Index: /branches/RELENG_7/nanobsd/README.txt =================================================================== --- /branches/RELENG_7/nanobsd/README.txt (revision 10119) +++ /branches/RELENG_7/nanobsd/README.txt (revision 10119) @@ -0,0 +1,12 @@ +Please find the build procedure and other supporting documents at + +http://www.wirelessleiden.nl/projects/nodefactory/wiki/NanoBSD + += Directory layout = +README.txt = currently reading +cfg-files = extension for auto populate /cfg slice in image +cfg/kernel.* = kernel config files, different hosts +cfg/nanobsd.* = nanobsd config files +files = extension for auto populate / slice in image +pkg = Packages to be installed +tools = Helper scripts for use after image Index: /branches/RELENG_7/nanobsd/cfg/kernel.net4801 =================================================================== --- /branches/RELENG_7/nanobsd/cfg/kernel.net4801 (revision 10119) +++ /branches/RELENG_7/nanobsd/cfg/kernel.net4801 (revision 10119) @@ -0,0 +1,127 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I586_CPU +cpu I686_CPU +ident GEODE + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options ADAPTIVE_GIANT # Giant mutex is adaptive. +options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling + +# Bus support. +device pci + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +device wlan_scan_ap # 802.11 AP mode scanning. +device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE +device wlan_xauth #802.11 external authenticator support +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +options TMPFS +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + Index: /branches/RELENG_7/nanobsd/cfg/kernel.wleiden =================================================================== --- /branches/RELENG_7/nanobsd/cfg/kernel.wleiden (revision 10119) +++ /branches/RELENG_7/nanobsd/cfg/kernel.wleiden (revision 10119) @@ -0,0 +1,209 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident WLEIDEN + +options CLK_USE_I8254_CALIBRATION + +options CPU_ELAN # (mandatory) The ElanSC520 cpu has a number of quirks that needs to + # be worked around, in particular the i8254 timer ticks + # at a non-standard rate of 1189161Hz. + +options CPU_SOEKRIS # (recommended) This option sets things up for the soekris board. + # Amongst other things, this makes /dev/led/error appear. + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE # net4801 requirement + +options HZ=250 # (recommended) It is necessary to increas HZ to at least 150 in order + # to take advantage of the "ELAN" timecounter. + +options AH_SUPPORT_AR5416 + +options NO_SWAPPING # We do not have a swap space, so swapping would be pretty useless + +options SW_WATCHDOG # Watchdog option to verify various tasks and reboot if needed + + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options ADAPTIVE_GIANT # Giant mutex is adaptive. +options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling +options TMPFS + +# Bus support. +device pci +device eisa + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +#device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet +device dc # DEC/Intel21143 and clone 10/100 Ethernet + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +device wlan_scan_ap # 802.11 AP mode scanning. +device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +#device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device usb # USB Bus (required) +#device udbp # USB Double Bulk Pipe devices +device ugen # Generic +#device uhid # “Human Interface Devices” +#device ukbd # Keyboard +#device ulpt # Printer +#device umass # Disks/Mass storage - Requires scbus and da +#device ums # Mouse +device ural # Ralink Technology RT2500USB wireless NICs +#device urio # Diamond Rio 500 MP3 player +#device uscanner # Scanners +# USB Ethernet, requires mii +device aue # ADMtek USB Ethernet +device axe # ASIX Electronics USB Ethernet +device cdce # Generic USB over Ethernet +device cue # CATC USB Ethernet +device kue # Kawasaki LSI USB Ethernet +device rue # RealTek RTL8150 USB Ethernet +device udav # Davicom DM9601 USB Ethernet + +# +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + + +# Firewall fore the use of fancy stuff, like forwarding ports +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPFIREWALL_FORWARD +options IPFIREWALL_NAT +options LIBALIAS # Required for IPFIREWALL_NAT + +# Uncomment if you like to compile a debugging kernel +#options KDB +#options DDB +#options BREAK_TO_DEBUGGER +#options KDB_UNATTENDED +#makeoptions DEBUG=-g Index: /branches/RELENG_7/nanobsd/cfg/nanobsd.wleiden =================================================================== --- /branches/RELENG_7/nanobsd/cfg/nanobsd.wleiden (revision 10119) +++ /branches/RELENG_7/nanobsd/cfg/nanobsd.wleiden (revision 10119) @@ -0,0 +1,293 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# Little hack to allow proper secify of KERNL/PKG location +NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) + +NANO_NAME=wleiden.iris.releng_7 # object naam in /usr/obj/nanobsd.{obj} +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) +#NANO_DRIVE=ad1 # NanoBSD disk id, default is ad0 + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +# 200MB should is suffient of every image we might as well use all available +# space, but that increases update times +#NANO_CODESIZE=409600 # volume van de code slice, default = max beschikbaar +NANO_CODESIZE=819200 +#NANO_RAM_ETCSIZE= # volume van de /etc ramdisk, default 10240 (512bs) +#NANO_RAM_TMPVARSIZE= # volume van de /var ramdisk, default 10240 (512bs) + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# LET OP, optie nodig bij het gebruik van Alix bordjes ivm tinybios & LBA +# ondersteuning. Specifieke flash-geometrie instellingen vereist. +#NANO_BOOT0CFG="-o nopacket -s 1 -m 3" + +# +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +# 46MB +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blank) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry + +# Calculated value of PEAK hardware 1g CF card +NANO_MEDIASIZE=`expr 1008451584 / 512` +NANO_HEADS=64 +NANO_SECTS=32 + + + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + + + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +#customize_cmd cust_install_lvrouted +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches Index: /branches/RELENG_7/nanobsd/files/FILE_LISTING.txt =================================================================== --- /branches/RELENG_7/nanobsd/files/FILE_LISTING.txt (revision 10119) +++ /branches/RELENG_7/nanobsd/files/FILE_LISTING.txt (revision 10119) @@ -0,0 +1,38 @@ +# File or directory and it's purpose in this build +./boot.config # Serial console output +./boot/loader.conf # Serial console output +./conf/default/etc/.work_around_till_fix_of_pr_134513 +./conf/default/var/.work_around_till_fix_of_pr_134513 +./etc/crontab # Extra calls for pen & ntp +./etc/namedb/named.conf # Custom named configuration +./etc/ntp.conf # Custom ntp configuration +./etc/rc.conf # Highly customized rc.conf +./etc/syslog.conf # Remote syslogging enabing +./etc/ttys-nanobsd.patch # Serial console output +./root/.ssh # Template directory for authorized_keys file +./tools/change_password # Allow persistent changing of root password +./tools/dhcpd_snmp.sh # XXX +./tools/save_sshkeys # Allow persistent saving of host ssh keys +./tools/syslogd_flags.sh # XXX +./tools/updatep1 # phk image on slice 1 update script +./tools/updatep2 # phk image on slice 2 update script +./tools/wl-config # WL node specific configuration fetch and update script +./tools/wl-version # Version debug tool, gather statistics for debugging +./usr/lib/aout/.keep_me # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir +./usr/local/bin/ssh-copy-id # XXX +./usr/local/bin/write_ntpdrift # XXX +./usr/local/etc/dhcpd-snmp.conf # dhcp-snmp cofiguration +./usr/local/etc/dhcpd.conf # Initial custom dhcpd.conf +./usr/local/etc/nrpe.cfg # XXX +./usr/local/etc/ntp.drift # XXX +./usr/local/etc/rc.d/lvrouted.sh # lvrouted startup script +./usr/local/etc/rc.d/nanobsd-motd # Allow updating motd with persistent save +./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation +./usr/local/etc/rc.d/pen # Pen startup script +./usr/local/etc/rc.d/sort-proxies # Pen optimizer script +./usr/local/etc/rc.d/wlweb # WLweb configuration webinterface startup script +./usr/local/sbin/dhcpd-snmp # dhcp-snmp 'binary' +./usr/local/sbin/lvrouted.opt # lvrouted 'binary' +./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB +./usr/local/share/snmp/snmpd.conf # Custom snmpd configuration +./usr/local/wlweb # WLweb configuration webinterface program Index: /branches/RELENG_7/nanobsd/files/boot.config =================================================================== --- /branches/RELENG_7/nanobsd/files/boot.config (revision 10119) +++ /branches/RELENG_7/nanobsd/files/boot.config (revision 10119) @@ -0,0 +1,1 @@ +-h Index: /branches/RELENG_7/nanobsd/files/boot/loader.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/boot/loader.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/boot/loader.conf (revision 10119) @@ -0,0 +1,21 @@ +# No funky Beasty, but boring default, and gone in 1 second to make it go quick :-( +beastie_disable="YES" +autoboot_delay="1" + +# Some apache hyper speed module, we properly this don't need this, but still +# saves a startup warning +accf_http_load="YES" + +# Named started nagging, claiming (to many) files if unable to reach master for +# quite some time +kern.maxfiles="5000" + +# The unlucky NET4801 does not properly support DMA (we don't need it anyways) +# http://lists.soekris.com/pipermail/soekris-tech/2008-August/014788.html +hw.ata.ata_dma="0" + +# Prefers stability over preformance disable Write Caching (man 4 ata) +hw.ata.wc="0" + +# Force output to run trough the comconsole, no exceptions +console="comconsole" Index: /branches/RELENG_7/nanobsd/files/etc/crontab =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/crontab (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/crontab (revision 10119) @@ -0,0 +1,29 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +HOME=/var/log +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a +# +# Write updates for ntp.drift to flash +0 12 * * * root /usr/local/bin/write_ntpdrift Index: /branches/RELENG_7/nanobsd/files/etc/ipfw.sh =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/ipfw.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/ipfw.sh (revision 10119) @@ -0,0 +1,58 @@ +#!/bin/sh - +# Based on /etc/rc.firewall + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback + +############ + +# By default no firewalling +${fwcmd} add 65000 pass all from any to any + +# Transproxy/WLportal/Captive portal +${fwcmd} add 10000 allow tcp from any to localhost 80 +${fwcmd} add 10001 allow tcp from any to me 80 + +############ +# Reserved: WLPortal rule numbers +# 10010 - 10099 + +# Forward rules work without a base address, so needed a loop over all inet4 adresses +for IP in `ifconfig -a | awk '/inet / {print $2}'`; do + ${fwcmd} add 10100 fwd $IP,8081 tcp from any to not 172.16.0.0/12 80 +done Index: /branches/RELENG_7/nanobsd/files/etc/motd =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/motd (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/motd (revision 10119) @@ -0,0 +1,3 @@ +Stiching Wireless Leiden Node + +WWW: http://www.wirelessleiden.nl Index: /branches/RELENG_7/nanobsd/files/etc/ntp.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/ntp.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/ntp.conf (revision 10119) @@ -0,0 +1,35 @@ +#XXX: Might need to be dynamic + +server 172.17.8.68 # proxy1 +server 172.17.143.4 # proxy2 +server 172.20.128.98 # proxy3 +server 172.19.137.67 # proxy4 +server 172.19.168.66 # proxy5 +server 172.17.16.66 # proxy62 +server 172.22.0.66 # proxy_zwaluw + +# and if all failes - use our local crummy clock +server 127.127.1.0 #stratum 10 +# Optional - to provide the surroundings +# with a accurate time - unsollicted. +# +# broadcast + +# This file is generated by 'ntp-genkey -d r' +# on any of the 3 time lords; and pulled +# from Genesis. +# +# keys /etc/ntp.keys + +# Limit the number of clients concurrent +# RQs' to the levels a simple not can +# sustain. Asumming 5Mbit this translates +# to some 5000 machines. + +# Ensure that our stats and drift files +# go to writable disk (/etc mounted RO +# on the flash-rom machines). +# +driftfile /var/db/ntp.drift + + Index: /branches/RELENG_7/nanobsd/files/etc/rc.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/rc.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/rc.conf (revision 10119) @@ -0,0 +1,78 @@ +## Building options +dumpdev="NO" # No kernel dumps as we don't have a place to + # store them +gateway_enable="YES" # Act like a gateway please +ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) + +# Firewall needed for port redirection (captive portal, splash screen) +firewall_enable="YES" +firewall_script="/etc/ipfw.sh" + +# NTP server needs working config with WL network or internet on boot +# so some warnings might pop up, but no harm +ntpdate_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" + +# We need no running mail server +sendmail_enable="NONE" + +# Don't let syslog accept input from other remote hosts +syslogd_enable="YES" +syslogd_flags="-s -A -c -b 127.0.0.1" + +# Remote login without DNS checking as it might not also be functionable +# -u0 prevent sshd from making DNS requests unless the authentication mechanism +# or configuration requires it. +sshd_enable="YES" +sshd_flags="-u0" + +# Don't update the motd as it not writeable, the update_nanobsd_motd is a +# simple wrapper found at /usr/local/etc/rc.d supporting this featureg +update_motd="NO" +update_nanobsd_motd="YES" + + +## Port extentions +# Serve our clients some pretty cool IP address to at least get connected +# Also some low-memory footprint dns resolver +dnsmasq_enable="YES" + +# Monitoring deamons +nrpe_enable="YES" +snmpd_enable="YES" +snmpd_flags="-a -LF w /var/log/snmpd.log" + +# Some nodes will serve as HTTP(S) proxy server +tinyproxy_enable="NO" + + + +## WL ports extentions +wlweb_enable="YES" # WL web-interface managment +wlportal_enable="YES" # WL splash screen + +# Might need to go in machine specific configs as at some locations lvrouted +# needs to span (search for other hosts on) max /28 others perhaps a /24 +lvrouted_enable="YES" +lvrouted_flags="-u -s s00p3rs3kr3t" + +# Make sure generated ssh keys are saved +nanobsd_save_sshkeys_enable="YES" + +# Do some cool stuff with pen, like checking on best connections and reload, so +# need a wrapper instead of the conventional startup script +pen_wrapper_enable="YES" + + + +## Initial (network) configuration +# +hostname="ChangeMe.example.org" +# XXX: Maybe something cool (zero config) as initial configuration + +# Allow overwriting (and inclusion of network details) +if [ -f /etc/rc.node.local ] ; then + . /etc/rc.node.local +fi Index: /branches/RELENG_7/nanobsd/files/etc/sysctl.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/sysctl.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/sysctl.conf (revision 10119) @@ -0,0 +1,4 @@ +#XXX: Might needs to be dynamic as value depends on link length +dev.ath.0.acktimeout=35 +dev.ath.1.acktimeout=35 +dev.ath.2.acktimeout=35 Index: /branches/RELENG_7/nanobsd/files/etc/syslog.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/syslog.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/syslog.conf (revision 10119) @@ -0,0 +1,32 @@ +# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +*.* @loghost.wleiden.net +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!startslip +*.* /var/log/slip.log +!ppp +*.* /var/log/ppp.log Index: /branches/RELENG_7/nanobsd/files/etc/ttys-nanobsd.patch =================================================================== --- /branches/RELENG_7/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) +++ /branches/RELENG_7/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) @@ -0,0 +1,31 @@ +--- /etc/ttys 2009-05-01 06:56:44.000000000 +0000 ++++ ttys 2009-06-17 08:43:51.000000000 +0000 +@@ -32,19 +32,19 @@ + # when going to single-user mode. + console none unknown off secure + # +-ttyv0 "/usr/libexec/getty Pc" cons25 on secure ++ttyv0 "/usr/libexec/getty Pc" cons25 off secure + # Virtual terminals +-ttyv1 "/usr/libexec/getty Pc" cons25 on secure +-ttyv2 "/usr/libexec/getty Pc" cons25 on secure +-ttyv3 "/usr/libexec/getty Pc" cons25 on secure +-ttyv4 "/usr/libexec/getty Pc" cons25 on secure +-ttyv5 "/usr/libexec/getty Pc" cons25 on secure +-ttyv6 "/usr/libexec/getty Pc" cons25 on secure +-ttyv7 "/usr/libexec/getty Pc" cons25 on secure ++ttyv1 "/usr/libexec/getty Pc" cons25 off secure ++ttyv2 "/usr/libexec/getty Pc" cons25 off secure ++ttyv3 "/usr/libexec/getty Pc" cons25 off secure ++ttyv4 "/usr/libexec/getty Pc" cons25 off secure ++ttyv5 "/usr/libexec/getty Pc" cons25 off secure ++ttyv6 "/usr/libexec/getty Pc" cons25 off secure ++ttyv7 "/usr/libexec/getty Pc" cons25 off secure + ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure + # Serial terminals + # The 'dialup' keyword identifies dialin lines to login, fingerd etc. +-ttyd0 "/usr/libexec/getty std.9600" dialup off secure ++ttyd0 "/usr/libexec/getty std.9600" ansi on secure + ttyd1 "/usr/libexec/getty std.9600" dialup off secure + ttyd2 "/usr/libexec/getty std.9600" dialup off secure + ttyd3 "/usr/libexec/getty std.9600" dialup off secure Index: /branches/RELENG_7/nanobsd/files/root/.ssh =================================================================== --- /branches/RELENG_7/nanobsd/files/root/.ssh (revision 10119) +++ /branches/RELENG_7/nanobsd/files/root/.ssh (revision 10119) @@ -0,0 +1,1 @@ +link /etc/dot_ssh Index: /branches/RELENG_7/nanobsd/files/root/.vimrc =================================================================== --- /branches/RELENG_7/nanobsd/files/root/.vimrc (revision 10119) +++ /branches/RELENG_7/nanobsd/files/root/.vimrc (revision 10119) @@ -0,0 +1,4 @@ +syntax on +set tabstop=4 +set shiftwidth=4 +set viminfo='50,n/tmp/viminfo Index: /branches/RELENG_7/nanobsd/files/tools/change_password =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/change_password (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/change_password (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/change_password,v 1.3.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +passwd root + +cfgslice=`grep '/cfg' /etc/fstab | cut -d \ -f 1` + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +cp /etc/master.passwd /etc/passwd /etc/pwd.db /etc/spwd.db /etc/group /cfg +umount /cfg +trap 1 2 15 EXIT Index: /branches/RELENG_7/nanobsd/files/tools/dhcpd_snmp.sh =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) @@ -0,0 +1,15 @@ +#!/bin/sh +# Write dhcpd ranges to dhcpd-snmp.conf + +DHCPD="/usr/local/etc/dhcpd.conf" +DHSNMP="/usr/local/etc/dhcpd-snmp.conf" +INDEX="0" + +DHPOOL=`cat ${DHCPD} | grep range | awk '{print $2"-"$3}' | cut -d";" -f1` +for range in ${DHPOOL} +do + $((INDEX=INDEX+1)) + echo "`echo "pool:" $INDEX", pool"$INDEX", "$range | \ + sed 's/^.*(//'`" >> $DHSNMP +done + Index: /branches/RELENG_7/nanobsd/files/tools/save_sshkeys =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/save_sshkeys (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/save_sshkeys (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/save_sshkeys,v 1.4.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +mkdir -p /cfg/ssh +( +cd /etc/ssh +cp ssh_host_* /cfg/ssh +) +umount /cfg +trap 1 2 15 EXIT Index: /branches/RELENG_7/nanobsd/files/tools/syslogd_flag.sh =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/syslogd_flag.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/syslogd_flag.sh (revision 10119) @@ -0,0 +1,7 @@ +#!/bin/sh +# Set hostname for syslogd -b flag + +HOST=`cat /etc/rc.node.local | grep hostname | cut -d'"' -f2` +sed -i "" -e /syslogd_flags=/s/localhost/${HOST}/ /etc/rc.conf + + Index: /branches/RELENG_7/nanobsd/files/tools/updatep1 =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/updatep1 (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/updatep1 (revision 10119) @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep1,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 1 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep1 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s1 > /dev/null ; then + echo "You are running partition 1 already" + echo "you probably want to use 'updatep2' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s1 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s1 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s1a + +echo "a 1" | fdisk -f - ${NANO_DRIVE} +boot0cfg -s 1 -v ${NANO_DRIVE} Index: /branches/RELENG_7/nanobsd/files/tools/updatep2 =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/updatep2 (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/updatep2 (revision 10119) @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep2,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 2 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep2 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s2 > /dev/null ; then + echo "You are running partition 2 already" + echo "you probably want to use 'updatep1' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s2 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s2 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s2a + +# Update the /etc/fstab +trap "umount /mnt" 1 2 15 EXIT +mount /dev/${NANO_DRIVE}s2a /mnt +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/conf/base/etc/fstab +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/etc/fstab +umount /mnt +trap 1 2 15 EXIT + +echo "a 2" | fdisk -f - ${NANO_DRIVE} +boot0cfg -s 2 -v ${NANO_DRIVE} Index: /branches/RELENG_7/nanobsd/files/tools/wl-config =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/wl-config (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/wl-config (revision 10119) @@ -0,0 +1,241 @@ +#!/bin/sh +# Wireless Leiden config-update script for FreeBSD 7.x (nanobsd) +# Based on the 'API' of Jasper +# Rick van der Zwet +# XXX: TODO, some proper error checking for fetch + +BASEURL="http://195.169.86.131/freebsd/iris/g_list.pl" + +# Default config to fetch +CONFIG=`hostname -s` + +# Determine it's statup and running location and some other hints +# Skip named.conf as it not planned in current release +FILES="authorized_keys dnsmasq.conf rc.node.local resolv.conf" +file_details() { + case "$1" in + 'authorized_keys') + STARTUP_LOC="/cfg/dot_ssh/${FILE}" + RUNNING_LOC="/etc/dot_ssh/${FILE}" + FILE_HINT="" + ;; + 'dnsmasq.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart" + ;; + 'named.conf') + STARTUP_LOC="/cfg/namedb/${FILE}" + RUNNING_LOC="/etc/namedb/${FILE}" + FILE_HINT="/etc/rc.d/named restart" + ;; + 'rc.node.local') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="/etc/rc.d/netif restart" + ;; + 'resolv.conf') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="" + ;; + esac +} + +usage() { + ( + echo "Usage: $0 [-bn] [-c ] [-m ]" + echo " -b batch mode, no user input" + echo " -c default configuration to fetch" + echo " -n do not mount config partition" + echo " -m all copy config files to running & config partition [default]" + echo " -m startup copy config files to config partition" + echo " -m testing do not copy config files" + echo " -m running copy config files to running partition" + echo " -m hack copy running files to config partition" + ) 1>&2 + exit 2 +} + +# Argument parsing using getopts +USE_API=1 # Whether or not to use the webinterface +OPT_MOUNT=1 +OPT_RUNNING=1 +OPT_STARTUP=1 +OPT_HACK=0 # Hack for people without configuration managment and testing +OPT_BATCH=0 + +parse_options() { + while getopts "bc:nm:" OPT; do + case "$OPT" in + b) OPT_BATCH=1;; + c) CONFIG="${OPTARG}";; + n) OPT_MOUNT=0;; + m) case "$OPTARG" in + all) true;; + live) OPT_STARTUP=0;; + startup) OPT_RUNNING=0;; + testing) OPT_RUNNING=0; OPT_STARTUP=0; OPT_MOUNT=0;; + hack) OPT_RUNNING=0; OPT_STARTUP=0; OPT_HACK=1; USE_API=0;; + *) usage;; + esac;; + h) usage;; + \?) usage;; + esac + done + # Allow to override automatic mounting, in case of external mount 'managment' + if [ "$1" = "-n" ]; then + OPT_MOUNT=0 + fi + + if [ "${OPT_RUNNING}" -eq 1 ]; then + echo "INFO: Storing new config files in running configuration" + fi + + if [ "${OPT_STARTUP}" -eq 1 ]; then + echo "INFO: Storing new config files in startup configuration" + fi + + if [ "${OPT_HACK}" -eq 1 ]; then + echo "WARN: Copy running configuration to startup configuration" + echo "WARN: Please do mind to document/mention this changes somewhere" + fi + + # New line before the real work gets started + echo "" +} + + + + +# test validity of input +config_validator() { + INPUT="$1" + `grep -q "^${INPUT}\$" ${TMPDIR}/node_list.txt` + if [ $? -eq 0 ]; then + return 0 + else + echo "WARNING: Input '${INPUT}' is not valid, some hints..." + grep "${INPUT}" ${TMPDIR}/node_list.txt + return 1 + fi +} + + + +select_node() { + # List of all available nodes + fetch -q -o ${TMPDIR}/node_list.txt ${BASEURL} || exit 1 + + # Provide Nodelist and feedback + cat ${TMPDIR}/node_list.txt | column + echo ' THIS script adds the config from GENESIS to this operating system' + echo ' make sure you know what you are doing, if not press control-C' + echo ' ENTER CONFIG NAME ......(and press enter)' + + if [ ${OPT_BATCH} -eq 1 ]; then + config_validator "${CONFIG}" + if [ $? -eq 1 ]; then + echo "ERROR: Please provide valid config" 1>&2 + exit 1 + fi + else + # Have the user to select the right node + INVALID_CONFIG=1 + while [ ${INVALID_CONFIG} -eq 1 ]; do + # Ask for node name, play around with prev option + echo -n "Name [${CONFIG}]: " + read INPUT + if [ -z "${INPUT}" ]; then + INPUT=${CONFIG} + else + CONFIG=${INPUT} + fi + + config_validator "${INPUT}" + if [ $? -eq 0 ]; then + INVALID_CONFIG=0 + fi + done + fi +} + + + + +# Copy file, saving some bits if no change needed +copy_file() { + SOURCE=$1 + TARGET=$2 + diff -q ${SOURCE} ${TARGET} >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + mkdir -p `dirname ${TARGET}` || exit 1 + cp ${SOURCE} ${TARGET} || exit 1 + return $? + fi + return 1 +} + +# Main function +main() { + TMPDIR=`mktemp -d -t $(basename $0)` + # Clear out tempdir when done + if [ ${OPT_MOUNT} -eq 1 ]; then + trap "rm -Rf ${TMPDIR}; umount /cfg; mount -ro noatime /; exit" 0 1 2 3 15 + else + trap "rm -Rf ${TMPDIR}; exit" 0 1 2 3 15 + + fi + + # Mount if requested + if [ ${OPT_MOUNT} -eq 1 ]; then + mount -uwo noatime / + mount /cfg + fi + + # Select node from web-interface + if [ ${USE_API} -eq 1 ]; then + select_node + fi + + # Worker, place all files in required directory + for FILE in ${FILES}; do + if [ ${USE_API} -eq 1 ]; then + # Fetch needed file + FRESH_LOC=${TMPDIR}/${FILE} + fetch -q -o ${FRESH_LOC} ${BASEURL}/${CONFIG}/${FILE} || exit 1 + fi + + # Needed file details, like locations and hints + file_details ${FILE} + + echo "INFO: Working on file: '${FILE}'" + # Copy file boot location + if [ ${OPT_STARTUP} -eq 1 ]; then + copy_file ${FRESH_LOC} ${STARTUP_LOC} + fi + + # Copy file running location + if [ ${OPT_RUNNING} -eq 1 ]; then + copy_file ${FRESH_LOC} ${RUNNING_LOC} + if [ $? -eq 0 ]; then + echo "INFO: '${FILE}' changed" + if [ -n "${FILE_HINT}" ]; then + echo "INFO: For instant activate: ${FILE_HINT}" + echo "" + fi + fi + fi + + # Direct copy + if [ ${OPT_HACK} -eq 1 ]; then + # No checking, just dumb try to copy mode + cp -v ${RUNNING_LOC} ${STARTUP_LOC} + fi + done + + exit 0 +} + +parse_options $* +main Index: /branches/RELENG_7/nanobsd/files/tools/wl-version =================================================================== --- /branches/RELENG_7/nanobsd/files/tools/wl-version (revision 10119) +++ /branches/RELENG_7/nanobsd/files/tools/wl-version (revision 10119) @@ -0,0 +1,35 @@ +#!/bin/sh +# Get bare minimal information of node, for the use of easy debugging +# Rick van der Zwet + +# Trac specific code +echo "----" +echo "{{{" + +# Introduction +echo "Generated by $USER@`hostname`" +echo "Date: `date`" + +# Kernel information +uname -a | fold + +# Mount information, for the use of checking which slize is usd +mount + +# static iinformation, on image, like build, time, who, +VERSION='/tools/wl-release.txt' +cat $VERSION + +if [ -r /VERSION ]; then + cat /VERSION + seperator +fi + +# Current ip configuration +ifconfig -a + +# XXX: Configuration specifics + +# Trac specific code +echo "}}}" +echo "----" Index: /branches/RELENG_7/nanobsd/files/usr/local/bin/pen_wrapper =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) @@ -0,0 +1,110 @@ +#!/bin/sh +# Pen proxy wrapper, periodic check for best connections +# Stichting Wireless Leiden +# Rick van der Zwet + +BIND_ADDR=${1-172.31.255.1} +BIND_PORT=${2-3128} +DEBUG=0 + +#XXX: Really static list, some dynamic alternative prefered +PROXY_LIST="${3-172.17.8.68:3128 172.17.143.4:3128 172.20.128.98:3128 172.16.2.254:3128 172.19.168.66:3128}" + + +TEST_URL="http://www.ams-ix.net/" +TEST_INTERVAL=`expr 30 \* 60` # Back-off period in seconds, re-testing period + + +# Don't touch, unless you know what you are doing +PIDFILE='/var/run/pen.pid' +PEN='/usr/local/bin/pen' +PEN_FLAGS="-b 30 -r -p ${PIDFILE} -o prio ${BIND_ADDR}:${BIND_PORT}" + +LOGFILE='/var/log/pen_wrapper.log' + +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + if [ ${DEBUG} -eq 0 ]; then + echo "${_msg}" >> ${LOGFILE} + else + echo "${_msg}" + fi +} + +d_log() { + if [ ${DEBUG} -ne 0 ]; then + log $* + fi +} + +test_proxy() +{ + # Set proxy + PROXY=$1 + PORT=$2 + URL=$3 + export HTTP_PROXY="${PROXY}:${PORT}" + + # Attempted fetch + retstr=`fetch -T 3 -o /dev/null ${URL} 2>&1` + retval=$? + + # Store to list if successfull + if [ "${retval}" -eq 0 ]; then + BPS=`echo "${retstr}" | awk '/Bps/ {printf $4}'` + echo "${BPS} ${PROXY}" >> ${TMPFILE} + fi + return $retval +} + +sort_proxies() +{ + # Result holder + TMPFILE=`mktemp -t pen_wrapper` + + for _host in ${PROXY_LIST}; do + PROXY=`echo $_host | cut -d ":" -f1` + PORT=`echo $_host | cut -d ":" -f2` + _msg="Fetching '${TEST_URL}' via '${PROXY}:${PORT}' ..." + test_proxy ${PROXY} ${PORT} ${TEST_URL} && d_log ${_msg} "OK" || d_log ${_msg} "FAILED" + done + + _proxylist=`sort -nr ${TMPFILE} | awk '{print $2}' | tr '\n' ' '` + _cfg="0:0:1:1" + if [ -n "${_proxylist}" ]; then + _prio="0" + _proxy_arg="" + for _proxy in ${_proxylist}; do + _prio=`expr ${_prio} + 1` + _proxy_arg="${_proxy_arg} ${_proxy}:${PORT}:${_cfg}:${_prio}" + done + fi + # Clear out junk + rm -f ${TMPFILE} + NEW_PROXY_LIST="${_proxy_arg}" +} + + +## +# Main loop +LIVE_PROXY_LIST='' +while true; do + sort_proxies + if [ "${LIVE_PROXY_LIST}" != "${NEW_PROXY_LIST}" ]; then + log "INFO: New listing to be configured '${NEW_PROXY_LIST}'" + d_log "Live: ${LIVE_PROXY_LIST}" + d_log "New : ${NEW_PROXY_LIST}" + # Pen should only be started if alias exists + ifconfig | grep -q ${BIND_ADDR} + if [ $? -eq 0 ]; then + if [ -r ${PIDFILE} ]; then + kill `cat ${PIDFILE}` + fi + ${PEN} ${PEN_FLAGS} ${NEW_PROXY_LIST} + LIVE_PROXY_LIST="${NEW_PROXY_LIST}" + fi + fi + sleep ${TEST_INTERVAL} +done Index: /branches/RELENG_7/nanobsd/files/usr/local/bin/ssh-copy-id =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) @@ -0,0 +1,50 @@ +#!/bin/sh + +# Shell script to install your public key on a remote machine +# Takes the remote machine name as an argument. +# Obviously, the remote machine must accept password authentication, +# or one of the other keys in your ssh-agent, for this to work. + +ID_FILE="${HOME}/.ssh/id_rsa.pub" + +if [ "-i" = "$1" ]; then + shift + # check if we have 2 parameters left, if so the first is the new ID file + if [ -n "$2" ]; then + if expr "$1" : ".*\.pub" >/dev/null; then + ID_FILE="$1" + else + ID_FILE="$1.pub" + fi + shift # and this should leave $1 as the target name + fi +else + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then + GET_ID="$GET_ID ssh-add -L" + fi +fi + +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then + GET_ID="cat ${ID_FILE}" +fi + +if [ -z "`eval $GET_ID`" ]; then + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 + exit 1 +fi + +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 + +cat <&2 + exit $EX_NOINPUT +fi + +# Compare files, ignore white spaces, modification, etc +diff -b -B -q ${SRC} ${DST}; RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # 2: DST does not yet, exists, 1: file differs + mount -uwo noatime /cfg + mkdir -p /cfg/local + cp ${SRC} ${DST} +fi + +exit $EX_OK Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/dhcpd-snmp.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) @@ -0,0 +1,1 @@ +leases: /var/db/dhcpd.leases Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/dhcpd.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) @@ -0,0 +1,7 @@ +ddns-update-style none; + +subnet 192.168.2.0 netmask 255.255.255.0 { + option domain-name-servers 192.168.2.1 ; + option routers 192.168.2.1 ; + range 192.168.2.50 192.168.2.99 ; +} Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/nrpe.cfg =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) @@ -0,0 +1,109 @@ +############################################################################# +# Sample NRPE Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 12-30-2002 +# +# NOTES: +# This is a sample configuration file for the NRPE daemon. It needs to be +# located on the remote host that is running the NRPE daemon, not the host +# from which the check_nrpe client is being executed. +############################################################################# + + + +# PORT NUMBER +# Port number we should wait for connections on. +# NOTE: This must be a non-priviledged port (i.e. > 1024). +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +server_port=5666 + + + +# SERVER ADDRESS +# Address that nrpe should bind to in case there are more than one interface +# and you do not want nrpe to bind on all interfaces. +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +#server_address=192.168.1.1 + + + +# ALLOWED HOST ADDRESSES +# This is a comma-delimited list of IP address of hosts that are allowed +# to talk to the NRPE daemon. +# +# NOTE: The daemon only does rudimentary checking of the client's IP +# address. I would highly recommend adding entries in your +# /etc/hosts.allow file to allow only the specified host to connect +# to the port you are running this daemon on. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +allowed_hosts=127.0.0.1 + + + +# NRPE USER +# This determines the effective user that the NRPE daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_user=nagios + + + +# NRPE GROUP +# This determines the effective group that the NRPE daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_group=nagios + + + +# DEBUGGING OPTION +# This option determines whether or not debugging messages are logged to the +# syslog facility. +# Values: 0=debugging off, 1=debugging on + +debug=0 + + + +# COMMAND TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# allow plugins to finish executing before killing them off. + +command_timeout=60 + + + +# COMMAND DEFINITIONS +# Command definitions that this daemon will run. Definitions +# are in the following format: +# +# command[]= +# +# When the daemon receives a request to return the results of +# it will execute the command specified by the argument. +# +# Unlike Nagios, the command line cannot contain macros - it must be +# typed exactly as it should be executed. +# +# Note: Any plugins that are used in the command lines must reside +# on the machine that this daemon is running on! The examples below +# assume that you have plugins installed in a /usr/local/nagios/libexec +# directory. Also note that you will have to modify the definitions below +# to match the argument format the plugins expect. Remember, these are +# examples only! + +command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 +command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 +command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 20 -c 10 -p /dev/hda1 +command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20 -c 10 -p /dev/hdb1 +command[check_zombie_procs]=/usr/local/libexec/nagios/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/local/libexec/nagios/check_procs -w 150 -c 200 Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/ntp.drift =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) @@ -0,0 +1,1 @@ +0.000 Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/motd,v 1.9.10.1.4.1 2009/04/15 03:14:26 kensmith Exp $ +# + +# PROVIDE: nanobsd-motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="nanobsd_motd" +rcvar="update_nanobsd_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + echo -n 'Updating motd' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' ... /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + # XXX: Hack quick and dirty combine of /etc/rc.d/motd and /tools/savesshkeys + trap "umount /cfg" 1 2 15 EXIT + mount /cfg + cp $T /cfg/motd + chmod ${PERMS} /etc/motd + umount /cfg + trap 1 2 15 EXIT + + trap "mount -uro noatime /" 1 2 15 EXIT + mount -uwo noatime / + cp $T /etc/motd + chmod ${PERMS} /etc/motd + mount -uro noatime / + trap 1 2 15 EXIT + } + rm -f $T + + echo . +} + +load_rc_config $name +run_rc_command "$1" Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen +# REQUIRE: NETWORKING SERVERS sshd +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable nanobsd-save-sshkeys: +# +# nanobsd_save_sshkeys_enable="YES" +# + +. /etc/rc.subr + +name=nanobsd_save_sshkeys +rcvar=`set_rcvar` + +nanobsd_save_sshkeys_enable=${nanobsd_save_sshkeys_enable:-"NO"} + +start_cmd="save_sshkeys" +stop_cmd="save_sshkeys" + +save_sshkeys() { + MOUNTED_RW=0 + trap "umount /cfg" 1 2 15 EXIT + mount -ro noatime /cfg + for FILE in /etc/ssh/ssh_host_*; do + cmp -s $FILE /cfg/ssh/`basename ${FILE}` + if [ $? -ne 0 ]; then + if [ ${MOUNTED_RW} -eq 0 ]; then + mount -uwo noatime /cfg + mkdir -p /cfg/ssh + MOUNTED_RW=1 + fi + cp $FILE /cfg/ssh/`basename ${FILE}` + fi + done + + umount /cfg + trap 1 2 15 EXIT +} + + +load_rc_config $name +run_rc_command "$1" + Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/pen_wrapper =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen_wrapper +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable pen: +# +# pen_wrapper_enable="YES" +# + +. /etc/rc.subr + +pen_wrapper_cmd() { + ${command_interpreter} ${command} & +} + +name=pen_wrapper +rcvar=`set_rcvar` +start_cmd=${name}_cmd + +command_interpreter="/bin/sh" +command=/usr/local/bin/pen_wrapper + +pen_wrapper_enable=${pen_wrapper_enable:-"NO"} +pen_wrapper_flags=${pen_wrapper_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/wlportal =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/wlportal (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/wlportal (revision 10119) @@ -0,0 +1,23 @@ +#!/bin/sh +# +# $Id$ +# + +# PROVIDE: wlportal +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown + +wlportal_enable=${wlportal_enable:-"NO"} +wlportal_flags=${wlportal_flags:-} + +. /etc/rc.subr + +name="wlportal" +rcvar=`set_rcvar` +load_rc_config $name + +command="/usr/local/wlportal/wlportal" +command_interpreter="/usr/local/bin/python" +pid_file="/var/run/${name}.pid" + +run_rc_command "$1" Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/wlweb =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/wlweb (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/rc.d/wlweb (revision 10119) @@ -0,0 +1,23 @@ +#!/bin/sh +# +# $Id$ +# + +# PROVIDE: wlweb +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown + +wlweb_enable=${wlweb_enable:-"NO"} +wlweb_flags=${wlweb_flags:-} + +. /etc/rc.subr + +name="wlweb" +rcvar=`set_rcvar` +load_rc_config $name + +command="/usr/local/wlweb/main.py" +command_interpreter="/usr/local/bin/python" +pid_file="/var/run/${name}.pid" + +run_rc_command "$1" Index: /branches/RELENG_7/nanobsd/files/usr/local/etc/tinyproxy.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User nobody +Group nogroup + +# +# Port to listen on. +# +Port 3128 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/local/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/local/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/local/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/local/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/local/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/local/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/local/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/local/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Info + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 172.16.0.0/12 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +#ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +#Filter "/etc/tinyproxy/filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 Index: /branches/RELENG_7/nanobsd/files/usr/local/sbin/dhcpd-snmp =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) @@ -0,0 +1,452 @@ +#! /usr/bin/perl +# -------------------------------------------------------------------- +# Copyright (C) 2006 Oliver Hitz +# +# $Id: dhcpd-snmp.in,v 1.2 2006/01/25 19:26:00 oli Exp $ +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, +# MA 02111-1307, USA. +# -------------------------------------------------------------------- +# dhcpd-snmp +# +# An extension for polling the active and available lease counts of a +# running dhcpd. +# +# Please read the man page dhcpd-snmp(8) for instructions. +# -------------------------------------------------------------------- + +use Time::Local; +use strict; + +# The base OID of this extension. Has to match the OID in snmpd.conf: +my $baseoid = ".1.3.6.1.4.1.21695.1.2"; + +# Results are cached for some seconds so that an SNMP walk doesn't +# result in dhcpd.leases being parsed multiple times. +my $cache_secs = 60; + +# -------------------------------------------------------------------- + +my $mib; +my $mibtime; + +# Load configuration file +my $conf = read_configuration($ARGV[0]); + +# Switch on autoflush +$| = 1; + +# Main loop +while (my $cmd = ) { + chomp $cmd; + + if ($cmd eq "PING") { + print "PONG\n"; + } elsif ($cmd eq "get") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $mib = create_dhcp_mib(); + + if ($oid != 0 && defined($mib->{$oid})) { + print "$baseoid.$oid\n"; + print $mib->{$oid}[0]."\n"; + print $mib->{$oid}[1]."\n"; + } else { + print "NONE\n"; + } + } elsif ($cmd eq "getnext") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $found = 0; + + my $mib = create_dhcp_mib(); + my @s = sort { oidcmp($a, $b) } keys %{ $mib }; + for (my $i = 0; $i < @s; $i++) { + if (oidcmp($oid, $s[$i]) == -1) { + print "$baseoid.".$s[$i]."\n"; + print $mib->{$s[$i]}[0]."\n"; + print $mib->{$s[$i]}[1]."\n"; + $found = 1; + last; + } + } + if (!$found) { + print "NONE\n"; + } + } else { + # Unknown command + } +} + +exit 0; + +sub get_oid +{ + + my ($oid) = @_; + chomp $oid; + + my $base = $baseoid; + $base =~ s/\./\\./g; + + if ($oid !~ /^$base(\.|$)/) { + # Requested oid doesn't match base oid + return 0; + } + + $oid =~ s/^$base\.?//; + return $oid; +} + +sub oidcmp { + my ($x, $y) = @_; + + my @a = split /\./, $x; + my @b = split /\./, $y; + + my $i = 0; + + while (1) { + + if ($i > $#a) { + if ($i > $#b) { + return 0; + } else { + return -1; + } + } elsif ($i > $#b) { + return 1; + } + + if ($a[$i] < $b[$i]) { + return -1; + } elsif ($a[$i] > $b[$i]) { + return 1; + } + + $i++; + } +} + +sub create_dhcp_mib +{ + # We cache the results for $cache_secs seconds + if (time - $mibtime < $cache_secs) { + return $mib; + } + + # Read in all leases + read_leases(); + + my %dhcp = ( + "1" => [ "integer", 0 ], # Number of pools + ); + + foreach my $i (keys %{ $conf->{"pools"} }) { + $dhcp{"1"}[1]++; + + my $pool = $conf->{"pools"}->{$i}; + + $dhcp{"2.1.".$i} = [ "integer", $i ]; + $dhcp{"2.2.".$i} = [ "string", $pool->{"name"} ]; + $dhcp{"2.3.".$i} = [ "integer", $pool->{"total"} ]; + $dhcp{"2.4.".$i} = [ "integer", $pool->{"active"} ]; + $dhcp{"2.5.".$i} = [ "integer", $pool->{"expired"} ]; + $dhcp{"2.6.".$i} = [ "integer", $pool->{"total"} - $pool->{"active"} ]; + } + + $mib = \%dhcp; + $mibtime = time; + return $mib; +} + +sub ip2int { + my ($ip) = @_; + + if ($ip =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { + return 256*(256*(256*$1+$2)+$3)+$4; + } else { + return -1; + } +} + +sub read_leases +{ + # Clear leases + foreach my $i (keys %{ $conf->{"pools"} }) { + $conf->{"pools"}->{$i}->{"leases"} = (); + $conf->{"pools"}->{$i}->{"active"} = 0; + $conf->{"pools"}->{$i}->{"expired"} = 0; + } + + # Read leases + if (!open(LEASES, $conf->{"leases"})) { + printf STDERR "Unable to open leases file '%s'!\n", $conf->{leases}; + return; + } + + my %l = undef; + + while (my $line = ) { + if ($line =~ /^lease (\d+\.\d+\.\d+\.\d+) \{$/) { + my $ip = ip2int($1); + undef %l; + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + my $found = 0; + + foreach my $r (@{ $pool->{"ranges"} }) { + if (($ip >= $r->{"from"}) && ($ip <= $r->{"to"})) { + %l = ( "pool" => $i, "ip" => $ip ); + $found = 1; + last; + } + } + if ($found) { + last; + } + } + } elsif (defined %l && $line =~ /^\s+ends \d (\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+);$/) { + $l{"ends"} = timegm($6, $5, $4, $3, $2-1, $1); + } elsif (defined %l && $line =~ /^\s+ends never;$/) { + $l{"ends"} = -1; + } elsif (defined %l && $line =~ /^\}$/) { + $conf->{"pools"}->{$l{"pool"}}->{"leases"}->{$l{"ip"}} = $l{"ends"}; + } + } + + close(LEASES); + + # Count active and expired leases + my $now = time(); + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + + foreach my $ip (keys %{ $pool->{"leases"} }) { + my $end = $pool->{"leases"}->{$ip}; + if (($end == -1) || ($end >= $now)) { + $pool->{"active"}++; + } else { + $pool->{"expired"}++; + } + } + } +} + +sub read_configuration +{ + my ($f) = @_; + + my %conf = ( "leases" => undef, + "pools" => { } ); + + open C, "$f"; + while (my $l = ) { + $l =~ s/#.*//; + $l =~ s/^\s*//; + $l =~ s/\s*$//; + + if ($l eq "") { + next; + } + + if ($l =~ /^leases:\s*(\S+)$/) { + + $conf{"leases"} = $1; + + # Check if file is readable + if (open(LEASES, $conf{"leases"})) { + close(LEASES); + } else { + printf STDERR "Unable to open leases file '%s'!\n", $conf{"leases"}; + } + + } elsif ($l =~ /^pool:\s*(\d+)\s*,\s*("[^"]*"|[^"][^,]*)\s*,\s*(.*)$/) { + + # Read the pool definition + my %p = ( "index" => $1, + "name" => $2, + "ranges" => [ ], + "total" => 0, + "leases" => { } ); + + my @ranges = split /\s*,\s*/, $3; + + $p{"name"} =~ s/^\"//; + $p{"name"} =~ s/\"$//; + + foreach my $r (@ranges) { + if ($r !~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})-(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) { + printf STDERR "Invalid range definition '%s'.\n", $r; + next; + } + + my ($from, $to) = ($1, $2); + + my $fromip = ip2int($from); + my $toip = ip2int($to); + + if ($toip < $fromip) { + my $t = $toip; + $toip = $fromip; + $fromip = $t; + } + + $p{"total"} += $toip-$fromip+1; + + my %range = ( "from" => $fromip, + "to" => $toip ); + + push @{ $p{"ranges"} }, \%range; + } + + $conf{"pools"}{$p{"index"}} = \%p; + } else { + + printf STDERR "Invalid line '%s'.\n", $l; + + } + } + + return \%conf; +} + +__END__ + +=head1 NAME + +dhcpd-snmp + +=head1 SYNOPSIS + +dhcpd-snmp dhcpd-snmp.conf + +=head1 DESCRIPTION + +B is an extension for the Net-SNMP agent and the ISC DHCP +server. It allows you to monitor and track the address usage of your +dynamic IP address pools through SNMP. + +=head1 CONFIGURATION FILE + +The configuration file defines the location of the F +file as well as the pools of which you want to access the lease +counts. + +The file is in B format and allows only two keys: + +=over 8 + +=item B: C + +Location of the F file. This file needs to be accessible +by the script. + +=item B: C, C, C + +Defines a pool to monitor. C is a unique numeric index, +C a textual description of this pool, and C defines the ranges of IP addresses belonging to this +pool. + +=back + +Since this extension is a persistent script, changes to the +configuration file require a restart of snmpd. + +=head1 INSTALLATION + +After installing the B script and adapting the +configuration file, it is best to test it manually. This can be done +with the following dialog: + + PING + +The script should return "PONG". + + get + .1.3.6.1.4.1.21695.1.2.1 + +The script should return three lines: the OID, "integer", and the +number of configured pools. + + get + .1.3.6.1.4.1.21695.1.2.2.2.1 + +OID, "string", and the name of your first address pool. + + get + .1.3.6.1.4.1.21695.1.2.2.4.1 + +OID, "integer", and the number of active leases. + +Quit the dialog using CTRL-D. + +If everything works, insert the following line into your Net-SNMP's +B configuration file: + + pass_persist .1.3.6.1.4.1.21695.1.2 path/to/dhcpd-snmp path/to/dhcpd-snmp.conf + +Net-SNMP will need to be restarted after this change. + +You should now be able to get the statistics using F, for example: + + $ snmpwalk host community .1.3.6.1.4.1.21695.1.2 + +This should give you a list of the statistics of your DHCP server. + +=head1 MIB + +The script returns the following variables: + + .1.3.6.1.4.1.21695.1.2.1: number of configured pools + .1.3.6.1.4.1.21695.1.2.2.: pool description + .1.3.6.1.4.1.21695.1.2.3.: size of the pool (number of addresses) + .1.3.6.1.4.1.21695.1.2.4.: active leases + .1.3.6.1.4.1.21695.1.2.5.: expired leases + .1.3.6.1.4.1.21695.1.2.6.: available addresses (size - active leases) + +For a complete MIB file see the C directory in the source archive. + +=head1 SECURITY + +It is assumed that users of this script know how to properly secure +their snmpd. Please read the corresponding man pages on more +information about this. + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006 Oliver Hitz + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. + +=cut Index: /branches/RELENG_7/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) @@ -0,0 +1,2978 @@ +-- ***************************************************************** +-- IEEE802dot11-MIB : +-- IEEE 802.11 Management Information Base file +-- +-- Nov 2002, Francis Pang +-- +-- Copyright (c) 2002 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +-- ********************************************************************** +-- * IEEE 802.11 Management Information Base +-- ********************************************************************** + +IEEE802dot11-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE,Integer32, Counter32, + Unsigned32 FROM SNMPv2-SMI + + DisplayString , MacAddress, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + + ifIndex FROM RFC1213-MIB; + +-- ********************************************************************** +-- * Tree Definition +-- ********************************************************************** + + member-body OBJECT IDENTIFIER ::= { iso 2 } + us OBJECT IDENTIFIER ::= { member-body 840 } + +-- ********************************************************************** +-- * MODULE IDENTITY +-- ********************************************************************** + +ieee802dot11 MODULE-IDENTITY + LAST-UPDATED "0208300000Z" + ORGANIZATION "IEEE 802.11" + CONTACT-INFO + "WG E-mail: stds-802-11@ieee.org + + Chair: Stuart J. Kerry + Postal: Philips Semiconductors, Inc. + 1109 McKay Drive + M/S 48 SJ + San Jose, CA 95130-1706 USA + Tel: +1 408 474 7356 + Fax: +1 408 474 7247 + E-mail: stuart.kerry@philips.com + + Editor: Bob O'Hara + Postal: Informed Technology, Inc. + 1750 Nantucket Circle, Suite 138 + Santa Clara, CA 95054 USA + Tel: +1 408 986 9596 + Fax: +1 408 727 2654 + E-mail: bob@informed-technology.com" + DESCRIPTION + "The MIB module for IEEE 802.11 entities. + iso(1).member-body(2).us(840).ieee802dot11(10036)" + ::= { us 10036 } + +-- ********************************************************************** +-- * Major sections +-- ********************************************************************** + +-- Station ManagemenT (SMT) Attributes + -- DEFINED AS "The SMT object class provides the necessary support + -- at the station to manage the processes in the station such that + -- the station may work cooperatively as a part of an IEEE 802.11 + -- network." + + dot11smt OBJECT IDENTIFIER ::= { ieee802dot11 1 } + + -- dot11smt GROUPS + -- dot11StationConfigTable ::= { dot11smt 1 } + -- dot11AuthenticationAlgorithmsTable ::= { dot11smt 2 } + -- dot11WEPDefaultKeysTable ::= { dot11smt 3 } + -- dot11WEPKeyMappingsTable ::= { dot11smt 4 } + -- dot11PrivacyTable ::= { dot11smt 5 } + -- dot11SMTnotification ::= { dot11smt 6 } + -- dot11MultiDomainCapabilityTable ::= { dot11smt 7 } + +-- MAC Attributes + -- DEFINED AS "The MAC object class provides the necessary support + -- for the access control, generation, and verification of frame + -- check sequences (FCSs), and proper delivery of valid data to + -- upper layers." + + dot11mac OBJECT IDENTIFIER ::= { ieee802dot11 2 } + + -- MAC GROUPS + -- reference IEEE Std 802.1f-1993 + -- dot11OperationTable ::= { dot11mac 1 } + -- dot11CountersTable ::= { dot11mac 2 } + -- dot11GroupAddressesTable ::= { dot11mac 3 } + +-- Resource Type ID + dot11res OBJECT IDENTIFIER ::= { ieee802dot11 3 } + dot11resAttribute OBJECT IDENTIFIER ::= { dot11res 1 } + +-- PHY Attributes + -- DEFINED AS "The PHY object class provides the necessary support + -- for required PHY operational information that may vary from PHY + -- to PHY and from STA to STA to be communicated to upper layers." + + dot11phy OBJECT IDENTIFIER ::= { ieee802dot11 4 } + + -- PHY GROUPS + -- dot11PhyOperationTable ::= { dot11phy 1 } + -- dot11PhyAntennaTable ::= { dot11phy 2 } + -- dot11PhyTxPowerTable ::= { dot11phy 3 } + -- dot11PhyFHSSTable ::= { dot11phy 4 } + -- dot11PhyDSSSTable ::= { dot11phy 5 } + -- dot11PhyIRTable ::= { dot11phy 6 } + -- dot11RegDomainsSupportedTable ::= { dot11phy 7 } + -- dot11AntennasListTable ::= { dot11phy 8 } + -- dot11SupportedDataRatesTxTable ::= { dot11phy 9 } + -- dot11SupportedDataRatesRxTable ::= { dot11phy 10 } + -- dot11PhyOFDMTable ::= { dot11phy 11 } + -- dot11PhyHRDSSSTable ::= { dot11phy 12 } + -- dot11EHCCHoppingPatternTable ::= { dot11phy 13 } + +-- ********************************************************************** +-- * Textual conventions from 802 definitions +-- ********************************************************************** + + WEPKeytype ::= OCTET STRING (SIZE (5)) + +-- ********************************************************************** +-- * MIB attribute OBJECT-TYPE definitions follow +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT Station Config Table +-- ********************************************************************** + +dot11StationConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Station Configuration attributes. In tablular form to + allow for multiple instances on an agent." + ::= { dot11smt 1 } + +dot11StationConfigEntry OBJECT-TYPE + SYNTAX Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11StationConfigTable. It is + possible for there to be multiple IEEE 802.11 interfaces + on one agent, each with its unique MAC address. The + relationship between an IEEE 802.11 interface and an + interface in the context of the Internet-standard MIB is + one-to-one. As such, the value of an ifIndex object + instance can be directly used to identify corresponding + instances of the objects defined herein. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11StationConfigTable 1 } + +Dot11StationConfigEntry ::= + SEQUENCE { + dot11StationID MacAddress, + dot11MediumOccupancyLimit INTEGER, + dot11CFPollable TruthValue, + dot11CFPPeriod INTEGER, + dot11CFPMaxDuration INTEGER, + dot11AuthenticationResponseTimeOut Unsigned32, + dot11PrivacyOptionImplemented TruthValue, + dot11PowerManagementMode INTEGER, + dot11DesiredSSID OCTET STRING, + dot11DesiredBSSType INTEGER, + dot11OperationalRateSet OCTET STRING, + dot11BeaconPeriod INTEGER, + dot11DTIMPeriod INTEGER, + dot11AssociationResponseTimeOut Unsigned32, + dot11DisassociateReason INTEGER, + dot11DisassociateStation MacAddress, + dot11DeauthenticateReason INTEGER, + dot11DeauthenticateStation MacAddress, + dot11AuthenticateFailStatus INTEGER, + dot11AuthenticateFailStation MacAddress, + dot11MultiDomainCapabilityImplemented TruthValue, + dot11MultiDomainCapabilityEnabled TruthValue, + dot11CountryString OCTET STRING } + +dot11StationID OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The purpose of dot11StationID is to allow a manager to + identify a station for its own purposes. This attribute + provides for that eventuality while keeping the true MAC + address independent. Its syntax is MAC address, and the + default value is the station's assigned, unique + MAC address." + ::= { dot11StationConfigEntry 1 } + +dot11MediumOccupancyLimit OBJECT-TYPE + SYNTAX INTEGER (0..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum amount of time, + in TU, that a point coordinator (PC) may control the usage + of the wireless medium (WM) without relinquishing control + for long enough to allow at least one instance of DCF access + to the medium. The default value of this attribute shall + be 100, and the maximum value shall be 1000." + ::= { dot11StationConfigEntry 2 } + +dot11CFPollable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that + the STA is able to respond to a CF-Poll with a data frame + within a SIFS time. This attribute shall be false if + the STA is not able to respond to a CF-Poll with a data + frame within a SIFS time." + ::= { dot11StationConfigEntry 3 } + +dot11CFPPeriod OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the number of DTIM intervals + between the start of CFPs. It is modified by + MLME-START.request primitive." + ::= { dot11StationConfigEntry 4 } + +dot11CFPMaxDuration OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the maximum duration of + the CFP in TU that may be generated by the PCF. It is + modified by MLME-START.request primitive." + ::= { dot11StationConfigEntry 5 } + +dot11AuthenticationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of time units (TUs) + that a responding STA should wait for the next frame in the + authentication sequence." + ::= { dot11StationConfigEntry 6 } + +dot11PrivacyOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the IEEE + 802.11 WEP option is implemented. The default value of + this attribute shall be false." + ::= { dot11StationConfigEntry 7 } + +dot11PowerManagementMode OBJECT-TYPE + SYNTAX INTEGER { active(1), powersave(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the power management + mode of the STA. When set to active, it shall + indicate that the station is not in power-save + (PS) mode. When set to powersave, it shall indicate + that the station is in power-save mode. The power + management mode is transmitted in all frames + according to the rules in 7.1.3.1.7." + ::= { dot11StationConfigEntry 8 } + +dot11DesiredSSID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute reflects the Service Set ID (SSID) + used in the DesiredSSID parameter of the most recent + MLME_Scan.request. This value may be modified + by an external management entity and used by the + local SME to make decisions about the Scanning + process." + ::= { dot11StationConfigEntry 9 } + +dot11DesiredBSSType OBJECT-TYPE + SYNTAX INTEGER { infrastructure(1), independent(2), any(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the type of BSS the + station shall use when scanning for a BSS with + which to synchronize. This value is used to filter + Probe Response frames and Beacons. When set to + infrastructure, the station shall only synchronize + with a BSS whose Capability Information field has + the ESS subfield set to 1. When set to independent, + the station shall only synchronize with a BSS whose + Capability Information field has the IBSS subfield + set to 1. When set to any, the station may + synchronize to either type of BSS." + ::= { dot11StationConfigEntry 10 } + +dot11OperationalRateSet OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..126)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the set of data + rates at which the station may transmit data. + Each octet contains a value representing a rate. + Each rate shall be within the range from 2 to 127, + corresponding to data rates in increments of + 500 kbit/s from 1 Mbit/s to 63.5 Mbit/s, and shall + be supported (as indicated in the supported rates + table) for receiving data. This value is reported in + transmitted Beacon, Probe Request, Probe Response, + Association Request, Association Response, + Reassociation Request, and Reassociation Response + frames, and is used to determine whether a BSS + with which the station desires to synchronize is + suitable. It is also used when starting a BSS, + as specified in 10.3." + ::= { dot11StationConfigEntry 11 } + +dot11BeaconPeriod OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TUs that + a station shall use for scheduling Beacon + transmissions. This value is transmitted in Beacon + and Probe Response frames." + ::= { dot11StationConfigEntry 12 } + +dot11DTIMPeriod OBJECT-TYPE + SYNTAX INTEGER(1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of beacon + intervals that shall elapse between transmission of + Beacons frames containing a TIM element whose DTIM + Count field is 0. This value is transmitted in + the DTIM Period field of Beacon frames." + ::= { dot11StationConfigEntry 13 } + +dot11AssociationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TU that a + requesting STA should wait for a response to a + transmitted association-request MMPDU." + ::= { dot11StationConfigEntry 14 } + +dot11DisassociateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Disassociation + frame. If no Disassociation frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 15 } + +dot11DisassociateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Disassociation frame. If no Disassociation + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 16 } + +dot11DeauthenticateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Deauthentication + frame. If no Deauthentication frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 17 } + +dot11DeauthenticateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Deauthentication frame. If no Deauthentication + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 18 } + +dot11AuthenticateFailStatus OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Status Code in a failed + Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.9" + ::= { dot11StationConfigEntry 19 } + +dot11AuthenticateFailStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + failed Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + ::= { dot11StationConfigEntry 20 } + +dot11MultiDomainCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of supporting + multiple regulatory domains. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 21 } + +dot11MultiDomainCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate in multiple + regulatory domains is enabled. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 22 } + +dot11CountryString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute identifies the country in which the + station is operating. The first two octets of this + string is the two character country code as described + in document ISO/IEC 3166-1. The third octet shall + be one of the following: + + 1. an ASCII space character, if the regulations under + which the station is operating encompass all + environments in the country, + + 2. an ASCII 'O' character, if the regulations under + which the station is operating are for an Outdoor + environment only, or + + 3. an ASCII 'I' character, if the regulations under + which the station is operating are for an Indoor + environment only." + ::= { dot11StationConfigEntry 23 } + +-- ********************************************************************** +-- * End of dot11StationConfig TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * AuthenticationAlgorithms TABLE +-- ********************************************************************** + +dot11AuthenticationAlgorithmsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes shall be a set of + all the authentication algorithms supported by the + stations. The following are the default values and the + associated algorithm: + Value = 1: Open System + Value = 2: Shared Key" + REFERENCE "IEEE Std 802.11-2002, 7.3.1.1" + ::= { dot11smt 2 } + +dot11AuthenticationAlgorithmsEntry OBJECT-TYPE + SYNTAX Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Authentication + Algorithms Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AuthenticationAlgorithmsIndex } + ::= { dot11AuthenticationAlgorithmsTable 1 } + +Dot11AuthenticationAlgorithmsEntry ::= + SEQUENCE { dot11AuthenticationAlgorithmsIndex Integer32, + dot11AuthenticationAlgorithm INTEGER, + dot11AuthenticationAlgorithmsEnable TruthValue } + +dot11AuthenticationAlgorithmsIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Authentication Algorithms Table." + ::= { dot11AuthenticationAlgorithmsEntry 1 } + +dot11AuthenticationAlgorithm OBJECT-TYPE + SYNTAX INTEGER { openSystem(1), sharedKey(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute shall be a set of all the authentication + algorithms supported by the STAs. The following are the + default values and the associated algorithm. + Value = 1: Open System + Value = 2: Shared Key" + ::= { dot11AuthenticationAlgorithmsEntry 2 } + +dot11AuthenticationAlgorithmsEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when true at a station, shall enable the acceptance + of the authentication algorithm described in the corresponding table + entry in authentication frames received by the station that have odd + authentication sequence numbers. The default value of this attribute + shall be 1 for the Open System table entry and 2 for all other table + entries." + ::= { dot11AuthenticationAlgorithmsEntry 3 } + +-- ********************************************************************** +-- * End of AuthenticationAlgorithms TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPDefaultKeys TABLE +-- ********************************************************************** + +dot11WEPDefaultKeysTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP default keys. This table shall + contain the four WEP default secret key values + corresponding to the four possible KeyID values. The WEP + default secret keys are logically WRITE-ONLY. Attempts to + read the entries in this table shall return unsuccessful + status and values of null or zero. The default value of + each WEP default key shall be null." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 3 } + +dot11WEPDefaultKeysEntry OBJECT-TYPE + SYNTAX Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Default Keys Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPDefaultKeyIndex} + ::= { dot11WEPDefaultKeysTable 1 } + +Dot11WEPDefaultKeysEntry ::= + SEQUENCE { dot11WEPDefaultKeyIndex INTEGER, + dot11WEPDefaultKeyValue WEPKeytype } + +dot11WEPDefaultKeyIndex OBJECT-TYPE + SYNTAX INTEGER (1..4) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Default Keys Table. + The value of this variable is equal to the WEPDefaultKeyID + 1" + ::= { dot11WEPDefaultKeysEntry 1 } + +dot11WEPDefaultKeyValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A WEP default secret key value." + ::= { dot11WEPDefaultKeysEntry 2 } + +-- ********************************************************************** +-- * End of WEPDefaultKeys TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPKeyMappings TABLE +-- ********************************************************************** + +dot11WEPKeyMappingsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP Key Mappings. The MIB supports + the ability to share a separate WEP key for each RA/TA + pair. The Key Mappings Table contains zero or one entry + for each MAC address and contains two fields for each + entry: WEPOn and the corresponding WEP key. The WEP key + mappings are logically WRITE-ONLY. Attempts to read the + entries in this table shall return unsuccessful status and + values of null or zero. The default value for all WEPOn + fields is false." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 4 } + +dot11WEPKeyMappingsEntry OBJECT-TYPE + SYNTAX Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Key Mappings Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPKeyMappingIndex } + ::= { dot11WEPKeyMappingsTable 1 } + +Dot11WEPKeyMappingsEntry ::= + SEQUENCE { dot11WEPKeyMappingIndex Integer32, + dot11WEPKeyMappingAddress MacAddress, + dot11WEPKeyMappingWEPOn TruthValue, + dot11WEPKeyMappingValue WEPKeytype, + dot11WEPKeyMappingStatus RowStatus } + +dot11WEPKeyMappingIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Key Mappings Table." + ::= { dot11WEPKeyMappingsEntry 1 } + +dot11WEPKeyMappingAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The MAC address of the STA for which the values from this + key mapping entry are to be used." + ::= { dot11WEPKeyMappingsEntry 2 } + +dot11WEPKeyMappingWEPOn OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Boolean as to whether WEP is to be used when communicating + with the dot11WEPKeyMappingAddress STA." + ::= { dot11WEPKeyMappingsEntry 3 } + +dot11WEPKeyMappingValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A WEP secret key value." + ::= { dot11WEPKeyMappingsEntry 4 } + +dot11WEPKeyMappingStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the WEP key + mapping Table." + DEFVAL { active } + ::= { dot11WEPKeyMappingsEntry 5 } + +-- ********************************************************************** +-- * End of WEPKeyMappings TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PrivacyTable TABLE +-- ********************************************************************** + +dot11PrivacyTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes concerned with IEEE 802.11 + Privacy. Created as a table to allow multiple + instantiations on an agent." + ::= { dot11smt 5 } + +dot11PrivacyEntry OBJECT-TYPE + SYNTAX Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PrivacyTable Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PrivacyTable 1 } + +Dot11PrivacyEntry ::= + SEQUENCE { dot11PrivacyInvoked TruthValue, + dot11WEPDefaultKeyID INTEGER, + dot11WEPKeyMappingLength Unsigned32, + dot11ExcludeUnencrypted TruthValue, + dot11WEPICVErrorCount Counter32, + dot11WEPExcludedCount Counter32 } + +dot11PrivacyInvoked OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that the IEEE + 802.11 WEP mechanism is used for transmitting frames of type + Data. The default value of this attribute shall be false." + ::= { dot11PrivacyEntry 1 } + +dot11WEPDefaultKeyID OBJECT-TYPE + SYNTAX INTEGER (0..3) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the use of the first, + second, third, or fourth element of the WEPDefaultKeys + array when set to values of zero, one, two, or three. The + default value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 2 } + +dot11WEPKeyMappingLength OBJECT-TYPE + SYNTAX Unsigned32 (10..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of tuples that dot11WEPKeyMappings can hold." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 3 } + +dot11ExcludeUnencrypted OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, the STA shall not indicate at + the MAC service interface received MSDUs that have the WEP + subfield of the Frame Control field equal to zero. When this + attribute is false, the STA may accept MSDUs that have the WEP + subfield of the Frame Control field equal to zero. The default + value of this attribute shall be false." + ::= { dot11PrivacyEntry 4 } + +dot11WEPICVErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to one and the value + of the ICV as received in the frame does not match the ICV value + that is calculated for the contents of the received frame." + ::= { dot11PrivacyEntry 5 } + +dot11WEPExcludedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to zero and the value + of dot11ExcludeUnencrypted causes that frame to be discarded." + ::= { dot11PrivacyEntry 6 } + +-- ********************************************************************** +-- * End of dot11Privacy TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT notification Objects +-- ********************************************************************** + +dot11SMTnotification OBJECT IDENTIFIER ::= { dot11smt 6 } + +dot11Disassociate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DisassociateReason, dot11DisassociateStation } + STATUS current + DESCRIPTION + "The disassociate notification shall be sent when the STA + sends a Disassociation frame. The value of the notification + shall include the MAC address of the MAC to which the Disassociation + frame was sent and the reason for the disassociation. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 1 } + +dot11Deauthenticate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DeauthenticateReason, dot11DeauthenticateStation } + STATUS current + DESCRIPTION + "The deauthenticate notification shall be sent when the STA + sends a Deauthentication frame. The value of the notification + shall include the MAC address of the MAC to which the Deauthentication + frame was sent and the reason for the deauthentication. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 2 } + +dot11AuthenticateFail NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11AuthenticateFailStatus, dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The authenticate failure notification shall be sent when the STA + sends an Authentication frame with a status code other than + 'successful'. The value of the notification + shall include the MAC address of the MAC to which the Authentication + frame was sent and the reason for the authentication failure. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 3 } + + +-- ********************************************************************** +-- * End of SMT notification Objects +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11MultiDomainCapability TABLE +-- ******************************************************************** + +dot11MultiDomainCapabilityTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes for + cross-domain mobility." + ::= { dot11smt 7 } + +dot11MultiDomainCapabilityEntry OBJECT-TYPE + SYNTAX Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Multiple Domain + Capability Table. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are + indexed by ifIndex." + INDEX { ifIndex, + dot11MultiDomainCapabilityIndex } + ::= { dot11MultiDomainCapabilityTable 1 } + +Dot11MultiDomainCapabilityEntry ::= + SEQUENCE { dot11MultiDomainCapabilityIndex Integer32, + dot11FirstChannelNumber Integer32, + dot11NumberofChannels Integer32, + dot11MaximumTransmitPowerLevel Integer32 } + +dot11MultiDomainCapabilityIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Multi Domain Capability Table." + ::= { dot11MultiDomainCapabilityEntry 1 } + +dot11FirstChannelNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the lowest + channel number in the subband for the associated domain + country string. The default value of this attribute + shall be zero." + ::= { dot11MultiDomainCapabilityEntry 2 } + +dot11NumberofChannels OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the total + number of channels allowed in the subband for the + associated domain country string. The default value of + this attribute shall be zero." + ::= { dot11MultiDomainCapabilityEntry 3 } + +dot11MaximumTransmitPowerLevel OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum transmit power, + in dBm, allowed in the subband for the associated domain + country string. The default value of this attribute shall + be zero." + ::= { dot11MultiDomainCapabilityEntry 4 } + +-- ******************************************************************** +-- * End of dot11MultiDomainCapability TABLE +-- ******************************************************************** + + +-- ********************************************************************** +-- * MAC Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11OperationTable TABLE +-- ********************************************************************** + +dot11OperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group contains MAC attributes pertaining to the operation + of the MAC. This has been implemented as a table in order + to allow for multiple instantiations on an agent." + ::= { dot11mac 1 } + +dot11OperationEntry OBJECT-TYPE + SYNTAX Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11OperationEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11OperationTable 1 } + +Dot11OperationEntry ::= + SEQUENCE { dot11MACAddress MacAddress, + dot11RTSThreshold INTEGER, + dot11ShortRetryLimit INTEGER, + dot11LongRetryLimit INTEGER, + dot11FragmentationThreshold INTEGER, + dot11MaxTransmitMSDULifetime Unsigned32, + dot11MaxReceiveLifetime Unsigned32, + dot11ManufacturerID DisplayString, + dot11ProductID DisplayString } + +dot11MACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Unique MAC Address assigned to the STA." + ::= { dot11OperationEntry 1 } + +dot11RTSThreshold OBJECT-TYPE + SYNTAX INTEGER (0..2347) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the number of octets in an MPDU, + below which an RTS/CTS handshake shall not be performed. An + RTS/CTS handshake shall be performed at the beginning of any + frame exchange sequence where the MPDU is of type Data or + Management, the MPDU has an individual address in the Address1 + field, and the length of the MPDU is greater than + this threshold. (For additional details, refer to Table 21 in + 9.7.) Setting this attribute to be larger than the maximum + MSDU size shall have the effect of turning off the RTS/CTS + handshake for frames of Data or Management type transmitted by + this STA. Setting this attribute to zero shall have the effect + of turning on the RTS/CTS handshake for all frames of Data or + Management type transmitted by this STA. The default value of + this attribute shall be 2347." + ::= { dot11OperationEntry 2 } + +dot11ShortRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is less + than or equal to dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 7." + ::= { dot11OperationEntry 3 } + +dot11LongRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is + greater than dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 4." + ::= { dot11OperationEntry 4 } + +dot11FragmentationThreshold OBJECT-TYPE + SYNTAX INTEGER (256..2346) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the current maximum size, in + octets, of the MPDU that may be delivered to the PHY. An MSDU + shall be broken into fragments if its size exceeds the value + of this attribute after adding MAC headers and trailers. An MSDU + or MMPDU shall be fragmented when the resulting frame has an + individual address in the Address1 field, and the length of the + frame is larger than this threshold. The default value for this + attribute shall be the lesser of 2346 or the aMPDUMaxLength of + the attached PHY and shall never exceed the lesser of 2346 or + the aMPDUMaxLength of the attached PHY. The value of this + attribute shall never be less than 256. " + ::= { dot11OperationEntry 5 } + +dot11MaxTransmitMSDULifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxTransmitMSDULifetime shall be the elapsed time in TU, + after the initial transmission of an MSDU, after which further + attempts to transmit the MSDU shall be terminated. The default + value of this attribute shall be 512." + ::= { dot11OperationEntry 6 } + +dot11MaxReceiveLifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxReceiveLifetime shall be the elapsed time in TU, + after the initial reception of a fragmented MMPDU or MSDU, + after which further attempts to reassemble the MMPDU or + MSDU shall be terminated. The default value shall be + 512." + ::= { dot11OperationEntry 7 } + +dot11ManufacturerID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ManufacturerID shall include, at a minimum, the name + of the manufacturer. It may include additional + information at the manufacturer's discretion. The default + value of this attribute shall be null." + ::= { dot11OperationEntry 8 } + +dot11ProductID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ProductID shall include, at a minimum, an identifier + that is unique to the manufacturer. It may include + additional information at the manufacturer's discretion. + The default value of this attribute shall be null." + ::= { dot11OperationEntry 9 } + +-- ********************************************************************** +-- * End of dot11OperationEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11Counters TABLE +-- ********************************************************************** + +dot11CountersTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes that are MAC counters. + Implemented as a table to allow for multiple + instantiations on an agent." + ::= { dot11mac 2 } + +dot11CountersEntry OBJECT-TYPE + SYNTAX Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11CountersEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11CountersTable 1 } + +Dot11CountersEntry ::= + SEQUENCE { dot11TransmittedFragmentCount Counter32, + dot11MulticastTransmittedFrameCount Counter32, + dot11FailedCount Counter32, + dot11RetryCount Counter32, + dot11MultipleRetryCount Counter32, + dot11FrameDuplicateCount Counter32, + dot11RTSSuccessCount Counter32, + dot11RTSFailureCount Counter32, + dot11ACKFailureCount Counter32, + dot11ReceivedFragmentCount Counter32, + dot11MulticastReceivedFrameCount Counter32, + dot11FCSErrorCount Counter32, + dot11TransmittedFrameCount Counter32, + dot11WEPUndecryptableCount Counter32 } + +dot11TransmittedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for an acknowledged MPDU + with an individual address in the address 1 field or an MPDU + with a multicast address in the address 1 field of type Data + or Management." + ::= { dot11CountersEntry 1 } + +dot11MulticastTransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment only when the multicast bit + is set in the destination MAC address of a successfully + transmitted MSDU. When operating as a STA in an ESS, where + these frames are directed to the AP, this implies having + received an acknowledgment to all associated MPDUs." + ::= { dot11CountersEntry 2 } + +dot11FailedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is not transmitted + successfully due to the number of transmit attempts exceeding + either the dot11ShortRetryLimit or dot11LongRetryLimit." + ::= { dot11CountersEntry 3 } + +dot11RetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after one or more retransmissions." + ::= { dot11CountersEntry 4 } + +dot11MultipleRetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after more than one retransmission." + ::= { dot11CountersEntry 5 } + +dot11FrameDuplicateCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received + that the Sequence Control field indicates is a + duplicate." + ::= { dot11CountersEntry 6 } + +dot11RTSSuccessCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is received in + response to an RTS." + ::= { dot11CountersEntry 7 } + +dot11RTSFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is not received in + response to an RTS." + ::= { dot11CountersEntry 8 } + +dot11ACKFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an ACK is not received + when expected." + ::= { dot11CountersEntry 9 } + +dot11ReceivedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for each successfully + received MPDU of type Data or Management." + ::= { dot11CountersEntry 10 } + +dot11MulticastReceivedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a MSDU is received + with the multicast bit set in the destination + MAC address." + ::= { dot11CountersEntry 11 } + +dot11FCSErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an FCS error is + detected in a received MPDU." + ::= { dot11CountersEntry 12 } + +dot11TransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment for each successfully transmitted MSDU." + ::= { dot11CountersEntry 13 } + +dot11WEPUndecryptableCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with + the WEP subfield of the Frame Control field set to one and the + WEPOn value for the key mapped to the TA's MAC address + indicates that the frame should not have been encrypted or + that frame is discarded due to the receiving STA not + implementing the privacy option." + ::= { dot11CountersEntry 14 } + +-- ********************************************************************** +-- * End of dot11CountersEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * GroupAddresses TABLE +-- ********************************************************************** + +dot11GroupAddressesTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual table containing a set of MAC addresses + identifying the multicast addresses for which this STA + will receive frames. The default value of this attribute + shall be null." + ::= { dot11mac 3 } + +dot11GroupAddressesEntry OBJECT-TYPE + SYNTAX Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Group Addresses Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11GroupAddressesIndex} + ::= { dot11GroupAddressesTable 1 } + +Dot11GroupAddressesEntry ::= + SEQUENCE { dot11GroupAddressesIndex Integer32, + dot11Address MacAddress, + dot11GroupAddressesStatus RowStatus } + +dot11GroupAddressesIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Group Addresses Table." + ::= { dot11GroupAddressesEntry 1 } + +dot11Address OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "MAC address identifying a multicast addresses + from which this STA will receive frames." + ::= { dot11GroupAddressesEntry 2 } + +dot11GroupAddressesStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the Group + Addresses Table." + DEFVAL { active } + ::= { dot11GroupAddressesEntry 3 } + +-- ********************************************************************** +-- * End of GroupAddress TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * Resource Type Attribute Templates +-- ********************************************************************** + +dot11ResourceTypeIDName OBJECT-TYPE + SYNTAX DisplayString (SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the name of the Resource Type ID managed object. + The attribute is read-only and always contains the value + RTID. This attribute value shall not be used as a naming + attribute for any other managed object class." + REFERENCE "IEEE Std 802.1F-1993, A.7" + DEFVAL { "RTID" } + ::= { dot11resAttribute 1 } + +-- ********************************************************************** +-- * dot11ResourceInfo TABLE +-- ********************************************************************** + +dot11ResourceInfoTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provides a means of indicating, in data readable from a + managed object, information that identifies the source of + the implementation." + REFERENCE "IEEE Std 802.1F-1993, A.7" + ::= { dot11resAttribute 2 } + +dot11ResourceInfoEntry OBJECT-TYPE + SYNTAX Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11ResourceInfo Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11ResourceInfoTable 1 } + +Dot11ResourceInfoEntry ::= + SEQUENCE { dot11manufacturerOUI OCTET STRING, + dot11manufacturerName DisplayString, + dot11manufacturerProductName DisplayString, + dot11manufacturerProductVersion DisplayString } + +dot11manufacturerOUI OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Takes the value of an organizationally unique identifier." + ::= { dot11ResourceInfoEntry 1 } + +dot11manufacturerName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer of the + resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 2 } + +dot11manufacturerProductName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer's product + name of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 3 } + +dot11manufacturerProductVersion OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Printable string used to identify the manufacturer's product + version of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 4 } + +-- ********************************************************************** +-- * End of dot11ResourceInfo TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * PHY Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyOperation TABLE +-- ********************************************************************** + +dot11PhyOperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "PHY level attributes concerned with + operation. Implemented as a table indexed on + + ifIndex to allow for multiple instantiations on an + Agent." + ::= { dot11phy 1 } + +dot11PhyOperationEntry OBJECT-TYPE + SYNTAX Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOperation Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOperationTable 1 } + +Dot11PhyOperationEntry ::= + SEQUENCE { dot11PHYType INTEGER, + dot11CurrentRegDomain Integer32, + dot11TempType INTEGER } + +dot11PHYType OBJECT-TYPE + SYNTAX INTEGER { fhss(1), dsss(2), irbaseband(3), ofdm(4), + hrdsss(5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an 8-bit integer value that identifies the PHY type + supported by the attached PLCP and PMD. Currently defined + values and their corresponding PHY types are: + + FHSS 2.4 GHz = 01 , DSSS 2.4 GHz = 02, IR Baseband = 03, + OFDM 5GHz = 04, HRDSSS = 05" + ::= { dot11PhyOperationEntry 1 } + +dot11CurrentRegDomain OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current regulatory domain this instance of the PMD is + supporting. This object corresponds to one of the + RegDomains listed in dot11RegDomainsSupported." + ::= { dot11PhyOperationEntry 2 } + +dot11TempType OBJECT-TYPE + SYNTAX INTEGER { tempType1(1), tempType2(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operating temperature requirements + dependent on the anticipated environmental conditions. This + attribute describes the current PHY's operating temperature + range capability. Currently defined values and their + corresponding temperature ranges are: + + Type 1 = X'01'-Commercial range of 0 to 40 degrees C, + + Type 2 = X'02'-Industrial range of -30 to 70 degrees C." + ::= { dot11PhyOperationEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOperation TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyAntenna TABLE +-- ********************************************************************** + +dot11PhyAntennaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for PhyAntenna. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an agent." + ::= { dot11phy 2} + +dot11PhyAntennaEntry OBJECT-TYPE + SYNTAX Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyAntenna Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyAntennaTable 1 } + +Dot11PhyAntennaEntry ::= + SEQUENCE { dot11CurrentTxAntenna Integer32, + dot11DiversitySupport INTEGER, + dot11CurrentRxAntenna Integer32 } + +dot11CurrentTxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to transmit. This value + is one of the values appearing in dot11SupportedTxAntenna. This + may be used by a management agent to control which antenna is + used for transmission. " + ::= { dot11PhyAntennaEntry 1 } + +dot11DiversitySupport OBJECT-TYPE + SYNTAX INTEGER { fixedlist(1), notsupported(2), dynamic(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This implementation's support for diversity, encoded as: + + X'01'-diversity is available and is performed over the fixed + list of antennas defined in dot11DiversitySelectionRx. + + X'02'-diversity is not supported. + + X'03'-diversity is supported and control of diversity is also + available, in which case the attribute + dot11DiversitySelectionRx can be dynamically modified by the + LME." + ::= { dot11PhyAntennaEntry 2 } + +dot11CurrentRxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to receive, if the dot11 + DiversitySupport indicates that diversity is not supported. + The selected antenna shall be one of the antennae marked + for receive in the dot11AntennasListTable." + ::= { dot11PhyAntennaEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyAntenna TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyTxPower TABLE +-- ********************************************************************** + +dot11PhyTxPowerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyTxPowerTable. Implemented + as a table indexed on STA ID to allow for multiple + instances on an Agent." + ::= { dot11phy 3} + +dot11PhyTxPowerEntry OBJECT-TYPE + SYNTAX Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyTxPower Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyTxPowerTable 1 } + +Dot11PhyTxPowerEntry ::= + SEQUENCE { dot11NumberSupportedPowerLevels INTEGER, + dot11TxPowerLevel1 INTEGER, + dot11TxPowerLevel2 INTEGER, + dot11TxPowerLevel3 INTEGER, + dot11TxPowerLevel4 INTEGER, + dot11TxPowerLevel5 INTEGER, + dot11TxPowerLevel6 INTEGER, + dot11TxPowerLevel7 INTEGER, + dot11TxPowerLevel8 INTEGER, + dot11CurrentTxPowerLevel INTEGER } + +dot11NumberSupportedPowerLevels OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of power levels supported by the PMD. + This attribute can have a value of 1 to 8." + ::= { dot11PhyTxPowerEntry 1 } + +dot11TxPowerLevel1 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL1 in mW. + This is also the default power level." + ::= { dot11PhyTxPowerEntry 2 } + +dot11TxPowerLevel2 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL2 in mW." + ::= { dot11PhyTxPowerEntry 3 } + +dot11TxPowerLevel3 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL3 in mW." + ::= { dot11PhyTxPowerEntry 4 } + +dot11TxPowerLevel4 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL4 in mW." + ::= { dot11PhyTxPowerEntry 5 } + +dot11TxPowerLevel5 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL5 in mW." + ::= { dot11PhyTxPowerEntry 6 } + +dot11TxPowerLevel6 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL6 in mW." + ::= { dot11PhyTxPowerEntry 7 } + +dot11TxPowerLevel7 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL7 in mW." + ::= { dot11PhyTxPowerEntry 8 } + +dot11TxPowerLevel8 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL8 in mW." + ::= { dot11PhyTxPowerEntry 9 } + +dot11CurrentTxPowerLevel OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The TxPowerLevel N currently being used to transmit data. + Some PHYs also use this value to determine the receiver + sensitivity requirements for CCA." + ::= { dot11PhyTxPowerEntry 10 } + +-- ********************************************************************** +-- * End of dot11PhyTxPower TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyFHSS TABLE +-- ********************************************************************** + +dot11PhyFHSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyFHSSTable. Implemented as a + table indexed on STA ID to allow for multiple instances on + an Agent." + ::= { dot11phy 4 } + +dot11PhyFHSSEntry OBJECT-TYPE + SYNTAX Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyFHSS Table. + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyFHSSTable 1 } + +Dot11PhyFHSSEntry ::= + SEQUENCE { dot11HopTime INTEGER, + dot11CurrentChannelNumber INTEGER, + dot11MaxDwellTime INTEGER, + dot11CurrentDwellTime INTEGER, + dot11CurrentSet INTEGER, + dot11CurrentPattern INTEGER, + dot11CurrentIndex INTEGER, + dot11EHCCPrimeRadix Integer32, + dot11EHCCNumberofChannelsFamilyIndex Integer32, + dot11EHCCCapabilityImplemented TruthValue, + dot11EHCCCapabilityEnabled TruthValue, + dot11HopAlgorithmAdopted INTEGER, + dot11RandomTableFlag TruthValue, + dot11NumberofHoppingSets Integer32, + dot11HopModulus Integer32, + dot11HopOffset Integer32 } + +dot11HopTime OBJECT-TYPE + SYNTAX INTEGER (224) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time in microseconds for the PMD to change from + channel 2 to channel 80." + ::= { dot11PhyFHSSEntry 1 } + +dot11CurrentChannelNumber OBJECT-TYPE + SYNTAX INTEGER (0..200) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current channel number of the frequency output by the RF + synthesizer." + ::= { dot11PhyFHSSEntry 2 } + +dot11MaxDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum time in TU that the transmitter + is permitted to operate on a single channel." + ::= { dot11PhyFHSSEntry 3 } + +dot11CurrentDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current time in TU that the transmitter shall operate + on a single channel, as set by the MAC. Default is 19 TU." + ::= { dot11PhyFHSSEntry 4 } + +dot11CurrentSet OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current set of patterns the PLME + is using to determine the hopping sequence. " + ::= { dot11PhyFHSSEntry 5 } + +dot11CurrentPattern OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current pattern the PLME is + using to determine the hop sequence." + ::= { dot11PhyFHSSEntry 6 } + +dot11CurrentIndex OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current index value the PLME is using to determine + the CurrentChannelNumber." + ::= { dot11PhyFHSSEntry 7 } + +dot11EHCCPrimeRadix OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the prime radix (N) in the HCC and + EHCC algorithms." + ::= { dot11PhyFHSSEntry 8 } + +dot11EHCCNumberofChannelsFamilyIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the maximum for the family index (a) + in the HCC and EHCC algorithms. The value of + this field shall not be less than the prime + radix minus 3 (N - 3). The valid range of + allowed values is (N - 1), (N - 2), and (N - 3)." + ::= { dot11PhyFHSSEntry 9 } + +dot11EHCCCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of generating + the HCC or EHCC algorithms for determining Hopping + patterns. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 10 } + +dot11EHCCCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate using the HCC + or EHCC algorithms for determining Hopping Patterns + is enabled. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 11 } + +dot11HopAlgorithmAdopted OBJECT-TYPE + SYNTAX INTEGER { crnt(1), hopindex(2), hcc(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates which of the algorithms + will be used to generate the Hopping Patterns. + Valid values are: + + 1 - hopping patterns as defined in clause 14 + 2 - hop index method (with or without table) + 3 - HCC/EHCC method" + ::= { dot11PhyFHSSEntry 12 } + +dot11RandomTableFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates that a Random Table is + present when the value is True. When the value is + False it indicates that a Random Table is not + present and that the hop index method is to be + used to determine the hopping sequence. The default + value of this attribute is True." + ::= { dot11PhyFHSSEntry 13 } + +dot11NumberofHoppingSets OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Number of Sets field indicates the total + number of sets within the hopping patterns." + ::= { dot11PhyFHSSEntry 14 } + +dot11HopModulus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of allowed channels for the hopping + set. This is defined by the governing regulatory + agency for the country code of the country + in which this device is operating." + ::= { dot11PhyFHSSEntry 15 } + +dot11HopOffset OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The next position in the hopping set." + ::= { dot11PhyFHSSEntry 16 } + +-- ********************************************************************** +-- * End of dot11PhyFHSS TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyDSSSEntry. Implemented as a + table indexed on ifIndex allow for multiple instances on + an Agent." + ::= { dot11phy 5 } + +dot11PhyDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyDSSSTable 1 } + +Dot11PhyDSSSEntry ::= + SEQUENCE { dot11CurrentChannel INTEGER, + dot11CCAModeSupported INTEGER, + dot11CurrentCCAMode INTEGER, + dot11EDThreshold Integer32 } + +dot11CurrentChannel OBJECT-TYPE + SYNTAX INTEGER (1..14) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current operating frequency channel of the DSSS + PHY. Valid channel numbers are as defined in 15.4.6.2" + ::= { dot11PhyDSSSEntry 1 } + +dot11CCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11CCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04 + or the logical sum of any of these values. This + attribute shall not be used to indicate the CCA modes + supported by a higher rate extension PHY. Rather, the + dot11HRCCAModeSupported attribute shall be used to + indicate the CCA modes of the higher rate extension PHY." + ::= { dot11PhyDSSSEntry 2 } + +dot11CurrentCCAMode OBJECT-TYPE + SYNTAX INTEGER { edonly(1), csonly(2), edandcs(4), cswithtimer(8), + hrcsanded(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current CCA method in operation. Valid values are: + energy detect only (edonly) = 01, + carrier sense only (csonly) = 02, + carrier sense and energy detect (edandcs)= 04 + carrier sense with timer (cswithtimer)= 08 + high rate carrier sense and energy detect (hrcsanded)=16." + ::= { dot11PhyDSSSEntry 3 } + +dot11EDThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current Energy Detect Threshold being used by the DSSS PHY." + ::= { dot11PhyDSSSEntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyIR TABLE +-- ********************************************************************** + +dot11PhyIRTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyIRTable. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an Agent." + ::= { dot11phy 6 } + +dot11PhyIREntry OBJECT-TYPE + SYNTAX Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyIR Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyIRTable 1 } + +Dot11PhyIREntry ::= + SEQUENCE { dot11CCAWatchdogTimerMax Integer32, + dot11CCAWatchdogCountMax Integer32, + dot11CCAWatchdogTimerMin Integer32, + dot11CCAWatchdogCountMin Integer32 } + +dot11CCAWatchdogTimerMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogCountMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 1 } + +dot11CCAWatchdogCountMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogTimerMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 2 } + +dot11CCAWatchdogTimerMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogTimerMax can be + set." + ::= { dot11PhyIREntry 3 } + +dot11CCAWatchdogCountMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogCount can be set." + ::= { dot11PhyIREntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyIR TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11RegDomainsSupported TABLE +-- ********************************************************************** + +dot11RegDomainsSupportedTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40', Others = X'00' " + ::= { dot11phy 7} + +dot11RegDomainsSupportedEntry OBJECT-TYPE + SYNTAX Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11RegDomainsSupportedTable. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11RegDomainsSupportedIndex } + ::= { dot11RegDomainsSupportedTable 1 } + +Dot11RegDomainsSupportedEntry ::= + SEQUENCE { dot11RegDomainsSupportedIndex Integer32, + dot11RegDomainsSupportedValue INTEGER } + +dot11RegDomainsSupportedIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the RegDomainsSupport Table." + ::= { dot11RegDomainsSupportedEntry 1 } + +dot11RegDomainsSupportedValue OBJECT-TYPE + SYNTAX INTEGER { fcc(16), doc(32), etsi(48), spain (49), france(50), + mkk (64) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40' " + ::= { dot11RegDomainsSupportedEntry 2 } + +-- ********************************************************************** +-- * End of dot11RegDomainsSupported TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11AntennasList TABLE +-- ********************************************************************** + +dot11AntennasListTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table represents the list of antennae. An antenna can be + marked to be capable of transmitting, receiving, and/or for + participation in receive diversity. Each entry in this table + represents a single antenna with its properties. The maximum + number of antennae that can be contained in this table is 255." + ::= { dot11phy 8 } + +dot11AntennasListEntry OBJECT-TYPE + SYNTAX Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11AntennasListTable, representing the properties + of a single antenna. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AntennaListIndex } + ::= { dot11AntennasListTable 1 } + +Dot11AntennasListEntry ::= + SEQUENCE { dot11AntennaListIndex Integer32, + dot11SupportedTxAntenna TruthValue, + dot11SupportedRxAntenna TruthValue, + dot11DiversitySelectionRx TruthValue } + +dot11AntennaListIndex OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index of an antenna which is used to identify the columnar + objects in the dot11AntennasList Table." + ::= { dot11AntennasListEntry 1 } + +dot11SupportedTxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used as a transmit antenna." + ::= { dot11AntennasListEntry 2 } + +dot11SupportedRxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by the + dot11AntennaIndex xan be used as a receive antenna." + ::= { dot11AntennasListEntry 3 } + +dot11DiversitySelectionRx OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used for receive diversity. This object + may only be true if the antenna can be used as a receive antenna, + as indicated by dot11SupportedRxAntenna." + ::= { dot11AntennasListEntry 4 } + +-- ********************************************************************** +-- * End of dot11AntennasList TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesTx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesTxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11phy 9 } + +dot11SupportedDataRatesTxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesTx + Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesTxIndex } + ::= { dot11SupportedDataRatesTxTable 1 } + +Dot11SupportedDataRatesTxEntry ::= + SEQUENCE { dot11SupportedDataRatesTxIndex Integer32, + dot11SupportedDataRatesTxValue Integer32 } + +dot11SupportedDataRatesTxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesTxEntry 1 } + +dot11SupportedDataRatesTxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11SupportedDataRatesTxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesTx TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesRx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesRxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'002-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11phy 10 } + +dot11SupportedDataRatesRxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesRx Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesRxIndex } + ::= { dot11SupportedDataRatesRxTable 1 } + +Dot11SupportedDataRatesRxEntry ::= + SEQUENCE { dot11SupportedDataRatesRxIndex Integer32, + dot11SupportedDataRatesRxValue Integer32 } + +dot11SupportedDataRatesRxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesRxEntry 1 } + +dot11SupportedDataRatesRxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11SupportedDataRatesRxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesRx TABLE +-- ********************************************************************** + +--********************************************************************** +-- * dot11PhyOFDM TABLE +--********************************************************************** + +dot11PhyOFDMTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyOFDMTable. Implemented as a + table indexed on ifindex to allow for multiple instances on + an Agent." + ::= { dot11phy 11 } + +dot11PhyOFDMEntry OBJECT-TYPE + SYNTAX Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOFDM Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOFDMTable 1 } + +Dot11PhyOFDMEntry ::= + SEQUENCE { dot11CurrentFrequency INTEGER, + dot11TIThreshold Integer32, + dot11FrequencyBandsSupported INTEGER } + +dot11CurrentFrequency OBJECT-TYPE + SYNTAX INTEGER (0..99) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of the current operating frequency channel of the OFDM PHY." + ::= { dot11PhyOFDMEntry 1 } + +dot11TIThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Threshold being used to detect a busy medium (frequency). + CCA shall report a busy medium upon detecting the RSSI above + this threshold." + ::= { dot11PhyOFDMEntry 2 } + +dot11FrequencyBandsSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The capability of the OFDM PHY implementation to operate in + the three U-NII bands. Coded as an integer value of a three + bit field as follows: + bit 0 .. capable of operating in the lower (5.15-5.25 GHz) + U-NII band + bit 1 .. capable of operating in the middle (5.25-5.35 GHz) + U-NII band + bit 2 .. capable of operating in the upper (5.725-5.825 GHz) + U-NII band + For example, for an implementation capable of operating in the + lower and mid bands this attribute would take the value 3." + ::= { dot11PhyOFDMEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOFDM TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyHRDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyHRDSSSEntry. + Implemented as a table indexed on ifIndex to allow for + multiple instances on an Agent." + ::= { dot11phy 12 } + +dot11PhyHRDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyHRDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyHRDSSSTable 1 } + +Dot11PhyHRDSSSEntry ::= + SEQUENCE { dot11ShortPreambleOptionImplemented TruthValue, + dot11PBCCOptionImplemented TruthValue, + dot11ChannelAgilityPresent TruthValue, + dot11ChannelAgilityEnabled TruthValue, + dot11HRCCAModeSupported INTEGER } + +dot11ShortPreambleOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the + short preamble option as defined in subclause 18.2.2.2 + is implemented. The default value of this attribute + shall be false." + ::= {dot11PhyHRDSSSEntry 1 } + +dot11PBCCOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the PBCC + modulation option as defined in subclause 18.4.6.6 is + implemented. The default value of this attribute shall + be false." + ::= {dot11PhyHRDSSSEntry 2 } + +dot11ChannelAgilityPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY is capable of + channel agility." + ::= { dot11PhyHRDSSSEntry 3 } + +dot11ChannelAgilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY channel agility + functionality is enabled." + ::= { dot11PhyHRDSSSEntry 4 } + +dot11HRCCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11HRCCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04, + carrier sense with timer (CS_and_Timer)= 08, + high rate carrier sense and energy detect + (HRCS_and_ED)= 16 + or the logical sum of any of these values. In + the high rate extension PHY, this attribute shall + be used in preference to the dot11CCAModeSupported + attribute." + ::= { dot11PhyHRDSSSEntry 5 } + +-- ********************************************************************** +-- * End of dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11 Hopping Pattern TABLE +-- ******************************************************************** + +dot11HoppingPatternTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of attributes necessary for + a frequency hopping implementation to be able to + create the hopping sequences necessary to operate + in the subband for the associated domain country string." + ::= { dot11phy 13 } + +dot11HoppingPatternEntry OBJECT-TYPE + SYNTAX Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Hopping Pattern Table + that indicates the random hopping sequence to be followed. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are indexed + by ifIndex." + INDEX { ifIndex, + dot11HoppingPatternIndex } + ::= { dot11HoppingPatternTable 1 } + +Dot11HoppingPatternEntry ::= + SEQUENCE { + dot11HoppingPatternIndex Integer32, + dot11RandomTableFieldNumber Integer32 } + +dot11HoppingPatternIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Hopping Pattern Table." + ::= { dot11HoppingPatternEntry 1} + +dot11RandomTableFieldNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the + starting channel number in the hopping sequence of + the subband for the associated domain country string. + The default value of this attribute shall be zero." + ::= { dot11HoppingPatternEntry 2} + +-- ********************************************************************** +-- * End of dot11 Hopping Pattern TABLE +--********************************************************************** + +-- ********************************************************************** +-- * Conformance Information +-- ********************************************************************** + +dot11Conformance OBJECT IDENTIFIER ::= { ieee802dot11 5 } +dot11Groups OBJECT IDENTIFIER ::= { dot11Conformance 1 } +dot11Compliances OBJECT IDENTIFIER ::= { dot11Conformance 2 } + +-- ********************************************************************** +-- * Compliance Statements +-- ********************************************************************** + +dot11Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities + that implement the IEEE 802.11 MIB." + MODULE -- this module + MANDATORY-GROUPS { + dot11SMTbase2, + dot11MACbase, dot11CountersGroup, + dot11SmtAuthenticationAlgorithms, + dot11ResourceTypeID, dot11PhyOperationComplianceGroup } + + GROUP dot11PhyDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of dsss. This group is + mutually exclusive with the groups dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyIRComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of irbaseband. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyFHSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of fhss. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyOFDMComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of ofdm. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyFHSSComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyHRDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of hrdsss. This group is + mutually exclusive with the groups + dot11PhyDSSSComplianceGroup, dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup and dot11PhyOFDMComplianceGroup." + + -- OPTIONAL-GROUPS { dot11SMTprivacy, dot11MACStatistics, + -- dot11PhyAntennaComplianceGroup, dot11PhyTxPowerComplianceGroup, + -- dot11PhyRegDomainsSupportGroup, + -- dot11PhyAntennasListGroup, dot11PhyRateGroup } + + ::= { dot11Compliances 1 } + +-- ********************************************************************** +-- * Groups - units of conformance +-- ********************************************************************** + +dot11SMTbase OBJECT-GROUP + OBJECTS { dot11StationID, dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut } + STATUS deprecated + DESCRIPTION + "The SMT object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 1 } + +dot11SMTprivacy OBJECT-GROUP + OBJECTS { dot11PrivacyInvoked, + dot11WEPKeyMappingLength, dot11ExcludeUnencrypted, + dot11WEPICVErrorCount , dot11WEPExcludedCount , + dot11WEPDefaultKeyID, + dot11WEPDefaultKeyValue, + dot11WEPKeyMappingWEPOn, + dot11WEPKeyMappingValue , dot11WEPKeyMappingAddress, + dot11WEPKeyMappingStatus } + STATUS current + DESCRIPTION + "The SMTPrivacy package is a set of attributes that shall be + present if WEP is implemented in the STA." + ::= { dot11Groups 2 } + +dot11MACbase OBJECT-GROUP + OBJECTS { dot11MACAddress, dot11Address, + dot11GroupAddressesStatus, + dot11RTSThreshold, dot11ShortRetryLimit, + dot11LongRetryLimit, dot11FragmentationThreshold, + dot11MaxTransmitMSDULifetime, + dot11MaxReceiveLifetime, dot11ManufacturerID, + dot11ProductID } + STATUS current + DESCRIPTION + "The MAC object class provides the necessary support for the + access control, generation, and verification of frame check + sequences (FCSs), and proper delivery of valid data to upper + layers." + ::= { dot11Groups 3 } + +dot11MACStatistics OBJECT-GROUP + OBJECTS { dot11RetryCount, dot11MultipleRetryCount, + dot11RTSSuccessCount, dot11RTSFailureCount, + dot11ACKFailureCount, dot11FrameDuplicateCount } + STATUS current + DESCRIPTION + "The MACStatistics package provides extended statistical + information on the operation of the MAC. This + package is completely optional." + ::= { dot11Groups 4 } + +dot11ResourceTypeID OBJECT-GROUP + OBJECTS { dot11ResourceTypeIDName, dot11manufacturerOUI, + dot11manufacturerName, dot11manufacturerProductName, + dot11manufacturerProductVersion } + STATUS current + DESCRIPTION + "Attributes used to identify a STA, its manufacturer, + and various product names and versions." + ::= { dot11Groups 5 } + +dot11SmtAuthenticationAlgorithms OBJECT-GROUP + OBJECTS { dot11AuthenticationAlgorithm, + dot11AuthenticationAlgorithmsEnable } + STATUS current + DESCRIPTION + "Authentication Algorithm Table." + ::= { dot11Groups 6 } + +dot11PhyOperationComplianceGroup OBJECT-GROUP + OBJECTS { dot11PHYType, dot11CurrentRegDomain, dot11TempType } + STATUS current + DESCRIPTION + "PHY layer operations attributes." + ::= { dot11Groups 7 } + +dot11PhyAntennaComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentTxAntenna, dot11DiversitySupport, + dot11CurrentRxAntenna } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 8 } + +dot11PhyTxPowerComplianceGroup OBJECT-GROUP + OBJECTS { dot11NumberSupportedPowerLevels, dot11TxPowerLevel1, + dot11TxPowerLevel2, dot11TxPowerLevel3, dot11TxPowerLevel4, + dot11TxPowerLevel5, dot11TxPowerLevel6, dot11TxPowerLevel7, + dot11TxPowerLevel8, dot11CurrentTxPowerLevel } + STATUS current + DESCRIPTION + "Attributes for Control and Management of transmit power." + ::= { dot11Groups 9 } + +dot11PhyFHSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex} + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11." + ::= { dot11Groups 10 } + +dot11PhyDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold} + STATUS current + DESCRIPTION + "Attributes that configure the DSSS for IEEE 802.11." + ::= { dot11Groups 11 } + +dot11PhyIRComplianceGroup OBJECT-GROUP + OBJECTS { dot11CCAWatchdogTimerMax, dot11CCAWatchdogCountMax, + dot11CCAWatchdogTimerMin, dot11CCAWatchdogCountMin} + STATUS current + DESCRIPTION + "Attributes that configure the baseband IR for IEEE 802.11." + ::= { dot11Groups 12 } + +dot11PhyRegDomainsSupportGroup OBJECT-GROUP + OBJECTS { dot11RegDomainsSupportedValue} + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 13} + +dot11PhyAntennasListGroup OBJECT-GROUP + OBJECTS { dot11SupportedTxAntenna, + dot11SupportedRxAntenna, dot11DiversitySelectionRx } + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 14 } + +dot11PhyRateGroup OBJECT-GROUP + OBJECTS { dot11SupportedDataRatesTxValue, + dot11SupportedDataRatesRxValue } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 15 } + +dot11CountersGroup OBJECT-GROUP + OBJECTS { dot11TransmittedFragmentCount, + dot11MulticastTransmittedFrameCount, + dot11FailedCount, dot11ReceivedFragmentCount, + dot11MulticastReceivedFrameCount, + dot11FCSErrorCount, + dot11WEPUndecryptableCount, + dot11TransmittedFrameCount } + STATUS current + DESCRIPTION + "Attributes from the dot11CountersGroup that are not described + in the dot11MACStatistics group. These objects are + mandatory." + ::= { dot11Groups 16 } + +dot11NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { dot11Disassociate, + dot11Deauthenticate, + dot11AuthenticateFail } + STATUS current + DESCRIPTION + "IEEE 802.11 notifications" + ::= { dot11Groups 17 } + +dot11SMTbase2 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The SMTbase2 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 18 } + +dot11PhyOFDMComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentFrequency, + dot11TIThreshold, + dot11FrequencyBandsSupported } + STATUS current + DESCRIPTION + "Attributes that configure the OFDM for IEEE 802.11." + ::= { dot11Groups 19 } + +dot11SMTbase3 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation, + dot11MultiDomainCapabilityImplemented, + dot11MultiDomainCapabilityEnabled, + dot11CountryString } + STATUS current + DESCRIPTION + "The SMTbase3 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network, when the STA + is capable of multi-domain operation. This object group should be + implemented when the multi-domain capability option is implemented." + ::= { dot11Groups 20 } + +dot11MultiDomainCapabilityGroup OBJECT-GROUP + OBJECTS { dot11FirstChannelNumber, + dot11NumberofChannels, + dot11MaximumTransmitPowerLevel } + STATUS current + DESCRIPTION + "The dot11MultiDomainCapabilityGroup object class provides + the objects necessary to manage the channels usable by a STA, + when the multi-domain capability option is implemented." + ::= { dot11Groups 21 } + +dot11PhyFHSSComplianceGroup2 OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex, dot11EHCCPrimeRadix, + dot11EHCCNumberofChannelsFamilyIndex, + dot11EHCCCapabilityImplemented, dot11EHCCCapabilityEnabled, + dot11HopAlgorithmAdopted, dot11RandomTableFlag, + dot11NumberofHoppingSets, dot11HopModulus, + dot11HopOffset, dot11RandomTableFieldNumber } + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11 when multi-domain capability option is implemented." + ::= { dot11Groups 22 } + +dot11PhyHRDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold, + dot11ShortPreambleOptionImplemented, + dot11PBCCOptionImplemented, dot11ChannelAgilityPresent, + dot11ChannelAgilityEnabled, dot11HRCCAModeSupported } + STATUS current + DESCRIPTION + "Attributes that configure the HRDSSS for IEEE 802.11." + ::= { dot11Groups 23 } + +-- ********************************************************************** +-- * End of 802.11 MIB +-- ********************************************************************** + +END + Index: /branches/RELENG_7/nanobsd/files/usr/local/share/snmp/snmpd.conf =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) @@ -0,0 +1,81 @@ +# snmpd.conf + +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec local localhost public +com2sec mynetwork 172.16.0.0/12 public +com2sec mynetwork 10.0.0.0/8 public +com2sec mynetwork 192.168.0.0/16 public + + + +# Second, map the security names into group names: + +# sec.model sec.name +group MyRWGroup v1 local +group MyRWGroup v2c local +group MyRWGroup usm local +group MyROGroup v1 mynetwork +group MyROGroup v2c mynetwork +group MyROGroup usm mynetwork + + +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 + + +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + + +# System contact information + +sysLocation Somewhere in or near Leiden +sysContact Stichting Wireless Leiden / +31 71 5139817 + + +# Process checks. + +# name max min +proc lvrouted.opt 1 1 +proc sshd 8 1 +proc syslogd 1 1 +proc ntpd 1 1 +proc snmpd 1 1 +proc dhcpd 1 1 +proc pen 1 1 +proc cron 2 1 +proc named 1 1 + + +# disk checks + +# path min +#disk / 90% +#disk /var 80% +#disk /usr 80% +#disk /tmp 60% +includeAllDisks 85% + + +# load average checks + +# 1max 5max 15max +load 12 14 14 + + +# Pass through control + +# miboid exec-command +pass .1.3.6.1.4.1.2021.50 /usr/local/nagios/bin/processor + +pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf Index: /branches/RELENG_7/nanobsd/files/usr/local/wlportal/README.txt =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/wlportal/README.txt (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/wlportal/README.txt (revision 10119) @@ -0,0 +1,18 @@ +# Something like this for the firewall script +## By default no firewalling +#${fwcmd} add 65000 pass all from any to any +# +## Transproxy/WLportal/Captive portal +#${fwcmd} add 10000 allow tcp from any to localhost 80 +#${fwcmd} add 10001 allow tcp from any to me 80 +# +############# +## Reserved: WLPortal rule numbers +## 10010 - 10099 +# +## Forward rules work without a base address, so needed a loop over all inet4 adresses +#for IP in `ifconfig -a | awk '/inet / {print $2}'`; do +# ${fwcmd} add 10100 fwd $IP,8081 tcp from any to not 172.16.0.0/12 80 +#done + + Index: /branches/RELENG_7/nanobsd/files/usr/local/wlportal/index.html.tmpl =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/wlportal/index.html.tmpl (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/wlportal/index.html.tmpl (revision 10119) @@ -0,0 +1,44 @@ + + + Welcome to Wireless Leiden captive portal + + +

