Index: /branches/trunk/nanobsd/README.txt =================================================================== --- /branches/trunk/nanobsd/README.txt (revision 10173) +++ /branches/trunk/nanobsd/README.txt (revision 10173) @@ -0,0 +1,12 @@ +Please find the build procedure and other supporting documents at + +http://www.wirelessleiden.nl/projects/nodefactory/wiki/NanoBSD + += Directory layout = +README.txt = currently reading +cfg-files = extension for auto populate /cfg slice in image +cfg/kernel.* = kernel config files, different hosts +cfg/nanobsd.* = nanobsd config files +files = extension for auto populate / slice in image +pkg = Packages to be installed +tools = Helper scripts for use after image Index: /branches/trunk/nanobsd/cfg/kernel.wleiden =================================================================== --- /branches/trunk/nanobsd/cfg/kernel.wleiden (revision 10173) +++ /branches/trunk/nanobsd/cfg/kernel.wleiden (revision 10173) @@ -0,0 +1,207 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: releng/9.0/sys/i386/conf/GENERIC 227305 2011-11-07 13:40:54Z marius $ + +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident WLEIDEN + +# Uncomment if you like to compile a debugging kernel +#makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols +#options KDB # Kernel debugger related code +#options KDB_TRACE # Print a stack trace for a panic + + +options CPU_ELAN +options CPU_SOEKRIS # Some units are Soekris Machines. +options CPU_GEODE # net4801 requirement +options HZ=250 # Because ofthe "ELAN" timecounter. + +options NO_SWAPPING # Embedded Machines. +options SW_WATCHDOG # Remote emergency reboots. + + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options INCLUDE_CONFIG_FILE # Include this file in kernel + +# To make an SMP kernel, the next two lines are needed +options SMP # Symmetric MultiProcessor Kernel +device apic # I/O APIC + +# CPU frequency control +device cpufreq + +# Bus support. +device acpi +device eisa +device pci + +# ATA controllers +device ahci # AHCI-compatible SATA controllers +device ata # Legacy ATA/SATA controllers +options ATA_CAM # Handle legacy controllers with CAM +options ATA_STATIC_ID # Static device numbering + +# ATA/SCSI peripherals +device scbus # SCSI bus (required for ATA/SCSI) +device da # Direct Access (disks) + +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 + +# Wireless NIC cards +device wlan # 802.11 support +options IEEE80211_DEBUG # enable debug msgs +options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's +options IEEE80211_SUPPORT_MESH # enable 802.11s draft support +device ath # Atheros NIC's +device ath_pci # Atheros pci/cardbus glue +device ath_hal # pci/cardbus chip support +options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors +device ath_rate_sample # SampleRate tx rate control for ath +device ral # Ralink Technology RT2500 wireless NICs. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device vlan # 802.1Q VLAN support +device tun # Packet tunnel. +device pty # BSD-style compatibility pseudo ttys +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +options USB_DEBUG # enable debug msgs +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device xhci # XHCI PCI->USB interface (USB 3.0) +device usb # USB Bus (required) +device umass # Disks/Mass storage - Requires scbus and da +# USB Serial devices +device u3g # USB-based 3G modems (Option, Huawei, Sierra) +device uark # Technologies ARK3116 based serial adapters +device ubsa # Belkin F5U103 and compatible serial adapters +device uftdi # For FTDI usb serial adapters +device uipaq # Some WinCE based devices +device uplcom # Prolific PL-2303 serial adapters +device uslcom # SI Labs CP2101/CP2102 serial adapters +device uvisor # Visor and Palm devices +device uvscom # USB serial support for DDI pocket's PHS +#device urio # Diamond Rio 500 MP3 player +#device uscanner # Scanners +# USB Ethernet, requires miibus +device aue # ADMtek USB Ethernet +device axe # ASIX Electronics USB Ethernet +device cdce # Generic USB over Ethernet +device cue # CATC USB Ethernet +device kue # Kawasaki LSI USB Ethernet +device mos # Mos USB Ethernet +device rue # RealTek RTL8150 USB Ethernet +device udav # Davicom DM9601E USB +# USB Wireless +device rum # Ralink Technology RT2501USB wireless NICs +device run # Ralink Technology RT2700/RT2800/RT3000 NICs. +device uath # Atheros AR5523 wireless NICs +device upgt # Conexant/Intersil PrismGT wireless NICs. +device ural # Ralink Technology RT2500USB wireless NICs +device urtw # Realtek RTL8187B/L wireless NICs +device zyd # ZyDAS zd1211/zd1211b wireless NICs + +# +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + + +# Firewall fore the use of fancy stuff, like forwarding ports +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPFIREWALL_FORWARD +options IPFIREWALL_NAT +options LIBALIAS # Required for IPFIREWALL_NAT + +# Allow combining interfaces +device if_bridge + Index: /branches/trunk/nanobsd/cfg/nanobsd.wleiden =================================================================== --- /branches/trunk/nanobsd/cfg/nanobsd.wleiden (revision 10173) +++ /branches/trunk/nanobsd/cfg/nanobsd.wleiden (revision 10173) @@ -0,0 +1,313 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# Little hack to allow proper secify of KERNL/PKG location +if [ -n "$NANO_CFG_FILE" ]; then + NANO_CONF_DIR=$(cd $(dirname $NANO_CFG_FILE); pwd -P) +else + NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) +fi + +# object naam in /usr/obj/nanobsd.{obj} +NANO_NAME=wleiden-hybrid +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +NANO_CODESIZE=819200 +NANO_RAM_TMPVARSIZE=20480 + +NANO_DRIVE=ada0 + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +elif [ "`sysctl -n hw.model`" = "AMD Sempron(tm) Processor 3000+" ]; then + # Parralel builds on this friend fails somehow + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry +# Calculated value of PEAK hardware 1GB CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +# Using logical values reported by ALIX board +# values for PCEngines blanc 1 GB cards +# C/H/S phys 1966/16/63, logical 983/32/63 +NANO_MEDIASIZE=`expr 1008451584 / 512` +NANO_HEADS=32 +NANO_SECTS=63 + + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + + +# Enable Serial TTYs +cust_serial_ttys() ( + chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyv[1-9]/s/on /off/' -e '/ttyu0/s/off/on/' -e '/ttyu0/s/dialup/ansi/' /etc/ttys +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +customize_cmd cust_serial_ttys +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches + + +# Extra config if existing is not suffient +if [ -n "$EXTRA_NANOBSD_CONFIG" ]; then + for FILE in $EXTRA_NANOBSD_CONFIG; do + # File relative to config directory + if [ "`echo $FILE | cut -c1`" != "/" ]; then + FILE=$NANO_CONF_DIR/$FILE + fi + pprint 1 "Loading $FILE" + . $FILE || exit 1 + done +fi Index: /branches/trunk/nanobsd/files/FILE_LISTING.txt =================================================================== --- /branches/trunk/nanobsd/files/FILE_LISTING.txt (revision 10173) +++ /branches/trunk/nanobsd/files/FILE_LISTING.txt (revision 10173) @@ -0,0 +1,38 @@ +# File or directory and it's purpose in this build +./boot.config # Serial console output +./boot/loader.conf # Serial console output +./conf/default/etc/.work_around_till_fix_of_pr_134513 +./conf/default/var/.work_around_till_fix_of_pr_134513 +./etc/crontab # Extra calls for pen & ntp +./etc/namedb/named.conf # Custom named configuration +./etc/ntp.conf # Custom ntp configuration +./etc/rc.conf # Highly customized rc.conf +./etc/syslog.conf # Remote syslogging enabing +./etc/ttys-nanobsd.patch # Serial console output +./root/.ssh # Template directory for authorized_keys file +./tools/change_password # Allow persistent changing of root password +./tools/dhcpd_snmp.sh # XXX +./tools/save_sshkeys # Allow persistent saving of host ssh keys +./tools/syslogd_flags.sh # XXX +./tools/updatep1 # phk image on slice 1 update script +./tools/updatep2 # phk image on slice 2 update script +./tools/wl-config # WL node specific configuration fetch and update script +./tools/wl-version # Version debug tool, gather statistics for debugging +./usr/lib/aout/.keep_me # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir +./usr/local/bin/ssh-copy-id # XXX +./usr/local/bin/write_ntpdrift # XXX +./usr/local/etc/dhcpd-snmp.conf # dhcp-snmp cofiguration +./usr/local/etc/dhcpd.conf # Initial custom dhcpd.conf +./usr/local/etc/nrpe.cfg # XXX +./usr/local/etc/ntp.drift # XXX +./usr/local/etc/rc.d/lvrouted.sh # lvrouted startup script +./usr/local/etc/rc.d/nanobsd-motd # Allow updating motd with persistent save +./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation +./usr/local/etc/rc.d/pen # Pen startup script +./usr/local/etc/rc.d/sort-proxies # Pen optimizer script +./usr/local/etc/rc.d/wlweb # WLweb configuration webinterface startup script +./usr/local/sbin/dhcpd-snmp # dhcp-snmp 'binary' +./usr/local/sbin/lvrouted.opt # lvrouted 'binary' +./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB +./usr/local/share/snmp/snmpd.conf # Custom snmpd configuration +./usr/local/wlweb # WLweb configuration webinterface program Index: /branches/trunk/nanobsd/files/boot.config =================================================================== --- /branches/trunk/nanobsd/files/boot.config (revision 10173) +++ /branches/trunk/nanobsd/files/boot.config (revision 10173) @@ -0,0 +1,1 @@ +-h Index: /branches/trunk/nanobsd/files/boot/loader.conf =================================================================== --- /branches/trunk/nanobsd/files/boot/loader.conf (revision 10173) +++ /branches/trunk/nanobsd/files/boot/loader.conf (revision 10173) @@ -0,0 +1,21 @@ +# No funky Beasty, but boring default, and gone in 1 second to make it go quick :-( +beastie_disable="YES" +autoboot_delay="1" + +# Some apache hyper speed module, we properly this don't need this, but still +# saves a startup warning +accf_http_load="YES" + +# Named started nagging, claiming (to many) files if unable to reach master for +# quite some time +kern.maxfiles="5000" + +# The unlucky NET4801 does not properly support DMA (we don't need it anyways) +# http://lists.soekris.com/pipermail/soekris-tech/2008-August/014788.html +hw.ata.ata_dma="0" + +# Prefers stability over preformance disable Write Caching (man 4 ata) +hw.ata.wc="0" + +# Force output to run trough the comconsole, no exceptions +console="comconsole" Index: /branches/trunk/nanobsd/files/etc/crontab =================================================================== --- /branches/trunk/nanobsd/files/etc/crontab (revision 10173) +++ /branches/trunk/nanobsd/files/etc/crontab (revision 10173) @@ -0,0 +1,33 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +HOME=/var/log +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a +# +# Write updates for ntp.drift to flash +0 12 * * * root /usr/local/bin/write_ntpdrift +# +# Nagios checks +30 * * * * root /usr/local/dense/dense.sh +*/15 * * * * root /usr/local/sbin/check-inet-alive Index: /branches/trunk/nanobsd/files/etc/dhclient.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/dhclient.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/dhclient.conf (revision 10173) @@ -0,0 +1,11 @@ +# $FreeBSD: src/etc/dhclient.conf,v 1.3.36.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +# This file is required by the ISC DHCP client. +# See ``man 5 dhclient.conf'' for details. +# +# In most cases an empty file is sufficient for most people as the +# defaults are usually fine. + +# If a proxy get his IP via DHCP it's resolv.conf should keep the relevant entries +prepend domain-name "wleiden.net "; +prepend domain-name-servers 127.0.0.1; Index: /branches/trunk/nanobsd/files/etc/ipfw.sh =================================================================== --- /branches/trunk/nanobsd/files/etc/ipfw.sh (revision 10173) +++ /branches/trunk/nanobsd/files/etc/ipfw.sh (revision 10173) @@ -0,0 +1,126 @@ +#!/bin/sh - +# Based on /etc/rc.firewall +# +# Credits: Richard van Mansom, Rick van der Zwet + + +allowed2internet="80,443" +maxconnections="10" + +RFC1918_nets="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" +WLNET='172.16.0.0/12' + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +########### +# Set Internal/External Interface +# +driver=`echo ${internalif} | sed 's/[0-9]*//g'` +seq=`echo ${internalif} | sed 's/[a-zA-Z]*//g'` + +if [ ${seq} = 0 ]; then + seq=`expr ${seq} \+ 1` +else + seq=`expr ${seq} \- 1` +fi + +externalif="$driver$seq" + +# Get interface Addresses +externalip=`ifconfig $externalif | awk '/inet/ { print $2 }'` +internalip=`ifconfig $internalif | awk '/inet/ { print $2 }'` +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback + + +############ +# Block the hosters network (and maybe others) +for IP in ${firewall_block} +do + ${fwcmd} add deny ip from any to ${IP} in via $internalif +done + +############ +# Statefull filewall in use +${fwcmd} add check-state + +# Allow anything originating from me +${fwcmd} add allow ip from me to any keep-state + + +############# +# Outbound NAT setup +# WL Net -> Internet +${fwcmd} add nat 100 all from $WLNET to any out recv $internalif xmit $externalif +${fwcmd} add nat 100 all from any to $externalip in recv $externalif +${fwcmd} nat 100 config if $externalif + +# Subnet Internet is allowed +${fwcmd} add allow tcp from $WLNET to any $allowed2internet in via $internalif setup limit src-addr $maxconnections + + +############# +# Internal Network -> WL Net +# Inbound NAT setup, to allow proxy device to be used gateway from Internal Network to WL +${fwcmd} add nat 200 all from $RFC1918_nets to $WLNET out recv $externalif xmit $internalif +${fwcmd} add nat 200 all from $WLNET to $internalip in recv $internalif +${fwcmd} nat 200 config if $internalif + +# Allow all traffic inbound +${fwcmd} add allow all from $RFC1918_nets to $WLNET in recv $externalif keep-state + + +############# +## Services in use +## Allow on external interface +external_allow_tcp="ssh" +${fwcmd} add allow tcp from any to me $external_allow_tcp via $externalif setup keep-state + +## Allow on internal interface +internal_allow_tcp="ssh,domain,3128" +internal_allow_udp="ntp,domain,snmp,12345" +${fwcmd} add allow udp from $WLNET to me ${internal_allow_udp} via $internalif keep-state +${fwcmd} add allow tcp from $WLNET to me ${internal_allow_tcp} via $internalif setup keep-state + +# Basic ICMP managment traffic +${fwcmd} add allow icmp from any to me icmptype 8 +${fwcmd} add allow icmp from me to any icmptype 3,4,11 + + +############# +# Block anything else +${fwcmd} add 65000 deny log logamount 500 ip from any to any + Index: /branches/trunk/nanobsd/files/etc/motd =================================================================== --- /branches/trunk/nanobsd/files/etc/motd (revision 10173) +++ /branches/trunk/nanobsd/files/etc/motd (revision 10173) @@ -0,0 +1,3 @@ +Stiching Wireless Leiden Node + +WWW: http://www.wirelessleiden.nl Index: /branches/trunk/nanobsd/files/etc/newsyslog.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/newsyslog.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/newsyslog.conf (revision 10173) @@ -0,0 +1,46 @@ +# configuration file for newsyslog +# $FreeBSD: src/etc/newsyslog.conf,v 1.52.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +# Entries which do not specify the '/pid_file' field will cause the +# syslogd process to be signalled when that log file is rotated. This +# action is only appropriate for log files which are written to by the +# syslogd process (ie, files listed in /etc/syslog.conf). If there +# is no process which needs to be signalled when a given log file is +# rotated, then the entry for that file should include the 'N' flag. +# +# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'. +# +# Note: some sites will want to select more restrictive protections than the +# defaults. In particular, it may be desirable to switch many of the 644 +# entries to 640 or 600. For example, some sites will consider the +# contents of maillog, messages, and lpd-errs to be confidential. In the +# future, these defaults may change to more conservative ones. +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 * JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 * JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC +/var/log/sendmail.st 640 10 * 168 B +/var/log/weekly.log 640 5 1 $W6D0 JN +/var/log/wtmp 644 3 * @01T05 B +/var/log/xferlog 600 7 100 * JC +/var/log/pen_wrapper.log 644 3 100 * J +/var/log/wlportal.log 664 3 100 * J /var/run/wlportal.pid +/var/log/wlweb-access.log 644 3 100 * J +/var/log/wlweb-error.log 644 3 100 * J +/var/log/snmpd.log 644 3 100 * J /var/run/snmpd.pid +/var/log/thttpd.log 644 3 100 * J /var/run/thttpd.pid + + Index: /branches/trunk/nanobsd/files/etc/nsswitch.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/nsswitch.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/nsswitch.conf (revision 10173) @@ -0,0 +1,16 @@ +# +# nsswitch.conf(5) - name service switch configuration file +# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# no NIS +group: compat +# group_compat: nis +hosts: files dns +networks: files +passwd: compat +# passwd_compat: nis +shells: files +services: compat +# services_compat: nis +protocols: files +rpc: files + Index: /branches/trunk/nanobsd/files/etc/ntp.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/ntp.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/ntp.conf (revision 10173) @@ -0,0 +1,46 @@ +#XXX: Might need to be dynamic + +# server 172.17.8.68 # proxy1 +# server 172.17.143.4 # proxy2 +# server 172.20.128.98 # proxy3 +# server 172.19.137.67 # proxy4 +# server 172.19.168.66 # proxy5 + +#XXX: All it's local nighboor addresses + +# server proxy1.wleiden.net # autokey +# server proxy2.wleiden.net # autokey +# server proxy3.wleiden.net # autokey +server 0.nl.pool.ntp.org +server 1.nl.pool.ntp.org +server 2.nl.pool.ntp.org +server 3.nl.pool.ntp.org + # In case machine get hooked to internet (and got working dns) + + + +# and if all failes - use our local crummy clock +server 127.127.1.0 #stratum 10 +# Optional - to provide the surroundings +# with a accurate time - unsollicted. +# +# broadcast + +# This file is generated by 'ntp-genkey -d r' +# on any of the 3 time lords; and pulled +# from Genesis. +# +# keys /etc/ntp.keys + +# Limit the number of clients concurrent +# RQs' to the levels a simple not can +# sustain. Asumming 5Mbit this translates +# to some 5000 machines. + +# Ensure that our stats and drift files +# go to writable disk (/etc mounted RO +# on the flash-rom machines). +# +driftfile /var/db/ntp.drift + + Index: /branches/trunk/nanobsd/files/etc/rc.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/rc.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/rc.conf (revision 10173) @@ -0,0 +1,47 @@ +## Building options +dumpdev="NO" # No kernel dumps as we don't have a place to + # store them +gateway_enable="NO" # Do NOT act like a gateway +ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) + +# NTP server needs working config with WL network or internet on boot +# so some warnings might pop up, but no harm +ntpdate_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" + +# We need no running mail server +sendmail_enable="NONE" + +# Don't let syslog accept input from other remote hosts +syslogd_enable="YES" +syslogd_flags="-s -A -c -b 127.0.0.1" + +# Remote login without DNS checking as it might not also be functionable +# -u0 prevent sshd from making DNS requests unless the authentication mechanism +# or configuration requires it. +sshd_enable="YES" +sshd_flags="-u0" + +# Don't update the motd as it not writeable, the update_nanobsd_motd is a +# simple wrapper found at /usr/local/etc/rc.d supporting this featureg +update_motd="NO" +update_nanobsd_motd="YES" + +# Monitoring deamons +nrpe2_enable="YES" +snmpd_enable="YES" +snmpd_flags="-a -LF w /var/log/snmpd.log" + +# HTTP(S) proxy server +tinyproxy_enable="YES" + +# Nameserver for internet and wleiden.net +maradns_enable="YES" +dnsmasq_enable="NO" +fetchzone_enable="YES" + +# Make sure generated ssh keys are saved +nanobsd_save_sshkeys_enable="YES" + Index: /branches/trunk/nanobsd/files/etc/rc.d/syslogd =================================================================== --- /branches/trunk/nanobsd/files/etc/rc.d/syslogd (revision 10173) +++ /branches/trunk/nanobsd/files/etc/rc.d/syslogd (revision 10173) @@ -0,0 +1,74 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/syslogd,v 1.13.2.1.6.1 2010/12/21 17:09:25 kensmith Exp $ +# + +# PROVIDE: syslogd +# REQUIRE: mountcritremote cleanvar newsyslog +# BEFORE: SERVERS + +. /etc/rc.subr +name="syslogd" +rcvar=`set_rcvar` +pidfile="/var/run/syslog.pid" +command="/usr/sbin/${name}" +required_files="/etc/syslog.conf" +start_precmd="syslogd_precmd" +extra_commands="reload" +sockfile="/var/run/syslogd.sockets" + +inf=$(dig +short `hostname`) +command_args="-b $inf" + +evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +altlog_proglist="named" + +syslogd_precmd() +{ + local _l _ldir + + # Transitional symlink for old binaries + # + if [ ! -L /dev/log ]; then + ln -sf /var/run/log /dev/log + fi + rm -f /var/run/log + + # Create default list of syslog sockets to watch + # + ( umask 022 ; > $sockfile ) + + # If running named(8) or ntpd(8) chrooted, added appropriate + # syslog socket to list of sockets to watch. + # + for _l in $altlog_proglist; do + eval _ldir=\$${_l}_chrootdir + if checkyesno `set_rcvar $_l` && [ -n "$_ldir" ]; then + echo "${_ldir}/var/run/log" >> $sockfile + fi + done + + # If other sockets have been provided, change run_rc_command()'s + # internal copy of $syslogd_flags to force use of specific + # syslogd sockets. + # + if [ -s $sockfile ]; then + echo "/var/run/log" >> $sockfile + eval $evalargs + fi + + return 0 +} + +set_socketlist() +{ + local _s _socketargs + + _socketargs= + for _s in `cat $sockfile | tr '\n' ' '` ; do + _socketargs="-l $_s $_socketargs" + done + echo $_socketargs +} +load_rc_config $name +run_rc_command "$1" Index: /branches/trunk/nanobsd/files/etc/resolv.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/resolv.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/resolv.conf (revision 10173) @@ -0,0 +1,4 @@ +nameserver 127.0.0.1 +nameserver 8.8.8.8 +nameserver 8.8.4.4 +search wleiden.net Index: /branches/trunk/nanobsd/files/etc/ssh/ssh_config =================================================================== --- /branches/trunk/nanobsd/files/etc/ssh/ssh_config (revision 10173) +++ /branches/trunk/nanobsd/files/etc/ssh/ssh_config (revision 10173) @@ -0,0 +1,2 @@ +Host * + ForwardAgent yes Index: /branches/trunk/nanobsd/files/etc/ssh/sshd_config =================================================================== --- /branches/trunk/nanobsd/files/etc/ssh/sshd_config (revision 10173) +++ /branches/trunk/nanobsd/files/etc/ssh/sshd_config (revision 10173) @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +# Note that some of FreeBSD's defaults differ from OpenBSD's, and +# FreeBSD has a few additional options. + +#VersionAddendum FreeBSD-20090522 + +#Port 22 +#Protocol 2 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to yes to enable built-in password authentication. +#PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable PAM authentication +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'no' to disable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server Index: /branches/trunk/nanobsd/files/etc/sysctl.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/sysctl.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/sysctl.conf (revision 10173) @@ -0,0 +1,5 @@ +#XXX: Might needs to be dynamic as value depends on link length +# Turned of since it is highly unlikely that a proxy will use a wlan interface +# dev.ath.0.acktimeout=35 +# dev.ath.1.acktimeout=35 +# dev.ath.2.acktimeout=35 Index: /branches/trunk/nanobsd/files/etc/syslog.conf =================================================================== --- /branches/trunk/nanobsd/files/etc/syslog.conf (revision 10173) +++ /branches/trunk/nanobsd/files/etc/syslog.conf (revision 10173) @@ -0,0 +1,32 @@ +# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +*.* @loghost.wleiden.net +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!startslip +*.* /var/log/slip.log +!ppp +*.* /var/log/ppp.log Index: /branches/trunk/nanobsd/files/root/.ssh =================================================================== --- /branches/trunk/nanobsd/files/root/.ssh (revision 10173) +++ /branches/trunk/nanobsd/files/root/.ssh (revision 10173) @@ -0,0 +1,1 @@ +link /etc/dot_ssh Index: /branches/trunk/nanobsd/files/root/.vimrc =================================================================== --- /branches/trunk/nanobsd/files/root/.vimrc (revision 10173) +++ /branches/trunk/nanobsd/files/root/.vimrc (revision 10173) @@ -0,0 +1,4 @@ +syntax on +set tabstop=4 +set shiftwidth=4 +set viminfo='50,n/tmp/viminfo Index: /branches/trunk/nanobsd/files/tools/change_password =================================================================== --- /branches/trunk/nanobsd/files/tools/change_password (revision 10173) +++ /branches/trunk/nanobsd/files/tools/change_password (revision 10173) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/change_password,v 1.3.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +passwd root + +cfgslice=`grep '/cfg' /etc/fstab | cut -d \ -f 1` + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +cp /etc/master.passwd /etc/passwd /etc/pwd.db /etc/spwd.db /etc/group /cfg +umount /cfg +trap 1 2 15 EXIT Index: /branches/trunk/nanobsd/files/tools/dhcpd_snmp.sh =================================================================== --- /branches/trunk/nanobsd/files/tools/dhcpd_snmp.sh (revision 10173) +++ /branches/trunk/nanobsd/files/tools/dhcpd_snmp.sh (revision 10173) @@ -0,0 +1,15 @@ +#!/bin/sh +# Write dhcpd ranges to dhcpd-snmp.conf + +DHCPD="/usr/local/etc/dhcpd.conf" +DHSNMP="/usr/local/etc/dhcpd-snmp.conf" +INDEX="0" + +DHPOOL=`cat ${DHCPD} | grep range | awk '{print $2"-"$3}' | cut -d";" -f1` +for range in ${DHPOOL} +do + $((INDEX=INDEX+1)) + echo "`echo "pool:" $INDEX", pool"$INDEX", "$range | \ + sed 's/^.*(//'`" >> $DHSNMP +done + Index: /branches/trunk/nanobsd/files/tools/find-nanostation =================================================================== --- /branches/trunk/nanobsd/files/tools/find-nanostation (revision 10173) +++ /branches/trunk/nanobsd/files/tools/find-nanostation (revision 10173) @@ -0,0 +1,17 @@ +#!/bin/sh +# Discover nanostation using CDPv1 packets +# Credits: http://sidewynder.blogspot.com/2005/07/tcpdump-filter-for-capturing-only.html + +if [ "x$1" = "x" ]; then + echo "Usage: $0 [count]" 1>&2 + echo "Find (lost) Nanostation IP using 'count' CDPv1 packet(s)" + echo "Normally CDPv1 packets get send every minute" 1>&2 + echo "Interface hints: `ifconfig -l`" 1>&2 + exit 1 +fi +IFACE=$1 +# By default the local and remote will announce a broadcast. +COUNT=${2-2} + + +tcpdump -nn -v -i $IFACE -s 1500 -c $COUNT 'ether[18:4] == 0x000c2000' Index: /branches/trunk/nanobsd/files/tools/nsdc-rebuild.sh =================================================================== --- /branches/trunk/nanobsd/files/tools/nsdc-rebuild.sh (revision 10173) +++ /branches/trunk/nanobsd/files/tools/nsdc-rebuild.sh (revision 10173) @@ -0,0 +1,6 @@ +#!/bin/sh + +if [ ! -f /var/db/nsd/ixfr.db ]; then + nsdc rebuild + nsdc start +fi Index: /branches/trunk/nanobsd/files/tools/save_sshkeys =================================================================== --- /branches/trunk/nanobsd/files/tools/save_sshkeys (revision 10173) +++ /branches/trunk/nanobsd/files/tools/save_sshkeys (revision 10173) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/save_sshkeys,v 1.4.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +mkdir -p /cfg/ssh +( +cd /etc/ssh +cp ssh_host_* /cfg/ssh +) +umount /cfg +trap 1 2 15 EXIT Index: /branches/trunk/nanobsd/files/tools/syslogd_flag.sh =================================================================== --- /branches/trunk/nanobsd/files/tools/syslogd_flag.sh (revision 10173) +++ /branches/trunk/nanobsd/files/tools/syslogd_flag.sh (revision 10173) @@ -0,0 +1,7 @@ +#!/bin/sh +# Set hostname for syslogd -b flag + +HOST=`cat /etc/rc.conf.local | grep hostname | cut -d'"' -f2` +sed -i "" -e /syslogd_flags=/s/localhost/${HOST}/ /etc/rc.conf + + Index: /branches/trunk/nanobsd/files/tools/update =================================================================== --- /branches/trunk/nanobsd/files/tools/update (revision 10173) +++ /branches/trunk/nanobsd/files/tools/update (revision 10173) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Update the non-active partition, input will stdin if no argument given else a +# listing netcat sesion will be opened at the given port +# Can be used in the following setups: +# 1) Systems with CPU limits (e.g. no encryption and/or compression): +# ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper 3333 & +# cat nanobsd.image | nc node.example.org 3333 +# 2) Standard setup: +# cat nanobsd.image | ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper +# +# Licence: BSD http://wirelessleiden.nl/LICENSE +# +# Rick van der Zwet + +. /etc/nanobsd.conf + +ROOT=`cd $(dirname $0); pwd -P` + +# Find out which partion to use +mount | grep -q ${NANO_DRIVE}s1 && UPDATE=$ROOT/updatep2 || UPDATE=$ROOT/updatep1 + +if [ -z $1 ]; then + $UPDATE +else + nc -l $1 | $UPDATE +fi Index: /branches/trunk/nanobsd/files/tools/update-file =================================================================== --- /branches/trunk/nanobsd/files/tools/update-file (revision 10173) +++ /branches/trunk/nanobsd/files/tools/update-file (revision 10173) @@ -0,0 +1,60 @@ +#!/bin/sh +# +# Update an single file (content via stdin) on the flash disk if the md5 does +# not match. This script tries to be on the safe side by checking md5 at +# various stages. +# +# TODO: Maybe rsync is also able to perform the mount and umount before and +# after, this will eliminate all the hacking with md5 checks. +# +# Rick van der Zwet +# + +if [ -z "$1" ]; then + echo "Usage: $0 [ [ []]]" 1>&2 + exit 128 +fi + +FILE=$1 +NEW_MD5=${2:-""} +MODE_BITS=${3:-""} +OWNERSHIP=${4:-""} + +if [ ! -f "$FILE" ]; then + echo "# ERROR: File $FILE does not exists" 1>&2 + exit 1 +fi + +# First try to transfer file to local system +# this restricts the filesize to the maximum size of the /tmp system +TMPFILE=`mktemp -t $(basename $0)` || exit 1 +cat > $TMPFILE || exit 1 +TMP_MD5="`md5 -q $TMPFILE`" || exit 1 + +# Check which md5 to use, the given one or the calculated one +if [ -n "$NEW_MD5" ]; then + TARGET_MD5="$NEW_MD5" + if [ "$TMP_MD5" != "$TARGET_MD5" ]; then + echo "# ERROR: File transfer failed" 1>&2 + exit 2 + fi +else + TARGET_MD5="$TMP_MD5" +fi + +# Actually check whether we need to copy the file +CURRENT_MD5=`md5 -q $FILE` || exit 1 +if [ "$CURRENT_MD5" != "$TARGET_MD5" ]; then + echo "# INFO: Updating $FILE; old MD5 $CURRENT_MD5" + mount -uwo noatime / || exit 1 + cp -f $TMPFILE $FILE + [ -n "$MODE_BITS" ] && chmod $MODE_BITS $FILE + [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $FILE + mount -ur / + + # Make sure to recheck the md5 alter write to make sure all went ok + RECHECK_MD5=`md5 -q $FILE` + echo "# INFO: Updated $FILE; new MD5 $RECHECK_MD5" +else + echo "# INFO: File $FILE already has md5 $CURRENT_MD5" +fi Index: /branches/trunk/nanobsd/files/tools/updatep1 =================================================================== --- /branches/trunk/nanobsd/files/tools/updatep1 (revision 10173) +++ /branches/trunk/nanobsd/files/tools/updatep1 (revision 10173) @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep1,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 1 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep1 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s1 > /dev/null ; then + echo "You are running partition 1 already" + echo "you probably want to use 'updatep2' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s1 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s1 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s1a + +gpart set -a active -i 1 ${NANO_DRIVE} + Index: /branches/trunk/nanobsd/files/tools/updatep2 =================================================================== --- /branches/trunk/nanobsd/files/tools/updatep2 (revision 10173) +++ /branches/trunk/nanobsd/files/tools/updatep2 (revision 10173) @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep2,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 2 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep2 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s2 > /dev/null ; then + echo "You are running partition 2 already" + echo "you probably want to use 'updatep1' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s2 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s2 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s2a + +# Update the /etc/fstab +trap "umount /mnt" 1 2 15 EXIT +mount /dev/${NANO_DRIVE}s2a /mnt +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/conf/base/etc/fstab +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/etc/fstab +umount /mnt +trap 1 2 15 EXIT + +gpart set -a active -i 2 ${NANO_DRIVE} + Index: /branches/trunk/nanobsd/files/tools/wl-config =================================================================== --- /branches/trunk/nanobsd/files/tools/wl-config (revision 10173) +++ /branches/trunk/nanobsd/files/tools/wl-config (revision 10173) @@ -0,0 +1,231 @@ +#!