDRT (see net/ipv4/fib_frontend.c, net/ipv4/fib_trie.c, net/ipv4/fib_hash.c, net/ipv6/route.c). Many modifications just consist in the addition of a call to is_a_ghost_interface_name() within a conditional, making an operation fail when a ghostified interface is involved. Such updates pertain to many files under net/ . Similar modifications have the purpose of "filtering out" some lines displayed in files under /proc/ . A slightly more involved modification consists in making a file under /proc/net/dev_snmp6/ appear or disapper at ghostification or unghostification time. The implementation is in net/ipv6/addrconf.c and net/ipv6/proc.c . Sockets with address format AF_PACKET are dealt with in net/packet/af_packet.c . Modifications just consist in selective packet dropping, even if in several distinct cases. Multicast and memory-mapped devices are explicitly supported. Netfilter ghostification support is performed with a simple test in order to know if a network packet comes from or goes through a ghostified interface. It is possible to skip all Netfilter's hooks or just select some hooks in particular (skip not all but just some hooks may be incredibly inefficient and it is not recommended to use this method). The userspace utility ghost2 just uses ioctl request to do its work, it is a little and very stupid tool. For more informations see the following sources files, patch modify the following : include/linux/netdevice.h include/linux/sockios.h include/net/ghostdebug.h kernel/softirq.c net/Kconfig net/core/dev.c net/core/dev_mcast.c net/core/rtnetlink.c net/ipv4/arp.c net/ipv4/devinet.c net/ipv4/fib_frontend.c net/ipv4/fib_hash.c net/ipv4/fib_semantics.c net/ipv4/fib_trie.c net/ipv4/igmp.c net/ipv4/route.c net/ipv6/Kconfig net/ipv6/addrconf.c net/ipv6/ip6_fib.c net/ipv6/mcast.c net/ipv6/proc.c net/ipv6/route.c net/netfilter/core.c net/packet/af_packet.c 7. Implementation rationale =========================== The cleanest, most straightforward and also most efficient way of keeping track of which interface is currently ghostified would have been adding a new field to struct net_device, defined in include/linux/netdevice.h . Unfortunately such structure is exported to the user level, and even just appending a field to its end would have changed its size, breaking binary compatibility with user applications. We decided to fall back to a less efficient solution, which shouldn't however cause perceivable slowdowns because of the extremely small size of our fixed table. Even using a hash table would have probably been overkill for such a small structure, and could actually have resulted in higher access time. is_a_ghost_interface_name() has constant complexity, consisting (in the worst case) in MAX_GHOST_INTERFACES_NO string comparisons where all strings have size less than IFNAMSIZ (currently defined as 16 in in include/linux/if.h). Using a unique index (such as the ifindex field of struct net_device) instead of the interface name would have probably been less efficient, as many kernel structures and interfaces work with interface names expressed as strings. 8. Contact information ====================== For any bug report or comment, the author is reachable at the address : - (mailing list) - - 9. License ========== This patch and the ghost2 user tool are released under the GNU GPL v2 or later. marionnet-0.90.6+bzr457.orig/uml/kernel/doc/LICENSE0000600000175000017500000004310312356733375020430 0ustar lucaslucas GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. marionnet-0.90.6+bzr457.orig/uml/kernel/doc/INSTALL0000600000175000017500000002342012356733375020454 0ustar lucaslucas# Written by Jonathan Roudiere in 2009. # To do: add copyright notice. GHOST-KERNEL-2.0 ================ Abstract : Ghost-kernel contain a patch to some versions of the Linux Kernel and a tool called ghost2. This patch is intended to provide the ability to hide network interfaces to userspace from kernel space. The utility ghost2 is used to ghostify or unghostify network interfaces from userspace. To get more informations about Ghostification see README.Ghostification. 1. Standard build 2. Building using a config file 3. Adapt Build or Install 4. Building packages 1. Standard build ================= To build Linux Ghost Kernel and Ghost2, you need to have standard tools as those provided by binutils, coreutils, libc-dev, make, gcc, bzip2, tar, strip, some development library as ncurses, vde and libpcap ... but most systems provided them or packages to installed them. There aren't configuration script to build Kernel and Ghost2, all needs information must be provided on the make command line (or through a config file, see approriate section about it). NOte : this tarball cann't help you if you wish to build a Linux Ghost Kernel with modules (maybe next release will allow it). --- To know what are the available targets run : $> make help or $> make targets And you will seeing a list a targets with a comment for each. --- To know what is the default configuration (as path, etc ...) just run : $> make show-default-config But you can also use : $> make show-config In this case you see the same configuration (by default) but variables content are interpreted (ex : CONFIG_FILE=CONFIG-$(KERNEL_VERSION) will be shown like that : CONFIG_FILE=CONFIG-2.6.31). Some variables which will displayed are no used by the build system, they will be used for a next release ;), it most case variables that you could have needs are : - KERNEL_VERSION=2.6.x If you wish to built a particular version of the Ghost Kernel (patch for this version must be exist (look vs in kernel-patch if dir exist), by default the latest version of the kernel for which a patch exist will be built. - PREFIX=/path/to/usr standard option to change /usr directory (by /usr/local for example). - DESTDIR=/path To make installation in another root directory (for example, you can use DESTDIR variable in order to install ghost2 in a VM (for marionnet) which could be "mounted" in a directory on your host, to do that, run : $> mount -o loop /usr/share/marionnet/filesystem/vm.img /mnt $> make install-ghost2 DESTDIR=/mnt $> umount /mnt And the ghost2 is now installed on the VM. All others relevant variables are relative to the path of the installation and start by PATH_*, look for your needs with : $> make make show-config |grep PATH Generally their names are explicit (if not, their default definition can help you to know what their purpose). --- This tarball is intended to build two things : - The Linux Kernel patched for Ghotification and - the Ghost2 user tool But the Kernel is intended to be installed to your host, to Marionnet or as a UML kernel (User-Mode-Linux, a simple binary), it is need to use appropriate targets to do that. Standard step to build Kernel and user tool are the following (to build and install a kernel to Marionnet, adapt to your needs) : $> make download-kernel $> make untar-kernel $> make apply-patch $> make configure-kernel-marionnet $> make build-kernel-marionnet $> make pack-kernel-marionnet $> make install-kernel-marionnet $> make ghost2 $> make install-ghost2 If you don't use configuration file you can specify some information on the make commande line : $> make _TARGET_ KERNEL_VERSION=2.6.XX OTHER_VAR1=... OTHER_VAR2=... Remplace _TARGET_ by any target (build-*, install-*, pack*..). --- In fact, targets "all" and "install" are sufficient in most case, if it is need those targets will run all intermediary targets for you, so you can just use them like that : $> make all GHOST_TARGET=_target_ $> make install GHOST_TARGET=_target_ Just change "_target_" by "host", "marionnet" or "uml" according you wish to build a kernel for you host (interactive configuration), to Marionnet or to UML architecture (Marionnet is just an UML kernel with differents name and installing path). --- You must have an Internet connection to build Kernel (exept if Kernel sources have already be donwloaded). If you don't have Internet connection but you already have Kernel tarball then you can lie to the system by : Creating a directory called ./kernel-src in at the root of the sources of ghost-kernel-2.0 : $> mkdir kernel-src Move or copy the Kernel tarball in : $> cp /path/to/tarball/linux-2.6.XX.tar.bz2 ./kernel-src/ And created a directory called ./build with a file as shown below : $> mkdir build $> touch build/download-kernel-2.6.XX-done (Change XX by the kernel version that you wish used). --- Pack : when you built something - before installing a Linux Ghost Kernel or the Ghost2 usertool - a directory called "pack" is created and it contains all files which will be installed after. You can check in sub-directories of the pack directory files which will be installed and where they will be install (but path can be changed during installation by specify it on the make commande line). Pack directory contains subdirs to keep separate targets, and differents versions build (for kernels), the following directories (a part for example) are created : --- ghost2 `-- kernel-host-pack `-- 2.6.26 `-- 2.6.30 `-- usr ... ... `-- kernel-marionnet-pack `-- 2.6.26 ... `-- kernel-uml-pack `-- 2.6.26 ... Advantages to use a intermediary directories before installing files is that you can built (for example) several kernel versions and install them after. Example to install the Ghost Kernel version 2.6.30 to marionnet : $> make KERNEL_VERSION=2.6.27 install-kernel-marionnet If it is built then it will be build by running the previous command line. You can use "pack*" targets to create sereval binaries tarballs (but dist-binary-* do the same). 2. Build with a config file ============================ You can use a config file called CONFIGME in order to specify some variables definition. This file must be put on the root directory of this tarball. You can specify any variables (if some are not used by the build system then they will just be ignored). If you use a configuration file then at any time you can check your current configuration by running : $> make show-config --- If you modify Makefile to add, remove variables then run after : $> ./Makefile.d/update.sh to update part of the Makefile which read the CONFIGME configuration file, and that 's all. 3. Adapt Build or Install ========================= Modify Kernel default configuration : ------------------------------------- If you need to modify the configuration of the kernel which will be build for Marionnet or UML architecture then run : $> make configure-kernel-marionnet or $> make configure-kernel-uml this targets just copy a default config file in kernel tree, and run after : $> make configure-kernel KERN_ARCH=um Some messages will be displayed (to warn you because the kernel is already configured but no important things, just wait a little) and after the standard Kernel configuration interface will open and you can modify or adapt to your needs the default configuration provide for Marionnet or UML. When you have finished, just save, exit and build the kernel with : $> make build-kernel-marionnet or $> make build-kernel-uml Installing Kernel or ghost2 tool in a particular directory ---------------------------------------------------------- To install the product of any target in another directory you can use DESTDIR variable as below : $> make install* DESTDIR=/path/to/rootdir/ And all files will be installed under the specified directory (of course this doesn't change path where files are installed like /usr, /usr/doc/man, etc ...). Build a kernel 2.6.XX with a path to the kernel 2.6.YY ------------------------------------------------------ You can simply use KERNEL_VERSION and PATCH_VERSION to specify what is the version of the kernel that you want used and what is the patch version which you wish used ;) as below : $> make KERNEL_VERSION=2.6.XX PATCH_VERSION=2.6.YY build-kernel* Of course, you can have error or echec but it can be useful to adapt the patch for a newer version of the kernel. 4. Building packages ==================== To build Debian package you must install dpkg-dev and debhelper packages before (and dependancies). To build RPM package you must have rpmbuild. When you build packages the three following will be built : - marionnet-kernel-2.6.X - uml-kernel-2.6.X-ghost - ghost2 Build Debian packages --------------------- To build a Debian package just run (remplace XX by a version for which a patch exit) : $> make deb KERNEL_VERSION=2.6.XX And package will be build in the parent (../) directory. Packages build using this way will use a Kernel source from kernel.org (vanilla). If KERNEL_VERSION is not specified the Kernel build will be the latest for which a patch exist (like for other targets). Or you can also build package using Kernel sources provide by Debian (linux-source-2.6.XX package) by running : $> ./debian/rules binary or $> dpkg-buildpackage Kernel available by this second method are : 2.6.26 (lenny), 2.6.30 (squeeze) and 2.6.31 (sid). Apt sources.list file must contain appropriate url to donwload corresponding debian package. Build RPMs packages ------------------- To build RPMs packages just run : $> make c-rpm KERNEL_VERSION=2.6.XX or $> make c-rpm And package will be built in the parent (../) directory. Packages built using this way will use a Kernel sources from kernel.org (vanilla). If KERNEL_VERSION is not specified the Kernel built will be the latest for which a patch exist (like for other targets). marionnet-0.90.6+bzr457.orig/uml/kernel/doc/ghost_kernel_errors.fr.txt0000600000175000017500000000311612356733375024652 0ustar lucaslucasKernel code error : =================== La partie du code noyau qui a en charge les opérations de ghostification peut renvoyer différents code de retour lorsqu'elle rencontre un erreur. La (un)ghostification d'une interface ce fait à travers une requète ioctl(2), lors d'un echec l'appel ioctl place dans errno le numéro de l'erreur en question. Les différents code de retour sont : ------------------------------------ Lors d'une ghostification d'interface (fonct ghostify) : -------------------------------------------------------- EINVAL : Cette erreur est renvoyée lors le nom de l'interface que l'on désire ghostifier est trop long (plus grand que IFNAMSIZ) où de longueur nulle; cette erreur est également celle renvoyée par une requète ioctl() avec des paramètres incorrect donc lors de l'utilisation du binaire ghost2 cela traduit le fait que le noyau ne supporte pas les opérations de Ghostification (les autres cas étant pris en charge par le logiciel). EEXIST : Cette erreur est renvoyée lorsque l'interface est déjà ghostifiée. ENODEV : Cette erreur est renvoyée lorsque l'interface spécifiée n'existe pas (n'existe réellement pas ;). ENOMEM : Cette erreur est renvoyée lorsque le nombre maximum d'interfaces ghostifiées a été atteint. Lors de la dé-ghostification d'interface (fonct unghostify) : ------------------------------------------------------------- ENODEV : Cette erreur est renvoyée lorsque l'interface spécifiée n'existe pas (n'existe réellement pas ;). ESRCH : L'interface réseau n'est pas ghostifée. marionnet-0.90.6+bzr457.orig/uml/kernel/doc/ghost_kernel_errors.txt0000600000175000017500000000250312356733375024243 0ustar lucaslucasKernel code error : =================== Part of the kernel which has in charge the Ghost operations can return several error code when an error occurs. Ghostify or Unghostify a network interface (card) is done through a ioctl(2) request, on error ioctl request use errno to provide the number of the error. The differents error code which can be returned are : ----------------------------------------------------- During Ghostify operation : --------------------------- EINVAL - This error is returned when the name of the specified network card is too long (greater than IFNAMSIZ) or when the name has a null length. This error is also returned by a incorrect ioctl() request. With ghost2 this reflects the fact that the kernel doesn't supports the Ghost operations (because the other cases are handled by the program). EEXIST - This error occurs when the network card is already ghostified. ENODEV - This error is returned when the specified network card doesn't exist (really doesn't exist ;). ENOMEM - This error is returned when the max number of ghostified network cards has been reached. During Unghostify operation : ----------------------------- ENODEV - This error is returned when the specified network card doesn't exist (really doesn't exist ;). ESRCH - The network card is not ghositified. marionnet-0.90.6+bzr457.orig/uml/kernel/README.linux-3.0.%0000600000175000017500000000145012356733375021314 0ustar lucaslucasNotes about the compilation of the series 3.0.% ----------------------------------------------- The execution of the script "pupisto.kernel.sh 3.0.84" produces a linking error: arch/x86/include/asm/atomic64_32.h:72: undefined reference to `atomic64_set_386' similar to the errors fixed by the patches: linux-3.?.%.compile_with_ARCH_um_SUBARCH_i386.diff for the successive kernel series (3.2, 3.4, 3.6, 3.8). There is probably a work-around for this problem by changing some configuration options. Actually, if we generate the .config file with the function: create_kernel_config_from CONFIG-3.0.8 the compilation of 3.0.8 succeed (but 3.0.84 fails). However, we are not currently able to adapt the patch for the series 3.2 to the serie 3.0, neither find the .config options to fix. J.V. Loddo marionnet-0.90.6+bzr457.orig/uml/kernel/linux-3.2.%.add_include_resource_h.diff0000600000175000017500000000070712356733375025745 0ustar lucaslucasdiff -ruN linux-3.2.48--original/arch/um/os-Linux/start_up.c linux-3.2.48/arch/um/os-Linux/start_up.c --- linux-3.2.48--original/arch/um/os-Linux/start_up.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/arch/um/os-Linux/start_up.c 2013-07-01 11:37:13.000000000 +0200 @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include marionnet-0.90.6+bzr457.orig/uml/kernel/linux-3.4.%.compile_with_ARCH_um_SUBARCH_i386.diff0000600000175000017500000000143012356733375027171 0ustar lucaslucas*** linux-3.2.13.original/arch/x86/um/Makefile 2012-03-19 17:03:17.000000000 +0100 --- linux-3.2.13.modified/arch/x86/um/Makefile 2013-04-30 18:09:48.000000000 +0200 *************** *** 19,25 **** obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o --- 19,27 ---- obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o \ ! ../lib/atomic64_386_32.o ../lib/cmpxchg8b_emu.o ! subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o marionnet-0.90.6+bzr457.orig/uml/kernel/linux-3.6.%.compile_with_ARCH_um_SUBARCH_i386.diff0000600000175000017500000000143012356733375027173 0ustar lucaslucas*** linux-3.2.13.original/arch/x86/um/Makefile 2012-03-19 17:03:17.000000000 +0100 --- linux-3.2.13.modified/arch/x86/um/Makefile 2013-04-30 18:09:48.000000000 +0200 *************** *** 19,25 **** obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o --- 19,27 ---- obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o \ ! ../lib/atomic64_386_32.o ../lib/cmpxchg8b_emu.o ! subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o marionnet-0.90.6+bzr457.orig/uml/kernel/CONFIG-3.0.80000600000175000017500000004600312356733375020214 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux Kernel Configuration # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_CMPXCHG_LOCAL is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MELAN is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MCORE2 is not set # CONFIG_MATOM is not set # CONFIG_X86_GENERIC is not set CONFIG_X86_INTERNODE_CACHE_SHIFT=5 CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=5 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=5 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_X86_32=y # CONFIG_X86_64 is not set # CONFIG_RWSEM_XCHGADD_ALGORITHM is not set CONFIG_RWSEM_GENERIC_SPINLOCK=y # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y # CONFIG_SMP_BROKEN is not set CONFIG_GENERIC_HWEIGHT=y CONFIG_STATIC_LINK=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_COMPACTION is not set # CONFIG_PHYS_ADDR_T_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y # CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_NEED_PER_CPU_KM=y # CONFIG_CLEANCACHE is not set CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_STATIC=y CONFIG_BINFMT_ELF=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=0 CONFIG_NO_DMA=y # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_CROSS_COMPILE="" CONFIG_LOCALVERSION="-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_DEFAULT_HOSTNAME="(none)" CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_FHANDLE is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_HAVE_GENERIC_HARDIRQS=y # # IRQ subsystem # CONFIG_GENERIC_HARDIRQS=y CONFIG_GENERIC_IRQ_SHOW=y # # RCU Subsystem # CONFIG_TINY_RCU=y # CONFIG_PREEMPT_RCU is not set # CONFIG_RCU_TRACE is not set # CONFIG_TREE_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set CONFIG_NET_NS=y # CONFIG_SCHED_AUTOGROUP is not set CONFIG_SYSFS_DEPRECATED=y # CONFIG_SYSFS_DEPRECATED_V2 is not set # CONFIG_RELAY is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EXPERT is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_ALL is not set CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y # CONFIG_EMBEDDED is not set # # Kernel Performance Events And Counters # CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_PROFILING is not set # # GCOV-based kernel profiling # # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y CONFIG_LBDAF=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y # CONFIG_DEFAULT_DEADLINE is not set CONFIG_DEFAULT_CFQ=y # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="cfq" # CONFIG_INLINE_SPIN_TRYLOCK is not set # CONFIG_INLINE_SPIN_TRYLOCK_BH is not set # CONFIG_INLINE_SPIN_LOCK is not set # CONFIG_INLINE_SPIN_LOCK_BH is not set # CONFIG_INLINE_SPIN_LOCK_IRQ is not set # CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set CONFIG_INLINE_SPIN_UNLOCK=y # CONFIG_INLINE_SPIN_UNLOCK_BH is not set CONFIG_INLINE_SPIN_UNLOCK_IRQ=y # CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set # CONFIG_INLINE_READ_TRYLOCK is not set # CONFIG_INLINE_READ_LOCK is not set # CONFIG_INLINE_READ_LOCK_BH is not set # CONFIG_INLINE_READ_LOCK_IRQ is not set # CONFIG_INLINE_READ_LOCK_IRQSAVE is not set CONFIG_INLINE_READ_UNLOCK=y # CONFIG_INLINE_READ_UNLOCK_BH is not set CONFIG_INLINE_READ_UNLOCK_IRQ=y # CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set # CONFIG_INLINE_WRITE_TRYLOCK is not set # CONFIG_INLINE_WRITE_LOCK is not set # CONFIG_INLINE_WRITE_LOCK_BH is not set # CONFIG_INLINE_WRITE_LOCK_IRQ is not set # CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set CONFIG_INLINE_WRITE_UNLOCK=y # CONFIG_INLINE_WRITE_UNLOCK_BH is not set CONFIG_INLINE_WRITE_UNLOCK_IRQ=y # CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set # CONFIG_MUTEX_SPIN_ON_OWNER is not set # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set # # DRBD disabled because PROC_FS, INET or CONNECTOR not selected # CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # CONFIG_BLK_DEV_RBD is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" # CONFIG_DEVTMPFS is not set CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_DEVRES is not set # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_UNIX=y CONFIG_XFRM=y # CONFIG_XFRM_USER is not set # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set # CONFIG_NET_KEY is not set CONFIG_INET=y # CONFIG_IP_MULTICAST is not set # CONFIG_IP_ADVANCED_ROUTER is not set # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE_DEMUX is not set # CONFIG_ARPD is not set # CONFIG_SYN_COOKIES is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set # CONFIG_INET_XFRM_TUNNEL is not set # CONFIG_INET_TUNNEL is not set CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set # CONFIG_IPV6 is not set # CONFIG_NETWORK_SECMARK is not set # CONFIG_NETWORK_PHY_TIMESTAMPING is not set # CONFIG_NETFILTER is not set # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set # CONFIG_L2TP is not set # CONFIG_BRIDGE is not set # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set # CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set # CONFIG_IEEE802154 is not set # CONFIG_NET_SCHED is not set # CONFIG_DCB is not set # CONFIG_BATMAN_ADV is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_WIRELESS=y # CONFIG_CFG80211 is not set # CONFIG_LIB80211 is not set # # CFG80211 needs to be enabled for MAC80211 # # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set # CONFIG_CAIF is not set # CONFIG_CEPH_LIB is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=8 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y # CONFIG_UML_NET_VDE is not set CONFIG_UML_NET_MCAST=y # CONFIG_UML_NET_PCAP is not set # CONFIG_UML_NET_SLIRP is not set CONFIG_NETDEVICES=y CONFIG_DUMMY=y # CONFIG_BONDING is not set # CONFIG_MACVLAN is not set # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # CONFIG_MII is not set # CONFIG_PHYLIB is not set CONFIG_WLAN=y # CONFIG_HOSTAP is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set # # CAIF transport drivers # CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y # CONFIG_EXT2_FS_XATTR is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_DEFAULTS_TO_ORDERED=y # CONFIG_EXT3_FS_XATTR is not set # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_REISERFS_FS=y # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set # CONFIG_REISERFS_FS_XATTR is not set # CONFIG_JFS_FS is not set # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_BTRFS_FS is not set # CONFIG_NILFS2_FS is not set # CONFIG_FS_POSIX_ACL is not set CONFIG_FILE_LOCKING=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY_USER=y # CONFIG_FANOTIFY is not set CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QUOTA_DEBUG is not set # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # CONFIG_ISO9660_FS=y CONFIG_JOLIET=y # CONFIG_ZISOFS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_TMPFS_XATTR is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_LOGFS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_PSTORE is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y # CONFIG_NFS_FS is not set # CONFIG_NFSD is not set # CONFIG_CEPH_FS is not set # CONFIG_CIFS is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # # CONFIG_PARTITION_ADVANCED is not set CONFIG_MSDOS_PARTITION=y CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y # CONFIG_CRYPTO_MANAGER is not set # CONFIG_CRYPTO_MANAGER2 is not set # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set # CONFIG_CRYPTO_AUTHENC is not set # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # # CONFIG_CRYPTO_CBC is not set # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # # CONFIG_CRYPTO_HMAC is not set # CONFIG_CRYPTO_XCBC is not set # CONFIG_CRYPTO_VMAC is not set # # Digest # # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_GHASH is not set # CONFIG_CRYPTO_MD4 is not set # CONFIG_CRYPTO_MD5 is not set # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set # CONFIG_CRYPTO_SHA1 is not set # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_AES_NI_INTEL is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set # CONFIG_CRYPTO_CAST5 is not set # CONFIG_CRYPTO_CAST6 is not set # CONFIG_CRYPTO_DES is not set # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # # CONFIG_CRYPTO_DEFLATE is not set # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # CONFIG_CRYPTO_ANSI_CPRNG=y # CONFIG_CRYPTO_USER_API_HASH is not set # CONFIG_CRYPTO_USER_API_SKCIPHER is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y # CONFIG_CRC_CCITT is not set # CONFIG_CRC16 is not set # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set # CONFIG_LIBCRC32C is not set # CONFIG_XZ_DEC is not set # CONFIG_XZ_DEC_BCJ is not set CONFIG_NLATTR=y # CONFIG_AVERAGE is not set # # SCSI device support # CONFIG_SCSI_MOD=y # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set # CONFIG_MD is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set CONFIG_DEFAULT_MESSAGE_LOGLEVEL=4 CONFIG_ENABLE_WARN_DEPRECATED=y CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_STRIP_ASM_SYMS is not set # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_SHIRQ is not set # CONFIG_LOCKUP_DETECTOR is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_DETECT_HUNG_TASK is not set CONFIG_SCHED_DEBUG=y # CONFIG_SCHEDSTATS is not set # CONFIG_TIMER_STATS is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_SLAB is not set # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set # CONFIG_SPARSE_RCU_POINTER is not set # CONFIG_DEBUG_SPINLOCK_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set # CONFIG_DEBUG_STACK_USAGE is not set # CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_INFO=y # CONFIG_DEBUG_INFO_REDUCED is not set # CONFIG_DEBUG_VM is not set # CONFIG_DEBUG_WRITECOUNT is not set CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_DEBUG_LIST is not set # CONFIG_TEST_LIST_SORT is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set # CONFIG_DEBUG_CREDENTIALS is not set CONFIG_FRAME_POINTER=y # CONFIG_BOOT_PRINTK_DELAY is not set # CONFIG_RCU_TORTURE_TEST is not set # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set # CONFIG_FAULT_INJECTION is not set # CONFIG_SYSCTL_SYSCALL_CHECK is not set # CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_ATOMIC64_SELFTEST is not set # CONFIG_SAMPLES is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_GPROF is not set # CONFIG_GCOV is not set CONFIG_EARLY_PRINTK=y marionnet-0.90.6+bzr457.orig/uml/kernel/linux-3.7.%.compile_with_ARCH_um_SUBARCH_i386.diff0000600000175000017500000000143012356733375027174 0ustar lucaslucas*** linux-3.2.13.original/arch/x86/um/Makefile 2012-03-19 17:03:17.000000000 +0100 --- linux-3.2.13.modified/arch/x86/um/Makefile 2013-04-30 18:09:48.000000000 +0200 *************** *** 19,25 **** obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o --- 19,27 ---- obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o \ ! ../lib/atomic64_386_32.o ../lib/cmpxchg8b_emu.o ! subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/0000700000175000017500000000000012356733375021626 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.31-ghost_debian.patch0000600000175000017500000030143012356733375027162 0ustar lucaslucasdiff -rNuad linux-2.6.31/include/linux/netdevice.h linux-2.6.31-ghost/include/linux/netdevice.h --- linux-2.6.31/include/linux/netdevice.h 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/include/linux/netdevice.h 2009-11-26 22:58:23.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -2001,4 +2003,12 @@ } #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_NETDEVICE_H */ diff -rNuad linux-2.6.31/include/linux/sockios.h linux-2.6.31-ghost/include/linux/sockios.h --- linux-2.6.31/include/linux/sockios.h 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/include/linux/sockios.h 2009-11-26 22:58:23.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-2.6.31/include/net/ghostdebug.h linux-2.6.31-ghost/include/net/ghostdebug.h --- linux-2.6.31/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000 +++ linux-2.6.31-ghost/include/net/ghostdebug.h 2009-11-26 22:58:23.000000000 +0000 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-2.6.31/kernel/softirq.c linux-2.6.31-ghost/kernel/softirq.c --- linux-2.6.31/kernel/softirq.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/kernel/softirq.c 2009-11-26 22:58:23.000000000 +0000 @@ -128,8 +128,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -140,7 +143,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNuad linux-2.6.31/net/Kconfig linux-2.6.31-ghost/net/Kconfig --- linux-2.6.31/net/Kconfig 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/Kconfig 2009-11-26 22:58:23.000000000 +0000 @@ -159,6 +159,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -256,4 +355,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNuad linux-2.6.31/net/core/dev.c linux-2.6.31-ghost/net/core/dev.c --- linux-2.6.31/net/core/dev.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/core/dev.c 2009-11-26 22:58:23.000000000 +0000 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -137,6 +140,230 @@ #define GRO_MAX_HEAD (MAX_HEADER + 128) /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -539,6 +766,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2936,11 +3170,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -3009,6 +3252,10 @@ { const struct net_device_stats *stats = dev_get_stats(dev); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -4210,6 +4457,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = (short) dev_get_flags(dev); @@ -4280,6 +4537,17 @@ ops = dev->netdev_ops; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -4423,6 +4691,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-2.6.31/net/core/dev_mcast.c linux-2.6.31-ghost/net/core/dev_mcast.c --- linux-2.6.31/net/core/dev_mcast.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/core/dev_mcast.c 2009-11-26 22:58:23.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-2.6.31/net/core/rtnetlink.c linux-2.6.31-ghost/net/core/rtnetlink.c --- linux-2.6.31/net/core/rtnetlink.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/core/rtnetlink.c 2009-11-26 22:58:23.000000000 +0000 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -616,6 +637,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -690,6 +725,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -941,6 +994,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -979,6 +1044,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1181,6 +1257,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1235,6 +1322,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1270,6 +1359,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1289,14 +1383,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1328,6 +1429,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1343,6 +1449,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-2.6.31/net/ipv4/arp.c linux-2.6.31-ghost/net/ipv4/arp.c --- linux-2.6.31/net/ipv4/arp.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/arp.c 2009-11-26 22:58:23.000000000 +0000 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1311,9 +1318,21 @@ } #endif sprintf(tbuf, "%pI4", n->primary_key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves +ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1324,9 +1343,21 @@ char tbuf[16]; sprintf(tbuf, "%pI4", n->key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-2.6.31/net/ipv4/devinet.c linux-2.6.31-ghost/net/ipv4/devinet.c --- linux-2.6.31/net/ipv4/devinet.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/devinet.c 2009-11-26 22:58:23.000000000 +0000 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -448,6 +456,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -497,6 +515,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -546,6 +575,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1169,6 +1204,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-2.6.31/net/ipv4/fib_frontend.c linux-2.6.31-ghost/net/ipv4/fib_frontend.c --- linux-2.6.31/net/ipv4/fib_frontend.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_frontend.c 2009-11-26 22:58:23.000000000 +0000 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -44,6 +48,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -450,6 +459,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -464,6 +478,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -472,12 +502,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -584,6 +620,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -606,6 +652,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -621,6 +677,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -633,7 +695,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -658,6 +720,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-2.6.31/net/ipv4/fib_hash.c linux-2.6.31-ghost/net/ipv4/fib_hash.c --- linux-2.6.31/net/ipv4/fib_hash.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_hash.c 2009-11-26 22:58:23.000000000 +0000 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -396,6 +406,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -579,7 +601,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1021,19 +1053,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-2.6.31/net/ipv4/fib_semantics.c linux-2.6.31-ghost/net/ipv4/fib_semantics.c --- linux-2.6.31/net/ipv4/fib_semantics.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_semantics.c 2009-11-26 22:58:23.000000000 +0000 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -953,6 +961,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-2.6.31/net/ipv4/fib_trie.c linux-2.6.31-ghost/net/ipv4/fib_trie.c --- linux-2.6.31/net/ipv4/fib_trie.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_trie.c 2009-11-26 22:58:23.000000000 +0000 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1225,6 +1236,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1652,7 +1675,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2612,7 +2645,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2625,13 +2679,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-2.6.31/net/ipv4/igmp.c linux-2.6.31-ghost/net/ipv4/igmp.c --- linux-2.6.31/net/ipv4/igmp.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/igmp.c 2009-11-26 22:58:23.000000000 +0000 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2387,8 +2394,18 @@ #endif if (state->in_dev->mc_list == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2550,14 +2567,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.31/net/ipv4/route.c linux-2.6.31-ghost/net/ipv4/route.c --- linux-2.6.31/net/ipv4/route.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/route.c 2009-11-26 22:58:23.000000000 +0000 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -375,6 +383,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -392,11 +408,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2833,8 +2849,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2917,7 +2938,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2939,6 +2960,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2971,6 +3003,22 @@ if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2985,6 +3033,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-2.6.31/net/ipv6/Kconfig linux-2.6.31-ghost/net/ipv6/Kconfig --- linux-2.6.31/net/ipv6/Kconfig 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/Kconfig 2009-11-26 22:58:23.000000000 +0000 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-2.6.31/net/ipv6/addrconf.c linux-2.6.31-ghost/net/ipv6/addrconf.c --- linux-2.6.31/net/ipv6/addrconf.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/addrconf.c 2009-11-26 22:58:23.000000000 +0000 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -81,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -446,6 +454,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2151,6 +2239,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2165,6 +2257,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2979,6 +3080,22 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", + &ifp->addr, + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", &ifp->addr, ifp->idev->dev->ifindex, @@ -2986,6 +3103,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3193,6 +3312,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3210,7 +3333,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3259,6 +3384,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3296,6 +3425,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3464,6 +3602,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3489,6 +3633,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3560,7 +3715,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3568,6 +3722,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3594,6 +3752,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3802,6 +3971,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3813,6 +3986,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3840,7 +4021,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-2.6.31/net/ipv6/ip6_fib.c linux-2.6.31-ghost/net/ipv6/ip6_fib.c --- linux-2.6.31/net/ipv6/ip6_fib.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/ip6_fib.c 2009-11-26 22:58:23.000000000 +0000 @@ -275,6 +275,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -320,7 +322,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-2.6.31/net/ipv6/mcast.c linux-2.6.31-ghost/net/ipv6/mcast.c --- linux-2.6.31/net/ipv6/mcast.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/mcast.c 2009-11-26 22:59:37.000000000 +0000 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2440,6 +2449,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s %pi6 %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + &im->mca_addr, + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s %pi6 %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2447,6 +2470,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2601,6 +2625,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + &state->im->mca_addr, + &psf->sf_addr, + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2608,6 +2646,7 @@ &psf->sf_addr, psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.31/net/ipv6/proc.c linux-2.6.31-ghost/net/ipv6/proc.c --- linux-2.6.31/net/ipv6/proc.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/proc.c 2009-11-26 22:59:07.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +31,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -200,6 +212,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -207,6 +231,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -rNuad linux-2.6.31/net/ipv6/route.c linux-2.6.31-ghost/net/ipv6/route.c --- linux-2.6.31/net/ipv6/route.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/route.c 2009-11-26 22:58:23.000000000 +0000 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1115,10 +1124,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1830,6 +1835,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2133,26 +2140,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2172,6 +2237,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2183,6 +2252,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2290,10 +2372,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2307,6 +2405,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2452,6 +2552,17 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen); #ifdef CONFIG_IPV6_SUBTREES diff -rNuad linux-2.6.31/net/netfilter/core.c linux-2.6.31-ghost/net/netfilter/core.c --- linux-2.6.31/net/netfilter/core.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/netfilter/core.c 2009-11-26 23:00:16.000000000 +0000 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { @@ -182,6 +339,9 @@ verdict >> NF_VERDICT_BITS)) goto next_hook; } +#ifdef CONFIG_GHOSTIFICATION_NETFILTER +unlock: +#endif rcu_read_unlock(); return ret; } diff -rNuad linux-2.6.31/net/packet/af_packet.c linux-2.6.31-ghost/net/packet/af_packet.c --- linux-2.6.31/net/packet/af_packet.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/packet/af_packet.c 2009-11-26 22:58:23.000000000 +0000 @@ -8,6 +8,7 @@ * Authors: Ross Biro * Fred N. van Kempen, * Alan Cox, + * Luca Saiu : Trivial changes for ghostification * * Fixes: * Alan Cox : verify_area() now used correctly @@ -84,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -549,6 +555,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -670,6 +688,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2420,17 +2450,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.32-ghost.patch0000600000175000017500000030142212356733375025662 0ustar lucaslucasdiff -rNuad linux-2.6.32/include/linux/netdevice.h linux-2.6.32-ghost/include/linux/netdevice.h --- linux-2.6.32/include/linux/netdevice.h 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/include/linux/netdevice.h 2009-12-05 12:34:40.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -2015,4 +2017,12 @@ } #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_NETDEVICE_H */ diff -rNuad linux-2.6.32/include/linux/sockios.h linux-2.6.32-ghost/include/linux/sockios.h --- linux-2.6.32/include/linux/sockios.h 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/include/linux/sockios.h 2009-12-05 12:34:40.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-2.6.32/include/net/ghostdebug.h linux-2.6.32-ghost/include/net/ghostdebug.h --- linux-2.6.32/include/net/ghostdebug.h 1970-01-01 01:00:00.000000000 +0100 +++ linux-2.6.32-ghost/include/net/ghostdebug.h 2009-12-05 12:34:40.000000000 +0100 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-2.6.32/kernel/softirq.c linux-2.6.32-ghost/kernel/softirq.c --- linux-2.6.32/kernel/softirq.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/kernel/softirq.c 2009-12-05 12:34:40.000000000 +0100 @@ -128,8 +128,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -140,7 +143,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNuad linux-2.6.32/net/core/dev.c linux-2.6.32-ghost/net/core/dev.c --- linux-2.6.32/net/core/dev.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/core/dev.c 2009-12-05 12:50:12.000000000 +0100 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -137,6 +140,230 @@ #define GRO_MAX_HEAD (MAX_HEADER + 128) /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -544,6 +771,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2979,11 +3213,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -3052,6 +3295,10 @@ { const struct net_device_stats *stats = dev_get_stats(dev); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -4264,6 +4511,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = (short) dev_get_flags(dev); @@ -4334,6 +4591,17 @@ ops = dev->netdev_ops; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -4476,6 +4744,56 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ /* * These ioctl calls: * - can be done by all. diff -rNuad linux-2.6.32/net/core/dev_mcast.c linux-2.6.32-ghost/net/core/dev_mcast.c --- linux-2.6.32/net/core/dev_mcast.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/core/dev_mcast.c 2009-12-05 12:34:40.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-2.6.32/net/core/rtnetlink.c linux-2.6.32-ghost/net/core/rtnetlink.c --- linux-2.6.32/net/core/rtnetlink.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/core/rtnetlink.c 2009-12-05 12:34:40.000000000 +0100 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -615,6 +636,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -688,6 +723,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -920,6 +973,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -958,6 +1023,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1168,6 +1244,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1222,6 +1309,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1257,6 +1346,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1276,14 +1370,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1315,6 +1416,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1330,6 +1436,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-2.6.32/net/ipv4/arp.c linux-2.6.32-ghost/net/ipv4/arp.c --- linux-2.6.32/net/ipv4/arp.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/arp.c 2009-12-05 12:34:40.000000000 +0100 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1311,9 +1318,21 @@ } #endif sprintf(tbuf, "%pI4", n->primary_key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves +ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1324,9 +1343,21 @@ char tbuf[16]; sprintf(tbuf, "%pI4", n->key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-2.6.32/net/ipv4/devinet.c linux-2.6.32-ghost/net/ipv4/devinet.c --- linux-2.6.32/net/ipv4/devinet.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/devinet.c 2009-12-05 12:34:40.000000000 +0100 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -448,6 +456,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -497,6 +515,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -546,6 +575,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1179,6 +1214,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-2.6.32/net/ipv4/fib_frontend.c linux-2.6.32-ghost/net/ipv4/fib_frontend.c --- linux-2.6.32/net/ipv4/fib_frontend.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/fib_frontend.c 2009-12-05 12:34:40.000000000 +0100 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -44,6 +48,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -453,6 +462,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -467,6 +481,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -475,12 +505,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -587,6 +623,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -609,6 +655,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -624,6 +680,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -636,7 +698,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -661,6 +723,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-2.6.32/net/ipv4/fib_hash.c linux-2.6.32-ghost/net/ipv4/fib_hash.c --- linux-2.6.32/net/ipv4/fib_hash.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/fib_hash.c 2009-12-05 12:34:40.000000000 +0100 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -396,6 +406,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -579,7 +601,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1021,19 +1053,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-2.6.32/net/ipv4/fib_semantics.c linux-2.6.32-ghost/net/ipv4/fib_semantics.c --- linux-2.6.32/net/ipv4/fib_semantics.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/fib_semantics.c 2009-12-05 12:34:40.000000000 +0100 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -953,6 +961,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-2.6.32/net/ipv4/fib_trie.c linux-2.6.32-ghost/net/ipv4/fib_trie.c --- linux-2.6.32/net/ipv4/fib_trie.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/fib_trie.c 2009-12-05 12:34:40.000000000 +0100 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1206,6 +1217,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1633,7 +1656,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2593,7 +2626,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2606,13 +2660,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-2.6.32/net/ipv4/igmp.c linux-2.6.32-ghost/net/ipv4/igmp.c --- linux-2.6.32/net/ipv4/igmp.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/igmp.c 2009-12-05 12:34:40.000000000 +0100 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2409,8 +2416,18 @@ #endif if (state->in_dev->mc_list == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2572,14 +2589,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.32/net/ipv4/route.c linux-2.6.32-ghost/net/ipv4/route.c --- linux-2.6.32/net/ipv4/route.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv4/route.c 2009-12-05 12:34:40.000000000 +0100 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -375,6 +383,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -392,11 +408,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2835,8 +2851,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2919,7 +2940,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2941,6 +2962,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2973,6 +3005,22 @@ if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2987,6 +3035,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-2.6.32/net/ipv6/addrconf.c linux-2.6.32-ghost/net/ipv6/addrconf.c --- linux-2.6.32/net/ipv6/addrconf.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv6/addrconf.c 2009-12-05 12:34:40.000000000 +0100 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -81,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -448,6 +456,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2155,6 +2243,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2169,6 +2261,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -3000,6 +3101,22 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", + &ifp->addr, + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", &ifp->addr, ifp->idev->dev->ifindex, @@ -3007,6 +3124,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3214,6 +3333,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3231,7 +3354,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3280,6 +3405,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3317,6 +3446,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3485,6 +3623,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3510,6 +3654,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3581,7 +3736,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3589,6 +3743,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3615,6 +3773,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3823,6 +3992,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3834,6 +4007,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3861,7 +4042,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-2.6.32/net/ipv6/ip6_fib.c linux-2.6.32-ghost/net/ipv6/ip6_fib.c --- linux-2.6.32/net/ipv6/ip6_fib.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv6/ip6_fib.c 2009-12-05 12:34:40.000000000 +0100 @@ -269,6 +269,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -314,7 +316,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-2.6.32/net/ipv6/Kconfig linux-2.6.32-ghost/net/ipv6/Kconfig --- linux-2.6.32/net/ipv6/Kconfig 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv6/Kconfig 2009-12-05 12:34:40.000000000 +0100 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-2.6.32/net/ipv6/mcast.c linux-2.6.32-ghost/net/ipv6/mcast.c --- linux-2.6.32/net/ipv6/mcast.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv6/mcast.c 2009-12-05 12:34:40.000000000 +0100 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2458,6 +2467,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s %pi6 %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + &im->mca_addr, + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s %pi6 %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2465,6 +2488,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2619,6 +2643,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + &state->im->mca_addr, + &psf->sf_addr, + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2626,6 +2664,7 @@ &psf->sf_addr, psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.32/net/ipv6/proc.c linux-2.6.32-ghost/net/ipv6/proc.c --- linux-2.6.32/net/ipv6/proc.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv6/proc.c 2009-12-05 12:34:40.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +31,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -200,6 +212,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -207,6 +231,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -rNuad linux-2.6.32/net/ipv6/route.c linux-2.6.32-ghost/net/ipv6/route.c --- linux-2.6.32/net/ipv6/route.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/ipv6/route.c 2009-12-05 12:34:40.000000000 +0100 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1115,10 +1124,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1830,6 +1835,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2133,26 +2140,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2172,6 +2237,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2183,6 +2252,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2290,10 +2372,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2307,6 +2405,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2452,6 +2552,17 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen); #ifdef CONFIG_IPV6_SUBTREES diff -rNuad linux-2.6.32/net/Kconfig linux-2.6.32-ghost/net/Kconfig --- linux-2.6.32/net/Kconfig 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/Kconfig 2009-12-05 12:34:40.000000000 +0100 @@ -179,6 +179,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -276,4 +375,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNuad linux-2.6.32/net/netfilter/core.c linux-2.6.32-ghost/net/netfilter/core.c --- linux-2.6.32/net/netfilter/core.