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Internet access via Wireless Leiden without proxy-setting is a.o. available at the Central Public Library, Nieuwstraat 4, Leiden. +

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation doesnot accept any responsibility whatsoever for damage related to or originated from the use of the network. +
+ + + +
+ +

Connection statistics:

+
    +
  • Your MAC (hardware) address: %(MAC)s
    • +
  • Your current WirelessLeiden IP address: %(IP)s
    • +
  • You have tried to access %(URI)s
    • +
+
+ + + Maintenance and status information of %(HOSTNAME)s + + - + Wireless Leiden Homepage +
+ $Id$ + + + Index: /branches/RELENG_7/nanobsd/files/usr/local/wlportal/wlportal =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/wlportal/wlportal (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/wlportal/wlportal (revision 10119) @@ -0,0 +1,312 @@ +#!/usr/local/bin/python +# +# Wireless Leidencaptive portal for (embedded) nodes +# Rick van der Zwet + + +import BaseHTTPServer +import getopt +import os +import sys +from signal import signal, SIGINFO +from subprocess import Popen,PIPE, call +from socket import gethostname +from threading import Thread +from time import asctime, time, sleep +from urlparse import urlparse, parse_qs + + +HOST_NAME = '' # Serve on all ip's +PORT_NUMBER = 8081 # Capture port + +## Number seconds before re-auth again +# On if debugging, set this number to 10 sec +CLIENT_TIMEOUT = 24 * 60 * 60 # 1 day + +## Wait time between checks for gone clients, increase on host with many clients +# and less IP addresses +CHECK_INTERVAL = 60 + +# Template file to use for displaying purposes +current_dir = os.path.dirname(os.path.abspath(__file__)) +INDEX_FILE = current_dir + '/index.html.tmpl' + +# ipfw specifics (80 clients allowed) +RULES_START = 10010 # ipfw rules starting point +RULES_END = 10099 # ipfw last rule allowed + +# List ip ip addreses which are cleared for access +# key : ip_addr +# value : mac_addr +hosts_allowed = {} + +# UNIX timestamp when host will be pushed back to portal again +# key : ip_addr +# value : expire time in epoch +host_expire = {} + +# ifpw specifics +# key : ip_addr +# value : ipfw rule +host_to_rule = {} +free_rules = range(RULES_START, RULES_END) + +def get_mac_addr(ip_addr): + """Return mac_addr string""" + # XXX: Error checking if no mac is found + # Get arp addr, for safefity, to check later on + ## ChangeMe# arp -n 10.0.42.2 + ## ? (10.0.42.2) at 00:22:41:26:ec:4e on vr1 [ethernet] + output = Popen(["arp", "-n", ip_addr], stdout=PIPE).communicate()[0] + return output.split(' ')[3] + +def add_host(ip_addr): + """Add host to firewall""" + global hosts_allowed, host_expire, host_to_rule, free_rules + #XXX: Always assumped to be OK + + # Bookkeeping + hosts_allowed[ip_addr] = get_mac_addr(ip_addr) + host_expire[ip_addr] = time() + CLIENT_TIMEOUT + + # Rule book keeping + rule_nr = free_rules.pop(0) + host_to_rule[ip_addr] = rule_nr + + # Rule adding to firewall + cmd = ["ipfw", "-q", "add" , str(rule_nr), "allow", "tcp", "from", ip_addr, "to", "not", "172.16.0.0/12", "dst-port", "80"] + call(cmd) + + +def delete_host(ip_addr): + """Delete host from firewall""" + global hosts_allowed, host_expire,host_to_rule, free_rules + # Rule remove from firewall + rule_nr = host_to_rule[ip_addr] + cmd = ["ipfw", "delete", str(rule_nr)] + call(cmd) + + # Book keeping + del hosts_allowed[ip_addr] + del host_expire[ip_addr] + del host_to_rule[ip_addr] + free_rules.append(rule_nr) + +def clear_firewall(): + """Delete all custom rules from firewall to gain consistency""" + global hosts_allowed, host_expire,host_to_rule, free_rules + global RULES_START, RULES_END + + # Delete all rules + ##ChangeMe# ipfw show 10002-10009 + ##10002 0 0 allow tcp from 10.0.42.2 to not 172.16.0.0/12 dst-port 80 + ##10003 0 0 allow tcp from 10.0.42.2 to not 172.16.0.0/12 dst-port 80 + output = Popen(["ipfw", "show", str(RULES_START) + '-' + str(RULES_END)], stdout=PIPE,stderr=open('/dev/null', 'w')).communicate()[0].strip() + if output: + for line in output.split('\n'): + cmd = ["ipfw", "delete", line.split(' ')[0]] + call(cmd) + + # Clear all internal variables + free_rules = range(RULES_START,RULES_END) + hosts_allowed = {} + host_expire = {} + host_to_rule = {} + + + + + + +class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler): + def do_GET(s): + global INDEX_FILE + """Respond to a GET request.""" + # Locate specifics of URL + request_uri = 'http://' + s.headers.get('host') + s.path + o = urlparse(request_uri) + query = parse_qs(o.query) + + if 'uri' in query: + redirect_uri = query['uri'][0] + else: + redirect_uri = 'http://www.wirelessleiden.nl' + if query.has_key('action'): + if query['action'][0] == "accept": + add_host(s.client_address[0]) + s.send_response(307) + s.send_header("Location", redirect_uri) + s.send_header("Content-type", "text/html") + s.end_headers() + + s.wfile.write("Accept") + elif query['action'][0] == "reject": + s.send_response(200) + s.send_header("Content-type", "text/html") + s.end_headers() + s.wfile.write("reject") + else: + s.send_response(200) + s.send_header("Content-type", "text/html") + s.end_headers() + s.wfile.write("ERROR") + + else: + s.send_response(200) + s.send_header("Content-type", "text/html") + s.end_headers() + index_fd = open(INDEX_FILE, 'r') + template = { + 'URI' : request_uri, + 'IP' : s.client_address[0], + 'MAC' : get_mac_addr(s.client_address[0]), + 'HOSTNAME' : gethostname(), + } + s.wfile.write(index_fd.read() % template ) + index_fd.close() + +class FirewallControl(Thread): + """Cancel 'hack' is used for threading termination""" + def __init__(self): + self.cancelled = False + Thread.__init__(self) + + def cancel(self): + """Make sure to clean firewall on quit""" + clear_firewall() + self.cancelled = True + + def check_firewall(self): + """Check for any deletions to be done""" + global hosts_allowed, host_expire + ip2mac = {} + # Find current ip_addr to arp_addr listing + ## ChangeMe# arp -na + ## ? (10.0.42.2) at 00:22:41:26:ec:4e on vr1 [ethernet] + ## ? (192.168.42.1) at 00:14:bf:a5:21:d5 on vr0 [ethernet] + output = Popen(["arp", "-na"], stdout=PIPE).communicate()[0].strip() + if output: + for line in output.split('\n'): + ip2mac[line.split(' ')[1].strip('()')] = line.split(' ')[3] + + # Find hosts to be deleted + curr_time = time() + for ip_addr in hosts_allowed.keys(): + mac_addr = hosts_allowed[ip_addr] + if not ip2mac.has_key(ip_addr): + delete_host(ip_addr) + # New mac_addr under stored ip_addr + elif mac_addr != ip2mac[ip_addr]: + delete_host(ip_addr) + # Time is up! + elif curr_time > host_expire[ip_addr]: + delete_host(ip_addr) + + def run(self): + global CHECK_INTERVAL + while not self.cancelled: + self.check_firewall() + timer = CHECK_INTERVAL + while not self.cancelled and timer > 0: + sleep(1) + timer =- 1 + + +#XXX: Might want to do custom bookkeeping, e.g. preserve currents on boot +##ChangeMe# ipfw add 10002 allow tcp from 10.0.42.2 to not 172.16.0.0/12 dst-port 80 +##10002 allow tcp from 10.0.42.2 to not 172.16.0.0/12 dst-port 80 +## + +def siginfo_handler(signum, frame): + """Signal handler for debug information""" + global hosts_allowed, host_expire, host_to_rule, free_rules + curr_time = time() + + print "Free Rules : ", free_rules + print "Current time : ", curr_time + print "Overview : " + print "ip_addr,mac_addr,expire,rule,seconds,sec,left" + for ip_addr, mac_addr in hosts_allowed.iteritems(): + sec_left = int(host_expire[ip_addr] - curr_time); + print ",".join([ip_addr, mac_addr,str(host_expire[ip_addr]), str(host_to_rule[ip_addr]), str(sec_left)]) + + +def main(): + """Hard working class""" + server_class = BaseHTTPServer.HTTPServer + httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler) + + print asctime(), "Server Starts - %s:%s" % (HOST_NAME, PORT_NUMBER) + signal(SIGINFO, siginfo_handler) + clear_firewall() + worker = FirewallControl() + worker.start() + try: + # Seems buggy, not allowing recurrent signal handling + #httpd.serve_forever() + while True: + httpd._handle_request_noblock() + except KeyboardInterrupt: + pass + httpd.server_close() + worker.cancel() + print asctime(), "Server Stops - %s:%s" % (HOST_NAME, PORT_NUMBER) + +def usage(): + sys.stderr.write(''' + [-h|--help] + [-f|--foreground] + [-l|--logfile] + [-p|--pidfile] +''') + +if __name__ == '__main__': + try: + opts, args = getopt.getopt(sys.argv[1:], "hfl:p:", ["help", "foreground", "logfile=", "pidfile="]) + except getopt.GetoptError, err: + # print help information and exit: + print str(err) # will print something like "option -a not recognized" + usage() + sys.exit(128) + logfile = "/var/log/wlportal.log" + pidfile = "/var/run/wlportal.pid" + foreground = False + for opt,value in opts: + if opt in ("-h", "--help"): + usage() + sys.exit() + elif opt in ("-f", "--foreground"): + foreground = True + elif opt in ("-l", "--logfile"): + logfile = value + elif opt in ("-p", "--pidfile"): + logfile = value + else: + assert False, "unhandled option" + + + if not foreground: + # Some fork magic http://code.activestate.com/recipes/66012/, but without the error checking + pid = os.fork() + if pid > 0: + sys.exit(0) + os.chdir("/") + os.setsid() + os.umask(0) + pid = os.fork() + if pid > 0: + sys.exit(0) + + # Set logfile + logfile_fd = open(logfile, 'a+',0) + sys.stdout = logfile_fd + sys.stderr = logfile_fd + + # write pid + pidfile_fd = open(pidfile, 'w',0) + pidfile_fd.write(str(os.getpid())) + pidfile_fd.close() + + # Goto the worker + main() + Index: /branches/RELENG_7/nanobsd/files/usr/local/wlweb/cherrypy3.cfg =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/wlweb/cherrypy3.cfg (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/wlweb/cherrypy3.cfg (revision 10119) @@ -0,0 +1,13 @@ +[global] +server.socket_port=80 +server.socket_host='0.0.0.0' +log.error_file = '/var/log/wlweb-error.log' +log.access_file = '/var/log/wlweb-access.log' +log.screen = False +pidfile = '/var/run/wlweb.pid' +daemonize = True +tools.staticdir.root = "/usr/local/wlweb" + +[/static] +tools.staticdir.on = True +tools.staticdir.dir = "static" Index: /branches/RELENG_7/nanobsd/files/usr/local/wlweb/main.py =================================================================== --- /branches/RELENG_7/nanobsd/files/usr/local/wlweb/main.py (revision 10119) +++ /branches/RELENG_7/nanobsd/files/usr/local/wlweb/main.py (revision 10119) @@ -0,0 +1,121 @@ +#!/usr/local/bin/python +# +# Wireless Leiden webinterface for (embedded) nodes +# Rick van der Zwet +import cherrypy +from cherrypy.process.plugins import Daemonizer, PIDFile + +# Assisting non-cherrypy stuff +from subprocess import * +import os +import getopt +import sys + +def tailFile(file): + lines=-10 + return("Tail (%i): %s
%s
" % (lines,file,Popen(["tail", str(lines), file], stdout=PIPE).communicate()[0])); + +def catFile(file): + return("File: %s
%s
" % (file,Popen(["cat", file], stdout=PIPE).communicate()[0])); + +def allRoutes(): + return("netstat -nr
%s
" % Popen(["netstat", "-n", "-r"], stdout=PIPE).communicate()[0]); + +def processList(): + return("ps -aux
%s
" % Popen(["ps", "-a", "-u", "-x"], stdout=PIPE).communicate()[0]); + +class OnePage(object): + def index(self): + return "one page!" + index.exposed = True + +class HelloWorld(object): + onepage = OnePage() + def index(self): + return ( "" + + "Welcome to Stichting Wireless Leiden host/node " + + Popen(["hostname"], stdout=PIPE).communicate()[0] + + "

" + tailFile('/var/log/messages') + "

" + + tailFile('/var/log/debug.log') + "

" + + catFile('/var/run/dmesg.boot') + "

" + + processList() + "

" + + allRoutes() + "

" + + "$Id$") + index.exposed = True + + def doLogin(self, username=None, password=None): + return '1' # check the username & password + doLogin.exposed = True + +def usage(): + sys.stderr.write("""Usage: %s [-dfg] [-c ] + [-c|--cfg] configuration file to use, instead of default cherrypy3.cfg + [-d|--daemonize] daemonize webserver + [-f|--foreground] Stick to foreground + [-g|--development] Debug mode = foreground and all logs to screen + """ % __file__) + + +# Should soon be ported to some magic cherryd daemon which offers the same +# functionality http://www.cherrypy.org/wiki/WhatsNewIn31 +if __name__ == '__main__': + try: + opts, args = getopt.getopt(sys.argv[1:], "c:dgfp:", ["cfg=", "daemonize", "development", + "foreground", "pidfile="]) + except getopt.GetoptError: + usage() + sys.exit(2) + + # defaults + current_dir = os.path.dirname(os.path.abspath(__file__)) + configfile = '%s/cherrypy3.cfg' % os.path.dirname(os.path.abspath(__file__)) + + opt_daemonize= None + opt_development = None + opt_pidfile = None + opt_foreground = None + opt_debug = None + + for opt, arg in opts: + if opt in ('-c', '--cfg'): + configfile = arg + elif opt in ('-d', "--daemonize"): + opt_daemonize= True + elif opt in ('-g', "--development"): + opt_development = True + elif opt in ('-f', "--foreground"): + opt_foreground = True + elif opt in ('-p', "--pidfile"): + opt_pidfile = arg + + # Parse config file + cherrypy.config.update(configfile) + + # Set options + if opt_development: + opt_daemonize = None + opt_foreground = True + opt_pidfile = None + cherrypy.config.update( { 'log.error_file' : None, + 'log.access_file' : None, + 'log.screen' : True, + }) + if opt_daemonize: + cherrypy.config.update({'daemonize' : True}) + if opt_foreground: + cherrypy.config.update({'daemonize' : False}) + if opt_pidfile: + cherrypy.config.update({'pidfile' : opt_pidfile}) + + # Send to background if needed + if cherrypy.config.get('daemonize'): + d = Daemonizer(cherrypy.engine) + d.subscribe() + + # Record pid if defined + pidfile = cherrypy.config.get('pidfile') + if pidfile: + PIDFile(cherrypy.engine, pidfile).subscribe() + + # Start your engines! + cherrypy.quickstart(HelloWorld(),config=configfile) Index: /branches/RELENG_7/nanobsd/misc/patches/cardbus_cis.c.patch =================================================================== --- /branches/RELENG_7/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) @@ -0,0 +1,48 @@ +--- src/sys/dev/cardbus/cardbus_cis.c~ 2007-06-08 00:03:57.000000000 -0400 ++++ src/sys/dev/cardbus/cardbus_cis.c 2007-12-09 16:20:26.000000000 -0500 +@@ -435,10 +435,11 @@ + struct resource *res) + { + if (res != CIS_CONFIG_SPACE) { +- bus_release_resource(child, SYS_RES_MEMORY, rid, res); ++ bus_release_resource(cbdev, SYS_RES_MEMORY, rid, res); + if (rid == PCIM_CIS_ASI_ROM) + pci_write_config(child, rid, pci_read_config(child, + rid, 4) & ~PCIR_BIOS, 4); ++ PCI_DISABLE_IO(cbdev, child, SYS_RES_MEMORY); + } + } + +@@ -448,6 +449,8 @@ + { + struct resource *res; + uint32_t space; ++ uint32_t testval; ++ uint32_t size; + + space = *start & PCIM_CIS_ASI_MASK; + switch (space) { +@@ -476,10 +479,13 @@ + space); + return (NULL); + } ++ pci_write_config(child, *rid, 0xffffffff, 4); ++ testval = pci_read_config(child, *rid, 4); ++ size = CARDBUS_MAPREG_MEM_SIZE(testval); + + /* allocate the memory space to read CIS */ +- res = bus_alloc_resource(child, SYS_RES_MEMORY, rid, 0, ~0, 1, +- rman_make_alignment_flags(4096) | RF_ACTIVE); ++ res = bus_alloc_resource(cbdev, SYS_RES_MEMORY, rid, 0, ~0, size, ++ rman_make_alignment_flags(size) | RF_ACTIVE); + if (res == NULL) { + device_printf(cbdev, "Unable to allocate resource " + "to read CIS.\n"); +@@ -488,6 +494,7 @@ + if (*rid == PCIR_BIOS) + pci_write_config(child, *rid, + rman_get_start(res) | PCIM_BIOS_ENABLE, 4); ++ PCI_ENABLE_IO(cbdev, child, SYS_RES_MEMORY); + + /* Flip to the right ROM image if CIS is in ROM */ + if (space == PCIM_CIS_ASI_ROM) { Index: /branches/RELENG_7/nanobsd/misc/patches/if_udav.c.patch =================================================================== --- /branches/RELENG_7/nanobsd/misc/patches/if_udav.c.patch (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/patches/if_udav.c.patch (revision 10119) @@ -0,0 +1,16 @@ +--- if_udav.c 2009-12-22 12:59:53.000000000 +0100 ++++ if_udav.c.new 2009-12-22 13:04:21.000000000 +0100 +@@ -260,11 +260,8 @@ + {{ USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB_TXC }, 0}, + /* ShanTou ST268 USB NIC */ + {{ USB_VENDOR_SHANTOU, USB_PRODUCT_SHANTOU_ST268 }, 0}, +-#if 0 +- /* DAVICOM DM9601 Generic? */ +- /* XXX: The following ids was obtained from the data sheet. */ +- {{ 0x0a46, 0x9601 }, 0}, +-#endif ++ /* DAVICOM DM9601 Generic */ ++ {{ USB_VENDOR_DAVICOM, USB_PRODUCT_DAVICOM_DM9601 }, 0}, + }; + #define udav_lookup(v, p) ((const struct udav_type *)usb_lookup(udav_devs, v, p)) + Index: /branches/RELENG_7/nanobsd/misc/patches/usbdevs.patch =================================================================== --- /branches/RELENG_7/nanobsd/misc/patches/usbdevs.patch (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/patches/usbdevs.patch (revision 10119) @@ -0,0 +1,30 @@ +--- usbdevs 2009-12-22 12:48:05.000000000 +0100 ++++ usbdevs.new 2009-12-22 12:53:41.000000000 +0100 +@@ -156,7 +156,7 @@ + vendor COMPAQ 0x049f Compaq + vendor HITACHI 0x04a4 Hitachi + vendor ACERP 0x04a5 Acer Peripherals +-vendor DAVICOM 0x04a6 Davicom ++/*vendor DAVICOm 0x04a6 Davicom*/ + vendor VISIONEER 0x04a7 Visioneer + vendor CANON 0x04a9 Canon + vendor NIKON 0x04b0 Nikon +@@ -540,6 +540,7 @@ + vendor FALCOM 0x0f94 Falcom Wireless Communications GmbH + vendor RIM 0x0fca Research In Motion + vendor DYNASTREAM 0x0fcf Dynastream Innovations ++vendor DAVICOM 0x0fe6 Davicom + vendor QUALCOMM 0x1004 Qualcomm + vendor DESKNOTE 0x1019 Desknote + vendor GIGABYTE 0x1044 GIGABYTE +@@ -1107,6 +1108,10 @@ + product CYPRESS USBRS232 0x5500 USB-RS232 Interface + product CYPRESS SLIM_HUB 0x6560 Slim Hub + ++/* Davicom Semiconductor products */ ++/*product DAVICOM DM9601 0x9601 DM9601 USB NIC*/ ++product DAVICOM DM9601 0x8101 DM9601 USB NIC ++ + /* Daisy Technology products */ + product DAISY DMC 0x6901 USB MultiMedia Reader + Index: /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/Makefile =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/Makefile (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/Makefile (revision 10119) @@ -0,0 +1,32 @@ +# New ports collection makefile for: lrvrouted +# Date created: 2009-07-12 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= lvrouted +PORTVERSION= 7273 +CATEGORIES= net +MASTER_SITES= http://webfolder.wirelessleiden.nl/lvrouted/ \ + http://rickvanderzwet.nl/mirror/lvrouted/ + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= Lvrouted is a very simple shortest-path routing daemon + +GNU_CONFIGURE= yes +USE_AUTOTOOLS= autoconf:262 autoheader:262 + +BUILD_DEPENDS+= ocamlopt:${PORTSDIR}/lang/ocaml-nox11 \ + ocamlfind:${PORTSDIR}/devel/ocaml-findlib + +USE_RC_SUBR= lvrouted + +post-install: +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/lvrouted.ps ${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/lvrouted.html ${DOCSDIR} +.endif + +.include Index: /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/distinfo =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/distinfo (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (lvrouted-7273.tar.gz) = c143e0795fbb4fe1899adddcf27a6756 +SHA256 (lvrouted-7273.tar.gz) = 407be79803a95a45df138026b8fb209113573d3472a7b21299e79d034d8849be +SIZE (lvrouted-7273.tar.gz) = 62465 Index: /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# PROVIDE: lvrouted +# REQUIRE: netif routing +# KEYWORD: nojail + +lvrouted_enable=${lvrouted_enable:-"NO"} +lvrouted_flags=${lvrouted_flags:-} + +. %%RC_SUBR%% + +name="lvrouted" +rcvar=`set_rcvar` +load_rc_config $name + +command="%%PREFIX%%/sbin/${name}" + +pid_file="/var/run/${name}.pid" + +start_precmd="lvrouted_flush_routes" + +# XXX: Needs to be a flag to disable +# XXX: lvrouted should mark their added routed protocol specific (see: man 8 route) +# lvrouted requires no route to exists before start as it is not able to alter +# old routes, so make it flush all dynamic generated routes +lvrouted_flush_routes() { + + # XXX: Does the looping bug still exists? + # Keep looping till we whiped _all_ dynamic generated routes + while true; do + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) { exit 1} }' + if [ $? -eq 0 ]; then + break + fi + echo "WARNING: Flushing all existing DYNAMIC routes" 1>&2 + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) {print $1} }' | xargs -n 1 route delete + done +} + +run_rc_command "$1" Index: /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/pkg-descr =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/pkg-descr (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/pkg-descr (revision 10119) @@ -0,0 +1,14 @@ +Lvrouted is a very simple shortest-path routing daemon, featuring: + + - UDP based. no firmware-confusing multi- or broadcasts + - no per-node configuration + - spanning tree, so no count-to-infinity + - some specific wireless hacks, such as keeping an eye on the interface + association status for clients and the list of associated stations for + masters + - the ability to sign packets for some measure of security against malicious + packets + - sequence number against replay attacks. yes I know this is not + bulletproof. + +WWW: http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/ Index: /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/pkg-plist =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/pkg-plist (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/lvrouted/pkg-plist (revision 10119) @@ -0,0 +1,4 @@ +sbin/lvrouted +%%PORTDOCS%%%%DOCSDIR%%/lvrouted.html +%%PORTDOCS%%%%DOCSDIR%%/lvrouted.ps +%%PORTDOCS%%@dirrm %%DOCSDIR%% Index: /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/Makefile =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/Makefile (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/Makefile (revision 10119) @@ -0,0 +1,26 @@ +# New ports collection makefile for: tproxy +# Date created: 2009-07-13 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= tproxy +PORTVERSION= 2 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= ${PORTNAME} + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= tpoxy user-space single-port unidirectional tcp proxy + +USE_RC_SUBR= tproxy + +post-extract: + ${MV} ${WRKDIR}/${PORTNAME} ${WRKSRC} + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/tproxy ${PREFIX}/bin + +.include + Index: /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/distinfo =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/distinfo (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (tproxy-2.tar.gz) = 6ab0cb46e1eed1ecebd7a0781dfe2a6a +SHA256 (tproxy-2.tar.gz) = 8c59a20a93eda6b57e2a4abd5645e69c13247ebfed45561778e78e16eca7d551 +SIZE (tproxy-2.tar.gz) = 12584 Index: /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/files/tproxy.in =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/files/tproxy.in (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/files/tproxy.in (revision 10119) @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD: $ +# + +# PROVIDE: tproxy +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable tproxy: +# +# tproxy_enable="YES" +# + +. %%RC_SUBR%% + +name=tproxy +rcvar=`set_rcvar` + +command=%%PREFIX%%/bin/${name} + +tproxy_enable=${tproxy_enable:-"NO"} +tproxy_flags=${tproxy_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/pkg-descr =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/pkg-descr (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/pkg-descr (revision 10119) @@ -0,0 +1,4 @@ +user-space single-port unidirectional tcp proxy which handles out-of-band data, +and telnet-through firewall tunnelling. + +WWW: http://sourceforge.net/projects/tproxy/ Index: /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/pkg-plist =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/pkg-plist (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/tproxy/pkg-plist (revision 10119) @@ -0,0 +1,1 @@ +bin/tproxy Index: /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/Makefile =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/Makefile (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/Makefile (revision 10119) @@ -0,0 +1,25 @@ +# New ports collection makefile for: transproxy +# Date created: 2009-07-15 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= transproxy +PORTVERSION= 1.6 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= ${PORTNAME} +EXTRACT_SUFX= .tgz + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= Transproxy is used to transparently proxy HTTP requests + +USE_RC_SUBR= transproxy + +MAN8= tproxy.8 + +post-install: + @${CAT} ${PKGDIR}/pkg-message + +.include Index: /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/distinfo =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/distinfo (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (transproxy-1.6.tgz) = 02cc1160a9db9c49a40491f890083044 +SHA256 (transproxy-1.6.tgz) = 7bc4ce5ab01648dcaca25555eb4d4c3a67aed6bbb42e1432aaa4e9b20b75dab3 +SIZE (transproxy-1.6.tgz) = 23592 Index: /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/files/transproxy.in =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/files/transproxy.in (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/files/transproxy.in (revision 10119) @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD: $ +# + +# PROVIDE: transproxy +# REQUIRE: NETWORKING SERVERS ipfw +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable transproxy: +# +# transproxy_enable="YES" +# + +. %%RC_SUBR%% + +name=transproxy +rcvar=`set_rcvar` +start_precmd=${name}_precmd +stop_postcmd=${name}_postcmd + +command=%%PREFIX%%/sbin/tproxy + +transproxy_port=${transproxy_port:-8081} +transproxy_log=${transproxy_log:-"/var/log/transproxy.log"} +transproxy_proxyhost=${transproxy_proxyhost:-"proxy"} +transproxy_proxyport=${transproxy_proxyport:-3128} +transproxy_enable=${transproxy_enable:-"NO"} +transproxy_flags="-s $transproxy_port -l $transproxy_log $transproxy_proxyhost $transproxy_proxyport $transproxy_flags" + +transproxy_precmd () +{ + +} + + +transproxy_postcmd () +{ + ipfw delete 10010 10000 10001 >/dev/null + +} + + +load_rc_config $name +run_rc_command "$1" Index: /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-descr =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-descr (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-descr (revision 10119) @@ -0,0 +1,5 @@ +Transproxy is used in conjunction with the FreeBSD (ipfw and ipnat) or Linux +transparent proxy feature (ipfwadm, ipchains and iptables), to transparently +proxy HTTP requests. + +WWW: http://sourceforge.net/projects/transproxy/ Index: /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-message =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-message (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-message (revision 10119) @@ -0,0 +1,12 @@ +Remember to setup ipfw correctly. + +Sample below, uses following options: + Localip 172.19.152.65/26 + Localnet 172.16.0.0/12 + Transparant proxy enabled for all NOT localnet destinations 80 + transproxy running at port 8081 + + +ipfw add 10000 allow tcp from any to localhost 80 +ipfw add 10001 allow tcp from any to me 80 +ipfw add 10010 fwd 172.19.152.65,8081 tcp from any to no 172.16.0.0/12 80 Index: /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-plist =================================================================== --- /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-plist (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/ports/net/transproxy/pkg-plist (revision 10119) @@ -0,0 +1,3 @@ +sbin/tproxy +sbin/tproxyrun +sbin/tproxywatch Index: /branches/RELENG_7/nanobsd/misc/testing-server/dhcpd.conf =================================================================== --- /branches/RELENG_7/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) @@ -0,0 +1,17 @@ +# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates. +ddns-update-style ad-hoc; + +default-lease-time 600; +max-lease-time 7200; +authoritative; + +option domain-name "example.com"; +option domain-name-servers 208.67.222.222; +option routers 192.168.4.1; + +subnet 192.168.4.0 netmask 255.255.255.0 { + range 192.168.4.10 192.168.4.100; + + filename "pxeboot"; + option root-path "192.168.4.1:/usr/data/base/"; +} Index: /branches/RELENG_7/nanobsd/misc/testing-server/exports =================================================================== --- /branches/RELENG_7/nanobsd/misc/testing-server/exports (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/testing-server/exports (revision 10119) @@ -0,0 +1,2 @@ +/usr/data -alldirs -maproot=root -network 192.168.4.0/24 +/usr/data/base -alldirs -maproot=root -network 192.168.4.0/24 Index: /branches/RELENG_7/nanobsd/misc/testing-server/rc.conf =================================================================== --- /branches/RELENG_7/nanobsd/misc/testing-server/rc.conf (revision 10119) +++ /branches/RELENG_7/nanobsd/misc/testing-server/rc.conf (revision 10119) @@ -0,0 +1,28 @@ +hostname="richard.wleiden.net" +ifconfig_xl0="inet 172.19.137.70/27" +defaultrouter="172.19.137.66" + +sshd_enable="YES" + + + +# +# PXEboot envirionment +ifconfig_bfe0="inet 192.168.4.1/24" + +# DHCPD server, ip address, options, hints +dhcpd_enable="YES" + +# TFTP server, initial boot +inetd_enable="YES" + +# NFS server, kernel and more +nfs_server_enable="YES" +rpcbind_enable="YES" +mountd_flags="-r" + +gateway_enable="YES" +firewall_enable="YES" +firewall_type="OPEN" +natd_enable="YES" +natd_interface="xl0" Index: /branches/RELENG_7/nanobsd/tools/config-image.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/config-image.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/config-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Push config onto persistent location inside node image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} /tools/wl-config -n -m startup + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/RELENG_7/nanobsd/tools/image-build.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/image-build.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/image-build.sh (revision 10119) @@ -0,0 +1,77 @@ +#!/bin/sh +# Wrapper around nanobsd.sh with autodetection of already processed steps +# to provide some failsafe net + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" +NANOBSD='/usr/src/tools/tools/nanobsd/nanobsd.sh' + +. ${BASEDIR}/package-build.inc.sh + +FORCE_KERNEL=0 +FORCE_WORLD=0 +#XXX: Proper object handling +if [ "$1" = "-bk" ]; then + p_warn Forcefully building kernel + FORCE_KERNEL=1 +elif [ "$1" = "-bw" ]; then + p_warn Forcefully building world + FORCE_WORLD=1 +elif [ "$1" = "-f" ]; then + p_warn Forcefully building world and kernel + FORCE_KERNEL=1 + FORCE_WORLD=1 +fi +shift +NANOBSD_EXTRA=$* + +if [ ! -r "${NANOBSD}" ]; then + p_err ${NANOBSD} does not exists + exit 1 +fi + +if [ ! -x "${NANOBSD}" ]; then + NANOBSD="sh ${NANOBSD}" +fi + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + +if [ -d "${OBJDIR}" ]; then + NANOBSD_FLAGS="" + + # Detect succesfull buildworld + tail -10 ${OBJDIR}/_.bw | grep 'World build completed' + if [ $? -eq 0 -a ${FORCE_WORLD} -eq 0 ]; then + p_info NO building of world, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -w" + fi + + # Detect succesfull buildkernel + tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' + if [ $? -eq 0 -a ${FORCE_KERNEL} -eq 0 ]; then + p_info NO building of kernel, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -k" + fi + +else + p_warn Nothing yet, starting fresh + NANOBSD_FLAGS="" +fi + +COMMAND="${NANOBSD} ${NANOBSD_FLAGS} -c ${CFG} ${NANOBSD_EXTRA}" +f_time ${COMMAND} +RETVAL=$? + +# Verify on build failures +tail -10 ${OBJDIR}/_.bw | grep 'World build completed' +if [ $? -eq 1 ]; then + p_err Building world FAILED, check ${OBJDIR}/_.bw +fi +tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' +if [ $? -eq 1 ]; then + p_err Building kernel FAILED, check ${OBJDIR}/_.bk +fi +p_info End time: `date` +exit ${RETVAL} Index: /branches/RELENG_7/nanobsd/tools/make-release.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/make-release.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/make-release.sh (revision 10119) @@ -0,0 +1,51 @@ +#!/bin/sh +# Small tool to build nanobsd release, ready for distribution: + +BASEDIR="`dirname $0`/.." + +# Some cleaning at start +for PORT in ${BASEDIR}/misc/ports/*/*; do + (cd $PORT; make clean); +done + +# Version target +# Either version from command line or else subversion base +VERSION=${1-`svn info ${BASEDIR} | awk '/Revision:/ {print $2}'`} + +TMPDIR=`mktemp -d -t $(basename $0 .sh)` + +PKGDIR=wl-image-$VERSION +WRKSRC=$TMPDIR/$PKGDIR +mkdir $WRKSRC +cp -R ${BASEDIR}/tools $WRKSRC +cp -R ${BASEDIR}/cfg $WRKSRC +cp -R ${BASEDIR}/misc $WRKSRC +cp -R ${BASEDIR}/files $WRKSRC +cp -R ${BASEDIR}/README.txt $WRKSRC + +# Present real image +# XXX: Make path relative +# XXX: Find some pretty options +IMG=/usr/obj/nanobsd.wleiden/_.disk.full +IMG_DIR=`dirname ${IMG}` +IMG_PKGDIR=${IMG_DIR}/${PKGDIR} +mkdir ${IMG_PKGDIR} +ln ${IMG} ${IMG_PKGDIR}/disk_full.img + +# Make pretty tar file out of it +tar --exclude ".svn" --exclude "Makefile" \ + --exclude "config.cache" --exclude "config.log" --exclude "config.status" \ + --exclude ".depend" \ + -cjf wl-image-$VERSION.tbz \ + -C $TMPDIR \ + $PKGDIR/tools \ + $PKGDIR/cfg \ + $PKGDIR/files \ + $PKGDIR/misc \ + $PKGDIR/README.txt \ + -C $IMG_DIR \ + $PKGDIR/disk_full.img + +rm -fR $TMPDIR +rm -fR $IMG_PKGDIR + Index: /branches/RELENG_7/nanobsd/tools/package-build.inc.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/package-build.inc.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/package-build.inc.sh (revision 10119) @@ -0,0 +1,70 @@ +# Used to store profile data +TIME_FILE=$(dirname $0)/eta-times.txt + +p_list () { +echo "$*" | sed -e 's/ /|## /g' -e 's/^/## /g' +} + +p_info () { + echo "$*" | tr '|' '\n' | sed 's/^/# /' +} + +p_warn () { + echo "$*" | tr '|' '\n' | sed 's/^/#WARN: /' +} + +p_err () { + echo "$*" | tr '|' '\n' | sed 's/^/#ERR: /' +} + +p_sleep() { + SLEEP=${1-5} + while [ "${SLEEP}" -gt 0 ]; do + printf '.' + sleep 1 + SLEEP=`expr ${SLEEP} - 1` + done + printf '\n' +} + +# Print estimation on how long it normally if going to take +f_time() { + COMMAND="$*" + ETA_TIME=` grep "${COMMAND}$" ${TIME_FILE} 2>/dev/null | awk '{print $1}'` + if [ -z "${ETA_TIME}" ]; then + ETA_TIME="NaN" + fi + + p_info Last run of "'${COMMAND}'" took ${ETA_TIME} + p_info Start time: `date` + + # Execute command + START_TIME=`date "+%s"` + $COMMAND + RETVAL=$? + STOP_TIME=`date "+%s"` + + p_info End time: `date` + # Calculate time it took + TOTAL_TIME=`expr ${STOP_TIME} - ${START_TIME}` + HUMAN_FMT=`date -ur ${TOTAL_TIME} "+%H:%M:%S"` + + # Store new time if command is succesfull + if [ "${RETVAL}" -eq 0 ]; then + grep -v "${COMMAND}$" ${TIME_FILE} > ${TIME_FILE}.tmp 2>/dev/null + echo "${HUMAN_FMT} ${COMMAND}" >> ${TIME_FILE}.tmp + mv ${TIME_FILE}.tmp ${TIME_FILE} + fi + + # Return the command it's output + return ${RETVAL} +} + +f_check_root() { + # No Root, no fun + if [ `id -u` -ne 0 ]; then + print_err Root only + exit 1 + fi +} + Index: /branches/RELENG_7/nanobsd/tools/package-build.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/package-build.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/package-build.sh (revision 10119) @@ -0,0 +1,173 @@ +#!/bin/sh +# Install all required packages +# XXX: Welcome to port hell, if /usr/ports has been updated, you actually want +# to delete all installed packages and start over again, hence why people used +# to run this stuff in jails, etc. + +. $(dirname $0)/package-build.inc.sh + +DEBUG=${DEBUG:-0} +DEP_CHECK_ONLY=${DEP_CHECK_ONLY:-0} + +# make options, for package building +LOGDIR=`mktemp -d "/tmp/$(basename $0 .sh)-$(date +%Y%m%d-%H:%M:%S).X"` +TARGET="`cd $(dirname $0);pwd -P`/../pkg/" + +# Package target +MAKE_ARGS="$MAKE_ARGS PACKAGES=$TARGET" +MAKE_ARGS="$MAKE_ARGS BATCH=yes PACKAGE_BUILDING=yes" + +# www/py-cherrypy +MAKE_ARGS="${MAKE_ARGS} WITH_APACHE=yes" +# net-mgmt/net-snmp +MAKE_ARGS="${MAKE_ARGS} WITHOUT_PERL=yes" +# net-mgmt/nagios-plugins +MAKE_ARGS="${MAKE_ARGS} WITH_FPING=yes" + +p_info Log directory ${LOGDIR} +p_info Make options are: +p_info $(p_list ${MAKE_ARGS}) + +p_info Checking whether there are currently unmet dependencies +RETVAL=0 +PKGS=`pkg_info | awk '{print $1}'` +for PKG in ${PKGS} ; do + PKG_DEP_FAIL="" + for PKGDEP in `pkg_info -qr ${PKG} | awk '{print $2}'`; do + pkg_info -e ${PKGDEP} + if [ $? -eq 1 ]; then + PKG_DEP_FAIL="${PKG_DEP_FAIL} ${PKGDEP}" + fi + done + if [ -n "${PKG_DEP_FAIL}" ]; then + p_err Unmet dependencies found at $PKG, please fix manually: + p_err $(p_list ${PKG_DEP_FAIL}) + RETVAL=1 + fi +done +if [ $RETVAL -eq 1 ]; then + exit 1 +fi +p_info Dependecy check ok + +if [ ${DEP_CHECK_ONLY} -eq 1 ]; then + exit 0 +fi +echo "" + + +if [ -d "${TARGET}/All" ]; then + p_warn "Deleted all (old) packages at ${TARGET}" + rm -R $TARGET/* +fi +p_info Created target dir ${TARGET}/All +mkdir -p ${TARGET}/All + +PORTSDIR='/usr/ports' +WL_PORTSDIR="`cd $(dirname $0);pwd -P`/../misc/ports/" + +# XXX: Make file dynamic +# Dirty quirk to allow comments in part below +PACKAGE_LIST=`cat <>$LOGFILE 1>> $LOGFILE + if [ $? -ne 0 ]; then + p_err building ${PACKAGE} FAILED, logging at $LOGFILE + exit 1 + fi + fi + ${MAKE} package-links + PKGNAME=`make extract-message | awk '{print $NF}'` + pkg_create -b $PKGNAME $TARGET/All/${PKGNAME}.tbz + + p_info Checking dependencies + for PKG in $PKGDEP_PKGS; do + echo "${BUILD_LIST}" | grep -q "$PKG" + if [ $? -eq 0 ]; then + # Already packaged + p_info ${PKG} Already packaged + else + echo $@ | grep -q "${PKG}" + if [ $? -eq 0 ]; then + p_info ${PKG} Already planned + else + set $@ ${PKG} + fi + fi + done + p_info Packaging $PACKAGE succesfull +done + +p_info $(echo ${BUILD_LIST} | wc -w) packages build succesfully + +if [ ${DEBUG} -eq 0 ]; then + rm -R ${LOGDIR} +else + p_info Debugging enabled ${LOGDIR} saved +fi + Index: /branches/RELENG_7/nanobsd/tools/prepare-nfs.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/prepare-nfs.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/prepare-nfs.sh (revision 10119) @@ -0,0 +1,114 @@ +#!/bin/sh +# Get nanobsd image ready to be booted from NFS +# NFS instructions at +# http://www.wirelessleiden.nl/projects/nodefactory/wiki/TestingViaNFS + +IMAGE_BASE="/usr/obj/nanobsd.wleiden" +IMAGE_SLICE="${IMAGE_BASE}/_.disk.image" +IMAGE_FULL="${IMAGE_BASE}/_.disk.full" +IMAGE_NFS="${IMAGE_SLICE}-nfs" +# Structure: $NFSBASE +# ./cfg = /cfg mounpoint +# ./base = / mountpoint +# ./nfs = /nfs mountpoint +NFSBASE='/usr/data' +MNT="${NFSBASE}/base" +CFG="${NFSBASE}/cfg" +NFS="${NFSBASE}/nfs" + +print_error() { + echo "[ERROR] $*" 1>&2 +} + +usage() { + ( + echo "Usage: $0 [-fn]" + echo " -f force umount, memory device whipes" + echo " -n do not delete/clean cfg partition" + echo " -u unload/eject procedure" + ) 1>&2 + exit 2 +} + +# No Root, no fun +if [ `id -u` -ne 0 ]; then + print_error "Root only" + exit 1 +fi + +# Argument parsing using getopts +OPT_FORCE=0 +OPT_CLEAN=1 +OPT_UNLOAD=0 +while getopts "hfnu" OPT; do + case "$OPT" in + f) OPT_FORCE=1;; + n) OPT_CLEAN=0;; + u) OPT_UNLOAD=1;; + h) usage;; + \?) usage;; + esac +done + + +# Eeks, we are going to be nasty, hold your horses +if [ $OPT_FORCE -eq 1 -o $OPT_UNLOAD -eq 1 ]; then + umount -f $MNT + for MD in `mdconfig -l -v | grep "${IMAGE_NFS}" | awk '{print $1}'`; do + mdconfig -d -u $MD + done +fi + +if [ $OPT_UNLOAD -eq 1 ]; then + echo "All done" + exit 1; +fi + +# If mount point is already used, bail out +if mount | grep -q "${MNT}"; then + print_error "'${MNT}' already mounted" + exit 1 +fi + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMAGE_NFS}"; then + MD=`mdconfig -l -v | grep "${IMAGE_NFS}" | cut -c -4` + print_error "'${IMAGE_NFS}' already mounted at '$MD'" + exit 1 +fi + + +# Prepare image for use with NFS +cp -v ${IMAGE_SLICE} ${IMAGE_NFS} + +MD=`mdconfig -a -t vnode -f ${IMAGE_NFS}` +mount /dev/${MD}a ${MNT} + +# Config files lives at NFS location +echo "mount -t nfs -o ro 192.168.4.1:${CFG}" > ${MNT}/conf/default/etc/remount + +# Create nfs mount location +mkdir ${MNT}/nfs + +# $MNT, $CFG, $NFS lives at nfs +( +echo "192.168.4.1:${MNT} / nfs ro 0 0" +echo "192.168.4.1:${CFG} /cfg nfs rw,noauto 0 0" +echo "192.168.4.1:${NFS} /nfs nfs rw 0 0" +) > /${MNT}/conf/base/etc/fstab + +if [ ${OPT_CLEAN} -eq 1 ]; then + echo "DELETING all files at ${CFG}, start fresh ;-)" + rm -vfR ${CFG}/* +else + echo "PRESERVING all files at ${CFG}" +fi + +echo "DELETING all files at ${NFS}, start fresh ;-)" +rm -vfR ${NFS}/* + +# Allow build images to be used directy via NFS +ln -f ${IMAGE_SLICE} ${NFS}/`basename ${IMAGE_SLICE}` +ln -f ${IMAGE_FULL} ${NFS}/`basename ${IMAGE_FULL}` + +# XXX: Proper unmounting after all has finished Index: /branches/RELENG_7/nanobsd/tools/rsync-image.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/rsync-image.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/rsync-image.sh (revision 10119) @@ -0,0 +1,43 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=${1:-10.0.42.1} +BASEDIR=`dirname $0` +if [ -n "$2" ]; then + IMG=$2 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.image +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +# Prepare image as filesystem +MNT=`mktemp -d -t $(basename $0)` +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}a ${MNT} || exit 1 + +# On error clean up nicely +trap "cd /; umount ${MNT}; rmdir ${MNT}; mdconfig -d -u ${MD}" 0 1 2 3 15 + +#XXX: Might want to do in one fly +# Set to write mode +ssh $HOST mount -uwo noatime / || exit 1 +# Sync changes +rsync -av --exclude=/dev --exclude=/etc --exclude=/var ${MNT}/ ${HOST}:/ || exit 1 +# Set to read-only mode again +ssh $HOST mount -ur / || exit 1 + +exit 0 Index: /branches/RELENG_7/nanobsd/tools/test-inc.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/test-inc.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/test-inc.sh (revision 10119) @@ -0,0 +1,5 @@ +#!/bin/sh +. $(dirname $0)/package-build.inc.sh + +f_time sleep 5 + Index: /branches/RELENG_7/nanobsd/tools/write-image.sh =================================================================== --- /branches/RELENG_7/nanobsd/tools/write-image.sh (revision 10119) +++ /branches/RELENG_7/nanobsd/tools/write-image.sh (revision 10119) @@ -0,0 +1,67 @@ +#!/bin/sh +# Wrapper allowing to write image to card writer + +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi +IMGSIZE=`ls -l ${IMG} | awk '{print $5 / 1024 / 1024}'` + +# Make sure we are root from this point on +f_check_root + +# Find which daX device holds a active flash drive +CARD_FOUND=0 +DA_LIST=`cd /dev/; echo da[0-9]` +for DA in ${DA_LIST}; do + diskinfo ${DA} 1>/dev/null 2>/dev/null + if [ $? -eq 0 ]; then + CARD_FOUND=1 + break + fi +done + +if [ ${CARD_FOUND} -eq 0 ]; then + p_err Sorry no flash card found at active devices, list searched: + p_err $(p_list ${DA_LIST}) + exit 1 +fi + +# Detect cardreader type/version +CARDREADER=`dmesg | grep ${DA}: | awk -F'[<>]' '/Removable Direct Access/ {print $2}' | tail -1` + +#XXX: Issue last chance warning, prompting the user to bail out +p_warn Going to write ${IMG} "(${IMGSIZE}MB)" to ${DA} "(${CARDREADER})" +p_warn 5 seconds to quit using CTRL+C +p_sleep 5 + +TMPFILE=`mktemp -t dd` +p_info Writing image... "(`date`)" +dd if=${IMG} of=/dev/${DA} bs=64k 2>${TMPFILE} & +DD_PID=$! +sleep 0.5 +while `ps ${DD_PID} >/dev/null`; do + kill -INFO ${DD_PID} + sleep 0.1 #Micro delay allow TMPFILE to populate + SIZE_DONE=`awk '/transferred/ {print $1}' ${TMPFILE}` + SIZE_DONE=`echo "${SIZE_DONE} / 1024 / 1024" | bc -l` + PERCENT_DONE=`echo "${SIZE_DONE} / ${IMGSIZE} * 100" | bc -l` + p_info `date "+%H:%m:%S"` `printf "%.02f MB (%.01f%%)" ${SIZE_DONE} ${PERCENT_DONE}` + p_sleep 10 + : > ${TMPFILE} +done +rm ${TMPFILE} +p_info Image writing succesfull at /dev/$DA "(`date`)" Index: /branches/breakout-hub/nanobsd/README.txt =================================================================== --- /branches/breakout-hub/nanobsd/README.txt (revision 10119) +++ /branches/breakout-hub/nanobsd/README.txt (revision 10119) @@ -0,0 +1,12 @@ +Please find the build procedure and other supporting documents at + +http://www.wirelessleiden.nl/projects/nodefactory/wiki/NanoBSD + += Directory layout = +README.txt = currently reading +cfg-files = extension for auto populate /cfg slice in image +cfg/kernel.* = kernel config files, different hosts +cfg/nanobsd.* = nanobsd config files +files = extension for auto populate / slice in image +pkg = Packages to be installed +tools = Helper scripts for use after image Index: /branches/breakout-hub/nanobsd/cfg/kernel.net4801 =================================================================== --- /branches/breakout-hub/nanobsd/cfg/kernel.net4801 (revision 10119) +++ /branches/breakout-hub/nanobsd/cfg/kernel.net4801 (revision 10119) @@ -0,0 +1,127 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I586_CPU +cpu I686_CPU +ident GEODE + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options ADAPTIVE_GIANT # Giant mutex is adaptive. +options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling + +# Bus support. +device pci + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +device wlan_scan_ap # 802.11 AP mode scanning. +device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE +device wlan_xauth #802.11 external authenticator support +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +options TMPFS +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + Index: /branches/breakout-hub/nanobsd/cfg/kernel.wleiden =================================================================== --- /branches/breakout-hub/nanobsd/cfg/kernel.wleiden (revision 10119) +++ /branches/breakout-hub/nanobsd/cfg/kernel.wleiden (revision 10119) @@ -0,0 +1,209 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident WLEIDEN + +# options CLK_USE_I8254_CALIBRATION + +options CPU_ELAN # (mandatory) The ElanSC520 cpu has a number of quirks that needs to + # be worked around, in particular the i8254 timer ticks + # at a non-standard rate of 1189161Hz. + +options CPU_SOEKRIS # (recommended) This option sets things up for the soekris board. + # Amongst other things, this makes /dev/led/error appear. + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE # net4801 requirement + +options HZ=250 # (recommended) It is necessary to increas HZ to at least 150 in order + # to take advantage of the "ELAN" timecounter. + +options AH_SUPPORT_AR5416 + +options NO_SWAPPING # We do not have a swap space, so swapping would be pretty useless + +options SW_WATCHDOG # Watchdog option to verify various tasks and reboot if needed + + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +# options ADAPTIVE_GIANT # Giant mutex is adaptive. +# options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling +options TMPFS + +# Bus support. +device pci +device eisa + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +# device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +#device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet +device dc # DEC/Intel21143 and clone 10/100 Ethernet + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +# device wlan_scan_ap # 802.11 AP mode scanning. +# device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +# device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +#device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device usb # USB Bus (required) +#device udbp # USB Double Bulk Pipe devices +#device ugen # Generic +#device uhid # “Human Interface Devices” +#device ukbd # Keyboard +#device ulpt # Printer +#device umass # Disks/Mass storage - Requires scbus and da +#device ums # Mouse +device ural # Ralink Technology RT2500USB wireless NICs +#device urio # Diamond Rio 500 MP3 player +#device uscanner # Scanners +# USB Ethernet, requires mii +device aue # ADMtek USB Ethernet +device axe # ASIX Electronics USB Ethernet +device cdce # Generic USB over Ethernet +device cue # CATC USB Ethernet +device kue # Kawasaki LSI USB Ethernet +device rue # RealTek RTL8150 USB Ethernet +device udav # Davicom DM9601 USB Ethernet + +# +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + + +# Firewall fore the use of fancy stuff, like forwarding ports +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPFIREWALL_FORWARD +options IPFIREWALL_NAT +options LIBALIAS # Required for IPFIREWALL_NAT + +# Uncomment if you like to compile a debugging kernel +#options KDB +#options DDB +#options BREAK_TO_DEBUGGER +#options KDB_UNATTENDED +#makeoptions DEBUG=-g Index: /branches/breakout-hub/nanobsd/cfg/nanobsd.wleiden =================================================================== --- /branches/breakout-hub/nanobsd/cfg/nanobsd.wleiden (revision 10119) +++ /branches/breakout-hub/nanobsd/cfg/nanobsd.wleiden (revision 10119) @@ -0,0 +1,302 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# Little hack to allow proper secify of KERNL/PKG location +NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) + +NANO_NAME=wleiden # object naam in /usr/obj/nanobsd.{obj} +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) +#NANO_DRIVE=ad1 # NanoBSD disk id, default is ad0 + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +# 200MB should is suffient of every image we might as well use all available +# space, but that increases update times +#NANO_CODESIZE=409600 # volume van de code slice, default = max beschikbaar +NANO_CODESIZE=819200 +#NANO_RAM_ETCSIZE= # volume van de /etc ramdisk, default 10240 (512bs) +#NANO_RAM_TMPVARSIZE= # volume van de /var ramdisk, default 10240 (512bs) +NANO_RAM_TMPVARSIZE=20480 + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +elif [ "`sysctl hw.model`" = "AMD Sempron(tm) Processor 3000+" ]; then + # Parralel builds on this friend fails somehow + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# LET OP, optie nodig bij het gebruik van Alix bordjes ivm tinybios & LBA +# ondersteuning. Specifieke flash-geometrie instellingen vereist. +#NANO_BOOT0CFG="-o nopacket -s 1 -m 3" + +# +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +# 46MB +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry +# Calculated value of PEAK hardware 1GB CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +NANO_MEDIASIZE=`expr 1008451584 / 512` + +#using logical values reported by Alix board + +NANO_HEADS=32 +NANO_SECTS=63 + +#values for PCEngines blanc 1 GB cards +#NANO_MEDIASIZE='expr 1014644736 / 512' +#C/H/S phys 1966/16/63, logical 983/32/63 + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +#customize_cmd cust_install_lvrouted +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches Index: /branches/breakout-hub/nanobsd/files/FILE_LISTING.txt =================================================================== --- /branches/breakout-hub/nanobsd/files/FILE_LISTING.txt (revision 10119) +++ /branches/breakout-hub/nanobsd/files/FILE_LISTING.txt (revision 10119) @@ -0,0 +1,38 @@ +# File or directory and it's purpose in this build +./boot.config # Serial console output +./boot/loader.conf # Serial console output +./conf/default/etc/.work_around_till_fix_of_pr_134513 +./conf/default/var/.work_around_till_fix_of_pr_134513 +./etc/crontab # Extra calls for pen & ntp +./etc/namedb/named.conf # Custom named configuration +./etc/ntp.conf # Custom ntp configuration +./etc/rc.conf # Highly customized rc.conf +./etc/syslog.conf # Remote syslogging enabing +./etc/ttys-nanobsd.patch # Serial console output +./root/.ssh # Template directory for authorized_keys file +./tools/change_password # Allow persistent changing of root password +./tools/dhcpd_snmp.sh # XXX +./tools/save_sshkeys # Allow persistent saving of host ssh keys +./tools/syslogd_flags.sh # XXX +./tools/updatep1 # phk image on slice 1 update script +./tools/updatep2 # phk image on slice 2 update script +./tools/wl-config # WL node specific configuration fetch and update script +./tools/wl-version # Version debug tool, gather statistics for debugging +./usr/lib/aout/.keep_me # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir +./usr/local/bin/ssh-copy-id # XXX +./usr/local/bin/write_ntpdrift # XXX +./usr/local/etc/dhcpd-snmp.conf # dhcp-snmp cofiguration +./usr/local/etc/dhcpd.conf # Initial custom dhcpd.conf +./usr/local/etc/nrpe.cfg # XXX +./usr/local/etc/ntp.drift # XXX +./usr/local/etc/rc.d/lvrouted.sh # lvrouted startup script +./usr/local/etc/rc.d/nanobsd-motd # Allow updating motd with persistent save +./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation +./usr/local/etc/rc.d/pen # Pen startup script +./usr/local/etc/rc.d/sort-proxies # Pen optimizer script +./usr/local/etc/rc.d/wlweb # WLweb configuration webinterface startup script +./usr/local/sbin/dhcpd-snmp # dhcp-snmp 'binary' +./usr/local/sbin/lvrouted.opt # lvrouted 'binary' +./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB +./usr/local/share/snmp/snmpd.conf # Custom snmpd configuration +./usr/local/wlweb # WLweb configuration webinterface program Index: /branches/breakout-hub/nanobsd/files/boot.config =================================================================== --- /branches/breakout-hub/nanobsd/files/boot.config (revision 10119) +++ /branches/breakout-hub/nanobsd/files/boot.config (revision 10119) @@ -0,0 +1,1 @@ +-h Index: /branches/breakout-hub/nanobsd/files/boot/loader.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/boot/loader.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/boot/loader.conf (revision 10119) @@ -0,0 +1,21 @@ +# No funky Beasty, but boring default, and gone in 1 second to make it go quick :-( +beastie_disable="YES" +autoboot_delay="1" + +# Some apache hyper speed module, we properly this don't need this, but still +# saves a startup warning +accf_http_load="YES" + +# Named started nagging, claiming (to many) files if unable to reach master for +# quite some time +kern.maxfiles="5000" + +# The unlucky NET4801 does not properly support DMA (we don't need it anyways) +# http://lists.soekris.com/pipermail/soekris-tech/2008-August/014788.html +hw.ata.ata_dma="0" + +# Prefers stability over preformance disable Write Caching (man 4 ata) +hw.ata.wc="0" + +# Force output to run trough the comconsole, no exceptions +console="comconsole" Index: /branches/breakout-hub/nanobsd/files/etc/crontab =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/crontab (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/crontab (revision 10119) @@ -0,0 +1,29 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +HOME=/var/log +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a +# +# Write updates for ntp.drift to flash +0 12 * * * root /usr/local/bin/write_ntpdrift Index: /branches/breakout-hub/nanobsd/files/etc/ipfw.sh =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/ipfw.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/ipfw.sh (revision 10119) @@ -0,0 +1,60 @@ +#!/bin/sh - +CAPTIVE=wlan + +# Based on /etc/rc.firewall + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback + +############ + +# By default no firewalling +${fwcmd} add 65000 pass all from any to any + +# Transproxy/WLportal/Captive portal +${fwcmd} add 10000 allow tcp from any to localhost 80 +${fwcmd} add 10001 allow tcp from any to me 80 + +############ +# Reserved: WLPortal rule numbers +# 10010 - 10099 + +# Forward rules work without a base address, so needed a loop over all inet4 adresses +for INF in `ifconfig -a | awk -F\: '/: flags/ { print $1 }' | grep -E ${CAPTIVE}`; do + ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12, 192.168.1.0/24 80 in via ${INF} +done Index: /branches/breakout-hub/nanobsd/files/etc/motd =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/motd (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/motd (revision 10119) @@ -0,0 +1,3 @@ +Stiching Wireless Leiden Node + +WWW: http://www.wirelessleiden.nl Index: /branches/breakout-hub/nanobsd/files/etc/newsyslog.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/newsyslog.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/newsyslog.conf (revision 10119) @@ -0,0 +1,45 @@ +# configuration file for newsyslog +# $FreeBSD: src/etc/newsyslog.conf,v 1.52.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +# Entries which do not specify the '/pid_file' field will cause the +# syslogd process to be signalled when that log file is rotated. This +# action is only appropriate for log files which are written to by the +# syslogd process (ie, files listed in /etc/syslog.conf). If there +# is no process which needs to be signalled when a given log file is +# rotated, then the entry for that file should include the 'N' flag. +# +# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'. +# +# Note: some sites will want to select more restrictive protections than the +# defaults. In particular, it may be desirable to switch many of the 644 +# entries to 640 or 600. For example, some sites will consider the +# contents of maillog, messages, and lpd-errs to be confidential. In the +# future, these defaults may change to more conservative ones. +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 * JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 * JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC +/var/log/sendmail.st 640 10 * 168 B +/var/log/weekly.log 640 5 1 $W6D0 JN +/var/log/wtmp 644 3 * @01T05 B +/var/log/xferlog 600 7 100 * JC +/var/log/pen_wrapper.log 644 3 100 * J +/var/log/wlportal.log 664 3 100 * J /var/run/wlportal.pid +/var/log/wlweb-access.log 644 3 100 * J +/var/log/wlweb-error.log 644 3 100 * J +/var/log/snmpd.log 644 3 100 * J /var/run/snmpd.pid + + Index: /branches/breakout-hub/nanobsd/files/etc/nsswitch.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/nsswitch.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/nsswitch.conf (revision 10119) @@ -0,0 +1,16 @@ +# +# nsswitch.conf(5) - name service switch configuration file +# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# no NIS +group: compat +# group_compat: nis +hosts: files dns +networks: files +passwd: compat +# passwd_compat: nis +shells: files +services: compat +# services_compat: nis +protocols: files +rpc: files + Index: /branches/breakout-hub/nanobsd/files/etc/ntp.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/ntp.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/ntp.conf (revision 10119) @@ -0,0 +1,41 @@ +#XXX: Might need to be dynamic + +server 172.17.8.68 # proxy1 +server 172.17.143.4 # proxy2 +server 172.20.128.98 # proxy3 +server 172.16.2.254 # proxy4 +server 172.19.168.66 # proxy5 +server 172.16.3.146 # proxy6 +server 172.17.16.66 # proxy62 +server 172.17.0.1 # proxy7 +server 172.16.4.54 # proxy9 +server 172.22.0.66 # proxy10 +server 172.23.25.66 # proxy11 +server 172.16.3.98 # proxy13 +server 172.17.169.66 # proxy97 + +# and if all failes - use our local crummy clock +server 127.127.1.0 #stratum 10 +# Optional - to provide the surroundings +# with a accurate time - unsollicted. +# +# broadcast + +# This file is generated by 'ntp-genkey -d r' +# on any of the 3 time lords; and pulled +# from Genesis. +# +# keys /etc/ntp.keys + +# Limit the number of clients concurrent +# RQs' to the levels a simple not can +# sustain. Asumming 5Mbit this translates +# to some 5000 machines. + +# Ensure that our stats and drift files +# go to writable disk (/etc mounted RO +# on the flash-rom machines). +# +driftfile /var/db/ntp.drift + + Index: /branches/breakout-hub/nanobsd/files/etc/rc.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/rc.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/rc.conf (revision 10119) @@ -0,0 +1,70 @@ +## Building options +dumpdev="NO" # No kernel dumps as we don't have a place to + # store them +gateway_enable="YES" # Act like a gateway please +ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) + +# Firewall needed for port redirection (captive portal, splash screen) +firewall_enable="YES" +firewall_script="/etc/ipfw.sh" + +# NTP server needs working config with WL network or internet on boot +# so some warnings might pop up, but no harm +ntpdate_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" + +# We need no running mail server +sendmail_enable="NONE" + +# Don't let syslog accept input from other remote hosts +syslogd_enable="YES" +syslogd_flags="-s -A -c -b 127.0.0.1" + +# Remote login without DNS checking as it might not also be functionable +# -u0 prevent sshd from making DNS requests unless the authentication mechanism +# or configuration requires it. +sshd_enable="YES" +sshd_flags="-u0" + +# Don't update the motd as it not writeable, the update_nanobsd_motd is a +# simple wrapper found at /usr/local/etc/rc.d supporting this featureg +update_motd="NO" +update_nanobsd_motd="YES" + +## Port extentions +# Serve our clients some pretty cool IP address to at least get connected +# Also some low-memory footprint dns resolver +dnsmasq_enable="YES" + +# Monitoring deamons +nrpe2_enable="YES" +snmpd_enable="YES" +snmpd_flags="-a -LF w /var/log/snmpd.log" + +# Some nodes will serve as HTTP(S) proxy server +tinyproxy_enable="NO" + +## WL ports extentions +thttpd_enable="YES" +http302_enable="YES" + +lvrouted_enable="YES" +lvrouted_flags="-u -s s00p3rs3kr3t -m 28" + +# Make sure generated ssh keys are saved +nanobsd_save_sshkeys_enable="YES" + +# Do some cool stuff with pen, like checking on best connections and reload, so +# need a wrapper instead of the conventional startup script +pen_wrapper_enable="YES" + +## Initial (network) configuration +# +hostname="ChangeMe.example.org" +# XXX: Maybe something cool (zero config) as initial configuration + +## Iperf server mode +# +iperf_enable="YES" Index: /branches/breakout-hub/nanobsd/files/etc/ssh/ssh_config =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/ssh/ssh_config (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/ssh/ssh_config (revision 10119) @@ -0,0 +1,5 @@ +Host *.wleiden.net + ForwardAgent yes + +Host 172.16.?.? + ForwardAgent yes Index: /branches/breakout-hub/nanobsd/files/etc/ssh/sshd_config =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/ssh/sshd_config (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/ssh/sshd_config (revision 10119) @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +# Note that some of FreeBSD's defaults differ from OpenBSD's, and +# FreeBSD has a few additional options. + +#VersionAddendum FreeBSD-20090522 + +#Port 22 +#Protocol 2 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to yes to enable built-in password authentication. +#PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable PAM authentication +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'no' to disable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server Index: /branches/breakout-hub/nanobsd/files/etc/sysctl.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/sysctl.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/sysctl.conf (revision 10119) @@ -0,0 +1,4 @@ +#XXX: Might needs to be dynamic as value depends on link length +dev.ath.0.acktimeout=35 +dev.ath.1.acktimeout=35 +dev.ath.2.acktimeout=35 Index: /branches/breakout-hub/nanobsd/files/etc/syslog.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/syslog.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/syslog.conf (revision 10119) @@ -0,0 +1,32 @@ +# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +*.* @loghost.wleiden.net +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!startslip +*.* /var/log/slip.log +!ppp +*.* /var/log/ppp.log Index: /branches/breakout-hub/nanobsd/files/etc/ttys-nanobsd.patch =================================================================== --- /branches/breakout-hub/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) +++ /branches/breakout-hub/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) @@ -0,0 +1,31 @@ +--- etc/ttys 2010-01-12 11:47:58.000000000 +0100 ++++ ttys 2010-01-12 11:48:26.000000000 +0100 +@@ -30,19 +30,19 @@ + # when going to single-user mode. + console none unknown off secure + # +-ttyv0 "/usr/libexec/getty Pc" cons25 on secure ++ttyv0 "/usr/libexec/getty Pc" cons25 off secure + # Virtual terminals +-ttyv1 "/usr/libexec/getty Pc" cons25 on secure +-ttyv2 "/usr/libexec/getty Pc" cons25 on secure +-ttyv3 "/usr/libexec/getty Pc" cons25 on secure +-ttyv4 "/usr/libexec/getty Pc" cons25 on secure +-ttyv5 "/usr/libexec/getty Pc" cons25 on secure +-ttyv6 "/usr/libexec/getty Pc" cons25 on secure +-ttyv7 "/usr/libexec/getty Pc" cons25 on secure ++ttyv1 "/usr/libexec/getty Pc" cons25 off secure ++ttyv2 "/usr/libexec/getty Pc" cons25 off secure ++ttyv3 "/usr/libexec/getty Pc" cons25 off secure ++ttyv4 "/usr/libexec/getty Pc" cons25 off secure ++ttyv5 "/usr/libexec/getty Pc" cons25 off secure ++ttyv6 "/usr/libexec/getty Pc" cons25 off secure ++ttyv7 "/usr/libexec/getty Pc" cons25 off secure + ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure + # Serial terminals + # The 'dialup' keyword identifies dialin lines to login, fingerd etc. +-ttyu0 "/usr/libexec/getty std.9600" dialup off secure ++ttyu0 "/usr/libexec/getty std.9600" ansi on secure + ttyu1 "/usr/libexec/getty std.9600" dialup off secure + ttyu2 "/usr/libexec/getty std.9600" dialup off secure + ttyu3 "/usr/libexec/getty std.9600" dialup off secure Index: /branches/breakout-hub/nanobsd/files/root/.ssh =================================================================== --- /branches/breakout-hub/nanobsd/files/root/.ssh (revision 10119) +++ /branches/breakout-hub/nanobsd/files/root/.ssh (revision 10119) @@ -0,0 +1,1 @@ +link /etc/dot_ssh Index: /branches/breakout-hub/nanobsd/files/root/.vimrc =================================================================== --- /branches/breakout-hub/nanobsd/files/root/.vimrc (revision 10119) +++ /branches/breakout-hub/nanobsd/files/root/.vimrc (revision 10119) @@ -0,0 +1,4 @@ +syntax on +set tabstop=4 +set shiftwidth=4 +set viminfo='50,n/tmp/viminfo Index: /branches/breakout-hub/nanobsd/files/tools/change_password =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/change_password (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/change_password (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/change_password,v 1.3.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +passwd root + +cfgslice=`grep '/cfg' /etc/fstab | cut -d \ -f 1` + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +cp /etc/master.passwd /etc/passwd /etc/pwd.db /etc/spwd.db /etc/group /cfg +umount /cfg +trap 1 2 15 EXIT Index: /branches/breakout-hub/nanobsd/files/tools/dhcpd_snmp.sh =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) @@ -0,0 +1,15 @@ +#!/bin/sh +# Write dhcpd ranges to dhcpd-snmp.conf + +DHCPD="/usr/local/etc/dhcpd.conf" +DHSNMP="/usr/local/etc/dhcpd-snmp.conf" +INDEX="0" + +DHPOOL=`cat ${DHCPD} | grep range | awk '{print $2"-"$3}' | cut -d";" -f1` +for range in ${DHPOOL} +do + $((INDEX=INDEX+1)) + echo "`echo "pool:" $INDEX", pool"$INDEX", "$range | \ + sed 's/^.*(//'`" >> $DHSNMP +done + Index: /branches/breakout-hub/nanobsd/files/tools/find-nanostation =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/find-nanostation (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/find-nanostation (revision 10119) @@ -0,0 +1,16 @@ +#!/bin/sh +# Discover nanostation using CDPv1 packets +# Credits: http://sidewynder.blogspot.com/2005/07/tcpdump-filter-for-capturing-only.html + +if [ "x$1" = "x" ]; then + echo "Usage: $0 [count]" 1>&2 + echo "Find (lost) Nanostation IP using 'count' CDPv1 packet(s)" + echo "Normally CDPv1 packets get send every minute" 1>&2 + echo "Interface hints: `ifconfig -l`" 1>&2 + exit 1 +fi +IFACE=$1 +COUNT=${2-1} + + +tcpdump -nn -v -i $IFACE -s 1500 -c $COUNT 'ether[20:2] == 0x2000' Index: /branches/breakout-hub/nanobsd/files/tools/save_sshkeys =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/save_sshkeys (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/save_sshkeys (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/save_sshkeys,v 1.4.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +mkdir -p /cfg/ssh +( +cd /etc/ssh +cp ssh_host_* /cfg/ssh +) +umount /cfg +trap 1 2 15 EXIT Index: /branches/breakout-hub/nanobsd/files/tools/syslogd_flag.sh =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/syslogd_flag.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/syslogd_flag.sh (revision 10119) @@ -0,0 +1,7 @@ +#!/bin/sh +# Set hostname for syslogd -b flag + +HOST=`cat /etc/rc.conf.local | grep hostname | cut -d'"' -f2` +sed -i "" -e /syslogd_flags=/s/localhost/${HOST}/ /etc/rc.conf + + Index: /branches/breakout-hub/nanobsd/files/tools/update-wrapper =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/update-wrapper (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/update-wrapper (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Update the non-active partition, input will stdin if no argument given else a +# listing netcat sesion will be opened at the given port +# Can be used in the following setups: +# 1) Systems with CPU limits (e.g. no encryption and/or compression): +# ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper 3333 & +# cat nanobsd.image | nc node.example.org 3333 +# 2) Standard setup: +# cat nanobsd.image | ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper +# +# Licence: BSD http://wirelessleiden.nl/LICENSE +# +# Rick van der Zwet + +. /etc/nanobsd.conf + +ROOT=`cd $(dirname $0); pwd -P` + +# Find out which partion to use +mount | grep -q ${NANO_DRIVE}s1 && UPDATE=$ROOT/updatep2 || UPDATE=$ROOT/updatep1 + +if [ -z $1 ]; then + $UPDATE +else + nc -l $1 | $UPDATE +fi Index: /branches/breakout-hub/nanobsd/files/tools/updatep1 =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/updatep1 (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/updatep1 (revision 10119) @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep1,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 1 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep1 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s1 > /dev/null ; then + echo "You are running partition 1 already" + echo "you probably want to use 'updatep2' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s1 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s1 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s1a + +gpart set -a active -i 1 ${NANO_DRIVE} + Index: /branches/breakout-hub/nanobsd/files/tools/updatep2 =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/updatep2 (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/updatep2 (revision 10119) @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep2,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 2 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep2 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s2 > /dev/null ; then + echo "You are running partition 2 already" + echo "you probably want to use 'updatep1' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s2 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s2 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s2a + +# Update the /etc/fstab +trap "umount /mnt" 1 2 15 EXIT +mount /dev/${NANO_DRIVE}s2a /mnt +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/conf/base/etc/fstab +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/etc/fstab +umount /mnt +trap 1 2 15 EXIT + +gpart set -a active -i 2 ${NANO_DRIVE} + Index: /branches/breakout-hub/nanobsd/files/tools/wl-config =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/wl-config (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/wl-config (revision 10119) @@ -0,0 +1,266 @@ +#!/bin/sh +# Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd) +# Based on the 'API' of Jasper +# Rick van der Zwet +# XXX: TODO, some proper error checking for fetch + +BASEURL="http://132.229.112.21/config/iris/node/FreeBSD/8.0-RELEASE/g_list.pl" + +# Slow connection = no connection +HTTP_TIMEOUT=3 + +# Connectivity check +fetch -o /dev/null -q $BASEURL > /dev/null +if [ $? -ne 0 ]; then + echo "# [INFO] Connecting failed, setting generic proxy and trying again" + export HTTP_PROXY=proxy.wleiden.net:3128 + fetch -o /dev/null -q $BASEURL > /dev/null + if [ $? -ne 0 ]; then + echo "# [WARN] Connect failed, setting IP proxy and trying again" + export HTTP_PROXY=172.16.3.98:3128 + fetch -o /dev/null -q $BASEURL > /dev/null + if [ $? -ne 0 ]; then + echo "# [CRIT] Connect failed, please fix and set proxy manually" + exit 1 + fi + fi +fi + +# Default config to fetch +CONFIG=`hostname -s` + +# Determine it's statup and running location and some other hints +# Skip named.conf as it not planned in current release +FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf wleiden.conf" +file_details() { + case "$1" in + 'authorized_keys') + STARTUP_LOC="/cfg/dot_ssh/${FILE}" + RUNNING_LOC="/etc/dot_ssh/${FILE}" + FILE_HINT="" + ;; + 'dnsmasq.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart" + ;; + 'named.conf') + STARTUP_LOC="/cfg/namedb/${FILE}" + RUNNING_LOC="/etc/namedb/${FILE}" + FILE_HINT="/etc/rc.d/named restart" + ;; + 'rc.conf.local') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="/etc/rc.d/netif restart" + ;; + 'resolv.conf') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="" + ;; + 'wleiden.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="" + ;; + esac +} + +usage() { + ( + echo "Usage: $0 [-bn] [-c ] [-m ]" + echo " -b batch mode, no user input" + echo " -c default configuration to fetch" + echo " -n do not mount config partition" + echo " -m all copy config files to running & config partition [default]" + echo " -m startup copy config files to config partition" + echo " -m testing do not copy config files" + echo " -m running copy config files to running partition" + echo " -m hack copy running files to config partition" + ) 1>&2 + exit 2 +} + +# Argument parsing using getopts +USE_API=1 # Whether or not to use the webinterface +OPT_MOUNT=1 +OPT_RUNNING=1 +OPT_STARTUP=1 +OPT_HACK=0 # Hack for people without configuration managment and testing +OPT_BATCH=0 + +parse_options() { + while getopts "bc:nm:" OPT; do + case "$OPT" in + b) OPT_BATCH=1;; + c) CONFIG="${OPTARG}";; + n) OPT_MOUNT=0;; + m) case "$OPTARG" in + all) true;; + live) OPT_STARTUP=0;; + startup) OPT_RUNNING=0;; + testing) OPT_RUNNING=0; OPT_STARTUP=0; OPT_MOUNT=0;; + hack) OPT_RUNNING=0; OPT_STARTUP=0; OPT_HACK=1; USE_API=0;; + *) usage;; + esac;; + h) usage;; + \?) usage;; + esac + done + # Allow to override automatic mounting, in case of external mount 'managment' + if [ "$1" = "-n" ]; then + OPT_MOUNT=0 + fi + + if [ "${OPT_RUNNING}" -eq 1 ]; then + echo "INFO: Storing new config files in running configuration" + fi + + if [ "${OPT_STARTUP}" -eq 1 ]; then + echo "INFO: Storing new config files in startup configuration" + fi + + if [ "${OPT_HACK}" -eq 1 ]; then + echo "WARN: Copy running configuration to startup configuration" + echo "WARN: Please do mind to document/mention this changes somewhere" + fi + + # New line before the real work gets started + echo "" +} + + + + +# test validity of input +config_validator() { + INPUT="$1" + `grep -q "^${INPUT}\$" ${TMPDIR}/node_list.txt` + if [ $? -eq 0 ]; then + return 0 + else + echo "WARNING: Input '${INPUT}' is not valid, some hints..." + grep -i "${INPUT}" ${TMPDIR}/node_list.txt + return 1 + fi +} + + + +select_node() { + # List of all available nodes + fetch -q -o ${TMPDIR}/node_list.txt ${BASEURL} || exit 1 + + # Provide Nodelist and feedback + cat ${TMPDIR}/node_list.txt | column + echo ' THIS script adds the config from GENESIS to this operating system' + echo ' make sure you know what you are doing, if not press control-C' + echo ' ENTER CONFIG NAME ......(and press enter)' + + if [ ${OPT_BATCH} -eq 1 ]; then + config_validator "${CONFIG}" + if [ $? -eq 1 ]; then + echo "ERROR: Please provide valid config" 1>&2 + exit 1 + fi + else + # Have the user to select the right node + INVALID_CONFIG=1 + while [ ${INVALID_CONFIG} -eq 1 ]; do + # Ask for node name, play around with prev option + echo -n "Name [${CONFIG}]: " + read INPUT + if [ -z "${INPUT}" ]; then + INPUT=${CONFIG} + else + CONFIG=${INPUT} + fi + + config_validator "${INPUT}" + if [ $? -eq 0 ]; then + INVALID_CONFIG=0 + fi + done + fi +} + + + + +# Copy file, saving some bits if no change needed +copy_file() { + SOURCE=$1 + TARGET=$2 + diff -q ${SOURCE} ${TARGET} >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + mkdir -p `dirname ${TARGET}` || exit 1 + cp ${SOURCE} ${TARGET} || exit 1 + return $? + fi + return 1 +} + +# Main function +main() { + TMPDIR=`mktemp -d -t $(basename $0)` + # Clear out tempdir when done + if [ ${OPT_MOUNT} -eq 1 ]; then + trap "rm -Rf ${TMPDIR}; umount /cfg; mount -ro noatime /; exit" 0 1 2 3 15 + else + trap "rm -Rf ${TMPDIR}; exit" 0 1 2 3 15 + + fi + + # Mount if requested + if [ ${OPT_MOUNT} -eq 1 ]; then + mount -uwo noatime / + mount /cfg + fi + + # Select node from web-interface + if [ ${USE_API} -eq 1 ]; then + select_node + fi + + # Worker, place all files in required directory + for FILE in ${FILES}; do + if [ ${USE_API} -eq 1 ]; then + # Fetch needed file + FRESH_LOC=${TMPDIR}/${FILE} + fetch -q -o ${FRESH_LOC} ${BASEURL}/${CONFIG}/${FILE} || exit 1 + fi + + # Needed file details, like locations and hints + file_details ${FILE} + + echo "INFO: Working on file: '${FILE}'" + # Copy file boot location + if [ ${OPT_STARTUP} -eq 1 ]; then + copy_file ${FRESH_LOC} ${STARTUP_LOC} + fi + + # Copy file running location + if [ ${OPT_RUNNING} -eq 1 ]; then + copy_file ${FRESH_LOC} ${RUNNING_LOC} + if [ $? -eq 0 ]; then + echo "INFO: '${FILE}' changed" + if [ -n "${FILE_HINT}" ]; then + echo "INFO: For instant activate: ${FILE_HINT}" + echo "" + fi + fi + fi + + # Direct copy + if [ ${OPT_HACK} -eq 1 ]; then + # No checking, just dumb try to copy mode + cp -v ${RUNNING_LOC} ${STARTUP_LOC} + fi + done + + exit 0 +} + +parse_options $* +main Index: /branches/breakout-hub/nanobsd/files/tools/wl-version =================================================================== --- /branches/breakout-hub/nanobsd/files/tools/wl-version (revision 10119) +++ /branches/breakout-hub/nanobsd/files/tools/wl-version (revision 10119) @@ -0,0 +1,35 @@ +#!/bin/sh +# Get bare minimal information of node, for the use of easy debugging +# Rick van der Zwet + +# Trac specific code +echo "----" +echo "{{{" + +# Introduction +echo "Generated by $USER@`hostname`" +echo "Date: `date`" + +# Kernel information +uname -a | fold + +# Mount information, for the use of checking which slize is usd +mount + +# static iinformation, on image, like build, time, who, +VERSION='/tools/wl-release.txt' +cat $VERSION + +if [ -r /VERSION ]; then + cat /VERSION + seperator +fi + +# Current ip configuration +ifconfig -a + +# XXX: Configuration specifics + +# Trac specific code +echo "}}}" +echo "----" Index: /branches/breakout-hub/nanobsd/files/usr/local/bin/http302 =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/bin/http302 (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/bin/http302 (revision 10119) @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Only purpose is to send somebody to the Captive Portal +# +URL=${URL:-http://172.31.255.1/wlportal} + +# Send information to client +echo -e "HTTP/1.1 302 OK\r" +echo -e "Location: $URL\r" +echo -e "\r" + Index: /branches/breakout-hub/nanobsd/files/usr/local/bin/mvim =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/bin/mvim (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/bin/mvim (revision 10119) @@ -0,0 +1,10 @@ +#!/bin/sh +# +# Wrapper to support file hacking on read-only file systems more easily +# +# Rick van der Zwet + + +mount -uwo noatime || exit +vim $* +mount -uro noatime / Index: /branches/breakout-hub/nanobsd/files/usr/local/bin/pen_wrapper =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) @@ -0,0 +1,121 @@ +#!/bin/sh +# Pen proxy wrapper, periodic check for best connections +# Stichting Wireless Leiden +# Rick van der Zwet + +BIND_ADDR=${1-172.31.255.1} +BIND_PORT=${2-3128} +DEBUG=0 + +#XXX: Really static list, some dynamic alternative prefered +PROXY_LIST="${3-172.17.8.68:3128 \ + 172.17.143.4:3128 \ + 172.20.128.98:3128 \ + 172.16.2.254:3128 \ + 172.19.168.66:3128 \ + 172.16.3.146:3128 \ + 172.17.16.66:3128 \ + 172.17.0.1:3128 \ + 172.16.4.54:3128 \ + 172.22.0.66:3128 \ + 172.23.25.66:3128 \ + 172.17.169.66:3128}" + + +TEST_URL="http://www.ams-ix.net/" +TEST_INTERVAL=`expr 30 \* 60` # Back-off period in seconds, re-testing period + + +# Don't touch, unless you know what you are doing +PIDFILE='/var/run/pen.pid' +PEN='/usr/local/bin/pen' +PEN_FLAGS="-b 30 -r -p ${PIDFILE} -o prio ${BIND_ADDR}:${BIND_PORT}" + +LOGFILE='/var/log/pen_wrapper.log' + +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + if [ ${DEBUG} -eq 0 ]; then + echo "${_msg}" >> ${LOGFILE} + else + echo "${_msg}" + fi +} + +d_log() { + if [ ${DEBUG} -ne 0 ]; then + log $* + fi +} + +test_proxy() +{ + # Set proxy + PROXY=$1 + PORT=$2 + URL=$3 + export HTTP_PROXY="${PROXY}:${PORT}" + + # Attempted fetch + retstr=`fetch -T 3 -o /dev/null ${URL} 2>&1` + retval=$? + + # Store to list if successfull + if [ "${retval}" -eq 0 ]; then + BPS=`echo "${retstr}" | awk '/Bps/ {printf $4}'` + echo "${BPS} ${PROXY}" >> ${TMPFILE} + fi + return $retval +} + +sort_proxies() +{ + # Result holder + TMPFILE=`mktemp -t pen_wrapper` + + for _host in ${PROXY_LIST}; do + PROXY=`echo $_host | cut -d ":" -f1` + PORT=`echo $_host | cut -d ":" -f2` + _msg="Fetching '${TEST_URL}' via '${PROXY}:${PORT}' ..." + test_proxy ${PROXY} ${PORT} ${TEST_URL} && d_log ${_msg} "OK" || d_log ${_msg} "FAILED" + done + + _proxylist=`sort -nr ${TMPFILE} | awk '{print $2}' | tr '\n' ' '` + _cfg="0:0:1:1" + if [ -n "${_proxylist}" ]; then + _prio="0" + _proxy_arg="" + for _proxy in ${_proxylist}; do + _prio=`expr ${_prio} + 1` + _proxy_arg="${_proxy_arg} ${_proxy}:${PORT}:${_cfg}:${_prio}" + done + fi + # Clear out junk + rm -f ${TMPFILE} + NEW_PROXY_LIST="${_proxy_arg}" +} + + +## +# Main loop +LIVE_PROXY_LIST='' +while true; do + sort_proxies + if [ "${LIVE_PROXY_LIST}" != "${NEW_PROXY_LIST}" ]; then + log "INFO: New listing to be configured '${NEW_PROXY_LIST}'" + d_log "Live: ${LIVE_PROXY_LIST}" + d_log "New : ${NEW_PROXY_LIST}" + # Pen should only be started if alias exists + ifconfig | grep -q ${BIND_ADDR} + if [ $? -eq 0 ]; then + if [ -r ${PIDFILE} ]; then + kill `cat ${PIDFILE}` + fi + ${PEN} ${PEN_FLAGS} ${NEW_PROXY_LIST} + LIVE_PROXY_LIST="${NEW_PROXY_LIST}" + fi + fi + sleep ${TEST_INTERVAL} +done Index: /branches/breakout-hub/nanobsd/files/usr/local/bin/ssh-copy-id =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) @@ -0,0 +1,50 @@ +#!/bin/sh + +# Shell script to install your public key on a remote machine +# Takes the remote machine name as an argument. +# Obviously, the remote machine must accept password authentication, +# or one of the other keys in your ssh-agent, for this to work. + +ID_FILE="${HOME}/.ssh/id_rsa.pub" + +if [ "-i" = "$1" ]; then + shift + # check if we have 2 parameters left, if so the first is the new ID file + if [ -n "$2" ]; then + if expr "$1" : ".*\.pub" >/dev/null; then + ID_FILE="$1" + else + ID_FILE="$1.pub" + fi + shift # and this should leave $1 as the target name + fi +else + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then + GET_ID="$GET_ID ssh-add -L" + fi +fi + +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then + GET_ID="cat ${ID_FILE}" +fi + +if [ -z "`eval $GET_ID`" ]; then + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 + exit 1 +fi + +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 + +cat <&2 + exit $EX_NOINPUT +fi + +# Compare files, ignore white spaces, modification, etc +diff -b -B -q ${SRC} ${DST}; RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # 2: DST does not yet, exists, 1: file differs + mount -uwo noatime /cfg + mkdir -p /cfg/local + cp ${SRC} ${DST} +fi + +exit $EX_OK Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/dhcpd-snmp.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) @@ -0,0 +1,1 @@ +leases: /var/db/dhcpd.leases Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/dhcpd.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) @@ -0,0 +1,7 @@ +ddns-update-style none; + +subnet 192.168.2.0 netmask 255.255.255.0 { + option domain-name-servers 192.168.2.1 ; + option routers 192.168.2.1 ; + range 192.168.2.50 192.168.2.99 ; +} Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/nrpe.cfg =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) @@ -0,0 +1,14 @@ +server_port=5666 +allowed_hosts=172.16.4.46 +nrpe_user=nagios +nrpe_group=nagios +command_timeout=60 + +command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 +command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 +command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p / +command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var +command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70 +command[check_inet]=/usr/local/libexec/nagios/check_inet +command[check_inet2]=/usr/local/libexec/nagios/check_inet2 +command[check_lv]=/usr/local/libexec/nagios/check_lv Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/ntp.drift =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) @@ -0,0 +1,1 @@ +0.000 Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/proxies.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) @@ -0,0 +1,12 @@ +172.17.8.68:3128 +172.17.143.4:3128 +172.20.128.98:3128 +172.16.2.254:3128 +172.19.168.66:3128 +172.16.3.146:3128 +172.17.16.66:3128 +172.17.0.1:3128 +172.16.4.54:3128 +172.22.0.66:3128 +172.23.25.66:3128 +172.17.169.66:3128 Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/http302 =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# PROVIDE: http301 +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# http302_enable="YES" +# +. /etc/rc.subr + +name=http302 +rcvar=`set_rcvar` + +command=/usr/local/bin/tcpserver +command_args="-R -H -l 0 172.31.255.1 8081 /usr/local/bin/http302 &" + +load_rc_config ${name} + +http301_enable=${http301_enable-"NO"} + +#### +# tcpserver does not generate a pid file + +run_rc_command "$1" + Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/iperf =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: iperf +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# iperf_enable="YES" +# +. /etc/rc.subr + +name=iperf +rcvar=`set_rcvar` + +command=/usr/local/bin/iperf +command_args="-s -D" + +load_rc_config ${name} + +iperf_enable=${iperf_enable-"NO"} + +#### +# iperf does not generate a pid file +# iperf_pidfile=${iperf_pidfile-"/var/run/.pid"} +# pidfile="${iperf_pidfile}" + +run_rc_command "$1" + Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/motd,v 1.9.10.1.4.1 2009/04/15 03:14:26 kensmith Exp $ +# + +# PROVIDE: nanobsd-motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="nanobsd_motd" +rcvar="update_nanobsd_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + echo -n 'Updating motd' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' ... /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + # XXX: Hack quick and dirty combine of /etc/rc.d/motd and /tools/savesshkeys + trap "umount /cfg" 1 2 15 EXIT + mount /cfg + cp $T /cfg/motd + chmod ${PERMS} /etc/motd + umount /cfg + trap 1 2 15 EXIT + + trap "mount -uro noatime /" 1 2 15 EXIT + mount -uwo noatime / + cp $T /etc/motd + chmod ${PERMS} /etc/motd + mount -uro noatime / + trap 1 2 15 EXIT + } + rm -f $T + + echo . +} + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen +# REQUIRE: NETWORKING SERVERS sshd +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable nanobsd-save-sshkeys: +# +# nanobsd_save_sshkeys_enable="YES" +# + +. /etc/rc.subr + +name=nanobsd_save_sshkeys +rcvar=`set_rcvar` + +nanobsd_save_sshkeys_enable=${nanobsd_save_sshkeys_enable:-"NO"} + +start_cmd="save_sshkeys" +stop_cmd="save_sshkeys" + +save_sshkeys() { + MOUNTED_RW=0 + trap "umount /cfg" 1 2 15 EXIT + mount -ro noatime /cfg + for FILE in /etc/ssh/ssh_host_*; do + cmp -s $FILE /cfg/ssh/`basename ${FILE}` + if [ $? -ne 0 ]; then + if [ ${MOUNTED_RW} -eq 0 ]; then + mount -uwo noatime /cfg + mkdir -p /cfg/ssh + MOUNTED_RW=1 + fi + cp $FILE /cfg/ssh/`basename ${FILE}` + fi + done + + umount /cfg + trap 1 2 15 EXIT +} + + +load_rc_config $name +run_rc_command "$1" + Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/pen_wrapper =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen_wrapper +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable pen: +# +# pen_wrapper_enable="YES" +# + +. /etc/rc.subr + +pen_wrapper_cmd() { + ${command_interpreter} ${command} & +} + +name=pen_wrapper +rcvar=`set_rcvar` +start_cmd=${name}_cmd + +command_interpreter="/bin/sh" +command=/usr/local/bin/pen_wrapper + +pen_wrapper_enable=${pen_wrapper_enable:-"NO"} +pen_wrapper_flags=${pen_wrapper_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/thttpd.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) @@ -0,0 +1,6 @@ +user=root +dir=/usr/local/www +cgipat=** +nochroot +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid Index: /branches/breakout-hub/nanobsd/files/usr/local/etc/tinyproxy.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User nobody +Group nogroup + +# +# Port to listen on. +# +Port 3128 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/local/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/local/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/local/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/local/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/local/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/local/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/local/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/local/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Info + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 172.16.0.0/12 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +#ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +#Filter "/etc/tinyproxy/filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 Index: /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_inet =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# HTTP proxy to use +HTTP_PROXY=http://proxy.wleiden.net:3128 + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Make variable global, so fetch can use it +export HTTP_PROXY + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '{ print $4 " " $5 }'` + +# What was the format of speed (Bps) +TYPE=`echo ${SPEEDOUT} | awk '{ print $5 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$TYPE" = "Bps" ]; then + + # Let's celebrate, it was successfull + echo "INET OK: $SPEED" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_inet2 =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) @@ -0,0 +1,31 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '/Bps/ { print $13 " " $14 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$SPEED" ]; then + + # Let's celebrate, it was successfull + printf "INET OK: $SPEED\n" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_lv =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) @@ -0,0 +1,107 @@ +#!/usr/local/bin/python + +import os +import re + +# Bsd config file +config="/etc/rc.conf.local" + +def gettrees () : + ip = [] + + # Run through all the files in /tmp + for filename in os.listdir('/tmp'): + + # Match lvrouted tree files and get ip address + # lvrouted.tree-172.16.4.9 + match = re.match(r'lvrouted.tree-(.*)$', filename) + if match: + + # append ip address to list + ip.append(match.group(1)) + + return ip + +# Get all ips in the subnet (based on ip and mask) +def iprange (ip, mask) : + + # Max number of bits in the subnetmask + max=32 + + # Make sure the mask is integer + mask=int(mask) + + # Don't do anything with certain subnet sizes + if mask > 27 and mask < 32 : + + # Make an ip list + iplist = [] + + # Split the ip + oc = ip.split(".") + + # Calculate the total subnet size + max = 2 ** ( max - mask ) + + # Make sure the last oclet of the ip is integer + oc[3] = int(oc[3]) + + # Calculate the lower end of the subnet + min = oc[3] - ( oc[3] % max ) + 1 + + # Calculate the upper end of the subnet + max = min + max - 2 + + # Run through all possible ip's + for oc3 in range(min, max): + + # Add Ip to iplist + iplist.append(str(oc[0]) + "." + str(oc[1]) + "." + str(oc[2]) + "." + str(oc3)) + + # Return the iplist to the caller + return iplist + +# Open the config file and run through it +file = open (config) +treeips = gettrees() +invalid = [] +rcips = [] + +for line in file.readlines(): + + # Get variable's out of the config file and validate it + match = re.match(r'ipv4_addrs_(.*?)="(.*?)/([\d]{1,2})(.*)"$', line) + if match: + + # Get info + iface = match.group(1) + ip = match.group(2) + mask = match.group(3) + + # Call iprange, get all ip's in the subnet + allips = iprange(ip, mask) + + # Don't iterate through empty list + if allips: + + valid=0 + + # Check if one of the ip's in the lvrouted list (one must be present) + for rangeip in allips: + if rangeip in treeips: + valid=1 + + if not valid: + invalid.append(iface) + +if invalid: + retval = "LV ERROR:" + for iface in invalid: + retval = retval + " " + iface + print retval + exit(2) +else: + print "LV OK" + exit(0) + + Index: /branches/breakout-hub/nanobsd/files/usr/local/sbin/dhcpd-snmp =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) @@ -0,0 +1,452 @@ +#! /usr/bin/perl +# -------------------------------------------------------------------- +# Copyright (C) 2006 Oliver Hitz +# +# $Id: dhcpd-snmp.in,v 1.2 2006/01/25 19:26:00 oli Exp $ +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, +# MA 02111-1307, USA. +# -------------------------------------------------------------------- +# dhcpd-snmp +# +# An extension for polling the active and available lease counts of a +# running dhcpd. +# +# Please read the man page dhcpd-snmp(8) for instructions. +# -------------------------------------------------------------------- + +use Time::Local; +use strict; + +# The base OID of this extension. Has to match the OID in snmpd.conf: +my $baseoid = ".1.3.6.1.4.1.21695.1.2"; + +# Results are cached for some seconds so that an SNMP walk doesn't +# result in dhcpd.leases being parsed multiple times. +my $cache_secs = 60; + +# -------------------------------------------------------------------- + +my $mib; +my $mibtime; + +# Load configuration file +my $conf = read_configuration($ARGV[0]); + +# Switch on autoflush +$| = 1; + +# Main loop +while (my $cmd = ) { + chomp $cmd; + + if ($cmd eq "PING") { + print "PONG\n"; + } elsif ($cmd eq "get") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $mib = create_dhcp_mib(); + + if ($oid != 0 && defined($mib->{$oid})) { + print "$baseoid.$oid\n"; + print $mib->{$oid}[0]."\n"; + print $mib->{$oid}[1]."\n"; + } else { + print "NONE\n"; + } + } elsif ($cmd eq "getnext") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $found = 0; + + my $mib = create_dhcp_mib(); + my @s = sort { oidcmp($a, $b) } keys %{ $mib }; + for (my $i = 0; $i < @s; $i++) { + if (oidcmp($oid, $s[$i]) == -1) { + print "$baseoid.".$s[$i]."\n"; + print $mib->{$s[$i]}[0]."\n"; + print $mib->{$s[$i]}[1]."\n"; + $found = 1; + last; + } + } + if (!$found) { + print "NONE\n"; + } + } else { + # Unknown command + } +} + +exit 0; + +sub get_oid +{ + + my ($oid) = @_; + chomp $oid; + + my $base = $baseoid; + $base =~ s/\./\\./g; + + if ($oid !~ /^$base(\.|$)/) { + # Requested oid doesn't match base oid + return 0; + } + + $oid =~ s/^$base\.?//; + return $oid; +} + +sub oidcmp { + my ($x, $y) = @_; + + my @a = split /\./, $x; + my @b = split /\./, $y; + + my $i = 0; + + while (1) { + + if ($i > $#a) { + if ($i > $#b) { + return 0; + } else { + return -1; + } + } elsif ($i > $#b) { + return 1; + } + + if ($a[$i] < $b[$i]) { + return -1; + } elsif ($a[$i] > $b[$i]) { + return 1; + } + + $i++; + } +} + +sub create_dhcp_mib +{ + # We cache the results for $cache_secs seconds + if (time - $mibtime < $cache_secs) { + return $mib; + } + + # Read in all leases + read_leases(); + + my %dhcp = ( + "1" => [ "integer", 0 ], # Number of pools + ); + + foreach my $i (keys %{ $conf->{"pools"} }) { + $dhcp{"1"}[1]++; + + my $pool = $conf->{"pools"}->{$i}; + + $dhcp{"2.1.".$i} = [ "integer", $i ]; + $dhcp{"2.2.".$i} = [ "string", $pool->{"name"} ]; + $dhcp{"2.3.".$i} = [ "integer", $pool->{"total"} ]; + $dhcp{"2.4.".$i} = [ "integer", $pool->{"active"} ]; + $dhcp{"2.5.".$i} = [ "integer", $pool->{"expired"} ]; + $dhcp{"2.6.".$i} = [ "integer", $pool->{"total"} - $pool->{"active"} ]; + } + + $mib = \%dhcp; + $mibtime = time; + return $mib; +} + +sub ip2int { + my ($ip) = @_; + + if ($ip =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { + return 256*(256*(256*$1+$2)+$3)+$4; + } else { + return -1; + } +} + +sub read_leases +{ + # Clear leases + foreach my $i (keys %{ $conf->{"pools"} }) { + $conf->{"pools"}->{$i}->{"leases"} = (); + $conf->{"pools"}->{$i}->{"active"} = 0; + $conf->{"pools"}->{$i}->{"expired"} = 0; + } + + # Read leases + if (!open(LEASES, $conf->{"leases"})) { + printf STDERR "Unable to open leases file '%s'!\n", $conf->{leases}; + return; + } + + my %l = undef; + + while (my $line = ) { + if ($line =~ /^lease (\d+\.\d+\.\d+\.\d+) \{$/) { + my $ip = ip2int($1); + undef %l; + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + my $found = 0; + + foreach my $r (@{ $pool->{"ranges"} }) { + if (($ip >= $r->{"from"}) && ($ip <= $r->{"to"})) { + %l = ( "pool" => $i, "ip" => $ip ); + $found = 1; + last; + } + } + if ($found) { + last; + } + } + } elsif (defined %l && $line =~ /^\s+ends \d (\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+);$/) { + $l{"ends"} = timegm($6, $5, $4, $3, $2-1, $1); + } elsif (defined %l && $line =~ /^\s+ends never;$/) { + $l{"ends"} = -1; + } elsif (defined %l && $line =~ /^\}$/) { + $conf->{"pools"}->{$l{"pool"}}->{"leases"}->{$l{"ip"}} = $l{"ends"}; + } + } + + close(LEASES); + + # Count active and expired leases + my $now = time(); + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + + foreach my $ip (keys %{ $pool->{"leases"} }) { + my $end = $pool->{"leases"}->{$ip}; + if (($end == -1) || ($end >= $now)) { + $pool->{"active"}++; + } else { + $pool->{"expired"}++; + } + } + } +} + +sub read_configuration +{ + my ($f) = @_; + + my %conf = ( "leases" => undef, + "pools" => { } ); + + open C, "$f"; + while (my $l = ) { + $l =~ s/#.*//; + $l =~ s/^\s*//; + $l =~ s/\s*$//; + + if ($l eq "") { + next; + } + + if ($l =~ /^leases:\s*(\S+)$/) { + + $conf{"leases"} = $1; + + # Check if file is readable + if (open(LEASES, $conf{"leases"})) { + close(LEASES); + } else { + printf STDERR "Unable to open leases file '%s'!\n", $conf{"leases"}; + } + + } elsif ($l =~ /^pool:\s*(\d+)\s*,\s*("[^"]*"|[^"][^,]*)\s*,\s*(.*)$/) { + + # Read the pool definition + my %p = ( "index" => $1, + "name" => $2, + "ranges" => [ ], + "total" => 0, + "leases" => { } ); + + my @ranges = split /\s*,\s*/, $3; + + $p{"name"} =~ s/^\"//; + $p{"name"} =~ s/\"$//; + + foreach my $r (@ranges) { + if ($r !~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})-(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) { + printf STDERR "Invalid range definition '%s'.\n", $r; + next; + } + + my ($from, $to) = ($1, $2); + + my $fromip = ip2int($from); + my $toip = ip2int($to); + + if ($toip < $fromip) { + my $t = $toip; + $toip = $fromip; + $fromip = $t; + } + + $p{"total"} += $toip-$fromip+1; + + my %range = ( "from" => $fromip, + "to" => $toip ); + + push @{ $p{"ranges"} }, \%range; + } + + $conf{"pools"}{$p{"index"}} = \%p; + } else { + + printf STDERR "Invalid line '%s'.\n", $l; + + } + } + + return \%conf; +} + +__END__ + +=head1 NAME + +dhcpd-snmp + +=head1 SYNOPSIS + +dhcpd-snmp dhcpd-snmp.conf + +=head1 DESCRIPTION + +B is an extension for the Net-SNMP agent and the ISC DHCP +server. It allows you to monitor and track the address usage of your +dynamic IP address pools through SNMP. + +=head1 CONFIGURATION FILE + +The configuration file defines the location of the F +file as well as the pools of which you want to access the lease +counts. + +The file is in B format and allows only two keys: + +=over 8 + +=item B: C + +Location of the F file. This file needs to be accessible +by the script. + +=item B: C, C, C + +Defines a pool to monitor. C is a unique numeric index, +C a textual description of this pool, and C defines the ranges of IP addresses belonging to this +pool. + +=back + +Since this extension is a persistent script, changes to the +configuration file require a restart of snmpd. + +=head1 INSTALLATION + +After installing the B script and adapting the +configuration file, it is best to test it manually. This can be done +with the following dialog: + + PING + +The script should return "PONG". + + get + .1.3.6.1.4.1.21695.1.2.1 + +The script should return three lines: the OID, "integer", and the +number of configured pools. + + get + .1.3.6.1.4.1.21695.1.2.2.2.1 + +OID, "string", and the name of your first address pool. + + get + .1.3.6.1.4.1.21695.1.2.2.4.1 + +OID, "integer", and the number of active leases. + +Quit the dialog using CTRL-D. + +If everything works, insert the following line into your Net-SNMP's +B configuration file: + + pass_persist .1.3.6.1.4.1.21695.1.2 path/to/dhcpd-snmp path/to/dhcpd-snmp.conf + +Net-SNMP will need to be restarted after this change. + +You should now be able to get the statistics using F, for example: + + $ snmpwalk host community .1.3.6.1.4.1.21695.1.2 + +This should give you a list of the statistics of your DHCP server. + +=head1 MIB + +The script returns the following variables: + + .1.3.6.1.4.1.21695.1.2.1: number of configured pools + .1.3.6.1.4.1.21695.1.2.2.: pool description + .1.3.6.1.4.1.21695.1.2.3.: size of the pool (number of addresses) + .1.3.6.1.4.1.21695.1.2.4.: active leases + .1.3.6.1.4.1.21695.1.2.5.: expired leases + .1.3.6.1.4.1.21695.1.2.6.: available addresses (size - active leases) + +For a complete MIB file see the C directory in the source archive. + +=head1 SECURITY + +It is assumed that users of this script know how to properly secure +their snmpd. Please read the corresponding man pages on more +information about this. + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006 Oliver Hitz + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. + +=cut Index: /branches/breakout-hub/nanobsd/files/usr/local/sbin/lvrouted-test =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) @@ -0,0 +1,24 @@ +#!/bin/sh +# Richard van Mansom, richardvm@wirelessleiden.nl, March 2010 + +# Minimum number of non local routes. +VALID=1 + +# 1. Show routing table +# 2. Only show routes which includes subnets +# 3. Discard anything with a semicolon (MAC addresses and IPv6 addresses) +# 4. Discard anything which include the word 'link' (local routes). +# 5. Use word count (get number of lines) +COUNT=`netstat -rn | grep -E '[0-9]/[0-9]' | grep -v ':' | grep -v 'link' | wc -l'` + +# No have a look if the number of routes has passed the minimium threshold. +if [ ${COUNT} -gt ${VALID} ]; then + + # Display me if I have passed the threshold + echo "ROUTING OK: Got non local routes" +else + + # Display me if I didn't pased the threshold + echo "ROUTING CRITICAL: I don't have any non local routes" +fi + Index: /branches/breakout-hub/nanobsd/files/usr/local/sbin/proxy-test.sh =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) @@ -0,0 +1,25 @@ +#!/bin/sh + +PROXY=proxy.wleiden.net:3128 +URL=http://proxy-test.wirelessleiden.nl +FILE=/tmp/proxy-test.wirelessleiden.nl + +# Set proxy to escape the network +export HTTP_PROXY=${PROXY} + +# Fetch the website (curl not installed) +fetch -o ${FILE} ${URL} 2> /dev/null +if [ -w ${FILE} ]; then + retval=`cat ${FILE}` + rm ${FILE} +fi + +# Chech if website returns the expected result +if [ "$retval" = "1" ]; then + echo "WWW OK: Got a www website" + exit 0 +else + echo "WWW CRITICAL: Unable to fetch www website" + exit 2 +fi + Index: /branches/breakout-hub/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) @@ -0,0 +1,2978 @@ +-- ***************************************************************** +-- IEEE802dot11-MIB : +-- IEEE 802.11 Management Information Base file +-- +-- Nov 2002, Francis Pang +-- +-- Copyright (c) 2002 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +-- ********************************************************************** +-- * IEEE 802.11 Management Information Base +-- ********************************************************************** + +IEEE802dot11-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE,Integer32, Counter32, + Unsigned32 FROM SNMPv2-SMI + + DisplayString , MacAddress, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + + ifIndex FROM RFC1213-MIB; + +-- ********************************************************************** +-- * Tree Definition +-- ********************************************************************** + + member-body OBJECT IDENTIFIER ::= { iso 2 } + us OBJECT IDENTIFIER ::= { member-body 840 } + +-- ********************************************************************** +-- * MODULE IDENTITY +-- ********************************************************************** + +ieee802dot11 MODULE-IDENTITY + LAST-UPDATED "0208300000Z" + ORGANIZATION "IEEE 802.11" + CONTACT-INFO + "WG E-mail: stds-802-11@ieee.org + + Chair: Stuart J. Kerry + Postal: Philips Semiconductors, Inc. + 1109 McKay Drive + M/S 48 SJ + San Jose, CA 95130-1706 USA + Tel: +1 408 474 7356 + Fax: +1 408 474 7247 + E-mail: stuart.kerry@philips.com + + Editor: Bob O'Hara + Postal: Informed Technology, Inc. + 1750 Nantucket Circle, Suite 138 + Santa Clara, CA 95054 USA + Tel: +1 408 986 9596 + Fax: +1 408 727 2654 + E-mail: bob@informed-technology.com" + DESCRIPTION + "The MIB module for IEEE 802.11 entities. + iso(1).member-body(2).us(840).ieee802dot11(10036)" + ::= { us 10036 } + +-- ********************************************************************** +-- * Major sections +-- ********************************************************************** + +-- Station ManagemenT (SMT) Attributes + -- DEFINED AS "The SMT object class provides the necessary support + -- at the station to manage the processes in the station such that + -- the station may work cooperatively as a part of an IEEE 802.11 + -- network." + + dot11smt OBJECT IDENTIFIER ::= { ieee802dot11 1 } + + -- dot11smt GROUPS + -- dot11StationConfigTable ::= { dot11smt 1 } + -- dot11AuthenticationAlgorithmsTable ::= { dot11smt 2 } + -- dot11WEPDefaultKeysTable ::= { dot11smt 3 } + -- dot11WEPKeyMappingsTable ::= { dot11smt 4 } + -- dot11PrivacyTable ::= { dot11smt 5 } + -- dot11SMTnotification ::= { dot11smt 6 } + -- dot11MultiDomainCapabilityTable ::= { dot11smt 7 } + +-- MAC Attributes + -- DEFINED AS "The MAC object class provides the necessary support + -- for the access control, generation, and verification of frame + -- check sequences (FCSs), and proper delivery of valid data to + -- upper layers." + + dot11mac OBJECT IDENTIFIER ::= { ieee802dot11 2 } + + -- MAC GROUPS + -- reference IEEE Std 802.1f-1993 + -- dot11OperationTable ::= { dot11mac 1 } + -- dot11CountersTable ::= { dot11mac 2 } + -- dot11GroupAddressesTable ::= { dot11mac 3 } + +-- Resource Type ID + dot11res OBJECT IDENTIFIER ::= { ieee802dot11 3 } + dot11resAttribute OBJECT IDENTIFIER ::= { dot11res 1 } + +-- PHY Attributes + -- DEFINED AS "The PHY object class provides the necessary support + -- for required PHY operational information that may vary from PHY + -- to PHY and from STA to STA to be communicated to upper layers." + + dot11phy OBJECT IDENTIFIER ::= { ieee802dot11 4 } + + -- PHY GROUPS + -- dot11PhyOperationTable ::= { dot11phy 1 } + -- dot11PhyAntennaTable ::= { dot11phy 2 } + -- dot11PhyTxPowerTable ::= { dot11phy 3 } + -- dot11PhyFHSSTable ::= { dot11phy 4 } + -- dot11PhyDSSSTable ::= { dot11phy 5 } + -- dot11PhyIRTable ::= { dot11phy 6 } + -- dot11RegDomainsSupportedTable ::= { dot11phy 7 } + -- dot11AntennasListTable ::= { dot11phy 8 } + -- dot11SupportedDataRatesTxTable ::= { dot11phy 9 } + -- dot11SupportedDataRatesRxTable ::= { dot11phy 10 } + -- dot11PhyOFDMTable ::= { dot11phy 11 } + -- dot11PhyHRDSSSTable ::= { dot11phy 12 } + -- dot11EHCCHoppingPatternTable ::= { dot11phy 13 } + +-- ********************************************************************** +-- * Textual conventions from 802 definitions +-- ********************************************************************** + + WEPKeytype ::= OCTET STRING (SIZE (5)) + +-- ********************************************************************** +-- * MIB attribute OBJECT-TYPE definitions follow +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT Station Config Table +-- ********************************************************************** + +dot11StationConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Station Configuration attributes. In tablular form to + allow for multiple instances on an agent." + ::= { dot11smt 1 } + +dot11StationConfigEntry OBJECT-TYPE + SYNTAX Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11StationConfigTable. It is + possible for there to be multiple IEEE 802.11 interfaces + on one agent, each with its unique MAC address. The + relationship between an IEEE 802.11 interface and an + interface in the context of the Internet-standard MIB is + one-to-one. As such, the value of an ifIndex object + instance can be directly used to identify corresponding + instances of the objects defined herein. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11StationConfigTable 1 } + +Dot11StationConfigEntry ::= + SEQUENCE { + dot11StationID MacAddress, + dot11MediumOccupancyLimit INTEGER, + dot11CFPollable TruthValue, + dot11CFPPeriod INTEGER, + dot11CFPMaxDuration INTEGER, + dot11AuthenticationResponseTimeOut Unsigned32, + dot11PrivacyOptionImplemented TruthValue, + dot11PowerManagementMode INTEGER, + dot11DesiredSSID OCTET STRING, + dot11DesiredBSSType INTEGER, + dot11OperationalRateSet OCTET STRING, + dot11BeaconPeriod INTEGER, + dot11DTIMPeriod INTEGER, + dot11AssociationResponseTimeOut Unsigned32, + dot11DisassociateReason INTEGER, + dot11DisassociateStation MacAddress, + dot11DeauthenticateReason INTEGER, + dot11DeauthenticateStation MacAddress, + dot11AuthenticateFailStatus INTEGER, + dot11AuthenticateFailStation MacAddress, + dot11MultiDomainCapabilityImplemented TruthValue, + dot11MultiDomainCapabilityEnabled TruthValue, + dot11CountryString OCTET STRING } + +dot11StationID OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The purpose of dot11StationID is to allow a manager to + identify a station for its own purposes. This attribute + provides for that eventuality while keeping the true MAC + address independent. Its syntax is MAC address, and the + default value is the station's assigned, unique + MAC address." + ::= { dot11StationConfigEntry 1 } + +dot11MediumOccupancyLimit OBJECT-TYPE + SYNTAX INTEGER (0..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum amount of time, + in TU, that a point coordinator (PC) may control the usage + of the wireless medium (WM) without relinquishing control + for long enough to allow at least one instance of DCF access + to the medium. The default value of this attribute shall + be 100, and the maximum value shall be 1000." + ::= { dot11StationConfigEntry 2 } + +dot11CFPollable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that + the STA is able to respond to a CF-Poll with a data frame + within a SIFS time. This attribute shall be false if + the STA is not able to respond to a CF-Poll with a data + frame within a SIFS time." + ::= { dot11StationConfigEntry 3 } + +dot11CFPPeriod OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the number of DTIM intervals + between the start of CFPs. It is modified by + MLME-START.request primitive." + ::= { dot11StationConfigEntry 4 } + +dot11CFPMaxDuration OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the maximum duration of + the CFP in TU that may be generated by the PCF. It is + modified by MLME-START.request primitive." + ::= { dot11StationConfigEntry 5 } + +dot11AuthenticationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of time units (TUs) + that a responding STA should wait for the next frame in the + authentication sequence." + ::= { dot11StationConfigEntry 6 } + +dot11PrivacyOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the IEEE + 802.11 WEP option is implemented. The default value of + this attribute shall be false." + ::= { dot11StationConfigEntry 7 } + +dot11PowerManagementMode OBJECT-TYPE + SYNTAX INTEGER { active(1), powersave(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the power management + mode of the STA. When set to active, it shall + indicate that the station is not in power-save + (PS) mode. When set to powersave, it shall indicate + that the station is in power-save mode. The power + management mode is transmitted in all frames + according to the rules in 7.1.3.1.7." + ::= { dot11StationConfigEntry 8 } + +dot11DesiredSSID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute reflects the Service Set ID (SSID) + used in the DesiredSSID parameter of the most recent + MLME_Scan.request. This value may be modified + by an external management entity and used by the + local SME to make decisions about the Scanning + process." + ::= { dot11StationConfigEntry 9 } + +dot11DesiredBSSType OBJECT-TYPE + SYNTAX INTEGER { infrastructure(1), independent(2), any(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the type of BSS the + station shall use when scanning for a BSS with + which to synchronize. This value is used to filter + Probe Response frames and Beacons. When set to + infrastructure, the station shall only synchronize + with a BSS whose Capability Information field has + the ESS subfield set to 1. When set to independent, + the station shall only synchronize with a BSS whose + Capability Information field has the IBSS subfield + set to 1. When set to any, the station may + synchronize to either type of BSS." + ::= { dot11StationConfigEntry 10 } + +dot11OperationalRateSet OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..126)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the set of data + rates at which the station may transmit data. + Each octet contains a value representing a rate. + Each rate shall be within the range from 2 to 127, + corresponding to data rates in increments of + 500 kbit/s from 1 Mbit/s to 63.5 Mbit/s, and shall + be supported (as indicated in the supported rates + table) for receiving data. This value is reported in + transmitted Beacon, Probe Request, Probe Response, + Association Request, Association Response, + Reassociation Request, and Reassociation Response + frames, and is used to determine whether a BSS + with which the station desires to synchronize is + suitable. It is also used when starting a BSS, + as specified in 10.3." + ::= { dot11StationConfigEntry 11 } + +dot11BeaconPeriod OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TUs that + a station shall use for scheduling Beacon + transmissions. This value is transmitted in Beacon + and Probe Response frames." + ::= { dot11StationConfigEntry 12 } + +dot11DTIMPeriod OBJECT-TYPE + SYNTAX INTEGER(1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of beacon + intervals that shall elapse between transmission of + Beacons frames containing a TIM element whose DTIM + Count field is 0. This value is transmitted in + the DTIM Period field of Beacon frames." + ::= { dot11StationConfigEntry 13 } + +dot11AssociationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TU that a + requesting STA should wait for a response to a + transmitted association-request MMPDU." + ::= { dot11StationConfigEntry 14 } + +dot11DisassociateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Disassociation + frame. If no Disassociation frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 15 } + +dot11DisassociateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Disassociation frame. If no Disassociation + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 16 } + +dot11DeauthenticateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Deauthentication + frame. If no Deauthentication frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 17 } + +dot11DeauthenticateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Deauthentication frame. If no Deauthentication + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 18 } + +dot11AuthenticateFailStatus OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Status Code in a failed + Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.9" + ::= { dot11StationConfigEntry 19 } + +dot11AuthenticateFailStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + failed Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + ::= { dot11StationConfigEntry 20 } + +dot11MultiDomainCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of supporting + multiple regulatory domains. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 21 } + +dot11MultiDomainCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate in multiple + regulatory domains is enabled. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 22 } + +dot11CountryString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute identifies the country in which the + station is operating. The first two octets of this + string is the two character country code as described + in document ISO/IEC 3166-1. The third octet shall + be one of the following: + + 1. an ASCII space character, if the regulations under + which the station is operating encompass all + environments in the country, + + 2. an ASCII 'O' character, if the regulations under + which the station is operating are for an Outdoor + environment only, or + + 3. an ASCII 'I' character, if the regulations under + which the station is operating are for an Indoor + environment only." + ::= { dot11StationConfigEntry 23 } + +-- ********************************************************************** +-- * End of dot11StationConfig TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * AuthenticationAlgorithms TABLE +-- ********************************************************************** + +dot11AuthenticationAlgorithmsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes shall be a set of + all the authentication algorithms supported by the + stations. The following are the default values and the + associated algorithm: + Value = 1: Open System + Value = 2: Shared Key" + REFERENCE "IEEE Std 802.11-2002, 7.3.1.1" + ::= { dot11smt 2 } + +dot11AuthenticationAlgorithmsEntry OBJECT-TYPE + SYNTAX Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Authentication + Algorithms Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AuthenticationAlgorithmsIndex } + ::= { dot11AuthenticationAlgorithmsTable 1 } + +Dot11AuthenticationAlgorithmsEntry ::= + SEQUENCE { dot11AuthenticationAlgorithmsIndex Integer32, + dot11AuthenticationAlgorithm INTEGER, + dot11AuthenticationAlgorithmsEnable TruthValue } + +dot11AuthenticationAlgorithmsIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Authentication Algorithms Table." + ::= { dot11AuthenticationAlgorithmsEntry 1 } + +dot11AuthenticationAlgorithm OBJECT-TYPE + SYNTAX INTEGER { openSystem(1), sharedKey(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute shall be a set of all the authentication + algorithms supported by the STAs. The following are the + default values and the associated algorithm. + Value = 1: Open System + Value = 2: Shared Key" + ::= { dot11AuthenticationAlgorithmsEntry 2 } + +dot11AuthenticationAlgorithmsEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when true at a station, shall enable the acceptance + of the authentication algorithm described in the corresponding table + entry in authentication frames received by the station that have odd + authentication sequence numbers. The default value of this attribute + shall be 1 for the Open System table entry and 2 for all other table + entries." + ::= { dot11AuthenticationAlgorithmsEntry 3 } + +-- ********************************************************************** +-- * End of AuthenticationAlgorithms TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPDefaultKeys TABLE +-- ********************************************************************** + +dot11WEPDefaultKeysTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP default keys. This table shall + contain the four WEP default secret key values + corresponding to the four possible KeyID values. The WEP + default secret keys are logically WRITE-ONLY. Attempts to + read the entries in this table shall return unsuccessful + status and values of null or zero. The default value of + each WEP default key shall be null." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 3 } + +dot11WEPDefaultKeysEntry OBJECT-TYPE + SYNTAX Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Default Keys Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPDefaultKeyIndex} + ::= { dot11WEPDefaultKeysTable 1 } + +Dot11WEPDefaultKeysEntry ::= + SEQUENCE { dot11WEPDefaultKeyIndex INTEGER, + dot11WEPDefaultKeyValue WEPKeytype } + +dot11WEPDefaultKeyIndex OBJECT-TYPE + SYNTAX INTEGER (1..4) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Default Keys Table. + The value of this variable is equal to the WEPDefaultKeyID + 1" + ::= { dot11WEPDefaultKeysEntry 1 } + +dot11WEPDefaultKeyValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A WEP default secret key value." + ::= { dot11WEPDefaultKeysEntry 2 } + +-- ********************************************************************** +-- * End of WEPDefaultKeys TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPKeyMappings TABLE +-- ********************************************************************** + +dot11WEPKeyMappingsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP Key Mappings. The MIB supports + the ability to share a separate WEP key for each RA/TA + pair. The Key Mappings Table contains zero or one entry + for each MAC address and contains two fields for each + entry: WEPOn and the corresponding WEP key. The WEP key + mappings are logically WRITE-ONLY. Attempts to read the + entries in this table shall return unsuccessful status and + values of null or zero. The default value for all WEPOn + fields is false." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 4 } + +dot11WEPKeyMappingsEntry OBJECT-TYPE + SYNTAX Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Key Mappings Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPKeyMappingIndex } + ::= { dot11WEPKeyMappingsTable 1 } + +Dot11WEPKeyMappingsEntry ::= + SEQUENCE { dot11WEPKeyMappingIndex Integer32, + dot11WEPKeyMappingAddress MacAddress, + dot11WEPKeyMappingWEPOn TruthValue, + dot11WEPKeyMappingValue WEPKeytype, + dot11WEPKeyMappingStatus RowStatus } + +dot11WEPKeyMappingIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Key Mappings Table." + ::= { dot11WEPKeyMappingsEntry 1 } + +dot11WEPKeyMappingAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The MAC address of the STA for which the values from this + key mapping entry are to be used." + ::= { dot11WEPKeyMappingsEntry 2 } + +dot11WEPKeyMappingWEPOn OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Boolean as to whether WEP is to be used when communicating + with the dot11WEPKeyMappingAddress STA." + ::= { dot11WEPKeyMappingsEntry 3 } + +dot11WEPKeyMappingValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A WEP secret key value." + ::= { dot11WEPKeyMappingsEntry 4 } + +dot11WEPKeyMappingStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the WEP key + mapping Table." + DEFVAL { active } + ::= { dot11WEPKeyMappingsEntry 5 } + +-- ********************************************************************** +-- * End of WEPKeyMappings TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PrivacyTable TABLE +-- ********************************************************************** + +dot11PrivacyTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes concerned with IEEE 802.11 + Privacy. Created as a table to allow multiple + instantiations on an agent." + ::= { dot11smt 5 } + +dot11PrivacyEntry OBJECT-TYPE + SYNTAX Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PrivacyTable Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PrivacyTable 1 } + +Dot11PrivacyEntry ::= + SEQUENCE { dot11PrivacyInvoked TruthValue, + dot11WEPDefaultKeyID INTEGER, + dot11WEPKeyMappingLength Unsigned32, + dot11ExcludeUnencrypted TruthValue, + dot11WEPICVErrorCount Counter32, + dot11WEPExcludedCount Counter32 } + +dot11PrivacyInvoked OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that the IEEE + 802.11 WEP mechanism is used for transmitting frames of type + Data. The default value of this attribute shall be false." + ::= { dot11PrivacyEntry 1 } + +dot11WEPDefaultKeyID OBJECT-TYPE + SYNTAX INTEGER (0..3) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the use of the first, + second, third, or fourth element of the WEPDefaultKeys + array when set to values of zero, one, two, or three. The + default value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 2 } + +dot11WEPKeyMappingLength OBJECT-TYPE + SYNTAX Unsigned32 (10..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of tuples that dot11WEPKeyMappings can hold." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 3 } + +dot11ExcludeUnencrypted OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, the STA shall not indicate at + the MAC service interface received MSDUs that have the WEP + subfield of the Frame Control field equal to zero. When this + attribute is false, the STA may accept MSDUs that have the WEP + subfield of the Frame Control field equal to zero. The default + value of this attribute shall be false." + ::= { dot11PrivacyEntry 4 } + +dot11WEPICVErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to one and the value + of the ICV as received in the frame does not match the ICV value + that is calculated for the contents of the received frame." + ::= { dot11PrivacyEntry 5 } + +dot11WEPExcludedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to zero and the value + of dot11ExcludeUnencrypted causes that frame to be discarded." + ::= { dot11PrivacyEntry 6 } + +-- ********************************************************************** +-- * End of dot11Privacy TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT notification Objects +-- ********************************************************************** + +dot11SMTnotification OBJECT IDENTIFIER ::= { dot11smt 6 } + +dot11Disassociate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DisassociateReason, dot11DisassociateStation } + STATUS current + DESCRIPTION + "The disassociate notification shall be sent when the STA + sends a Disassociation frame. The value of the notification + shall include the MAC address of the MAC to which the Disassociation + frame was sent and the reason for the disassociation. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 1 } + +dot11Deauthenticate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DeauthenticateReason, dot11DeauthenticateStation } + STATUS current + DESCRIPTION + "The deauthenticate notification shall be sent when the STA + sends a Deauthentication frame. The value of the notification + shall include the MAC address of the MAC to which the Deauthentication + frame was sent and the reason for the deauthentication. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 2 } + +dot11AuthenticateFail NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11AuthenticateFailStatus, dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The authenticate failure notification shall be sent when the STA + sends an Authentication frame with a status code other than + 'successful'. The value of the notification + shall include the MAC address of the MAC to which the Authentication + frame was sent and the reason for the authentication failure. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 3 } + + +-- ********************************************************************** +-- * End of SMT notification Objects +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11MultiDomainCapability TABLE +-- ******************************************************************** + +dot11MultiDomainCapabilityTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes for + cross-domain mobility." + ::= { dot11smt 7 } + +dot11MultiDomainCapabilityEntry OBJECT-TYPE + SYNTAX Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Multiple Domain + Capability Table. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are + indexed by ifIndex." + INDEX { ifIndex, + dot11MultiDomainCapabilityIndex } + ::= { dot11MultiDomainCapabilityTable 1 } + +Dot11MultiDomainCapabilityEntry ::= + SEQUENCE { dot11MultiDomainCapabilityIndex Integer32, + dot11FirstChannelNumber Integer32, + dot11NumberofChannels Integer32, + dot11MaximumTransmitPowerLevel Integer32 } + +dot11MultiDomainCapabilityIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Multi Domain Capability Table." + ::= { dot11MultiDomainCapabilityEntry 1 } + +dot11FirstChannelNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the lowest + channel number in the subband for the associated domain + country string. The default value of this attribute + shall be zero." + ::= { dot11MultiDomainCapabilityEntry 2 } + +dot11NumberofChannels OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the total + number of channels allowed in the subband for the + associated domain country string. The default value of + this attribute shall be zero." + ::= { dot11MultiDomainCapabilityEntry 3 } + +dot11MaximumTransmitPowerLevel OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum transmit power, + in dBm, allowed in the subband for the associated domain + country string. The default value of this attribute shall + be zero." + ::= { dot11MultiDomainCapabilityEntry 4 } + +-- ******************************************************************** +-- * End of dot11MultiDomainCapability TABLE +-- ******************************************************************** + + +-- ********************************************************************** +-- * MAC Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11OperationTable TABLE +-- ********************************************************************** + +dot11OperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group contains MAC attributes pertaining to the operation + of the MAC. This has been implemented as a table in order + to allow for multiple instantiations on an agent." + ::= { dot11mac 1 } + +dot11OperationEntry OBJECT-TYPE + SYNTAX Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11OperationEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11OperationTable 1 } + +Dot11OperationEntry ::= + SEQUENCE { dot11MACAddress MacAddress, + dot11RTSThreshold INTEGER, + dot11ShortRetryLimit INTEGER, + dot11LongRetryLimit INTEGER, + dot11FragmentationThreshold INTEGER, + dot11MaxTransmitMSDULifetime Unsigned32, + dot11MaxReceiveLifetime Unsigned32, + dot11ManufacturerID DisplayString, + dot11ProductID DisplayString } + +dot11MACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Unique MAC Address assigned to the STA." + ::= { dot11OperationEntry 1 } + +dot11RTSThreshold OBJECT-TYPE + SYNTAX INTEGER (0..2347) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the number of octets in an MPDU, + below which an RTS/CTS handshake shall not be performed. An + RTS/CTS handshake shall be performed at the beginning of any + frame exchange sequence where the MPDU is of type Data or + Management, the MPDU has an individual address in the Address1 + field, and the length of the MPDU is greater than + this threshold. (For additional details, refer to Table 21 in + 9.7.) Setting this attribute to be larger than the maximum + MSDU size shall have the effect of turning off the RTS/CTS + handshake for frames of Data or Management type transmitted by + this STA. Setting this attribute to zero shall have the effect + of turning on the RTS/CTS handshake for all frames of Data or + Management type transmitted by this STA. The default value of + this attribute shall be 2347." + ::= { dot11OperationEntry 2 } + +dot11ShortRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is less + than or equal to dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 7." + ::= { dot11OperationEntry 3 } + +dot11LongRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is + greater than dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 4." + ::= { dot11OperationEntry 4 } + +dot11FragmentationThreshold OBJECT-TYPE + SYNTAX INTEGER (256..2346) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the current maximum size, in + octets, of the MPDU that may be delivered to the PHY. An MSDU + shall be broken into fragments if its size exceeds the value + of this attribute after adding MAC headers and trailers. An MSDU + or MMPDU shall be fragmented when the resulting frame has an + individual address in the Address1 field, and the length of the + frame is larger than this threshold. The default value for this + attribute shall be the lesser of 2346 or the aMPDUMaxLength of + the attached PHY and shall never exceed the lesser of 2346 or + the aMPDUMaxLength of the attached PHY. The value of this + attribute shall never be less than 256. " + ::= { dot11OperationEntry 5 } + +dot11MaxTransmitMSDULifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxTransmitMSDULifetime shall be the elapsed time in TU, + after the initial transmission of an MSDU, after which further + attempts to transmit the MSDU shall be terminated. The default + value of this attribute shall be 512." + ::= { dot11OperationEntry 6 } + +dot11MaxReceiveLifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxReceiveLifetime shall be the elapsed time in TU, + after the initial reception of a fragmented MMPDU or MSDU, + after which further attempts to reassemble the MMPDU or + MSDU shall be terminated. The default value shall be + 512." + ::= { dot11OperationEntry 7 } + +dot11ManufacturerID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ManufacturerID shall include, at a minimum, the name + of the manufacturer. It may include additional + information at the manufacturer's discretion. The default + value of this attribute shall be null." + ::= { dot11OperationEntry 8 } + +dot11ProductID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ProductID shall include, at a minimum, an identifier + that is unique to the manufacturer. It may include + additional information at the manufacturer's discretion. + The default value of this attribute shall be null." + ::= { dot11OperationEntry 9 } + +-- ********************************************************************** +-- * End of dot11OperationEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11Counters TABLE +-- ********************************************************************** + +dot11CountersTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes that are MAC counters. + Implemented as a table to allow for multiple + instantiations on an agent." + ::= { dot11mac 2 } + +dot11CountersEntry OBJECT-TYPE + SYNTAX Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11CountersEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11CountersTable 1 } + +Dot11CountersEntry ::= + SEQUENCE { dot11TransmittedFragmentCount Counter32, + dot11MulticastTransmittedFrameCount Counter32, + dot11FailedCount Counter32, + dot11RetryCount Counter32, + dot11MultipleRetryCount Counter32, + dot11FrameDuplicateCount Counter32, + dot11RTSSuccessCount Counter32, + dot11RTSFailureCount Counter32, + dot11ACKFailureCount Counter32, + dot11ReceivedFragmentCount Counter32, + dot11MulticastReceivedFrameCount Counter32, + dot11FCSErrorCount Counter32, + dot11TransmittedFrameCount Counter32, + dot11WEPUndecryptableCount Counter32 } + +dot11TransmittedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for an acknowledged MPDU + with an individual address in the address 1 field or an MPDU + with a multicast address in the address 1 field of type Data + or Management." + ::= { dot11CountersEntry 1 } + +dot11MulticastTransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment only when the multicast bit + is set in the destination MAC address of a successfully + transmitted MSDU. When operating as a STA in an ESS, where + these frames are directed to the AP, this implies having + received an acknowledgment to all associated MPDUs." + ::= { dot11CountersEntry 2 } + +dot11FailedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is not transmitted + successfully due to the number of transmit attempts exceeding + either the dot11ShortRetryLimit or dot11LongRetryLimit." + ::= { dot11CountersEntry 3 } + +dot11RetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after one or more retransmissions." + ::= { dot11CountersEntry 4 } + +dot11MultipleRetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after more than one retransmission." + ::= { dot11CountersEntry 5 } + +dot11FrameDuplicateCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received + that the Sequence Control field indicates is a + duplicate." + ::= { dot11CountersEntry 6 } + +dot11RTSSuccessCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is received in + response to an RTS." + ::= { dot11CountersEntry 7 } + +dot11RTSFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is not received in + response to an RTS." + ::= { dot11CountersEntry 8 } + +dot11ACKFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an ACK is not received + when expected." + ::= { dot11CountersEntry 9 } + +dot11ReceivedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for each successfully + received MPDU of type Data or Management." + ::= { dot11CountersEntry 10 } + +dot11MulticastReceivedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a MSDU is received + with the multicast bit set in the destination + MAC address." + ::= { dot11CountersEntry 11 } + +dot11FCSErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an FCS error is + detected in a received MPDU." + ::= { dot11CountersEntry 12 } + +dot11TransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment for each successfully transmitted MSDU." + ::= { dot11CountersEntry 13 } + +dot11WEPUndecryptableCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with + the WEP subfield of the Frame Control field set to one and the + WEPOn value for the key mapped to the TA's MAC address + indicates that the frame should not have been encrypted or + that frame is discarded due to the receiving STA not + implementing the privacy option." + ::= { dot11CountersEntry 14 } + +-- ********************************************************************** +-- * End of dot11CountersEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * GroupAddresses TABLE +-- ********************************************************************** + +dot11GroupAddressesTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual table containing a set of MAC addresses + identifying the multicast addresses for which this STA + will receive frames. The default value of this attribute + shall be null." + ::= { dot11mac 3 } + +dot11GroupAddressesEntry OBJECT-TYPE + SYNTAX Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Group Addresses Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11GroupAddressesIndex} + ::= { dot11GroupAddressesTable 1 } + +Dot11GroupAddressesEntry ::= + SEQUENCE { dot11GroupAddressesIndex Integer32, + dot11Address MacAddress, + dot11GroupAddressesStatus RowStatus } + +dot11GroupAddressesIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Group Addresses Table." + ::= { dot11GroupAddressesEntry 1 } + +dot11Address OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "MAC address identifying a multicast addresses + from which this STA will receive frames." + ::= { dot11GroupAddressesEntry 2 } + +dot11GroupAddressesStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the Group + Addresses Table." + DEFVAL { active } + ::= { dot11GroupAddressesEntry 3 } + +-- ********************************************************************** +-- * End of GroupAddress TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * Resource Type Attribute Templates +-- ********************************************************************** + +dot11ResourceTypeIDName OBJECT-TYPE + SYNTAX DisplayString (SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the name of the Resource Type ID managed object. + The attribute is read-only and always contains the value + RTID. This attribute value shall not be used as a naming + attribute for any other managed object class." + REFERENCE "IEEE Std 802.1F-1993, A.7" + DEFVAL { "RTID" } + ::= { dot11resAttribute 1 } + +-- ********************************************************************** +-- * dot11ResourceInfo TABLE +-- ********************************************************************** + +dot11ResourceInfoTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provides a means of indicating, in data readable from a + managed object, information that identifies the source of + the implementation." + REFERENCE "IEEE Std 802.1F-1993, A.7" + ::= { dot11resAttribute 2 } + +dot11ResourceInfoEntry OBJECT-TYPE + SYNTAX Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11ResourceInfo Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11ResourceInfoTable 1 } + +Dot11ResourceInfoEntry ::= + SEQUENCE { dot11manufacturerOUI OCTET STRING, + dot11manufacturerName DisplayString, + dot11manufacturerProductName DisplayString, + dot11manufacturerProductVersion DisplayString } + +dot11manufacturerOUI OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Takes the value of an organizationally unique identifier." + ::= { dot11ResourceInfoEntry 1 } + +dot11manufacturerName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer of the + resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 2 } + +dot11manufacturerProductName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer's product + name of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 3 } + +dot11manufacturerProductVersion OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Printable string used to identify the manufacturer's product + version of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 4 } + +-- ********************************************************************** +-- * End of dot11ResourceInfo TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * PHY Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyOperation TABLE +-- ********************************************************************** + +dot11PhyOperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "PHY level attributes concerned with + operation. Implemented as a table indexed on + + ifIndex to allow for multiple instantiations on an + Agent." + ::= { dot11phy 1 } + +dot11PhyOperationEntry OBJECT-TYPE + SYNTAX Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOperation Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOperationTable 1 } + +Dot11PhyOperationEntry ::= + SEQUENCE { dot11PHYType INTEGER, + dot11CurrentRegDomain Integer32, + dot11TempType INTEGER } + +dot11PHYType OBJECT-TYPE + SYNTAX INTEGER { fhss(1), dsss(2), irbaseband(3), ofdm(4), + hrdsss(5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an 8-bit integer value that identifies the PHY type + supported by the attached PLCP and PMD. Currently defined + values and their corresponding PHY types are: + + FHSS 2.4 GHz = 01 , DSSS 2.4 GHz = 02, IR Baseband = 03, + OFDM 5GHz = 04, HRDSSS = 05" + ::= { dot11PhyOperationEntry 1 } + +dot11CurrentRegDomain OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current regulatory domain this instance of the PMD is + supporting. This object corresponds to one of the + RegDomains listed in dot11RegDomainsSupported." + ::= { dot11PhyOperationEntry 2 } + +dot11TempType OBJECT-TYPE + SYNTAX INTEGER { tempType1(1), tempType2(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operating temperature requirements + dependent on the anticipated environmental conditions. This + attribute describes the current PHY's operating temperature + range capability. Currently defined values and their + corresponding temperature ranges are: + + Type 1 = X'01'-Commercial range of 0 to 40 degrees C, + + Type 2 = X'02'-Industrial range of -30 to 70 degrees C." + ::= { dot11PhyOperationEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOperation TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyAntenna TABLE +-- ********************************************************************** + +dot11PhyAntennaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for PhyAntenna. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an agent." + ::= { dot11phy 2} + +dot11PhyAntennaEntry OBJECT-TYPE + SYNTAX Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyAntenna Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyAntennaTable 1 } + +Dot11PhyAntennaEntry ::= + SEQUENCE { dot11CurrentTxAntenna Integer32, + dot11DiversitySupport INTEGER, + dot11CurrentRxAntenna Integer32 } + +dot11CurrentTxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to transmit. This value + is one of the values appearing in dot11SupportedTxAntenna. This + may be used by a management agent to control which antenna is + used for transmission. " + ::= { dot11PhyAntennaEntry 1 } + +dot11DiversitySupport OBJECT-TYPE + SYNTAX INTEGER { fixedlist(1), notsupported(2), dynamic(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This implementation's support for diversity, encoded as: + + X'01'-diversity is available and is performed over the fixed + list of antennas defined in dot11DiversitySelectionRx. + + X'02'-diversity is not supported. + + X'03'-diversity is supported and control of diversity is also + available, in which case the attribute + dot11DiversitySelectionRx can be dynamically modified by the + LME." + ::= { dot11PhyAntennaEntry 2 } + +dot11CurrentRxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to receive, if the dot11 + DiversitySupport indicates that diversity is not supported. + The selected antenna shall be one of the antennae marked + for receive in the dot11AntennasListTable." + ::= { dot11PhyAntennaEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyAntenna TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyTxPower TABLE +-- ********************************************************************** + +dot11PhyTxPowerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyTxPowerTable. Implemented + as a table indexed on STA ID to allow for multiple + instances on an Agent." + ::= { dot11phy 3} + +dot11PhyTxPowerEntry OBJECT-TYPE + SYNTAX Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyTxPower Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyTxPowerTable 1 } + +Dot11PhyTxPowerEntry ::= + SEQUENCE { dot11NumberSupportedPowerLevels INTEGER, + dot11TxPowerLevel1 INTEGER, + dot11TxPowerLevel2 INTEGER, + dot11TxPowerLevel3 INTEGER, + dot11TxPowerLevel4 INTEGER, + dot11TxPowerLevel5 INTEGER, + dot11TxPowerLevel6 INTEGER, + dot11TxPowerLevel7 INTEGER, + dot11TxPowerLevel8 INTEGER, + dot11CurrentTxPowerLevel INTEGER } + +dot11NumberSupportedPowerLevels OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of power levels supported by the PMD. + This attribute can have a value of 1 to 8." + ::= { dot11PhyTxPowerEntry 1 } + +dot11TxPowerLevel1 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL1 in mW. + This is also the default power level." + ::= { dot11PhyTxPowerEntry 2 } + +dot11TxPowerLevel2 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL2 in mW." + ::= { dot11PhyTxPowerEntry 3 } + +dot11TxPowerLevel3 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL3 in mW." + ::= { dot11PhyTxPowerEntry 4 } + +dot11TxPowerLevel4 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL4 in mW." + ::= { dot11PhyTxPowerEntry 5 } + +dot11TxPowerLevel5 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL5 in mW." + ::= { dot11PhyTxPowerEntry 6 } + +dot11TxPowerLevel6 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL6 in mW." + ::= { dot11PhyTxPowerEntry 7 } + +dot11TxPowerLevel7 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL7 in mW." + ::= { dot11PhyTxPowerEntry 8 } + +dot11TxPowerLevel8 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL8 in mW." + ::= { dot11PhyTxPowerEntry 9 } + +dot11CurrentTxPowerLevel OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The TxPowerLevel N currently being used to transmit data. + Some PHYs also use this value to determine the receiver + sensitivity requirements for CCA." + ::= { dot11PhyTxPowerEntry 10 } + +-- ********************************************************************** +-- * End of dot11PhyTxPower TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyFHSS TABLE +-- ********************************************************************** + +dot11PhyFHSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyFHSSTable. Implemented as a + table indexed on STA ID to allow for multiple instances on + an Agent." + ::= { dot11phy 4 } + +dot11PhyFHSSEntry OBJECT-TYPE + SYNTAX Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyFHSS Table. + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyFHSSTable 1 } + +Dot11PhyFHSSEntry ::= + SEQUENCE { dot11HopTime INTEGER, + dot11CurrentChannelNumber INTEGER, + dot11MaxDwellTime INTEGER, + dot11CurrentDwellTime INTEGER, + dot11CurrentSet INTEGER, + dot11CurrentPattern INTEGER, + dot11CurrentIndex INTEGER, + dot11EHCCPrimeRadix Integer32, + dot11EHCCNumberofChannelsFamilyIndex Integer32, + dot11EHCCCapabilityImplemented TruthValue, + dot11EHCCCapabilityEnabled TruthValue, + dot11HopAlgorithmAdopted INTEGER, + dot11RandomTableFlag TruthValue, + dot11NumberofHoppingSets Integer32, + dot11HopModulus Integer32, + dot11HopOffset Integer32 } + +dot11HopTime OBJECT-TYPE + SYNTAX INTEGER (224) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time in microseconds for the PMD to change from + channel 2 to channel 80." + ::= { dot11PhyFHSSEntry 1 } + +dot11CurrentChannelNumber OBJECT-TYPE + SYNTAX INTEGER (0..200) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current channel number of the frequency output by the RF + synthesizer." + ::= { dot11PhyFHSSEntry 2 } + +dot11MaxDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum time in TU that the transmitter + is permitted to operate on a single channel." + ::= { dot11PhyFHSSEntry 3 } + +dot11CurrentDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current time in TU that the transmitter shall operate + on a single channel, as set by the MAC. Default is 19 TU." + ::= { dot11PhyFHSSEntry 4 } + +dot11CurrentSet OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current set of patterns the PLME + is using to determine the hopping sequence. " + ::= { dot11PhyFHSSEntry 5 } + +dot11CurrentPattern OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current pattern the PLME is + using to determine the hop sequence." + ::= { dot11PhyFHSSEntry 6 } + +dot11CurrentIndex OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current index value the PLME is using to determine + the CurrentChannelNumber." + ::= { dot11PhyFHSSEntry 7 } + +dot11EHCCPrimeRadix OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the prime radix (N) in the HCC and + EHCC algorithms." + ::= { dot11PhyFHSSEntry 8 } + +dot11EHCCNumberofChannelsFamilyIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the maximum for the family index (a) + in the HCC and EHCC algorithms. The value of + this field shall not be less than the prime + radix minus 3 (N - 3). The valid range of + allowed values is (N - 1), (N - 2), and (N - 3)." + ::= { dot11PhyFHSSEntry 9 } + +dot11EHCCCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of generating + the HCC or EHCC algorithms for determining Hopping + patterns. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 10 } + +dot11EHCCCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate using the HCC + or EHCC algorithms for determining Hopping Patterns + is enabled. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 11 } + +dot11HopAlgorithmAdopted OBJECT-TYPE + SYNTAX INTEGER { crnt(1), hopindex(2), hcc(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates which of the algorithms + will be used to generate the Hopping Patterns. + Valid values are: + + 1 - hopping patterns as defined in clause 14 + 2 - hop index method (with or without table) + 3 - HCC/EHCC method" + ::= { dot11PhyFHSSEntry 12 } + +dot11RandomTableFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates that a Random Table is + present when the value is True. When the value is + False it indicates that a Random Table is not + present and that the hop index method is to be + used to determine the hopping sequence. The default + value of this attribute is True." + ::= { dot11PhyFHSSEntry 13 } + +dot11NumberofHoppingSets OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Number of Sets field indicates the total + number of sets within the hopping patterns." + ::= { dot11PhyFHSSEntry 14 } + +dot11HopModulus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of allowed channels for the hopping + set. This is defined by the governing regulatory + agency for the country code of the country + in which this device is operating." + ::= { dot11PhyFHSSEntry 15 } + +dot11HopOffset OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The next position in the hopping set." + ::= { dot11PhyFHSSEntry 16 } + +-- ********************************************************************** +-- * End of dot11PhyFHSS TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyDSSSEntry. Implemented as a + table indexed on ifIndex allow for multiple instances on + an Agent." + ::= { dot11phy 5 } + +dot11PhyDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyDSSSTable 1 } + +Dot11PhyDSSSEntry ::= + SEQUENCE { dot11CurrentChannel INTEGER, + dot11CCAModeSupported INTEGER, + dot11CurrentCCAMode INTEGER, + dot11EDThreshold Integer32 } + +dot11CurrentChannel OBJECT-TYPE + SYNTAX INTEGER (1..14) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current operating frequency channel of the DSSS + PHY. Valid channel numbers are as defined in 15.4.6.2" + ::= { dot11PhyDSSSEntry 1 } + +dot11CCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11CCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04 + or the logical sum of any of these values. This + attribute shall not be used to indicate the CCA modes + supported by a higher rate extension PHY. Rather, the + dot11HRCCAModeSupported attribute shall be used to + indicate the CCA modes of the higher rate extension PHY." + ::= { dot11PhyDSSSEntry 2 } + +dot11CurrentCCAMode OBJECT-TYPE + SYNTAX INTEGER { edonly(1), csonly(2), edandcs(4), cswithtimer(8), + hrcsanded(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current CCA method in operation. Valid values are: + energy detect only (edonly) = 01, + carrier sense only (csonly) = 02, + carrier sense and energy detect (edandcs)= 04 + carrier sense with timer (cswithtimer)= 08 + high rate carrier sense and energy detect (hrcsanded)=16." + ::= { dot11PhyDSSSEntry 3 } + +dot11EDThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current Energy Detect Threshold being used by the DSSS PHY." + ::= { dot11PhyDSSSEntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyIR TABLE +-- ********************************************************************** + +dot11PhyIRTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyIRTable. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an Agent." + ::= { dot11phy 6 } + +dot11PhyIREntry OBJECT-TYPE + SYNTAX Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyIR Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyIRTable 1 } + +Dot11PhyIREntry ::= + SEQUENCE { dot11CCAWatchdogTimerMax Integer32, + dot11CCAWatchdogCountMax Integer32, + dot11CCAWatchdogTimerMin Integer32, + dot11CCAWatchdogCountMin Integer32 } + +dot11CCAWatchdogTimerMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogCountMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 1 } + +dot11CCAWatchdogCountMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogTimerMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 2 } + +dot11CCAWatchdogTimerMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogTimerMax can be + set." + ::= { dot11PhyIREntry 3 } + +dot11CCAWatchdogCountMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogCount can be set." + ::= { dot11PhyIREntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyIR TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11RegDomainsSupported TABLE +-- ********************************************************************** + +dot11RegDomainsSupportedTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40', Others = X'00' " + ::= { dot11phy 7} + +dot11RegDomainsSupportedEntry OBJECT-TYPE + SYNTAX Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11RegDomainsSupportedTable. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11RegDomainsSupportedIndex } + ::= { dot11RegDomainsSupportedTable 1 } + +Dot11RegDomainsSupportedEntry ::= + SEQUENCE { dot11RegDomainsSupportedIndex Integer32, + dot11RegDomainsSupportedValue INTEGER } + +dot11RegDomainsSupportedIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the RegDomainsSupport Table." + ::= { dot11RegDomainsSupportedEntry 1 } + +dot11RegDomainsSupportedValue OBJECT-TYPE + SYNTAX INTEGER { fcc(16), doc(32), etsi(48), spain (49), france(50), + mkk (64) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40' " + ::= { dot11RegDomainsSupportedEntry 2 } + +-- ********************************************************************** +-- * End of dot11RegDomainsSupported TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11AntennasList TABLE +-- ********************************************************************** + +dot11AntennasListTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table represents the list of antennae. An antenna can be + marked to be capable of transmitting, receiving, and/or for + participation in receive diversity. Each entry in this table + represents a single antenna with its properties. The maximum + number of antennae that can be contained in this table is 255." + ::= { dot11phy 8 } + +dot11AntennasListEntry OBJECT-TYPE + SYNTAX Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11AntennasListTable, representing the properties + of a single antenna. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AntennaListIndex } + ::= { dot11AntennasListTable 1 } + +Dot11AntennasListEntry ::= + SEQUENCE { dot11AntennaListIndex Integer32, + dot11SupportedTxAntenna TruthValue, + dot11SupportedRxAntenna TruthValue, + dot11DiversitySelectionRx TruthValue } + +dot11AntennaListIndex OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index of an antenna which is used to identify the columnar + objects in the dot11AntennasList Table." + ::= { dot11AntennasListEntry 1 } + +dot11SupportedTxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used as a transmit antenna." + ::= { dot11AntennasListEntry 2 } + +dot11SupportedRxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by the + dot11AntennaIndex xan be used as a receive antenna." + ::= { dot11AntennasListEntry 3 } + +dot11DiversitySelectionRx OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used for receive diversity. This object + may only be true if the antenna can be used as a receive antenna, + as indicated by dot11SupportedRxAntenna." + ::= { dot11AntennasListEntry 4 } + +-- ********************************************************************** +-- * End of dot11AntennasList TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesTx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesTxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11phy 9 } + +dot11SupportedDataRatesTxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesTx + Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesTxIndex } + ::= { dot11SupportedDataRatesTxTable 1 } + +Dot11SupportedDataRatesTxEntry ::= + SEQUENCE { dot11SupportedDataRatesTxIndex Integer32, + dot11SupportedDataRatesTxValue Integer32 } + +dot11SupportedDataRatesTxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesTxEntry 1 } + +dot11SupportedDataRatesTxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11SupportedDataRatesTxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesTx TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesRx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesRxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'002-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11phy 10 } + +dot11SupportedDataRatesRxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesRx Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesRxIndex } + ::= { dot11SupportedDataRatesRxTable 1 } + +Dot11SupportedDataRatesRxEntry ::= + SEQUENCE { dot11SupportedDataRatesRxIndex Integer32, + dot11SupportedDataRatesRxValue Integer32 } + +dot11SupportedDataRatesRxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesRxEntry 1 } + +dot11SupportedDataRatesRxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11SupportedDataRatesRxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesRx TABLE +-- ********************************************************************** + +--********************************************************************** +-- * dot11PhyOFDM TABLE +--********************************************************************** + +dot11PhyOFDMTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyOFDMTable. Implemented as a + table indexed on ifindex to allow for multiple instances on + an Agent." + ::= { dot11phy 11 } + +dot11PhyOFDMEntry OBJECT-TYPE + SYNTAX Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOFDM Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOFDMTable 1 } + +Dot11PhyOFDMEntry ::= + SEQUENCE { dot11CurrentFrequency INTEGER, + dot11TIThreshold Integer32, + dot11FrequencyBandsSupported INTEGER } + +dot11CurrentFrequency OBJECT-TYPE + SYNTAX INTEGER (0..99) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of the current operating frequency channel of the OFDM PHY." + ::= { dot11PhyOFDMEntry 1 } + +dot11TIThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Threshold being used to detect a busy medium (frequency). + CCA shall report a busy medium upon detecting the RSSI above + this threshold." + ::= { dot11PhyOFDMEntry 2 } + +dot11FrequencyBandsSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The capability of the OFDM PHY implementation to operate in + the three U-NII bands. Coded as an integer value of a three + bit field as follows: + bit 0 .. capable of operating in the lower (5.15-5.25 GHz) + U-NII band + bit 1 .. capable of operating in the middle (5.25-5.35 GHz) + U-NII band + bit 2 .. capable of operating in the upper (5.725-5.825 GHz) + U-NII band + For example, for an implementation capable of operating in the + lower and mid bands this attribute would take the value 3." + ::= { dot11PhyOFDMEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOFDM TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyHRDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyHRDSSSEntry. + Implemented as a table indexed on ifIndex to allow for + multiple instances on an Agent." + ::= { dot11phy 12 } + +dot11PhyHRDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyHRDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyHRDSSSTable 1 } + +Dot11PhyHRDSSSEntry ::= + SEQUENCE { dot11ShortPreambleOptionImplemented TruthValue, + dot11PBCCOptionImplemented TruthValue, + dot11ChannelAgilityPresent TruthValue, + dot11ChannelAgilityEnabled TruthValue, + dot11HRCCAModeSupported INTEGER } + +dot11ShortPreambleOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the + short preamble option as defined in subclause 18.2.2.2 + is implemented. The default value of this attribute + shall be false." + ::= {dot11PhyHRDSSSEntry 1 } + +dot11PBCCOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the PBCC + modulation option as defined in subclause 18.4.6.6 is + implemented. The default value of this attribute shall + be false." + ::= {dot11PhyHRDSSSEntry 2 } + +dot11ChannelAgilityPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY is capable of + channel agility." + ::= { dot11PhyHRDSSSEntry 3 } + +dot11ChannelAgilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY channel agility + functionality is enabled." + ::= { dot11PhyHRDSSSEntry 4 } + +dot11HRCCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11HRCCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04, + carrier sense with timer (CS_and_Timer)= 08, + high rate carrier sense and energy detect + (HRCS_and_ED)= 16 + or the logical sum of any of these values. In + the high rate extension PHY, this attribute shall + be used in preference to the dot11CCAModeSupported + attribute." + ::= { dot11PhyHRDSSSEntry 5 } + +-- ********************************************************************** +-- * End of dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11 Hopping Pattern TABLE +-- ******************************************************************** + +dot11HoppingPatternTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of attributes necessary for + a frequency hopping implementation to be able to + create the hopping sequences necessary to operate + in the subband for the associated domain country string." + ::= { dot11phy 13 } + +dot11HoppingPatternEntry OBJECT-TYPE + SYNTAX Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Hopping Pattern Table + that indicates the random hopping sequence to be followed. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are indexed + by ifIndex." + INDEX { ifIndex, + dot11HoppingPatternIndex } + ::= { dot11HoppingPatternTable 1 } + +Dot11HoppingPatternEntry ::= + SEQUENCE { + dot11HoppingPatternIndex Integer32, + dot11RandomTableFieldNumber Integer32 } + +dot11HoppingPatternIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Hopping Pattern Table." + ::= { dot11HoppingPatternEntry 1} + +dot11RandomTableFieldNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the + starting channel number in the hopping sequence of + the subband for the associated domain country string. + The default value of this attribute shall be zero." + ::= { dot11HoppingPatternEntry 2} + +-- ********************************************************************** +-- * End of dot11 Hopping Pattern TABLE +--********************************************************************** + +-- ********************************************************************** +-- * Conformance Information +-- ********************************************************************** + +dot11Conformance OBJECT IDENTIFIER ::= { ieee802dot11 5 } +dot11Groups OBJECT IDENTIFIER ::= { dot11Conformance 1 } +dot11Compliances OBJECT IDENTIFIER ::= { dot11Conformance 2 } + +-- ********************************************************************** +-- * Compliance Statements +-- ********************************************************************** + +dot11Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities + that implement the IEEE 802.11 MIB." + MODULE -- this module + MANDATORY-GROUPS { + dot11SMTbase2, + dot11MACbase, dot11CountersGroup, + dot11SmtAuthenticationAlgorithms, + dot11ResourceTypeID, dot11PhyOperationComplianceGroup } + + GROUP dot11PhyDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of dsss. This group is + mutually exclusive with the groups dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyIRComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of irbaseband. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyFHSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of fhss. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyOFDMComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of ofdm. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyFHSSComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyHRDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of hrdsss. This group is + mutually exclusive with the groups + dot11PhyDSSSComplianceGroup, dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup and dot11PhyOFDMComplianceGroup." + + -- OPTIONAL-GROUPS { dot11SMTprivacy, dot11MACStatistics, + -- dot11PhyAntennaComplianceGroup, dot11PhyTxPowerComplianceGroup, + -- dot11PhyRegDomainsSupportGroup, + -- dot11PhyAntennasListGroup, dot11PhyRateGroup } + + ::= { dot11Compliances 1 } + +-- ********************************************************************** +-- * Groups - units of conformance +-- ********************************************************************** + +dot11SMTbase OBJECT-GROUP + OBJECTS { dot11StationID, dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut } + STATUS deprecated + DESCRIPTION + "The SMT object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 1 } + +dot11SMTprivacy OBJECT-GROUP + OBJECTS { dot11PrivacyInvoked, + dot11WEPKeyMappingLength, dot11ExcludeUnencrypted, + dot11WEPICVErrorCount , dot11WEPExcludedCount , + dot11WEPDefaultKeyID, + dot11WEPDefaultKeyValue, + dot11WEPKeyMappingWEPOn, + dot11WEPKeyMappingValue , dot11WEPKeyMappingAddress, + dot11WEPKeyMappingStatus } + STATUS current + DESCRIPTION + "The SMTPrivacy package is a set of attributes that shall be + present if WEP is implemented in the STA." + ::= { dot11Groups 2 } + +dot11MACbase OBJECT-GROUP + OBJECTS { dot11MACAddress, dot11Address, + dot11GroupAddressesStatus, + dot11RTSThreshold, dot11ShortRetryLimit, + dot11LongRetryLimit, dot11FragmentationThreshold, + dot11MaxTransmitMSDULifetime, + dot11MaxReceiveLifetime, dot11ManufacturerID, + dot11ProductID } + STATUS current + DESCRIPTION + "The MAC object class provides the necessary support for the + access control, generation, and verification of frame check + sequences (FCSs), and proper delivery of valid data to upper + layers." + ::= { dot11Groups 3 } + +dot11MACStatistics OBJECT-GROUP + OBJECTS { dot11RetryCount, dot11MultipleRetryCount, + dot11RTSSuccessCount, dot11RTSFailureCount, + dot11ACKFailureCount, dot11FrameDuplicateCount } + STATUS current + DESCRIPTION + "The MACStatistics package provides extended statistical + information on the operation of the MAC. This + package is completely optional." + ::= { dot11Groups 4 } + +dot11ResourceTypeID OBJECT-GROUP + OBJECTS { dot11ResourceTypeIDName, dot11manufacturerOUI, + dot11manufacturerName, dot11manufacturerProductName, + dot11manufacturerProductVersion } + STATUS current + DESCRIPTION + "Attributes used to identify a STA, its manufacturer, + and various product names and versions." + ::= { dot11Groups 5 } + +dot11SmtAuthenticationAlgorithms OBJECT-GROUP + OBJECTS { dot11AuthenticationAlgorithm, + dot11AuthenticationAlgorithmsEnable } + STATUS current + DESCRIPTION + "Authentication Algorithm Table." + ::= { dot11Groups 6 } + +dot11PhyOperationComplianceGroup OBJECT-GROUP + OBJECTS { dot11PHYType, dot11CurrentRegDomain, dot11TempType } + STATUS current + DESCRIPTION + "PHY layer operations attributes." + ::= { dot11Groups 7 } + +dot11PhyAntennaComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentTxAntenna, dot11DiversitySupport, + dot11CurrentRxAntenna } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 8 } + +dot11PhyTxPowerComplianceGroup OBJECT-GROUP + OBJECTS { dot11NumberSupportedPowerLevels, dot11TxPowerLevel1, + dot11TxPowerLevel2, dot11TxPowerLevel3, dot11TxPowerLevel4, + dot11TxPowerLevel5, dot11TxPowerLevel6, dot11TxPowerLevel7, + dot11TxPowerLevel8, dot11CurrentTxPowerLevel } + STATUS current + DESCRIPTION + "Attributes for Control and Management of transmit power." + ::= { dot11Groups 9 } + +dot11PhyFHSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex} + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11." + ::= { dot11Groups 10 } + +dot11PhyDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold} + STATUS current + DESCRIPTION + "Attributes that configure the DSSS for IEEE 802.11." + ::= { dot11Groups 11 } + +dot11PhyIRComplianceGroup OBJECT-GROUP + OBJECTS { dot11CCAWatchdogTimerMax, dot11CCAWatchdogCountMax, + dot11CCAWatchdogTimerMin, dot11CCAWatchdogCountMin} + STATUS current + DESCRIPTION + "Attributes that configure the baseband IR for IEEE 802.11." + ::= { dot11Groups 12 } + +dot11PhyRegDomainsSupportGroup OBJECT-GROUP + OBJECTS { dot11RegDomainsSupportedValue} + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 13} + +dot11PhyAntennasListGroup OBJECT-GROUP + OBJECTS { dot11SupportedTxAntenna, + dot11SupportedRxAntenna, dot11DiversitySelectionRx } + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 14 } + +dot11PhyRateGroup OBJECT-GROUP + OBJECTS { dot11SupportedDataRatesTxValue, + dot11SupportedDataRatesRxValue } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 15 } + +dot11CountersGroup OBJECT-GROUP + OBJECTS { dot11TransmittedFragmentCount, + dot11MulticastTransmittedFrameCount, + dot11FailedCount, dot11ReceivedFragmentCount, + dot11MulticastReceivedFrameCount, + dot11FCSErrorCount, + dot11WEPUndecryptableCount, + dot11TransmittedFrameCount } + STATUS current + DESCRIPTION + "Attributes from the dot11CountersGroup that are not described + in the dot11MACStatistics group. These objects are + mandatory." + ::= { dot11Groups 16 } + +dot11NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { dot11Disassociate, + dot11Deauthenticate, + dot11AuthenticateFail } + STATUS current + DESCRIPTION + "IEEE 802.11 notifications" + ::= { dot11Groups 17 } + +dot11SMTbase2 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The SMTbase2 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 18 } + +dot11PhyOFDMComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentFrequency, + dot11TIThreshold, + dot11FrequencyBandsSupported } + STATUS current + DESCRIPTION + "Attributes that configure the OFDM for IEEE 802.11." + ::= { dot11Groups 19 } + +dot11SMTbase3 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation, + dot11MultiDomainCapabilityImplemented, + dot11MultiDomainCapabilityEnabled, + dot11CountryString } + STATUS current + DESCRIPTION + "The SMTbase3 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network, when the STA + is capable of multi-domain operation. This object group should be + implemented when the multi-domain capability option is implemented." + ::= { dot11Groups 20 } + +dot11MultiDomainCapabilityGroup OBJECT-GROUP + OBJECTS { dot11FirstChannelNumber, + dot11NumberofChannels, + dot11MaximumTransmitPowerLevel } + STATUS current + DESCRIPTION + "The dot11MultiDomainCapabilityGroup object class provides + the objects necessary to manage the channels usable by a STA, + when the multi-domain capability option is implemented." + ::= { dot11Groups 21 } + +dot11PhyFHSSComplianceGroup2 OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex, dot11EHCCPrimeRadix, + dot11EHCCNumberofChannelsFamilyIndex, + dot11EHCCCapabilityImplemented, dot11EHCCCapabilityEnabled, + dot11HopAlgorithmAdopted, dot11RandomTableFlag, + dot11NumberofHoppingSets, dot11HopModulus, + dot11HopOffset, dot11RandomTableFieldNumber } + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11 when multi-domain capability option is implemented." + ::= { dot11Groups 22 } + +dot11PhyHRDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold, + dot11ShortPreambleOptionImplemented, + dot11PBCCOptionImplemented, dot11ChannelAgilityPresent, + dot11ChannelAgilityEnabled, dot11HRCCAModeSupported } + STATUS current + DESCRIPTION + "Attributes that configure the HRDSSS for IEEE 802.11." + ::= { dot11Groups 23 } + +-- ********************************************************************** +-- * End of 802.11 MIB +-- ********************************************************************** + +END + Index: /branches/breakout-hub/nanobsd/files/usr/local/share/snmp/snmpd.conf =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) @@ -0,0 +1,85 @@ +# snmpd.conf + +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec local localhost public +com2sec mynetwork 172.16.0.0/12 public +com2sec mynetwork 10.0.0.0/8 public +com2sec mynetwork 192.168.0.0/16 public + + + +# Second, map the security names into group names: + +# sec.model sec.name +group MyRWGroup v1 local +group MyRWGroup v2c local +group MyRWGroup usm local +group MyROGroup v1 mynetwork +group MyROGroup v2c mynetwork +group MyROGroup usm mynetwork + + +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 + + +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + + +# System contact information + +sysLocation Somewhere in or near Leiden +sysContact Stichting Wireless Leiden / +31 71 5139817 + + +# Process checks. + +# name max min +proc lvrouted.opt 1 1 +proc sshd 8 1 +proc syslogd 1 1 +proc ntpd 1 1 +proc snmpd 1 1 +proc dhcpd 1 1 +proc pen 1 1 +proc cron 2 1 +proc named 1 1 + + +# disk checks + +# path min +#disk / 90% +#disk /var 80% +#disk /usr 80% +#disk /tmp 60% +includeAllDisks 85% + + +# load average checks + +# 1max 5max 15max +load 12 14 14 + + +# Pass through control + +# miboid exec-command +pass .1.3.6.1.4.1.2021.50 /usr/local/nagios/bin/processor + +pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf + +extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh +extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh + Index: /branches/breakout-hub/nanobsd/files/usr/local/www/wlportal/index.cgi =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) @@ -0,0 +1,372 @@ +#!/usr/bin/env python +# +# Wrap me around tcpserver or inetd, example usage for tcpserver (debug): +# tcpserver -HRl localhost 172.31.255.1 /root/wlportal.py +# +# Or put me in a CGI script in for example thttpd server: +# +# = Usage = +# This is a wrapper script which does very basic HTML parsing and altering of +# ipfw tables rules to build a basic Captive Portal, with basic sanity +# checking. The ACL is IP based (this is a poor mans solution, layer2 +# ACL would be much better), so don't take security very seriously. +# +# To get traffic by default to the portal iI requires a few special rules in +# ipfw to work properly (ajust IP details if needed): +# - Rule 10010-10099 needs to be free. +# - add 10100 fwd 172.20.145.1,8081 tcp from any to not 172.16.0.0/12 dst-port 80 in via wlan0 +# +# Enties older than 5 minutes not being used will be removed if the (hidden) +# argument action=cleanup is given as GET variable. So having this in cron (would fix it): +# */5 * * * * /usr/bin/fetch -q http://172.31.255.1/wlportal?action=cleanup +# +# The program has uses a file based persistent cache to save authenticated +# ACLs, this will NOT get synced after a reboot. +# +# State : ALPHA +# Version : $Id$ +# Author : Rick van der Zwet +# Licence : BSDLike http://wirelessleiden.nl/LICENSE + +import logging +import os +import pickle +import re +import signal +import subprocess +import sys +import time +import traceback +import urlparse + +# XXX: Make me dynamic +portalroot='172.31.255.1' +portalurl='http://www.wirelessleiden.nl' +fwcmd='/sbin/ipfw' +arpcmd='/usr/sbin/arp' + + +logging.basicConfig(stream=open('/var/log/wlportal.log','a'),level=logging.DEBUG) + +class ItemCache: + """ + Very basic ItemCache used for caching registered entries and other foo, no + way recurrent, so use with care! + """ + + def __init__(self, authentication_timeout=60): + self.cachefile='/tmp/portal.cache' + # cache[mac_address] = (ipaddr, registered_at, last_seen) + self.cache = None + self.arp_cache = None + self.now = time.time() + self.authentication_timeout = authentication_timeout + + def delete_all(self): + self.cache = {} + self.save() + + def delete(self,ipaddr): + self.load() + for mac in self.cache.keys(): + if self.cache[mac][0] == ipaddr: + del self.cache[mac] + self.save() + + + def load(self): + """ Request cached file entries """ + if self.cache == None: + try: + self.cache = pickle.load(open(self.cachefile,'r')) + except IOError: + self.cache = {} + pass + + def load_arp_cache(self): + """ Provide with listing of MAC to IP numbers """ + if self.arp_cache == None: + output = subprocess.Popen([arpcmd,'-na'], stdout=subprocess.PIPE).communicate()[0] + self.arp_cache = {} + for line in output.strip().split('\n'): + # ? (172.20.145.30) at 00:21:e9:e2:7c:c6 on wlan0 expires in 605 seconds [ethernet] + if not 'expires' in line: + continue + t = re.split('[ ()]',line) + ip, mac = t[2],t[5] + self.arp_cache[ip] = mac + + def add(self,ipaddr): + """ Add entry to cache (on file) and return entry""" + self.load() + self.load_arp_cache() + self.cache[self.arp_cache[ipaddr]] = (ipaddr, self.now, self.now) + logging.debug("Adding Entry to Cache %s -> %s" % (ipaddr, self.arp_cache[ipaddr])) + self.save() + + def save(self): + """ Sync entries to disk """ + # XXX: Should actually check if entry has changed at all + pickle.dump(self.cache, open(self.cachefile,'w')) + + def update(): + """ Update entries with relevant ARP cache """ + self.load() + self.load_arp_cache() + # Update last_seen time for currently active entries + for ip,mac in self.arp_cache.iteritems(): + if self.cache.has_key(mac): + self.cache[mac][3] = now + + # cleanup no longer used entries, after authentication_timeout seconds. + for mac in self.cache: + if self.cache[mac][3] < self.now - self.authentication_timeout: + del self.cache[mac] + + # Sync results to disk + self.save() + return self.cache + + def get_cache(self): + self.load() + return self.cache + + def get_arp_cache(self): + self.load_arp_cache() + return self.arp_cache + + +class FirewallControl: + def __init__(self): + self.first_rule = 10010 + self.last_rule = 10099 + self.available_rule = self.first_rule + self.logger = '' + + + def load(self): + # Get all registered ips + sp = subprocess.Popen([fwcmd,'show','%i-%i' % (self.first_rule, self.last_rule)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + output = sp.communicate()[0] + self.ip_in_firewall = {} + if sp.returncode == 0: + # 10010 32 1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12,192.168.1.0/24 dst-port 80 + for line in output.strip().split('\n'): + t = line.split() + rule, ip = t[0], t[6] + self.ip_in_firewall[ip] = rule + + if self.available_rule == int(rule): + self.available_rule += 1 + else: + # XXX: Some nagging about no rules beeing found perhaps? + pass + + def cleanup(self): + """ Cleanup Old Entries, mostly used for maintenance runs """ + self.load() + # Make sure cache matches the latest ARP version + itemdb = ItemCache() + cache = itemdb.get_cache() + valid_ip = itemdb.get_arp_cache() + + # Check if all ipfw allowed entries still have the same registered MAC address + # else assume different user and delete. + for ip,rule in self.ip_in_firewall.iteritems(): + delete_entry = False + + # Make sure IP is still valid + if not valid_ip.has_key(ip): + delete_entry = True + # Also MAC needs to exists in Cache + elif not cache.has_key(valid_ip[ip]): + delete_entry = True + # IP need to match up with registered one + elif not cache[valid_ip[ip]][0] == ip: + delete_entry = True + + # Delete entry if needed + if delete_entry: + output = subprocess.Popen([fwcmd,'delete',str(rule)], stdout=subprocess.PIPE).communicate()[0] + self.logger += "Deleting ipfw entry %s %s\n" % (rule, ip) + logging.debug('Deleting ipfw entry %s %s\n' % (rule, ip)) + + + def add(self,ipaddr): + """ Add Entry to Firewall, False if already exists """ + self.load() + if not self.ip_in_firewall.has_key(ipaddr): + rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12,192.168.1.0/24 dst-port 80".split() + rule[0] = str(self.available_rule) + rule[4] = str(ipaddr) + logging.debug("Addding %s" % " ".join(rule)) + output = subprocess.Popen([fwcmd,'add'] + rule, stdout=subprocess.PIPE).communicate()[0] + itemdb = ItemCache() + itemdb.add(ipaddr) + return True + else: + return False + + + def delete(self, ipaddr): + itemdb = ItemCache() + itemdb.delete(ipaddr) + self.cleanup() + + def delete_all(self): + itemdb = ItemCache() + itemdb.delete_all() + self.cleanup() + + def get_log(self): + return self.logger + + + +# Query String Dictionaries +qs_post = None +qs = None +header = [] + +# We are are HTTP server, so act like one +if not os.environ.has_key('REQUEST_METHOD'): + class TimeoutException(Exception): + """ Helper for alarm signal handling""" + pass + + def handler(signum, frame): + """ Helper for alarm signal handling""" + raise TimeoutException + + + # Parse the HTTP/1.1 Content-Header (partially) + signal.signal(signal.SIGALRM,handler) + us = None + method = None + hostname = None + content_length = None + remote_host = None + while True: + try: + signal.alarm(1) + line = sys.stdin.readline().strip() + if not line: + break + header.append(line) + signal.alarm(0) + if line.startswith('GET '): + us = urlparse.urlsplit(line.split()[1]) + method = 'GET' + elif line.startswith('POST '): + method = 'POST' + us = urlparse.urlsplit(line.split()[1]) + elif line.startswith('Host: '): + hostname = line.split()[1] + elif line.startswith('Content-Length: '): + content_length = int(line.split()[1]) + except TimeoutException: + break + + # Capture Portal, make sure to redirect all to portal + if hostname != portalroot: + print "HTTP/1.1 302 Moved Temponary\r\n", + print "Location: http://%s/\r\n" % portalroot, + sys.exit(0) + + + # Handle potential POST + if method == 'POST' and content_length: + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + # Parse Query String + if us and us.path == "/wlportal" and us.query: + qs = urlparse.parse_qs(us.query) + + remote_host = os.environ['REMOTEHOST'] +else: + # Parse the CGI Variables if present + if os.environ['REQUEST_METHOD'] == "POST": + content_length = int(os.environ['CONTENT_LENGTH']) + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + if os.environ.has_key('QUERY_STRING'): + qs = urlparse.parse_qs(os.environ['QUERY_STRING']) + + remote_host = os.environ['REMOTE_ADDR'] + + + +# Helpers for HTML 'templates' +content = { + 'portalroot' : portalroot, + 'portalurl' : portalurl, + 'extra_header' : '', + 'tech_footer' : '', + 'status_msg' : '', + } + +try: + # Put authenticate use and process response + if qs_post and qs_post.has_key('action'): + if 'login' in qs_post['action']: + fw = FirewallControl() + if fw.add(remote_host): + content['extra_header'] = "Refresh: 5; url=%(portalurl)s\r" % content + content['status_msg'] = "Sucessfully Logged In!
" +\ + """ Will redirect you in 5 seconds to %(portalurl)s """ % content + else: + content['status_msg'] = "ERROR! Already Logged On" + elif 'logout' in qs_post['action']: + fw = FirewallControl() + fw.delete(remote_host) + content['status_msg'] = "Succesfully logged out!" + elif qs and qs.has_key('action'): + if 'deleteall' in qs['action']: + content['tech_footer'] += "# [INFO] Deleting all entries\n" + fw = FirewallControl() + fw.delete_all() + content['tech_footer'] += fw.get_log() + elif 'cleanup' in qs['action']: + tech_footer = "# [INFO] Update timestamp of all entries\n" + fw = FirewallControl() + fw.update() + content['tech_footer'] += fw.get_log() + elif 'cleanup' in qs['action']: + content['tech_footer'] += "# [INFO] Deleting all entries" + fw = FirewallControl() + fw.delete_all() + +except Exception,e: + content['tech_footer'] += traceback.format_exc() + content['status_msg'] = e + pass + + # Present Main Screen +print """\ +HTTP/1.1 200 OK\r +Content-Type: text/html\r +%(extra_header)s + + +