/bin/sh +# Wireless Leiden proxy config-update script for FreeBSD 8.0 (nanobsd) +# Based on the 'API' of Jasper +# Rick van der Zwet ; Richard van Mansom +# XXX: TODO, some proper error checking for fetch + +BASEURL="http://132.229.112.21/config/iris/proxy/FreeBSD/8.0-RELEASE/g_list.pl" + +# Default config to fetch +CONFIG=`hostname -s | tr '[A-Z]' '[a-z]'` + +# Determine it's statup and running location and some other hints +# Skip named.conf as it not planned in current release +FILES="authorized_keys rc.conf.local resolv.conf" +file_details() { + case "$1" in + 'authorized_keys') + STARTUP_LOC="/cfg/dot_ssh/${FILE}" + RUNNING_LOC="/etc/dot_ssh/${FILE}" + FILE_HINT="" + ;; + 'rc.conf.local') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="/etc/rc.d/netif restart" + ;; + 'resolv.conf') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="" + ;; + esac +} + +usage() { + ( + echo "Usage: $0 [-bn] [-c ] [-m ]" + echo " -b batch mode, no user input" + echo " -c default configuration to fetch" + echo " -n do not mount config partition" + echo " -m all copy config files to running & config partition [default]" + echo " -m startup copy config files to config partition" + echo " -m testing do not copy config files" + echo " -m running copy config files to running partition" + echo " -m hack copy running files to config partition" + ) 1>&2 + exit 2 +} + +# Argument parsing using getopts +USE_API=1 # Whether or not to use the webinterface +OPT_MOUNT=1 +OPT_RUNNING=1 +OPT_STARTUP=1 +OPT_HACK=0 # Hack for people without configuration managment and testing +OPT_BATCH=0 + +parse_options() { + while getopts "bc:nm:" OPT; do + case "$OPT" in + b) OPT_BATCH=1;; + c) CONFIG="${OPTARG}";; + n) OPT_MOUNT=0;; + m) case "$OPTARG" in + all) true;; + live) OPT_STARTUP=0;; + startup) OPT_RUNNING=0;; + testing) OPT_RUNNING=0; OPT_STARTUP=0; OPT_MOUNT=0;; + hack) OPT_RUNNING=0; OPT_STARTUP=0; OPT_HACK=1; USE_API=0;; + *) usage;; + esac;; + h) usage;; + \?) usage;; + esac + done + # Allow to override automatic mounting, in case of external mount 'managment' + if [ "$1" = "-n" ]; then + OPT_MOUNT=0 + fi + + if [ "${OPT_RUNNING}" -eq 1 ]; then + echo "INFO: Storing new config files in running configuration" + fi + + if [ "${OPT_STARTUP}" -eq 1 ]; then + echo "INFO: Storing new config files in startup configuration" + fi + + if [ "${OPT_HACK}" -eq 1 ]; then + echo "WARN: Copy running configuration to startup configuration" + echo "WARN: Please do mind to document/mention this changes somewhere" + fi + + # New line before the real work gets started + echo "" +} + + + + +# test validity of input +config_validator() { + INPUT="$1" + `grep -q "^${INPUT}\$" ${TMPDIR}/node_list.txt` + if [ $? -eq 0 ]; then + return 0 + else + echo "WARNING: Input '${INPUT}' is not valid, some hints..." + grep "${INPUT}" ${TMPDIR}/node_list.txt + return 1 + fi +} + + + +select_node() { + # List of all available nodes + fetch -q -o ${TMPDIR}/node_list.txt ${BASEURL} || exit 1 + + # Provide Nodelist and feedback + cat ${TMPDIR}/node_list.txt | column + echo ' THIS script adds the config from GENESIS to this operating system' + echo ' make sure you know what you are doing, if not press control-C' + echo ' ENTER CONFIG NAME ......(and press enter)' + + if [ ${OPT_BATCH} -eq 1 ]; then + config_validator "${CONFIG}" + if [ $? -eq 1 ]; then + echo "ERROR: Please provide valid config" 1>&2 + exit 1 + fi + else + # Have the user to select the right node + INVALID_CONFIG=1 + while [ ${INVALID_CONFIG} -eq 1 ]; do + # Ask for node name, play around with prev option + echo -n "Name [${CONFIG}]: " + read INPUT + if [ -z "${INPUT}" ]; then + INPUT=${CONFIG} + else + CONFIG=${INPUT} + fi + + config_validator "${INPUT}" + if [ $? -eq 0 ]; then + INVALID_CONFIG=0 + fi + done + fi +} + + + + +# Copy file, saving some bits if no change needed +copy_file() { + SOURCE=$1 + TARGET=$2 + diff -q ${SOURCE} ${TARGET} >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + mkdir -p `dirname ${TARGET}` || exit 1 + cp ${SOURCE} ${TARGET} || exit 1 + return $? + fi + return 1 +} + +# Main function +main() { + TMPDIR=`mktemp -d -t $(basename $0)` + # Clear out tempdir when done + if [ ${OPT_MOUNT} -eq 1 ]; then + trap "rm -Rf ${TMPDIR}; umount /cfg; mount -ro noatime /; exit" 0 1 2 3 15 + else + trap "rm -Rf ${TMPDIR}; exit" 0 1 2 3 15 + + fi + + # Mount if requested + if [ ${OPT_MOUNT} -eq 1 ]; then + mount -uwo noatime / + mount /cfg + fi + + # Select node from web-interface + if [ ${USE_API} -eq 1 ]; then + select_node + fi + + # Worker, place all files in required directory + for FILE in ${FILES}; do + if [ ${USE_API} -eq 1 ]; then + # Fetch needed file + FRESH_LOC=${TMPDIR}/${FILE} + fetch -q -o ${FRESH_LOC} ${BASEURL}/${CONFIG}/${FILE} || exit 1 + fi + + # Needed file details, like locations and hints + file_details ${FILE} + + echo "INFO: Working on file: '${FILE}'" + # Copy file boot location + if [ ${OPT_STARTUP} -eq 1 ]; then + copy_file ${FRESH_LOC} ${STARTUP_LOC} + fi + + # Copy file running location + if [ ${OPT_RUNNING} -eq 1 ]; then + copy_file ${FRESH_LOC} ${RUNNING_LOC} + if [ $? -eq 0 ]; then + echo "INFO: '${FILE}' changed" + if [ -n "${FILE_HINT}" ]; then + echo "INFO: For instant activate: ${FILE_HINT}" + echo "" + fi + fi + fi + + # Direct copy + if [ ${OPT_HACK} -eq 1 ]; then + # No checking, just dumb try to copy mode + cp -v ${RUNNING_LOC} ${STARTUP_LOC} + fi + done + + exit 0 +} + +parse_options $* +main Index: /branches/trunk/nanobsd/files/tools/wl-version =================================================================== --- /branches/trunk/nanobsd/files/tools/wl-version (revision 10173) +++ /branches/trunk/nanobsd/files/tools/wl-version (revision 10173) @@ -0,0 +1,35 @@ +#!/bin/sh +# Get bare minimal information of node, for the use of easy debugging +# Rick van der Zwet + +# Trac specific code +echo "----" +echo "{{{" + +# Introduction +echo "Generated by $USER@`hostname`" +echo "Date: `date`" + +# Kernel information +uname -a | fold + +# Mount information, for the use of checking which slize is usd +mount + +# static iinformation, on image, like build, time, who, +VERSION='/tools/wl-release.txt' +cat $VERSION + +if [ -r /VERSION ]; then + cat /VERSION + seperator +fi + +# Current ip configuration +ifconfig -a + +# XXX: Configuration specifics + +# Trac specific code +echo "}}}" +echo "----" Index: /branches/trunk/nanobsd/files/usr/local/bin/http302 =================================================================== --- /branches/trunk/nanobsd/files/usr/local/bin/http302 (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/bin/http302 (revision 10173) @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Only purpose is to send somebody to the Captive Portal +# +URL=${URL:-http://172.31.255.1/wlportal} + +# Send information to client +echo -e "HTTP/1.1 302 OK\r" +echo -e "Location: $URL\r" +echo -e "\r" + Index: /branches/trunk/nanobsd/files/usr/local/bin/mvim =================================================================== --- /branches/trunk/nanobsd/files/usr/local/bin/mvim (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/bin/mvim (revision 10173) @@ -0,0 +1,10 @@ +#!/bin/sh +# +# Wrapper to support file hacking on read-only file systems more easily +# +# Rick van der Zwet + + +mount -uwo noatime || exit +vim $* +mount -uro noatime / Index: /branches/trunk/nanobsd/files/usr/local/bin/pen_wrapper =================================================================== --- /branches/trunk/nanobsd/files/usr/local/bin/pen_wrapper (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/bin/pen_wrapper (revision 10173) @@ -0,0 +1,110 @@ +#!/bin/sh +# Pen proxy wrapper, periodic check for best connections +# Stichting Wireless Leiden +# Rick van der Zwet + +BIND_ADDR=${1-172.31.255.1} +BIND_PORT=${2-3128} +DEBUG=0 + +#XXX: Really static list, some dynamic alternative prefered +PROXY_LIST="${3-172.17.8.68:3128 172.17.143.4:3128 172.20.128.98:3128 172.16.2.254:3128 172.19.168.66:3128}" + + +TEST_URL="http://www.ams-ix.net/" +TEST_INTERVAL=`expr 30 \* 60` # Back-off period in seconds, re-testing period + + +# Don't touch, unless you know what you are doing +PIDFILE='/var/run/pen.pid' +PEN='/usr/local/bin/pen' +PEN_FLAGS="-b 30 -r -p ${PIDFILE} -o prio ${BIND_ADDR}:${BIND_PORT}" + +LOGFILE='/var/log/pen_wrapper.log' + +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + if [ ${DEBUG} -eq 0 ]; then + echo "${_msg}" >> ${LOGFILE} + else + echo "${_msg}" + fi +} + +d_log() { + if [ ${DEBUG} -ne 0 ]; then + log $* + fi +} + +test_proxy() +{ + # Set proxy + PROXY=$1 + PORT=$2 + URL=$3 + export HTTP_PROXY="${PROXY}:${PORT}" + + # Attempted fetch + retstr=`fetch -T 3 -o /dev/null ${URL} 2>&1` + retval=$? + + # Store to list if successfull + if [ "${retval}" -eq 0 ]; then + BPS=`echo "${retstr}" | awk '/Bps/ {printf $4}'` + echo "${BPS} ${PROXY}" >> ${TMPFILE} + fi + return $retval +} + +sort_proxies() +{ + # Result holder + TMPFILE=`mktemp -t pen_wrapper` + + for _host in ${PROXY_LIST}; do + PROXY=`echo $_host | cut -d ":" -f1` + PORT=`echo $_host | cut -d ":" -f2` + _msg="Fetching '${TEST_URL}' via '${PROXY}:${PORT}' ..." + test_proxy ${PROXY} ${PORT} ${TEST_URL} && d_log ${_msg} "OK" || d_log ${_msg} "FAILED" + done + + _proxylist=`sort -nr ${TMPFILE} | awk '{print $2}' | tr '\n' ' '` + _cfg="0:0:1:1" + if [ -n "${_proxylist}" ]; then + _prio="0" + _proxy_arg="" + for _proxy in ${_proxylist}; do + _prio=`expr ${_prio} + 1` + _proxy_arg="${_proxy_arg} ${_proxy}:${PORT}:${_cfg}:${_prio}" + done + fi + # Clear out junk + rm -f ${TMPFILE} + NEW_PROXY_LIST="${_proxy_arg}" +} + + +## +# Main loop +LIVE_PROXY_LIST='' +while true; do + sort_proxies + if [ "${LIVE_PROXY_LIST}" != "${NEW_PROXY_LIST}" ]; then + log "INFO: New listing to be configured '${NEW_PROXY_LIST}'" + d_log "Live: ${LIVE_PROXY_LIST}" + d_log "New : ${NEW_PROXY_LIST}" + # Pen should only be started if alias exists + ifconfig | grep -q ${BIND_ADDR} + if [ $? -eq 0 ]; then + if [ -r ${PIDFILE} ]; then + kill `cat ${PIDFILE}` + fi + ${PEN} ${PEN_FLAGS} ${NEW_PROXY_LIST} + LIVE_PROXY_LIST="${NEW_PROXY_LIST}" + fi + fi + sleep ${TEST_INTERVAL} +done Index: /branches/trunk/nanobsd/files/usr/local/bin/ssh-copy-id =================================================================== --- /branches/trunk/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10173) @@ -0,0 +1,50 @@ +#!/bin/sh + +# Shell script to install your public key on a remote machine +# Takes the remote machine name as an argument. +# Obviously, the remote machine must accept password authentication, +# or one of the other keys in your ssh-agent, for this to work. + +ID_FILE="${HOME}/.ssh/id_rsa.pub" + +if [ "-i" = "$1" ]; then + shift + # check if we have 2 parameters left, if so the first is the new ID file + if [ -n "$2" ]; then + if expr "$1" : ".*\.pub" >/dev/null; then + ID_FILE="$1" + else + ID_FILE="$1.pub" + fi + shift # and this should leave $1 as the target name + fi +else + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then + GET_ID="$GET_ID ssh-add -L" + fi +fi + +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then + GET_ID="cat ${ID_FILE}" +fi + +if [ -z "`eval $GET_ID`" ]; then + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 + exit 1 +fi + +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 + +cat <&2 + exit $EX_NOINPUT +fi + +# Compare files, ignore white spaces, modification, etc +diff -b -B -q ${SRC} ${DST}; RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # 2: DST does not yet, exists, 1: file differs + mount -uwo noatime /cfg + mkdir -p /cfg/local + cp ${SRC} ${DST} +fi + +exit $EX_OK Index: /branches/trunk/nanobsd/files/usr/local/etc/mararc =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/mararc (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/mararc (revision 10173) @@ -0,0 +1,238 @@ +# Example mararc file (unabridged version) + +# The various zones we support + +# We must initialize the csv2 hash, or MaraDNS will be unable to +# load any csv2 zone files +csv2 = {} + +# This is just to show the format of the file +#csv2["example.com."] = "db.example.com" + +csv2["wleiden.net."] = "db.wleiden.net." +csv2["16.172.in-addr.arpa."] = "db.16.172.in-addr.arpa." +csv2["17.172.in-addr.arpa."] = "db.17.172.in-addr.arpa." +csv2["18.172.in-addr.arpa."] = "db.18.172.in-addr.arpa." +csv2["19.172.in-addr.arpa."] = "db.19.172.in-addr.arpa." +csv2["20.172.in-addr.arpa."] = "db.20.172.in-addr.arpa." +csv2["21.172.in-addr.arpa."] = "db.21.172.in-addr.arpa." +csv2["22.172.in-addr.arpa."] = "db.22.172.in-addr.arpa." +csv2["23.172.in-addr.arpa."] = "db.23.172.in-addr.arpa." +csv2["24.172.in-addr.arpa."] = "db.24.172.in-addr.arpa." +csv2["25.172.in-addr.arpa."] = "db.25.172.in-addr.arpa." +csv2["26.172.in-addr.arpa."] = "db.26.172.in-addr.arpa." +csv2["27.172.in-addr.arpa."] = "db.27.172.in-addr.arpa." +csv2["28.172.in-addr.arpa."] = "db.28.172.in-addr.arpa." +csv2["29.172.in-addr.arpa."] = "db.29.172.in-addr.arpa." +csv2["30.172.in-addr.arpa."] = "db.30.172.in-addr.arpa." +csv2["31.172.in-addr.arpa."] = "db.31.172.in-addr.arpa." + +# The address this DNS server runs on. If you want to bind +# to multiple addresses, separate them with a comma like this: +ipv4_bind_addresses = "127.0.0.1" +# The directory with all of the zone files +chroot_dir = "/usr/local/etc/maradns" +# The numeric UID MaraDNS will run as +maradns_uid = 53 +# The (optional) numeric GID MaraDNS will run as +maradns_gid = 53 +# The maximum number of threads (or processes, with the zone server) +# MaraDNS is allowed to run +maxprocs = 96 +# It is possible to specify a different maximum number of processes that +# the zone server can run. If this is not set, the maximum number of +# processes that the zone server can have defaults to the 'maxprocs' value +# above +# max_tcp_procs = 64 + +# Normally, MaraDNS has some MaraDNS-specific features, such as DDIP +# synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org." +# with a TXT query returns the version of MaraDNS that a server is +# running), unique handling of multiple QDCOUNTs, etc. Some people +# might not like these features, so I have added a switch that lets +# a sys admin disable all these features. Just give "no_fingerprint" +# a value of one here, and MaraDNS should be more or less +# indistinguishable from a tinydns server. +no_fingerprint = 0 + +# Normally, MaraDNS only returns A and MX records when given a +# QTYPE=* (all RR types) query. Changing the value of default_rrany_set +# to 15 causes MaraDNS to also return the NS and SOA records, which +# some registrars require. The default value of this is 3 +default_rrany_set = 3 + +# These constants limit the number of records we will display, in order +# to help keep packets 512 bytes or smaller. This, combined with round_robin +# record rotation, help to use DNS as a crude load-balancer. + +# The maximum number of records to display in a chain of records (list +# of records) for a given host name +max_chain = 8 +# The maximum number of records to display in a list of records in the +# additional section of a query. If this is any value besides one, +# round robin rotation is disabled (due to limitations in the current +# data structure MaraDNS uses) +max_ar_chain = 1 +# The maximum number of records to show total for a given question +max_total = 20 + +# The number of messages we log to stdout +# 0: No messages except for fatal parsing errors and the legal disclaimer +# 1: Only startup messages logged (default) +# 2: Error queries logged +# 3: All queries logged (but not very verbosely right now) +verbose_level = 1 + +# Initialize the IP aliases, which are used by the list of root name servers, +# the ACL for zone transfers, and the ACL of who gets to perform recursive +# queries +ipv4_alias = {} + +# Various sets of root name servers +# Note: Netmasks can exist, but are ignored when specifying root name server + +# ICANN: the most common and most controversial root name server +# http://www.icann.org +# This list can be seen at http://www.root-servers.org/ +ipv4_alias["icann"] = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," +ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4," +ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30," +ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33" + +# OpenNIC: http://www.opennic.unrated.net/ +# Current as of 2005/11/30; these servers change frequently so please +# look at their web page +ipv4_alias["opennic"] = "157.238.46.24, 209.104.33.250, 209.104.63.249," +ipv4_alias["opennic"] += "130.94.168.216, 209.21.75.53, 64.114.34.119," +ipv4_alias["opennic"] += "207.6.128.246, 167.216.255.199, 62.208.181.95," +ipv4_alias["opennic"] += "216.87.153.98, 216.178.136.116" + +# End of list of root name server lists + +# Here is a ACL which restricts who is allowed to perform zone transfer from +# the zoneserver program + +# Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to match) +# and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask +# 255.255.255.224) are allowed to connect to the zone server +# NOTE: The "maradns" program does not serve zones. Zones are served +# by the "zoneserver" program. +#zone_transfer_acl = "10.1.1.1/24, 10.100.100.100/255.255.255.224" + +# More complex: We create two aliases: One called "office" and another +# called "home". We allow anyone in the office or at home to perform zone +# transfers +#ipv4_alias["office"] = "10.1.1.1/24" +#ipv4_alias["home"] = "10.100.100.100/255.255.255.224" +#zone_transfer_acl = "office, home" + +# More complex then the last example. We have three employees, +# Susan, Becca, and Mia, whose computers we give zone transfer rights to. +# Susan and Becca are system administrators, and Mia is a developer. +# They are all part of the company. We give the entire company zone +# transfer access +#ipv4_alias["susan"] = "10.6.7.8/32" # Single IP allowed +#ipv4_alias["becca"] = "10.7.8.9" # also a single IP +#ipv4_alias["mia"] = "10.8.9.10/255.255.255.255" # Also a single IP +#ipv4_alias["sysadmins"] = "susan, becca" +#ipv4_alias["devel"] = "mia" +#ipv4_alias["company"] = "sysadmins, devel" +# This is equivalent to the above line +#ipv4_alias["company"] = "susan, becca, mia" +#zone_transfer_acl = "company" + +# If you want to enable recursion on the loopback interface, uncomment +# the relevant lines in the following section + +# Recursive ACL: Who is allowed to perform recursive queries. The format +# is identical to that of "zone_transfer_acl", including ipv4_alias support + +ipv4_alias["wleiden"] = "172.16.0.0/12" +ipv4_alias["localhost"] = "127.0.0.0/8" +recursive_acl = "localhost, wleiden" + +# Random seed file: The file from which we read 16 bytes from to get the +# 128-bit random Rijndael key. This is ideally a file which is a good source +# of random numbers, but can also be a fixed file if your OS does not have +# a decent random number generator (make sure the contents of that file is +# random and with 600 perms, owned by root, since we read the file *before* +# dropping root privileges) + +#random_seed_file = "/dev/urandom" + +# The maximum number of elements we can have in the cache. If we have more +# elements in the cache than this amount, the "custodian" kicks in to effect, +# removing elements not recently accessed from the cache (8 elements removed +# per query) until we are at the 99% level or so again. + +#maximum_cache_elements = 1024 + +# It is possible to change the minimal "time to live" for entries in the +# cache; this is the minimum time that an entry will stay in the cache. +# Value is in seconds; default is 300 (5 minutes) +#min_ttl = 300 +# CNAME records generally take more effort to resolve in MaraDNS than +# non-CNAME records; it is a good idea to make this higher then min_ttl +# default value is to be the same as min_ttl +#min_ttl_cname = 900 + +# The root servers which we use when making recursive queries. + +# The following line must be uncommented to enable custom root servers +# for recursive queries +# root_servers = {} + +# You can choose which set of root servers to use. Current values (set above) +# are: icann, osrc, alternic, opennic, pacificroot, irsc, tinc, and +# superroot. +# root_servers["."] = "icann" + +upstream_servers = {} + +# If you prefer to contact other recursive DNS servers instead of the ICANN +# root servers, this is done with the upstream_servers mararc variable: +upstream_servers["."] = "8.8.8.8, 8.8.4.4" + +# You can tell MaraDNS to *not* query certain DNS servers when in recursive +# mode. This is mainly used to not allow spam-friendly domains to resolve, +# since spammers are starting to get in the habit of using spam-friendly +# DNS servers to resolve their domains, allowing them to hop from ISP to +# ISP. The format of this is the same as for zone_transfer_acl and +# recursive_acl + +# For example, at the time of this document (August 12, 2001), azmalink.net +# is a known spam-friendly DNS provider (see doc/detailed/spammers/azmalink.net +# for details.) Note that this is based on IPs, and azmalink.net constantly +# changes IPs (as they constantly have to change ISPs) +# 2002/10/12: Azmalink changed ISP again, this reflect their current ISP +ipv4_alias["azmalink"] = "12.164.194.0/24" + +# As of September 20, 2001, hiddenonline.net is a known spam-friendly +# DNS provider (see doc/detailed/spammers/hiddenonline for details). +ipv4_alias["hiddenonline"] = "65.107.225.0/24" +spammers = "azmalink,hiddenonline" + +# It is also possible to change the maximum number of times MaraDNS will +# follow a CNAME record or a NS record with a glue A record. The default +# value for this is ten. +#max_glueless_level = 10 +# In addition, one can change the maximum number of total queries that +# MaraDNS will perform to look up a host name. The default value is 32. +#max_queries_total = 32 +# In addition, one can change the amount of time that MaraDNS will wait +# for a DNS server to respond before giving up and trying the next DNS +# server on a list. Note that, the larger this value is, the slower +# MaraDNS will process recursive queries when a DNS server is not +# responding to DNS queries. The default value is two seconds. +#timeout_seconds = 2 + + +# And that does it for the caching at this point + +# I have read the bloody disclaimer, stop nagging about it and printing it to +# message buffer +hide_disclaimer = "YES" + + + + Index: /branches/trunk/nanobsd/files/usr/local/etc/nrpe.cfg =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10173) @@ -0,0 +1,12 @@ +server_port=5666 +allowed_hosts=172.16.4.46 +nrpe_user=nagios +nrpe_group=nagios +command_timeout=60 + +command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 +command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 +command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p / +command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var +command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70 + Index: /branches/trunk/nanobsd/files/usr/local/etc/ntp.drift =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/ntp.drift (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/ntp.drift (revision 10173) @@ -0,0 +1,1 @@ +0.000 Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/fetchzone =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/fetchzone (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/fetchzone (revision 10173) @@ -0,0 +1,26 @@ +#!/bin/sh +# +# PROVIDE: fetchzone +# BEFORE: maradns +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable fetchzone: +# +# fetchzone_enable="YES" +# +. /etc/rc.subr + +name=fetchzone +rcvar=`set_rcvar` + +command_interpreter=/bin/sh +command=/usr/local/sbin/fetchzone.sh +command_args="&" + +load_rc_config ${name} + +fetchzone_enable=${fetchzone_enable-"NO"} +fetchzone_pidfile=${fetchzone_pidfile-"/var/run/fetchzone.pid"} +pidfile="${fetchzone_pidfile}" + +run_rc_command "$1" Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/http302 =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10173) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# PROVIDE: http301 +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# http302_enable="YES" +# +. /etc/rc.subr + +name=http302 +rcvar=`set_rcvar` + +command=/usr/local/bin/tcpserver +command_args="-R -H -l 0 172.31.255.1 8081 /usr/local/bin/http302 &" + +load_rc_config ${name} + +http301_enable=${http301_enable-"NO"} + +#### +# tcpserver does not generate a pid file + +run_rc_command "$1" + Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/inet =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/inet (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/inet (revision 10173) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: inet +# BEFORE: LOGIN +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable inet/lvrouted: +# +# Don't enable lvrouted yet +# +# inet_enable="YES" +# +. /etc/rc.subr + +name=inet +rcvar=`set_rcvar` + +command_interpreter=/bin/sh +command=/usr/local/sbin/inet +command_args="&" + +load_rc_config ${name} + +inet_enable=${inet_enable-"NO"} +inet_pidfile=${inet_pidfile-"/var/run/inet.pid"} +pidfile="${inet_pidfile}" + +run_rc_command "$1" + Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/iperf =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10173) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: iperf +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# iperf_enable="YES" +# +. /etc/rc.subr + +name=iperf +rcvar=`set_rcvar` + +command=/usr/local/bin/iperf +command_args="-s -D" + +load_rc_config ${name} + +iperf_enable=${iperf_enable-"NO"} + +#### +# iperf does not generate a pid file +# iperf_pidfile=${iperf_pidfile-"/var/run/.pid"} +# pidfile="${iperf_pidfile}" + +run_rc_command "$1" + Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/lvrouted =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/lvrouted (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/lvrouted (revision 10173) @@ -0,0 +1,52 @@ +#!/bin/sh +# +# PROVIDE: lvrouted +# REQUIRE: netif routing +# KEYWORD: nojail + +lvrouted_enable=${lvrouted_enable:-"NO"} +lvrouted_flags=${lvrouted_flags:-} + +. /etc/rc.subr + +name="lvrouted" +rcvar=`set_rcvar` +load_rc_config $name + +command="/usr/local/sbin/${name}" +pid_file="/var/run/${name}.pid" + +# Import proxies +wleiden_conf="/usr/local/etc/wleiden.conf" +if [ -r $wleiden_conf ]; then + . ${wleiden_conf} +fi + +# If there are proxies specified, them add them with the z flag +if [ -n "$PROXIES" ]; then + PROXIES=`echo ${PROXIES} | sed 's/\ /\,/g'` + lvrouted_flags="$lvrouted_flags -z $PROXIES" +fi + +start_precmd="lvrouted_flush_routes" + +# XXX: Needs to be a flag to disable +# XXX: lvrouted should mark their added routed protocol specific (see: man 8 route) +# lvrouted requires no route to exists before start as it is not able to alter +# old routes, so make it flush all dynamic generated routes +lvrouted_flush_routes() { + + # XXX: Does the looping bug still exists? + # Keep looping till we whiped _all_ dynamic generated routes + while true; do + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) { exit 1} }' + if [ $? -eq 0 ]; then + break + fi + echo "WARNING: Flushing all existing DYNAMIC routes" 1>&2 + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) {print $1} }' | xargs -n 1 route delete + done +} + +run_rc_command "$1" + Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/maradns =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/maradns (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/maradns (revision 10173) @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD: ports/dns/maradns/files/maradns.in,v 1.3 2010/02/08 15:08:44 miwi Exp $ +# + +# PROVIDE: maradns +# REQUIRE: SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown +# + +. /etc/rc.subr + +: ${maradns_enable="NO"} +: ${maradns_conf="/usr/local/etc/mararc"} + + +# Nastly hack to allow the MaraDNS bind to the proper variable IP address +mara_pre() { + IP=`ifconfig ${internalif} | awk '/inet/ { print $2 }'` + sed -i .orig 's/^\(ipv4_bind_addresses[\ \t=]*"\).*$/\1'${IP}',127.0.0.1"/g' ${maradns_conf} +} + +name="maradns" +rcvar=`set_rcvar` +command="/usr/local/bin/duende" +command_args="/usr/local/sbin/maradns -f ${maradns_conf}" +pidfile="/var/run/${name}.pid" +start_precmd=mara_pre +load_rc_config $name + +run_rc_command "$1" + Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10173) @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/motd,v 1.9.10.1.4.1 2009/04/15 03:14:26 kensmith Exp $ +# + +# PROVIDE: nanobsd-motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="nanobsd_motd" +rcvar="update_nanobsd_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + echo -n 'Updating motd' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' ... /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + # XXX: Hack quick and dirty combine of /etc/rc.d/motd and /tools/savesshkeys + trap "umount /cfg" 1 2 15 EXIT + mount /cfg + cp $T /cfg/motd + chmod ${PERMS} /etc/motd + umount /cfg + trap 1 2 15 EXIT + + trap "mount -uro noatime /" 1 2 15 EXIT + mount -uwo noatime / + cp $T /etc/motd + chmod ${PERMS} /etc/motd + mount -uro noatime / + trap 1 2 15 EXIT + } + rm -f $T + + echo . +} + +load_rc_config $name +run_rc_command "$1" Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10173) @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen +# REQUIRE: NETWORKING SERVERS sshd +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable nanobsd-save-sshkeys: +# +# nanobsd_save_sshkeys_enable="YES" +# + +. /etc/rc.subr + +name=nanobsd_save_sshkeys +rcvar=`set_rcvar` + +nanobsd_save_sshkeys_enable=${nanobsd_save_sshkeys_enable:-"NO"} + +start_cmd="save_sshkeys" +stop_cmd="save_sshkeys" + +save_sshkeys() { + MOUNTED_RW=0 + trap "umount /cfg" 1 2 15 EXIT + mount -ro noatime /cfg + for FILE in /etc/ssh/ssh_host_*; do + cmp -s $FILE /cfg/ssh/`basename ${FILE}` + if [ $? -ne 0 ]; then + if [ ${MOUNTED_RW} -eq 0 ]; then + mount -uwo noatime /cfg + mkdir -p /cfg/ssh + MOUNTED_RW=1 + fi + cp $FILE /cfg/ssh/`basename ${FILE}` + fi + done + + umount /cfg + trap 1 2 15 EXIT +} + + +load_rc_config $name +run_rc_command "$1" + Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nsd =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nsd (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/nsd (revision 10173) @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD: ports/dns/nsd/files/nsd.in,v 1.4 2009/01/16 00:30:07 miwi Exp $ +# +# PROVIDE: nsd +# REQUIRE: DAEMON +# +# Add the following line to /etc/rc.conf to enable nsd: +# +# nsd_enable="YES" +# +# Added the start command since rebuilding is required at first boot (richardvm@wirelessleiden.nl) + +. /etc/rc.subr + +name=nsd +rcvar=`set_rcvar` + +required_files=/usr/local/etc/nsd/nsd.conf + +command=/usr/local/sbin/${name} +pidfile=/var/run/${name}.pid + +load_rc_config ${name} + +nsd_enable=${nsd_enable-"NO"} + +stop_cmd="nsd_stop" +start_cmd="nsd_start" + +nsd_start() +{ + echo "Rebuilding zone files..." + /usr/local/sbin/nsdc rebuild + + echo "Starting nsd." + /usr/local/sbin/nsdc start +} + +nsd_stop() +{ + echo "Merging nsd zone transfer changes to zone files." + /usr/local/sbin/nsdc patch + + sleep 5 + + echo "Stopping nsd." + /usr/local/sbin/nsdc stop +} + + +run_rc_command "$1" + Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/pen_wrapper =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10173) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen_wrapper +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable pen: +# +# pen_wrapper_enable="YES" +# + +. /etc/rc.subr + +pen_wrapper_cmd() { + ${command_interpreter} ${command} & +} + +name=pen_wrapper +rcvar=`set_rcvar` +start_cmd=${name}_cmd + +command_interpreter="/bin/sh" +command=/usr/local/bin/pen_wrapper + +pen_wrapper_enable=${pen_wrapper_enable:-"NO"} +pen_wrapper_flags=${pen_wrapper_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/trunk/nanobsd/files/usr/local/etc/rc.d/wlportal =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/rc.d/wlportal (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/rc.d/wlportal (revision 10173) @@ -0,0 +1,23 @@ +#!/bin/sh +# +# $Id$ +# + +# PROVIDE: wlportal +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown + +wlportal_enable=${wlportal_enable:-"NO"} +wlportal_flags=${wlportal_flags:-} + +. /etc/rc.subr + +name="wlportal" +rcvar=`set_rcvar` +load_rc_config $name + +command="/usr/local/wlportal/wlportal" +command_interpreter="/usr/local/bin/python" +pid_file="/var/run/${name}.pid" + +run_rc_command "$1" Index: /branches/trunk/nanobsd/files/usr/local/etc/thttpd.conf =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/thttpd.conf (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/thttpd.conf (revision 10173) @@ -0,0 +1,6 @@ +user=root +dir=/usr/local/www +cgipat=** +nochroot +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid Index: /branches/trunk/nanobsd/files/usr/local/etc/tinyproxy.conf =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10173) @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User nobody +Group nogroup + +# +# Port to listen on. +# +Port 3128 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/local/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/local/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/local/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/local/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/local/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/local/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/local/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/local/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Warning + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 172.16.0.0/12 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +#ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +Filter "/usr/local/etc/tinyproxy.filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +FilterDefaultDeny No + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 Index: /branches/trunk/nanobsd/files/usr/local/etc/tinyproxy.filter =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/tinyproxy.filter (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/tinyproxy.filter (revision 10173) @@ -0,0 +1,2 @@ +192.168.*.* +10.*.*.* Index: /branches/trunk/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl (revision 10173) @@ -0,0 +1,86 @@ + + + Welkom aan Boord van %(portal_sponsor)s || Connectiviteit door Stichting Wireless Leiden + + +
+ + +
+