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/netfilter/core.c 2009-12-05 12:34:40.000000000 +0100 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { @@ -182,6 +339,9 @@ verdict >> NF_VERDICT_BITS)) goto next_hook; } +#ifdef CONFIG_GHOSTIFICATION_NETFILTER +unlock: +#endif rcu_read_unlock(); return ret; } diff -rNuad linux-2.6.32/net/packet/af_packet.c linux-2.6.32-ghost/net/packet/af_packet.c --- linux-2.6.32/net/packet/af_packet.c 2009-12-03 04:51:21.000000000 +0100 +++ linux-2.6.32-ghost/net/packet/af_packet.c 2009-12-05 12:55:15.000000000 +0100 @@ -8,6 +8,7 @@ * Authors: Ross Biro * Fred N. van Kempen, * Alan Cox, + * Luca Saiu : Trivial changes for ghostification * * Fixes: * Alan Cox : verify_area() now used correctly @@ -84,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -548,6 +554,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -670,6 +688,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2415,17 +2445,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s)); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.260000600000175000017500000005277512356733375023271 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.26 # Fri Nov 27 11:55:55 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # CONFIG_STATIC_LINK is not set # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_GENERIC=y CONFIG_X86_CPU=y CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_GOOD_APIC=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 CONFIG_X86_DEBUGCTLMSR=y CONFIG_UML_X86=y CONFIG_X86_32=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_64BIT is not set # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_SUPPORTS_AOUT=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set # CONFIG_SPARSEMEM_VMEMMAP_ENABLE is not set CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_RESOURCES_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=0 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set # CONFIG_GROUP_SCHED is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_SYSCTL_SYSCALL_CHECK=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_COMPAT_BRK=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_ANON_INODES=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_HAVE_OPROFILE is not set # CONFIG_HAVE_KPROBES is not set # CONFIG_HAVE_KRETPROBES is not set # CONFIG_HAVE_DMA_ATTRS is not set CONFIG_PROC_PAGE_MONITOR=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_LBD is not set # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_LSF is not set # CONFIG_BLK_DEV_BSG is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" CONFIG_CLASSIC_RCU=y CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y # CONFIG_FW_LOADER is not set # CONFIG_SYS_HYPERVISOR is not set # # Networking # CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set # CONFIG_IP_VS is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y # # IP: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_RECENT=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y # # Bridge: Netfilter Configuration # CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_BRIDGE=y CONFIG_VLAN_8021Q=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # # Wireless # # CONFIG_CFG80211 is not set # CONFIG_WIRELESS_EXT is not set # CONFIG_MAC80211 is not set # CONFIG_IEEE80211 is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y CONFIG_NETDEVICES_MULTIQUEUE=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y CONFIG_EXT2_FS_SECURITY=y # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4DEV_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_SUNRPC_BIND34=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_MANAGER=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set # CONFIG_MD is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.27_x86_640000600000175000017500000005411112356733375024272 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.27 # Fri Nov 27 10:03:13 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # CONFIG_STATIC_LINK is not set # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set CONFIG_MK8=y # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_CPU=y # CONFIG_X86_CMPXCHG is not set CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_MINIMUM_CPU_FAMILY=3 CONFIG_X86_DEBUGCTLMSR=y CONFIG_UML_X86=y CONFIG_64BIT=y CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y # CONFIG_ARCH_HAS_SC_SIGNALS is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set CONFIG_SMP_BROKEN=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_SUPPORTS_AOUT=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set # CONFIG_SPARSEMEM_VMEMMAP_ENABLE is not set CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_RESOURCES_64BIT=y CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=1 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set # CONFIG_GROUP_SCHED is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_COMPAT_BRK=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_ANON_INODES=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_HAVE_OPROFILE is not set # CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is not set # CONFIG_HAVE_IOREMAP_PROT is not set # CONFIG_HAVE_KPROBES is not set # CONFIG_HAVE_KRETPROBES is not set # CONFIG_HAVE_ARCH_TRACEHOOK is not set # CONFIG_HAVE_DMA_ATTRS is not set # CONFIG_USE_GENERIC_SMP_HELPERS is not set # CONFIG_HAVE_CLK is not set CONFIG_PROC_PAGE_MONITOR=y # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" CONFIG_CLASSIC_RCU=y CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set # CONFIG_IP_VS is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y # # IP: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_RECENT=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y # # Bridge: Netfilter Configuration # CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # # Wireless # # CONFIG_CFG80211 is not set # CONFIG_WIRELESS_EXT is not set # CONFIG_MAC80211 is not set # CONFIG_IEEE80211 is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4DEV_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_MANAGER=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=y # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set CONFIG_CRYPTO_SALSA20_X86_64=y # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.290000600000175000017500000005576412356733375023275 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.29 # Fri Nov 27 12:37:56 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_GENERIC=y CONFIG_X86_CPU=y CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR_32=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_X86_32=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_RWSEM_GENERIC_SPINLOCK is not set # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y # CONFIG_SMP_BROKEN is not set CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_PHYS_ADDR_T_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_UNEVICTABLE_LRU=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=0 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_CLASSIC_RCU=y # CONFIG_TREE_RCU is not set # CONFIG_PREEMPT_RCU is not set # CONFIG_TREE_RCU_TRACE is not set # CONFIG_PREEMPT_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_LBD is not set # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_COMPAT_NET_DEV_OPS=y CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set # CONFIG_PHONET is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_FILE_LOCKING=y # CONFIG_XFS_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y # CONFIG_SUNRPC_REGISTER_V4 is not set CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # # Tracers # # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.18-ghost_debian.patch0000600000175000017500000010173512356733375027175 0ustar lucaslucasdiff -rNuadEb linux-source-2.6.18/arch/um/sys-i386/user-offsets.c linux-source-2.6.18-ghost/arch/um/sys-i386/user-offsets.c --- linux-source-2.6.18/arch/um/sys-i386/user-offsets.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/arch/um/sys-i386/user-offsets.c 2009-11-29 20:04:05.000000000 +0100 @@ -2,7 +2,8 @@ #include #include #include -#include +#include +//#include #include #define DEFINE(sym, val) \ @@ -11,6 +12,10 @@ #define DEFINE_LONGS(sym, val) \ asm volatile("\n->" #sym " %0 " #val : : "i" (val/sizeof(unsigned long))) +//#define offsetof(TYPE,MEMBER) ((size_t)&((TYPE*)0)->MEMBER) +#define offsetof(TYPE, MEMBER) __builtin_offsetof (TYPE, MEMBER) + + #define OFFSET(sym, str, mem) \ DEFINE(sym, offsetof(struct str, mem)); diff -rNuadEb linux-source-2.6.18/include/linux/netdevice.h linux-source-2.6.18-ghost/include/linux/netdevice.h --- linux-source-2.6.18/include/linux/netdevice.h 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/include/linux/netdevice.h 2009-11-29 20:04:05.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes + * for ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1041,4 +1043,7 @@ #endif /* __KERNEL__ */ +/* Just check whether the given name belongs to the ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name); + #endif /* _LINUX_DEV_H */ diff -rNuadEb linux-source-2.6.18/include/linux/sockios.h linux-source-2.6.18-ghost/include/linux/sockios.h --- linux-source-2.6.18/include/linux/sockios.h 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/include/linux/sockios.h 2009-11-29 20:04:05.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes + * for ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,10 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuadEb linux-source-2.6.18/net/core/dev.c linux-source-2.6.18-ghost/net/core/dev.c --- linux-source-2.6.18/net/core/dev.c 2009-11-05 04:47:10.000000000 +0100 +++ linux-source-2.6.18-ghost/net/core/dev.c 2009-11-29 20:04:05.000000000 +0100 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -118,6 +119,179 @@ #include #include + +/* The maximum number of ghost interfaces allowed at any given + time: */ +#define MAX_GHOST_INTERFACES_NO 8 + +/* A crude unsorted array of unique names, where "" stands for an + empty slot. Elements are so few that an hash table would be + overkill, and possibly also less efficient than this solution: */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +//static DEFINE_SPINLOCK(ghostification_spin_lock); +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for readers, + which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) +/* Lock re-enabling interrupts and restoring flags. This is for readers, + which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name){ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; // we found the given name in the i-th element + return -1; // we didn't find the given name in the array +} + +/* This is useful for debugging. It must be called in a critical + section. */ +static void __dump_ghost_interfaces(void){ + int i, number_of_ghost_interfaces = 0; + printk(KERN_DEBUG + "Ghost interfaces are now:\n"); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")){ + number_of_ghost_interfaces++; + printk(KERN_DEBUG "%i. %s\n", + number_of_ghost_interfaces, + ghost_interface_names[i]); + } + printk(KERN_DEBUG "There are now %i ghost interfaces. A maximum of %i can exist at any given time.\n", + number_of_ghost_interfaces, + MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name){ + /* Particular case: "" is *not* a ghost interface name, even if + it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name){ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name){ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)){ + printk(KERN_DEBUG + "The user asked to ghostify the interface %s, which has a name of length %i. Failing.\n", + interface_name, + name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } // if + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)){ + printk(KERN_DEBUG + "Could not ghostify the interface %s, because it\'s already ghost.\n", + interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } // if + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0){ + printk(KERN_DEBUG + "Could not ghostify the interface %s, because %i interfaces are already ghostified. Sorry.\n", + interface_name, + MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } // if + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], + interface_name); + + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name){ + int the_interface_index; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0){ + printk(KERN_DEBUG + "Could not unghostify the interface %s, because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } // if + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_name); + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +EXPORT_SYMBOL(is_a_ghost_interface_name); + + /* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. @@ -433,8 +607,13 @@ int __init netdev_boot_setup(char *str) { int ints[5]; + int i; struct ifmap map; + /* There are no ghost interfaces by default: */ + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; + str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) return 0; @@ -2044,11 +2223,16 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * unless they are ghostified. */ - total = 0; - for (dev = dev_base; dev; dev = dev->next) { + for (dev = dev_base; dev; dev = dev->next){ + /* Don't tell the user about ghost interfaces: just skip them: */ + if(is_a_ghost_interface_name(dev->name)){ + // printk(KERN_DEBUG "Skipping the ghost interface %s in SIOCGIFCONF\n", dev->name); + continue; + } for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2111,7 +2295,7 @@ { if (dev->get_stats) { struct net_device_stats *stats = dev->get_stats(dev); - + if(! is_a_ghost_interface_name(dev->name)) seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -2492,6 +2676,10 @@ if (!dev) return -ENODEV; + if(is_a_ghost_interface_name(dev->name)){ + //printk(KERN_DEBUG "The user is performing a SIOCxIFxxx ioctl() on the ghost interface %s here; we make the call fail with -ENODEV\n", dev->name); + return -ENODEV; + } switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ @@ -2675,6 +2863,48 @@ */ switch (cmd) { + case SIOKLOG:{ + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + case SIOCGIFGHOSTIFY:{ + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG + "The user asked to ghostify the interface %s.\n", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + printk(KERN_DEBUG "Ok, %s was ghostified.\n", + interface_name); + else + printk(KERN_DEBUG "Failure in ghostification of %s\n", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY:{ + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG + "The user asked to unghostify the interface %s.\n", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + printk(KERN_DEBUG "Ok, %s was unghostified.\n", + interface_name); + else + printk(KERN_DEBUG "Failure in unghostification of %s\n", + interface_name); + return failure; + } /* * These ioctl calls: * - can be done by all. diff -rNuadEb linux-source-2.6.18/net/core/dev_mcast.c linux-source-2.6.18-ghost/net/core/dev_mcast.c --- linux-source-2.6.18/net/core/dev_mcast.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/core/dev_mcast.c 2009-11-29 20:04:05.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes + * for ghostification support * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -254,6 +256,9 @@ for (m = dev->mc_list; m; m = m->next) { int i; + /* Don't show information about ghost interfaces: */ + if(is_a_ghost_interface_name(dev->name)) + continue; seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuadEb linux-source-2.6.18/net/ipv4/arp.c linux-source-2.6.18-ghost/net/ipv4/arp.c --- linux-source-2.6.18/net/ipv4/arp.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/ipv4/arp.c 2009-11-29 20:04:05.000000000 +0100 @@ -72,6 +72,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -1316,6 +1318,9 @@ } #endif sprintf(tbuf, "%u.%u.%u.%u", NIPQUAD(*(u32*)n->primary_key)); + /* Don't show anything in /proc if it involves ghost + interfaces: */ + if(! is_a_ghost_interface_name(dev->name)) seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); @@ -1329,6 +1334,9 @@ char tbuf[16]; sprintf(tbuf, "%u.%u.%u.%u", NIPQUAD(*(u32*)n->key)); + /* Don't show anything in /proc if it involves ghost + interfaces: */ + if(! is_a_ghost_interface_name(dev->name)) seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", dev ? dev->name : "*"); diff -rNuadEb linux-source-2.6.18/net/ipv4/fib_frontend.c linux-source-2.6.18-ghost/net/ipv4/fib_frontend.c --- linux-source-2.6.18/net/ipv4/fib_frontend.c 2009-11-05 04:47:11.000000000 +0100 +++ linux-source-2.6.18-ghost/net/ipv4/fib_frontend.c 2009-11-29 20:04:05.000000000 +0100 @@ -8,6 +8,8 @@ * Version: $Id: fib_frontend.c,v 1.26 2001/10/31 21:55:54 davem Exp $ * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes + * for ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -236,6 +238,9 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +/* A function implemented in net/core/dev.c: */ +int is_a_ghost_interface_name(const char *interface_name); + int ip_rt_ioctl(unsigned int cmd, void __user *arg) { int err; @@ -253,12 +258,27 @@ return -EPERM; if (copy_from_user(&r, arg, sizeof(struct rtentry))) return -EFAULT; + /* Forbid any action involving a ghost interface: */ + if(r.rt_dev != (char __user*)NULL){ + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; + if(copy_from_user(interface_name, r.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)){ + printk(KERN_DEBUG "The user aked to add a route involving the ghost interface %s. We make this operation fail\n", interface_name); + return -ENODEV; + } // if + } // block rtnl_lock(); err = fib_convert_rtentry(cmd, &req.nlh, &req.rtm, &rta, &r); if (err == 0) { if (cmd == SIOCDELRT) { struct fib_table *tb = fib_get_table(req.rtm.rtm_table); err = -ESRCH; + /* The function pointed by tb->tb_delete was also modified to deal + with ghost interfaces. Such function may be either + fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &req.rtm, &rta, &req.nlh, NULL); } else { diff -rNuadEb linux-source-2.6.18/net/ipv4/fib_hash.c linux-source-2.6.18-ghost/net/ipv4/fib_hash.c --- linux-source-2.6.18/net/ipv4/fib_hash.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/ipv4/fib_hash.c 2009-11-29 20:04:05.000000000 +0100 @@ -8,6 +8,8 @@ * Version: $Id: fib_hash.c,v 1.13 2001/10/31 21:55:54 davem Exp $ * * Authors: Alexey Kuznetsov, + * Luca Saiu (trivial changes + * for ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -576,6 +578,10 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; + if(is_a_ghost_interface_name(fi->fib_dev->name)){ + printk(KERN_DEBUG "Trying to delete a route involving the ghost device %s: we make this operation fail.\n", fi->fib_dev->name); + return -ENODEV; + } // if if (fa->fa_tos != tos) break; @@ -1018,6 +1024,8 @@ mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); if (fi) + { + if (! is_a_ghost_interface_name((const char*)fi->fib_dev)){ snprintf(bf, sizeof(bf), "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u", fi->fib_dev ? fi->fib_dev->name : "*", prefix, @@ -1025,11 +1033,16 @@ mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3); - else + seq_printf(seq, "%-127s\n", bf); + } // inner if + } // block + else{ snprintf(bf, sizeof(bf), "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0); seq_printf(seq, "%-127s\n", bf); + } + //seq_printf(seq, "%-127s\n", bf); out: return 0; } diff -rNuadEb linux-source-2.6.18/net/ipv4/fib_trie.c linux-source-2.6.18-ghost/net/ipv4/fib_trie.c --- linux-source-2.6.18/net/ipv4/fib_trie.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/ipv4/fib_trie.c 2009-11-29 20:04:05.000000000 +0100 @@ -12,6 +12,9 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (trivial changes + * for ghostification support) + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -1594,7 +1597,10 @@ list_for_each_entry(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - + if(is_a_ghost_interface_name(fi->fib_dev->name)){ + printk(KERN_DEBUG "Trying to delete a route involving the ghost device %s: we make this operation fail.\n", fi->fib_dev->name); + return -ENODEV; + } // if if (fa->fa_tos != tos) break; @@ -2432,6 +2438,9 @@ continue; if (fi) + { + if (! is_a_ghost_interface_name((const char*) + fi->fib_dev)) snprintf(bf, sizeof(bf), "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u", fi->fib_dev ? fi->fib_dev->name : "*", @@ -2442,6 +2451,7 @@ (fi->fib_advmss ? fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3); + } else snprintf(bf, sizeof(bf), "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u", diff -rNuadEb linux-source-2.6.18/net/ipv4/igmp.c linux-source-2.6.18-ghost/net/ipv4/igmp.c --- linux-source-2.6.18/net/ipv4/igmp.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/ipv4/igmp.c 2009-11-29 20:04:05.000000000 +0100 @@ -70,6 +70,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes + * for ghostification support */ #include @@ -2359,6 +2361,8 @@ #endif if (state->in_dev->mc_list == im) { + /* Don't show any info about ghost interfaces: */ + if(! is_a_ghost_interface_name(state->dev->name)) seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->dev->mc_count, querier); } @@ -2535,6 +2539,8 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { + /* Don't show any info about ghost interfaces: */ + if(! is_a_ghost_interface_name(state->dev->name)) seq_printf(seq, "%3d %6.6s 0x%08x " "0x%08x %6lu %6lu\n", diff -rNuadEb linux-source-2.6.18/net/ipv4/route.c linux-source-2.6.18-ghost/net/ipv4/route.c --- linux-source-2.6.18/net/ipv4/route.c 2009-11-05 04:47:10.000000000 +0100 +++ linux-source-2.6.18-ghost/net/ipv4/route.c 2009-11-29 20:04:05.000000000 +0100 @@ -57,6 +57,8 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : Trivial changes for ghostification + * support * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -336,7 +338,10 @@ "Iface\tDestination\tGateway \tFlags\t\tRefCnt\tUse\t" "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); - else { + else + if(! is_a_ghost_interface_name((const char*) + ((struct rtable*)v)->u.dst.dev)) + { struct rtable *r = v; char temp[256]; diff -rNuadEb linux-source-2.6.18/net/ipv6/addrconf.c linux-source-2.6.18-ghost/net/ipv6/addrconf.c --- linux-source-2.6.18/net/ipv6/addrconf.c 2009-11-05 04:47:11.000000000 +0100 +++ linux-source-2.6.18-ghost/net/ipv6/addrconf.c 2009-11-29 20:04:05.000000000 +0100 @@ -38,6 +38,7 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support */ #include @@ -442,6 +443,77 @@ return idev; } +/* Utility procedure, needed for + {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). Return a pointer + to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name){ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless it's + already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name){ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + printk(KERN_DEBUG "Hiding /proc/net/dev_snmp6/%s...\n", + interface_name); + if(idev == NULL) // lookup failed + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry then + remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, + proc_net_devsnmp6); +#endif // #ifdef CONFIG_PROC_FS + return 0; + // return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless it's + already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name){ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + printk(KERN_DEBUG "Showing /proc/net/dev_snmp6/%s...\n", + interface_name); + if(idev == NULL) // lookup failed + return -EINVAL; + if(idev->dev == NULL) // I doubt this may happen... + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) // there isn't any /proc/net/dev_snmp6 + return -ENOENT; + if((proc_directory_entry = + create_proc_entry(interface_name, S_IRUGO, proc_net_devsnmp6)) + == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif // #ifdef CONFIG_PROC_FS + return 0; + // return snmp6_register_dev(idev); +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2704,6 +2776,8 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; + /* Don't show information about ghost interfaces: */ + if(! is_a_ghost_interface_name(ifp->idev->dev->name)) seq_printf(seq, NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", NIP6(ifp->addr), diff -rNuadEb linux-source-2.6.18/net/ipv6/mcast.c linux-source-2.6.18-ghost/net/ipv6/mcast.c --- linux-source-2.6.18/net/ipv6/mcast.c 2009-11-05 04:47:11.000000000 +0100 +++ linux-source-2.6.18-ghost/net/ipv6/mcast.c 2009-11-29 20:04:05.000000000 +0100 @@ -26,6 +26,8 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support */ #include @@ -2404,6 +2406,8 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); + /* Don't show information about ghost interfaces: */ + if(! is_a_ghost_interface_name(state->dev->name)) seq_printf(seq, "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", state->dev->ifindex, state->dev->name, diff -rNuadEb linux-source-2.6.18/net/ipv6/proc.c linux-source-2.6.18-ghost/net/ipv6/proc.c --- linux-source-2.6.18/net/ipv6/proc.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/ipv6/proc.c 2009-11-29 20:04:05.000000000 +0100 @@ -11,6 +11,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes + * for ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -30,7 +32,11 @@ #include #ifdef CONFIG_PROC_FS -static struct proc_dir_entry *proc_net_devsnmp6; + +/* We don't want this to be static, as it has to be read at ghostifying + and unghostifying time: */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); static int fold_prot_inuse(struct proto *proto) { @@ -188,13 +194,16 @@ return single_open(file, snmp6_seq_show, PDE(inode)->data); } -static struct file_operations snmp6_seq_fops = { +/* This was originally static, but we need to make it + visible: */ +struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, .read = seq_read, .llseek = seq_lseek, .release = single_release, }; +EXPORT_SYMBOL(snmp6_seq_fops); int snmp6_register_dev(struct inet6_dev *idev) { diff -rNuadEb linux-source-2.6.18/net/ipv6/route.c linux-source-2.6.18-ghost/net/ipv6/route.c --- linux-source-2.6.18/net/ipv6/route.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/ipv6/route.c 2009-11-29 20:04:05.000000000 +0100 @@ -22,6 +22,8 @@ * routers in REACHABLE, STALE, DELAY or PROBE states). * - always select the same router if it is (probably) * reachable. otherwise, round-robin the list. + * Luca Saiu + * trivial changes for ghostification support */ #include @@ -2045,6 +2047,11 @@ struct rt6_proc_arg *arg = (struct rt6_proc_arg *) p_arg; int i; + /* Do nothing is this route involves a ghost interface: */ + if(rt->rt6i_dev != NULL) // can't use &&: evaluation order is undefined + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) + return 0; + if (arg->skip < arg->offset / RT6_INFO_LEN) { arg->skip++; return 0; diff -rNuadEb linux-source-2.6.18/net/packet/af_packet.c linux-source-2.6.18-ghost/net/packet/af_packet.c --- linux-source-2.6.18/net/packet/af_packet.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-source-2.6.18-ghost/net/packet/af_packet.c 2009-11-29 20:04:05.000000000 +0100 @@ -41,6 +41,8 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification + * support * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -468,6 +470,12 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; + /* Drop packets involving ghost interfaces: we don't want the user + to be able to sniff them: */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) + goto drop; + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -576,6 +584,11 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; + /* Drop packets involving ghost interfaces: we don't want the user + to be able to sniff them: */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) + goto drop; sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -1875,6 +1888,9 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); + /* Don't show packets involving ghost devices: */ + struct net_device *net_device = dev_get_by_index(po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) seq_printf(seq, "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", s, marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.28_x86_640000600000175000017500000005473512356733375024307 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.28 # Fri Nov 27 09:58:17 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set CONFIG_MK8=y # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_CPU=y # CONFIG_X86_CMPXCHG is not set CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=3 CONFIG_X86_DEBUGCTLMSR=y CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR_64=y # CONFIG_X86_DS is not set CONFIG_UML_X86=y CONFIG_64BIT=y # CONFIG_X86_32 is not set # CONFIG_RWSEM_XCHGADD_ALGORITHM is not set CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y # CONFIG_ARCH_HAS_SC_SIGNALS is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set CONFIG_SMP_BROKEN=y CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_RESOURCES_64BIT=y CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_UNEVICTABLE_LRU=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=1 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set # CONFIG_GROUP_SCHED is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_COMPAT_BRK=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_ANON_INODES=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" CONFIG_CLASSIC_RCU=y # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_CRYPTOLOOP=y CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set # CONFIG_PHONET is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_FILE_LOCKING=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y # CONFIG_SUNRPC_REGISTER_V4 is not set CONFIG_RPCSEC_GSS_KRB5=y # CONFIG_RPCSEC_GSS_SPKM3 is not set # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=y # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set # CONFIG_CRYPTO_CAST5 is not set # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set CONFIG_CRYPTO_SALSA20_X86_64=y # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # # Tracers # # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.29_x86_640000600000175000017500000005443012356733375024300 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.29 # Fri Nov 27 10:09:30 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set CONFIG_MK8=y # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_CPU=y # CONFIG_X86_CMPXCHG is not set CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=3 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR_64=y CONFIG_UML_X86=y CONFIG_64BIT=y # CONFIG_X86_32 is not set # CONFIG_RWSEM_XCHGADD_ALGORITHM is not set CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y # CONFIG_ARCH_HAS_SC_SIGNALS is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set CONFIG_SMP_BROKEN=y CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_UNEVICTABLE_LRU=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=1 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_CLASSIC_RCU=y # CONFIG_TREE_RCU is not set # CONFIG_PREEMPT_RCU is not set # CONFIG_TREE_RCU_TRACE is not set # CONFIG_PREEMPT_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_CRYPTOLOOP=y CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_COMPAT_NET_DEV_OPS=y CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set # CONFIG_PHONET is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_FILE_LOCKING=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # CONFIG_MISC_FILESYSTEMS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y # CONFIG_SUNRPC_REGISTER_V4 is not set CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=y # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set CONFIG_CRYPTO_SALSA20_X86_64=y # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # # Tracers # # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.32_x86_640000600000175000017500000005675412356733375024305 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.32 # Sat Dec 5 12:29:27 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set CONFIG_MK8=y # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_MATOM is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_CPU=y CONFIG_X86_L1_CACHE_BYTES=64 CONFIG_X86_INTERNODE_CACHE_BYTES=64 # CONFIG_X86_CMPXCHG is not set CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=3 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_UML_X86=y CONFIG_64BIT=y # CONFIG_X86_32 is not set # CONFIG_RWSEM_XCHGADD_ALGORITHM is not set CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y # CONFIG_ARCH_HAS_SC_SIGNALS is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set CONFIG_SMP_BROKEN=y CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_HAVE_MLOCK=y CONFIG_HAVE_MLOCKED_PAGE_BIT=y # CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=1 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_TREE_RCU=y # CONFIG_TREE_PREEMPT_RCU is not set # CONFIG_RCU_TRACE is not set CONFIG_RCU_FANOUT=32 # CONFIG_RCU_FANOUT_EXACT is not set # CONFIG_TREE_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y # # Kernel Performance Events And Counters # CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # # GCOV-based kernel profiling # CONFIG_SLOW_WORK=y # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" # CONFIG_DEVTMPFS is not set CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_NETFILTER_XT_MATCH_OSF is not set # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set # CONFIG_IEEE802154 is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # CONFIG_WLAN is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_DEFAULTS_TO_ORDERED=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set # CONFIG_NILFS2_FS is not set CONFIG_FILE_LOCKING=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y # CONFIG_NFS_V4_1 is not set CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # CONFIG_CRYPTO_VMAC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_GHASH is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_X86_64 is not set # CONFIG_CRYPTO_AES_NI_INTEL is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_X86_64 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_X86_64 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_HAS_DMA=y CONFIG_NLATTR=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_LOG_USERSPACE is not set # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_STRIP_ASM_SYMS is not set # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.180000600000175000017500000004305112356733375023255 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.18 # Thu May 22 13:25:50 2008 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_IRQ_RELEASE_METHOD=y # # UML-specific options # # CONFIG_MODE_TT is not set # CONFIG_STATIC_LINK is not set CONFIG_MODE_SKAS=y # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set CONFIG_M586MMX=y # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set CONFIG_X86_GENERIC=y CONFIG_X86_CMPXCHG=y CONFIG_X86_XADD=y CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_F00F_BUG=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_ALIGNMENT_16=y CONFIG_X86_GOOD_APIC=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_TSC=y CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_SEMAPHORE_SLEEPERS=y # CONFIG_HOST_2G_2G is not set CONFIG_TOP_ADDR=0xc0000000 # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_STUB_CODE=0xbfffe000 CONFIG_STUB_DATA=0xbffff000 CONFIG_STUB_START=0xbfffe000 CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y CONFIG_GENERIC_HWEIGHT=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_RESOURCES_64BIT is not set CONFIG_LD_SCRIPT_DYN=y CONFIG_NET=y CONFIG_BINFMT_ELF=y CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_NEST_LEVEL=0 # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=2 CONFIG_UML_REAL_TIME_CLOCK=y # # Code maturity level options # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 # # General setup # CONFIG_LOCALVERSION="-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_RELAY=y CONFIG_INITRAMFS_SOURCE="" # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SHMEM=y CONFIG_SLAB=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_SLOB is not set # # Loadable module support # # CONFIG_MODULES is not set # # Block layer # CONFIG_LBD=y # CONFIG_BLK_DEV_IO_TRACE is not set CONFIG_LSF=y # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # # Block devices # CONFIG_BLK_DEV_UBD=y CONFIG_BLK_DEV_UBD_SYNC=y CONFIG_BLK_DEV_COW_COMMON=y # CONFIG_MMAPPER is not set CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_CRYPTOLOOP=y CONFIG_BLK_DEV_NBD=y CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 CONFIG_BLK_DEV_RAM_BLOCKSIZE=1024 CONFIG_BLK_DEV_INITRD=y CONFIG_ATA_OVER_ETH=y # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pty" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y CONFIG_LEGACY_PTY_COUNT=256 # CONFIG_WATCHDOG is not set # CONFIG_UML_SOUND is not set # CONFIG_SOUND is not set # CONFIG_HOSTAUDIO is not set CONFIG_UML_RANDOM=y # # Generic Driver Options # CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y # CONFIG_FW_LOADER is not set # CONFIG_SYS_HYPERVISOR is not set # # Networking # # # Networking options # # CONFIG_NETDEBUG is not set CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y CONFIG_NET_KEY=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y # CONFIG_IP_ROUTE_FWMARK is not set CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_MULTIPATH_CACHED=y CONFIG_IP_ROUTE_MULTIPATH_RR=y CONFIG_IP_ROUTE_MULTIPATH_RANDOM=y CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=y CONFIG_IP_ROUTE_MULTIPATH_DRR=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_PNP=y CONFIG_IP_PNP_DHCP=y CONFIG_IP_PNP_BOOTP=y CONFIG_IP_PNP_RARP=y CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y # CONFIG_IP_PIMSM_V2 is not set CONFIG_ARPD=y # CONFIG_SYN_COOKIES is not set CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y CONFIG_TCP_CONG_ADVANCED=y # # TCP congestion control # CONFIG_TCP_CONG_BIC=y CONFIG_TCP_CONG_CUBIC=y CONFIG_TCP_CONG_WESTWOOD=y CONFIG_TCP_CONG_HTCP=y CONFIG_TCP_CONG_HSTCP=y CONFIG_TCP_CONG_HYBLA=y CONFIG_TCP_CONG_VEGAS=y CONFIG_TCP_CONG_SCALABLE=y CONFIG_TCP_CONG_LP=y CONFIG_TCP_CONG_VENO=y # # IP: Virtual Server Configuration # # CONFIG_IP_VS is not set CONFIG_IPV6=y CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y # CONFIG_IPV6_ROUTE_INFO is not set CONFIG_INET6_AH=y CONFIG_INET6_ESP=y CONFIG_INET6_IPCOMP=y CONFIG_INET6_XFRM_TUNNEL=y CONFIG_INET6_TUNNEL=y CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_IPV6_TUNNEL=y # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_CT_ACCT=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y CONFIG_IP_NF_CONNTRACK_NETLINK=y CONFIG_IP_NF_CT_PROTO_SCTP=y CONFIG_IP_NF_FTP=y CONFIG_IP_NF_IRC=y CONFIG_IP_NF_NETBIOS_NS=y CONFIG_IP_NF_TFTP=y CONFIG_IP_NF_AMANDA=y CONFIG_IP_NF_PPTP=y CONFIG_IP_NF_H323=y CONFIG_IP_NF_SIP=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_IPRANGE=y CONFIG_IP_NF_MATCH_TOS=y CONFIG_IP_NF_MATCH_RECENT=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_DSCP=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_OWNER=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_HASHLIMIT=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_IP_NF_TARGET_TCPMSS=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_SAME=y CONFIG_IP_NF_NAT_SNMP_BASIC=y CONFIG_IP_NF_NAT_IRC=y CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_NAT_TFTP=y CONFIG_IP_NF_NAT_AMANDA=y CONFIG_IP_NF_NAT_PPTP=y CONFIG_IP_NF_NAT_H323=y CONFIG_IP_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_DSCP=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration (EXPERIMENTAL) # # CONFIG_IP6_NF_QUEUE is not set CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_OWNER=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y # # Bridge: Netfilter Configuration # CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y # # DCCP Configuration (EXPERIMENTAL) # # CONFIG_IP_DCCP is not set # # SCTP Configuration (EXPERIMENTAL) # CONFIG_IP_SCTP=y # CONFIG_SCTP_DBG_MSG is not set # CONFIG_SCTP_DBG_OBJCNT is not set # CONFIG_SCTP_HMAC_NONE is not set # CONFIG_SCTP_HMAC_SHA1 is not set CONFIG_SCTP_HMAC_MD5=y # # TIPC Configuration (EXPERIMENTAL) # # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_BRIDGE=y CONFIG_VLAN_8021Q=y # CONFIG_DECNET is not set CONFIG_LLC=y # CONFIG_LLC2 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # # QoS and/or fair queueing # # CONFIG_NET_SCHED is not set CONFIG_NET_CLS_ROUTE=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_IRDA is not set # CONFIG_BT is not set CONFIG_IEEE80211=y # CONFIG_IEEE80211_DEBUG is not set CONFIG_IEEE80211_CRYPT_WEP=y CONFIG_IEEE80211_CRYPT_CCMP=y CONFIG_IEEE80211_SOFTMAC=y # CONFIG_IEEE80211_SOFTMAC_DEBUG is not set CONFIG_WIRELESS_EXT=y # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y # # Network device support # CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_BONDING=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # # PHY device support # # # Wireless LAN (non-hamradio) # # CONFIG_NET_RADIO is not set # # Wan interfaces # # CONFIG_WAN is not set CONFIG_PPP=y CONFIG_PPP_MULTILINK=y CONFIG_PPP_FILTER=y CONFIG_PPP_ASYNC=y CONFIG_PPP_SYNC_TTY=y CONFIG_PPP_DEFLATE=y CONFIG_PPP_BSDCOMP=y CONFIG_PPP_MPPE=y CONFIG_PPPOE=y CONFIG_SLIP=y CONFIG_SLIP_COMPRESSED=y CONFIG_SLIP_SMART=y CONFIG_SLIP_MODE_SLIP6=y CONFIG_SHAPER=y # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # # Connector - unified userspace <-> kernelspace linker # CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set CONFIG_EXT2_FS_XIP=y CONFIG_FS_XIP=y CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y # CONFIG_EXT3_FS_SECURITY is not set CONFIG_JBD=y # CONFIG_JBD_DEBUG is not set CONFIG_FS_MBCACHE=y CONFIG_REISERFS_FS=y # CONFIG_REISERFS_CHECK is not set CONFIG_REISERFS_PROC_INFO=y CONFIG_REISERFS_FS_XATTR=y CONFIG_REISERFS_FS_POSIX_ACL=y # CONFIG_REISERFS_FS_SECURITY is not set CONFIG_JFS_FS=y CONFIG_JFS_POSIX_ACL=y # CONFIG_JFS_SECURITY is not set # CONFIG_JFS_DEBUG is not set CONFIG_JFS_STATISTICS=y CONFIG_FS_POSIX_ACL=y CONFIG_XFS_FS=y # CONFIG_XFS_QUOTA is not set # CONFIG_XFS_SECURITY is not set CONFIG_XFS_POSIX_ACL=y CONFIG_XFS_RT=y CONFIG_OCFS2_FS=y CONFIG_OCFS2_DEBUG_MASKLOG=y CONFIG_MINIX_FS=y CONFIG_ROMFS_FS=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y # CONFIG_QUOTA is not set CONFIG_DNOTIFY=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # CONFIG_ISO9660_FS=y CONFIG_JOLIET=y CONFIG_ZISOFS=y CONFIG_ZISOFS_FS=y CONFIG_UDF_FS=y CONFIG_UDF_NLS=y # # DOS/FAT/NT Filesystems # CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" CONFIG_NTFS_FS=y # CONFIG_NTFS_DEBUG is not set CONFIG_NTFS_RW=y # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_HUGETLB_PAGE is not set CONFIG_RAMFS=y CONFIG_CONFIGFS_FS=y # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_ASFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set CONFIG_CRAMFS=y # CONFIG_VXFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set # # Network File Systems # CONFIG_NFS_FS=y CONFIG_NFS_V3=y # CONFIG_NFS_V3_ACL is not set # CONFIG_NFS_V4 is not set # CONFIG_NFS_DIRECTIO is not set CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y # CONFIG_NFSD_V4 is not set CONFIG_NFSD_TCP=y # CONFIG_ROOT_NFS is not set CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y # CONFIG_RPCSEC_GSS_KRB5 is not set # CONFIG_RPCSEC_GSS_SPKM3 is not set CONFIG_SMB_FS=y CONFIG_SMB_NLS_DEFAULT=y CONFIG_SMB_NLS_REMOTE="cp437" CONFIG_CIFS=y CONFIG_CIFS_STATS=y CONFIG_CIFS_STATS2=y # CONFIG_CIFS_WEAK_PW_HASH is not set # CONFIG_CIFS_XATTR is not set # CONFIG_CIFS_DEBUG2 is not set # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # CONFIG_9P_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y CONFIG_BSD_DISKLABEL=y # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set CONFIG_LDM_PARTITION=y CONFIG_LDM_DEBUG=y # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # # Native Language Support # CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" CONFIG_NLS_CODEPAGE_437=y # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set CONFIG_NLS_CODEPAGE_850=y # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set CONFIG_NLS_CODEPAGE_936=y CONFIG_NLS_CODEPAGE_950=y # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set CONFIG_NLS_ISO8859_1=y # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set CONFIG_NLS_ISO8859_6=y # CONFIG_NLS_ISO8859_7 is not set CONFIG_NLS_ISO8859_9=y # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set CONFIG_NLS_UTF8=y # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # # Cryptographic options # CONFIG_CRYPTO=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_MD4=y CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_WP512=y CONFIG_CRYPTO_TGR192=y CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_BLOWFISH=y CONFIG_CRYPTO_TWOFISH=y CONFIG_CRYPTO_SERPENT=y CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_586=y CONFIG_CRYPTO_CAST5=y CONFIG_CRYPTO_CAST6=y CONFIG_CRYPTO_TEA=y CONFIG_CRYPTO_ARC4=y CONFIG_CRYPTO_KHAZAD=y CONFIG_CRYPTO_ANUBIS=y CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_MICHAEL_MIC=y CONFIG_CRYPTO_CRC32C=y # # Hardware crypto devices # # # Library routines # CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC32=y CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y # # Multi-device support (RAID and LVM) # # CONFIG_MD is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_LOG_BUF_SHIFT=14 # CONFIG_DEBUG_FS is not set # CONFIG_UNWIND_INFO is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.300000600000175000017500000005662012356733375023255 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.30 # Fri Nov 27 12:42:17 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_GENERIC=y CONFIG_X86_CPU=y CONFIG_X86_L1_CACHE_BYTES=64 CONFIG_X86_INTERNODE_CACHE_BYTES=64 CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=5 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_X86_32=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_RWSEM_GENERIC_SPINLOCK is not set # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y # CONFIG_SMP_BROKEN is not set CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_PHYS_ADDR_T_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_UNEVICTABLE_LRU=y CONFIG_HAVE_MLOCK=y CONFIG_HAVE_MLOCKED_PAGE_BIT=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=0 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_CLASSIC_RCU=y # CONFIG_TREE_RCU is not set # CONFIG_PREEMPT_RCU is not set # CONFIG_TREE_RCU_TRACE is not set # CONFIG_PREEMPT_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y # CONFIG_STRIP_ASM_SYMS is not set CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_SLOW_WORK is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_LBD is not set # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y CONFIG_COMPAT_NET_DEV_OPS=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y # CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_FILE_LOCKING=y # CONFIG_XFS_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set # CONFIG_NILFS2_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_HAS_DMA=y CONFIG_NLATTR=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.26-ghost.patch0000600000175000017500000030670512356733375025676 0ustar lucaslucasdiff -rNuad linux-2.6.26/arch/um/drivers/vde_user.c linux-2.6.26-ghost/arch/um/drivers/vde_user.c --- linux-2.6.26/arch/um/drivers/vde_user.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/arch/um/drivers/vde_user.c 2009-11-24 22:38:54.000000000 +0100 @@ -77,8 +77,8 @@ void vde_init_libstuff(struct vde_data *vpri, struct vde_init *init) { struct vde_open_args *args; - - vpri->args = kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); + /* (ghost support) kmalloc is used instead of uml_kmalloc */ + vpri->args = uml_kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); if (vpri->args == NULL) { printk(UM_KERN_ERR "vde_init_libstuff - vde_open_args " "allocation failed"); diff -rNuad linux-2.6.26/include/linux/netdevice.h linux-2.6.26-ghost/include/linux/netdevice.h --- linux-2.6.26/include/linux/netdevice.h 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/include/linux/netdevice.h 2009-11-24 22:38:54.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1568,4 +1570,12 @@ #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_DEV_H */ diff -rNuad linux-2.6.26/include/linux/sockios.h linux-2.6.26-ghost/include/linux/sockios.h --- linux-2.6.26/include/linux/sockios.h 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/include/linux/sockios.h 2009-11-24 22:38:54.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-2.6.26/include/net/ghostdebug.h linux-2.6.26-ghost/include/net/ghostdebug.h --- linux-2.6.26/include/net/ghostdebug.h 1970-01-01 01:00:00.000000000 +0100 +++ linux-2.6.26-ghost/include/net/ghostdebug.h 2009-11-24 22:38:54.000000000 +0100 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-2.6.26/kernel/softirq.c linux-2.6.26-ghost/kernel/softirq.c --- linux-2.6.26/kernel/softirq.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/kernel/softirq.c 2009-11-24 22:43:02.000000000 +0100 @@ -6,6 +6,7 @@ * Distribute under GPLv2. * * Rewritten. Old one was good in 2.2, but in 2.3 it was immoral. --ANK (990903) + * Roudiere ghostification, little modif : disable console infos (irqs) */ #include @@ -121,8 +122,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -135,10 +139,16 @@ { #ifdef CONFIG_TRACE_IRQFLAGS unsigned long flags; - +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); #endif +#endif + +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_save(flags); diff -rNuad linux-2.6.26/net/core/dev.c linux-2.6.26-ghost/net/core/dev.c --- linux-2.6.26/net/core/dev.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/core/dev.c 2009-11-24 22:38:54.000000000 +0100 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -124,6 +127,230 @@ #include "net-sysfs.h" /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -529,6 +756,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2361,11 +2595,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2433,24 +2676,27 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) { struct net_device_stats *stats = dev->get_stats(dev); - - seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " - "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", - dev->name, stats->rx_bytes, stats->rx_packets, - stats->rx_errors, - stats->rx_dropped + stats->rx_missed_errors, - stats->rx_fifo_errors, - stats->rx_length_errors + stats->rx_over_errors + - stats->rx_crc_errors + stats->rx_frame_errors, - stats->rx_compressed, stats->multicast, - stats->tx_bytes, stats->tx_packets, - stats->tx_errors, stats->tx_dropped, - stats->tx_fifo_errors, stats->collisions, - stats->tx_carrier_errors + - stats->tx_aborted_errors + - stats->tx_window_errors + - stats->tx_heartbeat_errors, - stats->tx_compressed); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " + "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", + dev->name, stats->rx_bytes, stats->rx_packets, + stats->rx_errors, + stats->rx_dropped + stats->rx_missed_errors, + stats->rx_fifo_errors, + stats->rx_length_errors + stats->rx_over_errors + + stats->rx_crc_errors + stats->rx_frame_errors, + stats->rx_compressed, stats->multicast, + stats->tx_bytes, stats->tx_packets, + stats->tx_errors, stats->tx_dropped, + stats->tx_fifo_errors, stats->collisions, + stats->tx_carrier_errors + + stats->tx_aborted_errors + + stats->tx_window_errors + + stats->tx_heartbeat_errors, + stats->tx_compressed); } /* @@ -3262,6 +3508,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = dev_get_flags(dev); @@ -3329,6 +3585,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -3472,6 +3739,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-2.6.26/net/core/dev_mcast.c linux-2.6.26-ghost/net/core/dev_mcast.c --- linux-2.6.26/net/core/dev_mcast.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/core/dev_mcast.c 2009-11-24 22:38:54.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_tx_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-2.6.26/net/core/rtnetlink.c linux-2.6.26-ghost/net/core/rtnetlink.c --- linux-2.6.26/net/core/rtnetlink.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/core/rtnetlink.c 2009-11-24 22:38:54.000000000 +0100 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -612,6 +633,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -688,6 +723,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -927,6 +980,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -965,6 +1030,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1167,6 +1243,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1221,6 +1308,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1255,6 +1344,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1274,14 +1368,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1313,6 +1414,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1328,6 +1434,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-2.6.26/net/ipv4/arp.c linux-2.6.26-ghost/net/ipv4/arp.c --- linux-2.6.26/net/ipv4/arp.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/arp.c 2009-11-24 22:38:54.000000000 +0100 @@ -72,6 +72,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -118,6 +120,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1310,9 +1317,21 @@ } #endif sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->primary_key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1323,9 +1342,21 @@ char tbuf[16]; sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-2.6.26/net/ipv4/devinet.c linux-2.6.26-ghost/net/ipv4/devinet.c --- linux-2.6.26/net/ipv4/devinet.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/devinet.c 2009-11-24 22:38:54.000000000 +0100 @@ -25,6 +25,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -64,6 +67,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -455,6 +463,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -504,6 +522,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -553,6 +582,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1159,6 +1194,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-2.6.26/net/ipv4/fib_frontend.c linux-2.6.26-ghost/net/ipv4/fib_frontend.c --- linux-2.6.26/net/ipv4/fib_frontend.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/fib_frontend.c 2009-11-24 22:38:54.000000000 +0100 @@ -8,6 +8,10 @@ * Version: $Id: fib_frontend.c,v 1.26 2001/10/31 21:55:54 davem Exp $ * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -47,6 +51,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -453,6 +462,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -467,6 +481,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -475,12 +505,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -587,6 +623,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -609,6 +655,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -624,6 +680,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -636,7 +698,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -661,6 +723,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-2.6.26/net/ipv4/fib_hash.c linux-2.6.26-ghost/net/ipv4/fib_hash.c --- linux-2.6.26/net/ipv4/fib_hash.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/fib_hash.c 2009-11-24 22:38:54.000000000 +0100 @@ -8,6 +8,11 @@ * Version: $Id: fib_hash.c,v 1.13 2001/10/31 21:55:54 davem Exp $ * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -43,6 +48,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -399,6 +409,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -582,7 +604,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1024,19 +1056,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-2.6.26/net/ipv4/fib_semantics.c linux-2.6.26-ghost/net/ipv4/fib_semantics.c --- linux-2.6.26/net/ipv4/fib_semantics.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/fib_semantics.c 2009-11-24 22:38:54.000000000 +0100 @@ -13,6 +13,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -45,6 +48,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -955,6 +963,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-2.6.26/net/ipv4/fib_trie.c linux-2.6.26-ghost/net/ipv4/fib_trie.c --- linux-2.6.26/net/ipv4/fib_trie.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/fib_trie.c 2009-11-24 22:38:54.000000000 +0100 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -82,6 +88,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1197,6 +1208,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1625,7 +1648,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2603,7 +2636,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2616,13 +2670,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-2.6.26/net/ipv4/igmp.c linux-2.6.26-ghost/net/ipv4/igmp.c --- linux-2.6.26/net/ipv4/igmp.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/igmp.c 2009-11-24 22:38:54.000000000 +0100 @@ -70,6 +70,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -107,6 +109,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2415,8 +2422,18 @@ #endif if (state->in_dev->mc_list == im) { - seq_printf(seq, "%d\t%-10s: %5d %7s\n", - state->dev->ifindex, state->dev->name, state->dev->mc_count, querier); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, + state->dev->name, state->dev->mc_count, querier); + } +#else + seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, + state->dev->name, state->dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2576,14 +2593,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.26/net/ipv4/route.c linux-2.6.26-ghost/net/ipv4/route.c --- linux-2.6.26/net/ipv4/route.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv4/route.c 2009-11-24 22:38:54.000000000 +0100 @@ -57,6 +57,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -110,6 +113,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -366,6 +374,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -383,11 +399,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2632,8 +2648,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2716,7 +2737,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2738,6 +2759,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2763,13 +2795,31 @@ err = ip_route_output_key(net, &rt, &fl); } - if (err) + if (err) { goto errout_free; + } skb->rtable = rt; if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ + err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2784,6 +2834,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-2.6.26/net/ipv6/addrconf.c linux-2.6.26-ghost/net/ipv6/addrconf.c --- linux-2.6.26/net/ipv6/addrconf.