%(status_msg)s

+ +

Wireless Leiden - Internet Portal

+
+ + +
+ +

More options

+
+ + +
+""" % content + +print "
Technical Details:
"
+print "\n# [DEBUG] Header: ".join([''] + header)
+print content['tech_footer']
+print "
" +print "" Index: /branches/breakout-hub/nanobsd/files/usr/local/www/wlweb/index.cgi =================================================================== --- /branches/breakout-hub/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) +++ /branches/breakout-hub/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) @@ -0,0 +1,36 @@ +#!/usr/local/bin/python +# +# Wireless Leiden webinterface for (embedded) nodes +# Rick van der Zwet +# Richard van Mansom (richardvm@wirelessleiden.nl), striped the webserver + +from subprocess import * +import os + +def tailFile(file): + lines=-10 + return("Tail (%i): %s
%s
" % (lines,file,Popen(["tail", str(lines), file], stdout=PIPE).communicate()[0])); + +def catFile(file): + return("File: %s
%s
" % (file,Popen(["cat", file], stdout=PIPE).communicate()[0])); + +def allRoutes(): + return("netstat -nr
%s
" % Popen(["netstat", "-n", "-r"], stdout=PIPE).communicate()[0]); + +def processList(): + return("ps -aux
%s
" % Popen(["ps", "-a", "-u", "-x"], stdout=PIPE).communicate()[0]); + + +def main(): + return ( "Content-Type: text/html\n\n" + + "" + + "Welcome to Stichting Wireless Leiden host/node " + + Popen(["hostname"], stdout=PIPE).communicate()[0] + + "

" + tailFile('/var/log/messages') + "

" + + tailFile('/var/log/debug.log') + "

" + + catFile('/var/run/dmesg.boot') + "

" + + allRoutes() + "

" + + processList() + "