%(status_msg)s

+

Welkom aan Boord met %(portal_sponsor)s

+ +%(portal_sponsor)s bied u in samenwerking met Stichting Wireless Leiden op deze locatie internet aan. Twee ``huisregels'': +
    +
  1. Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn +kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan +de Nederlandse wetgeving en geen schade toe te brengen of ongemak te +veroorzaken voor anderen.
    2. +
  2. Stichting Wireless Leiden en %(portal_sponsor)s accepteren geen enkele +aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of +verband houdt met het gebruik van het netwerk.
    3. +
+ +

+Wij wensen u nog een fijne dag,
+%(portal_sponsor)s & Stichting Wireless Leiden
+

PS: Voor de techneuten: TCP:80 (HTTP) en TCP:443 (HTTPS) zijn toegestaan
+ + +
+
+

Internettoegang

+

U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+ Gedetailleerde instructies kunt u vinden op onze website. +

+N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. + +

Eerlijk gebruikmaken van Wireless Leiden

+ Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+ De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+Geef hieronder aan of u accoord gaat met deze voorwaarden: +
+ + +
+ + +
+

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/trunk/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample (revision 10173) @@ -0,0 +1,6 @@ +whitelist: + - 00:11:22:33:44:55 + - 172.16.16.16 +portal_sponsor : Stichting Aalsmeer WestEinder +portal_url : http://www.aalsmeerwesteinder.nl +refresh_delay : 10 Index: /branches/trunk/nanobsd/files/usr/local/etc/wlportal/login.tmpl =================================================================== --- /branches/trunk/nanobsd/files/usr/local/etc/wlportal/login.tmpl (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/etc/wlportal/login.tmpl (revision 10173) @@ -0,0 +1,71 @@ + + + Welkom bij Wireless Leiden captive portal + + + + + +

%(status_msg)s

+
+ For English see bottom of this page +

Eerlijk gebruikmaken van Wireless Leiden

+ 
+   A) Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. 
+   B) U dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+   C) De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+

Internet Toegang

+

Internetten op het Wireless Leiden netwerk kan op twee manieren:
+ N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. +

    +
  1. In uw browser een 'proxy' instellen. (in het algemeen sneller internet).
    2. +
  2. Gebruik maken van de iLeiden service (gemakkelijk voor mobiele apparaten).
    3. +
+ +
+ + +
+ +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+