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv6/addrconf.c 2009-11-24 22:38:54.000000000 +0100 @@ -38,6 +38,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -82,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -429,6 +437,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2098,6 +2186,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2112,6 +2204,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2935,6 +3036,23 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, + NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", + NIP6(ifp->addr), + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", NIP6(ifp->addr), @@ -2943,6 +3061,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3150,6 +3270,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3167,7 +3291,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3216,6 +3342,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3253,6 +3383,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3418,6 +3557,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3443,6 +3588,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3514,7 +3670,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3522,6 +3677,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3548,6 +3707,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3753,6 +3923,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3764,6 +3938,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3791,7 +3973,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-2.6.26/net/ipv6/ip6_fib.c linux-2.6.26-ghost/net/ipv6/ip6_fib.c --- linux-2.6.26/net/ipv6/ip6_fib.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv6/ip6_fib.c 2009-11-24 22:38:54.000000000 +0100 @@ -277,6 +277,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -318,7 +320,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-2.6.26/net/ipv6/Kconfig linux-2.6.26-ghost/net/ipv6/Kconfig --- linux-2.6.26/net/ipv6/Kconfig 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv6/Kconfig 2009-11-24 22:38:54.000000000 +0100 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select XFRM select INET6_XFRM_TUNNEL select CRYPTO @@ -107,7 +111,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -116,16 +120,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -134,7 +138,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -143,7 +147,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -152,14 +156,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -176,7 +180,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-2.6.26/net/ipv6/mcast.c linux-2.6.26-ghost/net/ipv6/mcast.c --- linux-2.6.26/net/ipv6/mcast.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv6/mcast.c 2009-11-24 22:38:54.000000000 +0100 @@ -26,6 +26,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -63,6 +67,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2436,6 +2445,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + NIP6(im->mca_addr), + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2443,6 +2466,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2597,6 +2621,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + NIP6(state->im->mca_addr), + NIP6(psf->sf_addr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2604,6 +2642,7 @@ NIP6(psf->sf_addr), psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.26/net/ipv6/proc.c linux-2.6.26-ghost/net/ipv6/proc.c --- linux-2.6.26/net/ipv6/proc.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv6/proc.c 2009-11-24 22:38:54.000000000 +0100 @@ -11,6 +11,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,7 +33,19 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +#ifdef CONFIG_GHOSTIFICATION +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#else static struct proc_dir_entry *proc_net_devsnmp6; +#endif /* CONFIG_GHOSTIFICATION */ static int sockstat6_seq_show(struct seq_file *seq, void *v) { @@ -226,6 +240,18 @@ return single_open(file, snmp6_seq_show, PDE(inode)->data); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -233,6 +259,7 @@ .llseek = seq_lseek, .release = single_release, }; +#endif /* CONFIG_GHOSTIFICATION */ int snmp6_register_dev(struct inet6_dev *idev) { diff -rNuad linux-2.6.26/net/ipv6/route.c linux-2.6.26-ghost/net/ipv6/route.c --- linux-2.6.26/net/ipv6/route.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/ipv6/route.c 2009-11-24 22:38:54.000000000 +0100 @@ -24,6 +24,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -62,6 +66,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1053,10 +1062,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1768,6 +1773,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2059,26 +2066,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2098,6 +2163,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, int iif, int type, u32 pid, u32 seq, @@ -2108,6 +2177,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2214,10 +2296,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2230,6 +2328,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2374,6 +2474,18 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(m, NIP6_SEQFMT " %02x ", NIP6(rt->rt6i_dst.addr), rt->rt6i_dst.plen); diff -rNuad linux-2.6.26/net/Kconfig linux-2.6.26-ghost/net/Kconfig --- linux-2.6.26/net/Kconfig 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/Kconfig 2009-11-24 22:38:54.000000000 +0100 @@ -175,6 +175,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -250,6 +349,95 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET endmenu # Networking diff -rNuad linux-2.6.26/net/netfilter/core.c linux-2.6.26-ghost/net/netfilter/core.c --- linux-2.6.26/net/netfilter/core.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/netfilter/core.c 2009-11-24 22:38:54.000000000 +0100 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -177,7 +183,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { diff -rNuad linux-2.6.26/net/packet/af_packet.c linux-2.6.26-ghost/net/packet/af_packet.c --- linux-2.6.26/net/packet/af_packet.c 2008-07-13 23:51:29.000000000 +0200 +++ linux-2.6.26-ghost/net/packet/af_packet.c 2009-11-24 22:38:54.000000000 +0100 @@ -41,6 +41,7 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -84,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -448,6 +454,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -565,6 +583,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -1900,17 +1930,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.30-ghost_debian.patch0000600000175000017500000030270512356733375027167 0ustar lucaslucasdiff -rNuad linux-source-2.6.30/include/linux/netdevice.h linux-source-2.6.30-ghost/include/linux/netdevice.h --- linux-source-2.6.30/include/linux/netdevice.h 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/include/linux/netdevice.h 2009-12-02 13:24:38.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1910,4 +1912,12 @@ extern struct pernet_operations __net_initdata loopback_net_ops; #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_DEV_H */ diff -rNuad linux-source-2.6.30/include/linux/sockios.h linux-source-2.6.30-ghost/include/linux/sockios.h --- linux-source-2.6.30/include/linux/sockios.h 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/include/linux/sockios.h 2009-12-02 13:24:38.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-source-2.6.30/include/net/ghostdebug.h linux-source-2.6.30-ghost/include/net/ghostdebug.h --- linux-source-2.6.30/include/net/ghostdebug.h 1970-01-01 01:00:00.000000000 +0100 +++ linux-source-2.6.30-ghost/include/net/ghostdebug.h 2009-12-02 13:24:38.000000000 +0100 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-source-2.6.30/kernel/softirq.c linux-source-2.6.30-ghost/kernel/softirq.c --- linux-source-2.6.30/kernel/softirq.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/kernel/softirq.c 2009-12-02 13:24:38.000000000 +0100 @@ -126,8 +126,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -138,7 +141,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNuad linux-source-2.6.30/net/core/dev.c linux-source-2.6.30-ghost/net/core/dev.c --- linux-source-2.6.30/net/core/dev.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/core/dev.c 2009-12-02 13:24:38.000000000 +0100 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -136,6 +139,230 @@ #define GRO_MAX_HEAD (MAX_HEADER + 128) /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -536,6 +763,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2899,11 +3133,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2972,6 +3215,10 @@ { const struct net_device_stats *stats = dev_get_stats(dev); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -3851,6 +4098,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = dev_get_flags(dev); @@ -3921,6 +4178,17 @@ ops = dev->netdev_ops; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -4064,6 +4332,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-source-2.6.30/net/core/dev_mcast.c linux-source-2.6.30-ghost/net/core/dev_mcast.c --- linux-source-2.6.30/net/core/dev_mcast.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/core/dev_mcast.c 2009-12-02 13:24:38.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-source-2.6.30/net/core/rtnetlink.c linux-source-2.6.30-ghost/net/core/rtnetlink.c --- linux-source-2.6.30/net/core/rtnetlink.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/core/rtnetlink.c 2009-12-02 13:24:38.000000000 +0100 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -616,6 +637,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -690,6 +725,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -941,6 +994,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -979,6 +1044,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1181,6 +1257,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1235,6 +1322,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1270,6 +1359,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1289,14 +1383,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1328,6 +1429,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1343,6 +1449,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-source-2.6.30/net/ipv4/arp.c linux-source-2.6.30-ghost/net/ipv4/arp.c --- linux-source-2.6.30/net/ipv4/arp.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/arp.c 2009-12-02 13:24:38.000000000 +0100 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1312,9 +1319,21 @@ } #endif sprintf(tbuf, "%pI4", n->primary_key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves +ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1325,9 +1344,21 @@ char tbuf[16]; sprintf(tbuf, "%pI4", n->key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-source-2.6.30/net/ipv4/devinet.c linux-source-2.6.30-ghost/net/ipv4/devinet.c --- linux-source-2.6.30/net/ipv4/devinet.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/devinet.c 2009-12-02 13:24:38.000000000 +0100 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -448,6 +456,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -497,6 +515,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -546,6 +575,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1169,6 +1204,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-source-2.6.30/net/ipv4/fib_frontend.c linux-source-2.6.30-ghost/net/ipv4/fib_frontend.c --- linux-source-2.6.30/net/ipv4/fib_frontend.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/fib_frontend.c 2009-12-02 13:24:38.000000000 +0100 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -45,6 +49,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -451,6 +460,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -465,6 +479,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -473,12 +503,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -585,6 +621,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -607,6 +653,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -622,6 +678,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -634,7 +696,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -659,6 +721,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-source-2.6.30/net/ipv4/fib_hash.c linux-source-2.6.30-ghost/net/ipv4/fib_hash.c --- linux-source-2.6.30/net/ipv4/fib_hash.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/fib_hash.c 2009-12-02 13:24:38.000000000 +0100 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -397,6 +407,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -580,7 +602,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1022,19 +1054,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-source-2.6.30/net/ipv4/fib_semantics.c linux-source-2.6.30-ghost/net/ipv4/fib_semantics.c --- linux-source-2.6.30/net/ipv4/fib_semantics.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/fib_semantics.c 2009-12-02 13:24:38.000000000 +0100 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -954,6 +962,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-source-2.6.30/net/ipv4/fib_trie.c linux-source-2.6.30-ghost/net/ipv4/fib_trie.c --- linux-source-2.6.30/net/ipv4/fib_trie.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/fib_trie.c 2009-12-02 13:24:38.000000000 +0100 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1199,6 +1210,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1627,7 +1650,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2587,7 +2620,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2600,13 +2654,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-source-2.6.30/net/ipv4/igmp.c linux-source-2.6.30-ghost/net/ipv4/igmp.c --- linux-source-2.6.30/net/ipv4/igmp.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/igmp.c 2009-12-02 13:24:38.000000000 +0100 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2387,8 +2394,18 @@ #endif if (state->in_dev->mc_list == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2550,14 +2567,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-source-2.6.30/net/ipv4/route.c linux-source-2.6.30-ghost/net/ipv4/route.c --- linux-source-2.6.30/net/ipv4/route.c 2009-07-18 10:10:11.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv4/route.c 2009-12-02 13:24:38.000000000 +0100 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -375,6 +383,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -392,11 +408,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2823,8 +2839,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2907,7 +2928,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2929,6 +2950,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2961,6 +2993,22 @@ if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2975,6 +3023,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-source-2.6.30/net/ipv6/addrconf.c linux-source-2.6.30-ghost/net/ipv6/addrconf.c --- linux-source-2.6.30/net/ipv6/addrconf.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv6/addrconf.c 2009-12-02 13:24:38.000000000 +0100 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -81,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -446,6 +454,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2126,6 +2214,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2140,6 +2232,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2954,6 +3055,22 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", + &ifp->addr, + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", &ifp->addr, ifp->idev->dev->ifindex, @@ -2961,6 +3078,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3168,6 +3287,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3185,7 +3308,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3234,6 +3359,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3271,6 +3400,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3436,6 +3574,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3461,6 +3605,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3532,7 +3687,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3540,6 +3694,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3566,6 +3724,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3774,6 +3943,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3785,6 +3958,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3812,7 +3993,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-source-2.6.30/net/ipv6/ip6_fib.c linux-source-2.6.30-ghost/net/ipv6/ip6_fib.c --- linux-source-2.6.30/net/ipv6/ip6_fib.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv6/ip6_fib.c 2009-12-02 13:24:38.000000000 +0100 @@ -275,6 +275,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -320,7 +322,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-source-2.6.30/net/ipv6/Kconfig linux-source-2.6.30-ghost/net/ipv6/Kconfig --- linux-source-2.6.30/net/ipv6/Kconfig 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv6/Kconfig 2009-12-02 13:24:38.000000000 +0100 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-source-2.6.30/net/ipv6/mcast.c linux-source-2.6.30-ghost/net/ipv6/mcast.c --- linux-source-2.6.30/net/ipv6/mcast.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv6/mcast.c 2009-12-02 13:24:38.000000000 +0100 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2432,6 +2441,11 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); seq_printf(seq, "%-4d %-15s %pi6 %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2439,6 +2453,16 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else + seq_printf(seq, + "%-4d %-15s %pi6 %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + &im->mca_addr, + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2593,6 +2617,11 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); seq_printf(seq, "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2600,6 +2629,16 @@ &psf->sf_addr, psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + &state->im->mca_addr, + &psf->sf_addr, + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-source-2.6.30/net/ipv6/proc.c linux-source-2.6.30-ghost/net/ipv6/proc.c --- linux-source-2.6.30/net/ipv6/proc.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv6/proc.c 2009-12-02 13:24:38.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +31,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -194,6 +206,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -201,6 +225,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -rNuad linux-source-2.6.30/net/ipv6/route.c linux-source-2.6.30-ghost/net/ipv6/route.c --- linux-source-2.6.30/net/ipv6/route.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/ipv6/route.c 2009-12-02 13:24:38.000000000 +0100 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1115,10 +1124,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1830,6 +1835,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2133,26 +2140,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2172,6 +2237,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2183,6 +2252,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2290,10 +2372,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2307,6 +2405,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2452,6 +2552,17 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen); #ifdef CONFIG_IPV6_SUBTREES diff -rNuad linux-source-2.6.30/net/Kconfig linux-source-2.6.30-ghost/net/Kconfig --- linux-source-2.6.30/net/Kconfig 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/Kconfig 2009-12-02 13:24:38.000000000 +0100 @@ -159,6 +159,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -255,4 +354,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNuad linux-source-2.6.30/net/netfilter/core.c linux-source-2.6.30-ghost/net/netfilter/core.c --- linux-source-2.6.30/net/netfilter/core.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/netfilter/core.c 2009-12-02 13:24:38.000000000 +0100 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { @@ -182,6 +339,9 @@ verdict >> NF_VERDICT_BITS)) goto next_hook; } +#ifdef CONFIG_GHOSTIFICATION_NETFILTER +unlock: +#endif rcu_read_unlock(); return ret; } diff -rNuad linux-source-2.6.30/net/packet/af_packet.c linux-source-2.6.30-ghost/net/packet/af_packet.c --- linux-source-2.6.30/net/packet/af_packet.c 2009-06-10 05:05:27.000000000 +0200 +++ linux-source-2.6.30-ghost/net/packet/af_packet.c 2009-12-02 13:24:38.000000000 +0100 @@ -39,6 +39,7 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -489,6 +495,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -611,6 +629,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2049,17 +2079,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.280000600000175000017500000005536212356733375023266 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.28 # Fri Nov 27 12:32:27 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_GENERIC=y CONFIG_X86_CPU=y CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 CONFIG_X86_DEBUGCTLMSR=y CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR_32=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y # CONFIG_X86_DS is not set CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_X86_32=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_RWSEM_GENERIC_SPINLOCK is not set # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y # CONFIG_SMP_BROKEN is not set CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_RESOURCES_64BIT is not set # CONFIG_PHYS_ADDR_T_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_UNEVICTABLE_LRU=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=0 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set # CONFIG_GROUP_SCHED is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_COMPAT_BRK=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_ANON_INODES=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_LBD is not set # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_LSF is not set # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" CONFIG_CLASSIC_RCU=y # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set # CONFIG_PHONET is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_FILE_LOCKING=y # CONFIG_XFS_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y # CONFIG_SUNRPC_REGISTER_V4 is not set CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # # Tracers # # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.30-ghost.patch0000600000175000017500000030144512356733375025665 0ustar lucaslucasdiff -rNuad linux-2.6.30/include/linux/netdevice.h linux-2.6.30-ghost/include/linux/netdevice.h --- linux-2.6.30/include/linux/netdevice.h 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/include/linux/netdevice.h 2009-11-26 22:50:50.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1910,4 +1912,12 @@ extern struct pernet_operations __net_initdata loopback_net_ops; #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_DEV_H */ diff -rNuad linux-2.6.30/include/linux/sockios.h linux-2.6.30-ghost/include/linux/sockios.h --- linux-2.6.30/include/linux/sockios.h 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/include/linux/sockios.h 2009-11-26 22:50:50.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-2.6.30/include/net/ghostdebug.h linux-2.6.30-ghost/include/net/ghostdebug.h --- linux-2.6.30/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000 +++ linux-2.6.30-ghost/include/net/ghostdebug.h 2009-11-26 22:50:50.000000000 +0000 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-2.6.30/kernel/softirq.c linux-2.6.30-ghost/kernel/softirq.c --- linux-2.6.30/kernel/softirq.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/kernel/softirq.c 2009-11-26 22:50:50.000000000 +0000 @@ -126,8 +126,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -138,7 +141,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNuad linux-2.6.30/net/Kconfig linux-2.6.30-ghost/net/Kconfig --- linux-2.6.30/net/Kconfig 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/Kconfig 2009-11-26 22:50:50.000000000 +0000 @@ -159,6 +159,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -255,4 +354,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNuad linux-2.6.30/net/core/dev.c linux-2.6.30-ghost/net/core/dev.c --- linux-2.6.30/net/core/dev.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/core/dev.c 2009-11-26 22:50:50.000000000 +0000 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -136,6 +139,230 @@ #define GRO_MAX_HEAD (MAX_HEADER + 128) /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -536,6 +763,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2899,11 +3133,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2972,6 +3215,10 @@ { const struct net_device_stats *stats = dev_get_stats(dev); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -3851,6 +4098,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = dev_get_flags(dev); @@ -3921,6 +4178,17 @@ ops = dev->netdev_ops; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -4064,6 +4332,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-2.6.30/net/core/dev_mcast.c linux-2.6.30-ghost/net/core/dev_mcast.c --- linux-2.6.30/net/core/dev_mcast.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/core/dev_mcast.c 2009-11-26 22:50:50.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-2.6.30/net/core/rtnetlink.c linux-2.6.30-ghost/net/core/rtnetlink.c --- linux-2.6.30/net/core/rtnetlink.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/core/rtnetlink.c 2009-11-26 22:50:50.000000000 +0000 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -616,6 +637,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -690,6 +725,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -941,6 +994,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -979,6 +1044,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1181,6 +1257,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1235,6 +1322,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1270,6 +1359,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1289,14 +1383,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1328,6 +1429,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1343,6 +1449,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-2.6.30/net/ipv4/arp.c linux-2.6.30-ghost/net/ipv4/arp.c --- linux-2.6.30/net/ipv4/arp.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/arp.c 2009-11-26 22:50:50.000000000 +0000 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1312,9 +1319,21 @@ } #endif sprintf(tbuf, "%pI4", n->primary_key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves +ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1325,9 +1344,21 @@ char tbuf[16]; sprintf(tbuf, "%pI4", n->key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-2.6.30/net/ipv4/devinet.c linux-2.6.30-ghost/net/ipv4/devinet.c --- linux-2.6.30/net/ipv4/devinet.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/devinet.c 2009-11-26 22:50:50.000000000 +0000 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -448,6 +456,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -497,6 +515,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -546,6 +575,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1169,6 +1204,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-2.6.30/net/ipv4/fib_frontend.c linux-2.6.30-ghost/net/ipv4/fib_frontend.c --- linux-2.6.30/net/ipv4/fib_frontend.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/fib_frontend.c 2009-11-26 22:50:50.000000000 +0000 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -45,6 +49,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -451,6 +460,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -465,6 +479,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -473,12 +503,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -585,6 +621,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -607,6 +653,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -622,6 +678,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -634,7 +696,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -659,6 +721,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-2.6.30/net/ipv4/fib_hash.c linux-2.6.30-ghost/net/ipv4/fib_hash.c --- linux-2.6.30/net/ipv4/fib_hash.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/fib_hash.c 2009-11-26 22:50:50.000000000 +0000 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -397,6 +407,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -580,7 +602,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1022,19 +1054,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-2.6.30/net/ipv4/fib_semantics.c linux-2.6.30-ghost/net/ipv4/fib_semantics.c --- linux-2.6.30/net/ipv4/fib_semantics.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/fib_semantics.c 2009-11-26 22:50:50.000000000 +0000 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -954,6 +962,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-2.6.30/net/ipv4/fib_trie.c linux-2.6.30-ghost/net/ipv4/fib_trie.c --- linux-2.6.30/net/ipv4/fib_trie.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/fib_trie.c 2009-11-26 22:50:50.000000000 +0000 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1199,6 +1210,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1627,7 +1650,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2587,7 +2620,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2600,13 +2654,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-2.6.30/net/ipv4/igmp.c linux-2.6.30-ghost/net/ipv4/igmp.c --- linux-2.6.30/net/ipv4/igmp.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/igmp.c 2009-11-26 22:50:50.000000000 +0000 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2387,8 +2394,18 @@ #endif if (state->in_dev->mc_list == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2550,14 +2567,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.30/net/ipv4/route.c linux-2.6.30-ghost/net/ipv4/route.c --- linux-2.6.30/net/ipv4/route.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv4/route.c 2009-11-26 22:50:50.000000000 +0000 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -375,6 +383,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -392,11 +408,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2793,8 +2809,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2877,7 +2898,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2899,6 +2920,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2931,6 +2963,22 @@ if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2945,6 +2993,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-2.6.30/net/ipv6/Kconfig linux-2.6.30-ghost/net/ipv6/Kconfig --- linux-2.6.30/net/ipv6/Kconfig 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv6/Kconfig 2009-11-26 22:50:50.000000000 +0000 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-2.6.30/net/ipv6/addrconf.c linux-2.6.30-ghost/net/ipv6/addrconf.c --- linux-2.6.30/net/ipv6/addrconf.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv6/addrconf.c 2009-11-26 22:50:50.000000000 +0000 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -81,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -446,6 +454,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2126,6 +2214,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2140,6 +2232,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2954,6 +3055,22 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", + &ifp->addr, + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", &ifp->addr, ifp->idev->dev->ifindex, @@ -2961,6 +3078,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3168,6 +3287,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3185,7 +3308,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3234,6 +3359,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3271,6 +3400,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3436,6 +3574,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3461,6 +3605,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3532,7 +3687,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3540,6 +3694,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3566,6 +3724,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3774,6 +3943,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3785,6 +3958,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3812,7 +3993,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-2.6.30/net/ipv6/ip6_fib.c linux-2.6.30-ghost/net/ipv6/ip6_fib.c --- linux-2.6.30/net/ipv6/ip6_fib.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv6/ip6_fib.c 2009-11-26 22:50:50.000000000 +0000 @@ -275,6 +275,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -320,7 +322,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-2.6.30/net/ipv6/mcast.c linux-2.6.30-ghost/net/ipv6/mcast.c --- linux-2.6.30/net/ipv6/mcast.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv6/mcast.c 2009-11-26 22:54:01.000000000 +0000 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2432,6 +2441,11 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); seq_printf(seq, "%-4d %-15s %pi6 %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2439,6 +2453,16 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else + seq_printf(seq, + "%-4d %-15s %pi6 %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + &im->mca_addr, + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2593,6 +2617,11 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); seq_printf(seq, "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2600,6 +2629,16 @@ &psf->sf_addr, psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + &state->im->mca_addr, + &psf->sf_addr, + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.30/net/ipv6/proc.c linux-2.6.30-ghost/net/ipv6/proc.c --- linux-2.6.30/net/ipv6/proc.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv6/proc.c 2009-11-26 22:51:47.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +31,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -194,6 +206,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -201,6 +225,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -rNuad linux-2.6.30/net/ipv6/route.c linux-2.6.30-ghost/net/ipv6/route.c --- linux-2.6.30/net/ipv6/route.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/ipv6/route.c 2009-11-26 22:50:50.000000000 +0000 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1115,10 +1124,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1830,6 +1835,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2133,26 +2140,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2172,6 +2237,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2183,6 +2252,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2290,10 +2372,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2307,6 +2405,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2452,6 +2552,17 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen); #ifdef CONFIG_IPV6_SUBTREES diff -rNuad linux-2.6.30/net/netfilter/core.c linux-2.6.30-ghost/net/netfilter/core.c --- linux-2.6.30/net/netfilter/core.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/netfilter/core.c 2009-11-26 22:54:38.000000000 +0000 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { @@ -182,6 +339,9 @@ verdict >> NF_VERDICT_BITS)) goto next_hook; } +#ifdef CONFIG_GHOSTIFICATION_NETFILTER +unlock: +#endif rcu_read_unlock(); return ret; } diff -rNuad linux-2.6.30/net/packet/af_packet.c linux-2.6.30-ghost/net/packet/af_packet.c --- linux-2.6.30/net/packet/af_packet.c 2009-06-10 03:05:27.000000000 +0000 +++ linux-2.6.30-ghost/net/packet/af_packet.c 2009-11-26 22:50:50.000000000 +0000 @@ -39,6 +39,7 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -489,6 +495,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -611,6 +629,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2049,17 +2079,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.30_x86_640000600000175000017500000005527612356733375024301 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.30 # Fri Nov 27 10:13:36 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set CONFIG_MK8=y # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_CPU=y CONFIG_X86_L1_CACHE_BYTES=64 CONFIG_X86_INTERNODE_CACHE_BYTES=64 # CONFIG_X86_CMPXCHG is not set CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=3 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_UML_X86=y CONFIG_64BIT=y # CONFIG_X86_32 is not set # CONFIG_RWSEM_XCHGADD_ALGORITHM is not set CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y # CONFIG_ARCH_HAS_SC_SIGNALS is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set CONFIG_SMP_BROKEN=y CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_UNEVICTABLE_LRU=y CONFIG_HAVE_MLOCK=y CONFIG_HAVE_MLOCKED_PAGE_BIT=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=1 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_CLASSIC_RCU=y # CONFIG_TREE_RCU is not set # CONFIG_PREEMPT_RCU is not set # CONFIG_TREE_RCU_TRACE is not set # CONFIG_PREEMPT_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y # CONFIG_STRIP_ASM_SYMS is not set CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_SLOW_WORK is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_CRYPTOLOOP=y CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y CONFIG_COMPAT_NET_DEV_OPS=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y # CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_FILE_LOCKING=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # CONFIG_MISC_FILESYSTEMS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=y # CONFIG_CRYPTO_AES_NI_INTEL is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set CONFIG_CRYPTO_SALSA20_X86_64=y # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_HAS_DMA=y CONFIG_NLATTR=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.27-ghost.patch0000600000175000017500000030577312356733375025703 0ustar lucaslucasdiff -rNuad linux-2.6.27/arch/um/drivers/vde_user.c linux-2.6.27-ghost/arch/um/drivers/vde_user.c --- linux-2.6.27/arch/um/drivers/vde_user.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/arch/um/drivers/vde_user.c 2009-11-24 22:37:47.000000000 +0100 @@ -77,8 +77,8 @@ void vde_init_libstuff(struct vde_data *vpri, struct vde_init *init) { struct vde_open_args *args; - - vpri->args = kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); + /* (ghost support) kmalloc is used instead of uml_kmalloc */ + vpri->args = uml_kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); if (vpri->args == NULL) { printk(UM_KERN_ERR "vde_init_libstuff - vde_open_args " "allocation failed"); diff -rNuad linux-2.6.27/include/linux/netdevice.h linux-2.6.27-ghost/include/linux/netdevice.h --- linux-2.6.27/include/linux/netdevice.h 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/include/linux/netdevice.h 2009-11-24 22:37:47.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1728,4 +1730,12 @@ #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_DEV_H */ diff -rNuad linux-2.6.27/include/linux/sockios.h linux-2.6.27-ghost/include/linux/sockios.h --- linux-2.6.27/include/linux/sockios.h 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/include/linux/sockios.h 2009-11-24 22:37:47.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-2.6.27/include/net/ghostdebug.h linux-2.6.27-ghost/include/net/ghostdebug.h --- linux-2.6.27/include/net/ghostdebug.h 1970-01-01 01:00:00.000000000 +0100 +++ linux-2.6.27-ghost/include/net/ghostdebug.h 2009-11-24 22:39:14.000000000 +0100 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-2.6.27/kernel/softirq.c linux-2.6.27-ghost/kernel/softirq.c --- linux-2.6.27/kernel/softirq.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/kernel/softirq.c 2009-11-24 22:43:09.000000000 +0100 @@ -121,8 +121,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -133,7 +136,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNuad linux-2.6.27/net/core/dev.c linux-2.6.27-ghost/net/core/dev.c --- linux-2.6.27/net/core/dev.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/core/dev.c 2009-11-24 22:37:47.000000000 +0100 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -131,6 +134,230 @@ #include "net-sysfs.h" /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -550,6 +777,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2510,11 +2744,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2582,24 +2825,27 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) { struct net_device_stats *stats = dev->get_stats(dev); - - seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " - "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", - dev->name, stats->rx_bytes, stats->rx_packets, - stats->rx_errors, - stats->rx_dropped + stats->rx_missed_errors, - stats->rx_fifo_errors, - stats->rx_length_errors + stats->rx_over_errors + - stats->rx_crc_errors + stats->rx_frame_errors, - stats->rx_compressed, stats->multicast, - stats->tx_bytes, stats->tx_packets, - stats->tx_errors, stats->tx_dropped, - stats->tx_fifo_errors, stats->collisions, - stats->tx_carrier_errors + - stats->tx_aborted_errors + - stats->tx_window_errors + - stats->tx_heartbeat_errors, - stats->tx_compressed); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " + "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", + dev->name, stats->rx_bytes, stats->rx_packets, + stats->rx_errors, + stats->rx_dropped + stats->rx_missed_errors, + stats->rx_fifo_errors, + stats->rx_length_errors + stats->rx_over_errors + + stats->rx_crc_errors + stats->rx_frame_errors, + stats->rx_compressed, stats->multicast, + stats->tx_bytes, stats->tx_packets, + stats->tx_errors, stats->tx_dropped, + stats->tx_fifo_errors, stats->collisions, + stats->tx_carrier_errors + + stats->tx_aborted_errors + + stats->tx_window_errors + + stats->tx_heartbeat_errors, + stats->tx_compressed); } /* @@ -3450,6 +3696,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = dev_get_flags(dev); @@ -3517,6 +3773,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -3660,6 +3927,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-2.6.27/net/core/dev_mcast.c linux-2.6.27-ghost/net/core/dev_mcast.c --- linux-2.6.27/net/core/dev_mcast.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/core/dev_mcast.c 2009-11-24 22:37:47.000000000 +0100 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-2.6.27/net/core/rtnetlink.c linux-2.6.27-ghost/net/core/rtnetlink.c --- linux-2.6.27/net/core/rtnetlink.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/core/rtnetlink.c 2009-11-24 22:37:47.000000000 +0100 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -615,6 +636,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -686,6 +721,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -925,6 +978,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -963,6 +1028,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1165,6 +1241,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1219,6 +1306,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1253,6 +1342,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1272,14 +1366,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1311,6 +1412,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1326,6 +1432,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-2.6.27/net/ipv4/arp.c linux-2.6.27-ghost/net/ipv4/arp.c --- linux-2.6.27/net/ipv4/arp.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/arp.c 2009-11-24 22:37:47.000000000 +0100 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1309,9 +1316,21 @@ } #endif sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->primary_key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1322,9 +1341,21 @@ char tbuf[16]; sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-2.6.27/net/ipv4/devinet.c linux-2.6.27-ghost/net/ipv4/devinet.c --- linux-2.6.27/net/ipv4/devinet.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/devinet.c 2009-11-24 22:37:47.000000000 +0100 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -455,6 +463,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -504,6 +522,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -553,6 +582,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1170,6 +1205,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-2.6.27/net/ipv4/fib_frontend.c linux-2.6.27-ghost/net/ipv4/fib_frontend.c --- linux-2.6.27/net/ipv4/fib_frontend.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/fib_frontend.c 2009-11-24 22:37:47.000000000 +0100 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -45,6 +49,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -451,6 +460,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -465,6 +479,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -473,12 +503,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -585,6 +621,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -607,6 +653,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -622,6 +678,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -634,7 +696,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -659,6 +721,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-2.6.27/net/ipv4/fib_hash.c linux-2.6.27-ghost/net/ipv4/fib_hash.c --- linux-2.6.27/net/ipv4/fib_hash.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/fib_hash.c 2009-11-24 22:37:47.000000000 +0100 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -397,6 +407,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -580,7 +602,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1022,19 +1054,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-2.6.27/net/ipv4/fib_semantics.c linux-2.6.27-ghost/net/ipv4/fib_semantics.c --- linux-2.6.27/net/ipv4/fib_semantics.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/fib_semantics.c 2009-11-24 22:37:47.000000000 +0100 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -953,6 +961,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-2.6.27/net/ipv4/fib_trie.c linux-2.6.27-ghost/net/ipv4/fib_trie.c --- linux-2.6.27/net/ipv4/fib_trie.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/fib_trie.c 2009-11-24 22:37:47.000000000 +0100 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1195,6 +1206,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1623,7 +1646,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2583,7 +2616,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2596,13 +2650,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-2.6.27/net/ipv4/igmp.c linux-2.6.27-ghost/net/ipv4/igmp.c --- linux-2.6.27/net/ipv4/igmp.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/igmp.c 2009-11-24 22:37:47.000000000 +0100 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2382,8 +2389,18 @@ #endif if (state->in_dev->mc_list == im) { - seq_printf(seq, "%d\t%-10s: %5d %7s\n", - state->dev->ifindex, state->dev->name, state->dev->mc_count, querier); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, + state->dev->name, state->dev->mc_count, querier); + } +#else + seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, + state->dev->name, state->dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2543,14 +2560,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.27/net/ipv4/route.c linux-2.6.27-ghost/net/ipv4/route.c --- linux-2.6.27/net/ipv4/route.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv4/route.c 2009-11-24 22:37:47.000000000 +0100 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -368,6 +376,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -385,11 +401,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2675,8 +2691,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2759,7 +2780,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2781,6 +2802,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2806,13 +2838,31 @@ err = ip_route_output_key(net, &rt, &fl); } - if (err) + if (err) { goto errout_free; + } skb->rtable = rt; if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ + err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2827,6 +2877,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-2.6.27/net/ipv6/addrconf.c linux-2.6.27-ghost/net/ipv6/addrconf.c --- linux-2.6.27/net/ipv6/addrconf.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv6/addrconf.c 2009-11-24 22:37:47.000000000 +0100 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -80,6 +83,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -445,6 +453,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2143,6 +2231,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2157,6 +2249,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2986,6 +3087,23 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, + NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", + NIP6(ifp->addr), + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", NIP6(ifp->addr), @@ -2994,6 +3112,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3201,6 +3321,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3218,7 +3342,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3267,6 +3393,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3304,6 +3434,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3469,6 +3608,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3494,6 +3639,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3565,7 +3721,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3573,6 +3728,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3599,6 +3758,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3806,6 +3976,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3817,6 +3991,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3844,7 +4026,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-2.6.27/net/ipv6/ip6_fib.c linux-2.6.27-ghost/net/ipv6/ip6_fib.c --- linux-2.6.27/net/ipv6/ip6_fib.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv6/ip6_fib.c 2009-11-24 22:37:47.000000000 +0100 @@ -275,6 +275,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -316,7 +318,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-2.6.27/net/ipv6/Kconfig linux-2.6.27-ghost/net/ipv6/Kconfig --- linux-2.6.27/net/ipv6/Kconfig 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv6/Kconfig 2009-11-24 22:37:47.000000000 +0100 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-2.6.27/net/ipv6/mcast.c linux-2.6.27-ghost/net/ipv6/mcast.c --- linux-2.6.27/net/ipv6/mcast.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv6/mcast.c 2009-11-24 22:37:47.000000000 +0100 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2429,6 +2438,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + NIP6(im->mca_addr), + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2436,6 +2459,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2590,6 +2614,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + NIP6(state->im->mca_addr), + NIP6(psf->sf_addr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2597,6 +2635,7 @@ NIP6(psf->sf_addr), psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.27/net/ipv6/proc.c linux-2.6.27-ghost/net/ipv6/proc.c --- linux-2.6.27/net/ipv6/proc.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv6/proc.c 2009-11-24 22:37:47.000000000 +0100 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,7 +31,19 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +#ifdef CONFIG_GHOSTIFICATION +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#else static struct proc_dir_entry *proc_net_devsnmp6; +#endif /* CONFIG_GHOSTIFICATION */ static int sockstat6_seq_show(struct seq_file *seq, void *v) { @@ -199,6 +213,18 @@ return single_open(file, snmp6_seq_show, PDE(inode)->data); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -206,6 +232,7 @@ .llseek = seq_lseek, .release = single_release, }; +#endif /* CONFIG_GHOSTIFICATION */ int snmp6_register_dev(struct inet6_dev *idev) { diff -rNuad linux-2.6.27/net/ipv6/route.c linux-2.6.27-ghost/net/ipv6/route.c --- linux-2.6.27/net/ipv6/route.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/ipv6/route.c 2009-11-24 22:37:47.000000000 +0100 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1061,10 +1070,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1776,6 +1781,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2067,26 +2074,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2106,6 +2171,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2117,6 +2186,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2224,10 +2306,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2241,6 +2339,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2385,6 +2485,18 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(m, NIP6_SEQFMT " %02x ", NIP6(rt->rt6i_dst.addr), rt->rt6i_dst.plen); diff -rNuad linux-2.6.27/net/Kconfig linux-2.6.27-ghost/net/Kconfig --- linux-2.6.27/net/Kconfig 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/Kconfig 2009-11-24 22:37:47.000000000 +0100 @@ -172,6 +172,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -248,4 +347,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNuad linux-2.6.27/net/netfilter/core.c linux-2.6.27-ghost/net/netfilter/core.c --- linux-2.6.27/net/netfilter/core.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/netfilter/core.c 2009-11-24 22:37:47.000000000 +0100 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -177,7 +183,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { diff -rNuad linux-2.6.27/net/packet/af_packet.c linux-2.6.27-ghost/net/packet/af_packet.c --- linux-2.6.27/net/packet/af_packet.c 2008-10-10 00:13:53.000000000 +0200 +++ linux-2.6.27-ghost/net/packet/af_packet.c 2009-11-24 22:37:47.000000000 +0100 @@ -39,6 +39,7 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -82,6 +83,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -487,6 +493,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -609,6 +627,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2042,17 +2072,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.270000600000175000017500000005445012356733375023262 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.27 # Fri Nov 27 12:24:52 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # CONFIG_STATIC_LINK is not set # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_GENERIC=y CONFIG_X86_CPU=y CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 CONFIG_X86_DEBUGCTLMSR=y CONFIG_UML_X86=y CONFIG_X86_32=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_64BIT is not set # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_SUPPORTS_AOUT=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set # CONFIG_SPARSEMEM_VMEMMAP_ENABLE is not set CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_RESOURCES_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=0 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set # CONFIG_GROUP_SCHED is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_COMPAT_BRK=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_ANON_INODES=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_HAVE_OPROFILE is not set # CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is not set # CONFIG_HAVE_IOREMAP_PROT is not set # CONFIG_HAVE_KPROBES is not set # CONFIG_HAVE_KRETPROBES is not set # CONFIG_HAVE_ARCH_TRACEHOOK is not set # CONFIG_HAVE_DMA_ATTRS is not set # CONFIG_USE_GENERIC_SMP_HELPERS is not set # CONFIG_HAVE_CLK is not set CONFIG_PROC_PAGE_MONITOR=y # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_LBD is not set # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_LSF is not set # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" CONFIG_CLASSIC_RCU=y CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set # CONFIG_IP_VS is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y # # IP: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_RECENT=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y # # Bridge: Netfilter Configuration # CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # # Wireless # # CONFIG_CFG80211 is not set # CONFIG_WIRELESS_EXT is not set # CONFIG_MAC80211 is not set # CONFIG_IEEE80211 is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4DEV_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_MANAGER=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.26_x86_640000600000175000017500000005315612356733375024301 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.26 # Fri Nov 27 10:26:00 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # CONFIG_STATIC_LINK is not set # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set CONFIG_MK8=y # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_CPU=y # CONFIG_X86_CMPXCHG is not set CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_GOOD_APIC=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_MINIMUM_CPU_FAMILY=3 CONFIG_X86_DEBUGCTLMSR=y CONFIG_UML_X86=y CONFIG_64BIT=y CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y # CONFIG_ARCH_HAS_SC_SIGNALS is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set CONFIG_SMP_BROKEN=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_SUPPORTS_AOUT=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set # CONFIG_SPARSEMEM_VMEMMAP_ENABLE is not set CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_RESOURCES_64BIT=y CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=1 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_CGROUPS is not set # CONFIG_GROUP_SCHED is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_SYSCTL_SYSCALL_CHECK=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_COMPAT_BRK=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_ANON_INODES=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # CONFIG_HAVE_OPROFILE is not set # CONFIG_HAVE_KPROBES is not set # CONFIG_HAVE_KRETPROBES is not set # CONFIG_HAVE_DMA_ATTRS is not set CONFIG_PROC_PAGE_MONITOR=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_BLK_DEV_BSG is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" CONFIG_CLASSIC_RCU=y CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y # CONFIG_FW_LOADER is not set # CONFIG_SYS_HYPERVISOR is not set # # Networking # CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set # CONFIG_IP_VS is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y # # IP: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_RECENT=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y # # DECnet: Netfilter Configuration # # CONFIG_DECNET_NF_GRABULATOR is not set # # Bridge: Netfilter Configuration # CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_BRIDGE=y CONFIG_VLAN_8021Q=y CONFIG_DECNET=y # CONFIG_DECNET_ROUTER is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # # Wireless # # CONFIG_CFG80211 is not set # CONFIG_WIRELESS_EXT is not set # CONFIG_MAC80211 is not set # CONFIG_IEEE80211 is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y CONFIG_NETDEVICES_MULTIQUEUE=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # CONFIG_IWLWIFI_LEDS is not set # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4DEV_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_SUNRPC_BIND34=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_MANAGER=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=y # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set CONFIG_CRYPTO_SALSA20_X86_64=y # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZO is not set CONFIG_CRYPTO_HW=y # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_PLIST=y CONFIG_HAS_DMA=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.26-ghost_debian.patch0000600000175000017500000030411312356733375027167 0ustar lucaslucasdiff -rNuad linux-source-2.6.26/arch/um/drivers/vde_user.c linux-source-2.6.26-ghost/arch/um/drivers/vde_user.c --- linux-source-2.6.26/arch/um/drivers/vde_user.