" + + "$Id$" ) + +print main() Index: /branches/breakout-hub/nanobsd/misc/patches/cardbus_cis.c.patch =================================================================== --- /branches/breakout-hub/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) @@ -0,0 +1,48 @@ +--- src/sys/dev/cardbus/cardbus_cis.c~ 2007-06-08 00:03:57.000000000 -0400 ++++ src/sys/dev/cardbus/cardbus_cis.c 2007-12-09 16:20:26.000000000 -0500 +@@ -435,10 +435,11 @@ + struct resource *res) + { + if (res != CIS_CONFIG_SPACE) { +- bus_release_resource(child, SYS_RES_MEMORY, rid, res); ++ bus_release_resource(cbdev, SYS_RES_MEMORY, rid, res); + if (rid == PCIM_CIS_ASI_ROM) + pci_write_config(child, rid, pci_read_config(child, + rid, 4) & ~PCIR_BIOS, 4); ++ PCI_DISABLE_IO(cbdev, child, SYS_RES_MEMORY); + } + } + +@@ -448,6 +449,8 @@ + { + struct resource *res; + uint32_t space; ++ uint32_t testval; ++ uint32_t size; + + space = *start & PCIM_CIS_ASI_MASK; + switch (space) { +@@ -476,10 +479,13 @@ + space); + return (NULL); + } ++ pci_write_config(child, *rid, 0xffffffff, 4); ++ testval = pci_read_config(child, *rid, 4); ++ size = CARDBUS_MAPREG_MEM_SIZE(testval); + + /* allocate the memory space to read CIS */ +- res = bus_alloc_resource(child, SYS_RES_MEMORY, rid, 0, ~0, 1, +- rman_make_alignment_flags(4096) | RF_ACTIVE); ++ res = bus_alloc_resource(cbdev, SYS_RES_MEMORY, rid, 0, ~0, size, ++ rman_make_alignment_flags(size) | RF_ACTIVE); + if (res == NULL) { + device_printf(cbdev, "Unable to allocate resource " + "to read CIS.\n"); +@@ -488,6 +494,7 @@ + if (*rid == PCIR_BIOS) + pci_write_config(child, *rid, + rman_get_start(res) | PCIM_BIOS_ENABLE, 4); ++ PCI_ENABLE_IO(cbdev, child, SYS_RES_MEMORY); + + /* Flip to the right ROM image if CIS is in ROM */ + if (space == PCIM_CIS_ASI_ROM) { Index: /branches/breakout-hub/nanobsd/misc/patches/if_udav.c.patch =================================================================== --- /branches/breakout-hub/nanobsd/misc/patches/if_udav.c.patch (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/patches/if_udav.c.patch (revision 10119) @@ -0,0 +1,11 @@ +--- if_udav.c 2010-02-19 19:58:45.000000000 +0100 ++++ if.udav.c.new 2010-02-19 17:54:20.000000000 +0100 +@@ -206,6 +206,8 @@ + {USB_VPI(USB_VENDOR_SHANTOU, USB_PRODUCT_SHANTOU_ST268, 0)}, + /* Corega USB-TXC */ + {USB_VPI(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB_TXC, 0)}, ++ /* DAVICOM DM9601 Generic */ ++ {USB_VPI(USB_VENDOR_DAVICOM, USB_PRODUCT_DAVICOM_DM9601, 0)}, + }; + + static void Index: /branches/breakout-hub/nanobsd/misc/patches/usbdevs.patch =================================================================== --- /branches/breakout-hub/nanobsd/misc/patches/usbdevs.patch (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/patches/usbdevs.patch (revision 10119) @@ -0,0 +1,30 @@ +--- usbdevs 2009-12-22 12:48:05.000000000 +0100 ++++ usbdevs.new 2009-12-22 12:53:41.000000000 +0100 +@@ -156,7 +156,7 @@ + vendor COMPAQ 0x049f Compaq + vendor HITACHI 0x04a4 Hitachi + vendor ACERP 0x04a5 Acer Peripherals +-vendor DAVICOM 0x04a6 Davicom ++/*vendor DAVICOm 0x04a6 Davicom*/ + vendor VISIONEER 0x04a7 Visioneer + vendor CANON 0x04a9 Canon + vendor NIKON 0x04b0 Nikon +@@ -540,6 +540,7 @@ + vendor FALCOM 0x0f94 Falcom Wireless Communications GmbH + vendor RIM 0x0fca Research In Motion + vendor DYNASTREAM 0x0fcf Dynastream Innovations ++vendor DAVICOM 0x0fe6 Davicom + vendor QUALCOMM 0x1004 Qualcomm + vendor DESKNOTE 0x1019 Desknote + vendor GIGABYTE 0x1044 GIGABYTE +@@ -1107,6 +1108,10 @@ + product CYPRESS USBRS232 0x5500 USB-RS232 Interface + product CYPRESS SLIM_HUB 0x6560 Slim Hub + ++/* Davicom Semiconductor products */ ++/*product DAVICOM DM9601 0x9601 DM9601 USB NIC*/ ++product DAVICOM DM9601 0x8101 DM9601 USB NIC ++ + /* Daisy Technology products */ + product DAISY DMC 0x6901 USB MultiMedia Reader + Index: /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/Makefile =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/Makefile (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/Makefile (revision 10119) @@ -0,0 +1,32 @@ +# New ports collection makefile for: lrvrouted +# Date created: 2009-07-12 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= lvrouted +PORTVERSION= 8518 +CATEGORIES= net +MASTER_SITES= http://webfolder.wirelessleiden.nl/lvrouted/ \ + http://rickvanderzwet.nl/mirror/lvrouted/ + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= Lvrouted is a very simple shortest-path routing daemon + +GNU_CONFIGURE= yes +USE_AUTOTOOLS= autoconf autoheader + +BUILD_DEPENDS+= ocamlopt:${PORTSDIR}/lang/ocaml-nox11 \ + ocamlfind:${PORTSDIR}/devel/ocaml-findlib + +USE_RC_SUBR= lvrouted + +post-install: +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/lvrouted.ps ${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/lvrouted.html ${DOCSDIR} +.endif + +.include Index: /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/distinfo =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/distinfo (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (lvrouted-8518.tar.gz) = 339bc29d021c88d06fd069766c72c075 +SHA256 (lvrouted-8518.tar.gz) = b93f642df38add4e3c8d1067d764af041fe63505820887a91cab07658606a3ee +SIZE (lvrouted-8518.tar.gz) = 59483 Index: /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# PROVIDE: lvrouted +# REQUIRE: netif routing +# KEYWORD: nojail + +lvrouted_enable=${lvrouted_enable:-"NO"} +lvrouted_flags=${lvrouted_flags:-} + +. /etc/rc.subr + +name="lvrouted" +rcvar=`set_rcvar` +load_rc_config $name + +command="%%PREFIX%%/sbin/${name}" + +pid_file="/var/run/${name}.pid" + +start_precmd="lvrouted_flush_routes" + +# XXX: Needs to be a flag to disable +# XXX: lvrouted should mark their added routed protocol specific (see: man 8 route) +# lvrouted requires no route to exists before start as it is not able to alter +# old routes, so make it flush all dynamic generated routes +lvrouted_flush_routes() { + + # XXX: Does the looping bug still exists? + # Keep looping till we whiped _all_ dynamic generated routes + while true; do + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) { exit 1} }' + if [ $? -eq 0 ]; then + break + fi + echo "WARNING: Flushing all existing DYNAMIC routes" 1>&2 + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) {print $1} }' | xargs -n 1 route delete + done +} + +run_rc_command "$1" Index: /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/pkg-descr =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/pkg-descr (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/pkg-descr (revision 10119) @@ -0,0 +1,14 @@ +Lvrouted is a very simple shortest-path routing daemon, featuring: + + - UDP based. no firmware-confusing multi- or broadcasts + - no per-node configuration + - spanning tree, so no count-to-infinity + - some specific wireless hacks, such as keeping an eye on the interface + association status for clients and the list of associated stations for + masters + - the ability to sign packets for some measure of security against malicious + packets + - sequence number against replay attacks. yes I know this is not + bulletproof. + +WWW: http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/ Index: /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/pkg-plist =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/pkg-plist (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/lvrouted/pkg-plist (revision 10119) @@ -0,0 +1,4 @@ +sbin/lvrouted +%%PORTDOCS%%%%DOCSDIR%%/lvrouted.html +%%PORTDOCS%%%%DOCSDIR%%/lvrouted.ps +%%PORTDOCS%%@dirrm %%DOCSDIR%% Index: /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/Makefile =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/Makefile (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/Makefile (revision 10119) @@ -0,0 +1,26 @@ +# New ports collection makefile for: tproxy +# Date created: 2009-07-13 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= tproxy +PORTVERSION= 2 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= ${PORTNAME} + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= tpoxy user-space single-port unidirectional tcp proxy + +USE_RC_SUBR= tproxy + +post-extract: + ${MV} ${WRKDIR}/${PORTNAME} ${WRKSRC} + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/tproxy ${PREFIX}/bin + +.include + Index: /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/distinfo =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/distinfo (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (tproxy-2.tar.gz) = 6ab0cb46e1eed1ecebd7a0781dfe2a6a +SHA256 (tproxy-2.tar.gz) = 8c59a20a93eda6b57e2a4abd5645e69c13247ebfed45561778e78e16eca7d551 +SIZE (tproxy-2.tar.gz) = 12584 Index: /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/files/tproxy.in =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/files/tproxy.in (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/files/tproxy.in (revision 10119) @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD: $ +# + +# PROVIDE: tproxy +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable tproxy: +# +# tproxy_enable="YES" +# + +. %%RC_SUBR%% + +name=tproxy +rcvar=`set_rcvar` + +command=%%PREFIX%%/bin/${name} + +tproxy_enable=${tproxy_enable:-"NO"} +tproxy_flags=${tproxy_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/pkg-descr =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/pkg-descr (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/pkg-descr (revision 10119) @@ -0,0 +1,4 @@ +user-space single-port unidirectional tcp proxy which handles out-of-band data, +and telnet-through firewall tunnelling. + +WWW: http://sourceforge.net/projects/tproxy/ Index: /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/pkg-plist =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/pkg-plist (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/tproxy/pkg-plist (revision 10119) @@ -0,0 +1,1 @@ +bin/tproxy Index: /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/Makefile =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/Makefile (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/Makefile (revision 10119) @@ -0,0 +1,25 @@ +# New ports collection makefile for: transproxy +# Date created: 2009-07-15 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= transproxy +PORTVERSION= 1.6 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= ${PORTNAME} +EXTRACT_SUFX= .tgz + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= Transproxy is used to transparently proxy HTTP requests + +USE_RC_SUBR= transproxy + +MAN8= tproxy.8 + +post-install: + @${CAT} ${PKGDIR}/pkg-message + +.include Index: /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/distinfo =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/distinfo (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (transproxy-1.6.tgz) = 02cc1160a9db9c49a40491f890083044 +SHA256 (transproxy-1.6.tgz) = 7bc4ce5ab01648dcaca25555eb4d4c3a67aed6bbb42e1432aaa4e9b20b75dab3 +SIZE (transproxy-1.6.tgz) = 23592 Index: /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/files/transproxy.in =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/files/transproxy.in (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/files/transproxy.in (revision 10119) @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD: $ +# + +# PROVIDE: transproxy +# REQUIRE: NETWORKING SERVERS ipfw +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable transproxy: +# +# transproxy_enable="YES" +# + +. /etc/rc.subr + +name=transproxy +rcvar=`set_rcvar` +start_precmd=${name}_precmd +stop_postcmd=${name}_postcmd + +command=%%PREFIX%%/sbin/tproxy + +transproxy_port=${transproxy_port:-8081} +transproxy_log=${transproxy_log:-"/var/log/transproxy.log"} +transproxy_proxyhost=${transproxy_proxyhost:-"proxy"} +transproxy_proxyport=${transproxy_proxyport:-3128} +transproxy_enable=${transproxy_enable:-"NO"} +transproxy_flags="-s $transproxy_port -l $transproxy_log $transproxy_proxyhost $transproxy_proxyport $transproxy_flags" + +transproxy_precmd () +{ + +} + + +transproxy_postcmd () +{ + ipfw delete 10010 10000 10001 >/dev/null + +} + + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-descr =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-descr (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-descr (revision 10119) @@ -0,0 +1,5 @@ +Transproxy is used in conjunction with the FreeBSD (ipfw and ipnat) or Linux +transparent proxy feature (ipfwadm, ipchains and iptables), to transparently +proxy HTTP requests. + +WWW: http://sourceforge.net/projects/transproxy/ Index: /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-message =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-message (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-message (revision 10119) @@ -0,0 +1,12 @@ +Remember to setup ipfw correctly. + +Sample below, uses following options: + Localip 172.19.152.65/26 + Localnet 172.16.0.0/12 + Transparant proxy enabled for all NOT localnet destinations 80 + transproxy running at port 8081 + + +ipfw add 10000 allow tcp from any to localhost 80 +ipfw add 10001 allow tcp from any to me 80 +ipfw add 10010 fwd 172.19.152.65,8081 tcp from any to no 172.16.0.0/12 80 Index: /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-plist =================================================================== --- /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-plist (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/ports/net/transproxy/pkg-plist (revision 10119) @@ -0,0 +1,3 @@ +sbin/tproxy +sbin/tproxyrun +sbin/tproxywatch Index: /branches/breakout-hub/nanobsd/misc/testing-server/dhcpd.conf =================================================================== --- /branches/breakout-hub/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) @@ -0,0 +1,17 @@ +# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates. +ddns-update-style ad-hoc; + +default-lease-time 600; +max-lease-time 7200; +authoritative; + +option domain-name "example.com"; +option domain-name-servers 208.67.222.222; +option routers 192.168.4.1; + +subnet 192.168.4.0 netmask 255.255.255.0 { + range 192.168.4.10 192.168.4.100; + + filename "pxeboot"; + option root-path "192.168.4.1:/usr/data/base/"; +} Index: /branches/breakout-hub/nanobsd/misc/testing-server/exports =================================================================== --- /branches/breakout-hub/nanobsd/misc/testing-server/exports (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/testing-server/exports (revision 10119) @@ -0,0 +1,2 @@ +/usr/data -alldirs -maproot=root -network 192.168.4.0/24 +/usr/data/base -alldirs -maproot=root -network 192.168.4.0/24 Index: /branches/breakout-hub/nanobsd/misc/testing-server/rc.conf =================================================================== --- /branches/breakout-hub/nanobsd/misc/testing-server/rc.conf (revision 10119) +++ /branches/breakout-hub/nanobsd/misc/testing-server/rc.conf (revision 10119) @@ -0,0 +1,28 @@ +hostname="richard.wleiden.net" +ifconfig_xl0="inet 172.19.137.70/27" +defaultrouter="172.19.137.66" + +sshd_enable="YES" + + + +# +# PXEboot envirionment +ifconfig_bfe0="inet 192.168.4.1/24" + +# DHCPD server, ip address, options, hints +dhcpd_enable="YES" + +# TFTP server, initial boot +inetd_enable="YES" + +# NFS server, kernel and more +nfs_server_enable="YES" +rpcbind_enable="YES" +mountd_flags="-r" + +gateway_enable="YES" +firewall_enable="YES" +firewall_type="OPEN" +natd_enable="YES" +natd_interface="xl0" Index: /branches/breakout-hub/nanobsd/tools/config-image.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/config-image.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/config-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Push config onto persistent location inside node image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} /tools/wl-config -n -m startup + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/breakout-hub/nanobsd/tools/edit-image.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/edit-image.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/edit-image.sh (revision 10119) @@ -0,0 +1,54 @@ +#!/bin/sh +# Chroot into image to edit bits and pieces +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +p_info "Type exit when done" +chroot ${MNT} +p_info "Any changes are made permanent on image ${IMG}" + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/breakout-hub/nanobsd/tools/image-build.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/image-build.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/image-build.sh (revision 10119) @@ -0,0 +1,78 @@ +#!/bin/sh +# Wrapper around nanobsd.sh with autodetection of already processed steps +# to provide some failsafe net + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" +NANOBSD='/usr/src/tools/tools/nanobsd/nanobsd.sh' + +. ${BASEDIR}/package-build.inc.sh + +FORCE_KERNEL=0 +FORCE_WORLD=0 +#XXX: Proper object handling +if [ "$1" = "-bk" ]; then + p_warn Forcefully building kernel + FORCE_KERNEL=1 +elif [ "$1" = "-bw" ]; then + p_warn Forcefully building world + FORCE_WORLD=1 +elif [ "$1" = "-f" ]; then + p_warn Forcefully building world and kernel + FORCE_KERNEL=1 + FORCE_WORLD=1 +fi +shift +NANOBSD_EXTRA=$* + +if [ ! -r "${NANOBSD}" ]; then + p_err ${NANOBSD} does not exists + exit 1 +fi + +if [ ! -x "${NANOBSD}" ]; then + NANOBSD="sh ${NANOBSD}" +fi + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + +if [ -d "${OBJDIR}" ]; then + NANOBSD_FLAGS="" + + # Detect succesfull buildworld + tail -10 ${OBJDIR}/_.bw | grep 'World build completed' + if [ $? -eq 0 -a ${FORCE_WORLD} -eq 0 ]; then + p_info NO building of world, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -w" + fi + + # Detect succesfull buildkernel + tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' + if [ $? -eq 0 -a ${FORCE_KERNEL} -eq 0 ]; then + p_info NO building of kernel, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -k" + fi + +else + p_warn Nothing yet, starting fresh + NANOBSD_FLAGS="" +fi + +# Provide verbose output by default +COMMAND="${NANOBSD} ${NANOBSD_FLAGS} -c ${CFG} -v ${NANOBSD_EXTRA}" +f_time ${COMMAND} +RETVAL=$? + +# Verify on build failures +tail -10 ${OBJDIR}/_.bw | grep 'World build completed' +if [ $? -eq 1 ]; then + p_err Building world FAILED, check ${OBJDIR}/_.bw +fi +tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' +if [ $? -eq 1 ]; then + p_err Building kernel FAILED, check ${OBJDIR}/_.bk +fi +p_info End time: `date` +exit ${RETVAL} Index: /branches/breakout-hub/nanobsd/tools/make-release.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/make-release.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/make-release.sh (revision 10119) @@ -0,0 +1,51 @@ +#!/bin/sh +# Small tool to build nanobsd release, ready for distribution: + +BASEDIR="`dirname $0`/.." + +# Some cleaning at start +for PORT in ${BASEDIR}/misc/ports/*/*; do + (cd $PORT; make clean); +done + +# Version target +# Either version from command line or else subversion base +VERSION=${1-`svn info ${BASEDIR} | awk '/Revision:/ {print $2}'`} + +TMPDIR=`mktemp -d -t $(basename $0 .sh)` + +PKGDIR=wl-image-$VERSION +WRKSRC=$TMPDIR/$PKGDIR +mkdir $WRKSRC +cp -R ${BASEDIR}/tools $WRKSRC +cp -R ${BASEDIR}/cfg $WRKSRC +cp -R ${BASEDIR}/misc $WRKSRC +cp -R ${BASEDIR}/files $WRKSRC +cp -R ${BASEDIR}/README.txt $WRKSRC + +# Present real image +# XXX: Make path relative +# XXX: Find some pretty options +IMG=/usr/obj/nanobsd.wleiden/_.disk.full +IMG_DIR=`dirname ${IMG}` +IMG_PKGDIR=${IMG_DIR}/${PKGDIR} +mkdir ${IMG_PKGDIR} +ln ${IMG} ${IMG_PKGDIR}/disk_full.img + +# Make pretty tar file out of it +tar --exclude ".svn" --exclude "Makefile" \ + --exclude "config.cache" --exclude "config.log" --exclude "config.status" \ + --exclude ".depend" \ + -cjf wl-image-$VERSION.tbz \ + -C $TMPDIR \ + $PKGDIR/tools \ + $PKGDIR/cfg \ + $PKGDIR/files \ + $PKGDIR/misc \ + $PKGDIR/README.txt \ + -C $IMG_DIR \ + $PKGDIR/disk_full.img + +rm -fR $TMPDIR +rm -fR $IMG_PKGDIR + Index: /branches/breakout-hub/nanobsd/tools/package-build.inc.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/package-build.inc.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/package-build.inc.sh (revision 10119) @@ -0,0 +1,70 @@ +# Used to store profile data +TIME_FILE=$(dirname $0)/eta-times.txt + +p_list () { +echo "$*" | sed -e 's/ /|## /g' -e 's/^/## /g' +} + +p_info () { + echo "$*" | tr '|' '\n' | sed 's/^/# /' +} + +p_warn () { + echo "$*" | tr '|' '\n' | sed 's/^/#WARN: /' +} + +p_err () { + echo "$*" | tr '|' '\n' | sed 's/^/#ERR: /' +} + +p_sleep() { + SLEEP=${1-5} + while [ "${SLEEP}" -gt 0 ]; do + printf '.' + sleep 1 + SLEEP=`expr ${SLEEP} - 1` + done + printf '\n' +} + +# Print estimation on how long it normally if going to take +f_time() { + COMMAND="$*" + ETA_TIME=` grep "${COMMAND}$" ${TIME_FILE} 2>/dev/null | awk '{print $1}'` + if [ -z "${ETA_TIME}" ]; then + ETA_TIME="NaN" + fi + + p_info Last run of "'${COMMAND}'" took ${ETA_TIME} + p_info Start time: `date` + + # Execute command + START_TIME=`date "+%s"` + $COMMAND + RETVAL=$? + STOP_TIME=`date "+%s"` + + p_info End time: `date` + # Calculate time it took + TOTAL_TIME=`expr ${STOP_TIME} - ${START_TIME}` + HUMAN_FMT=`date -ur ${TOTAL_TIME} "+%H:%M:%S"` + + # Store new time if command is succesfull + if [ "${RETVAL}" -eq 0 ]; then + grep -v "${COMMAND}$" ${TIME_FILE} > ${TIME_FILE}.tmp 2>/dev/null + echo "${HUMAN_FMT} ${COMMAND}" >> ${TIME_FILE}.tmp + mv ${TIME_FILE}.tmp ${TIME_FILE} + fi + + # Return the command it's output + return ${RETVAL} +} + +f_check_root() { + # No Root, no fun + if [ `id -u` -ne 0 ]; then + print_err Root only + exit 1 + fi +} + Index: /branches/breakout-hub/nanobsd/tools/package-build.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/package-build.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/package-build.sh (revision 10119) @@ -0,0 +1,179 @@ +#!/bin/sh +# Install all required packages +# XXX: Welcome to port hell, if /usr/ports has been updated, you actually want +# to delete all installed packages and start over again, hence why people used +# to run this stuff in jails, etc. + +. $(dirname $0)/package-build.inc.sh + +DEBUG=${DEBUG:-0} +DEP_CHECK_ONLY=${DEP_CHECK_ONLY:-0} + +# make options, for package building +LOGDIR=`mktemp -d "/tmp/$(basename $0 .sh)-$(date +%Y%m%d-%H:%M:%S).X"` +TARGET="`cd $(dirname $0);pwd -P`/../pkg/" + +# Package target +MAKE_ARGS="$MAKE_ARGS PACKAGES=$TARGET" +MAKE_ARGS="$MAKE_ARGS BATCH=yes PACKAGE_BUILDING=yes" + +# www/py-cherrypy +MAKE_ARGS="${MAKE_ARGS} WITH_APACHE=yes" +# net-mgmt/net-snmp +MAKE_ARGS="${MAKE_ARGS} WITHOUT_PERL=yes" +# net-mgmt/nagios-plugins +MAKE_ARGS="${MAKE_ARGS} WITH_FPING=yes" + +p_info Log directory ${LOGDIR} +p_info Make options are: +p_info $(p_list ${MAKE_ARGS}) + +p_info Checking whether there are currently unmet dependencies +RETVAL=0 +PKGS=`pkg_info | awk '{print $1}'` +for PKG in ${PKGS} ; do + PKG_DEP_FAIL="" + for PKGDEP in `pkg_info -qr ${PKG} | awk '{print $2}'`; do + pkg_info -e ${PKGDEP} + if [ $? -eq 1 ]; then + PKG_DEP_FAIL="${PKG_DEP_FAIL} ${PKGDEP}" + fi + done + if [ -n "${PKG_DEP_FAIL}" ]; then + p_err Unmet dependencies found at $PKG, please fix manually: + p_err $(p_list ${PKG_DEP_FAIL}) + RETVAL=1 + fi +done +if [ $RETVAL -eq 1 ]; then + exit 1 +fi +p_info Dependecy check ok + +if [ ${DEP_CHECK_ONLY} -eq 1 ]; then + exit 0 +fi +echo "" + + +if [ -d "${TARGET}/All" ]; then + p_warn "Deleted all (old) packages at ${TARGET}" + rm -R $TARGET/* +fi +p_info Created target dir ${TARGET}/All +mkdir -p ${TARGET}/All + +PORTSDIR='/usr/ports' +WL_PORTSDIR="`cd $(dirname $0);pwd -P`/../misc/ports/" + +# XXX: Make file dynamic +# Dirty quirk to allow comments in part below +PACKAGE_LIST=`cat <>$LOGFILE 1>> $LOGFILE + if [ $? -ne 0 ]; then + p_err building ${PACKAGE} FAILED, logging at $LOGFILE + exit 1 + fi + fi + ${MAKE} package-links + PKGNAME=`make extract-message | awk '{print $NF}'` + pkg_create -b $PKGNAME $TARGET/All/${PKGNAME}.tbz + + p_info Checking dependencies + for PKG in $PKGDEP_PKGS; do + echo "${BUILD_LIST}" | grep -q "$PKG" + if [ $? -eq 0 ]; then + # Already packaged + p_info ${PKG} Already packaged + else + echo $@ | grep -q "${PKG}" + if [ $? -eq 0 ]; then + p_info ${PKG} Already planned + else + set $@ ${PKG} + fi + fi + done + p_info Packaging $PACKAGE succesfull +done + +p_info $(echo ${BUILD_LIST} | wc -w) packages build succesfully + +if [ ${DEBUG} -eq 0 ]; then + rm -R ${LOGDIR} +else + p_info Debugging enabled ${LOGDIR} saved +fi + Index: /branches/breakout-hub/nanobsd/tools/passwd-image.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/passwd-image.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/passwd-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Change password if image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} passwd + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/breakout-hub/nanobsd/tools/prepare-nfs.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/prepare-nfs.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/prepare-nfs.sh (revision 10119) @@ -0,0 +1,114 @@ +#!/bin/sh +# Get nanobsd image ready to be booted from NFS +# NFS instructions at +# http://www.wirelessleiden.nl/projects/nodefactory/wiki/TestingViaNFS + +IMAGE_BASE="/usr/obj/nanobsd.wleiden" +IMAGE_SLICE="${IMAGE_BASE}/_.disk.image" +IMAGE_FULL="${IMAGE_BASE}/_.disk.full" +IMAGE_NFS="${IMAGE_SLICE}-nfs" +# Structure: $NFSBASE +# ./cfg = /cfg mounpoint +# ./base = / mountpoint +# ./nfs = /nfs mountpoint +NFSBASE='/usr/data' +MNT="${NFSBASE}/base" +CFG="${NFSBASE}/cfg" +NFS="${NFSBASE}/nfs" + +print_error() { + echo "[ERROR] $*" 1>&2 +} + +usage() { + ( + echo "Usage: $0 [-fn]" + echo " -f force umount, memory device whipes" + echo " -n do not delete/clean cfg partition" + echo " -u unload/eject procedure" + ) 1>&2 + exit 2 +} + +# No Root, no fun +if [ `id -u` -ne 0 ]; then + print_error "Root only" + exit 1 +fi + +# Argument parsing using getopts +OPT_FORCE=0 +OPT_CLEAN=1 +OPT_UNLOAD=0 +while getopts "hfnu" OPT; do + case "$OPT" in + f) OPT_FORCE=1;; + n) OPT_CLEAN=0;; + u) OPT_UNLOAD=1;; + h) usage;; + \?) usage;; + esac +done + + +# Eeks, we are going to be nasty, hold your horses +if [ $OPT_FORCE -eq 1 -o $OPT_UNLOAD -eq 1 ]; then + umount -f $MNT + for MD in `mdconfig -l -v | grep "${IMAGE_NFS}" | awk '{print $1}'`; do + mdconfig -d -u $MD + done +fi + +if [ $OPT_UNLOAD -eq 1 ]; then + echo "All done" + exit 1; +fi + +# If mount point is already used, bail out +if mount | grep -q "${MNT}"; then + print_error "'${MNT}' already mounted" + exit 1 +fi + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMAGE_NFS}"; then + MD=`mdconfig -l -v | grep "${IMAGE_NFS}" | cut -c -4` + print_error "'${IMAGE_NFS}' already mounted at '$MD'" + exit 1 +fi + + +# Prepare image for use with NFS +cp -v ${IMAGE_SLICE} ${IMAGE_NFS} + +MD=`mdconfig -a -t vnode -f ${IMAGE_NFS}` +mount /dev/${MD}a ${MNT} + +# Config files lives at NFS location +echo "mount -t nfs -o ro 192.168.4.1:${CFG}" > ${MNT}/conf/default/etc/remount + +# Create nfs mount location +mkdir ${MNT}/nfs + +# $MNT, $CFG, $NFS lives at nfs +( +echo "192.168.4.1:${MNT} / nfs ro 0 0" +echo "192.168.4.1:${CFG} /cfg nfs rw,noauto 0 0" +echo "192.168.4.1:${NFS} /nfs nfs rw 0 0" +) > /${MNT}/conf/base/etc/fstab + +if [ ${OPT_CLEAN} -eq 1 ]; then + echo "DELETING all files at ${CFG}, start fresh ;-)" + rm -vfR ${CFG}/* +else + echo "PRESERVING all files at ${CFG}" +fi + +echo "DELETING all files at ${NFS}, start fresh ;-)" +rm -vfR ${NFS}/* + +# Allow build images to be used directy via NFS +ln -f ${IMAGE_SLICE} ${NFS}/`basename ${IMAGE_SLICE}` +ln -f ${IMAGE_FULL} ${NFS}/`basename ${IMAGE_FULL}` + +# XXX: Proper unmounting after all has finished Index: /branches/breakout-hub/nanobsd/tools/rsync-image.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/rsync-image.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/rsync-image.sh (revision 10119) @@ -0,0 +1,43 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=${1:-10.0.42.1} +BASEDIR=`dirname $0` +if [ -n "$2" ]; then + IMG=$2 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.image +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +# Prepare image as filesystem +MNT=`mktemp -d -t $(basename $0)` +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}a ${MNT} || exit 1 + +# On error clean up nicely +trap "cd /; umount ${MNT}; rmdir ${MNT}; mdconfig -d -u ${MD}" 0 1 2 3 15 + +#XXX: Might want to do in one fly +# Set to write mode +ssh $HOST mount -uwo noatime / || exit 1 +# Sync changes +rsync -av --exclude=/dev --exclude=/etc --exclude=/var ${MNT}/ ${HOST}:/ || exit 1 +# Set to read-only mode again +ssh $HOST mount -ur / || exit 1 + +exit 0 Index: /branches/breakout-hub/nanobsd/tools/test-inc.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/test-inc.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/test-inc.sh (revision 10119) @@ -0,0 +1,5 @@ +#!/bin/sh +. $(dirname $0)/package-build.inc.sh + +f_time sleep 5 + Index: /branches/breakout-hub/nanobsd/tools/upload-image.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/upload-image.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/upload-image.sh (revision 10119) @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Upload image to the 'distribution' server. First try WL network, +# else use inet as last resort. Need to have shell access to distribution server. +# +# XXX: Needs Type and such as well properly +# +# Rick van der Zwet + +SERVERS="sunfire.wleiden.net sunfire.wirelessleiden.nl" +TIMESTAMP=`date "+%Y%m%d-%H%M"` +BASEDIR=`dirname $0` +SSH_USER=${SSH_USER:-$USER} +TYPE="$1" +RELEASE="$2" + +. $BASEDIR/package-build.inc.sh + +if [ -z "$RELEASE" ]; then + echo "Usage: $0 " + exit 1 +fi + +# Make sure we find the right image +if [ "$TYPE" = "full" ]; then + find_disk_full "" +elif [ "$TYPE" = "image" ]; then + find_disk_image "" +else + echo "Usage: $0 " + exit 1 +fi + +check_reachable() { + ping -c 2 -t 1 -q $1 1>/dev/null 2>/dev/null + return $? +} + +# XXX: Hack this should actually be done during building phase +echo "# Compressing image '$IMG'" +gzip -v -k -f $IMG +IMG="$IMG.gz" + +echo "# Trying to upload to server, alarm messages are normal" +# Upload the image to the defined place +for SERVER in $SERVERS; do + if check_reachable $SERVER; then + TARGET="$SSH_USER@$SERVER:/usr/local/www/images/$RELEASE/node-$TYPE-$TIMESTAMP.img.gz" + echo "# Source: $IMG" + echo "# Target: $TARGET" + echo "# To cancel, please CTRL+C within 3 seconds" + sleep 3 + scp $IMG $TARGET + exit $? + fi +done + Index: /branches/breakout-hub/nanobsd/tools/write-image.sh =================================================================== --- /branches/breakout-hub/nanobsd/tools/write-image.sh (revision 10119) +++ /branches/breakout-hub/nanobsd/tools/write-image.sh (revision 10119) @@ -0,0 +1,74 @@ +#!/bin/sh +# Wrapper allowing to write image to card writer + +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi +IMGSIZE=`ls -l ${IMG} | awk '{print $5 / 1024 / 1024}'` + +# Make sure we are root from this point on +f_check_root + +# Find which daX device holds a active flash drive +CARD_FOUND=0 +DA_LIST=`cd /dev/; echo da[0-9]` +for DA in ${DA_LIST}; do + diskinfo ${DA} 1>/dev/null 2>/dev/null + if [ $? -eq 0 ]; then + CARD_FOUND=1 + break + fi +done + +if [ ${CARD_FOUND} -eq 0 ]; then + p_err Sorry no flash card found at active devices, list searched: + p_err $(p_list ${DA_LIST}) + exit 1 +fi + +# Detect cardreader type/version +CARDREADER=`dmesg | grep ${DA}: | awk -F'[<>]' '/Removable Direct Access/ {print $2}' | tail -1` + +#XXX: Issue last chance warning, prompting the user to bail out +p_warn Going to write ${IMG} "(${IMGSIZE}MB)" to ${DA} "(${CARDREADER})" +p_warn 5 seconds to quit using CTRL+C +p_sleep 5 + +TMPFILE=`mktemp -t dd` +p_info Writing image... "(`date`)" +# Sending INFO to dd seems to confuse it sometimes so +# make it EXPERIMENTAL for now + +if [ -n "$ENHANCED_DD" ]; then + dd if=${IMG} of=/dev/${DA} bs=64k 2>${TMPFILE} & + DD_PID=$! + sleep 0.5 + while `ps ${DD_PID} >/dev/null`; do + kill -INFO ${DD_PID} + sleep 0.1 #Micro delay allow TMPFILE to populate + SIZE_DONE=`awk '/transferred/ {print $1}' ${TMPFILE}` + SIZE_DONE=`echo "${SIZE_DONE} / 1024 / 1024" | bc -l` + PERCENT_DONE=`echo "${SIZE_DONE} / ${IMGSIZE} * 100" | bc -l` + p_info `date "+%H:%m:%S"` `printf "%.02f MB (%.01f%%)" ${SIZE_DONE} ${PERCENT_DONE}` + p_sleep 10 + : > ${TMPFILE} + done +else + dd if=${IMG} of=/dev/${DA} bs=64k +fi +rm ${TMPFILE} +p_info Image writing succesfull at /dev/$DA "(`date`)" Index: /branches/breakout-spoke/nanobsd/README.txt =================================================================== --- /branches/breakout-spoke/nanobsd/README.txt (revision 10119) +++ /branches/breakout-spoke/nanobsd/README.txt (revision 10119) @@ -0,0 +1,12 @@ +Please find the build procedure and other supporting documents at + +http://www.wirelessleiden.nl/projects/nodefactory/wiki/NanoBSD + += Directory layout = +README.txt = currently reading +cfg-files = extension for auto populate /cfg slice in image +cfg/kernel.* = kernel config files, different hosts +cfg/nanobsd.* = nanobsd config files +files = extension for auto populate / slice in image +pkg = Packages to be installed +tools = Helper scripts for use after image Index: /branches/breakout-spoke/nanobsd/cfg/kernel.net4801 =================================================================== --- /branches/breakout-spoke/nanobsd/cfg/kernel.net4801 (revision 10119) +++ /branches/breakout-spoke/nanobsd/cfg/kernel.net4801 (revision 10119) @@ -0,0 +1,127 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I586_CPU +cpu I686_CPU +ident GEODE + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options ADAPTIVE_GIANT # Giant mutex is adaptive. +options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling + +# Bus support. +device pci + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +device wlan_scan_ap # 802.11 AP mode scanning. +device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE +device wlan_xauth #802.11 external authenticator support +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +options TMPFS +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + Index: /branches/breakout-spoke/nanobsd/cfg/kernel.wleiden =================================================================== --- /branches/breakout-spoke/nanobsd/cfg/kernel.wleiden (revision 10119) +++ /branches/breakout-spoke/nanobsd/cfg/kernel.wleiden (revision 10119) @@ -0,0 +1,209 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident WLEIDEN + +# options CLK_USE_I8254_CALIBRATION + +options CPU_ELAN # (mandatory) The ElanSC520 cpu has a number of quirks that needs to + # be worked around, in particular the i8254 timer ticks + # at a non-standard rate of 1189161Hz. + +options CPU_SOEKRIS # (recommended) This option sets things up for the soekris board. + # Amongst other things, this makes /dev/led/error appear. + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE # net4801 requirement + +options HZ=250 # (recommended) It is necessary to increas HZ to at least 150 in order + # to take advantage of the "ELAN" timecounter. + +options AH_SUPPORT_AR5416 + +options NO_SWAPPING # We do not have a swap space, so swapping would be pretty useless + +options SW_WATCHDOG # Watchdog option to verify various tasks and reboot if needed + + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +# options ADAPTIVE_GIANT # Giant mutex is adaptive. +# options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling +options TMPFS + +# Bus support. +device pci +device eisa + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +# device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +#device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet +device dc # DEC/Intel21143 and clone 10/100 Ethernet + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +# device wlan_scan_ap # 802.11 AP mode scanning. +# device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +# device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +#device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device usb # USB Bus (required) +#device udbp # USB Double Bulk Pipe devices +#device ugen # Generic +#device uhid # “Human Interface Devices” +#device ukbd # Keyboard +#device ulpt # Printer +#device umass # Disks/Mass storage - Requires scbus and da +#device ums # Mouse +device ural # Ralink Technology RT2500USB wireless NICs +#device urio # Diamond Rio 500 MP3 player +#device uscanner # Scanners +# USB Ethernet, requires mii +device aue # ADMtek USB Ethernet +device axe # ASIX Electronics USB Ethernet +device cdce # Generic USB over Ethernet +device cue # CATC USB Ethernet +device kue # Kawasaki LSI USB Ethernet +device rue # RealTek RTL8150 USB Ethernet +device udav # Davicom DM9601 USB Ethernet + +# +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + + +# Firewall fore the use of fancy stuff, like forwarding ports +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPFIREWALL_FORWARD +options IPFIREWALL_NAT +options LIBALIAS # Required for IPFIREWALL_NAT + +# Uncomment if you like to compile a debugging kernel +#options KDB +#options DDB +#options BREAK_TO_DEBUGGER +#options KDB_UNATTENDED +#makeoptions DEBUG=-g Index: /branches/breakout-spoke/nanobsd/cfg/nanobsd.wleiden =================================================================== --- /branches/breakout-spoke/nanobsd/cfg/nanobsd.wleiden (revision 10119) +++ /branches/breakout-spoke/nanobsd/cfg/nanobsd.wleiden (revision 10119) @@ -0,0 +1,302 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# Little hack to allow proper secify of KERNL/PKG location +NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) + +NANO_NAME=wleiden # object naam in /usr/obj/nanobsd.{obj} +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) +#NANO_DRIVE=ad1 # NanoBSD disk id, default is ad0 + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +# 200MB should is suffient of every image we might as well use all available +# space, but that increases update times +#NANO_CODESIZE=409600 # volume van de code slice, default = max beschikbaar +NANO_CODESIZE=819200 +#NANO_RAM_ETCSIZE= # volume van de /etc ramdisk, default 10240 (512bs) +#NANO_RAM_TMPVARSIZE= # volume van de /var ramdisk, default 10240 (512bs) +NANO_RAM_TMPVARSIZE=20480 + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +elif [ "`sysctl hw.model`" = "AMD Sempron(tm) Processor 3000+" ]; then + # Parralel builds on this friend fails somehow + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# LET OP, optie nodig bij het gebruik van Alix bordjes ivm tinybios & LBA +# ondersteuning. Specifieke flash-geometrie instellingen vereist. +#NANO_BOOT0CFG="-o nopacket -s 1 -m 3" + +# +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +# 46MB +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry +# Calculated value of PEAK hardware 1GB CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +NANO_MEDIASIZE=`expr 1008451584 / 512` + +#using logical values reported by Alix board + +NANO_HEADS=32 +NANO_SECTS=63 + +#values for PCEngines blanc 1 GB cards +#NANO_MEDIASIZE='expr 1014644736 / 512' +#C/H/S phys 1966/16/63, logical 983/32/63 + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +#customize_cmd cust_install_lvrouted +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches Index: /branches/breakout-spoke/nanobsd/files/FILE_LISTING.txt =================================================================== --- /branches/breakout-spoke/nanobsd/files/FILE_LISTING.txt (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/FILE_LISTING.txt (revision 10119) @@ -0,0 +1,38 @@ +# File or directory and it's purpose in this build +./boot.config # Serial console output +./boot/loader.conf # Serial console output +./conf/default/etc/.work_around_till_fix_of_pr_134513 +./conf/default/var/.work_around_till_fix_of_pr_134513 +./etc/crontab # Extra calls for pen & ntp +./etc/namedb/named.conf # Custom named configuration +./etc/ntp.conf # Custom ntp configuration +./etc/rc.conf # Highly customized rc.conf +./etc/syslog.conf # Remote syslogging enabing +./etc/ttys-nanobsd.patch # Serial console output +./root/.ssh # Template directory for authorized_keys file +./tools/change_password # Allow persistent changing of root password +./tools/dhcpd_snmp.sh # XXX +./tools/save_sshkeys # Allow persistent saving of host ssh keys +./tools/syslogd_flags.sh # XXX +./tools/updatep1 # phk image on slice 1 update script +./tools/updatep2 # phk image on slice 2 update script +./tools/wl-config # WL node specific configuration fetch and update script +./tools/wl-version # Version debug tool, gather statistics for debugging +./usr/lib/aout/.keep_me # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir +./usr/local/bin/ssh-copy-id # XXX +./usr/local/bin/write_ntpdrift # XXX +./usr/local/etc/dhcpd-snmp.conf # dhcp-snmp cofiguration +./usr/local/etc/dhcpd.conf # Initial custom dhcpd.conf +./usr/local/etc/nrpe.cfg # XXX +./usr/local/etc/ntp.drift # XXX +./usr/local/etc/rc.d/lvrouted.sh # lvrouted startup script +./usr/local/etc/rc.d/nanobsd-motd # Allow updating motd with persistent save +./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation +./usr/local/etc/rc.d/pen # Pen startup script +./usr/local/etc/rc.d/sort-proxies # Pen optimizer script +./usr/local/etc/rc.d/wlweb # WLweb configuration webinterface startup script +./usr/local/sbin/dhcpd-snmp # dhcp-snmp 'binary' +./usr/local/sbin/lvrouted.opt # lvrouted 'binary' +./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB +./usr/local/share/snmp/snmpd.conf # Custom snmpd configuration +./usr/local/wlweb # WLweb configuration webinterface program Index: /branches/breakout-spoke/nanobsd/files/boot.config =================================================================== --- /branches/breakout-spoke/nanobsd/files/boot.config (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/boot.config (revision 10119) @@ -0,0 +1,1 @@ +-h Index: /branches/breakout-spoke/nanobsd/files/boot/loader.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/boot/loader.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/boot/loader.conf (revision 10119) @@ -0,0 +1,21 @@ +# No funky Beasty, but boring default, and gone in 1 second to make it go quick :-( +beastie_disable="YES" +autoboot_delay="1" + +# Some apache hyper speed module, we properly this don't need this, but still +# saves a startup warning +accf_http_load="YES" + +# Named started nagging, claiming (to many) files if unable to reach master for +# quite some time +kern.maxfiles="5000" + +# The unlucky NET4801 does not properly support DMA (we don't need it anyways) +# http://lists.soekris.com/pipermail/soekris-tech/2008-August/014788.html +hw.ata.ata_dma="0" + +# Prefers stability over preformance disable Write Caching (man 4 ata) +hw.ata.wc="0" + +# Force output to run trough the comconsole, no exceptions +console="comconsole" Index: /branches/breakout-spoke/nanobsd/files/etc/crontab =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/crontab (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/crontab (revision 10119) @@ -0,0 +1,29 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +HOME=/var/log +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a +# +# Write updates for ntp.drift to flash +0 12 * * * root /usr/local/bin/write_ntpdrift Index: /branches/breakout-spoke/nanobsd/files/etc/ipfw.sh =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/ipfw.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/ipfw.sh (revision 10119) @@ -0,0 +1,60 @@ +#!/bin/sh - +CAPTIVE=wlan + +# Based on /etc/rc.firewall + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback + +############ + +# By default no firewalling +${fwcmd} add 65000 pass all from any to any + +# Transproxy/WLportal/Captive portal +${fwcmd} add 10000 allow tcp from any to localhost 80 +${fwcmd} add 10001 allow tcp from any to me 80 + +############ +# Reserved: WLPortal rule numbers +# 10010 - 10099 + +# Forward rules work without a base address, so needed a loop over all inet4 adresses +for INF in `ifconfig -a | awk -F\: '/: flags/ { print $1 }' | grep -E ${CAPTIVE}`; do + ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12, 192.168.1.0/24 80 in via ${INF} +done Index: /branches/breakout-spoke/nanobsd/files/etc/motd =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/motd (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/motd (revision 10119) @@ -0,0 +1,3 @@ +Stiching Wireless Leiden Node + +WWW: http://www.wirelessleiden.nl Index: /branches/breakout-spoke/nanobsd/files/etc/newsyslog.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/newsyslog.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/newsyslog.conf (revision 10119) @@ -0,0 +1,45 @@ +# configuration file for newsyslog +# $FreeBSD: src/etc/newsyslog.conf,v 1.52.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +# Entries which do not specify the '/pid_file' field will cause the +# syslogd process to be signalled when that log file is rotated. This +# action is only appropriate for log files which are written to by the +# syslogd process (ie, files listed in /etc/syslog.conf). If there +# is no process which needs to be signalled when a given log file is +# rotated, then the entry for that file should include the 'N' flag. +# +# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'. +# +# Note: some sites will want to select more restrictive protections than the +# defaults. In particular, it may be desirable to switch many of the 644 +# entries to 640 or 600. For example, some sites will consider the +# contents of maillog, messages, and lpd-errs to be confidential. In the +# future, these defaults may change to more conservative ones. +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 * JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 * JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC +/var/log/sendmail.st 640 10 * 168 B +/var/log/weekly.log 640 5 1 $W6D0 JN +/var/log/wtmp 644 3 * @01T05 B +/var/log/xferlog 600 7 100 * JC +/var/log/pen_wrapper.log 644 3 100 * J +/var/log/wlportal.log 664 3 100 * J /var/run/wlportal.pid +/var/log/wlweb-access.log 644 3 100 * J +/var/log/wlweb-error.log 644 3 100 * J +/var/log/snmpd.log 644 3 100 * J /var/run/snmpd.pid + + Index: /branches/breakout-spoke/nanobsd/files/etc/nsswitch.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/nsswitch.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/nsswitch.conf (revision 10119) @@ -0,0 +1,16 @@ +# +# nsswitch.conf(5) - name service switch configuration file +# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# no NIS +group: compat +# group_compat: nis +hosts: files dns +networks: files +passwd: compat +# passwd_compat: nis +shells: files +services: compat +# services_compat: nis +protocols: files +rpc: files + Index: /branches/breakout-spoke/nanobsd/files/etc/ntp.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/ntp.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/ntp.conf (revision 10119) @@ -0,0 +1,41 @@ +#XXX: Might need to be dynamic + +server 172.17.8.68 # proxy1 +server 172.17.143.4 # proxy2 +server 172.20.128.98 # proxy3 +server 172.16.2.254 # proxy4 +server 172.19.168.66 # proxy5 +server 172.16.3.146 # proxy6 +server 172.17.16.66 # proxy62 +server 172.17.0.1 # proxy7 +server 172.16.4.54 # proxy9 +server 172.22.0.66 # proxy10 +server 172.23.25.66 # proxy11 +server 172.16.3.98 # proxy13 +server 172.17.169.66 # proxy97 + +# and if all failes - use our local crummy clock +server 127.127.1.0 #stratum 10 +# Optional - to provide the surroundings +# with a accurate time - unsollicted. +# +# broadcast + +# This file is generated by 'ntp-genkey -d r' +# on any of the 3 time lords; and pulled +# from Genesis. +# +# keys /etc/ntp.keys + +# Limit the number of clients concurrent +# RQs' to the levels a simple not can +# sustain. Asumming 5Mbit this translates +# to some 5000 machines. + +# Ensure that our stats and drift files +# go to writable disk (/etc mounted RO +# on the flash-rom machines). +# +driftfile /var/db/ntp.drift + + Index: /branches/breakout-spoke/nanobsd/files/etc/rc.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/rc.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/rc.conf (revision 10119) @@ -0,0 +1,70 @@ +## Building options +dumpdev="NO" # No kernel dumps as we don't have a place to + # store them +gateway_enable="YES" # Act like a gateway please +ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) + +# Firewall needed for port redirection (captive portal, splash screen) +firewall_enable="YES" +firewall_script="/etc/ipfw.sh" + +# NTP server needs working config with WL network or internet on boot +# so some warnings might pop up, but no harm +ntpdate_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" + +# We need no running mail server +sendmail_enable="NONE" + +# Don't let syslog accept input from other remote hosts +syslogd_enable="YES" +syslogd_flags="-s -A -c -b 127.0.0.1" + +# Remote login without DNS checking as it might not also be functionable +# -u0 prevent sshd from making DNS requests unless the authentication mechanism +# or configuration requires it. +sshd_enable="YES" +sshd_flags="-u0" + +# Don't update the motd as it not writeable, the update_nanobsd_motd is a +# simple wrapper found at /usr/local/etc/rc.d supporting this featureg +update_motd="NO" +update_nanobsd_motd="YES" + +## Port extentions +# Serve our clients some pretty cool IP address to at least get connected +# Also some low-memory footprint dns resolver +dnsmasq_enable="YES" + +# Monitoring deamons +nrpe2_enable="YES" +snmpd_enable="YES" +snmpd_flags="-a -LF w /var/log/snmpd.log" + +# Some nodes will serve as HTTP(S) proxy server +tinyproxy_enable="NO" + +## WL ports extentions +thttpd_enable="YES" +http302_enable="YES" + +lvrouted_enable="YES" +lvrouted_flags="-u -s s00p3rs3kr3t -m 28" + +# Make sure generated ssh keys are saved +nanobsd_save_sshkeys_enable="YES" + +# Do some cool stuff with pen, like checking on best connections and reload, so +# need a wrapper instead of the conventional startup script +pen_wrapper_enable="YES" + +## Initial (network) configuration +# +hostname="ChangeMe.example.org" +# XXX: Maybe something cool (zero config) as initial configuration + +## Iperf server mode +# +iperf_enable="YES" Index: /branches/breakout-spoke/nanobsd/files/etc/ssh/ssh_config =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/ssh/ssh_config (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/ssh/ssh_config (revision 10119) @@ -0,0 +1,5 @@ +Host *.wleiden.net + ForwardAgent yes + +Host 172.16.?.? + ForwardAgent yes Index: /branches/breakout-spoke/nanobsd/files/etc/ssh/sshd_config =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/ssh/sshd_config (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/ssh/sshd_config (revision 10119) @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +# Note that some of FreeBSD's defaults differ from OpenBSD's, and +# FreeBSD has a few additional options. + +#VersionAddendum FreeBSD-20090522 + +#Port 22 +#Protocol 2 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to yes to enable built-in password authentication. +#PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable PAM authentication +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'no' to disable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server Index: /branches/breakout-spoke/nanobsd/files/etc/sysctl.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/sysctl.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/sysctl.conf (revision 10119) @@ -0,0 +1,4 @@ +#XXX: Might needs to be dynamic as value depends on link length +dev.ath.0.acktimeout=35 +dev.ath.1.acktimeout=35 +dev.ath.2.acktimeout=35 Index: /branches/breakout-spoke/nanobsd/files/etc/syslog.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/syslog.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/syslog.conf (revision 10119) @@ -0,0 +1,32 @@ +# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +*.* @loghost.wleiden.net +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!startslip +*.* /var/log/slip.log +!ppp +*.* /var/log/ppp.log Index: /branches/breakout-spoke/nanobsd/files/etc/ttys-nanobsd.patch =================================================================== --- /branches/breakout-spoke/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) @@ -0,0 +1,31 @@ +--- etc/ttys 2010-01-12 11:47:58.000000000 +0100 ++++ ttys 2010-01-12 11:48:26.000000000 +0100 +@@ -30,19 +30,19 @@ + # when going to single-user mode. + console none unknown off secure + # +-ttyv0 "/usr/libexec/getty Pc" cons25 on secure ++ttyv0 "/usr/libexec/getty Pc" cons25 off secure + # Virtual terminals +-ttyv1 "/usr/libexec/getty Pc" cons25 on secure +-ttyv2 "/usr/libexec/getty Pc" cons25 on secure +-ttyv3 "/usr/libexec/getty Pc" cons25 on secure +-ttyv4 "/usr/libexec/getty Pc" cons25 on secure +-ttyv5 "/usr/libexec/getty Pc" cons25 on secure +-ttyv6 "/usr/libexec/getty Pc" cons25 on secure +-ttyv7 "/usr/libexec/getty Pc" cons25 on secure ++ttyv1 "/usr/libexec/getty Pc" cons25 off secure ++ttyv2 "/usr/libexec/getty Pc" cons25 off secure ++ttyv3 "/usr/libexec/getty Pc" cons25 off secure ++ttyv4 "/usr/libexec/getty Pc" cons25 off secure ++ttyv5 "/usr/libexec/getty Pc" cons25 off secure ++ttyv6 "/usr/libexec/getty Pc" cons25 off secure ++ttyv7 "/usr/libexec/getty Pc" cons25 off secure + ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure + # Serial terminals + # The 'dialup' keyword identifies dialin lines to login, fingerd etc. +-ttyu0 "/usr/libexec/getty std.9600" dialup off secure ++ttyu0 "/usr/libexec/getty std.9600" ansi on secure + ttyu1 "/usr/libexec/getty std.9600" dialup off secure + ttyu2 "/usr/libexec/getty std.9600" dialup off secure + ttyu3 "/usr/libexec/getty std.9600" dialup off secure Index: /branches/breakout-spoke/nanobsd/files/root/.ssh =================================================================== --- /branches/breakout-spoke/nanobsd/files/root/.ssh (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/root/.ssh (revision 10119) @@ -0,0 +1,1 @@ +link /etc/dot_ssh Index: /branches/breakout-spoke/nanobsd/files/root/.vimrc =================================================================== --- /branches/breakout-spoke/nanobsd/files/root/.vimrc (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/root/.vimrc (revision 10119) @@ -0,0 +1,4 @@ +syntax on +set tabstop=4 +set shiftwidth=4 +set viminfo='50,n/tmp/viminfo Index: /branches/breakout-spoke/nanobsd/files/tools/change_password =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/change_password (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/change_password (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/change_password,v 1.3.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +passwd root + +cfgslice=`grep '/cfg' /etc/fstab | cut -d \ -f 1` + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +cp /etc/master.passwd /etc/passwd /etc/pwd.db /etc/spwd.db /etc/group /cfg +umount /cfg +trap 1 2 15 EXIT Index: /branches/breakout-spoke/nanobsd/files/tools/dhcpd_snmp.sh =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) @@ -0,0 +1,15 @@ +#!/bin/sh +# Write dhcpd ranges to dhcpd-snmp.conf + +DHCPD="/usr/local/etc/dhcpd.conf" +DHSNMP="/usr/local/etc/dhcpd-snmp.conf" +INDEX="0" + +DHPOOL=`cat ${DHCPD} | grep range | awk '{print $2"-"$3}' | cut -d";" -f1` +for range in ${DHPOOL} +do + $((INDEX=INDEX+1)) + echo "`echo "pool:" $INDEX", pool"$INDEX", "$range | \ + sed 's/^.*(//'`" >> $DHSNMP +done + Index: /branches/breakout-spoke/nanobsd/files/tools/find-nanostation =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/find-nanostation (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/find-nanostation (revision 10119) @@ -0,0 +1,16 @@ +#!/bin/sh +# Discover nanostation using CDPv1 packets +# Credits: http://sidewynder.blogspot.com/2005/07/tcpdump-filter-for-capturing-only.html + +if [ "x$1" = "x" ]; then + echo "Usage: $0 [count]" 1>&2 + echo "Find (lost) Nanostation IP using 'count' CDPv1 packet(s)" + echo "Normally CDPv1 packets get send every minute" 1>&2 + echo "Interface hints: `ifconfig -l`" 1>&2 + exit 1 +fi +IFACE=$1 +COUNT=${2-1} + + +tcpdump -nn -v -i $IFACE -s 1500 -c $COUNT 'ether[20:2] == 0x2000' Index: /branches/breakout-spoke/nanobsd/files/tools/save_sshkeys =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/save_sshkeys (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/save_sshkeys (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/save_sshkeys,v 1.4.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +mkdir -p /cfg/ssh +( +cd /etc/ssh +cp ssh_host_* /cfg/ssh +) +umount /cfg +trap 1 2 15 EXIT Index: /branches/breakout-spoke/nanobsd/files/tools/syslogd_flag.sh =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/syslogd_flag.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/syslogd_flag.sh (revision 10119) @@ -0,0 +1,7 @@ +#!/bin/sh +# Set hostname for syslogd -b flag + +HOST=`cat /etc/rc.conf.local | grep hostname | cut -d'"' -f2` +sed -i "" -e /syslogd_flags=/s/localhost/${HOST}/ /etc/rc.conf + + Index: /branches/breakout-spoke/nanobsd/files/tools/update-wrapper =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/update-wrapper (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/update-wrapper (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Update the non-active partition, input will stdin if no argument given else a +# listing netcat sesion will be opened at the given port +# Can be used in the following setups: +# 1) Systems with CPU limits (e.g. no encryption and/or compression): +# ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper 3333 & +# cat nanobsd.image | nc node.example.org 3333 +# 2) Standard setup: +# cat nanobsd.image | ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper +# +# Licence: BSD http://wirelessleiden.nl/LICENSE +# +# Rick van der Zwet + +. /etc/nanobsd.conf + +ROOT=`cd $(dirname $0); pwd -P` + +# Find out which partion to use +mount | grep -q ${NANO_DRIVE}s1 && UPDATE=$ROOT/updatep2 || UPDATE=$ROOT/updatep1 + +if [ -z $1 ]; then + $UPDATE +else + nc -l $1 | $UPDATE +fi Index: /branches/breakout-spoke/nanobsd/files/tools/updatep1 =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/updatep1 (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/updatep1 (revision 10119) @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep1,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 1 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep1 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s1 > /dev/null ; then + echo "You are running partition 1 already" + echo "you probably want to use 'updatep2' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s1 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s1 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s1a + +gpart set -a active -i 1 ${NANO_DRIVE} + Index: /branches/breakout-spoke/nanobsd/files/tools/updatep2 =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/updatep2 (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/updatep2 (revision 10119) @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep2,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 2 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep2 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s2 > /dev/null ; then + echo "You are running partition 2 already" + echo "you probably want to use 'updatep1' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s2 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s2 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s2a + +# Update the /etc/fstab +trap "umount /mnt" 1 2 15 EXIT +mount /dev/${NANO_DRIVE}s2a /mnt +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/conf/base/etc/fstab +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/etc/fstab +umount /mnt +trap 1 2 15 EXIT + +gpart set -a active -i 2 ${NANO_DRIVE} + Index: /branches/breakout-spoke/nanobsd/files/tools/wl-config =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/wl-config (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/wl-config (revision 10119) @@ -0,0 +1,266 @@ +#!/bin/sh +# Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd) +# Based on the 'API' of Jasper +# Rick van der Zwet +# XXX: TODO, some proper error checking for fetch + +BASEURL="http://132.229.112.21/config/iris/node/FreeBSD/8.0-RELEASE/g_list.pl" + +# Slow connection = no connection +HTTP_TIMEOUT=3 + +# Connectivity check +fetch -o /dev/null -q $BASEURL > /dev/null +if [ $? -ne 0 ]; then + echo "# [INFO] Connecting failed, setting generic proxy and trying again" + export HTTP_PROXY=proxy.wleiden.net:3128 + fetch -o /dev/null -q $BASEURL > /dev/null + if [ $? -ne 0 ]; then + echo "# [WARN] Connect failed, setting IP proxy and trying again" + export HTTP_PROXY=172.16.3.98:3128 + fetch -o /dev/null -q $BASEURL > /dev/null + if [ $? -ne 0 ]; then + echo "# [CRIT] Connect failed, please fix and set proxy manually" + exit 1 + fi + fi +fi + +# Default config to fetch +CONFIG=`hostname -s` + +# Determine it's statup and running location and some other hints +# Skip named.conf as it not planned in current release +FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf wleiden.conf" +file_details() { + case "$1" in + 'authorized_keys') + STARTUP_LOC="/cfg/dot_ssh/${FILE}" + RUNNING_LOC="/etc/dot_ssh/${FILE}" + FILE_HINT="" + ;; + 'dnsmasq.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart" + ;; + 'named.conf') + STARTUP_LOC="/cfg/namedb/${FILE}" + RUNNING_LOC="/etc/namedb/${FILE}" + FILE_HINT="/etc/rc.d/named restart" + ;; + 'rc.conf.local') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="/etc/rc.d/netif restart" + ;; + 'resolv.conf') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="" + ;; + 'wleiden.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="" + ;; + esac +} + +usage() { + ( + echo "Usage: $0 [-bn] [-c ] [-m ]" + echo " -b batch mode, no user input" + echo " -c default configuration to fetch" + echo " -n do not mount config partition" + echo " -m all copy config files to running & config partition [default]" + echo " -m startup copy config files to config partition" + echo " -m testing do not copy config files" + echo " -m running copy config files to running partition" + echo " -m hack copy running files to config partition" + ) 1>&2 + exit 2 +} + +# Argument parsing using getopts +USE_API=1 # Whether or not to use the webinterface +OPT_MOUNT=1 +OPT_RUNNING=1 +OPT_STARTUP=1 +OPT_HACK=0 # Hack for people without configuration managment and testing +OPT_BATCH=0 + +parse_options() { + while getopts "bc:nm:" OPT; do + case "$OPT" in + b) OPT_BATCH=1;; + c) CONFIG="${OPTARG}";; + n) OPT_MOUNT=0;; + m) case "$OPTARG" in + all) true;; + live) OPT_STARTUP=0;; + startup) OPT_RUNNING=0;; + testing) OPT_RUNNING=0; OPT_STARTUP=0; OPT_MOUNT=0;; + hack) OPT_RUNNING=0; OPT_STARTUP=0; OPT_HACK=1; USE_API=0;; + *) usage;; + esac;; + h) usage;; + \?) usage;; + esac + done + # Allow to override automatic mounting, in case of external mount 'managment' + if [ "$1" = "-n" ]; then + OPT_MOUNT=0 + fi + + if [ "${OPT_RUNNING}" -eq 1 ]; then + echo "INFO: Storing new config files in running configuration" + fi + + if [ "${OPT_STARTUP}" -eq 1 ]; then + echo "INFO: Storing new config files in startup configuration" + fi + + if [ "${OPT_HACK}" -eq 1 ]; then + echo "WARN: Copy running configuration to startup configuration" + echo "WARN: Please do mind to document/mention this changes somewhere" + fi + + # New line before the real work gets started + echo "" +} + + + + +# test validity of input +config_validator() { + INPUT="$1" + `grep -q "^${INPUT}\$" ${TMPDIR}/node_list.txt` + if [ $? -eq 0 ]; then + return 0 + else + echo "WARNING: Input '${INPUT}' is not valid, some hints..." + grep -i "${INPUT}" ${TMPDIR}/node_list.txt + return 1 + fi +} + + + +select_node() { + # List of all available nodes + fetch -q -o ${TMPDIR}/node_list.txt ${BASEURL} || exit 1 + + # Provide Nodelist and feedback + cat ${TMPDIR}/node_list.txt | column + echo ' THIS script adds the config from GENESIS to this operating system' + echo ' make sure you know what you are doing, if not press control-C' + echo ' ENTER CONFIG NAME ......(and press enter)' + + if [ ${OPT_BATCH} -eq 1 ]; then + config_validator "${CONFIG}" + if [ $? -eq 1 ]; then + echo "ERROR: Please provide valid config" 1>&2 + exit 1 + fi + else + # Have the user to select the right node + INVALID_CONFIG=1 + while [ ${INVALID_CONFIG} -eq 1 ]; do + # Ask for node name, play around with prev option + echo -n "Name [${CONFIG}]: " + read INPUT + if [ -z "${INPUT}" ]; then + INPUT=${CONFIG} + else + CONFIG=${INPUT} + fi + + config_validator "${INPUT}" + if [ $? -eq 0 ]; then + INVALID_CONFIG=0 + fi + done + fi +} + + + + +# Copy file, saving some bits if no change needed +copy_file() { + SOURCE=$1 + TARGET=$2 + diff -q ${SOURCE} ${TARGET} >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + mkdir -p `dirname ${TARGET}` || exit 1 + cp ${SOURCE} ${TARGET} || exit 1 + return $? + fi + return 1 +} + +# Main function +main() { + TMPDIR=`mktemp -d -t $(basename $0)` + # Clear out tempdir when done + if [ ${OPT_MOUNT} -eq 1 ]; then + trap "rm -Rf ${TMPDIR}; umount /cfg; mount -ro noatime /; exit" 0 1 2 3 15 + else + trap "rm -Rf ${TMPDIR}; exit" 0 1 2 3 15 + + fi + + # Mount if requested + if [ ${OPT_MOUNT} -eq 1 ]; then + mount -uwo noatime / + mount /cfg + fi + + # Select node from web-interface + if [ ${USE_API} -eq 1 ]; then + select_node + fi + + # Worker, place all files in required directory + for FILE in ${FILES}; do + if [ ${USE_API} -eq 1 ]; then + # Fetch needed file + FRESH_LOC=${TMPDIR}/${FILE} + fetch -q -o ${FRESH_LOC} ${BASEURL}/${CONFIG}/${FILE} || exit 1 + fi + + # Needed file details, like locations and hints + file_details ${FILE} + + echo "INFO: Working on file: '${FILE}'" + # Copy file boot location + if [ ${OPT_STARTUP} -eq 1 ]; then + copy_file ${FRESH_LOC} ${STARTUP_LOC} + fi + + # Copy file running location + if [ ${OPT_RUNNING} -eq 1 ]; then + copy_file ${FRESH_LOC} ${RUNNING_LOC} + if [ $? -eq 0 ]; then + echo "INFO: '${FILE}' changed" + if [ -n "${FILE_HINT}" ]; then + echo "INFO: For instant activate: ${FILE_HINT}" + echo "" + fi + fi + fi + + # Direct copy + if [ ${OPT_HACK} -eq 1 ]; then + # No checking, just dumb try to copy mode + cp -v ${RUNNING_LOC} ${STARTUP_LOC} + fi + done + + exit 0 +} + +parse_options $* +main Index: /branches/breakout-spoke/nanobsd/files/tools/wl-version =================================================================== --- /branches/breakout-spoke/nanobsd/files/tools/wl-version (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/tools/wl-version (revision 10119) @@ -0,0 +1,35 @@ +#!/bin/sh +# Get bare minimal information of node, for the use of easy debugging +# Rick van der Zwet + +# Trac specific code +echo "----" +echo "{{{" + +# Introduction +echo "Generated by $USER@`hostname`" +echo "Date: `date`" + +# Kernel information +uname -a | fold + +# Mount information, for the use of checking which slize is usd +mount + +# static iinformation, on image, like build, time, who, +VERSION='/tools/wl-release.txt' +cat $VERSION + +if [ -r /VERSION ]; then + cat /VERSION + seperator +fi + +# Current ip configuration +ifconfig -a + +# XXX: Configuration specifics + +# Trac specific code +echo "}}}" +echo "----" Index: /branches/breakout-spoke/nanobsd/files/usr/local/bin/http302 =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/bin/http302 (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/bin/http302 (revision 10119) @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Only purpose is to send somebody to the Captive Portal +# +URL=${URL:-http://172.31.255.1/wlportal} + +# Send information to client +echo -e "HTTP/1.1 302 OK\r" +echo -e "Location: $URL\r" +echo -e "\r" + Index: /branches/breakout-spoke/nanobsd/files/usr/local/bin/mvim =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/bin/mvim (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/bin/mvim (revision 10119) @@ -0,0 +1,10 @@ +#!/bin/sh +# +# Wrapper to support file hacking on read-only file systems more easily +# +# Rick van der Zwet + + +mount -uwo noatime || exit +vim $* +mount -uro noatime / Index: /branches/breakout-spoke/nanobsd/files/usr/local/bin/pen_wrapper =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) @@ -0,0 +1,121 @@ +#!/bin/sh +# Pen proxy wrapper, periodic check for best connections +# Stichting Wireless Leiden +# Rick van der Zwet + +BIND_ADDR=${1-172.31.255.1} +BIND_PORT=${2-3128} +DEBUG=0 + +#XXX: Really static list, some dynamic alternative prefered +PROXY_LIST="${3-172.17.8.68:3128 \ + 172.17.143.4:3128 \ + 172.20.128.98:3128 \ + 172.16.2.254:3128 \ + 172.19.168.66:3128 \ + 172.16.3.146:3128 \ + 172.17.16.66:3128 \ + 172.17.0.1:3128 \ + 172.16.4.54:3128 \ + 172.22.0.66:3128 \ + 172.23.25.66:3128 \ + 172.17.169.66:3128}" + + +TEST_URL="http://www.ams-ix.net/" +TEST_INTERVAL=`expr 30 \* 60` # Back-off period in seconds, re-testing period + + +# Don't touch, unless you know what you are doing +PIDFILE='/var/run/pen.pid' +PEN='/usr/local/bin/pen' +PEN_FLAGS="-b 30 -r -p ${PIDFILE} -o prio ${BIND_ADDR}:${BIND_PORT}" + +LOGFILE='/var/log/pen_wrapper.log' + +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + if [ ${DEBUG} -eq 0 ]; then + echo "${_msg}" >> ${LOGFILE} + else + echo "${_msg}" + fi +} + +d_log() { + if [ ${DEBUG} -ne 0 ]; then + log $* + fi +} + +test_proxy() +{ + # Set proxy + PROXY=$1 + PORT=$2 + URL=$3 + export HTTP_PROXY="${PROXY}:${PORT}" + + # Attempted fetch + retstr=`fetch -T 3 -o /dev/null ${URL} 2>&1` + retval=$? + + # Store to list if successfull + if [ "${retval}" -eq 0 ]; then + BPS=`echo "${retstr}" | awk '/Bps/ {printf $4}'` + echo "${BPS} ${PROXY}" >> ${TMPFILE} + fi + return $retval +} + +sort_proxies() +{ + # Result holder + TMPFILE=`mktemp -t pen_wrapper` + + for _host in ${PROXY_LIST}; do + PROXY=`echo $_host | cut -d ":" -f1` + PORT=`echo $_host | cut -d ":" -f2` + _msg="Fetching '${TEST_URL}' via '${PROXY}:${PORT}' ..." + test_proxy ${PROXY} ${PORT} ${TEST_URL} && d_log ${_msg} "OK" || d_log ${_msg} "FAILED" + done + + _proxylist=`sort -nr ${TMPFILE} | awk '{print $2}' | tr '\n' ' '` + _cfg="0:0:1:1" + if [ -n "${_proxylist}" ]; then + _prio="0" + _proxy_arg="" + for _proxy in ${_proxylist}; do + _prio=`expr ${_prio} + 1` + _proxy_arg="${_proxy_arg} ${_proxy}:${PORT}:${_cfg}:${_prio}" + done + fi + # Clear out junk + rm -f ${TMPFILE} + NEW_PROXY_LIST="${_proxy_arg}" +} + + +## +# Main loop +LIVE_PROXY_LIST='' +while true; do + sort_proxies + if [ "${LIVE_PROXY_LIST}" != "${NEW_PROXY_LIST}" ]; then + log "INFO: New listing to be configured '${NEW_PROXY_LIST}'" + d_log "Live: ${LIVE_PROXY_LIST}" + d_log "New : ${NEW_PROXY_LIST}" + # Pen should only be started if alias exists + ifconfig | grep -q ${BIND_ADDR} + if [ $? -eq 0 ]; then + if [ -r ${PIDFILE} ]; then + kill `cat ${PIDFILE}` + fi + ${PEN} ${PEN_FLAGS} ${NEW_PROXY_LIST} + LIVE_PROXY_LIST="${NEW_PROXY_LIST}" + fi + fi + sleep ${TEST_INTERVAL} +done Index: /branches/breakout-spoke/nanobsd/files/usr/local/bin/ssh-copy-id =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) @@ -0,0 +1,50 @@ +#!/bin/sh + +# Shell script to install your public key on a remote machine +# Takes the remote machine name as an argument. +# Obviously, the remote machine must accept password authentication, +# or one of the other keys in your ssh-agent, for this to work. + +ID_FILE="${HOME}/.ssh/id_rsa.pub" + +if [ "-i" = "$1" ]; then + shift + # check if we have 2 parameters left, if so the first is the new ID file + if [ -n "$2" ]; then + if expr "$1" : ".*\.pub" >/dev/null; then + ID_FILE="$1" + else + ID_FILE="$1.pub" + fi + shift # and this should leave $1 as the target name + fi +else + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then + GET_ID="$GET_ID ssh-add -L" + fi +fi + +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then + GET_ID="cat ${ID_FILE}" +fi + +if [ -z "`eval $GET_ID`" ]; then + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 + exit 1 +fi + +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 + +cat <&2 + exit $EX_NOINPUT +fi + +# Compare files, ignore white spaces, modification, etc +diff -b -B -q ${SRC} ${DST}; RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # 2: DST does not yet, exists, 1: file differs + mount -uwo noatime /cfg + mkdir -p /cfg/local + cp ${SRC} ${DST} +fi + +exit $EX_OK Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/dhcpd-snmp.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) @@ -0,0 +1,1 @@ +leases: /var/db/dhcpd.leases Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/dhcpd.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) @@ -0,0 +1,7 @@ +ddns-update-style none; + +subnet 192.168.2.0 netmask 255.255.255.0 { + option domain-name-servers 192.168.2.1 ; + option routers 192.168.2.1 ; + range 192.168.2.50 192.168.2.99 ; +} Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/nrpe.cfg =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) @@ -0,0 +1,14 @@ +server_port=5666 +allowed_hosts=172.16.4.46 +nrpe_user=nagios +nrpe_group=nagios +command_timeout=60 + +command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 +command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 +command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p / +command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var +command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70 +command[check_inet]=/usr/local/libexec/nagios/check_inet +command[check_inet2]=/usr/local/libexec/nagios/check_inet2 +command[check_lv]=/usr/local/libexec/nagios/check_lv Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/ntp.drift =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) @@ -0,0 +1,1 @@ +0.000 Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/proxies.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) @@ -0,0 +1,12 @@ +172.17.8.68:3128 +172.17.143.4:3128 +172.20.128.98:3128 +172.16.2.254:3128 +172.19.168.66:3128 +172.16.3.146:3128 +172.17.16.66:3128 +172.17.0.1:3128 +172.16.4.54:3128 +172.22.0.66:3128 +172.23.25.66:3128 +172.17.169.66:3128 Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/http302 =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# PROVIDE: http301 +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# http302_enable="YES" +# +. /etc/rc.subr + +name=http302 +rcvar=`set_rcvar` + +command=/usr/local/bin/tcpserver +command_args="-R -H -l 0 172.31.255.1 8081 /usr/local/bin/http302 &" + +load_rc_config ${name} + +http301_enable=${http301_enable-"NO"} + +#### +# tcpserver does not generate a pid file + +run_rc_command "$1" + Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/iperf =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: iperf +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# iperf_enable="YES" +# +. /etc/rc.subr + +name=iperf +rcvar=`set_rcvar` + +command=/usr/local/bin/iperf +command_args="-s -D" + +load_rc_config ${name} + +iperf_enable=${iperf_enable-"NO"} + +#### +# iperf does not generate a pid file +# iperf_pidfile=${iperf_pidfile-"/var/run/.pid"} +# pidfile="${iperf_pidfile}" + +run_rc_command "$1" + Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/motd,v 1.9.10.1.4.1 2009/04/15 03:14:26 kensmith Exp $ +# + +# PROVIDE: nanobsd-motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="nanobsd_motd" +rcvar="update_nanobsd_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + echo -n 'Updating motd' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' ... /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + # XXX: Hack quick and dirty combine of /etc/rc.d/motd and /tools/savesshkeys + trap "umount /cfg" 1 2 15 EXIT + mount /cfg + cp $T /cfg/motd + chmod ${PERMS} /etc/motd + umount /cfg + trap 1 2 15 EXIT + + trap "mount -uro noatime /" 1 2 15 EXIT + mount -uwo noatime / + cp $T /etc/motd + chmod ${PERMS} /etc/motd + mount -uro noatime / + trap 1 2 15 EXIT + } + rm -f $T + + echo . +} + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen +# REQUIRE: NETWORKING SERVERS sshd +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable nanobsd-save-sshkeys: +# +# nanobsd_save_sshkeys_enable="YES" +# + +. /etc/rc.subr + +name=nanobsd_save_sshkeys +rcvar=`set_rcvar` + +nanobsd_save_sshkeys_enable=${nanobsd_save_sshkeys_enable:-"NO"} + +start_cmd="save_sshkeys" +stop_cmd="save_sshkeys" + +save_sshkeys() { + MOUNTED_RW=0 + trap "umount /cfg" 1 2 15 EXIT + mount -ro noatime /cfg + for FILE in /etc/ssh/ssh_host_*; do + cmp -s $FILE /cfg/ssh/`basename ${FILE}` + if [ $? -ne 0 ]; then + if [ ${MOUNTED_RW} -eq 0 ]; then + mount -uwo noatime /cfg + mkdir -p /cfg/ssh + MOUNTED_RW=1 + fi + cp $FILE /cfg/ssh/`basename ${FILE}` + fi + done + + umount /cfg + trap 1 2 15 EXIT +} + + +load_rc_config $name +run_rc_command "$1" + Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/pen_wrapper =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen_wrapper +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable pen: +# +# pen_wrapper_enable="YES" +# + +. /etc/rc.subr + +pen_wrapper_cmd() { + ${command_interpreter} ${command} & +} + +name=pen_wrapper +rcvar=`set_rcvar` +start_cmd=${name}_cmd + +command_interpreter="/bin/sh" +command=/usr/local/bin/pen_wrapper + +pen_wrapper_enable=${pen_wrapper_enable:-"NO"} +pen_wrapper_flags=${pen_wrapper_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/thttpd.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) @@ -0,0 +1,6 @@ +user=root +dir=/usr/local/www +cgipat=** +nochroot +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid Index: /branches/breakout-spoke/nanobsd/files/usr/local/etc/tinyproxy.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User nobody +Group nogroup + +# +# Port to listen on. +# +Port 3128 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/local/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/local/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/local/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/local/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/local/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/local/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/local/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/local/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Info + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 172.16.0.0/12 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +#ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +#Filter "/etc/tinyproxy/filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 Index: /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_inet =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# HTTP proxy to use +HTTP_PROXY=http://proxy.wleiden.net:3128 + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Make variable global, so fetch can use it +export HTTP_PROXY + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '{ print $4 " " $5 }'` + +# What was the format of speed (Bps) +TYPE=`echo ${SPEEDOUT} | awk '{ print $5 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$TYPE" = "Bps" ]; then + + # Let's celebrate, it was successfull + echo "INET OK: $SPEED" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_inet2 =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) @@ -0,0 +1,31 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '/Bps/ { print $13 " " $14 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$SPEED" ]; then + + # Let's celebrate, it was successfull + printf "INET OK: $SPEED\n" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_lv =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) @@ -0,0 +1,107 @@ +#!/usr/local/bin/python + +import os +import re + +# Bsd config file +config="/etc/rc.conf.local" + +def gettrees () : + ip = [] + + # Run through all the files in /tmp + for filename in os.listdir('/tmp'): + + # Match lvrouted tree files and get ip address + # lvrouted.tree-172.16.4.9 + match = re.match(r'lvrouted.tree-(.*)$', filename) + if match: + + # append ip address to list + ip.append(match.group(1)) + + return ip + +# Get all ips in the subnet (based on ip and mask) +def iprange (ip, mask) : + + # Max number of bits in the subnetmask + max=32 + + # Make sure the mask is integer + mask=int(mask) + + # Don't do anything with certain subnet sizes + if mask > 27 and mask < 32 : + + # Make an ip list + iplist = [] + + # Split the ip + oc = ip.split(".") + + # Calculate the total subnet size + max = 2 ** ( max - mask ) + + # Make sure the last oclet of the ip is integer + oc[3] = int(oc[3]) + + # Calculate the lower end of the subnet + min = oc[3] - ( oc[3] % max ) + 1 + + # Calculate the upper end of the subnet + max = min + max - 2 + + # Run through all possible ip's + for oc3 in range(min, max): + + # Add Ip to iplist + iplist.append(str(oc[0]) + "." + str(oc[1]) + "." + str(oc[2]) + "." + str(oc3)) + + # Return the iplist to the caller + return iplist + +# Open the config file and run through it +file = open (config) +treeips = gettrees() +invalid = [] +rcips = [] + +for line in file.readlines(): + + # Get variable's out of the config file and validate it + match = re.match(r'ipv4_addrs_(.*?)="(.*?)/([\d]{1,2})(.*)"$', line) + if match: + + # Get info + iface = match.group(1) + ip = match.group(2) + mask = match.group(3) + + # Call iprange, get all ip's in the subnet + allips = iprange(ip, mask) + + # Don't iterate through empty list + if allips: + + valid=0 + + # Check if one of the ip's in the lvrouted list (one must be present) + for rangeip in allips: + if rangeip in treeips: + valid=1 + + if not valid: + invalid.append(iface) + +if invalid: + retval = "LV ERROR:" + for iface in invalid: + retval = retval + " " + iface + print retval + exit(2) +else: + print "LV OK" + exit(0) + + Index: /branches/breakout-spoke/nanobsd/files/usr/local/sbin/dhcpd-snmp =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) @@ -0,0 +1,452 @@ +#! /usr/bin/perl +# -------------------------------------------------------------------- +# Copyright (C) 2006 Oliver Hitz +# +# $Id: dhcpd-snmp.in,v 1.2 2006/01/25 19:26:00 oli Exp $ +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, +# MA 02111-1307, USA. +# -------------------------------------------------------------------- +# dhcpd-snmp +# +# An extension for polling the active and available lease counts of a +# running dhcpd. +# +# Please read the man page dhcpd-snmp(8) for instructions. +# -------------------------------------------------------------------- + +use Time::Local; +use strict; + +# The base OID of this extension. Has to match the OID in snmpd.conf: +my $baseoid = ".1.3.6.1.4.1.21695.1.2"; + +# Results are cached for some seconds so that an SNMP walk doesn't +# result in dhcpd.leases being parsed multiple times. +my $cache_secs = 60; + +# -------------------------------------------------------------------- + +my $mib; +my $mibtime; + +# Load configuration file +my $conf = read_configuration($ARGV[0]); + +# Switch on autoflush +$| = 1; + +# Main loop +while (my $cmd = ) { + chomp $cmd; + + if ($cmd eq "PING") { + print "PONG\n"; + } elsif ($cmd eq "get") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $mib = create_dhcp_mib(); + + if ($oid != 0 && defined($mib->{$oid})) { + print "$baseoid.$oid\n"; + print $mib->{$oid}[0]."\n"; + print $mib->{$oid}[1]."\n"; + } else { + print "NONE\n"; + } + } elsif ($cmd eq "getnext") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $found = 0; + + my $mib = create_dhcp_mib(); + my @s = sort { oidcmp($a, $b) } keys %{ $mib }; + for (my $i = 0; $i < @s; $i++) { + if (oidcmp($oid, $s[$i]) == -1) { + print "$baseoid.".$s[$i]."\n"; + print $mib->{$s[$i]}[0]."\n"; + print $mib->{$s[$i]}[1]."\n"; + $found = 1; + last; + } + } + if (!$found) { + print "NONE\n"; + } + } else { + # Unknown command + } +} + +exit 0; + +sub get_oid +{ + + my ($oid) = @_; + chomp $oid; + + my $base = $baseoid; + $base =~ s/\./\\./g; + + if ($oid !~ /^$base(\.|$)/) { + # Requested oid doesn't match base oid + return 0; + } + + $oid =~ s/^$base\.?//; + return $oid; +} + +sub oidcmp { + my ($x, $y) = @_; + + my @a = split /\./, $x; + my @b = split /\./, $y; + + my $i = 0; + + while (1) { + + if ($i > $#a) { + if ($i > $#b) { + return 0; + } else { + return -1; + } + } elsif ($i > $#b) { + return 1; + } + + if ($a[$i] < $b[$i]) { + return -1; + } elsif ($a[$i] > $b[$i]) { + return 1; + } + + $i++; + } +} + +sub create_dhcp_mib +{ + # We cache the results for $cache_secs seconds + if (time - $mibtime < $cache_secs) { + return $mib; + } + + # Read in all leases + read_leases(); + + my %dhcp = ( + "1" => [ "integer", 0 ], # Number of pools + ); + + foreach my $i (keys %{ $conf->{"pools"} }) { + $dhcp{"1"}[1]++; + + my $pool = $conf->{"pools"}->{$i}; + + $dhcp{"2.1.".$i} = [ "integer", $i ]; + $dhcp{"2.2.".$i} = [ "string", $pool->{"name"} ]; + $dhcp{"2.3.".$i} = [ "integer", $pool->{"total"} ]; + $dhcp{"2.4.".$i} = [ "integer", $pool->{"active"} ]; + $dhcp{"2.5.".$i} = [ "integer", $pool->{"expired"} ]; + $dhcp{"2.6.".$i} = [ "integer", $pool->{"total"} - $pool->{"active"} ]; + } + + $mib = \%dhcp; + $mibtime = time; + return $mib; +} + +sub ip2int { + my ($ip) = @_; + + if ($ip =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { + return 256*(256*(256*$1+$2)+$3)+$4; + } else { + return -1; + } +} + +sub read_leases +{ + # Clear leases + foreach my $i (keys %{ $conf->{"pools"} }) { + $conf->{"pools"}->{$i}->{"leases"} = (); + $conf->{"pools"}->{$i}->{"active"} = 0; + $conf->{"pools"}->{$i}->{"expired"} = 0; + } + + # Read leases + if (!open(LEASES, $conf->{"leases"})) { + printf STDERR "Unable to open leases file '%s'!\n", $conf->{leases}; + return; + } + + my %l = undef; + + while (my $line = ) { + if ($line =~ /^lease (\d+\.\d+\.\d+\.\d+) \{$/) { + my $ip = ip2int($1); + undef %l; + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + my $found = 0; + + foreach my $r (@{ $pool->{"ranges"} }) { + if (($ip >= $r->{"from"}) && ($ip <= $r->{"to"})) { + %l = ( "pool" => $i, "ip" => $ip ); + $found = 1; + last; + } + } + if ($found) { + last; + } + } + } elsif (defined %l && $line =~ /^\s+ends \d (\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+);$/) { + $l{"ends"} = timegm($6, $5, $4, $3, $2-1, $1); + } elsif (defined %l && $line =~ /^\s+ends never;$/) { + $l{"ends"} = -1; + } elsif (defined %l && $line =~ /^\}$/) { + $conf->{"pools"}->{$l{"pool"}}->{"leases"}->{$l{"ip"}} = $l{"ends"}; + } + } + + close(LEASES); + + # Count active and expired leases + my $now = time(); + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + + foreach my $ip (keys %{ $pool->{"leases"} }) { + my $end = $pool->{"leases"}->{$ip}; + if (($end == -1) || ($end >= $now)) { + $pool->{"active"}++; + } else { + $pool->{"expired"}++; + } + } + } +} + +sub read_configuration +{ + my ($f) = @_; + + my %conf = ( "leases" => undef, + "pools" => { } ); + + open C, "$f"; + while (my $l = ) { + $l =~ s/#.*//; + $l =~ s/^\s*//; + $l =~ s/\s*$//; + + if ($l eq "") { + next; + } + + if ($l =~ /^leases:\s*(\S+)$/) { + + $conf{"leases"} = $1; + + # Check if file is readable + if (open(LEASES, $conf{"leases"})) { + close(LEASES); + } else { + printf STDERR "Unable to open leases file '%s'!\n", $conf{"leases"}; + } + + } elsif ($l =~ /^pool:\s*(\d+)\s*,\s*("[^"]*"|[^"][^,]*)\s*,\s*(.*)$/) { + + # Read the pool definition + my %p = ( "index" => $1, + "name" => $2, + "ranges" => [ ], + "total" => 0, + "leases" => { } ); + + my @ranges = split /\s*,\s*/, $3; + + $p{"name"} =~ s/^\"//; + $p{"name"} =~ s/\"$//; + + foreach my $r (@ranges) { + if ($r !~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})-(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) { + printf STDERR "Invalid range definition '%s'.\n", $r; + next; + } + + my ($from, $to) = ($1, $2); + + my $fromip = ip2int($from); + my $toip = ip2int($to); + + if ($toip < $fromip) { + my $t = $toip; + $toip = $fromip; + $fromip = $t; + } + + $p{"total"} += $toip-$fromip+1; + + my %range = ( "from" => $fromip, + "to" => $toip ); + + push @{ $p{"ranges"} }, \%range; + } + + $conf{"pools"}{$p{"index"}} = \%p; + } else { + + printf STDERR "Invalid line '%s'.\n", $l; + + } + } + + return \%conf; +} + +__END__ + +=head1 NAME + +dhcpd-snmp + +=head1 SYNOPSIS + +dhcpd-snmp dhcpd-snmp.conf + +=head1 DESCRIPTION + +B is an extension for the Net-SNMP agent and the ISC DHCP +server. It allows you to monitor and track the address usage of your +dynamic IP address pools through SNMP. + +=head1 CONFIGURATION FILE + +The configuration file defines the location of the F +file as well as the pools of which you want to access the lease +counts. + +The file is in B format and allows only two keys: + +=over 8 + +=item B: C + +Location of the F file. This file needs to be accessible +by the script. + +=item B: C, C, C + +Defines a pool to monitor. C is a unique numeric index, +C a textual description of this pool, and C defines the ranges of IP addresses belonging to this +pool. + +=back + +Since this extension is a persistent script, changes to the +configuration file require a restart of snmpd. + +=head1 INSTALLATION + +After installing the B script and adapting the +configuration file, it is best to test it manually. This can be done +with the following dialog: + + PING + +The script should return "PONG". + + get + .1.3.6.1.4.1.21695.1.2.1 + +The script should return three lines: the OID, "integer", and the +number of configured pools. + + get + .1.3.6.1.4.1.21695.1.2.2.2.1 + +OID, "string", and the name of your first address pool. + + get + .1.3.6.1.4.1.21695.1.2.2.4.1 + +OID, "integer", and the number of active leases. + +Quit the dialog using CTRL-D. + +If everything works, insert the following line into your Net-SNMP's +B configuration file: + + pass_persist .1.3.6.1.4.1.21695.1.2 path/to/dhcpd-snmp path/to/dhcpd-snmp.conf + +Net-SNMP will need to be restarted after this change. + +You should now be able to get the statistics using F, for example: + + $ snmpwalk host community .1.3.6.1.4.1.21695.1.2 + +This should give you a list of the statistics of your DHCP server. + +=head1 MIB + +The script returns the following variables: + + .1.3.6.1.4.1.21695.1.2.1: number of configured pools + .1.3.6.1.4.1.21695.1.2.2.: pool description + .1.3.6.1.4.1.21695.1.2.3.: size of the pool (number of addresses) + .1.3.6.1.4.1.21695.1.2.4.: active leases + .1.3.6.1.4.1.21695.1.2.5.: expired leases + .1.3.6.1.4.1.21695.1.2.6.: available addresses (size - active leases) + +For a complete MIB file see the C directory in the source archive. + +=head1 SECURITY + +It is assumed that users of this script know how to properly secure +their snmpd. Please read the corresponding man pages on more +information about this. + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006 Oliver Hitz + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. + +=cut Index: /branches/breakout-spoke/nanobsd/files/usr/local/sbin/lvrouted-test =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) @@ -0,0 +1,24 @@ +#!/bin/sh +# Richard van Mansom, richardvm@wirelessleiden.nl, March 2010 + +# Minimum number of non local routes. +VALID=1 + +# 1. Show routing table +# 2. Only show routes which includes subnets +# 3. Discard anything with a semicolon (MAC addresses and IPv6 addresses) +# 4. Discard anything which include the word 'link' (local routes). +# 5. Use word count (get number of lines) +COUNT=`netstat -rn | grep -E '[0-9]/[0-9]' | grep -v ':' | grep -v 'link' | wc -l'` + +# No have a look if the number of routes has passed the minimium threshold. +if [ ${COUNT} -gt ${VALID} ]; then + + # Display me if I have passed the threshold + echo "ROUTING OK: Got non local routes" +else + + # Display me if I didn't pased the threshold + echo "ROUTING CRITICAL: I don't have any non local routes" +fi + Index: /branches/breakout-spoke/nanobsd/files/usr/local/sbin/proxy-test.sh =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) @@ -0,0 +1,25 @@ +#!/bin/sh + +PROXY=proxy.wleiden.net:3128 +URL=http://proxy-test.wirelessleiden.nl +FILE=/tmp/proxy-test.wirelessleiden.nl + +# Set proxy to escape the network +export HTTP_PROXY=${PROXY} + +# Fetch the website (curl not installed) +fetch -o ${FILE} ${URL} 2> /dev/null +if [ -w ${FILE} ]; then + retval=`cat ${FILE}` + rm ${FILE} +fi + +# Chech if website returns the expected result +if [ "$retval" = "1" ]; then + echo "WWW OK: Got a www website" + exit 0 +else + echo "WWW CRITICAL: Unable to fetch www website" + exit 2 +fi + Index: /branches/breakout-spoke/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) @@ -0,0 +1,2978 @@ +-- ***************************************************************** +-- IEEE802dot11-MIB : +-- IEEE 802.11 Management Information Base file +-- +-- Nov 2002, Francis Pang +-- +-- Copyright (c) 2002 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +-- ********************************************************************** +-- * IEEE 802.11 Management Information Base +-- ********************************************************************** + +IEEE802dot11-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE,Integer32, Counter32, + Unsigned32 FROM SNMPv2-SMI + + DisplayString , MacAddress, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + + ifIndex FROM RFC1213-MIB; + +-- ********************************************************************** +-- * Tree Definition +-- ********************************************************************** + + member-body OBJECT IDENTIFIER ::= { iso 2 } + us OBJECT IDENTIFIER ::= { member-body 840 } + +-- ********************************************************************** +-- * MODULE IDENTITY +-- ********************************************************************** + +ieee802dot11 MODULE-IDENTITY + LAST-UPDATED "0208300000Z" + ORGANIZATION "IEEE 802.11" + CONTACT-INFO + "WG E-mail: stds-802-11@ieee.org + + Chair: Stuart J. Kerry + Postal: Philips Semiconductors, Inc. + 1109 McKay Drive + M/S 48 SJ + San Jose, CA 95130-1706 USA + Tel: +1 408 474 7356 + Fax: +1 408 474 7247 + E-mail: stuart.kerry@philips.com + + Editor: Bob O'Hara + Postal: Informed Technology, Inc. + 1750 Nantucket Circle, Suite 138 + Santa Clara, CA 95054 USA + Tel: +1 408 986 9596 + Fax: +1 408 727 2654 + E-mail: bob@informed-technology.com" + DESCRIPTION + "The MIB module for IEEE 802.11 entities. + iso(1).member-body(2).us(840).ieee802dot11(10036)" + ::= { us 10036 } + +-- ********************************************************************** +-- * Major sections +-- ********************************************************************** + +-- Station ManagemenT (SMT) Attributes + -- DEFINED AS "The SMT object class provides the necessary support + -- at the station to manage the processes in the station such that + -- the station may work cooperatively as a part of an IEEE 802.11 + -- network." + + dot11smt OBJECT IDENTIFIER ::= { ieee802dot11 1 } + + -- dot11smt GROUPS + -- dot11StationConfigTable ::= { dot11smt 1 } + -- dot11AuthenticationAlgorithmsTable ::= { dot11smt 2 } + -- dot11WEPDefaultKeysTable ::= { dot11smt 3 } + -- dot11WEPKeyMappingsTable ::= { dot11smt 4 } + -- dot11PrivacyTable ::= { dot11smt 5 } + -- dot11SMTnotification ::= { dot11smt 6 } + -- dot11MultiDomainCapabilityTable ::= { dot11smt 7 } + +-- MAC Attributes + -- DEFINED AS "The MAC object class provides the necessary support + -- for the access control, generation, and verification of frame + -- check sequences (FCSs), and proper delivery of valid data to + -- upper layers." + + dot11mac OBJECT IDENTIFIER ::= { ieee802dot11 2 } + + -- MAC GROUPS + -- reference IEEE Std 802.1f-1993 + -- dot11OperationTable ::= { dot11mac 1 } + -- dot11CountersTable ::= { dot11mac 2 } + -- dot11GroupAddressesTable ::= { dot11mac 3 } + +-- Resource Type ID + dot11res OBJECT IDENTIFIER ::= { ieee802dot11 3 } + dot11resAttribute OBJECT IDENTIFIER ::= { dot11res 1 } + +-- PHY Attributes + -- DEFINED AS "The PHY object class provides the necessary support + -- for required PHY operational information that may vary from PHY + -- to PHY and from STA to STA to be communicated to upper layers." + + dot11phy OBJECT IDENTIFIER ::= { ieee802dot11 4 } + + -- PHY GROUPS + -- dot11PhyOperationTable ::= { dot11phy 1 } + -- dot11PhyAntennaTable ::= { dot11phy 2 } + -- dot11PhyTxPowerTable ::= { dot11phy 3 } + -- dot11PhyFHSSTable ::= { dot11phy 4 } + -- dot11PhyDSSSTable ::= { dot11phy 5 } + -- dot11PhyIRTable ::= { dot11phy 6 } + -- dot11RegDomainsSupportedTable ::= { dot11phy 7 } + -- dot11AntennasListTable ::= { dot11phy 8 } + -- dot11SupportedDataRatesTxTable ::= { dot11phy 9 } + -- dot11SupportedDataRatesRxTable ::= { dot11phy 10 } + -- dot11PhyOFDMTable ::= { dot11phy 11 } + -- dot11PhyHRDSSSTable ::= { dot11phy 12 } + -- dot11EHCCHoppingPatternTable ::= { dot11phy 13 } + +-- ********************************************************************** +-- * Textual conventions from 802 definitions +-- ********************************************************************** + + WEPKeytype ::= OCTET STRING (SIZE (5)) + +-- ********************************************************************** +-- * MIB attribute OBJECT-TYPE definitions follow +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT Station Config Table +-- ********************************************************************** + +dot11StationConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Station Configuration attributes. In tablular form to + allow for multiple instances on an agent." + ::= { dot11smt 1 } + +dot11StationConfigEntry OBJECT-TYPE + SYNTAX Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11StationConfigTable. It is + possible for there to be multiple IEEE 802.11 interfaces + on one agent, each with its unique MAC address. The + relationship between an IEEE 802.11 interface and an + interface in the context of the Internet-standard MIB is + one-to-one. As such, the value of an ifIndex object + instance can be directly used to identify corresponding + instances of the objects defined herein. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11StationConfigTable 1 } + +Dot11StationConfigEntry ::= + SEQUENCE { + dot11StationID MacAddress, + dot11MediumOccupancyLimit INTEGER, + dot11CFPollable TruthValue, + dot11CFPPeriod INTEGER, + dot11CFPMaxDuration INTEGER, + dot11AuthenticationResponseTimeOut Unsigned32, + dot11PrivacyOptionImplemented TruthValue, + dot11PowerManagementMode INTEGER, + dot11DesiredSSID OCTET STRING, + dot11DesiredBSSType INTEGER, + dot11OperationalRateSet OCTET STRING, + dot11BeaconPeriod INTEGER, + dot11DTIMPeriod INTEGER, + dot11AssociationResponseTimeOut Unsigned32, + dot11DisassociateReason INTEGER, + dot11DisassociateStation MacAddress, + dot11DeauthenticateReason INTEGER, + dot11DeauthenticateStation MacAddress, + dot11AuthenticateFailStatus INTEGER, + dot11AuthenticateFailStation MacAddress, + dot11MultiDomainCapabilityImplemented TruthValue, + dot11MultiDomainCapabilityEnabled TruthValue, + dot11CountryString OCTET STRING } + +dot11StationID OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The purpose of dot11StationID is to allow a manager to + identify a station for its own purposes. This attribute + provides for that eventuality while keeping the true MAC + address independent. Its syntax is MAC address, and the + default value is the station's assigned, unique + MAC address." + ::= { dot11StationConfigEntry 1 } + +dot11MediumOccupancyLimit OBJECT-TYPE + SYNTAX INTEGER (0..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum amount of time, + in TU, that a point coordinator (PC) may control the usage + of the wireless medium (WM) without relinquishing control + for long enough to allow at least one instance of DCF access + to the medium. The default value of this attribute shall + be 100, and the maximum value shall be 1000." + ::= { dot11StationConfigEntry 2 } + +dot11CFPollable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that + the STA is able to respond to a CF-Poll with a data frame + within a SIFS time. This attribute shall be false if + the STA is not able to respond to a CF-Poll with a data + frame within a SIFS time." + ::= { dot11StationConfigEntry 3 } + +dot11CFPPeriod OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the number of DTIM intervals + between the start of CFPs. It is modified by + MLME-START.request primitive." + ::= { dot11StationConfigEntry 4 } + +dot11CFPMaxDuration OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the maximum duration of + the CFP in TU that may be generated by the PCF. It is + modified by MLME-START.request primitive." + ::= { dot11StationConfigEntry 5 } + +dot11AuthenticationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of time units (TUs) + that a responding STA should wait for the next frame in the + authentication sequence." + ::= { dot11StationConfigEntry 6 } + +dot11PrivacyOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the IEEE + 802.11 WEP option is implemented. The default value of + this attribute shall be false." + ::= { dot11StationConfigEntry 7 } + +dot11PowerManagementMode OBJECT-TYPE + SYNTAX INTEGER { active(1), powersave(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the power management + mode of the STA. When set to active, it shall + indicate that the station is not in power-save + (PS) mode. When set to powersave, it shall indicate + that the station is in power-save mode. The power + management mode is transmitted in all frames + according to the rules in 7.1.3.1.7." + ::= { dot11StationConfigEntry 8 } + +dot11DesiredSSID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute reflects the Service Set ID (SSID) + used in the DesiredSSID parameter of the most recent + MLME_Scan.request. This value may be modified + by an external management entity and used by the + local SME to make decisions about the Scanning + process." + ::= { dot11StationConfigEntry 9 } + +dot11DesiredBSSType OBJECT-TYPE + SYNTAX INTEGER { infrastructure(1), independent(2), any(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the type of BSS the + station shall use when scanning for a BSS with + which to synchronize. This value is used to filter + Probe Response frames and Beacons. When set to + infrastructure, the station shall only synchronize + with a BSS whose Capability Information field has + the ESS subfield set to 1. When set to independent, + the station shall only synchronize with a BSS whose + Capability Information field has the IBSS subfield + set to 1. When set to any, the station may + synchronize to either type of BSS." + ::= { dot11StationConfigEntry 10 } + +dot11OperationalRateSet OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..126)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the set of data + rates at which the station may transmit data. + Each octet contains a value representing a rate. + Each rate shall be within the range from 2 to 127, + corresponding to data rates in increments of + 500 kbit/s from 1 Mbit/s to 63.5 Mbit/s, and shall + be supported (as indicated in the supported rates + table) for receiving data. This value is reported in + transmitted Beacon, Probe Request, Probe Response, + Association Request, Association Response, + Reassociation Request, and Reassociation Response + frames, and is used to determine whether a BSS + with which the station desires to synchronize is + suitable. It is also used when starting a BSS, + as specified in 10.3." + ::= { dot11StationConfigEntry 11 } + +dot11BeaconPeriod OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TUs that + a station shall use for scheduling Beacon + transmissions. This value is transmitted in Beacon + and Probe Response frames." + ::= { dot11StationConfigEntry 12 } + +dot11DTIMPeriod OBJECT-TYPE + SYNTAX INTEGER(1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of beacon + intervals that shall elapse between transmission of + Beacons frames containing a TIM element whose DTIM + Count field is 0. This value is transmitted in + the DTIM Period field of Beacon frames." + ::= { dot11StationConfigEntry 13 } + +dot11AssociationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TU that a + requesting STA should wait for a response to a + transmitted association-request MMPDU." + ::= { dot11StationConfigEntry 14 } + +dot11DisassociateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Disassociation + frame. If no Disassociation frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 15 } + +dot11DisassociateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Disassociation frame. If no Disassociation + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 16 } + +dot11DeauthenticateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Deauthentication + frame. If no Deauthentication frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 17 } + +dot11DeauthenticateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Deauthentication frame. If no Deauthentication + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 18 } + +dot11AuthenticateFailStatus OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Status Code in a failed + Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.9" + ::= { dot11StationConfigEntry 19 } + +dot11AuthenticateFailStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + failed Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + ::= { dot11StationConfigEntry 20 } + +dot11MultiDomainCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of supporting + multiple regulatory domains. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 21 } + +dot11MultiDomainCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate in multiple + regulatory domains is enabled. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 22 } + +dot11CountryString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute identifies the country in which the + station is operating. The first two octets of this + string is the two character country code as described + in document ISO/IEC 3166-1. The third octet shall + be one of the following: + + 1. an ASCII space character, if the regulations under + which the station is operating encompass all + environments in the country, + + 2. an ASCII 'O' character, if the regulations under + which the station is operating are for an Outdoor + environment only, or + + 3. an ASCII 'I' character, if the regulations under + which the station is operating are for an Indoor + environment only." + ::= { dot11StationConfigEntry 23 } + +-- ********************************************************************** +-- * End of dot11StationConfig TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * AuthenticationAlgorithms TABLE +-- ********************************************************************** + +dot11AuthenticationAlgorithmsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes shall be a set of + all the authentication algorithms supported by the + stations. The following are the default values and the + associated algorithm: + Value = 1: Open System + Value = 2: Shared Key" + REFERENCE "IEEE Std 802.11-2002, 7.3.1.1" + ::= { dot11smt 2 } + +dot11AuthenticationAlgorithmsEntry OBJECT-TYPE + SYNTAX Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Authentication + Algorithms Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AuthenticationAlgorithmsIndex } + ::= { dot11AuthenticationAlgorithmsTable 1 } + +Dot11AuthenticationAlgorithmsEntry ::= + SEQUENCE { dot11AuthenticationAlgorithmsIndex Integer32, + dot11AuthenticationAlgorithm INTEGER, + dot11AuthenticationAlgorithmsEnable TruthValue } + +dot11AuthenticationAlgorithmsIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Authentication Algorithms Table." + ::= { dot11AuthenticationAlgorithmsEntry 1 } + +dot11AuthenticationAlgorithm OBJECT-TYPE + SYNTAX INTEGER { openSystem(1), sharedKey(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute shall be a set of all the authentication + algorithms supported by the STAs. The following are the + default values and the associated algorithm. + Value = 1: Open System + Value = 2: Shared Key" + ::= { dot11AuthenticationAlgorithmsEntry 2 } + +dot11AuthenticationAlgorithmsEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when true at a station, shall enable the acceptance + of the authentication algorithm described in the corresponding table + entry in authentication frames received by the station that have odd + authentication sequence numbers. The default value of this attribute + shall be 1 for the Open System table entry and 2 for all other table + entries." + ::= { dot11AuthenticationAlgorithmsEntry 3 } + +-- ********************************************************************** +-- * End of AuthenticationAlgorithms TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPDefaultKeys TABLE +-- ********************************************************************** + +dot11WEPDefaultKeysTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP default keys. This table shall + contain the four WEP default secret key values + corresponding to the four possible KeyID values. The WEP + default secret keys are logically WRITE-ONLY. Attempts to + read the entries in this table shall return unsuccessful + status and values of null or zero. The default value of + each WEP default key shall be null." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 3 } + +dot11WEPDefaultKeysEntry OBJECT-TYPE + SYNTAX Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Default Keys Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPDefaultKeyIndex} + ::= { dot11WEPDefaultKeysTable 1 } + +Dot11WEPDefaultKeysEntry ::= + SEQUENCE { dot11WEPDefaultKeyIndex INTEGER, + dot11WEPDefaultKeyValue WEPKeytype } + +dot11WEPDefaultKeyIndex OBJECT-TYPE + SYNTAX INTEGER (1..4) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Default Keys Table. + The value of this variable is equal to the WEPDefaultKeyID + 1" + ::= { dot11WEPDefaultKeysEntry 1 } + +dot11WEPDefaultKeyValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A WEP default secret key value." + ::= { dot11WEPDefaultKeysEntry 2 } + +-- ********************************************************************** +-- * End of WEPDefaultKeys TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPKeyMappings TABLE +-- ********************************************************************** + +dot11WEPKeyMappingsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP Key Mappings. The MIB supports + the ability to share a separate WEP key for each RA/TA + pair. The Key Mappings Table contains zero or one entry + for each MAC address and contains two fields for each + entry: WEPOn and the corresponding WEP key. The WEP key + mappings are logically WRITE-ONLY. Attempts to read the + entries in this table shall return unsuccessful status and + values of null or zero. The default value for all WEPOn + fields is false." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 4 } + +dot11WEPKeyMappingsEntry OBJECT-TYPE + SYNTAX Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Key Mappings Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPKeyMappingIndex } + ::= { dot11WEPKeyMappingsTable 1 } + +Dot11WEPKeyMappingsEntry ::= + SEQUENCE { dot11WEPKeyMappingIndex Integer32, + dot11WEPKeyMappingAddress MacAddress, + dot11WEPKeyMappingWEPOn TruthValue, + dot11WEPKeyMappingValue WEPKeytype, + dot11WEPKeyMappingStatus RowStatus } + +dot11WEPKeyMappingIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Key Mappings Table." + ::= { dot11WEPKeyMappingsEntry 1 } + +dot11WEPKeyMappingAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The MAC address of the STA for which the values from this + key mapping entry are to be used." + ::= { dot11WEPKeyMappingsEntry 2 } + +dot11WEPKeyMappingWEPOn OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Boolean as to whether WEP is to be used when communicating + with the dot11WEPKeyMappingAddress STA." + ::= { dot11WEPKeyMappingsEntry 3 } + +dot11WEPKeyMappingValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A WEP secret key value." + ::= { dot11WEPKeyMappingsEntry 4 } + +dot11WEPKeyMappingStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the WEP key + mapping Table." + DEFVAL { active } + ::= { dot11WEPKeyMappingsEntry 5 } + +-- ********************************************************************** +-- * End of WEPKeyMappings TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PrivacyTable TABLE +-- ********************************************************************** + +dot11PrivacyTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes concerned with IEEE 802.11 + Privacy. Created as a table to allow multiple + instantiations on an agent." + ::= { dot11smt 5 } + +dot11PrivacyEntry OBJECT-TYPE + SYNTAX Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PrivacyTable Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PrivacyTable 1 } + +Dot11PrivacyEntry ::= + SEQUENCE { dot11PrivacyInvoked TruthValue, + dot11WEPDefaultKeyID INTEGER, + dot11WEPKeyMappingLength Unsigned32, + dot11ExcludeUnencrypted TruthValue, + dot11WEPICVErrorCount Counter32, + dot11WEPExcludedCount Counter32 } + +dot11PrivacyInvoked OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that the IEEE + 802.11 WEP mechanism is used for transmitting frames of type + Data. The default value of this attribute shall be false." + ::= { dot11PrivacyEntry 1 } + +dot11WEPDefaultKeyID OBJECT-TYPE + SYNTAX INTEGER (0..3) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the use of the first, + second, third, or fourth element of the WEPDefaultKeys + array when set to values of zero, one, two, or three. The + default value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 2 } + +dot11WEPKeyMappingLength OBJECT-TYPE + SYNTAX Unsigned32 (10..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of tuples that dot11WEPKeyMappings can hold." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 3 } + +dot11ExcludeUnencrypted OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, the STA shall not indicate at + the MAC service interface received MSDUs that have the WEP + subfield of the Frame Control field equal to zero. When this + attribute is false, the STA may accept MSDUs that have the WEP + subfield of the Frame Control field equal to zero. The default + value of this attribute shall be false." + ::= { dot11PrivacyEntry 4 } + +dot11WEPICVErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to one and the value + of the ICV as received in the frame does not match the ICV value + that is calculated for the contents of the received frame." + ::= { dot11PrivacyEntry 5 } + +dot11WEPExcludedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to zero and the value + of dot11ExcludeUnencrypted causes that frame to be discarded." + ::= { dot11PrivacyEntry 6 } + +-- ********************************************************************** +-- * End of dot11Privacy TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT notification Objects +-- ********************************************************************** + +dot11SMTnotification OBJECT IDENTIFIER ::= { dot11smt 6 } + +dot11Disassociate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DisassociateReason, dot11DisassociateStation } + STATUS current + DESCRIPTION + "The disassociate notification shall be sent when the STA + sends a Disassociation frame. The value of the notification + shall include the MAC address of the MAC to which the Disassociation + frame was sent and the reason for the disassociation. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 1 } + +dot11Deauthenticate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DeauthenticateReason, dot11DeauthenticateStation } + STATUS current + DESCRIPTION + "The deauthenticate notification shall be sent when the STA + sends a Deauthentication frame. The value of the notification + shall include the MAC address of the MAC to which the Deauthentication + frame was sent and the reason for the deauthentication. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 2 } + +dot11AuthenticateFail NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11AuthenticateFailStatus, dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The authenticate failure notification shall be sent when the STA + sends an Authentication frame with a status code other than + 'successful'. The value of the notification + shall include the MAC address of the MAC to which the Authentication + frame was sent and the reason for the authentication failure. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 3 } + + +-- ********************************************************************** +-- * End of SMT notification Objects +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11MultiDomainCapability TABLE +-- ******************************************************************** + +dot11MultiDomainCapabilityTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes for + cross-domain mobility." + ::= { dot11smt 7 } + +dot11MultiDomainCapabilityEntry OBJECT-TYPE + SYNTAX Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Multiple Domain + Capability Table. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are + indexed by ifIndex." + INDEX { ifIndex, + dot11MultiDomainCapabilityIndex } + ::= { dot11MultiDomainCapabilityTable 1 } + +Dot11MultiDomainCapabilityEntry ::= + SEQUENCE { dot11MultiDomainCapabilityIndex Integer32, + dot11FirstChannelNumber Integer32, + dot11NumberofChannels Integer32, + dot11MaximumTransmitPowerLevel Integer32 } + +dot11MultiDomainCapabilityIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Multi Domain Capability Table." + ::= { dot11MultiDomainCapabilityEntry 1 } + +dot11FirstChannelNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the lowest + channel number in the subband for the associated domain + country string. The default value of this attribute + shall be zero." + ::= { dot11MultiDomainCapabilityEntry 2 } + +dot11NumberofChannels OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the total + number of channels allowed in the subband for the + associated domain country string. The default value of + this attribute shall be zero." + ::= { dot11MultiDomainCapabilityEntry 3 } + +dot11MaximumTransmitPowerLevel OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum transmit power, + in dBm, allowed in the subband for the associated domain + country string. The default value of this attribute shall + be zero." + ::= { dot11MultiDomainCapabilityEntry 4 } + +-- ******************************************************************** +-- * End of dot11MultiDomainCapability TABLE +-- ******************************************************************** + + +-- ********************************************************************** +-- * MAC Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11OperationTable TABLE +-- ********************************************************************** + +dot11OperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group contains MAC attributes pertaining to the operation + of the MAC. This has been implemented as a table in order + to allow for multiple instantiations on an agent." + ::= { dot11mac 1 } + +dot11OperationEntry OBJECT-TYPE + SYNTAX Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11OperationEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11OperationTable 1 } + +Dot11OperationEntry ::= + SEQUENCE { dot11MACAddress MacAddress, + dot11RTSThreshold INTEGER, + dot11ShortRetryLimit INTEGER, + dot11LongRetryLimit INTEGER, + dot11FragmentationThreshold INTEGER, + dot11MaxTransmitMSDULifetime Unsigned32, + dot11MaxReceiveLifetime Unsigned32, + dot11ManufacturerID DisplayString, + dot11ProductID DisplayString } + +dot11MACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Unique MAC Address assigned to the STA." + ::= { dot11OperationEntry 1 } + +dot11RTSThreshold OBJECT-TYPE + SYNTAX INTEGER (0..2347) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the number of octets in an MPDU, + below which an RTS/CTS handshake shall not be performed. An + RTS/CTS handshake shall be performed at the beginning of any + frame exchange sequence where the MPDU is of type Data or + Management, the MPDU has an individual address in the Address1 + field, and the length of the MPDU is greater than + this threshold. (For additional details, refer to Table 21 in + 9.7.) Setting this attribute to be larger than the maximum + MSDU size shall have the effect of turning off the RTS/CTS + handshake for frames of Data or Management type transmitted by + this STA. Setting this attribute to zero shall have the effect + of turning on the RTS/CTS handshake for all frames of Data or + Management type transmitted by this STA. The default value of + this attribute shall be 2347." + ::= { dot11OperationEntry 2 } + +dot11ShortRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is less + than or equal to dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 7." + ::= { dot11OperationEntry 3 } + +dot11LongRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is + greater than dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 4." + ::= { dot11OperationEntry 4 } + +dot11FragmentationThreshold OBJECT-TYPE + SYNTAX INTEGER (256..2346) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the current maximum size, in + octets, of the MPDU that may be delivered to the PHY. An MSDU + shall be broken into fragments if its size exceeds the value + of this attribute after adding MAC headers and trailers. An MSDU + or MMPDU shall be fragmented when the resulting frame has an + individual address in the Address1 field, and the length of the + frame is larger than this threshold. The default value for this + attribute shall be the lesser of 2346 or the aMPDUMaxLength of + the attached PHY and shall never exceed the lesser of 2346 or + the aMPDUMaxLength of the attached PHY. The value of this + attribute shall never be less than 256. " + ::= { dot11OperationEntry 5 } + +dot11MaxTransmitMSDULifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxTransmitMSDULifetime shall be the elapsed time in TU, + after the initial transmission of an MSDU, after which further + attempts to transmit the MSDU shall be terminated. The default + value of this attribute shall be 512." + ::= { dot11OperationEntry 6 } + +dot11MaxReceiveLifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxReceiveLifetime shall be the elapsed time in TU, + after the initial reception of a fragmented MMPDU or MSDU, + after which further attempts to reassemble the MMPDU or + MSDU shall be terminated. The default value shall be + 512." + ::= { dot11OperationEntry 7 } + +dot11ManufacturerID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ManufacturerID shall include, at a minimum, the name + of the manufacturer. It may include additional + information at the manufacturer's discretion. The default + value of this attribute shall be null." + ::= { dot11OperationEntry 8 } + +dot11ProductID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ProductID shall include, at a minimum, an identifier + that is unique to the manufacturer. It may include + additional information at the manufacturer's discretion. + The default value of this attribute shall be null." + ::= { dot11OperationEntry 9 } + +-- ********************************************************************** +-- * End of dot11OperationEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11Counters TABLE +-- ********************************************************************** + +dot11CountersTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes that are MAC counters. + Implemented as a table to allow for multiple + instantiations on an agent." + ::= { dot11mac 2 } + +dot11CountersEntry OBJECT-TYPE + SYNTAX Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11CountersEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11CountersTable 1 } + +Dot11CountersEntry ::= + SEQUENCE { dot11TransmittedFragmentCount Counter32, + dot11MulticastTransmittedFrameCount Counter32, + dot11FailedCount Counter32, + dot11RetryCount Counter32, + dot11MultipleRetryCount Counter32, + dot11FrameDuplicateCount Counter32, + dot11RTSSuccessCount Counter32, + dot11RTSFailureCount Counter32, + dot11ACKFailureCount Counter32, + dot11ReceivedFragmentCount Counter32, + dot11MulticastReceivedFrameCount Counter32, + dot11FCSErrorCount Counter32, + dot11TransmittedFrameCount Counter32, + dot11WEPUndecryptableCount Counter32 } + +dot11TransmittedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for an acknowledged MPDU + with an individual address in the address 1 field or an MPDU + with a multicast address in the address 1 field of type Data + or Management." + ::= { dot11CountersEntry 1 } + +dot11MulticastTransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment only when the multicast bit + is set in the destination MAC address of a successfully + transmitted MSDU. When operating as a STA in an ESS, where + these frames are directed to the AP, this implies having + received an acknowledgment to all associated MPDUs." + ::= { dot11CountersEntry 2 } + +dot11FailedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is not transmitted + successfully due to the number of transmit attempts exceeding + either the dot11ShortRetryLimit or dot11LongRetryLimit." + ::= { dot11CountersEntry 3 } + +dot11RetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after one or more retransmissions." + ::= { dot11CountersEntry 4 } + +dot11MultipleRetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after more than one retransmission." + ::= { dot11CountersEntry 5 } + +dot11FrameDuplicateCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received + that the Sequence Control field indicates is a + duplicate." + ::= { dot11CountersEntry 6 } + +dot11RTSSuccessCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is received in + response to an RTS." + ::= { dot11CountersEntry 7 } + +dot11RTSFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is not received in + response to an RTS." + ::= { dot11CountersEntry 8 } + +dot11ACKFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an ACK is not received + when expected." + ::= { dot11CountersEntry 9 } + +dot11ReceivedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for each successfully + received MPDU of type Data or Management." + ::= { dot11CountersEntry 10 } + +dot11MulticastReceivedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a MSDU is received + with the multicast bit set in the destination + MAC address." + ::= { dot11CountersEntry 11 } + +dot11FCSErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an FCS error is + detected in a received MPDU." + ::= { dot11CountersEntry 12 } + +dot11TransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment for each successfully transmitted MSDU." + ::= { dot11CountersEntry 13 } + +dot11WEPUndecryptableCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with + the WEP subfield of the Frame Control field set to one and the + WEPOn value for the key mapped to the TA's MAC address + indicates that the frame should not have been encrypted or + that frame is discarded due to the receiving STA not + implementing the privacy option." + ::= { dot11CountersEntry 14 } + +-- ********************************************************************** +-- * End of dot11CountersEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * GroupAddresses TABLE +-- ********************************************************************** + +dot11GroupAddressesTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual table containing a set of MAC addresses + identifying the multicast addresses for which this STA + will receive frames. The default value of this attribute + shall be null." + ::= { dot11mac 3 } + +dot11GroupAddressesEntry OBJECT-TYPE + SYNTAX Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Group Addresses Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11GroupAddressesIndex} + ::= { dot11GroupAddressesTable 1 } + +Dot11GroupAddressesEntry ::= + SEQUENCE { dot11GroupAddressesIndex Integer32, + dot11Address MacAddress, + dot11GroupAddressesStatus RowStatus } + +dot11GroupAddressesIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Group Addresses Table." + ::= { dot11GroupAddressesEntry 1 } + +dot11Address OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "MAC address identifying a multicast addresses + from which this STA will receive frames." + ::= { dot11GroupAddressesEntry 2 } + +dot11GroupAddressesStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the Group + Addresses Table." + DEFVAL { active } + ::= { dot11GroupAddressesEntry 3 } + +-- ********************************************************************** +-- * End of GroupAddress TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * Resource Type Attribute Templates +-- ********************************************************************** + +dot11ResourceTypeIDName OBJECT-TYPE + SYNTAX DisplayString (SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the name of the Resource Type ID managed object. + The attribute is read-only and always contains the value + RTID. This attribute value shall not be used as a naming + attribute for any other managed object class." + REFERENCE "IEEE Std 802.1F-1993, A.7" + DEFVAL { "RTID" } + ::= { dot11resAttribute 1 } + +-- ********************************************************************** +-- * dot11ResourceInfo TABLE +-- ********************************************************************** + +dot11ResourceInfoTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provides a means of indicating, in data readable from a + managed object, information that identifies the source of + the implementation." + REFERENCE "IEEE Std 802.1F-1993, A.7" + ::= { dot11resAttribute 2 } + +dot11ResourceInfoEntry OBJECT-TYPE + SYNTAX Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11ResourceInfo Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11ResourceInfoTable 1 } + +Dot11ResourceInfoEntry ::= + SEQUENCE { dot11manufacturerOUI OCTET STRING, + dot11manufacturerName DisplayString, + dot11manufacturerProductName DisplayString, + dot11manufacturerProductVersion DisplayString } + +dot11manufacturerOUI OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Takes the value of an organizationally unique identifier." + ::= { dot11ResourceInfoEntry 1 } + +dot11manufacturerName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer of the + resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 2 } + +dot11manufacturerProductName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer's product + name of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 3 } + +dot11manufacturerProductVersion OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Printable string used to identify the manufacturer's product + version of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 4 } + +-- ********************************************************************** +-- * End of dot11ResourceInfo TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * PHY Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyOperation TABLE +-- ********************************************************************** + +dot11PhyOperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "PHY level attributes concerned with + operation. Implemented as a table indexed on + + ifIndex to allow for multiple instantiations on an + Agent." + ::= { dot11phy 1 } + +dot11PhyOperationEntry OBJECT-TYPE + SYNTAX Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOperation Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOperationTable 1 } + +Dot11PhyOperationEntry ::= + SEQUENCE { dot11PHYType INTEGER, + dot11CurrentRegDomain Integer32, + dot11TempType INTEGER } + +dot11PHYType OBJECT-TYPE + SYNTAX INTEGER { fhss(1), dsss(2), irbaseband(3), ofdm(4), + hrdsss(5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an 8-bit integer value that identifies the PHY type + supported by the attached PLCP and PMD. Currently defined + values and their corresponding PHY types are: + + FHSS 2.4 GHz = 01 , DSSS 2.4 GHz = 02, IR Baseband = 03, + OFDM 5GHz = 04, HRDSSS = 05" + ::= { dot11PhyOperationEntry 1 } + +dot11CurrentRegDomain OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current regulatory domain this instance of the PMD is + supporting. This object corresponds to one of the + RegDomains listed in dot11RegDomainsSupported." + ::= { dot11PhyOperationEntry 2 } + +dot11TempType OBJECT-TYPE + SYNTAX INTEGER { tempType1(1), tempType2(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operating temperature requirements + dependent on the anticipated environmental conditions. This + attribute describes the current PHY's operating temperature + range capability. Currently defined values and their + corresponding temperature ranges are: + + Type 1 = X'01'-Commercial range of 0 to 40 degrees C, + + Type 2 = X'02'-Industrial range of -30 to 70 degrees C." + ::= { dot11PhyOperationEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOperation TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyAntenna TABLE +-- ********************************************************************** + +dot11PhyAntennaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for PhyAntenna. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an agent." + ::= { dot11phy 2} + +dot11PhyAntennaEntry OBJECT-TYPE + SYNTAX Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyAntenna Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyAntennaTable 1 } + +Dot11PhyAntennaEntry ::= + SEQUENCE { dot11CurrentTxAntenna Integer32, + dot11DiversitySupport INTEGER, + dot11CurrentRxAntenna Integer32 } + +dot11CurrentTxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to transmit. This value + is one of the values appearing in dot11SupportedTxAntenna. This + may be used by a management agent to control which antenna is + used for transmission. " + ::= { dot11PhyAntennaEntry 1 } + +dot11DiversitySupport OBJECT-TYPE + SYNTAX INTEGER { fixedlist(1), notsupported(2), dynamic(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This implementation's support for diversity, encoded as: + + X'01'-diversity is available and is performed over the fixed + list of antennas defined in dot11DiversitySelectionRx. + + X'02'-diversity is not supported. + + X'03'-diversity is supported and control of diversity is also + available, in which case the attribute + dot11DiversitySelectionRx can be dynamically modified by the + LME." + ::= { dot11PhyAntennaEntry 2 } + +dot11CurrentRxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to receive, if the dot11 + DiversitySupport indicates that diversity is not supported. + The selected antenna shall be one of the antennae marked + for receive in the dot11AntennasListTable." + ::= { dot11PhyAntennaEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyAntenna TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyTxPower TABLE +-- ********************************************************************** + +dot11PhyTxPowerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyTxPowerTable. Implemented + as a table indexed on STA ID to allow for multiple + instances on an Agent." + ::= { dot11phy 3} + +dot11PhyTxPowerEntry OBJECT-TYPE + SYNTAX Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyTxPower Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyTxPowerTable 1 } + +Dot11PhyTxPowerEntry ::= + SEQUENCE { dot11NumberSupportedPowerLevels INTEGER, + dot11TxPowerLevel1 INTEGER, + dot11TxPowerLevel2 INTEGER, + dot11TxPowerLevel3 INTEGER, + dot11TxPowerLevel4 INTEGER, + dot11TxPowerLevel5 INTEGER, + dot11TxPowerLevel6 INTEGER, + dot11TxPowerLevel7 INTEGER, + dot11TxPowerLevel8 INTEGER, + dot11CurrentTxPowerLevel INTEGER } + +dot11NumberSupportedPowerLevels OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of power levels supported by the PMD. + This attribute can have a value of 1 to 8." + ::= { dot11PhyTxPowerEntry 1 } + +dot11TxPowerLevel1 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL1 in mW. + This is also the default power level." + ::= { dot11PhyTxPowerEntry 2 } + +dot11TxPowerLevel2 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL2 in mW." + ::= { dot11PhyTxPowerEntry 3 } + +dot11TxPowerLevel3 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL3 in mW." + ::= { dot11PhyTxPowerEntry 4 } + +dot11TxPowerLevel4 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL4 in mW." + ::= { dot11PhyTxPowerEntry 5 } + +dot11TxPowerLevel5 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL5 in mW." + ::= { dot11PhyTxPowerEntry 6 } + +dot11TxPowerLevel6 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL6 in mW." + ::= { dot11PhyTxPowerEntry 7 } + +dot11TxPowerLevel7 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL7 in mW." + ::= { dot11PhyTxPowerEntry 8 } + +dot11TxPowerLevel8 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL8 in mW." + ::= { dot11PhyTxPowerEntry 9 } + +dot11CurrentTxPowerLevel OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The TxPowerLevel N currently being used to transmit data. + Some PHYs also use this value to determine the receiver + sensitivity requirements for CCA." + ::= { dot11PhyTxPowerEntry 10 } + +-- ********************************************************************** +-- * End of dot11PhyTxPower TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyFHSS TABLE +-- ********************************************************************** + +dot11PhyFHSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyFHSSTable. Implemented as a + table indexed on STA ID to allow for multiple instances on + an Agent." + ::= { dot11phy 4 } + +dot11PhyFHSSEntry OBJECT-TYPE + SYNTAX Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyFHSS Table. + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyFHSSTable 1 } + +Dot11PhyFHSSEntry ::= + SEQUENCE { dot11HopTime INTEGER, + dot11CurrentChannelNumber INTEGER, + dot11MaxDwellTime INTEGER, + dot11CurrentDwellTime INTEGER, + dot11CurrentSet INTEGER, + dot11CurrentPattern INTEGER, + dot11CurrentIndex INTEGER, + dot11EHCCPrimeRadix Integer32, + dot11EHCCNumberofChannelsFamilyIndex Integer32, + dot11EHCCCapabilityImplemented TruthValue, + dot11EHCCCapabilityEnabled TruthValue, + dot11HopAlgorithmAdopted INTEGER, + dot11RandomTableFlag TruthValue, + dot11NumberofHoppingSets Integer32, + dot11HopModulus Integer32, + dot11HopOffset Integer32 } + +dot11HopTime OBJECT-TYPE + SYNTAX INTEGER (224) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time in microseconds for the PMD to change from + channel 2 to channel 80." + ::= { dot11PhyFHSSEntry 1 } + +dot11CurrentChannelNumber OBJECT-TYPE + SYNTAX INTEGER (0..200) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current channel number of the frequency output by the RF + synthesizer." + ::= { dot11PhyFHSSEntry 2 } + +dot11MaxDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum time in TU that the transmitter + is permitted to operate on a single channel." + ::= { dot11PhyFHSSEntry 3 } + +dot11CurrentDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current time in TU that the transmitter shall operate + on a single channel, as set by the MAC. Default is 19 TU." + ::= { dot11PhyFHSSEntry 4 } + +dot11CurrentSet OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current set of patterns the PLME + is using to determine the hopping sequence. " + ::= { dot11PhyFHSSEntry 5 } + +dot11CurrentPattern OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current pattern the PLME is + using to determine the hop sequence." + ::= { dot11PhyFHSSEntry 6 } + +dot11CurrentIndex OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current index value the PLME is using to determine + the CurrentChannelNumber." + ::= { dot11PhyFHSSEntry 7 } + +dot11EHCCPrimeRadix OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the prime radix (N) in the HCC and + EHCC algorithms." + ::= { dot11PhyFHSSEntry 8 } + +dot11EHCCNumberofChannelsFamilyIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the maximum for the family index (a) + in the HCC and EHCC algorithms. The value of + this field shall not be less than the prime + radix minus 3 (N - 3). The valid range of + allowed values is (N - 1), (N - 2), and (N - 3)." + ::= { dot11PhyFHSSEntry 9 } + +dot11EHCCCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of generating + the HCC or EHCC algorithms for determining Hopping + patterns. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 10 } + +dot11EHCCCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate using the HCC + or EHCC algorithms for determining Hopping Patterns + is enabled. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 11 } + +dot11HopAlgorithmAdopted OBJECT-TYPE + SYNTAX INTEGER { crnt(1), hopindex(2), hcc(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates which of the algorithms + will be used to generate the Hopping Patterns. + Valid values are: + + 1 - hopping patterns as defined in clause 14 + 2 - hop index method (with or without table) + 3 - HCC/EHCC method" + ::= { dot11PhyFHSSEntry 12 } + +dot11RandomTableFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates that a Random Table is + present when the value is True. When the value is + False it indicates that a Random Table is not + present and that the hop index method is to be + used to determine the hopping sequence. The default + value of this attribute is True." + ::= { dot11PhyFHSSEntry 13 } + +dot11NumberofHoppingSets OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Number of Sets field indicates the total + number of sets within the hopping patterns." + ::= { dot11PhyFHSSEntry 14 } + +dot11HopModulus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of allowed channels for the hopping + set. This is defined by the governing regulatory + agency for the country code of the country + in which this device is operating." + ::= { dot11PhyFHSSEntry 15 } + +dot11HopOffset OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The next position in the hopping set." + ::= { dot11PhyFHSSEntry 16 } + +-- ********************************************************************** +-- * End of dot11PhyFHSS TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyDSSSEntry. Implemented as a + table indexed on ifIndex allow for multiple instances on + an Agent." + ::= { dot11phy 5 } + +dot11PhyDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyDSSSTable 1 } + +Dot11PhyDSSSEntry ::= + SEQUENCE { dot11CurrentChannel INTEGER, + dot11CCAModeSupported INTEGER, + dot11CurrentCCAMode INTEGER, + dot11EDThreshold Integer32 } + +dot11CurrentChannel OBJECT-TYPE + SYNTAX INTEGER (1..14) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current operating frequency channel of the DSSS + PHY. Valid channel numbers are as defined in 15.4.6.2" + ::= { dot11PhyDSSSEntry 1 } + +dot11CCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11CCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04 + or the logical sum of any of these values. This + attribute shall not be used to indicate the CCA modes + supported by a higher rate extension PHY. Rather, the + dot11HRCCAModeSupported attribute shall be used to + indicate the CCA modes of the higher rate extension PHY." + ::= { dot11PhyDSSSEntry 2 } + +dot11CurrentCCAMode OBJECT-TYPE + SYNTAX INTEGER { edonly(1), csonly(2), edandcs(4), cswithtimer(8), + hrcsanded(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current CCA method in operation. Valid values are: + energy detect only (edonly) = 01, + carrier sense only (csonly) = 02, + carrier sense and energy detect (edandcs)= 04 + carrier sense with timer (cswithtimer)= 08 + high rate carrier sense and energy detect (hrcsanded)=16." + ::= { dot11PhyDSSSEntry 3 } + +dot11EDThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current Energy Detect Threshold being used by the DSSS PHY." + ::= { dot11PhyDSSSEntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyIR TABLE +-- ********************************************************************** + +dot11PhyIRTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyIRTable. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an Agent." + ::= { dot11phy 6 } + +dot11PhyIREntry OBJECT-TYPE + SYNTAX Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyIR Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyIRTable 1 } + +Dot11PhyIREntry ::= + SEQUENCE { dot11CCAWatchdogTimerMax Integer32, + dot11CCAWatchdogCountMax Integer32, + dot11CCAWatchdogTimerMin Integer32, + dot11CCAWatchdogCountMin Integer32 } + +dot11CCAWatchdogTimerMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogCountMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 1 } + +dot11CCAWatchdogCountMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogTimerMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 2 } + +dot11CCAWatchdogTimerMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogTimerMax can be + set." + ::= { dot11PhyIREntry 3 } + +dot11CCAWatchdogCountMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogCount can be set." + ::= { dot11PhyIREntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyIR TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11RegDomainsSupported TABLE +-- ********************************************************************** + +dot11RegDomainsSupportedTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40', Others = X'00' " + ::= { dot11phy 7} + +dot11RegDomainsSupportedEntry OBJECT-TYPE + SYNTAX Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11RegDomainsSupportedTable. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11RegDomainsSupportedIndex } + ::= { dot11RegDomainsSupportedTable 1 } + +Dot11RegDomainsSupportedEntry ::= + SEQUENCE { dot11RegDomainsSupportedIndex Integer32, + dot11RegDomainsSupportedValue INTEGER } + +dot11RegDomainsSupportedIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the RegDomainsSupport Table." + ::= { dot11RegDomainsSupportedEntry 1 } + +dot11RegDomainsSupportedValue OBJECT-TYPE + SYNTAX INTEGER { fcc(16), doc(32), etsi(48), spain (49), france(50), + mkk (64) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40' " + ::= { dot11RegDomainsSupportedEntry 2 } + +-- ********************************************************************** +-- * End of dot11RegDomainsSupported TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11AntennasList TABLE +-- ********************************************************************** + +dot11AntennasListTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table represents the list of antennae. An antenna can be + marked to be capable of transmitting, receiving, and/or for + participation in receive diversity. Each entry in this table + represents a single antenna with its properties. The maximum + number of antennae that can be contained in this table is 255." + ::= { dot11phy 8 } + +dot11AntennasListEntry OBJECT-TYPE + SYNTAX Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11AntennasListTable, representing the properties + of a single antenna. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AntennaListIndex } + ::= { dot11AntennasListTable 1 } + +Dot11AntennasListEntry ::= + SEQUENCE { dot11AntennaListIndex Integer32, + dot11SupportedTxAntenna TruthValue, + dot11SupportedRxAntenna TruthValue, + dot11DiversitySelectionRx TruthValue } + +dot11AntennaListIndex OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index of an antenna which is used to identify the columnar + objects in the dot11AntennasList Table." + ::= { dot11AntennasListEntry 1 } + +dot11SupportedTxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used as a transmit antenna." + ::= { dot11AntennasListEntry 2 } + +dot11SupportedRxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by the + dot11AntennaIndex xan be used as a receive antenna." + ::= { dot11AntennasListEntry 3 } + +dot11DiversitySelectionRx OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used for receive diversity. This object + may only be true if the antenna can be used as a receive antenna, + as indicated by dot11SupportedRxAntenna." + ::= { dot11AntennasListEntry 4 } + +-- ********************************************************************** +-- * End of dot11AntennasList TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesTx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesTxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11phy 9 } + +dot11SupportedDataRatesTxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesTx + Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesTxIndex } + ::= { dot11SupportedDataRatesTxTable 1 } + +Dot11SupportedDataRatesTxEntry ::= + SEQUENCE { dot11SupportedDataRatesTxIndex Integer32, + dot11SupportedDataRatesTxValue Integer32 } + +dot11SupportedDataRatesTxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesTxEntry 1 } + +dot11SupportedDataRatesTxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11SupportedDataRatesTxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesTx TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesRx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesRxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'002-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11phy 10 } + +dot11SupportedDataRatesRxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesRx Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesRxIndex } + ::= { dot11SupportedDataRatesRxTable 1 } + +Dot11SupportedDataRatesRxEntry ::= + SEQUENCE { dot11SupportedDataRatesRxIndex Integer32, + dot11SupportedDataRatesRxValue Integer32 } + +dot11SupportedDataRatesRxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesRxEntry 1 } + +dot11SupportedDataRatesRxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11SupportedDataRatesRxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesRx TABLE +-- ********************************************************************** + +--********************************************************************** +-- * dot11PhyOFDM TABLE +--********************************************************************** + +dot11PhyOFDMTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyOFDMTable. Implemented as a + table indexed on ifindex to allow for multiple instances on + an Agent." + ::= { dot11phy 11 } + +dot11PhyOFDMEntry OBJECT-TYPE + SYNTAX Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOFDM Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOFDMTable 1 } + +Dot11PhyOFDMEntry ::= + SEQUENCE { dot11CurrentFrequency INTEGER, + dot11TIThreshold Integer32, + dot11FrequencyBandsSupported INTEGER } + +dot11CurrentFrequency OBJECT-TYPE + SYNTAX INTEGER (0..99) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of the current operating frequency channel of the OFDM PHY." + ::= { dot11PhyOFDMEntry 1 } + +dot11TIThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Threshold being used to detect a busy medium (frequency). + CCA shall report a busy medium upon detecting the RSSI above + this threshold." + ::= { dot11PhyOFDMEntry 2 } + +dot11FrequencyBandsSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The capability of the OFDM PHY implementation to operate in + the three U-NII bands. Coded as an integer value of a three + bit field as follows: + bit 0 .. capable of operating in the lower (5.15-5.25 GHz) + U-NII band + bit 1 .. capable of operating in the middle (5.25-5.35 GHz) + U-NII band + bit 2 .. capable of operating in the upper (5.725-5.825 GHz) + U-NII band + For example, for an implementation capable of operating in the + lower and mid bands this attribute would take the value 3." + ::= { dot11PhyOFDMEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOFDM TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyHRDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyHRDSSSEntry. + Implemented as a table indexed on ifIndex to allow for + multiple instances on an Agent." + ::= { dot11phy 12 } + +dot11PhyHRDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyHRDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyHRDSSSTable 1 } + +Dot11PhyHRDSSSEntry ::= + SEQUENCE { dot11ShortPreambleOptionImplemented TruthValue, + dot11PBCCOptionImplemented TruthValue, + dot11ChannelAgilityPresent TruthValue, + dot11ChannelAgilityEnabled TruthValue, + dot11HRCCAModeSupported INTEGER } + +dot11ShortPreambleOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the + short preamble option as defined in subclause 18.2.2.2 + is implemented. The default value of this attribute + shall be false." + ::= {dot11PhyHRDSSSEntry 1 } + +dot11PBCCOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the PBCC + modulation option as defined in subclause 18.4.6.6 is + implemented. The default value of this attribute shall + be false." + ::= {dot11PhyHRDSSSEntry 2 } + +dot11ChannelAgilityPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY is capable of + channel agility." + ::= { dot11PhyHRDSSSEntry 3 } + +dot11ChannelAgilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY channel agility + functionality is enabled." + ::= { dot11PhyHRDSSSEntry 4 } + +dot11HRCCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11HRCCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04, + carrier sense with timer (CS_and_Timer)= 08, + high rate carrier sense and energy detect + (HRCS_and_ED)= 16 + or the logical sum of any of these values. In + the high rate extension PHY, this attribute shall + be used in preference to the dot11CCAModeSupported + attribute." + ::= { dot11PhyHRDSSSEntry 5 } + +-- ********************************************************************** +-- * End of dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11 Hopping Pattern TABLE +-- ******************************************************************** + +dot11HoppingPatternTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of attributes necessary for + a frequency hopping implementation to be able to + create the hopping sequences necessary to operate + in the subband for the associated domain country string." + ::= { dot11phy 13 } + +dot11HoppingPatternEntry OBJECT-TYPE + SYNTAX Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Hopping Pattern Table + that indicates the random hopping sequence to be followed. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are indexed + by ifIndex." + INDEX { ifIndex, + dot11HoppingPatternIndex } + ::= { dot11HoppingPatternTable 1 } + +Dot11HoppingPatternEntry ::= + SEQUENCE { + dot11HoppingPatternIndex Integer32, + dot11RandomTableFieldNumber Integer32 } + +dot11HoppingPatternIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Hopping Pattern Table." + ::= { dot11HoppingPatternEntry 1} + +dot11RandomTableFieldNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the + starting channel number in the hopping sequence of + the subband for the associated domain country string. + The default value of this attribute shall be zero." + ::= { dot11HoppingPatternEntry 2} + +-- ********************************************************************** +-- * End of dot11 Hopping Pattern TABLE +--********************************************************************** + +-- ********************************************************************** +-- * Conformance Information +-- ********************************************************************** + +dot11Conformance OBJECT IDENTIFIER ::= { ieee802dot11 5 } +dot11Groups OBJECT IDENTIFIER ::= { dot11Conformance 1 } +dot11Compliances OBJECT IDENTIFIER ::= { dot11Conformance 2 } + +-- ********************************************************************** +-- * Compliance Statements +-- ********************************************************************** + +dot11Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities + that implement the IEEE 802.11 MIB." + MODULE -- this module + MANDATORY-GROUPS { + dot11SMTbase2, + dot11MACbase, dot11CountersGroup, + dot11SmtAuthenticationAlgorithms, + dot11ResourceTypeID, dot11PhyOperationComplianceGroup } + + GROUP dot11PhyDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of dsss. This group is + mutually exclusive with the groups dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyIRComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of irbaseband. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyFHSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of fhss. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyOFDMComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of ofdm. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyFHSSComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyHRDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of hrdsss. This group is + mutually exclusive with the groups + dot11PhyDSSSComplianceGroup, dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup and dot11PhyOFDMComplianceGroup." + + -- OPTIONAL-GROUPS { dot11SMTprivacy, dot11MACStatistics, + -- dot11PhyAntennaComplianceGroup, dot11PhyTxPowerComplianceGroup, + -- dot11PhyRegDomainsSupportGroup, + -- dot11PhyAntennasListGroup, dot11PhyRateGroup } + + ::= { dot11Compliances 1 } + +-- ********************************************************************** +-- * Groups - units of conformance +-- ********************************************************************** + +dot11SMTbase OBJECT-GROUP + OBJECTS { dot11StationID, dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut } + STATUS deprecated + DESCRIPTION + "The SMT object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 1 } + +dot11SMTprivacy OBJECT-GROUP + OBJECTS { dot11PrivacyInvoked, + dot11WEPKeyMappingLength, dot11ExcludeUnencrypted, + dot11WEPICVErrorCount , dot11WEPExcludedCount , + dot11WEPDefaultKeyID, + dot11WEPDefaultKeyValue, + dot11WEPKeyMappingWEPOn, + dot11WEPKeyMappingValue , dot11WEPKeyMappingAddress, + dot11WEPKeyMappingStatus } + STATUS current + DESCRIPTION + "The SMTPrivacy package is a set of attributes that shall be + present if WEP is implemented in the STA." + ::= { dot11Groups 2 } + +dot11MACbase OBJECT-GROUP + OBJECTS { dot11MACAddress, dot11Address, + dot11GroupAddressesStatus, + dot11RTSThreshold, dot11ShortRetryLimit, + dot11LongRetryLimit, dot11FragmentationThreshold, + dot11MaxTransmitMSDULifetime, + dot11MaxReceiveLifetime, dot11ManufacturerID, + dot11ProductID } + STATUS current + DESCRIPTION + "The MAC object class provides the necessary support for the + access control, generation, and verification of frame check + sequences (FCSs), and proper delivery of valid data to upper + layers." + ::= { dot11Groups 3 } + +dot11MACStatistics OBJECT-GROUP + OBJECTS { dot11RetryCount, dot11MultipleRetryCount, + dot11RTSSuccessCount, dot11RTSFailureCount, + dot11ACKFailureCount, dot11FrameDuplicateCount } + STATUS current + DESCRIPTION + "The MACStatistics package provides extended statistical + information on the operation of the MAC. This + package is completely optional." + ::= { dot11Groups 4 } + +dot11ResourceTypeID OBJECT-GROUP + OBJECTS { dot11ResourceTypeIDName, dot11manufacturerOUI, + dot11manufacturerName, dot11manufacturerProductName, + dot11manufacturerProductVersion } + STATUS current + DESCRIPTION + "Attributes used to identify a STA, its manufacturer, + and various product names and versions." + ::= { dot11Groups 5 } + +dot11SmtAuthenticationAlgorithms OBJECT-GROUP + OBJECTS { dot11AuthenticationAlgorithm, + dot11AuthenticationAlgorithmsEnable } + STATUS current + DESCRIPTION + "Authentication Algorithm Table." + ::= { dot11Groups 6 } + +dot11PhyOperationComplianceGroup OBJECT-GROUP + OBJECTS { dot11PHYType, dot11CurrentRegDomain, dot11TempType } + STATUS current + DESCRIPTION + "PHY layer operations attributes." + ::= { dot11Groups 7 } + +dot11PhyAntennaComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentTxAntenna, dot11DiversitySupport, + dot11CurrentRxAntenna } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 8 } + +dot11PhyTxPowerComplianceGroup OBJECT-GROUP + OBJECTS { dot11NumberSupportedPowerLevels, dot11TxPowerLevel1, + dot11TxPowerLevel2, dot11TxPowerLevel3, dot11TxPowerLevel4, + dot11TxPowerLevel5, dot11TxPowerLevel6, dot11TxPowerLevel7, + dot11TxPowerLevel8, dot11CurrentTxPowerLevel } + STATUS current + DESCRIPTION + "Attributes for Control and Management of transmit power." + ::= { dot11Groups 9 } + +dot11PhyFHSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex} + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11." + ::= { dot11Groups 10 } + +dot11PhyDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold} + STATUS current + DESCRIPTION + "Attributes that configure the DSSS for IEEE 802.11." + ::= { dot11Groups 11 } + +dot11PhyIRComplianceGroup OBJECT-GROUP + OBJECTS { dot11CCAWatchdogTimerMax, dot11CCAWatchdogCountMax, + dot11CCAWatchdogTimerMin, dot11CCAWatchdogCountMin} + STATUS current + DESCRIPTION + "Attributes that configure the baseband IR for IEEE 802.11." + ::= { dot11Groups 12 } + +dot11PhyRegDomainsSupportGroup OBJECT-GROUP + OBJECTS { dot11RegDomainsSupportedValue} + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 13} + +dot11PhyAntennasListGroup OBJECT-GROUP + OBJECTS { dot11SupportedTxAntenna, + dot11SupportedRxAntenna, dot11DiversitySelectionRx } + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 14 } + +dot11PhyRateGroup OBJECT-GROUP + OBJECTS { dot11SupportedDataRatesTxValue, + dot11SupportedDataRatesRxValue } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 15 } + +dot11CountersGroup OBJECT-GROUP + OBJECTS { dot11TransmittedFragmentCount, + dot11MulticastTransmittedFrameCount, + dot11FailedCount, dot11ReceivedFragmentCount, + dot11MulticastReceivedFrameCount, + dot11FCSErrorCount, + dot11WEPUndecryptableCount, + dot11TransmittedFrameCount } + STATUS current + DESCRIPTION + "Attributes from the dot11CountersGroup that are not described + in the dot11MACStatistics group. These objects are + mandatory." + ::= { dot11Groups 16 } + +dot11NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { dot11Disassociate, + dot11Deauthenticate, + dot11AuthenticateFail } + STATUS current + DESCRIPTION + "IEEE 802.11 notifications" + ::= { dot11Groups 17 } + +dot11SMTbase2 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The SMTbase2 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 18 } + +dot11PhyOFDMComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentFrequency, + dot11TIThreshold, + dot11FrequencyBandsSupported } + STATUS current + DESCRIPTION + "Attributes that configure the OFDM for IEEE 802.11." + ::= { dot11Groups 19 } + +dot11SMTbase3 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation, + dot11MultiDomainCapabilityImplemented, + dot11MultiDomainCapabilityEnabled, + dot11CountryString } + STATUS current + DESCRIPTION + "The SMTbase3 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network, when the STA + is capable of multi-domain operation. This object group should be + implemented when the multi-domain capability option is implemented." + ::= { dot11Groups 20 } + +dot11MultiDomainCapabilityGroup OBJECT-GROUP + OBJECTS { dot11FirstChannelNumber, + dot11NumberofChannels, + dot11MaximumTransmitPowerLevel } + STATUS current + DESCRIPTION + "The dot11MultiDomainCapabilityGroup object class provides + the objects necessary to manage the channels usable by a STA, + when the multi-domain capability option is implemented." + ::= { dot11Groups 21 } + +dot11PhyFHSSComplianceGroup2 OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex, dot11EHCCPrimeRadix, + dot11EHCCNumberofChannelsFamilyIndex, + dot11EHCCCapabilityImplemented, dot11EHCCCapabilityEnabled, + dot11HopAlgorithmAdopted, dot11RandomTableFlag, + dot11NumberofHoppingSets, dot11HopModulus, + dot11HopOffset, dot11RandomTableFieldNumber } + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11 when multi-domain capability option is implemented." + ::= { dot11Groups 22 } + +dot11PhyHRDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold, + dot11ShortPreambleOptionImplemented, + dot11PBCCOptionImplemented, dot11ChannelAgilityPresent, + dot11ChannelAgilityEnabled, dot11HRCCAModeSupported } + STATUS current + DESCRIPTION + "Attributes that configure the HRDSSS for IEEE 802.11." + ::= { dot11Groups 23 } + +-- ********************************************************************** +-- * End of 802.11 MIB +-- ********************************************************************** + +END + Index: /branches/breakout-spoke/nanobsd/files/usr/local/share/snmp/snmpd.conf =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) @@ -0,0 +1,85 @@ +# snmpd.conf + +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec local localhost public +com2sec mynetwork 172.16.0.0/12 public +com2sec mynetwork 10.0.0.0/8 public +com2sec mynetwork 192.168.0.0/16 public + + + +# Second, map the security names into group names: + +# sec.model sec.name +group MyRWGroup v1 local +group MyRWGroup v2c local +group MyRWGroup usm local +group MyROGroup v1 mynetwork +group MyROGroup v2c mynetwork +group MyROGroup usm mynetwork + + +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 + + +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + + +# System contact information + +sysLocation Somewhere in or near Leiden +sysContact Stichting Wireless Leiden / +31 71 5139817 + + +# Process checks. + +# name max min +proc lvrouted.opt 1 1 +proc sshd 8 1 +proc syslogd 1 1 +proc ntpd 1 1 +proc snmpd 1 1 +proc dhcpd 1 1 +proc pen 1 1 +proc cron 2 1 +proc named 1 1 + + +# disk checks + +# path min +#disk / 90% +#disk /var 80% +#disk /usr 80% +#disk /tmp 60% +includeAllDisks 85% + + +# load average checks + +# 1max 5max 15max +load 12 14 14 + + +# Pass through control + +# miboid exec-command +pass .1.3.6.1.4.1.2021.50 /usr/local/nagios/bin/processor + +pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf + +extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh +extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh + Index: /branches/breakout-spoke/nanobsd/files/usr/local/www/wlportal/index.cgi =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) @@ -0,0 +1,372 @@ +#!/usr/bin/env python +# +# Wrap me around tcpserver or inetd, example usage for tcpserver (debug): +# tcpserver -HRl localhost 172.31.255.1 /root/wlportal.py +# +# Or put me in a CGI script in for example thttpd server: +# +# = Usage = +# This is a wrapper script which does very basic HTML parsing and altering of +# ipfw tables rules to build a basic Captive Portal, with basic sanity +# checking. The ACL is IP based (this is a poor mans solution, layer2 +# ACL would be much better), so don't take security very seriously. +# +# To get traffic by default to the portal iI requires a few special rules in +# ipfw to work properly (ajust IP details if needed): +# - Rule 10010-10099 needs to be free. +# - add 10100 fwd 172.20.145.1,8081 tcp from any to not 172.16.0.0/12 dst-port 80 in via wlan0 +# +# Enties older than 5 minutes not being used will be removed if the (hidden) +# argument action=cleanup is given as GET variable. So having this in cron (would fix it): +# */5 * * * * /usr/bin/fetch -q http://172.31.255.1/wlportal?action=cleanup +# +# The program has uses a file based persistent cache to save authenticated +# ACLs, this will NOT get synced after a reboot. +# +# State : ALPHA +# Version : $Id$ +# Author : Rick van der Zwet +# Licence : BSDLike http://wirelessleiden.nl/LICENSE + +import logging +import os +import pickle +import re +import signal +import subprocess +import sys +import time +import traceback +import urlparse + +# XXX: Make me dynamic +portalroot='172.31.255.1' +portalurl='http://www.wirelessleiden.nl' +fwcmd='/sbin/ipfw' +arpcmd='/usr/sbin/arp' + + +logging.basicConfig(stream=open('/var/log/wlportal.log','a'),level=logging.DEBUG) + +class ItemCache: + """ + Very basic ItemCache used for caching registered entries and other foo, no + way recurrent, so use with care! + """ + + def __init__(self, authentication_timeout=60): + self.cachefile='/tmp/portal.cache' + # cache[mac_address] = (ipaddr, registered_at, last_seen) + self.cache = None + self.arp_cache = None + self.now = time.time() + self.authentication_timeout = authentication_timeout + + def delete_all(self): + self.cache = {} + self.save() + + def delete(self,ipaddr): + self.load() + for mac in self.cache.keys(): + if self.cache[mac][0] == ipaddr: + del self.cache[mac] + self.save() + + + def load(self): + """ Request cached file entries """ + if self.cache == None: + try: + self.cache = pickle.load(open(self.cachefile,'r')) + except IOError: + self.cache = {} + pass + + def load_arp_cache(self): + """ Provide with listing of MAC to IP numbers """ + if self.arp_cache == None: + output = subprocess.Popen([arpcmd,'-na'], stdout=subprocess.PIPE).communicate()[0] + self.arp_cache = {} + for line in output.strip().split('\n'): + # ? (172.20.145.30) at 00:21:e9:e2:7c:c6 on wlan0 expires in 605 seconds [ethernet] + if not 'expires' in line: + continue + t = re.split('[ ()]',line) + ip, mac = t[2],t[5] + self.arp_cache[ip] = mac + + def add(self,ipaddr): + """ Add entry to cache (on file) and return entry""" + self.load() + self.load_arp_cache() + self.cache[self.arp_cache[ipaddr]] = (ipaddr, self.now, self.now) + logging.debug("Adding Entry to Cache %s -> %s" % (ipaddr, self.arp_cache[ipaddr])) + self.save() + + def save(self): + """ Sync entries to disk """ + # XXX: Should actually check if entry has changed at all + pickle.dump(self.cache, open(self.cachefile,'w')) + + def update(): + """ Update entries with relevant ARP cache """ + self.load() + self.load_arp_cache() + # Update last_seen time for currently active entries + for ip,mac in self.arp_cache.iteritems(): + if self.cache.has_key(mac): + self.cache[mac][3] = now + + # cleanup no longer used entries, after authentication_timeout seconds. + for mac in self.cache: + if self.cache[mac][3] < self.now - self.authentication_timeout: + del self.cache[mac] + + # Sync results to disk + self.save() + return self.cache + + def get_cache(self): + self.load() + return self.cache + + def get_arp_cache(self): + self.load_arp_cache() + return self.arp_cache + + +class FirewallControl: + def __init__(self): + self.first_rule = 10010 + self.last_rule = 10099 + self.available_rule = self.first_rule + self.logger = '' + + + def load(self): + # Get all registered ips + sp = subprocess.Popen([fwcmd,'show','%i-%i' % (self.first_rule, self.last_rule)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + output = sp.communicate()[0] + self.ip_in_firewall = {} + if sp.returncode == 0: + # 10010 32 1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12,192.168.1.0/24 dst-port 80 + for line in output.strip().split('\n'): + t = line.split() + rule, ip = t[0], t[6] + self.ip_in_firewall[ip] = rule + + if self.available_rule == int(rule): + self.available_rule += 1 + else: + # XXX: Some nagging about no rules beeing found perhaps? + pass + + def cleanup(self): + """ Cleanup Old Entries, mostly used for maintenance runs """ + self.load() + # Make sure cache matches the latest ARP version + itemdb = ItemCache() + cache = itemdb.get_cache() + valid_ip = itemdb.get_arp_cache() + + # Check if all ipfw allowed entries still have the same registered MAC address + # else assume different user and delete. + for ip,rule in self.ip_in_firewall.iteritems(): + delete_entry = False + + # Make sure IP is still valid + if not valid_ip.has_key(ip): + delete_entry = True + # Also MAC needs to exists in Cache + elif not cache.has_key(valid_ip[ip]): + delete_entry = True + # IP need to match up with registered one + elif not cache[valid_ip[ip]][0] == ip: + delete_entry = True + + # Delete entry if needed + if delete_entry: + output = subprocess.Popen([fwcmd,'delete',str(rule)], stdout=subprocess.PIPE).communicate()[0] + self.logger += "Deleting ipfw entry %s %s\n" % (rule, ip) + logging.debug('Deleting ipfw entry %s %s\n' % (rule, ip)) + + + def add(self,ipaddr): + """ Add Entry to Firewall, False if already exists """ + self.load() + if not self.ip_in_firewall.has_key(ipaddr): + rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12,192.168.1.0/24 dst-port 80".split() + rule[0] = str(self.available_rule) + rule[4] = str(ipaddr) + logging.debug("Addding %s" % " ".join(rule)) + output = subprocess.Popen([fwcmd,'add'] + rule, stdout=subprocess.PIPE).communicate()[0] + itemdb = ItemCache() + itemdb.add(ipaddr) + return True + else: + return False + + + def delete(self, ipaddr): + itemdb = ItemCache() + itemdb.delete(ipaddr) + self.cleanup() + + def delete_all(self): + itemdb = ItemCache() + itemdb.delete_all() + self.cleanup() + + def get_log(self): + return self.logger + + + +# Query String Dictionaries +qs_post = None +qs = None +header = [] + +# We are are HTTP server, so act like one +if not os.environ.has_key('REQUEST_METHOD'): + class TimeoutException(Exception): + """ Helper for alarm signal handling""" + pass + + def handler(signum, frame): + """ Helper for alarm signal handling""" + raise TimeoutException + + + # Parse the HTTP/1.1 Content-Header (partially) + signal.signal(signal.SIGALRM,handler) + us = None + method = None + hostname = None + content_length = None + remote_host = None + while True: + try: + signal.alarm(1) + line = sys.stdin.readline().strip() + if not line: + break + header.append(line) + signal.alarm(0) + if line.startswith('GET '): + us = urlparse.urlsplit(line.split()[1]) + method = 'GET' + elif line.startswith('POST '): + method = 'POST' + us = urlparse.urlsplit(line.split()[1]) + elif line.startswith('Host: '): + hostname = line.split()[1] + elif line.startswith('Content-Length: '): + content_length = int(line.split()[1]) + except TimeoutException: + break + + # Capture Portal, make sure to redirect all to portal + if hostname != portalroot: + print "HTTP/1.1 302 Moved Temponary\r\n", + print "Location: http://%s/\r\n" % portalroot, + sys.exit(0) + + + # Handle potential POST + if method == 'POST' and content_length: + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + # Parse Query String + if us and us.path == "/wlportal" and us.query: + qs = urlparse.parse_qs(us.query) + + remote_host = os.environ['REMOTEHOST'] +else: + # Parse the CGI Variables if present + if os.environ['REQUEST_METHOD'] == "POST": + content_length = int(os.environ['CONTENT_LENGTH']) + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + if os.environ.has_key('QUERY_STRING'): + qs = urlparse.parse_qs(os.environ['QUERY_STRING']) + + remote_host = os.environ['REMOTE_ADDR'] + + + +# Helpers for HTML 'templates' +content = { + 'portalroot' : portalroot, + 'portalurl' : portalurl, + 'extra_header' : '', + 'tech_footer' : '', + 'status_msg' : '', + } + +try: + # Put authenticate use and process response + if qs_post and qs_post.has_key('action'): + if 'login' in qs_post['action']: + fw = FirewallControl() + if fw.add(remote_host): + content['extra_header'] = "Refresh: 5; url=%(portalurl)s\r" % content + content['status_msg'] = "Sucessfully Logged In!
" +\ + """ Will redirect you in 5 seconds to %(portalurl)s """ % content + else: + content['status_msg'] = "ERROR! Already Logged On" + elif 'logout' in qs_post['action']: + fw = FirewallControl() + fw.delete(remote_host) + content['status_msg'] = "Succesfully logged out!" + elif qs and qs.has_key('action'): + if 'deleteall' in qs['action']: + content['tech_footer'] += "# [INFO] Deleting all entries\n" + fw = FirewallControl() + fw.delete_all() + content['tech_footer'] += fw.get_log() + elif 'cleanup' in qs['action']: + tech_footer = "# [INFO] Update timestamp of all entries\n" + fw = FirewallControl() + fw.update() + content['tech_footer'] += fw.get_log() + elif 'cleanup' in qs['action']: + content['tech_footer'] += "# [INFO] Deleting all entries" + fw = FirewallControl() + fw.delete_all() + +except Exception,e: + content['tech_footer'] += traceback.format_exc() + content['status_msg'] = e + pass + + # Present Main Screen +print """\ +HTTP/1.1 200 OK\r +Content-Type: text/html\r +%(extra_header)s + + +