+ N.B. Haal na gebruik de instellingen weer weg +

+ +

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser OR click on the button bellow.
+ To set the proxy for instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_inet =================================================================== --- /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10173) @@ -0,0 +1,40 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# HTTP proxy to use +HTTP_PROXY=http://proxy.wleiden.net:3128 + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Make variable global, so fetch can use it +export HTTP_PROXY + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '{ print $4 " " $5 }'` + +# What was the format of speed (Bps) +TYPE=`echo ${SPEEDOUT} | awk '{ print $5 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$TYPE" = "Bps" ]; then + + # Let's celebrate, it was successfull + echo "INET OK: $SPEED" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_inet2 =================================================================== --- /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10173) @@ -0,0 +1,31 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '/Bps/ { print $13 " " $14 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$SPEED" ]; then + + # Let's celebrate, it was successfull + printf "INET OK: $SPEED\n" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_lv =================================================================== --- /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10173) @@ -0,0 +1,107 @@ +#!/usr/local/bin/python + +import os +import re + +# Bsd config file +config="/etc/rc.conf.local" + +def gettrees () : + ip = [] + + # Run through all the files in /tmp + for filename in os.listdir('/tmp'): + + # Match lvrouted tree files and get ip address + # lvrouted.tree-172.16.4.9 + match = re.match(r'lvrouted.tree-(.*)$', filename) + if match: + + # append ip address to list + ip.append(match.group(1)) + + return ip + +# Get all ips in the subnet (based on ip and mask) +def iprange (ip, mask) : + + # Max number of bits in the subnetmask + max=32 + + # Make sure the mask is integer + mask=int(mask) + + # Don't do anything with certain subnet sizes + if mask > 27 and mask < 32 : + + # Make an ip list + iplist = [] + + # Split the ip + oc = ip.split(".") + + # Calculate the total subnet size + max = 2 ** ( max - mask ) + + # Make sure the last oclet of the ip is integer + oc[3] = int(oc[3]) + + # Calculate the lower end of the subnet + min = oc[3] - ( oc[3] % max ) + 1 + + # Calculate the upper end of the subnet + max = min + max - 2 + + # Run through all possible ip's + for oc3 in range(min, max): + + # Add Ip to iplist + iplist.append(str(oc[0]) + "." + str(oc[1]) + "." + str(oc[2]) + "." + str(oc3)) + + # Return the iplist to the caller + return iplist + +# Open the config file and run through it +file = open (config) +treeips = gettrees() +invalid = [] +rcips = [] + +for line in file.readlines(): + + # Get variable's out of the config file and validate it + match = re.match(r'ipv4_addrs_(.*?)="(.*?)/([\d]{1,2})(.*)"$', line) + if match: + + # Get info + iface = match.group(1) + ip = match.group(2) + mask = match.group(3) + + # Call iprange, get all ip's in the subnet + allips = iprange(ip, mask) + + # Don't iterate through empty list + if allips: + + valid=0 + + # Check if one of the ip's in the lvrouted list (one must be present) + for rangeip in allips: + if rangeip in treeips: + valid=1 + + if not valid: + invalid.append(iface) + +if invalid: + retval = "LV ERROR:" + for iface in invalid: + retval = retval + " " + iface + print retval + exit(2) +else: + print "LV OK" + exit(0) + + Index: /branches/trunk/nanobsd/files/usr/local/sbin/check-inet-alive =================================================================== --- /branches/trunk/nanobsd/files/usr/local/sbin/check-inet-alive (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/sbin/check-inet-alive (revision 10173) @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Internet Connection Wrapper From Cron +# +# a) Disable lvrouted if the internet is down. +# b) Re-enable lvrouted if the internet is back up. +# +# XXX: Do we need build an fail-save for flapping states? +# XXX: Do we need to manage state, like DHCP here? +# XXX: Check if page output is actually the output expected and not some weird captive portal somewhere. +# +# Rick van der Zwet +# + +TAG=`basename $0` +INET_STATUS=down +service lvrouted onestatus > /dev/null && LVROUTED_STATUS="running" || LVROUTED_STATUS="stopped" + +# Main I-net check +fetch -o /dev/null -q http://proxy-test.wirelessleiden.nl && INET_STATUS=up + +if [ $INET_STATUS = "down" ]; then + # Failback internet check + fetch -o /dev/null http://ams-ix.net && INET_STATUS=up +fi + +if [ $LVROUTED_STATUS = "stopped" ] && [ $INET_STATUS = "up" ]; then + service lvrouted start | logger -t "$TAG" +elif [ $LVROUTED_STATUS = "running" ] && [ $INET_STATUS = "down" ]; then + service lvrouted stop | logger -t "$TAG" +fi Index: /branches/trunk/nanobsd/files/usr/local/sbin/fetchzone.sh =================================================================== --- /branches/trunk/nanobsd/files/usr/local/sbin/fetchzone.sh (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/sbin/fetchzone.sh (revision 10173) @@ -0,0 +1,77 @@ +#!/bin/sh +# $Id: fetchzone.sh 9970 2012-02-15 18:04:47Z rick $ +# +# Wireless Leiden specific configuration to fetch DNS zones +# used by MaraDNS +# + +# Script is running in deamon mode to discriptors available, so make sure to +# close them to avoid 'hanging' scripts. +exec <&- +exec 1>/dev/null +exec 2>/dev/null + + +# Updates of $ZONES we are going to fetch from the $SERVER every $IDLE seconds +ZONES="wleiden.net. 16.172.in-addr.arpa. 17.172.in-addr.arpa. +18.172.in-addr.arpa. 19.172.in-addr.arpa. 20.172.in-addr.arpa. +21.172.in-addr.arpa. 22.172.in-addr.arpa. 23.172.in-addr.arpa. +24.172.in-addr.arpa. 25.172.in-addr.arpa. 26.172.in-addr.arpa. +27.172.in-addr.arpa. 28.172.in-addr.arpa. 29.172.in-addr.arpa. +30.172.in-addr.arpa. 31.172.in-addr.arpa." +SERVER=172.16.4.46 +IDLE=3600 + +LOGFILE=/var/log/fetchzone.log +PIDFILE=/var/run/fetchzone.pid +### END OF USER CONFIGURABLE VARIABLES ### + +TAGNAME=`basename $0 .sh` +# Create logging service +log() { + echo `date "+%b %e %T"`":" $* >> ${LOGFILE} + echo $* | logger -t "$TAGNAME" +} + +# Register PID +PID=$$ +echo ${PID} > ${PIDFILE} +log "[INFO] Fetchzone starting with PID: $PID" + +# Make me a deamon script +while [ true ]; do + + CHANGED_ZONES="" + # Run through multiple zones + for ZONE in ${ZONES}; do + # (re) Set some extra vars + TMPFILE=/tmp/dns-tmp-${ZONE} + REALFILE=/usr/local/etc/maradns/db.${ZONE} + # Execute Fetchzone + /usr/local/bin/fetchzone ${ZONE} ${SERVER} > ${TMPFILE} + + # Did Fetchzone exit unhappy + if [ $? -ne 0 ]; then + # Something went wrong lets log it + log "[ERROR] [$ZONE] Errors found in fetchzone query" + continue + fi + + # Are there any changes, we need to put active? + cmp -s ${TMPFILE} ${REALFILE} + if [ $? -ne 0 ]; then + log "[INFO] [$ZONE] Changes found" + cp ${TMPFILE} ${REALFILE} + CHANGED_ZONES="$CHANGED_ZONES $ZONE" + fi + done + + # Maradns requires a restart to load new zonefile + if [ -n "$CHANGED_ZONES" ]; then + log "[INFO] `/usr/local/etc/rc.d/maradns restart`" + fi + + # Next run in $IDLE seconds + sleep ${IDLE} +done + Index: /branches/trunk/nanobsd/files/usr/local/sbin/inet =================================================================== --- /branches/trunk/nanobsd/files/usr/local/sbin/inet (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/sbin/inet (revision 10173) @@ -0,0 +1,97 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# Test page to query +PROXY_TEST='http://www.ams-ix.net/' + +# Log file +LOGFILE='/var/log/inet.log' +PIDFILE='/var/run/inet.pid' + +# Speed periods +SLEEP_OK='900' +SLEEP_NOK='60' + +# Write pid file +echo $$ > ${PIDFILE} + +# Logging +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + echo "${_msg}" >> ${LOGFILE} +} + +# Start/stop lvrouted +lvrouted() +{ + script=/usr/local/etc/rc.d/lvrouted + + case $1 in + + enable) + ${script} onestart + ;; + + disable) + ${script} onestop + ;; + + esac + +} + +# Make sure I never die +while [ true ]; +do + + # Query the webpage + fetch -o /dev/null ${PROXY_TEST} > /dev/null 2>/dev/null + + # What is the Exit code of fetch? + EXIT=$? + + # Did the status change? + if [ "$STATUS" != "$EXIT" ]; then + STATUS=${EXIT} + + # New status: + case ${STATUS} in + + # Internet is present, let's enable lvrouted + 0) + lvrouted enable + log "INET OK: Enabled lvrouted" + ;; + + # Internet is not present, let's disabled lvrouted + 1) + lvrouted disable + log "INET CRITICAL: Disabled lvrouted" + ;; + + esac + fi + + # Did my magic, lets sleep + case ${STATUS} in + + # I am in ok state, I will wake up in ... + 0) + sleep ${SLEEP_OK} + ;; + + + # I am in nok state, I will wake up in ... + 1) + sleep ${SLEEP_NOK} + ;; + + esac + + +done + Index: /branches/trunk/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt =================================================================== --- /branches/trunk/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10173) @@ -0,0 +1,2978 @@ +-- ***************************************************************** +-- IEEE802dot11-MIB : +-- IEEE 802.11 Management Information Base file +-- +-- Nov 2002, Francis Pang +-- +-- Copyright (c) 2002 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +-- ********************************************************************** +-- * IEEE 802.11 Management Information Base +-- ********************************************************************** + +IEEE802dot11-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE,Integer32, Counter32, + Unsigned32 FROM SNMPv2-SMI + + DisplayString , MacAddress, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + + ifIndex FROM RFC1213-MIB; + +-- ********************************************************************** +-- * Tree Definition +-- ********************************************************************** + + member-body OBJECT IDENTIFIER ::= { iso 2 } + us OBJECT IDENTIFIER ::= { member-body 840 } + +-- ********************************************************************** +-- * MODULE IDENTITY +-- ********************************************************************** + +ieee802dot11 MODULE-IDENTITY + LAST-UPDATED "0208300000Z" + ORGANIZATION "IEEE 802.11" + CONTACT-INFO + "WG E-mail: stds-802-11@ieee.org + + Chair: Stuart J. Kerry + Postal: Philips Semiconductors, Inc. + 1109 McKay Drive + M/S 48 SJ + San Jose, CA 95130-1706 USA + Tel: +1 408 474 7356 + Fax: +1 408 474 7247 + E-mail: stuart.kerry@philips.com + + Editor: Bob O'Hara + Postal: Informed Technology, Inc. + 1750 Nantucket Circle, Suite 138 + Santa Clara, CA 95054 USA + Tel: +1 408 986 9596 + Fax: +1 408 727 2654 + E-mail: bob@informed-technology.com" + DESCRIPTION + "The MIB module for IEEE 802.11 entities. + iso(1).member-body(2).us(840).ieee802dot11(10036)" + ::= { us 10036 } + +-- ********************************************************************** +-- * Major sections +-- ********************************************************************** + +-- Station ManagemenT (SMT) Attributes + -- DEFINED AS "The SMT object class provides the necessary support + -- at the station to manage the processes in the station such that + -- the station may work cooperatively as a part of an IEEE 802.11 + -- network." + + dot11smt OBJECT IDENTIFIER ::= { ieee802dot11 1 } + + -- dot11smt GROUPS + -- dot11StationConfigTable ::= { dot11smt 1 } + -- dot11AuthenticationAlgorithmsTable ::= { dot11smt 2 } + -- dot11WEPDefaultKeysTable ::= { dot11smt 3 } + -- dot11WEPKeyMappingsTable ::= { dot11smt 4 } + -- dot11PrivacyTable ::= { dot11smt 5 } + -- dot11SMTnotification ::= { dot11smt 6 } + -- dot11MultiDomainCapabilityTable ::= { dot11smt 7 } + +-- MAC Attributes + -- DEFINED AS "The MAC object class provides the necessary support + -- for the access control, generation, and verification of frame + -- check sequences (FCSs), and proper delivery of valid data to + -- upper layers." + + dot11mac OBJECT IDENTIFIER ::= { ieee802dot11 2 } + + -- MAC GROUPS + -- reference IEEE Std 802.1f-1993 + -- dot11OperationTable ::= { dot11mac 1 } + -- dot11CountersTable ::= { dot11mac 2 } + -- dot11GroupAddressesTable ::= { dot11mac 3 } + +-- Resource Type ID + dot11res OBJECT IDENTIFIER ::= { ieee802dot11 3 } + dot11resAttribute OBJECT IDENTIFIER ::= { dot11res 1 } + +-- PHY Attributes + -- DEFINED AS "The PHY object class provides the necessary support + -- for required PHY operational information that may vary from PHY + -- to PHY and from STA to STA to be communicated to upper layers." + + dot11phy OBJECT IDENTIFIER ::= { ieee802dot11 4 } + + -- PHY GROUPS + -- dot11PhyOperationTable ::= { dot11phy 1 } + -- dot11PhyAntennaTable ::= { dot11phy 2 } + -- dot11PhyTxPowerTable ::= { dot11phy 3 } + -- dot11PhyFHSSTable ::= { dot11phy 4 } + -- dot11PhyDSSSTable ::= { dot11phy 5 } + -- dot11PhyIRTable ::= { dot11phy 6 } + -- dot11RegDomainsSupportedTable ::= { dot11phy 7 } + -- dot11AntennasListTable ::= { dot11phy 8 } + -- dot11SupportedDataRatesTxTable ::= { dot11phy 9 } + -- dot11SupportedDataRatesRxTable ::= { dot11phy 10 } + -- dot11PhyOFDMTable ::= { dot11phy 11 } + -- dot11PhyHRDSSSTable ::= { dot11phy 12 } + -- dot11EHCCHoppingPatternTable ::= { dot11phy 13 } + +-- ********************************************************************** +-- * Textual conventions from 802 definitions +-- ********************************************************************** + + WEPKeytype ::= OCTET STRING (SIZE (5)) + +-- ********************************************************************** +-- * MIB attribute OBJECT-TYPE definitions follow +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT Station Config Table +-- ********************************************************************** + +dot11StationConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Station Configuration attributes. In tablular form to + allow for multiple instances on an agent." + ::= { dot11smt 1 } + +dot11StationConfigEntry OBJECT-TYPE + SYNTAX Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11StationConfigTable. It is + possible for there to be multiple IEEE 802.11 interfaces + on one agent, each with its unique MAC address. The + relationship between an IEEE 802.11 interface and an + interface in the context of the Internet-standard MIB is + one-to-one. As such, the value of an ifIndex object + instance can be directly used to identify corresponding + instances of the objects defined herein. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11StationConfigTable 1 } + +Dot11StationConfigEntry ::= + SEQUENCE { + dot11StationID MacAddress, + dot11MediumOccupancyLimit INTEGER, + dot11CFPollable TruthValue, + dot11CFPPeriod INTEGER, + dot11CFPMaxDuration INTEGER, + dot11AuthenticationResponseTimeOut Unsigned32, + dot11PrivacyOptionImplemented TruthValue, + dot11PowerManagementMode INTEGER, + dot11DesiredSSID OCTET STRING, + dot11DesiredBSSType INTEGER, + dot11OperationalRateSet OCTET STRING, + dot11BeaconPeriod INTEGER, + dot11DTIMPeriod INTEGER, + dot11AssociationResponseTimeOut Unsigned32, + dot11DisassociateReason INTEGER, + dot11DisassociateStation MacAddress, + dot11DeauthenticateReason INTEGER, + dot11DeauthenticateStation MacAddress, + dot11AuthenticateFailStatus INTEGER, + dot11AuthenticateFailStation MacAddress, + dot11MultiDomainCapabilityImplemented TruthValue, + dot11MultiDomainCapabilityEnabled TruthValue, + dot11CountryString OCTET STRING } + +dot11StationID OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The purpose of dot11StationID is to allow a manager to + identify a station for its own purposes. This attribute + provides for that eventuality while keeping the true MAC + address independent. Its syntax is MAC address, and the + default value is the station's assigned, unique + MAC address." + ::= { dot11StationConfigEntry 1 } + +dot11MediumOccupancyLimit OBJECT-TYPE + SYNTAX INTEGER (0..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum amount of time, + in TU, that a point coordinator (PC) may control the usage + of the wireless medium (WM) without relinquishing control + for long enough to allow at least one instance of DCF access + to the medium. The default value of this attribute shall + be 100, and the maximum value shall be 1000." + ::= { dot11StationConfigEntry 2 } + +dot11CFPollable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that + the STA is able to respond to a CF-Poll with a data frame + within a SIFS time. This attribute shall be false if + the STA is not able to respond to a CF-Poll with a data + frame within a SIFS time." + ::= { dot11StationConfigEntry 3 } + +dot11CFPPeriod OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the number of DTIM intervals + between the start of CFPs. It is modified by + MLME-START.request primitive." + ::= { dot11StationConfigEntry 4 } + +dot11CFPMaxDuration OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the maximum duration of + the CFP in TU that may be generated by the PCF. It is + modified by MLME-START.request primitive." + ::= { dot11StationConfigEntry 5 } + +dot11AuthenticationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of time units (TUs) + that a responding STA should wait for the next frame in the + authentication sequence." + ::= { dot11StationConfigEntry 6 } + +dot11PrivacyOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the IEEE + 802.11 WEP option is implemented. The default value of + this attribute shall be false." + ::= { dot11StationConfigEntry 7 } + +dot11PowerManagementMode OBJECT-TYPE + SYNTAX INTEGER { active(1), powersave(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the power management + mode of the STA. When set to active, it shall + indicate that the station is not in power-save + (PS) mode. When set to powersave, it shall indicate + that the station is in power-save mode. The power + management mode is transmitted in all frames + according to the rules in 7.1.3.1.7." + ::= { dot11StationConfigEntry 8 } + +dot11DesiredSSID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute reflects the Service Set ID (SSID) + used in the DesiredSSID parameter of the most recent + MLME_Scan.request. This value may be modified + by an external management entity and used by the + local SME to make decisions about the Scanning + process." + ::= { dot11StationConfigEntry 9 } + +dot11DesiredBSSType OBJECT-TYPE + SYNTAX INTEGER { infrastructure(1), independent(2), any(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the type of BSS the + station shall use when scanning for a BSS with + which to synchronize. This value is used to filter + Probe Response frames and Beacons. When set to + infrastructure, the station shall only synchronize + with a BSS whose Capability Information field has + the ESS subfield set to 1. When set to independent, + the station shall only synchronize with a BSS whose + Capability Information field has the IBSS subfield + set to 1. When set to any, the station may + synchronize to either type of BSS." + ::= { dot11StationConfigEntry 10 } + +dot11OperationalRateSet OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..126)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the set of data + rates at which the station may transmit data. + Each octet contains a value representing a rate. + Each rate shall be within the range from 2 to 127, + corresponding to data rates in increments of + 500 kbit/s from 1 Mbit/s to 63.5 Mbit/s, and shall + be supported (as indicated in the supported rates + table) for receiving data. This value is reported in + transmitted Beacon, Probe Request, Probe Response, + Association Request, Association Response, + Reassociation Request, and Reassociation Response + frames, and is used to determine whether a BSS + with which the station desires to synchronize is + suitable. It is also used when starting a BSS, + as specified in 10.3." + ::= { dot11StationConfigEntry 11 } + +dot11BeaconPeriod OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TUs that + a station shall use for scheduling Beacon + transmissions. This value is transmitted in Beacon + and Probe Response frames." + ::= { dot11StationConfigEntry 12 } + +dot11DTIMPeriod OBJECT-TYPE + SYNTAX INTEGER(1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of beacon + intervals that shall elapse between transmission of + Beacons frames containing a TIM element whose DTIM + Count field is 0. This value is transmitted in + the DTIM Period field of Beacon frames." + ::= { dot11StationConfigEntry 13 } + +dot11AssociationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TU that a + requesting STA should wait for a response to a + transmitted association-request MMPDU." + ::= { dot11StationConfigEntry 14 } + +dot11DisassociateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Disassociation + frame. If no Disassociation frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 15 } + +dot11DisassociateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Disassociation frame. If no Disassociation + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 16 } + +dot11DeauthenticateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Deauthentication + frame. If no Deauthentication frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 17 } + +dot11DeauthenticateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Deauthentication frame. If no Deauthentication + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 18 } + +dot11AuthenticateFailStatus OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Status Code in a failed + Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.9" + ::= { dot11StationConfigEntry 19 } + +dot11AuthenticateFailStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + failed Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + ::= { dot11StationConfigEntry 20 } + +dot11MultiDomainCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of supporting + multiple regulatory domains. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 21 } + +dot11MultiDomainCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate in multiple + regulatory domains is enabled. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 22 } + +dot11CountryString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute identifies the country in which the + station is operating. The first two octets of this + string is the two character country code as described + in document ISO/IEC 3166-1. The third octet shall + be one of the following: + + 1. an ASCII space character, if the regulations under + which the station is operating encompass all + environments in the country, + + 2. an ASCII 'O' character, if the regulations under + which the station is operating are for an Outdoor + environment only, or + + 3. an ASCII 'I' character, if the regulations under + which the station is operating are for an Indoor + environment only." + ::= { dot11StationConfigEntry 23 } + +-- ********************************************************************** +-- * End of dot11StationConfig TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * AuthenticationAlgorithms TABLE +-- ********************************************************************** + +dot11AuthenticationAlgorithmsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes shall be a set of + all the authentication algorithms supported by the + stations. The following are the default values and the + associated algorithm: + Value = 1: Open System + Value = 2: Shared Key" + REFERENCE "IEEE Std 802.11-2002, 7.3.1.1" + ::= { dot11smt 2 } + +dot11AuthenticationAlgorithmsEntry OBJECT-TYPE + SYNTAX Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Authentication + Algorithms Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AuthenticationAlgorithmsIndex } + ::= { dot11AuthenticationAlgorithmsTable 1 } + +Dot11AuthenticationAlgorithmsEntry ::= + SEQUENCE { dot11AuthenticationAlgorithmsIndex Integer32, + dot11AuthenticationAlgorithm INTEGER, + dot11AuthenticationAlgorithmsEnable TruthValue } + +dot11AuthenticationAlgorithmsIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Authentication Algorithms Table." + ::= { dot11AuthenticationAlgorithmsEntry 1 } + +dot11AuthenticationAlgorithm OBJECT-TYPE + SYNTAX INTEGER { openSystem(1), sharedKey(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute shall be a set of all the authentication + algorithms supported by the STAs. The following are the + default values and the associated algorithm. + Value = 1: Open System + Value = 2: Shared Key" + ::= { dot11AuthenticationAlgorithmsEntry 2 } + +dot11AuthenticationAlgorithmsEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when true at a station, shall enable the acceptance + of the authentication algorithm described in the corresponding table + entry in authentication frames received by the station that have odd + authentication sequence numbers. The default value of this attribute + shall be 1 for the Open System table entry and 2 for all other table + entries." + ::= { dot11AuthenticationAlgorithmsEntry 3 } + +-- ********************************************************************** +-- * End of AuthenticationAlgorithms TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPDefaultKeys TABLE +-- ********************************************************************** + +dot11WEPDefaultKeysTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP default keys. This table shall + contain the four WEP default secret key values + corresponding to the four possible KeyID values. The WEP + default secret keys are logically WRITE-ONLY. Attempts to + read the entries in this table shall return unsuccessful + status and values of null or zero. The default value of + each WEP default key shall be null." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 3 } + +dot11WEPDefaultKeysEntry OBJECT-TYPE + SYNTAX Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Default Keys Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPDefaultKeyIndex} + ::= { dot11WEPDefaultKeysTable 1 } + +Dot11WEPDefaultKeysEntry ::= + SEQUENCE { dot11WEPDefaultKeyIndex INTEGER, + dot11WEPDefaultKeyValue WEPKeytype } + +dot11WEPDefaultKeyIndex OBJECT-TYPE + SYNTAX INTEGER (1..4) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Default Keys Table. + The value of this variable is equal to the WEPDefaultKeyID + 1" + ::= { dot11WEPDefaultKeysEntry 1 } + +dot11WEPDefaultKeyValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A WEP default secret key value." + ::= { dot11WEPDefaultKeysEntry 2 } + +-- ********************************************************************** +-- * End of WEPDefaultKeys TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPKeyMappings TABLE +-- ********************************************************************** + +dot11WEPKeyMappingsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP Key Mappings. The MIB supports + the ability to share a separate WEP key for each RA/TA + pair. The Key Mappings Table contains zero or one entry + for each MAC address and contains two fields for each + entry: WEPOn and the corresponding WEP key. The WEP key + mappings are logically WRITE-ONLY. Attempts to read the + entries in this table shall return unsuccessful status and + values of null or zero. The default value for all WEPOn + fields is false." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 4 } + +dot11WEPKeyMappingsEntry OBJECT-TYPE + SYNTAX Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Key Mappings Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPKeyMappingIndex } + ::= { dot11WEPKeyMappingsTable 1 } + +Dot11WEPKeyMappingsEntry ::= + SEQUENCE { dot11WEPKeyMappingIndex Integer32, + dot11WEPKeyMappingAddress MacAddress, + dot11WEPKeyMappingWEPOn TruthValue, + dot11WEPKeyMappingValue WEPKeytype, + dot11WEPKeyMappingStatus RowStatus } + +dot11WEPKeyMappingIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Key Mappings Table." + ::= { dot11WEPKeyMappingsEntry 1 } + +dot11WEPKeyMappingAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The MAC address of the STA for which the values from this + key mapping entry are to be used." + ::= { dot11WEPKeyMappingsEntry 2 } + +dot11WEPKeyMappingWEPOn OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Boolean as to whether WEP is to be used when communicating + with the dot11WEPKeyMappingAddress STA." + ::= { dot11WEPKeyMappingsEntry 3 } + +dot11WEPKeyMappingValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A WEP secret key value." + ::= { dot11WEPKeyMappingsEntry 4 } + +dot11WEPKeyMappingStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the WEP key + mapping Table." + DEFVAL { active } + ::= { dot11WEPKeyMappingsEntry 5 } + +-- ********************************************************************** +-- * End of WEPKeyMappings TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PrivacyTable TABLE +-- ********************************************************************** + +dot11PrivacyTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes concerned with IEEE 802.11 + Privacy. Created as a table to allow multiple + instantiations on an agent." + ::= { dot11smt 5 } + +dot11PrivacyEntry OBJECT-TYPE + SYNTAX Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PrivacyTable Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PrivacyTable 1 } + +Dot11PrivacyEntry ::= + SEQUENCE { dot11PrivacyInvoked TruthValue, + dot11WEPDefaultKeyID INTEGER, + dot11WEPKeyMappingLength Unsigned32, + dot11ExcludeUnencrypted TruthValue, + dot11WEPICVErrorCount Counter32, + dot11WEPExcludedCount Counter32 } + +dot11PrivacyInvoked OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that the IEEE + 802.11 WEP mechanism is used for transmitting frames of type + Data. The default value of this attribute shall be false." + ::= { dot11PrivacyEntry 1 } + +dot11WEPDefaultKeyID OBJECT-TYPE + SYNTAX INTEGER (0..3) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the use of the first, + second, third, or fourth element of the WEPDefaultKeys + array when set to values of zero, one, two, or three. The + default value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 2 } + +dot11WEPKeyMappingLength OBJECT-TYPE + SYNTAX Unsigned32 (10..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of tuples that dot11WEPKeyMappings can hold." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 3 } + +dot11ExcludeUnencrypted OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, the STA shall not indicate at + the MAC service interface received MSDUs that have the WEP + subfield of the Frame Control field equal to zero. When this + attribute is false, the STA may accept MSDUs that have the WEP + subfield of the Frame Control field equal to zero. The default + value of this attribute shall be false." + ::= { dot11PrivacyEntry 4 } + +dot11WEPICVErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to one and the value + of the ICV as received in the frame does not match the ICV value + that is calculated for the contents of the received frame." + ::= { dot11PrivacyEntry 5 } + +dot11WEPExcludedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to zero and the value + of dot11ExcludeUnencrypted causes that frame to be discarded." + ::= { dot11PrivacyEntry 6 } + +-- ********************************************************************** +-- * End of dot11Privacy TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT notification Objects +-- ********************************************************************** + +dot11SMTnotification OBJECT IDENTIFIER ::= { dot11smt 6 } + +dot11Disassociate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DisassociateReason, dot11DisassociateStation } + STATUS current + DESCRIPTION + "The disassociate notification shall be sent when the STA + sends a Disassociation frame. The value of the notification + shall include the MAC address of the MAC to which the Disassociation + frame was sent and the reason for the disassociation. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 1 } + +dot11Deauthenticate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DeauthenticateReason, dot11DeauthenticateStation } + STATUS current + DESCRIPTION + "The deauthenticate notification shall be sent when the STA + sends a Deauthentication frame. The value of the notification + shall include the MAC address of the MAC to which the Deauthentication + frame was sent and the reason for the deauthentication. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 2 } + +dot11AuthenticateFail NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11AuthenticateFailStatus, dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The authenticate failure notification shall be sent when the STA + sends an Authentication frame with a status code other than + 'successful'. The value of the notification + shall include the MAC address of the MAC to which the Authentication + frame was sent and the reason for the authentication failure. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 3 } + + +-- ********************************************************************** +-- * End of SMT notification Objects +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11MultiDomainCapability TABLE +-- ******************************************************************** + +dot11MultiDomainCapabilityTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes for + cross-domain mobility." + ::= { dot11smt 7 } + +dot11MultiDomainCapabilityEntry OBJECT-TYPE + SYNTAX Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Multiple Domain + Capability Table. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are + indexed by ifIndex." + INDEX { ifIndex, + dot11MultiDomainCapabilityIndex } + ::= { dot11MultiDomainCapabilityTable 1 } + +Dot11MultiDomainCapabilityEntry ::= + SEQUENCE { dot11MultiDomainCapabilityIndex Integer32, + dot11FirstChannelNumber Integer32, + dot11NumberofChannels Integer32, + dot11MaximumTransmitPowerLevel Integer32 } + +dot11MultiDomainCapabilityIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Multi Domain Capability Table." + ::= { dot11MultiDomainCapabilityEntry 1 } + +dot11FirstChannelNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the lowest + channel number in the subband for the associated domain + country string. The default value of this attribute + shall be zero." + ::= { dot11MultiDomainCapabilityEntry 2 } + +dot11NumberofChannels OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the total + number of channels allowed in the subband for the + associated domain country string. The default value of + this attribute shall be zero." + ::= { dot11MultiDomainCapabilityEntry 3 } + +dot11MaximumTransmitPowerLevel OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum transmit power, + in dBm, allowed in the subband for the associated domain + country string. The default value of this attribute shall + be zero." + ::= { dot11MultiDomainCapabilityEntry 4 } + +-- ******************************************************************** +-- * End of dot11MultiDomainCapability TABLE +-- ******************************************************************** + + +-- ********************************************************************** +-- * MAC Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11OperationTable TABLE +-- ********************************************************************** + +dot11OperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group contains MAC attributes pertaining to the operation + of the MAC. This has been implemented as a table in order + to allow for multiple instantiations on an agent." + ::= { dot11mac 1 } + +dot11OperationEntry OBJECT-TYPE + SYNTAX Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11OperationEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11OperationTable 1 } + +Dot11OperationEntry ::= + SEQUENCE { dot11MACAddress MacAddress, + dot11RTSThreshold INTEGER, + dot11ShortRetryLimit INTEGER, + dot11LongRetryLimit INTEGER, + dot11FragmentationThreshold INTEGER, + dot11MaxTransmitMSDULifetime Unsigned32, + dot11MaxReceiveLifetime Unsigned32, + dot11ManufacturerID DisplayString, + dot11ProductID DisplayString } + +dot11MACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Unique MAC Address assigned to the STA." + ::= { dot11OperationEntry 1 } + +dot11RTSThreshold OBJECT-TYPE + SYNTAX INTEGER (0..2347) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the number of octets in an MPDU, + below which an RTS/CTS handshake shall not be performed. An + RTS/CTS handshake shall be performed at the beginning of any + frame exchange sequence where the MPDU is of type Data or + Management, the MPDU has an individual address in the Address1 + field, and the length of the MPDU is greater than + this threshold. (For additional details, refer to Table 21 in + 9.7.) Setting this attribute to be larger than the maximum + MSDU size shall have the effect of turning off the RTS/CTS + handshake for frames of Data or Management type transmitted by + this STA. Setting this attribute to zero shall have the effect + of turning on the RTS/CTS handshake for all frames of Data or + Management type transmitted by this STA. The default value of + this attribute shall be 2347." + ::= { dot11OperationEntry 2 } + +dot11ShortRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is less + than or equal to dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 7." + ::= { dot11OperationEntry 3 } + +dot11LongRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is + greater than dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 4." + ::= { dot11OperationEntry 4 } + +dot11FragmentationThreshold OBJECT-TYPE + SYNTAX INTEGER (256..2346) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the current maximum size, in + octets, of the MPDU that may be delivered to the PHY. An MSDU + shall be broken into fragments if its size exceeds the value + of this attribute after adding MAC headers and trailers. An MSDU + or MMPDU shall be fragmented when the resulting frame has an + individual address in the Address1 field, and the length of the + frame is larger than this threshold. The default value for this + attribute shall be the lesser of 2346 or the aMPDUMaxLength of + the attached PHY and shall never exceed the lesser of 2346 or + the aMPDUMaxLength of the attached PHY. The value of this + attribute shall never be less than 256. " + ::= { dot11OperationEntry 5 } + +dot11MaxTransmitMSDULifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxTransmitMSDULifetime shall be the elapsed time in TU, + after the initial transmission of an MSDU, after which further + attempts to transmit the MSDU shall be terminated. The default + value of this attribute shall be 512." + ::= { dot11OperationEntry 6 } + +dot11MaxReceiveLifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxReceiveLifetime shall be the elapsed time in TU, + after the initial reception of a fragmented MMPDU or MSDU, + after which further attempts to reassemble the MMPDU or + MSDU shall be terminated. The default value shall be + 512." + ::= { dot11OperationEntry 7 } + +dot11ManufacturerID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ManufacturerID shall include, at a minimum, the name + of the manufacturer. It may include additional + information at the manufacturer's discretion. The default + value of this attribute shall be null." + ::= { dot11OperationEntry 8 } + +dot11ProductID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ProductID shall include, at a minimum, an identifier + that is unique to the manufacturer. It may include + additional information at the manufacturer's discretion. + The default value of this attribute shall be null." + ::= { dot11OperationEntry 9 } + +-- ********************************************************************** +-- * End of dot11OperationEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11Counters TABLE +-- ********************************************************************** + +dot11CountersTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes that are MAC counters. + Implemented as a table to allow for multiple + instantiations on an agent." + ::= { dot11mac 2 } + +dot11CountersEntry OBJECT-TYPE + SYNTAX Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11CountersEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11CountersTable 1 } + +Dot11CountersEntry ::= + SEQUENCE { dot11TransmittedFragmentCount Counter32, + dot11MulticastTransmittedFrameCount Counter32, + dot11FailedCount Counter32, + dot11RetryCount Counter32, + dot11MultipleRetryCount Counter32, + dot11FrameDuplicateCount Counter32, + dot11RTSSuccessCount Counter32, + dot11RTSFailureCount Counter32, + dot11ACKFailureCount Counter32, + dot11ReceivedFragmentCount Counter32, + dot11MulticastReceivedFrameCount Counter32, + dot11FCSErrorCount Counter32, + dot11TransmittedFrameCount Counter32, + dot11WEPUndecryptableCount Counter32 } + +dot11TransmittedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for an acknowledged MPDU + with an individual address in the address 1 field or an MPDU + with a multicast address in the address 1 field of type Data + or Management." + ::= { dot11CountersEntry 1 } + +dot11MulticastTransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment only when the multicast bit + is set in the destination MAC address of a successfully + transmitted MSDU. When operating as a STA in an ESS, where + these frames are directed to the AP, this implies having + received an acknowledgment to all associated MPDUs." + ::= { dot11CountersEntry 2 } + +dot11FailedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is not transmitted + successfully due to the number of transmit attempts exceeding + either the dot11ShortRetryLimit or dot11LongRetryLimit." + ::= { dot11CountersEntry 3 } + +dot11RetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after one or more retransmissions." + ::= { dot11CountersEntry 4 } + +dot11MultipleRetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after more than one retransmission." + ::= { dot11CountersEntry 5 } + +dot11FrameDuplicateCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received + that the Sequence Control field indicates is a + duplicate." + ::= { dot11CountersEntry 6 } + +dot11RTSSuccessCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is received in + response to an RTS." + ::= { dot11CountersEntry 7 } + +dot11RTSFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is not received in + response to an RTS." + ::= { dot11CountersEntry 8 } + +dot11ACKFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an ACK is not received + when expected." + ::= { dot11CountersEntry 9 } + +dot11ReceivedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for each successfully + received MPDU of type Data or Management." + ::= { dot11CountersEntry 10 } + +dot11MulticastReceivedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a MSDU is received + with the multicast bit set in the destination + MAC address." + ::= { dot11CountersEntry 11 } + +dot11FCSErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an FCS error is + detected in a received MPDU." + ::= { dot11CountersEntry 12 } + +dot11TransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment for each successfully transmitted MSDU." + ::= { dot11CountersEntry 13 } + +dot11WEPUndecryptableCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with + the WEP subfield of the Frame Control field set to one and the + WEPOn value for the key mapped to the TA's MAC address + indicates that the frame should not have been encrypted or + that frame is discarded due to the receiving STA not + implementing the privacy option." + ::= { dot11CountersEntry 14 } + +-- ********************************************************************** +-- * End of dot11CountersEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * GroupAddresses TABLE +-- ********************************************************************** + +dot11GroupAddressesTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual table containing a set of MAC addresses + identifying the multicast addresses for which this STA + will receive frames. The default value of this attribute + shall be null." + ::= { dot11mac 3 } + +dot11GroupAddressesEntry OBJECT-TYPE + SYNTAX Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Group Addresses Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11GroupAddressesIndex} + ::= { dot11GroupAddressesTable 1 } + +Dot11GroupAddressesEntry ::= + SEQUENCE { dot11GroupAddressesIndex Integer32, + dot11Address MacAddress, + dot11GroupAddressesStatus RowStatus } + +dot11GroupAddressesIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Group Addresses Table." + ::= { dot11GroupAddressesEntry 1 } + +dot11Address OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "MAC address identifying a multicast addresses + from which this STA will receive frames." + ::= { dot11GroupAddressesEntry 2 } + +dot11GroupAddressesStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the Group + Addresses Table." + DEFVAL { active } + ::= { dot11GroupAddressesEntry 3 } + +-- ********************************************************************** +-- * End of GroupAddress TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * Resource Type Attribute Templates +-- ********************************************************************** + +dot11ResourceTypeIDName OBJECT-TYPE + SYNTAX DisplayString (SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the name of the Resource Type ID managed object. + The attribute is read-only and always contains the value + RTID. This attribute value shall not be used as a naming + attribute for any other managed object class." + REFERENCE "IEEE Std 802.1F-1993, A.7" + DEFVAL { "RTID" } + ::= { dot11resAttribute 1 } + +-- ********************************************************************** +-- * dot11ResourceInfo TABLE +-- ********************************************************************** + +dot11ResourceInfoTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provides a means of indicating, in data readable from a + managed object, information that identifies the source of + the implementation." + REFERENCE "IEEE Std 802.1F-1993, A.7" + ::= { dot11resAttribute 2 } + +dot11ResourceInfoEntry OBJECT-TYPE + SYNTAX Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11ResourceInfo Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11ResourceInfoTable 1 } + +Dot11ResourceInfoEntry ::= + SEQUENCE { dot11manufacturerOUI OCTET STRING, + dot11manufacturerName DisplayString, + dot11manufacturerProductName DisplayString, + dot11manufacturerProductVersion DisplayString } + +dot11manufacturerOUI OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Takes the value of an organizationally unique identifier." + ::= { dot11ResourceInfoEntry 1 } + +dot11manufacturerName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer of the + resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 2 } + +dot11manufacturerProductName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer's product + name of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 3 } + +dot11manufacturerProductVersion OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Printable string used to identify the manufacturer's product + version of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 4 } + +-- ********************************************************************** +-- * End of dot11ResourceInfo TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * PHY Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyOperation TABLE +-- ********************************************************************** + +dot11PhyOperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "PHY level attributes concerned with + operation. Implemented as a table indexed on + + ifIndex to allow for multiple instantiations on an + Agent." + ::= { dot11phy 1 } + +dot11PhyOperationEntry OBJECT-TYPE + SYNTAX Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOperation Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOperationTable 1 } + +Dot11PhyOperationEntry ::= + SEQUENCE { dot11PHYType INTEGER, + dot11CurrentRegDomain Integer32, + dot11TempType INTEGER } + +dot11PHYType OBJECT-TYPE + SYNTAX INTEGER { fhss(1), dsss(2), irbaseband(3), ofdm(4), + hrdsss(5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an 8-bit integer value that identifies the PHY type + supported by the attached PLCP and PMD. Currently defined + values and their corresponding PHY types are: + + FHSS 2.4 GHz = 01 , DSSS 2.4 GHz = 02, IR Baseband = 03, + OFDM 5GHz = 04, HRDSSS = 05" + ::= { dot11PhyOperationEntry 1 } + +dot11CurrentRegDomain OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current regulatory domain this instance of the PMD is + supporting. This object corresponds to one of the + RegDomains listed in dot11RegDomainsSupported." + ::= { dot11PhyOperationEntry 2 } + +dot11TempType OBJECT-TYPE + SYNTAX INTEGER { tempType1(1), tempType2(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operating temperature requirements + dependent on the anticipated environmental conditions. This + attribute describes the current PHY's operating temperature + range capability. Currently defined values and their + corresponding temperature ranges are: + + Type 1 = X'01'-Commercial range of 0 to 40 degrees C, + + Type 2 = X'02'-Industrial range of -30 to 70 degrees C." + ::= { dot11PhyOperationEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOperation TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyAntenna TABLE +-- ********************************************************************** + +dot11PhyAntennaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for PhyAntenna. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an agent." + ::= { dot11phy 2} + +dot11PhyAntennaEntry OBJECT-TYPE + SYNTAX Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyAntenna Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyAntennaTable 1 } + +Dot11PhyAntennaEntry ::= + SEQUENCE { dot11CurrentTxAntenna Integer32, + dot11DiversitySupport INTEGER, + dot11CurrentRxAntenna Integer32 } + +dot11CurrentTxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to transmit. This value + is one of the values appearing in dot11SupportedTxAntenna. This + may be used by a management agent to control which antenna is + used for transmission. " + ::= { dot11PhyAntennaEntry 1 } + +dot11DiversitySupport OBJECT-TYPE + SYNTAX INTEGER { fixedlist(1), notsupported(2), dynamic(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This implementation's support for diversity, encoded as: + + X'01'-diversity is available and is performed over the fixed + list of antennas defined in dot11DiversitySelectionRx. + + X'02'-diversity is not supported. + + X'03'-diversity is supported and control of diversity is also + available, in which case the attribute + dot11DiversitySelectionRx can be dynamically modified by the + LME." + ::= { dot11PhyAntennaEntry 2 } + +dot11CurrentRxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to receive, if the dot11 + DiversitySupport indicates that diversity is not supported. + The selected antenna shall be one of the antennae marked + for receive in the dot11AntennasListTable." + ::= { dot11PhyAntennaEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyAntenna TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyTxPower TABLE +-- ********************************************************************** + +dot11PhyTxPowerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyTxPowerTable. Implemented + as a table indexed on STA ID to allow for multiple + instances on an Agent." + ::= { dot11phy 3} + +dot11PhyTxPowerEntry OBJECT-TYPE + SYNTAX Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyTxPower Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyTxPowerTable 1 } + +Dot11PhyTxPowerEntry ::= + SEQUENCE { dot11NumberSupportedPowerLevels INTEGER, + dot11TxPowerLevel1 INTEGER, + dot11TxPowerLevel2 INTEGER, + dot11TxPowerLevel3 INTEGER, + dot11TxPowerLevel4 INTEGER, + dot11TxPowerLevel5 INTEGER, + dot11TxPowerLevel6 INTEGER, + dot11TxPowerLevel7 INTEGER, + dot11TxPowerLevel8 INTEGER, + dot11CurrentTxPowerLevel INTEGER } + +dot11NumberSupportedPowerLevels OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of power levels supported by the PMD. + This attribute can have a value of 1 to 8." + ::= { dot11PhyTxPowerEntry 1 } + +dot11TxPowerLevel1 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL1 in mW. + This is also the default power level." + ::= { dot11PhyTxPowerEntry 2 } + +dot11TxPowerLevel2 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL2 in mW." + ::= { dot11PhyTxPowerEntry 3 } + +dot11TxPowerLevel3 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL3 in mW." + ::= { dot11PhyTxPowerEntry 4 } + +dot11TxPowerLevel4 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL4 in mW." + ::= { dot11PhyTxPowerEntry 5 } + +dot11TxPowerLevel5 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL5 in mW." + ::= { dot11PhyTxPowerEntry 6 } + +dot11TxPowerLevel6 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL6 in mW." + ::= { dot11PhyTxPowerEntry 7 } + +dot11TxPowerLevel7 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL7 in mW." + ::= { dot11PhyTxPowerEntry 8 } + +dot11TxPowerLevel8 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL8 in mW." + ::= { dot11PhyTxPowerEntry 9 } + +dot11CurrentTxPowerLevel OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The TxPowerLevel N currently being used to transmit data. + Some PHYs also use this value to determine the receiver + sensitivity requirements for CCA." + ::= { dot11PhyTxPowerEntry 10 } + +-- ********************************************************************** +-- * End of dot11PhyTxPower TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyFHSS TABLE +-- ********************************************************************** + +dot11PhyFHSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyFHSSTable. Implemented as a + table indexed on STA ID to allow for multiple instances on + an Agent." + ::= { dot11phy 4 } + +dot11PhyFHSSEntry OBJECT-TYPE + SYNTAX Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyFHSS Table. + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyFHSSTable 1 } + +Dot11PhyFHSSEntry ::= + SEQUENCE { dot11HopTime INTEGER, + dot11CurrentChannelNumber INTEGER, + dot11MaxDwellTime INTEGER, + dot11CurrentDwellTime INTEGER, + dot11CurrentSet INTEGER, + dot11CurrentPattern INTEGER, + dot11CurrentIndex INTEGER, + dot11EHCCPrimeRadix Integer32, + dot11EHCCNumberofChannelsFamilyIndex Integer32, + dot11EHCCCapabilityImplemented TruthValue, + dot11EHCCCapabilityEnabled TruthValue, + dot11HopAlgorithmAdopted INTEGER, + dot11RandomTableFlag TruthValue, + dot11NumberofHoppingSets Integer32, + dot11HopModulus Integer32, + dot11HopOffset Integer32 } + +dot11HopTime OBJECT-TYPE + SYNTAX INTEGER (224) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time in microseconds for the PMD to change from + channel 2 to channel 80." + ::= { dot11PhyFHSSEntry 1 } + +dot11CurrentChannelNumber OBJECT-TYPE + SYNTAX INTEGER (0..200) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current channel number of the frequency output by the RF + synthesizer." + ::= { dot11PhyFHSSEntry 2 } + +dot11MaxDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum time in TU that the transmitter + is permitted to operate on a single channel." + ::= { dot11PhyFHSSEntry 3 } + +dot11CurrentDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current time in TU that the transmitter shall operate + on a single channel, as set by the MAC. Default is 19 TU." + ::= { dot11PhyFHSSEntry 4 } + +dot11CurrentSet OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current set of patterns the PLME + is using to determine the hopping sequence. " + ::= { dot11PhyFHSSEntry 5 } + +dot11CurrentPattern OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current pattern the PLME is + using to determine the hop sequence." + ::= { dot11PhyFHSSEntry 6 } + +dot11CurrentIndex OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current index value the PLME is using to determine + the CurrentChannelNumber." + ::= { dot11PhyFHSSEntry 7 } + +dot11EHCCPrimeRadix OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the prime radix (N) in the HCC and + EHCC algorithms." + ::= { dot11PhyFHSSEntry 8 } + +dot11EHCCNumberofChannelsFamilyIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the maximum for the family index (a) + in the HCC and EHCC algorithms. The value of + this field shall not be less than the prime + radix minus 3 (N - 3). The valid range of + allowed values is (N - 1), (N - 2), and (N - 3)." + ::= { dot11PhyFHSSEntry 9 } + +dot11EHCCCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of generating + the HCC or EHCC algorithms for determining Hopping + patterns. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 10 } + +dot11EHCCCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate using the HCC + or EHCC algorithms for determining Hopping Patterns + is enabled. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 11 } + +dot11HopAlgorithmAdopted OBJECT-TYPE + SYNTAX INTEGER { crnt(1), hopindex(2), hcc(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates which of the algorithms + will be used to generate the Hopping Patterns. + Valid values are: + + 1 - hopping patterns as defined in clause 14 + 2 - hop index method (with or without table) + 3 - HCC/EHCC method" + ::= { dot11PhyFHSSEntry 12 } + +dot11RandomTableFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates that a Random Table is + present when the value is True. When the value is + False it indicates that a Random Table is not + present and that the hop index method is to be + used to determine the hopping sequence. The default + value of this attribute is True." + ::= { dot11PhyFHSSEntry 13 } + +dot11NumberofHoppingSets OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Number of Sets field indicates the total + number of sets within the hopping patterns." + ::= { dot11PhyFHSSEntry 14 } + +dot11HopModulus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of allowed channels for the hopping + set. This is defined by the governing regulatory + agency for the country code of the country + in which this device is operating." + ::= { dot11PhyFHSSEntry 15 } + +dot11HopOffset OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The next position in the hopping set." + ::= { dot11PhyFHSSEntry 16 } + +-- ********************************************************************** +-- * End of dot11PhyFHSS TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyDSSSEntry. Implemented as a + table indexed on ifIndex allow for multiple instances on + an Agent." + ::= { dot11phy 5 } + +dot11PhyDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyDSSSTable 1 } + +Dot11PhyDSSSEntry ::= + SEQUENCE { dot11CurrentChannel INTEGER, + dot11CCAModeSupported INTEGER, + dot11CurrentCCAMode INTEGER, + dot11EDThreshold Integer32 } + +dot11CurrentChannel OBJECT-TYPE + SYNTAX INTEGER (1..14) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current operating frequency channel of the DSSS + PHY. Valid channel numbers are as defined in 15.4.6.2" + ::= { dot11PhyDSSSEntry 1 } + +dot11CCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11CCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04 + or the logical sum of any of these values. This + attribute shall not be used to indicate the CCA modes + supported by a higher rate extension PHY. Rather, the + dot11HRCCAModeSupported attribute shall be used to + indicate the CCA modes of the higher rate extension PHY." + ::= { dot11PhyDSSSEntry 2 } + +dot11CurrentCCAMode OBJECT-TYPE + SYNTAX INTEGER { edonly(1), csonly(2), edandcs(4), cswithtimer(8), + hrcsanded(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current CCA method in operation. Valid values are: + energy detect only (edonly) = 01, + carrier sense only (csonly) = 02, + carrier sense and energy detect (edandcs)= 04 + carrier sense with timer (cswithtimer)= 08 + high rate carrier sense and energy detect (hrcsanded)=16." + ::= { dot11PhyDSSSEntry 3 } + +dot11EDThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current Energy Detect Threshold being used by the DSSS PHY." + ::= { dot11PhyDSSSEntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyIR TABLE +-- ********************************************************************** + +dot11PhyIRTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyIRTable. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an Agent." + ::= { dot11phy 6 } + +dot11PhyIREntry OBJECT-TYPE + SYNTAX Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyIR Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyIRTable 1 } + +Dot11PhyIREntry ::= + SEQUENCE { dot11CCAWatchdogTimerMax Integer32, + dot11CCAWatchdogCountMax Integer32, + dot11CCAWatchdogTimerMin Integer32, + dot11CCAWatchdogCountMin Integer32 } + +dot11CCAWatchdogTimerMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogCountMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 1 } + +dot11CCAWatchdogCountMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogTimerMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 2 } + +dot11CCAWatchdogTimerMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogTimerMax can be + set." + ::= { dot11PhyIREntry 3 } + +dot11CCAWatchdogCountMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogCount can be set." + ::= { dot11PhyIREntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyIR TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11RegDomainsSupported TABLE +-- ********************************************************************** + +dot11RegDomainsSupportedTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40', Others = X'00' " + ::= { dot11phy 7} + +dot11RegDomainsSupportedEntry OBJECT-TYPE + SYNTAX Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11RegDomainsSupportedTable. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11RegDomainsSupportedIndex } + ::= { dot11RegDomainsSupportedTable 1 } + +Dot11RegDomainsSupportedEntry ::= + SEQUENCE { dot11RegDomainsSupportedIndex Integer32, + dot11RegDomainsSupportedValue INTEGER } + +dot11RegDomainsSupportedIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the RegDomainsSupport Table." + ::= { dot11RegDomainsSupportedEntry 1 } + +dot11RegDomainsSupportedValue OBJECT-TYPE + SYNTAX INTEGER { fcc(16), doc(32), etsi(48), spain (49), france(50), + mkk (64) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40' " + ::= { dot11RegDomainsSupportedEntry 2 } + +-- ********************************************************************** +-- * End of dot11RegDomainsSupported TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11AntennasList TABLE +-- ********************************************************************** + +dot11AntennasListTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table represents the list of antennae. An antenna can be + marked to be capable of transmitting, receiving, and/or for + participation in receive diversity. Each entry in this table + represents a single antenna with its properties. The maximum + number of antennae that can be contained in this table is 255." + ::= { dot11phy 8 } + +dot11AntennasListEntry OBJECT-TYPE + SYNTAX Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11AntennasListTable, representing the properties + of a single antenna. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AntennaListIndex } + ::= { dot11AntennasListTable 1 } + +Dot11AntennasListEntry ::= + SEQUENCE { dot11AntennaListIndex Integer32, + dot11SupportedTxAntenna TruthValue, + dot11SupportedRxAntenna TruthValue, + dot11DiversitySelectionRx TruthValue } + +dot11AntennaListIndex OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index of an antenna which is used to identify the columnar + objects in the dot11AntennasList Table." + ::= { dot11AntennasListEntry 1 } + +dot11SupportedTxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used as a transmit antenna." + ::= { dot11AntennasListEntry 2 } + +dot11SupportedRxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by the + dot11AntennaIndex xan be used as a receive antenna." + ::= { dot11AntennasListEntry 3 } + +dot11DiversitySelectionRx OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used for receive diversity. This object + may only be true if the antenna can be used as a receive antenna, + as indicated by dot11SupportedRxAntenna." + ::= { dot11AntennasListEntry 4 } + +-- ********************************************************************** +-- * End of dot11AntennasList TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesTx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesTxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11phy 9 } + +dot11SupportedDataRatesTxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesTx + Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesTxIndex } + ::= { dot11SupportedDataRatesTxTable 1 } + +Dot11SupportedDataRatesTxEntry ::= + SEQUENCE { dot11SupportedDataRatesTxIndex Integer32, + dot11SupportedDataRatesTxValue Integer32 } + +dot11SupportedDataRatesTxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesTxEntry 1 } + +dot11SupportedDataRatesTxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11SupportedDataRatesTxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesTx TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesRx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesRxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'002-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11phy 10 } + +dot11SupportedDataRatesRxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesRx Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesRxIndex } + ::= { dot11SupportedDataRatesRxTable 1 } + +Dot11SupportedDataRatesRxEntry ::= + SEQUENCE { dot11SupportedDataRatesRxIndex Integer32, + dot11SupportedDataRatesRxValue Integer32 } + +dot11SupportedDataRatesRxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesRxEntry 1 } + +dot11SupportedDataRatesRxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11SupportedDataRatesRxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesRx TABLE +-- ********************************************************************** + +--********************************************************************** +-- * dot11PhyOFDM TABLE +--********************************************************************** + +dot11PhyOFDMTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyOFDMTable. Implemented as a + table indexed on ifindex to allow for multiple instances on + an Agent." + ::= { dot11phy 11 } + +dot11PhyOFDMEntry OBJECT-TYPE + SYNTAX Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOFDM Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOFDMTable 1 } + +Dot11PhyOFDMEntry ::= + SEQUENCE { dot11CurrentFrequency INTEGER, + dot11TIThreshold Integer32, + dot11FrequencyBandsSupported INTEGER } + +dot11CurrentFrequency OBJECT-TYPE + SYNTAX INTEGER (0..99) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of the current operating frequency channel of the OFDM PHY." + ::= { dot11PhyOFDMEntry 1 } + +dot11TIThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Threshold being used to detect a busy medium (frequency). + CCA shall report a busy medium upon detecting the RSSI above + this threshold." + ::= { dot11PhyOFDMEntry 2 } + +dot11FrequencyBandsSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The capability of the OFDM PHY implementation to operate in + the three U-NII bands. Coded as an integer value of a three + bit field as follows: + bit 0 .. capable of operating in the lower (5.15-5.25 GHz) + U-NII band + bit 1 .. capable of operating in the middle (5.25-5.35 GHz) + U-NII band + bit 2 .. capable of operating in the upper (5.725-5.825 GHz) + U-NII band + For example, for an implementation capable of operating in the + lower and mid bands this attribute would take the value 3." + ::= { dot11PhyOFDMEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOFDM TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyHRDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyHRDSSSEntry. + Implemented as a table indexed on ifIndex to allow for + multiple instances on an Agent." + ::= { dot11phy 12 } + +dot11PhyHRDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyHRDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyHRDSSSTable 1 } + +Dot11PhyHRDSSSEntry ::= + SEQUENCE { dot11ShortPreambleOptionImplemented TruthValue, + dot11PBCCOptionImplemented TruthValue, + dot11ChannelAgilityPresent TruthValue, + dot11ChannelAgilityEnabled TruthValue, + dot11HRCCAModeSupported INTEGER } + +dot11ShortPreambleOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the + short preamble option as defined in subclause 18.2.2.2 + is implemented. The default value of this attribute + shall be false." + ::= {dot11PhyHRDSSSEntry 1 } + +dot11PBCCOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the PBCC + modulation option as defined in subclause 18.4.6.6 is + implemented. The default value of this attribute shall + be false." + ::= {dot11PhyHRDSSSEntry 2 } + +dot11ChannelAgilityPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY is capable of + channel agility." + ::= { dot11PhyHRDSSSEntry 3 } + +dot11ChannelAgilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY channel agility + functionality is enabled." + ::= { dot11PhyHRDSSSEntry 4 } + +dot11HRCCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11HRCCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04, + carrier sense with timer (CS_and_Timer)= 08, + high rate carrier sense and energy detect + (HRCS_and_ED)= 16 + or the logical sum of any of these values. In + the high rate extension PHY, this attribute shall + be used in preference to the dot11CCAModeSupported + attribute." + ::= { dot11PhyHRDSSSEntry 5 } + +-- ********************************************************************** +-- * End of dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11 Hopping Pattern TABLE +-- ******************************************************************** + +dot11HoppingPatternTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of attributes necessary for + a frequency hopping implementation to be able to + create the hopping sequences necessary to operate + in the subband for the associated domain country string." + ::= { dot11phy 13 } + +dot11HoppingPatternEntry OBJECT-TYPE + SYNTAX Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Hopping Pattern Table + that indicates the random hopping sequence to be followed. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are indexed + by ifIndex." + INDEX { ifIndex, + dot11HoppingPatternIndex } + ::= { dot11HoppingPatternTable 1 } + +Dot11HoppingPatternEntry ::= + SEQUENCE { + dot11HoppingPatternIndex Integer32, + dot11RandomTableFieldNumber Integer32 } + +dot11HoppingPatternIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Hopping Pattern Table." + ::= { dot11HoppingPatternEntry 1} + +dot11RandomTableFieldNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the + starting channel number in the hopping sequence of + the subband for the associated domain country string. + The default value of this attribute shall be zero." + ::= { dot11HoppingPatternEntry 2} + +-- ********************************************************************** +-- * End of dot11 Hopping Pattern TABLE +--********************************************************************** + +-- ********************************************************************** +-- * Conformance Information +-- ********************************************************************** + +dot11Conformance OBJECT IDENTIFIER ::= { ieee802dot11 5 } +dot11Groups OBJECT IDENTIFIER ::= { dot11Conformance 1 } +dot11Compliances OBJECT IDENTIFIER ::= { dot11Conformance 2 } + +-- ********************************************************************** +-- * Compliance Statements +-- ********************************************************************** + +dot11Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities + that implement the IEEE 802.11 MIB." + MODULE -- this module + MANDATORY-GROUPS { + dot11SMTbase2, + dot11MACbase, dot11CountersGroup, + dot11SmtAuthenticationAlgorithms, + dot11ResourceTypeID, dot11PhyOperationComplianceGroup } + + GROUP dot11PhyDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of dsss. This group is + mutually exclusive with the groups dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyIRComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of irbaseband. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyFHSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of fhss. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyOFDMComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of ofdm. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyFHSSComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyHRDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of hrdsss. This group is + mutually exclusive with the groups + dot11PhyDSSSComplianceGroup, dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup and dot11PhyOFDMComplianceGroup." + + -- OPTIONAL-GROUPS { dot11SMTprivacy, dot11MACStatistics, + -- dot11PhyAntennaComplianceGroup, dot11PhyTxPowerComplianceGroup, + -- dot11PhyRegDomainsSupportGroup, + -- dot11PhyAntennasListGroup, dot11PhyRateGroup } + + ::= { dot11Compliances 1 } + +-- ********************************************************************** +-- * Groups - units of conformance +-- ********************************************************************** + +dot11SMTbase OBJECT-GROUP + OBJECTS { dot11StationID, dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut } + STATUS deprecated + DESCRIPTION + "The SMT object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 1 } + +dot11SMTprivacy OBJECT-GROUP + OBJECTS { dot11PrivacyInvoked, + dot11WEPKeyMappingLength, dot11ExcludeUnencrypted, + dot11WEPICVErrorCount , dot11WEPExcludedCount , + dot11WEPDefaultKeyID, + dot11WEPDefaultKeyValue, + dot11WEPKeyMappingWEPOn, + dot11WEPKeyMappingValue , dot11WEPKeyMappingAddress, + dot11WEPKeyMappingStatus } + STATUS current + DESCRIPTION + "The SMTPrivacy package is a set of attributes that shall be + present if WEP is implemented in the STA." + ::= { dot11Groups 2 } + +dot11MACbase OBJECT-GROUP + OBJECTS { dot11MACAddress, dot11Address, + dot11GroupAddressesStatus, + dot11RTSThreshold, dot11ShortRetryLimit, + dot11LongRetryLimit, dot11FragmentationThreshold, + dot11MaxTransmitMSDULifetime, + dot11MaxReceiveLifetime, dot11ManufacturerID, + dot11ProductID } + STATUS current + DESCRIPTION + "The MAC object class provides the necessary support for the + access control, generation, and verification of frame check + sequences (FCSs), and proper delivery of valid data to upper + layers." + ::= { dot11Groups 3 } + +dot11MACStatistics OBJECT-GROUP + OBJECTS { dot11RetryCount, dot11MultipleRetryCount, + dot11RTSSuccessCount, dot11RTSFailureCount, + dot11ACKFailureCount, dot11FrameDuplicateCount } + STATUS current + DESCRIPTION + "The MACStatistics package provides extended statistical + information on the operation of the MAC. This + package is completely optional." + ::= { dot11Groups 4 } + +dot11ResourceTypeID OBJECT-GROUP + OBJECTS { dot11ResourceTypeIDName, dot11manufacturerOUI, + dot11manufacturerName, dot11manufacturerProductName, + dot11manufacturerProductVersion } + STATUS current + DESCRIPTION + "Attributes used to identify a STA, its manufacturer, + and various product names and versions." + ::= { dot11Groups 5 } + +dot11SmtAuthenticationAlgorithms OBJECT-GROUP + OBJECTS { dot11AuthenticationAlgorithm, + dot11AuthenticationAlgorithmsEnable } + STATUS current + DESCRIPTION + "Authentication Algorithm Table." + ::= { dot11Groups 6 } + +dot11PhyOperationComplianceGroup OBJECT-GROUP + OBJECTS { dot11PHYType, dot11CurrentRegDomain, dot11TempType } + STATUS current + DESCRIPTION + "PHY layer operations attributes." + ::= { dot11Groups 7 } + +dot11PhyAntennaComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentTxAntenna, dot11DiversitySupport, + dot11CurrentRxAntenna } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 8 } + +dot11PhyTxPowerComplianceGroup OBJECT-GROUP + OBJECTS { dot11NumberSupportedPowerLevels, dot11TxPowerLevel1, + dot11TxPowerLevel2, dot11TxPowerLevel3, dot11TxPowerLevel4, + dot11TxPowerLevel5, dot11TxPowerLevel6, dot11TxPowerLevel7, + dot11TxPowerLevel8, dot11CurrentTxPowerLevel } + STATUS current + DESCRIPTION + "Attributes for Control and Management of transmit power." + ::= { dot11Groups 9 } + +dot11PhyFHSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex} + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11." + ::= { dot11Groups 10 } + +dot11PhyDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold} + STATUS current + DESCRIPTION + "Attributes that configure the DSSS for IEEE 802.11." + ::= { dot11Groups 11 } + +dot11PhyIRComplianceGroup OBJECT-GROUP + OBJECTS { dot11CCAWatchdogTimerMax, dot11CCAWatchdogCountMax, + dot11CCAWatchdogTimerMin, dot11CCAWatchdogCountMin} + STATUS current + DESCRIPTION + "Attributes that configure the baseband IR for IEEE 802.11." + ::= { dot11Groups 12 } + +dot11PhyRegDomainsSupportGroup OBJECT-GROUP + OBJECTS { dot11RegDomainsSupportedValue} + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 13} + +dot11PhyAntennasListGroup OBJECT-GROUP + OBJECTS { dot11SupportedTxAntenna, + dot11SupportedRxAntenna, dot11DiversitySelectionRx } + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 14 } + +dot11PhyRateGroup OBJECT-GROUP + OBJECTS { dot11SupportedDataRatesTxValue, + dot11SupportedDataRatesRxValue } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 15 } + +dot11CountersGroup OBJECT-GROUP + OBJECTS { dot11TransmittedFragmentCount, + dot11MulticastTransmittedFrameCount, + dot11FailedCount, dot11ReceivedFragmentCount, + dot11MulticastReceivedFrameCount, + dot11FCSErrorCount, + dot11WEPUndecryptableCount, + dot11TransmittedFrameCount } + STATUS current + DESCRIPTION + "Attributes from the dot11CountersGroup that are not described + in the dot11MACStatistics group. These objects are + mandatory." + ::= { dot11Groups 16 } + +dot11NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { dot11Disassociate, + dot11Deauthenticate, + dot11AuthenticateFail } + STATUS current + DESCRIPTION + "IEEE 802.11 notifications" + ::= { dot11Groups 17 } + +dot11SMTbase2 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The SMTbase2 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 18 } + +dot11PhyOFDMComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentFrequency, + dot11TIThreshold, + dot11FrequencyBandsSupported } + STATUS current + DESCRIPTION + "Attributes that configure the OFDM for IEEE 802.11." + ::= { dot11Groups 19 } + +dot11SMTbase3 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation, + dot11MultiDomainCapabilityImplemented, + dot11MultiDomainCapabilityEnabled, + dot11CountryString } + STATUS current + DESCRIPTION + "The SMTbase3 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network, when the STA + is capable of multi-domain operation. This object group should be + implemented when the multi-domain capability option is implemented." + ::= { dot11Groups 20 } + +dot11MultiDomainCapabilityGroup OBJECT-GROUP + OBJECTS { dot11FirstChannelNumber, + dot11NumberofChannels, + dot11MaximumTransmitPowerLevel } + STATUS current + DESCRIPTION + "The dot11MultiDomainCapabilityGroup object class provides + the objects necessary to manage the channels usable by a STA, + when the multi-domain capability option is implemented." + ::= { dot11Groups 21 } + +dot11PhyFHSSComplianceGroup2 OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex, dot11EHCCPrimeRadix, + dot11EHCCNumberofChannelsFamilyIndex, + dot11EHCCCapabilityImplemented, dot11EHCCCapabilityEnabled, + dot11HopAlgorithmAdopted, dot11RandomTableFlag, + dot11NumberofHoppingSets, dot11HopModulus, + dot11HopOffset, dot11RandomTableFieldNumber } + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11 when multi-domain capability option is implemented." + ::= { dot11Groups 22 } + +dot11PhyHRDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold, + dot11ShortPreambleOptionImplemented, + dot11PBCCOptionImplemented, dot11ChannelAgilityPresent, + dot11ChannelAgilityEnabled, dot11HRCCAModeSupported } + STATUS current + DESCRIPTION + "Attributes that configure the HRDSSS for IEEE 802.11." + ::= { dot11Groups 23 } + +-- ********************************************************************** +-- * End of 802.11 MIB +-- ********************************************************************** + +END + Index: /branches/trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf =================================================================== --- /branches/trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10173) @@ -0,0 +1,77 @@ +# snmpd.conf + +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec local localhost public +com2sec mynetwork 172.16.0.0/12 public +com2sec mynetwork 10.0.0.0/8 public +com2sec mynetwork 192.168.0.0/16 public + + + +# Second, map the security names into group names: + +# sec.model sec.name +group MyRWGroup v1 local +group MyRWGroup v2c local +group MyRWGroup usm local +group MyROGroup v1 mynetwork +group MyROGroup v2c mynetwork +group MyROGroup usm mynetwork + + +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 + + +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + + +# System contact information + +sysLocation Somewhere in or near Leiden +sysContact Stichting Wireless Leiden / +31 71 5139817 + + +# Process checks. + +# name max min +proc sshd 8 1 +proc syslogd 1 1 +proc ntpd 1 1 +proc snmpd 1 1 +proc cron 2 1 + + +# disk checks + +# path min +#disk / 90% +#disk /var 80% +#disk /usr 80% +#disk /tmp 60% +includeAllDisks 85% + + +# load average checks + +# 1max 5max 15max +load 12 14 14 + + +# Pass through control + +# miboid exec-command +pass .1.3.6.1.4.1.2021.50 /usr/local/nagios/bin/processor + +pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf Index: /branches/trunk/nanobsd/files/usr/local/www/index.html =================================================================== --- /branches/trunk/nanobsd/files/usr/local/www/index.html (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/www/index.html (revision 10173) @@ -0,0 +1,8 @@ + + + + + + Wireless Leiden + + Index: /branches/trunk/nanobsd/files/usr/local/www/wlportal/index.cgi =================================================================== --- /branches/trunk/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10173) @@ -0,0 +1,425 @@ +#!/usr/bin/env python +# +# Wrap me around tcpserver or inetd, example usage for tcpserver (debug): +# tcpserver -HRl localhost 172.31.255.1 /root/wlportal.py +# +# Or put me in a CGI script in for example thttpd server: +# +# = Usage = +# This is a wrapper script which does very basic HTML parsing and altering of +# ipfw tables rules to build a basic Captive Portal, with basic sanity +# checking. The ACL is IP based (this is a poor mans solution, layer2 +# ACL would be much better), so don't take security very seriously. +# +# To get traffic by default to the portal iI requires a few special rules in +# ipfw to work properly (ajust IP details if needed): +# - Rule 10010-10099 needs to be free. +# - add 10100 fwd 172.20.145.1,8081 tcp from any to not 172.16.0.0/12 dst-port 80 in via wlan0 +# +# Enties older than 5 minutes not being used will be removed if the (hidden) +# argument action=cleanup is given as GET variable. So having this in cron (would fix it): +# */5 * * * * /usr/bin/fetch -q http://172.31.255.1/wlportal?action=cleanup +# +# XXX: The whitelist entries first needs to contact the wlportal.py to get +# added to the whitelist, this may cause issues during initial setup and hence +# it might be advised to create a block of static whitelist IP addresses which +# get added during boot and will never disappear. +# +# The program has uses a file based persistent cache to save authenticated +# ACLs, this will NOT get synced after a reboot. +# +# State : ALPHA +# Version : $Id$ +# Author : Rick van der Zwet +# Licence : BSDLike http://wirelessleiden.nl/LICENSE + +import logging +import os +import pickle +import re +import signal +import subprocess +import sys +import time +import traceback +import urlparse +import yaml + +# XXX: Make me dynamic for example put me in the conf file +conf = { + 'autologin' : False, + 'cmd_arp' : '/usr/sbin/arp', + 'cmd_fw' : '/sbin/ipfw', + 'portal_sponsor': 'Sponsor van Stichting Wireless Leiden', + 'portal_url' : 'http://www.wirelessleiden.nl', + 'portalroot' : '172.31.255.1', + 'refresh_delay' : 5, + 'tmpl_autologin': '/usr/local/etc/wlportal/autologin.tmpl', + 'tmpl_login' : '/usr/local/etc/wlportal/login.tmpl', + 'whitelist' : [], +} + + +logging.basicConfig(stream=open('/var/log/wlportal.log','a'),level=logging.DEBUG) + +# No failback if config does not exist, to really make sure the user knows if +# the config file failed to parse properly or is non-existing +# XXX: 5xx error code perhaps? +try: + conf.update(yaml.load(open('/usr/local/etc/wlportal/config.yaml'))) +except Exception,e: + logging.error(traceback.format_exc()) + + +class ItemCache: + """ + Very basic ItemCache used for caching registered entries and other foo, no + way recurrent, so use with care! + """ + + def __init__(self, authentication_timeout=60): + self.cachefile='/tmp/portal.cache' + # cache[mac_address] = (ipaddr, registered_at, last_seen) + self.cache = None + self.arp_cache = None + self.now = time.time() + self.authentication_timeout = authentication_timeout + + def delete_all(self): + self.cache = {} + self.save() + + def delete(self,ipaddr): + self.load() + for mac in self.cache.keys(): + if self.cache[mac][0] == ipaddr: + del self.cache[mac] + self.save() + + + def load(self): + """ Request cached file entries """ + if self.cache == None: + try: + self.cache = pickle.load(open(self.cachefile,'r')) + except IOError: + self.cache = {} + pass + + def load_arp_cache(self): + """ Provide with listing of MAC to IP numbers """ + if self.arp_cache == None: + output = subprocess.Popen([conf['cmd_arp'],'-na'], stdout=subprocess.PIPE).communicate()[0] + self.arp_cache = {} + for line in output.strip().split('\n'): + # ? (172.20.145.30) at 00:21:e9:e2:7c:c6 on wlan0 expires in 605 seconds [ethernet] + if not 'expires' in line: + continue + t = re.split('[ ()]',line) + ip, mac = t[2],t[5] + self.arp_cache[ip] = mac + + def get_mac(self,ipaddr): + self.load_arp_cache() + try: + return self.arp_cache[ipaddr] + except KeyError: + return None + + def add(self,ipaddr): + """ Add entry to cache (on file) and return entry""" + self.load() + self.load_arp_cache() + self.cache[self.arp_cache[ipaddr]] = (ipaddr, self.now, self.now) + logging.debug("Adding Entry to Cache %s -> %s" % (ipaddr, self.arp_cache[ipaddr])) + self.save() + + def save(self): + """ Sync entries to disk """ + # XXX: Should actually check if entry has changed at all + pickle.dump(self.cache, open(self.cachefile,'w')) + + def update(): + """ Update entries with relevant ARP cache """ + self.load() + self.load_arp_cache() + # Update last_seen time for currently active entries + for ip,mac in self.arp_cache.iteritems(): + if self.cache.has_key(mac): + self.cache[mac][3] = now + + # cleanup no longer used entries, after authentication_timeout seconds. + for mac in self.cache: + if self.cache[mac][3] < self.now - self.authentication_timeout: + del self.cache[mac] + + # Sync results to disk + self.save() + return self.cache + + def get_cache(self): + self.load() + return self.cache + + def get_arp_cache(self): + self.load_arp_cache() + return self.arp_cache + + +class FirewallControl: + def __init__(self): + self.first_rule = 10010 + self.last_rule = 10099 + self.available_rule = self.first_rule + self.logger = '' + + + def load(self): + # Get all registered ips + sp = subprocess.Popen([conf['cmd_fw'],'show','%i-%i' % (self.first_rule, self.last_rule)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + output = sp.communicate()[0] + self.ip_in_firewall = {} + if sp.returncode == 0: + # 10010 32 1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12 dst-port 80 + for line in output.strip().split('\n'): + t = line.split() + rule, ip = t[0], t[6] + self.ip_in_firewall[ip] = rule + + if self.available_rule == int(rule): + self.available_rule += 1 + else: + # XXX: Some nagging about no rules beeing found perhaps? + pass + + def cleanup(self): + """ Cleanup Old Entries, mostly used for maintenance runs """ + self.load() + # Make sure cache matches the latest ARP version + itemdb = ItemCache() + cache = itemdb.get_cache() + valid_ip = itemdb.get_arp_cache() + + # Check if all ipfw allowed entries still have the same registered MAC address + # else assume different user and delete. + for ip,rule in self.ip_in_firewall.iteritems(): + delete_entry = False + + # Make sure IP is still valid + if not valid_ip.has_key(ip): + delete_entry = True + # Also MAC needs to exists in Cache + elif not cache.has_key(valid_ip[ip]): + delete_entry = True + # IP need to match up with registered one + elif not cache[valid_ip[ip]][0] == ip: + delete_entry = True + + # Delete entry if needed + if delete_entry: + output = subprocess.Popen([conf['cmd_fw'],'delete',str(rule)], stdout=subprocess.PIPE).communicate()[0] + self.logger += "Deleting ipfw entry %s %s\n" % (rule, ip) + logging.debug('Deleting ipfw entry %s %s\n' % (rule, ip)) + + + def add(self,ipaddr): + """ Add Entry to Firewall, False if already exists """ + self.load() + if not self.ip_in_firewall.has_key(ipaddr): + rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12 dst-port 80".split() + rule[0] = str(self.available_rule) + rule[4] = str(ipaddr) + logging.debug("Addding %s" % " ".join(rule)) + output = subprocess.Popen([conf['cmd_fw'],'add'] + rule, stdout=subprocess.PIPE).communicate()[0] + itemdb = ItemCache() + itemdb.add(ipaddr) + self.register(ipaddr) + return True + else: + return False + + def register(self, ipaddr): + epoch = int(time.time()) + + itemdb = ItemCache() + mac = itemdb.get_mac(ipaddr) + + filename = "/var/db/clients" + file = open(filename,"a") + file.write("%s %s %s \n" % (epoch, mac, ipaddr) ) + file.close() + + + def delete(self, ipaddr): + itemdb = ItemCache() + itemdb.delete(ipaddr) + self.cleanup() + + def delete_all(self): + itemdb = ItemCache() + itemdb.delete_all() + self.cleanup() + + def get_log(self): + return self.logger + + + +# Query String Dictionaries +qs_post = None +qs = None +header = [] + +# Hybrid Setup. +# a) We are not wrapped around in a HTTP server, so this _is_ the +# HTTP server, so act like one. +if not os.environ.has_key('REQUEST_METHOD'): + class TimeoutException(Exception): + """ Helper for alarm signal handling""" + pass + + def handler(signum, frame): + """ Helper for alarm signal handling""" + raise TimeoutException + + + # Parse the HTTP/1.1 Content-Header (partially) + signal.signal(signal.SIGALRM,handler) + us = None + method = None + hostname = None + content_length = None + remote_host = None + while True: + try: + signal.alarm(1) + line = sys.stdin.readline().strip() + if not line: + break + header.append(line) + signal.alarm(0) + if line.startswith('GET '): + us = urlparse.urlsplit(line.split()[1]) + method = 'GET' + elif line.startswith('POST '): + method = 'POST' + us = urlparse.urlsplit(line.split()[1]) + elif line.startswith('Host: '): + hostname = line.split()[1] + elif line.startswith('Content-Length: '): + content_length = int(line.split()[1]) + except TimeoutException: + break + + # Capture Portal, make sure to redirect all to portal + if hostname != conf['portalroot']: + print "HTTP/1.1 302 Moved Temponary\r\n", + print "Location: http://%(portalroot)s/\r\n" % conf, + sys.exit(0) + + + # Handle potential POST + if method == 'POST' and content_length: + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + # Parse Query String + if us and us.path == "/wlportal" and us.query: + qs = urlparse.parse_qs(us.query) + + remote_host = os.environ['REMOTEHOST'] +else: + # b) CGI Script: Parse the CGI Variables if present + if os.environ['REQUEST_METHOD'] == "POST": + content_length = int(os.environ['CONTENT_LENGTH']) + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + if os.environ.has_key('QUERY_STRING'): + qs = urlparse.parse_qs(os.environ['QUERY_STRING']) + + remote_host = os.environ['REMOTE_ADDR'] + + +# Helpers for HTML 'templates' +content = conf.copy() +content.update(extra_header='',tech_footer='',status_msg='') + +# IP or MAC on the whitelist does not need to authenticate, used for devices +# which need to connect to the internet, but has no 'buttons' to press OK. +# +# This assumes that devices will re-connect if they are not able to connect +# to their original host, as we do not preserve the original URI. +ic = ItemCache() +if conf['autologin'] or remote_host in conf['whitelist'] or ic.get_mac(remote_host) in conf['whitelist']: + qs_post = { 'action' : 'login' } + +try: + # Put authenticate use and process response + if qs and qs.has_key('action'): + if 'deleteall' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries\n" + fw = FirewallControl() + fw.delete_all() + content['status_msg'] += fw.get_log() + elif 'update' in qs['action']: + tech_footer = "# [INFO] Update timestamp of all entries\n" + fw = FirewallControl() + fw.update() + content['status_msg'] += fw.get_log() + elif 'cleanup' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries" + fw = FirewallControl() + fw.delete_all() + elif qs_post and qs_post.has_key('action'): + if 'login' in qs_post['action']: + fw = FirewallControl() + if fw.add(remote_host): + content['extra_header'] = "Refresh: %(refresh_delay)s; url=%(portal_url)s\r" % content + content['status_msg'] = "Sucessfully Logged In! || " +\ + """ Will redirect you in %(refresh_delay)s seconds to %(portal_url)s """ % content + else: + content['status_msg'] = "ERROR! Already Logged On" + elif 'logout' in qs_post['action']: + fw = FirewallControl() + fw.delete(remote_host) + content['status_msg'] = "Succesfully logged out!" + +except Exception,e: + content['tech_footer'] += traceback.format_exc() + content['status_msg'] = e + pass + + # Present Main Screen +print """\ +HTTP/1.1 200 OK\r +Content-Type: text/html\r +%(extra_header)s +""" % content + +try: + tmpl_file = conf['tmpl_autologin'] if conf['autologin'] else conf['tmpl_login'] + page = open(tmpl_file,'r').read() +except IOError: + page = """ + +