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/arch/um/drivers/vde_user.c 2009-11-29 18:44:01.000000000 +0000 @@ -77,8 +77,8 @@ void vde_init_libstuff(struct vde_data *vpri, struct vde_init *init) { struct vde_open_args *args; - - vpri->args = kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); + /* (ghost support) kmalloc is used instead of uml_kmalloc */ + vpri->args = uml_kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); if (vpri->args == NULL) { printk(UM_KERN_ERR "vde_init_libstuff - vde_open_args " "allocation failed"); diff -rNuad linux-source-2.6.26/include/linux/netdevice.h linux-source-2.6.26-ghost/include/linux/netdevice.h --- linux-source-2.6.26/include/linux/netdevice.h 2009-08-19 05:15:08.000000000 +0000 +++ linux-source-2.6.26-ghost/include/linux/netdevice.h 2009-11-29 18:44:01.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1571,4 +1573,12 @@ #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_DEV_H */ diff -rNuad linux-source-2.6.26/include/linux/sockios.h linux-source-2.6.26-ghost/include/linux/sockios.h --- linux-source-2.6.26/include/linux/sockios.h 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/include/linux/sockios.h 2009-11-29 18:44:01.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-source-2.6.26/include/net/ghostdebug.h linux-source-2.6.26-ghost/include/net/ghostdebug.h --- linux-source-2.6.26/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000 +++ linux-source-2.6.26-ghost/include/net/ghostdebug.h 2009-11-29 18:44:01.000000000 +0000 @@ -0,0 +1,91 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_INFO \ + "(ghost) " msg "\n", ##args) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-source-2.6.26/net/Kconfig linux-source-2.6.26-ghost/net/Kconfig --- linux-source-2.6.26/net/Kconfig 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/Kconfig 2009-11-29 18:44:01.000000000 +0000 @@ -175,6 +175,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -250,6 +349,95 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET endmenu # Networking diff -rNuad linux-source-2.6.26/net/core/dev.c linux-source-2.6.26-ghost/net/core/dev.c --- linux-source-2.6.26/net/core/dev.c 2009-08-19 05:15:10.000000000 +0000 +++ linux-source-2.6.26-ghost/net/core/dev.c 2009-11-29 18:44:01.000000000 +0000 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -124,6 +127,230 @@ #include "net-sysfs.h" /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -529,6 +756,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2361,11 +2595,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2433,24 +2676,27 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) { struct net_device_stats *stats = dev->get_stats(dev); - - seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " - "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", - dev->name, stats->rx_bytes, stats->rx_packets, - stats->rx_errors, - stats->rx_dropped + stats->rx_missed_errors, - stats->rx_fifo_errors, - stats->rx_length_errors + stats->rx_over_errors + - stats->rx_crc_errors + stats->rx_frame_errors, - stats->rx_compressed, stats->multicast, - stats->tx_bytes, stats->tx_packets, - stats->tx_errors, stats->tx_dropped, - stats->tx_fifo_errors, stats->collisions, - stats->tx_carrier_errors + - stats->tx_aborted_errors + - stats->tx_window_errors + - stats->tx_heartbeat_errors, - stats->tx_compressed); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " + "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", + dev->name, stats->rx_bytes, stats->rx_packets, + stats->rx_errors, + stats->rx_dropped + stats->rx_missed_errors, + stats->rx_fifo_errors, + stats->rx_length_errors + stats->rx_over_errors + + stats->rx_crc_errors + stats->rx_frame_errors, + stats->rx_compressed, stats->multicast, + stats->tx_bytes, stats->tx_packets, + stats->tx_errors, stats->tx_dropped, + stats->tx_fifo_errors, stats->collisions, + stats->tx_carrier_errors + + stats->tx_aborted_errors + + stats->tx_window_errors + + stats->tx_heartbeat_errors, + stats->tx_compressed); } /* @@ -3262,6 +3508,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = dev_get_flags(dev); @@ -3329,6 +3585,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -3472,6 +3739,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-source-2.6.26/net/core/dev_mcast.c linux-source-2.6.26-ghost/net/core/dev_mcast.c --- linux-source-2.6.26/net/core/dev_mcast.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/core/dev_mcast.c 2009-11-29 18:44:01.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_tx_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-source-2.6.26/net/core/rtnetlink.c linux-source-2.6.26-ghost/net/core/rtnetlink.c --- linux-source-2.6.26/net/core/rtnetlink.c 2009-08-19 05:15:10.000000000 +0000 +++ linux-source-2.6.26-ghost/net/core/rtnetlink.c 2009-11-29 18:44:01.000000000 +0000 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -612,6 +633,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -688,6 +723,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -927,6 +980,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -965,6 +1030,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1167,6 +1243,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1221,6 +1308,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1255,6 +1344,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1274,14 +1368,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1313,6 +1414,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1328,6 +1434,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-source-2.6.26/net/ipv4/arp.c linux-source-2.6.26-ghost/net/ipv4/arp.c --- linux-source-2.6.26/net/ipv4/arp.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/arp.c 2009-11-29 18:44:01.000000000 +0000 @@ -72,6 +72,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -118,6 +120,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1310,9 +1317,21 @@ } #endif sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->primary_key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1323,9 +1342,21 @@ char tbuf[16]; sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-source-2.6.26/net/ipv4/devinet.c linux-source-2.6.26-ghost/net/ipv4/devinet.c --- linux-source-2.6.26/net/ipv4/devinet.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/devinet.c 2009-11-29 18:44:01.000000000 +0000 @@ -25,6 +25,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -64,6 +67,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -455,6 +463,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -504,6 +522,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -553,6 +582,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1159,6 +1194,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-source-2.6.26/net/ipv4/fib_frontend.c linux-source-2.6.26-ghost/net/ipv4/fib_frontend.c --- linux-source-2.6.26/net/ipv4/fib_frontend.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/fib_frontend.c 2009-11-29 18:44:01.000000000 +0000 @@ -8,6 +8,10 @@ * Version: $Id: fib_frontend.c,v 1.26 2001/10/31 21:55:54 davem Exp $ * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -47,6 +51,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -453,6 +462,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -467,6 +481,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -475,12 +505,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -587,6 +623,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -609,6 +655,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -624,6 +680,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -636,7 +698,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -661,6 +723,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-source-2.6.26/net/ipv4/fib_hash.c linux-source-2.6.26-ghost/net/ipv4/fib_hash.c --- linux-source-2.6.26/net/ipv4/fib_hash.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/fib_hash.c 2009-11-29 18:44:01.000000000 +0000 @@ -8,6 +8,11 @@ * Version: $Id: fib_hash.c,v 1.13 2001/10/31 21:55:54 davem Exp $ * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -43,6 +48,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -399,6 +409,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -582,7 +604,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1024,19 +1056,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-source-2.6.26/net/ipv4/fib_semantics.c linux-source-2.6.26-ghost/net/ipv4/fib_semantics.c --- linux-source-2.6.26/net/ipv4/fib_semantics.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/fib_semantics.c 2009-11-29 18:44:01.000000000 +0000 @@ -13,6 +13,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -45,6 +48,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -955,6 +963,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-source-2.6.26/net/ipv4/fib_trie.c linux-source-2.6.26-ghost/net/ipv4/fib_trie.c --- linux-source-2.6.26/net/ipv4/fib_trie.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/fib_trie.c 2009-11-29 18:44:01.000000000 +0000 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -82,6 +88,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1197,6 +1208,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1625,7 +1648,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2603,7 +2636,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2616,13 +2670,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-source-2.6.26/net/ipv4/igmp.c linux-source-2.6.26-ghost/net/ipv4/igmp.c --- linux-source-2.6.26/net/ipv4/igmp.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/igmp.c 2009-11-29 18:44:01.000000000 +0000 @@ -70,6 +70,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -107,6 +109,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2415,8 +2422,18 @@ #endif if (state->in_dev->mc_list == im) { - seq_printf(seq, "%d\t%-10s: %5d %7s\n", - state->dev->ifindex, state->dev->name, state->dev->mc_count, querier); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, + state->dev->name, state->dev->mc_count, querier); + } +#else + seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, + state->dev->name, state->dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2576,14 +2593,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-source-2.6.26/net/ipv4/route.c linux-source-2.6.26-ghost/net/ipv4/route.c --- linux-source-2.6.26/net/ipv4/route.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv4/route.c 2009-11-29 18:44:01.000000000 +0000 @@ -57,6 +57,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -110,6 +113,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -366,6 +374,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -383,11 +399,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2632,8 +2648,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2716,7 +2737,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2738,6 +2759,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2763,13 +2795,31 @@ err = ip_route_output_key(net, &rt, &fl); } - if (err) + if (err) { goto errout_free; + } skb->rtable = rt; if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ + err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2784,6 +2834,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-source-2.6.26/net/ipv6/Kconfig linux-source-2.6.26-ghost/net/ipv6/Kconfig --- linux-source-2.6.26/net/ipv6/Kconfig 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv6/Kconfig 2009-11-29 18:44:01.000000000 +0000 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select XFRM select INET6_XFRM_TUNNEL select CRYPTO @@ -107,7 +111,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -116,16 +120,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -134,7 +138,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -143,7 +147,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -152,14 +156,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -176,7 +180,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-source-2.6.26/net/ipv6/addrconf.c linux-source-2.6.26-ghost/net/ipv6/addrconf.c --- linux-source-2.6.26/net/ipv6/addrconf.c 2009-08-19 05:15:09.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv6/addrconf.c 2009-11-29 18:44:01.000000000 +0000 @@ -38,6 +38,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -82,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -429,6 +437,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2097,6 +2185,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2111,6 +2203,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2934,6 +3035,23 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, + NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", + NIP6(ifp->addr), + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", NIP6(ifp->addr), @@ -2942,6 +3060,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3149,6 +3269,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3166,7 +3290,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3215,6 +3341,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3252,6 +3382,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3417,6 +3556,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3442,6 +3587,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3513,7 +3669,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3521,6 +3676,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3547,6 +3706,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3752,6 +3922,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3763,6 +3937,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3790,7 +3972,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-source-2.6.26/net/ipv6/ip6_fib.c linux-source-2.6.26-ghost/net/ipv6/ip6_fib.c --- linux-source-2.6.26/net/ipv6/ip6_fib.c 2009-08-19 05:15:09.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv6/ip6_fib.c 2009-11-29 18:44:01.000000000 +0000 @@ -277,6 +277,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -318,7 +320,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-source-2.6.26/net/ipv6/mcast.c linux-source-2.6.26-ghost/net/ipv6/mcast.c --- linux-source-2.6.26/net/ipv6/mcast.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv6/mcast.c 2009-11-29 18:44:01.000000000 +0000 @@ -26,6 +26,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -63,6 +67,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2436,6 +2445,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + NIP6(im->mca_addr), + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2443,6 +2466,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2597,6 +2621,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + NIP6(state->im->mca_addr), + NIP6(psf->sf_addr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2604,6 +2642,7 @@ NIP6(psf->sf_addr), psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-source-2.6.26/net/ipv6/proc.c linux-source-2.6.26-ghost/net/ipv6/proc.c --- linux-source-2.6.26/net/ipv6/proc.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv6/proc.c 2009-11-29 18:44:01.000000000 +0000 @@ -11,6 +11,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,7 +33,19 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +#ifdef CONFIG_GHOSTIFICATION +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#else static struct proc_dir_entry *proc_net_devsnmp6; +#endif /* CONFIG_GHOSTIFICATION */ static int sockstat6_seq_show(struct seq_file *seq, void *v) { @@ -226,6 +240,18 @@ return single_open(file, snmp6_seq_show, PDE(inode)->data); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -233,6 +259,7 @@ .llseek = seq_lseek, .release = single_release, }; +#endif /* CONFIG_GHOSTIFICATION */ int snmp6_register_dev(struct inet6_dev *idev) { diff -rNuad linux-source-2.6.26/net/ipv6/route.c linux-source-2.6.26-ghost/net/ipv6/route.c --- linux-source-2.6.26/net/ipv6/route.c 2009-08-19 05:15:10.000000000 +0000 +++ linux-source-2.6.26-ghost/net/ipv6/route.c 2009-11-29 18:44:01.000000000 +0000 @@ -24,6 +24,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -62,6 +66,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1053,10 +1062,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1768,6 +1773,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2064,9 +2071,34 @@ struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } @@ -2076,9 +2108,34 @@ struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2109,6 +2166,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2216,10 +2286,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2233,6 +2319,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2377,6 +2465,18 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(m, NIP6_SEQFMT " %02x ", NIP6(rt->rt6i_dst.addr), rt->rt6i_dst.plen); diff -rNuad linux-source-2.6.26/net/netfilter/core.c linux-source-2.6.26-ghost/net/netfilter/core.c --- linux-source-2.6.26/net/netfilter/core.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/netfilter/core.c 2009-11-29 18:44:01.000000000 +0000 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -177,7 +183,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { diff -rNuad linux-source-2.6.26/net/packet/af_packet.c linux-source-2.6.26-ghost/net/packet/af_packet.c --- linux-source-2.6.26/net/packet/af_packet.c 2008-07-13 21:51:29.000000000 +0000 +++ linux-source-2.6.26-ghost/net/packet/af_packet.c 2009-11-29 18:44:01.000000000 +0000 @@ -41,6 +41,7 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -84,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -448,6 +454,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -565,6 +583,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -1900,17 +1930,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.31_x86_640000600000175000017500000005561012356733375024272 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.31 # Fri Nov 27 10:21:19 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set CONFIG_MK8=y # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_CPU=y CONFIG_X86_L1_CACHE_BYTES=64 CONFIG_X86_INTERNODE_CACHE_BYTES=64 # CONFIG_X86_CMPXCHG is not set CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=3 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_UML_X86=y CONFIG_64BIT=y # CONFIG_X86_32 is not set # CONFIG_RWSEM_XCHGADD_ALGORITHM is not set CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_3_LEVEL_PGTABLES=y # CONFIG_ARCH_HAS_SC_SIGNALS is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set CONFIG_SMP_BROKEN=y CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_HAVE_MLOCK=y CONFIG_HAVE_MLOCKED_PAGE_BIT=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y CONFIG_KERNEL_STACK_ORDER=1 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_CLASSIC_RCU=y # CONFIG_TREE_RCU is not set # CONFIG_PREEMPT_RCU is not set # CONFIG_TREE_RCU_TRACE is not set # CONFIG_PREEMPT_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y # # Performance Counters # CONFIG_VM_EVENT_COUNTERS=y # CONFIG_STRIP_ASM_SYMS is not set CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # # GCOV-based kernel profiling # # CONFIG_SLOW_WORK is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_CRYPTOLOOP=y CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_NETFILTER_XT_MATCH_OSF is not set # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set # CONFIG_IEEE802154 is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y # CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set CONFIG_FILE_LOCKING=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set # CONFIG_MISC_FILESYSTEMS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y # CONFIG_NFS_V4_1 is not set CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=y # CONFIG_CRYPTO_AES_NI_INTEL is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set CONFIG_CRYPTO_SALSA20_X86_64=y # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_HAS_DMA=y CONFIG_NLATTR=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_LOG_USERSPACE is not set # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.310000600000175000017500000005715512356733375023262 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.31 # Fri Nov 27 12:46:13 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_GENERIC=y CONFIG_X86_CPU=y CONFIG_X86_L1_CACHE_BYTES=64 CONFIG_X86_INTERNODE_CACHE_BYTES=64 CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=5 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_X86_32=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_RWSEM_GENERIC_SPINLOCK is not set # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y # CONFIG_SMP_BROKEN is not set CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_PHYS_ADDR_T_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_HAVE_MLOCK=y CONFIG_HAVE_MLOCKED_PAGE_BIT=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=0 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_CLASSIC_RCU=y # CONFIG_TREE_RCU is not set # CONFIG_PREEMPT_RCU is not set # CONFIG_TREE_RCU_TRACE is not set # CONFIG_PREEMPT_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y # # Performance Counters # CONFIG_VM_EVENT_COUNTERS=y # CONFIG_STRIP_ASM_SYMS is not set CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # CONFIG_MARKERS is not set # # GCOV-based kernel profiling # # CONFIG_SLOW_WORK is not set # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y CONFIG_LBDAF=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_NETFILTER_XT_MATCH_OSF is not set # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set # CONFIG_IEEE802154 is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # # Wireless LAN # # CONFIG_WLAN_PRE80211 is not set # CONFIG_WLAN_80211 is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y # CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set CONFIG_FILE_LOCKING=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set # CONFIG_NILFS2_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y # CONFIG_NFS_V4_1 is not set CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # # CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_HAS_DMA=y CONFIG_NLATTR=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_LOG_USERSPACE is not set # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/CONFIG-2.6.320000600000175000017500000005730712356733375023262 0ustar lucaslucas# # Automatically generated make config: don't edit # Linux kernel version: 2.6.32 # Sat Dec 5 13:08:27 2009 # CONFIG_DEFCONFIG_LIST="arch/$ARCH/defconfig" CONFIG_GENERIC_HARDIRQS=y CONFIG_UML=y CONFIG_MMU=y CONFIG_NO_IOMEM=y # CONFIG_TRACE_IRQFLAGS_SUPPORT is not set CONFIG_LOCKDEP_SUPPORT=y # CONFIG_STACKTRACE_SUPPORT is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_TIME=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_IRQ_RELEASE_METHOD=y CONFIG_HZ=100 # # UML-specific options # # # Host processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set CONFIG_M686=y # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MPENTIUM4 is not set # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set # CONFIG_MATOM is not set # CONFIG_GENERIC_CPU is not set CONFIG_X86_GENERIC=y CONFIG_X86_CPU=y CONFIG_X86_L1_CACHE_BYTES=64 CONFIG_X86_INTERNODE_CACHE_BYTES=64 CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=5 CONFIG_X86_XADD=y CONFIG_X86_PPRO_FENCE=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=5 CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_CPU_SUP_TRANSMETA_32=y CONFIG_CPU_SUP_UMC_32=y CONFIG_UML_X86=y # CONFIG_64BIT is not set CONFIG_X86_32=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_RWSEM_GENERIC_SPINLOCK is not set # CONFIG_3_LEVEL_PGTABLES is not set CONFIG_ARCH_HAS_SC_SIGNALS=y CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA=y # CONFIG_SMP_BROKEN is not set CONFIG_GENERIC_HWEIGHT=y # CONFIG_STATIC_LINK is not set CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_PHYS_ADDR_T_64BIT is not set CONFIG_ZONE_DMA_FLAG=0 CONFIG_VIRT_TO_BUS=y CONFIG_HAVE_MLOCK=y CONFIG_HAVE_MLOCKED_PAGE_BIT=y # CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_LD_SCRIPT_DYN=y CONFIG_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y # CONFIG_HPPFS is not set CONFIG_MCONSOLE=y CONFIG_MAGIC_SYSRQ=y # CONFIG_HIGHMEM is not set CONFIG_KERNEL_STACK_ORDER=0 # # General setup # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=128 CONFIG_LOCALVERSION="-marionnet-ghost" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set # CONFIG_TASKSTATS is not set # CONFIG_AUDIT is not set # # RCU Subsystem # CONFIG_TREE_RCU=y # CONFIG_TREE_PREEMPT_RCU is not set # CONFIG_RCU_TRACE is not set CONFIG_RCU_FANOUT=32 # CONFIG_RCU_FANOUT_EXACT is not set # CONFIG_TREE_RCU_TRACE is not set CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_RELAY is not set CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set # CONFIG_BLK_DEV_INITRD is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_EXTRA_PASS=y CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y # # Kernel Performance Events And Counters # CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set # CONFIG_PROFILING is not set # # GCOV-based kernel profiling # CONFIG_SLOW_WORK=y # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 # CONFIG_MODULES is not set CONFIG_BLOCK=y CONFIG_LBDAF=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_BLK_DEV_INTEGRITY is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # CONFIG_FREEZER is not set CONFIG_BLK_DEV=y CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_BLK_DEV_NBD=y # CONFIG_BLK_DEV_RAM is not set # CONFIG_ATA_OVER_ETH is not set # # Character Devices # CONFIG_STDERR_CONSOLE=y CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pts" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y # CONFIG_RAW_DRIVER is not set CONFIG_LEGACY_PTY_COUNT=32 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_SOUND_OSS_CORE=y CONFIG_HOSTAUDIO=y # CONFIG_HW_RANDOM is not set CONFIG_UML_RANDOM=y # CONFIG_MMAPPER is not set # # Generic Driver Options # CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" # CONFIG_DEVTMPFS is not set CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y CONFIG_FIRMWARE_IN_KERNEL=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_SYS_HYPERVISOR is not set CONFIG_NET=y # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y CONFIG_XFRM_USER=y # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y # CONFIG_NET_KEY_MIGRATE is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_SYN_COOKIES=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y # CONFIG_INET_LRO is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y # CONFIG_IPV6_PRIVACY is not set # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set # CONFIG_INET6_IPCOMP is not set # CONFIG_IPV6_MIP6 is not set # CONFIG_INET6_XFRM_TUNNEL is not set # CONFIG_INET6_TUNNEL is not set CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set CONFIG_IPV6_SIT=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_NETWORK_SECMARK is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NETFILTER_TPROXY is not set CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_DSCP=y CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y CONFIG_NETFILTER_XT_TARGET_NOTRACK=y CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_DCCP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y # CONFIG_NETFILTER_XT_MATCH_RECENT is not set CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # CONFIG_NETFILTER_XT_MATCH_OSF is not set # CONFIG_IP_VS is not set # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_NF_NAT_SNMP_BASIC=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # CONFIG_NF_CONNTRACK_IPV6=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_MH=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y CONFIG_BRIDGE_NF_EBTABLES=y CONFIG_BRIDGE_EBT_BROUTE=y CONFIG_BRIDGE_EBT_T_FILTER=y CONFIG_BRIDGE_EBT_T_NAT=y CONFIG_BRIDGE_EBT_802_3=y CONFIG_BRIDGE_EBT_AMONG=y CONFIG_BRIDGE_EBT_ARP=y CONFIG_BRIDGE_EBT_IP=y CONFIG_BRIDGE_EBT_IP6=y CONFIG_BRIDGE_EBT_LIMIT=y CONFIG_BRIDGE_EBT_MARK=y CONFIG_BRIDGE_EBT_PKTTYPE=y CONFIG_BRIDGE_EBT_STP=y CONFIG_BRIDGE_EBT_VLAN=y CONFIG_BRIDGE_EBT_ARPREPLY=y CONFIG_BRIDGE_EBT_DNAT=y CONFIG_BRIDGE_EBT_MARK_T=y CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_ULOG=y CONFIG_BRIDGE_EBT_NFLOG=y CONFIG_GHOSTIFICATION_NETFILTER=y CONFIG_GHOSTIFICATION_NETFILTER_ALL=y # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set # CONFIG_ATM is not set CONFIG_STP=y CONFIG_GARP=y CONFIG_BRIDGE=y # CONFIG_NET_DSA is not set CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set CONFIG_LLC=y CONFIG_LLC2=y # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_PHONET is not set # CONFIG_IEEE802154 is not set CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_HFSC=y CONFIG_NET_SCH_PRIO=y # CONFIG_NET_SCH_MULTIQ is not set CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_NETEM=y # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_INGRESS is not set # # Classification # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_FLOW=y CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=y CONFIG_NET_EMATCH_NBYTE=y CONFIG_NET_EMATCH_U32=y CONFIG_NET_EMATCH_META=y CONFIG_NET_EMATCH_TEXT=y CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=y CONFIG_NET_ACT_IPT=y CONFIG_NET_ACT_NAT=y CONFIG_NET_ACT_PEDIT=y # CONFIG_NET_ACT_SIMP is not set # CONFIG_NET_ACT_SKBEDIT is not set CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set CONFIG_GHOSTIFICATION=y CONFIG_GHOSTIFICATION_NUM=9 CONFIG_GHOSTIFICATION_MESG=y CONFIG_GHOSTIFICATION_PRINTK=y # CONFIG_GHOSTIFICATION_DEBUG is not set # CONFIG_GHOSTIFICATION_DEVEL is not set # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_VDE=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_PCAP=y CONFIG_UML_NET_SLIRP=y CONFIG_NETDEVICES=y # CONFIG_IFB is not set CONFIG_DUMMY=y CONFIG_BONDING=y CONFIG_MACVLAN=y # CONFIG_EQUALIZER is not set CONFIG_TUN=y # CONFIG_VETH is not set # CONFIG_WLAN is not set # # Enable WiMAX (Networking options) to see the WiMAX drivers # # CONFIG_WAN is not set CONFIG_PPP=y # CONFIG_PPP_MULTILINK is not set # CONFIG_PPP_FILTER is not set # CONFIG_PPP_ASYNC is not set # CONFIG_PPP_SYNC_TTY is not set # CONFIG_PPP_DEFLATE is not set # CONFIG_PPP_BSDCOMP is not set # CONFIG_PPP_MPPE is not set # CONFIG_PPPOE is not set # CONFIG_PPPOL2TP is not set CONFIG_SLIP=y # CONFIG_SLIP_COMPRESSED is not set CONFIG_SLHC=y # CONFIG_SLIP_SMART is not set # CONFIG_SLIP_MODE_SLIP6 is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_CONNECTOR is not set # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y # CONFIG_EXT2_FS_SECURITY is not set # CONFIG_EXT2_FS_XIP is not set CONFIG_EXT3_FS=y CONFIG_EXT3_DEFAULTS_TO_ORDERED=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y # CONFIG_EXT4_FS is not set CONFIG_JBD=y CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set # CONFIG_BTRFS_FS is not set # CONFIG_NILFS2_FS is not set CONFIG_FILE_LOCKING=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y # CONFIG_QFMT_V1 is not set # CONFIG_QFMT_V2 is not set CONFIG_QUOTACTL=y CONFIG_AUTOFS_FS=y CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # Caches # # CONFIG_FSCACHE is not set # # CD-ROM/DVD Filesystems # # CONFIG_ISO9660_FS is not set # CONFIG_UDF_FS is not set # # DOS/FAT/NT Filesystems # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_MINIX_FS is not set # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y # CONFIG_NFS_V4_1 is not set CONFIG_NFSD=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_LOCKD=y CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=y CONFIG_NFS_ACL_SUPPORT=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_SPKM3=y # CONFIG_SMB_FS is not set CONFIG_CIFS=y # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y CONFIG_CIFS_DEBUG2=y # CONFIG_CIFS_EXPERIMENTAL is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # # Partition Types # CONFIG_PARTITION_ADVANCED=y # CONFIG_ACORN_PARTITION is not set # CONFIG_OSF_PARTITION is not set # CONFIG_AMIGA_PARTITION is not set # CONFIG_ATARI_PARTITION is not set # CONFIG_MAC_PARTITION is not set CONFIG_MSDOS_PARTITION=y # CONFIG_BSD_DISKLABEL is not set # CONFIG_MINIX_SUBPARTITION is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set # CONFIG_LDM_PARTITION is not set # CONFIG_SGI_PARTITION is not set # CONFIG_ULTRIX_PARTITION is not set # CONFIG_SUN_PARTITION is not set # CONFIG_KARMA_PARTITION is not set # CONFIG_EFI_PARTITION is not set # CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set # CONFIG_NLS_ISO8859_1 is not set # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # CONFIG_DLM is not set # # Security options # # CONFIG_KEYS is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_AUTHENC=y # # Authenticated Encryption with Associated Data # # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_GCM is not set # CONFIG_CRYPTO_SEQIV is not set # # Block modes # CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # # Hash modes # CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_XCBC is not set # CONFIG_CRYPTO_VMAC is not set # # Digest # CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_GHASH is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_WP512 is not set # # Ciphers # # CONFIG_CRYPTO_AES is not set # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_CAMELLIA is not set CONFIG_CRYPTO_CAST5=y # CONFIG_CRYPTO_CAST6 is not set CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_SALSA20 is not set # CONFIG_CRYPTO_SALSA20_586 is not set # CONFIG_CRYPTO_SEED is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_586 is not set # # Compression # CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_ZLIB is not set # CONFIG_CRYPTO_LZO is not set # # Random Number Generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_HW=y # CONFIG_BINARY_PRINTF is not set # # Library routines # CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_FIND_NEXT_BIT=y CONFIG_GENERIC_FIND_LAST_BIT=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y CONFIG_TEXTSEARCH_FSM=y CONFIG_HAS_DMA=y CONFIG_NLATTR=y # # SCSI device support # # CONFIG_RAID_ATTRS is not set # CONFIG_SCSI is not set # CONFIG_SCSI_DMA is not set # CONFIG_SCSI_NETLINK is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y # CONFIG_DM_LOG_USERSPACE is not set # CONFIG_DM_ZERO is not set # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_UEVENT is not set # CONFIG_NEW_LEDS is not set # CONFIG_INPUT is not set # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=1024 # CONFIG_STRIP_ASM_SYMS is not set # CONFIG_UNUSED_SYMBOLS is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_SAMPLES is not set # CONFIG_DEBUG_STACK_USAGE is not set marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.28-ghost.patch0000600000175000017500000030554412356733375025700 0ustar lucaslucasdiff -rNaud linux-2.6.28/arch/um/drivers/vde_user.c linux-2.6.28-ghost/arch/um/drivers/vde_user.c --- linux-2.6.28/arch/um/drivers/vde_user.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/arch/um/drivers/vde_user.c 2009-11-26 22:24:32.000000000 +0000 @@ -77,8 +77,8 @@ void vde_init_libstuff(struct vde_data *vpri, struct vde_init *init) { struct vde_open_args *args; - - vpri->args = kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); + /* (ghost support) kmalloc is used instead of uml_kmalloc */ + vpri->args = uml_kmalloc(sizeof(struct vde_open_args), UM_GFP_KERNEL); if (vpri->args == NULL) { printk(UM_KERN_ERR "vde_init_libstuff - vde_open_args " "allocation failed"); diff -rNaud linux-2.6.28/include/linux/netdevice.h linux-2.6.28-ghost/include/linux/netdevice.h --- linux-2.6.28/include/linux/netdevice.h 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/include/linux/netdevice.h 2009-11-26 22:24:32.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1771,4 +1773,12 @@ #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_DEV_H */ diff -rNaud linux-2.6.28/include/linux/sockios.h linux-2.6.28-ghost/include/linux/sockios.h --- linux-2.6.28/include/linux/sockios.h 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/include/linux/sockios.h 2009-11-26 22:24:32.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNaud linux-2.6.28/include/net/ghostdebug.h linux-2.6.28-ghost/include/net/ghostdebug.h --- linux-2.6.28/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000 +++ linux-2.6.28-ghost/include/net/ghostdebug.h 2009-11-26 22:24:32.000000000 +0000 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNaud linux-2.6.28/kernel/softirq.c linux-2.6.28-ghost/kernel/softirq.c --- linux-2.6.28/kernel/softirq.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/kernel/softirq.c 2009-11-26 22:24:32.000000000 +0000 @@ -123,8 +123,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -135,7 +138,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNaud linux-2.6.28/net/Kconfig linux-2.6.28-ghost/net/Kconfig --- linux-2.6.28/net/Kconfig 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/Kconfig 2009-11-26 22:24:32.000000000 +0000 @@ -172,6 +172,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -254,4 +353,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNaud linux-2.6.28/net/core/dev.c linux-2.6.28-ghost/net/core/dev.c --- linux-2.6.28/net/core/dev.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/core/dev.c 2009-11-26 22:24:32.000000000 +0000 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -131,6 +134,230 @@ #include "net-sysfs.h" /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -550,6 +777,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2544,11 +2778,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2616,24 +2859,27 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) { struct net_device_stats *stats = dev->get_stats(dev); - - seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " - "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", - dev->name, stats->rx_bytes, stats->rx_packets, - stats->rx_errors, - stats->rx_dropped + stats->rx_missed_errors, - stats->rx_fifo_errors, - stats->rx_length_errors + stats->rx_over_errors + - stats->rx_crc_errors + stats->rx_frame_errors, - stats->rx_compressed, stats->multicast, - stats->tx_bytes, stats->tx_packets, - stats->tx_errors, stats->tx_dropped, - stats->tx_fifo_errors, stats->collisions, - stats->tx_carrier_errors + - stats->tx_aborted_errors + - stats->tx_window_errors + - stats->tx_heartbeat_errors, - stats->tx_compressed); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " + "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", + dev->name, stats->rx_bytes, stats->rx_packets, + stats->rx_errors, + stats->rx_dropped + stats->rx_missed_errors, + stats->rx_fifo_errors, + stats->rx_length_errors + stats->rx_over_errors + + stats->rx_crc_errors + stats->rx_frame_errors, + stats->rx_compressed, stats->multicast, + stats->tx_bytes, stats->tx_packets, + stats->tx_errors, stats->tx_dropped, + stats->tx_fifo_errors, stats->collisions, + stats->tx_carrier_errors + + stats->tx_aborted_errors + + stats->tx_window_errors + + stats->tx_heartbeat_errors, + stats->tx_compressed); } /* @@ -3512,6 +3758,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = dev_get_flags(dev); @@ -3579,6 +3835,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -3722,6 +3989,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNaud linux-2.6.28/net/core/dev_mcast.c linux-2.6.28-ghost/net/core/dev_mcast.c --- linux-2.6.28/net/core/dev_mcast.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/core/dev_mcast.c 2009-11-26 22:24:32.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNaud linux-2.6.28/net/core/rtnetlink.c linux-2.6.28-ghost/net/core/rtnetlink.c --- linux-2.6.28/net/core/rtnetlink.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/core/rtnetlink.c 2009-11-26 22:24:32.000000000 +0000 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -616,6 +637,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -690,6 +725,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -940,6 +993,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -978,6 +1043,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1180,6 +1256,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1234,6 +1321,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1268,6 +1357,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1287,14 +1381,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1326,6 +1427,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1341,6 +1447,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNaud linux-2.6.28/net/ipv4/arp.c linux-2.6.28-ghost/net/ipv4/arp.c --- linux-2.6.28/net/ipv4/arp.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/arp.c 2009-11-26 22:24:32.000000000 +0000 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1309,9 +1316,21 @@ } #endif sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->primary_key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1322,9 +1341,21 @@ char tbuf[16]; sprintf(tbuf, NIPQUAD_FMT, NIPQUAD(*(u32*)n->key)); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNaud linux-2.6.28/net/ipv4/devinet.c linux-2.6.28-ghost/net/ipv4/devinet.c --- linux-2.6.28/net/ipv4/devinet.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/devinet.c 2009-11-26 22:24:32.000000000 +0000 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -455,6 +463,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -504,6 +522,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -553,6 +582,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1168,6 +1203,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNaud linux-2.6.28/net/ipv4/fib_frontend.c linux-2.6.28-ghost/net/ipv4/fib_frontend.c --- linux-2.6.28/net/ipv4/fib_frontend.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/fib_frontend.c 2009-11-26 22:24:32.000000000 +0000 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -45,6 +49,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -451,6 +460,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -465,6 +479,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -473,12 +503,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -585,6 +621,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -607,6 +653,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -622,6 +678,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -634,7 +696,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -659,6 +721,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNaud linux-2.6.28/net/ipv4/fib_hash.c linux-2.6.28-ghost/net/ipv4/fib_hash.c --- linux-2.6.28/net/ipv4/fib_hash.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/fib_hash.c 2009-11-26 22:24:32.000000000 +0000 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -397,6 +407,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -580,7 +602,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1022,19 +1054,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNaud linux-2.6.28/net/ipv4/fib_semantics.c linux-2.6.28-ghost/net/ipv4/fib_semantics.c --- linux-2.6.28/net/ipv4/fib_semantics.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/fib_semantics.c 2009-11-26 22:24:32.000000000 +0000 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -953,6 +961,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNaud linux-2.6.28/net/ipv4/fib_trie.c linux-2.6.28-ghost/net/ipv4/fib_trie.c --- linux-2.6.28/net/ipv4/fib_trie.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/fib_trie.c 2009-11-26 22:24:32.000000000 +0000 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1195,6 +1206,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1623,7 +1646,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2583,7 +2616,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2596,13 +2650,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNaud linux-2.6.28/net/ipv4/igmp.c linux-2.6.28-ghost/net/ipv4/igmp.c --- linux-2.6.28/net/ipv4/igmp.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/igmp.c 2009-11-26 22:24:32.000000000 +0000 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2385,8 +2392,18 @@ #endif if (state->in_dev->mc_list == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2546,14 +2563,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNaud linux-2.6.28/net/ipv4/route.c linux-2.6.28-ghost/net/ipv4/route.c --- linux-2.6.28/net/ipv4/route.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv4/route.c 2009-11-26 22:24:32.000000000 +0000 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -373,6 +381,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -390,11 +406,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2691,8 +2707,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2775,7 +2796,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2797,6 +2818,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2822,13 +2854,31 @@ err = ip_route_output_key(net, &rt, &fl); } - if (err) + if (err) { goto errout_free; + } skb->rtable = rt; if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ + err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2843,6 +2893,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNaud linux-2.6.28/net/ipv6/Kconfig linux-2.6.28-ghost/net/ipv6/Kconfig --- linux-2.6.28/net/ipv6/Kconfig 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv6/Kconfig 2009-11-26 22:24:32.000000000 +0000 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNaud linux-2.6.28/net/ipv6/addrconf.c linux-2.6.28-ghost/net/ipv6/addrconf.c --- linux-2.6.28/net/ipv6/addrconf.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv6/addrconf.c 2009-11-26 22:24:32.000000000 +0000 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -80,6 +83,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -445,6 +453,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2143,6 +2231,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2157,6 +2249,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2988,6 +3089,23 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, + NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", + NIP6(ifp->addr), + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, NIP6_SEQFMT " %02x %02x %02x %02x %8s\n", NIP6(ifp->addr), @@ -2996,6 +3114,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3203,6 +3323,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3220,7 +3344,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3269,6 +3395,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3306,6 +3436,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3471,6 +3610,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3496,6 +3641,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3567,7 +3723,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3575,6 +3730,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3601,6 +3760,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3808,6 +3978,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3819,6 +3993,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3846,7 +4028,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNaud linux-2.6.28/net/ipv6/ip6_fib.c linux-2.6.28-ghost/net/ipv6/ip6_fib.c --- linux-2.6.28/net/ipv6/ip6_fib.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv6/ip6_fib.c 2009-11-26 22:24:32.000000000 +0000 @@ -275,6 +275,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -316,7 +318,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNaud linux-2.6.28/net/ipv6/mcast.c linux-2.6.28-ghost/net/ipv6/mcast.c --- linux-2.6.28/net/ipv6/mcast.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv6/mcast.c 2009-11-26 22:24:32.000000000 +0000 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2429,6 +2438,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + NIP6(im->mca_addr), + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s " NIP6_SEQFMT " %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2436,6 +2459,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2590,6 +2614,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + NIP6(state->im->mca_addr), + NIP6(psf->sf_addr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s " NIP6_SEQFMT " " NIP6_SEQFMT " %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2597,6 +2635,7 @@ NIP6(psf->sf_addr), psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNaud linux-2.6.28/net/ipv6/proc.c linux-2.6.28-ghost/net/ipv6/proc.c --- linux-2.6.28/net/ipv6/proc.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv6/proc.c 2009-11-26 22:28:53.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +31,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -194,6 +206,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -201,6 +225,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -rNaud linux-2.6.28/net/ipv6/route.c linux-2.6.28-ghost/net/ipv6/route.c --- linux-2.6.28/net/ipv6/route.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/ipv6/route.c 2009-11-26 22:24:32.000000000 +0000 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1080,10 +1089,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1795,6 +1800,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2090,26 +2097,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2129,6 +2194,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2140,6 +2209,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2247,10 +2329,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2264,6 +2362,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2408,6 +2508,18 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ + seq_printf(m, NIP6_SEQFMT " %02x ", NIP6(rt->rt6i_dst.addr), rt->rt6i_dst.plen); diff -rNaud linux-2.6.28/net/netfilter/core.c linux-2.6.28-ghost/net/netfilter/core.c --- linux-2.6.28/net/netfilter/core.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/netfilter/core.c 2009-11-26 22:24:32.000000000 +0000 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { diff -rNaud linux-2.6.28/net/packet/af_packet.c linux-2.6.28-ghost/net/packet/af_packet.c --- linux-2.6.28/net/packet/af_packet.c 2008-12-24 23:26:37.000000000 +0000 +++ linux-2.6.28-ghost/net/packet/af_packet.c 2009-11-26 22:24:32.000000000 +0000 @@ -39,6 +39,7 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -82,6 +83,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -487,6 +493,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -609,6 +627,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2042,17 +2072,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.29-ghost.patch0000600000175000017500000030153112356733375025671 0ustar lucaslucasdiff -rNuad linux-2.6.29/include/linux/netdevice.h linux-2.6.29-ghost/include/linux/netdevice.h --- linux-2.6.29/include/linux/netdevice.h 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/include/linux/netdevice.h 2009-11-26 22:38:27.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -1896,4 +1898,12 @@ extern struct pernet_operations __net_initdata loopback_net_ops; #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_DEV_H */ diff -rNuad linux-2.6.29/include/linux/sockios.h linux-2.6.29-ghost/include/linux/sockios.h --- linux-2.6.29/include/linux/sockios.h 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/include/linux/sockios.h 2009-11-26 22:38:27.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-2.6.29/include/net/ghostdebug.h linux-2.6.29-ghost/include/net/ghostdebug.h --- linux-2.6.29/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000 +++ linux-2.6.29-ghost/include/net/ghostdebug.h 2009-11-26 22:38:27.000000000 +0000 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-2.6.29/kernel/softirq.c linux-2.6.29-ghost/kernel/softirq.c --- linux-2.6.29/kernel/softirq.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/kernel/softirq.c 2009-11-26 22:38:27.000000000 +0000 @@ -109,8 +109,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -121,7 +124,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNuad linux-2.6.29/net/Kconfig linux-2.6.29-ghost/net/Kconfig --- linux-2.6.29/net/Kconfig 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/Kconfig 2009-11-26 22:38:27.000000000 +0000 @@ -167,6 +167,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -251,4 +350,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNuad linux-2.6.29/net/core/dev.c linux-2.6.29-ghost/net/core/dev.c --- linux-2.6.29/net/core/dev.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/core/dev.c 2009-11-26 22:38:27.000000000 +0000 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -136,6 +139,230 @@ #define GRO_MAX_HEAD (MAX_HEADER + 128) /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -536,6 +763,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2851,11 +3085,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -2924,6 +3167,10 @@ { const struct net_device_stats *stats = dev_get_stats(dev); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -3803,6 +4050,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = dev_get_flags(dev); @@ -3873,6 +4130,17 @@ ops = dev->netdev_ops; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -4015,6 +4283,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-2.6.29/net/core/dev_mcast.c linux-2.6.29-ghost/net/core/dev_mcast.c --- linux-2.6.29/net/core/dev_mcast.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/core/dev_mcast.c 2009-11-26 22:38:27.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-2.6.29/net/core/rtnetlink.c linux-2.6.29-ghost/net/core/rtnetlink.c --- linux-2.6.29/net/core/rtnetlink.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/core/rtnetlink.c 2009-11-26 22:38:27.000000000 +0000 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -616,6 +637,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -690,6 +725,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -941,6 +994,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -979,6 +1044,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1181,6 +1257,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1235,6 +1322,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1269,6 +1358,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1288,14 +1382,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1327,6 +1428,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1342,6 +1448,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-2.6.29/net/ipv4/arp.c linux-2.6.29-ghost/net/ipv4/arp.c --- linux-2.6.29/net/ipv4/arp.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/arp.c 2009-11-26 22:38:27.000000000 +0000 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1309,9 +1316,21 @@ } #endif sprintf(tbuf, "%pI4", n->primary_key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves +ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1322,9 +1341,21 @@ char tbuf[16]; sprintf(tbuf, "%pI4", n->key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-2.6.29/net/ipv4/devinet.c linux-2.6.29-ghost/net/ipv4/devinet.c --- linux-2.6.29/net/ipv4/devinet.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/devinet.c 2009-11-26 22:38:27.000000000 +0000 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -448,6 +456,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -497,6 +515,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -546,6 +575,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1161,6 +1196,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-2.6.29/net/ipv4/fib_frontend.c linux-2.6.29-ghost/net/ipv4/fib_frontend.c --- linux-2.6.29/net/ipv4/fib_frontend.