%(status_msg)s

+ +

Wireless Leiden - Internet Portal

+
+ + +
+ +

More options

+
+ + +
+""" % content + +print "
Technical Details:
"
+print "\n# [DEBUG] Header: ".join([''] + header)
+print content['tech_footer']
+print "
" +print "" Index: /branches/breakout-spoke/nanobsd/files/usr/local/www/wlweb/index.cgi =================================================================== --- /branches/breakout-spoke/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) +++ /branches/breakout-spoke/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) @@ -0,0 +1,36 @@ +#!/usr/local/bin/python +# +# Wireless Leiden webinterface for (embedded) nodes +# Rick van der Zwet +# Richard van Mansom (richardvm@wirelessleiden.nl), striped the webserver + +from subprocess import * +import os + +def tailFile(file): + lines=-10 + return("Tail (%i): %s
%s
" % (lines,file,Popen(["tail", str(lines), file], stdout=PIPE).communicate()[0])); + +def catFile(file): + return("File: %s
%s
" % (file,Popen(["cat", file], stdout=PIPE).communicate()[0])); + +def allRoutes(): + return("netstat -nr
%s
" % Popen(["netstat", "-n", "-r"], stdout=PIPE).communicate()[0]); + +def processList(): + return("ps -aux
%s
" % Popen(["ps", "-a", "-u", "-x"], stdout=PIPE).communicate()[0]); + + +def main(): + return ( "Content-Type: text/html\n\n" + + "" + + "Welcome to Stichting Wireless Leiden host/node " + + Popen(["hostname"], stdout=PIPE).communicate()[0] + + "

" + tailFile('/var/log/messages') + "

" + + tailFile('/var/log/debug.log') + "

" + + catFile('/var/run/dmesg.boot') + "

" + + allRoutes() + "

" + + processList() + "

" + + "$Id$" ) + +print main() Index: /branches/breakout-spoke/nanobsd/misc/patches/cardbus_cis.c.patch =================================================================== --- /branches/breakout-spoke/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) @@ -0,0 +1,48 @@ +--- src/sys/dev/cardbus/cardbus_cis.c~ 2007-06-08 00:03:57.000000000 -0400 ++++ src/sys/dev/cardbus/cardbus_cis.c 2007-12-09 16:20:26.000000000 -0500 +@@ -435,10 +435,11 @@ + struct resource *res) + { + if (res != CIS_CONFIG_SPACE) { +- bus_release_resource(child, SYS_RES_MEMORY, rid, res); ++ bus_release_resource(cbdev, SYS_RES_MEMORY, rid, res); + if (rid == PCIM_CIS_ASI_ROM) + pci_write_config(child, rid, pci_read_config(child, + rid, 4) & ~PCIR_BIOS, 4); ++ PCI_DISABLE_IO(cbdev, child, SYS_RES_MEMORY); + } + } + +@@ -448,6 +449,8 @@ + { + struct resource *res; + uint32_t space; ++ uint32_t testval; ++ uint32_t size; + + space = *start & PCIM_CIS_ASI_MASK; + switch (space) { +@@ -476,10 +479,13 @@ + space); + return (NULL); + } ++ pci_write_config(child, *rid, 0xffffffff, 4); ++ testval = pci_read_config(child, *rid, 4); ++ size = CARDBUS_MAPREG_MEM_SIZE(testval); + + /* allocate the memory space to read CIS */ +- res = bus_alloc_resource(child, SYS_RES_MEMORY, rid, 0, ~0, 1, +- rman_make_alignment_flags(4096) | RF_ACTIVE); ++ res = bus_alloc_resource(cbdev, SYS_RES_MEMORY, rid, 0, ~0, size, ++ rman_make_alignment_flags(size) | RF_ACTIVE); + if (res == NULL) { + device_printf(cbdev, "Unable to allocate resource " + "to read CIS.\n"); +@@ -488,6 +494,7 @@ + if (*rid == PCIR_BIOS) + pci_write_config(child, *rid, + rman_get_start(res) | PCIM_BIOS_ENABLE, 4); ++ PCI_ENABLE_IO(cbdev, child, SYS_RES_MEMORY); + + /* Flip to the right ROM image if CIS is in ROM */ + if (space == PCIM_CIS_ASI_ROM) { Index: /branches/breakout-spoke/nanobsd/misc/patches/if_udav.c.patch =================================================================== --- /branches/breakout-spoke/nanobsd/misc/patches/if_udav.c.patch (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/patches/if_udav.c.patch (revision 10119) @@ -0,0 +1,11 @@ +--- if_udav.c 2010-02-19 19:58:45.000000000 +0100 ++++ if.udav.c.new 2010-02-19 17:54:20.000000000 +0100 +@@ -206,6 +206,8 @@ + {USB_VPI(USB_VENDOR_SHANTOU, USB_PRODUCT_SHANTOU_ST268, 0)}, + /* Corega USB-TXC */ + {USB_VPI(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB_TXC, 0)}, ++ /* DAVICOM DM9601 Generic */ ++ {USB_VPI(USB_VENDOR_DAVICOM, USB_PRODUCT_DAVICOM_DM9601, 0)}, + }; + + static void Index: /branches/breakout-spoke/nanobsd/misc/patches/usbdevs.patch =================================================================== --- /branches/breakout-spoke/nanobsd/misc/patches/usbdevs.patch (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/patches/usbdevs.patch (revision 10119) @@ -0,0 +1,30 @@ +--- usbdevs 2009-12-22 12:48:05.000000000 +0100 ++++ usbdevs.new 2009-12-22 12:53:41.000000000 +0100 +@@ -156,7 +156,7 @@ + vendor COMPAQ 0x049f Compaq + vendor HITACHI 0x04a4 Hitachi + vendor ACERP 0x04a5 Acer Peripherals +-vendor DAVICOM 0x04a6 Davicom ++/*vendor DAVICOm 0x04a6 Davicom*/ + vendor VISIONEER 0x04a7 Visioneer + vendor CANON 0x04a9 Canon + vendor NIKON 0x04b0 Nikon +@@ -540,6 +540,7 @@ + vendor FALCOM 0x0f94 Falcom Wireless Communications GmbH + vendor RIM 0x0fca Research In Motion + vendor DYNASTREAM 0x0fcf Dynastream Innovations ++vendor DAVICOM 0x0fe6 Davicom + vendor QUALCOMM 0x1004 Qualcomm + vendor DESKNOTE 0x1019 Desknote + vendor GIGABYTE 0x1044 GIGABYTE +@@ -1107,6 +1108,10 @@ + product CYPRESS USBRS232 0x5500 USB-RS232 Interface + product CYPRESS SLIM_HUB 0x6560 Slim Hub + ++/* Davicom Semiconductor products */ ++/*product DAVICOM DM9601 0x9601 DM9601 USB NIC*/ ++product DAVICOM DM9601 0x8101 DM9601 USB NIC ++ + /* Daisy Technology products */ + product DAISY DMC 0x6901 USB MultiMedia Reader + Index: /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/Makefile =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/Makefile (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/Makefile (revision 10119) @@ -0,0 +1,32 @@ +# New ports collection makefile for: lrvrouted +# Date created: 2009-07-12 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= lvrouted +PORTVERSION= 8518 +CATEGORIES= net +MASTER_SITES= http://webfolder.wirelessleiden.nl/lvrouted/ \ + http://rickvanderzwet.nl/mirror/lvrouted/ + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= Lvrouted is a very simple shortest-path routing daemon + +GNU_CONFIGURE= yes +USE_AUTOTOOLS= autoconf autoheader + +BUILD_DEPENDS+= ocamlopt:${PORTSDIR}/lang/ocaml-nox11 \ + ocamlfind:${PORTSDIR}/devel/ocaml-findlib + +USE_RC_SUBR= lvrouted + +post-install: +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/lvrouted.ps ${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/lvrouted.html ${DOCSDIR} +.endif + +.include Index: /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/distinfo =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/distinfo (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (lvrouted-8518.tar.gz) = 339bc29d021c88d06fd069766c72c075 +SHA256 (lvrouted-8518.tar.gz) = b93f642df38add4e3c8d1067d764af041fe63505820887a91cab07658606a3ee +SIZE (lvrouted-8518.tar.gz) = 59483 Index: /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/files/lvrouted.in (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# PROVIDE: lvrouted +# REQUIRE: netif routing +# KEYWORD: nojail + +lvrouted_enable=${lvrouted_enable:-"NO"} +lvrouted_flags=${lvrouted_flags:-} + +. /etc/rc.subr + +name="lvrouted" +rcvar=`set_rcvar` +load_rc_config $name + +command="%%PREFIX%%/sbin/${name}" + +pid_file="/var/run/${name}.pid" + +start_precmd="lvrouted_flush_routes" + +# XXX: Needs to be a flag to disable +# XXX: lvrouted should mark their added routed protocol specific (see: man 8 route) +# lvrouted requires no route to exists before start as it is not able to alter +# old routes, so make it flush all dynamic generated routes +lvrouted_flush_routes() { + + # XXX: Does the looping bug still exists? + # Keep looping till we whiped _all_ dynamic generated routes + while true; do + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) { exit 1} }' + if [ $? -eq 0 ]; then + break + fi + echo "WARNING: Flushing all existing DYNAMIC routes" 1>&2 + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) {print $1} }' | xargs -n 1 route delete + done +} + +run_rc_command "$1" Index: /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/pkg-descr =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/pkg-descr (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/pkg-descr (revision 10119) @@ -0,0 +1,14 @@ +Lvrouted is a very simple shortest-path routing daemon, featuring: + + - UDP based. no firmware-confusing multi- or broadcasts + - no per-node configuration + - spanning tree, so no count-to-infinity + - some specific wireless hacks, such as keeping an eye on the interface + association status for clients and the list of associated stations for + masters + - the ability to sign packets for some measure of security against malicious + packets + - sequence number against replay attacks. yes I know this is not + bulletproof. + +WWW: http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/ Index: /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/pkg-plist =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/pkg-plist (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/lvrouted/pkg-plist (revision 10119) @@ -0,0 +1,4 @@ +sbin/lvrouted +%%PORTDOCS%%%%DOCSDIR%%/lvrouted.html +%%PORTDOCS%%%%DOCSDIR%%/lvrouted.ps +%%PORTDOCS%%@dirrm %%DOCSDIR%% Index: /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/Makefile =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/Makefile (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/Makefile (revision 10119) @@ -0,0 +1,26 @@ +# New ports collection makefile for: tproxy +# Date created: 2009-07-13 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= tproxy +PORTVERSION= 2 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= ${PORTNAME} + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= tpoxy user-space single-port unidirectional tcp proxy + +USE_RC_SUBR= tproxy + +post-extract: + ${MV} ${WRKDIR}/${PORTNAME} ${WRKSRC} + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/tproxy ${PREFIX}/bin + +.include + Index: /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/distinfo =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/distinfo (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (tproxy-2.tar.gz) = 6ab0cb46e1eed1ecebd7a0781dfe2a6a +SHA256 (tproxy-2.tar.gz) = 8c59a20a93eda6b57e2a4abd5645e69c13247ebfed45561778e78e16eca7d551 +SIZE (tproxy-2.tar.gz) = 12584 Index: /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/files/tproxy.in =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/files/tproxy.in (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/files/tproxy.in (revision 10119) @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD: $ +# + +# PROVIDE: tproxy +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable tproxy: +# +# tproxy_enable="YES" +# + +. %%RC_SUBR%% + +name=tproxy +rcvar=`set_rcvar` + +command=%%PREFIX%%/bin/${name} + +tproxy_enable=${tproxy_enable:-"NO"} +tproxy_flags=${tproxy_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/pkg-descr =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/pkg-descr (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/pkg-descr (revision 10119) @@ -0,0 +1,4 @@ +user-space single-port unidirectional tcp proxy which handles out-of-band data, +and telnet-through firewall tunnelling. + +WWW: http://sourceforge.net/projects/tproxy/ Index: /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/pkg-plist =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/pkg-plist (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/tproxy/pkg-plist (revision 10119) @@ -0,0 +1,1 @@ +bin/tproxy Index: /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/Makefile =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/Makefile (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/Makefile (revision 10119) @@ -0,0 +1,25 @@ +# New ports collection makefile for: transproxy +# Date created: 2009-07-15 +# Whom: Rick van der Zwet +# +# $FreeBSD: $ +# + +PORTNAME= transproxy +PORTVERSION= 1.6 +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= ${PORTNAME} +EXTRACT_SUFX= .tgz + +MAINTAINER= info@rickvanderzwet.nl +COMMENT= Transproxy is used to transparently proxy HTTP requests + +USE_RC_SUBR= transproxy + +MAN8= tproxy.8 + +post-install: + @${CAT} ${PKGDIR}/pkg-message + +.include Index: /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/distinfo =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/distinfo (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/distinfo (revision 10119) @@ -0,0 +1,3 @@ +MD5 (transproxy-1.6.tgz) = 02cc1160a9db9c49a40491f890083044 +SHA256 (transproxy-1.6.tgz) = 7bc4ce5ab01648dcaca25555eb4d4c3a67aed6bbb42e1432aaa4e9b20b75dab3 +SIZE (transproxy-1.6.tgz) = 23592 Index: /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/files/transproxy.in =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/files/transproxy.in (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/files/transproxy.in (revision 10119) @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD: $ +# + +# PROVIDE: transproxy +# REQUIRE: NETWORKING SERVERS ipfw +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable transproxy: +# +# transproxy_enable="YES" +# + +. /etc/rc.subr + +name=transproxy +rcvar=`set_rcvar` +start_precmd=${name}_precmd +stop_postcmd=${name}_postcmd + +command=%%PREFIX%%/sbin/tproxy + +transproxy_port=${transproxy_port:-8081} +transproxy_log=${transproxy_log:-"/var/log/transproxy.log"} +transproxy_proxyhost=${transproxy_proxyhost:-"proxy"} +transproxy_proxyport=${transproxy_proxyport:-3128} +transproxy_enable=${transproxy_enable:-"NO"} +transproxy_flags="-s $transproxy_port -l $transproxy_log $transproxy_proxyhost $transproxy_proxyport $transproxy_flags" + +transproxy_precmd () +{ + +} + + +transproxy_postcmd () +{ + ipfw delete 10010 10000 10001 >/dev/null + +} + + +load_rc_config $name +run_rc_command "$1" Index: /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-descr =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-descr (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-descr (revision 10119) @@ -0,0 +1,5 @@ +Transproxy is used in conjunction with the FreeBSD (ipfw and ipnat) or Linux +transparent proxy feature (ipfwadm, ipchains and iptables), to transparently +proxy HTTP requests. + +WWW: http://sourceforge.net/projects/transproxy/ Index: /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-message =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-message (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-message (revision 10119) @@ -0,0 +1,12 @@ +Remember to setup ipfw correctly. + +Sample below, uses following options: + Localip 172.19.152.65/26 + Localnet 172.16.0.0/12 + Transparant proxy enabled for all NOT localnet destinations 80 + transproxy running at port 8081 + + +ipfw add 10000 allow tcp from any to localhost 80 +ipfw add 10001 allow tcp from any to me 80 +ipfw add 10010 fwd 172.19.152.65,8081 tcp from any to no 172.16.0.0/12 80 Index: /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-plist =================================================================== --- /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-plist (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/ports/net/transproxy/pkg-plist (revision 10119) @@ -0,0 +1,3 @@ +sbin/tproxy +sbin/tproxyrun +sbin/tproxywatch Index: /branches/breakout-spoke/nanobsd/misc/testing-server/dhcpd.conf =================================================================== --- /branches/breakout-spoke/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) @@ -0,0 +1,17 @@ +# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates. +ddns-update-style ad-hoc; + +default-lease-time 600; +max-lease-time 7200; +authoritative; + +option domain-name "example.com"; +option domain-name-servers 208.67.222.222; +option routers 192.168.4.1; + +subnet 192.168.4.0 netmask 255.255.255.0 { + range 192.168.4.10 192.168.4.100; + + filename "pxeboot"; + option root-path "192.168.4.1:/usr/data/base/"; +} Index: /branches/breakout-spoke/nanobsd/misc/testing-server/exports =================================================================== --- /branches/breakout-spoke/nanobsd/misc/testing-server/exports (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/testing-server/exports (revision 10119) @@ -0,0 +1,2 @@ +/usr/data -alldirs -maproot=root -network 192.168.4.0/24 +/usr/data/base -alldirs -maproot=root -network 192.168.4.0/24 Index: /branches/breakout-spoke/nanobsd/misc/testing-server/rc.conf =================================================================== --- /branches/breakout-spoke/nanobsd/misc/testing-server/rc.conf (revision 10119) +++ /branches/breakout-spoke/nanobsd/misc/testing-server/rc.conf (revision 10119) @@ -0,0 +1,28 @@ +hostname="richard.wleiden.net" +ifconfig_xl0="inet 172.19.137.70/27" +defaultrouter="172.19.137.66" + +sshd_enable="YES" + + + +# +# PXEboot envirionment +ifconfig_bfe0="inet 192.168.4.1/24" + +# DHCPD server, ip address, options, hints +dhcpd_enable="YES" + +# TFTP server, initial boot +inetd_enable="YES" + +# NFS server, kernel and more +nfs_server_enable="YES" +rpcbind_enable="YES" +mountd_flags="-r" + +gateway_enable="YES" +firewall_enable="YES" +firewall_type="OPEN" +natd_enable="YES" +natd_interface="xl0" Index: /branches/breakout-spoke/nanobsd/tools/config-image.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/config-image.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/config-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Push config onto persistent location inside node image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} /tools/wl-config -n -m startup + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/breakout-spoke/nanobsd/tools/edit-image.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/edit-image.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/edit-image.sh (revision 10119) @@ -0,0 +1,54 @@ +#!/bin/sh +# Chroot into image to edit bits and pieces +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +p_info "Type exit when done" +chroot ${MNT} +p_info "Any changes are made permanent on image ${IMG}" + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/breakout-spoke/nanobsd/tools/image-build.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/image-build.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/image-build.sh (revision 10119) @@ -0,0 +1,78 @@ +#!/bin/sh +# Wrapper around nanobsd.sh with autodetection of already processed steps +# to provide some failsafe net + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" +NANOBSD='/usr/src/tools/tools/nanobsd/nanobsd.sh' + +. ${BASEDIR}/package-build.inc.sh + +FORCE_KERNEL=0 +FORCE_WORLD=0 +#XXX: Proper object handling +if [ "$1" = "-bk" ]; then + p_warn Forcefully building kernel + FORCE_KERNEL=1 +elif [ "$1" = "-bw" ]; then + p_warn Forcefully building world + FORCE_WORLD=1 +elif [ "$1" = "-f" ]; then + p_warn Forcefully building world and kernel + FORCE_KERNEL=1 + FORCE_WORLD=1 +fi +shift +NANOBSD_EXTRA=$* + +if [ ! -r "${NANOBSD}" ]; then + p_err ${NANOBSD} does not exists + exit 1 +fi + +if [ ! -x "${NANOBSD}" ]; then + NANOBSD="sh ${NANOBSD}" +fi + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + +if [ -d "${OBJDIR}" ]; then + NANOBSD_FLAGS="" + + # Detect succesfull buildworld + tail -10 ${OBJDIR}/_.bw | grep 'World build completed' + if [ $? -eq 0 -a ${FORCE_WORLD} -eq 0 ]; then + p_info NO building of world, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -w" + fi + + # Detect succesfull buildkernel + tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' + if [ $? -eq 0 -a ${FORCE_KERNEL} -eq 0 ]; then + p_info NO building of kernel, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -k" + fi + +else + p_warn Nothing yet, starting fresh + NANOBSD_FLAGS="" +fi + +# Provide verbose output by default +COMMAND="${NANOBSD} ${NANOBSD_FLAGS} -c ${CFG} -v ${NANOBSD_EXTRA}" +f_time ${COMMAND} +RETVAL=$? + +# Verify on build failures +tail -10 ${OBJDIR}/_.bw | grep 'World build completed' +if [ $? -eq 1 ]; then + p_err Building world FAILED, check ${OBJDIR}/_.bw +fi +tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' +if [ $? -eq 1 ]; then + p_err Building kernel FAILED, check ${OBJDIR}/_.bk +fi +p_info End time: `date` +exit ${RETVAL} Index: /branches/breakout-spoke/nanobsd/tools/make-release.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/make-release.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/make-release.sh (revision 10119) @@ -0,0 +1,51 @@ +#!/bin/sh +# Small tool to build nanobsd release, ready for distribution: + +BASEDIR="`dirname $0`/.." + +# Some cleaning at start +for PORT in ${BASEDIR}/misc/ports/*/*; do + (cd $PORT; make clean); +done + +# Version target +# Either version from command line or else subversion base +VERSION=${1-`svn info ${BASEDIR} | awk '/Revision:/ {print $2}'`} + +TMPDIR=`mktemp -d -t $(basename $0 .sh)` + +PKGDIR=wl-image-$VERSION +WRKSRC=$TMPDIR/$PKGDIR +mkdir $WRKSRC +cp -R ${BASEDIR}/tools $WRKSRC +cp -R ${BASEDIR}/cfg $WRKSRC +cp -R ${BASEDIR}/misc $WRKSRC +cp -R ${BASEDIR}/files $WRKSRC +cp -R ${BASEDIR}/README.txt $WRKSRC + +# Present real image +# XXX: Make path relative +# XXX: Find some pretty options +IMG=/usr/obj/nanobsd.wleiden/_.disk.full +IMG_DIR=`dirname ${IMG}` +IMG_PKGDIR=${IMG_DIR}/${PKGDIR} +mkdir ${IMG_PKGDIR} +ln ${IMG} ${IMG_PKGDIR}/disk_full.img + +# Make pretty tar file out of it +tar --exclude ".svn" --exclude "Makefile" \ + --exclude "config.cache" --exclude "config.log" --exclude "config.status" \ + --exclude ".depend" \ + -cjf wl-image-$VERSION.tbz \ + -C $TMPDIR \ + $PKGDIR/tools \ + $PKGDIR/cfg \ + $PKGDIR/files \ + $PKGDIR/misc \ + $PKGDIR/README.txt \ + -C $IMG_DIR \ + $PKGDIR/disk_full.img + +rm -fR $TMPDIR +rm -fR $IMG_PKGDIR + Index: /branches/breakout-spoke/nanobsd/tools/package-build.inc.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/package-build.inc.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/package-build.inc.sh (revision 10119) @@ -0,0 +1,70 @@ +# Used to store profile data +TIME_FILE=$(dirname $0)/eta-times.txt + +p_list () { +echo "$*" | sed -e 's/ /|## /g' -e 's/^/## /g' +} + +p_info () { + echo "$*" | tr '|' '\n' | sed 's/^/# /' +} + +p_warn () { + echo "$*" | tr '|' '\n' | sed 's/^/#WARN: /' +} + +p_err () { + echo "$*" | tr '|' '\n' | sed 's/^/#ERR: /' +} + +p_sleep() { + SLEEP=${1-5} + while [ "${SLEEP}" -gt 0 ]; do + printf '.' + sleep 1 + SLEEP=`expr ${SLEEP} - 1` + done + printf '\n' +} + +# Print estimation on how long it normally if going to take +f_time() { + COMMAND="$*" + ETA_TIME=` grep "${COMMAND}$" ${TIME_FILE} 2>/dev/null | awk '{print $1}'` + if [ -z "${ETA_TIME}" ]; then + ETA_TIME="NaN" + fi + + p_info Last run of "'${COMMAND}'" took ${ETA_TIME} + p_info Start time: `date` + + # Execute command + START_TIME=`date "+%s"` + $COMMAND + RETVAL=$? + STOP_TIME=`date "+%s"` + + p_info End time: `date` + # Calculate time it took + TOTAL_TIME=`expr ${STOP_TIME} - ${START_TIME}` + HUMAN_FMT=`date -ur ${TOTAL_TIME} "+%H:%M:%S"` + + # Store new time if command is succesfull + if [ "${RETVAL}" -eq 0 ]; then + grep -v "${COMMAND}$" ${TIME_FILE} > ${TIME_FILE}.tmp 2>/dev/null + echo "${HUMAN_FMT} ${COMMAND}" >> ${TIME_FILE}.tmp + mv ${TIME_FILE}.tmp ${TIME_FILE} + fi + + # Return the command it's output + return ${RETVAL} +} + +f_check_root() { + # No Root, no fun + if [ `id -u` -ne 0 ]; then + print_err Root only + exit 1 + fi +} + Index: /branches/breakout-spoke/nanobsd/tools/package-build.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/package-build.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/package-build.sh (revision 10119) @@ -0,0 +1,179 @@ +#!/bin/sh +# Install all required packages +# XXX: Welcome to port hell, if /usr/ports has been updated, you actually want +# to delete all installed packages and start over again, hence why people used +# to run this stuff in jails, etc. + +. $(dirname $0)/package-build.inc.sh + +DEBUG=${DEBUG:-0} +DEP_CHECK_ONLY=${DEP_CHECK_ONLY:-0} + +# make options, for package building +LOGDIR=`mktemp -d "/tmp/$(basename $0 .sh)-$(date +%Y%m%d-%H:%M:%S).X"` +TARGET="`cd $(dirname $0);pwd -P`/../pkg/" + +# Package target +MAKE_ARGS="$MAKE_ARGS PACKAGES=$TARGET" +MAKE_ARGS="$MAKE_ARGS BATCH=yes PACKAGE_BUILDING=yes" + +# www/py-cherrypy +MAKE_ARGS="${MAKE_ARGS} WITH_APACHE=yes" +# net-mgmt/net-snmp +MAKE_ARGS="${MAKE_ARGS} WITHOUT_PERL=yes" +# net-mgmt/nagios-plugins +MAKE_ARGS="${MAKE_ARGS} WITH_FPING=yes" + +p_info Log directory ${LOGDIR} +p_info Make options are: +p_info $(p_list ${MAKE_ARGS}) + +p_info Checking whether there are currently unmet dependencies +RETVAL=0 +PKGS=`pkg_info | awk '{print $1}'` +for PKG in ${PKGS} ; do + PKG_DEP_FAIL="" + for PKGDEP in `pkg_info -qr ${PKG} | awk '{print $2}'`; do + pkg_info -e ${PKGDEP} + if [ $? -eq 1 ]; then + PKG_DEP_FAIL="${PKG_DEP_FAIL} ${PKGDEP}" + fi + done + if [ -n "${PKG_DEP_FAIL}" ]; then + p_err Unmet dependencies found at $PKG, please fix manually: + p_err $(p_list ${PKG_DEP_FAIL}) + RETVAL=1 + fi +done +if [ $RETVAL -eq 1 ]; then + exit 1 +fi +p_info Dependecy check ok + +if [ ${DEP_CHECK_ONLY} -eq 1 ]; then + exit 0 +fi +echo "" + + +if [ -d "${TARGET}/All" ]; then + p_warn "Deleted all (old) packages at ${TARGET}" + rm -R $TARGET/* +fi +p_info Created target dir ${TARGET}/All +mkdir -p ${TARGET}/All + +PORTSDIR='/usr/ports' +WL_PORTSDIR="`cd $(dirname $0);pwd -P`/../misc/ports/" + +# XXX: Make file dynamic +# Dirty quirk to allow comments in part below +PACKAGE_LIST=`cat <>$LOGFILE 1>> $LOGFILE + if [ $? -ne 0 ]; then + p_err building ${PACKAGE} FAILED, logging at $LOGFILE + exit 1 + fi + fi + ${MAKE} package-links + PKGNAME=`make extract-message | awk '{print $NF}'` + pkg_create -b $PKGNAME $TARGET/All/${PKGNAME}.tbz + + p_info Checking dependencies + for PKG in $PKGDEP_PKGS; do + echo "${BUILD_LIST}" | grep -q "$PKG" + if [ $? -eq 0 ]; then + # Already packaged + p_info ${PKG} Already packaged + else + echo $@ | grep -q "${PKG}" + if [ $? -eq 0 ]; then + p_info ${PKG} Already planned + else + set $@ ${PKG} + fi + fi + done + p_info Packaging $PACKAGE succesfull +done + +p_info $(echo ${BUILD_LIST} | wc -w) packages build succesfully + +if [ ${DEBUG} -eq 0 ]; then + rm -R ${LOGDIR} +else + p_info Debugging enabled ${LOGDIR} saved +fi + Index: /branches/breakout-spoke/nanobsd/tools/passwd-image.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/passwd-image.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/passwd-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Change password if image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} passwd + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/breakout-spoke/nanobsd/tools/prepare-nfs.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/prepare-nfs.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/prepare-nfs.sh (revision 10119) @@ -0,0 +1,114 @@ +#!/bin/sh +# Get nanobsd image ready to be booted from NFS +# NFS instructions at +# http://www.wirelessleiden.nl/projects/nodefactory/wiki/TestingViaNFS + +IMAGE_BASE="/usr/obj/nanobsd.wleiden" +IMAGE_SLICE="${IMAGE_BASE}/_.disk.image" +IMAGE_FULL="${IMAGE_BASE}/_.disk.full" +IMAGE_NFS="${IMAGE_SLICE}-nfs" +# Structure: $NFSBASE +# ./cfg = /cfg mounpoint +# ./base = / mountpoint +# ./nfs = /nfs mountpoint +NFSBASE='/usr/data' +MNT="${NFSBASE}/base" +CFG="${NFSBASE}/cfg" +NFS="${NFSBASE}/nfs" + +print_error() { + echo "[ERROR] $*" 1>&2 +} + +usage() { + ( + echo "Usage: $0 [-fn]" + echo " -f force umount, memory device whipes" + echo " -n do not delete/clean cfg partition" + echo " -u unload/eject procedure" + ) 1>&2 + exit 2 +} + +# No Root, no fun +if [ `id -u` -ne 0 ]; then + print_error "Root only" + exit 1 +fi + +# Argument parsing using getopts +OPT_FORCE=0 +OPT_CLEAN=1 +OPT_UNLOAD=0 +while getopts "hfnu" OPT; do + case "$OPT" in + f) OPT_FORCE=1;; + n) OPT_CLEAN=0;; + u) OPT_UNLOAD=1;; + h) usage;; + \?) usage;; + esac +done + + +# Eeks, we are going to be nasty, hold your horses +if [ $OPT_FORCE -eq 1 -o $OPT_UNLOAD -eq 1 ]; then + umount -f $MNT + for MD in `mdconfig -l -v | grep "${IMAGE_NFS}" | awk '{print $1}'`; do + mdconfig -d -u $MD + done +fi + +if [ $OPT_UNLOAD -eq 1 ]; then + echo "All done" + exit 1; +fi + +# If mount point is already used, bail out +if mount | grep -q "${MNT}"; then + print_error "'${MNT}' already mounted" + exit 1 +fi + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMAGE_NFS}"; then + MD=`mdconfig -l -v | grep "${IMAGE_NFS}" | cut -c -4` + print_error "'${IMAGE_NFS}' already mounted at '$MD'" + exit 1 +fi + + +# Prepare image for use with NFS +cp -v ${IMAGE_SLICE} ${IMAGE_NFS} + +MD=`mdconfig -a -t vnode -f ${IMAGE_NFS}` +mount /dev/${MD}a ${MNT} + +# Config files lives at NFS location +echo "mount -t nfs -o ro 192.168.4.1:${CFG}" > ${MNT}/conf/default/etc/remount + +# Create nfs mount location +mkdir ${MNT}/nfs + +# $MNT, $CFG, $NFS lives at nfs +( +echo "192.168.4.1:${MNT} / nfs ro 0 0" +echo "192.168.4.1:${CFG} /cfg nfs rw,noauto 0 0" +echo "192.168.4.1:${NFS} /nfs nfs rw 0 0" +) > /${MNT}/conf/base/etc/fstab + +if [ ${OPT_CLEAN} -eq 1 ]; then + echo "DELETING all files at ${CFG}, start fresh ;-)" + rm -vfR ${CFG}/* +else + echo "PRESERVING all files at ${CFG}" +fi + +echo "DELETING all files at ${NFS}, start fresh ;-)" +rm -vfR ${NFS}/* + +# Allow build images to be used directy via NFS +ln -f ${IMAGE_SLICE} ${NFS}/`basename ${IMAGE_SLICE}` +ln -f ${IMAGE_FULL} ${NFS}/`basename ${IMAGE_FULL}` + +# XXX: Proper unmounting after all has finished Index: /branches/breakout-spoke/nanobsd/tools/rsync-image.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/rsync-image.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/rsync-image.sh (revision 10119) @@ -0,0 +1,43 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=${1:-10.0.42.1} +BASEDIR=`dirname $0` +if [ -n "$2" ]; then + IMG=$2 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.image +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +# Prepare image as filesystem +MNT=`mktemp -d -t $(basename $0)` +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}a ${MNT} || exit 1 + +# On error clean up nicely +trap "cd /; umount ${MNT}; rmdir ${MNT}; mdconfig -d -u ${MD}" 0 1 2 3 15 + +#XXX: Might want to do in one fly +# Set to write mode +ssh $HOST mount -uwo noatime / || exit 1 +# Sync changes +rsync -av --exclude=/dev --exclude=/etc --exclude=/var ${MNT}/ ${HOST}:/ || exit 1 +# Set to read-only mode again +ssh $HOST mount -ur / || exit 1 + +exit 0 Index: /branches/breakout-spoke/nanobsd/tools/test-inc.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/test-inc.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/test-inc.sh (revision 10119) @@ -0,0 +1,5 @@ +#!/bin/sh +. $(dirname $0)/package-build.inc.sh + +f_time sleep 5 + Index: /branches/breakout-spoke/nanobsd/tools/upload-image.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/upload-image.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/upload-image.sh (revision 10119) @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Upload image to the 'distribution' server. First try WL network, +# else use inet as last resort. Need to have shell access to distribution server. +# +# XXX: Needs Type and such as well properly +# +# Rick van der Zwet + +SERVERS="sunfire.wleiden.net sunfire.wirelessleiden.nl" +TIMESTAMP=`date "+%Y%m%d-%H%M"` +BASEDIR=`dirname $0` +SSH_USER=${SSH_USER:-$USER} +TYPE="$1" +RELEASE="$2" + +. $BASEDIR/package-build.inc.sh + +if [ -z "$RELEASE" ]; then + echo "Usage: $0 " + exit 1 +fi + +# Make sure we find the right image +if [ "$TYPE" = "full" ]; then + find_disk_full "" +elif [ "$TYPE" = "image" ]; then + find_disk_image "" +else + echo "Usage: $0 " + exit 1 +fi + +check_reachable() { + ping -c 2 -t 1 -q $1 1>/dev/null 2>/dev/null + return $? +} + +# XXX: Hack this should actually be done during building phase +echo "# Compressing image '$IMG'" +gzip -v -k -f $IMG +IMG="$IMG.gz" + +echo "# Trying to upload to server, alarm messages are normal" +# Upload the image to the defined place +for SERVER in $SERVERS; do + if check_reachable $SERVER; then + TARGET="$SSH_USER@$SERVER:/usr/local/www/images/$RELEASE/node-$TYPE-$TIMESTAMP.img.gz" + echo "# Source: $IMG" + echo "# Target: $TARGET" + echo "# To cancel, please CTRL+C within 3 seconds" + sleep 3 + scp $IMG $TARGET + exit $? + fi +done + Index: /branches/breakout-spoke/nanobsd/tools/write-image.sh =================================================================== --- /branches/breakout-spoke/nanobsd/tools/write-image.sh (revision 10119) +++ /branches/breakout-spoke/nanobsd/tools/write-image.sh (revision 10119) @@ -0,0 +1,74 @@ +#!/bin/sh +# Wrapper allowing to write image to card writer + +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi +IMGSIZE=`ls -l ${IMG} | awk '{print $5 / 1024 / 1024}'` + +# Make sure we are root from this point on +f_check_root + +# Find which daX device holds a active flash drive +CARD_FOUND=0 +DA_LIST=`cd /dev/; echo da[0-9]` +for DA in ${DA_LIST}; do + diskinfo ${DA} 1>/dev/null 2>/dev/null + if [ $? -eq 0 ]; then + CARD_FOUND=1 + break + fi +done + +if [ ${CARD_FOUND} -eq 0 ]; then + p_err Sorry no flash card found at active devices, list searched: + p_err $(p_list ${DA_LIST}) + exit 1 +fi + +# Detect cardreader type/version +CARDREADER=`dmesg | grep ${DA}: | awk -F'[<>]' '/Removable Direct Access/ {print $2}' | tail -1` + +#XXX: Issue last chance warning, prompting the user to bail out +p_warn Going to write ${IMG} "(${IMGSIZE}MB)" to ${DA} "(${CARDREADER})" +p_warn 5 seconds to quit using CTRL+C +p_sleep 5 + +TMPFILE=`mktemp -t dd` +p_info Writing image... "(`date`)" +# Sending INFO to dd seems to confuse it sometimes so +# make it EXPERIMENTAL for now + +if [ -n "$ENHANCED_DD" ]; then + dd if=${IMG} of=/dev/${DA} bs=64k 2>${TMPFILE} & + DD_PID=$! + sleep 0.5 + while `ps ${DD_PID} >/dev/null`; do + kill -INFO ${DD_PID} + sleep 0.1 #Micro delay allow TMPFILE to populate + SIZE_DONE=`awk '/transferred/ {print $1}' ${TMPFILE}` + SIZE_DONE=`echo "${SIZE_DONE} / 1024 / 1024" | bc -l` + PERCENT_DONE=`echo "${SIZE_DONE} / ${IMGSIZE} * 100" | bc -l` + p_info `date "+%H:%m:%S"` `printf "%.02f MB (%.01f%%)" ${SIZE_DONE} ${PERCENT_DONE}` + p_sleep 10 + : > ${TMPFILE} + done +else + dd if=${IMG} of=/dev/${DA} bs=64k +fi +rm ${TMPFILE} +p_info Image writing succesfull at /dev/$DA "(`date`)" Index: /branches/ileiden/nanobsd/README.txt =================================================================== --- /branches/ileiden/nanobsd/README.txt (revision 10119) +++ /branches/ileiden/nanobsd/README.txt (revision 10119) @@ -0,0 +1,12 @@ +Please find the build procedure and other supporting documents at + +http://www.wirelessleiden.nl/projects/nodefactory/wiki/NanoBSD + += Directory layout = +README.txt = currently reading +cfg-files = extension for auto populate /cfg slice in image +cfg/kernel.* = kernel config files, different hosts +cfg/nanobsd.* = nanobsd config files +files = extension for auto populate / slice in image +pkg = Packages to be installed +tools = Helper scripts for use after image Index: /branches/ileiden/nanobsd/cfg-files/local/captive/wlportal.tmpl =================================================================== --- /branches/ileiden/nanobsd/cfg-files/local/captive/wlportal.tmpl (revision 10119) +++ /branches/ileiden/nanobsd/cfg-files/local/captive/wlportal.tmpl (revision 10119) @@ -0,0 +1,64 @@ + + + Welkom bij Wireless Leiden captive portal + + + +

%(status_msg)s

+

Welkom bij Wireless Leiden

+For English see bottom of this page +

Internettoegang

+

U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+ Gedetailleerde instructies kunt u vinden op onze website. +

+N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. + +

Eerlijk gebruikmaken van Wireless Leiden

+ Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+ De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+Geef hieronder aan of u accoord gaat met deze voorwaarden: +
+ + +
+ + +
+

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/ileiden/nanobsd/cfg/kernel.net4801 =================================================================== --- /branches/ileiden/nanobsd/cfg/kernel.net4801 (revision 10119) +++ /branches/ileiden/nanobsd/cfg/kernel.net4801 (revision 10119) @@ -0,0 +1,127 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I586_CPU +cpu I686_CPU +ident GEODE + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options ADAPTIVE_GIANT # Giant mutex is adaptive. +options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling + +# Bus support. +device pci + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +device wlan_scan_ap # 802.11 AP mode scanning. +device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE +device wlan_xauth #802.11 external authenticator support +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +options TMPFS +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + Index: /branches/ileiden/nanobsd/cfg/kernel.wleiden =================================================================== --- /branches/ileiden/nanobsd/cfg/kernel.wleiden (revision 10119) +++ /branches/ileiden/nanobsd/cfg/kernel.wleiden (revision 10119) @@ -0,0 +1,209 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident WLEIDEN + +# options CLK_USE_I8254_CALIBRATION + +options CPU_ELAN # (mandatory) The ElanSC520 cpu has a number of quirks that needs to + # be worked around, in particular the i8254 timer ticks + # at a non-standard rate of 1189161Hz. + +options CPU_SOEKRIS # (recommended) This option sets things up for the soekris board. + # Amongst other things, this makes /dev/led/error appear. + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE # net4801 requirement + +options HZ=250 # (recommended) It is necessary to increas HZ to at least 150 in order + # to take advantage of the "ELAN" timecounter. + +options AH_SUPPORT_AR5416 + +options NO_SWAPPING # We do not have a swap space, so swapping would be pretty useless + +options SW_WATCHDOG # Watchdog option to verify various tasks and reboot if needed + + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +# options ADAPTIVE_GIANT # Giant mutex is adaptive. +# options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling +options TMPFS + +# Bus support. +device pci +device eisa + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +# device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +#device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet +device dc # DEC/Intel21143 and clone 10/100 Ethernet + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +# device wlan_scan_ap # 802.11 AP mode scanning. +# device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +# device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +#device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device usb # USB Bus (required) +#device udbp # USB Double Bulk Pipe devices +#device ugen # Generic +#device uhid # “Human Interface Devices” +#device ukbd # Keyboard +#device ulpt # Printer +#device umass # Disks/Mass storage - Requires scbus and da +#device ums # Mouse +device ural # Ralink Technology RT2500USB wireless NICs +#device urio # Diamond Rio 500 MP3 player +#device uscanner # Scanners +# USB Ethernet, requires mii +#device aue # ADMtek USB Ethernet +#device axe # ASIX Electronics USB Ethernet +#device cdce # Generic USB over Ethernet +#device cue # CATC USB Ethernet +#device kue # Kawasaki LSI USB Ethernet +#device rue # RealTek RTL8150 USB Ethernet +#device udav # Davicom DM9601 USB Ethernet + +# +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + + +# Firewall fore the use of fancy stuff, like forwarding ports +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPFIREWALL_FORWARD +options IPFIREWALL_NAT +options LIBALIAS # Required for IPFIREWALL_NAT + +# Uncomment if you like to compile a debugging kernel +#options KDB +#options DDB +#options BREAK_TO_DEBUGGER +#options KDB_UNATTENDED +#makeoptions DEBUG=-g Index: /branches/ileiden/nanobsd/cfg/nanobsd.wleiden =================================================================== --- /branches/ileiden/nanobsd/cfg/nanobsd.wleiden (revision 10119) +++ /branches/ileiden/nanobsd/cfg/nanobsd.wleiden (revision 10119) @@ -0,0 +1,302 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# Little hack to allow proper secify of KERNL/PKG location +NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) + +NANO_NAME=wleiden.iris.ileiden # object naam in /usr/obj/nanobsd.{obj} +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) +#NANO_DRIVE=ad1 # NanoBSD disk id, default is ad0 + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +# 200MB should is suffient of every image we might as well use all available +# space, but that increases update times +#NANO_CODESIZE=409600 # volume van de code slice, default = max beschikbaar +NANO_CODESIZE=819200 +#NANO_RAM_ETCSIZE= # volume van de /etc ramdisk, default 10240 (512bs) +#NANO_RAM_TMPVARSIZE= # volume van de /var ramdisk, default 10240 (512bs) +NANO_RAM_TMPVARSIZE=20480 + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +elif [ "`sysctl hw.model`" = "AMD Sempron(tm) Processor 3000+" ]; then + # Parralel builds on this friend fails somehow + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# LET OP, optie nodig bij het gebruik van Alix bordjes ivm tinybios & LBA +# ondersteuning. Specifieke flash-geometrie instellingen vereist. +#NANO_BOOT0CFG="-o nopacket -s 1 -m 3" + +# +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +# 46MB +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry +# Calculated value of PEAK hardware 1GB CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +NANO_MEDIASIZE=`expr 1008451584 / 512` + +#using logical values reported by Alix board + +NANO_HEADS=32 +NANO_SECTS=63 + +#values for PCEngines blanc 1 GB cards +#NANO_MEDIASIZE='expr 1014644736 / 512' +#C/H/S phys 1966/16/63, logical 983/32/63 + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +#customize_cmd cust_install_lvrouted +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches Index: /branches/ileiden/nanobsd/files/FILE_LISTING.txt =================================================================== --- /branches/ileiden/nanobsd/files/FILE_LISTING.txt (revision 10119) +++ /branches/ileiden/nanobsd/files/FILE_LISTING.txt (revision 10119) @@ -0,0 +1,38 @@ +# File or directory and it's purpose in this build +./boot.config # Serial console output +./boot/loader.conf # Serial console output +./conf/default/etc/.work_around_till_fix_of_pr_134513 +./conf/default/var/.work_around_till_fix_of_pr_134513 +./etc/crontab # Extra calls for pen & ntp +./etc/namedb/named.conf # Custom named configuration +./etc/ntp.conf # Custom ntp configuration +./etc/rc.conf # Highly customized rc.conf +./etc/syslog.conf # Remote syslogging enabing +./etc/ttys-nanobsd.patch # Serial console output +./root/.ssh # Template directory for authorized_keys file +./tools/change_password # Allow persistent changing of root password +./tools/dhcpd_snmp.sh # XXX +./tools/save_sshkeys # Allow persistent saving of host ssh keys +./tools/syslogd_flags.sh # XXX +./tools/updatep1 # phk image on slice 1 update script +./tools/updatep2 # phk image on slice 2 update script +./tools/wl-config # WL node specific configuration fetch and update script +./tools/wl-version # Version debug tool, gather statistics for debugging +./usr/lib/aout/.keep_me # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir +./usr/local/bin/ssh-copy-id # XXX +./usr/local/bin/write_ntpdrift # XXX +./usr/local/etc/dhcpd-snmp.conf # dhcp-snmp cofiguration +./usr/local/etc/dhcpd.conf # Initial custom dhcpd.conf +./usr/local/etc/nrpe.cfg # XXX +./usr/local/etc/ntp.drift # XXX +./usr/local/etc/rc.d/lvrouted.sh # lvrouted startup script +./usr/local/etc/rc.d/nanobsd-motd # Allow updating motd with persistent save +./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation +./usr/local/etc/rc.d/pen # Pen startup script +./usr/local/etc/rc.d/sort-proxies # Pen optimizer script +./usr/local/etc/rc.d/wlweb # WLweb configuration webinterface startup script +./usr/local/sbin/dhcpd-snmp # dhcp-snmp 'binary' +./usr/local/sbin/lvrouted.opt # lvrouted 'binary' +./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB +./usr/local/share/snmp/snmpd.conf # Custom snmpd configuration +./usr/local/wlweb # WLweb configuration webinterface program Index: /branches/ileiden/nanobsd/files/boot.config =================================================================== --- /branches/ileiden/nanobsd/files/boot.config (revision 10119) +++ /branches/ileiden/nanobsd/files/boot.config (revision 10119) @@ -0,0 +1,1 @@ +-h Index: /branches/ileiden/nanobsd/files/boot/loader.conf =================================================================== --- /branches/ileiden/nanobsd/files/boot/loader.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/boot/loader.conf (revision 10119) @@ -0,0 +1,28 @@ +# No funky Beasty, but boring default, and gone in 1 second to make it go quick :-( +beastie_disable="YES" +autoboot_delay="1" + +# Some apache hyper speed module, we properly this don't need this, but still +# saves a startup warning +accf_http_load="YES" + +# Named started nagging, claiming (to many) files if unable to reach master for +# quite some time +kern.maxfiles="5000" + +# The unlucky NET4801 does not properly support DMA (we don't need it anyways) +# http://lists.soekris.com/pipermail/soekris-tech/2008-August/014788.html +hw.ata.ata_dma="0" + +# Prefers stability over preformance disable Write Caching (man 4 ata) +hw.ata.wc="0" + +# Force output to run trough the comconsole, no exceptions +console="comconsole" + +# moduleis for usb-lan adapters +if_mos_load="YES" +if_axe_load="YES" +if_aue_load="YES" + + Index: /branches/ileiden/nanobsd/files/etc/crontab =================================================================== --- /branches/ileiden/nanobsd/files/etc/crontab (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/crontab (revision 10119) @@ -0,0 +1,29 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +HOME=/var/log +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a +# +# Write updates for ntp.drift to flash +0 12 * * * root /usr/local/bin/write_ntpdrift Index: /branches/ileiden/nanobsd/files/etc/ipfw.sh =================================================================== --- /branches/ileiden/nanobsd/files/etc/ipfw.sh (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/ipfw.sh (revision 10119) @@ -0,0 +1,68 @@ +#!/bin/sh - + +# Based on /etc/rc.firewall + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback + +############ + +# By default no firewalling +${fwcmd} add 65000 pass all from any to any + +# Transproxy/WLportal/Captive portal +${fwcmd} add 10000 allow tcp from any to localhost 80 +${fwcmd} add 10001 allow tcp from any to me 80 + +############ +# Reserved: Whitelist rule numbers +# 10002 - 10009 +NR=10002 + for IP in $captive_portal_whitelist; do + ${fwcmd} add $NR allow tcp from $IP to not 172.16.0.0/12 dst-port 80 + NR=`expr $NR + 1` +done + +############ +# Reserved: WLPortal rule numbers +# 10010 - 10099 + +# Forward rules work without a base address, so needed a loop over all inet4 adresses +for INF in $captive_portal_interfaces; do + ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12 80 in via ${INF} +done Index: /branches/ileiden/nanobsd/files/etc/motd =================================================================== --- /branches/ileiden/nanobsd/files/etc/motd (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/motd (revision 10119) @@ -0,0 +1,3 @@ +Stiching Wireless Leiden Node + +WWW: http://www.wirelessleiden.nl Index: /branches/ileiden/nanobsd/files/etc/newsyslog.conf =================================================================== --- /branches/ileiden/nanobsd/files/etc/newsyslog.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/newsyslog.conf (revision 10119) @@ -0,0 +1,46 @@ +# configuration file for newsyslog +# $FreeBSD: src/etc/newsyslog.conf,v 1.52.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +# Entries which do not specify the '/pid_file' field will cause the +# syslogd process to be signalled when that log file is rotated. This +# action is only appropriate for log files which are written to by the +# syslogd process (ie, files listed in /etc/syslog.conf). If there +# is no process which needs to be signalled when a given log file is +# rotated, then the entry for that file should include the 'N' flag. +# +# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'. +# +# Note: some sites will want to select more restrictive protections than the +# defaults. In particular, it may be desirable to switch many of the 644 +# entries to 640 or 600. For example, some sites will consider the +# contents of maillog, messages, and lpd-errs to be confidential. In the +# future, these defaults may change to more conservative ones. +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 * JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 * JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC +/var/log/sendmail.st 640 10 * 168 B +/var/log/weekly.log 640 5 1 $W6D0 JN +/var/log/wtmp 644 3 * @01T05 B +/var/log/xferlog 600 7 100 * JC +/var/log/pen_wrapper.log 644 3 100 * J +/var/log/wlportal.log 664 3 100 * J /var/run/wlportal.pid +/var/log/wlweb-access.log 644 3 100 * J +/var/log/wlweb-error.log 644 3 100 * J +/var/log/snmpd.log 644 3 100 * J /var/run/snmpd.pid +/var/log/thttpd.log 644 3 100 * J /var/run/thttpd.pid + + Index: /branches/ileiden/nanobsd/files/etc/nsswitch.conf =================================================================== --- /branches/ileiden/nanobsd/files/etc/nsswitch.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/nsswitch.conf (revision 10119) @@ -0,0 +1,16 @@ +# +# nsswitch.conf(5) - name service switch configuration file +# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# no NIS +group: compat +# group_compat: nis +hosts: files dns +networks: files +passwd: compat +# passwd_compat: nis +shells: files +services: compat +# services_compat: nis +protocols: files +rpc: files + Index: /branches/ileiden/nanobsd/files/etc/ntp.conf =================================================================== --- /branches/ileiden/nanobsd/files/etc/ntp.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/ntp.conf (revision 10119) @@ -0,0 +1,41 @@ +#XXX: Might need to be dynamic + +server 172.17.8.68 # proxy1 +server 172.17.143.4 # proxy2 +server 172.20.128.98 # proxy3 +server 172.16.2.254 # proxy4 +server 172.19.168.66 # proxy5 +server 172.16.3.146 # proxy6 +server 172.17.16.66 # proxy62 +server 172.17.0.1 # proxy7 +server 172.16.4.54 # proxy9 +server 172.22.0.66 # proxy10 +server 172.23.25.66 # proxy11 +server 172.16.3.98 # proxy13 +server 172.17.169.66 # proxy97 + +# and if all failes - use our local crummy clock +server 127.127.1.0 #stratum 10 +# Optional - to provide the surroundings +# with a accurate time - unsollicted. +# +# broadcast + +# This file is generated by 'ntp-genkey -d r' +# on any of the 3 time lords; and pulled +# from Genesis. +# +# keys /etc/ntp.keys + +# Limit the number of clients concurrent +# RQs' to the levels a simple not can +# sustain. Asumming 5Mbit this translates +# to some 5000 machines. + +# Ensure that our stats and drift files +# go to writable disk (/etc mounted RO +# on the flash-rom machines). +# +driftfile /var/db/ntp.drift + + Index: /branches/ileiden/nanobsd/files/etc/rc.conf =================================================================== --- /branches/ileiden/nanobsd/files/etc/rc.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/rc.conf (revision 10119) @@ -0,0 +1,70 @@ +## Building options +dumpdev="NO" # No kernel dumps as we don't have a place to + # store them +gateway_enable="YES" # Act like a gateway please +ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) + +# Firewall needed for port redirection (captive portal, splash screen) +firewall_enable="YES" +firewall_script="/etc/ipfw.sh" + +# NTP server needs working config with WL network or internet on boot +# so some warnings might pop up, but no harm +ntpdate_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" + +# We need no running mail server +sendmail_enable="NONE" + +# Don't let syslog accept input from other remote hosts +syslogd_enable="YES" +syslogd_flags="-s -A -c -b 127.0.0.1" + +# Remote login without DNS checking as it might not also be functionable +# -u0 prevent sshd from making DNS requests unless the authentication mechanism +# or configuration requires it. +sshd_enable="YES" +sshd_flags="-u0" + +# Don't update the motd as it not writeable, the update_nanobsd_motd is a +# simple wrapper found at /usr/local/etc/rc.d supporting this featureg +update_motd="NO" +update_nanobsd_motd="YES" + +## Port extentions +# Serve our clients some pretty cool IP address to at least get connected +# Also some low-memory footprint dns resolver +dnsmasq_enable="YES" + +# Monitoring deamons +nrpe2_enable="YES" +snmpd_enable="YES" +snmpd_flags="-a -LF w /var/log/snmpd.log" + +# Some nodes will serve as HTTP(S) proxy server +tinyproxy_enable="NO" + +## WL ports extentions +thttpd_enable="YES" +http302_enable="YES" + +lvrouted_enable="YES" +lvrouted_flags="-u -s s00p3rs3kr3t -m 28 -z 172.16.2.254,172.17.0.1,172.23.25.66,172.17.169.66" + +# Make sure generated ssh keys are saved +nanobsd_save_sshkeys_enable="YES" + +# Do some cool stuff with pen, like checking on best connections and reload, so +# need a wrapper instead of the conventional startup script +pen_wrapper_enable="YES" + +## Initial (network) configuration +# +hostname="ChangeMe.example.org" +# XXX: Maybe something cool (zero config) as initial configuration + +## Iperf server mode +# +iperf_enable="YES" Index: /branches/ileiden/nanobsd/files/etc/ssh/ssh_config =================================================================== --- /branches/ileiden/nanobsd/files/etc/ssh/ssh_config (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/ssh/ssh_config (revision 10119) @@ -0,0 +1,2 @@ +Host * + ForwardAgent yes Index: /branches/ileiden/nanobsd/files/etc/ssh/sshd_config =================================================================== --- /branches/ileiden/nanobsd/files/etc/ssh/sshd_config (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/ssh/sshd_config (revision 10119) @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +# Note that some of FreeBSD's defaults differ from OpenBSD's, and +# FreeBSD has a few additional options. + +#VersionAddendum FreeBSD-20090522 + +#Port 22 +#Protocol 2 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to yes to enable built-in password authentication. +#PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable PAM authentication +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'no' to disable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server Index: /branches/ileiden/nanobsd/files/etc/sysctl.conf =================================================================== --- /branches/ileiden/nanobsd/files/etc/sysctl.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/sysctl.conf (revision 10119) @@ -0,0 +1,4 @@ +#XXX: Might needs to be dynamic as value depends on link length +dev.ath.0.acktimeout=35 +dev.ath.1.acktimeout=35 +dev.ath.2.acktimeout=35 Index: /branches/ileiden/nanobsd/files/etc/syslog.conf =================================================================== --- /branches/ileiden/nanobsd/files/etc/syslog.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/syslog.conf (revision 10119) @@ -0,0 +1,32 @@ +# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +*.* @loghost.wleiden.net +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!startslip +*.* /var/log/slip.log +!ppp +*.* /var/log/ppp.log Index: /branches/ileiden/nanobsd/files/etc/ttys-nanobsd.patch =================================================================== --- /branches/ileiden/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) +++ /branches/ileiden/nanobsd/files/etc/ttys-nanobsd.patch (revision 10119) @@ -0,0 +1,31 @@ +--- etc/ttys 2010-01-12 11:47:58.000000000 +0100 ++++ ttys 2010-01-12 11:48:26.000000000 +0100 +@@ -30,19 +30,19 @@ + # when going to single-user mode. + console none unknown off secure + # +-ttyv0 "/usr/libexec/getty Pc" cons25 on secure ++ttyv0 "/usr/libexec/getty Pc" cons25 off secure + # Virtual terminals +-ttyv1 "/usr/libexec/getty Pc" cons25 on secure +-ttyv2 "/usr/libexec/getty Pc" cons25 on secure +-ttyv3 "/usr/libexec/getty Pc" cons25 on secure +-ttyv4 "/usr/libexec/getty Pc" cons25 on secure +-ttyv5 "/usr/libexec/getty Pc" cons25 on secure +-ttyv6 "/usr/libexec/getty Pc" cons25 on secure +-ttyv7 "/usr/libexec/getty Pc" cons25 on secure ++ttyv1 "/usr/libexec/getty Pc" cons25 off secure ++ttyv2 "/usr/libexec/getty Pc" cons25 off secure ++ttyv3 "/usr/libexec/getty Pc" cons25 off secure ++ttyv4 "/usr/libexec/getty Pc" cons25 off secure ++ttyv5 "/usr/libexec/getty Pc" cons25 off secure ++ttyv6 "/usr/libexec/getty Pc" cons25 off secure ++ttyv7 "/usr/libexec/getty Pc" cons25 off secure + ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure + # Serial terminals + # The 'dialup' keyword identifies dialin lines to login, fingerd etc. +-ttyu0 "/usr/libexec/getty std.9600" dialup off secure ++ttyu0 "/usr/libexec/getty std.9600" ansi on secure + ttyu1 "/usr/libexec/getty std.9600" dialup off secure + ttyu2 "/usr/libexec/getty std.9600" dialup off secure + ttyu3 "/usr/libexec/getty std.9600" dialup off secure Index: /branches/ileiden/nanobsd/files/root/.ssh =================================================================== --- /branches/ileiden/nanobsd/files/root/.ssh (revision 10119) +++ /branches/ileiden/nanobsd/files/root/.ssh (revision 10119) @@ -0,0 +1,1 @@ +link /etc/dot_ssh Index: /branches/ileiden/nanobsd/files/root/.vimrc =================================================================== --- /branches/ileiden/nanobsd/files/root/.vimrc (revision 10119) +++ /branches/ileiden/nanobsd/files/root/.vimrc (revision 10119) @@ -0,0 +1,4 @@ +syntax on +set tabstop=4 +set shiftwidth=4 +set viminfo='50,n/tmp/viminfo Index: /branches/ileiden/nanobsd/files/tools/change_password =================================================================== --- /branches/ileiden/nanobsd/files/tools/change_password (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/change_password (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/change_password,v 1.3.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +passwd root + +cfgslice=`grep '/cfg' /etc/fstab | cut -d \ -f 1` + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +cp /etc/master.passwd /etc/passwd /etc/pwd.db /etc/spwd.db /etc/group /cfg +umount /cfg +trap 1 2 15 EXIT Index: /branches/ileiden/nanobsd/files/tools/dhcpd_snmp.sh =================================================================== --- /branches/ileiden/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) @@ -0,0 +1,15 @@ +#!/bin/sh +# Write dhcpd ranges to dhcpd-snmp.conf + +DHCPD="/usr/local/etc/dhcpd.conf" +DHSNMP="/usr/local/etc/dhcpd-snmp.conf" +INDEX="0" + +DHPOOL=`cat ${DHCPD} | grep range | awk '{print $2"-"$3}' | cut -d";" -f1` +for range in ${DHPOOL} +do + $((INDEX=INDEX+1)) + echo "`echo "pool:" $INDEX", pool"$INDEX", "$range | \ + sed 's/^.*(//'`" >> $DHSNMP +done + Index: /branches/ileiden/nanobsd/files/tools/find-nanostation =================================================================== --- /branches/ileiden/nanobsd/files/tools/find-nanostation (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/find-nanostation (revision 10119) @@ -0,0 +1,16 @@ +#!/bin/sh +# Discover nanostation using CDPv1 packets +# Credits: http://sidewynder.blogspot.com/2005/07/tcpdump-filter-for-capturing-only.html + +if [ "x$1" = "x" ]; then + echo "Usage: $0 [count]" 1>&2 + echo "Find (lost) Nanostation IP using 'count' CDPv1 packet(s)" + echo "Normally CDPv1 packets get send every minute" 1>&2 + echo "Interface hints: `ifconfig -l`" 1>&2 + exit 1 +fi +IFACE=$1 +COUNT=${2-1} + + +tcpdump -nn -v -i $IFACE -s 1500 -c $COUNT 'ether[20:2] == 0x2000' Index: /branches/ileiden/nanobsd/files/tools/save_sshkeys =================================================================== --- /branches/ileiden/nanobsd/files/tools/save_sshkeys (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/save_sshkeys (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/save_sshkeys,v 1.4.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +mkdir -p /cfg/ssh +( +cd /etc/ssh +cp ssh_host_* /cfg/ssh +) +umount /cfg +trap 1 2 15 EXIT Index: /branches/ileiden/nanobsd/files/tools/syslogd_flag.sh =================================================================== --- /branches/ileiden/nanobsd/files/tools/syslogd_flag.sh (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/syslogd_flag.sh (revision 10119) @@ -0,0 +1,7 @@ +#!/bin/sh +# Set hostname for syslogd -b flag + +HOST=`cat /etc/rc.conf.local | grep hostname | cut -d'"' -f2` +sed -i "" -e /syslogd_flags=/s/localhost/${HOST}/ /etc/rc.conf + + Index: /branches/ileiden/nanobsd/files/tools/update-wrapper =================================================================== --- /branches/ileiden/nanobsd/files/tools/update-wrapper (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/update-wrapper (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Update the non-active partition, input will stdin if no argument given else a +# listing netcat sesion will be opened at the given port +# Can be used in the following setups: +# 1) Systems with CPU limits (e.g. no encryption and/or compression): +# ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper 3333 & +# cat nanobsd.image | nc node.example.org 3333 +# 2) Standard setup: +# cat nanobsd.image | ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper +# +# Licence: BSD http://wirelessleiden.nl/LICENSE +# +# Rick van der Zwet + +. /etc/nanobsd.conf + +ROOT=`cd $(dirname $0); pwd -P` + +# Find out which partion to use +mount | grep -q ${NANO_DRIVE}s1 && UPDATE=$ROOT/updatep2 || UPDATE=$ROOT/updatep1 + +if [ -z $1 ]; then + $UPDATE +else + nc -l $1 | $UPDATE +fi Index: /branches/ileiden/nanobsd/files/tools/updatep1 =================================================================== --- /branches/ileiden/nanobsd/files/tools/updatep1 (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/updatep1 (revision 10119) @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep1,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 1 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep1 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s1 > /dev/null ; then + echo "You are running partition 1 already" + echo "you probably want to use 'updatep2' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s1 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s1 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s1a + +gpart set -a active -i 1 ${NANO_DRIVE} + Index: /branches/ileiden/nanobsd/files/tools/updatep2 =================================================================== --- /branches/ileiden/nanobsd/files/tools/updatep2 (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/updatep2 (revision 10119) @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep2,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 2 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep2 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s2 > /dev/null ; then + echo "You are running partition 2 already" + echo "you probably want to use 'updatep1' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s2 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s2 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s2a + +# Update the /etc/fstab +trap "umount /mnt" 1 2 15 EXIT +mount /dev/${NANO_DRIVE}s2a /mnt +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/conf/base/etc/fstab +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/etc/fstab +umount /mnt +trap 1 2 15 EXIT + +gpart set -a active -i 2 ${NANO_DRIVE} + Index: /branches/ileiden/nanobsd/files/tools/wl-config =================================================================== --- /branches/ileiden/nanobsd/files/tools/wl-config (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/wl-config (revision 10119) @@ -0,0 +1,266 @@ +#!/bin/sh +# Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd) +# Based on the 'API' of Jasper +# Rick van der Zwet +# XXX: TODO, some proper error checking for fetch + +BASEURL="http://132.229.112.21/config/iris/node/FreeBSD/8.0-RELEASE/g_list.pl" + +# Slow connection = no connection +HTTP_TIMEOUT=3 + +# Connectivity check +fetch -o /dev/null -q $BASEURL > /dev/null +if [ $? -ne 0 ]; then + echo "# [INFO] Connecting failed, setting generic proxy and trying again" + export HTTP_PROXY=proxy.wleiden.net:3128 + fetch -o /dev/null -q $BASEURL > /dev/null + if [ $? -ne 0 ]; then + echo "# [WARN] Connect failed, setting IP proxy and trying again" + export HTTP_PROXY=172.16.3.98:3128 + fetch -o /dev/null -q $BASEURL > /dev/null + if [ $? -ne 0 ]; then + echo "# [CRIT] Connect failed, please fix and set proxy manually" + exit 1 + fi + fi +fi + +# Default config to fetch +CONFIG=`hostname -s` + +# Determine it's statup and running location and some other hints +# Skip named.conf as it not planned in current release +FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf wleiden.conf" +file_details() { + case "$1" in + 'authorized_keys') + STARTUP_LOC="/cfg/dot_ssh/${FILE}" + RUNNING_LOC="/etc/dot_ssh/${FILE}" + FILE_HINT="" + ;; + 'dnsmasq.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart" + ;; + 'named.conf') + STARTUP_LOC="/cfg/namedb/${FILE}" + RUNNING_LOC="/etc/namedb/${FILE}" + FILE_HINT="/etc/rc.d/named restart" + ;; + 'rc.conf.local') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="/etc/rc.d/netif restart" + ;; + 'resolv.conf') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="" + ;; + 'wleiden.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="" + ;; + esac +} + +usage() { + ( + echo "Usage: $0 [-bn] [-c ] [-m ]" + echo " -b batch mode, no user input" + echo " -c default configuration to fetch" + echo " -n do not mount config partition" + echo " -m all copy config files to running & config partition [default]" + echo " -m startup copy config files to config partition" + echo " -m testing do not copy config files" + echo " -m running copy config files to running partition" + echo " -m hack copy running files to config partition" + ) 1>&2 + exit 2 +} + +# Argument parsing using getopts +USE_API=1 # Whether or not to use the webinterface +OPT_MOUNT=1 +OPT_RUNNING=1 +OPT_STARTUP=1 +OPT_HACK=0 # Hack for people without configuration managment and testing +OPT_BATCH=0 + +parse_options() { + while getopts "bc:nm:" OPT; do + case "$OPT" in + b) OPT_BATCH=1;; + c) CONFIG="${OPTARG}";; + n) OPT_MOUNT=0;; + m) case "$OPTARG" in + all) true;; + live) OPT_STARTUP=0;; + startup) OPT_RUNNING=0;; + testing) OPT_RUNNING=0; OPT_STARTUP=0; OPT_MOUNT=0;; + hack) OPT_RUNNING=0; OPT_STARTUP=0; OPT_HACK=1; USE_API=0;; + *) usage;; + esac;; + h) usage;; + \?) usage;; + esac + done + # Allow to override automatic mounting, in case of external mount 'managment' + if [ "$1" = "-n" ]; then + OPT_MOUNT=0 + fi + + if [ "${OPT_RUNNING}" -eq 1 ]; then + echo "INFO: Storing new config files in running configuration" + fi + + if [ "${OPT_STARTUP}" -eq 1 ]; then + echo "INFO: Storing new config files in startup configuration" + fi + + if [ "${OPT_HACK}" -eq 1 ]; then + echo "WARN: Copy running configuration to startup configuration" + echo "WARN: Please do mind to document/mention this changes somewhere" + fi + + # New line before the real work gets started + echo "" +} + + + + +# test validity of input +config_validator() { + INPUT="$1" + `grep -q "^${INPUT}\$" ${TMPDIR}/node_list.txt` + if [ $? -eq 0 ]; then + return 0 + else + echo "WARNING: Input '${INPUT}' is not valid, some hints..." + grep -i "${INPUT}" ${TMPDIR}/node_list.txt + return 1 + fi +} + + + +select_node() { + # List of all available nodes + fetch -q -o ${TMPDIR}/node_list.txt ${BASEURL} || exit 1 + + # Provide Nodelist and feedback + cat ${TMPDIR}/node_list.txt | column + echo ' THIS script adds the config from GENESIS to this operating system' + echo ' make sure you know what you are doing, if not press control-C' + echo ' ENTER CONFIG NAME ......(and press enter)' + + if [ ${OPT_BATCH} -eq 1 ]; then + config_validator "${CONFIG}" + if [ $? -eq 1 ]; then + echo "ERROR: Please provide valid config" 1>&2 + exit 1 + fi + else + # Have the user to select the right node + INVALID_CONFIG=1 + while [ ${INVALID_CONFIG} -eq 1 ]; do + # Ask for node name, play around with prev option + echo -n "Name [${CONFIG}]: " + read INPUT + if [ -z "${INPUT}" ]; then + INPUT=${CONFIG} + else + CONFIG=${INPUT} + fi + + config_validator "${INPUT}" + if [ $? -eq 0 ]; then + INVALID_CONFIG=0 + fi + done + fi +} + + + + +# Copy file, saving some bits if no change needed +copy_file() { + SOURCE=$1 + TARGET=$2 + diff -q ${SOURCE} ${TARGET} >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + mkdir -p `dirname ${TARGET}` || exit 1 + cp ${SOURCE} ${TARGET} || exit 1 + return $? + fi + return 1 +} + +# Main function +main() { + TMPDIR=`mktemp -d -t $(basename $0)` + # Clear out tempdir when done + if [ ${OPT_MOUNT} -eq 1 ]; then + trap "rm -Rf ${TMPDIR}; umount /cfg; mount -ro noatime /; exit" 0 1 2 3 15 + else + trap "rm -Rf ${TMPDIR}; exit" 0 1 2 3 15 + + fi + + # Mount if requested + if [ ${OPT_MOUNT} -eq 1 ]; then + mount -uwo noatime / + mount /cfg + fi + + # Select node from web-interface + if [ ${USE_API} -eq 1 ]; then + select_node + fi + + # Worker, place all files in required directory + for FILE in ${FILES}; do + if [ ${USE_API} -eq 1 ]; then + # Fetch needed file + FRESH_LOC=${TMPDIR}/${FILE} + fetch -q -o ${FRESH_LOC} ${BASEURL}/${CONFIG}/${FILE} || exit 1 + fi + + # Needed file details, like locations and hints + file_details ${FILE} + + echo "INFO: Working on file: '${FILE}'" + # Copy file boot location + if [ ${OPT_STARTUP} -eq 1 ]; then + copy_file ${FRESH_LOC} ${STARTUP_LOC} + fi + + # Copy file running location + if [ ${OPT_RUNNING} -eq 1 ]; then + copy_file ${FRESH_LOC} ${RUNNING_LOC} + if [ $? -eq 0 ]; then + echo "INFO: '${FILE}' changed" + if [ -n "${FILE_HINT}" ]; then + echo "INFO: For instant activate: ${FILE_HINT}" + echo "" + fi + fi + fi + + # Direct copy + if [ ${OPT_HACK} -eq 1 ]; then + # No checking, just dumb try to copy mode + cp -v ${RUNNING_LOC} ${STARTUP_LOC} + fi + done + + exit 0 +} + +parse_options $* +main Index: /branches/ileiden/nanobsd/files/tools/wl-version =================================================================== --- /branches/ileiden/nanobsd/files/tools/wl-version (revision 10119) +++ /branches/ileiden/nanobsd/files/tools/wl-version (revision 10119) @@ -0,0 +1,35 @@ +#!/bin/sh +# Get bare minimal information of node, for the use of easy debugging +# Rick van der Zwet + +# Trac specific code +echo "----" +echo "{{{" + +# Introduction +echo "Generated by $USER@`hostname`" +echo "Date: `date`" + +# Kernel information +uname -a | fold + +# Mount information, for the use of checking which slize is usd +mount + +# static iinformation, on image, like build, time, who, +VERSION='/tools/wl-release.txt' +cat $VERSION + +if [ -r /VERSION ]; then + cat /VERSION + seperator +fi + +# Current ip configuration +ifconfig -a + +# XXX: Configuration specifics + +# Trac specific code +echo "}}}" +echo "----" Index: /branches/ileiden/nanobsd/files/usr/local/bin/dhcp-users =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/bin/dhcp-users (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/bin/dhcp-users (revision 10119) @@ -0,0 +1,4 @@ +#!/bin/sh + +awk '{ print $1 " " $2 " " $3 }' 2> /dev/null < /var/db/dnsmasq.leases + Index: /branches/ileiden/nanobsd/files/usr/local/bin/http302 =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/bin/http302 (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/bin/http302 (revision 10119) @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Only purpose is to send somebody to the Captive Portal +# +URL=${URL:-http://172.31.255.1/wlportal} + +# Send information to client +echo -e "HTTP/1.1 302 OK\r" +echo -e "Location: $URL\r" +echo -e "\r" + Index: /branches/ileiden/nanobsd/files/usr/local/bin/mvim =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/bin/mvim (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/bin/mvim (revision 10119) @@ -0,0 +1,10 @@ +#!/bin/sh +# +# Wrapper to support file hacking on read-only file systems more easily +# +# Rick van der Zwet + + +mount -uwo noatime || exit +vim $* +mount -uro noatime / Index: /branches/ileiden/nanobsd/files/usr/local/bin/pen_wrapper =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) @@ -0,0 +1,121 @@ +#!/bin/sh +# Pen proxy wrapper, periodic check for best connections +# Stichting Wireless Leiden +# Rick van der Zwet + +BIND_ADDR=${1-172.31.255.1} +BIND_PORT=${2-3128} +DEBUG=0 + +#XXX: Really static list, some dynamic alternative prefered +PROXY_LIST="${3-172.17.8.68:3128 \ + 172.17.143.4:3128 \ + 172.20.128.98:3128 \ + 172.16.2.254:3128 \ + 172.19.168.66:3128 \ + 172.16.3.146:3128 \ + 172.17.16.66:3128 \ + 172.17.0.1:3128 \ + 172.16.4.54:3128 \ + 172.22.0.66:3128 \ + 172.23.25.66:3128 \ + 172.17.169.66:3128}" + + +TEST_URL="http://www.ams-ix.net/" +TEST_INTERVAL=`expr 30 \* 60` # Back-off period in seconds, re-testing period + + +# Don't touch, unless you know what you are doing +PIDFILE='/var/run/pen.pid' +PEN='/usr/local/bin/pen' +PEN_FLAGS="-b 30 -r -p ${PIDFILE} -o prio ${BIND_ADDR}:${BIND_PORT}" + +LOGFILE='/var/log/pen_wrapper.log' + +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + if [ ${DEBUG} -eq 0 ]; then + echo "${_msg}" >> ${LOGFILE} + else + echo "${_msg}" + fi +} + +d_log() { + if [ ${DEBUG} -ne 0 ]; then + log $* + fi +} + +test_proxy() +{ + # Set proxy + PROXY=$1 + PORT=$2 + URL=$3 + export HTTP_PROXY="${PROXY}:${PORT}" + + # Attempted fetch + retstr=`fetch -T 3 -o /dev/null ${URL} 2>&1` + retval=$? + + # Store to list if successfull + if [ "${retval}" -eq 0 ]; then + BPS=`echo "${retstr}" | awk '/Bps/ {printf $4}'` + echo "${BPS} ${PROXY}" >> ${TMPFILE} + fi + return $retval +} + +sort_proxies() +{ + # Result holder + TMPFILE=`mktemp -t pen_wrapper` + + for _host in ${PROXY_LIST}; do + PROXY=`echo $_host | cut -d ":" -f1` + PORT=`echo $_host | cut -d ":" -f2` + _msg="Fetching '${TEST_URL}' via '${PROXY}:${PORT}' ..." + test_proxy ${PROXY} ${PORT} ${TEST_URL} && d_log ${_msg} "OK" || d_log ${_msg} "FAILED" + done + + _proxylist=`sort -nr ${TMPFILE} | awk '{print $2}' | tr '\n' ' '` + _cfg="0:0:1:1" + if [ -n "${_proxylist}" ]; then + _prio="0" + _proxy_arg="" + for _proxy in ${_proxylist}; do + _prio=`expr ${_prio} + 1` + _proxy_arg="${_proxy_arg} ${_proxy}:${PORT}:${_cfg}:${_prio}" + done + fi + # Clear out junk + rm -f ${TMPFILE} + NEW_PROXY_LIST="${_proxy_arg}" +} + + +## +# Main loop +LIVE_PROXY_LIST='' +while true; do + sort_proxies + if [ "${LIVE_PROXY_LIST}" != "${NEW_PROXY_LIST}" ]; then + log "INFO: New listing to be configured '${NEW_PROXY_LIST}'" + d_log "Live: ${LIVE_PROXY_LIST}" + d_log "New : ${NEW_PROXY_LIST}" + # Pen should only be started if alias exists + ifconfig | grep -q ${BIND_ADDR} + if [ $? -eq 0 ]; then + if [ -r ${PIDFILE} ]; then + kill `cat ${PIDFILE}` + fi + ${PEN} ${PEN_FLAGS} ${NEW_PROXY_LIST} + LIVE_PROXY_LIST="${NEW_PROXY_LIST}" + fi + fi + sleep ${TEST_INTERVAL} +done Index: /branches/ileiden/nanobsd/files/usr/local/bin/portal-users =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/bin/portal-users (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/bin/portal-users (revision 10119) @@ -0,0 +1,4 @@ +#!/bin/sh + +awk '{ print $1 " " $2 " " $3 }' 2> /dev/null < /var/db/clients + Index: /branches/ileiden/nanobsd/files/usr/local/bin/ssh-copy-id =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) @@ -0,0 +1,50 @@ +#!/bin/sh + +# Shell script to install your public key on a remote machine +# Takes the remote machine name as an argument. +# Obviously, the remote machine must accept password authentication, +# or one of the other keys in your ssh-agent, for this to work. + +ID_FILE="${HOME}/.ssh/id_rsa.pub" + +if [ "-i" = "$1" ]; then + shift + # check if we have 2 parameters left, if so the first is the new ID file + if [ -n "$2" ]; then + if expr "$1" : ".*\.pub" >/dev/null; then + ID_FILE="$1" + else + ID_FILE="$1.pub" + fi + shift # and this should leave $1 as the target name + fi +else + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then + GET_ID="$GET_ID ssh-add -L" + fi +fi + +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then + GET_ID="cat ${ID_FILE}" +fi + +if [ -z "`eval $GET_ID`" ]; then + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 + exit 1 +fi + +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 + +cat <&2 + exit $EX_NOINPUT +fi + +# Compare files, ignore white spaces, modification, etc +diff -b -B -q ${SRC} ${DST}; RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # 2: DST does not yet, exists, 1: file differs + mount -uwo noatime /cfg + mkdir -p /cfg/local + cp ${SRC} ${DST} +fi + +exit $EX_OK Index: /branches/ileiden/nanobsd/files/usr/local/etc/dhcpd-snmp.conf =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) @@ -0,0 +1,1 @@ +leases: /var/db/dhcpd.leases Index: /branches/ileiden/nanobsd/files/usr/local/etc/dhcpd.conf =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) @@ -0,0 +1,7 @@ +ddns-update-style none; + +subnet 192.168.2.0 netmask 255.255.255.0 { + option domain-name-servers 192.168.2.1 ; + option routers 192.168.2.1 ; + range 192.168.2.50 192.168.2.99 ; +} Index: /branches/ileiden/nanobsd/files/usr/local/etc/nrpe.cfg =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) @@ -0,0 +1,14 @@ +server_port=5666 +allowed_hosts=172.16.4.46 +nrpe_user=nagios +nrpe_group=nagios +command_timeout=60 + +command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 +command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 +command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 15% -c 10% -p / +command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var +command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70 +command[check_inet]=/usr/local/libexec/nagios/check_inet +command[check_inet2]=/usr/local/libexec/nagios/check_inet2 +command[check_lv]=/usr/local/libexec/nagios/check_lv Index: /branches/ileiden/nanobsd/files/usr/local/etc/ntp.drift =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) @@ -0,0 +1,1 @@ +0.000 Index: /branches/ileiden/nanobsd/files/usr/local/etc/proxies.conf =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) @@ -0,0 +1,12 @@ +172.17.8.68:3128 +172.17.143.4:3128 +172.20.128.98:3128 +172.16.2.254:3128 +172.19.168.66:3128 +172.16.3.146:3128 +172.17.16.66:3128 +172.17.0.1:3128 +172.16.4.54:3128 +172.22.0.66:3128 +172.23.25.66:3128 +172.17.169.66:3128 Index: /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/http302 =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# PROVIDE: http301 +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# http302_enable="YES" +# +. /etc/rc.subr + +name=http302 +rcvar=`set_rcvar` + +command=/usr/local/bin/tcpserver +command_args="-R -H -l 0 172.31.255.1 8081 /usr/local/bin/http302 &" + +load_rc_config ${name} + +http301_enable=${http301_enable-"NO"} + +#### +# tcpserver does not generate a pid file + +run_rc_command "$1" + Index: /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/iperf =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: iperf +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# iperf_enable="YES" +# +. /etc/rc.subr + +name=iperf +rcvar=`set_rcvar` + +command=/usr/local/bin/iperf +command_args="-s -D" + +load_rc_config ${name} + +iperf_enable=${iperf_enable-"NO"} + +#### +# iperf does not generate a pid file +# iperf_pidfile=${iperf_pidfile-"/var/run/.pid"} +# pidfile="${iperf_pidfile}" + +run_rc_command "$1" + Index: /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/lvrouted =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/lvrouted (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/lvrouted (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# +# PROVIDE: lvrouted +# REQUIRE: netif routing +# KEYWORD: nojail + +lvrouted_enable=${lvrouted_enable:-"NO"} +lvrouted_flags=${lvrouted_flags:-} + +. /etc/rc.subr + +name="lvrouted" +rcvar=`set_rcvar` +load_rc_config $name + +command="/usr/local/sbin/${name}" +pid_file="/var/run/${name}.pid" + +# Import proxies +wleiden_conf="/usr/local/etc/wleiden.conf" +if [ -r $wleiden_conf ]; then + . ${wleiden_conf} +fi + +# If there are proxies specified, them add them with the z flag +if [ -n "$PROXIES" ]; then + PROXIES=`echo ${PROXIES} | sed 's/\ /\,/g'` + lvrouted_flags="$lvrouted_flags -z $PROXIES" +fi + +start_precmd="lvrouted_flush_routes" + +# XXX: Needs to be a flag to disable +# XXX: lvrouted should mark their added routed protocol specific (see: man 8 route) +# lvrouted requires no route to exists before start as it is not able to alter +# old routes, so make it flush all dynamic generated routes +lvrouted_flush_routes() { + + # XXX: Does the looping bug still exists? + # Keep looping till we whiped _all_ dynamic generated routes + while true; do + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) { exit 1} }' + if [ $? -eq 0 ]; then + break + fi + echo "WARNING: Flushing all existing DYNAMIC routes" 1>&2 + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) {print $1} }' | xargs -n 1 route delete + done +} + +run_rc_command "$1" + Index: /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/motd,v 1.9.10.1.4.1 2009/04/15 03:14:26 kensmith Exp $ +# + +# PROVIDE: nanobsd-motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="nanobsd_motd" +rcvar="update_nanobsd_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + echo -n 'Updating motd' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' ... /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + # XXX: Hack quick and dirty combine of /etc/rc.d/motd and /tools/savesshkeys + trap "umount /cfg" 1 2 15 EXIT + mount /cfg + cp $T /cfg/motd + chmod ${PERMS} /etc/motd + umount /cfg + trap 1 2 15 EXIT + + trap "mount -uro noatime /" 1 2 15 EXIT + mount -uwo noatime / + cp $T /etc/motd + chmod ${PERMS} /etc/motd + mount -uro noatime / + trap 1 2 15 EXIT + } + rm -f $T + + echo . +} + +load_rc_config $name +run_rc_command "$1" Index: /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen +# REQUIRE: NETWORKING SERVERS sshd +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable nanobsd-save-sshkeys: +# +# nanobsd_save_sshkeys_enable="YES" +# + +. /etc/rc.subr + +name=nanobsd_save_sshkeys +rcvar=`set_rcvar` + +nanobsd_save_sshkeys_enable=${nanobsd_save_sshkeys_enable:-"NO"} + +start_cmd="save_sshkeys" +stop_cmd="save_sshkeys" + +save_sshkeys() { + MOUNTED_RW=0 + trap "umount /cfg" 1 2 15 EXIT + mount -ro noatime /cfg + for FILE in /etc/ssh/ssh_host_*; do + cmp -s $FILE /cfg/ssh/`basename ${FILE}` + if [ $? -ne 0 ]; then + if [ ${MOUNTED_RW} -eq 0 ]; then + mount -uwo noatime /cfg + mkdir -p /cfg/ssh + MOUNTED_RW=1 + fi + cp $FILE /cfg/ssh/`basename ${FILE}` + fi + done + + umount /cfg + trap 1 2 15 EXIT +} + + +load_rc_config $name +run_rc_command "$1" + Index: /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/pen_wrapper =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen_wrapper +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable pen: +# +# pen_wrapper_enable="YES" +# + +. /etc/rc.subr + +pen_wrapper_cmd() { + ${command_interpreter} ${command} & +} + +name=pen_wrapper +rcvar=`set_rcvar` +start_cmd=${name}_cmd + +command_interpreter="/bin/sh" +command=/usr/local/bin/pen_wrapper + +pen_wrapper_enable=${pen_wrapper_enable:-"NO"} +pen_wrapper_flags=${pen_wrapper_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/ileiden/nanobsd/files/usr/local/etc/thttpd.conf =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) @@ -0,0 +1,6 @@ +user=root +dir=/usr/local/www +cgipat=** +nochroot +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid Index: /branches/ileiden/nanobsd/files/usr/local/etc/tinyproxy.conf =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User nobody +Group nogroup + +# +# Port to listen on. +# +Port 3128 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/local/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/local/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/local/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/local/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/local/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/local/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/local/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/local/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Info + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 172.16.0.0/12 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +#ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +#Filter "/etc/tinyproxy/filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 Index: /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl (revision 10119) @@ -0,0 +1,86 @@ + + + Welkom aan Boord van %(portal_sponsor)s || Connectiviteit door Stichting Wireless Leiden + + +
+ + +
+