%(status_msg)s

+ +

Wireless Leiden - Internet Portal

+
+ + +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ +""" + +print page % content Index: /branches/trunk/nanobsd/files/usr/local/www/wlweb/index.cgi =================================================================== --- /branches/trunk/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10173) +++ /branches/trunk/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10173) @@ -0,0 +1,36 @@ +#!/usr/local/bin/python +# +# Wireless Leiden webinterface for (embedded) nodes +# Rick van der Zwet +# Richard van Mansom (richardvm@wirelessleiden.nl), striped the webserver + +from subprocess import * +import os + +def tailFile(file): + lines=-10 + return("Tail (%i): %s
%s
" % (lines,file,Popen(["tail", str(lines), file], stdout=PIPE).communicate()[0])); + +def catFile(file): + return("File: %s
%s
" % (file,Popen(["cat", file], stdout=PIPE).communicate()[0])); + +def allRoutes(): + return("netstat -nr
%s
" % Popen(["netstat", "-n", "-r"], stdout=PIPE).communicate()[0]); + +def processList(): + return("ps -aux
%s
" % Popen(["ps", "-a", "-u", "-x"], stdout=PIPE).communicate()[0]); + + +def main(): + return ( "Content-Type: text/html\n\n" + + "" + + "Welcome to Stichting Wireless Leiden host/node " + + Popen(["hostname"], stdout=PIPE).communicate()[0] + + "

" + tailFile('/var/log/messages') + "

" + + tailFile('/var/log/debug.log') + "

" + + catFile('/var/run/dmesg.boot') + "

" + + allRoutes() + "

" + + processList() + "