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/fib_frontend.c 2009-11-26 22:38:27.000000000 +0000 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -45,6 +49,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -451,6 +460,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -465,6 +479,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -473,12 +503,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -585,6 +621,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -607,6 +653,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -622,6 +678,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -634,7 +696,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -659,6 +721,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-2.6.29/net/ipv4/fib_hash.c linux-2.6.29-ghost/net/ipv4/fib_hash.c --- linux-2.6.29/net/ipv4/fib_hash.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/fib_hash.c 2009-11-26 22:38:27.000000000 +0000 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -397,6 +407,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -580,7 +602,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1022,19 +1054,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-2.6.29/net/ipv4/fib_semantics.c linux-2.6.29-ghost/net/ipv4/fib_semantics.c --- linux-2.6.29/net/ipv4/fib_semantics.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/fib_semantics.c 2009-11-26 22:38:27.000000000 +0000 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -953,6 +961,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-2.6.29/net/ipv4/fib_trie.c linux-2.6.29-ghost/net/ipv4/fib_trie.c --- linux-2.6.29/net/ipv4/fib_trie.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/fib_trie.c 2009-11-26 22:38:27.000000000 +0000 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1195,6 +1206,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1623,7 +1646,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2583,7 +2616,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2596,13 +2650,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-2.6.29/net/ipv4/igmp.c linux-2.6.29-ghost/net/ipv4/igmp.c --- linux-2.6.29/net/ipv4/igmp.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/igmp.c 2009-11-26 22:38:27.000000000 +0000 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2387,8 +2394,18 @@ #endif if (state->in_dev->mc_list == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2550,14 +2567,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.29/net/ipv4/route.c linux-2.6.29-ghost/net/ipv4/route.c --- linux-2.6.29/net/ipv4/route.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv4/route.c 2009-11-26 22:38:27.000000000 +0000 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -375,6 +383,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -392,11 +408,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2812,8 +2828,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2896,7 +2917,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2918,6 +2939,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2943,13 +2975,31 @@ err = ip_route_output_key(net, &rt, &fl); } - if (err) + if (err) { goto errout_free; + } skb->rtable = rt; if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ + err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2964,6 +3014,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-2.6.29/net/ipv6/Kconfig linux-2.6.29-ghost/net/ipv6/Kconfig --- linux-2.6.29/net/ipv6/Kconfig 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv6/Kconfig 2009-11-26 22:38:27.000000000 +0000 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-2.6.29/net/ipv6/addrconf.c linux-2.6.29-ghost/net/ipv6/addrconf.c --- linux-2.6.29/net/ipv6/addrconf.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv6/addrconf.c 2009-11-26 22:38:27.000000000 +0000 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -80,6 +83,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -445,6 +453,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2151,6 +2239,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2165,6 +2257,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2993,6 +3094,22 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", + &ifp->addr, + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", &ifp->addr, ifp->idev->dev->ifindex, @@ -3000,6 +3117,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3207,6 +3326,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3224,7 +3347,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3273,6 +3398,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3310,6 +3439,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3475,6 +3613,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3500,6 +3644,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3571,7 +3726,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3579,6 +3733,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3605,6 +3763,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3812,6 +3981,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3823,6 +3996,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3850,7 +4031,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-2.6.29/net/ipv6/ip6_fib.c linux-2.6.29-ghost/net/ipv6/ip6_fib.c --- linux-2.6.29/net/ipv6/ip6_fib.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv6/ip6_fib.c 2009-11-26 22:38:27.000000000 +0000 @@ -275,6 +275,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -320,7 +322,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-2.6.29/net/ipv6/mcast.c linux-2.6.29-ghost/net/ipv6/mcast.c --- linux-2.6.29/net/ipv6/mcast.c 2009-11-26 20:48:39.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv6/mcast.c 2009-11-26 22:42:51.000000000 +0000 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2432,6 +2441,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s %pi6 %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + &im->mca_addr, + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s %pi6 %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2439,6 +2462,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2593,6 +2617,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + &state->im->mca_addr, + &psf->sf_addr, + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2600,6 +2638,7 @@ &psf->sf_addr, psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.29/net/ipv6/proc.c linux-2.6.29-ghost/net/ipv6/proc.c --- linux-2.6.29/net/ipv6/proc.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv6/proc.c 2009-11-26 22:41:05.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +31,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -194,6 +206,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -201,6 +225,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -rNuad linux-2.6.29/net/ipv6/route.c linux-2.6.29-ghost/net/ipv6/route.c --- linux-2.6.29/net/ipv6/route.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/ipv6/route.c 2009-11-26 22:38:27.000000000 +0000 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1112,10 +1121,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1827,6 +1832,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2130,26 +2137,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2169,6 +2234,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2180,6 +2249,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2287,10 +2369,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2304,6 +2402,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2448,6 +2548,17 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen); #ifdef CONFIG_IPV6_SUBTREES diff -rNuad linux-2.6.29/net/netfilter/core.c linux-2.6.29-ghost/net/netfilter/core.c --- linux-2.6.29/net/netfilter/core.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/netfilter/core.c 2009-11-26 22:38:27.000000000 +0000 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { diff -rNuad linux-2.6.29/net/packet/af_packet.c linux-2.6.29-ghost/net/packet/af_packet.c --- linux-2.6.29/net/packet/af_packet.c 2009-03-23 23:12:14.000000000 +0000 +++ linux-2.6.29-ghost/net/packet/af_packet.c 2009-11-26 22:38:27.000000000 +0000 @@ -39,6 +39,7 @@ * will simply extend the hardware address * byte arrays at the end of sockaddr_ll * and packet_mreq. + * Luca Saiu : Trivial changes for ghostification * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -489,6 +495,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -611,6 +629,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2049,17 +2079,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/older-versions/linux-2.6.31-ghost.patch0000600000175000017500000030143012356733375025660 0ustar lucaslucasdiff -rNuad linux-2.6.31/include/linux/netdevice.h linux-2.6.31-ghost/include/linux/netdevice.h --- linux-2.6.31/include/linux/netdevice.h 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/include/linux/netdevice.h 2009-11-26 22:58:23.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -2001,4 +2003,12 @@ } #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_NETDEVICE_H */ diff -rNuad linux-2.6.31/include/linux/sockios.h linux-2.6.31-ghost/include/linux/sockios.h --- linux-2.6.31/include/linux/sockios.h 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/include/linux/sockios.h 2009-11-26 22:58:23.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -83,6 +85,13 @@ #define SIOCWANDEV 0x894A /* get/set netdev parameters */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -rNuad linux-2.6.31/include/net/ghostdebug.h linux-2.6.31-ghost/include/net/ghostdebug.h --- linux-2.6.31/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000 +++ linux-2.6.31-ghost/include/net/ghostdebug.h 2009-11-26 22:58:23.000000000 +0000 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -rNuad linux-2.6.31/kernel/softirq.c linux-2.6.31-ghost/kernel/softirq.c --- linux-2.6.31/kernel/softirq.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/kernel/softirq.c 2009-11-26 22:58:23.000000000 +0000 @@ -128,8 +128,11 @@ */ void _local_bh_enable(void) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == SOFTIRQ_OFFSET) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -140,7 +143,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif diff -rNuad linux-2.6.31/net/Kconfig linux-2.6.31-ghost/net/Kconfig --- linux-2.6.31/net/Kconfig 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/Kconfig 2009-11-26 22:58:23.000000000 +0000 @@ -159,6 +159,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -256,4 +355,93 @@ source "net/rfkill/Kconfig" source "net/9p/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -rNuad linux-2.6.31/net/core/dev.c linux-2.6.31-ghost/net/core/dev.c --- linux-2.6.31/net/core/dev.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/core/dev.c 2009-11-26 22:58:23.000000000 +0000 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -137,6 +140,230 @@ #define GRO_MAX_HEAD (MAX_HEADER + 128) /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -539,6 +766,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -2936,11 +3170,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -3009,6 +3252,10 @@ { const struct net_device_stats *stats = dev_get_stats(dev); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu " "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -4210,6 +4457,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = (short) dev_get_flags(dev); @@ -4280,6 +4537,17 @@ ops = dev->netdev_ops; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -4423,6 +4691,57 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ + /* * These ioctl calls: * - can be done by all. diff -rNuad linux-2.6.31/net/core/dev_mcast.c linux-2.6.31-ghost/net/core/dev_mcast.c --- linux-2.6.31/net/core/dev_mcast.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/core/dev_mcast.c 2009-11-26 22:58:23.000000000 +0000 @@ -14,6 +14,8 @@ * Alan Cox : IFF_ALLMULTI support. * Alan Cox : New format set_multicast_list() calls. * Gleb Natapov : Remove dev_mc_lock. + * Luca Saiu : trivial changes for + * ghostification support. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -48,6 +50,9 @@ #include #include +#ifdef CONFIG_GHOSTIFICATION +#include +#endif /* CONFIG_GHOSTIFICATION */ /* * Device multicast list maintenance. @@ -167,7 +172,15 @@ netif_addr_lock_bh(dev); for (m = dev->mc_list; m; m = m->next) { int i; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information + in /proc about ghost interfaces */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Don't show any information in /proc " + "about ghostified interface"); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex, dev->name, m->dmi_users, m->dmi_gusers); diff -rNuad linux-2.6.31/net/core/rtnetlink.c linux-2.6.31-ghost/net/core/rtnetlink.c --- linux-2.6.31/net/core/rtnetlink.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/core/rtnetlink.c 2009-11-26 22:58:23.000000000 +0000 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; @@ -106,7 +115,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].doit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -117,7 +129,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif tab = rtnl_msg_handlers[protocol]; if (tab == NULL || tab[msgindex].dumpit == NULL) tab = rtnl_msg_handlers[PF_UNSPEC]; @@ -460,6 +475,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -616,6 +637,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -690,6 +725,24 @@ idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -941,6 +994,18 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ if ((err = validate_linkmsg(dev, tb)) < 0) goto errout_dev; @@ -979,6 +1044,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1181,6 +1257,17 @@ dev = dev_get_by_index(net, ifm->ifi_index); if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ } else return -EINVAL; @@ -1235,6 +1322,8 @@ struct sk_buff *skb; int err = -ENOBUFS; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1270,6 +1359,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -1289,14 +1383,21 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; - +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ __rtnl_unlock(); rtnl = net->rtnl; err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL); @@ -1328,6 +1429,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -1343,6 +1449,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); diff -rNuad linux-2.6.31/net/ipv4/arp.c linux-2.6.31-ghost/net/ipv4/arp.c --- linux-2.6.31/net/ipv4/arp.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/arp.c 2009-11-26 22:58:23.000000000 +0000 @@ -70,6 +70,8 @@ * bonding can change the skb before * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash + * Luca Saiu @@ -116,6 +118,11 @@ struct neigh_table *clip_tbl_hook; #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1311,9 +1318,21 @@ } #endif sprintf(tbuf, "%pI4", n->primary_key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves +ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1324,9 +1343,21 @@ char tbuf[16]; sprintf(tbuf, "%pI4", n->key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -rNuad linux-2.6.31/net/ipv4/devinet.c linux-2.6.31-ghost/net/ipv4/devinet.c --- linux-2.6.31/net/ipv4/devinet.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/devinet.c 2009-11-26 22:58:23.000000000 +0000 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -62,6 +65,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1, @@ -448,6 +456,16 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ __in_dev_put(in_dev); @@ -497,6 +515,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -546,6 +575,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1169,6 +1204,15 @@ s_ip_idx = ip_idx = cb->args[1]; idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (idx > s_idx) diff -rNuad linux-2.6.31/net/ipv4/fib_frontend.c linux-2.6.31-ghost/net/ipv4/fib_frontend.c --- linux-2.6.31/net/ipv4/fib_frontend.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_frontend.c 2009-11-26 22:58:23.000000000 +0000 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -44,6 +48,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -450,6 +459,11 @@ * Handle IP routing ioctl calls. These are used to manipulate the routing tables */ +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg) { struct fib_config cfg; @@ -464,6 +478,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -472,12 +502,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = tb->tb_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = tb->tb_insert(tb, &cfg); else @@ -584,6 +620,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -606,6 +652,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -621,6 +677,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -633,7 +695,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -658,6 +720,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -rNuad linux-2.6.31/net/ipv4/fib_hash.c linux-2.6.31-ghost/net/ipv4/fib_hash.c --- linux-2.6.31/net/ipv4/fib_hash.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_hash.c 2009-11-26 22:58:23.000000000 +0000 @@ -6,6 +6,11 @@ * IPv4 FIB: lookup engine and maintenance routines. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_hash_insert, bad + * field check in fib_seq_show). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static struct kmem_cache *fn_hash_kmem __read_mostly; @@ -396,6 +406,18 @@ if (IS_ERR(fi)) return PTR_ERR(fi); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_insert */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if (fz->fz_nent > (fz->fz_divisor<<1) && fz->fz_divisor < FZ_MAX_DIVISOR && (cfg->fc_dst_len == 32 || @@ -579,7 +601,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, &f->fn_alias, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for route involving + ghostified interface, current funct is pointed by tb->tb_delete */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != cfg->fc_tos) break; @@ -1021,19 +1053,39 @@ prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi) + { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) + { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, - "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - fi->fib_dev ? fi->fib_dev->name : "*", prefix, - fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, - mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), - fi->fib_window, - fi->fib_rtt >> 3, &len); - else + "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", prefix, + fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority, + mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); +#endif /* CONFIG_GHOSTIFICATION */ + } + else { seq_printf(seq, - "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", - prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n", + prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); + } seq_printf(seq, "%*s\n", 127 - len, ""); out: return 0; diff -rNuad linux-2.6.31/net/ipv4/fib_semantics.c linux-2.6.31-ghost/net/ipv4/fib_semantics.c --- linux-2.6.31/net/ipv4/fib_semantics.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_semantics.c 2009-11-26 22:58:23.000000000 +0000 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -43,6 +46,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -953,6 +961,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -rNuad linux-2.6.31/net/ipv4/fib_trie.c linux-2.6.31-ghost/net/ipv4/fib_trie.c --- linux-2.6.31/net/ipv4/fib_trie.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/fib_trie.c 2009-11-26 22:58:23.000000000 +0000 @@ -12,6 +12,12 @@ * * Hans Liss Uppsala Universitet * + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * * This work is based on the LPC-trie which is originally descibed in: * * An experimental study of compression methods for dynamic tries @@ -80,6 +86,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1225,6 +1236,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1652,7 +1675,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2612,7 +2645,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2625,13 +2679,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -rNuad linux-2.6.31/net/ipv4/igmp.c linux-2.6.31-ghost/net/ipv4/igmp.c --- linux-2.6.31/net/ipv4/igmp.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/igmp.c 2009-11-26 22:58:23.000000000 +0000 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -105,6 +107,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2387,8 +2394,18 @@ #endif if (state->in_dev->mc_list == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2550,14 +2567,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.31/net/ipv4/route.c linux-2.6.31-ghost/net/ipv4/route.c --- linux-2.6.31/net/ipv4/route.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv4/route.c 2009-11-26 22:58:23.000000000 +0000 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -108,6 +111,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp) \ ((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) @@ -375,6 +383,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->u.dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; int len; @@ -392,11 +408,11 @@ r->fl.fl4_tos, r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1, r->u.dst.hh ? (r->u.dst.hh->hh_output == - dev_queue_xmit) : 0, + dev_queue_xmit) : 0, r->rt_spec_dst, &len); seq_printf(seq, "%*s\n", 127 - len, ""); - } + } return 0; } @@ -2833,8 +2849,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src); } - if (rt->u.dst.dev) + if (rt->u.dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex); + } #ifdef CONFIG_NET_CLS_ROUTE if (rt->u.dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid); @@ -2917,7 +2938,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -2939,6 +2960,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -2971,6 +3003,22 @@ if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->u.dst.dev) { + ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name); + if (is_a_ghost_interface_name(rt->u.dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->u.dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -2985,6 +3033,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -rNuad linux-2.6.31/net/ipv6/Kconfig linux-2.6.31-ghost/net/ipv6/Kconfig --- linux-2.6.31/net/ipv6/Kconfig 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/Kconfig 2009-11-26 22:58:23.000000000 +0000 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -174,7 +178,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -rNuad linux-2.6.31/net/ipv6/addrconf.c linux-2.6.31-ghost/net/ipv6/addrconf.c --- linux-2.6.31/net/ipv6/addrconf.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/addrconf.c 2009-11-26 22:58:23.000000000 +0000 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -81,6 +84,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -446,6 +454,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2151,6 +2239,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, unsigned int plen) { @@ -2165,6 +2257,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -2979,6 +3080,22 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", + &ifp->addr, + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", &ifp->addr, ifp->idev->dev->ifindex, @@ -2986,6 +3103,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3193,6 +3312,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3210,7 +3333,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3259,6 +3384,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3296,6 +3425,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3464,6 +3602,12 @@ ANYCAST_ADDR, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3489,6 +3633,17 @@ ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) goto cont; + +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: @@ -3560,7 +3715,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3568,6 +3722,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3594,6 +3752,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { err = -EADDRNOTAVAIL; goto errout; @@ -3802,6 +3971,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -3813,6 +3986,14 @@ read_lock(&dev_base_lock); idx = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if ((idev = in6_dev_get(dev)) == NULL) @@ -3840,7 +4021,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -rNuad linux-2.6.31/net/ipv6/ip6_fib.c linux-2.6.31-ghost/net/ipv6/ip6_fib.c --- linux-2.6.31/net/ipv6/ip6_fib.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/ip6_fib.c 2009-11-26 22:58:23.000000000 +0000 @@ -275,6 +275,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -320,7 +322,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -rNuad linux-2.6.31/net/ipv6/mcast.c linux-2.6.31-ghost/net/ipv6/mcast.c --- linux-2.6.31/net/ipv6/mcast.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/mcast.c 2009-11-26 22:59:37.000000000 +0000 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -61,6 +65,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2440,6 +2449,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s %pi6 %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + &im->mca_addr, + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s %pi6 %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2447,6 +2470,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2601,6 +2625,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + &state->im->mca_addr, + &psf->sf_addr, + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2608,6 +2646,7 @@ &psf->sf_addr, psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -rNuad linux-2.6.31/net/ipv6/proc.c linux-2.6.31-ghost/net/ipv6/proc.c --- linux-2.6.31/net/ipv6/proc.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/proc.c 2009-11-26 22:59:07.000000000 +0000 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +31,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -200,6 +212,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -207,6 +231,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -rNuad linux-2.6.31/net/ipv6/route.c linux-2.6.31-ghost/net/ipv6/route.c --- linux-2.6.31/net/ipv6/route.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/ipv6/route.c 2009-11-26 22:58:23.000000000 +0000 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -60,6 +64,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1115,10 +1124,6 @@ return hoplimit; } -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1830,6 +1835,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2133,26 +2140,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2172,6 +2237,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2183,6 +2252,19 @@ long expires; u32 table; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2290,10 +2372,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2307,6 +2405,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2452,6 +2552,17 @@ { struct seq_file *m = p_arg; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen); #ifdef CONFIG_IPV6_SUBTREES diff -rNuad linux-2.6.31/net/netfilter/core.c linux-2.6.31-ghost/net/netfilter/core.c --- linux-2.6.31/net/netfilter/core.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/netfilter/core.c 2009-11-26 23:00:16.000000000 +0000 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -22,6 +24,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -59,7 +66,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { @@ -182,6 +339,9 @@ verdict >> NF_VERDICT_BITS)) goto next_hook; } +#ifdef CONFIG_GHOSTIFICATION_NETFILTER +unlock: +#endif rcu_read_unlock(); return ret; } diff -rNuad linux-2.6.31/net/packet/af_packet.c linux-2.6.31-ghost/net/packet/af_packet.c --- linux-2.6.31/net/packet/af_packet.c 2009-09-09 22:13:59.000000000 +0000 +++ linux-2.6.31-ghost/net/packet/af_packet.c 2009-11-26 22:58:23.000000000 +0000 @@ -8,6 +8,7 @@ * Authors: Ross Biro * Fred N. van Kempen, * Alan Cox, + * Luca Saiu : Trivial changes for ghostification * * Fixes: * Alan Cox : verify_area() now used correctly @@ -84,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -549,6 +555,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -670,6 +688,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -2420,17 +2450,38 @@ struct sock *s = v; const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, - "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", - s, - atomic_read(&s->sk_refcnt), - s->sk_type, - ntohs(po->num), - po->ifindex, - po->running, - atomic_read(&s->sk_rmem_alloc), - sock_i_uid(s), - sock_i_ino(s) ); + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/kernel/linux-3.2.%.compile_with_ARCH_um_SUBARCH_i386.diff0000600000175000017500000000143012356733375027167 0ustar lucaslucas*** linux-3.2.13.original/arch/x86/um/Makefile 2012-03-19 17:03:17.000000000 +0100 --- linux-3.2.13.modified/arch/x86/um/Makefile 2013-04-30 18:09:48.000000000 +0200 *************** *** 19,25 **** obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o --- 19,27 ---- obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o \ ! ../lib/atomic64_386_32.o ../lib/cmpxchg8b_emu.o ! subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o marionnet-0.90.6+bzr457.orig/uml/kernel/linux-3.8.%.compile_with_ARCH_um_SUBARCH_i386.diff0000600000175000017500000000143012356733375027175 0ustar lucaslucas*** linux-3.2.13.original/arch/x86/um/Makefile 2012-03-19 17:03:17.000000000 +0100 --- linux-3.2.13.modified/arch/x86/um/Makefile 2013-04-30 18:09:48.000000000 +0200 *************** *** 19,25 **** obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o --- 19,27 ---- obj-y += checksum_32.o obj-$(CONFIG_BINFMT_ELF) += elfcore.o ! subarch-y = ../lib/string_32.o ../lib/atomic64_32.o ../lib/atomic64_cx8_32.o \ ! ../lib/atomic64_386_32.o ../lib/cmpxchg8b_emu.o ! subarch-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += ../lib/rwsem.o subarch-$(CONFIG_HIGHMEM) += ../mm/highmem_32.o marionnet-0.90.6+bzr457.orig/uml/kernel/linux-3.2.%-ghost.diff0000600000175000017500000026641112356733375022425 0ustar lucaslucasdiff -ruN linux-3.2.48--original/include/linux/netdevice.h linux-3.2.48/include/linux/netdevice.h --- linux-3.2.48--original/include/linux/netdevice.h 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/include/linux/netdevice.h 2013-07-01 11:59:07.000000000 +0200 @@ -14,6 +14,8 @@ * Alan Cox, * Bjorn Ekwall. * Pekka Riikonen + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -2735,4 +2737,12 @@ #endif /* __KERNEL__ */ +/* + * (ghost support) Just check whether the given name + * belongs to the ghost interface + */ +#ifdef CONFIG_GHOSTIFICATION +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + #endif /* _LINUX_NETDEVICE_H */ diff -ruN linux-3.2.48--original/include/linux/sockios.h linux-3.2.48/include/linux/sockios.h --- linux-3.2.48--original/include/linux/sockios.h 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/include/linux/sockios.h 2013-07-01 11:59:07.000000000 +0200 @@ -9,6 +9,8 @@ * * Authors: Ross Biro * Fred N. van Kempen, + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -85,6 +87,13 @@ #define SIOCOUTQNSD 0x894B /* output queue size (not sent only) */ +/* (ghost support) ghostification's ioctl */ +#ifdef CONFIG_GHOSTIFICATION +#define SIOKLOG 0x894D /* Write a string to the log */ +#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ +#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */ +#endif /* CONFIG_GHOSTIFICATION */ + /* ARP cache control calls. */ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */ #define SIOCDARP 0x8953 /* delete ARP table entry */ diff -ruN linux-3.2.48--original/include/net/ghostdebug.h linux-3.2.48/include/net/ghostdebug.h --- linux-3.2.48--original/include/net/ghostdebug.h 1970-01-01 01:00:00.000000000 +0100 +++ linux-3.2.48/include/net/ghostdebug.h 2013-07-01 11:59:07.000000000 +0200 @@ -0,0 +1,93 @@ +/* + * Ghost support: + * Some trivials macros for display messages, trace ghost ops, + * debug and devel the ghostification kernel patch. + * + * Authors: Roudiere Jonathan, + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __GHOSTDEBUG__ +#define __GHOSTDEBUG__ + +#ifdef CONFIG_GHOSTIFICATION + +/* + * Ghost macros: there are three type of macros for three kind of + * information level : + * + * - the first one is ghost_ptk, that is a simple printk with the + * KERN_INFO log level, it is the standard type of display used + * by the ghostification kernel code to allow user to monitor + * ghost operations, if GHOSTIFICATION_PRINTK is not defined then + * user will not any information about the ghostified interfaces + * and the ghost engine (almost any infos ;-)), + * + * - ghost_debug and ghost_debugmsg are respectively used to show a + * calling card in a part of the code (function, files) and to show + * in plus informations additional (variable, etc ..), these two macros + * display messages with the level KERNEL_DEBUG, + * + * - ghost_devel and ghost_develmsg are very similar (redundant) + * in both previous ones, they are mainly used for the development + * of the patch to follow the stream of execution, activate + * GHOSTIFICATION_DEVEL has interest only for developers. + * +*/ + +/* + * Macro usable to debug during normal usage of the kernel. +*/ +#ifdef CONFIG_GHOSTIFICATION_DEBUG +#define ghost_debug \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_debugmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_debug +#define ghost_debugmsg(msg,args...) +#endif + +/* + * A little bit redundant with the macro ghost_debug/debugmsg + * but allows a difference in the use, they are not used for the + * debugging, but to verify roads borrowed during the development. + * (note: certainly remove at next release of the patch) +*/ +#ifdef CONFIG_GHOSTIFICATION_DEVEL +#define ghost_devel \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \ + __FILE__, __FUNCTION__, __LINE__) +#define ghost_develmsg(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \ + __FILE__, __FUNCTION__, __LINE__, ##args) +#else +#define ghost_devel +#define ghost_develmsg(msg,args...) +#endif + +/* + * Macro to display all message from chunk of code which has + * ghostification in charge (use macro to add debug level later). +*/ +#ifdef CONFIG_GHOSTIFICATION_PRINTK +#define ghost_ptk(msg,args...) \ + printk(KERN_DEBUG \ + "(ghost) " msg "\n", ##args) +#else +#define ghost_ptk(msg,args...) +#endif + +#endif /* CONFIG_GHOSTIFICATION */ + +#endif /* __GHOSTDEBUG__ */ diff -ruN linux-3.2.48--original/kernel/softirq.c linux-3.2.48/kernel/softirq.c --- linux-3.2.48--original/kernel/softirq.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/kernel/softirq.c 2013-07-01 11:59:07.000000000 +0200 @@ -134,8 +134,11 @@ static void __local_bh_enable(unsigned int cnt) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq()); WARN_ON_ONCE(!irqs_disabled()); +#endif if (softirq_count() == cnt) trace_softirqs_on((unsigned long)__builtin_return_address(0)); @@ -156,7 +159,10 @@ static inline void _local_bh_enable_ip(unsigned long ip) { +/* (ghost support) we don't want disturbe user's console */ +#ifndef CONFIG_GHOSTIFICATION WARN_ON_ONCE(in_irq() || irqs_disabled()); +#endif #ifdef CONFIG_TRACE_IRQFLAGS local_irq_disable(); #endif Binary files linux-3.2.48--original/linux and linux-3.2.48/linux differ diff -ruN linux-3.2.48--original/net/core/dev.c linux-3.2.48/net/core/dev.c --- linux-3.2.48--original/net/core/dev.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/core/dev.c 2013-07-01 11:59:07.000000000 +0200 @@ -18,6 +18,7 @@ * Alexey Kuznetsov * Adam Sulmicki * Pekka Riikonen + * Luca Saiu (ghostification support) * * Changes: * D.J. Barrow : Fixed bug where dev->refcnt gets set @@ -70,6 +71,8 @@ * indefinitely on dev->refcnt * J Hadi Salim : - Backlog queue sampling * - netif_rx() feedback + * Roudiere Jonathan : make some buxfix in ghostification engine + * verify CAP_NET_ADMIN before (un)ghost iface */ #include @@ -147,6 +150,231 @@ #define GRO_MAX_HEAD (MAX_HEADER + 128) /* + * (ghost support) Chunk of code which has in charge + * the ghostification of network interfaces. + */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* The maximum number of ghost interfaces allowed at any given time: */ +#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM + +/* + * A crude unsorted array of unique names, where "" stands for an + * empty slot. Elements are so few that an hash table would be overkill, + * and possibly also less efficient than this solution: + */ +static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ]; + +/* A lock protecting the ghost interfaces' support structure: */ +/* static DEFINE_SPINLOCK(ghostification_spin_lock); */ +/* static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED; */ +static DEFINE_RWLOCK(ghostification_spin_lock); + +/* Lock disabling local interrupts and saving flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags) + +/* Unlock re-enabling interrupts and restoring flags. This is for + readers/writers, which should be prevented from interfering with + other readers/writers and with readers: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \ + write_unlock_irqrestore(&ghostification_spin_lock, flags) + +/* Lock disabling local interrupts and saving flags. This is for + readers, which are allowed to execute concurrently: */ +#define LOCK_GHOSTIFICATION_FOR_READING \ + unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags) + +/* Lock re-enabling interrupts and restoring flags. This is for + readers, which are allowed to execute concurrently: */ +#define UNLOCK_GHOSTIFICATION_FOR_READING \ + read_unlock_irqrestore(&ghostification_spin_lock, flags) + +#ifdef CONFIG_IPV6 +/* Defined in net/ipv6/addrconf.c: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name); +#endif /* CONFIG_IPV6 */ + +/* Return the index of the given element (which may be "") within + ghost_interface_names, or -1 on failure. Note that this must be + executed in a critical section: */ +static int __lookup_ghost_interface_names(const char *interface_name) +{ + int i; + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(!strcmp(interface_name, ghost_interface_names[i])) + return i; /* we found the given name in the i-th element */ + return -1; /* we didn't find the given name in the array */ +} + +/* This is useful for debugging. It must be called in a critical section. */ +static void __dump_ghost_interfaces(void) +{ + int i; + int number_of_ghost_interfaces = 0; + + ghost_ptk("Ghost interfaces are now: "); + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + if(strcmp(ghost_interface_names[i], "")) { + number_of_ghost_interfaces++; + ghost_ptk("%i. %s", number_of_ghost_interfaces, + ghost_interface_names[i]); + } + + ghost_ptk("There are now %i ghost interfaces. " + "A maximum of %i can exist at any given time.", + number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO); +} + +/* Just check whether the given name belongs to a ghost interface. + This must be called in a critical section: */ +int __is_a_ghost_interface_name(const char *interface_name) +{ + /* Particular case: "" is *not* a ghost interface name, even + if it's in the ghost interfaces array (we use it just to mark + an empty slot): */ + if(interface_name[0] == '\0') + return 0; + /* Just check whether interface_name is an element of the array: */ + return __lookup_ghost_interface_names(interface_name) >= 0; +} + +/* Just check whether the given name belongs to a ghost interface: */ +int is_a_ghost_interface_name(const char *interface_name) +{ + int result; + LOCK_GHOSTIFICATION_FOR_READING; + /* Just check whether interface_name is an element of the array: */ + result = __is_a_ghost_interface_name(interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING; + return result; +} + +/* Make the given interface ghost. Return 0 on success, nonzero on + failure. Failure occours when the interface is already ghost or + does not exist: */ +static int ghostify_interface(char *interface_name) +{ + int a_free_element_index; + const size_t name_length = strlen(interface_name); + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Let's avoid buffer overflows... This could possibly be exploited: */ + if((name_length >= IFNAMSIZ) || (name_length == 0)) + { + ghost_ptk("The user asked to ghostify the interface %s, " + "which has a name of length %i. Failing.", + interface_name, name_length); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EINVAL; + } + + /* Fail if the interface is already ghostified. In particular we + want *no* duplicates in the array. Note that we're already in + a critical section here, so there's no need for locking: */ + if(__is_a_ghost_interface_name(interface_name)) + { + ghost_ptk("Could not ghostify the interface %s, " + "because it\'s already ghost.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -EEXIST; /* File exists, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Fail if the interface is not found. We don't want add a + no-existing interface in our array */ + struct net_device *device; + device = dev_get_by_name(&init_net, interface_name); + if (device == NULL) { + ghost_ptk("Could not ghostify the interface %s which " + "doesn't exist. Try again.", interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for a free spot: */ + a_free_element_index = __lookup_ghost_interface_names(""); + if(a_free_element_index < 0) + { + ghost_ptk("Could not ghostify the interface %s, " + "because %i interfaces are already ghostified. Sorry.", + interface_name, MAX_GHOST_INTERFACES_NO); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENOMEM; + } + + /* Ok, we found a free spot; just copy the interface name: */ + strcpy(ghost_interface_names[a_free_element_index], interface_name); + +#ifdef CONFIG_IPV6 + /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */ + hide_proc_net_dev_snmp6_DEVICE_if_needed( + ghost_interface_names[a_free_element_index]); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} + +/* Make the given interface, which should be ghost, non-ghost. + Return 0 on success, nonzero on failure. Failure occours when + the given interface is non-ghost or does not exist: */ +static int unghostify_interface(char *ghost_interface_name) +{ + int the_interface_index; + struct net_device *device; + LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + + /* Fail if the interface is not found. It is not necessary + to search in the array a no-existing interface and allow + to return a more appropriate error code to the userspace. */ + device = dev_get_by_name(&init_net, ghost_interface_name); + if (device == NULL) { + ghost_ptk("Could not unghostify the interface %s " + "which doesn't exist. Try again.\n", ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ENODEV; + } + + /* Look for the given interface: */ + the_interface_index = + __lookup_ghost_interface_names(ghost_interface_name); + if(the_interface_index < 0) + { + ghost_ptk("Could not unghostify the interface %s, \ + because it's non-ghost or not existing.\n", + ghost_interface_name); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return -ESRCH; /* No such device or address, seems to be more appropriate */ + /* return -EINVAL; */ + } + + /* Ok, we found the interface: just "remove" its name from the array: */ + ghost_interface_names[the_interface_index][0] = '\0'; + +#ifdef CONFIG_IPV6 + /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */ + show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name); +#endif /* CONFIG_IPV6 */ + + __dump_ghost_interfaces(); + UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING; + return 0; +} +EXPORT_SYMBOL(is_a_ghost_interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * (ghost support) End of ghostification support + */ + + +/* * The list of packet types we will receive (as opposed to discard) * and the routines to invoke. * @@ -576,6 +804,13 @@ { int ints[5]; struct ifmap map; + /* (ghost support) There are no ghost interfaces by default */ +#ifdef CONFIG_GHOSTIFICATION + int i; + + for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++) + ghost_interface_names[i][0] = '\0'; +#endif /* CONFIG_GHOSTIFICATION */ str = get_options(str, ARRAY_SIZE(ints), ints); if (!str || !*str) @@ -4076,11 +4311,20 @@ len = ifc.ifc_len; /* - * Loop over the interfaces, and write an info block for each. + * Loop over the interfaces, and write an info block for each, + * (ghost support) unless they are ghostified. */ total = 0; for_each_netdev(net, dev) { +#ifdef CONFIG_GHOSTIFICATION + /* Don't tell the user about ghost interfaces: just skip them */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF", + dev->name); + continue; + } +#endif /* CONFIG_GHOSTIFICATION */ for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; @@ -4183,6 +4427,10 @@ struct rtnl_link_stats64 temp; const struct rtnl_link_stats64 *stats = dev_get_stats(dev, &temp); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't show anything in /proc if iface is ghostified */ + if(! is_a_ghost_interface_name(dev->name)) +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(seq, "%6s: %7llu %7llu %4llu %4llu %4llu %5llu %10llu %9llu " "%8llu %7llu %4llu %4llu %4llu %5llu %7llu %10llu\n", dev->name, stats->rx_bytes, stats->rx_packets, @@ -4891,6 +5139,16 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() " + "on the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCGIFFLAGS: /* Get interface flags */ ifr->ifr_flags = (short) dev_get_flags(dev); @@ -4961,6 +5219,17 @@ ops = dev->netdev_ops; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) skip if it is a ghostified interface */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on " + "the ghost interface %s, Failing.", dev->name); + ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail " + "with -ENODEV"); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + switch (cmd) { case SIOCSIFFLAGS: /* Set interface flags */ return dev_change_flags(dev, ifr->ifr_flags); @@ -5107,6 +5376,56 @@ */ switch (cmd) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) catch ghostification's ioctl */ + case SIOKLOG: { + char text[1000]; + if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + text[IFNAMSIZ] = '\0'; + printk(KERN_DEBUG "%s\n", text); + return 0; + } + /* (un)ghostification ops require superuser power */ + case SIOCGIFGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, + (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to ghostify the interface %s.", + interface_name); + if((failure = ghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was ghostified.", + interface_name); + else + ghost_ptk("Failure in ghostification of %s.", + interface_name); + return failure; + } + case SIOCGIFUNGHOSTIFY: { + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + char interface_name[1000]; + int failure; + if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1)) + return -EFAULT; + interface_name[IFNAMSIZ] = '\0'; + ghost_ptk("The user asked to unghostify the interface %s.", + interface_name); + if((failure = unghostify_interface(interface_name)) == 0) + ghost_ptk("Ok, %s was unghostified.", + interface_name); + else + ghost_ptk("Failure in unghostification of %s.", + interface_name); + return failure; + } + /* end of ghostficiation ioctl */ +#endif /* CONFIG_GHOSTIFICATION */ /* * These ioctl calls: * - can be done by all. diff -ruN linux-3.2.48--original/net/core/rtnetlink.c linux-3.2.48/net/core/rtnetlink.c --- linux-3.2.48--original/net/core/rtnetlink.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/core/rtnetlink.c 2013-07-01 15:55:19.000000000 +0200 @@ -12,8 +12,12 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * - * Fixes: + * Fixes: * Vitaly E. Lavrov RTA_OK arithmetics was wrong. + * + * Changes: + * Roudiere Jonathan Some changes + * to ghost support, to allow to hide ghost net interfaces */ #include @@ -53,6 +57,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + struct rtnl_link { rtnl_doit_func doit; rtnl_dumpit_func dumpit; @@ -118,7 +127,10 @@ static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif if (protocol <= RTNL_FAMILY_MAX) tab = rtnl_msg_handlers[protocol]; else @@ -133,7 +145,10 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex) { struct rtnl_link *tab; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex); +#endif if (protocol <= RTNL_FAMILY_MAX) tab = rtnl_msg_handlers[protocol]; else @@ -577,6 +592,12 @@ { struct sock *rtnl = net->rtnl; int report = 0; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add inforation to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i " + "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid, + nlh->nlmsg_type, nlh->nlmsg_seq); +#endif if (nlh) report = nlmsg_report(nlh); @@ -887,6 +908,20 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) add information to devel patch */ + ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type " + "= %i, seq = %i and nlh->nlmsg_seq = %i", + pid, nlh->nlmsg_pid, nlh->nlmsg_type, + seq, nlh->nlmsg_seq); + ghost_develmsg("dev->name = %s and dev->ifindex = %i", + dev->name, + dev->ifindex); + /* function whose call rtnl_fill_ifinfo has been modified, except + rtmsg_ifinfo so if it will be necessary to skip ghost iface here then + keep in your mind to test pid because if it is eq. to 0 then it is a + kernel request (else user request) and we don't want disturbe its work. */ +#endif ifm = nlmsg_data(nlh); ifm->ifi_family = AF_UNSPEC; ifm->__ifi_pad = 0; @@ -1075,6 +1110,24 @@ idx = 0; head = &net->dev_index_head[h]; hlist_for_each_entry_rcu(dev, node, head, index_hlist) { +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function which encapsulates calls to + * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit, + * use to dump list of network interfaces (as used by "ip link") + */ + ghost_develmsg("for_each_netdev, current net_device is %s", + dev->name); + ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, " + "cb familly/proto = %i, cb nlh->nlmsg_pid %i", + NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type, + cb->family, cb->nlh->nlmsg_pid); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Hide ghotified interface (%s) in the dump", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, @@ -1203,6 +1256,20 @@ } } } +#ifdef CONFIG_GHOSTIFICATION + if(dev != NULL){ + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change state/parameters of a ghotified " + "interface (%s), skip", dev->name); + return -ENODEV; + } + } + +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -1564,6 +1631,17 @@ err = -ENODEV; goto errout; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it with + user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ err = validate_linkmsg(dev, tb); if (err < 0) @@ -1602,6 +1680,17 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Normally we should never go through it + with user-space tools (like iproute) which scan all iface first */ + ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s", + nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change dell a ghotified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ ops = dev->rtnl_link_ops; if (!ops) @@ -1959,6 +2048,8 @@ int err = -ENOBUFS; size_t if_info_size; + /* (ghost support) call rtnl_fill_ifinfo so maybe it + is need here to modify, in order to skip ghost iface */ skb = nlmsg_new((if_info_size = if_nlmsg_size(dev, 0)), GFP_KERNEL); if (skb == NULL) goto errout; @@ -1994,6 +2085,11 @@ int err; type = nlh->nlmsg_type; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ", + nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq); +#endif /* CONFIG_GHOSTIFICATION */ + if (type > RTM_MAX) return -EOPNOTSUPP; @@ -2010,15 +2106,23 @@ if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; + /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */ if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { struct sock *rtnl; rtnl_dumpit_func dumpit; rtnl_calcit_func calcit; u16 min_dump_alloc = 0; + /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ dumpit = rtnl_get_dumpit(family, type); if (dumpit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) " + "is used before call to netlink_dump_start", + family,type); +#endif /* CONFIG_GHOSTIFICATION */ calcit = rtnl_get_calcit(family, type); if (calcit) min_dump_alloc = calcit(skb, nlh); @@ -2055,6 +2159,11 @@ doit = rtnl_get_doit(family, type); if (doit == NULL) return -EOPNOTSUPP; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) rtnl_get_doit return pointer to the appropriate + function for this family and this type take in rtnl_msg_handler[] */ + ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type); +#endif /* CONFIG_GHOSTIFICATION */ return doit(skb, nlh, (void *)&rta_buf[0]); } @@ -2070,6 +2179,10 @@ { struct net_device *dev = ptr; + /* (ghost support) if we want provide a ghost's way to modify + the state of a ghost iface, it will be necessary to skip event + reports involing ghost iface (actually any changes are possible + if the iface is ghostified so there is nothing to report) */ switch (event) { case NETDEV_UP: case NETDEV_DOWN: diff -ruN linux-3.2.48--original/net/ipv4/arp.c linux-3.2.48/net/ipv4/arp.c --- linux-3.2.48--original/net/ipv4/arp.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv4/arp.c 2013-07-01 11:59:07.000000000 +0200 @@ -71,6 +71,8 @@ * sending (e.g. insert 8021q tag). * Harald Welte : convert to make use of jenkins hash * Jesper D. Brouer: Proxy ARP PVLAN RFC 3069 support. + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -118,6 +120,11 @@ EXPORT_SYMBOL(clip_tbl_hook); #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -1352,9 +1359,21 @@ } #endif sprintf(tbuf, "%pI4", n->primary_key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves +ghost interfaces: */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + read_unlock(&n->lock); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); + tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name); read_unlock(&n->lock); +#endif /* CONFIG_GHOSTIFICATION */ } static void arp_format_pneigh_entry(struct seq_file *seq, @@ -1365,9 +1384,21 @@ char tbuf[16]; sprintf(tbuf, "%pI4", n->key); +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) Don't show anything in /proc if it involves + ghost interfaces */ + if (! is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Don't show any arp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); + } +#else seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n", - tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", - dev ? dev->name : "*"); + tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00", + dev ? dev->name : "*"); +#endif /* CONFIG_GHOSTIFICATION */ } static int arp_seq_show(struct seq_file *seq, void *v) diff -ruN linux-3.2.48--original/net/ipv4/devinet.c linux-3.2.48/net/ipv4/devinet.c --- linux-3.2.48--original/net/ipv4/devinet.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv4/devinet.c 2013-07-01 11:59:07.000000000 +0200 @@ -23,6 +23,9 @@ * address (4.4BSD alias style support), * fall back to comparing just the label * if no match found. + * Roudiere Jonathan : + * some changes to ghost support, skip + * request involving a ghostified iface. */ @@ -66,6 +69,11 @@ #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + static struct ipv4_devconf ipv4_devconf = { .data = { [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, @@ -455,6 +463,15 @@ ifa->ifa_flags |= IFA_F_SECONDARY; } } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name); + if (is_a_ghost_interface_name(in_dev->dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + (in_dev->dev->name)); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (!(ifa->ifa_flags & IFA_F_SECONDARY)) { net_srandom(ifa->ifa_local); @@ -600,6 +617,17 @@ if (dev == NULL) goto errout; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("(dev->name) = %s ", (dev->name)); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip", + (dev->name)); + err = -ENODEV; + goto errout; + } +#endif /* CONFIG_GHOSTIFICATION */ + in_dev = __in_dev_get_rtnl(dev); err = -ENOBUFS; if (in_dev == NULL) @@ -650,6 +678,12 @@ ASSERT_RTNL(); + /* (ghost support) don't modify this funct but directly + rtm_to_ifaddr, as for others funct, with user-levels tools + (as iproute) we normaly never arrive here (because a dump + all ifaces is perform before and func which make the dump + has been modified (but we want prevent user tool request + the ghost iface directly */ ifa = rtm_to_ifaddr(net, nlh); if (IS_ERR(ifa)) return PTR_ERR(ifa); @@ -1306,6 +1340,15 @@ head = &net->dev_index_head[h]; rcu_read_lock(); hlist_for_each_entry_rcu(dev, node, head, index_hlist) { +#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */ + /* (ghost support) If it is a ghostified interface then skip */ + ghost_debugmsg("dev->name = %s", dev->name); + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address on a ghostified interface (%s), skip", + (dev->name)); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; if (h > s_h || idx > s_idx) diff -ruN linux-3.2.48--original/net/ipv4/fib_frontend.c linux-3.2.48/net/ipv4/fib_frontend.c --- linux-3.2.48--original/net/ipv4/fib_frontend.