%(status_msg)s

+

Welkom aan Boord met %(portal_sponsor)s

+ +%(portal_sponsor)s bied u in samenwerking met Stichting Wireless Leiden op deze locatie internet aan. Twee ``huisregels'': +
    +
  1. Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn +kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan +de Nederlandse wetgeving en geen schade toe te brengen of ongemak te +veroorzaken voor anderen.
    2. +
  2. Stichting Wireless Leiden en %(portal_sponsor)s accepteren geen enkele +aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of +verband houdt met het gebruik van het netwerk.
    3. +
+ +

+Wij wensen u nog een fijne dag,
+%(portal_sponsor)s & Stichting Wireless Leiden
+

PS: Voor de techneuten: TCP:80 (HTTP) en TCP:443 (HTTPS) zijn toegestaan
+ + +
+
+

Internettoegang

+

U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+ Gedetailleerde instructies kunt u vinden op onze website. +

+N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. + +

Eerlijk gebruikmaken van Wireless Leiden

+ Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+ De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+Geef hieronder aan of u accoord gaat met deze voorwaarden: +
+ + +
+ + +
+

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample (revision 10119) @@ -0,0 +1,6 @@ +whitelist: + - 00:11:22:33:44:55 + - 172.16.16.16 +portal_sponsor : Stichting Aalsmeer WestEinder +portal_url : http://www.aalsmeerwesteinder.nl +refresh_delay : 10 Index: /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/index.cgi =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/index.cgi (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/index.cgi (revision 10119) @@ -0,0 +1,425 @@ +#!/usr/bin/env python +# +# Wrap me around tcpserver or inetd, example usage for tcpserver (debug): +# tcpserver -HRl localhost 172.31.255.1 /root/wlportal.py +# +# Or put me in a CGI script in for example thttpd server: +# +# = Usage = +# This is a wrapper script which does very basic HTML parsing and altering of +# ipfw tables rules to build a basic Captive Portal, with basic sanity +# checking. The ACL is IP based (this is a poor mans solution, layer2 +# ACL would be much better), so don't take security very seriously. +# +# To get traffic by default to the portal iI requires a few special rules in +# ipfw to work properly (ajust IP details if needed): +# - Rule 10010-10099 needs to be free. +# - add 10100 fwd 172.20.145.1,8081 tcp from any to not 172.16.0.0/12 dst-port 80 in via wlan0 +# +# Enties older than 5 minutes not being used will be removed if the (hidden) +# argument action=cleanup is given as GET variable. So having this in cron (would fix it): +# */5 * * * * /usr/bin/fetch -q http://172.31.255.1/wlportal?action=cleanup +# +# XXX: The whitelist entries first needs to contact the wlportal.py to get +# added to the whitelist, this may cause issues during initial setup and hence +# it might be advised to create a block of static whitelist IP addresses which +# get added during boot and will never disappear. +# +# The program has uses a file based persistent cache to save authenticated +# ACLs, this will NOT get synced after a reboot. +# +# State : ALPHA +# Version : $Id: index.cgi 9528 2011-08-11 10:46:07Z rick $ +# Author : Rick van der Zwet +# Licence : BSDLike http://wirelessleiden.nl/LICENSE + +import logging +import os +import pickle +import re +import signal +import subprocess +import sys +import time +import traceback +import urlparse +import yaml + +# XXX: Make me dynamic for example put me in the conf file +conf = { + 'autologin' : False, + 'cmd_arp' : '/usr/sbin/arp', + 'cmd_fw' : '/sbin/ipfw', + 'portal_sponsor': 'Sponsor van Stichting Wireless Leiden', + 'portal_url' : 'http://www.wirelessleiden.nl', + 'portalroot' : '172.31.255.1', + 'refresh_delay' : 5, + 'tmpl_autologin': '/usr/local/etc/wlportal/autologin.tmpl', + 'tmpl_login' : '/usr/local/etc/wlportal/login.tmpl', + 'whitelist' : [], +} + + +logging.basicConfig(stream=open('/var/log/wlportal.log','a'),level=logging.DEBUG) + +# No failback if config does not exist, to really make sure the user knows if +# the config file failed to parse properly or is non-existing +# XXX: 5xx error code perhaps? +try: + conf.update(yaml.load(open('/usr/local/etc/wlportal/config.yaml'))) +except Exception,e: + logging.error(traceback.format_exc()) + + +class ItemCache: + """ + Very basic ItemCache used for caching registered entries and other foo, no + way recurrent, so use with care! + """ + + def __init__(self, authentication_timeout=60): + self.cachefile='/tmp/portal.cache' + # cache[mac_address] = (ipaddr, registered_at, last_seen) + self.cache = None + self.arp_cache = None + self.now = time.time() + self.authentication_timeout = authentication_timeout + + def delete_all(self): + self.cache = {} + self.save() + + def delete(self,ipaddr): + self.load() + for mac in self.cache.keys(): + if self.cache[mac][0] == ipaddr: + del self.cache[mac] + self.save() + + + def load(self): + """ Request cached file entries """ + if self.cache == None: + try: + self.cache = pickle.load(open(self.cachefile,'r')) + except IOError: + self.cache = {} + pass + + def load_arp_cache(self): + """ Provide with listing of MAC to IP numbers """ + if self.arp_cache == None: + output = subprocess.Popen([conf['cmd_arp'],'-na'], stdout=subprocess.PIPE).communicate()[0] + self.arp_cache = {} + for line in output.strip().split('\n'): + # ? (172.20.145.30) at 00:21:e9:e2:7c:c6 on wlan0 expires in 605 seconds [ethernet] + if not 'expires' in line: + continue + t = re.split('[ ()]',line) + ip, mac = t[2],t[5] + self.arp_cache[ip] = mac + + def get_mac(self,ipaddr): + self.load_arp_cache() + try: + return self.arp_cache[ipaddr] + except KeyError: + return None + + def add(self,ipaddr): + """ Add entry to cache (on file) and return entry""" + self.load() + self.load_arp_cache() + self.cache[self.arp_cache[ipaddr]] = (ipaddr, self.now, self.now) + logging.debug("Adding Entry to Cache %s -> %s" % (ipaddr, self.arp_cache[ipaddr])) + self.save() + + def save(self): + """ Sync entries to disk """ + # XXX: Should actually check if entry has changed at all + pickle.dump(self.cache, open(self.cachefile,'w')) + + def update(): + """ Update entries with relevant ARP cache """ + self.load() + self.load_arp_cache() + # Update last_seen time for currently active entries + for ip,mac in self.arp_cache.iteritems(): + if self.cache.has_key(mac): + self.cache[mac][3] = now + + # cleanup no longer used entries, after authentication_timeout seconds. + for mac in self.cache: + if self.cache[mac][3] < self.now - self.authentication_timeout: + del self.cache[mac] + + # Sync results to disk + self.save() + return self.cache + + def get_cache(self): + self.load() + return self.cache + + def get_arp_cache(self): + self.load_arp_cache() + return self.arp_cache + + +class FirewallControl: + def __init__(self): + self.first_rule = 10010 + self.last_rule = 10099 + self.available_rule = self.first_rule + self.logger = '' + + + def load(self): + # Get all registered ips + sp = subprocess.Popen([conf['cmd_fw'],'show','%i-%i' % (self.first_rule, self.last_rule)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + output = sp.communicate()[0] + self.ip_in_firewall = {} + if sp.returncode == 0: + # 10010 32 1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12 dst-port 80 + for line in output.strip().split('\n'): + t = line.split() + rule, ip = t[0], t[6] + self.ip_in_firewall[ip] = rule + + if self.available_rule == int(rule): + self.available_rule += 1 + else: + # XXX: Some nagging about no rules beeing found perhaps? + pass + + def cleanup(self): + """ Cleanup Old Entries, mostly used for maintenance runs """ + self.load() + # Make sure cache matches the latest ARP version + itemdb = ItemCache() + cache = itemdb.get_cache() + valid_ip = itemdb.get_arp_cache() + + # Check if all ipfw allowed entries still have the same registered MAC address + # else assume different user and delete. + for ip,rule in self.ip_in_firewall.iteritems(): + delete_entry = False + + # Make sure IP is still valid + if not valid_ip.has_key(ip): + delete_entry = True + # Also MAC needs to exists in Cache + elif not cache.has_key(valid_ip[ip]): + delete_entry = True + # IP need to match up with registered one + elif not cache[valid_ip[ip]][0] == ip: + delete_entry = True + + # Delete entry if needed + if delete_entry: + output = subprocess.Popen([conf['cmd_fw'],'delete',str(rule)], stdout=subprocess.PIPE).communicate()[0] + self.logger += "Deleting ipfw entry %s %s\n" % (rule, ip) + logging.debug('Deleting ipfw entry %s %s\n' % (rule, ip)) + + + def add(self,ipaddr): + """ Add Entry to Firewall, False if already exists """ + self.load() + if not self.ip_in_firewall.has_key(ipaddr): + rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12 dst-port 80".split() + rule[0] = str(self.available_rule) + rule[4] = str(ipaddr) + logging.debug("Addding %s" % " ".join(rule)) + output = subprocess.Popen([conf['cmd_fw'],'add'] + rule, stdout=subprocess.PIPE).communicate()[0] + itemdb = ItemCache() + itemdb.add(ipaddr) + self.register(ipaddr) + return True + else: + return False + + def register(self, ipaddr): + epoch = int(time.time()) + + itemdb = ItemCache() + mac = itemdb.get_mac(ipaddr) + + filename = "/var/db/clients" + file = open(filename,"a") + file.write("%s %s %s \n" % (epoch, mac, ipaddr) ) + file.close() + + + def delete(self, ipaddr): + itemdb = ItemCache() + itemdb.delete(ipaddr) + self.cleanup() + + def delete_all(self): + itemdb = ItemCache() + itemdb.delete_all() + self.cleanup() + + def get_log(self): + return self.logger + + + +# Query String Dictionaries +qs_post = None +qs = None +header = [] + +# Hybrid Setup. +# a) We are not wrapped around in a HTTP server, so this _is_ the +# HTTP server, so act like one. +if not os.environ.has_key('REQUEST_METHOD'): + class TimeoutException(Exception): + """ Helper for alarm signal handling""" + pass + + def handler(signum, frame): + """ Helper for alarm signal handling""" + raise TimeoutException + + + # Parse the HTTP/1.1 Content-Header (partially) + signal.signal(signal.SIGALRM,handler) + us = None + method = None + hostname = None + content_length = None + remote_host = None + while True: + try: + signal.alarm(1) + line = sys.stdin.readline().strip() + if not line: + break + header.append(line) + signal.alarm(0) + if line.startswith('GET '): + us = urlparse.urlsplit(line.split()[1]) + method = 'GET' + elif line.startswith('POST '): + method = 'POST' + us = urlparse.urlsplit(line.split()[1]) + elif line.startswith('Host: '): + hostname = line.split()[1] + elif line.startswith('Content-Length: '): + content_length = int(line.split()[1]) + except TimeoutException: + break + + # Capture Portal, make sure to redirect all to portal + if hostname != conf['portalroot']: + print "HTTP/1.1 302 Moved Temponary\r\n", + print "Location: http://%(portalroot)s/\r\n" % conf, + sys.exit(0) + + + # Handle potential POST + if method == 'POST' and content_length: + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + # Parse Query String + if us and us.path == "/wlportal" and us.query: + qs = urlparse.parse_qs(us.query) + + remote_host = os.environ['REMOTEHOST'] +else: + # b) CGI Script: Parse the CGI Variables if present + if os.environ['REQUEST_METHOD'] == "POST": + content_length = int(os.environ['CONTENT_LENGTH']) + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + if os.environ.has_key('QUERY_STRING'): + qs = urlparse.parse_qs(os.environ['QUERY_STRING']) + + remote_host = os.environ['REMOTE_ADDR'] + + +# Helpers for HTML 'templates' +content = conf.copy() +content.update(extra_header='',tech_footer='',status_msg='') + +# IP or MAC on the whitelist does not need to authenticate, used for devices +# which need to connect to the internet, but has no 'buttons' to press OK. +# +# This assumes that devices will re-connect if they are not able to connect +# to their original host, as we do not preserve the original URI. +ic = ItemCache() +if conf['autologin'] or remote_host in conf['whitelist'] or ic.get_mac(remote_host) in conf['whitelist']: + qs_post = { 'action' : 'login' } + +try: + # Put authenticate use and process response + if qs and qs.has_key('action'): + if 'deleteall' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries\n" + fw = FirewallControl() + fw.delete_all() + content['status_msg'] += fw.get_log() + elif 'update' in qs['action']: + tech_footer = "# [INFO] Update timestamp of all entries\n" + fw = FirewallControl() + fw.update() + content['status_msg'] += fw.get_log() + elif 'cleanup' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries" + fw = FirewallControl() + fw.delete_all() + elif qs_post and qs_post.has_key('action'): + if 'login' in qs_post['action']: + fw = FirewallControl() + if fw.add(remote_host): + content['extra_header'] = "Refresh: %(refresh_delay)s; url=%(portal_url)s\r" % content + content['status_msg'] = "Sucessfully Logged In! || " +\ + """ Will redirect you in %(refresh_delay)s seconds to %(portal_url)s """ % content + else: + content['status_msg'] = "ERROR! Already Logged On" + elif 'logout' in qs_post['action']: + fw = FirewallControl() + fw.delete(remote_host) + content['status_msg'] = "Succesfully logged out!" + +except Exception,e: + content['tech_footer'] += traceback.format_exc() + content['status_msg'] = e + pass + + # Present Main Screen +print """\ +HTTP/1.1 200 OK\r +Content-Type: text/html\r +%(extra_header)s +""" % content + +try: + tmpl_file = conf['tmpl_autologin'] if conf['autologin'] else conf['tmpl_login'] + page = open(tmpl_file,'r').read() +except IOError: + page = """ + +

%(status_msg)s

+ +

Wireless Leiden - Internet Portal

+
+ + +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ +""" + +print page % content Index: /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/login.tmpl =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/login.tmpl (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/etc/wlportal/login.tmpl (revision 10119) @@ -0,0 +1,64 @@ + + + Welkom bij Wireless Leiden captive portal + + + +

%(status_msg)s

+

Welkom bij Wireless Leiden

+For English see bottom of this page +

Internettoegang

+

U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+ Gedetailleerde instructies kunt u vinden op onze website. +

+N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. + +

Eerlijk gebruikmaken van Wireless Leiden

+ Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+ De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+Geef hieronder aan of u accoord gaat met deze voorwaarden: +
+ + +
+ + +
+

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# HTTP proxy to use +HTTP_PROXY=http://proxy.wleiden.net:3128 + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Make variable global, so fetch can use it +export HTTP_PROXY + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '{ print $4 " " $5 }'` + +# What was the format of speed (Bps) +TYPE=`echo ${SPEEDOUT} | awk '{ print $5 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$TYPE" = "Bps" ]; then + + # Let's celebrate, it was successfull + echo "INET OK: $SPEED" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet2 =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) @@ -0,0 +1,31 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '/Bps/ { print $13 " " $14 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$SPEED" ]; then + + # Let's celebrate, it was successfull + printf "INET OK: $SPEED\n" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_lv =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) @@ -0,0 +1,107 @@ +#!/usr/local/bin/python + +import os +import re + +# Bsd config file +config="/etc/rc.conf.local" + +def gettrees () : + ip = [] + + # Run through all the files in /tmp + for filename in os.listdir('/tmp'): + + # Match lvrouted tree files and get ip address + # lvrouted.tree-172.16.4.9 + match = re.match(r'lvrouted.tree-(.*)$', filename) + if match: + + # append ip address to list + ip.append(match.group(1)) + + return ip + +# Get all ips in the subnet (based on ip and mask) +def iprange (ip, mask) : + + # Max number of bits in the subnetmask + max=32 + + # Make sure the mask is integer + mask=int(mask) + + # Don't do anything with certain subnet sizes + if mask > 27 and mask < 32 : + + # Make an ip list + iplist = [] + + # Split the ip + oc = ip.split(".") + + # Calculate the total subnet size + max = 2 ** ( max - mask ) + + # Make sure the last oclet of the ip is integer + oc[3] = int(oc[3]) + + # Calculate the lower end of the subnet + min = oc[3] - ( oc[3] % max ) + 1 + + # Calculate the upper end of the subnet + max = min + max - 2 + + # Run through all possible ip's + for oc3 in range(min, max): + + # Add Ip to iplist + iplist.append(str(oc[0]) + "." + str(oc[1]) + "." + str(oc[2]) + "." + str(oc3)) + + # Return the iplist to the caller + return iplist + +# Open the config file and run through it +file = open (config) +treeips = gettrees() +invalid = [] +rcips = [] + +for line in file.readlines(): + + # Get variable's out of the config file and validate it + match = re.match(r'ipv4_addrs_(.*?)="(.*?)/([\d]{1,2})(.*)"$', line) + if match: + + # Get info + iface = match.group(1) + ip = match.group(2) + mask = match.group(3) + + # Call iprange, get all ip's in the subnet + allips = iprange(ip, mask) + + # Don't iterate through empty list + if allips: + + valid=0 + + # Check if one of the ip's in the lvrouted list (one must be present) + for rangeip in allips: + if rangeip in treeips: + valid=1 + + if not valid: + invalid.append(iface) + +if invalid: + retval = "LV ERROR:" + for iface in invalid: + retval = retval + " " + iface + print retval + exit(2) +else: + print "LV OK" + exit(0) + + Index: /branches/ileiden/nanobsd/files/usr/local/sbin/dhcpd-snmp =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) @@ -0,0 +1,452 @@ +#! /usr/bin/perl +# -------------------------------------------------------------------- +# Copyright (C) 2006 Oliver Hitz +# +# $Id: dhcpd-snmp.in,v 1.2 2006/01/25 19:26:00 oli Exp $ +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, +# MA 02111-1307, USA. +# -------------------------------------------------------------------- +# dhcpd-snmp +# +# An extension for polling the active and available lease counts of a +# running dhcpd. +# +# Please read the man page dhcpd-snmp(8) for instructions. +# -------------------------------------------------------------------- + +use Time::Local; +use strict; + +# The base OID of this extension. Has to match the OID in snmpd.conf: +my $baseoid = ".1.3.6.1.4.1.21695.1.2"; + +# Results are cached for some seconds so that an SNMP walk doesn't +# result in dhcpd.leases being parsed multiple times. +my $cache_secs = 60; + +# -------------------------------------------------------------------- + +my $mib; +my $mibtime; + +# Load configuration file +my $conf = read_configuration($ARGV[0]); + +# Switch on autoflush +$| = 1; + +# Main loop +while (my $cmd = ) { + chomp $cmd; + + if ($cmd eq "PING") { + print "PONG\n"; + } elsif ($cmd eq "get") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $mib = create_dhcp_mib(); + + if ($oid != 0 && defined($mib->{$oid})) { + print "$baseoid.$oid\n"; + print $mib->{$oid}[0]."\n"; + print $mib->{$oid}[1]."\n"; + } else { + print "NONE\n"; + } + } elsif ($cmd eq "getnext") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $found = 0; + + my $mib = create_dhcp_mib(); + my @s = sort { oidcmp($a, $b) } keys %{ $mib }; + for (my $i = 0; $i < @s; $i++) { + if (oidcmp($oid, $s[$i]) == -1) { + print "$baseoid.".$s[$i]."\n"; + print $mib->{$s[$i]}[0]."\n"; + print $mib->{$s[$i]}[1]."\n"; + $found = 1; + last; + } + } + if (!$found) { + print "NONE\n"; + } + } else { + # Unknown command + } +} + +exit 0; + +sub get_oid +{ + + my ($oid) = @_; + chomp $oid; + + my $base = $baseoid; + $base =~ s/\./\\./g; + + if ($oid !~ /^$base(\.|$)/) { + # Requested oid doesn't match base oid + return 0; + } + + $oid =~ s/^$base\.?//; + return $oid; +} + +sub oidcmp { + my ($x, $y) = @_; + + my @a = split /\./, $x; + my @b = split /\./, $y; + + my $i = 0; + + while (1) { + + if ($i > $#a) { + if ($i > $#b) { + return 0; + } else { + return -1; + } + } elsif ($i > $#b) { + return 1; + } + + if ($a[$i] < $b[$i]) { + return -1; + } elsif ($a[$i] > $b[$i]) { + return 1; + } + + $i++; + } +} + +sub create_dhcp_mib +{ + # We cache the results for $cache_secs seconds + if (time - $mibtime < $cache_secs) { + return $mib; + } + + # Read in all leases + read_leases(); + + my %dhcp = ( + "1" => [ "integer", 0 ], # Number of pools + ); + + foreach my $i (keys %{ $conf->{"pools"} }) { + $dhcp{"1"}[1]++; + + my $pool = $conf->{"pools"}->{$i}; + + $dhcp{"2.1.".$i} = [ "integer", $i ]; + $dhcp{"2.2.".$i} = [ "string", $pool->{"name"} ]; + $dhcp{"2.3.".$i} = [ "integer", $pool->{"total"} ]; + $dhcp{"2.4.".$i} = [ "integer", $pool->{"active"} ]; + $dhcp{"2.5.".$i} = [ "integer", $pool->{"expired"} ]; + $dhcp{"2.6.".$i} = [ "integer", $pool->{"total"} - $pool->{"active"} ]; + } + + $mib = \%dhcp; + $mibtime = time; + return $mib; +} + +sub ip2int { + my ($ip) = @_; + + if ($ip =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { + return 256*(256*(256*$1+$2)+$3)+$4; + } else { + return -1; + } +} + +sub read_leases +{ + # Clear leases + foreach my $i (keys %{ $conf->{"pools"} }) { + $conf->{"pools"}->{$i}->{"leases"} = (); + $conf->{"pools"}->{$i}->{"active"} = 0; + $conf->{"pools"}->{$i}->{"expired"} = 0; + } + + # Read leases + if (!open(LEASES, $conf->{"leases"})) { + printf STDERR "Unable to open leases file '%s'!\n", $conf->{leases}; + return; + } + + my %l = undef; + + while (my $line = ) { + if ($line =~ /^lease (\d+\.\d+\.\d+\.\d+) \{$/) { + my $ip = ip2int($1); + undef %l; + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + my $found = 0; + + foreach my $r (@{ $pool->{"ranges"} }) { + if (($ip >= $r->{"from"}) && ($ip <= $r->{"to"})) { + %l = ( "pool" => $i, "ip" => $ip ); + $found = 1; + last; + } + } + if ($found) { + last; + } + } + } elsif (defined %l && $line =~ /^\s+ends \d (\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+);$/) { + $l{"ends"} = timegm($6, $5, $4, $3, $2-1, $1); + } elsif (defined %l && $line =~ /^\s+ends never;$/) { + $l{"ends"} = -1; + } elsif (defined %l && $line =~ /^\}$/) { + $conf->{"pools"}->{$l{"pool"}}->{"leases"}->{$l{"ip"}} = $l{"ends"}; + } + } + + close(LEASES); + + # Count active and expired leases + my $now = time(); + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + + foreach my $ip (keys %{ $pool->{"leases"} }) { + my $end = $pool->{"leases"}->{$ip}; + if (($end == -1) || ($end >= $now)) { + $pool->{"active"}++; + } else { + $pool->{"expired"}++; + } + } + } +} + +sub read_configuration +{ + my ($f) = @_; + + my %conf = ( "leases" => undef, + "pools" => { } ); + + open C, "$f"; + while (my $l = ) { + $l =~ s/#.*//; + $l =~ s/^\s*//; + $l =~ s/\s*$//; + + if ($l eq "") { + next; + } + + if ($l =~ /^leases:\s*(\S+)$/) { + + $conf{"leases"} = $1; + + # Check if file is readable + if (open(LEASES, $conf{"leases"})) { + close(LEASES); + } else { + printf STDERR "Unable to open leases file '%s'!\n", $conf{"leases"}; + } + + } elsif ($l =~ /^pool:\s*(\d+)\s*,\s*("[^"]*"|[^"][^,]*)\s*,\s*(.*)$/) { + + # Read the pool definition + my %p = ( "index" => $1, + "name" => $2, + "ranges" => [ ], + "total" => 0, + "leases" => { } ); + + my @ranges = split /\s*,\s*/, $3; + + $p{"name"} =~ s/^\"//; + $p{"name"} =~ s/\"$//; + + foreach my $r (@ranges) { + if ($r !~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})-(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) { + printf STDERR "Invalid range definition '%s'.\n", $r; + next; + } + + my ($from, $to) = ($1, $2); + + my $fromip = ip2int($from); + my $toip = ip2int($to); + + if ($toip < $fromip) { + my $t = $toip; + $toip = $fromip; + $fromip = $t; + } + + $p{"total"} += $toip-$fromip+1; + + my %range = ( "from" => $fromip, + "to" => $toip ); + + push @{ $p{"ranges"} }, \%range; + } + + $conf{"pools"}{$p{"index"}} = \%p; + } else { + + printf STDERR "Invalid line '%s'.\n", $l; + + } + } + + return \%conf; +} + +__END__ + +=head1 NAME + +dhcpd-snmp + +=head1 SYNOPSIS + +dhcpd-snmp dhcpd-snmp.conf + +=head1 DESCRIPTION + +B is an extension for the Net-SNMP agent and the ISC DHCP +server. It allows you to monitor and track the address usage of your +dynamic IP address pools through SNMP. + +=head1 CONFIGURATION FILE + +The configuration file defines the location of the F +file as well as the pools of which you want to access the lease +counts. + +The file is in B format and allows only two keys: + +=over 8 + +=item B: C + +Location of the F file. This file needs to be accessible +by the script. + +=item B: C, C, C + +Defines a pool to monitor. C is a unique numeric index, +C a textual description of this pool, and C defines the ranges of IP addresses belonging to this +pool. + +=back + +Since this extension is a persistent script, changes to the +configuration file require a restart of snmpd. + +=head1 INSTALLATION + +After installing the B script and adapting the +configuration file, it is best to test it manually. This can be done +with the following dialog: + + PING + +The script should return "PONG". + + get + .1.3.6.1.4.1.21695.1.2.1 + +The script should return three lines: the OID, "integer", and the +number of configured pools. + + get + .1.3.6.1.4.1.21695.1.2.2.2.1 + +OID, "string", and the name of your first address pool. + + get + .1.3.6.1.4.1.21695.1.2.2.4.1 + +OID, "integer", and the number of active leases. + +Quit the dialog using CTRL-D. + +If everything works, insert the following line into your Net-SNMP's +B configuration file: + + pass_persist .1.3.6.1.4.1.21695.1.2 path/to/dhcpd-snmp path/to/dhcpd-snmp.conf + +Net-SNMP will need to be restarted after this change. + +You should now be able to get the statistics using F, for example: + + $ snmpwalk host community .1.3.6.1.4.1.21695.1.2 + +This should give you a list of the statistics of your DHCP server. + +=head1 MIB + +The script returns the following variables: + + .1.3.6.1.4.1.21695.1.2.1: number of configured pools + .1.3.6.1.4.1.21695.1.2.2.: pool description + .1.3.6.1.4.1.21695.1.2.3.: size of the pool (number of addresses) + .1.3.6.1.4.1.21695.1.2.4.: active leases + .1.3.6.1.4.1.21695.1.2.5.: expired leases + .1.3.6.1.4.1.21695.1.2.6.: available addresses (size - active leases) + +For a complete MIB file see the C directory in the source archive. + +=head1 SECURITY + +It is assumed that users of this script know how to properly secure +their snmpd. Please read the corresponding man pages on more +information about this. + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006 Oliver Hitz + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. + +=cut Index: /branches/ileiden/nanobsd/files/usr/local/sbin/lvrouted-test =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) @@ -0,0 +1,24 @@ +#!/bin/sh +# Richard van Mansom, richardvm@wirelessleiden.nl, March 2010 + +# Minimum number of non local routes. +VALID=1 + +# 1. Show routing table +# 2. Only show routes which includes subnets +# 3. Discard anything with a semicolon (MAC addresses and IPv6 addresses) +# 4. Discard anything which include the word 'link' (local routes). +# 5. Use word count (get number of lines) +COUNT=`netstat -rn | grep -E '[0-9]/[0-9]' | grep -v ':' | grep -v 'link' | wc -l'` + +# No have a look if the number of routes has passed the minimium threshold. +if [ ${COUNT} -gt ${VALID} ]; then + + # Display me if I have passed the threshold + echo "ROUTING OK: Got non local routes" +else + + # Display me if I didn't pased the threshold + echo "ROUTING CRITICAL: I don't have any non local routes" +fi + Index: /branches/ileiden/nanobsd/files/usr/local/sbin/proxy-test.sh =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) @@ -0,0 +1,25 @@ +#!/bin/sh + +PROXY=proxy.wleiden.net:3128 +URL=http://proxy-test.wirelessleiden.nl +FILE=/tmp/proxy-test.wirelessleiden.nl + +# Set proxy to escape the network +export HTTP_PROXY=${PROXY} + +# Fetch the website (curl not installed) +fetch -o ${FILE} ${URL} 2> /dev/null +if [ -w ${FILE} ]; then + retval=`cat ${FILE}` + rm ${FILE} +fi + +# Chech if website returns the expected result +if [ "$retval" = "1" ]; then + echo "WWW OK: Got a www website" + exit 0 +else + echo "WWW CRITICAL: Unable to fetch www website" + exit 2 +fi + Index: /branches/ileiden/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) @@ -0,0 +1,2978 @@ +-- ***************************************************************** +-- IEEE802dot11-MIB : +-- IEEE 802.11 Management Information Base file +-- +-- Nov 2002, Francis Pang +-- +-- Copyright (c) 2002 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +-- ********************************************************************** +-- * IEEE 802.11 Management Information Base +-- ********************************************************************** + +IEEE802dot11-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE,Integer32, Counter32, + Unsigned32 FROM SNMPv2-SMI + + DisplayString , MacAddress, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + + ifIndex FROM RFC1213-MIB; + +-- ********************************************************************** +-- * Tree Definition +-- ********************************************************************** + + member-body OBJECT IDENTIFIER ::= { iso 2 } + us OBJECT IDENTIFIER ::= { member-body 840 } + +-- ********************************************************************** +-- * MODULE IDENTITY +-- ********************************************************************** + +ieee802dot11 MODULE-IDENTITY + LAST-UPDATED "0208300000Z" + ORGANIZATION "IEEE 802.11" + CONTACT-INFO + "WG E-mail: stds-802-11@ieee.org + + Chair: Stuart J. Kerry + Postal: Philips Semiconductors, Inc. + 1109 McKay Drive + M/S 48 SJ + San Jose, CA 95130-1706 USA + Tel: +1 408 474 7356 + Fax: +1 408 474 7247 + E-mail: stuart.kerry@philips.com + + Editor: Bob O'Hara + Postal: Informed Technology, Inc. + 1750 Nantucket Circle, Suite 138 + Santa Clara, CA 95054 USA + Tel: +1 408 986 9596 + Fax: +1 408 727 2654 + E-mail: bob@informed-technology.com" + DESCRIPTION + "The MIB module for IEEE 802.11 entities. + iso(1).member-body(2).us(840).ieee802dot11(10036)" + ::= { us 10036 } + +-- ********************************************************************** +-- * Major sections +-- ********************************************************************** + +-- Station ManagemenT (SMT) Attributes + -- DEFINED AS "The SMT object class provides the necessary support + -- at the station to manage the processes in the station such that + -- the station may work cooperatively as a part of an IEEE 802.11 + -- network." + + dot11smt OBJECT IDENTIFIER ::= { ieee802dot11 1 } + + -- dot11smt GROUPS + -- dot11StationConfigTable ::= { dot11smt 1 } + -- dot11AuthenticationAlgorithmsTable ::= { dot11smt 2 } + -- dot11WEPDefaultKeysTable ::= { dot11smt 3 } + -- dot11WEPKeyMappingsTable ::= { dot11smt 4 } + -- dot11PrivacyTable ::= { dot11smt 5 } + -- dot11SMTnotification ::= { dot11smt 6 } + -- dot11MultiDomainCapabilityTable ::= { dot11smt 7 } + +-- MAC Attributes + -- DEFINED AS "The MAC object class provides the necessary support + -- for the access control, generation, and verification of frame + -- check sequences (FCSs), and proper delivery of valid data to + -- upper layers." + + dot11mac OBJECT IDENTIFIER ::= { ieee802dot11 2 } + + -- MAC GROUPS + -- reference IEEE Std 802.1f-1993 + -- dot11OperationTable ::= { dot11mac 1 } + -- dot11CountersTable ::= { dot11mac 2 } + -- dot11GroupAddressesTable ::= { dot11mac 3 } + +-- Resource Type ID + dot11res OBJECT IDENTIFIER ::= { ieee802dot11 3 } + dot11resAttribute OBJECT IDENTIFIER ::= { dot11res 1 } + +-- PHY Attributes + -- DEFINED AS "The PHY object class provides the necessary support + -- for required PHY operational information that may vary from PHY + -- to PHY and from STA to STA to be communicated to upper layers." + + dot11phy OBJECT IDENTIFIER ::= { ieee802dot11 4 } + + -- PHY GROUPS + -- dot11PhyOperationTable ::= { dot11phy 1 } + -- dot11PhyAntennaTable ::= { dot11phy 2 } + -- dot11PhyTxPowerTable ::= { dot11phy 3 } + -- dot11PhyFHSSTable ::= { dot11phy 4 } + -- dot11PhyDSSSTable ::= { dot11phy 5 } + -- dot11PhyIRTable ::= { dot11phy 6 } + -- dot11RegDomainsSupportedTable ::= { dot11phy 7 } + -- dot11AntennasListTable ::= { dot11phy 8 } + -- dot11SupportedDataRatesTxTable ::= { dot11phy 9 } + -- dot11SupportedDataRatesRxTable ::= { dot11phy 10 } + -- dot11PhyOFDMTable ::= { dot11phy 11 } + -- dot11PhyHRDSSSTable ::= { dot11phy 12 } + -- dot11EHCCHoppingPatternTable ::= { dot11phy 13 } + +-- ********************************************************************** +-- * Textual conventions from 802 definitions +-- ********************************************************************** + + WEPKeytype ::= OCTET STRING (SIZE (5)) + +-- ********************************************************************** +-- * MIB attribute OBJECT-TYPE definitions follow +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT Station Config Table +-- ********************************************************************** + +dot11StationConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Station Configuration attributes. In tablular form to + allow for multiple instances on an agent." + ::= { dot11smt 1 } + +dot11StationConfigEntry OBJECT-TYPE + SYNTAX Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11StationConfigTable. It is + possible for there to be multiple IEEE 802.11 interfaces + on one agent, each with its unique MAC address. The + relationship between an IEEE 802.11 interface and an + interface in the context of the Internet-standard MIB is + one-to-one. As such, the value of an ifIndex object + instance can be directly used to identify corresponding + instances of the objects defined herein. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11StationConfigTable 1 } + +Dot11StationConfigEntry ::= + SEQUENCE { + dot11StationID MacAddress, + dot11MediumOccupancyLimit INTEGER, + dot11CFPollable TruthValue, + dot11CFPPeriod INTEGER, + dot11CFPMaxDuration INTEGER, + dot11AuthenticationResponseTimeOut Unsigned32, + dot11PrivacyOptionImplemented TruthValue, + dot11PowerManagementMode INTEGER, + dot11DesiredSSID OCTET STRING, + dot11DesiredBSSType INTEGER, + dot11OperationalRateSet OCTET STRING, + dot11BeaconPeriod INTEGER, + dot11DTIMPeriod INTEGER, + dot11AssociationResponseTimeOut Unsigned32, + dot11DisassociateReason INTEGER, + dot11DisassociateStation MacAddress, + dot11DeauthenticateReason INTEGER, + dot11DeauthenticateStation MacAddress, + dot11AuthenticateFailStatus INTEGER, + dot11AuthenticateFailStation MacAddress, + dot11MultiDomainCapabilityImplemented TruthValue, + dot11MultiDomainCapabilityEnabled TruthValue, + dot11CountryString OCTET STRING } + +dot11StationID OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The purpose of dot11StationID is to allow a manager to + identify a station for its own purposes. This attribute + provides for that eventuality while keeping the true MAC + address independent. Its syntax is MAC address, and the + default value is the station's assigned, unique + MAC address." + ::= { dot11StationConfigEntry 1 } + +dot11MediumOccupancyLimit OBJECT-TYPE + SYNTAX INTEGER (0..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum amount of time, + in TU, that a point coordinator (PC) may control the usage + of the wireless medium (WM) without relinquishing control + for long enough to allow at least one instance of DCF access + to the medium. The default value of this attribute shall + be 100, and the maximum value shall be 1000." + ::= { dot11StationConfigEntry 2 } + +dot11CFPollable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that + the STA is able to respond to a CF-Poll with a data frame + within a SIFS time. This attribute shall be false if + the STA is not able to respond to a CF-Poll with a data + frame within a SIFS time." + ::= { dot11StationConfigEntry 3 } + +dot11CFPPeriod OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the number of DTIM intervals + between the start of CFPs. It is modified by + MLME-START.request primitive." + ::= { dot11StationConfigEntry 4 } + +dot11CFPMaxDuration OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the maximum duration of + the CFP in TU that may be generated by the PCF. It is + modified by MLME-START.request primitive." + ::= { dot11StationConfigEntry 5 } + +dot11AuthenticationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of time units (TUs) + that a responding STA should wait for the next frame in the + authentication sequence." + ::= { dot11StationConfigEntry 6 } + +dot11PrivacyOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the IEEE + 802.11 WEP option is implemented. The default value of + this attribute shall be false." + ::= { dot11StationConfigEntry 7 } + +dot11PowerManagementMode OBJECT-TYPE + SYNTAX INTEGER { active(1), powersave(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the power management + mode of the STA. When set to active, it shall + indicate that the station is not in power-save + (PS) mode. When set to powersave, it shall indicate + that the station is in power-save mode. The power + management mode is transmitted in all frames + according to the rules in 7.1.3.1.7." + ::= { dot11StationConfigEntry 8 } + +dot11DesiredSSID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute reflects the Service Set ID (SSID) + used in the DesiredSSID parameter of the most recent + MLME_Scan.request. This value may be modified + by an external management entity and used by the + local SME to make decisions about the Scanning + process." + ::= { dot11StationConfigEntry 9 } + +dot11DesiredBSSType OBJECT-TYPE + SYNTAX INTEGER { infrastructure(1), independent(2), any(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the type of BSS the + station shall use when scanning for a BSS with + which to synchronize. This value is used to filter + Probe Response frames and Beacons. When set to + infrastructure, the station shall only synchronize + with a BSS whose Capability Information field has + the ESS subfield set to 1. When set to independent, + the station shall only synchronize with a BSS whose + Capability Information field has the IBSS subfield + set to 1. When set to any, the station may + synchronize to either type of BSS." + ::= { dot11StationConfigEntry 10 } + +dot11OperationalRateSet OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..126)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the set of data + rates at which the station may transmit data. + Each octet contains a value representing a rate. + Each rate shall be within the range from 2 to 127, + corresponding to data rates in increments of + 500 kbit/s from 1 Mbit/s to 63.5 Mbit/s, and shall + be supported (as indicated in the supported rates + table) for receiving data. This value is reported in + transmitted Beacon, Probe Request, Probe Response, + Association Request, Association Response, + Reassociation Request, and Reassociation Response + frames, and is used to determine whether a BSS + with which the station desires to synchronize is + suitable. It is also used when starting a BSS, + as specified in 10.3." + ::= { dot11StationConfigEntry 11 } + +dot11BeaconPeriod OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TUs that + a station shall use for scheduling Beacon + transmissions. This value is transmitted in Beacon + and Probe Response frames." + ::= { dot11StationConfigEntry 12 } + +dot11DTIMPeriod OBJECT-TYPE + SYNTAX INTEGER(1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of beacon + intervals that shall elapse between transmission of + Beacons frames containing a TIM element whose DTIM + Count field is 0. This value is transmitted in + the DTIM Period field of Beacon frames." + ::= { dot11StationConfigEntry 13 } + +dot11AssociationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TU that a + requesting STA should wait for a response to a + transmitted association-request MMPDU." + ::= { dot11StationConfigEntry 14 } + +dot11DisassociateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Disassociation + frame. If no Disassociation frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 15 } + +dot11DisassociateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Disassociation frame. If no Disassociation + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 16 } + +dot11DeauthenticateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Deauthentication + frame. If no Deauthentication frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 17 } + +dot11DeauthenticateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Deauthentication frame. If no Deauthentication + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 18 } + +dot11AuthenticateFailStatus OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Status Code in a failed + Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.9" + ::= { dot11StationConfigEntry 19 } + +dot11AuthenticateFailStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + failed Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + ::= { dot11StationConfigEntry 20 } + +dot11MultiDomainCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of supporting + multiple regulatory domains. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 21 } + +dot11MultiDomainCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate in multiple + regulatory domains is enabled. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 22 } + +dot11CountryString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute identifies the country in which the + station is operating. The first two octets of this + string is the two character country code as described + in document ISO/IEC 3166-1. The third octet shall + be one of the following: + + 1. an ASCII space character, if the regulations under + which the station is operating encompass all + environments in the country, + + 2. an ASCII 'O' character, if the regulations under + which the station is operating are for an Outdoor + environment only, or + + 3. an ASCII 'I' character, if the regulations under + which the station is operating are for an Indoor + environment only." + ::= { dot11StationConfigEntry 23 } + +-- ********************************************************************** +-- * End of dot11StationConfig TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * AuthenticationAlgorithms TABLE +-- ********************************************************************** + +dot11AuthenticationAlgorithmsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes shall be a set of + all the authentication algorithms supported by the + stations. The following are the default values and the + associated algorithm: + Value = 1: Open System + Value = 2: Shared Key" + REFERENCE "IEEE Std 802.11-2002, 7.3.1.1" + ::= { dot11smt 2 } + +dot11AuthenticationAlgorithmsEntry OBJECT-TYPE + SYNTAX Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Authentication + Algorithms Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AuthenticationAlgorithmsIndex } + ::= { dot11AuthenticationAlgorithmsTable 1 } + +Dot11AuthenticationAlgorithmsEntry ::= + SEQUENCE { dot11AuthenticationAlgorithmsIndex Integer32, + dot11AuthenticationAlgorithm INTEGER, + dot11AuthenticationAlgorithmsEnable TruthValue } + +dot11AuthenticationAlgorithmsIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Authentication Algorithms Table." + ::= { dot11AuthenticationAlgorithmsEntry 1 } + +dot11AuthenticationAlgorithm OBJECT-TYPE + SYNTAX INTEGER { openSystem(1), sharedKey(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute shall be a set of all the authentication + algorithms supported by the STAs. The following are the + default values and the associated algorithm. + Value = 1: Open System + Value = 2: Shared Key" + ::= { dot11AuthenticationAlgorithmsEntry 2 } + +dot11AuthenticationAlgorithmsEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when true at a station, shall enable the acceptance + of the authentication algorithm described in the corresponding table + entry in authentication frames received by the station that have odd + authentication sequence numbers. The default value of this attribute + shall be 1 for the Open System table entry and 2 for all other table + entries." + ::= { dot11AuthenticationAlgorithmsEntry 3 } + +-- ********************************************************************** +-- * End of AuthenticationAlgorithms TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPDefaultKeys TABLE +-- ********************************************************************** + +dot11WEPDefaultKeysTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP default keys. This table shall + contain the four WEP default secret key values + corresponding to the four possible KeyID values. The WEP + default secret keys are logically WRITE-ONLY. Attempts to + read the entries in this table shall return unsuccessful + status and values of null or zero. The default value of + each WEP default key shall be null." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 3 } + +dot11WEPDefaultKeysEntry OBJECT-TYPE + SYNTAX Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Default Keys Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPDefaultKeyIndex} + ::= { dot11WEPDefaultKeysTable 1 } + +Dot11WEPDefaultKeysEntry ::= + SEQUENCE { dot11WEPDefaultKeyIndex INTEGER, + dot11WEPDefaultKeyValue WEPKeytype } + +dot11WEPDefaultKeyIndex OBJECT-TYPE + SYNTAX INTEGER (1..4) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Default Keys Table. + The value of this variable is equal to the WEPDefaultKeyID + 1" + ::= { dot11WEPDefaultKeysEntry 1 } + +dot11WEPDefaultKeyValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A WEP default secret key value." + ::= { dot11WEPDefaultKeysEntry 2 } + +-- ********************************************************************** +-- * End of WEPDefaultKeys TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPKeyMappings TABLE +-- ********************************************************************** + +dot11WEPKeyMappingsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP Key Mappings. The MIB supports + the ability to share a separate WEP key for each RA/TA + pair. The Key Mappings Table contains zero or one entry + for each MAC address and contains two fields for each + entry: WEPOn and the corresponding WEP key. The WEP key + mappings are logically WRITE-ONLY. Attempts to read the + entries in this table shall return unsuccessful status and + values of null or zero. The default value for all WEPOn + fields is false." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 4 } + +dot11WEPKeyMappingsEntry OBJECT-TYPE + SYNTAX Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Key Mappings Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPKeyMappingIndex } + ::= { dot11WEPKeyMappingsTable 1 } + +Dot11WEPKeyMappingsEntry ::= + SEQUENCE { dot11WEPKeyMappingIndex Integer32, + dot11WEPKeyMappingAddress MacAddress, + dot11WEPKeyMappingWEPOn TruthValue, + dot11WEPKeyMappingValue WEPKeytype, + dot11WEPKeyMappingStatus RowStatus } + +dot11WEPKeyMappingIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Key Mappings Table." + ::= { dot11WEPKeyMappingsEntry 1 } + +dot11WEPKeyMappingAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The MAC address of the STA for which the values from this + key mapping entry are to be used." + ::= { dot11WEPKeyMappingsEntry 2 } + +dot11WEPKeyMappingWEPOn OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Boolean as to whether WEP is to be used when communicating + with the dot11WEPKeyMappingAddress STA." + ::= { dot11WEPKeyMappingsEntry 3 } + +dot11WEPKeyMappingValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A WEP secret key value." + ::= { dot11WEPKeyMappingsEntry 4 } + +dot11WEPKeyMappingStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the WEP key + mapping Table." + DEFVAL { active } + ::= { dot11WEPKeyMappingsEntry 5 } + +-- ********************************************************************** +-- * End of WEPKeyMappings TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PrivacyTable TABLE +-- ********************************************************************** + +dot11PrivacyTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes concerned with IEEE 802.11 + Privacy. Created as a table to allow multiple + instantiations on an agent." + ::= { dot11smt 5 } + +dot11PrivacyEntry OBJECT-TYPE + SYNTAX Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PrivacyTable Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PrivacyTable 1 } + +Dot11PrivacyEntry ::= + SEQUENCE { dot11PrivacyInvoked TruthValue, + dot11WEPDefaultKeyID INTEGER, + dot11WEPKeyMappingLength Unsigned32, + dot11ExcludeUnencrypted TruthValue, + dot11WEPICVErrorCount Counter32, + dot11WEPExcludedCount Counter32 } + +dot11PrivacyInvoked OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that the IEEE + 802.11 WEP mechanism is used for transmitting frames of type + Data. The default value of this attribute shall be false." + ::= { dot11PrivacyEntry 1 } + +dot11WEPDefaultKeyID OBJECT-TYPE + SYNTAX INTEGER (0..3) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the use of the first, + second, third, or fourth element of the WEPDefaultKeys + array when set to values of zero, one, two, or three. The + default value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 2 } + +dot11WEPKeyMappingLength OBJECT-TYPE + SYNTAX Unsigned32 (10..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of tuples that dot11WEPKeyMappings can hold." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 3 } + +dot11ExcludeUnencrypted OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, the STA shall not indicate at + the MAC service interface received MSDUs that have the WEP + subfield of the Frame Control field equal to zero. When this + attribute is false, the STA may accept MSDUs that have the WEP + subfield of the Frame Control field equal to zero. The default + value of this attribute shall be false." + ::= { dot11PrivacyEntry 4 } + +dot11WEPICVErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to one and the value + of the ICV as received in the frame does not match the ICV value + that is calculated for the contents of the received frame." + ::= { dot11PrivacyEntry 5 } + +dot11WEPExcludedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to zero and the value + of dot11ExcludeUnencrypted causes that frame to be discarded." + ::= { dot11PrivacyEntry 6 } + +-- ********************************************************************** +-- * End of dot11Privacy TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT notification Objects +-- ********************************************************************** + +dot11SMTnotification OBJECT IDENTIFIER ::= { dot11smt 6 } + +dot11Disassociate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DisassociateReason, dot11DisassociateStation } + STATUS current + DESCRIPTION + "The disassociate notification shall be sent when the STA + sends a Disassociation frame. The value of the notification + shall include the MAC address of the MAC to which the Disassociation + frame was sent and the reason for the disassociation. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 1 } + +dot11Deauthenticate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DeauthenticateReason, dot11DeauthenticateStation } + STATUS current + DESCRIPTION + "The deauthenticate notification shall be sent when the STA + sends a Deauthentication frame. The value of the notification + shall include the MAC address of the MAC to which the Deauthentication + frame was sent and the reason for the deauthentication. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 2 } + +dot11AuthenticateFail NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11AuthenticateFailStatus, dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The authenticate failure notification shall be sent when the STA + sends an Authentication frame with a status code other than + 'successful'. The value of the notification + shall include the MAC address of the MAC to which the Authentication + frame was sent and the reason for the authentication failure. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 3 } + + +-- ********************************************************************** +-- * End of SMT notification Objects +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11MultiDomainCapability TABLE +-- ******************************************************************** + +dot11MultiDomainCapabilityTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes for + cross-domain mobility." + ::= { dot11smt 7 } + +dot11MultiDomainCapabilityEntry OBJECT-TYPE + SYNTAX Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Multiple Domain + Capability Table. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are + indexed by ifIndex." + INDEX { ifIndex, + dot11MultiDomainCapabilityIndex } + ::= { dot11MultiDomainCapabilityTable 1 } + +Dot11MultiDomainCapabilityEntry ::= + SEQUENCE { dot11MultiDomainCapabilityIndex Integer32, + dot11FirstChannelNumber Integer32, + dot11NumberofChannels Integer32, + dot11MaximumTransmitPowerLevel Integer32 } + +dot11MultiDomainCapabilityIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Multi Domain Capability Table." + ::= { dot11MultiDomainCapabilityEntry 1 } + +dot11FirstChannelNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the lowest + channel number in the subband for the associated domain + country string. The default value of this attribute + shall be zero." + ::= { dot11MultiDomainCapabilityEntry 2 } + +dot11NumberofChannels OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the total + number of channels allowed in the subband for the + associated domain country string. The default value of + this attribute shall be zero." + ::= { dot11MultiDomainCapabilityEntry 3 } + +dot11MaximumTransmitPowerLevel OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum transmit power, + in dBm, allowed in the subband for the associated domain + country string. The default value of this attribute shall + be zero." + ::= { dot11MultiDomainCapabilityEntry 4 } + +-- ******************************************************************** +-- * End of dot11MultiDomainCapability TABLE +-- ******************************************************************** + + +-- ********************************************************************** +-- * MAC Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11OperationTable TABLE +-- ********************************************************************** + +dot11OperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group contains MAC attributes pertaining to the operation + of the MAC. This has been implemented as a table in order + to allow for multiple instantiations on an agent." + ::= { dot11mac 1 } + +dot11OperationEntry OBJECT-TYPE + SYNTAX Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11OperationEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11OperationTable 1 } + +Dot11OperationEntry ::= + SEQUENCE { dot11MACAddress MacAddress, + dot11RTSThreshold INTEGER, + dot11ShortRetryLimit INTEGER, + dot11LongRetryLimit INTEGER, + dot11FragmentationThreshold INTEGER, + dot11MaxTransmitMSDULifetime Unsigned32, + dot11MaxReceiveLifetime Unsigned32, + dot11ManufacturerID DisplayString, + dot11ProductID DisplayString } + +dot11MACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Unique MAC Address assigned to the STA." + ::= { dot11OperationEntry 1 } + +dot11RTSThreshold OBJECT-TYPE + SYNTAX INTEGER (0..2347) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the number of octets in an MPDU, + below which an RTS/CTS handshake shall not be performed. An + RTS/CTS handshake shall be performed at the beginning of any + frame exchange sequence where the MPDU is of type Data or + Management, the MPDU has an individual address in the Address1 + field, and the length of the MPDU is greater than + this threshold. (For additional details, refer to Table 21 in + 9.7.) Setting this attribute to be larger than the maximum + MSDU size shall have the effect of turning off the RTS/CTS + handshake for frames of Data or Management type transmitted by + this STA. Setting this attribute to zero shall have the effect + of turning on the RTS/CTS handshake for all frames of Data or + Management type transmitted by this STA. The default value of + this attribute shall be 2347." + ::= { dot11OperationEntry 2 } + +dot11ShortRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is less + than or equal to dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 7." + ::= { dot11OperationEntry 3 } + +dot11LongRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is + greater than dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 4." + ::= { dot11OperationEntry 4 } + +dot11FragmentationThreshold OBJECT-TYPE + SYNTAX INTEGER (256..2346) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the current maximum size, in + octets, of the MPDU that may be delivered to the PHY. An MSDU + shall be broken into fragments if its size exceeds the value + of this attribute after adding MAC headers and trailers. An MSDU + or MMPDU shall be fragmented when the resulting frame has an + individual address in the Address1 field, and the length of the + frame is larger than this threshold. The default value for this + attribute shall be the lesser of 2346 or the aMPDUMaxLength of + the attached PHY and shall never exceed the lesser of 2346 or + the aMPDUMaxLength of the attached PHY. The value of this + attribute shall never be less than 256. " + ::= { dot11OperationEntry 5 } + +dot11MaxTransmitMSDULifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxTransmitMSDULifetime shall be the elapsed time in TU, + after the initial transmission of an MSDU, after which further + attempts to transmit the MSDU shall be terminated. The default + value of this attribute shall be 512." + ::= { dot11OperationEntry 6 } + +dot11MaxReceiveLifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxReceiveLifetime shall be the elapsed time in TU, + after the initial reception of a fragmented MMPDU or MSDU, + after which further attempts to reassemble the MMPDU or + MSDU shall be terminated. The default value shall be + 512." + ::= { dot11OperationEntry 7 } + +dot11ManufacturerID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ManufacturerID shall include, at a minimum, the name + of the manufacturer. It may include additional + information at the manufacturer's discretion. The default + value of this attribute shall be null." + ::= { dot11OperationEntry 8 } + +dot11ProductID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ProductID shall include, at a minimum, an identifier + that is unique to the manufacturer. It may include + additional information at the manufacturer's discretion. + The default value of this attribute shall be null." + ::= { dot11OperationEntry 9 } + +-- ********************************************************************** +-- * End of dot11OperationEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11Counters TABLE +-- ********************************************************************** + +dot11CountersTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes that are MAC counters. + Implemented as a table to allow for multiple + instantiations on an agent." + ::= { dot11mac 2 } + +dot11CountersEntry OBJECT-TYPE + SYNTAX Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11CountersEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11CountersTable 1 } + +Dot11CountersEntry ::= + SEQUENCE { dot11TransmittedFragmentCount Counter32, + dot11MulticastTransmittedFrameCount Counter32, + dot11FailedCount Counter32, + dot11RetryCount Counter32, + dot11MultipleRetryCount Counter32, + dot11FrameDuplicateCount Counter32, + dot11RTSSuccessCount Counter32, + dot11RTSFailureCount Counter32, + dot11ACKFailureCount Counter32, + dot11ReceivedFragmentCount Counter32, + dot11MulticastReceivedFrameCount Counter32, + dot11FCSErrorCount Counter32, + dot11TransmittedFrameCount Counter32, + dot11WEPUndecryptableCount Counter32 } + +dot11TransmittedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for an acknowledged MPDU + with an individual address in the address 1 field or an MPDU + with a multicast address in the address 1 field of type Data + or Management." + ::= { dot11CountersEntry 1 } + +dot11MulticastTransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment only when the multicast bit + is set in the destination MAC address of a successfully + transmitted MSDU. When operating as a STA in an ESS, where + these frames are directed to the AP, this implies having + received an acknowledgment to all associated MPDUs." + ::= { dot11CountersEntry 2 } + +dot11FailedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is not transmitted + successfully due to the number of transmit attempts exceeding + either the dot11ShortRetryLimit or dot11LongRetryLimit." + ::= { dot11CountersEntry 3 } + +dot11RetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after one or more retransmissions." + ::= { dot11CountersEntry 4 } + +dot11MultipleRetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after more than one retransmission." + ::= { dot11CountersEntry 5 } + +dot11FrameDuplicateCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received + that the Sequence Control field indicates is a + duplicate." + ::= { dot11CountersEntry 6 } + +dot11RTSSuccessCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is received in + response to an RTS." + ::= { dot11CountersEntry 7 } + +dot11RTSFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is not received in + response to an RTS." + ::= { dot11CountersEntry 8 } + +dot11ACKFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an ACK is not received + when expected." + ::= { dot11CountersEntry 9 } + +dot11ReceivedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for each successfully + received MPDU of type Data or Management." + ::= { dot11CountersEntry 10 } + +dot11MulticastReceivedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a MSDU is received + with the multicast bit set in the destination + MAC address." + ::= { dot11CountersEntry 11 } + +dot11FCSErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an FCS error is + detected in a received MPDU." + ::= { dot11CountersEntry 12 } + +dot11TransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment for each successfully transmitted MSDU." + ::= { dot11CountersEntry 13 } + +dot11WEPUndecryptableCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with + the WEP subfield of the Frame Control field set to one and the + WEPOn value for the key mapped to the TA's MAC address + indicates that the frame should not have been encrypted or + that frame is discarded due to the receiving STA not + implementing the privacy option." + ::= { dot11CountersEntry 14 } + +-- ********************************************************************** +-- * End of dot11CountersEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * GroupAddresses TABLE +-- ********************************************************************** + +dot11GroupAddressesTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual table containing a set of MAC addresses + identifying the multicast addresses for which this STA + will receive frames. The default value of this attribute + shall be null." + ::= { dot11mac 3 } + +dot11GroupAddressesEntry OBJECT-TYPE + SYNTAX Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Group Addresses Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11GroupAddressesIndex} + ::= { dot11GroupAddressesTable 1 } + +Dot11GroupAddressesEntry ::= + SEQUENCE { dot11GroupAddressesIndex Integer32, + dot11Address MacAddress, + dot11GroupAddressesStatus RowStatus } + +dot11GroupAddressesIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Group Addresses Table." + ::= { dot11GroupAddressesEntry 1 } + +dot11Address OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "MAC address identifying a multicast addresses + from which this STA will receive frames." + ::= { dot11GroupAddressesEntry 2 } + +dot11GroupAddressesStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the Group + Addresses Table." + DEFVAL { active } + ::= { dot11GroupAddressesEntry 3 } + +-- ********************************************************************** +-- * End of GroupAddress TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * Resource Type Attribute Templates +-- ********************************************************************** + +dot11ResourceTypeIDName OBJECT-TYPE + SYNTAX DisplayString (SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the name of the Resource Type ID managed object. + The attribute is read-only and always contains the value + RTID. This attribute value shall not be used as a naming + attribute for any other managed object class." + REFERENCE "IEEE Std 802.1F-1993, A.7" + DEFVAL { "RTID" } + ::= { dot11resAttribute 1 } + +-- ********************************************************************** +-- * dot11ResourceInfo TABLE +-- ********************************************************************** + +dot11ResourceInfoTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provides a means of indicating, in data readable from a + managed object, information that identifies the source of + the implementation." + REFERENCE "IEEE Std 802.1F-1993, A.7" + ::= { dot11resAttribute 2 } + +dot11ResourceInfoEntry OBJECT-TYPE + SYNTAX Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11ResourceInfo Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11ResourceInfoTable 1 } + +Dot11ResourceInfoEntry ::= + SEQUENCE { dot11manufacturerOUI OCTET STRING, + dot11manufacturerName DisplayString, + dot11manufacturerProductName DisplayString, + dot11manufacturerProductVersion DisplayString } + +dot11manufacturerOUI OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Takes the value of an organizationally unique identifier." + ::= { dot11ResourceInfoEntry 1 } + +dot11manufacturerName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer of the + resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 2 } + +dot11manufacturerProductName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer's product + name of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 3 } + +dot11manufacturerProductVersion OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Printable string used to identify the manufacturer's product + version of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 4 } + +-- ********************************************************************** +-- * End of dot11ResourceInfo TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * PHY Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyOperation TABLE +-- ********************************************************************** + +dot11PhyOperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "PHY level attributes concerned with + operation. Implemented as a table indexed on + + ifIndex to allow for multiple instantiations on an + Agent." + ::= { dot11phy 1 } + +dot11PhyOperationEntry OBJECT-TYPE + SYNTAX Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOperation Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOperationTable 1 } + +Dot11PhyOperationEntry ::= + SEQUENCE { dot11PHYType INTEGER, + dot11CurrentRegDomain Integer32, + dot11TempType INTEGER } + +dot11PHYType OBJECT-TYPE + SYNTAX INTEGER { fhss(1), dsss(2), irbaseband(3), ofdm(4), + hrdsss(5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an 8-bit integer value that identifies the PHY type + supported by the attached PLCP and PMD. Currently defined + values and their corresponding PHY types are: + + FHSS 2.4 GHz = 01 , DSSS 2.4 GHz = 02, IR Baseband = 03, + OFDM 5GHz = 04, HRDSSS = 05" + ::= { dot11PhyOperationEntry 1 } + +dot11CurrentRegDomain OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current regulatory domain this instance of the PMD is + supporting. This object corresponds to one of the + RegDomains listed in dot11RegDomainsSupported." + ::= { dot11PhyOperationEntry 2 } + +dot11TempType OBJECT-TYPE + SYNTAX INTEGER { tempType1(1), tempType2(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operating temperature requirements + dependent on the anticipated environmental conditions. This + attribute describes the current PHY's operating temperature + range capability. Currently defined values and their + corresponding temperature ranges are: + + Type 1 = X'01'-Commercial range of 0 to 40 degrees C, + + Type 2 = X'02'-Industrial range of -30 to 70 degrees C." + ::= { dot11PhyOperationEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOperation TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyAntenna TABLE +-- ********************************************************************** + +dot11PhyAntennaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for PhyAntenna. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an agent." + ::= { dot11phy 2} + +dot11PhyAntennaEntry OBJECT-TYPE + SYNTAX Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyAntenna Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyAntennaTable 1 } + +Dot11PhyAntennaEntry ::= + SEQUENCE { dot11CurrentTxAntenna Integer32, + dot11DiversitySupport INTEGER, + dot11CurrentRxAntenna Integer32 } + +dot11CurrentTxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to transmit. This value + is one of the values appearing in dot11SupportedTxAntenna. This + may be used by a management agent to control which antenna is + used for transmission. " + ::= { dot11PhyAntennaEntry 1 } + +dot11DiversitySupport OBJECT-TYPE + SYNTAX INTEGER { fixedlist(1), notsupported(2), dynamic(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This implementation's support for diversity, encoded as: + + X'01'-diversity is available and is performed over the fixed + list of antennas defined in dot11DiversitySelectionRx. + + X'02'-diversity is not supported. + + X'03'-diversity is supported and control of diversity is also + available, in which case the attribute + dot11DiversitySelectionRx can be dynamically modified by the + LME." + ::= { dot11PhyAntennaEntry 2 } + +dot11CurrentRxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to receive, if the dot11 + DiversitySupport indicates that diversity is not supported. + The selected antenna shall be one of the antennae marked + for receive in the dot11AntennasListTable." + ::= { dot11PhyAntennaEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyAntenna TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyTxPower TABLE +-- ********************************************************************** + +dot11PhyTxPowerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyTxPowerTable. Implemented + as a table indexed on STA ID to allow for multiple + instances on an Agent." + ::= { dot11phy 3} + +dot11PhyTxPowerEntry OBJECT-TYPE + SYNTAX Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyTxPower Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyTxPowerTable 1 } + +Dot11PhyTxPowerEntry ::= + SEQUENCE { dot11NumberSupportedPowerLevels INTEGER, + dot11TxPowerLevel1 INTEGER, + dot11TxPowerLevel2 INTEGER, + dot11TxPowerLevel3 INTEGER, + dot11TxPowerLevel4 INTEGER, + dot11TxPowerLevel5 INTEGER, + dot11TxPowerLevel6 INTEGER, + dot11TxPowerLevel7 INTEGER, + dot11TxPowerLevel8 INTEGER, + dot11CurrentTxPowerLevel INTEGER } + +dot11NumberSupportedPowerLevels OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of power levels supported by the PMD. + This attribute can have a value of 1 to 8." + ::= { dot11PhyTxPowerEntry 1 } + +dot11TxPowerLevel1 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL1 in mW. + This is also the default power level." + ::= { dot11PhyTxPowerEntry 2 } + +dot11TxPowerLevel2 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL2 in mW." + ::= { dot11PhyTxPowerEntry 3 } + +dot11TxPowerLevel3 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL3 in mW." + ::= { dot11PhyTxPowerEntry 4 } + +dot11TxPowerLevel4 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL4 in mW." + ::= { dot11PhyTxPowerEntry 5 } + +dot11TxPowerLevel5 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL5 in mW." + ::= { dot11PhyTxPowerEntry 6 } + +dot11TxPowerLevel6 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL6 in mW." + ::= { dot11PhyTxPowerEntry 7 } + +dot11TxPowerLevel7 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL7 in mW." + ::= { dot11PhyTxPowerEntry 8 } + +dot11TxPowerLevel8 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL8 in mW." + ::= { dot11PhyTxPowerEntry 9 } + +dot11CurrentTxPowerLevel OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The TxPowerLevel N currently being used to transmit data. + Some PHYs also use this value to determine the receiver + sensitivity requirements for CCA." + ::= { dot11PhyTxPowerEntry 10 } + +-- ********************************************************************** +-- * End of dot11PhyTxPower TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyFHSS TABLE +-- ********************************************************************** + +dot11PhyFHSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyFHSSTable. Implemented as a + table indexed on STA ID to allow for multiple instances on + an Agent." + ::= { dot11phy 4 } + +dot11PhyFHSSEntry OBJECT-TYPE + SYNTAX Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyFHSS Table. + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyFHSSTable 1 } + +Dot11PhyFHSSEntry ::= + SEQUENCE { dot11HopTime INTEGER, + dot11CurrentChannelNumber INTEGER, + dot11MaxDwellTime INTEGER, + dot11CurrentDwellTime INTEGER, + dot11CurrentSet INTEGER, + dot11CurrentPattern INTEGER, + dot11CurrentIndex INTEGER, + dot11EHCCPrimeRadix Integer32, + dot11EHCCNumberofChannelsFamilyIndex Integer32, + dot11EHCCCapabilityImplemented TruthValue, + dot11EHCCCapabilityEnabled TruthValue, + dot11HopAlgorithmAdopted INTEGER, + dot11RandomTableFlag TruthValue, + dot11NumberofHoppingSets Integer32, + dot11HopModulus Integer32, + dot11HopOffset Integer32 } + +dot11HopTime OBJECT-TYPE + SYNTAX INTEGER (224) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time in microseconds for the PMD to change from + channel 2 to channel 80." + ::= { dot11PhyFHSSEntry 1 } + +dot11CurrentChannelNumber OBJECT-TYPE + SYNTAX INTEGER (0..200) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current channel number of the frequency output by the RF + synthesizer." + ::= { dot11PhyFHSSEntry 2 } + +dot11MaxDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum time in TU that the transmitter + is permitted to operate on a single channel." + ::= { dot11PhyFHSSEntry 3 } + +dot11CurrentDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current time in TU that the transmitter shall operate + on a single channel, as set by the MAC. Default is 19 TU." + ::= { dot11PhyFHSSEntry 4 } + +dot11CurrentSet OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current set of patterns the PLME + is using to determine the hopping sequence. " + ::= { dot11PhyFHSSEntry 5 } + +dot11CurrentPattern OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current pattern the PLME is + using to determine the hop sequence." + ::= { dot11PhyFHSSEntry 6 } + +dot11CurrentIndex OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current index value the PLME is using to determine + the CurrentChannelNumber." + ::= { dot11PhyFHSSEntry 7 } + +dot11EHCCPrimeRadix OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the prime radix (N) in the HCC and + EHCC algorithms." + ::= { dot11PhyFHSSEntry 8 } + +dot11EHCCNumberofChannelsFamilyIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the maximum for the family index (a) + in the HCC and EHCC algorithms. The value of + this field shall not be less than the prime + radix minus 3 (N - 3). The valid range of + allowed values is (N - 1), (N - 2), and (N - 3)." + ::= { dot11PhyFHSSEntry 9 } + +dot11EHCCCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of generating + the HCC or EHCC algorithms for determining Hopping + patterns. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 10 } + +dot11EHCCCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate using the HCC + or EHCC algorithms for determining Hopping Patterns + is enabled. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 11 } + +dot11HopAlgorithmAdopted OBJECT-TYPE + SYNTAX INTEGER { crnt(1), hopindex(2), hcc(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates which of the algorithms + will be used to generate the Hopping Patterns. + Valid values are: + + 1 - hopping patterns as defined in clause 14 + 2 - hop index method (with or without table) + 3 - HCC/EHCC method" + ::= { dot11PhyFHSSEntry 12 } + +dot11RandomTableFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates that a Random Table is + present when the value is True. When the value is + False it indicates that a Random Table is not + present and that the hop index method is to be + used to determine the hopping sequence. The default + value of this attribute is True." + ::= { dot11PhyFHSSEntry 13 } + +dot11NumberofHoppingSets OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Number of Sets field indicates the total + number of sets within the hopping patterns." + ::= { dot11PhyFHSSEntry 14 } + +dot11HopModulus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of allowed channels for the hopping + set. This is defined by the governing regulatory + agency for the country code of the country + in which this device is operating." + ::= { dot11PhyFHSSEntry 15 } + +dot11HopOffset OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The next position in the hopping set." + ::= { dot11PhyFHSSEntry 16 } + +-- ********************************************************************** +-- * End of dot11PhyFHSS TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyDSSSEntry. Implemented as a + table indexed on ifIndex allow for multiple instances on + an Agent." + ::= { dot11phy 5 } + +dot11PhyDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyDSSSTable 1 } + +Dot11PhyDSSSEntry ::= + SEQUENCE { dot11CurrentChannel INTEGER, + dot11CCAModeSupported INTEGER, + dot11CurrentCCAMode INTEGER, + dot11EDThreshold Integer32 } + +dot11CurrentChannel OBJECT-TYPE + SYNTAX INTEGER (1..14) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current operating frequency channel of the DSSS + PHY. Valid channel numbers are as defined in 15.4.6.2" + ::= { dot11PhyDSSSEntry 1 } + +dot11CCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11CCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04 + or the logical sum of any of these values. This + attribute shall not be used to indicate the CCA modes + supported by a higher rate extension PHY. Rather, the + dot11HRCCAModeSupported attribute shall be used to + indicate the CCA modes of the higher rate extension PHY." + ::= { dot11PhyDSSSEntry 2 } + +dot11CurrentCCAMode OBJECT-TYPE + SYNTAX INTEGER { edonly(1), csonly(2), edandcs(4), cswithtimer(8), + hrcsanded(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current CCA method in operation. Valid values are: + energy detect only (edonly) = 01, + carrier sense only (csonly) = 02, + carrier sense and energy detect (edandcs)= 04 + carrier sense with timer (cswithtimer)= 08 + high rate carrier sense and energy detect (hrcsanded)=16." + ::= { dot11PhyDSSSEntry 3 } + +dot11EDThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current Energy Detect Threshold being used by the DSSS PHY." + ::= { dot11PhyDSSSEntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyIR TABLE +-- ********************************************************************** + +dot11PhyIRTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyIRTable. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an Agent." + ::= { dot11phy 6 } + +dot11PhyIREntry OBJECT-TYPE + SYNTAX Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyIR Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyIRTable 1 } + +Dot11PhyIREntry ::= + SEQUENCE { dot11CCAWatchdogTimerMax Integer32, + dot11CCAWatchdogCountMax Integer32, + dot11CCAWatchdogTimerMin Integer32, + dot11CCAWatchdogCountMin Integer32 } + +dot11CCAWatchdogTimerMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogCountMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 1 } + +dot11CCAWatchdogCountMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogTimerMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 2 } + +dot11CCAWatchdogTimerMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogTimerMax can be + set." + ::= { dot11PhyIREntry 3 } + +dot11CCAWatchdogCountMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogCount can be set." + ::= { dot11PhyIREntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyIR TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11RegDomainsSupported TABLE +-- ********************************************************************** + +dot11RegDomainsSupportedTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40', Others = X'00' " + ::= { dot11phy 7} + +dot11RegDomainsSupportedEntry OBJECT-TYPE + SYNTAX Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11RegDomainsSupportedTable. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11RegDomainsSupportedIndex } + ::= { dot11RegDomainsSupportedTable 1 } + +Dot11RegDomainsSupportedEntry ::= + SEQUENCE { dot11RegDomainsSupportedIndex Integer32, + dot11RegDomainsSupportedValue INTEGER } + +dot11RegDomainsSupportedIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the RegDomainsSupport Table." + ::= { dot11RegDomainsSupportedEntry 1 } + +dot11RegDomainsSupportedValue OBJECT-TYPE + SYNTAX INTEGER { fcc(16), doc(32), etsi(48), spain (49), france(50), + mkk (64) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40' " + ::= { dot11RegDomainsSupportedEntry 2 } + +-- ********************************************************************** +-- * End of dot11RegDomainsSupported TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11AntennasList TABLE +-- ********************************************************************** + +dot11AntennasListTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table represents the list of antennae. An antenna can be + marked to be capable of transmitting, receiving, and/or for + participation in receive diversity. Each entry in this table + represents a single antenna with its properties. The maximum + number of antennae that can be contained in this table is 255." + ::= { dot11phy 8 } + +dot11AntennasListEntry OBJECT-TYPE + SYNTAX Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11AntennasListTable, representing the properties + of a single antenna. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AntennaListIndex } + ::= { dot11AntennasListTable 1 } + +Dot11AntennasListEntry ::= + SEQUENCE { dot11AntennaListIndex Integer32, + dot11SupportedTxAntenna TruthValue, + dot11SupportedRxAntenna TruthValue, + dot11DiversitySelectionRx TruthValue } + +dot11AntennaListIndex OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index of an antenna which is used to identify the columnar + objects in the dot11AntennasList Table." + ::= { dot11AntennasListEntry 1 } + +dot11SupportedTxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used as a transmit antenna." + ::= { dot11AntennasListEntry 2 } + +dot11SupportedRxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by the + dot11AntennaIndex xan be used as a receive antenna." + ::= { dot11AntennasListEntry 3 } + +dot11DiversitySelectionRx OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used for receive diversity. This object + may only be true if the antenna can be used as a receive antenna, + as indicated by dot11SupportedRxAntenna." + ::= { dot11AntennasListEntry 4 } + +-- ********************************************************************** +-- * End of dot11AntennasList TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesTx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesTxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11phy 9 } + +dot11SupportedDataRatesTxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesTx + Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesTxIndex } + ::= { dot11SupportedDataRatesTxTable 1 } + +Dot11SupportedDataRatesTxEntry ::= + SEQUENCE { dot11SupportedDataRatesTxIndex Integer32, + dot11SupportedDataRatesTxValue Integer32 } + +dot11SupportedDataRatesTxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesTxEntry 1 } + +dot11SupportedDataRatesTxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11SupportedDataRatesTxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesTx TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesRx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesRxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'002-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11phy 10 } + +dot11SupportedDataRatesRxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesRx Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesRxIndex } + ::= { dot11SupportedDataRatesRxTable 1 } + +Dot11SupportedDataRatesRxEntry ::= + SEQUENCE { dot11SupportedDataRatesRxIndex Integer32, + dot11SupportedDataRatesRxValue Integer32 } + +dot11SupportedDataRatesRxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesRxEntry 1 } + +dot11SupportedDataRatesRxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11SupportedDataRatesRxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesRx TABLE +-- ********************************************************************** + +--********************************************************************** +-- * dot11PhyOFDM TABLE +--********************************************************************** + +dot11PhyOFDMTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyOFDMTable. Implemented as a + table indexed on ifindex to allow for multiple instances on + an Agent." + ::= { dot11phy 11 } + +dot11PhyOFDMEntry OBJECT-TYPE + SYNTAX Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOFDM Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOFDMTable 1 } + +Dot11PhyOFDMEntry ::= + SEQUENCE { dot11CurrentFrequency INTEGER, + dot11TIThreshold Integer32, + dot11FrequencyBandsSupported INTEGER } + +dot11CurrentFrequency OBJECT-TYPE + SYNTAX INTEGER (0..99) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of the current operating frequency channel of the OFDM PHY." + ::= { dot11PhyOFDMEntry 1 } + +dot11TIThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Threshold being used to detect a busy medium (frequency). + CCA shall report a busy medium upon detecting the RSSI above + this threshold." + ::= { dot11PhyOFDMEntry 2 } + +dot11FrequencyBandsSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The capability of the OFDM PHY implementation to operate in + the three U-NII bands. Coded as an integer value of a three + bit field as follows: + bit 0 .. capable of operating in the lower (5.15-5.25 GHz) + U-NII band + bit 1 .. capable of operating in the middle (5.25-5.35 GHz) + U-NII band + bit 2 .. capable of operating in the upper (5.725-5.825 GHz) + U-NII band + For example, for an implementation capable of operating in the + lower and mid bands this attribute would take the value 3." + ::= { dot11PhyOFDMEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOFDM TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyHRDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyHRDSSSEntry. + Implemented as a table indexed on ifIndex to allow for + multiple instances on an Agent." + ::= { dot11phy 12 } + +dot11PhyHRDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyHRDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyHRDSSSTable 1 } + +Dot11PhyHRDSSSEntry ::= + SEQUENCE { dot11ShortPreambleOptionImplemented TruthValue, + dot11PBCCOptionImplemented TruthValue, + dot11ChannelAgilityPresent TruthValue, + dot11ChannelAgilityEnabled TruthValue, + dot11HRCCAModeSupported INTEGER } + +dot11ShortPreambleOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the + short preamble option as defined in subclause 18.2.2.2 + is implemented. The default value of this attribute + shall be false." + ::= {dot11PhyHRDSSSEntry 1 } + +dot11PBCCOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the PBCC + modulation option as defined in subclause 18.4.6.6 is + implemented. The default value of this attribute shall + be false." + ::= {dot11PhyHRDSSSEntry 2 } + +dot11ChannelAgilityPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY is capable of + channel agility." + ::= { dot11PhyHRDSSSEntry 3 } + +dot11ChannelAgilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY channel agility + functionality is enabled." + ::= { dot11PhyHRDSSSEntry 4 } + +dot11HRCCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11HRCCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04, + carrier sense with timer (CS_and_Timer)= 08, + high rate carrier sense and energy detect + (HRCS_and_ED)= 16 + or the logical sum of any of these values. In + the high rate extension PHY, this attribute shall + be used in preference to the dot11CCAModeSupported + attribute." + ::= { dot11PhyHRDSSSEntry 5 } + +-- ********************************************************************** +-- * End of dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11 Hopping Pattern TABLE +-- ******************************************************************** + +dot11HoppingPatternTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of attributes necessary for + a frequency hopping implementation to be able to + create the hopping sequences necessary to operate + in the subband for the associated domain country string." + ::= { dot11phy 13 } + +dot11HoppingPatternEntry OBJECT-TYPE + SYNTAX Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Hopping Pattern Table + that indicates the random hopping sequence to be followed. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are indexed + by ifIndex." + INDEX { ifIndex, + dot11HoppingPatternIndex } + ::= { dot11HoppingPatternTable 1 } + +Dot11HoppingPatternEntry ::= + SEQUENCE { + dot11HoppingPatternIndex Integer32, + dot11RandomTableFieldNumber Integer32 } + +dot11HoppingPatternIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Hopping Pattern Table." + ::= { dot11HoppingPatternEntry 1} + +dot11RandomTableFieldNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the + starting channel number in the hopping sequence of + the subband for the associated domain country string. + The default value of this attribute shall be zero." + ::= { dot11HoppingPatternEntry 2} + +-- ********************************************************************** +-- * End of dot11 Hopping Pattern TABLE +--********************************************************************** + +-- ********************************************************************** +-- * Conformance Information +-- ********************************************************************** + +dot11Conformance OBJECT IDENTIFIER ::= { ieee802dot11 5 } +dot11Groups OBJECT IDENTIFIER ::= { dot11Conformance 1 } +dot11Compliances OBJECT IDENTIFIER ::= { dot11Conformance 2 } + +-- ********************************************************************** +-- * Compliance Statements +-- ********************************************************************** + +dot11Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities + that implement the IEEE 802.11 MIB." + MODULE -- this module + MANDATORY-GROUPS { + dot11SMTbase2, + dot11MACbase, dot11CountersGroup, + dot11SmtAuthenticationAlgorithms, + dot11ResourceTypeID, dot11PhyOperationComplianceGroup } + + GROUP dot11PhyDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of dsss. This group is + mutually exclusive with the groups dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyIRComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of irbaseband. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyFHSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of fhss. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyOFDMComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of ofdm. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyFHSSComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyHRDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of hrdsss. This group is + mutually exclusive with the groups + dot11PhyDSSSComplianceGroup, dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup and dot11PhyOFDMComplianceGroup." + + -- OPTIONAL-GROUPS { dot11SMTprivacy, dot11MACStatistics, + -- dot11PhyAntennaComplianceGroup, dot11PhyTxPowerComplianceGroup, + -- dot11PhyRegDomainsSupportGroup, + -- dot11PhyAntennasListGroup, dot11PhyRateGroup } + + ::= { dot11Compliances 1 } + +-- ********************************************************************** +-- * Groups - units of conformance +-- ********************************************************************** + +dot11SMTbase OBJECT-GROUP + OBJECTS { dot11StationID, dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut } + STATUS deprecated + DESCRIPTION + "The SMT object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 1 } + +dot11SMTprivacy OBJECT-GROUP + OBJECTS { dot11PrivacyInvoked, + dot11WEPKeyMappingLength, dot11ExcludeUnencrypted, + dot11WEPICVErrorCount , dot11WEPExcludedCount , + dot11WEPDefaultKeyID, + dot11WEPDefaultKeyValue, + dot11WEPKeyMappingWEPOn, + dot11WEPKeyMappingValue , dot11WEPKeyMappingAddress, + dot11WEPKeyMappingStatus } + STATUS current + DESCRIPTION + "The SMTPrivacy package is a set of attributes that shall be + present if WEP is implemented in the STA." + ::= { dot11Groups 2 } + +dot11MACbase OBJECT-GROUP + OBJECTS { dot11MACAddress, dot11Address, + dot11GroupAddressesStatus, + dot11RTSThreshold, dot11ShortRetryLimit, + dot11LongRetryLimit, dot11FragmentationThreshold, + dot11MaxTransmitMSDULifetime, + dot11MaxReceiveLifetime, dot11ManufacturerID, + dot11ProductID } + STATUS current + DESCRIPTION + "The MAC object class provides the necessary support for the + access control, generation, and verification of frame check + sequences (FCSs), and proper delivery of valid data to upper + layers." + ::= { dot11Groups 3 } + +dot11MACStatistics OBJECT-GROUP + OBJECTS { dot11RetryCount, dot11MultipleRetryCount, + dot11RTSSuccessCount, dot11RTSFailureCount, + dot11ACKFailureCount, dot11FrameDuplicateCount } + STATUS current + DESCRIPTION + "The MACStatistics package provides extended statistical + information on the operation of the MAC. This + package is completely optional." + ::= { dot11Groups 4 } + +dot11ResourceTypeID OBJECT-GROUP + OBJECTS { dot11ResourceTypeIDName, dot11manufacturerOUI, + dot11manufacturerName, dot11manufacturerProductName, + dot11manufacturerProductVersion } + STATUS current + DESCRIPTION + "Attributes used to identify a STA, its manufacturer, + and various product names and versions." + ::= { dot11Groups 5 } + +dot11SmtAuthenticationAlgorithms OBJECT-GROUP + OBJECTS { dot11AuthenticationAlgorithm, + dot11AuthenticationAlgorithmsEnable } + STATUS current + DESCRIPTION + "Authentication Algorithm Table." + ::= { dot11Groups 6 } + +dot11PhyOperationComplianceGroup OBJECT-GROUP + OBJECTS { dot11PHYType, dot11CurrentRegDomain, dot11TempType } + STATUS current + DESCRIPTION + "PHY layer operations attributes." + ::= { dot11Groups 7 } + +dot11PhyAntennaComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentTxAntenna, dot11DiversitySupport, + dot11CurrentRxAntenna } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 8 } + +dot11PhyTxPowerComplianceGroup OBJECT-GROUP + OBJECTS { dot11NumberSupportedPowerLevels, dot11TxPowerLevel1, + dot11TxPowerLevel2, dot11TxPowerLevel3, dot11TxPowerLevel4, + dot11TxPowerLevel5, dot11TxPowerLevel6, dot11TxPowerLevel7, + dot11TxPowerLevel8, dot11CurrentTxPowerLevel } + STATUS current + DESCRIPTION + "Attributes for Control and Management of transmit power." + ::= { dot11Groups 9 } + +dot11PhyFHSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex} + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11." + ::= { dot11Groups 10 } + +dot11PhyDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold} + STATUS current + DESCRIPTION + "Attributes that configure the DSSS for IEEE 802.11." + ::= { dot11Groups 11 } + +dot11PhyIRComplianceGroup OBJECT-GROUP + OBJECTS { dot11CCAWatchdogTimerMax, dot11CCAWatchdogCountMax, + dot11CCAWatchdogTimerMin, dot11CCAWatchdogCountMin} + STATUS current + DESCRIPTION + "Attributes that configure the baseband IR for IEEE 802.11." + ::= { dot11Groups 12 } + +dot11PhyRegDomainsSupportGroup OBJECT-GROUP + OBJECTS { dot11RegDomainsSupportedValue} + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 13} + +dot11PhyAntennasListGroup OBJECT-GROUP + OBJECTS { dot11SupportedTxAntenna, + dot11SupportedRxAntenna, dot11DiversitySelectionRx } + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 14 } + +dot11PhyRateGroup OBJECT-GROUP + OBJECTS { dot11SupportedDataRatesTxValue, + dot11SupportedDataRatesRxValue } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 15 } + +dot11CountersGroup OBJECT-GROUP + OBJECTS { dot11TransmittedFragmentCount, + dot11MulticastTransmittedFrameCount, + dot11FailedCount, dot11ReceivedFragmentCount, + dot11MulticastReceivedFrameCount, + dot11FCSErrorCount, + dot11WEPUndecryptableCount, + dot11TransmittedFrameCount } + STATUS current + DESCRIPTION + "Attributes from the dot11CountersGroup that are not described + in the dot11MACStatistics group. These objects are + mandatory." + ::= { dot11Groups 16 } + +dot11NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { dot11Disassociate, + dot11Deauthenticate, + dot11AuthenticateFail } + STATUS current + DESCRIPTION + "IEEE 802.11 notifications" + ::= { dot11Groups 17 } + +dot11SMTbase2 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The SMTbase2 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 18 } + +dot11PhyOFDMComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentFrequency, + dot11TIThreshold, + dot11FrequencyBandsSupported } + STATUS current + DESCRIPTION + "Attributes that configure the OFDM for IEEE 802.11." + ::= { dot11Groups 19 } + +dot11SMTbase3 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation, + dot11MultiDomainCapabilityImplemented, + dot11MultiDomainCapabilityEnabled, + dot11CountryString } + STATUS current + DESCRIPTION + "The SMTbase3 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network, when the STA + is capable of multi-domain operation. This object group should be + implemented when the multi-domain capability option is implemented." + ::= { dot11Groups 20 } + +dot11MultiDomainCapabilityGroup OBJECT-GROUP + OBJECTS { dot11FirstChannelNumber, + dot11NumberofChannels, + dot11MaximumTransmitPowerLevel } + STATUS current + DESCRIPTION + "The dot11MultiDomainCapabilityGroup object class provides + the objects necessary to manage the channels usable by a STA, + when the multi-domain capability option is implemented." + ::= { dot11Groups 21 } + +dot11PhyFHSSComplianceGroup2 OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex, dot11EHCCPrimeRadix, + dot11EHCCNumberofChannelsFamilyIndex, + dot11EHCCCapabilityImplemented, dot11EHCCCapabilityEnabled, + dot11HopAlgorithmAdopted, dot11RandomTableFlag, + dot11NumberofHoppingSets, dot11HopModulus, + dot11HopOffset, dot11RandomTableFieldNumber } + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11 when multi-domain capability option is implemented." + ::= { dot11Groups 22 } + +dot11PhyHRDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold, + dot11ShortPreambleOptionImplemented, + dot11PBCCOptionImplemented, dot11ChannelAgilityPresent, + dot11ChannelAgilityEnabled, dot11HRCCAModeSupported } + STATUS current + DESCRIPTION + "Attributes that configure the HRDSSS for IEEE 802.11." + ::= { dot11Groups 23 } + +-- ********************************************************************** +-- * End of 802.11 MIB +-- ********************************************************************** + +END + Index: /branches/ileiden/nanobsd/files/usr/local/share/snmp/snmpd.conf =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) @@ -0,0 +1,85 @@ +# snmpd.conf + +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec local localhost public +com2sec mynetwork 172.16.0.0/12 public +com2sec mynetwork 10.0.0.0/8 public +com2sec mynetwork 192.168.0.0/16 public + + + +# Second, map the security names into group names: + +# sec.model sec.name +group MyRWGroup v1 local +group MyRWGroup v2c local +group MyRWGroup usm local +group MyROGroup v1 mynetwork +group MyROGroup v2c mynetwork +group MyROGroup usm mynetwork + + +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 + + +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + + +# System contact information + +sysLocation Somewhere in or near Leiden +sysContact Stichting Wireless Leiden / +31 71 5139817 + + +# Process checks. + +# name max min +proc lvrouted.opt 1 1 +proc sshd 8 1 +proc syslogd 1 1 +proc ntpd 1 1 +proc snmpd 1 1 +proc dhcpd 1 1 +proc pen 1 1 +proc cron 2 1 +proc named 1 1 + + +# disk checks + +# path min +#disk / 90% +#disk /var 80% +#disk /usr 80% +#disk /tmp 60% +includeAllDisks 85% + + +# load average checks + +# 1max 5max 15max +load 12 14 14 + + +# Pass through control + +# miboid exec-command + +extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh +extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh + +extend .1.3.6.1.4.1.2021.70 dhcp-users /usr/local/bin/dhcp-users +extend .1.3.6.1.4.1.2021.71 portal-users /usr/local/bin/portal-users + Index: /branches/ileiden/nanobsd/files/usr/local/www/index.html =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/www/index.html (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/www/index.html (revision 10119) @@ -0,0 +1,8 @@ + + + + + + Wireless Leiden + + Index: /branches/ileiden/nanobsd/files/usr/local/www/wlportal/index.cgi =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) @@ -0,0 +1,413 @@ +#!/usr/bin/env python +# +# Wrap me around tcpserver or inetd, example usage for tcpserver (debug): +# tcpserver -HRl localhost 172.31.255.1 /root/wlportal.py +# +# Or put me in a CGI script in for example thttpd server: +# +# = Usage = +# This is a wrapper script which does very basic HTML parsing and altering of +# ipfw tables rules to build a basic Captive Portal, with basic sanity +# checking. The ACL is IP based (this is a poor mans solution, layer2 +# ACL would be much better), so don't take security very seriously. +# +# To get traffic by default to the portal iI requires a few special rules in +# ipfw to work properly (ajust IP details if needed): +# - Rule 10010-10099 needs to be free. +# - add 10100 fwd 172.20.145.1,8081 tcp from any to not 172.16.0.0/12 dst-port 80 in via wlan0 +# +# Enties older than 5 minutes not being used will be removed if the (hidden) +# argument action=cleanup is given as GET variable. So having this in cron (would fix it): +# */5 * * * * /usr/bin/fetch -q http://172.31.255.1/wlportal?action=cleanup +# +# XXX: The whitelist entries first needs to contact the wlportal.py to get +# added to the whitelist, this may cause issues during initial setup and hence +# it might be advised to create a block of static whitelist IP addresses which +# get added during boot and will never disappear. +# +# The program has uses a file based persistent cache to save authenticated +# ACLs, this will NOT get synced after a reboot. +# +# State : ALPHA +# Version : $Id$ +# Author : Rick van der Zwet +# Licence : BSDLike http://wirelessleiden.nl/LICENSE + +import logging +import os +import pickle +import re +import signal +import subprocess +import sys +import time +import traceback +import urlparse +import yaml + +# XXX: Make me dynamic for example put me in the conf file +conf = { + 'autologin' : False, + 'cmd_arp' : '/usr/sbin/arp', + 'cmd_fw' : '/sbin/ipfw', + 'portal_sponsor': 'Sponsor van Stichting Wireless Leiden', + 'portal_url' : 'http://www.wirelessleiden.nl', + 'portalroot' : '172.31.255.1', + 'refresh_delay' : 5, + 'tmpl_autologin': '/usr/local/etc/wlportal/autologin.tmpl', + 'tmpl_login' : '/usr/local/etc/wlportal/login.tmpl', + 'whitelist' : [], +} + + +logging.basicConfig(stream=open('/var/log/wlportal.log','a'),level=logging.DEBUG) + +# No failback if config does not exist, to really make sure the user knows if +# the config file failed to parse properly or is non-existing +# XXX: 5xx error code perhaps? +try: + conf.update(yaml.load(open('/usr/local/etc/wlportal/config.yaml'))) +except Exception,e: + logging.error(traceback.format_exc()) + + +class ItemCache: + """ + Very basic ItemCache used for caching registered entries and other foo, no + way recurrent, so use with care! + """ + + def __init__(self, authentication_timeout=60): + self.cachefile='/tmp/portal.cache' + # cache[mac_address] = (ipaddr, registered_at, last_seen) + self.cache = None + self.arp_cache = None + self.now = time.time() + self.authentication_timeout = authentication_timeout + + def delete_all(self): + self.cache = {} + self.save() + + def delete(self,ipaddr): + self.load() + for mac in self.cache.keys(): + if self.cache[mac][0] == ipaddr: + del self.cache[mac] + self.save() + + + def load(self): + """ Request cached file entries """ + if self.cache == None: + try: + self.cache = pickle.load(open(self.cachefile,'r')) + except IOError: + self.cache = {} + pass + + def load_arp_cache(self): + """ Provide with listing of MAC to IP numbers """ + if self.arp_cache == None: + output = subprocess.Popen([conf['cmd_arp'],'-na'], stdout=subprocess.PIPE).communicate()[0] + self.arp_cache = {} + for line in output.strip().split('\n'): + # ? (172.20.145.30) at 00:21:e9:e2:7c:c6 on wlan0 expires in 605 seconds [ethernet] + if not 'expires' in line: + continue + t = re.split('[ ()]',line) + ip, mac = t[2],t[5] + self.arp_cache[ip] = mac + + def get_mac(self,ipaddr): + self.load_arp_cache() + try: + return self.arp_cache[ipaddr] + except KeyError: + return None + + def add(self,ipaddr): + """ Add entry to cache (on file) and return entry""" + self.load() + self.load_arp_cache() + self.cache[self.arp_cache[ipaddr]] = (ipaddr, self.now, self.now) + logging.debug("Adding Entry to Cache %s -> %s" % (ipaddr, self.arp_cache[ipaddr])) + self.save() + + def save(self): + """ Sync entries to disk """ + # XXX: Should actually check if entry has changed at all + pickle.dump(self.cache, open(self.cachefile,'w')) + + def update(): + """ Update entries with relevant ARP cache """ + self.load() + self.load_arp_cache() + # Update last_seen time for currently active entries + for ip,mac in self.arp_cache.iteritems(): + if self.cache.has_key(mac): + self.cache[mac][3] = now + + # cleanup no longer used entries, after authentication_timeout seconds. + for mac in self.cache: + if self.cache[mac][3] < self.now - self.authentication_timeout: + del self.cache[mac] + + # Sync results to disk + self.save() + return self.cache + + def get_cache(self): + self.load() + return self.cache + + def get_arp_cache(self): + self.load_arp_cache() + return self.arp_cache + + +class FirewallControl: + def __init__(self): + self.first_rule = 10010 + self.last_rule = 10099 + self.available_rule = self.first_rule + self.logger = '' + + + def load(self): + # Get all registered ips + sp = subprocess.Popen([conf['cmd_fw'],'show','%i-%i' % (self.first_rule, self.last_rule)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + output = sp.communicate()[0] + self.ip_in_firewall = {} + if sp.returncode == 0: + # 10010 32 1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12 dst-port 80 + for line in output.strip().split('\n'): + t = line.split() + rule, ip = t[0], t[6] + self.ip_in_firewall[ip] = rule + + if self.available_rule == int(rule): + self.available_rule += 1 + else: + # XXX: Some nagging about no rules beeing found perhaps? + pass + + def cleanup(self): + """ Cleanup Old Entries, mostly used for maintenance runs """ + self.load() + # Make sure cache matches the latest ARP version + itemdb = ItemCache() + cache = itemdb.get_cache() + valid_ip = itemdb.get_arp_cache() + + # Check if all ipfw allowed entries still have the same registered MAC address + # else assume different user and delete. + for ip,rule in self.ip_in_firewall.iteritems(): + delete_entry = False + + # Make sure IP is still valid + if not valid_ip.has_key(ip): + delete_entry = True + # Also MAC needs to exists in Cache + elif not cache.has_key(valid_ip[ip]): + delete_entry = True + # IP need to match up with registered one + elif not cache[valid_ip[ip]][0] == ip: + delete_entry = True + + # Delete entry if needed + if delete_entry: + output = subprocess.Popen([conf['cmd_fw'],'delete',str(rule)], stdout=subprocess.PIPE).communicate()[0] + self.logger += "Deleting ipfw entry %s %s\n" % (rule, ip) + logging.debug('Deleting ipfw entry %s %s\n' % (rule, ip)) + + + def add(self,ipaddr): + """ Add Entry to Firewall, False if already exists """ + self.load() + if not self.ip_in_firewall.has_key(ipaddr): + rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12 dst-port 80".split() + rule[0] = str(self.available_rule) + rule[4] = str(ipaddr) + logging.debug("Addding %s" % " ".join(rule)) + output = subprocess.Popen([conf['cmd_fw'],'add'] + rule, stdout=subprocess.PIPE).communicate()[0] + itemdb = ItemCache() + itemdb.add(ipaddr) + return True + else: + return False + + + def delete(self, ipaddr): + itemdb = ItemCache() + itemdb.delete(ipaddr) + self.cleanup() + + def delete_all(self): + itemdb = ItemCache() + itemdb.delete_all() + self.cleanup() + + def get_log(self): + return self.logger + + + +# Query String Dictionaries +qs_post = None +qs = None +header = [] + +# Hybrid Setup. +# a) We are not wrapped around in a HTTP server, so this _is_ the +# HTTP server, so act like one. +if not os.environ.has_key('REQUEST_METHOD'): + class TimeoutException(Exception): + """ Helper for alarm signal handling""" + pass + + def handler(signum, frame): + """ Helper for alarm signal handling""" + raise TimeoutException + + + # Parse the HTTP/1.1 Content-Header (partially) + signal.signal(signal.SIGALRM,handler) + us = None + method = None + hostname = None + content_length = None + remote_host = None + while True: + try: + signal.alarm(1) + line = sys.stdin.readline().strip() + if not line: + break + header.append(line) + signal.alarm(0) + if line.startswith('GET '): + us = urlparse.urlsplit(line.split()[1]) + method = 'GET' + elif line.startswith('POST '): + method = 'POST' + us = urlparse.urlsplit(line.split()[1]) + elif line.startswith('Host: '): + hostname = line.split()[1] + elif line.startswith('Content-Length: '): + content_length = int(line.split()[1]) + except TimeoutException: + break + + # Capture Portal, make sure to redirect all to portal + if hostname != conf['portalroot']: + print "HTTP/1.1 302 Moved Temponary\r\n", + print "Location: http://%(portalroot)s/\r\n" % conf, + sys.exit(0) + + + # Handle potential POST + if method == 'POST' and content_length: + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + # Parse Query String + if us and us.path == "/wlportal" and us.query: + qs = urlparse.parse_qs(us.query) + + remote_host = os.environ['REMOTEHOST'] +else: + # b) CGI Script: Parse the CGI Variables if present + if os.environ['REQUEST_METHOD'] == "POST": + content_length = int(os.environ['CONTENT_LENGTH']) + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + if os.environ.has_key('QUERY_STRING'): + qs = urlparse.parse_qs(os.environ['QUERY_STRING']) + + remote_host = os.environ['REMOTE_ADDR'] + + +# Helpers for HTML 'templates' +content = conf.copy() +content.update(extra_header='',tech_footer='',status_msg='') + +# IP or MAC on the whitelist does not need to authenticate, used for devices +# which need to connect to the internet, but has no 'buttons' to press OK. +# +# This assumes that devices will re-connect if they are not able to connect +# to their original host, as we do not preserve the original URI. +ic = ItemCache() +if conf['autologin'] or remote_host in conf['whitelist'] or ic.get_mac(remote_host) in conf['whitelist']: + qs_post = { 'action' : 'login' } + +try: + # Put authenticate use and process response + if qs and qs.has_key('action'): + if 'deleteall' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries\n" + fw = FirewallControl() + fw.delete_all() + content['status_msg'] += fw.get_log() + elif 'update' in qs['action']: + tech_footer = "# [INFO] Update timestamp of all entries\n" + fw = FirewallControl() + fw.update() + content['status_msg'] += fw.get_log() + elif 'cleanup' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries" + fw = FirewallControl() + fw.delete_all() + elif qs_post and qs_post.has_key('action'): + if 'login' in qs_post['action']: + fw = FirewallControl() + if fw.add(remote_host): + content['extra_header'] = "Refresh: %(refresh_delay)s; url=%(portal_url)s\r" % content + content['status_msg'] = "Sucessfully Logged In! || " +\ + """ Will redirect you in %(refresh_delay)s seconds to %(portal_url)s """ % content + else: + content['status_msg'] = "ERROR! Already Logged On" + elif 'logout' in qs_post['action']: + fw = FirewallControl() + fw.delete(remote_host) + content['status_msg'] = "Succesfully logged out!" + +except Exception,e: + content['tech_footer'] += traceback.format_exc() + content['status_msg'] = e + pass + + # Present Main Screen +print """\ +HTTP/1.1 200 OK\r +Content-Type: text/html\r +%(extra_header)s +""" % content + +try: + tmpl_file = conf['tmpl_autologin'] if conf['autologin'] else conf['tmpl_login'] + page = open(tmpl_file,'r').read() +except IOError: + page = """ + +