" + + "$Id$" ) + +print main() Index: /branches/trunk/nanobsd/tools/config-image.sh =================================================================== --- /branches/trunk/nanobsd/tools/config-image.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/config-image.sh (revision 10173) @@ -0,0 +1,52 @@ +#!/bin/sh +# Push config onto persistent location inside node image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + p_err "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} /tools/wl-config -n -m startup + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/trunk/nanobsd/tools/deploy-image.sh =================================================================== --- /branches/trunk/nanobsd/tools/deploy-image.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/deploy-image.sh (revision 10173) @@ -0,0 +1,28 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=$1 +SLICE=${2:-''} + +if [ -z "$1" ]; then + echo "Usage $0: []" + echo "" + echo "By default update the next available slice" + exit 128 +fi + +# Find object directory +IMG=${OBJDIR}/_.disk.image + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists + exit 1 +fi + +echo "# Going to deploy $IMG to $HOST (slice:$SLICE)" +ssh $HOST mount || exit 1 +cat $IMG | ssh $HOST /tools/update$SLICE || exit 1 + +exit 0 Index: /branches/trunk/nanobsd/tools/edit-image.sh =================================================================== --- /branches/trunk/nanobsd/tools/edit-image.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/edit-image.sh (revision 10173) @@ -0,0 +1,54 @@ +#!/bin/sh +# Chroot into image to edit bits and pieces +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + p_err "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +p_info "Type exit when done" +chroot ${MNT} +p_info "Any changes are made permanent on image ${IMG}" + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/trunk/nanobsd/tools/flash-node.sh =================================================================== --- /branches/trunk/nanobsd/tools/flash-node.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/flash-node.sh (revision 10173) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# Upload image to node and flash partition +# +# Rick van der Zwet + +. $(dirname $0)/package-build.inc.sh + +if [ -z "$1" ]; then + echo "Usage: $0 [ ..]" 1>&2 + exit 128 +fi + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" +IMG=${IMG:-${OBJDIR}/_.disk.image} + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +for HOST in $*; do + cat $IMG | ssh -oBatchMode=yes $HOST /tools/update-wrapper +done + Index: /branches/trunk/nanobsd/tools/image-build.sh =================================================================== --- /branches/trunk/nanobsd/tools/image-build.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/image-build.sh (revision 10173) @@ -0,0 +1,81 @@ +#!/bin/sh +# Wrapper around nanobsd.sh with autodetection of already processed steps +# to provide some failsafe net + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" +NANOBSD='/usr/src/tools/tools/nanobsd/nanobsd.sh' + +. ${BASEDIR}/package-build.inc.sh + +FORCE_KERNEL=0 +FORCE_WORLD=0 +#XXX: Proper object handling +if [ "$1" = "-bk" ]; then + p_warn Forcefully building kernel + FORCE_KERNEL=1 +elif [ "$1" = "-bw" ]; then + p_warn Forcefully building world + FORCE_WORLD=1 +elif [ "$1" = "-f" ]; then + p_warn Forcefully building world and kernel + FORCE_KERNEL=1 + FORCE_WORLD=1 +fi +shift +NANOBSD_EXTRA=$* + +if [ ! -r "${NANOBSD}" ]; then + p_err ${NANOBSD} does not exists + exit 1 +fi + +if [ ! -x "${NANOBSD}" ]; then + NANOBSD="sh ${NANOBSD}" +fi + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + +if [ -d "${OBJDIR}" ]; then + NANOBSD_FLAGS="" + + # Detect succesfull buildworld + tail -10 ${OBJDIR}/_.bw | grep 'World build completed' + if [ $? -eq 0 -a ${FORCE_WORLD} -eq 0 ]; then + p_info NO building of world, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -w" + fi + + # Detect succesfull buildkernel + tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' + if [ $? -eq 0 -a ${FORCE_KERNEL} -eq 0 ]; then + p_info NO building of kernel, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -k" + fi + +else + p_warn Nothing yet, starting fresh + NANOBSD_FLAGS="" +fi + +# Provide verbose output by default +COMMAND="${NANOBSD} ${NANOBSD_FLAGS} -c ${CFG} -v ${NANOBSD_EXTRA}" +f_time ${COMMAND} +RETVAL=$? + +# Verify on build failures +tail -10 ${OBJDIR}/_.bw | grep 'World build completed' +if [ $? -eq 1 ]; then + p_err Building world FAILED, check ${OBJDIR}/_.bw +fi +tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' +if [ $? -eq 1 ]; then + p_err Building kernel FAILED, check ${OBJDIR}/_.bk +fi +if [ $RETVAL -ne 0 ]; then + p_err Errors in building NanoBSD Image +fi +p_info End time: `date` +exit ${RETVAL} Index: /branches/trunk/nanobsd/tools/make-release.sh =================================================================== --- /branches/trunk/nanobsd/tools/make-release.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/make-release.sh (revision 10173) @@ -0,0 +1,51 @@ +#!/bin/sh +# Small tool to build nanobsd release, ready for distribution: + +BASEDIR="`dirname $0`/.." + +# Some cleaning at start +for PORT in ${BASEDIR}/misc/ports/*/*; do + (cd $PORT; make clean); +done + +# Version target +# Either version from command line or else subversion base +VERSION=${1-`svn info ${BASEDIR} | awk '/Revision:/ {print $2}'`} + +TMPDIR=`mktemp -d -t $(basename $0 .sh)` + +PKGDIR=wl-image-$VERSION +WRKSRC=$TMPDIR/$PKGDIR +mkdir $WRKSRC +cp -R ${BASEDIR}/tools $WRKSRC +cp -R ${BASEDIR}/cfg $WRKSRC +cp -R ${BASEDIR}/misc $WRKSRC +cp -R ${BASEDIR}/files $WRKSRC +cp -R ${BASEDIR}/README.txt $WRKSRC + +# Present real image +# XXX: Make path relative +# XXX: Find some pretty options +IMG=/usr/obj/nanobsd.wleiden/_.disk.full +IMG_DIR=`dirname ${IMG}` +IMG_PKGDIR=${IMG_DIR}/${PKGDIR} +mkdir ${IMG_PKGDIR} +ln ${IMG} ${IMG_PKGDIR}/disk_full.img + +# Make pretty tar file out of it +tar --exclude ".svn" --exclude "Makefile" \ + --exclude "config.cache" --exclude "config.log" --exclude "config.status" \ + --exclude ".depend" \ + -cjf wl-image-$VERSION.tbz \ + -C $TMPDIR \ + $PKGDIR/tools \ + $PKGDIR/cfg \ + $PKGDIR/files \ + $PKGDIR/misc \ + $PKGDIR/README.txt \ + -C $IMG_DIR \ + $PKGDIR/disk_full.img + +rm -fR $TMPDIR +rm -fR $IMG_PKGDIR + Index: /branches/trunk/nanobsd/tools/package-build.inc.sh =================================================================== --- /branches/trunk/nanobsd/tools/package-build.inc.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/package-build.inc.sh (revision 10173) @@ -0,0 +1,80 @@ +# Used to store profile data +TIME_FILE=$(dirname $0)/eta-times.txt + +p_list () { +echo "$*" | sed -e 's/ /|## /g' -e 's/^/## /g' +} + +p_info () { + echo "$*" | tr '|' '\n' | sed 's/^/# /' +} + +p_warn () { + echo "$*" | tr '|' '\n' | sed 's/^/#WARN: /' +} + +p_err () { + echo "$*" | tr '|' '\n' | sed 's/^/#ERR: /' +} + +p_sleep() { + SLEEP=${1-5} + while [ "${SLEEP}" -gt 0 ]; do + printf '.' + sleep 1 + SLEEP=`expr ${SLEEP} - 1` + done + printf '\n' +} + +# Print estimation on how long it normally if going to take +f_time() { + COMMAND="$*" + ETA_TIME=` grep "${COMMAND}$" ${TIME_FILE} 2>/dev/null | awk '{print $1}'` + if [ -z "${ETA_TIME}" ]; then + ETA_TIME="NaN" + fi + + p_info Last run of "'${COMMAND}'" took ${ETA_TIME} + p_info Start time: `date` + + # Execute command + START_TIME=`date "+%s"` + $COMMAND + RETVAL=$? + STOP_TIME=`date "+%s"` + + p_info End time: `date` + # Calculate time it took + TOTAL_TIME=`expr ${STOP_TIME} - ${START_TIME}` + HUMAN_FMT=`date -ur ${TOTAL_TIME} "+%H:%M:%S"` + + # Store new time if command is succesfull + if [ "${RETVAL}" -eq 0 ]; then + grep -v "${COMMAND}$" ${TIME_FILE} > ${TIME_FILE}.tmp 2>/dev/null + echo "${HUMAN_FMT} ${COMMAND}" >> ${TIME_FILE}.tmp + mv ${TIME_FILE}.tmp ${TIME_FILE} + fi + + # Return the command it's output + return ${RETVAL} +} + +f_check_root() { + # No Root, no fun + if [ `id -u` -ne 0 ]; then + print_err Root only + exit 1 + fi +} + +# Find object directory +BASEDIR=`dirname $0` + +# Load the NanoBSD Configuration entries +NANO_CFG_FILE="${BASEDIR}/../cfg/nanobsd.wleiden" +customize_cmd() { return; } +. $NANO_CFG_FILE + +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + Index: /branches/trunk/nanobsd/tools/package-build.sh =================================================================== --- /branches/trunk/nanobsd/tools/package-build.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/package-build.sh (revision 10173) @@ -0,0 +1,179 @@ +#!/bin/sh +# Install all required packages +# XXX: Welcome to port hell, if /usr/ports has been updated, you actually want +# to delete all installed packages and start over again, hence why people used +# to run this stuff in jails, etc. + +. $(dirname $0)/package-build.inc.sh + +DEBUG=${DEBUG:-0} +DEP_CHECK_ONLY=${DEP_CHECK_ONLY:-0} + +# make options, for package building +LOGDIR=`mktemp -d "/tmp/$(basename $0 .sh)-$(date +%Y%m%d-%H:%M:%S).X"` +TARGET="`cd $(dirname $0);pwd -P`/../pkg/" + +# Package target +MAKE_ARGS="$MAKE_ARGS PACKAGES=$TARGET" +MAKE_ARGS="$MAKE_ARGS BATCH=yes PACKAGE_BUILDING=yes" + +# www/py-cherrypy +MAKE_ARGS="${MAKE_ARGS} WITH_APACHE=yes" +# net-mgmt/net-snmp +MAKE_ARGS="${MAKE_ARGS} WITHOUT_PERL=yes" +# net-mgmt/nagios-plugins +MAKE_ARGS="${MAKE_ARGS} WITH_FPING=yes" +# threads is broken in the version (atleast up to 9.0 - 20120213) +# Should be fix in current version in linux, but for some reason +# Not yet in BSD. We don't need threads +MAKE_ARGS="${MAKE_ARGS} WITHOUT_THREADS=yes" + +p_info Log directory ${LOGDIR} +p_info Make options are: +p_info $(p_list ${MAKE_ARGS}) + +p_info Checking whether there are currently unmet dependencies +RETVAL=0 +PKGS=`pkg_info | awk '{print $1}'` +for PKG in ${PKGS} ; do + PKG_DEP_FAIL="" + for PKGDEP in `pkg_info -qr ${PKG} | awk '{print $2}'`; do + pkg_info -e ${PKGDEP} + if [ $? -eq 1 ]; then + PKG_DEP_FAIL="${PKG_DEP_FAIL} ${PKGDEP}" + fi + done + if [ -n "${PKG_DEP_FAIL}" ]; then + p_err Unmet dependencies found at $PKG, please fix manually: + p_err $(p_list ${PKG_DEP_FAIL}) + RETVAL=1 + fi +done +if [ $RETVAL -eq 1 ]; then + exit 1 +fi +p_info Dependecy check ok + +if [ ${DEP_CHECK_ONLY} -eq 1 ]; then + exit 0 +fi +echo "" + + +if [ -d "${TARGET}/All" ]; then + p_warn "Deleted all (old) packages at ${TARGET}" + rm -R $TARGET/* +fi +p_info Created target dir ${TARGET}/All +mkdir -p ${TARGET}/All + +PORTSDIR='/usr/ports' +WL_PORTSDIR="`cd $(dirname $0);pwd -P`/../ports/" + +PACKAGE_LIST=`cat <>$LOGFILE 1>> $LOGFILE + if [ $? -ne 0 ]; then + p_err building ${PACKAGE} FAILED, logging at $LOGFILE + exit 1 + fi + fi + ${MAKE} package-links + PKGNAME=`make extract-message | awk '{print $NF}'` + pkg_create -b $PKGNAME $TARGET/All/${PKGNAME}.tbz + + p_info Checking dependencies + for PKG in $PKGDEP_PKGS; do + echo "${BUILD_LIST}" | grep -q "$PKG" + if [ $? -eq 0 ]; then + # Already packaged + p_info ${PKG} Already packaged + else + echo $@ | grep -q "${PKG}" + if [ $? -eq 0 ]; then + p_info ${PKG} Already planned + else + set $@ ${PKG} + fi + fi + done + p_info Packaging $PACKAGE succesfull +done + +p_info $(echo ${BUILD_LIST} | wc -w) packages build succesfully + +if [ ${DEBUG} -eq 0 ]; then + rm -R ${LOGDIR} +else + p_info Debugging enabled ${LOGDIR} saved +fi + Index: /branches/trunk/nanobsd/tools/passwd-image.sh =================================================================== --- /branches/trunk/nanobsd/tools/passwd-image.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/passwd-image.sh (revision 10173) @@ -0,0 +1,52 @@ +#!/bin/sh +# Change password if image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + p_err "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} passwd + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/trunk/nanobsd/tools/prepare-nfs.sh =================================================================== --- /branches/trunk/nanobsd/tools/prepare-nfs.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/prepare-nfs.sh (revision 10173) @@ -0,0 +1,114 @@ +#!/bin/sh +# Get nanobsd image ready to be booted from NFS +# NFS instructions at +# http://www.wirelessleiden.nl/projects/nodefactory/wiki/TestingViaNFS + +IMAGE_BASE="/usr/obj/nanobsd.wleiden" +IMAGE_SLICE="${IMAGE_BASE}/_.disk.image" +IMAGE_FULL="${IMAGE_BASE}/_.disk.full" +IMAGE_NFS="${IMAGE_SLICE}-nfs" +# Structure: $NFSBASE +# ./cfg = /cfg mounpoint +# ./base = / mountpoint +# ./nfs = /nfs mountpoint +NFSBASE='/usr/data' +MNT="${NFSBASE}/base" +CFG="${NFSBASE}/cfg" +NFS="${NFSBASE}/nfs" + +p_err() { + echo "[ERROR] $*" 1>&2 +} + +usage() { + ( + echo "Usage: $0 [-fn]" + echo " -f force umount, memory device whipes" + echo " -n do not delete/clean cfg partition" + echo " -u unload/eject procedure" + ) 1>&2 + exit 2 +} + +# No Root, no fun +if [ `id -u` -ne 0 ]; then + p_err "Root only" + exit 1 +fi + +# Argument parsing using getopts +OPT_FORCE=0 +OPT_CLEAN=1 +OPT_UNLOAD=0 +while getopts "hfnu" OPT; do + case "$OPT" in + f) OPT_FORCE=1;; + n) OPT_CLEAN=0;; + u) OPT_UNLOAD=1;; + h) usage;; + \?) usage;; + esac +done + + +# Eeks, we are going to be nasty, hold your horses +if [ $OPT_FORCE -eq 1 -o $OPT_UNLOAD -eq 1 ]; then + umount -f $MNT + for MD in `mdconfig -l -v | grep "${IMAGE_NFS}" | awk '{print $1}'`; do + mdconfig -d -u $MD + done +fi + +if [ $OPT_UNLOAD -eq 1 ]; then + echo "All done" + exit 1; +fi + +# If mount point is already used, bail out +if mount | grep -q "${MNT}"; then + p_err "'${MNT}' already mounted" + exit 1 +fi + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMAGE_NFS}"; then + MD=`mdconfig -l -v | grep "${IMAGE_NFS}" | cut -c -4` + p_err "'${IMAGE_NFS}' already mounted at '$MD'" + exit 1 +fi + + +# Prepare image for use with NFS +cp -v ${IMAGE_SLICE} ${IMAGE_NFS} + +MD=`mdconfig -a -t vnode -f ${IMAGE_NFS}` +mount /dev/${MD}a ${MNT} + +# Config files lives at NFS location +echo "mount -t nfs -o ro 192.168.4.1:${CFG}" > ${MNT}/conf/default/etc/remount + +# Create nfs mount location +mkdir ${MNT}/nfs + +# $MNT, $CFG, $NFS lives at nfs +( +echo "192.168.4.1:${MNT} / nfs ro 0 0" +echo "192.168.4.1:${CFG} /cfg nfs rw,noauto 0 0" +echo "192.168.4.1:${NFS} /nfs nfs rw 0 0" +) > /${MNT}/conf/base/etc/fstab + +if [ ${OPT_CLEAN} -eq 1 ]; then + echo "DELETING all files at ${CFG}, start fresh ;-)" + rm -vfR ${CFG}/* +else + echo "PRESERVING all files at ${CFG}" +fi + +echo "DELETING all files at ${NFS}, start fresh ;-)" +rm -vfR ${NFS}/* + +# Allow build images to be used directy via NFS +ln -f ${IMAGE_SLICE} ${NFS}/`basename ${IMAGE_SLICE}` +ln -f ${IMAGE_FULL} ${NFS}/`basename ${IMAGE_FULL}` + +# XXX: Proper unmounting after all has finished Index: /branches/trunk/nanobsd/tools/rsync-image.sh =================================================================== --- /branches/trunk/nanobsd/tools/rsync-image.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/rsync-image.sh (revision 10173) @@ -0,0 +1,43 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=${1:-10.0.42.1} +BASEDIR=`dirname $0` +if [ -n "$2" ]; then + IMG=$2 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.image +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +# Prepare image as filesystem +MNT=`mktemp -d -t $(basename $0)` +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}a ${MNT} || exit 1 + +# On error clean up nicely +trap "cd /; umount ${MNT}; rmdir ${MNT}; mdconfig -d -u ${MD}" 0 1 2 3 15 + +#XXX: Might want to do in one fly +# Set to write mode +ssh $HOST mount -uwo noatime / || exit 1 +# Sync changes +rsync -av --exclude=/dev --exclude=/etc --exclude=/var ${MNT}/ ${HOST}:/ || exit 1 +# Set to read-only mode again +ssh $HOST mount -ur / || exit 1 + +exit 0 Index: /branches/trunk/nanobsd/tools/test-inc.sh =================================================================== --- /branches/trunk/nanobsd/tools/test-inc.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/test-inc.sh (revision 10173) @@ -0,0 +1,5 @@ +#!/bin/sh +. $(dirname $0)/package-build.inc.sh + +f_time sleep 5 + Index: /branches/trunk/nanobsd/tools/upload-image.sh =================================================================== --- /branches/trunk/nanobsd/tools/upload-image.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/upload-image.sh (revision 10173) @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Upload image to the 'distribution' server. First try WL network, +# else use inet as last resort. Need to have shell access to distribution server. +# +# XXX: Needs Type and such as well properly +# +# Rick van der Zwet + +SERVERS="sunfire.wleiden.net sunfire.wirelessleiden.nl" +TIMESTAMP=`date "+%Y%m%d-%H%M"` +BASEDIR=`dirname $0` +SSH_USER=${SSH_USER:-$USER} +TYPE="$1" +RELEASE="$2" + +. $BASEDIR/package-build.inc.sh + +if [ -z "$RELEASE" ]; then + echo "Usage: $0 " + exit 1 +fi + +# Make sure we find the right image +if [ "$TYPE" = "full" ]; then + find_disk_full "" +elif [ "$TYPE" = "image" ]; then + find_disk_image "" +else + echo "Usage: $0 " + exit 1 +fi + +check_reachable() { + ping -c 2 -t 1 -q $1 1>/dev/null 2>/dev/null + return $? +} + +# XXX: Hack this should actually be done during building phase +echo "# Compressing image '$IMG'" +gzip -v -k -f $IMG +IMG="$IMG.gz" + +echo "# Trying to upload to server, alarm messages are normal" +# Upload the image to the defined place +for SERVER in $SERVERS; do + if check_reachable $SERVER; then + TARGET="$SSH_USER@$SERVER:/usr/local/www/images/$RELEASE/node-$TYPE-$TIMESTAMP.img.gz" + echo "# Source: $IMG" + echo "# Target: $TARGET" + echo "# To cancel, please CTRL+C within 3 seconds" + sleep 3 + scp $IMG $TARGET + exit $? + fi +done + Index: /branches/trunk/nanobsd/tools/write-image.sh =================================================================== --- /branches/trunk/nanobsd/tools/write-image.sh (revision 10173) +++ /branches/trunk/nanobsd/tools/write-image.sh (revision 10173) @@ -0,0 +1,74 @@ +#!/bin/sh +# Wrapper allowing to write image to card writer + +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi +IMGSIZE=`ls -l ${IMG} | awk '{print $5 / 1024 / 1024}'` + +# Make sure we are root from this point on +f_check_root + +# Find which daX device holds a active flash drive +CARD_FOUND=0 +DA_LIST=`cd /dev/; echo da[0-9]` +for DA in ${DA_LIST}; do + diskinfo ${DA} 1>/dev/null 2>/dev/null + if [ $? -eq 0 ]; then + CARD_FOUND=1 + break + fi +done + +if [ ${CARD_FOUND} -eq 0 ]; then + p_err Sorry no flash card found at active devices, list searched: + p_err $(p_list ${DA_LIST}) + exit 1 +fi + +# Detect cardreader type/version +CARDREADER=`dmesg | grep ${DA}: | awk -F'[<>]' '/Removable Direct Access/ {print $2}' | tail -1` + +#XXX: Issue last chance warning, prompting the user to bail out +p_warn Going to write ${IMG} "(${IMGSIZE}MB)" to ${DA} "(${CARDREADER})" +p_warn 5 seconds to quit using CTRL+C +p_sleep 5 + +TMPFILE=`mktemp -t dd` +p_info Writing image... "(`date`)" +# Sending INFO to dd seems to confuse it sometimes so +# make it EXPERIMENTAL for now + +if [ -n "$ENHANCED_DD" ]; then + dd if=${IMG} of=/dev/${DA} bs=64k 2>${TMPFILE} & + DD_PID=$! + sleep 0.5 + while `ps ${DD_PID} >/dev/null`; do + kill -INFO ${DD_PID} + sleep 0.1 #Micro delay allow TMPFILE to populate + SIZE_DONE=`awk '/transferred/ {print $1}' ${TMPFILE}` + SIZE_DONE=`echo "${SIZE_DONE} / 1024 / 1024" | bc -l` + PERCENT_DONE=`echo "${SIZE_DONE} / ${IMGSIZE} * 100" | bc -l` + p_info `date "+%H:%m:%S"` `printf "%.02f MB (%.01f%%)" ${SIZE_DONE} ${PERCENT_DONE}` + p_sleep 10 + : > ${TMPFILE} + done +else + dd if=${IMG} of=/dev/${DA} bs=64k +fi +rm ${TMPFILE} +p_info Image writing succesfull at /dev/$DA "(`date`)"