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv4/fib_frontend.c 2013-07-01 11:59:07.000000000 +0200 @@ -6,6 +6,10 @@ * IPv4 Forwarding Information Base: FIB frontend. * * Authors: Alexey Kuznetsov, + * Luca Saiu (simple changes for ghostification + * support). + * Roudiere Jonathan (some display + * and comment for ghostification in rtnetlink functions). * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -46,6 +50,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #ifndef CONFIG_IP_MULTIPLE_TABLES static int __net_init fib4_rules_init(struct net *net) @@ -424,6 +433,12 @@ return 0; } +#ifdef CONFIG_GHOSTIFICATION +/* (ghost support) A function implemented in net/core/dev.c */ +int is_a_ghost_interface_name(const char *interface_name); +#endif /* CONFIG_GHOSTIFICATION */ + + /* * Handle IP routing ioctl calls. * These are used to manipulate the routing tables @@ -442,6 +457,22 @@ if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Forbid any action involving a ghost interface */ + if (rt.rt_dev != (char __user*)NULL) { + /* We need to have this name in kernel space to check + for ghostification: */ + char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */ + if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1)) + return -EFAULT; + if(is_a_ghost_interface_name(interface_name)) { + ghost_ptk("The user aked to add a route involving the " + "ghost interface %s. We make this operation fail", + interface_name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ rtnl_lock(); err = rtentry_to_fib_config(net, cmd, &rt, &cfg); @@ -450,12 +481,18 @@ if (cmd == SIOCDELRT) { tb = fib_get_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_delete was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_delete() or fn_trie_delete() */ if (tb) err = fib_table_delete(tb, &cfg); else err = -ESRCH; } else { tb = fib_new_table(net, cfg.fc_table); + /* (ghost support) The function pointed by tb->tb_insert was + also modified to deal with ghost interfaces. Such function + may be either fn_hash_insert() or fn_trie_insert() */ if (tb) err = fib_table_insert(tb, &cfg); else @@ -562,6 +599,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead functions pointed by tb->tb_delete, + * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -584,6 +631,16 @@ struct fib_table *tb; int err; + /* + * (ghost support) add infos for patch devel, we don't modify + * inet_rtm_newroute but instead function pointed by tb->tb_insert, + * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert() + * (in fib_trie.c) + */ + ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i " + "and nlh->nlmsg_type = %i", nlh->nlmsg_pid, + nlh->nlmsg_seq, nlh->nlmsg_type); + err = rtm_to_fib_config(net, skb, nlh, &cfg); if (err < 0) goto errout; @@ -599,6 +656,12 @@ return err; } +/* + * (ghost support) Fonction called through rtnetlink to dump + * all routes, we don't change anythings here, changes have + * been made in fib_semantics.c (in fib_dump_info which is + * called by fib_trie and fib_hash). + */ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -611,7 +674,7 @@ if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) && ((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED) - return ip_rt_dump(skb, cb); + return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */ s_h = cb->args[0]; s_e = cb->args[1]; @@ -636,6 +699,9 @@ cb->args[1] = e; cb->args[0] = h; + /* (ghost support) Length returned can be changed by + fib_dump_info when a route of a ghositifed iface is + lookup (skb length may be abnormal, diff of mod(240)) */ return skb->len; } diff -ruN linux-3.2.48--original/net/ipv4/fib_semantics.c linux-3.2.48/net/ipv4/fib_semantics.c --- linux-3.2.48--original/net/ipv4/fib_semantics.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv4/fib_semantics.c 2013-07-01 11:59:07.000000000 +0200 @@ -11,6 +11,9 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. + * Changes: + * Roudiere Jonathan trivial + * change for ghostification. */ #include @@ -44,6 +47,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "fib_lookup.h" static DEFINE_SPINLOCK(fib_info_lock); @@ -923,6 +931,23 @@ if (nlh == NULL) return -EMSGSIZE; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) function call by fib_trie and fib_hash to dump route, + * in most case we won't arrive here with usertools (like iproute), because + * modification in rtnl_dump_ifinfo hide iface and modif here may be not really + * proper because put abnormal length in the skb->len return by inet_dump_fib + * (used without error..) if pid != 0 then user talks else that is the kernel; + */ + if (pid != 0) + if (is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Try to get route about ghost iface (%s), skip", + fi->fib_dev->name); + /* return -EMSGSIZE; don't use this because that stops evaluation */ + return nlmsg_end(skb, nlh); + } +#endif /* CONFIG_GHOSTIFICATION */ + rtm = nlmsg_data(nlh); rtm->rtm_family = AF_INET; rtm->rtm_dst_len = dst_len; diff -ruN linux-3.2.48--original/net/ipv4/fib_trie.c linux-3.2.48/net/ipv4/fib_trie.c --- linux-3.2.48--original/net/ipv4/fib_trie.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv4/fib_trie.c 2013-07-01 11:59:07.000000000 +0200 @@ -47,6 +47,14 @@ * Paul E. McKenney * Patrick McHardy */ +/* + * Luca Saiu (simple changes for ghostification + * support) + * Roudiere Jonathan (bugfixes, + * forgetting ghost support in the function fn_trie_insert, bad + * field check in fib_route_seq_show). + * + */ #define VERSION "0.409" @@ -83,6 +91,11 @@ #include #include "fib_lookup.h" +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define MAX_STAT_DEPTH 32 #define KEYLENGTH (8*sizeof(t_key)) @@ -1216,6 +1229,18 @@ goto err; } +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + l = fib_find_node(t, key); fa = NULL; @@ -1670,7 +1695,17 @@ fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list); list_for_each_entry_continue(fa, fa_head, fa_list) { struct fib_info *fi = fa->fa_info; - +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) don't make any change for + route involving ghostified interface */ + ghost_debugmsg("interface is %s", fi->fib_dev->name); + if(is_a_ghost_interface_name(fi->fib_dev->name)) { + ghost_ptk("Trying to delete a route involving the " + "ghost device %s: we make this operation fail.", + fi->fib_dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ if (fa->fa_tos != tos) break; @@ -2557,7 +2592,28 @@ || fa->fa_type == RTN_MULTICAST) continue; - if (fi) + if (fi) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't display any informations about + ghostified interfaces under /proc/net/route, bf */ + if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) { + ghost_ptk("Don't display routes for a ghostified " + "interface (%s) in /proc/net/route", + (const char*)fi->fib_dev->name); + seq_printf(seq, + "%s\t%08X\t%08X\t%04X\t%d\t%u\t" + "%d\t%08X\t%d\t%u\t%u%n", + fi->fib_dev ? fi->fib_dev->name : "*", + prefix, + fi->fib_nh->nh_gw, flags, 0, 0, + fi->fib_priority, + mask, + (fi->fib_advmss ? + fi->fib_advmss + 40 : 0), + fi->fib_window, + fi->fib_rtt >> 3, &len); + } +#else seq_printf(seq, "%s\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", @@ -2570,13 +2626,14 @@ fi->fib_advmss + 40 : 0), fi->fib_window, fi->fib_rtt >> 3, &len); - else +#endif /* CONFIG_GHOSTIFICATION */ + } else { seq_printf(seq, "*\t%08X\t%08X\t%04X\t%d\t%u\t" "%d\t%08X\t%d\t%u\t%u%n", prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len); - + } seq_printf(seq, "%*s\n", 127 - len, ""); } } diff -ruN linux-3.2.48--original/net/ipv4/igmp.c linux-3.2.48/net/ipv4/igmp.c --- linux-3.2.48--original/net/ipv4/igmp.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv4/igmp.c 2013-07-01 11:59:07.000000000 +0200 @@ -68,6 +68,8 @@ * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. * David L Stevens: IGMPv3 support, with help from * Vinay Kulkarni + * Luca Saiu : trivial changes for ghostification + * support */ #include @@ -106,6 +108,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define IP_MAX_MEMBERSHIPS 20 #define IP_MAX_MSF 10 @@ -2440,8 +2447,18 @@ #endif if (rcu_dereference(state->in_dev->mc_list) == im) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, "%d\t%-10s: %5d %7s\n", + state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); + } +#else seq_printf(seq, "%d\t%-10s: %5d %7s\n", state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); +#endif /* CONFIG_GHOSTIFICATION */ } seq_printf(seq, @@ -2593,14 +2610,30 @@ "Device", "MCA", "SRC", "INC", "EXC"); } else { - seq_printf(seq, - "%3d %6.6s 0x%08x " - "0x%08x %6lu %6lu\n", - state->dev->ifindex, state->dev->name, - ntohl(state->im->multiaddr), - ntohl(psf->sf_inaddr), - psf->sf_count[MCAST_INCLUDE], - psf->sf_count[MCAST_EXCLUDE]); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp information in /proc " + "about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else + seq_printf(seq, + "%3d %6.6s 0x%08x " + "0x%08x %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + ntohl(state->im->multiaddr), + ntohl(psf->sf_inaddr), + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -ruN linux-3.2.48--original/net/ipv4/route.c linux-3.2.48/net/ipv4/route.c --- linux-3.2.48--original/net/ipv4/route.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv4/route.c 2013-07-01 11:59:07.000000000 +0200 @@ -55,6 +55,9 @@ * Eric Dumazet : hashed spinlocks and rt_check_expire() fixes. * Ilia Sotnikov : Ignore TOS on PMTUD and Redirect * Ilia Sotnikov : Removed TOS from hash calculations + * Luca Saiu : trivial changes for ghostification support + * Roudiere Jonathan : ghost support to rtnetlink + * function, ghost bugfix (field) in rt_cache_seq_show * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -112,6 +115,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #define RT_FL_TOS(oldflp4) \ ((oldflp4)->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK)) @@ -420,6 +428,14 @@ "Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t" "HHUptod\tSpecDst"); else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Dont't display informations about ghost ifaces, bf */ + if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->dst.dev->name)) { + ghost_ptk("Don't display routing informations about ghost interface (%s)", + ((const char*)((struct rtable*)v)->dst.dev->name)); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ struct rtable *r = v; struct neighbour *n; int len, HHUptod; @@ -2999,8 +3015,13 @@ r->rtm_src_len = 32; NLA_PUT_BE32(skb, RTA_SRC, rt->rt_key_src); } - if (rt->dst.dev) + if (rt->dst.dev) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) */ + ghost_develmsg("Net device is = %s ",rt->dst.dev->name); +#endif NLA_PUT_U32(skb, RTA_OIF, rt->dst.dev->ifindex); + } #ifdef CONFIG_IP_ROUTE_CLASSID if (rt->dst.tclassid) NLA_PUT_U32(skb, RTA_FLOW, rt->dst.tclassid); @@ -3096,7 +3117,7 @@ err = -ENOBUFS; goto errout; } - + /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ @@ -3119,6 +3140,17 @@ if (dev == NULL) { err = -ENODEV; goto errout_free; + +#ifdef CONFIG_GHOSTIFICATION + ghost_debugmsg("Net device is %s ", dev->name); + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", dev->name); + err = -ENODEV; + goto errout_free; + } +#endif /* CONFIG_GHOSTIFICATION */ } skb->protocol = htons(ETH_P_IP); @@ -3153,6 +3185,22 @@ if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't allow get ops for route + involving a ghostified interface, unnecessary test ..(rt) */ + if (rt) { + if (rt->dst.dev) { + ghost_debugmsg("Net device is %s ",rt->dst.dev->name); + if (is_a_ghost_interface_name(rt->dst.dev->name)) { + ghost_ptk("Try to get a route involving a ghostified " + "interface (%s), skip", + rt->dst.dev->name); + err = -ENETUNREACH; + goto errout_free; + } + } + } +#endif /* CONFIG_GHOSTIFICATION */ err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, RTM_NEWROUTE, 0, 0); if (err <= 0) @@ -3167,6 +3215,8 @@ goto errout; } +/* (ghost support) maybe it will be necessary to modify +this func which is call in fib_frontend.c */ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct rtable *rt; diff -ruN linux-3.2.48--original/net/ipv6/addrconf.c linux-3.2.48/net/ipv6/addrconf.c --- linux-3.2.48--original/net/ipv6/addrconf.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv6/addrconf.c 2013-07-01 11:59:07.000000000 +0200 @@ -36,6 +36,9 @@ * YOSHIFUJI Hideaki @USAGI : improved source address * selection; consider scope, * status etc. + * Luca Saiu : ghostification support + * Roudiere Jonathan : ghost + * modify functions using (rt)netlink */ #include @@ -82,6 +85,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include #include @@ -459,6 +467,86 @@ return idev; } +/* + * (ghost support) Support to hide snmp6 proc infos. + */ +#ifdef CONFIG_GHOSTIFICATION +/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed(). + Return a pointer to a valid inet6_dev structure on success, NULL on failure: */ +static struct inet6_dev* lookup_snmp6_device(const char *interface_name) +{ + struct net_device *device; + struct inet6_dev *idev; + + /* Lookup the device by name, obtaining an inet6_dev structure: */ + device = dev_get_by_name(&init_net, interface_name); + if(device == NULL) + return NULL; + rtnl_lock(); + idev = ipv6_find_idev(device); + rtnl_unlock(); + return idev; +} + +/* These are defined in net/ipv6/proc.c: */ +extern struct proc_dir_entry *proc_net_devsnmp6; +extern struct file_operations snmp6_seq_fops; + +/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already hidden. Return 0 on success, nonzero on error: */ +int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + + /* Remove the proc/ entry, if any. If there was no entry + then remove_proc_entry() will fail, but it's ok for us: */ +#ifdef CONFIG_PROC_FS + if (!proc_net_devsnmp6) + return -ENOENT; + if (idev->stats.proc_dir_entry == NULL) + return -EINVAL; + remove_proc_entry(interface_name, proc_net_devsnmp6); +#endif /* CONFIG_PROC_FS */ + return 0; + //return snmp6_unregister_dev(idev); +} + +/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless + it's already shown. Return 0 on success, nonzero on error: */ +int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name) +{ + struct inet6_dev *idev = lookup_snmp6_device(interface_name); + struct proc_dir_entry *proc_directory_entry; + ghost_ptk("Showing /proc/net/dev_snmp6/%s...", + interface_name); + if(idev == NULL) /* lookup failed */ + return -EINVAL; + if(idev->dev == NULL) /* I doubt this may happen... */ + return -EINVAL; +#ifdef CONFIG_PROC_FS + if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */ + return -ENOENT; + if((proc_directory_entry = create_proc_entry(interface_name, + S_IRUGO, proc_net_devsnmp6)) == NULL) + return -ENOMEM; + proc_directory_entry->data = idev; + proc_directory_entry->proc_fops = &snmp6_seq_fops; + idev->stats.proc_dir_entry = proc_directory_entry; +#endif /* CONFIG_PROC_FS */ + return 0; + /* return snmp6_register_dev(idev); */ +} +EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed); +EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed); +#endif /* CONFIG_GHOSTIFICATION */ + +/* + * End of ghostification support + */ + #ifdef CONFIG_SYSCTL static void dev_forward_change(struct inet6_dev *idev) { @@ -2254,6 +2342,10 @@ return PTR_ERR(ifp); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_addr_del(struct net *net, int ifindex, const struct in6_addr *pfx, unsigned int plen) { @@ -2268,6 +2360,15 @@ if (!dev) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to delete address on a ghostified interface (%s), skip", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; @@ -3184,6 +3285,22 @@ static int if6_seq_show(struct seq_file *seq, void *v) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if (is_a_ghost_interface_name(ifp->idev->dev->name)) { + ghost_ptk("Don't show informations about a ghostified " + "interface (%s) under /proc.", + ifp->idev->dev->name); + } else { + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", + &ifp->addr, + ifp->idev->dev->ifindex, + ifp->prefix_len, + ifp->scope, + ifp->flags, + ifp->idev->dev->name); + } +#else seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n", &ifp->addr, ifp->idev->dev->ifindex, @@ -3191,6 +3308,8 @@ ifp->scope, ifp->flags, ifp->idev->dev->name); +#endif /* CONFIG_GHOSTIFICATION */ + return 0; } @@ -3409,6 +3528,10 @@ [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, }; +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3426,7 +3549,9 @@ pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]); if (pfx == NULL) return -EINVAL; - + /* (ghost support) we could/should stop here a request involving a + ghostified interface but inet6_addr_del already do a part of our work + (get dev etc ..) so instead we modify inet6_addr_del */ return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen); } @@ -3475,6 +3600,10 @@ return 0; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { @@ -3512,6 +3641,15 @@ if (dev == NULL) return -ENODEV; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#endif /* CONFIG_GHOSTIFICATION */ + /* We ignore other flags so far. */ ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS); @@ -3748,6 +3886,12 @@ return err; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc; + * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr} + * and call the appropriate inet6_fill_* function. + */ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { @@ -3778,6 +3922,16 @@ if (!idev) goto cont; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.", + dev->name); + goto cont; + /* return -ENODEV; don't use it */ + } +#endif /* CONFIG_GHOSTIFICATION */ + if (in6_dump_addrs(idev, skb, cb, type, s_ip_idx, &ip_idx) <= 0) goto done; @@ -3808,7 +3962,6 @@ return inet6_dump_addr(skb, cb, type); } - static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; @@ -3816,6 +3969,10 @@ return inet6_dump_addr(skb, cb, type); } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { @@ -3842,6 +3999,17 @@ if (ifm->ifa_index) dev = __dev_get_by_index(net, ifm->ifa_index); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (dev) { + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to get address of a ghostified interface (%s), skip.", + dev->name); + return -ENODEV; + } + } +#endif /* CONFIG_GHOSTIFICATION */ + ifa = ipv6_get_ifaddr(net, addr, dev, 1); if (!ifa) { err = -EADDRNOTAVAIL; @@ -4107,6 +4275,10 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want that an address which is linked + * to an ghostified interface can be show/add/del/modify/etc + */ static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); @@ -4125,6 +4297,14 @@ idx = 0; head = &net->dev_index_head[h]; hlist_for_each_entry_rcu(dev, node, head, index_hlist) { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) If it is a ghostified interface then exit */ + if (is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.", + dev->name); + goto cont; + } +#endif /* CONFIG_GHOSTIFICATION */ if (idx < s_idx) goto cont; idev = __in6_dev_get(dev); @@ -4156,7 +4336,6 @@ skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); if (skb == NULL) goto errout; - err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0); if (err < 0) { /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ diff -ruN linux-3.2.48--original/net/ipv6/ip6_fib.c linux-3.2.48/net/ipv6/ip6_fib.c --- linux-3.2.48--original/net/ipv6/ip6_fib.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv6/ip6_fib.c 2013-07-01 11:59:07.000000000 +0200 @@ -269,6 +269,8 @@ #endif +/* (ghost support) iterate on net device, don't modify this function, +we can return ENODEV here, user-space tools (as ip) dump iface list before */ static int fib6_dump_node(struct fib6_walker_t *w) { int res; @@ -314,7 +316,6 @@ { struct fib6_walker_t *w; int res; - w = (void *)cb->args[2]; w->root = &table->tb6_root; diff -ruN linux-3.2.48--original/net/ipv6/Kconfig linux-3.2.48/net/ipv6/Kconfig --- linux-3.2.48--original/net/ipv6/Kconfig 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv6/Kconfig 2013-07-01 11:59:07.000000000 +0200 @@ -4,8 +4,8 @@ # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 - tristate "The IPv6 protocol" - default m + bool "The IPv6 protocol" + default y ---help--- This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well. @@ -16,6 +16,10 @@ For specific information about IPv6 under Linux, read the HOWTO at . + Ghostification notes: + ===================== + IPV6 can not be built in module with ghost support. + To compile this protocol support as a module, choose M here: the module will be called ipv6. @@ -68,7 +72,7 @@ If unsure, say N. config INET6_AH - tristate "IPv6: AH transformation" + bool "IPv6: AH transformation" select XFRM select CRYPTO select CRYPTO_HMAC @@ -80,7 +84,7 @@ If unsure, say Y. config INET6_ESP - tristate "IPv6: ESP transformation" + bool "IPv6: ESP transformation" select XFRM select CRYPTO select CRYPTO_AUTHENC @@ -95,7 +99,7 @@ If unsure, say Y. config INET6_IPCOMP - tristate "IPv6: IPComp transformation" + bool "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- @@ -105,7 +109,7 @@ If unsure, say Y. config IPV6_MIP6 - tristate "IPv6: Mobility (EXPERIMENTAL)" + bool "IPv6: Mobility (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- @@ -114,16 +118,16 @@ If unsure, say N. config INET6_XFRM_TUNNEL - tristate + bool select INET6_TUNNEL default n config INET6_TUNNEL - tristate + bool default n config INET6_XFRM_MODE_TRANSPORT - tristate "IPv6: IPsec transport mode" + bool "IPv6: IPsec transport mode" default IPV6 select XFRM ---help--- @@ -132,7 +136,7 @@ If unsure, say Y. config INET6_XFRM_MODE_TUNNEL - tristate "IPv6: IPsec tunnel mode" + bool "IPv6: IPsec tunnel mode" default IPV6 select XFRM ---help--- @@ -141,7 +145,7 @@ If unsure, say Y. config INET6_XFRM_MODE_BEET - tristate "IPv6: IPsec BEET mode" + bool "IPv6: IPsec BEET mode" default IPV6 select XFRM ---help--- @@ -150,14 +154,14 @@ If unsure, say Y. config INET6_XFRM_MODE_ROUTEOPTIMIZATION - tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" + bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" depends on EXPERIMENTAL select XFRM ---help--- Support for MIPv6 route optimization mode. config IPV6_SIT - tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" + bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select IPV6_NDISC_NODETYPE default y @@ -193,7 +197,7 @@ bool config IPV6_TUNNEL - tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" + bool "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in diff -ruN linux-3.2.48--original/net/ipv6/mcast.c linux-3.2.48/net/ipv6/mcast.c --- linux-3.2.48--original/net/ipv6/mcast.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv6/mcast.c 2013-07-01 11:59:07.000000000 +0200 @@ -24,6 +24,10 @@ * - MLD for link-local addresses. * David L Stevens : * - MLDv2 support + * Luca Saiu : + * - trivial changes for ghostification support + * Roudiere Jonathan + * - trivial changes to correct an forgetting */ #include @@ -63,6 +67,11 @@ #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing... */ #define MCAST_DEBUG 2 @@ -2405,6 +2414,20 @@ struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show information about ghost interfaces */ + if(! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc " + "about ghostified interfaces (1)."); + seq_printf(seq, + "%-4d %-15s %pi6 %5d %08X %ld\n", + state->dev->ifindex, state->dev->name, + &im->mca_addr, + im->mca_users, im->mca_flags, + (im->mca_flags&MAF_TIMER_RUNNING) ? + jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); + } +#else seq_printf(seq, "%-4d %-15s %pi6 %5d %08X %ld\n", state->dev->ifindex, state->dev->name, @@ -2412,6 +2435,7 @@ im->mca_users, im->mca_flags, (im->mca_flags&MAF_TIMER_RUNNING) ? jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); +#endif /* CONFIG_GHOSTIFICATION */ return 0; } @@ -2563,6 +2587,20 @@ "Device", "Multicast Address", "Source Address", "INC", "EXC"); } else { +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Don't show any info about ghost interfaces */ + if (! is_a_ghost_interface_name(state->dev->name)) { + ghost_debugmsg("Don't show any igmp6 information in /proc" + " about ghostified interfaces (2)."); + seq_printf(seq, + "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", + state->dev->ifindex, state->dev->name, + &state->im->mca_addr, + &psf->sf_addr, + psf->sf_count[MCAST_INCLUDE], + psf->sf_count[MCAST_EXCLUDE]); + } +#else seq_printf(seq, "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", state->dev->ifindex, state->dev->name, @@ -2570,6 +2608,7 @@ &psf->sf_addr, psf->sf_count[MCAST_INCLUDE], psf->sf_count[MCAST_EXCLUDE]); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; } diff -ruN linux-3.2.48--original/net/ipv6/proc.c linux-3.2.48/net/ipv6/proc.c --- linux-3.2.48--original/net/ipv6/proc.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv6/proc.c 2013-07-01 11:59:07.000000000 +0200 @@ -9,6 +9,8 @@ * * Authors: David S. Miller (davem@caip.rutgers.edu) * YOSHIFUJI Hideaki + * Luca Saiu (trivial changes for + * ghostification support) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -30,6 +32,16 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include + +/* (ghost support) We don't want this to be static, as it has to + be read at ghostifying and unghostifying time */ +struct proc_dir_entry *proc_net_devsnmp6; +EXPORT_SYMBOL(proc_net_devsnmp6); +#endif /* CONFIG_GHOSTIFICATION */ + static int sockstat6_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; @@ -229,6 +241,18 @@ return single_open_net(inode, file, snmp6_seq_show); } +/* (ghost support) This was originally static, +but we need to make it visible */ +#ifdef CONFIG_GHOSTIFICATION +struct file_operations snmp6_seq_fops = { + .owner = THIS_MODULE, + .open = snmp6_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; +EXPORT_SYMBOL(snmp6_seq_fops); +#else static const struct file_operations snmp6_seq_fops = { .owner = THIS_MODULE, .open = snmp6_seq_open, @@ -236,6 +260,7 @@ .llseek = seq_lseek, .release = single_release_net, }; +#endif /* CONFIG_GHOSTIFICATION */ static int snmp6_dev_seq_show(struct seq_file *seq, void *v) { diff -ruN linux-3.2.48--original/net/ipv6/route.c linux-3.2.48/net/ipv6/route.c --- linux-3.2.48--original/net/ipv6/route.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/ipv6/route.c 2013-07-01 11:59:07.000000000 +0200 @@ -22,6 +22,10 @@ * reachable. otherwise, round-robin the list. * Ville Nuorvala * Fixed routing subtrees. + * Luca Saiu + * trivial changes for ghostification support + * Roudiere Jonathan + * ghostification support update, modify functions using netlink */ #include @@ -62,6 +66,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Set to 3 to get tracing. */ #define RT6_DEBUG 2 @@ -1205,10 +1214,6 @@ } EXPORT_SYMBOL(ip6_dst_hoplimit); -/* - * - */ - int ip6_route_add(struct fib6_config *cfg) { int err; @@ -1958,6 +1963,8 @@ struct in6_rtmsg rtmsg; int err; + /* (ghost support) don't make any change, changes + have been made later for ioctl request */ switch(cmd) { case SIOCADDRT: /* Add a route */ case SIOCDELRT: /* Delete a route */ @@ -2309,26 +2316,84 @@ return err; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; - err = rtm_to_fib6_config(skb, nlh, &cfg); - if (err < 0) - return err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_del(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it + is a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to del route involving a ghostified interface (%s). Failing", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_del(&cfg); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc. + */ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) { struct fib6_config cfg; int err; +#ifdef CONFIG_GHOSTIFICATION + struct net *net = NULL; + struct net_device *dev = NULL; + err = rtm_to_fib6_config(skb, nlh, &cfg); if (err < 0) return err; + + /* (ghost support) get the net struct through sock struct */ + net = sock_net(skb->sk); + if(!net) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) get the net_device struct through fib6_config */ + dev = dev_get_by_index(net, cfg.fc_ifindex); + if(!dev) + return ip6_route_add(&cfg); /* do that or exit on error ... */ + /* (ghost support) ok we know the device name so if it is + a ghostified interface, return device not exist */ + if(is_a_ghost_interface_name(dev->name)) { + ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.", + dev->name); + return -ENODEV; + } +#else + err = rtm_to_fib6_config(skb, nlh, &cfg); + if (err < 0) + return err; +#endif /* CONFIG_GHOSTIFICATION */ return ip6_route_add(&cfg); } @@ -2348,6 +2413,10 @@ + nla_total_size(sizeof(struct rta_cacheinfo)); } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc + */ static int rt6_fill_node(struct net *net, struct sk_buff *skb, struct rt6_info *rt, struct in6_addr *dst, struct in6_addr *src, @@ -2360,6 +2429,19 @@ u32 table; struct neighbour *n; +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i", + type, pid, seq); + /* (ghost support) this function is called by by rt6_dump_route, and + inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/ + if (rt->rt6i_dev->name) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to get/notify route infos about a " + "ghostified interface (%s), skip.", + rt->rt6i_dev->name); + return 1; + } +#endif /* CONFIG_GHOSTIFICATION */ if (prefix) { /* user wants prefix routes only */ if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { /* success since this is not a prefix route */ @@ -2480,10 +2562,26 @@ return -EMSGSIZE; } +/* + * (ghost support) We don't want a route which involed a + * ghostified interface can be show/add/del/modify/etc, + */ int rt6_dump_route(struct rt6_info *rt, void *p_arg) { struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg; int prefix; + +#ifdef CONFIG_GHOSTIFICATION + ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i", + arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq); + /* if (rt->rt6i_dev) + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip", + rt->rt6i_dev->name); + return -ENODEV; errro maybe come from here, modify instead + rt6_fill_node which has multiple callers + } */ +#endif /* CONFIG_GHOSTIFICATION */ if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) { struct rtmsg *rtm = nlmsg_data(arg->cb->nlh); @@ -2497,6 +2595,8 @@ prefix, 0, NLM_F_MULTI); } +/* (ghost support) Don't make changes here, function +rt6_fill_node has been modified instead */ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) { struct net *net = sock_net(in_skb->sk); @@ -2641,6 +2741,17 @@ struct seq_file *m = p_arg; struct neighbour *n; +#ifdef CONFIG_GHOSTIFICATION + /* (ghost support) Do nothing if this route involves a + ghostified interface */ + if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */ + if(is_a_ghost_interface_name(rt->rt6i_dev->name)) { + ghost_ptk("Don't show any informations under /proc/net" + "involving a ghostified interface (%s)", + rt->rt6i_dev->name); + return 0; + } +#endif /* CONFIG_GHOSTIFICATION */ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen); #ifdef CONFIG_IPV6_SUBTREES diff -ruN linux-3.2.48--original/net/Kconfig linux-3.2.48/net/Kconfig --- linux-3.2.48--original/net/Kconfig 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/Kconfig 2013-07-01 11:59:07.000000000 +0200 @@ -189,6 +189,105 @@ source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config GHOSTIFICATION_NETFILTER + bool "Ghostification support to netfilter" + depends on GHOSTIFICATION && NETFILTER_ADVANCED + default y + help + Ghostification support to Netfilter. Allow to bypass all + Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and + PREROUTING (when available)) and that for all layer or protocol: + ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol + or layer. + If you choose to activate the Ghostification of Netfilter then + all the network packets which come from, or go to an ghostified + interface will not get through the hooks of Netfilter; so rules + which have been created with Iptables, Ip6tables, Arptables or + Ebtables will have no effect on these packets. + Note: This option allows you to have access to the options of + configuration of the Ghostification of Netfilter but it activates + no section of code; you will thus need to select one or some + among those this below. + +config GHOSTIFICATION_NETFILTER_ALL + bool "Ghostification support to netfilter, skip all hooks" + depends on GHOSTIFICATION_NETFILTER + default y + help + Netfiter Ghostification support for all protocols/layers. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass + Netfilter's hooks; thus any actions or rules which have been + created through Iptables, Ip6tables, Arptables or Ebtables + will not have any effect on this packets. + +config GHOSTIFICATION_NETFILTER_ARP + bool "Ghostification support to netfilter, skip ARP hooks" + depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the ARP protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Arp + hooks of Netfilter; thus the rules which have been created + with the Arptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_BRIDGE + bool "Ghostification support to netfilter, skip Bridge hooks" + depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the Bridge protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass Bridge + hooks of Netfilter; thus the rules which have been created + with the Ebtables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV4 + bool "Ghostification support to netfilter, skip IPv4 hooks" + depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv4 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv4 + hooks of Netfilter; thus the rules which have been created + with the Iptables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + +config GHOSTIFICATION_NETFILTER_IPV6 + bool "Ghostification support to netfilter, skip IPv6 hooks" + depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES + depends on !GHOSTIFICATION_NETFILTER_ALL + help + Netfiter ghostification support for the IPv6 protocol/layer. + If you activate this option then all network packets which + come from, or go to a ghostified interface will bypass IPv6 + hooks of Netfilter; thus the rules which have been created + with the Ip6tables tool will not have any effect on them. + If you activate Netfilter Ghostification for this protocol/layer + then you will lose the capability that network packets bypass + Decnet's hooks of Netfilter. + If you are unsure how to answer this question when you have + decided to use ghostification then answer N and use instead + GHOSTIFICATION_NETFILTER_ALL above. + endif source "net/dccp/Kconfig" @@ -325,4 +424,93 @@ source "net/nfc/Kconfig" +config GHOSTIFICATION + bool "Ghostification support" + depends on INET + default y + help + Ghostification support allow you to hide network interfaces + on your system. Ghostify and Unghostify are the actions which + make dynamically invisible and visible a network interface/cards + (eth0, lo, tun, ...) for the userspace. + When a network interface is ghostified, users of your system + can not see it with userspace tools like ifconfig, route, iproute, + netstat and/or have statistics about it. However even if a network + interface is ghostified it is always possible to open a socket + using the Ip address of this interface, ping this interface or + any host connected to the same network remains possible; has the + opposite, it is not possible to sniff packets on a ghostified + interface with userspace tools like tcpdump, wireshark, ... + Informations about a ghostified interface are hidden under /proc + but they can be find under /sys, it is a limit of the ghostification + patch. + For more informations about Ghostification patch and engine see + the README of the tarball that you have used or go to website of + the Marionnet project at . + + +config GHOSTIFICATION_NUM + int "Ghostification support : max number of possible ghostified interface" + depends on GHOSTIFICATION + range 4 32 + default 8 + help + Here you can choose the number of network interfaces that + you will be allowed to ghostify. This number must be between + 4 and 32. + +config GHOSTIFICATION_MESG + bool "Ghostification messages, display, debug and devel" + depends on GHOSTIFICATION + default y + help + Ghostification messages configuration. This option allow + you to have acces to the options which configure and control + the type of messages that you want the ghostification engine + diplay (visible through syslogd). + There are three options which make more or less verbose the + ghostification engine. You can choose to not select any + options below if you want to try to hide the ghostification + operations for the users of your system. + Note: This option allows you to have access to the options + which control the number of messages and the verbosity of + the Ghostification engine but it activates no section of + code; you will thus need to select one or some among those + this below. + +config GHOSTIFICATION_PRINTK + bool "Ghostification, messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + default y + help + This option allow you to activate normal messsages from the + ghostification engine, those messages are display through a + simple printk (visible through syslogd), this messages allow + to have informations about the ghost operations (like "the + interface ethX has been ghostified", "unghostified", "is already + ghostified", etc ...). If you really wish to hide ghostified + interfaces and ghost operations for the users of your system + don't select this option. + +config GHOSTIFICATION_DEBUG + bool "Ghostification, debugging messages to monitor ghost operations" + depends on GHOSTIFICATION_MESG + help + This option increase the verbosity of the ghostification engine, + allow to get more informations in order to debug the ghost ops. + This option is in general used to verify the result of a test or + to display the datas (interface name, pid of a calling process, ...) + which are treated by the ghost engine. + +config GHOSTIFICATION_DEVEL + bool "Ghostification, helping messages to trace ghost operations (devel)" + depends on GHOSTIFICATION_MESG + help + This option give more informations that the option above, it is use + by developer of the ghostification patch in order to control some + paths used in the kernel code and the datas which are manipulated. + This option is a little redundant with the debug option but allow + to have a better granularity, maybe it will be remove for the next + release of the ghostification patch. + endif # if NET diff -ruN linux-3.2.48--original/net/netfilter/core.c linux-3.2.48/net/netfilter/core.c --- linux-3.2.48--original/net/netfilter/core.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/netfilter/core.c 2013-07-01 11:59:07.000000000 +0200 @@ -5,6 +5,8 @@ * way. * * Rusty Russell (C)2000 -- This code is GPL. + * Little change by Jonathan Roudiere to add + * Ghostification support (bypass netfilter for ghost interface). */ #include #include @@ -23,6 +25,11 @@ #include #include +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + #include "nf_internals.h" static DEFINE_MUTEX(afinfo_mutex); @@ -60,7 +67,6 @@ { struct nf_hook_ops *elem; int err; - err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err; @@ -169,7 +175,158 @@ rcu_read_lock(); elem = &nf_hooks[pf][hook]; + next_hook: + /* + * (ghost support) Netfilter ghostification support. + * Perform too much tests here is not a good idea because all + * network packets pass through this section but we have + * not other choice to skip netfilter hooks (per hook). + */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER + /* + * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any + * ghostified interface (eq. to return NF_ACCEPT for each packet which + * go through an interface which is ghostified (do that at hook level + * in order to skip all chains's rules hang on the hooks)) + */ + + /* don't use ghost_debugmsg macro in this section + because it may introduce too much delay */ + ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = " + "%s to outdev->name = %s", pf, hook, indev->name, outdev->name); + +/* If we wish to skip all netfilter hooks for all PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL + /* + * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), we start here (with outdev) to bypass netfilter's + * hooks in the case where we are in FORWARD. + */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + ret = 1; + goto unlock; + } + } + /* + * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks, + * if it is a ghostified interface then we must bypass netfilter hooks + * (and all rules chains), if we are in FORWARD hook and outdev/indev->name + * is not a ghostified interface then we can go towards hooks. + */ + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + ret = 1; + goto unlock; + } + } + +/* + * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any + * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk. + * (about performance, choose to skip netfilter just for certains PF + * is the most bad things we can do, but ...) + */ +#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \ + defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE)) + /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL) + but with the ability to choose what are the PFs that we want to skip */ + if ((outdev->name) != NULL) { + if (!is_a_ghost_interface_name(outdev->name)) { + ghost_develmsg("(outdev->name) = %s is not a ghostfied interface", + (outdev->name)); + goto apply_hook; + } else { + ghost_develmsg("(outdev->name) = %s is a ghostfied interface", + (outdev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + if ((indev->name) != NULL) { + if (!is_a_ghost_interface_name(indev->name)) { + ghost_develmsg("(indev->name) = %s is not a ghostfied interface", + (indev->name)); + goto apply_hook; + } else { + ghost_develmsg("(indev->name) = %s is a ghostfied interface", + (indev->name)); + /* start with IPv4, IPv6 because they are the most current PF */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4 + if (pf == PF_INET) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6 + if (pf == PF_INET6) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP + if (pf == NF_ARP) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */ +#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE + if (pf == PF_BRIDGE) { + ret = 1; + goto unlock; + } +#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */ + /* We arrive here that is because we are not in a PF + that we wish skip so we apply rules chain (for decnet) */ + goto apply_hook; + } + } + +#endif /* CONFIG_GHOSTIFICATION_ALL */ +apply_hook: +#endif /* CONFIG_GHOSTIFICATION_NETFILTER */ +/* (ghost support) End of ghostification support */ + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, outdev, &elem, okfn, hook_thresh); if (verdict == NF_ACCEPT || verdict == NF_STOP) { @@ -191,6 +348,9 @@ kfree_skb(skb); } } +#ifdef CONFIG_GHOSTIFICATION_NETFILTER +unlock: +#endif rcu_read_unlock(); return ret; } diff -ruN linux-3.2.48--original/net/packet/af_packet.c linux-3.2.48/net/packet/af_packet.c --- linux-3.2.48--original/net/packet/af_packet.c 2013-06-29 05:06:45.000000000 +0200 +++ linux-3.2.48/net/packet/af_packet.c 2013-07-01 11:59:07.000000000 +0200 @@ -8,6 +8,7 @@ * Authors: Ross Biro * Fred N. van Kempen, * Alan Cox, + * Luca Saiu : Trivial changes for ghostification * * Fixes: * Alan Cox : verify_area() now used correctly @@ -94,6 +95,11 @@ #include #endif +/* (ghost support) */ +#ifdef CONFIG_GHOSTIFICATION +#include +#endif + /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -1593,6 +1599,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -1717,6 +1735,18 @@ if (skb->pkt_type == PACKET_LOOPBACK) goto drop; +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Drop packets involving ghost interfaces: + * we don't want the user to be able to sniff them. + */ + if(is_a_ghost_interface_name(orig_dev->name) || + is_a_ghost_interface_name(dev->name)) { + ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)"); + goto drop; + } +#endif /* CONFIG_GHOSTIFICATION */ + sk = pt->af_packet_priv; po = pkt_sk(sk); @@ -3841,6 +3871,26 @@ struct sock *s = sk_entry(v); const struct packet_sock *po = pkt_sk(s); +#ifdef CONFIG_GHOSTIFICATION + /* + * (ghost support) Don't show packets involving ghost devices + */ + struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex); + if(! is_a_ghost_interface_name(net_device->name)) { + ghost_debugmsg("Don't show packets involving ghostified interface"); + seq_printf(seq, + "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", + s, + atomic_read(&s->sk_refcnt), + s->sk_type, + ntohs(po->num), + po->ifindex, + po->running, + atomic_read(&s->sk_rmem_alloc), + sock_i_uid(s), + sock_i_ino(s) ); + } +#else seq_printf(seq, "%pK %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", s, @@ -3852,6 +3902,7 @@ atomic_read(&s->sk_rmem_alloc), sock_i_uid(s), sock_i_ino(s)); +#endif /* CONFIG_GHOSTIFICATION */ } return 0; marionnet-0.90.6+bzr457.orig/uml/README0000600000175000017500000000223312356733375016255 0ustar lucaslucas======================================================================= drwxr-xr-x 2 jean jean 4096 Jun 19 23:37 ethghost drwxr-xr-x 4 jean jean 4096 May 6 20:12 kernel These directories contain UML kernel patches (mostly for ghostification), kernel .config files, and userland utilities (again, mostly for ghostification). Our repositories do *not* contain copies of Linux, since the kernel is huge and we only need tiny modifications. All of this makes easy to create UML kernels usable with Marionnet. This part of the work has been performed by Jonathan Roudiere and Luca Saiu. ======================================================================= drwxrwxr-x 6 jean jean 4096 May 22 13:23 pupisto.buildroot drwxrwxr-x 2 jean jean 4096 Jun 19 19:27 pupisto.common drwxrwxr-x 12 jean jean 4096 Jun 21 17:04 pupisto.debian drwxrwxr-x 3 jean jean 4096 May 21 20:08 pupisto.kernel drwxrwxr-x 2 jean jean 4096 Apr 8 13:51 startup These directories contain a set of scripts to build kernels and/or filesystems (Buildroot and Debian) suitable for Marionnet. This part of the work has been performed by Jean-Vincent Loddo with the contribution of Antoine Seignard. marionnet-0.90.6+bzr457.orig/uml/pupisto.kernel/0000700000175000017500000000000012356733375020355 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/pupisto.kernel/pupisto.kernel.sh0000700000175000017500000003510712356733375023704 0ustar lucaslucas#!/bin/bash # This file is part of Marionnet # Copyright (C) 2013 Jean-Vincent Loddo # Copyright (C) 2013 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Preamble for automatic log-file generation: MY_BASENAME=$(basename $0) if [[ $1 = "--help" || $1 = "-h" || $1 = "--list" || $1 = "-l" || $1 = "--source" || $1 = "-s" ]]; then # do nothing and continue : elif grep -q "log_${MY_BASENAME}[.]......$" <<<"$1"; then LOGFILE=$1 shift # and continue else LOGFILE=$(mktemp /tmp/log_${MY_BASENAME}.XXXXXX) EXIT_CODE_FILE=$(mktemp /tmp/exit_code_${MY_BASENAME}.XXXXXX) echo -e "Log file of command:\n$0" "$@" "\n---" >$LOGFILE COLUMNS=$(tput cols) { time $0 "$LOGFILE" "$@"; echo $? >$EXIT_CODE_FILE; } 2>&1 | tee -a "$LOGFILE" | cut -c1-$((COLUMNS)) read EXIT_CODE <$EXIT_CODE_FILE rm -f $EXIT_CODE_FILE echo "---" echo "$MY_BASENAME: previous running logged into $LOGFILE" exit $EXIT_CODE fi [[ $1 = "--source" || $1 = "-s" ]] || { set -e shopt -s nullglob shopt -s expand_aliases } # Getopt's format used to parse the command line: OPTSTRING="hlsc" function parse_cmdline { local i j flag # Transform long format options into the short one: for i in "$@"; do if [[ double_dash_found = 1 ]]; then ARGS+=("$i") else case "$i" in --custom) ARGS+=("-c"); ;; --help) ARGS+=("-h"); ;; --source) ARGS+=("-s"); ;; --list) ARGS+=("-l") ;; --) ARGS+=("--"); double_dash_found=1; ;; --[a-zA-Z0-9]*) echo "*** Illegal long option $i."; exit 1; ;; -[a-zA-Z0-9]*) j="${i:1}"; while [[ $j != "" ]]; do ARGS+=("-${j:0:1}"); j="${j:1}"; done; ;; *) ARGS+=("$i") ;; esac fi done set - "${ARGS[@]}" unset ARGS # Interpret short format options: while [[ $# -gt 0 ]]; do OPTIND=1 while getopts ":$OPTSTRING" flag; do if [[ $flag = '?' ]]; then echo "ERROR: illegal option -$OPTARG."; exit 1; fi eval "option_${flag}=$OPTIND" eval "option_${flag}_arg='$OPTARG'" done for ((j=1; j [WORKING-DIRECTORY] or: ${0##*/} (--help|-h) or: ${0##*/} (--list|-l) or: source ${0##*/} (--source|-s) The first synopsis builds a kernel. The second synopsis prints this message and exits. The third synopsis shown the list of defined functions. The fourth synopsis allows this script to be sourced (to have relevant functions available in the current environment). Options: -c/--custom customize the kernel using 'make menuconfig' Example: $ ${0##*/} 3.4.22 $ ${0##*/} 3.4.22 /tmp/_build.678HG234 $ ${0##*/} -l $ source ${0##*/} -s" exit $1 } # Manage now your options in a convenient order # # Option -h if [[ -n ${option_h} ]]; then print_usage_and_exit 0 fi AWK_PROGRAM_LISTING_FUNCTIONS='/^[ ]*function[ ]*[a-zA-Z0-9_]*[ ]*{/ && ($2 != "parse_cmdline") && ($2 != "print_usage_and_exit") {print $2}' # Option -l/--list if [[ -n ${option_l} ]]; then awk <"$0" "$AWK_PROGRAM_LISTING_FUNCTIONS" | sort exit 0 fi # Option -c/--custom if [[ -n ${option_c} ]]; then CUSTOM_OPTION="--custom" fi #################################### # M A I N # #################################### # ------------------- # Configuring kernels # ------------------- # Sort and merge `.config' files removing comments and empty lines. # Note that the operation of sorting lines provides the expected behaviour: the # letter "y" (yes) comes after "n" (no), that comes after "m" (module). # In other terms, if a variable X is set twice, for instance X=m in a file, and # X=y in the other file, the resulting file will be made with the line "X=m" before # the line "X=y". In this way, "make oldconfig" will take "X=y" discarding the previous # setting, as we expect. In the case of "X=n" vs "X=m", "no" wins. function sort_and_merge_config_files { cat "$@" | awk 'NF>0 && $1 !~ /^#/' | sort | uniq } # Usage: create_kernel_config_from [-i] # # Example: # create_kernel_config_from CONFIG-2.6.18 # # Successfully tested with 3.2.{13,44}, 3.4.42, 3.8.10 function create_kernel_config_from { local INTERACTIVE if [[ $1 = -i ]]; then INTERACTIVE=y; shift; fi local DEFAULT_OLD_CONFIG_FILE=$PWD/CONFIG-2.6.18 local OLD_CONFIG_FILE=${1:-$DEFAULT_OLD_CONFIG_FILE} [[ -f $OLD_CONFIG_FILE ]] || return 1 # Make a default .config for ARCH=um make mrproper make mrproper ARCH=um make defconfig ARCH=um # Merge with the provided (good) .config sort_and_merge_config_files .config $OLD_CONFIG_FILE >.config.1 mv .config.1 .config if [[ $INTERACTIVE = y ]]; then make oldconfig ARCH=um SUBARCH=i386 else while true; do echo; done | make oldconfig ARCH=um SUBARCH=i386 fi # Finally fix some specific problems: # UML_NET_PCAP must be unset (error compiling the kernel): # (unhappily because in this way we cannot start wireshark as normal user, # see http://wiki.wireshark.org/CaptureSetup/CapturePrivileges) sed -i -e 's/CONFIG_UML_NET_PCAP=y/CONFIG_UML_NET_PCAP=n/' .config # Looking linux-3.0.75/arch/x86/lib/Makefile this variable must be unset: sed -i -e 's/CONFIG_X86_CMPXCHG64=y/CONFIG_X86_CMPXCHG64=n/' .config # Looking http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=084189a sed -i -e 's/CONFIG_CMPXCHG_LOCAL=y/CONFIG_CMPXCHG_LOCAL=n/' .config # The modern `systemd' mechanism requires DEVTMPFS: echo 'CONFIG_DEVTMPFS=y' >> .config echo 'CONFIG_DEVTMPFS_MOUNT=n' >> .config # Now switch to "yes" (=y) all remaining things set as module (=m). # In the case of kernel 3.2.44 (LTS) we have only this settings: # CONFIG_UML_SOUND=m # CONFIG_SOUND=m # CONFIG_HOSTAUDIO=m # CONFIG_HW_RANDOM=m # CONFIG_CRYPTO_RNG=m # CONFIG_CRYPTO_ANSI_CPRNG=m sed -i -e 's/=m/=y/' .config # A second time, in order to have a very clean .config: while true; do echo; done | make oldconfig ARCH=um SUBARCH=i386 echo "Ok, result of merging and cleaning in \`.config'" } # ---------------- # Compilig kernels # ---------------- # For instance, if we call this function when we are (PWD) in # "/home/myrepos/marionnet/uml/pupisto/pupisto.sh.files/" # the result will be "/home/myrepos/marionnet/uml/" # This is useful to get files which location is known with # respect to this path (for instance kernel patches). function get_our_marionnet_slash_uml_directory_path { # Global PWD local TRAILER=${PWD##*/marionnet/uml/} echo ${PWD%$TRAILER} } # Usage: # $ download_patch_and_compile_kernel [c/--custom] [WORKING-DIRECTORY] # # Example: # $ download_patch_and_compile_kernel 3.2.48 /tmp/_building_directory function download_patch_and_compile_kernel { local CUSTOM if [[ $1 = "-c" || $1 = "--custom" ]]; then CUSTOM=y shift fi # global CUSTOM [[ $# -ge 1 ]] || return 1 # For instance "3.2.48" local VERSION=$1 local TWDIR=${2:-.} local DOWNLOADS_DIRECTORY=${3:-$PWD/_build.downloads} # Before pushing, get our marionnet/uml/kernel directory: local OUR_KERNEL_DIR=$(get_our_marionnet_slash_uml_directory_path)/kernel # Move to the working temporary directory (or current directory): pushd "$TWDIR" # Download, uncompress and untar the kernel: local KERNEL_SUBDIR=${VERSION%.*} local KERNEL_SUBDIR=${KERNEL_SUBDIR//3.*/3.x} # To save the tarball: mkdir -p $DOWNLOADS_DIRECTORY if [[ -f linux-${VERSION}.tar.xz ]]; then tar -xJf linux-${VERSION}.tar.xz mv linux-${VERSION}.tar.xz $DOWNLOADS_DIRECTORY/ elif [[ -f $DOWNLOADS_DIRECTORY/linux-${VERSION}.tar.xz ]]; then tar -xJf $DOWNLOADS_DIRECTORY/linux-${VERSION}.tar.xz else wget -O - https://www.kernel.org/pub/linux/kernel/v${KERNEL_SUBDIR}/linux-${VERSION}.tar.xz | tee $DOWNLOADS_DIRECTORY/linux-${VERSION}.tar.xz | tar -xJf - fi # Move to the kernel directory: cd linux-${VERSION} local FOUND GHOST_SUFFIX i j # Apply all patches for this version: for i in $OUR_KERNEL_DIR/linux-{$VERSION,${VERSION%.*}.%,${VERSION%.*.*}.%.%}[.-]*.{diff,patch}; do FOUND=y j=$(basename $i) echo "Applying patch: \'$j'"; echo "---" patch -p1 < $i cp $i ./ if grep -q "ghost" <<<"$j"; then GHOST_SUFFIX="-ghost" fi echo "---" done if [[ -z $FOUND ]]; then echo "No patch found for this kernel version in $OUR_KERNEL_DIR/kernel" echo "At least the \"ghostification\" patch was expected at location $OUR_KERNEL_DIR/linux-${VERSION}-ghost.diff" echo "Continuing however without patches." fi # Copy or generate .config from our repository FOUND=$OUR_KERNEL_DIR/CONFIG-$VERSION if [[ -f $FOUND ]]; then echo "Using pre-built config file found at $FOUND" cp $FOUND .config elif [[ -f $OUR_KERNEL_DIR/older-versions/CONFIG-2.6.18 ]]; then echo "Config file for version $VERSION not found. We generate it from our older CONFIG-2.6.18" create_kernel_config_from $OUR_KERNEL_DIR/older-versions/CONFIG-2.6.18 else echo "Error: $OUR_KERNEL_DIR/older-versions/CONFIG-2.6.18 not found" return 2 fi # Modify CONFIG_LOCALVERSION="-ghost" according to the # presence of the "ghostification" patch: if [[ -n $GHOST_SUFFIX ]]; then sed -i -e 's/CONFIG_LOCALVERSION="-ghost"/CONFIG_LOCALVERSION=""/' .config #unset GHOST_SUFFIX fi # Custom: if [[ $CUSTOM = y ]]; then local PSEUDO_TERMINAL=$(tty) make menuconfig ARCH=um SUBARCH=i386 0<$PSEUDO_TERMINAL 1>$PSEUDO_TERMINAL fi # Add `ccache' in the PATH if needed: if [[ -f /usr/lib/ccache/gcc ]] && ! grep -q "ccache" <<<$PATH; then export PATH=$(dirname $(which gcc)):$PATH fi # Exploit processors: local PROCESSOR_NO=$(\grep "^processor.*:" /proc/cpuinfo | sort | uniq | wc -l) # Launch the compilation process with the virtual `um' architecture (ARCH), # and with `i386' target host architecture (SUBARCH) make -j $PROCESSOR_NO ARCH=um SUBARCH=i386 cp -a linux linux-${VERSION}${GHOST_SUFFIX}-unstripped strip linux ln linux linux-${VERSION}${GHOST_SUFFIX} cp .config linux-${VERSION}${GHOST_SUFFIX}.config echo -ls -l $PWD ls -l linux-* popd } # download_patch_and_compile_kernel # --------------- # Testing kernels # --------------- # Example: # start_kernel ./kernel32-3.2.48 machine-brighella-59975 function start_kernel { local GDB if [[ $1 = "--debug" ]]; then # GDB="gdb --eval-command run --args " GDB='gdb -ex "handle SIGSEGV nostop noprint" -ex "handle SIGUSR1 nopass stop print" -ex run --args ' shift fi [[ $# -gt 1 ]] || return 1 local KERNEL="${GDB}${1}" local FS=$2 shift; shift; local OTHER_OPTIONS="$@" set -x TAP=$(LC_ALL=en_US ifconfig -a | \grep -o "^tap[0-9]" | head -n 1) if [[ -z $TAP ]]; then xterm -l -sb -T "m1" -e "$KERNEL keyboard_layout=us ubda=$FS umid=m1 mem=128M root=98:0 hostname=m1 guestkind=machine $OTHER_OPTIONS" else xterm -l -sb -T "m1" -e "$KERNEL keyboard_layout=us ubda=$FS umid=m1 mem=128M root=98:0 hostname=m1 guestkind=machine eth0=tuntap,$TAP $OTHER_OPTIONS" fi # -l generate a log XTerm.log. set +x echo "fuser -k first time:" fuser -k ${FS#*,} echo "fuser -k second time:" fuser -k ${FS#*,} } # Example: # start_kernel_with_cow ./kernel32-3.2.48 machine-brighella-59975 function start_kernel_with_fresh_cow { local GDB if [[ $1 = "--debug" ]]; then GDB="--debug" shift fi local KERNEL=$1 local FS=$2 local COWFILE=$(mktemp /tmp/start_kernel.XXXXXXX.cow) rm -f $COWFILE FS="$COWFILE,$FS" shift; shift; start_kernel $GDB $KERNEL $FS "$@" } # Stop here if the option -s (--source) has been provided: if [[ -n ${option_s} ]]; then # Export all functions of this file: echo export -f $(awk <$BASH_SOURCE "$AWK_PROGRAM_LISTING_FUNCTIONS") export -f $(awk <$BASH_SOURCE "$AWK_PROGRAM_LISTING_FUNCTIONS") return 0 2>/dev/null || { echo "Warning: the option -s must be used source-ing this script, not when the script is called as a standalone executable"; echo "Example: source $BASH_SOURCE -s"; exit 1; } fi if [[ $# -eq 0 ]]; then print_usage_and_exit 2 fi KERNEL_VERSION="$1" if ! echo $KERNEL_VERSION | grep -q "^[1-9][.][0-9][0-9]*[.][0-9][0-9]*$"; then echo 1>&2 "Error: \`$KERNEL_VERSION' is not a valid kernel version." print_usage_and_exit 2 fi WORKING_DIRECTORY=${2:-.