%(status_msg)s

+ +

Wireless Leiden - Internet Portal

+
+ + +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ +""" + +print page % content Index: /branches/ileiden/nanobsd/files/usr/local/www/wlweb/index.cgi =================================================================== --- /branches/ileiden/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) +++ /branches/ileiden/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) @@ -0,0 +1,36 @@ +#!/usr/local/bin/python +# +# Wireless Leiden webinterface for (embedded) nodes +# Rick van der Zwet +# Richard van Mansom (richardvm@wirelessleiden.nl), striped the webserver + +from subprocess import * +import os + +def tailFile(file): + lines=-10 + return("Tail (%i): %s
%s
" % (lines,file,Popen(["tail", str(lines), file], stdout=PIPE).communicate()[0])); + +def catFile(file): + return("File: %s
%s
" % (file,Popen(["cat", file], stdout=PIPE).communicate()[0])); + +def allRoutes(): + return("netstat -nr
%s
" % Popen(["netstat", "-n", "-r"], stdout=PIPE).communicate()[0]); + +def processList(): + return("ps -aux
%s
" % Popen(["ps", "-a", "-u", "-x"], stdout=PIPE).communicate()[0]); + + +def main(): + return ( "Content-Type: text/html\n\n" + + "" + + "Welcome to Stichting Wireless Leiden host/node " + + Popen(["hostname"], stdout=PIPE).communicate()[0] + + "

" + tailFile('/var/log/messages') + "

" + + tailFile('/var/log/debug.log') + "

" + + catFile('/var/run/dmesg.boot') + "

" + + allRoutes() + "

" + + processList() + "

" + + "$Id$" ) + +print main() Index: /branches/ileiden/nanobsd/misc/patches/backport-axe-to-8.2-release-v2.patch =================================================================== --- /branches/ileiden/nanobsd/misc/patches/backport-axe-to-8.2-release-v2.patch (revision 10119) +++ /branches/ileiden/nanobsd/misc/patches/backport-axe-to-8.2-release-v2.patch (revision 10119) @@ -0,0 +1,637 @@ +Index: sys/dev/usb/usbdevs +=================================================================== +--- sys/dev/usb/usbdevs (revision 224736) ++++ sys/dev/usb/usbdevs (working copy) +@@ -1044,6 +1044,7 @@ + product ASIX AX88178 0x1780 AX88178 + product ASIX AX88772 0x7720 AX88772 + product ASIX AX88772A 0x772a AX88772A USB 2.0 10/100 Ethernet ++product ASIX AX88772B 0x772b AX88772B USB 2.0 10/100 Ethernet + + /* ASUS products */ + product ASUS2 USBN11 0x0b05 USB-N11 +Index: sys/dev/usb/net/if_axereg.h +=================================================================== +--- sys/dev/usb/net/if_axereg.h (revision 224736) ++++ sys/dev/usb/net/if_axereg.h (working copy) +@@ -92,6 +92,12 @@ + #define AXE_CMD_SW_PHY_STATUS 0x0021 + #define AXE_CMD_SW_PHY_SELECT 0x0122 + ++/* AX88772A and AX88772B only. */ ++#define AXE_CMD_READ_VLAN_CTRL 0x4027 ++#define AXE_CMD_WRITE_VLAN_CTRL 0x4028 ++ ++#define AXE_772B_CMD_RXCTL_WRITE_CFG 0x012A ++ + #define AXE_SW_RESET_CLEAR 0x00 + #define AXE_SW_RESET_RR 0x01 + #define AXE_SW_RESET_RT 0x02 +@@ -128,12 +134,18 @@ + #define AXE_178_RXCMD_KEEP_INVALID_CRC 0x0004 + #define AXE_RXCMD_BROADCAST 0x0008 + #define AXE_RXCMD_MULTICAST 0x0010 ++#define AXE_RXCMD_ACCEPT_RUNT 0x0040 /* AX88772B */ + #define AXE_RXCMD_ENABLE 0x0080 + #define AXE_178_RXCMD_MFB_MASK 0x0300 + #define AXE_178_RXCMD_MFB_2048 0x0000 + #define AXE_178_RXCMD_MFB_4096 0x0100 + #define AXE_178_RXCMD_MFB_8192 0x0200 + #define AXE_178_RXCMD_MFB_16384 0x0300 ++#define AXE_772B_RXCMD_HDR_TYPE_0 0x0000 ++#define AXE_772B_RXCMD_HDR_TYPE_1 0x0100 ++#define AXE_772B_RXCMD_IPHDR_ALIGN 0x0200 ++#define AXE_772B_RXCMD_ADD_CHKSUM 0x0400 ++#define AXE_RXCMD_LOOPBACK 0x1000 /* AX88772A/AX88772B */ + + #define AXE_PHY_SEL_PRI 1 + #define AXE_PHY_SEL_SEC 0 +@@ -172,6 +184,21 @@ + #define AXE_PHY_MODE_REALTEK_8251CL 0x0E + #define AXE_PHY_MODE_ATTANSIC 0x40 + ++/* AX88772A/AX88772B only. */ ++#define AXE_SW_PHY_SELECT_EXT 0x0000 ++#define AXE_SW_PHY_SELECT_EMBEDDED 0x0001 ++#define AXE_SW_PHY_SELECT_AUTO 0x0002 ++#define AXE_SW_PHY_SELECT_SS_MII 0x0004 ++#define AXE_SW_PHY_SELECT_SS_RVRS_MII 0x0008 ++#define AXE_SW_PHY_SELECT_SS_RVRS_RMII 0x000C ++#define AXE_SW_PHY_SELECT_SS_ENB 0x0010 ++ ++/* AX88772A/AX88772B VLAN control. */ ++#define AXE_VLAN_CTRL_ENB 0x00001000 ++#define AXE_VLAN_CTRL_STRIP 0x00002000 ++#define AXE_VLAN_CTRL_VID1_MASK 0x00000FFF ++#define AXE_VLAN_CTRL_VID2_MASK 0x0FFF0000 ++ + #define AXE_BULK_BUF_SIZE 16384 /* bytes */ + + #define AXE_CTL_READ 0x01 +@@ -180,6 +207,24 @@ + #define AXE_CONFIG_IDX 0 /* config number 1 */ + #define AXE_IFACE_IDX 0 + ++/* EEPROM Map. */ ++#define AXE_EEPROM_772B_NODE_ID 0x04 ++#define AXE_EEPROM_772B_PHY_PWRCFG 0x18 ++ ++struct ax88772b_mfb { ++ int byte_cnt; ++ int threshold; ++ int size; ++}; ++#define AX88772B_MFB_2K 0 ++#define AX88772B_MFB_4K 1 ++#define AX88772B_MFB_6K 2 ++#define AX88772B_MFB_8K 3 ++#define AX88772B_MFB_16K 4 ++#define AX88772B_MFB_20K 5 ++#define AX88772B_MFB_24K 6 ++#define AX88772B_MFB_32K 7 ++ + struct axe_sframe_hdr { + uint16_t len; + uint16_t ilen; +@@ -203,12 +248,23 @@ + int sc_flags; + #define AXE_FLAG_LINK 0x0001 + #define AXE_FLAG_772 0x1000 /* AX88772 */ +-#define AXE_FLAG_178 0x2000 /* AX88178 */ ++#define AXE_FLAG_772A 0x2000 /* AX88772A */ ++#define AXE_FLAG_772B 0x4000 /* AX88772B */ ++#define AXE_FLAG_178 0x8000 /* AX88178 */ + + uint8_t sc_ipgs[3]; + uint8_t sc_phyaddrs[2]; ++ uint16_t sc_pwrcfg; ++ int sc_tx_bufsz; + }; + ++#define AXE_IS_178_FAMILY(sc) \ ++ ((sc)->sc_flags & (AXE_FLAG_772 | AXE_FLAG_772A | AXE_FLAG_772B | \ ++ AXE_FLAG_178)) ++ ++#define AXE_IS_772(sc) \ ++ ((sc)->sc_flags & (AXE_FLAG_772 | AXE_FLAG_772A | AXE_FLAG_772B)) ++ + #define AXE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) + #define AXE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) + #define AXE_LOCK_ASSERT(_sc, t) mtx_assert(&(_sc)->sc_mtx, t) +Index: sys/dev/usb/net/if_axe.c +=================================================================== +--- sys/dev/usb/net/if_axe.c (revision 224736) ++++ sys/dev/usb/net/if_axe.c (working copy) +@@ -84,7 +84,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -142,11 +141,12 @@ + AXE_DEV(ASIX, AX88172, 0), + AXE_DEV(ASIX, AX88178, AXE_FLAG_178), + AXE_DEV(ASIX, AX88772, AXE_FLAG_772), +- AXE_DEV(ASIX, AX88772A, AXE_FLAG_772), ++ AXE_DEV(ASIX, AX88772A, AXE_FLAG_772A), ++ AXE_DEV(ASIX, AX88772B, AXE_FLAG_772B), + AXE_DEV(ATEN, UC210T, 0), + AXE_DEV(BELKIN, F5D5055, AXE_FLAG_178), + AXE_DEV(BILLIONTON, USB2AR, 0), +- AXE_DEV(CISCOLINKSYS, USB200MV2, AXE_FLAG_772), ++ AXE_DEV(CISCOLINKSYS, USB200MV2, AXE_FLAG_772A), + AXE_DEV(COREGA, FETHER_USB2_TX, 0), + AXE_DEV(DLINK, DUBE100, 0), + AXE_DEV(DLINK, DUBE100B1, AXE_FLAG_772), +@@ -191,6 +191,9 @@ + static int axe_cmd(struct axe_softc *, int, int, int, void *); + static void axe_ax88178_init(struct axe_softc *); + static void axe_ax88772_init(struct axe_softc *); ++static void axe_ax88772_phywake(struct axe_softc *); ++static void axe_ax88772a_init(struct axe_softc *); ++static void axe_ax88772b_init(struct axe_softc *); + static int axe_get_phyno(struct axe_softc *, int); + + static const struct usb_config axe_config[AXE_N_TRANSFER] = { +@@ -199,7 +202,8 @@ + .type = UE_BULK, + .endpoint = UE_ADDR_ANY, + .direction = UE_DIR_OUT, +- .bufsize = AXE_BULK_BUF_SIZE, ++ .frames = 16, ++ .bufsize = 16 * MCLBYTES, + .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, + .callback = axe_bulk_write_callback, + .timeout = 10000, /* 10 seconds */ +@@ -216,6 +220,17 @@ + }, + }; + ++static const struct ax88772b_mfb ax88772b_mfb_table[] = { ++ { 0x8000, 0x8001, 2048 }, ++ { 0x8100, 0x8147, 4096}, ++ { 0x8200, 0x81EB, 6144}, ++ { 0x8300, 0x83D7, 8192}, ++ { 0x8400, 0x851E, 16384}, ++ { 0x8500, 0x8666, 20480}, ++ { 0x8600, 0x87AE, 24576}, ++ { 0x8700, 0x8A3D, 32768} ++}; ++ + static device_method_t axe_methods[] = { + /* Device interface */ + DEVMETHOD(device_probe, axe_probe), +@@ -302,7 +317,7 @@ + axe_cmd(sc, AXE_CMD_MII_OPMODE_HW, 0, 0, NULL); + + val = le16toh(val); +- if ((sc->sc_flags & AXE_FLAG_772) != 0 && reg == MII_BMSR) { ++ if (AXE_IS_772(sc) && reg == MII_BMSR) { + /* + * BMSR of AX88772 indicates that it supports extended + * capability but the extended status register is +@@ -384,7 +399,7 @@ + val = 0; + if ((IFM_OPTIONS(mii->mii_media_active) & IFM_FDX) != 0) + val |= AXE_MEDIA_FULL_DUPLEX; +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) { ++ if (AXE_IS_178_FAMILY(sc)) { + val |= AXE_178_MEDIA_RX_EN | AXE_178_MEDIA_MAGIC; + if ((sc->sc_flags & AXE_FLAG_178) != 0) + val |= AXE_178_MEDIA_ENCK; +@@ -420,12 +435,12 @@ + + AXE_LOCK_ASSERT(sc, MA_OWNED); + +- if (mii->mii_instance) { +- struct mii_softc *miisc; ++ if (mii->mii_instance) { ++ struct mii_softc *miisc; + +- LIST_FOREACH(miisc, &mii->mii_phys, mii_list) +- mii_phy_reset(miisc); +- } ++ LIST_FOREACH(miisc, &mii->mii_phys, mii_list) ++ mii_phy_reset(miisc); ++ } + error = mii_mediachg(mii); + return (error); + } +@@ -516,7 +531,7 @@ + axe_ax88178_init(struct axe_softc *sc) + { + struct usb_ether *ue; +- int gpio0, phymode; ++ int gpio0, ledmode, phymode; + uint16_t eeprom, val; + + ue = &sc->sc_ue; +@@ -530,14 +545,17 @@ + if (eeprom == 0xffff) { + phymode = AXE_PHY_MODE_MARVELL; + gpio0 = 1; ++ ledmode = 0; + } else { + phymode = eeprom & 0x7f; + gpio0 = (eeprom & 0x80) ? 0 : 1; ++ ledmode = eeprom >> 8; + } + + if (bootverbose) +- device_printf(sc->sc_ue.ue_dev, "EEPROM data : 0x%04x\n", +- eeprom); ++ device_printf(sc->sc_ue.ue_dev, ++ "EEPROM data : 0x%04x, phymode : 0x%02x\n", eeprom, ++ phymode); + /* Program GPIOs depending on PHY hardware. */ + switch (phymode) { + case AXE_PHY_MODE_MARVELL: +@@ -549,11 +567,26 @@ + AXE_GPIO_WRITE(AXE_GPIO0_EN | AXE_GPIO2_EN, hz / 4); + AXE_GPIO_WRITE(AXE_GPIO0_EN | AXE_GPIO2 | AXE_GPIO2_EN, + hz / 32); +- } else ++ } else { + AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM | AXE_GPIO1 | +- AXE_GPIO1_EN, hz / 32); ++ AXE_GPIO1_EN, hz / 3); ++ if (ledmode == 1) { ++ AXE_GPIO_WRITE(AXE_GPIO1_EN, hz / 3); ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN, ++ hz / 3); ++ } else { ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN | ++ AXE_GPIO2 | AXE_GPIO2_EN, hz / 32); ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN | ++ AXE_GPIO2_EN, hz / 4); ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN | ++ AXE_GPIO2 | AXE_GPIO2_EN, hz / 32); ++ } ++ } + break; + case AXE_PHY_MODE_CICADA: ++ case AXE_PHY_MODE_CICADA_V2: ++ case AXE_PHY_MODE_CICADA_V2_ASIX: + if (gpio0 == 1) + AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM | AXE_GPIO0 | + AXE_GPIO0_EN, hz / 32); +@@ -610,7 +643,6 @@ + + axe_cmd(sc, AXE_CMD_RXCTL_WRITE, 0, 0, NULL); + } +-#undef AXE_GPIO_WRITE + + static void + axe_ax88772_init(struct axe_softc *sc) +@@ -654,6 +686,91 @@ + } + + static void ++axe_ax88772_phywake(struct axe_softc *sc) ++{ ++ struct usb_ether *ue; ++ ++ ue = &sc->sc_ue; ++ if (sc->sc_phyno == AXE_772_PHY_NO_EPHY) { ++ /* Manually select internal(embedded) PHY - MAC mode. */ ++ axe_cmd(sc, AXE_CMD_SW_PHY_SELECT, 0, AXE_SW_PHY_SELECT_SS_ENB | ++ AXE_SW_PHY_SELECT_EMBEDDED | AXE_SW_PHY_SELECT_SS_MII, ++ NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++ } else { ++ /* ++ * Manually select external PHY - MAC mode. ++ * Reverse MII/RMII is for AX88772A PHY mode. ++ */ ++ axe_cmd(sc, AXE_CMD_SW_PHY_SELECT, 0, AXE_SW_PHY_SELECT_SS_ENB | ++ AXE_SW_PHY_SELECT_EXT | AXE_SW_PHY_SELECT_SS_MII, NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++ } ++ /* Take PHY out of power down. */ ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_IPPD | ++ AXE_SW_RESET_IPRL, NULL); ++ uether_pause(&sc->sc_ue, hz / 4); ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_IPRL, NULL); ++ uether_pause(&sc->sc_ue, hz); ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_CLEAR, NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_IPRL, NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++} ++ ++static void ++axe_ax88772a_init(struct axe_softc *sc) ++{ ++ struct usb_ether *ue; ++ ++ ue = &sc->sc_ue; ++ /* Reload EEPROM. */ ++ AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM, hz / 32); ++ axe_ax88772_phywake(sc); ++ /* Stop MAC. */ ++ axe_cmd(sc, AXE_CMD_RXCTL_WRITE, 0, 0, NULL); ++} ++ ++static void ++axe_ax88772b_init(struct axe_softc *sc) ++{ ++ struct usb_ether *ue; ++ uint16_t eeprom; ++ uint8_t *eaddr; ++ int i; ++ ++ ue = &sc->sc_ue; ++ /* Reload EEPROM. */ ++ AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM, hz / 32); ++ /* ++ * Save PHY power saving configuration(high byte) and ++ * clear EEPROM checksum value(low byte). ++ */ ++ axe_cmd(sc, AXE_CMD_SROM_READ, 0, AXE_EEPROM_772B_PHY_PWRCFG, &eeprom); ++ sc->sc_pwrcfg = le16toh(eeprom) & 0xFF00; ++ ++ /* ++ * Auto-loaded default station address from internal ROM is ++ * 00:00:00:00:00:00 such that an explicit access to EEPROM ++ * is required to get real station address. ++ */ ++ eaddr = ue->ue_eaddr; ++ for (i = 0; i < ETHER_ADDR_LEN / 2; i++) { ++ axe_cmd(sc, AXE_CMD_SROM_READ, 0, AXE_EEPROM_772B_NODE_ID + i, ++ &eeprom); ++ eeprom = le16toh(eeprom); ++ *eaddr++ = (uint8_t)(eeprom & 0xFF); ++ *eaddr++ = (uint8_t)((eeprom >> 8) & 0xFF); ++ } ++ /* Wakeup PHY. */ ++ axe_ax88772_phywake(sc); ++ /* Stop MAC. */ ++ axe_cmd(sc, AXE_CMD_RXCTL_WRITE, 0, 0, NULL); ++} ++ ++#undef AXE_GPIO_WRITE ++ ++static void + axe_reset(struct axe_softc *sc) + { + struct usb_config_descriptor *cd; +@@ -668,6 +785,16 @@ + + /* Wait a little while for the chip to get its brains in order. */ + uether_pause(&sc->sc_ue, hz / 100); ++ ++ /* Reinitialize controller to achieve full reset. */ ++ if (sc->sc_flags & AXE_FLAG_178) ++ axe_ax88178_init(sc); ++ else if (sc->sc_flags & AXE_FLAG_772) ++ axe_ax88772_init(sc); ++ else if (sc->sc_flags & AXE_FLAG_772A) ++ axe_ax88772a_init(sc); ++ else if (sc->sc_flags & AXE_FLAG_772B) ++ axe_ax88772b_init(sc); + } + + static void +@@ -691,23 +818,35 @@ + sc->sc_phyno = 0; + } + +- if (sc->sc_flags & AXE_FLAG_178) ++ /* Initialize controller and get station address. */ ++ if (sc->sc_flags & AXE_FLAG_178) { + axe_ax88178_init(sc); +- else if (sc->sc_flags & AXE_FLAG_772) ++ sc->sc_tx_bufsz = 16 * 1024; ++ axe_cmd(sc, AXE_178_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); ++ } else if (sc->sc_flags & AXE_FLAG_772) { + axe_ax88772_init(sc); +- +- /* +- * Get station address. +- */ +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) ++ sc->sc_tx_bufsz = 8 * 1024; + axe_cmd(sc, AXE_178_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); +- else ++ } else if (sc->sc_flags & AXE_FLAG_772A) { ++ axe_ax88772a_init(sc); ++ sc->sc_tx_bufsz = 8 * 1024; ++ axe_cmd(sc, AXE_178_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); ++ } else if (sc->sc_flags & AXE_FLAG_772B) { ++ axe_ax88772b_init(sc); ++ sc->sc_tx_bufsz = 8 * 1024; ++ } else + axe_cmd(sc, AXE_172_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); + + /* + * Fetch IPG values. + */ +- axe_cmd(sc, AXE_CMD_READ_IPG012, 0, 0, sc->sc_ipgs); ++ if (sc->sc_flags & (AXE_FLAG_772A | AXE_FLAG_772B)) { ++ /* Set IPG values. */ ++ sc->sc_ipgs[0] = 0x15; ++ sc->sc_ipgs[1] = 0x16; ++ sc->sc_ipgs[2] = 0x1A; ++ } else ++ axe_cmd(sc, AXE_CMD_READ_IPG012, 0, 0, sc->sc_ipgs); + } + + /* +@@ -810,7 +949,7 @@ + err = 0; + + pc = usbd_xfer_get_frame(xfer, 0); +- if (sc->sc_flags & (AXE_FLAG_772 | AXE_FLAG_178)) { ++ if (AXE_IS_178_FAMILY(sc)) { + while (pos < actlen) { + if ((pos + sizeof(hdr)) > actlen) { + /* too little data */ +@@ -875,7 +1014,7 @@ + struct ifnet *ifp = uether_getifp(&sc->sc_ue); + struct usb_page_cache *pc; + struct mbuf *m; +- int pos; ++ int nframes, pos; + + switch (USB_GET_STATE(xfer)) { + case USB_ST_TRANSFERRED: +@@ -892,40 +1031,34 @@ + */ + return; + } +- pos = 0; +- pc = usbd_xfer_get_frame(xfer, 0); + +- while (1) { +- ++ for (nframes = 0; nframes < 16 && ++ !IFQ_DRV_IS_EMPTY(&ifp->if_snd); nframes++) { + IFQ_DRV_DEQUEUE(&ifp->if_snd, m); +- +- if (m == NULL) { +- if (pos > 0) +- break; /* send out data */ +- return; +- } +- if (m->m_pkthdr.len > MCLBYTES) { +- m->m_pkthdr.len = MCLBYTES; +- } +- if (sc->sc_flags & (AXE_FLAG_772 | AXE_FLAG_178)) { +- ++ if (m == NULL) ++ break; ++ usbd_xfer_set_frame_offset(xfer, nframes * MCLBYTES, ++ nframes); ++ pos = 0; ++ pc = usbd_xfer_get_frame(xfer, nframes); ++ if (AXE_IS_178_FAMILY(sc)) { + hdr.len = htole16(m->m_pkthdr.len); + hdr.ilen = ~hdr.len; +- + usbd_copy_in(pc, pos, &hdr, sizeof(hdr)); +- + pos += sizeof(hdr); +- +- /* +- * NOTE: Some drivers force a short packet +- * by appending a dummy header with zero +- * length at then end of the USB transfer. +- * This driver uses the +- * USB_FORCE_SHORT_XFER flag instead. +- */ ++ usbd_m_copy_in(pc, pos, m, 0, m->m_pkthdr.len); ++ pos += m->m_pkthdr.len; ++ if ((pos % 512) == 0) { ++ hdr.len = 0; ++ hdr.ilen = 0xffff; ++ usbd_copy_in(pc, pos, &hdr, ++ sizeof(hdr)); ++ pos += sizeof(hdr); ++ } ++ } else { ++ usbd_m_copy_in(pc, pos, m, 0, m->m_pkthdr.len); ++ pos += m->m_pkthdr.len; + } +- usbd_m_copy_in(pc, pos, m, 0, m->m_pkthdr.len); +- pos += m->m_pkthdr.len; + + /* + * XXX +@@ -946,22 +1079,16 @@ + + m_freem(m); + +- if (sc->sc_flags & (AXE_FLAG_772 | AXE_FLAG_178)) { +- if (pos > (AXE_BULK_BUF_SIZE - MCLBYTES - sizeof(hdr))) { +- /* send out frame(s) */ +- break; +- } +- } else { +- /* send out frame */ +- break; +- } ++ /* Set frame length. */ ++ usbd_xfer_set_frame_len(xfer, nframes, pos); + } +- +- usbd_xfer_set_frame_len(xfer, 0, pos); +- usbd_transfer_submit(xfer); +- ifp->if_drv_flags |= IFF_DRV_OACTIVE; ++ if (nframes != 0) { ++ usbd_xfer_set_frames(xfer, nframes); ++ usbd_transfer_submit(xfer); ++ ifp->if_drv_flags |= IFF_DRV_OACTIVE; ++ } + return; +- ++ /* NOTREACHED */ + default: /* Error */ + DPRINTFN(11, "transfer error, %s\n", + usbd_errstr(error)); +@@ -1016,37 +1143,54 @@ + + AXE_LOCK_ASSERT(sc, MA_OWNED); + ++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) ++ return; ++ + /* Cancel pending I/O */ + axe_stop(ue); + ++ axe_reset(sc); ++ + /* Set MAC address. */ +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) ++ if (AXE_IS_178_FAMILY(sc)) + axe_cmd(sc, AXE_178_CMD_WRITE_NODEID, 0, 0, IF_LLADDR(ifp)); + else + axe_cmd(sc, AXE_172_CMD_WRITE_NODEID, 0, 0, IF_LLADDR(ifp)); + + /* Set transmitter IPG values */ +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) { ++ if (AXE_IS_178_FAMILY(sc)) + axe_cmd(sc, AXE_178_CMD_WRITE_IPG012, sc->sc_ipgs[2], + (sc->sc_ipgs[1] << 8) | (sc->sc_ipgs[0]), NULL); +- } else { ++ else { + axe_cmd(sc, AXE_172_CMD_WRITE_IPG0, 0, sc->sc_ipgs[0], NULL); + axe_cmd(sc, AXE_172_CMD_WRITE_IPG1, 0, sc->sc_ipgs[1], NULL); + axe_cmd(sc, AXE_172_CMD_WRITE_IPG2, 0, sc->sc_ipgs[2], NULL); + } + +- /* Enable receiver, set RX mode */ ++ /* AX88772B uses different maximum frame burst configuration. */ ++ if (sc->sc_flags & AXE_FLAG_772B) ++ axe_cmd(sc, AXE_772B_CMD_RXCTL_WRITE_CFG, ++ ax88772b_mfb_table[AX88772B_MFB_16K].threshold, ++ ax88772b_mfb_table[AX88772B_MFB_16K].byte_cnt, NULL); ++ ++ /* Enable receiver, set RX mode. */ + rxmode = (AXE_RXCMD_MULTICAST | AXE_RXCMD_ENABLE); +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) { +-#if 0 +- rxmode |= AXE_178_RXCMD_MFB_2048; /* chip default */ +-#else +- /* +- * Default Rx buffer size is too small to get +- * maximum performance. +- */ +- rxmode |= AXE_178_RXCMD_MFB_16384; +-#endif ++ if (AXE_IS_178_FAMILY(sc)) { ++ if (sc->sc_flags & AXE_FLAG_772B) { ++ /* ++ * Select RX header format type 1. Aligning IP ++ * header on 4 byte boundary is not needed ++ * because we always copy the received frame in ++ * RX handler. ++ */ ++ rxmode |= AXE_772B_RXCMD_HDR_TYPE_1; ++ } else { ++ /* ++ * Default Rx buffer size is too small to get ++ * maximum performance. ++ */ ++ rxmode |= AXE_178_RXCMD_MFB_16384; ++ } + } else { + rxmode |= AXE_172_RXCMD_UNICAST; + } +@@ -1066,6 +1210,8 @@ + usbd_xfer_set_stall(sc->sc_xfer[AXE_BULK_DT_WR]); + + ifp->if_drv_flags |= IFF_DRV_RUNNING; ++ /* Switch to selected media. */ ++ axe_ifmedia_upd(ifp); + axe_start(ue); + } + +@@ -1107,6 +1253,4 @@ + */ + usbd_transfer_stop(sc->sc_xfer[AXE_BULK_DT_WR]); + usbd_transfer_stop(sc->sc_xfer[AXE_BULK_DT_RD]); +- +- axe_reset(sc); + } Index: /branches/ileiden/nanobsd/misc/patches/cardbus_cis.c.patch =================================================================== --- /branches/ileiden/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) +++ /branches/ileiden/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) @@ -0,0 +1,48 @@ +--- src/sys/dev/cardbus/cardbus_cis.c~ 2007-06-08 00:03:57.000000000 -0400 ++++ src/sys/dev/cardbus/cardbus_cis.c 2007-12-09 16:20:26.000000000 -0500 +@@ -435,10 +435,11 @@ + struct resource *res) + { + if (res != CIS_CONFIG_SPACE) { +- bus_release_resource(child, SYS_RES_MEMORY, rid, res); ++ bus_release_resource(cbdev, SYS_RES_MEMORY, rid, res); + if (rid == PCIM_CIS_ASI_ROM) + pci_write_config(child, rid, pci_read_config(child, + rid, 4) & ~PCIR_BIOS, 4); ++ PCI_DISABLE_IO(cbdev, child, SYS_RES_MEMORY); + } + } + +@@ -448,6 +449,8 @@ + { + struct resource *res; + uint32_t space; ++ uint32_t testval; ++ uint32_t size; + + space = *start & PCIM_CIS_ASI_MASK; + switch (space) { +@@ -476,10 +479,13 @@ + space); + return (NULL); + } ++ pci_write_config(child, *rid, 0xffffffff, 4); ++ testval = pci_read_config(child, *rid, 4); ++ size = CARDBUS_MAPREG_MEM_SIZE(testval); + + /* allocate the memory space to read CIS */ +- res = bus_alloc_resource(child, SYS_RES_MEMORY, rid, 0, ~0, 1, +- rman_make_alignment_flags(4096) | RF_ACTIVE); ++ res = bus_alloc_resource(cbdev, SYS_RES_MEMORY, rid, 0, ~0, size, ++ rman_make_alignment_flags(size) | RF_ACTIVE); + if (res == NULL) { + device_printf(cbdev, "Unable to allocate resource " + "to read CIS.\n"); +@@ -488,6 +494,7 @@ + if (*rid == PCIR_BIOS) + pci_write_config(child, *rid, + rman_get_start(res) | PCIM_BIOS_ENABLE, 4); ++ PCI_ENABLE_IO(cbdev, child, SYS_RES_MEMORY); + + /* Flip to the right ROM image if CIS is in ROM */ + if (space == PCIM_CIS_ASI_ROM) { Index: /branches/ileiden/nanobsd/misc/patches/if_udav.c.patch =================================================================== --- /branches/ileiden/nanobsd/misc/patches/if_udav.c.patch (revision 10119) +++ /branches/ileiden/nanobsd/misc/patches/if_udav.c.patch (revision 10119) @@ -0,0 +1,11 @@ +--- if_udav.c 2010-02-19 19:58:45.000000000 +0100 ++++ if.udav.c.new 2010-02-19 17:54:20.000000000 +0100 +@@ -206,6 +206,8 @@ + {USB_VPI(USB_VENDOR_SHANTOU, USB_PRODUCT_SHANTOU_ST268, 0)}, + /* Corega USB-TXC */ + {USB_VPI(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB_TXC, 0)}, ++ /* DAVICOM DM9601 Generic */ ++ {USB_VPI(USB_VENDOR_DAVICOM, USB_PRODUCT_DAVICOM_DM9601, 0)}, + }; + + static void Index: /branches/ileiden/nanobsd/misc/patches/usbdevs.patch =================================================================== --- /branches/ileiden/nanobsd/misc/patches/usbdevs.patch (revision 10119) +++ /branches/ileiden/nanobsd/misc/patches/usbdevs.patch (revision 10119) @@ -0,0 +1,30 @@ +--- usbdevs 2009-12-22 12:48:05.000000000 +0100 ++++ usbdevs.new 2009-12-22 12:53:41.000000000 +0100 +@@ -156,7 +156,7 @@ + vendor COMPAQ 0x049f Compaq + vendor HITACHI 0x04a4 Hitachi + vendor ACERP 0x04a5 Acer Peripherals +-vendor DAVICOM 0x04a6 Davicom ++/*vendor DAVICOm 0x04a6 Davicom*/ + vendor VISIONEER 0x04a7 Visioneer + vendor CANON 0x04a9 Canon + vendor NIKON 0x04b0 Nikon +@@ -540,6 +540,7 @@ + vendor FALCOM 0x0f94 Falcom Wireless Communications GmbH + vendor RIM 0x0fca Research In Motion + vendor DYNASTREAM 0x0fcf Dynastream Innovations ++vendor DAVICOM 0x0fe6 Davicom + vendor QUALCOMM 0x1004 Qualcomm + vendor DESKNOTE 0x1019 Desknote + vendor GIGABYTE 0x1044 GIGABYTE +@@ -1107,6 +1108,10 @@ + product CYPRESS USBRS232 0x5500 USB-RS232 Interface + product CYPRESS SLIM_HUB 0x6560 Slim Hub + ++/* Davicom Semiconductor products */ ++/*product DAVICOM DM9601 0x9601 DM9601 USB NIC*/ ++product DAVICOM DM9601 0x8101 DM9601 USB NIC ++ + /* Daisy Technology products */ + product DAISY DMC 0x6901 USB MultiMedia Reader + Index: /branches/ileiden/nanobsd/misc/testing-server/dhcpd.conf =================================================================== --- /branches/ileiden/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) +++ /branches/ileiden/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) @@ -0,0 +1,17 @@ +# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates. +ddns-update-style ad-hoc; + +default-lease-time 600; +max-lease-time 7200; +authoritative; + +option domain-name "example.com"; +option domain-name-servers 208.67.222.222; +option routers 192.168.4.1; + +subnet 192.168.4.0 netmask 255.255.255.0 { + range 192.168.4.10 192.168.4.100; + + filename "pxeboot"; + option root-path "192.168.4.1:/usr/data/base/"; +} Index: /branches/ileiden/nanobsd/misc/testing-server/exports =================================================================== --- /branches/ileiden/nanobsd/misc/testing-server/exports (revision 10119) +++ /branches/ileiden/nanobsd/misc/testing-server/exports (revision 10119) @@ -0,0 +1,2 @@ +/usr/data -alldirs -maproot=root -network 192.168.4.0/24 +/usr/data/base -alldirs -maproot=root -network 192.168.4.0/24 Index: /branches/ileiden/nanobsd/misc/testing-server/rc.conf =================================================================== --- /branches/ileiden/nanobsd/misc/testing-server/rc.conf (revision 10119) +++ /branches/ileiden/nanobsd/misc/testing-server/rc.conf (revision 10119) @@ -0,0 +1,28 @@ +hostname="richard.wleiden.net" +ifconfig_xl0="inet 172.19.137.70/27" +defaultrouter="172.19.137.66" + +sshd_enable="YES" + + + +# +# PXEboot envirionment +ifconfig_bfe0="inet 192.168.4.1/24" + +# DHCPD server, ip address, options, hints +dhcpd_enable="YES" + +# TFTP server, initial boot +inetd_enable="YES" + +# NFS server, kernel and more +nfs_server_enable="YES" +rpcbind_enable="YES" +mountd_flags="-r" + +gateway_enable="YES" +firewall_enable="YES" +firewall_type="OPEN" +natd_enable="YES" +natd_interface="xl0" Index: /branches/ileiden/nanobsd/tools/config-image.sh =================================================================== --- /branches/ileiden/nanobsd/tools/config-image.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/config-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Push config onto persistent location inside node image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} /tools/wl-config -n -m startup + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/ileiden/nanobsd/tools/edit-image.sh =================================================================== --- /branches/ileiden/nanobsd/tools/edit-image.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/edit-image.sh (revision 10119) @@ -0,0 +1,54 @@ +#!/bin/sh +# Chroot into image to edit bits and pieces +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +p_info "Type exit when done" +chroot ${MNT} +p_info "Any changes are made permanent on image ${IMG}" + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/ileiden/nanobsd/tools/flash-node.sh =================================================================== --- /branches/ileiden/nanobsd/tools/flash-node.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/flash-node.sh (revision 10119) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# Upload image to node and flash partition +# +# Rick van der Zwet + +. $(dirname $0)/package-build.inc.sh + +if [ -z "$1" ]; then + echo "Usage: $0 [ ..]" 1>&2 + exit 128 +fi + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" +IMG=${IMG:-${OBJDIR}/_.disk.image} + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +for HOST in $*; do + cat $IMG | ssh -oBatchMode=yes $HOST /tools/update-wrapper +done + Index: /branches/ileiden/nanobsd/tools/image-build.sh =================================================================== --- /branches/ileiden/nanobsd/tools/image-build.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/image-build.sh (revision 10119) @@ -0,0 +1,78 @@ +#!/bin/sh +# Wrapper around nanobsd.sh with autodetection of already processed steps +# to provide some failsafe net + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" +NANOBSD='/usr/src/tools/tools/nanobsd/nanobsd.sh' + +. ${BASEDIR}/package-build.inc.sh + +FORCE_KERNEL=0 +FORCE_WORLD=0 +#XXX: Proper object handling +if [ "$1" = "-bk" ]; then + p_warn Forcefully building kernel + FORCE_KERNEL=1 +elif [ "$1" = "-bw" ]; then + p_warn Forcefully building world + FORCE_WORLD=1 +elif [ "$1" = "-f" ]; then + p_warn Forcefully building world and kernel + FORCE_KERNEL=1 + FORCE_WORLD=1 +fi +shift +NANOBSD_EXTRA=$* + +if [ ! -r "${NANOBSD}" ]; then + p_err ${NANOBSD} does not exists + exit 1 +fi + +if [ ! -x "${NANOBSD}" ]; then + NANOBSD="sh ${NANOBSD}" +fi + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + +if [ -d "${OBJDIR}" ]; then + NANOBSD_FLAGS="" + + # Detect succesfull buildworld + tail -10 ${OBJDIR}/_.bw | grep 'World build completed' + if [ $? -eq 0 -a ${FORCE_WORLD} -eq 0 ]; then + p_info NO building of world, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -w" + fi + + # Detect succesfull buildkernel + tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' + if [ $? -eq 0 -a ${FORCE_KERNEL} -eq 0 ]; then + p_info NO building of kernel, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -k" + fi + +else + p_warn Nothing yet, starting fresh + NANOBSD_FLAGS="" +fi + +# Provide verbose output by default +COMMAND="${NANOBSD} ${NANOBSD_FLAGS} -c ${CFG} -v ${NANOBSD_EXTRA}" +f_time ${COMMAND} +RETVAL=$? + +# Verify on build failures +tail -10 ${OBJDIR}/_.bw | grep 'World build completed' +if [ $? -eq 1 ]; then + p_err Building world FAILED, check ${OBJDIR}/_.bw +fi +tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' +if [ $? -eq 1 ]; then + p_err Building kernel FAILED, check ${OBJDIR}/_.bk +fi +p_info End time: `date` +exit ${RETVAL} Index: /branches/ileiden/nanobsd/tools/make-release.sh =================================================================== --- /branches/ileiden/nanobsd/tools/make-release.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/make-release.sh (revision 10119) @@ -0,0 +1,51 @@ +#!/bin/sh +# Small tool to build nanobsd release, ready for distribution: + +BASEDIR="`dirname $0`/.." + +# Some cleaning at start +for PORT in ${BASEDIR}/misc/ports/*/*; do + (cd $PORT; make clean); +done + +# Version target +# Either version from command line or else subversion base +VERSION=${1-`svn info ${BASEDIR} | awk '/Revision:/ {print $2}'`} + +TMPDIR=`mktemp -d -t $(basename $0 .sh)` + +PKGDIR=wl-image-$VERSION +WRKSRC=$TMPDIR/$PKGDIR +mkdir $WRKSRC +cp -R ${BASEDIR}/tools $WRKSRC +cp -R ${BASEDIR}/cfg $WRKSRC +cp -R ${BASEDIR}/misc $WRKSRC +cp -R ${BASEDIR}/files $WRKSRC +cp -R ${BASEDIR}/README.txt $WRKSRC + +# Present real image +# XXX: Make path relative +# XXX: Find some pretty options +IMG=/usr/obj/nanobsd.wleiden/_.disk.full +IMG_DIR=`dirname ${IMG}` +IMG_PKGDIR=${IMG_DIR}/${PKGDIR} +mkdir ${IMG_PKGDIR} +ln ${IMG} ${IMG_PKGDIR}/disk_full.img + +# Make pretty tar file out of it +tar --exclude ".svn" --exclude "Makefile" \ + --exclude "config.cache" --exclude "config.log" --exclude "config.status" \ + --exclude ".depend" \ + -cjf wl-image-$VERSION.tbz \ + -C $TMPDIR \ + $PKGDIR/tools \ + $PKGDIR/cfg \ + $PKGDIR/files \ + $PKGDIR/misc \ + $PKGDIR/README.txt \ + -C $IMG_DIR \ + $PKGDIR/disk_full.img + +rm -fR $TMPDIR +rm -fR $IMG_PKGDIR + Index: /branches/ileiden/nanobsd/tools/package-build.inc.sh =================================================================== --- /branches/ileiden/nanobsd/tools/package-build.inc.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/package-build.inc.sh (revision 10119) @@ -0,0 +1,70 @@ +# Used to store profile data +TIME_FILE=$(dirname $0)/eta-times.txt + +p_list () { +echo "$*" | sed -e 's/ /|## /g' -e 's/^/## /g' +} + +p_info () { + echo "$*" | tr '|' '\n' | sed 's/^/# /' +} + +p_warn () { + echo "$*" | tr '|' '\n' | sed 's/^/#WARN: /' +} + +p_err () { + echo "$*" | tr '|' '\n' | sed 's/^/#ERR: /' +} + +p_sleep() { + SLEEP=${1-5} + while [ "${SLEEP}" -gt 0 ]; do + printf '.' + sleep 1 + SLEEP=`expr ${SLEEP} - 1` + done + printf '\n' +} + +# Print estimation on how long it normally if going to take +f_time() { + COMMAND="$*" + ETA_TIME=` grep "${COMMAND}$" ${TIME_FILE} 2>/dev/null | awk '{print $1}'` + if [ -z "${ETA_TIME}" ]; then + ETA_TIME="NaN" + fi + + p_info Last run of "'${COMMAND}'" took ${ETA_TIME} + p_info Start time: `date` + + # Execute command + START_TIME=`date "+%s"` + $COMMAND + RETVAL=$? + STOP_TIME=`date "+%s"` + + p_info End time: `date` + # Calculate time it took + TOTAL_TIME=`expr ${STOP_TIME} - ${START_TIME}` + HUMAN_FMT=`date -ur ${TOTAL_TIME} "+%H:%M:%S"` + + # Store new time if command is succesfull + if [ "${RETVAL}" -eq 0 ]; then + grep -v "${COMMAND}$" ${TIME_FILE} > ${TIME_FILE}.tmp 2>/dev/null + echo "${HUMAN_FMT} ${COMMAND}" >> ${TIME_FILE}.tmp + mv ${TIME_FILE}.tmp ${TIME_FILE} + fi + + # Return the command it's output + return ${RETVAL} +} + +f_check_root() { + # No Root, no fun + if [ `id -u` -ne 0 ]; then + print_err Root only + exit 1 + fi +} + Index: /branches/ileiden/nanobsd/tools/package-build.sh =================================================================== --- /branches/ileiden/nanobsd/tools/package-build.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/package-build.sh (revision 10119) @@ -0,0 +1,179 @@ +#!/bin/sh +# Install all required packages +# XXX: Welcome to port hell, if /usr/ports has been updated, you actually want +# to delete all installed packages and start over again, hence why people used +# to run this stuff in jails, etc. + +. $(dirname $0)/package-build.inc.sh + +DEBUG=${DEBUG:-0} +DEP_CHECK_ONLY=${DEP_CHECK_ONLY:-0} + +# make options, for package building +LOGDIR=`mktemp -d "/tmp/$(basename $0 .sh)-$(date +%Y%m%d-%H:%M:%S).X"` +TARGET="`cd $(dirname $0);pwd -P`/../pkg/" + +# Package target +MAKE_ARGS="$MAKE_ARGS PACKAGES=$TARGET" +MAKE_ARGS="$MAKE_ARGS BATCH=yes PACKAGE_BUILDING=yes" + +# www/py-cherrypy +MAKE_ARGS="${MAKE_ARGS} WITH_APACHE=yes" +# net-mgmt/net-snmp +MAKE_ARGS="${MAKE_ARGS} WITHOUT_PERL=yes" +# net-mgmt/nagios-plugins +MAKE_ARGS="${MAKE_ARGS} WITH_FPING=yes" + +p_info Log directory ${LOGDIR} +p_info Make options are: +p_info $(p_list ${MAKE_ARGS}) + +p_info Checking whether there are currently unmet dependencies +RETVAL=0 +PKGS=`pkg_info | awk '{print $1}'` +for PKG in ${PKGS} ; do + PKG_DEP_FAIL="" + for PKGDEP in `pkg_info -qr ${PKG} | awk '{print $2}'`; do + pkg_info -e ${PKGDEP} + if [ $? -eq 1 ]; then + PKG_DEP_FAIL="${PKG_DEP_FAIL} ${PKGDEP}" + fi + done + if [ -n "${PKG_DEP_FAIL}" ]; then + p_err Unmet dependencies found at $PKG, please fix manually: + p_err $(p_list ${PKG_DEP_FAIL}) + RETVAL=1 + fi +done +if [ $RETVAL -eq 1 ]; then + exit 1 +fi +p_info Dependecy check ok + +if [ ${DEP_CHECK_ONLY} -eq 1 ]; then + exit 0 +fi +echo "" + + +if [ -d "${TARGET}/All" ]; then + p_warn "Deleted all (old) packages at ${TARGET}" + rm -R $TARGET/* +fi +p_info Created target dir ${TARGET}/All +mkdir -p ${TARGET}/All + +PORTSDIR='/usr/ports' +WL_PORTSDIR="`cd $(dirname $0);pwd -P`/../ports/" + +# XXX: Make file dynamic +# Dirty quirk to allow comments in part below +PACKAGE_LIST=`cat <>$LOGFILE 1>> $LOGFILE + if [ $? -ne 0 ]; then + p_err building ${PACKAGE} FAILED, logging at $LOGFILE + exit 1 + fi + fi + ${MAKE} package-links + PKGNAME=`make extract-message | awk '{print $NF}'` + pkg_create -b $PKGNAME $TARGET/All/${PKGNAME}.tbz + + p_info Checking dependencies + for PKG in $PKGDEP_PKGS; do + echo "${BUILD_LIST}" | grep -q "$PKG" + if [ $? -eq 0 ]; then + # Already packaged + p_info ${PKG} Already packaged + else + echo $@ | grep -q "${PKG}" + if [ $? -eq 0 ]; then + p_info ${PKG} Already planned + else + set $@ ${PKG} + fi + fi + done + p_info Packaging $PACKAGE succesfull +done + +p_info $(echo ${BUILD_LIST} | wc -w) packages build succesfully + +if [ ${DEBUG} -eq 0 ]; then + rm -R ${LOGDIR} +else + p_info Debugging enabled ${LOGDIR} saved +fi + Index: /branches/ileiden/nanobsd/tools/passwd-image.sh =================================================================== --- /branches/ileiden/nanobsd/tools/passwd-image.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/passwd-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Change password if image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} passwd + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/ileiden/nanobsd/tools/prepare-nfs.sh =================================================================== --- /branches/ileiden/nanobsd/tools/prepare-nfs.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/prepare-nfs.sh (revision 10119) @@ -0,0 +1,114 @@ +#!/bin/sh +# Get nanobsd image ready to be booted from NFS +# NFS instructions at +# http://www.wirelessleiden.nl/projects/nodefactory/wiki/TestingViaNFS + +IMAGE_BASE="/usr/obj/nanobsd.wleiden" +IMAGE_SLICE="${IMAGE_BASE}/_.disk.image" +IMAGE_FULL="${IMAGE_BASE}/_.disk.full" +IMAGE_NFS="${IMAGE_SLICE}-nfs" +# Structure: $NFSBASE +# ./cfg = /cfg mounpoint +# ./base = / mountpoint +# ./nfs = /nfs mountpoint +NFSBASE='/usr/data' +MNT="${NFSBASE}/base" +CFG="${NFSBASE}/cfg" +NFS="${NFSBASE}/nfs" + +print_error() { + echo "[ERROR] $*" 1>&2 +} + +usage() { + ( + echo "Usage: $0 [-fn]" + echo " -f force umount, memory device whipes" + echo " -n do not delete/clean cfg partition" + echo " -u unload/eject procedure" + ) 1>&2 + exit 2 +} + +# No Root, no fun +if [ `id -u` -ne 0 ]; then + print_error "Root only" + exit 1 +fi + +# Argument parsing using getopts +OPT_FORCE=0 +OPT_CLEAN=1 +OPT_UNLOAD=0 +while getopts "hfnu" OPT; do + case "$OPT" in + f) OPT_FORCE=1;; + n) OPT_CLEAN=0;; + u) OPT_UNLOAD=1;; + h) usage;; + \?) usage;; + esac +done + + +# Eeks, we are going to be nasty, hold your horses +if [ $OPT_FORCE -eq 1 -o $OPT_UNLOAD -eq 1 ]; then + umount -f $MNT + for MD in `mdconfig -l -v | grep "${IMAGE_NFS}" | awk '{print $1}'`; do + mdconfig -d -u $MD + done +fi + +if [ $OPT_UNLOAD -eq 1 ]; then + echo "All done" + exit 1; +fi + +# If mount point is already used, bail out +if mount | grep -q "${MNT}"; then + print_error "'${MNT}' already mounted" + exit 1 +fi + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMAGE_NFS}"; then + MD=`mdconfig -l -v | grep "${IMAGE_NFS}" | cut -c -4` + print_error "'${IMAGE_NFS}' already mounted at '$MD'" + exit 1 +fi + + +# Prepare image for use with NFS +cp -v ${IMAGE_SLICE} ${IMAGE_NFS} + +MD=`mdconfig -a -t vnode -f ${IMAGE_NFS}` +mount /dev/${MD}a ${MNT} + +# Config files lives at NFS location +echo "mount -t nfs -o ro 192.168.4.1:${CFG}" > ${MNT}/conf/default/etc/remount + +# Create nfs mount location +mkdir ${MNT}/nfs + +# $MNT, $CFG, $NFS lives at nfs +( +echo "192.168.4.1:${MNT} / nfs ro 0 0" +echo "192.168.4.1:${CFG} /cfg nfs rw,noauto 0 0" +echo "192.168.4.1:${NFS} /nfs nfs rw 0 0" +) > /${MNT}/conf/base/etc/fstab + +if [ ${OPT_CLEAN} -eq 1 ]; then + echo "DELETING all files at ${CFG}, start fresh ;-)" + rm -vfR ${CFG}/* +else + echo "PRESERVING all files at ${CFG}" +fi + +echo "DELETING all files at ${NFS}, start fresh ;-)" +rm -vfR ${NFS}/* + +# Allow build images to be used directy via NFS +ln -f ${IMAGE_SLICE} ${NFS}/`basename ${IMAGE_SLICE}` +ln -f ${IMAGE_FULL} ${NFS}/`basename ${IMAGE_FULL}` + +# XXX: Proper unmounting after all has finished Index: /branches/ileiden/nanobsd/tools/rsync-image.sh =================================================================== --- /branches/ileiden/nanobsd/tools/rsync-image.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/rsync-image.sh (revision 10119) @@ -0,0 +1,43 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=${1:-10.0.42.1} +BASEDIR=`dirname $0` +if [ -n "$2" ]; then + IMG=$2 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.image +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +# Prepare image as filesystem +MNT=`mktemp -d -t $(basename $0)` +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}a ${MNT} || exit 1 + +# On error clean up nicely +trap "cd /; umount ${MNT}; rmdir ${MNT}; mdconfig -d -u ${MD}" 0 1 2 3 15 + +#XXX: Might want to do in one fly +# Set to write mode +ssh $HOST mount -uwo noatime / || exit 1 +# Sync changes +rsync -av --exclude=/dev --exclude=/etc --exclude=/var ${MNT}/ ${HOST}:/ || exit 1 +# Set to read-only mode again +ssh $HOST mount -ur / || exit 1 + +exit 0 Index: /branches/ileiden/nanobsd/tools/test-inc.sh =================================================================== --- /branches/ileiden/nanobsd/tools/test-inc.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/test-inc.sh (revision 10119) @@ -0,0 +1,5 @@ +#!/bin/sh +. $(dirname $0)/package-build.inc.sh + +f_time sleep 5 + Index: /branches/ileiden/nanobsd/tools/upload-image.sh =================================================================== --- /branches/ileiden/nanobsd/tools/upload-image.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/upload-image.sh (revision 10119) @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Upload image to the 'distribution' server. First try WL network, +# else use inet as last resort. Need to have shell access to distribution server. +# +# XXX: Needs Type and such as well properly +# +# Rick van der Zwet + +SERVERS="sunfire.wleiden.net sunfire.wirelessleiden.nl" +TIMESTAMP=`date "+%Y%m%d-%H%M"` +BASEDIR=`dirname $0` +SSH_USER=${SSH_USER:-$USER} +TYPE="$1" +RELEASE="$2" + +. $BASEDIR/package-build.inc.sh + +if [ -z "$RELEASE" ]; then + echo "Usage: $0 " + exit 1 +fi + +# Make sure we find the right image +if [ "$TYPE" = "full" ]; then + find_disk_full "" +elif [ "$TYPE" = "image" ]; then + find_disk_image "" +else + echo "Usage: $0 " + exit 1 +fi + +check_reachable() { + ping -c 2 -t 1 -q $1 1>/dev/null 2>/dev/null + return $? +} + +# XXX: Hack this should actually be done during building phase +echo "# Compressing image '$IMG'" +gzip -v -k -f $IMG +IMG="$IMG.gz" + +echo "# Trying to upload to server, alarm messages are normal" +# Upload the image to the defined place +for SERVER in $SERVERS; do + if check_reachable $SERVER; then + TARGET="$SSH_USER@$SERVER:/usr/local/www/images/$RELEASE/node-$TYPE-$TIMESTAMP.img.gz" + echo "# Source: $IMG" + echo "# Target: $TARGET" + echo "# To cancel, please CTRL+C within 3 seconds" + sleep 3 + scp $IMG $TARGET + exit $? + fi +done + Index: /branches/ileiden/nanobsd/tools/write-image.sh =================================================================== --- /branches/ileiden/nanobsd/tools/write-image.sh (revision 10119) +++ /branches/ileiden/nanobsd/tools/write-image.sh (revision 10119) @@ -0,0 +1,74 @@ +#!/bin/sh +# Wrapper allowing to write image to card writer + +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi +IMGSIZE=`ls -l ${IMG} | awk '{print $5 / 1024 / 1024}'` + +# Make sure we are root from this point on +f_check_root + +# Find which daX device holds a active flash drive +CARD_FOUND=0 +DA_LIST=`cd /dev/; echo da[0-9]` +for DA in ${DA_LIST}; do + diskinfo ${DA} 1>/dev/null 2>/dev/null + if [ $? -eq 0 ]; then + CARD_FOUND=1 + break + fi +done + +if [ ${CARD_FOUND} -eq 0 ]; then + p_err Sorry no flash card found at active devices, list searched: + p_err $(p_list ${DA_LIST}) + exit 1 +fi + +# Detect cardreader type/version +CARDREADER=`dmesg | grep ${DA}: | awk -F'[<>]' '/Removable Direct Access/ {print $2}' | tail -1` + +#XXX: Issue last chance warning, prompting the user to bail out +p_warn Going to write ${IMG} "(${IMGSIZE}MB)" to ${DA} "(${CARDREADER})" +p_warn 5 seconds to quit using CTRL+C +p_sleep 5 + +TMPFILE=`mktemp -t dd` +p_info Writing image... "(`date`)" +# Sending INFO to dd seems to confuse it sometimes so +# make it EXPERIMENTAL for now + +if [ -n "$ENHANCED_DD" ]; then + dd if=${IMG} of=/dev/${DA} bs=64k 2>${TMPFILE} & + DD_PID=$! + sleep 0.5 + while `ps ${DD_PID} >/dev/null`; do + kill -INFO ${DD_PID} + sleep 0.1 #Micro delay allow TMPFILE to populate + SIZE_DONE=`awk '/transferred/ {print $1}' ${TMPFILE}` + SIZE_DONE=`echo "${SIZE_DONE} / 1024 / 1024" | bc -l` + PERCENT_DONE=`echo "${SIZE_DONE} / ${IMGSIZE} * 100" | bc -l` + p_info `date "+%H:%m:%S"` `printf "%.02f MB (%.01f%%)" ${SIZE_DONE} ${PERCENT_DONE}` + p_sleep 10 + : > ${TMPFILE} + done +else + dd if=${IMG} of=/dev/${DA} bs=64k +fi +rm ${TMPFILE} +p_info Image writing succesfull at /dev/$DA "(`date`)" Index: /branches/releng-9.0-ileiden/nanobsd/README.txt =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/README.txt (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/README.txt (revision 10119) @@ -0,0 +1,12 @@ +Please find the build procedure and other supporting documents at + +http://www.wirelessleiden.nl/projects/nodefactory/wiki/NanoBSD + += Directory layout = +README.txt = currently reading +cfg-files = extension for auto populate /cfg slice in image +cfg/kernel.* = kernel config files, different hosts +cfg/nanobsd.* = nanobsd config files +files = extension for auto populate / slice in image +pkg = Packages to be installed +tools = Helper scripts for use after image Index: /branches/releng-9.0-ileiden/nanobsd/cfg-files/local/captive/wlportal.tmpl =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/cfg-files/local/captive/wlportal.tmpl (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/cfg-files/local/captive/wlportal.tmpl (revision 10119) @@ -0,0 +1,64 @@ + + + Welkom bij Wireless Leiden captive portal + + + +

%(status_msg)s

+

Welkom bij Wireless Leiden

+For English see bottom of this page +

Internettoegang

+

U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+ Gedetailleerde instructies kunt u vinden op onze website. +

+N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. + +

Eerlijk gebruikmaken van Wireless Leiden

+ Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+ De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+Geef hieronder aan of u accoord gaat met deze voorwaarden: +
+ + +
+ + +
+

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/releng-9.0-ileiden/nanobsd/cfg/kernel.wleiden =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/cfg/kernel.wleiden (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/cfg/kernel.wleiden (revision 10119) @@ -0,0 +1,207 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: releng/9.0/sys/i386/conf/GENERIC 227305 2011-11-07 13:40:54Z marius $ + +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident WLEIDEN + +# Uncomment if you like to compile a debugging kernel +#makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols +#options KDB # Kernel debugger related code +#options KDB_TRACE # Print a stack trace for a panic + + +options CPU_ELAN +options CPU_SOEKRIS # Some units are Soekris Machines. +options CPU_GEODE # net4801 requirement +options HZ=250 # Because ofthe "ELAN" timecounter. + +options NO_SWAPPING # Embedded Machines. +options SW_WATCHDOG # Remote emergency reboots. + + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options INCLUDE_CONFIG_FILE # Include this file in kernel + +# To make an SMP kernel, the next two lines are needed +options SMP # Symmetric MultiProcessor Kernel +device apic # I/O APIC + +# CPU frequency control +device cpufreq + +# Bus support. +device acpi +device eisa +device pci + +# ATA controllers +device ahci # AHCI-compatible SATA controllers +device ata # Legacy ATA/SATA controllers +options ATA_CAM # Handle legacy controllers with CAM +options ATA_STATIC_ID # Static device numbering + +# ATA/SCSI peripherals +device scbus # SCSI bus (required for ATA/SCSI) +device da # Direct Access (disks) + +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 + +# Wireless NIC cards +device wlan # 802.11 support +options IEEE80211_DEBUG # enable debug msgs +options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's +options IEEE80211_SUPPORT_MESH # enable 802.11s draft support +device ath # Atheros NIC's +device ath_pci # Atheros pci/cardbus glue +device ath_hal # pci/cardbus chip support +options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors +device ath_rate_sample # SampleRate tx rate control for ath +device ral # Ralink Technology RT2500 wireless NICs. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device vlan # 802.1Q VLAN support +device tun # Packet tunnel. +device pty # BSD-style compatibility pseudo ttys +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +options USB_DEBUG # enable debug msgs +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device xhci # XHCI PCI->USB interface (USB 3.0) +device usb # USB Bus (required) +device umass # Disks/Mass storage - Requires scbus and da +# USB Serial devices +device u3g # USB-based 3G modems (Option, Huawei, Sierra) +device uark # Technologies ARK3116 based serial adapters +device ubsa # Belkin F5U103 and compatible serial adapters +device uftdi # For FTDI usb serial adapters +device uipaq # Some WinCE based devices +device uplcom # Prolific PL-2303 serial adapters +device uslcom # SI Labs CP2101/CP2102 serial adapters +device uvisor # Visor and Palm devices +device uvscom # USB serial support for DDI pocket's PHS +#device urio # Diamond Rio 500 MP3 player +#device uscanner # Scanners +# USB Ethernet, requires miibus +device aue # ADMtek USB Ethernet +device axe # ASIX Electronics USB Ethernet +device cdce # Generic USB over Ethernet +device cue # CATC USB Ethernet +device kue # Kawasaki LSI USB Ethernet +device mos # Mos USB Ethernet +device rue # RealTek RTL8150 USB Ethernet +device udav # Davicom DM9601E USB +# USB Wireless +device rum # Ralink Technology RT2501USB wireless NICs +device run # Ralink Technology RT2700/RT2800/RT3000 NICs. +device uath # Atheros AR5523 wireless NICs +device upgt # Conexant/Intersil PrismGT wireless NICs. +device ural # Ralink Technology RT2500USB wireless NICs +device urtw # Realtek RTL8187B/L wireless NICs +device zyd # ZyDAS zd1211/zd1211b wireless NICs + +# +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + + +# Firewall fore the use of fancy stuff, like forwarding ports +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPFIREWALL_FORWARD +options IPFIREWALL_NAT +options LIBALIAS # Required for IPFIREWALL_NAT + +# Allow combining interfaces +device if_bridge + Index: /branches/releng-9.0-ileiden/nanobsd/cfg/nanobsd.wleiden =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/cfg/nanobsd.wleiden (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/cfg/nanobsd.wleiden (revision 10119) @@ -0,0 +1,313 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# Little hack to allow proper secify of KERNL/PKG location +if [ -n "$NANO_CFG_FILE" ]; then + NANO_CONF_DIR=$(cd $(dirname $NANO_CFG_FILE); pwd -P) +else + NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) +fi + +# object naam in /usr/obj/nanobsd.{obj} +NANO_NAME=wleiden-`basename $(dirname $NANO_CONF_DIR)` +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +NANO_CODESIZE=819200 +NANO_RAM_TMPVARSIZE=20480 + +NANO_DRIVE=ada0 + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +elif [ "`sysctl -n hw.model`" = "AMD Sempron(tm) Processor 3000+" ]; then + # Parralel builds on this friend fails somehow + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry +# Calculated value of PEAK hardware 1GB CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +# Using logical values reported by ALIX board +# values for PCEngines blanc 1 GB cards +# C/H/S phys 1966/16/63, logical 983/32/63 +NANO_MEDIASIZE=`expr 1008451584 / 512` +NANO_HEADS=32 +NANO_SECTS=63 + + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + + +# Enable Serial TTYs +cust_serial_ttys() ( + chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyv[1-9]/s/on /off/' -e '/ttyu0/s/off/on/' -e '/ttyu0/s/dialup/ansi/' /etc/ttys +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +customize_cmd cust_serial_ttys +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches + + +# Extra config if existing is not suffient +if [ -n "$EXTRA_NANOBSD_CONFIG" ]; then + for FILE in $EXTRA_NANOBSD_CONFIG; do + # File relative to config directory + if [ "`echo $FILE | cut -c1`" != "/" ]; then + FILE=$NANO_CONF_DIR/$FILE + fi + pprint 1 "Loading $FILE" + . $FILE || exit 1 + done +fi Index: /branches/releng-9.0-ileiden/nanobsd/files/FILE_LISTING.txt =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/FILE_LISTING.txt (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/FILE_LISTING.txt (revision 10119) @@ -0,0 +1,38 @@ +# File or directory and it's purpose in this build +./boot.config # Serial console output +./boot/loader.conf # Serial console output +./conf/default/etc/.work_around_till_fix_of_pr_134513 +./conf/default/var/.work_around_till_fix_of_pr_134513 +./etc/crontab # Extra calls for pen & ntp +./etc/namedb/named.conf # Custom named configuration +./etc/ntp.conf # Custom ntp configuration +./etc/rc.conf # Highly customized rc.conf +./etc/syslog.conf # Remote syslogging enabing +./etc/ttys-nanobsd.patch # Serial console output +./root/.ssh # Template directory for authorized_keys file +./tools/change_password # Allow persistent changing of root password +./tools/dhcpd_snmp.sh # XXX +./tools/save_sshkeys # Allow persistent saving of host ssh keys +./tools/syslogd_flags.sh # XXX +./tools/updatep1 # phk image on slice 1 update script +./tools/updatep2 # phk image on slice 2 update script +./tools/wl-config # WL node specific configuration fetch and update script +./tools/wl-version # Version debug tool, gather statistics for debugging +./usr/lib/aout/.keep_me # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir +./usr/local/bin/ssh-copy-id # XXX +./usr/local/bin/write_ntpdrift # XXX +./usr/local/etc/dhcpd-snmp.conf # dhcp-snmp cofiguration +./usr/local/etc/dhcpd.conf # Initial custom dhcpd.conf +./usr/local/etc/nrpe.cfg # XXX +./usr/local/etc/ntp.drift # XXX +./usr/local/etc/rc.d/lvrouted.sh # lvrouted startup script +./usr/local/etc/rc.d/nanobsd-motd # Allow updating motd with persistent save +./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation +./usr/local/etc/rc.d/pen # Pen startup script +./usr/local/etc/rc.d/sort-proxies # Pen optimizer script +./usr/local/etc/rc.d/wlweb # WLweb configuration webinterface startup script +./usr/local/sbin/dhcpd-snmp # dhcp-snmp 'binary' +./usr/local/sbin/lvrouted.opt # lvrouted 'binary' +./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB +./usr/local/share/snmp/snmpd.conf # Custom snmpd configuration +./usr/local/wlweb # WLweb configuration webinterface program Index: /branches/releng-9.0-ileiden/nanobsd/files/boot.config =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/boot.config (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/boot.config (revision 10119) @@ -0,0 +1,1 @@ +-h Index: /branches/releng-9.0-ileiden/nanobsd/files/boot/loader.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/boot/loader.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/boot/loader.conf (revision 10119) @@ -0,0 +1,28 @@ +# No funky Beasty, but boring default, and gone in 1 second to make it go quick :-( +beastie_disable="YES" +autoboot_delay="1" + +# Some apache hyper speed module, we properly this don't need this, but still +# saves a startup warning +accf_http_load="YES" + +# Named started nagging, claiming (to many) files if unable to reach master for +# quite some time +kern.maxfiles="5000" + +# The unlucky NET4801 does not properly support DMA (we don't need it anyways) +# http://lists.soekris.com/pipermail/soekris-tech/2008-August/014788.html +hw.ata.ata_dma="0" + +# Prefers stability over preformance disable Write Caching (man 4 ata) +hw.ata.wc="0" + +# Force output to run trough the comconsole, no exceptions +console="comconsole" + +# moduleis for usb-lan adapters +if_mos_load="YES" +if_axe_load="YES" +if_aue_load="YES" + + Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/crontab =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/crontab (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/crontab (revision 10119) @@ -0,0 +1,29 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +HOME=/var/log +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a +# +# Write updates for ntp.drift to flash +0 12 * * * root /usr/local/bin/write_ntpdrift Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/ipfw.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/ipfw.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/ipfw.sh (revision 10119) @@ -0,0 +1,68 @@ +#!/bin/sh - + +# Based on /etc/rc.firewall + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback + +############ + +# By default no firewalling +${fwcmd} add 65000 pass all from any to any + +# Transproxy/WLportal/Captive portal +${fwcmd} add 10000 allow tcp from any to localhost 80 +${fwcmd} add 10001 allow tcp from any to me 80 + +############ +# Reserved: Whitelist rule numbers +# 10002 - 10009 +NR=10002 + for IP in $captive_portal_whitelist; do + ${fwcmd} add $NR allow tcp from $IP to not 172.16.0.0/12 dst-port 80 + NR=`expr $NR + 1` +done + +############ +# Reserved: WLPortal rule numbers +# 10010 - 10099 + +# Forward rules work without a base address, so needed a loop over all inet4 adresses +for INF in $captive_portal_interfaces; do + ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12 80 in via ${INF} +done Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/motd =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/motd (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/motd (revision 10119) @@ -0,0 +1,3 @@ +Stiching Wireless Leiden Node + +WWW: http://www.wirelessleiden.nl Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/newsyslog.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/newsyslog.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/newsyslog.conf (revision 10119) @@ -0,0 +1,46 @@ +# configuration file for newsyslog +# $FreeBSD: src/etc/newsyslog.conf,v 1.52.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +# Entries which do not specify the '/pid_file' field will cause the +# syslogd process to be signalled when that log file is rotated. This +# action is only appropriate for log files which are written to by the +# syslogd process (ie, files listed in /etc/syslog.conf). If there +# is no process which needs to be signalled when a given log file is +# rotated, then the entry for that file should include the 'N' flag. +# +# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'. +# +# Note: some sites will want to select more restrictive protections than the +# defaults. In particular, it may be desirable to switch many of the 644 +# entries to 640 or 600. For example, some sites will consider the +# contents of maillog, messages, and lpd-errs to be confidential. In the +# future, these defaults may change to more conservative ones. +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 * JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 * JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC +/var/log/sendmail.st 640 10 * 168 B +/var/log/weekly.log 640 5 1 $W6D0 JN +/var/log/wtmp 644 3 * @01T05 B +/var/log/xferlog 600 7 100 * JC +/var/log/pen_wrapper.log 644 3 100 * J +/var/log/wlportal.log 664 3 100 * J /var/run/wlportal.pid +/var/log/wlweb-access.log 644 3 100 * J +/var/log/wlweb-error.log 644 3 100 * J +/var/log/snmpd.log 644 3 100 * J /var/run/snmpd.pid +/var/log/thttpd.log 644 3 100 * J /var/run/thttpd.pid + + Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/nsswitch.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/nsswitch.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/nsswitch.conf (revision 10119) @@ -0,0 +1,16 @@ +# +# nsswitch.conf(5) - name service switch configuration file +# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# no NIS +group: compat +# group_compat: nis +hosts: files dns +networks: files +passwd: compat +# passwd_compat: nis +shells: files +services: compat +# services_compat: nis +protocols: files +rpc: files + Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/ntp.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/ntp.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/ntp.conf (revision 10119) @@ -0,0 +1,41 @@ +#XXX: Might need to be dynamic + +server 172.17.8.68 # proxy1 +server 172.17.143.4 # proxy2 +server 172.20.128.98 # proxy3 +server 172.16.2.254 # proxy4 +server 172.19.168.66 # proxy5 +server 172.16.3.146 # proxy6 +server 172.17.16.66 # proxy62 +server 172.17.0.1 # proxy7 +server 172.16.4.54 # proxy9 +server 172.22.0.66 # proxy10 +server 172.23.25.66 # proxy11 +server 172.16.3.98 # proxy13 +server 172.17.169.66 # proxy97 + +# and if all failes - use our local crummy clock +server 127.127.1.0 #stratum 10 +# Optional - to provide the surroundings +# with a accurate time - unsollicted. +# +# broadcast + +# This file is generated by 'ntp-genkey -d r' +# on any of the 3 time lords; and pulled +# from Genesis. +# +# keys /etc/ntp.keys + +# Limit the number of clients concurrent +# RQs' to the levels a simple not can +# sustain. Asumming 5Mbit this translates +# to some 5000 machines. + +# Ensure that our stats and drift files +# go to writable disk (/etc mounted RO +# on the flash-rom machines). +# +driftfile /var/db/ntp.drift + + Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/rc.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/rc.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/rc.conf (revision 10119) @@ -0,0 +1,70 @@ +## Building options +dumpdev="NO" # No kernel dumps as we don't have a place to + # store them +gateway_enable="YES" # Act like a gateway please +ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) + +# Firewall needed for port redirection (captive portal, splash screen) +firewall_enable="YES" +firewall_script="/etc/ipfw.sh" + +# NTP server needs working config with WL network or internet on boot +# so some warnings might pop up, but no harm +ntpdate_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" + +# We need no running mail server +sendmail_enable="NONE" + +# Don't let syslog accept input from other remote hosts +syslogd_enable="YES" +syslogd_flags="-s -A -c" + +# Remote login without DNS checking as it might not also be functionable +# -u0 prevent sshd from making DNS requests unless the authentication mechanism +# or configuration requires it. +sshd_enable="YES" +sshd_flags="-u0" + +# Don't update the motd as it not writeable, the update_nanobsd_motd is a +# simple wrapper found at /usr/local/etc/rc.d supporting this featureg +update_motd="NO" +update_nanobsd_motd="YES" + +## Port extentions +# Serve our clients some pretty cool IP address to at least get connected +# Also some low-memory footprint dns resolver +dnsmasq_enable="YES" + +# Monitoring deamons +nrpe2_enable="YES" +snmpd_enable="YES" +snmpd_flags="-a -LF w /var/log/snmpd.log" + +# Some nodes will serve as HTTP(S) proxy server +tinyproxy_enable="NO" + +## WL ports extentions +thttpd_enable="YES" +http302_enable="YES" + +lvrouted_enable="YES" +lvrouted_flags="-u -s s00p3rs3kr3t -m 28 -z 172.16.2.254,172.17.0.1,172.23.25.66,172.17.169.66" + +# Make sure generated ssh keys are saved +nanobsd_save_sshkeys_enable="YES" + +# Do some cool stuff with pen, like checking on best connections and reload, so +# need a wrapper instead of the conventional startup script +pen_wrapper_enable="YES" + +## Initial (network) configuration +# +hostname="ChangeMe.example.org" +# XXX: Maybe something cool (zero config) as initial configuration + +## Iperf server mode +# +iperf_enable="YES" Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/rc.d/syslogd =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/rc.d/syslogd (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/rc.d/syslogd (revision 10119) @@ -0,0 +1,74 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/syslogd,v 1.13.2.1.6.1 2010/12/21 17:09:25 kensmith Exp $ +# + +# PROVIDE: syslogd +# REQUIRE: mountcritremote cleanvar newsyslog +# BEFORE: SERVERS + +. /etc/rc.subr +name="syslogd" +rcvar=`set_rcvar` +pidfile="/var/run/syslog.pid" +command="/usr/sbin/${name}" +required_files="/etc/syslog.conf" +start_precmd="syslogd_precmd" +extra_commands="reload" +sockfile="/var/run/syslogd.sockets" + +inf=$(dig +short `hostname`) +command_args="-b $inf" + +evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +altlog_proglist="named" + +syslogd_precmd() +{ + local _l _ldir + + # Transitional symlink for old binaries + # + if [ ! -L /dev/log ]; then + ln -sf /var/run/log /dev/log + fi + rm -f /var/run/log + + # Create default list of syslog sockets to watch + # + ( umask 022 ; > $sockfile ) + + # If running named(8) or ntpd(8) chrooted, added appropriate + # syslog socket to list of sockets to watch. + # + for _l in $altlog_proglist; do + eval _ldir=\$${_l}_chrootdir + if checkyesno `set_rcvar $_l` && [ -n "$_ldir" ]; then + echo "${_ldir}/var/run/log" >> $sockfile + fi + done + + # If other sockets have been provided, change run_rc_command()'s + # internal copy of $syslogd_flags to force use of specific + # syslogd sockets. + # + if [ -s $sockfile ]; then + echo "/var/run/log" >> $sockfile + eval $evalargs + fi + + return 0 +} + +set_socketlist() +{ + local _s _socketargs + + _socketargs= + for _s in `cat $sockfile | tr '\n' ' '` ; do + _socketargs="-l $_s $_socketargs" + done + echo $_socketargs +} +load_rc_config $name +run_rc_command "$1" Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/ssh/ssh_config =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/ssh/ssh_config (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/ssh/ssh_config (revision 10119) @@ -0,0 +1,2 @@ +Host * + ForwardAgent yes Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/ssh/sshd_config =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/ssh/sshd_config (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/ssh/sshd_config (revision 10119) @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +# Note that some of FreeBSD's defaults differ from OpenBSD's, and +# FreeBSD has a few additional options. + +#VersionAddendum FreeBSD-20090522 + +#Port 22 +#Protocol 2 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to yes to enable built-in password authentication. +#PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable PAM authentication +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'no' to disable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/sysctl.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/sysctl.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/sysctl.conf (revision 10119) @@ -0,0 +1,8 @@ +# Value depends on link radio with estimated range of 500m, which seems to be a +# maximum usage of our Omni Antenna's. Calculation used: +# (remember radio signals travel with 300m/s) +# acktimeout = 23 + (link_length * 2 / 300) +dev.ath.0.slottime=23 +dev.ath.0.acktimeout=27 +dev.ath.0.ctstimeout=27 +net.link.ether.inet.max_age=300 Index: /branches/releng-9.0-ileiden/nanobsd/files/etc/syslog.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/etc/syslog.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/etc/syslog.conf (revision 10119) @@ -0,0 +1,32 @@ +# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +*.* @loghost.wleiden.net +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!startslip +*.* /var/log/slip.log +!ppp +*.* /var/log/ppp.log Index: /branches/releng-9.0-ileiden/nanobsd/files/root/.ssh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/root/.ssh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/root/.ssh (revision 10119) @@ -0,0 +1,1 @@ +link /etc/dot_ssh Index: /branches/releng-9.0-ileiden/nanobsd/files/root/.vimrc =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/root/.vimrc (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/root/.vimrc (revision 10119) @@ -0,0 +1,4 @@ +syntax on +set tabstop=4 +set shiftwidth=4 +set viminfo='50,n/tmp/viminfo Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/change_password =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/change_password (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/change_password (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/change_password,v 1.3.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +passwd root + +cfgslice=`grep '/cfg' /etc/fstab | cut -d \ -f 1` + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +cp /etc/master.passwd /etc/passwd /etc/pwd.db /etc/spwd.db /etc/group /cfg +umount /cfg +trap 1 2 15 EXIT Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/dhcpd_snmp.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) @@ -0,0 +1,15 @@ +#!/bin/sh +# Write dhcpd ranges to dhcpd-snmp.conf + +DHCPD="/usr/local/etc/dhcpd.conf" +DHSNMP="/usr/local/etc/dhcpd-snmp.conf" +INDEX="0" + +DHPOOL=`cat ${DHCPD} | grep range | awk '{print $2"-"$3}' | cut -d";" -f1` +for range in ${DHPOOL} +do + $((INDEX=INDEX+1)) + echo "`echo "pool:" $INDEX", pool"$INDEX", "$range | \ + sed 's/^.*(//'`" >> $DHSNMP +done + Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/find-nanostation =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/find-nanostation (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/find-nanostation (revision 10119) @@ -0,0 +1,17 @@ +#!/bin/sh +# Discover nanostation using CDPv1 packets +# Credits: http://sidewynder.blogspot.com/2005/07/tcpdump-filter-for-capturing-only.html + +if [ "x$1" = "x" ]; then + echo "Usage: $0 [count]" 1>&2 + echo "Find (lost) Nanostation IP using 'count' CDPv1 packet(s)" + echo "Normally CDPv1 packets get send every minute" 1>&2 + echo "Interface hints: `ifconfig -l`" 1>&2 + exit 1 +fi +IFACE=$1 +# By default the local and remote will announce a broadcast. +COUNT=${2-2} + + +tcpdump -nn -v -i $IFACE -s 1500 -c $COUNT 'ether[18:4] == 0x000c2000' Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/save_sshkeys =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/save_sshkeys (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/save_sshkeys (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/save_sshkeys,v 1.4.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +mkdir -p /cfg/ssh +( +cd /etc/ssh +cp ssh_host_* /cfg/ssh +) +umount /cfg +trap 1 2 15 EXIT Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/syslogd_flag.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/syslogd_flag.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/syslogd_flag.sh (revision 10119) @@ -0,0 +1,7 @@ +#!/bin/sh +# Set hostname for syslogd -b flag + +HOST=`cat /etc/rc.conf.local | grep hostname | cut -d'"' -f2` +sed -i "" -e /syslogd_flags=/s/localhost/${HOST}/ /etc/rc.conf + + Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/update =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/update (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/update (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Update the non-active partition, input will stdin if no argument given else a +# listing netcat sesion will be opened at the given port +# Can be used in the following setups: +# 1) Systems with CPU limits (e.g. no encryption and/or compression): +# ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper 3333 & +# cat nanobsd.image | nc node.example.org 3333 +# 2) Standard setup: +# cat nanobsd.image | ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper +# +# Licence: BSD http://wirelessleiden.nl/LICENSE +# +# Rick van der Zwet + +. /etc/nanobsd.conf + +ROOT=`cd $(dirname $0); pwd -P` + +# Find out which partion to use +mount | grep -q ${NANO_DRIVE}s1 && UPDATE=$ROOT/updatep2 || UPDATE=$ROOT/updatep1 + +if [ -z $1 ]; then + $UPDATE +else + nc -l $1 | $UPDATE +fi Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/updatep1 =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/updatep1 (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/updatep1 (revision 10119) @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep1,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 1 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep1 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s1 > /dev/null ; then + echo "You are running partition 1 already" + echo "you probably want to use 'updatep2' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s1 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s1 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s1a + +gpart set -a active -i 1 ${NANO_DRIVE} + Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/updatep2 =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/updatep2 (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/updatep2 (revision 10119) @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep2,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 2 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep2 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s2 > /dev/null ; then + echo "You are running partition 2 already" + echo "you probably want to use 'updatep1' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s2 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s2 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s2a + +# Update the /etc/fstab +trap "umount /mnt" 1 2 15 EXIT +mount /dev/${NANO_DRIVE}s2a /mnt +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/conf/base/etc/fstab +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/etc/fstab +umount /mnt +trap 1 2 15 EXIT + +gpart set -a active -i 2 ${NANO_DRIVE} + Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/wl-config =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/wl-config (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/wl-config (revision 10119) @@ -0,0 +1,272 @@ +#!/bin/sh +# Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd) +# Based on the 'API' of Jasper +# Rick van der Zwet +# XXX: TODO, some proper error checking for fetch + + +# Slow connection = no connection +export HTTP_TIMEOUT=3 + + +check_access() { + # Direct Access - Internal IP + BASEURL="http://172.16.4.46/wleiden/config/" + echo "# INFO: Trying to fetch via internal WL $BASEURL" + fetch -o /dev/null -q $BASEURL > /dev/null && return + echo "# WARN: Fetch via internal $BASEURL failed" + + # Direct Access - External DNS + BASEURL="http://132.229.112.21/wleiden/config/" + echo "# INFO: Trying to fetch via external $BASEURL" + fetch -o /dev/null -q $BASEURL > /dev/null && return + echo "# CRIT: Fetch via external $BASEURL failed" + + exit 1 +} +check_access + + +# Default config to fetch +CONFIG=`hostname -s` + +# Determine it's statup and running location and some other hints +# Skip named.conf as it not planned in current release +FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf motd wleiden.yaml" +file_details() { + case "$1" in + 'authorized_keys') + STARTUP_LOC="/cfg/dot_ssh/${FILE}" + RUNNING_LOC="/etc/dot_ssh/${FILE}" + FILE_HINT="" + ;; + 'motd') + STARTUP_LOC="/cfg/$1" + RUNNING_LOC="/etc/$1" + FILE_HINT="" + ;; + 'dnsmasq.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart" + ;; + 'named.conf') + STARTUP_LOC="/cfg/namedb/${FILE}" + RUNNING_LOC="/etc/namedb/${FILE}" + FILE_HINT="/etc/rc.d/named restart" + ;; + 'rc.conf.local') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="/etc/rc.d/netif restart" + ;; + 'resolv.conf') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="" + ;; + 'wleiden.yaml') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="" + ;; + esac +} + +usage() { + ( + echo "Usage: $0 [-bn] [-c ] [-m ]" + echo " -b = batch mode, no user input" + echo " -c = default configuration to fetch" + echo " -n = do not mount config partition" + echo " -m all = copy config files to running & config partition [default]" + echo " -m startup = copy config files to config partition" + echo " -m testing = do not copy config files" + echo " -m running = copy config files to running partition" + echo " -m hack = copy running files to config partition" + ) 1>&2 + exit 2 +} + +# Argument parsing using getopts +USE_API=1 # Whether or not to use the webinterface +OPT_MOUNT=1 +OPT_RUNNING=1 +OPT_STARTUP=1 +OPT_HACK=0 # Hack for people without configuration managment and testing +OPT_BATCH=0 + +parse_options() { + while getopts "bc:nm:" OPT; do + case "$OPT" in + b) OPT_BATCH=1;; + c) CONFIG="${OPTARG}";; + n) OPT_MOUNT=0;; + m) case "$OPTARG" in + all) true;; + live) OPT_STARTUP=0;; + startup) OPT_RUNNING=0;; + testing) OPT_RUNNING=0; OPT_STARTUP=0; OPT_MOUNT=0;; + hack) OPT_RUNNING=0; OPT_STARTUP=0; OPT_HACK=1; USE_API=0;; + *) usage;; + esac;; + h) usage;; + \?) usage;; + esac + done + # Allow to override automatic mounting, in case of external mount 'managment' + if [ "$1" = "-n" ]; then + OPT_MOUNT=0 + fi + + if [ "${OPT_RUNNING}" -eq 1 ]; then + echo "# INFO: Storing new config files in running configuration" + fi + + if [ "${OPT_STARTUP}" -eq 1 ]; then + echo "# INFO: Storing new config files in startup configuration" + fi + + if [ "${OPT_HACK}" -eq 1 ]; then + echo "# WARN: Copy running configuration to startup configuration" + echo "# WARN: Please do mind to document/mention this changes somewhere" + fi + + # New line before the real work gets started + echo "" +} + + + + +# test validity of input +config_validator() { + INPUT="$1" + `grep -q "^${INPUT}\$" ${TMPDIR}/node_list.txt` + if [ $? -eq 0 ]; then + return 0 + else + echo "WARNING: Input '${INPUT}' is not valid, some hints..." + grep -i "${INPUT}" ${TMPDIR}/node_list.txt + return 1 + fi +} + + + +select_node() { + # List of all available nodes + fetch -q -o ${TMPDIR}/node_list.txt ${BASEURL} || exit 1 + + # Provide Nodelist and feedback + cat ${TMPDIR}/node_list.txt | column + echo ' THIS script adds the config from GENESIS to this operating system' + echo ' make sure you know what you are doing, if not press control-C' + echo ' ENTER CONFIG NAME ......(and press enter)' + + if [ ${OPT_BATCH} -eq 1 ]; then + config_validator "${CONFIG}" + if [ $? -eq 1 ]; then + echo "ERROR: Please provide valid config" 1>&2 + exit 1 + fi + else + # Have the user to select the right node + INVALID_CONFIG=1 + while [ ${INVALID_CONFIG} -eq 1 ]; do + # Ask for node name, play around with prev option + echo -n "Name [${CONFIG}]: " + read INPUT + if [ -z "${INPUT}" ]; then + INPUT=${CONFIG} + else + CONFIG=${INPUT} + fi + + config_validator "${INPUT}" + if [ $? -eq 0 ]; then + INVALID_CONFIG=0 + fi + done + fi +} + + + + +# Copy file, saving some bits if no change needed +copy_file() { + NEWFILE=$1 + TARGET=$2 + diff -I '^# Generated at ' ${TARGET} ${NEWFILE} 2>/dev/null + if [ $? -ne 0 ]; then + mkdir -p `dirname ${TARGET}` || exit 1 + cp ${NEWFILE} ${TARGET} || exit 1 + return $? + fi + return 1 +} + +# Main function +main() { + TMPDIR=`mktemp -d -t $(basename $0)` + # Clear out tempdir when done + if [ ${OPT_MOUNT} -eq 1 ]; then + trap "rm -Rf ${TMPDIR}; umount /cfg; mount -ro noatime /; exit" 0 1 2 3 15 + else + trap "rm -Rf ${TMPDIR}; exit" 0 1 2 3 15 + + fi + + # Mount if requested + if [ ${OPT_MOUNT} -eq 1 ]; then + mount -uwo noatime / + mount /cfg + fi + + # Select node from web-interface + if [ ${USE_API} -eq 1 ]; then + select_node + fi + + # Worker, place all files in required directory + for FILE in ${FILES}; do + if [ ${USE_API} -eq 1 ]; then + # Fetch needed file + FRESH_LOC=${TMPDIR}/${FILE} + fetch -q -o ${FRESH_LOC} ${BASEURL}/${CONFIG}/${FILE} || exit 1 + fi + + # Needed file details, like locations and hints + file_details ${FILE} + + echo "# INFO: Working on file: '${FILE}'" + # Copy file boot location + if [ ${OPT_STARTUP} -eq 1 ]; then + copy_file ${FRESH_LOC} ${STARTUP_LOC} + fi + + # Copy file running location + if [ ${OPT_RUNNING} -eq 1 ]; then + copy_file ${FRESH_LOC} ${RUNNING_LOC} + if [ $? -eq 0 ]; then + echo "# INFO: '${FILE}' changed" + if [ -n "${FILE_HINT}" ]; then + echo "# INFO: For instant activate: ${FILE_HINT}" + echo "" + fi + fi + fi + + # Direct copy + if [ ${OPT_HACK} -eq 1 ]; then + # No checking, just dumb try to copy mode + cp -v ${RUNNING_LOC} ${STARTUP_LOC} + fi + done + + exit 0 +} + +parse_options $* +main Index: /branches/releng-9.0-ileiden/nanobsd/files/tools/wl-version =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/tools/wl-version (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/tools/wl-version (revision 10119) @@ -0,0 +1,35 @@ +#!/bin/sh +# Get bare minimal information of node, for the use of easy debugging +# Rick van der Zwet + +# Trac specific code +echo "----" +echo "{{{" + +# Introduction +echo "Generated by $USER@`hostname`" +echo "Date: `date`" + +# Kernel information +uname -a | fold + +# Mount information, for the use of checking which slize is usd +mount + +# static iinformation, on image, like build, time, who, +VERSION='/tools/wl-release.txt' +cat $VERSION + +if [ -r /VERSION ]; then + cat /VERSION + seperator +fi + +# Current ip configuration +ifconfig -a + +# XXX: Configuration specifics + +# Trac specific code +echo "}}}" +echo "----" Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/http302 =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/http302 (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/http302 (revision 10119) @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Only purpose is to send somebody to the Captive Portal +# +URL=${URL:-http://172.31.255.1/wlportal} + +# Send information to client +echo -e "HTTP/1.1 302 OK\r" +echo -e "Location: $URL\r" +echo -e "\r" + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/mvim =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/mvim (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/mvim (revision 10119) @@ -0,0 +1,10 @@ +#!/bin/sh +# +# Wrapper to support file hacking on read-only file systems more easily +# +# Rick van der Zwet + + +mount -uwo noatime || exit +vim $* +mount -uro noatime / Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/pen_wrapper =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) @@ -0,0 +1,121 @@ +#!/bin/sh +# Pen proxy wrapper, periodic check for best connections +# Stichting Wireless Leiden +# Rick van der Zwet + +BIND_ADDR=${1-172.31.255.1} +BIND_PORT=${2-3128} +DEBUG=0 + +#XXX: Really static list, some dynamic alternative prefered +PROXY_LIST="${3-172.17.8.68:3128 \ + 172.17.143.4:3128 \ + 172.20.128.98:3128 \ + 172.16.2.254:3128 \ + 172.19.168.66:3128 \ + 172.16.3.146:3128 \ + 172.17.16.66:3128 \ + 172.17.0.1:3128 \ + 172.16.4.54:3128 \ + 172.22.0.66:3128 \ + 172.23.25.66:3128 \ + 172.17.169.66:3128}" + + +TEST_URL="http://www.ams-ix.net/" +TEST_INTERVAL=`expr 30 \* 60` # Back-off period in seconds, re-testing period + + +# Don't touch, unless you know what you are doing +PIDFILE='/var/run/pen.pid' +PEN='/usr/local/bin/pen' +PEN_FLAGS="-b 30 -r -p ${PIDFILE} -o prio ${BIND_ADDR}:${BIND_PORT}" + +LOGFILE='/var/log/pen_wrapper.log' + +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + if [ ${DEBUG} -eq 0 ]; then + echo "${_msg}" >> ${LOGFILE} + else + echo "${_msg}" + fi +} + +d_log() { + if [ ${DEBUG} -ne 0 ]; then + log $* + fi +} + +test_proxy() +{ + # Set proxy + PROXY=$1 + PORT=$2 + URL=$3 + export HTTP_PROXY="${PROXY}:${PORT}" + + # Attempted fetch + retstr=`fetch -T 3 -o /dev/null ${URL} 2>&1` + retval=$? + + # Store to list if successfull + if [ "${retval}" -eq 0 ]; then + BPS=`echo "${retstr}" | awk '/Bps/ {printf $4}'` + echo "${BPS} ${PROXY}" >> ${TMPFILE} + fi + return $retval +} + +sort_proxies() +{ + # Result holder + TMPFILE=`mktemp -t pen_wrapper` + + for _host in ${PROXY_LIST}; do + PROXY=`echo $_host | cut -d ":" -f1` + PORT=`echo $_host | cut -d ":" -f2` + _msg="Fetching '${TEST_URL}' via '${PROXY}:${PORT}' ..." + test_proxy ${PROXY} ${PORT} ${TEST_URL} && d_log ${_msg} "OK" || d_log ${_msg} "FAILED" + done + + _proxylist=`sort -nr ${TMPFILE} | awk '{print $2}' | tr '\n' ' '` + _cfg="0:0:1:1" + if [ -n "${_proxylist}" ]; then + _prio="0" + _proxy_arg="" + for _proxy in ${_proxylist}; do + _prio=`expr ${_prio} + 1` + _proxy_arg="${_proxy_arg} ${_proxy}:${PORT}:${_cfg}:${_prio}" + done + fi + # Clear out junk + rm -f ${TMPFILE} + NEW_PROXY_LIST="${_proxy_arg}" +} + + +## +# Main loop +LIVE_PROXY_LIST='' +while true; do + sort_proxies + if [ "${LIVE_PROXY_LIST}" != "${NEW_PROXY_LIST}" ]; then + log "INFO: New listing to be configured '${NEW_PROXY_LIST}'" + d_log "Live: ${LIVE_PROXY_LIST}" + d_log "New : ${NEW_PROXY_LIST}" + # Pen should only be started if alias exists + ifconfig | grep -q ${BIND_ADDR} + if [ $? -eq 0 ]; then + if [ -r ${PIDFILE} ]; then + kill `cat ${PIDFILE}` + fi + ${PEN} ${PEN_FLAGS} ${NEW_PROXY_LIST} + LIVE_PROXY_LIST="${NEW_PROXY_LIST}" + fi + fi + sleep ${TEST_INTERVAL} +done Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/ssh-copy-id =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) @@ -0,0 +1,50 @@ +#!/bin/sh + +# Shell script to install your public key on a remote machine +# Takes the remote machine name as an argument. +# Obviously, the remote machine must accept password authentication, +# or one of the other keys in your ssh-agent, for this to work. + +ID_FILE="${HOME}/.ssh/id_rsa.pub" + +if [ "-i" = "$1" ]; then + shift + # check if we have 2 parameters left, if so the first is the new ID file + if [ -n "$2" ]; then + if expr "$1" : ".*\.pub" >/dev/null; then + ID_FILE="$1" + else + ID_FILE="$1.pub" + fi + shift # and this should leave $1 as the target name + fi +else + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then + GET_ID="$GET_ID ssh-add -L" + fi +fi + +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then + GET_ID="cat ${ID_FILE}" +fi + +if [ -z "`eval $GET_ID`" ]; then + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 + exit 1 +fi + +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 + +cat <&2 + exit $EX_NOINPUT +fi + +# Compare files, ignore white spaces, modification, etc +diff -b -B -q ${SRC} ${DST}; RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # 2: DST does not yet, exists, 1: file differs + mount -uwo noatime /cfg + mkdir -p /cfg/local + cp ${SRC} ${DST} +fi + +exit $EX_OK Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/dhcpd-snmp.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) @@ -0,0 +1,1 @@ +leases: /var/db/dhcpd.leases Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/dhcpd.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) @@ -0,0 +1,7 @@ +ddns-update-style none; + +subnet 192.168.2.0 netmask 255.255.255.0 { + option domain-name-servers 192.168.2.1 ; + option routers 192.168.2.1 ; + range 192.168.2.50 192.168.2.99 ; +} Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/nrpe.cfg =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) @@ -0,0 +1,14 @@ +server_port=5666 +allowed_hosts=172.16.4.46 +nrpe_user=nagios +nrpe_group=nagios +command_timeout=60 + +command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 +command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 +command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 15% -c 10% -p / +command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var +command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70 +command[check_inet]=/usr/local/libexec/nagios/check_inet +command[check_inet2]=/usr/local/libexec/nagios/check_inet2 +command[check_lv]=/usr/local/libexec/nagios/check_lv Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/ntp.drift =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) @@ -0,0 +1,1 @@ +0.000 Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/proxies.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) @@ -0,0 +1,12 @@ +172.17.8.68:3128 +172.17.143.4:3128 +172.20.128.98:3128 +172.16.2.254:3128 +172.19.168.66:3128 +172.16.3.146:3128 +172.17.16.66:3128 +172.17.0.1:3128 +172.16.4.54:3128 +172.22.0.66:3128 +172.23.25.66:3128 +172.17.169.66:3128 Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/http302 =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# PROVIDE: http301 +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# http302_enable="YES" +# +. /etc/rc.subr + +name=http302 +rcvar=`set_rcvar` + +command=/usr/local/bin/tcpserver +command_args="-R -H -l 0 172.31.255.1 8081 /usr/local/bin/http302 &" + +load_rc_config ${name} + +http301_enable=${http301_enable-"NO"} + +#### +# tcpserver does not generate a pid file + +run_rc_command "$1" + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/iperf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: iperf +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# iperf_enable="YES" +# +. /etc/rc.subr + +name=iperf +rcvar=`set_rcvar` + +command=/usr/local/bin/iperf +command_args="-s -D" + +load_rc_config ${name} + +iperf_enable=${iperf_enable-"NO"} + +#### +# iperf does not generate a pid file +# iperf_pidfile=${iperf_pidfile-"/var/run/.pid"} +# pidfile="${iperf_pidfile}" + +run_rc_command "$1" + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/lvrouted =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/lvrouted (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/lvrouted (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# +# PROVIDE: lvrouted +# REQUIRE: netif routing +# KEYWORD: nojail + +lvrouted_enable=${lvrouted_enable:-"NO"} +lvrouted_flags=${lvrouted_flags:-} + +. /etc/rc.subr + +name="lvrouted" +rcvar=`set_rcvar` +load_rc_config $name + +command="/usr/local/sbin/${name}" +pid_file="/var/run/${name}.pid" + +# Import proxies +wleiden_conf="/usr/local/etc/wleiden.conf" +if [ -r $wleiden_conf ]; then + . ${wleiden_conf} +fi + +# If there are proxies specified, them add them with the z flag +if [ -n "$PROXIES" ]; then + PROXIES=`echo ${PROXIES} | sed 's/\ /\,/g'` + lvrouted_flags="$lvrouted_flags -z $PROXIES" +fi + +start_precmd="lvrouted_flush_routes" + +# XXX: Needs to be a flag to disable +# XXX: lvrouted should mark their added routed protocol specific (see: man 8 route) +# lvrouted requires no route to exists before start as it is not able to alter +# old routes, so make it flush all dynamic generated routes +lvrouted_flush_routes() { + + # XXX: Does the looping bug still exists? + # Keep looping till we whiped _all_ dynamic generated routes + while true; do + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) { exit 1} }' + if [ $? -eq 0 ]; then + break + fi + echo "WARNING: Flushing all existing DYNAMIC routes" 1>&2 + netstat -nr -f inet | awk '{if ($3 ~ /.*D.*/) {print $1} }' | xargs -n 1 route delete + done +} + +run_rc_command "$1" + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/motd,v 1.9.10.1.4.1 2009/04/15 03:14:26 kensmith Exp $ +# + +# PROVIDE: nanobsd-motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="nanobsd_motd" +rcvar="update_nanobsd_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + echo -n 'Updating motd' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' ... /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + # XXX: Hack quick and dirty combine of /etc/rc.d/motd and /tools/savesshkeys + trap "umount /cfg" 1 2 15 EXIT + mount /cfg + cp $T /cfg/motd + chmod ${PERMS} /etc/motd + umount /cfg + trap 1 2 15 EXIT + + trap "mount -uro noatime /" 1 2 15 EXIT + mount -uwo noatime / + cp $T /etc/motd + chmod ${PERMS} /etc/motd + mount -uro noatime / + trap 1 2 15 EXIT + } + rm -f $T + + echo . +} + +load_rc_config $name +run_rc_command "$1" Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen +# REQUIRE: NETWORKING SERVERS sshd +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable nanobsd-save-sshkeys: +# +# nanobsd_save_sshkeys_enable="YES" +# + +. /etc/rc.subr + +name=nanobsd_save_sshkeys +rcvar=`set_rcvar` + +nanobsd_save_sshkeys_enable=${nanobsd_save_sshkeys_enable:-"NO"} + +start_cmd="save_sshkeys" +stop_cmd="save_sshkeys" + +save_sshkeys() { + MOUNTED_RW=0 + trap "umount /cfg" 1 2 15 EXIT + mount -ro noatime /cfg + for FILE in /etc/ssh/ssh_host_*; do + cmp -s $FILE /cfg/ssh/`basename ${FILE}` + if [ $? -ne 0 ]; then + if [ ${MOUNTED_RW} -eq 0 ]; then + mount -uwo noatime /cfg + mkdir -p /cfg/ssh + MOUNTED_RW=1 + fi + cp $FILE /cfg/ssh/`basename ${FILE}` + fi + done + + umount /cfg + trap 1 2 15 EXIT +} + + +load_rc_config $name +run_rc_command "$1" + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/pen_wrapper =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen_wrapper +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable pen: +# +# pen_wrapper_enable="YES" +# + +. /etc/rc.subr + +pen_wrapper_cmd() { + ${command_interpreter} ${command} & +} + +name=pen_wrapper +rcvar=`set_rcvar` +start_cmd=${name}_cmd + +command_interpreter="/bin/sh" +command=/usr/local/bin/pen_wrapper + +pen_wrapper_enable=${pen_wrapper_enable:-"NO"} +pen_wrapper_flags=${pen_wrapper_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/thttpd.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) @@ -0,0 +1,6 @@ +user=root +dir=/usr/local/www +cgipat=** +nochroot +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/tinyproxy.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User nobody +Group nogroup + +# +# Port to listen on. +# +Port 3128 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/local/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/local/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/local/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/local/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/local/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/local/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/local/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/local/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Info + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 172.16.0.0/12 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +#ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +#Filter "/etc/tinyproxy/filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/autologin.tmpl (revision 10119) @@ -0,0 +1,86 @@ + + + Welkom aan Boord van %(portal_sponsor)s || Connectiviteit door Stichting Wireless Leiden + + +
+ + +
+

%(status_msg)s

+

Welkom aan Boord met %(portal_sponsor)s

+ +%(portal_sponsor)s bied u in samenwerking met Stichting Wireless Leiden op deze locatie internet aan. Twee ``huisregels'': +
    +
  1. Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn +kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan +de Nederlandse wetgeving en geen schade toe te brengen of ongemak te +veroorzaken voor anderen.
    2. +
  2. Stichting Wireless Leiden en %(portal_sponsor)s accepteren geen enkele +aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of +verband houdt met het gebruik van het netwerk.
    3. +
+ +

+Wij wensen u nog een fijne dag,
+%(portal_sponsor)s & Stichting Wireless Leiden
+

PS: Voor de techneuten: TCP:80 (HTTP) en TCP:443 (HTTPS) zijn toegestaan
+ + +
+
+

Internettoegang

+

U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+ Gedetailleerde instructies kunt u vinden op onze website. +

+N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. + +

Eerlijk gebruikmaken van Wireless Leiden

+ Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+ De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+Geef hieronder aan of u accoord gaat met deze voorwaarden: +
+ + +
+ + +
+

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/config.yaml.sample (revision 10119) @@ -0,0 +1,6 @@ +whitelist: + - 00:11:22:33:44:55 + - 172.16.16.16 +portal_sponsor : Stichting Aalsmeer WestEinder +portal_url : http://www.aalsmeerwesteinder.nl +refresh_delay : 10 Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/login.tmpl =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/login.tmpl (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/etc/wlportal/login.tmpl (revision 10119) @@ -0,0 +1,71 @@ + + + Welkom bij Wireless Leiden captive portal + + + + + +

%(status_msg)s

+
+ For English see bottom of this page +

Eerlijk gebruikmaken van Wireless Leiden

+ 
+   A) Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. 
+   B) U dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+   C) De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+

Internet Toegang

+

Internetten op het Wireless Leiden netwerk kan op twee manieren:
+ N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. +

    +
  1. In uw browser een 'proxy' instellen. (in het algemeen sneller internet).
    2. +
  2. Gebruik maken van de iLeiden service (gemakkelijk voor mobiele apparaten).
    3. +
+ +
+ + +
+ +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+