} DOWNLOADS_DIRECTORY=$WORKING_DIRECTORY/_build.downloads [[ -d $WORKING_DIRECTORY ]] || { echo 1>&2 "Unexisting working directory \`$WORKING_DIRECTORY'" echo 1>&2 "Exiting." exit 3 } [[ -d $WORKING_DIRECTORY/linux-$KERNEL_VERSION ]] && { echo 1>&2 "A directory \`$WORKING_DIRECTORY/linux-$KERNEL_VERSION' already exists." KERNEL_DIR_BACKUP=$WORKING_DIRECTORY/linux-$KERNEL_VERSION.$(date +%Y-%m-%d.%H\h%M | tr -d " ").backup mv $WORKING_DIRECTORY/linux-$KERNEL_VERSION $KERNEL_DIR_BACKUP echo 1>&2 "Moved to \`$KERNEL_DIR_BACKUP'" } set -x download_patch_and_compile_kernel $CUSTOM_OPTION $KERNEL_VERSION "$WORKING_DIRECTORY" "$DOWNLOADS_DIRECTORY" set +x function abspath { local B=$(basename $1) local D=$(dirname $1) (builtin cd $D; echo $PWD/$B) } # If we are in the same directory of the script, we switch to a directory name # beginning with "_build." (according to the Makefile): if [[ $(dirname $(abspath $WORKING_DIRECTORY)) = $(dirname $(abspath "$0")) ]]; then BUILT_DIR=_build.linux-${KERNEL_VERSION}.$(date +%Y-%m-%d.%H\h%M).$RANDOM echo "Moving \`$WORKING_DIRECTORY/linux-$KERNEL_VERSION' -> \`$WORKING_DIRECTORY/$BUILT_DIR'" mv $WORKING_DIRECTORY/linux-$KERNEL_VERSION $WORKING_DIRECTORY/$BUILT_DIR # Copy log: cp $LOGFILE $WORKING_DIRECTORY/$BUILT_DIR/$(basename $LOGFILE) if [[ -f linux-${VERSION}.tar.xz ]]; then mkdir -p $DOWNLOADS_DIRECTORY mv linux-${VERSION}.tar.xz $DOWNLOADS_DIRECTORY/ fi fi echo 'Success.' marionnet-0.90.6+bzr457.orig/uml/pupisto.kernel/Makefile0000600000175000017500000000377612356733375022034 0ustar lucaslucas# This file is part of Marionnet # Copyright (C) 2013 Jean-Vincent Loddo # Copyright (C) 2013 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . help: @echo "Usage: make " @echo " or: make OPTIONS=--custom " @echo " or: make show_versions" @echo " or: make dependencies" @echo " or: make clean" @echo " or: make help" @echo "Example: make 3.2.48" 2.% 3.%: dependencies ./pupisto.kernel.sh $(OPTIONS) $@ clean: rm -rf _build.linux-* # Show available (stable or longterm support) versions of the kernel # looking to https://www.kernel.org/: show_versions: @lynx 2>/dev/null --dump https://www.kernel.org/ | awk '/longterm:/ || /stable:/ {print $$1,$$2}' # ============================================================= # Dependencies # ============================================================= REQUIRED_PACKAGES=binutils wget patch ccache gcc gcc-multilib libc6-i386 libc6-dev-i386 dependencies: @echo "Required packages: $(REQUIRED_PACKAGES)" @which dpkg 1>/dev/null || { echo "Not a Debian system (oh my god!); please install packages corresponding to: $(REQUIRED_PACKAGES)"; exit 1; } @dpkg 1>/dev/null -l $(REQUIRED_PACKAGES) || \ if which aptitude; then \ sudo aptitude install -q -q -q -y $(REQUIRED_PACKAGES); \ elif which apt-get; then \ sudo apt-get install -q -q -q -y $(REQUIRED_PACKAGES); \ else \ exit 1; \ fi @echo Ok. marionnet-0.90.6+bzr457.orig/uml/guest/0000700000175000017500000000000012356733375016522 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/guest/bashrc0000600000175000017500000000451712356733375017720 0ustar lucaslucas# Some aliases and simple but useful functions for system/network exercices. # J.V. Loddo - Licence: GPL export PS1='[$? \u@\[\e[0;36m\]\h\[\e[m\] \w]\\$ ' # Without colored hostname: # export PS1='[$? \u@\h \w]\\$ ' alias ls='ls -Fs --color' alias ll="ls -lh" alias la="ls -alh" alias lt="ls -lth" alias '..'='cd ..' # Verbose dhclient (ignored by busybox) alias dhclient='dhclient -v' # The preferable default is "nullglob on" but the # bash-completion doesn't run properly with it, so: if type &>/dev/null dh_bash-completion; then shopt -u nullglob else shopt -s nullglob fi # Clean $PATH export PATH=$(for i in ${PATH//:/ }; do [[ -d $i ]] && echo $i ; done | uniq | tr '\n' ':') PATH=${PATH%:} export EDITOR="nano" # Get the specified field of each line: function field { local N=${1:-1}; shift; cat "$@" | awk -v N=$N '{print $N}'; } export field # Like `which' but reads links recursively. Useful for instance to quickly know # if a binary name corresponds to busybox: function what { local W B if W=$(which "$1"); then if B=$(readlink -f $W); then echo $B else echo $W fi else return 1 fi } export what # TCP listening ports: function tcp_ports { local CMD if [[ $(what netstat) = "/bin/busybox" ]]; then CMD="sudo netstat -tln" else CMD="sudo netstat -tlnp" fi if [[ $# = 0 ]]; then $CMD else local ARGS="$@"; $CMD | \grep "${ARGS// /\\|}" fi } export tcp_ports # UDP waiting ports: function udp_ports { local CMD if [[ $(what netstat) = "/bin/busybox" ]]; then CMD="sudo netstat -una" else CMD="sudo netstat -unpa" fi if [[ $# = 0 ]]; then $CMD else local ARGS="$@"; $CMD | \grep "${ARGS// /\\|}" fi } export udp_ports # Listening unix ports function unix_ports { local CMD="sudo netstat -xnpa | \grep LISTENING" if [[ $# = 0 ]]; then eval $CMD else local ARGS="$@"; eval $CMD | \grep "${ARGS// /\\|}" fi } export unix_ports # Service ports (TCP, UDP or UNIX): function srv_ports { echo "--- TCP listening ports" tcp_ports "$@" echo "--- UDP waiting ports" udp_ports "$@" echo "--- UNIX listening ports" unix_ports "$@" } export srv_ports # Files opened by a command: # Example: opened_by bash function opened_by { local TMPFILE=$(mktemp) strace 2>$TMPFILE "$@" . # TODO: run `set -x' if Marionnet is currently in the debug mode! # set -x ### BEGIN INIT INFO # Provides: marionnet-startup # Required-Start: $local_fs $network $syslog # Required-Stop: # Should-Start: # Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Execute actions according to the kernel command line # Description: When Marionnet launches a kernel, it puts on the kernel # command line a set of bindings VARIABLE=VALUE which are # interpreted by this script to execute some actions in # order to make the virtual machine suitable for the user. ### END INIT INFO ########################################### # Source-ing kernel command line # ########################################### # Read kernel command line variables into this shell's environment: # Expected variables: hostname hostfs guestkind ubd0s (or ubda) timezone numeric_TZ console_no export $(tr > "$FILE" } ########################################### # hostname # ########################################### # Set the hostname according to the kernel command line: if [[ -n $hostname ]]; then echo $hostname > /etc/hostname # The script `/etc/init.d/hostname.sh' belonged to the package `initscripts' # on old debian systems: if [[ -x /etc/init.d/hostname.sh ]]; then /etc/init.d/hostname.sh start elif type hostname; then hostname $hostname fi &>/dev/null # Make a correct entry in /etc/hosts: append_line_if_needed "127.0.0.1 $hostname" /etc/hosts else echo "Warning: variable 'hostname' undefined" 1>&2 fi ########################################### # hostfs # ########################################### # Mount the hostfs filesystem and add bindings from the hostfs file # `boot_parameters' to this shell environment: if [[ -n $hostfs ]]; then mkdir -p /mnt/hostfs mount none /mnt/hostfs -t hostfs && HOSTFS_MOUNTED=yes && # And also record it on the hostfs filesystem, so that we can # easily tell which guest machine the directory belongs to # *from the host*: [[ -n $hostname ]] && echo $hostname > /mnt/hostfs/GUESTNAME && source /mnt/hostfs/boot_parameters else echo "Warning: variable 'hostfs' undefined" 1>&2 fi ########################################### # xterm title # ########################################### # Show the hostname (and its filesystem) in the terminal window title bar virtual_disk=${ubd0s:-$ubda} if [[ -n $virtual_disk ]]; then # Get the name of the virtual filesystem choosen by the user: virtualfs_name="${virtual_disk##*/}" virtualfs_kind=${virtualfs_name%%-*} # "machine" or "router" virtualfs_name=${virtualfs_name#router-} virtualfs_name=${virtualfs_name#machine-} echo -e '\033]0;'"$hostname ($virtualfs_name)"'\007' else echo "Warning: variable '$virtual_disk' undefined" 1>&2 fi ########################################### # Network configurations # ########################################### # Perform an indirect lookup of the variable $1'_eth'$2, i.e. return # the value of the variable which is the value of the variable named # $1'_eth'$2. function lookup { echo $(eval echo '$'$1'_eth'$2) } # Configure network interfaces: if [[ -n $ethernet_interfaces_no ]]; then for i in $(eval echo {0..$((ethernet_interfaces_no-1))}); do mac_address=`lookup mac_address $i` mtu=`lookup mtu $i` ipv4_address=`lookup ipv4_address $i` ipv4_gateway=`lookup ipv4_gateway $i` ipv4_netmask=`lookup ipv4_netmask $i` ipv6_address=`lookup ipv6_address $i` ipv6_gateway=`lookup ipv6_gateway $i` [[ -z $mac_address ]] || ifconfig eth$i hw ether $mac_address [[ -z $mtu ]] || ifconfig eth$i mtu $mtu # IPv4 configuration. # The variable `ipv4_address' may be defined via the Marionnet GUI with the # CIDR notation, i.e. in the form x.y.z.t/N. However, in order to be # compatible with the busybox (buildroot) implementation of `ifconfig', # Marionnet extracts the address into x.y.z.t and sets `ipv4_address', # then it computes the corresponding netmask and sets `ipv4_netmask'. # So, the command executed here may have a form like: # ifconfig eth0 192.168.0.1 # or # ifconfig eth0 192.168.0.1 netmask 255.255.255.0 if [[ -n $ipv4_address ]]; then if [[ -n $ipv4_netmask ]]; then ifconfig eth$i $ipv4_address netmask $ipv4_netmask else ifconfig eth$i $ipv4_address fi fi if [[ -n $ipv4_gateway ]]; then route add default gw $ipv4_gateway eth$i || \ route add default gw $ipv4_gateway || \ echo 1>&2 "The Ipv4 gateway address (device eth$i) cannot be set" fi # IPv6 configuration. # The variable `ipv6_address' may be defined via the Marionnet GUI with the # CIDR notation. So, the command executed here may have a form like: # ifconfig eth0 inet6 add 2003:abd::1/32 if [[ -n $ipv6_address ]]; then # Try several commands: ifconfig eth$i add $ipv6_address up || \ ifconfig eth$i add $ipv6_address || \ ifconfig eth$i inet6 add $ipv6_address up || \ ifconfig eth$i inet6 add $ipv6_address || \ ip addr add $ipv6_address dev eth0 eth$i || \ ip -6 addr add $ipv6_address dev eth0 eth$i || \ echo 1>&2 "The Ipv6 address cannot be set, neither with \`ifconfig' nor with \`ip'" fi if [[ -n $ipv6_gateway ]]; then # Try several commands: route -A inet6 add default gw $ipv6_gateway eth$i || \ route -A inet6 add default gw $ipv6_gateway || \ ip -6 route add to default via $ipv6_gateway dev eth$i || \ ip -6 route add to default via $ipv6_gateway || \ echo 1>&2 "The Ipv6 gateway address (device eth$i) cannot be set, neither with \`route' nor with \`ip'" fi done fi ########################################### # Ghost interface (eth42) # ########################################### # Activate and immediately "ghostify" our special network # interface communicating with the host: ifconfig eth42 $ip42 up &>/dev/null if type ethghost; then ethghost -g eth42; fi &>/dev/null ########################################### # /etc/fstab # ########################################### # TODO: according to the kernel version! SWAP_DEVICE=/dev/ubdb if [[ -n ${ubd0s} ]]; then ROOT_DEVICE=/dev/ubd0 else ROOT_DEVICE=/dev/ubda fi # Add swap (the swap 'partition' was already created as a # sparse file and initialized with mkswap from the host side): append_line_if_needed \ "$SWAP_DEVICE none swap sw 0 0" \ /etc/fstab ROOT_FS_TYPE=$(awk /proc/sys/kernel/printk ########################################### # DISPLAY # ########################################### # Setting DISPLAY x11_display_number=${x11_display_number#:} # x11_display_number is currently unused DISPLAY_VALUE=172.23.0.254:${x11_display_number:-0} # Support for `ssh' tunnelling: if [[ -n "${mit_magic_cookie_1}" ]] && type -t xauth &>/dev/null; then # We set XAUTHORITY in order to have a configuration # suitable for all users, not just for `root': mkdir -p /etc/X11 export XAUTHORITY="/etc/X11/Xauthority" >$XAUTHORITY chmod a+r $XAUTHORITY xauth add $DISPLAY_VALUE . ${mit_magic_cookie_1} fi # Find a suitable shell configuration file and append the line setting the # variable DISPLAY: for i in /etc/profile /etc/bash.bashrc /root/.bash_profile /root/.bashrc; do if [[ -f $i ]]; then append_line_if_needed "export DISPLAY=$DISPLAY_VALUE" $i if [[ -n $XAUTHORITY ]]; then append_line_if_needed "export XAUTHORITY=$XAUTHORITY" $i; fi break; fi done ########################################### # export TERM=xterm # ########################################### # Find a suitable shell configuration file and append the line setting the # variable TERM: for i in /etc/profile /etc/bash.bashrc /root/.bash_profile /root/.bashrc; do if [[ -f $i ]]; then append_line_if_needed "export TERM=xterm" $i break; fi done ########################################### # Additional consoles (tty1, tty2,..) # ########################################### # Modify /etc/inittab then signal the `init' process # in order to create new tty? consoles: function start_consoles { local LINE_PREFIX="tty" if [[ $1 = "--empty-prefix" ]]; then unset LINE_PREFIX shift fi local REQUIRED_CONSOLE_NO="${1:-1}" local ADDITIONAL_CONSOLES=$((REQUIRED_CONSOLE_NO-1)) local TARGET=/etc/inittab local skip=0 local i for ((i=1; i<=ADDITIONAL_CONSOLES; i=i+1)); do if grep -q "^#${LINE_PREFIX}${i}:" $TARGET; then sed -i -e "s/^#${LINE_PREFIX}${i}:/${LINE_PREFIX}${i}:/" $TARGET elif ! grep -q "^${LINE_PREFIX}${i}:" $TARGET; then local TTY0_LINE LINE TTY0_LINE=$(grep "^${LINE_PREFIX}0:" $TARGET) LINE=$(echo ${TTY0_LINE//${LINE_PREFIX}0/${LINE_PREFIX}$i}) [[ -z "$LINE" ]] || echo $LINE >> $TARGET else let skip=skip+1 fi done [[ $skip = $ADDITIONAL_CONSOLES ]] || kill -HUP 1 # Update inittab: for ((i=ADDITIONAL_CONSOLES+1; i<=8; i=i+1)); do if grep -q "^${LINE_PREFIX}${i}:" $TARGET; then sed -i -e "s/^${LINE_PREFIX}${i}:/#${LINE_PREFIX}${i}:/" $TARGET fi done } # LINE_PREFIX may be empty (Debian) or "tty" (Buildroot): local LINE_PREFIX=$(grep "^[^#].*/sbin/getty" /etc/inittab | cut -f1 -d: | head -n 1) LINE_PREFIX=${LINE_PREFIX%?} # chop last char case "$LINE_PREFIX" in tty) start_consoles "$console_no" ;; "") start_consoles --empty-prefix "$console_no" ;; esac ########################################### # quagga # ########################################### if [[ $virtualfs_kind = "router" || $guestkind = "router" ]]; then /etc/init.d/quagga start # Activate IP (v4/v6) forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv6/conf/all/forwarding # Fix quagga ownership, if required, in order to enable # the user to save his configurations (write memory): TARGET=/etc/quagga { [[ -d $TARGET ]] && grep -q quagga /etc/group && ls -ld $TARGET | awk '{print $4}' | grep -q root && chown -R quagga:quagga $TARGET; } || true fi ########################################### # timezone # ########################################### function echo_export_TZ { # global numeric_TZ local NTZ=${1:-$numeric_TZ} local h IFS=: read h _ <<<"$NTZ" let h=-1*h if [[ $h -gt 0 ]]; then echo "export TZ=UTC+$h" elif [[ $h -lt 0 ]]; then echo "export TZ=UTC$h" else echo "export TZ=UTC" fi } # echo_export_TZ # Example: timezone="Europe/Paris" if [[ -n $timezone && -e /usr/share/zoneinfo/$timezone ]]; then rm -f /etc/{timezone,localtime} ln -s /usr/share/zoneinfo/$timezone /etc/timezone ln -s /usr/share/zoneinfo/$timezone /etc/localtime fi if [[ -n $numeric_TZ ]]; then local LINE LINE=$(echo_export_TZ $numeric_TZ) append_line_if_needed "$LINE" /etc/profile fi ###################################### # Source `marionnet-relay' patches # ###################################### # 1) Source generic patches: # /mnt/hostfs/marionnet-relay* # # 2) Source machine-specific (or router-specific) patches: # /mnt/hostfs/${virtualfs_name}.relay* if [[ $HOSTFS_MOUNTED = yes ]]; then # Ex: machine-debian-wheezy-42007 virtualfs_name="${virtual_disk##*/}" local i for i in /mnt/hostfs/{marionnet-,$virtualfs_name.}relay*; do echo "Source-ing $i ..." source "$i"; done fi ### echo "OK" clear # Instead of launching getty with option "-f /etc/issue.linuxlogo", # we simply execute the command linuxlogo: if type &>/dev/null linuxlogo && [[ -f /etc/issue.marionnet ]]; then linuxlogo > /etc/issue cat /etc/issue.marionnet >>/etc/issue fi } ########################## END of function start() # ======================================================== # # STOP () # # ======================================================== # function stop { echo -n "Marionnet shutdown tunings... " ########################################### # Mrproper take care of /etc/hosts # ########################################### function remove_line_if_needed { local LINE="$1" local FILE="$2" local temporary_file if test -f "$FILE" && grep -q "^${LINE}$" "$FILE"; then temporary_file=$(mktemp /tmp/$(basename $0).XXXXXX) && \ grep -v "^${LINE}$" "$FILE" > $temporary_file && \ mv -f $temporary_file "$FILE" fi } # Remove the host name from /etc/hosts: the user might change it # when the virtual machine is off: remove_line_if_needed "127.0.0.1 $hostname" /etc/hosts echo "OK" } ########################## END of function stop() case "$1" in start) start ;; stop) stop ;; *) echo "Usage: $0 {start|stop}" exit 1 ;; esac marionnet-0.90.6+bzr457.orig/uml/guest/ssh/0000700000175000017500000000000012356733375017317 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/guest/ssh/README0000600000175000017500000000102312356733375020175 0ustar lucaslucas1) The following settings in `/etc/sshd_config' allow Marionnet to connect or send commands to virtual machines: PermitRootLogin yes StrictModes no PubkeyAuthentication yes 2) The private key `id_rsa_marionnet' should be used by Marionnet in a command like the following: ssh -i id_rsa_marionnet -o PreferredAuthentications=publickey root@172.23.0.1 ls / 3) The public key `id_rsa_marionnet.pub' should be appended to .ssh/authorized_keys for both "root" and "student" accounts into the virtual machines. marionnet-0.90.6+bzr457.orig/uml/guest/ssh/id_rsa_marionnet0000777000175000017500000000000012356733375027771 2../../../share/id_rsa_marionnetustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/guest/ssh/id_rsa_marionnet.pub0000600000175000017500000000061412356733375023347 0ustar lucaslucasssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPNzykHXpxvqlTqXUjq/7R6D5+QGMy9vlK9P2+P7b15Ihcq2WT2GCpfZzVxuLTGMyI9hiwT0CSE3Y6QLWpiqHc55YZJmDwFPcd84wqRVw9xRtNhMHmLtV2PGptGnehpi/YaBLY5c/5dj8IaXJ3ZDPMxsjn0Iz0WBgvPOcW0ESIioP/ORHz7d+yvNFFPJzLAvOVW7pDEg11eqxCW74azzPnhmVzvUpUH595vH/fQTt6v/bobgWRKBacQ8uoBPR4c9KhV++ZwtUnlGi2juvO0A8+qrcObpa/HZ0bwVS2f87j2fcSEMbxyfAj4knCOGeDLF24c/PWhlCbwPPAqIuQ/aTX root@localhost marionnet-0.90.6+bzr457.orig/uml/pupisto.common/0000700000175000017500000000000012356733375020365 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/pupisto.common/toolkit_chroot.sh0000600000175000017500000002360712356733375023776 0ustar lucaslucas#!/bin/bash # (file to be sourced) # This file is part of marionnet # Copyright (C) 2013 Jean-Vincent Loddo # Copyright (C) 2013 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # ============================================================= # ENHANCED VERSION OF chroot # ============================================================= # In order to prevent annoying messages related to locales: GLOBAL_LOCALE="en_US.utf8" shopt -s expand_aliases alias chroot='LANG='$GLOBAL_LOCALE' LC_ALL=$LANG LC_MESSAGES=$LANG LANGUAGE=$LANG chroot' # Create a temporary file in /tmp/ starting with "$1" and followed by # the current timestamp: function mkTMPFILE { mktemp /tmp/${1}.$(date +%H\h%M | tr -d " ").XXXXXX } # 1-column file difference: function list_diff { [[ -f "$1" && -f "$2" ]] || { return 1; } local PATTERNS=$(sort "$2" | uniq) sort "$1" | uniq | \grep -v -w -F "$PATTERNS" } # rewrite [-f/--follow] FILE with COMMAND # Examples: # $ rewrite FOO with grep "DATE=" FOO # $ rewrite FOO with grep "DATE=" $TMPFILE CODE=$? else "$@" >> $TMPFILE CODE=$? fi else "$@" | tee $APPEND $TMPFILE CODE=$? fi cat $TMPFILE > $TARGET rm -f $TMPFILE return $CODE } # A straightforward alternative to `sudo_fcall rewrite'. # Note that it's important to leave the sudo stdin empty # in order to prevent `sudo' from asking the password every time. # # Usage: sudo_fprintf [-a|--append] [-m|--mode|--chmod MODE] FILE FORMAT [ARGUMENT]... function sudo_fprintf { local APPEND if [[ $1 = "-a" || $1 = "--append" ]]; then APPEND="y" shift fi # --- local MODALITIES if [[ $1 = "-m" || $1 = "--mode" || $1 = "--chmod" ]]; then MODALITIES="$2" shift 2 || return 1 fi # --- local TARGET="$1" shift # --- local TMPFILE=$(mktemp) if [[ -n $APPEND && -f $TARGET ]]; then sudo cp "$TARGET" "$TMPFILE" fi printf "$@" >>$TMPFILE && sudo cp $TMPFILE "$TARGET" if [[ -n $MODALITIES ]]; then sudo chmod $MODALITIES $TARGET; fi rm $TMPFILE } # Return the list of pids still rooted in $1 function pidsrooted { local ROOT=$(realpath "$1") local i # The command `find' below is too noisy: type pause_tracing &>/dev/null && pause_tracing for i in $(find /proc -maxdepth 1 -noleaf -name "[1-9]*"); do echo -n "$i "; readlink $i/root; done | cut -c7- | \grep $ROOT | cut -d" " -f1 | tac | tr '\n' ' ' type continue_tracing &>/dev/null && continue_tracing } # Return the list of fs mounted in $1 (except /proc and /sys) function fsmounted { local ROOT=$(realpath "$1") cat /proc/mounts | \grep "$ROOT/" | awk '{print $2}' | \grep -v "$ROOT/proc" | \grep -v "$ROOT/sys" | tac | tr '\n' ' ' } # Usage: TICKET=$(save_files XXX YYY ... ZZZ) function save_files { local ARCHIVE=$(mktemp) tar -czf $ARCHIVE "$@" echo "$PWD:$ARCHIVE" } # Usage: restore_files $TICKET # where TICKET has been provided by `save_files' function restore_files { local OLD_PWD ARCHIVE IFS=: read OLD_PWD ARCHIVE <<<"$1" tar -C $OLD_PWD -xzf $ARCHIVE && rm -f $ARCHIVE } # Usage: sudo_fcall FUNCTION ACTUALS.. # Limitations: the called function can call itself only the exported functions; # you can show these functions with `export -fp'. function sudo_fcall { # global COOL_SUDO [[ $# -ge 1 ]] || return 2 local FUNC="$1" if [[ -z $COOL_SUDO ]]; then COOL_SUDO=$(mktemp /tmp/COOL_SUDO.XXXXXX) export COOL_SUDO chmod +x $COOL_SUDO fi # --- echo '#!/bin/bash' > $COOL_SUDO # Put the definition of all exported functions: export -pf >> $COOL_SUDO # --- # Put the definition of all exported variables: { echo 'PATH_BACKUP=$PATH'; # save the current root's setting export -p; echo 'PATH=$PATH_BACKUP:$PATH'; # restore the root's setting; } >> $COOL_SUDO # --- # Put all current set-options (-e, -x, ..): echo "set -$-"; # --- # Put the definition of the called function: type $FUNC | tail -n +2 >> $COOL_SUDO # --- # Tracing: if [[ $BASH_XTRACING = y ]]; then echo "PS4='+ [$COOL_SUDO] $PS4'" >> $COOL_SUDO fi # --- # Put now the command that we want to execute as root: echo "$@" >> $COOL_SUDO # --- # Finally call the script with sudo: sudo $COOL_SUDO } # Enhanced chroot: imports caller's system configurations (network,X,..) # and exits very cleanly (killing, unmounting,..). # Usage: sudo_fcall careful_chroot ... function careful_chroot { # global GLOBAL_LOCALE [[ $# -ge 1 ]] || return 2 local ROOT=$(realpath "$1") shift [[ -d $ROOT && -x $ROOT ]] || return 1 test $(id -u) -eq 0 || { echo 1>&2 "You must be root to call this function"; return 3; } # --- local i # Go to the target, but not in a chrooted environnement: pushd "$ROOT" 1>&2 2>/dev/null # Manage the /dev/null problem local DEV=$(df "$ROOT" | grep "^/dev" | cut -f1 -d" ") if [[ -n $DEV ]]; then mount -o remount,dev $DEV else # May be an aufs? DEV=$(df . | tail -n 1 | cut -f1 -d" ") if [[ "$DEV" = aufs ]]; then : # Do nothing else # Probably a loopback, try to remount with the dev option mount -o remount,dev . || true fi fi # Mount /proc and /sys local LEAVE_PROC_MOUNTED LEAVE_SYS_MOUNTED mount -t proc proc ./proc || LEAVE_PROC_MOUNTED=y mount -t sysfs sysfs ./sys || LEAVE_SYS_MOUNTED=y # Save relevant files local TICKET=$(save_files "etc/resolv.conf" "root/.bashrc" "etc/fstab") # Copy relevant files from current root: local TFILES="etc/resolv.conf" for i in $TFILES; do rm -f $i; cat /$i > $i; done # X server type -P xhost &>/dev/null && xhost 1>&2 + localhost echo "export DISPLAY=${DISPLAY:-localhost:0.0}" >> root/.bashrc # clear fstab >etc/fstab # Go: local L="${GLOBAL_LOCALE:-en_US.utf8}" LANG=$L LC_ALL=$L LC_MESSAGES=$L LANGUAGE=$L chroot $PWD "$@" local RETURN_CODE=$? sync # Restore previously saved files: restore_files $TICKET # Clean history echo 1>&2 "Cleaning history..." # Note that the following setting is not persistent, because this # function will be executed by a distinct Bash interpreter (called # by the wrapper `sudo_fcall'): shopt -s nullglob for i in "$PWD"/{root/,home/*/}.bash_history; do >$i; done # Kills all processes rooted in the previous root ROOT=$(realpath $PWD) local LIST=$(pidsrooted $PWD) echo 1>&2 -n "Killing all processes rooted here (${LIST% *}) ..." chroot "$ROOT" bash -c "for i in $LIST; do kill -15 \$i && sleep 1s; done" 2>/dev/null || true sleep 1s chroot "$ROOT" bash -c "for i in $LIST; do kill -9 \$i && sleep 1s; done" 2>/dev/null || true echo 1>&2 " done." # Warning for processes still running LIST=$(pidsrooted $PWD) [[ -z $LIST ]] || { echo 1>&2 "WARNING: the following list of processes still running with root=$ROOT" local NAME PID for i in $LIST; do NAME=$(grep '^Name:' /proc/$i/status) PID=$(grep '^Pid:' /proc/$i/status) echo 1>&2 -e "$NAME\t($PID)" done } # Umount all but /proc and /sys LIST=$(fsmounted $PWD) for i in $LIST; do umount $i 2>/dev/null; done # Warning for fs still mounted LIST=$(fsmounted $PWD) if [[ -z $LIST ]]; then # Finally umount /proc and /sys [[ $LEAVE_PROC_MOUNTED = y ]] || umount ./proc [[ $LEAVE_SYS_MOUNTED = y ]] || umount ./sys else echo 1>&2 "WARNING: the following list of filesystems are still mounted in $ROOT" cat /proc/mounts | \grep "$ROOT/" 1>&2 fi popd 1>&2 return $RETURN_CODE } # Simply an shorthand to `sudo_fcall careful_chroot': function sudo_careful_chroot { sudo_fcall careful_chroot "$@" } # Copy with tar the content of directory into another (existing or not). # Usage: copy_content_into_directory ORIGDIR [DESTDIR] # By default DESTDIR=. function copy_content_into_directory { [[ $# -ge 1 && -e "$1" ]] || return 2 local ORIG="$1"; local ORIGDIR ORIGNAME if [[ -d $ORIG ]]; then ORIGDIR="$ORIG"; ORIGNAME=./ else ORIGDIR=$(dirname "$ORIG"); ORIGNAME=$(basename "$ORIG"); fi local DESTDIR="${2:-$PWD}"; [[ -d $DESTDIR ]] || mkdir -p $DESTDIR if [[ $(realpath $ORIGDIR) = $(realpath $DESTDIR) ]]; then echo "Sorry, same origin and destination directory ($(realpath $DESTDIR))"; return 1 fi local R # In any case, don't stop the execution in case of error: if tar -C "$ORIGDIR" -cf - -- "$ORIGNAME" | tar -C "$DESTDIR" -xf -; then R=0; else R=$?; fi return $R } function binary_list { local i DIRS BINARY_LIST DIRS=$(for i in ${PATH//:/ }; do [[ -d $i ]] && echo $i; done) find $DIRS -perm -u=x ! -type d ! -name "*[.]so*" -exec basename {} \; | sort | tr '\n' ' ' } function chroot_fcall { local ROOT="$1" shift local CMD="$@" # `bash -c' needs a single arguments: chroot "$ROOT" bash -c "$CMD" } # Example: sudo_chroot_fcall $ROOT binary_list function sudo_chroot_fcall { sudo_fcall chroot_fcall "$@" } function sudo_chroot_binary_list { local ROOT="$1" sudo_chroot_fcall "$ROOT" binary_list } # Automatically export previously defined functions: export -f $(awk '/^function/ {print $2}' ${BASH_SOURCE[0]}) marionnet-0.90.6+bzr457.orig/uml/pupisto.common/toolkit_debugging.sh0000600000175000017500000001132012356733375024420 0ustar lucaslucas#!/bin/bash # (file to be sourced) # This file is part of marionnet # Copyright (C) 2013 Jean-Vincent Loddo # Copyright (C) 2013 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # When tracing, print the line number and current stack of function calls: PS4='+ [#${LINENO}$(A=${FUNCNAME[@]}; A=${A% main}; A=${A// /\|}; [[ -n $A ]] && echo " ${A}")] ' # ============================================================= # REMEMBER TRACING ACTIONS # (set [-+]x) # ============================================================= function set_tracing { # global BASH_XTRACING export BASH_XTRACING=y set -x } function unset_tracing { # global BASH_XTRACING set +x unset BASH_XTRACING } function pause_tracing { # global BASH_XTRACING BASH_XTRACING_PAUSE if [[ $BASH_XTRACING = y ]]; then export BASH_XTRACING_PAUSE=y unset_tracing fi } function continue_tracing { # global BASH_XTRACING BASH_XTRACING_PAUSE if [[ $BASH_XTRACING_PAUSE = y ]]; then unset BASH_XTRACING_PAUSE set_tracing fi } # ============================================================= # BREAK POINTS # ============================================================= function set_debugging { # global DEBUGGING_MODE DEBUGGING_MODE=y } function unset_debugging { # global DEBUGGING_MODE unset DEBUGGING_MODE } # Set a break point for debugging. When a break point is reached # in "debugging" mode, a bash shell is launched in order to allow # to inspect current variables or file contents. # # Usage: # source toolkit_debugging.sh # set_debugging # ... # ___break_point___ # ... # ___break_point___ # ... function ___break_point___ { # global BASH_XTRACING DEBUGGING_MODE BREAK_POINT_NO local restore_tracing if [[ -n $BASH_XTRACING ]]; then unset_tracing restore_tracing=y fi let BREAK_POINT_NO=BREAK_POINT_NO+1 # Ignore if we are not in debugging mode: [[ $DEBUGGING_MODE = "y" ]] || return 0 local f fl v # Export all defined UPPERCASE variables: v=$(\grep -o '[A-Z][A-Z_0-9]*=' $0 | awk -F= '{print $1}' | uniq | sort | uniq | tr '\n' ' ') export $v # Export all defined functions (defined with the syntax "function foo {..}"): for f in $(awk '/^[ ]*function/ {print $2}' $0); do { type &>/dev/null $f && export -f $f && fl+="$f\n"; } || true done echo "--- Break point" echo "--- Variables:" echo "${v// / }" | fmt -w 80 echo "--- Functions:" echo "$(echo -e $fl | sort | tr '\n' ' ')" | fmt -w 80 echo "---" echo "--- Bash subshell launched for debugging: (exit with CTRL-D)" echo "---" PS1='--- [BREAK-POINT-'$BREAK_POINT_NO'][$? \W]\\$ ' bash --noprofile --norc 0<$(tty) 1>$(tty) 2>$(tty) if [[ -n $restore_tracing ]]; then set_tracing fi } function set_once_actions_file { # global ONCE_ACTIONS_FILE ONCE_ACTIONS_FILE="$1" echo 1>&2 "Once actions file set to \`$ONCE_ACTIONS_FILE'" } function make_temporary_once_actions_file { # global ONCE_ACTIONS_FILE set_once_actions_file "$(mktemp /tmp/$(basename $0).once_actions_file.XXXXXX)" } # Usage: once [-r/--register-anyway] # Register successfully executed commands in order to prevent to repeat their execution. function once { local REGISTER_ANYWAY if [[ $1 = "--register-anyway" || $1 = "-r" ]]; then REGISTER_ANYWAY=y shift fi # global ONCE_ACTIONS_FILE [[ -n "$ONCE_ACTIONS_FILE" ]] || make_temporary_once_actions_file >>"$ONCE_ACTIONS_FILE" # We define variable with unusual names in order to prevent us to # hide some environment variable with these names. local ___CODE___=0 local ___POINT___ ___POINT___=$(echo "${FUNCNAME[@]} ### ${BASH_SOURCE[@]} ### ""$@") if grep -q "^${___POINT___}$" "$ONCE_ACTIONS_FILE"; then echo "Already done, skipping." else "$@" || ___CODE___=$? if [[ -n $REGISTER_ANYWAY || ${___CODE___} -eq 0 ]]; then echo "${___POINT___}" >> $ONCE_ACTIONS_FILE fi fi return ${___CODE___} } function exiting_because_error { echo -e "Exiting because of an unexpected error in line $BASH_LINENO" exit 3 } # Trap errors: trap exiting_because_error ERR # Automatically export previously defined functions: export -f $(awk '/^function/ {print $2}' ${BASH_SOURCE[0]}) marionnet-0.90.6+bzr457.orig/uml/pupisto.common/toolkit_image.sh0000600000175000017500000000654112356733375023560 0ustar lucaslucas#!/bin/bash # (file to be sourced) # This file is part of marionnet # Copyright (C) 2013 Jean-Vincent Loddo # Copyright (C) 2013 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # ============================================================= # GENERATING FILES # {machine,router}-*.conf # ============================================================= function rename_with_sum_and_make_image_dot_conf { # global FS_NAME (output) local $FS_LOC="$1" # Checking parameters and calling context: [[ -f "$FS_LOC" ]] || return 2 # This image-dependent function must be provided independently: type -p set_X11_SUPPORT_and_related_variables_according_to_choosed_packages || return 3 # The following global variables must be set: [[ -n $KERNEL_VERSION && -n $BINARY_LIST ]] || return 4 # The following template must be available: [[ -f ../../share/filesystems/machine-template.conf ]] || return 5 # --- # MD5SUM and other simple fields local MD5SUM=$(md5sum "$FS_LOC" | awk '{print $1}') local SUM=$(sum "$FS_LOC" | awk '{print $1}') local MTIME=$(stat -c "%Y" "$FS_LOC") local DATE=$(date +%Y-%m-%d) local AUTHOR=$(awk ghost or not # X11_SUPPORT and memory-related variables set_X11_SUPPORT_and_related_variables_according_to_choosed_packages [[ -n $X11_SUPPORT && -n $MEMORY_MIN_SIZE && -n $MEMORY_SUGGESTED_SIZE ]] || return 6 # FILLING TEMPLATE cp ../../share/filesystems/machine-template.conf $FS_LOC.conf # Using `sed' for simple replacements: sed -e "s/^MD5SUM=.*/MD5SUM=$MD5SUM/" \ -e "s/^SUM=.*/SUM=$SUM/" \ -e "s/^MTIME=.*/MTIME=$MTIME/" \ -e "s/^DATE=.*/DATE=$DATE/" \ -e "s/^AUTHOR=.*/AUTHOR=\"$AUTHOR\"/" \ -e "s/^X11_SUPPORT=.*/X11_SUPPORT=\"$X11_SUPPORT\"/" \ -e "s/^MEMORY_MIN_SIZE=.*/MEMORY_MIN_SIZE=$MEMORY_MIN_SIZE/" \ -e "s/^MEMORY_SUGGESTED_SIZE=.*/MEMORY_SUGGESTED_SIZE=$MEMORY_SUGGESTED_SIZE/" \ -i ${FS_LOC}.conf # Using `user_config_set' for replacements involving variables # bound to values with special characters (as '/') and/or multiple lines. user_config_set "BINARY_LIST" "=" "'$BINARY_LIST'" ${FS_LOC}.conf user_config_set "SUPPORTED_KERNELS" "=" "'$SUPPORTED_KERNELS'" ${FS_LOC}.conf || true # Rename the built filesystem and its .conf file simply adding the suffix $SUM: mv $FS_LOC ${FS_LOC}-${SUM} mv $FS_LOC.conf ${FS_LOC}-${SUM}.conf export FS_NAME=${FS_LOC}-${SUM} return 0 } # rename_with_sum_and_make_image_dot_conf # Automatically export previously defined functions: export -f $(awk '/^function/ {print $2}' ${BASH_SOURCE[0]}) marionnet-0.90.6+bzr457.orig/uml/pupisto.common/toolkit_config_files.sh0000600000175000017500000003135112356733375025122 0ustar lucaslucas#!/bin/bash # (file to be sourced) # This file is part of marionnet # Copyright (C) 2013 Jean-Vincent Loddo # Copyright (C) 2013 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # ============================================================= # TABULAR FILES UPDATES # ============================================================= # Example: # tabular_file_update -i -d ":" -k 1 --key-value "root" -f 7 --field-value "/bin/bash" --field-old-value "/bin/sh" etc/passwd # Returns with following codes: # 0 => successfully finished and file updated # 1 => successfully finished but file unchanged (neutralized by option --ignore-unchanged) # 2 => failed somewhere function tabular_file_update { local SEP KEY KEY_VALUE FIELD_NO FIELD_NEW_VALUE FIELD_OLD_VALUE FIELD_OLD_REGEXP local EDIT_IN_PLACE BACKUP IGNORE_BLANKS IGNORE_UNCHANGED local RETURN_CODE local BOOLEAN_AND=1 # Defaults KEY=1 FIELD_OLD_REGEXP="" # Parsing actuals: while [[ -${1#-} = $1 ]]; do case "$1" in -d|-F|--field-separator) SEP="$2"; shift 2 ;; -k|--key-no) KEY="$2"; shift 2 ;; -kv|--key-value) KEY_VALUE="$2"; shift 2 ;; -f|--field-no) FIELD_NO="$2"; shift 2 ;; -fv|--field-value) FIELD_NEW_VALUE="$2"; shift 2 ;; -fov|--field-old-value) FIELD_OLD_VALUE="$2"; shift 2 ;; -for|--field-old-regexp) FIELD_OLD_REGEXP="$2"; shift 2 ;; --ignore-blanks) IGNORE_BLANKS=y; shift ;; --ignore-unchanged) IGNORE_UNCHANGED=y; shift ;; -i|--in-place) EDIT_IN_PLACE=y; shift ;; -b|--backup) BACKUP=y; shift ;; *) echo "Unknown option: $1"; return 2 ;; esac done local FS OFS if [[ -z "$SEP" ]]; then # Awk defaults: FS="[ \t][ \t]*" OFS=" " elif [[ -z "$IGNORE_BLANKS" ]]; then FS="$SEP" OFS="$SEP" else FS="[ \t]*${SEP}[ \t]*" OFS="$SEP" fi [[ -n "$KEY_VALUE" ]] || { echo "Wrong arguments: --key-value must be specified" ; return 2; } FIELD_NO=${FIELD_NO:-$KEY} if [[ -z "$FIELD_OLD_VALUE" && "$KEY" = "$FIELD_NO" ]]; then FIELD_OLD_VALUE=$KEY_VALUE fi local TMPFILE=$(mktemp) for FILE in "$@"; do if [[ -n "$FIELD_OLD_VALUE" ]]; then awk <"$FILE" >"$TMPFILE" \ -F "$FS" -v OFS="$OFS" \ -v KEY="$KEY" \ -v KEY_VALUE="$KEY_VALUE" \ -v FIELD_NO=$FIELD_NO \ -v FIELD_NEW_VALUE="$FIELD_NEW_VALUE" \ -v FIELD_OLD_VALUE="$FIELD_OLD_VALUE" \ -v FIELD_OLD_REGEXP="$FIELD_OLD_REGEXP" \ '($KEY == KEY_VALUE) && ($FIELD_NO == FIELD_OLD_VALUE) && ($FIELD_NO ~ FIELD_OLD_REGEXP) { for (i=1; i$TMPFILE \ -F "$FS" -v OFS="$OFS" \ -v KEY="$KEY" \ -v KEY_VALUE="$KEY_VALUE" \ -v FIELD_NO=$FIELD_NO \ -v FIELD_NEW_VALUE="$FIELD_NEW_VALUE" \ -v FIELD_OLD_REGEXP="$FIELD_OLD_REGEXP" \ '($KEY == KEY_VALUE) && ($FIELD_NO ~ FIELD_OLD_REGEXP) { for (i=1; i/dev/null -q "$FILE" $TMPFILE; then RETURN_CODE=1 # no update! else RETURN_CODE=0 # update occurred (or ignore the question if --ignore-unchanged is set) fi let BOOLEAN_AND="BOOLEAN_AND*RETURN_CODE" || true # An update occurred: if [[ $EDIT_IN_PLACE = "y" && $RETURN_CODE = 0 ]]; then if [[ $BACKUP = "y" ]]; then cp -v "$FILE" "$FILE.backup" --backup="numbered" 1>&2 fi # Now rewrite FILE: cat "$TMPFILE" > "$FILE" elif [[ $EDIT_IN_PLACE = "y" && $RETURN_CODE = 1 ]]; then : else cat "$TMPFILE" fi || return 2 done rm $TMPFILE # Return 0 if at least one update occurred: return $BOOLEAN_AND } # Build the `grep' regexp that exactly matches the given string: function quoting_for_grep { sed <<<"$1" \ -e 's/\[/\\\[/g' \ -e 's/\]/\\\]/g' \ -e 's/\./\\\./g' \ -e 's/[*]/\\*/g' \ -e 's/[|]/\\|/g' \ -e 's/^\^/\\\^/g' \ -e 's/\$$/\\\$/g' } # Example: # test_quoting_for_grep '^[2.6.18-(ghost)] | con=none^ ssl=$xterm console=ttyS0$' # returns with 0 function test_quoting_for_grep { \grep "$(quoting_for_grep "$1")" <<<"$1" # must return 0 everytime! } # ============================================================= # USER-COMPLIANT CONFIGURATION FILES # ============================================================= # Set a configuration binding (,) updating a line if possible, # or removing (and updating) a commented line if it exists or, as last # attempt, appending a row in the form "" in the specified # file(s). # # Usage: user_config_set [].. # # Examples: # user_config_set "PermitRootLogin" " " "yes" /etc/sshd_config # # Returns with following codes: # 0 => successfully finished and file updated (or --ignore-unchanged is set) # 1 => successfully finished but file unchanged (and --ignore-unchanged is not set) # 2 => failed somewhere function user_config_set { local RETURN_CODE_WHEN_UNCHANGED=1 # by default local IGNORE_UNCHANGED # --- if [[ $1 = "--ignore-unchanged" ]]; then RETURN_CODE_WHEN_UNCHANGED=0 IGNORE_UNCHANGED="$1" shift fi # --- local KEY_VALUE="$1" local DELIMITER="$2" # '=', ':', .. local FIELD_VALUE="$3" # Check actuals: [[ $# -ge 3 && -n $KEY_VALUE && -n $DELIMITER ]] || { echo "Usage: user_config_set [].." return 2 } # --- local INFILE OUTFILE local WORKINGFILE=$(mktemp) shift 3 if [[ $# -eq 1 ]]; then INFILE="$1" OUTFILE="$1" { [[ -f "$INFILE" ]] && [[ -r "$INFILE" ]] && [[ -w "$INFILE" ]]; } || { echo "File $INFILE doesn't exist or doesn't have read-write permissions." echo "Usage: user_config_set [].." return 2 } elif [[ $# -eq 0 ]]; then INFILE=/dev/stdin OUTFILE=/dev/stdout else local BOOLEAN_AND=1 for INFILE in "$@"; do if user_config_set $IGNORE_UNCHANGED "$KEY_VALUE" "$DELIMITER" "$FIELD_VALUE" "$INFILE"; then BOOLEAN_AND=0; else true fi done return $BOOLEAN_AND fi cat "$INFILE" > $WORKINGFILE local FS="[ \t]*[$DELIMITER][ \t]*" local OFS="$DELIMITER" # Try to find the required binding: if \grep -q "^[ \t]*${KEY_VALUE}${FS}$(quoting_for_grep "${FIELD_VALUE}")[ \t]*$" $WORKINGFILE; then # Fine! no update required: rm $WORKINGFILE return $RETURN_CODE_WHEN_UNCHANGED fi # Unset keys at the same place if the delimiter appears twice: sed -i -e "s/^[ \t]*${KEY_VALUE}${FS}.*${FS}.*/${KEY_VALUE}${OFS}/" $WORKINGFILE # Try to update the file with `tabular_file_update': if tabular_file_update -d "$DELIMITER" --ignore-blanks -i -k 1 --key-value "$KEY_VALUE" -f 2 --field-value "$FIELD_VALUE" "$WORKINGFILE"; then cat $WORKINGFILE > $OUTFILE rm $WORKINGFILE return 0 elif \grep -q "^[ \t]*${KEY_VALUE}${FS}$(quoting_for_grep "${FIELD_VALUE}")[ \t]*" $WORKINGFILE; then # Fine! no update performed: return $RETURN_CODE_WHEN_UNCHANGED else # No update occurred but it's needed, so: local TMPFILE=$(mktemp) # Remove comment any line "# ": sed -e "s/^[#][#]*[ \t]*${KEY_VALUE}${FS}/${KEY_VALUE}${OFS}/" $WORKINGFILE > $TMPFILE if diff 1>/dev/null -q $TMPFILE "$WORKINGFILE"; then # There wasn't a commented line, so we append a new line: echo "${KEY_VALUE}${OFS}${FIELD_VALUE}" >> $WORKINGFILE else local CODE=0 # There was a commented line, so we have just to update (if required) this line: tabular_file_update $IGNORE_UNCHANGED -d "$DELIMITER" --ignore-blanks -k 1 --key-value "$KEY_VALUE" -f 2 --field-value "$FIELD_VALUE" "$TMPFILE" > $WORKINGFILE || CODE=$? if [[ $CODE = 2 ]]; then return 2; fi fi cat $WORKINGFILE > $OUTFILE rm $TMPFILE $WORKINGFILE return 0 fi } # ============================================================= # CONFIGURATION FILES # (not necessarily user-compliant) # # Lines are supposed structured as: # where is by default the regexp [ \t]*[=][ \t]* # ============================================================= # Note that these files are considered not necessarily user-compliant # in the sense that the update of a binding (key,value) it's not written # at the line citing `key' in a comment or in a previous binding. # Any previous binding with the same key is removed and the new binding is # (re-)appended. # For a more user-friendly update, call the function `user_config_set' defined # below. # Example of session: # --- # source toolkit_config_files.sh # set_default_config_field_separator "=" # not really needed, the default would be suitable # set_default_config_file "linux-3.2.44/.config" # cp linux-3.2.44/.config{,.0} # get_config_variable CONFIG_UML # n # set_config_variable CONFIG_UML y # get_config_variable CONFIG_UML # y # set_config_variable CONFIG_UML '"YES"' # get_config_variable CONFIG_UML # "YES" # get_config_variable_unquoting CONFIG_UML # YES # get_config_variable CONFIG_UML linux-3.2.44/.config.0 # n # --- # Global default used by configuration variable setter/getter: function set_default_config_file { # global DEFAULT_CONFIG_FILE DEFAULT_CONFIG_FILE="$1" } # Set these defaults source-ing: DEFAULT_CONFIG_FILE_FS="[ \t]*[=][ \t]*" DEFAULT_CONFIG_FILE_OFS="=" # Examples: # set_default_config_field_separator ":" # set_default_config_field_separator "=" # set_default_config_field_separator "=" "=" # set_default_config_field_separator "[ \t]*[=][ \t]*" "=" # it's the default! # set_default_config_field_separator "[ \t]*[:][ \t]*" "=" function set_default_config_field_separator { # global DEFAULT_CONFIG_FILE_{FS,OFS} if [[ $# = 2 ]]; then DEFAULT_CONFIG_FILE_FS="$1" DEFAULT_CONFIG_FILE_OFS="$2" elif [[ $# = 1 && $(echo -n "$1" | wc -c) = 1 ]]; then DEFAULT_CONFIG_FILE_FS="$1" DEFAULT_CONFIG_FILE_OFS="$1" else echo "Usage: set_default_config_field_separator []" return 2 fi } # Set removing potential similar binding, then appending the # provided binding. # Note that the target ($3) is by default the file defined # by the global variable DEFAULT_CONFIG_FILE function set_config_variable { # global DEFAULT_CONFIG_FILE{,_FS,_OFS} local NAME=$1 local VALUE="$2" local CONFIG_FILE=${3:-$DEFAULT_CONFIG_FILE} # --- local LOCAL_DEFAULT_FS="[ \t]*[=][ \t]*" local FS="${DEFAULT_CONFIG_FILE_FS:-$LOCAL_DEFAULT_FS}" local OFS=${DEFAULT_CONFIG_FILE_OFS:-=} sed -i -e "s/^${NAME}${FS}.*$//" $CONFIG_FILE echo "${NAME}${OFS}${VALUE}" >> $CONFIG_FILE } # Note that the target ($2) is by default the file defined # by the global variable DEFAULT_CONFIG_FILE function unset_config_variable { # global DEFAULT_CONFIG_FILE{,_FS} local NAME=$1 local CONFIG_FILE=${2:-$DEFAULT_CONFIG_FILE} # --- local LOCAL_DEFAULT_FS="[ \t]*[=][ \t]*" local FS="${DEFAULT_CONFIG_FILE_FS:-$LOCAL_DEFAULT_FS}" local TMPFILE=$(mktemp) \grep -v "^${NAME}${FS}" $CONFIG_FILE >$TMPFILE cat $TMPFILE >$CONFIG_FILE rm -f $TMPFILE } function get_config_variable { # global DEFAULT_CONFIG_FILE{,_FS} local NAME=$1 local CONFIG_FILE=${2:-$DEFAULT_CONFIG_FILE} # --- local LOCAL_DEFAULT_FS="[ \t]*[=][ \t]*" local FS="${DEFAULT_CONFIG_FILE_FS:-$LOCAL_DEFAULT_FS}" awk <$CONFIG_FILE -v NAME=$NAME -F "$FS" '$1 == NAME {print $2}' } function get_config_variable_unquoting { # global DEFAULT_CONFIG_FILE{,_FS} get_config_variable "$@" | sed -e 's/^"\(.*\)"$/\1/' -e "s/^'\(.*\)'$/\1/" } # Sort and merge configuration files removing comments and empty lines. # We are supposing that the order of line is not important. # TODO: it would be nice to implement `sort_and_merge_user_config_files' function sort_and_merge_config_files { cat "$@" | awk 'NF>0 && $1 !~ /^#/' | sort | uniq } # Automatically export previously defined functions: export -f $(awk '/^function/ {print $2}' ${BASH_SOURCE[0]}) marionnet-0.90.6+bzr457.orig/uml/ethghost/0000700000175000017500000000000012356733375017220 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/ethghost/Makefile0000600000175000017500000000342112356733375020662 0ustar lucaslucas# This file is a part of the tool ethghost to the # Marionnet project # Copyright (C) 2011 Luca Saiu # Licence GPLv2+ : GNU GPL version 2 or later; # This program is free software: you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation, either version 2 of # the License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Shall we use Autotools here? The thing is really small, and # probably inherently non-portable: it only makes sense on GNU/Linux # with our kernel patch... So I don't think using the Autotools is # worth the hassle here. For the time being I've written this trivial # Makefile. -- Luca Saiu, October 2011 CC = gcc CFLAGS = -g -O2 all: ethghost ethghost: ethghost.o ethghost-interface.o $(CC) $(CFLAGS) -o $@ $^ ethghost.o: ethghost.c ethghost-interface.h $(CC) $(CFLAGS) -c -o $@ $< ethghost-interface.o: ethghost-interface.c ethghost-interface.h $(CC) $(CFLAGS) -c -o $@ $< clean: rm -f *.o ethghost *~ # DESTDIR may be set by the caller, for instance: # make DESTDIR=/usr/local install # (suitable for buildroot) install: cp ethghost $(DESTDIR)/bin/ethghost # Used by `pupisto' to know the package version to include in the buildroot's image print_version: @awk * * Copyright (C) 2009 Jonathan Roudiere * Licence GPLv2+ : GNU GPL version 2 or later; * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, either version 2 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * This is the revision of 2009-07-07. * Minor changes by Jean-Vincent Loddo 2013/04/12 (ghost2 -> ethghost) */ /* * Interface for ghostification */ #ifndef _ETHGHOST_INTERFACE_H_ #define _ETHGHOST_INTERFACE_H_ /* Macro debug */ #ifdef GHOST_DEBUG #define dinfo printf("DEBUG: file(%s): line(%03d): funct(%s): -- info debug -- \n",basename(__FILE__),__LINE__,__FUNCTION__) #define dprintf(msg,args...) printf("DEBUG: file(%s): line(%03d): funct(%s): " msg "\n",basename(__FILE__),__LINE__,__FUNCTION__,##args) #else #define dinfo #define dprintf(msg,args...) #endif /* some variable */ #define __ETHGHOST_VERSION__ "2.0" /* version of this soft */ /* see include/linux/sockio.h in the Linux Kernel sources */ #define SIOKLOG 0x894D /* Write a string to the log */ #define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */ #define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'unghost' */ /* * Internals variables (put here to EBUG in main()) */ enum { ESOCKCREATE, #define ESOCKCREATE ESOCKCREATE ESOCKDELETE, #define ESOCKDELETE ESOCKDELETE EGHOSTIFY, #define EGHOSTIFY EGHOSTIFY EUNGHOSTIFY, #define EUNGHOSTIFY EUNGHOSTIFY EBUG #define EBUG EBUG }; /* * Fonction to ghostify an interface. * iface : name of the network interface * that you want to ghostify */ unsigned int ghostify_iface (const char *iface); /* * Fonction to unghostify an interface. * iface : name of the network interface * that you want to unghostify */ unsigned int unghostify_iface (const char *iface); #endif /* _ETHGHOST_INTERFACE_H */ marionnet-0.90.6+bzr457.orig/uml/ethghost/ethghost-interface.c0000600000175000017500000002232512356733375023155 0ustar lucaslucas/* * This file is a part of the tool ethghost to the * Marionnet project * * Copyright (C) 2009 Jonathan Roudiere * Licence GPLv2+ : GNU GPL version 2 or later; * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, either version 2 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * This is the revision of 2009-07-07. * Minor changes by Jean-Vincent Loddo 2013/04/12 (ghost2 -> ethghost) */ #include #include #include #include #include #include #include #include #include #include #include "ethghost-interface.h" /* * functions used internally by __{create,destroy}_socket and * __{un,}ghostify to display and explained errors. * origcode - variable use by the caller to identify itself * nerror - errno provide by the caller * return - nerror */ static int on_error (int origcode, int nerror) { switch (origcode) { /* * If we can not create socket then we send a generic message * with the original system error message between parentheses. */ case (ESOCKCREATE) : dinfo; fprintf(stderr, "ethghost: Error: couldn't create socket (%s)\n",strerror(nerror)); break; /* * If we can not destroy socket then we send a generic message * with the original system error message between parentheses. */ case (ESOCKDELETE) : dinfo; fprintf(stderr, "ethghost: Error: couldn't destroy socket (%s)\n",strerror(nerror)); break; /* * If errors occur during the ghostification or the unghostification * operation, we be able to provide (in general) a more explicit message * than the system (which don't know ghost operations). */ case (EGHOSTIFY) : dinfo; switch (nerror) { /* * This error code is send by the ghostification kernel code if * the lenght of the iface that we try to ghositify is null or * greater than IFNAMSIZ(16) and like this tools already take care * this case then kernel don't support ghost ops. */ case (EINVAL) : fprintf(stderr, "ethghost: Error: couldn't ghostify interface; are you sure that your kernel supports Ghostification?\n"); break; /* * This error code is send by the ghostification kernel code * if the specified interface exist and is already ghositifed. */ case (EEXIST) : fprintf(stderr, "ethghost: Error: the specified interface is already ghostified.\n"); break; /* * This error code is send by the ghostification kernel code * if the specified interface (really) doesn't exist. */ case (ENODEV) : fprintf(stderr, "ethghost: Error: the specified interface doesn't exist (ghostify).\n"); break; /* * This error code is send by the ghostification kernel code if the * specified interface exist but it cann't be ghositfied because the * maximum number of interface ghostified has already been reached. */ case (ENOMEM) : fprintf(stderr, "ethghost: Error: the maximum number of ghostified interfaces has been reached.\n"); break; /* * A unknown error took place (not return but the ghostification * kernel code) so we return a generic message with the original * system error message between parentheses. */ default : fprintf(stderr, "ethghost: Error: an error occurred during ghostification (%s).\n",strerror(nerror)); } break; case (EUNGHOSTIFY) : dinfo; switch (nerror) { /* * This error code is send by the ghostification kernel code * if the interface specified (really) doesn't exist and so * it cann't be ghostified. */ case (ENODEV) : fprintf(stderr, "ethghost: Error: the specified interface doesn't exist (unghostify).\n"); break; /* * This error occurs when the specified interface is not * ghostified (but it exists) */ case (ESRCH) : fprintf(stderr, "ethghost: Error: the specified interface isn't ghostified.\n"); break; /* * This error code cann't be sent by the ghostification kernel * code and arguments of the ioctl request should therefore be * valid then certainly it is the kernel which does not support * ghostification operations. */ case (EINVAL) : fprintf(stderr, "ethghost: Error: couldn't unghostify interface; are you sure that your kernel supports Ghostification?\n"); break; /* * A unknown error took place (not return but the ghostification * kernel code) so we return a generic message with the original * system error message between parentheses. */ default : fprintf(stderr, "ethghost: Error: an error occurred during unghostification (%s).\n",strerror(nerror)); } break; default : dinfo; fprintf(stderr, "ethghost: Error: an unexpected error took place (EBUG).\n"); return (EBUG); } return (nerror); } /* * Create socket to {ghostify,unghostify}_iface, this socket will be * used as file descriptor (*sk) to the ioctl request, this function * returns EXIT_SUCCESS on success, errno on error. */ static unsigned int __create_socket (int *sk) { errno = 0; dinfo; if ((*sk = socket(AF_INET,SOCK_DGRAM,0)) < 0) { return (on_error(ESOCKCREATE, errno)); } return (EXIT_SUCCESS); } /* * Destroy socket (*sk) which has been created by the function * __create_socket, this function returns EXIT_SUCCESS on success, * errno on error. */ static unsigned int __destroy_socket (int *sk) { errno = 0; dinfo; if ((close((int)*sk) < 0)) { return (on_error(ESOCKDELETE, errno)); } return (EXIT_SUCCESS); } /* * Function used to Ghostify an interface (iface) by using ioctl * request, return EXIT_SUCCESS on success and errno on error. */ static unsigned int __ghostify (int *sk, const char *iface) { errno = 0; dinfo; if ((ioctl(*sk, SIOCGIFGHOSTIFY, iface)) < 0 ) { return (on_error(EGHOSTIFY, errno)); } return (EXIT_SUCCESS); } /* * Function used to UnGhostify an interface (iface) by using ioctl * request, return EXIT_SUCCESS on success and errno on error. */ static unsigned int __unghostify (int *sk, const char *iface) { errno = 0; dinfo; if ((ioctl(*sk, SIOCGIFUNGHOSTIFY, iface)) < 0 ) { return (on_error(EUNGHOSTIFY, errno)); } return (EXIT_SUCCESS); } /* * Function ghostify_iface, used to ghotify an interface, call internally * __create_socket to get a file descriptor, call __ghostify to make an * ioctl request and ghostify iface (if kenrel support Ghostification) * and finally call __destroy_socket. Return errno provide by a funtion * call internally on error or EXIT_SUCCESS on success. */ unsigned int ghostify_iface (const char *iface) { int sk = 0; int error = 0; int errorp = 0; /* debug */ dinfo; /* 1) create socket */ if ((error = __create_socket(&sk)) != 0 ) { fprintf(stderr, "ethghost: Error: in %s , Exit!!\n",__FUNCTION__); return error; } /* debug */ dprintf("Socket created with success, goto __ghostify"); /* 2) ghostify iface */ if ((error =__ghostify(&sk, iface)) != 0) { fprintf(stderr, "ethghost: Error: in %s : interface %s, Exit!!\n",__FUNCTION__,iface); /* to preserve original error (if possible) */ errorp = __destroy_socket(&sk); return errorp ? errorp : error; } /* 3) destroy socket*/ if ((error = __destroy_socket(&sk)) != 0 ) { fprintf(stderr, "ethghost: Error: in %s , Exit!!\n",__FUNCTION__); } /* debug */ dprintf("Socket deleted with success, goto main"); /* return error to main for user (0 on succes) */ return (error); } /* * Function unghostify_iface, used to unghotify an interface, call internally * __create_socket to get a file descriptor, call __unghostify to make an * ioctl request and unghostify iface (if kenrel support Ghostification) * and finally call __destroy_socket. Return errno provide by a funtion * call internally on error or EXIT_SUCCESS on success. */ unsigned int unghostify_iface (const char *iface) { int sk = 0; int error = 0; int errorp = 0; /* debug */ dinfo; /* 1) create socket */ if ((error = __create_socket(&sk)) != 0 ) { fprintf(stderr, "ethghost: Error: in %s , Exit!!\n",__FUNCTION__); return error; } /* debug */ dprintf("Socket created with success, goto __unghostify"); /* 2) unghostify iface */ if ((error =__unghostify(&sk, iface)) != 0) { fprintf(stderr, "ethghost: Error: in %s about the interface %s. Exit!!\n",__FUNCTION__,iface); /* to preserve original error (if possible) */ errorp = __destroy_socket(&sk); return errorp ? errorp : error; } /* 3) destroy socket*/ if ((error = __destroy_socket(&sk)) != 0 ) { fprintf(stderr, "ethghost: Error: in %s. Exit!!\n",__FUNCTION__); } /* debug */ dprintf("Socket deleted with success, goto main"); /* return error to main for user (0 on succes) */ return (error); } marionnet-0.90.6+bzr457.orig/uml/ethghost/ethghost.c0000600000175000017500000001152612356733375021220 0ustar lucaslucas/* * This file is a part of the tool ethghost to the * Marionnet project * * Copyright (C) 2009 Jonathan Roudiere * Licence GPLv2+ : GNU GPL version 2 or later; * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, either version 2 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * This is the revision of 2009-07-07. */ #include #include #include #include /* need to IFNAMSIZ */ #include /* Ghostification interface */ #include "ethghost-interface.h" static int usage(void) { fprintf(stderr, "ethghost (%s) usage :\n\n", __ETHGHOST_VERSION__); fprintf(stderr, "ethghost -h, --help this help message\n"); fprintf(stderr, " -v, --version get the version\n"); fprintf(stderr, " -g, --ghostify DEVICE ghostify this interface\n"); fprintf(stderr, " -u, --unghostify DEVICE unghostify this interface\n\n"); fprintf(stderr, "DEVICE : is the name of a network interface (like : eth0, lo)\n"); return (EXIT_SUCCESS); } static int version(void) { printf("\nethghost " __ETHGHOST_VERSION__ " \n"); printf("Copyright (C) 2009 Jonathan Roudiere\n"); printf("Copyright (C) 2009, 2013 Université Paris 13\n"); printf("License GPLv2: GNU GPL version 2 or later \n"); printf("\nThis is free software: you are free to change and redistribute it.\n"); printf("There is NO WARRANTY, to the extent permitted by law.\n\n"); return (EXIT_SUCCESS); } int main (int argc, char *argv[]) { int error = 0; char *prog; unsigned int (*act)(const char *iface); /* Get the binary name */ prog = basename(argv[0]); /* debug */ dprintf("Start of %s ",argv[0]); /* Verify number of args, if need show version/help */ if (argc == 1) { dinfo; fprintf(stderr, "%s: Error, no args. Exit!!\n\n",prog); usage(); return (EXIT_FAILURE); } else { dinfo; /* the one and only case where we accept one option */ if (argc == 2) { /* Look if version is asked */ dprintf("argc = %i and argv[%i] = %s, look if (-v,--version) has been provided.", argc, argc, argv[argc - 1]); if ((!(strcmp(argv[1],"-v"))) || (!(strcmp(argv[1],"--version")))) { version(); return (EXIT_SUCCESS); } else { /* Look if help is asked */ dprintf("argc = %i and argv[%i] = %s, look if (-h,--help) has been provided.", argc, argc, argv[argc - 1]); if ((!(strcmp(argv[1],"-h"))) || (!(strcmp(argv[1],"--help")))) { usage(); return (EXIT_SUCCESS); } else { fprintf(stderr, "%s: Error, unknown option. Exit!!\n\n",prog); usage(); return (EXIT_FAILURE); } } } if (argc != 3) { fprintf(stderr, "%s: Error, bad number of arguments. Exit!!\n\n",prog); usage(); return (EXIT_FAILURE); } } /* Search options used */ /* debug */ dprintf("argc = %i, argv[1] = %s and argv[2] = %s, search options used.", argc, argv[1], argv[2]); /* put in act pointer toward appropriate function */ if ((!(strcmp(argv[1],"-g"))) || (!(strcmp(argv[1],"--ghostify")))) { dprintf("Function call to act : act = &(ghostify_iface);"); act = &(ghostify_iface); } else { if ((!(strcmp(argv[1],"-u"))) || (!(strcmp(argv[1],"--unghostify")))) { dprintf("Function call to act : act = &(unghostify_iface);"); act = &(unghostify_iface); } else { fprintf(stderr, "%s: Error, unknown option. Exit!!\n\n",prog); usage(); return (EXIT_FAILURE); } } /* Verify lenght of the second args */ if (strlen(argv[2]) >= IFNAMSIZ) { fprintf(stderr, "%s: Error, invalid interface name. Exit!!\n",prog); return (EXIT_FAILURE); } /* Act */ if ((error = act(argv[2])) == 0) { dprintf("Act exit without error (%i)", error); if (act == (&ghostify_iface)) { printf("ethghost: SUCCESS, the interface %s has been ghostified!!\n", argv[2]); } else { if (act == (&unghostify_iface)) { printf("ethghost: SUCCESS, the interface %s has been unghostified!!\n", argv[2]); } else { /* debug, never come here */ fprintf(stderr, "\nethghost: Error, an unexpected error (bug?) took place. Exit!!\n"); return (EBUG); } } return (EXIT_SUCCESS); } else { dprintf("Act exit with error (%i)", error); /* explicit exit message have already been done */ return (error); /* report real error code to the user */ } /* Not necessary - BUG */ return (EBUG); } marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/0000700000175000017500000000000012356733375021100 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/Makefile0000600000175000017500000001576412356733375022557 0ustar lucaslucas# This file is part of marionnet # Copyright (C) 2013, 2014 Jean-Vincent Loddo # Copyright (C) 2013, 2014 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # File system creation based on Builroot (itself based on Busybox) and # kernel patch (ghostification) and compilation # This script builds from scratch a filesystem with the buildroot utilities. # Be careful because sometimes buildroot needs some extras packages according # to the choosen configuration. # ============================================================= # Building `guignol' # ============================================================= KERNEL_VERSION=3.2.60 guignol: dependencies buildroot ./pupisto.buildroot.sh --kernel $(KERNEL_VERSION) --router --name guignol $(OPTIONS) guignol-no-kernel: dependencies buildroot ./pupisto.buildroot.sh --kernel $(KERNEL_VERSION) --router --no-kernel --name guignol $(OPTIONS) guignol-custom: dependencies buildroot ./pupisto.buildroot.sh --kernel $(KERNEL_VERSION) --router --name guignol --custom $(OPTIONS) guignol-debug: dependencies buildroot ./pupisto.buildroot.sh --debug --kernel $(KERNEL_VERSION) --router --name guignol $(OPTIONS) # Make a minimal filesystem, just with Busybox and Bash (useful for testing), without quagga (no --router) and without kernel: minimal: @{ test -f $(CUSTOM_PACKAGES_NO) && cp -v $(CUSTOM_PACKAGES_NO) $(CUSTOM_PACKAGES_NO).backup --backup="numbered"; } || true @{ test -f $(CUSTOM_PACKAGES_YES) && cp -v $(CUSTOM_PACKAGES_YES) $(CUSTOM_PACKAGES_YES).backup --backup="numbered"; } || true @cat /dev/null > $(CUSTOM_PACKAGES_YES) @find ./_build.buildroot/package -name "Config.in" -exec \grep -o "BR2_PACKAGE_[A-Z0-9_]*" {} \; | uniq | sort | uniq > $(CUSTOM_PACKAGES_NO) ./pupisto.buildroot.sh --kernel $(KERNEL_VERSION) --no-kernel --name minimal $(OPTIONS) # ============================================================= # Dependencies # ============================================================= buildroot: ./_build.buildroot ./_build.buildroot: git clone git://git.buildroot.net/buildroot mv buildroot ./_build.buildroot REQUIRED_PACKAGES=whois texinfo git mercurial gcc-multilib unifdef ccache wget fakeroot patch dependencies: @echo "Required packages: $(REQUIRED_PACKAGES)" @which dpkg 1>/dev/null || { echo "Not a Debian system (oh my god!); please install packages corresponding to: $(REQUIRED_PACKAGES)"; exit 1; } @dpkg 1>/dev/null -l $(REQUIRED_PACKAGES) || \ if which aptitude; then \ sudo aptitude install -q -q -q -y $(REQUIRED_PACKAGES); \ elif which apt-get; then \ sudo apt-get install -q -q -q -y $(REQUIRED_PACKAGES); \ else \ exit 1; \ fi @echo Ok. # ============================================================= # Managing and quickly customizing Buildroot's packages # ============================================================= # List all available Buildroot's packages list-available: buildroot @find ./_build.buildroot/package -name Config.in -exec \grep -o "BR2_PACKAGE_[A-Z0-9_]*" {} \; \ | uniq | sort | uniq # List Buildroot's packages cited by our building script: LIST_CITED="\grep -o "BR2_PACKAGE_[A-Z0-9_][A-Z0-9_]*" ./pupisto.buildroot.sh | sort | uniq" list-cited: buildroot @eval $(LIST_CITED) TMPFILE1=/tmp/Makefile.pupisto.buildroot.1 TMPFILE2=/tmp/Makefile.pupisto.buildroot.2 TMPFILE3=/tmp/Makefile.pupisto.buildroot.3 TMPFILE4=/tmp/Makefile.pupisto.buildroot.4 TMPFILES=$(TMPFILE1) $(TMPFILE2) $(TMPFILE3) $(TMPFILE4) CUSTOM_PACKAGES_NO=./_build.custom_packages_no CUSTOM_PACKAGES_YES=./_build.custom_packages_yes # List Buildroot's packages selected by our building script, plus packages manually # selected with $(CUSTOM_PACKAGES_YES), minus package manually selected with $(CUSTOM_PACKAGES_NO). # Note that if a package is customized both as "yes" and "no", the "yes" is prioritary. # In other words, the list of selected packages is built using the formula: # (cited DIFF no) UNION yes list-selected: buildroot @eval $(LIST_CITED) | \grep -v "^BR2_PACKAGE_QUAGGA" > $(TMPFILE1) @cat /dev/null > $(TMPFILE2); @if test -f $(CUSTOM_PACKAGES_NO); then \grep -v "^#" $(CUSTOM_PACKAGES_NO) | sort | uniq > $(TMPFILE2); fi @\grep <$(TMPFILE1) -v -w -F "$$(cat $(TMPFILE2))" > $(TMPFILE3) @cat /dev/null > $(TMPFILE4); @if test -f $(CUSTOM_PACKAGES_YES); then \grep -v "^#" $(CUSTOM_PACKAGES_YES) | sort | uniq > $(TMPFILE4); fi @cat $(TMPFILE3) $(TMPFILE4) | sort | uniq @rm -f $(TMPFILES) # Quickly customize which packages you don't want in the filesystem: customize-packages-no: ./_build.custom_packages_no $$EDITOR $< # Quickly customize which packages you want in the filesystem: customize-packages-yes: ./_build.custom_packages_yes $$EDITOR $< ./_build.custom_packages_no: buildroot @test -f $@ || { make ./_build.custom_packages.initial && mv ./_build.custom_packages.initial $@; } ./_build.custom_packages_yes: buildroot @test -f $@ || { make ./_build.custom_packages.initial && mv ./_build.custom_packages.initial $@; } ./_build.custom_packages.initial: @find ./_build.buildroot/package -name Config.in -exec \grep -o "BR2_PACKAGE_[A-Z0-9_]*" {} \; | uniq | sort | uniq | awk '{print "#"$$0}' >$@ # ============================================================= # clean & help # ============================================================= clean: rm -rf _build.* help: @echo "Usage: make guignol" @echo " or: make guignol-custom" @echo " or: make minimal" @echo " or: make customize-packages-yes" @echo " or: make customize-packages-no" @echo " or: make dependencies" @echo " or: make clean" @echo " or: make help-pupisto" @echo " or: make help" @echo "Examples:" @echo "[1] make guignol" @echo "[2] make guignol-custom" @echo "[3] make customize-packages-no customize-packages-yes guignol" @echo "[4] make customize-packages-no customize-packages-yes guignol-custom" @echo "[5] make help-pupisto" @echo "---" @echo "The example [2] gives you access to the Buildroot's menu configuration." @echo "The example [3] allows you to quickly customize the package selection removing comments from files \`_build.custom_packages_{yes,no}'." @echo "The example [4] provides you both customization methods." @echo "The example [5] is simply equivalent to \`pupisto.buildroot.sh --help'; you can launch directly this script if you want to create the Buildroot's filesystem with special options (name, config)." help-pupisto: ./pupisto.buildroot.sh --help marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh0000700000175000017500000012443312356733375025153 0ustar lucaslucas#!/bin/bash # This file is part of marionnet # Copyright (C) 2013, 2014 Jean-Vincent Loddo # Copyright (C) 2013, 2014 Université Paris 13 # Copyright (C) 2013 Antoine Seignard # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # File system creation based on Builroot (itself based on Busybox) and # kernel patch (ghostification) and compilation # This script builds from scratch a filesystem with the buildroot utilities. # Be careful because sometimes buildroot needs some extras packages according # to the choosen configuration. # Authors: # Jean-Vincent Loddo # Antoine Seignard (prototypal version, minor changes, knowhow to add extra # buildroot packages) # ============================================================= # AUTOMATIC LOG-FILE GENERATION # ============================================================= MY_BASENAME=$(basename $0) if [[ $1 = "--help" || $1 = "-h" ]]; then # do nothing and continue : elif grep -q "log_${MY_BASENAME}[.]......$" <<<"$1"; then LOGFILE=$1 shift # and continue else LOGFILE=$(mktemp /tmp/log_${MY_BASENAME}.XXXXXX) EXIT_CODE_FILE=$(mktemp /tmp/exit_code_${MY_BASENAME}.XXXXXX) echo -e "Log file of command:\n$0" "$@" "\n---" | tee $LOGFILE COLUMNS=$(tput cols) { time $0 "$LOGFILE" "$@"; echo $? >$EXIT_CODE_FILE; } 2>&1 | tee -a "$LOGFILE" | cut -c1-$((COLUMNS)) read EXIT_CODE <$EXIT_CODE_FILE rm -f $EXIT_CODE_FILE echo "---" echo "$MY_BASENAME: previous running logged into $LOGFILE" exit $EXIT_CODE fi # Script body: set -e # ============================================================= # CMDLINE PARSING # ============================================================= # Getopt's format used to parse the command line: OPTSTRING="hdf:mqrKk:n:c:" function parse_cmdline { local i j flag # Transform long format options into the short one: for i in "$@"; do if [[ double_dash_found = 1 ]]; then ARGS+=("$i") else case "$i" in --help) ARGS+=("-h"); ;; --custom) ARGS+=("-m"); ;; --config) ARGS+=("-f"); ;; --continue) ARGS+=("-c"); ;; --quagga) ARGS+=("-q"); ;; --name) ARGS+=("-n"); ;; --kernel) ARGS+=("-k"); ;; --no-kernel) ARGS+=("-K"); ;; --router) ARGS+=("-r"); ;; --debug) ARGS+=("-d"); ;; --) ARGS+=("--"); double_dash_found=1; ;; --[a-zA-Z0-9]*) echo "*** Illegal long option $i."; exit 1; ;; -[a-zA-Z0-9]*) j="${i:1}"; while [[ $j != "" ]]; do ARGS+=("-${j:0:1}"); j="${j:1}"; done; ;; *) ARGS+=("$i") ;; esac fi done set - "${ARGS[@]}" unset ARGS # Interpret short format options: while [[ $# -gt 0 ]]; do OPTIND=1 while getopts ":$OPTSTRING" flag; do if [[ $flag = '?' ]]; then echo "ERROR: illegal option -$OPTARG."; exit 1; fi eval "option_${flag}=$OPTIND" eval "option_${flag}_arg='$OPTARG'" done for ((j=1; j] Build a basic filesystem for Marionnet based on Buildroot, itself based on Busybox. If one or both files \`_build.custom_packages_{yes,no}' exist in the current directory, their uncommented lines tell the script which Buildroot's packages are wanted (yes) or unwanted (no). The list of selected packages results from the formula: ((config UNION required) DIFF no) UNION yes UNION bash where \`config' is the default Buildroot configuration file, or the file provided with the option \`--config', and \`required' are packages considered relevant by Marionnet's developpers for pedagogical reasons. Note that, except \`bash', the priority is given to uncommented names in \`_build.custom_packages_{yes,no}'. Options: -n/--name NAME set the name of the filesystem (used for /etc/issue) -f/--config FILE use this Buildroot's (starting) configuration file -m/--custom customize the package selection with 'make menuconfig' -q/--quagga include quagga to the filesystem -k/--kernel VERS set the kernel version (for headers and/or to compile) -K/--no-kernel do not compile the kernel -r/--router-conf create also \"router_*.conf\" file (implies -q) -c/--continue DIR continue a previously broken execution in directory DIR -h/--help Print this message and exit --- Defaults: is \"./_build.buildroot\". --kernel ${DEFAULT_KERNEL_VERSION} is set by default Notes - If the kernel is compiled (you can disable it with -K) it will compiled outside Buildroot - The router configuration (-r) may be useful to have a unique filesystem for both routers and (basic) machines. You can simply install the router filesystem creating a (physical or symbolic) link to the related file 'machine-*'. Examples: $ ${0##*/} --no-kernel --kernel 3.0.8 --name pulcinella $ ${0##*/} --custom --no-kernel --quagga --name pulcinella $ ${0##*/} --no-kernel --router --name pulcinella" exit $1 } # Note that 2.6.30 is the first header's version allowing a # successfully buildroot compilation (2.6.18 fails) # Another possible default could be 2.6.32 (last statically-linked # available version of our patched (ghost2) kernel) DEFAULT_KERNEL_VERSION=3.2.60 # Manage now your options in a convenient order # # Option -h if [[ -n ${option_h} ]]; then print_usage_and_exit 0 fi # Option -n --name if [[ -n ${option_n} ]]; then DISTRIBUTION_NAME=$option_n_arg fi # Option -f --config if [[ -n ${option_f} ]]; then CONFIG=$option_f_arg fi # Option -k --kernel if [[ -n ${option_k} ]]; then KERNEL_VERSION=$option_k_arg else KERNEL_VERSION=$DEFAULT_KERNEL_VERSION fi # Option -r --router. It implies --quagga (-q): if [[ -n ${option_r} ]]; then option_q=y fi # Option -d --debug if [[ -n ${option_d} ]]; then DEBUGGING_MODE=y fi # Option -c --continue if [[ -n ${option_c} ]]; then if [[ -d "${option_c_arg}" ]]; then CONTINUE_IN_DIRECTORY="${option_c_arg}" CONTINUE=yes else echo "Error: ${option_c_arg} doesn't exist or is not a directory." echo "Exiting." exit 1 fi fi # ============================================================= # DEBUGGING SETUP # ============================================================= # Source anyway, in order to able to freely leave break-points in the code. # Defined functions: # ___break_point___ # set_tracing # unset_tracing # set_debugging # unset_debugging # set_once_actions_file # once # Referred global: # DEBUGGING_MODE source ../pupisto.common/toolkit_debugging.sh # In order to enrich the log: set_tracing # ============================================================= # GENERAL SETUP # ============================================================= BUILDROOT_ORIG=${1:-./_build.buildroot} if [[ ! -d $BUILDROOT_ORIG ]]; then echo "Perform before 'make ./buildroot' please!" exit 2 fi # Annexes of this script: PUPISTO_FILES=pupisto.buildroot.sh.files # KERNEL_VERSION=3.2.x => KERNEL_FAMILY=3.2 KERNEL_FAMILY=${KERNEL_VERSION%.*} # Distribution and filesystem names: if [[ -z $DISTRIBUTION_NAME ]]; then DISTRIBUTION_NAME="buildroot-for-kernel-${KERNEL_VERSION}" fi FS_NAME="machine-$DISTRIBUTION_NAME" # Create the temporary working directory $TWDIR or continue in an already created # directory: if [[ -n $CONTINUE ]]; then TWDIR="$(basename $CONTINUE_IN_DIRECTORY)" BUILDROOT=$TWDIR/buildroot [[ -d $BUILDROOT ]] || cp -a $BUILDROOT_ORIG $BUILDROOT else TWDIR=_build.$DISTRIBUTION_NAME-with-linux-${KERNEL_VERSION}.$(date +%Y-%m-%d.%H\h%M) mkdir -v -p $TWDIR BUILDROOT=$TWDIR/buildroot cp -a $BUILDROOT_ORIG $BUILDROOT fi PUPISTO_DIR=$PWD # Initialize the file registering actions to be performed once: set_once_actions_file $TWDIR/ONCE_ACTIONS_FILE # Will be called at the end of the script or exiting because of an error: function make_a_human_readable_log_into_working_directory { # global TWDIR LOGFILE BUILDROOT PUPISTO_DIR if [[ -f $LOGFILE ]]; then local READABLE_LOG_FILE local PATH_TO_BE_SIMPLIFIED local TMPFILE1=$(mktemp) local TMPFILE2=$(mktemp) # Example: # "/home/user/repos/marionnet/uml/pupisto.buildroot/" replaced by '$PUPISTO_DIR' # "_build.brighella-with-linux-3.2.44.2013-05-10.23h06/buildroot" replaced by '$BUILDROOT' READABLE_LOG_FILE=$TWDIR/$(basename $LOGFILE) PATH_TO_BE_SIMPLIFIED=$(sed 's/\//\\\//g' <<<"$PWD/$BUILDROOT") sed <$LOGFILE -e 's/'"$PATH_TO_BE_SIMPLIFIED"'/$BUILDROOT/g' > $TMPFILE1 PATH_TO_BE_SIMPLIFIED=$(sed 's/\//\\\//g' <<<"$BUILDROOT") sed <$TMPFILE1 -e 's/'"$PATH_TO_BE_SIMPLIFIED"'/$BUILDROOT/g' > $TMPFILE2 PATH_TO_BE_SIMPLIFIED=$(sed 's/\//\\\//g' <<<"$PUPISTO_DIR") sed <$TMPFILE2 -e 's/'"$PATH_TO_BE_SIMPLIFIED"'/$PUPISTO_DIR/g' > $READABLE_LOG_FILE echo "---" echo "Log file made more human-readable and copied into $READABLE_LOG_FILE" rm -f $TMPFILE1 $TMPFILE2 else printf "Log file %s not found\n" $LOGFILE 1>&2 fi } function exiting_because_error { # global TWDIR LOGFILE echo -e "Exiting because of an unexpected error in line $BASH_LINENO" make_a_human_readable_log_into_working_directory exit 3 } # trap exiting_because_error ERR source ../pupisto.common/toolkit_config_files.sh # Exported functions available from now: # tabular_file_update # user_config_set # set_default_config_file # set_default_config_field_separator # set_config_variable # unset_config_variable # get_config_variable # get_config_variable_unquoting # Examples: # tabular_file_update -d ":" -k 1 --key-value "root" -f 7 --field-value "/bin/bash" --field-old-value "/bin/sh" etc/passwd # user_config_set "PermitRootLogin" " " "yes" etc/sshd_config # ============================================================= # Definition of # OUR BUILDROOT TUNING SCRIPT # ============================================================= MARIONNET_RELAY=$PWD/$PUPISTO_FILES/S90marionnet-relay QUAGGA_DIR=$PWD/$PUPISTO_FILES/quagga OUR_TUNING_SCRIPT=$PWD/$(mktemp --tmpdir=$TWDIR ROOTFS_POST_IMAGE_SCRIPT.XXXXXXXX) IFCONFIG_WRAPPER=$PWD/$PUPISTO_FILES/ifconfig ZTOOLS_WRAPPER=$PWD/$PUPISTO_FILES/zgrep_zdiff_zless GROUPS_WRAPPER=$PWD/$PUPISTO_FILES/groups BASHRC=$PWD/$PUPISTO_FILES/bashrc NANORC=$PWD/$PUPISTO_FILES/nanorc SSH_DIR=$PWD/$PUPISTO_FILES/ssh RADVD_DIR=$PWD/$PUPISTO_FILES/radvd DHCPD_DIR=$PWD/$PUPISTO_FILES/dhcpd REBOOT_WRAPPER=$PWD/$PUPISTO_FILES/reboot LINUXLOGO=$PWD/$PUPISTO_FILES/gnu_linux_logo cat 1>$OUR_TUNING_SCRIPT < bash if [[ -L bin/sh && -x bin/bash ]]; then ln -sf bash bin/sh fi # Note that the user "student" is previously created by Buildroot: cp $BASHRC root/.bashrc cp $BASHRC home/student/.bashrc cp root/.bash_profile home/student/ # Also change root shell (in order to read ~/.bashrc): tabular_file_update -i -d ":" -k 1 --key-value "root" -f 7 --field-value "/bin/bash" etc/passwd || [[ $? -eq 1 ]] # Poor-man "z"-tools: ZTOOLS="zgrep zegrep zfgrep zless zdiff zcmp zhead ztail" for i in \$ZTOOLS; do if [[ ! -e bin/\$i ]]; then cp $ZTOOLS_WRAPPER bin/\$i chmod +x bin/\$i FOUND=\$i; break; fi done for i in \$ZTOOLS; do if [[ ! -e bin/\$i ]] && [[ ! \$i = \$FOUND ]]; then ln -s \$FOUND bin/\$i fi done # groups utility if [[ ! -e bin/groups ]] && [[ ! -e usr/bin/groups ]] && [[ -f $GROUPS_WRAPPER ]]; then cp $GROUPS_WRAPPER bin/groups chmod +x bin/groups fi # Adapt the ssh daemon to allow Marionnet to login or execute remote commands: SSHD_CONFIG=\$(find -type f -name "sshd_config") # should be etc/sshd_config if [[ -f "\$SSHD_CONFIG" ]]; then user_config_set "PermitRootLogin" " " "yes" \$SSHD_CONFIG user_config_set "StrictModes" " " "no" \$SSHD_CONFIG user_config_set "PubkeyAuthentication" " " "yes" \$SSHD_CONFIG mkdir -p {home/student,root}/.ssh chmod 700 {home/student,root}/.ssh cat $SSH_DIR/id_rsa_marionnet.pub >> home/student/.ssh/authorized_keys cat $SSH_DIR/id_rsa_marionnet.pub >> root/.ssh/authorized_keys chmod 644 {home/student,root}/.ssh/authorized_keys fi # radvd RADVD=\$(find -type f -name "radvd") if [[ -f "\$RADVD" ]]; then cp $RADVD_DIR/radvd.conf.example* etc/ fi # reboot REBOOT=\$(find sbin/ -name "reboot") if [[ -f "\$REBOOT" ]]; then rm "\$REBOOT" cp $REBOOT_WRAPPER "\$REBOOT" chmod +x "\$REBOOT" fi # nanorc NANO=\$(find /usr/bin/ -name "nano") if [[ -f "\$NANO" ]]; then cp $NANORC etc/nanorc fi # dhcpd DHCPD=\$(find etc/init.d/ -maxdepth 1 -type f -name "*dhcp-server") if [[ -f \$DHCPD ]]; then # Take our version: cat $DHCPD_DIR/dhcp-server >\$DHCPD fi # lighttpd if [[ -d var/www/ ]]; then echo '

It works!

' >var/www/index.html fi # Login message. # Note that setting BR2_TARGET_GENERIC_ISSUE no gives the expected effect, # so we write the message directly in the good place: # # # cat >etc/issue <<\EOF_issue # # # ####################################################### # # # Welcome to \`$DISTRIBUTION_NAME', a compact GNU/Linux filesystem # # # conceived for Marionnet, based on Busybox and made with # # # Buildroot ($(LC_ALL=us date "+%B %Y")). # # # ####################################################### # # # Running with kernel \r # # # # # # Use the account root/root or student/student # # # # # # EOF_issue # cp $LINUXLOGO etc/issue sed -i -e "s/DISTRIBUTION_NAME/$DISTRIBUTION_NAME/" etc/issue sed -i -e "s/DATE/$(LC_ALL=us date "+%B %Y")/" etc/issue EOF # Append some treatments for quagga: if [[ -n ${option_q} ]]; then cat 1>>$OUR_TUNING_SCRIPT <> etc/group echo "quagga:x:117:" >> etc/group # TODO: FIX /home/quagga echo "quagga:x:108:117:Linux User,,,:/home/quagga:/bin/false" >> etc/passwd echo 'quagga:!:15815:0:99999:7:::' >> etc/shadow # Fix quagga ownership: # # # chown -R 108:117 etc/quagga # NOT PERMITTED!!! => to do in marionnet_relay! EOF fi # We dont know how to exploit this information: # FAKEROOT_SCRIPT=$BUILDROOT/output/build/_fakeroot.fs # Append other things to do as is (without interpretation, see "EOF"): cat 1>>$OUR_TUNING_SCRIPT <<"EOF" # Creating 'student/student': # Ask Buildroot to do it: # Source: http://lists.busybox.net/pipermail/buildroot/2012-December/064450.html # +============+=====+=======+=====+==========+=============+=========+=======+===========+ # | username | uid | group | gid | password | home | shell |groups | comment | # +============+=====+=======+=====+==========+=============+=========+=======+===========+ # User `student' defined into `pupisto.buildroot.sh.files/ethghost/ethghost.mk' # Add student to the `sudo' group. TODO: ensure that the line exists! TMPFILE=$(mktemp) awk $TMPFILE '$1=="#" && $2=="%sudo" && $3=="ALL=(ALL)" {print $2,$3,$4; next} {print}' chmod u+w etc/sudoers cat $TMPFILE >etc/sudoers chmod u-w etc/sudoers echo 'sudo:x:27:student' >> etc/group # Remove the symlink /etc/resolv.conf rm etc/resolv.conf >etc/resolv.conf # Change the `ctrlaltdel' behaviour: no `reboot' but `halt'. This setting is # very relevant because with `reboot' Marionnet will not be able to cleanly # shutdown the machine: sed -i -e 's/::ctrlaltdel:\/sbin\/reboot/::ctrlaltdel:\/sbin\/halt/' etc/inittab # Add tty0 as available root console: echo 'tty0' >> etc/securetty # Add a wrapper `dhclient -> udhcpc (busybox)' if needed: if [[ -e sbin/udhcpc && ! -e sbin/dhclient ]]; then echo '#!/bin/bash eval exec -a udhcpc busybox -fnq "$@" ' > sbin/dhclient chmod +x sbin/dhclient fi # Do not start services at boot (except S90marionnet-relay and some other): pushd etc/init.d/ for i in $(find . -maxdepth 1 -name "S*" -a ! -name "S90marionnet-relay" -a ! -name "S01logging" -a ! -name "S20urandom" -a ! -name "S40network"); do j=${i#./S??}; mv $i $j; echo "$j was $i" >> README.script_order done # Create links for the remaining services: for i in $(find . -maxdepth 1 -name "S*" -a ! -name "S90marionnet-relay"); do j=${i#./S??}; mv $i $j; ln -s $j $i done popd EOF # Make it executable and bind it with the Buildroot process: chmod +x $OUR_TUNING_SCRIPT # Do not execute our script the first time: # set_config_variable "BR2_ROOTFS_POST_BUILD_SCRIPT" '"'$OUR_TUNING_SCRIPT'"' # ============================================================= # BUILDROOT PATCHES # ============================================================= # Package `net-tools': if [[ -d $BUILDROOT/package/net-tools ]]; then echo "No need to apply the \`net-tools' buildroot patch. Fine." else echo "Applying the \`net-tools' buildroot patch." patch -d $BUILDROOT -p1 <$PUPISTO_FILES/net-tools.patch fi # ============================================================= # BUILDROOT CONFIGURATION (Step 1) # working on `project_defconfig' # ============================================================= # Antoine: when you update Buildroot the new configuration options appear, # so if you copy an old .config and start the build, Buildroot # will ask you the values for the new options. In order to workaround # this behaviour, select automatically the default value for the new options, then, do: # cp your.config.file /path/to/buildroot/sources/configs/project_defconfig && # make project_defconfig && make if [[ -z ${CONFIG} ]]; then >$BUILDROOT/configs/project_defconfig else cp -fv $CONFIG $BUILDROOT/configs/project_defconfig fi # Set the initial config file we will working on # until the next `make project_defconfig': set_default_config_file $BUILDROOT/configs/project_defconfig # BR2_ARCH corresponds to SUBARCH during kernel compilation set_config_variable "BR2_ARCH" '"i386"' set_config_variable "BR2_i386" "y" set_config_variable "BR2_ENDIAN" '"LITTLE"' set_config_variable "BR2_GCC_TARGET_TUNE" '"i386"' set_config_variable "BR2_GCC_TARGET_ARCH" '"i386"' set_config_variable "BR2_x86_i386" "y" set_config_variable "BR2_TARGET_GENERIC_ROOT_PASSWD" '"root"' # /etc/inittab is built according to the following three lines # according to the compiled kernel: set_config_variable "BR2_TARGET_GENERIC_GETTY_PORT" '"tty0"' set_config_variable "BR2_TARGET_GENERIC_GETTY_BAUDRATE_38400" "y" unset_config_variable "BR2_TARGET_GENERIC_GETTY_TERM" ########################################## # (Step 1) Improve building efficiency # ########################################## # Share and reuse DOWNLOAD results among separate Buildroot builds: BUILDROOT_DL_DIR="$HOME/.buildroot-downld" set_config_variable "BR2_DL_DIR" '"'$BUILDROOT_DL_DIR'"' mkdir -p $BUILDROOT_DL_DIR ln -sf $BUILDROOT_DL_DIR "_build.buildroot-downld" # Share and reuse COMPILATION results among separate Buildroot builds # (`ccache' support); fix PATH (if needed) and set BR2_CCACHE: if [[ -e /usr/lib/ccache/gcc ]]; then if ! grep -q "ccache" <<<$PATH; then export PATH=$(dirname $(which gcc)):$PATH fi set_config_variable "BR2_CCACHE" "y" mkdir -p "$HOME/.buildroot-ccache" ln -sf "$HOME/.buildroot-ccache" "_build.buildroot-ccache" fi ############################################ # (Step 1) Additional Buildroot packages # ############################################ # This sub-section is about adding custom packages, library, or applications # in buildroot. # Example: # add_extra_buildroot_package $PUPISTO_FILES/ethghost $ETHGHOST_VERSION ../ethghost # add_extra_buildroot_package $PUPISTO_FILES/bind function add_extra_buildroot_package { # global BUILDROOT BUILDROOT_DL_DIR local PACKAGE_DEFINITION_DIR=$1 local PACKAGE_VERSION=$2 # optional local SOURCE_DIR=$3 # optional #--- local NAME=$(basename $PACKAGE_DEFINITION_DIR) local CONFIG_IN=$PACKAGE_DEFINITION_DIR/Config.in local PACKAGE_MK=$PACKAGE_DEFINITION_DIR/$NAME.mk [[ -f $CONFIG_IN ]] || { echo "Expected file $CONFIG_IN doesn't exist" 1>&2; return 1; } [[ -f $PACKAGE_MK ]] || { echo "Expected file $PACKAGE_MK doesn't exist" 1>&2; return 1; } local UPPER_NAME=$(echo $NAME | tr '[a-z]' '[A-Z]') mkdir -p $BUILDROOT/package/$NAME # Simulate the package download if the SOURCE_DIR is given: if [[ -n $SOURCE_DIR ]]; then tar -C $(dirname $SOURCE_DIR) -czf $BUILDROOT_DL_DIR/${NAME}-${PACKAGE_VERSION}.tar.gz $NAME/ fi # Copy all things as they are from $PACKAGE_DEFINITION_DIR: cp $PACKAGE_DEFINITION_DIR/* $BUILDROOT/package/$NAME/ # Creation of the config.in needed for package description and dependencies. cp -f $CONFIG_IN $BUILDROOT/package/$NAME/ # Copy $PACKAGE_MK as is or trying to update the version number: if [[ -z $PACKAGE_VERSION ]]; then cp -f $PACKAGE_MK $BUILDROOT/package/$NAME/$NAME.mk else awk <$PACKAGE_MK >$BUILDROOT/package/$NAME/$NAME.mk \ -v version="$PACKAGE_VERSION" '$1 ~ /^[A-Z0-9]*_VERSION$/ {print $1,$2,version; next} {print}' fi #Append the package/Config.in file to make appear our new package cat 1>>$BUILDROOT/package/Config.in<&2 } fi } # Add now our package `ethghost' ETHGHOST_VERSION=$(\make --quiet -C ../ethghost print_version) add_extra_buildroot_package $PUPISTO_FILES/ethghost $ETHGHOST_VERSION ../ethghost ####################################### # (Step 1) Packages' selection # ####################################### # Add some essential packages: set_config_variable "BR2_PACKAGE_BUSYBOX" "y" set_config_variable "BR2_PACKAGE_BUSYBOX_SHOW_OTHERS" "y" set_config_variable "BR2_PACKAGE_BASH" "y" # set_config_variable "BR2_PACKAGE_BRIDGE_UTILS" "y" # busybox! # set_config_variable "BR2_PACKAGE_BZIP2" "y" # busybox! set_config_variable "BR2_PACKAGE_HOST_E2FSPROGS" "y" set_config_variable "BR2_PACKAGE_DHCP" "y" set_config_variable "BR2_PACKAGE_DHCP_SERVER" "y" # set_config_variable "BR2_PACKAGE_DHCP_RELAY" "y" # busybox! set_config_variable "BR2_PACKAGE_BIND" "y" set_config_variable "BR2_PACKAGE_BIND_SERVER" "y" set_config_variable "BR2_PACKAGE_BIND_TOOLS" "y" set_config_variable "BR2_PACKAGE_RPCBIND" "y" set_config_variable "BR2_PACKAGE_SOCAT" "y" set_config_variable "BR2_PACKAGE_RSYNC" "y" set_config_variable "BR2_PACKAGE_CURL" "y" set_config_variable "BR2_PACKAGE_CURLFTPFS" "y" set_config_variable "BR2_PACKAGE_SSHFS" "y" set_config_variable "BR2_PACKAGE_STRACE" "y" set_config_variable "BR2_PACKAGE_UEMACS" "y" set_config_variable "BR2_PACKAGE_ETHTOOL" "y" set_config_variable "BR2_PACKAGE_FILE" "y" set_config_variable "BR2_PACKAGE_IPROUTE2" "y" set_config_variable "BR2_PACKAGE_IPTABLES" "y" set_config_variable "BR2_PACKAGE_IPUTILS" "y" # ping6 traceroute6 tracepath6 set_config_variable "BR2_PACKAGE_KBD" "y" set_config_variable "BR2_PACKAGE_LESS" "y" set_config_variable "BR2_PACKAGE_LIGHTTPD" "y" set_config_variable "BR2_PACKAGE_LIGHTTPD_OPENSSL" "y" set_config_variable "BR2_PACKAGE_LIGHTTPD_BZIP2" "y" set_config_variable "BR2_PACKAGE_LINKS" "y" set_config_variable "BR2_PACKAGE_NANO" "y" set_config_variable "BR2_PACKAGE_NANO_TINY" "n" set_config_variable "BR2_PACKAGE_NCFTP" "y" # set_config_variable "BR2_PACKAGE_NETCAT" "y" # busybox! set_config_variable "BR2_PACKAGE_NMAP" "y" set_config_variable "BR2_PACKAGE_NTP" "y" # set_config_variable "BR2_PACKAGE_NTP_NTPD" "y" # busybox! set_config_variable "BR2_PACKAGE_NTP_SNTP" "y" set_config_variable "BR2_PACKAGE_NTP_NTPDATE" "y" set_config_variable "BR2_PACKAGE_NTP_NTPDC" "y" set_config_variable "BR2_PACKAGE_NTP_NTPQ" "y" set_config_variable "BR2_PACKAGE_OPENSSH" "y" set_config_variable "BR2_PACKAGE_OPENSSL" "y" set_config_variable "BR2_PACKAGE_RADVD" "y" set_config_variable "BR2_PACKAGE_READLINE" "y" set_config_variable "BR2_PACKAGE_SUDO" "y" set_config_variable "BR2_PACKAGE_TCPDUMP" "y" # set_config_variable "BR2_PACKAGE_TFTPD" "y" # busybox! # set_config_variable "BR2_PACKAGE_XZ" "y" # busybox! set_config_variable "BR2_PACKAGE_WGET" "y" set_config_variable "BR2_PACKAGE_ZLIB" "y" # Basic essential settings: set_config_variable "BR2_TOOLCHAIN_BUILDROOT_INET_IPV6" "y" set_config_variable "BR2_TOOLCHAIN_BUILDROOT_INET_RPC" "y" set_config_variable "BR2_ROOTFS_DEVICE_CREATION_STATIC" "y" set_config_variable "BR2_INIT_BUSYBOX" "y" set_config_variable "BR2_ROOTFS_SKELETON_DEFAULT" "y" set_config_variable "BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW" "y" set_config_variable "BR2_TARGET_ROOTFS_EXT2" "y" set_config_variable "BR2_TARGET_ROOTFS_EXT2_BLOCKS" "0" set_config_variable "BR2_TARGET_ROOTFS_EXT2_INODES" "0" set_config_variable "BR2_TARGET_ROOTFS_EXT2_RESBLKS" "0" set_config_variable "BR2_TARGET_ROOTFS_EXT2_NONE" "y" # net-tools (in order to have `arp' and an ifconfig acceptiong CIDR notation): # set_config_variable "BR2_PACKAGE_NET_TOOLS" "y" # busybox + our ifconfig wrapper! # Option -q/--quagga if [[ -n ${option_q} ]]; then # Package needed for quagga set_config_variable "BR2_PACKAGE_QUAGGA" "y" set_config_variable "BR2_PACKAGE_QUAGGA_ZEBRA" "y" set_config_variable "BR2_PACKAGE_QUAGGA_TCP_ZEBRA" "y" set_config_variable "BR2_PACKAGE_QUAGGA_BABELD" "y" set_config_variable "BR2_PACKAGE_QUAGGA_BGPD" "y" set_config_variable "BR2_PACKAGE_QUAGGA_BGP_ANNOUNCE" "y" set_config_variable "BR2_PACKAGE_QUAGGA_ISISD" "y" set_config_variable "BR2_PACKAGE_QUAGGA_OSPFD" "y" set_config_variable "BR2_PACKAGE_QUAGGA_OPAQUE_LSA" "y" set_config_variable "BR2_PACKAGE_QUAGGA_OSPF6D" "y" set_config_variable "BR2_PACKAGE_QUAGGA_RIPD" "y" set_config_variable "BR2_PACKAGE_QUAGGA_RIPNGD" "y" set_config_variable "BR2_PACKAGE_QUAGGA_WATCHQUAGGA" "y" set_config_variable "BR2_PACKAGE_QUAGGA_SNMP" "y" fi # Tell Buildroot which kernel version we are supposing: set_config_variable "BR2_KERNEL_HEADERS_VERSION" "y" set_config_variable "BR2_DEFAULT_KERNEL_VERSION" '"'$KERNEL_VERSION'"' set_config_variable "BR2_DEFAULT_KERNEL_HEADERS" '"'$KERNEL_VERSION'"' set_config_variable "BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_${KERNEL_FAMILY//./_}" "y" # Ex: BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_2 set_config_variable "BR2_KERNEL_HEADERS_${KERNEL_FAMILY//./_}" "y" # Ex: BR2_KERNEL_HEADERS_3_2 # Mr proper: set_config_variable "BR2_ENABLE_LOCALE_PURGE" "y" set_config_variable "BR2_ENABLE_LOCALE_WHITELIST" "C en_US de fr" # Some features are not supported anymore for i386, so: set_config_variable "BR2_x86_i486" "y" # Optimization: PROCESSOR_NO=$(\grep "^processor.*:" /proc/cpuinfo | sort | uniq | wc -l) set_config_variable "BR2_JLEVEL" "$PROCESSOR_NO" ####################################### # (Step 1) custom_packages_{yes,no} # ####################################### # Last-minute package's installation directives, using files # _build.custom_packages_{no,yes} built and edited with specific # `make' entries. Note that "yes" is prioritary over "no". unset_tracing # otherwise too verbose! CUSTOM_PACKAGES_NO="_build.custom_packages_no" if [[ -f $CUSTOM_PACKAGES_NO ]]; then echo "Removing packages from uncommented lines of $CUSTOM_PACKAGES_NO" \grep -v "^#" $CUSTOM_PACKAGES_NO | \grep "BR2_PACKAGE_[A-Z0-9_][A-Z0-9_]*" | \ while read PACKAGE; do set_config_variable "$PACKAGE" "n" done fi CUSTOM_PACKAGES_YES="_build.custom_packages_yes" if [[ -f $CUSTOM_PACKAGES_YES ]]; then echo "Adding packages from uncommented lines of $CUSTOM_PACKAGES_YES" \grep -v "^#" $CUSTOM_PACKAGES_YES | \grep "BR2_PACKAGE_[A-Z0-9_][A-Z0-9_]*" | \ while read PACKAGE; do set_config_variable "$PACKAGE" "y" done fi set_tracing # continue now in verbose mode ####################################################### # (Step 1) Last configurations on project_defconfig # ####################################################### # Bash will be (re-)selected anyway, even in a minimal setting: set_config_variable "BR2_PACKAGE_BASH" "y" # Toolchain settings: these three variables are initially set to "yes" # in order to force Buildroot to consider all packages. Their value will # be reconsidered in a second step: set_config_variable "BR2_TOOLCHAIN_BUILDROOT_LARGEFILE" "y" set_config_variable "BR2_TOOLCHAIN_BUILDROOT_WCHAR" "y" set_config_variable "BR2_TOOLCHAIN_BUILDROOT_CXX" "y" ######################################## # (Step 1) Make project_defconfig # ######################################## # Merge our minimal `project_defconfig' with # Buildroot's defaults in order to generate $BUILDROOT/.config once make -C $BUILDROOT project_defconfig # ============================================================= # BUILDROOT CONFIGURATION (Step 2) # working on `.config' # ============================================================= # At this point we can forget the old configuration file used to # build $BUILDROOT/.config with the previous `make' call. From # this moment, we will work on $BUILDROOT/.config, so: set_default_config_file $BUILDROOT/.config # ___break_point___ # The `unset' function must act on the .config file generated by Buildroot, # because Buildroot merges the `project_defconfig' with its own defaults. unset_config_variable "BR2_LINUX_KERNEL" # ignore anyway the Buildroot's kernel compilation unset_config_variable "BR2_TARGET_ROOTFS_TAR" unset_config_variable "BR2_TARGET_ROOTFS_TAR_NONE" unset_config_variable "BR2_TARGET_ROOTFS_TAR_OPTIONS" set_config_variable "BR2_TAR_OPTIONS" '""' set_config_variable "BR2_TARGET_ROOTFS_TAR" "n" ####################################### # (Step 2) TOOLCHAIN dependencies # ####################################### DEPENDENCIES=$(mktemp) SELECTED_PACKAGES=$(awk <$BUILDROOT/.config -F "=" '$1 ~ /^BR2_PACKAGE_[A-Z][A-Z0-9_]*/ && $2 == "y" {print $1}') for i in $SELECTED_PACKAGES; do j=${i#BR2_PACKAGE_} j=${j,,} CONFIG_IN=$BUILDROOT/package/$j/Config.in if [[ -f $CONFIG_IN ]]; then \grep -o 'depends on.*[!].*BR2_.*' $CONFIG_IN || true fi done | tr ' ' '\n' | \grep -o "BR2_[A-Z][A-Z0-9_]*" | uniq | sort | uniq > $DEPENDENCIES # Here $DEPENDENCIES contains a list like the following: # BR2_INET_IPV6 # BR2_INSTALL_LIBSTDCPP # BR2_LARGEFILE # BR2_PACKAGE_QUAGGA # BR2_PREFER_STATIC_LIB # BR2_TOOLCHAIN_HAS_THREADS # BR2_USE_WCHAR function yes_or_no_according_to { if "$@"; then echo y; else echo n; fi } # In order to be able to select additional packages (nmap, wget): # BR2_TOOLCHAIN_BUILDROOT_LARGEFILE is required for instance # by BR2_PACKAGE_BIND but it is not automatically set by Buildroot, so: y_or_n=$(yes_or_no_according_to grep -q "BR2_.*LARGEFILE" $DEPENDENCIES) set_config_variable "BR2_TOOLCHAIN_BUILDROOT_LARGEFILE" ${y_or_n} # y_or_n=$(yes_or_no_according_to grep -q "BR2_.*WCHAR" $DEPENDENCIES) # Forced because the version 3.2.44 of kernel's headers need this # toolchain setting: y_or_n=y set_config_variable "BR2_TOOLCHAIN_BUILDROOT_WCHAR" ${y_or_n} y_or_n=$(yes_or_no_according_to grep -q "BR2_.*LIBSTDCPP" $DEPENDENCIES) set_config_variable "BR2_TOOLCHAIN_BUILDROOT_CXX" ${y_or_n} echo "TOOLCHAIN dependencies:" tr '\n' ' ' <$DEPENDENCIES rm $DEPENDENCIES ___break_point___ ############################################ # (Step 2) custom (interactive) running # ############################################ # Custom? --custom -m if [[ -n ${option_m} ]]; then PSEUDO_TERMINAL=$(tty) make -C $BUILDROOT menuconfig 0<$PSEUDO_TERMINAL 1>$PSEUDO_TERMINAL fi # ============================================================= # BUILDROOT COMPILATION # (first round) # ============================================================= # Compile all stuff a first time: once make -C $BUILDROOT # ============================================================= # BUSYBOX REBUILDING # (second round) # ============================================================= # We perform some settings directly into the Busybox's config file: # Example: BUSYBOX_CONFIG=package/busybox/busybox-1.21.x.config BUSYBOX_CONFIG=${BUILDROOT}/$(awk <$BUILDROOT/.config -F= '$1 == "BR2_PACKAGE_BUSYBOX_CONFIG" {print $2}' | tr -d '"') set_config_variable "CONFIG_BRCTL" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_FEATURE_BRCTL_FANCY" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_FEATURE_BRCTL_SHOW" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_IPCALC" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_FEATURE_IPCALC_FANCY" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_FEATURE_IPCALC_LONG_OPTIONS" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_PGREP" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_PING6" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_PKILL" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_SPLIT" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_FEATURE_SPLIT_FANCY" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_STAT" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_FEATURE_STAT_FORMAT" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_SUM" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_TAC" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_UNCOMPRESS" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_UNEXPAND" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_MKFS_EXT2" "y" $BUSYBOX_CONFIG set_config_variable "CONFIG_PSTREE" "y" $BUSYBOX_CONFIG # At this point $BUSYBOX_CONFIG is a merging of Builroot's settings # with our settings. # Now rebuild busybox with our specific settings: BUSYBOX_BUILT_DIR=$(echo $BUILDROOT/output/build/busybox-*) make -C $BUSYBOX_BUILT_DIR clean sort_and_merge_config_files $BUSYBOX_CONFIG $BUSYBOX_BUILT_DIR/.config > $BUSYBOX_BUILT_DIR/.config.merged cp $BUSYBOX_BUILT_DIR/{.config,.config.orig} cp $BUSYBOX_BUILT_DIR/{.config.merged,.config} # The second time we want execute the our filesystem tuning script: set_config_variable "BR2_ROOTFS_POST_BUILD_SCRIPT" '"'$OUR_TUNING_SCRIPT'"' $BUILDROOT/.config set_config_variable "BR2_ROOTFS_POST_SCRIPT_ARGS" '""' $BUILDROOT/.config ############################ # (Second round) Compile # ############################ # Note that the target `busybox-rebuild' doesn't have the expected behaviour: once make -C $BUILDROOT busybox-reconfigure once make -C $BUILDROOT all #################################### # (Second round) Store the image # #################################### # Move the image to $TWDIR: FS_LOC=$TWDIR/$FS_NAME mv $BUILDROOT/output/images/rootfs.ext2 $FS_LOC cp $BUILDROOT/.config $TWDIR/buildroot.config cp $BUSYBOX_BUILT_DIR/.config $TWDIR/busybox.config # ============================================================= # GENERATING FILES # {machine,router}-*.conf # ============================================================= #################################### # MD5SUM and other simple fields # #################################### MD5SUM=$(md5sum "$FS_LOC" | awk '{print $1}') SUM=$(sum "$FS_LOC" | awk '{print $1}') MTIME=$(stat -c "%Y" "$FS_LOC") DATE=$(date +%Y-%m-%d) AUTHOR=$(awk ghost or not else # With option --router the console must be 'none' except when the user # explicitely requires a unix terminal: SUPPORTED_KERNELS="/$KERNEL_VERSION/" # /../ => ghost or not fi ############################################## # X11_SUPPORT and memory-related variables # ############################################## function set_X11_SUPPORT_and_related_variables_according_to_choosed_packages { # global X11_SUPPORT BUILDROOT local CONFIG_FILE=${1:-$BUILDROOT/.config} local X11_RELATED_PACKAGES # --- if grep -q "BR2_PACKAGE_XLIB_LIBX11=y" "$CONFIG_FILE"; then if grep -q "BR2_PACKAGE_XSERVER_XORG_SERVER=y" "$CONFIG_FILE"; then X11_SUPPORT="xnested" MEMORY_MIN_SIZE=32 MEMORY_SUGGESTED_SIZE=48 else X11_SUPPORT="xhosted" MEMORY_MIN_SIZE=24 MEMORY_SUGGESTED_SIZE=48 fi else X11_SUPPORT="none" MEMORY_MIN_SIZE=16 # tested MEMORY_SUGGESTED_SIZE=24 fi } # Launch the function: set_X11_SUPPORT_and_related_variables_according_to_choosed_packages "$BUILDROOT/.config" ################### # BINARY_LIST # ################### # Looking for binaries in $BUILDROOT/output/target TARGET_DIR=$BUILDROOT/output/target pushd $TARGET_DIR BIN_OR_SBIN_DIRS=$(find . -type d \( -name "bin" -o -name "sbin" \) ) BINARY_LIST=$(find $BIN_OR_SBIN_DIRS -perm -u=x ! -type d ! -name "*[.]so*" -exec basename {} \; | sort) # Some binaries like '[' or '[[' will provoke some problems applying `sed' or `awk' (see above), so: BINARY_LIST=$(echo $BINARY_LIST | tr ' ' '\n' | \grep "[a-zA-Z][a-zA-Z_.]*") BINARY_LIST=$(echo $BINARY_LIST) popd ####################### # FILLING TEMPLATE # ####################### cp ../../share/filesystems/machine-template.conf $FS_LOC.conf # Using `sed' for simple replacements: sed -e "s/^MD5SUM=.*/MD5SUM=$MD5SUM/" \ -e "s/^SUM=.*/SUM=$SUM/" \ -e "s/^MTIME=.*/MTIME=$MTIME/" \ -e "s/^DATE=.*/DATE=$DATE/" \ -e "s/^AUTHOR=.*/AUTHOR=\"$AUTHOR\"/" \ -e "s/^X11_SUPPORT=.*/X11_SUPPORT=\"$X11_SUPPORT\"/" \ -e "s/^MEMORY_MIN_SIZE=.*/MEMORY_MIN_SIZE=$MEMORY_MIN_SIZE/" \ -e "s/^MEMORY_SUGGESTED_SIZE=.*/MEMORY_SUGGESTED_SIZE=$MEMORY_SUGGESTED_SIZE/" \ -i ${FS_LOC}.conf # Using `user_config_set' for replacements involving variables # bound to values with special characters (as '/') and/or multiple lines. user_config_set "BINARY_LIST" "=" "'$BINARY_LIST'" ${FS_LOC}.conf user_config_set "SUPPORTED_KERNELS" "=" "'$SUPPORTED_KERNELS'" ${FS_LOC}.conf # Rename the built filesystem and its .conf file simply adding the suffix $SUM: mv $FS_LOC ${FS_LOC}-${SUM} mv $FS_LOC.conf ${FS_LOC}-${SUM}.conf # ============================================================= # ROUTER LINK AND OTHER FINAL ACTIONS # ============================================================= pushd "$(dirname $FS_LOC)" if [[ -n $option_r ]]; then FS_BASENAME="$(basename ${FS_LOC}-${SUM})" ROUTER_FS_BASENAME=router-${FS_BASENAME#machine-} cp $FS_BASENAME.conf $ROUTER_FS_BASENAME.conf ln -s $FS_BASENAME $ROUTER_FS_BASENAME cat >INSTALL <INSTALL <&2 "A directory \`$EXISTING_KERNEL_DIR' already exists: making a symlink to!" ln -s ../"$EXISTING_KERNEL_DIR" "$TWDIR/linux-$KERNEL_VERSION" else # In order to have a unique log, we will use the script as # a library of functions instead of as a standalone program: source ../pupisto.kernel/pupisto.kernel.sh --source # Now call the function: download_patch_and_compile_kernel $KERNEL_VERSION $TWDIR # Move the whole directory to the good place (../pupisto.kernel/) # in order to potentially share it among other filesystem building: BUILT_DIR=_build.linux-${KERNEL_VERSION}.$(date +%Y-%m-%d.%H\h%M).$RANDOM echo "Moving \`$TWDIR/linux-$KERNEL_VERSION' -> \`../pupisto.kernel/$BUILT_DIR'" mv $TWDIR/linux-$KERNEL_VERSION ../pupisto.kernel/$BUILT_DIR ln -s ../../pupisto.kernel/$BUILT_DIR $TWDIR/linux-$KERNEL_VERSION fi fi # ============================================================= # GREETINGS # ============================================================= # Store the log file into the output directory: make_a_human_readable_log_into_working_directory [[ -f $CUSTOM_PACKAGES_NO ]] && mv $CUSTOM_PACKAGES_NO $TWDIR/ [[ -f $CUSTOM_PACKAGES_YES ]] && mv $CUSTOM_PACKAGES_YES $TWDIR/ echo "---" ls -ld $TWDIR echo "---" echo "Pay attention to move (or copy with option \`-a') the filesystem in order to preserve the MTIME." echo "If something goes wrong installing your filesystem, you can restore the correct" echo "MTIME with the following command:" echo "sudo touch -d \$(date -d '@$MTIME') $FS_NAME" echo echo "Success." marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/0000700000175000017500000000000012356733375026317 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/dhcpd/0000700000175000017500000000000012356733375027401 5ustar lucaslucasmarionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/dhcpd/dhcp-server0000700000175000017500000000205112356733375031547 0ustar lucaslucas#!/bin/sh # # $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $ # # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="eth0" # Configuration file: CONFIG_FILE="/etc/dhcp/dhcpd.conf" function on_error { echo "Error" echo "Suggestion: launch yourself \`dhcpd -cf $CONFIG_FILE' for debugging." } set -e trap on_error ERR test -f /usr/sbin/dhcpd || exit 0 case "$1" in start) echo -n "Starting DHCP server: " test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/ test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases start-stop-daemon -S -x /usr/sbin/dhcpd -- -cf $CONFIG_FILE -q $INTERFACES echo "Ok." ;; stop) echo -n "Stopping DHCP server: dhcpd3" start-stop-daemon -K -x /usr/sbin/dhcpd || true echo "Ok." ;; restart | force-reload) $0 stop sleep 2 $0 start if [ "$?" != "0" ]; then exit 1 fi ;; *) echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}" exit 1 esac exit 0 marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/net-tools.patch.README0000600000175000017500000000223412356733375032223 0ustar lucaslucasAuthor: Stefan Meißner http://lists.busybox.net/pipermail/buildroot/2012-April/052591.html Modified by Marionnet team in order to get a up-to-date debian patch of version 1.60, and also modified at line 55 as suggested by the Buildroot build system itself: $(eval $(call GENTARGETS)) ==> $(eval $(generic-package)) More formally, the patch of the patch is the following: --- net-tools.patch.orig 2013-05-07 12:26:35.000000000 +0200 +++ net-tools.patch.modified 2013-05-07 12:20:50.000000000 +0200 @@ -164,8 +164,8 @@ +############################################################# +NET_TOOLS_VERSION = 1.60 +NET_TOOLS_SOURCE = net-tools_$(NET_TOOLS_VERSION).orig.tar.gz -+NET_TOOLS_PATCH = net-tools_$(NET_TOOLS_VERSION)-24.1.diff.gz +NET_TOOLS_SITE = $(BR2_DEBIAN_MIRROR)/debian/pool/main/n/net-tools ++NET_TOOLS_PATCH = $(shell wget -q -O - $(NET_TOOLS_SITE) | grep -o '[>]net-tools_$(NET_TOOLS_VERSION).*[.]diff[.]gz' | sort | tail -n 1 | cut -c2-) + +# Override Busybox implementations if Busybox is enabled. +ifeq ($(BR2_PACKAGE_BUSYBOX),y) @@ -211,4 +211,4 @@ + $(MAKE) -C $(@D) clean +endef + -+$(eval $(call GENTARGETS)) ++$(eval $(generic-package)) marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/zgrep_zdiff_zless0000700000175000017500000000536412356733375032006 0ustar lucaslucas#!/bin/bash # This file is part of Marionnet # Copyright (C) 2013 Jean-Vincent Loddo # Copyright (C) 2013 Université Paris 13 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Poor-man's (and quite ugly) versions of zgrep zegrep zfgrep zless zdiff zcmp zhead ztail. # Limitations: options with argument(s) are not supported (for instance diff -C N) except # when the argument doesn't correspond to an existing file. # Dependencies: zcat (or cat & gunzip), mktemp, rm # [OPTION].. PATTERN [FILE].. function grep_like_call { local PROGRAM="$1"; shift; local OPTIONS while [[ "-${1#-}" = "${1}" ]]; do OPTIONS+="${1} "; shift; done local PATTERN="$1"; shift; local ZCAT if ZCAT=$(type -P zcat); then $ZCAT "$@" | $PROGRAM $OPTIONS "$PATTERN" else cat "$@" | gunzip -c | $PROGRAM $OPTIONS "$PATTERN" fi } # [OPTION].. [FILE].. function less_like_call { local PROGRAM="$1"; shift; local OPTIONS while [[ "-${1#-}" = "${1}" ]]; do OPTIONS+="${1} "; shift; done # Ugly but why not: try to capture arguments that aren't existing files: while [[ ! -e "${1}" ]]; do OPTIONS+="${1} "; shift; done local ZCAT if ZCAT=$(type -P zcat); then $ZCAT "$@" | $PROGRAM $OPTIONS else cat "$@" | gunzip -c | $PROGRAM $OPTIONS fi } # [OPTION].. FILE1 FILE2 function diff_like_call { local PROGRAM="$1"; shift; local OPTIONS while [[ "-${1#-}" = "${1}" ]]; do OPTIONS+="${1} "; shift; done # Ugly but why not: try to capture arguments that aren't existing files: while [[ ! -e "${1}" ]]; do OPTIONS+="${1} "; shift; done [[ $# -eq 2 ]] || return 1 local FILE1="$1"; local FILE2="$2"; local TMPFILE1=$(mktemp /tmp/$(basename "$FILE1").XXXXXX) local TMPFILE2=$(mktemp /tmp/$(basename "$FILE2").XXXXXX) local ZCAT if ZCAT=$(type -P zcat); then $ZCAT "$FILE1" > "$TMPFILE1" $ZCAT "$FILE2" > "$TMPFILE2" else cat "$FILE1" | gunzip -c > "$TMPFILE1" cat "$FILE2" | gunzip -c > "$TMPFILE2" fi $PROGRAM "$TMPFILE1" "$TMPFILE2" rm -f "$TMPFILE1" "$TMPFILE2" } # Main PROGRAM=$(basename $0) case $PROGRAM in zgrep|zegrep|zfgrep) grep_like_call ${PROGRAM#z} "$@";; zless|zhead|ztail) less_like_call ${PROGRAM#z} "$@";; zdiff|zcmp) diff_like_call ${PROGRAM#z} "$@";; esac marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/groups0000700000175000017500000000034612356733375027567 0ustar lucaslucas#!/bin/bash # Simple wrapper for `id -Gn' # J.V. Loddo, for the Marionnet project. GPL. # Note that we cannot change the name of the executable (exec -a groups) # because `id' is itself a wrapper to `busybox': exec id -Gn "$@" marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/radvd/0000700000175000017500000000000012356733375027417 5ustar lucaslucas././@LongLink0000644000000000000000000000015600000000000011605 Lustar rootrootmarionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/radvd/radvd.conf.example.debianmarionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/radvd/radvd.conf.examp0000600000175000017500000000011712356733375032500 0ustar lucaslucasinterface eth0 { AdvSendAdvert on; prefix 2001:db8::/32 { }; }; ././@LongLink0000644000000000000000000000014700000000000011605 Lustar rootrootmarionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/radvd/radvd.conf.examplemarionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/radvd/radvd.conf.examp0000600000175000017500000000646712356733375032516 0ustar lucaslucas# # NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE # NOTE NOTE # NOTE This is an EXAMPLE, which serves only to demonstrate the NOTE # NOTE syntax of radvd.conf, and is not meant to be used for a NOTE # NOTE real radvd configuration. NOTE # NOTE NOTE # NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE # interface eth0 { AdvSendAdvert on; # This may be needed on some interfaces which are not active when # radvd starts, but become available later on; see man page for details. # IgnoreIfMissing on; # # These settings cause advertisements to be sent every 3-10 seconds. This # range is good for 6to4 with a dynamic IPv4 address, but can be greatly # increased when not using 6to4 prefixes. # MinRtrAdvInterval 3; MaxRtrAdvInterval 10; # # You can use AdvDefaultPreference setting to advertise the preference of # the router for the purposes of default router determination. # NOTE: This feature is still being specified and is not widely supported! # AdvDefaultPreference low; # # Disable Mobile IPv6 support # AdvHomeAgentFlag off; # # example of a standard prefix # prefix 2001:db8:1:0::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # # example of a 6to4 prefix # # Note that the first 48 bits are specified here as zeros. These will be # replaced with the appropriate 6to4 address when radvd starts or is # reconfigured. Be sure that the SLA ID (1234 in this case) is specified # here! # prefix 0:0:0:1234::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; # # This setting causes radvd to replace the first 48 bits of the prefix # with the 6to4 address generated from the specified interface. For example, # if the address of ppp0 is 192.0.2.25 when radvd configures itself, this # prefix will be advertised as 2002:C000:0219:1234::/64. # # If ppp0 is not available at configuration time, this prefix will not be # advertised, but other prefixes listed in the configuration will be # advertised as usual. # # When using the Base6to4Interface option, make sure radvd receives a # SIGHUP every time the ppp0 interface goes up, down, or is assigned a # new IPv4 address. The SIGHUP will cause radvd to recognize that the # ppp0 interface has changed and will adjust the advertisements # accordingly. # Base6to4Interface ppp0; # # If the IP address of ppp0 is assigned dynamically, be sure to set the # lifetimes for this prefix to be small. Otherwise, hosts on your network # may continue to use a prefix that no longer corresponds to the address # on ppp0! # AdvPreferredLifetime 120; AdvValidLifetime 300; }; # # example of a more specific route # NOTE: This feature is not very widely supported! You may also need to # enable it manually (e.g. on Linux, change the value of # sysctl accept_ra_rt_info_max_plen to 48 or 64) # route 2001:db0:fff::/48 { AdvRoutePreference high; AdvRouteLifetime 3600; }; # # RDNSS # NOTE: This feature is not very widely implemented. # RDNSS 2001:db8::1 2001:db8::2 { AdvRDNSSLifetime 30; }; # # DNS Search Lists # DNSSL branch.example.com example.com { AdvDNSSLLifetime 30; }; }; marionnet-0.90.6+bzr457.orig/uml/pupisto.buildroot/pupisto.buildroot.sh.files/nanorc0000600000175000017500000027664212356733375027545 0ustar lucaslucas## Sample initialization file for GNU nano. ## ## Please note that you must have configured nano with --enable-nanorc ## for this file to be read! Also note that this file should not be in ## DOS or Mac format, and that characters specially interpreted by the ## shell should not be escaped here. ## ## To make sure a value is disabled, use "unset