+ N.B. Haal na gebruik de instellingen weer weg +

+ +

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser OR click on the button bellow.
+ To set the proxy for instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# HTTP proxy to use +HTTP_PROXY=http://proxy.wleiden.net:3128 + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Make variable global, so fetch can use it +export HTTP_PROXY + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '{ print $4 " " $5 }'` + +# What was the format of speed (Bps) +TYPE=`echo ${SPEEDOUT} | awk '{ print $5 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$TYPE" = "Bps" ]; then + + # Let's celebrate, it was successfull + echo "INET OK: $SPEED" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet2 =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) @@ -0,0 +1,31 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '/Bps/ { print $13 " " $14 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$SPEED" ]; then + + # Let's celebrate, it was successfull + printf "INET OK: $SPEED\n" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_lv =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) @@ -0,0 +1,107 @@ +#!/usr/local/bin/python + +import os +import re + +# Bsd config file +config="/etc/rc.conf.local" + +def gettrees () : + ip = [] + + # Run through all the files in /tmp + for filename in os.listdir('/tmp'): + + # Match lvrouted tree files and get ip address + # lvrouted.tree-172.16.4.9 + match = re.match(r'lvrouted.tree-(.*)$', filename) + if match: + + # append ip address to list + ip.append(match.group(1)) + + return ip + +# Get all ips in the subnet (based on ip and mask) +def iprange (ip, mask) : + + # Max number of bits in the subnetmask + max=32 + + # Make sure the mask is integer + mask=int(mask) + + # Don't do anything with certain subnet sizes + if mask > 27 and mask < 32 : + + # Make an ip list + iplist = [] + + # Split the ip + oc = ip.split(".") + + # Calculate the total subnet size + max = 2 ** ( max - mask ) + + # Make sure the last oclet of the ip is integer + oc[3] = int(oc[3]) + + # Calculate the lower end of the subnet + min = oc[3] - ( oc[3] % max ) + 1 + + # Calculate the upper end of the subnet + max = min + max - 2 + + # Run through all possible ip's + for oc3 in range(min, max): + + # Add Ip to iplist + iplist.append(str(oc[0]) + "." + str(oc[1]) + "." + str(oc[2]) + "." + str(oc3)) + + # Return the iplist to the caller + return iplist + +# Open the config file and run through it +file = open (config) +treeips = gettrees() +invalid = [] +rcips = [] + +for line in file.readlines(): + + # Get variable's out of the config file and validate it + match = re.match(r'ipv4_addrs_(.*?)="(.*?)/([\d]{1,2})(.*)"$', line) + if match: + + # Get info + iface = match.group(1) + ip = match.group(2) + mask = match.group(3) + + # Call iprange, get all ip's in the subnet + allips = iprange(ip, mask) + + # Don't iterate through empty list + if allips: + + valid=0 + + # Check if one of the ip's in the lvrouted list (one must be present) + for rangeip in allips: + if rangeip in treeips: + valid=1 + + if not valid: + invalid.append(iface) + +if invalid: + retval = "LV ERROR:" + for iface in invalid: + retval = retval + " " + iface + print retval + exit(2) +else: + print "LV OK" + exit(0) + + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/dhcpd-snmp =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) @@ -0,0 +1,452 @@ +#! /usr/bin/perl +# -------------------------------------------------------------------- +# Copyright (C) 2006 Oliver Hitz +# +# $Id: dhcpd-snmp.in,v 1.2 2006/01/25 19:26:00 oli Exp $ +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, +# MA 02111-1307, USA. +# -------------------------------------------------------------------- +# dhcpd-snmp +# +# An extension for polling the active and available lease counts of a +# running dhcpd. +# +# Please read the man page dhcpd-snmp(8) for instructions. +# -------------------------------------------------------------------- + +use Time::Local; +use strict; + +# The base OID of this extension. Has to match the OID in snmpd.conf: +my $baseoid = ".1.3.6.1.4.1.21695.1.2"; + +# Results are cached for some seconds so that an SNMP walk doesn't +# result in dhcpd.leases being parsed multiple times. +my $cache_secs = 60; + +# -------------------------------------------------------------------- + +my $mib; +my $mibtime; + +# Load configuration file +my $conf = read_configuration($ARGV[0]); + +# Switch on autoflush +$| = 1; + +# Main loop +while (my $cmd = ) { + chomp $cmd; + + if ($cmd eq "PING") { + print "PONG\n"; + } elsif ($cmd eq "get") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $mib = create_dhcp_mib(); + + if ($oid != 0 && defined($mib->{$oid})) { + print "$baseoid.$oid\n"; + print $mib->{$oid}[0]."\n"; + print $mib->{$oid}[1]."\n"; + } else { + print "NONE\n"; + } + } elsif ($cmd eq "getnext") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $found = 0; + + my $mib = create_dhcp_mib(); + my @s = sort { oidcmp($a, $b) } keys %{ $mib }; + for (my $i = 0; $i < @s; $i++) { + if (oidcmp($oid, $s[$i]) == -1) { + print "$baseoid.".$s[$i]."\n"; + print $mib->{$s[$i]}[0]."\n"; + print $mib->{$s[$i]}[1]."\n"; + $found = 1; + last; + } + } + if (!$found) { + print "NONE\n"; + } + } else { + # Unknown command + } +} + +exit 0; + +sub get_oid +{ + + my ($oid) = @_; + chomp $oid; + + my $base = $baseoid; + $base =~ s/\./\\./g; + + if ($oid !~ /^$base(\.|$)/) { + # Requested oid doesn't match base oid + return 0; + } + + $oid =~ s/^$base\.?//; + return $oid; +} + +sub oidcmp { + my ($x, $y) = @_; + + my @a = split /\./, $x; + my @b = split /\./, $y; + + my $i = 0; + + while (1) { + + if ($i > $#a) { + if ($i > $#b) { + return 0; + } else { + return -1; + } + } elsif ($i > $#b) { + return 1; + } + + if ($a[$i] < $b[$i]) { + return -1; + } elsif ($a[$i] > $b[$i]) { + return 1; + } + + $i++; + } +} + +sub create_dhcp_mib +{ + # We cache the results for $cache_secs seconds + if (time - $mibtime < $cache_secs) { + return $mib; + } + + # Read in all leases + read_leases(); + + my %dhcp = ( + "1" => [ "integer", 0 ], # Number of pools + ); + + foreach my $i (keys %{ $conf->{"pools"} }) { + $dhcp{"1"}[1]++; + + my $pool = $conf->{"pools"}->{$i}; + + $dhcp{"2.1.".$i} = [ "integer", $i ]; + $dhcp{"2.2.".$i} = [ "string", $pool->{"name"} ]; + $dhcp{"2.3.".$i} = [ "integer", $pool->{"total"} ]; + $dhcp{"2.4.".$i} = [ "integer", $pool->{"active"} ]; + $dhcp{"2.5.".$i} = [ "integer", $pool->{"expired"} ]; + $dhcp{"2.6.".$i} = [ "integer", $pool->{"total"} - $pool->{"active"} ]; + } + + $mib = \%dhcp; + $mibtime = time; + return $mib; +} + +sub ip2int { + my ($ip) = @_; + + if ($ip =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { + return 256*(256*(256*$1+$2)+$3)+$4; + } else { + return -1; + } +} + +sub read_leases +{ + # Clear leases + foreach my $i (keys %{ $conf->{"pools"} }) { + $conf->{"pools"}->{$i}->{"leases"} = (); + $conf->{"pools"}->{$i}->{"active"} = 0; + $conf->{"pools"}->{$i}->{"expired"} = 0; + } + + # Read leases + if (!open(LEASES, $conf->{"leases"})) { + printf STDERR "Unable to open leases file '%s'!\n", $conf->{leases}; + return; + } + + my %l = undef; + + while (my $line = ) { + if ($line =~ /^lease (\d+\.\d+\.\d+\.\d+) \{$/) { + my $ip = ip2int($1); + undef %l; + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + my $found = 0; + + foreach my $r (@{ $pool->{"ranges"} }) { + if (($ip >= $r->{"from"}) && ($ip <= $r->{"to"})) { + %l = ( "pool" => $i, "ip" => $ip ); + $found = 1; + last; + } + } + if ($found) { + last; + } + } + } elsif (defined %l && $line =~ /^\s+ends \d (\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+);$/) { + $l{"ends"} = timegm($6, $5, $4, $3, $2-1, $1); + } elsif (defined %l && $line =~ /^\s+ends never;$/) { + $l{"ends"} = -1; + } elsif (defined %l && $line =~ /^\}$/) { + $conf->{"pools"}->{$l{"pool"}}->{"leases"}->{$l{"ip"}} = $l{"ends"}; + } + } + + close(LEASES); + + # Count active and expired leases + my $now = time(); + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + + foreach my $ip (keys %{ $pool->{"leases"} }) { + my $end = $pool->{"leases"}->{$ip}; + if (($end == -1) || ($end >= $now)) { + $pool->{"active"}++; + } else { + $pool->{"expired"}++; + } + } + } +} + +sub read_configuration +{ + my ($f) = @_; + + my %conf = ( "leases" => undef, + "pools" => { } ); + + open C, "$f"; + while (my $l = ) { + $l =~ s/#.*//; + $l =~ s/^\s*//; + $l =~ s/\s*$//; + + if ($l eq "") { + next; + } + + if ($l =~ /^leases:\s*(\S+)$/) { + + $conf{"leases"} = $1; + + # Check if file is readable + if (open(LEASES, $conf{"leases"})) { + close(LEASES); + } else { + printf STDERR "Unable to open leases file '%s'!\n", $conf{"leases"}; + } + + } elsif ($l =~ /^pool:\s*(\d+)\s*,\s*("[^"]*"|[^"][^,]*)\s*,\s*(.*)$/) { + + # Read the pool definition + my %p = ( "index" => $1, + "name" => $2, + "ranges" => [ ], + "total" => 0, + "leases" => { } ); + + my @ranges = split /\s*,\s*/, $3; + + $p{"name"} =~ s/^\"//; + $p{"name"} =~ s/\"$//; + + foreach my $r (@ranges) { + if ($r !~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})-(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) { + printf STDERR "Invalid range definition '%s'.\n", $r; + next; + } + + my ($from, $to) = ($1, $2); + + my $fromip = ip2int($from); + my $toip = ip2int($to); + + if ($toip < $fromip) { + my $t = $toip; + $toip = $fromip; + $fromip = $t; + } + + $p{"total"} += $toip-$fromip+1; + + my %range = ( "from" => $fromip, + "to" => $toip ); + + push @{ $p{"ranges"} }, \%range; + } + + $conf{"pools"}{$p{"index"}} = \%p; + } else { + + printf STDERR "Invalid line '%s'.\n", $l; + + } + } + + return \%conf; +} + +__END__ + +=head1 NAME + +dhcpd-snmp + +=head1 SYNOPSIS + +dhcpd-snmp dhcpd-snmp.conf + +=head1 DESCRIPTION + +B is an extension for the Net-SNMP agent and the ISC DHCP +server. It allows you to monitor and track the address usage of your +dynamic IP address pools through SNMP. + +=head1 CONFIGURATION FILE + +The configuration file defines the location of the F +file as well as the pools of which you want to access the lease +counts. + +The file is in B format and allows only two keys: + +=over 8 + +=item B: C + +Location of the F file. This file needs to be accessible +by the script. + +=item B: C, C, C + +Defines a pool to monitor. C is a unique numeric index, +C a textual description of this pool, and C defines the ranges of IP addresses belonging to this +pool. + +=back + +Since this extension is a persistent script, changes to the +configuration file require a restart of snmpd. + +=head1 INSTALLATION + +After installing the B script and adapting the +configuration file, it is best to test it manually. This can be done +with the following dialog: + + PING + +The script should return "PONG". + + get + .1.3.6.1.4.1.21695.1.2.1 + +The script should return three lines: the OID, "integer", and the +number of configured pools. + + get + .1.3.6.1.4.1.21695.1.2.2.2.1 + +OID, "string", and the name of your first address pool. + + get + .1.3.6.1.4.1.21695.1.2.2.4.1 + +OID, "integer", and the number of active leases. + +Quit the dialog using CTRL-D. + +If everything works, insert the following line into your Net-SNMP's +B configuration file: + + pass_persist .1.3.6.1.4.1.21695.1.2 path/to/dhcpd-snmp path/to/dhcpd-snmp.conf + +Net-SNMP will need to be restarted after this change. + +You should now be able to get the statistics using F, for example: + + $ snmpwalk host community .1.3.6.1.4.1.21695.1.2 + +This should give you a list of the statistics of your DHCP server. + +=head1 MIB + +The script returns the following variables: + + .1.3.6.1.4.1.21695.1.2.1: number of configured pools + .1.3.6.1.4.1.21695.1.2.2.: pool description + .1.3.6.1.4.1.21695.1.2.3.: size of the pool (number of addresses) + .1.3.6.1.4.1.21695.1.2.4.: active leases + .1.3.6.1.4.1.21695.1.2.5.: expired leases + .1.3.6.1.4.1.21695.1.2.6.: available addresses (size - active leases) + +For a complete MIB file see the C directory in the source archive. + +=head1 SECURITY + +It is assumed that users of this script know how to properly secure +their snmpd. Please read the corresponding man pages on more +information about this. + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006 Oliver Hitz + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. + +=cut Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/lvrouted-test =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) @@ -0,0 +1,24 @@ +#!/bin/sh +# Richard van Mansom, richardvm@wirelessleiden.nl, March 2010 + +# Minimum number of non local routes. +VALID=1 + +# 1. Show routing table +# 2. Only show routes which includes subnets +# 3. Discard anything with a semicolon (MAC addresses and IPv6 addresses) +# 4. Discard anything which include the word 'link' (local routes). +# 5. Use word count (get number of lines) +COUNT=`netstat -rn | grep -E '[0-9]/[0-9]' | grep -v ':' | grep -v 'link' | wc -l'` + +# No have a look if the number of routes has passed the minimium threshold. +if [ ${COUNT} -gt ${VALID} ]; then + + # Display me if I have passed the threshold + echo "ROUTING OK: Got non local routes" +else + + # Display me if I didn't pased the threshold + echo "ROUTING CRITICAL: I don't have any non local routes" +fi + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/proxy-test.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) @@ -0,0 +1,25 @@ +#!/bin/sh + +PROXY=proxy.wleiden.net:3128 +URL=http://proxy-test.wirelessleiden.nl +FILE=/tmp/proxy-test.wirelessleiden.nl + +# Set proxy to escape the network +export HTTP_PROXY=${PROXY} + +# Fetch the website (curl not installed) +fetch -o ${FILE} ${URL} 2> /dev/null +if [ -w ${FILE} ]; then + retval=`cat ${FILE}` + rm ${FILE} +fi + +# Chech if website returns the expected result +if [ "$retval" = "1" ]; then + echo "WWW OK: Got a www website" + exit 0 +else + echo "WWW CRITICAL: Unable to fetch www website" + exit 2 +fi + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) @@ -0,0 +1,2978 @@ +-- ***************************************************************** +-- IEEE802dot11-MIB : +-- IEEE 802.11 Management Information Base file +-- +-- Nov 2002, Francis Pang +-- +-- Copyright (c) 2002 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +-- ********************************************************************** +-- * IEEE 802.11 Management Information Base +-- ********************************************************************** + +IEEE802dot11-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE,Integer32, Counter32, + Unsigned32 FROM SNMPv2-SMI + + DisplayString , MacAddress, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + + ifIndex FROM RFC1213-MIB; + +-- ********************************************************************** +-- * Tree Definition +-- ********************************************************************** + + member-body OBJECT IDENTIFIER ::= { iso 2 } + us OBJECT IDENTIFIER ::= { member-body 840 } + +-- ********************************************************************** +-- * MODULE IDENTITY +-- ********************************************************************** + +ieee802dot11 MODULE-IDENTITY + LAST-UPDATED "0208300000Z" + ORGANIZATION "IEEE 802.11" + CONTACT-INFO + "WG E-mail: stds-802-11@ieee.org + + Chair: Stuart J. Kerry + Postal: Philips Semiconductors, Inc. + 1109 McKay Drive + M/S 48 SJ + San Jose, CA 95130-1706 USA + Tel: +1 408 474 7356 + Fax: +1 408 474 7247 + E-mail: stuart.kerry@philips.com + + Editor: Bob O'Hara + Postal: Informed Technology, Inc. + 1750 Nantucket Circle, Suite 138 + Santa Clara, CA 95054 USA + Tel: +1 408 986 9596 + Fax: +1 408 727 2654 + E-mail: bob@informed-technology.com" + DESCRIPTION + "The MIB module for IEEE 802.11 entities. + iso(1).member-body(2).us(840).ieee802dot11(10036)" + ::= { us 10036 } + +-- ********************************************************************** +-- * Major sections +-- ********************************************************************** + +-- Station ManagemenT (SMT) Attributes + -- DEFINED AS "The SMT object class provides the necessary support + -- at the station to manage the processes in the station such that + -- the station may work cooperatively as a part of an IEEE 802.11 + -- network." + + dot11smt OBJECT IDENTIFIER ::= { ieee802dot11 1 } + + -- dot11smt GROUPS + -- dot11StationConfigTable ::= { dot11smt 1 } + -- dot11AuthenticationAlgorithmsTable ::= { dot11smt 2 } + -- dot11WEPDefaultKeysTable ::= { dot11smt 3 } + -- dot11WEPKeyMappingsTable ::= { dot11smt 4 } + -- dot11PrivacyTable ::= { dot11smt 5 } + -- dot11SMTnotification ::= { dot11smt 6 } + -- dot11MultiDomainCapabilityTable ::= { dot11smt 7 } + +-- MAC Attributes + -- DEFINED AS "The MAC object class provides the necessary support + -- for the access control, generation, and verification of frame + -- check sequences (FCSs), and proper delivery of valid data to + -- upper layers." + + dot11mac OBJECT IDENTIFIER ::= { ieee802dot11 2 } + + -- MAC GROUPS + -- reference IEEE Std 802.1f-1993 + -- dot11OperationTable ::= { dot11mac 1 } + -- dot11CountersTable ::= { dot11mac 2 } + -- dot11GroupAddressesTable ::= { dot11mac 3 } + +-- Resource Type ID + dot11res OBJECT IDENTIFIER ::= { ieee802dot11 3 } + dot11resAttribute OBJECT IDENTIFIER ::= { dot11res 1 } + +-- PHY Attributes + -- DEFINED AS "The PHY object class provides the necessary support + -- for required PHY operational information that may vary from PHY + -- to PHY and from STA to STA to be communicated to upper layers." + + dot11phy OBJECT IDENTIFIER ::= { ieee802dot11 4 } + + -- PHY GROUPS + -- dot11PhyOperationTable ::= { dot11phy 1 } + -- dot11PhyAntennaTable ::= { dot11phy 2 } + -- dot11PhyTxPowerTable ::= { dot11phy 3 } + -- dot11PhyFHSSTable ::= { dot11phy 4 } + -- dot11PhyDSSSTable ::= { dot11phy 5 } + -- dot11PhyIRTable ::= { dot11phy 6 } + -- dot11RegDomainsSupportedTable ::= { dot11phy 7 } + -- dot11AntennasListTable ::= { dot11phy 8 } + -- dot11SupportedDataRatesTxTable ::= { dot11phy 9 } + -- dot11SupportedDataRatesRxTable ::= { dot11phy 10 } + -- dot11PhyOFDMTable ::= { dot11phy 11 } + -- dot11PhyHRDSSSTable ::= { dot11phy 12 } + -- dot11EHCCHoppingPatternTable ::= { dot11phy 13 } + +-- ********************************************************************** +-- * Textual conventions from 802 definitions +-- ********************************************************************** + + WEPKeytype ::= OCTET STRING (SIZE (5)) + +-- ********************************************************************** +-- * MIB attribute OBJECT-TYPE definitions follow +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT Station Config Table +-- ********************************************************************** + +dot11StationConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Station Configuration attributes. In tablular form to + allow for multiple instances on an agent." + ::= { dot11smt 1 } + +dot11StationConfigEntry OBJECT-TYPE + SYNTAX Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11StationConfigTable. It is + possible for there to be multiple IEEE 802.11 interfaces + on one agent, each with its unique MAC address. The + relationship between an IEEE 802.11 interface and an + interface in the context of the Internet-standard MIB is + one-to-one. As such, the value of an ifIndex object + instance can be directly used to identify corresponding + instances of the objects defined herein. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11StationConfigTable 1 } + +Dot11StationConfigEntry ::= + SEQUENCE { + dot11StationID MacAddress, + dot11MediumOccupancyLimit INTEGER, + dot11CFPollable TruthValue, + dot11CFPPeriod INTEGER, + dot11CFPMaxDuration INTEGER, + dot11AuthenticationResponseTimeOut Unsigned32, + dot11PrivacyOptionImplemented TruthValue, + dot11PowerManagementMode INTEGER, + dot11DesiredSSID OCTET STRING, + dot11DesiredBSSType INTEGER, + dot11OperationalRateSet OCTET STRING, + dot11BeaconPeriod INTEGER, + dot11DTIMPeriod INTEGER, + dot11AssociationResponseTimeOut Unsigned32, + dot11DisassociateReason INTEGER, + dot11DisassociateStation MacAddress, + dot11DeauthenticateReason INTEGER, + dot11DeauthenticateStation MacAddress, + dot11AuthenticateFailStatus INTEGER, + dot11AuthenticateFailStation MacAddress, + dot11MultiDomainCapabilityImplemented TruthValue, + dot11MultiDomainCapabilityEnabled TruthValue, + dot11CountryString OCTET STRING } + +dot11StationID OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The purpose of dot11StationID is to allow a manager to + identify a station for its own purposes. This attribute + provides for that eventuality while keeping the true MAC + address independent. Its syntax is MAC address, and the + default value is the station's assigned, unique + MAC address." + ::= { dot11StationConfigEntry 1 } + +dot11MediumOccupancyLimit OBJECT-TYPE + SYNTAX INTEGER (0..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum amount of time, + in TU, that a point coordinator (PC) may control the usage + of the wireless medium (WM) without relinquishing control + for long enough to allow at least one instance of DCF access + to the medium. The default value of this attribute shall + be 100, and the maximum value shall be 1000." + ::= { dot11StationConfigEntry 2 } + +dot11CFPollable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that + the STA is able to respond to a CF-Poll with a data frame + within a SIFS time. This attribute shall be false if + the STA is not able to respond to a CF-Poll with a data + frame within a SIFS time." + ::= { dot11StationConfigEntry 3 } + +dot11CFPPeriod OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the number of DTIM intervals + between the start of CFPs. It is modified by + MLME-START.request primitive." + ::= { dot11StationConfigEntry 4 } + +dot11CFPMaxDuration OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the maximum duration of + the CFP in TU that may be generated by the PCF. It is + modified by MLME-START.request primitive." + ::= { dot11StationConfigEntry 5 } + +dot11AuthenticationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of time units (TUs) + that a responding STA should wait for the next frame in the + authentication sequence." + ::= { dot11StationConfigEntry 6 } + +dot11PrivacyOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the IEEE + 802.11 WEP option is implemented. The default value of + this attribute shall be false." + ::= { dot11StationConfigEntry 7 } + +dot11PowerManagementMode OBJECT-TYPE + SYNTAX INTEGER { active(1), powersave(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the power management + mode of the STA. When set to active, it shall + indicate that the station is not in power-save + (PS) mode. When set to powersave, it shall indicate + that the station is in power-save mode. The power + management mode is transmitted in all frames + according to the rules in 7.1.3.1.7." + ::= { dot11StationConfigEntry 8 } + +dot11DesiredSSID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute reflects the Service Set ID (SSID) + used in the DesiredSSID parameter of the most recent + MLME_Scan.request. This value may be modified + by an external management entity and used by the + local SME to make decisions about the Scanning + process." + ::= { dot11StationConfigEntry 9 } + +dot11DesiredBSSType OBJECT-TYPE + SYNTAX INTEGER { infrastructure(1), independent(2), any(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the type of BSS the + station shall use when scanning for a BSS with + which to synchronize. This value is used to filter + Probe Response frames and Beacons. When set to + infrastructure, the station shall only synchronize + with a BSS whose Capability Information field has + the ESS subfield set to 1. When set to independent, + the station shall only synchronize with a BSS whose + Capability Information field has the IBSS subfield + set to 1. When set to any, the station may + synchronize to either type of BSS." + ::= { dot11StationConfigEntry 10 } + +dot11OperationalRateSet OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..126)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the set of data + rates at which the station may transmit data. + Each octet contains a value representing a rate. + Each rate shall be within the range from 2 to 127, + corresponding to data rates in increments of + 500 kbit/s from 1 Mbit/s to 63.5 Mbit/s, and shall + be supported (as indicated in the supported rates + table) for receiving data. This value is reported in + transmitted Beacon, Probe Request, Probe Response, + Association Request, Association Response, + Reassociation Request, and Reassociation Response + frames, and is used to determine whether a BSS + with which the station desires to synchronize is + suitable. It is also used when starting a BSS, + as specified in 10.3." + ::= { dot11StationConfigEntry 11 } + +dot11BeaconPeriod OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TUs that + a station shall use for scheduling Beacon + transmissions. This value is transmitted in Beacon + and Probe Response frames." + ::= { dot11StationConfigEntry 12 } + +dot11DTIMPeriod OBJECT-TYPE + SYNTAX INTEGER(1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of beacon + intervals that shall elapse between transmission of + Beacons frames containing a TIM element whose DTIM + Count field is 0. This value is transmitted in + the DTIM Period field of Beacon frames." + ::= { dot11StationConfigEntry 13 } + +dot11AssociationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TU that a + requesting STA should wait for a response to a + transmitted association-request MMPDU." + ::= { dot11StationConfigEntry 14 } + +dot11DisassociateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Disassociation + frame. If no Disassociation frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 15 } + +dot11DisassociateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Disassociation frame. If no Disassociation + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 16 } + +dot11DeauthenticateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Deauthentication + frame. If no Deauthentication frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 17 } + +dot11DeauthenticateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Deauthentication frame. If no Deauthentication + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 18 } + +dot11AuthenticateFailStatus OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Status Code in a failed + Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.9" + ::= { dot11StationConfigEntry 19 } + +dot11AuthenticateFailStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + failed Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + ::= { dot11StationConfigEntry 20 } + +dot11MultiDomainCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of supporting + multiple regulatory domains. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 21 } + +dot11MultiDomainCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate in multiple + regulatory domains is enabled. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 22 } + +dot11CountryString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute identifies the country in which the + station is operating. The first two octets of this + string is the two character country code as described + in document ISO/IEC 3166-1. The third octet shall + be one of the following: + + 1. an ASCII space character, if the regulations under + which the station is operating encompass all + environments in the country, + + 2. an ASCII 'O' character, if the regulations under + which the station is operating are for an Outdoor + environment only, or + + 3. an ASCII 'I' character, if the regulations under + which the station is operating are for an Indoor + environment only." + ::= { dot11StationConfigEntry 23 } + +-- ********************************************************************** +-- * End of dot11StationConfig TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * AuthenticationAlgorithms TABLE +-- ********************************************************************** + +dot11AuthenticationAlgorithmsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes shall be a set of + all the authentication algorithms supported by the + stations. The following are the default values and the + associated algorithm: + Value = 1: Open System + Value = 2: Shared Key" + REFERENCE "IEEE Std 802.11-2002, 7.3.1.1" + ::= { dot11smt 2 } + +dot11AuthenticationAlgorithmsEntry OBJECT-TYPE + SYNTAX Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Authentication + Algorithms Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AuthenticationAlgorithmsIndex } + ::= { dot11AuthenticationAlgorithmsTable 1 } + +Dot11AuthenticationAlgorithmsEntry ::= + SEQUENCE { dot11AuthenticationAlgorithmsIndex Integer32, + dot11AuthenticationAlgorithm INTEGER, + dot11AuthenticationAlgorithmsEnable TruthValue } + +dot11AuthenticationAlgorithmsIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Authentication Algorithms Table." + ::= { dot11AuthenticationAlgorithmsEntry 1 } + +dot11AuthenticationAlgorithm OBJECT-TYPE + SYNTAX INTEGER { openSystem(1), sharedKey(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute shall be a set of all the authentication + algorithms supported by the STAs. The following are the + default values and the associated algorithm. + Value = 1: Open System + Value = 2: Shared Key" + ::= { dot11AuthenticationAlgorithmsEntry 2 } + +dot11AuthenticationAlgorithmsEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when true at a station, shall enable the acceptance + of the authentication algorithm described in the corresponding table + entry in authentication frames received by the station that have odd + authentication sequence numbers. The default value of this attribute + shall be 1 for the Open System table entry and 2 for all other table + entries." + ::= { dot11AuthenticationAlgorithmsEntry 3 } + +-- ********************************************************************** +-- * End of AuthenticationAlgorithms TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPDefaultKeys TABLE +-- ********************************************************************** + +dot11WEPDefaultKeysTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP default keys. This table shall + contain the four WEP default secret key values + corresponding to the four possible KeyID values. The WEP + default secret keys are logically WRITE-ONLY. Attempts to + read the entries in this table shall return unsuccessful + status and values of null or zero. The default value of + each WEP default key shall be null." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 3 } + +dot11WEPDefaultKeysEntry OBJECT-TYPE + SYNTAX Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Default Keys Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPDefaultKeyIndex} + ::= { dot11WEPDefaultKeysTable 1 } + +Dot11WEPDefaultKeysEntry ::= + SEQUENCE { dot11WEPDefaultKeyIndex INTEGER, + dot11WEPDefaultKeyValue WEPKeytype } + +dot11WEPDefaultKeyIndex OBJECT-TYPE + SYNTAX INTEGER (1..4) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Default Keys Table. + The value of this variable is equal to the WEPDefaultKeyID + 1" + ::= { dot11WEPDefaultKeysEntry 1 } + +dot11WEPDefaultKeyValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A WEP default secret key value." + ::= { dot11WEPDefaultKeysEntry 2 } + +-- ********************************************************************** +-- * End of WEPDefaultKeys TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPKeyMappings TABLE +-- ********************************************************************** + +dot11WEPKeyMappingsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP Key Mappings. The MIB supports + the ability to share a separate WEP key for each RA/TA + pair. The Key Mappings Table contains zero or one entry + for each MAC address and contains two fields for each + entry: WEPOn and the corresponding WEP key. The WEP key + mappings are logically WRITE-ONLY. Attempts to read the + entries in this table shall return unsuccessful status and + values of null or zero. The default value for all WEPOn + fields is false." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 4 } + +dot11WEPKeyMappingsEntry OBJECT-TYPE + SYNTAX Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Key Mappings Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPKeyMappingIndex } + ::= { dot11WEPKeyMappingsTable 1 } + +Dot11WEPKeyMappingsEntry ::= + SEQUENCE { dot11WEPKeyMappingIndex Integer32, + dot11WEPKeyMappingAddress MacAddress, + dot11WEPKeyMappingWEPOn TruthValue, + dot11WEPKeyMappingValue WEPKeytype, + dot11WEPKeyMappingStatus RowStatus } + +dot11WEPKeyMappingIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Key Mappings Table." + ::= { dot11WEPKeyMappingsEntry 1 } + +dot11WEPKeyMappingAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The MAC address of the STA for which the values from this + key mapping entry are to be used." + ::= { dot11WEPKeyMappingsEntry 2 } + +dot11WEPKeyMappingWEPOn OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Boolean as to whether WEP is to be used when communicating + with the dot11WEPKeyMappingAddress STA." + ::= { dot11WEPKeyMappingsEntry 3 } + +dot11WEPKeyMappingValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A WEP secret key value." + ::= { dot11WEPKeyMappingsEntry 4 } + +dot11WEPKeyMappingStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the WEP key + mapping Table." + DEFVAL { active } + ::= { dot11WEPKeyMappingsEntry 5 } + +-- ********************************************************************** +-- * End of WEPKeyMappings TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PrivacyTable TABLE +-- ********************************************************************** + +dot11PrivacyTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes concerned with IEEE 802.11 + Privacy. Created as a table to allow multiple + instantiations on an agent." + ::= { dot11smt 5 } + +dot11PrivacyEntry OBJECT-TYPE + SYNTAX Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PrivacyTable Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PrivacyTable 1 } + +Dot11PrivacyEntry ::= + SEQUENCE { dot11PrivacyInvoked TruthValue, + dot11WEPDefaultKeyID INTEGER, + dot11WEPKeyMappingLength Unsigned32, + dot11ExcludeUnencrypted TruthValue, + dot11WEPICVErrorCount Counter32, + dot11WEPExcludedCount Counter32 } + +dot11PrivacyInvoked OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that the IEEE + 802.11 WEP mechanism is used for transmitting frames of type + Data. The default value of this attribute shall be false." + ::= { dot11PrivacyEntry 1 } + +dot11WEPDefaultKeyID OBJECT-TYPE + SYNTAX INTEGER (0..3) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the use of the first, + second, third, or fourth element of the WEPDefaultKeys + array when set to values of zero, one, two, or three. The + default value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 2 } + +dot11WEPKeyMappingLength OBJECT-TYPE + SYNTAX Unsigned32 (10..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of tuples that dot11WEPKeyMappings can hold." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 3 } + +dot11ExcludeUnencrypted OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, the STA shall not indicate at + the MAC service interface received MSDUs that have the WEP + subfield of the Frame Control field equal to zero. When this + attribute is false, the STA may accept MSDUs that have the WEP + subfield of the Frame Control field equal to zero. The default + value of this attribute shall be false." + ::= { dot11PrivacyEntry 4 } + +dot11WEPICVErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to one and the value + of the ICV as received in the frame does not match the ICV value + that is calculated for the contents of the received frame." + ::= { dot11PrivacyEntry 5 } + +dot11WEPExcludedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to zero and the value + of dot11ExcludeUnencrypted causes that frame to be discarded." + ::= { dot11PrivacyEntry 6 } + +-- ********************************************************************** +-- * End of dot11Privacy TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT notification Objects +-- ********************************************************************** + +dot11SMTnotification OBJECT IDENTIFIER ::= { dot11smt 6 } + +dot11Disassociate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DisassociateReason, dot11DisassociateStation } + STATUS current + DESCRIPTION + "The disassociate notification shall be sent when the STA + sends a Disassociation frame. The value of the notification + shall include the MAC address of the MAC to which the Disassociation + frame was sent and the reason for the disassociation. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 1 } + +dot11Deauthenticate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DeauthenticateReason, dot11DeauthenticateStation } + STATUS current + DESCRIPTION + "The deauthenticate notification shall be sent when the STA + sends a Deauthentication frame. The value of the notification + shall include the MAC address of the MAC to which the Deauthentication + frame was sent and the reason for the deauthentication. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 2 } + +dot11AuthenticateFail NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11AuthenticateFailStatus, dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The authenticate failure notification shall be sent when the STA + sends an Authentication frame with a status code other than + 'successful'. The value of the notification + shall include the MAC address of the MAC to which the Authentication + frame was sent and the reason for the authentication failure. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 3 } + + +-- ********************************************************************** +-- * End of SMT notification Objects +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11MultiDomainCapability TABLE +-- ******************************************************************** + +dot11MultiDomainCapabilityTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes for + cross-domain mobility." + ::= { dot11smt 7 } + +dot11MultiDomainCapabilityEntry OBJECT-TYPE + SYNTAX Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Multiple Domain + Capability Table. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are + indexed by ifIndex." + INDEX { ifIndex, + dot11MultiDomainCapabilityIndex } + ::= { dot11MultiDomainCapabilityTable 1 } + +Dot11MultiDomainCapabilityEntry ::= + SEQUENCE { dot11MultiDomainCapabilityIndex Integer32, + dot11FirstChannelNumber Integer32, + dot11NumberofChannels Integer32, + dot11MaximumTransmitPowerLevel Integer32 } + +dot11MultiDomainCapabilityIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Multi Domain Capability Table." + ::= { dot11MultiDomainCapabilityEntry 1 } + +dot11FirstChannelNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the lowest + channel number in the subband for the associated domain + country string. The default value of this attribute + shall be zero." + ::= { dot11MultiDomainCapabilityEntry 2 } + +dot11NumberofChannels OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the total + number of channels allowed in the subband for the + associated domain country string. The default value of + this attribute shall be zero." + ::= { dot11MultiDomainCapabilityEntry 3 } + +dot11MaximumTransmitPowerLevel OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum transmit power, + in dBm, allowed in the subband for the associated domain + country string. The default value of this attribute shall + be zero." + ::= { dot11MultiDomainCapabilityEntry 4 } + +-- ******************************************************************** +-- * End of dot11MultiDomainCapability TABLE +-- ******************************************************************** + + +-- ********************************************************************** +-- * MAC Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11OperationTable TABLE +-- ********************************************************************** + +dot11OperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group contains MAC attributes pertaining to the operation + of the MAC. This has been implemented as a table in order + to allow for multiple instantiations on an agent." + ::= { dot11mac 1 } + +dot11OperationEntry OBJECT-TYPE + SYNTAX Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11OperationEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11OperationTable 1 } + +Dot11OperationEntry ::= + SEQUENCE { dot11MACAddress MacAddress, + dot11RTSThreshold INTEGER, + dot11ShortRetryLimit INTEGER, + dot11LongRetryLimit INTEGER, + dot11FragmentationThreshold INTEGER, + dot11MaxTransmitMSDULifetime Unsigned32, + dot11MaxReceiveLifetime Unsigned32, + dot11ManufacturerID DisplayString, + dot11ProductID DisplayString } + +dot11MACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Unique MAC Address assigned to the STA." + ::= { dot11OperationEntry 1 } + +dot11RTSThreshold OBJECT-TYPE + SYNTAX INTEGER (0..2347) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the number of octets in an MPDU, + below which an RTS/CTS handshake shall not be performed. An + RTS/CTS handshake shall be performed at the beginning of any + frame exchange sequence where the MPDU is of type Data or + Management, the MPDU has an individual address in the Address1 + field, and the length of the MPDU is greater than + this threshold. (For additional details, refer to Table 21 in + 9.7.) Setting this attribute to be larger than the maximum + MSDU size shall have the effect of turning off the RTS/CTS + handshake for frames of Data or Management type transmitted by + this STA. Setting this attribute to zero shall have the effect + of turning on the RTS/CTS handshake for all frames of Data or + Management type transmitted by this STA. The default value of + this attribute shall be 2347." + ::= { dot11OperationEntry 2 } + +dot11ShortRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is less + than or equal to dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 7." + ::= { dot11OperationEntry 3 } + +dot11LongRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is + greater than dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 4." + ::= { dot11OperationEntry 4 } + +dot11FragmentationThreshold OBJECT-TYPE + SYNTAX INTEGER (256..2346) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the current maximum size, in + octets, of the MPDU that may be delivered to the PHY. An MSDU + shall be broken into fragments if its size exceeds the value + of this attribute after adding MAC headers and trailers. An MSDU + or MMPDU shall be fragmented when the resulting frame has an + individual address in the Address1 field, and the length of the + frame is larger than this threshold. The default value for this + attribute shall be the lesser of 2346 or the aMPDUMaxLength of + the attached PHY and shall never exceed the lesser of 2346 or + the aMPDUMaxLength of the attached PHY. The value of this + attribute shall never be less than 256. " + ::= { dot11OperationEntry 5 } + +dot11MaxTransmitMSDULifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxTransmitMSDULifetime shall be the elapsed time in TU, + after the initial transmission of an MSDU, after which further + attempts to transmit the MSDU shall be terminated. The default + value of this attribute shall be 512." + ::= { dot11OperationEntry 6 } + +dot11MaxReceiveLifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxReceiveLifetime shall be the elapsed time in TU, + after the initial reception of a fragmented MMPDU or MSDU, + after which further attempts to reassemble the MMPDU or + MSDU shall be terminated. The default value shall be + 512." + ::= { dot11OperationEntry 7 } + +dot11ManufacturerID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ManufacturerID shall include, at a minimum, the name + of the manufacturer. It may include additional + information at the manufacturer's discretion. The default + value of this attribute shall be null." + ::= { dot11OperationEntry 8 } + +dot11ProductID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ProductID shall include, at a minimum, an identifier + that is unique to the manufacturer. It may include + additional information at the manufacturer's discretion. + The default value of this attribute shall be null." + ::= { dot11OperationEntry 9 } + +-- ********************************************************************** +-- * End of dot11OperationEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11Counters TABLE +-- ********************************************************************** + +dot11CountersTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes that are MAC counters. + Implemented as a table to allow for multiple + instantiations on an agent." + ::= { dot11mac 2 } + +dot11CountersEntry OBJECT-TYPE + SYNTAX Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11CountersEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11CountersTable 1 } + +Dot11CountersEntry ::= + SEQUENCE { dot11TransmittedFragmentCount Counter32, + dot11MulticastTransmittedFrameCount Counter32, + dot11FailedCount Counter32, + dot11RetryCount Counter32, + dot11MultipleRetryCount Counter32, + dot11FrameDuplicateCount Counter32, + dot11RTSSuccessCount Counter32, + dot11RTSFailureCount Counter32, + dot11ACKFailureCount Counter32, + dot11ReceivedFragmentCount Counter32, + dot11MulticastReceivedFrameCount Counter32, + dot11FCSErrorCount Counter32, + dot11TransmittedFrameCount Counter32, + dot11WEPUndecryptableCount Counter32 } + +dot11TransmittedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for an acknowledged MPDU + with an individual address in the address 1 field or an MPDU + with a multicast address in the address 1 field of type Data + or Management." + ::= { dot11CountersEntry 1 } + +dot11MulticastTransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment only when the multicast bit + is set in the destination MAC address of a successfully + transmitted MSDU. When operating as a STA in an ESS, where + these frames are directed to the AP, this implies having + received an acknowledgment to all associated MPDUs." + ::= { dot11CountersEntry 2 } + +dot11FailedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is not transmitted + successfully due to the number of transmit attempts exceeding + either the dot11ShortRetryLimit or dot11LongRetryLimit." + ::= { dot11CountersEntry 3 } + +dot11RetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after one or more retransmissions." + ::= { dot11CountersEntry 4 } + +dot11MultipleRetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after more than one retransmission." + ::= { dot11CountersEntry 5 } + +dot11FrameDuplicateCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received + that the Sequence Control field indicates is a + duplicate." + ::= { dot11CountersEntry 6 } + +dot11RTSSuccessCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is received in + response to an RTS." + ::= { dot11CountersEntry 7 } + +dot11RTSFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is not received in + response to an RTS." + ::= { dot11CountersEntry 8 } + +dot11ACKFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an ACK is not received + when expected." + ::= { dot11CountersEntry 9 } + +dot11ReceivedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for each successfully + received MPDU of type Data or Management." + ::= { dot11CountersEntry 10 } + +dot11MulticastReceivedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a MSDU is received + with the multicast bit set in the destination + MAC address." + ::= { dot11CountersEntry 11 } + +dot11FCSErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an FCS error is + detected in a received MPDU." + ::= { dot11CountersEntry 12 } + +dot11TransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment for each successfully transmitted MSDU." + ::= { dot11CountersEntry 13 } + +dot11WEPUndecryptableCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with + the WEP subfield of the Frame Control field set to one and the + WEPOn value for the key mapped to the TA's MAC address + indicates that the frame should not have been encrypted or + that frame is discarded due to the receiving STA not + implementing the privacy option." + ::= { dot11CountersEntry 14 } + +-- ********************************************************************** +-- * End of dot11CountersEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * GroupAddresses TABLE +-- ********************************************************************** + +dot11GroupAddressesTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual table containing a set of MAC addresses + identifying the multicast addresses for which this STA + will receive frames. The default value of this attribute + shall be null." + ::= { dot11mac 3 } + +dot11GroupAddressesEntry OBJECT-TYPE + SYNTAX Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Group Addresses Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11GroupAddressesIndex} + ::= { dot11GroupAddressesTable 1 } + +Dot11GroupAddressesEntry ::= + SEQUENCE { dot11GroupAddressesIndex Integer32, + dot11Address MacAddress, + dot11GroupAddressesStatus RowStatus } + +dot11GroupAddressesIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Group Addresses Table." + ::= { dot11GroupAddressesEntry 1 } + +dot11Address OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "MAC address identifying a multicast addresses + from which this STA will receive frames." + ::= { dot11GroupAddressesEntry 2 } + +dot11GroupAddressesStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the Group + Addresses Table." + DEFVAL { active } + ::= { dot11GroupAddressesEntry 3 } + +-- ********************************************************************** +-- * End of GroupAddress TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * Resource Type Attribute Templates +-- ********************************************************************** + +dot11ResourceTypeIDName OBJECT-TYPE + SYNTAX DisplayString (SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the name of the Resource Type ID managed object. + The attribute is read-only and always contains the value + RTID. This attribute value shall not be used as a naming + attribute for any other managed object class." + REFERENCE "IEEE Std 802.1F-1993, A.7" + DEFVAL { "RTID" } + ::= { dot11resAttribute 1 } + +-- ********************************************************************** +-- * dot11ResourceInfo TABLE +-- ********************************************************************** + +dot11ResourceInfoTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provides a means of indicating, in data readable from a + managed object, information that identifies the source of + the implementation." + REFERENCE "IEEE Std 802.1F-1993, A.7" + ::= { dot11resAttribute 2 } + +dot11ResourceInfoEntry OBJECT-TYPE + SYNTAX Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11ResourceInfo Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11ResourceInfoTable 1 } + +Dot11ResourceInfoEntry ::= + SEQUENCE { dot11manufacturerOUI OCTET STRING, + dot11manufacturerName DisplayString, + dot11manufacturerProductName DisplayString, + dot11manufacturerProductVersion DisplayString } + +dot11manufacturerOUI OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Takes the value of an organizationally unique identifier." + ::= { dot11ResourceInfoEntry 1 } + +dot11manufacturerName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer of the + resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 2 } + +dot11manufacturerProductName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer's product + name of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 3 } + +dot11manufacturerProductVersion OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Printable string used to identify the manufacturer's product + version of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 4 } + +-- ********************************************************************** +-- * End of dot11ResourceInfo TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * PHY Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyOperation TABLE +-- ********************************************************************** + +dot11PhyOperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "PHY level attributes concerned with + operation. Implemented as a table indexed on + + ifIndex to allow for multiple instantiations on an + Agent." + ::= { dot11phy 1 } + +dot11PhyOperationEntry OBJECT-TYPE + SYNTAX Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOperation Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOperationTable 1 } + +Dot11PhyOperationEntry ::= + SEQUENCE { dot11PHYType INTEGER, + dot11CurrentRegDomain Integer32, + dot11TempType INTEGER } + +dot11PHYType OBJECT-TYPE + SYNTAX INTEGER { fhss(1), dsss(2), irbaseband(3), ofdm(4), + hrdsss(5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an 8-bit integer value that identifies the PHY type + supported by the attached PLCP and PMD. Currently defined + values and their corresponding PHY types are: + + FHSS 2.4 GHz = 01 , DSSS 2.4 GHz = 02, IR Baseband = 03, + OFDM 5GHz = 04, HRDSSS = 05" + ::= { dot11PhyOperationEntry 1 } + +dot11CurrentRegDomain OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current regulatory domain this instance of the PMD is + supporting. This object corresponds to one of the + RegDomains listed in dot11RegDomainsSupported." + ::= { dot11PhyOperationEntry 2 } + +dot11TempType OBJECT-TYPE + SYNTAX INTEGER { tempType1(1), tempType2(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operating temperature requirements + dependent on the anticipated environmental conditions. This + attribute describes the current PHY's operating temperature + range capability. Currently defined values and their + corresponding temperature ranges are: + + Type 1 = X'01'-Commercial range of 0 to 40 degrees C, + + Type 2 = X'02'-Industrial range of -30 to 70 degrees C." + ::= { dot11PhyOperationEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOperation TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyAntenna TABLE +-- ********************************************************************** + +dot11PhyAntennaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for PhyAntenna. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an agent." + ::= { dot11phy 2} + +dot11PhyAntennaEntry OBJECT-TYPE + SYNTAX Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyAntenna Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyAntennaTable 1 } + +Dot11PhyAntennaEntry ::= + SEQUENCE { dot11CurrentTxAntenna Integer32, + dot11DiversitySupport INTEGER, + dot11CurrentRxAntenna Integer32 } + +dot11CurrentTxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to transmit. This value + is one of the values appearing in dot11SupportedTxAntenna. This + may be used by a management agent to control which antenna is + used for transmission. " + ::= { dot11PhyAntennaEntry 1 } + +dot11DiversitySupport OBJECT-TYPE + SYNTAX INTEGER { fixedlist(1), notsupported(2), dynamic(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This implementation's support for diversity, encoded as: + + X'01'-diversity is available and is performed over the fixed + list of antennas defined in dot11DiversitySelectionRx. + + X'02'-diversity is not supported. + + X'03'-diversity is supported and control of diversity is also + available, in which case the attribute + dot11DiversitySelectionRx can be dynamically modified by the + LME." + ::= { dot11PhyAntennaEntry 2 } + +dot11CurrentRxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to receive, if the dot11 + DiversitySupport indicates that diversity is not supported. + The selected antenna shall be one of the antennae marked + for receive in the dot11AntennasListTable." + ::= { dot11PhyAntennaEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyAntenna TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyTxPower TABLE +-- ********************************************************************** + +dot11PhyTxPowerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyTxPowerTable. Implemented + as a table indexed on STA ID to allow for multiple + instances on an Agent." + ::= { dot11phy 3} + +dot11PhyTxPowerEntry OBJECT-TYPE + SYNTAX Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyTxPower Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyTxPowerTable 1 } + +Dot11PhyTxPowerEntry ::= + SEQUENCE { dot11NumberSupportedPowerLevels INTEGER, + dot11TxPowerLevel1 INTEGER, + dot11TxPowerLevel2 INTEGER, + dot11TxPowerLevel3 INTEGER, + dot11TxPowerLevel4 INTEGER, + dot11TxPowerLevel5 INTEGER, + dot11TxPowerLevel6 INTEGER, + dot11TxPowerLevel7 INTEGER, + dot11TxPowerLevel8 INTEGER, + dot11CurrentTxPowerLevel INTEGER } + +dot11NumberSupportedPowerLevels OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of power levels supported by the PMD. + This attribute can have a value of 1 to 8." + ::= { dot11PhyTxPowerEntry 1 } + +dot11TxPowerLevel1 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL1 in mW. + This is also the default power level." + ::= { dot11PhyTxPowerEntry 2 } + +dot11TxPowerLevel2 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL2 in mW." + ::= { dot11PhyTxPowerEntry 3 } + +dot11TxPowerLevel3 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL3 in mW." + ::= { dot11PhyTxPowerEntry 4 } + +dot11TxPowerLevel4 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL4 in mW." + ::= { dot11PhyTxPowerEntry 5 } + +dot11TxPowerLevel5 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL5 in mW." + ::= { dot11PhyTxPowerEntry 6 } + +dot11TxPowerLevel6 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL6 in mW." + ::= { dot11PhyTxPowerEntry 7 } + +dot11TxPowerLevel7 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL7 in mW." + ::= { dot11PhyTxPowerEntry 8 } + +dot11TxPowerLevel8 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL8 in mW." + ::= { dot11PhyTxPowerEntry 9 } + +dot11CurrentTxPowerLevel OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The TxPowerLevel N currently being used to transmit data. + Some PHYs also use this value to determine the receiver + sensitivity requirements for CCA." + ::= { dot11PhyTxPowerEntry 10 } + +-- ********************************************************************** +-- * End of dot11PhyTxPower TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyFHSS TABLE +-- ********************************************************************** + +dot11PhyFHSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyFHSSTable. Implemented as a + table indexed on STA ID to allow for multiple instances on + an Agent." + ::= { dot11phy 4 } + +dot11PhyFHSSEntry OBJECT-TYPE + SYNTAX Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyFHSS Table. + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyFHSSTable 1 } + +Dot11PhyFHSSEntry ::= + SEQUENCE { dot11HopTime INTEGER, + dot11CurrentChannelNumber INTEGER, + dot11MaxDwellTime INTEGER, + dot11CurrentDwellTime INTEGER, + dot11CurrentSet INTEGER, + dot11CurrentPattern INTEGER, + dot11CurrentIndex INTEGER, + dot11EHCCPrimeRadix Integer32, + dot11EHCCNumberofChannelsFamilyIndex Integer32, + dot11EHCCCapabilityImplemented TruthValue, + dot11EHCCCapabilityEnabled TruthValue, + dot11HopAlgorithmAdopted INTEGER, + dot11RandomTableFlag TruthValue, + dot11NumberofHoppingSets Integer32, + dot11HopModulus Integer32, + dot11HopOffset Integer32 } + +dot11HopTime OBJECT-TYPE + SYNTAX INTEGER (224) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time in microseconds for the PMD to change from + channel 2 to channel 80." + ::= { dot11PhyFHSSEntry 1 } + +dot11CurrentChannelNumber OBJECT-TYPE + SYNTAX INTEGER (0..200) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current channel number of the frequency output by the RF + synthesizer." + ::= { dot11PhyFHSSEntry 2 } + +dot11MaxDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum time in TU that the transmitter + is permitted to operate on a single channel." + ::= { dot11PhyFHSSEntry 3 } + +dot11CurrentDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current time in TU that the transmitter shall operate + on a single channel, as set by the MAC. Default is 19 TU." + ::= { dot11PhyFHSSEntry 4 } + +dot11CurrentSet OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current set of patterns the PLME + is using to determine the hopping sequence. " + ::= { dot11PhyFHSSEntry 5 } + +dot11CurrentPattern OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current pattern the PLME is + using to determine the hop sequence." + ::= { dot11PhyFHSSEntry 6 } + +dot11CurrentIndex OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current index value the PLME is using to determine + the CurrentChannelNumber." + ::= { dot11PhyFHSSEntry 7 } + +dot11EHCCPrimeRadix OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the prime radix (N) in the HCC and + EHCC algorithms." + ::= { dot11PhyFHSSEntry 8 } + +dot11EHCCNumberofChannelsFamilyIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the maximum for the family index (a) + in the HCC and EHCC algorithms. The value of + this field shall not be less than the prime + radix minus 3 (N - 3). The valid range of + allowed values is (N - 1), (N - 2), and (N - 3)." + ::= { dot11PhyFHSSEntry 9 } + +dot11EHCCCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of generating + the HCC or EHCC algorithms for determining Hopping + patterns. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 10 } + +dot11EHCCCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate using the HCC + or EHCC algorithms for determining Hopping Patterns + is enabled. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 11 } + +dot11HopAlgorithmAdopted OBJECT-TYPE + SYNTAX INTEGER { crnt(1), hopindex(2), hcc(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates which of the algorithms + will be used to generate the Hopping Patterns. + Valid values are: + + 1 - hopping patterns as defined in clause 14 + 2 - hop index method (with or without table) + 3 - HCC/EHCC method" + ::= { dot11PhyFHSSEntry 12 } + +dot11RandomTableFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates that a Random Table is + present when the value is True. When the value is + False it indicates that a Random Table is not + present and that the hop index method is to be + used to determine the hopping sequence. The default + value of this attribute is True." + ::= { dot11PhyFHSSEntry 13 } + +dot11NumberofHoppingSets OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Number of Sets field indicates the total + number of sets within the hopping patterns." + ::= { dot11PhyFHSSEntry 14 } + +dot11HopModulus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of allowed channels for the hopping + set. This is defined by the governing regulatory + agency for the country code of the country + in which this device is operating." + ::= { dot11PhyFHSSEntry 15 } + +dot11HopOffset OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The next position in the hopping set." + ::= { dot11PhyFHSSEntry 16 } + +-- ********************************************************************** +-- * End of dot11PhyFHSS TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyDSSSEntry. Implemented as a + table indexed on ifIndex allow for multiple instances on + an Agent." + ::= { dot11phy 5 } + +dot11PhyDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyDSSSTable 1 } + +Dot11PhyDSSSEntry ::= + SEQUENCE { dot11CurrentChannel INTEGER, + dot11CCAModeSupported INTEGER, + dot11CurrentCCAMode INTEGER, + dot11EDThreshold Integer32 } + +dot11CurrentChannel OBJECT-TYPE + SYNTAX INTEGER (1..14) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current operating frequency channel of the DSSS + PHY. Valid channel numbers are as defined in 15.4.6.2" + ::= { dot11PhyDSSSEntry 1 } + +dot11CCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11CCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04 + or the logical sum of any of these values. This + attribute shall not be used to indicate the CCA modes + supported by a higher rate extension PHY. Rather, the + dot11HRCCAModeSupported attribute shall be used to + indicate the CCA modes of the higher rate extension PHY." + ::= { dot11PhyDSSSEntry 2 } + +dot11CurrentCCAMode OBJECT-TYPE + SYNTAX INTEGER { edonly(1), csonly(2), edandcs(4), cswithtimer(8), + hrcsanded(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current CCA method in operation. Valid values are: + energy detect only (edonly) = 01, + carrier sense only (csonly) = 02, + carrier sense and energy detect (edandcs)= 04 + carrier sense with timer (cswithtimer)= 08 + high rate carrier sense and energy detect (hrcsanded)=16." + ::= { dot11PhyDSSSEntry 3 } + +dot11EDThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current Energy Detect Threshold being used by the DSSS PHY." + ::= { dot11PhyDSSSEntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyIR TABLE +-- ********************************************************************** + +dot11PhyIRTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyIRTable. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an Agent." + ::= { dot11phy 6 } + +dot11PhyIREntry OBJECT-TYPE + SYNTAX Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyIR Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyIRTable 1 } + +Dot11PhyIREntry ::= + SEQUENCE { dot11CCAWatchdogTimerMax Integer32, + dot11CCAWatchdogCountMax Integer32, + dot11CCAWatchdogTimerMin Integer32, + dot11CCAWatchdogCountMin Integer32 } + +dot11CCAWatchdogTimerMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogCountMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 1 } + +dot11CCAWatchdogCountMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogTimerMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 2 } + +dot11CCAWatchdogTimerMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogTimerMax can be + set." + ::= { dot11PhyIREntry 3 } + +dot11CCAWatchdogCountMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogCount can be set." + ::= { dot11PhyIREntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyIR TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11RegDomainsSupported TABLE +-- ********************************************************************** + +dot11RegDomainsSupportedTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40', Others = X'00' " + ::= { dot11phy 7} + +dot11RegDomainsSupportedEntry OBJECT-TYPE + SYNTAX Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11RegDomainsSupportedTable. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11RegDomainsSupportedIndex } + ::= { dot11RegDomainsSupportedTable 1 } + +Dot11RegDomainsSupportedEntry ::= + SEQUENCE { dot11RegDomainsSupportedIndex Integer32, + dot11RegDomainsSupportedValue INTEGER } + +dot11RegDomainsSupportedIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the RegDomainsSupport Table." + ::= { dot11RegDomainsSupportedEntry 1 } + +dot11RegDomainsSupportedValue OBJECT-TYPE + SYNTAX INTEGER { fcc(16), doc(32), etsi(48), spain (49), france(50), + mkk (64) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40' " + ::= { dot11RegDomainsSupportedEntry 2 } + +-- ********************************************************************** +-- * End of dot11RegDomainsSupported TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11AntennasList TABLE +-- ********************************************************************** + +dot11AntennasListTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table represents the list of antennae. An antenna can be + marked to be capable of transmitting, receiving, and/or for + participation in receive diversity. Each entry in this table + represents a single antenna with its properties. The maximum + number of antennae that can be contained in this table is 255." + ::= { dot11phy 8 } + +dot11AntennasListEntry OBJECT-TYPE + SYNTAX Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11AntennasListTable, representing the properties + of a single antenna. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AntennaListIndex } + ::= { dot11AntennasListTable 1 } + +Dot11AntennasListEntry ::= + SEQUENCE { dot11AntennaListIndex Integer32, + dot11SupportedTxAntenna TruthValue, + dot11SupportedRxAntenna TruthValue, + dot11DiversitySelectionRx TruthValue } + +dot11AntennaListIndex OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index of an antenna which is used to identify the columnar + objects in the dot11AntennasList Table." + ::= { dot11AntennasListEntry 1 } + +dot11SupportedTxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used as a transmit antenna." + ::= { dot11AntennasListEntry 2 } + +dot11SupportedRxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by the + dot11AntennaIndex xan be used as a receive antenna." + ::= { dot11AntennasListEntry 3 } + +dot11DiversitySelectionRx OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used for receive diversity. This object + may only be true if the antenna can be used as a receive antenna, + as indicated by dot11SupportedRxAntenna." + ::= { dot11AntennasListEntry 4 } + +-- ********************************************************************** +-- * End of dot11AntennasList TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesTx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesTxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11phy 9 } + +dot11SupportedDataRatesTxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesTx + Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesTxIndex } + ::= { dot11SupportedDataRatesTxTable 1 } + +Dot11SupportedDataRatesTxEntry ::= + SEQUENCE { dot11SupportedDataRatesTxIndex Integer32, + dot11SupportedDataRatesTxValue Integer32 } + +dot11SupportedDataRatesTxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesTxEntry 1 } + +dot11SupportedDataRatesTxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11SupportedDataRatesTxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesTx TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesRx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesRxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'002-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11phy 10 } + +dot11SupportedDataRatesRxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesRx Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesRxIndex } + ::= { dot11SupportedDataRatesRxTable 1 } + +Dot11SupportedDataRatesRxEntry ::= + SEQUENCE { dot11SupportedDataRatesRxIndex Integer32, + dot11SupportedDataRatesRxValue Integer32 } + +dot11SupportedDataRatesRxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesRxEntry 1 } + +dot11SupportedDataRatesRxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11SupportedDataRatesRxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesRx TABLE +-- ********************************************************************** + +--********************************************************************** +-- * dot11PhyOFDM TABLE +--********************************************************************** + +dot11PhyOFDMTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyOFDMTable. Implemented as a + table indexed on ifindex to allow for multiple instances on + an Agent." + ::= { dot11phy 11 } + +dot11PhyOFDMEntry OBJECT-TYPE + SYNTAX Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOFDM Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOFDMTable 1 } + +Dot11PhyOFDMEntry ::= + SEQUENCE { dot11CurrentFrequency INTEGER, + dot11TIThreshold Integer32, + dot11FrequencyBandsSupported INTEGER } + +dot11CurrentFrequency OBJECT-TYPE + SYNTAX INTEGER (0..99) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of the current operating frequency channel of the OFDM PHY." + ::= { dot11PhyOFDMEntry 1 } + +dot11TIThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Threshold being used to detect a busy medium (frequency). + CCA shall report a busy medium upon detecting the RSSI above + this threshold." + ::= { dot11PhyOFDMEntry 2 } + +dot11FrequencyBandsSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The capability of the OFDM PHY implementation to operate in + the three U-NII bands. Coded as an integer value of a three + bit field as follows: + bit 0 .. capable of operating in the lower (5.15-5.25 GHz) + U-NII band + bit 1 .. capable of operating in the middle (5.25-5.35 GHz) + U-NII band + bit 2 .. capable of operating in the upper (5.725-5.825 GHz) + U-NII band + For example, for an implementation capable of operating in the + lower and mid bands this attribute would take the value 3." + ::= { dot11PhyOFDMEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOFDM TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyHRDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyHRDSSSEntry. + Implemented as a table indexed on ifIndex to allow for + multiple instances on an Agent." + ::= { dot11phy 12 } + +dot11PhyHRDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyHRDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyHRDSSSTable 1 } + +Dot11PhyHRDSSSEntry ::= + SEQUENCE { dot11ShortPreambleOptionImplemented TruthValue, + dot11PBCCOptionImplemented TruthValue, + dot11ChannelAgilityPresent TruthValue, + dot11ChannelAgilityEnabled TruthValue, + dot11HRCCAModeSupported INTEGER } + +dot11ShortPreambleOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the + short preamble option as defined in subclause 18.2.2.2 + is implemented. The default value of this attribute + shall be false." + ::= {dot11PhyHRDSSSEntry 1 } + +dot11PBCCOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the PBCC + modulation option as defined in subclause 18.4.6.6 is + implemented. The default value of this attribute shall + be false." + ::= {dot11PhyHRDSSSEntry 2 } + +dot11ChannelAgilityPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY is capable of + channel agility." + ::= { dot11PhyHRDSSSEntry 3 } + +dot11ChannelAgilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY channel agility + functionality is enabled." + ::= { dot11PhyHRDSSSEntry 4 } + +dot11HRCCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11HRCCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04, + carrier sense with timer (CS_and_Timer)= 08, + high rate carrier sense and energy detect + (HRCS_and_ED)= 16 + or the logical sum of any of these values. In + the high rate extension PHY, this attribute shall + be used in preference to the dot11CCAModeSupported + attribute." + ::= { dot11PhyHRDSSSEntry 5 } + +-- ********************************************************************** +-- * End of dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11 Hopping Pattern TABLE +-- ******************************************************************** + +dot11HoppingPatternTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of attributes necessary for + a frequency hopping implementation to be able to + create the hopping sequences necessary to operate + in the subband for the associated domain country string." + ::= { dot11phy 13 } + +dot11HoppingPatternEntry OBJECT-TYPE + SYNTAX Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Hopping Pattern Table + that indicates the random hopping sequence to be followed. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are indexed + by ifIndex." + INDEX { ifIndex, + dot11HoppingPatternIndex } + ::= { dot11HoppingPatternTable 1 } + +Dot11HoppingPatternEntry ::= + SEQUENCE { + dot11HoppingPatternIndex Integer32, + dot11RandomTableFieldNumber Integer32 } + +dot11HoppingPatternIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Hopping Pattern Table." + ::= { dot11HoppingPatternEntry 1} + +dot11RandomTableFieldNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the + starting channel number in the hopping sequence of + the subband for the associated domain country string. + The default value of this attribute shall be zero." + ::= { dot11HoppingPatternEntry 2} + +-- ********************************************************************** +-- * End of dot11 Hopping Pattern TABLE +--********************************************************************** + +-- ********************************************************************** +-- * Conformance Information +-- ********************************************************************** + +dot11Conformance OBJECT IDENTIFIER ::= { ieee802dot11 5 } +dot11Groups OBJECT IDENTIFIER ::= { dot11Conformance 1 } +dot11Compliances OBJECT IDENTIFIER ::= { dot11Conformance 2 } + +-- ********************************************************************** +-- * Compliance Statements +-- ********************************************************************** + +dot11Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities + that implement the IEEE 802.11 MIB." + MODULE -- this module + MANDATORY-GROUPS { + dot11SMTbase2, + dot11MACbase, dot11CountersGroup, + dot11SmtAuthenticationAlgorithms, + dot11ResourceTypeID, dot11PhyOperationComplianceGroup } + + GROUP dot11PhyDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of dsss. This group is + mutually exclusive with the groups dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyIRComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of irbaseband. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyFHSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of fhss. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyOFDMComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of ofdm. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyFHSSComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyHRDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of hrdsss. This group is + mutually exclusive with the groups + dot11PhyDSSSComplianceGroup, dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup and dot11PhyOFDMComplianceGroup." + + -- OPTIONAL-GROUPS { dot11SMTprivacy, dot11MACStatistics, + -- dot11PhyAntennaComplianceGroup, dot11PhyTxPowerComplianceGroup, + -- dot11PhyRegDomainsSupportGroup, + -- dot11PhyAntennasListGroup, dot11PhyRateGroup } + + ::= { dot11Compliances 1 } + +-- ********************************************************************** +-- * Groups - units of conformance +-- ********************************************************************** + +dot11SMTbase OBJECT-GROUP + OBJECTS { dot11StationID, dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut } + STATUS deprecated + DESCRIPTION + "The SMT object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 1 } + +dot11SMTprivacy OBJECT-GROUP + OBJECTS { dot11PrivacyInvoked, + dot11WEPKeyMappingLength, dot11ExcludeUnencrypted, + dot11WEPICVErrorCount , dot11WEPExcludedCount , + dot11WEPDefaultKeyID, + dot11WEPDefaultKeyValue, + dot11WEPKeyMappingWEPOn, + dot11WEPKeyMappingValue , dot11WEPKeyMappingAddress, + dot11WEPKeyMappingStatus } + STATUS current + DESCRIPTION + "The SMTPrivacy package is a set of attributes that shall be + present if WEP is implemented in the STA." + ::= { dot11Groups 2 } + +dot11MACbase OBJECT-GROUP + OBJECTS { dot11MACAddress, dot11Address, + dot11GroupAddressesStatus, + dot11RTSThreshold, dot11ShortRetryLimit, + dot11LongRetryLimit, dot11FragmentationThreshold, + dot11MaxTransmitMSDULifetime, + dot11MaxReceiveLifetime, dot11ManufacturerID, + dot11ProductID } + STATUS current + DESCRIPTION + "The MAC object class provides the necessary support for the + access control, generation, and verification of frame check + sequences (FCSs), and proper delivery of valid data to upper + layers." + ::= { dot11Groups 3 } + +dot11MACStatistics OBJECT-GROUP + OBJECTS { dot11RetryCount, dot11MultipleRetryCount, + dot11RTSSuccessCount, dot11RTSFailureCount, + dot11ACKFailureCount, dot11FrameDuplicateCount } + STATUS current + DESCRIPTION + "The MACStatistics package provides extended statistical + information on the operation of the MAC. This + package is completely optional." + ::= { dot11Groups 4 } + +dot11ResourceTypeID OBJECT-GROUP + OBJECTS { dot11ResourceTypeIDName, dot11manufacturerOUI, + dot11manufacturerName, dot11manufacturerProductName, + dot11manufacturerProductVersion } + STATUS current + DESCRIPTION + "Attributes used to identify a STA, its manufacturer, + and various product names and versions." + ::= { dot11Groups 5 } + +dot11SmtAuthenticationAlgorithms OBJECT-GROUP + OBJECTS { dot11AuthenticationAlgorithm, + dot11AuthenticationAlgorithmsEnable } + STATUS current + DESCRIPTION + "Authentication Algorithm Table." + ::= { dot11Groups 6 } + +dot11PhyOperationComplianceGroup OBJECT-GROUP + OBJECTS { dot11PHYType, dot11CurrentRegDomain, dot11TempType } + STATUS current + DESCRIPTION + "PHY layer operations attributes." + ::= { dot11Groups 7 } + +dot11PhyAntennaComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentTxAntenna, dot11DiversitySupport, + dot11CurrentRxAntenna } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 8 } + +dot11PhyTxPowerComplianceGroup OBJECT-GROUP + OBJECTS { dot11NumberSupportedPowerLevels, dot11TxPowerLevel1, + dot11TxPowerLevel2, dot11TxPowerLevel3, dot11TxPowerLevel4, + dot11TxPowerLevel5, dot11TxPowerLevel6, dot11TxPowerLevel7, + dot11TxPowerLevel8, dot11CurrentTxPowerLevel } + STATUS current + DESCRIPTION + "Attributes for Control and Management of transmit power." + ::= { dot11Groups 9 } + +dot11PhyFHSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex} + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11." + ::= { dot11Groups 10 } + +dot11PhyDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold} + STATUS current + DESCRIPTION + "Attributes that configure the DSSS for IEEE 802.11." + ::= { dot11Groups 11 } + +dot11PhyIRComplianceGroup OBJECT-GROUP + OBJECTS { dot11CCAWatchdogTimerMax, dot11CCAWatchdogCountMax, + dot11CCAWatchdogTimerMin, dot11CCAWatchdogCountMin} + STATUS current + DESCRIPTION + "Attributes that configure the baseband IR for IEEE 802.11." + ::= { dot11Groups 12 } + +dot11PhyRegDomainsSupportGroup OBJECT-GROUP + OBJECTS { dot11RegDomainsSupportedValue} + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 13} + +dot11PhyAntennasListGroup OBJECT-GROUP + OBJECTS { dot11SupportedTxAntenna, + dot11SupportedRxAntenna, dot11DiversitySelectionRx } + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 14 } + +dot11PhyRateGroup OBJECT-GROUP + OBJECTS { dot11SupportedDataRatesTxValue, + dot11SupportedDataRatesRxValue } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 15 } + +dot11CountersGroup OBJECT-GROUP + OBJECTS { dot11TransmittedFragmentCount, + dot11MulticastTransmittedFrameCount, + dot11FailedCount, dot11ReceivedFragmentCount, + dot11MulticastReceivedFrameCount, + dot11FCSErrorCount, + dot11WEPUndecryptableCount, + dot11TransmittedFrameCount } + STATUS current + DESCRIPTION + "Attributes from the dot11CountersGroup that are not described + in the dot11MACStatistics group. These objects are + mandatory." + ::= { dot11Groups 16 } + +dot11NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { dot11Disassociate, + dot11Deauthenticate, + dot11AuthenticateFail } + STATUS current + DESCRIPTION + "IEEE 802.11 notifications" + ::= { dot11Groups 17 } + +dot11SMTbase2 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The SMTbase2 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 18 } + +dot11PhyOFDMComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentFrequency, + dot11TIThreshold, + dot11FrequencyBandsSupported } + STATUS current + DESCRIPTION + "Attributes that configure the OFDM for IEEE 802.11." + ::= { dot11Groups 19 } + +dot11SMTbase3 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation, + dot11MultiDomainCapabilityImplemented, + dot11MultiDomainCapabilityEnabled, + dot11CountryString } + STATUS current + DESCRIPTION + "The SMTbase3 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network, when the STA + is capable of multi-domain operation. This object group should be + implemented when the multi-domain capability option is implemented." + ::= { dot11Groups 20 } + +dot11MultiDomainCapabilityGroup OBJECT-GROUP + OBJECTS { dot11FirstChannelNumber, + dot11NumberofChannels, + dot11MaximumTransmitPowerLevel } + STATUS current + DESCRIPTION + "The dot11MultiDomainCapabilityGroup object class provides + the objects necessary to manage the channels usable by a STA, + when the multi-domain capability option is implemented." + ::= { dot11Groups 21 } + +dot11PhyFHSSComplianceGroup2 OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex, dot11EHCCPrimeRadix, + dot11EHCCNumberofChannelsFamilyIndex, + dot11EHCCCapabilityImplemented, dot11EHCCCapabilityEnabled, + dot11HopAlgorithmAdopted, dot11RandomTableFlag, + dot11NumberofHoppingSets, dot11HopModulus, + dot11HopOffset, dot11RandomTableFieldNumber } + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11 when multi-domain capability option is implemented." + ::= { dot11Groups 22 } + +dot11PhyHRDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold, + dot11ShortPreambleOptionImplemented, + dot11PBCCOptionImplemented, dot11ChannelAgilityPresent, + dot11ChannelAgilityEnabled, dot11HRCCAModeSupported } + STATUS current + DESCRIPTION + "Attributes that configure the HRDSSS for IEEE 802.11." + ::= { dot11Groups 23 } + +-- ********************************************************************** +-- * End of 802.11 MIB +-- ********************************************************************** + +END + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/share/snmp/snmpd.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) @@ -0,0 +1,92 @@ +# snmpd.conf + +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec local localhost public +com2sec mynetwork 172.16.0.0/12 public +com2sec mynetwork 10.0.0.0/8 public +com2sec mynetwork 192.168.0.0/16 public + + + +# Second, map the security names into group names: + +# sec.model sec.name +group MyRWGroup v1 local +group MyRWGroup v2c local +group MyRWGroup usm local +group MyROGroup v1 mynetwork +group MyROGroup v2c mynetwork +group MyROGroup usm mynetwork + + +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 + + +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + + +# System contact information + +sysLocation Somewhere in or near Leiden +sysContact Stichting Wireless Leiden / +31 71 5139817 + + +# Process checks. + +# name max min +proc lvrouted.opt 1 1 +proc sshd 8 1 +proc syslogd 1 1 +proc ntpd 1 1 +proc snmpd 1 1 +proc dhcpd 1 1 +proc pen 1 1 +proc cron 2 1 +proc named 1 1 + + +# disk checks + +# path min +#disk / 90% +#disk /var 80% +#disk /usr 80% +#disk /tmp 60% +includeAllDisks 85% + + +# load average checks + +# 1max 5max 15max +load 12 14 14 + + +# Pass through control + +# miboid exec-command +pass .1.3.6.1.4.1.2021.50 /usr/local/nagios/bin/processor + +pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf + +extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh +extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh + +extend .1.3.6.1.4.1.2021.70 dhcp-users /bin/sh -c "/bin/cat /var/db/dnsmasq.leases \| awk '{ print $1,$2,$3 }'" +extend .1.3.6.1.4.1.2021.71 portal-users /bin/sh -c "/bin/cat /var/db/clients \| awk '{ print $1,$2,$3 }'" +extend .1.3.6.1.4.1.2021.72 arp-users /bin/sh -c "/bin/cat /var/db/connect.gone \| awk '{ print $1,$2,$3 }'" + +extend wl-release /bin/cat /tools/wl-release.txt +extend wl-version /usr/bin/awk 'BEGIN{FS=": "}/^URL:/ {u=$2}; /^Last Changed Rev:/ {r=$2}; END{print u"@"r}' /tools/wl-release.txt + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/index.html =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/index.html (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/index.html (revision 10119) @@ -0,0 +1,8 @@ + + + + + + Wireless Leiden + + Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/wlportal/index.cgi =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) @@ -0,0 +1,425 @@ +#!/usr/bin/env python +# +# Wrap me around tcpserver or inetd, example usage for tcpserver (debug): +# tcpserver -HRl localhost 172.31.255.1 /root/wlportal.py +# +# Or put me in a CGI script in for example thttpd server: +# +# = Usage = +# This is a wrapper script which does very basic HTML parsing and altering of +# ipfw tables rules to build a basic Captive Portal, with basic sanity +# checking. The ACL is IP based (this is a poor mans solution, layer2 +# ACL would be much better), so don't take security very seriously. +# +# To get traffic by default to the portal iI requires a few special rules in +# ipfw to work properly (ajust IP details if needed): +# - Rule 10010-10099 needs to be free. +# - add 10100 fwd 172.20.145.1,8081 tcp from any to not 172.16.0.0/12 dst-port 80 in via wlan0 +# +# Enties older than 5 minutes not being used will be removed if the (hidden) +# argument action=cleanup is given as GET variable. So having this in cron (would fix it): +# */5 * * * * /usr/bin/fetch -q http://172.31.255.1/wlportal?action=cleanup +# +# XXX: The whitelist entries first needs to contact the wlportal.py to get +# added to the whitelist, this may cause issues during initial setup and hence +# it might be advised to create a block of static whitelist IP addresses which +# get added during boot and will never disappear. +# +# The program has uses a file based persistent cache to save authenticated +# ACLs, this will NOT get synced after a reboot. +# +# State : ALPHA +# Version : $Id$ +# Author : Rick van der Zwet +# Licence : BSDLike http://wirelessleiden.nl/LICENSE + +import logging +import os +import pickle +import re +import signal +import subprocess +import sys +import time +import traceback +import urlparse +import yaml + +# XXX: Make me dynamic for example put me in the conf file +conf = { + 'autologin' : False, + 'cmd_arp' : '/usr/sbin/arp', + 'cmd_fw' : '/sbin/ipfw', + 'portal_sponsor': 'Sponsor van Stichting Wireless Leiden', + 'portal_url' : 'http://www.wirelessleiden.nl', + 'portalroot' : '172.31.255.1', + 'refresh_delay' : 5, + 'tmpl_autologin': '/usr/local/etc/wlportal/autologin.tmpl', + 'tmpl_login' : '/usr/local/etc/wlportal/login.tmpl', + 'whitelist' : [], +} + + +logging.basicConfig(stream=open('/var/log/wlportal.log','a'),level=logging.DEBUG) + +# No failback if config does not exist, to really make sure the user knows if +# the config file failed to parse properly or is non-existing +# XXX: 5xx error code perhaps? +try: + conf.update(yaml.load(open('/usr/local/etc/wlportal/config.yaml'))) +except Exception,e: + logging.error(traceback.format_exc()) + + +class ItemCache: + """ + Very basic ItemCache used for caching registered entries and other foo, no + way recurrent, so use with care! + """ + + def __init__(self, authentication_timeout=60): + self.cachefile='/tmp/portal.cache' + # cache[mac_address] = (ipaddr, registered_at, last_seen) + self.cache = None + self.arp_cache = None + self.now = time.time() + self.authentication_timeout = authentication_timeout + + def delete_all(self): + self.cache = {} + self.save() + + def delete(self,ipaddr): + self.load() + for mac in self.cache.keys(): + if self.cache[mac][0] == ipaddr: + del self.cache[mac] + self.save() + + + def load(self): + """ Request cached file entries """ + if self.cache == None: + try: + self.cache = pickle.load(open(self.cachefile,'r')) + except IOError: + self.cache = {} + pass + + def load_arp_cache(self): + """ Provide with listing of MAC to IP numbers """ + if self.arp_cache == None: + output = subprocess.Popen([conf['cmd_arp'],'-na'], stdout=subprocess.PIPE).communicate()[0] + self.arp_cache = {} + for line in output.strip().split('\n'): + # ? (172.20.145.30) at 00:21:e9:e2:7c:c6 on wlan0 expires in 605 seconds [ethernet] + if not 'expires' in line: + continue + t = re.split('[ ()]',line) + ip, mac = t[2],t[5] + self.arp_cache[ip] = mac + + def get_mac(self,ipaddr): + self.load_arp_cache() + try: + return self.arp_cache[ipaddr] + except KeyError: + return None + + def add(self,ipaddr): + """ Add entry to cache (on file) and return entry""" + self.load() + self.load_arp_cache() + self.cache[self.arp_cache[ipaddr]] = (ipaddr, self.now, self.now) + logging.debug("Adding Entry to Cache %s -> %s" % (ipaddr, self.arp_cache[ipaddr])) + self.save() + + def save(self): + """ Sync entries to disk """ + # XXX: Should actually check if entry has changed at all + pickle.dump(self.cache, open(self.cachefile,'w')) + + def update(): + """ Update entries with relevant ARP cache """ + self.load() + self.load_arp_cache() + # Update last_seen time for currently active entries + for ip,mac in self.arp_cache.iteritems(): + if self.cache.has_key(mac): + self.cache[mac][3] = now + + # cleanup no longer used entries, after authentication_timeout seconds. + for mac in self.cache: + if self.cache[mac][3] < self.now - self.authentication_timeout: + del self.cache[mac] + + # Sync results to disk + self.save() + return self.cache + + def get_cache(self): + self.load() + return self.cache + + def get_arp_cache(self): + self.load_arp_cache() + return self.arp_cache + + +class FirewallControl: + def __init__(self): + self.first_rule = 10010 + self.last_rule = 10099 + self.available_rule = self.first_rule + self.logger = '' + + + def load(self): + # Get all registered ips + sp = subprocess.Popen([conf['cmd_fw'],'show','%i-%i' % (self.first_rule, self.last_rule)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + output = sp.communicate()[0] + self.ip_in_firewall = {} + if sp.returncode == 0: + # 10010 32 1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12 dst-port 80 + for line in output.strip().split('\n'): + t = line.split() + rule, ip = t[0], t[6] + self.ip_in_firewall[ip] = rule + + if self.available_rule == int(rule): + self.available_rule += 1 + else: + # XXX: Some nagging about no rules beeing found perhaps? + pass + + def cleanup(self): + """ Cleanup Old Entries, mostly used for maintenance runs """ + self.load() + # Make sure cache matches the latest ARP version + itemdb = ItemCache() + cache = itemdb.get_cache() + valid_ip = itemdb.get_arp_cache() + + # Check if all ipfw allowed entries still have the same registered MAC address + # else assume different user and delete. + for ip,rule in self.ip_in_firewall.iteritems(): + delete_entry = False + + # Make sure IP is still valid + if not valid_ip.has_key(ip): + delete_entry = True + # Also MAC needs to exists in Cache + elif not cache.has_key(valid_ip[ip]): + delete_entry = True + # IP need to match up with registered one + elif not cache[valid_ip[ip]][0] == ip: + delete_entry = True + + # Delete entry if needed + if delete_entry: + output = subprocess.Popen([conf['cmd_fw'],'delete',str(rule)], stdout=subprocess.PIPE).communicate()[0] + self.logger += "Deleting ipfw entry %s %s\n" % (rule, ip) + logging.debug('Deleting ipfw entry %s %s\n' % (rule, ip)) + + + def add(self,ipaddr): + """ Add Entry to Firewall, False if already exists """ + self.load() + if not self.ip_in_firewall.has_key(ipaddr): + rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12 dst-port 80".split() + rule[0] = str(self.available_rule) + rule[4] = str(ipaddr) + logging.debug("Addding %s" % " ".join(rule)) + output = subprocess.Popen([conf['cmd_fw'],'add'] + rule, stdout=subprocess.PIPE).communicate()[0] + itemdb = ItemCache() + itemdb.add(ipaddr) + self.register(ipaddr) + return True + else: + return False + + def register(self, ipaddr): + epoch = int(time.time()) + + itemdb = ItemCache() + mac = itemdb.get_mac(ipaddr) + + filename = "/var/db/clients" + file = open(filename,"a") + file.write("%s %s %s \n" % (epoch, mac, ipaddr) ) + file.close() + + + def delete(self, ipaddr): + itemdb = ItemCache() + itemdb.delete(ipaddr) + self.cleanup() + + def delete_all(self): + itemdb = ItemCache() + itemdb.delete_all() + self.cleanup() + + def get_log(self): + return self.logger + + + +# Query String Dictionaries +qs_post = None +qs = None +header = [] + +# Hybrid Setup. +# a) We are not wrapped around in a HTTP server, so this _is_ the +# HTTP server, so act like one. +if not os.environ.has_key('REQUEST_METHOD'): + class TimeoutException(Exception): + """ Helper for alarm signal handling""" + pass + + def handler(signum, frame): + """ Helper for alarm signal handling""" + raise TimeoutException + + + # Parse the HTTP/1.1 Content-Header (partially) + signal.signal(signal.SIGALRM,handler) + us = None + method = None + hostname = None + content_length = None + remote_host = None + while True: + try: + signal.alarm(1) + line = sys.stdin.readline().strip() + if not line: + break + header.append(line) + signal.alarm(0) + if line.startswith('GET '): + us = urlparse.urlsplit(line.split()[1]) + method = 'GET' + elif line.startswith('POST '): + method = 'POST' + us = urlparse.urlsplit(line.split()[1]) + elif line.startswith('Host: '): + hostname = line.split()[1] + elif line.startswith('Content-Length: '): + content_length = int(line.split()[1]) + except TimeoutException: + break + + # Capture Portal, make sure to redirect all to portal + if hostname != conf['portalroot']: + print "HTTP/1.1 302 Moved Temponary\r\n", + print "Location: http://%(portalroot)s/\r\n" % conf, + sys.exit(0) + + + # Handle potential POST + if method == 'POST' and content_length: + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + # Parse Query String + if us and us.path == "/wlportal" and us.query: + qs = urlparse.parse_qs(us.query) + + remote_host = os.environ['REMOTEHOST'] +else: + # b) CGI Script: Parse the CGI Variables if present + if os.environ['REQUEST_METHOD'] == "POST": + content_length = int(os.environ['CONTENT_LENGTH']) + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + if os.environ.has_key('QUERY_STRING'): + qs = urlparse.parse_qs(os.environ['QUERY_STRING']) + + remote_host = os.environ['REMOTE_ADDR'] + + +# Helpers for HTML 'templates' +content = conf.copy() +content.update(extra_header='',tech_footer='',status_msg='') + +# IP or MAC on the whitelist does not need to authenticate, used for devices +# which need to connect to the internet, but has no 'buttons' to press OK. +# +# This assumes that devices will re-connect if they are not able to connect +# to their original host, as we do not preserve the original URI. +ic = ItemCache() +if conf['autologin'] or remote_host in conf['whitelist'] or ic.get_mac(remote_host) in conf['whitelist']: + qs_post = { 'action' : 'login' } + +try: + # Put authenticate use and process response + if qs and qs.has_key('action'): + if 'deleteall' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries\n" + fw = FirewallControl() + fw.delete_all() + content['status_msg'] += fw.get_log() + elif 'update' in qs['action']: + tech_footer = "# [INFO] Update timestamp of all entries\n" + fw = FirewallControl() + fw.update() + content['status_msg'] += fw.get_log() + elif 'cleanup' in qs['action']: + content['status_msg'] += "# [INFO] Deleting all entries" + fw = FirewallControl() + fw.delete_all() + elif qs_post and qs_post.has_key('action'): + if 'login' in qs_post['action']: + fw = FirewallControl() + if fw.add(remote_host): + content['extra_header'] = "Refresh: %(refresh_delay)s; url=%(portal_url)s\r" % content + content['status_msg'] = "Sucessfully Logged In! || " +\ + """ Will redirect you in %(refresh_delay)s seconds to %(portal_url)s """ % content + else: + content['status_msg'] = "ERROR! Already Logged On" + elif 'logout' in qs_post['action']: + fw = FirewallControl() + fw.delete(remote_host) + content['status_msg'] = "Succesfully logged out!" + +except Exception,e: + content['tech_footer'] += traceback.format_exc() + content['status_msg'] = e + pass + + # Present Main Screen +print """\ +HTTP/1.1 200 OK\r +Content-Type: text/html\r +%(extra_header)s +""" % content + +try: + tmpl_file = conf['tmpl_autologin'] if conf['autologin'] else conf['tmpl_login'] + page = open(tmpl_file,'r').read() +except IOError: + page = """ + +

%(status_msg)s

+ +

Wireless Leiden - Internet Portal

+
+ + +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ +""" + +print page % content Index: /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/wlweb/index.cgi =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) @@ -0,0 +1,36 @@ +#!/usr/local/bin/python +# +# Wireless Leiden webinterface for (embedded) nodes +# Rick van der Zwet +# Richard van Mansom (richardvm@wirelessleiden.nl), striped the webserver + +from subprocess import * +import os + +def tailFile(file): + lines=-10 + return("Tail (%i): %s
%s
" % (lines,file,Popen(["tail", str(lines), file], stdout=PIPE).communicate()[0])); + +def catFile(file): + return("File: %s
%s
" % (file,Popen(["cat", file], stdout=PIPE).communicate()[0])); + +def allRoutes(): + return("netstat -nr
%s
" % Popen(["netstat", "-n", "-r"], stdout=PIPE).communicate()[0]); + +def processList(): + return("ps -aux
%s
" % Popen(["ps", "-a", "-u", "-x"], stdout=PIPE).communicate()[0]); + + +def main(): + return ( "Content-Type: text/html\n\n" + + "" + + "Welcome to Stichting Wireless Leiden host/node " + + Popen(["hostname"], stdout=PIPE).communicate()[0] + + "

" + tailFile('/var/log/messages') + "

" + + tailFile('/var/log/debug.log') + "

" + + catFile('/var/run/dmesg.boot') + "

" + + allRoutes() + "

" + + processList() + "

" + + "$Id$" ) + +print main() Index: /branches/releng-9.0-ileiden/nanobsd/misc/patches/backport-axe-to-8.2-release-v2.patch =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/misc/patches/backport-axe-to-8.2-release-v2.patch (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/misc/patches/backport-axe-to-8.2-release-v2.patch (revision 10119) @@ -0,0 +1,637 @@ +Index: sys/dev/usb/usbdevs +=================================================================== +--- sys/dev/usb/usbdevs (revision 224736) ++++ sys/dev/usb/usbdevs (working copy) +@@ -1044,6 +1044,7 @@ + product ASIX AX88178 0x1780 AX88178 + product ASIX AX88772 0x7720 AX88772 + product ASIX AX88772A 0x772a AX88772A USB 2.0 10/100 Ethernet ++product ASIX AX88772B 0x772b AX88772B USB 2.0 10/100 Ethernet + + /* ASUS products */ + product ASUS2 USBN11 0x0b05 USB-N11 +Index: sys/dev/usb/net/if_axereg.h +=================================================================== +--- sys/dev/usb/net/if_axereg.h (revision 224736) ++++ sys/dev/usb/net/if_axereg.h (working copy) +@@ -92,6 +92,12 @@ + #define AXE_CMD_SW_PHY_STATUS 0x0021 + #define AXE_CMD_SW_PHY_SELECT 0x0122 + ++/* AX88772A and AX88772B only. */ ++#define AXE_CMD_READ_VLAN_CTRL 0x4027 ++#define AXE_CMD_WRITE_VLAN_CTRL 0x4028 ++ ++#define AXE_772B_CMD_RXCTL_WRITE_CFG 0x012A ++ + #define AXE_SW_RESET_CLEAR 0x00 + #define AXE_SW_RESET_RR 0x01 + #define AXE_SW_RESET_RT 0x02 +@@ -128,12 +134,18 @@ + #define AXE_178_RXCMD_KEEP_INVALID_CRC 0x0004 + #define AXE_RXCMD_BROADCAST 0x0008 + #define AXE_RXCMD_MULTICAST 0x0010 ++#define AXE_RXCMD_ACCEPT_RUNT 0x0040 /* AX88772B */ + #define AXE_RXCMD_ENABLE 0x0080 + #define AXE_178_RXCMD_MFB_MASK 0x0300 + #define AXE_178_RXCMD_MFB_2048 0x0000 + #define AXE_178_RXCMD_MFB_4096 0x0100 + #define AXE_178_RXCMD_MFB_8192 0x0200 + #define AXE_178_RXCMD_MFB_16384 0x0300 ++#define AXE_772B_RXCMD_HDR_TYPE_0 0x0000 ++#define AXE_772B_RXCMD_HDR_TYPE_1 0x0100 ++#define AXE_772B_RXCMD_IPHDR_ALIGN 0x0200 ++#define AXE_772B_RXCMD_ADD_CHKSUM 0x0400 ++#define AXE_RXCMD_LOOPBACK 0x1000 /* AX88772A/AX88772B */ + + #define AXE_PHY_SEL_PRI 1 + #define AXE_PHY_SEL_SEC 0 +@@ -172,6 +184,21 @@ + #define AXE_PHY_MODE_REALTEK_8251CL 0x0E + #define AXE_PHY_MODE_ATTANSIC 0x40 + ++/* AX88772A/AX88772B only. */ ++#define AXE_SW_PHY_SELECT_EXT 0x0000 ++#define AXE_SW_PHY_SELECT_EMBEDDED 0x0001 ++#define AXE_SW_PHY_SELECT_AUTO 0x0002 ++#define AXE_SW_PHY_SELECT_SS_MII 0x0004 ++#define AXE_SW_PHY_SELECT_SS_RVRS_MII 0x0008 ++#define AXE_SW_PHY_SELECT_SS_RVRS_RMII 0x000C ++#define AXE_SW_PHY_SELECT_SS_ENB 0x0010 ++ ++/* AX88772A/AX88772B VLAN control. */ ++#define AXE_VLAN_CTRL_ENB 0x00001000 ++#define AXE_VLAN_CTRL_STRIP 0x00002000 ++#define AXE_VLAN_CTRL_VID1_MASK 0x00000FFF ++#define AXE_VLAN_CTRL_VID2_MASK 0x0FFF0000 ++ + #define AXE_BULK_BUF_SIZE 16384 /* bytes */ + + #define AXE_CTL_READ 0x01 +@@ -180,6 +207,24 @@ + #define AXE_CONFIG_IDX 0 /* config number 1 */ + #define AXE_IFACE_IDX 0 + ++/* EEPROM Map. */ ++#define AXE_EEPROM_772B_NODE_ID 0x04 ++#define AXE_EEPROM_772B_PHY_PWRCFG 0x18 ++ ++struct ax88772b_mfb { ++ int byte_cnt; ++ int threshold; ++ int size; ++}; ++#define AX88772B_MFB_2K 0 ++#define AX88772B_MFB_4K 1 ++#define AX88772B_MFB_6K 2 ++#define AX88772B_MFB_8K 3 ++#define AX88772B_MFB_16K 4 ++#define AX88772B_MFB_20K 5 ++#define AX88772B_MFB_24K 6 ++#define AX88772B_MFB_32K 7 ++ + struct axe_sframe_hdr { + uint16_t len; + uint16_t ilen; +@@ -203,12 +248,23 @@ + int sc_flags; + #define AXE_FLAG_LINK 0x0001 + #define AXE_FLAG_772 0x1000 /* AX88772 */ +-#define AXE_FLAG_178 0x2000 /* AX88178 */ ++#define AXE_FLAG_772A 0x2000 /* AX88772A */ ++#define AXE_FLAG_772B 0x4000 /* AX88772B */ ++#define AXE_FLAG_178 0x8000 /* AX88178 */ + + uint8_t sc_ipgs[3]; + uint8_t sc_phyaddrs[2]; ++ uint16_t sc_pwrcfg; ++ int sc_tx_bufsz; + }; + ++#define AXE_IS_178_FAMILY(sc) \ ++ ((sc)->sc_flags & (AXE_FLAG_772 | AXE_FLAG_772A | AXE_FLAG_772B | \ ++ AXE_FLAG_178)) ++ ++#define AXE_IS_772(sc) \ ++ ((sc)->sc_flags & (AXE_FLAG_772 | AXE_FLAG_772A | AXE_FLAG_772B)) ++ + #define AXE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) + #define AXE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) + #define AXE_LOCK_ASSERT(_sc, t) mtx_assert(&(_sc)->sc_mtx, t) +Index: sys/dev/usb/net/if_axe.c +=================================================================== +--- sys/dev/usb/net/if_axe.c (revision 224736) ++++ sys/dev/usb/net/if_axe.c (working copy) +@@ -84,7 +84,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -142,11 +141,12 @@ + AXE_DEV(ASIX, AX88172, 0), + AXE_DEV(ASIX, AX88178, AXE_FLAG_178), + AXE_DEV(ASIX, AX88772, AXE_FLAG_772), +- AXE_DEV(ASIX, AX88772A, AXE_FLAG_772), ++ AXE_DEV(ASIX, AX88772A, AXE_FLAG_772A), ++ AXE_DEV(ASIX, AX88772B, AXE_FLAG_772B), + AXE_DEV(ATEN, UC210T, 0), + AXE_DEV(BELKIN, F5D5055, AXE_FLAG_178), + AXE_DEV(BILLIONTON, USB2AR, 0), +- AXE_DEV(CISCOLINKSYS, USB200MV2, AXE_FLAG_772), ++ AXE_DEV(CISCOLINKSYS, USB200MV2, AXE_FLAG_772A), + AXE_DEV(COREGA, FETHER_USB2_TX, 0), + AXE_DEV(DLINK, DUBE100, 0), + AXE_DEV(DLINK, DUBE100B1, AXE_FLAG_772), +@@ -191,6 +191,9 @@ + static int axe_cmd(struct axe_softc *, int, int, int, void *); + static void axe_ax88178_init(struct axe_softc *); + static void axe_ax88772_init(struct axe_softc *); ++static void axe_ax88772_phywake(struct axe_softc *); ++static void axe_ax88772a_init(struct axe_softc *); ++static void axe_ax88772b_init(struct axe_softc *); + static int axe_get_phyno(struct axe_softc *, int); + + static const struct usb_config axe_config[AXE_N_TRANSFER] = { +@@ -199,7 +202,8 @@ + .type = UE_BULK, + .endpoint = UE_ADDR_ANY, + .direction = UE_DIR_OUT, +- .bufsize = AXE_BULK_BUF_SIZE, ++ .frames = 16, ++ .bufsize = 16 * MCLBYTES, + .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, + .callback = axe_bulk_write_callback, + .timeout = 10000, /* 10 seconds */ +@@ -216,6 +220,17 @@ + }, + }; + ++static const struct ax88772b_mfb ax88772b_mfb_table[] = { ++ { 0x8000, 0x8001, 2048 }, ++ { 0x8100, 0x8147, 4096}, ++ { 0x8200, 0x81EB, 6144}, ++ { 0x8300, 0x83D7, 8192}, ++ { 0x8400, 0x851E, 16384}, ++ { 0x8500, 0x8666, 20480}, ++ { 0x8600, 0x87AE, 24576}, ++ { 0x8700, 0x8A3D, 32768} ++}; ++ + static device_method_t axe_methods[] = { + /* Device interface */ + DEVMETHOD(device_probe, axe_probe), +@@ -302,7 +317,7 @@ + axe_cmd(sc, AXE_CMD_MII_OPMODE_HW, 0, 0, NULL); + + val = le16toh(val); +- if ((sc->sc_flags & AXE_FLAG_772) != 0 && reg == MII_BMSR) { ++ if (AXE_IS_772(sc) && reg == MII_BMSR) { + /* + * BMSR of AX88772 indicates that it supports extended + * capability but the extended status register is +@@ -384,7 +399,7 @@ + val = 0; + if ((IFM_OPTIONS(mii->mii_media_active) & IFM_FDX) != 0) + val |= AXE_MEDIA_FULL_DUPLEX; +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) { ++ if (AXE_IS_178_FAMILY(sc)) { + val |= AXE_178_MEDIA_RX_EN | AXE_178_MEDIA_MAGIC; + if ((sc->sc_flags & AXE_FLAG_178) != 0) + val |= AXE_178_MEDIA_ENCK; +@@ -420,12 +435,12 @@ + + AXE_LOCK_ASSERT(sc, MA_OWNED); + +- if (mii->mii_instance) { +- struct mii_softc *miisc; ++ if (mii->mii_instance) { ++ struct mii_softc *miisc; + +- LIST_FOREACH(miisc, &mii->mii_phys, mii_list) +- mii_phy_reset(miisc); +- } ++ LIST_FOREACH(miisc, &mii->mii_phys, mii_list) ++ mii_phy_reset(miisc); ++ } + error = mii_mediachg(mii); + return (error); + } +@@ -516,7 +531,7 @@ + axe_ax88178_init(struct axe_softc *sc) + { + struct usb_ether *ue; +- int gpio0, phymode; ++ int gpio0, ledmode, phymode; + uint16_t eeprom, val; + + ue = &sc->sc_ue; +@@ -530,14 +545,17 @@ + if (eeprom == 0xffff) { + phymode = AXE_PHY_MODE_MARVELL; + gpio0 = 1; ++ ledmode = 0; + } else { + phymode = eeprom & 0x7f; + gpio0 = (eeprom & 0x80) ? 0 : 1; ++ ledmode = eeprom >> 8; + } + + if (bootverbose) +- device_printf(sc->sc_ue.ue_dev, "EEPROM data : 0x%04x\n", +- eeprom); ++ device_printf(sc->sc_ue.ue_dev, ++ "EEPROM data : 0x%04x, phymode : 0x%02x\n", eeprom, ++ phymode); + /* Program GPIOs depending on PHY hardware. */ + switch (phymode) { + case AXE_PHY_MODE_MARVELL: +@@ -549,11 +567,26 @@ + AXE_GPIO_WRITE(AXE_GPIO0_EN | AXE_GPIO2_EN, hz / 4); + AXE_GPIO_WRITE(AXE_GPIO0_EN | AXE_GPIO2 | AXE_GPIO2_EN, + hz / 32); +- } else ++ } else { + AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM | AXE_GPIO1 | +- AXE_GPIO1_EN, hz / 32); ++ AXE_GPIO1_EN, hz / 3); ++ if (ledmode == 1) { ++ AXE_GPIO_WRITE(AXE_GPIO1_EN, hz / 3); ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN, ++ hz / 3); ++ } else { ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN | ++ AXE_GPIO2 | AXE_GPIO2_EN, hz / 32); ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN | ++ AXE_GPIO2_EN, hz / 4); ++ AXE_GPIO_WRITE(AXE_GPIO1 | AXE_GPIO1_EN | ++ AXE_GPIO2 | AXE_GPIO2_EN, hz / 32); ++ } ++ } + break; + case AXE_PHY_MODE_CICADA: ++ case AXE_PHY_MODE_CICADA_V2: ++ case AXE_PHY_MODE_CICADA_V2_ASIX: + if (gpio0 == 1) + AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM | AXE_GPIO0 | + AXE_GPIO0_EN, hz / 32); +@@ -610,7 +643,6 @@ + + axe_cmd(sc, AXE_CMD_RXCTL_WRITE, 0, 0, NULL); + } +-#undef AXE_GPIO_WRITE + + static void + axe_ax88772_init(struct axe_softc *sc) +@@ -654,6 +686,91 @@ + } + + static void ++axe_ax88772_phywake(struct axe_softc *sc) ++{ ++ struct usb_ether *ue; ++ ++ ue = &sc->sc_ue; ++ if (sc->sc_phyno == AXE_772_PHY_NO_EPHY) { ++ /* Manually select internal(embedded) PHY - MAC mode. */ ++ axe_cmd(sc, AXE_CMD_SW_PHY_SELECT, 0, AXE_SW_PHY_SELECT_SS_ENB | ++ AXE_SW_PHY_SELECT_EMBEDDED | AXE_SW_PHY_SELECT_SS_MII, ++ NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++ } else { ++ /* ++ * Manually select external PHY - MAC mode. ++ * Reverse MII/RMII is for AX88772A PHY mode. ++ */ ++ axe_cmd(sc, AXE_CMD_SW_PHY_SELECT, 0, AXE_SW_PHY_SELECT_SS_ENB | ++ AXE_SW_PHY_SELECT_EXT | AXE_SW_PHY_SELECT_SS_MII, NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++ } ++ /* Take PHY out of power down. */ ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_IPPD | ++ AXE_SW_RESET_IPRL, NULL); ++ uether_pause(&sc->sc_ue, hz / 4); ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_IPRL, NULL); ++ uether_pause(&sc->sc_ue, hz); ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_CLEAR, NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++ axe_cmd(sc, AXE_CMD_SW_RESET_REG, 0, AXE_SW_RESET_IPRL, NULL); ++ uether_pause(&sc->sc_ue, hz / 32); ++} ++ ++static void ++axe_ax88772a_init(struct axe_softc *sc) ++{ ++ struct usb_ether *ue; ++ ++ ue = &sc->sc_ue; ++ /* Reload EEPROM. */ ++ AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM, hz / 32); ++ axe_ax88772_phywake(sc); ++ /* Stop MAC. */ ++ axe_cmd(sc, AXE_CMD_RXCTL_WRITE, 0, 0, NULL); ++} ++ ++static void ++axe_ax88772b_init(struct axe_softc *sc) ++{ ++ struct usb_ether *ue; ++ uint16_t eeprom; ++ uint8_t *eaddr; ++ int i; ++ ++ ue = &sc->sc_ue; ++ /* Reload EEPROM. */ ++ AXE_GPIO_WRITE(AXE_GPIO_RELOAD_EEPROM, hz / 32); ++ /* ++ * Save PHY power saving configuration(high byte) and ++ * clear EEPROM checksum value(low byte). ++ */ ++ axe_cmd(sc, AXE_CMD_SROM_READ, 0, AXE_EEPROM_772B_PHY_PWRCFG, &eeprom); ++ sc->sc_pwrcfg = le16toh(eeprom) & 0xFF00; ++ ++ /* ++ * Auto-loaded default station address from internal ROM is ++ * 00:00:00:00:00:00 such that an explicit access to EEPROM ++ * is required to get real station address. ++ */ ++ eaddr = ue->ue_eaddr; ++ for (i = 0; i < ETHER_ADDR_LEN / 2; i++) { ++ axe_cmd(sc, AXE_CMD_SROM_READ, 0, AXE_EEPROM_772B_NODE_ID + i, ++ &eeprom); ++ eeprom = le16toh(eeprom); ++ *eaddr++ = (uint8_t)(eeprom & 0xFF); ++ *eaddr++ = (uint8_t)((eeprom >> 8) & 0xFF); ++ } ++ /* Wakeup PHY. */ ++ axe_ax88772_phywake(sc); ++ /* Stop MAC. */ ++ axe_cmd(sc, AXE_CMD_RXCTL_WRITE, 0, 0, NULL); ++} ++ ++#undef AXE_GPIO_WRITE ++ ++static void + axe_reset(struct axe_softc *sc) + { + struct usb_config_descriptor *cd; +@@ -668,6 +785,16 @@ + + /* Wait a little while for the chip to get its brains in order. */ + uether_pause(&sc->sc_ue, hz / 100); ++ ++ /* Reinitialize controller to achieve full reset. */ ++ if (sc->sc_flags & AXE_FLAG_178) ++ axe_ax88178_init(sc); ++ else if (sc->sc_flags & AXE_FLAG_772) ++ axe_ax88772_init(sc); ++ else if (sc->sc_flags & AXE_FLAG_772A) ++ axe_ax88772a_init(sc); ++ else if (sc->sc_flags & AXE_FLAG_772B) ++ axe_ax88772b_init(sc); + } + + static void +@@ -691,23 +818,35 @@ + sc->sc_phyno = 0; + } + +- if (sc->sc_flags & AXE_FLAG_178) ++ /* Initialize controller and get station address. */ ++ if (sc->sc_flags & AXE_FLAG_178) { + axe_ax88178_init(sc); +- else if (sc->sc_flags & AXE_FLAG_772) ++ sc->sc_tx_bufsz = 16 * 1024; ++ axe_cmd(sc, AXE_178_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); ++ } else if (sc->sc_flags & AXE_FLAG_772) { + axe_ax88772_init(sc); +- +- /* +- * Get station address. +- */ +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) ++ sc->sc_tx_bufsz = 8 * 1024; + axe_cmd(sc, AXE_178_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); +- else ++ } else if (sc->sc_flags & AXE_FLAG_772A) { ++ axe_ax88772a_init(sc); ++ sc->sc_tx_bufsz = 8 * 1024; ++ axe_cmd(sc, AXE_178_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); ++ } else if (sc->sc_flags & AXE_FLAG_772B) { ++ axe_ax88772b_init(sc); ++ sc->sc_tx_bufsz = 8 * 1024; ++ } else + axe_cmd(sc, AXE_172_CMD_READ_NODEID, 0, 0, ue->ue_eaddr); + + /* + * Fetch IPG values. + */ +- axe_cmd(sc, AXE_CMD_READ_IPG012, 0, 0, sc->sc_ipgs); ++ if (sc->sc_flags & (AXE_FLAG_772A | AXE_FLAG_772B)) { ++ /* Set IPG values. */ ++ sc->sc_ipgs[0] = 0x15; ++ sc->sc_ipgs[1] = 0x16; ++ sc->sc_ipgs[2] = 0x1A; ++ } else ++ axe_cmd(sc, AXE_CMD_READ_IPG012, 0, 0, sc->sc_ipgs); + } + + /* +@@ -810,7 +949,7 @@ + err = 0; + + pc = usbd_xfer_get_frame(xfer, 0); +- if (sc->sc_flags & (AXE_FLAG_772 | AXE_FLAG_178)) { ++ if (AXE_IS_178_FAMILY(sc)) { + while (pos < actlen) { + if ((pos + sizeof(hdr)) > actlen) { + /* too little data */ +@@ -875,7 +1014,7 @@ + struct ifnet *ifp = uether_getifp(&sc->sc_ue); + struct usb_page_cache *pc; + struct mbuf *m; +- int pos; ++ int nframes, pos; + + switch (USB_GET_STATE(xfer)) { + case USB_ST_TRANSFERRED: +@@ -892,40 +1031,34 @@ + */ + return; + } +- pos = 0; +- pc = usbd_xfer_get_frame(xfer, 0); + +- while (1) { +- ++ for (nframes = 0; nframes < 16 && ++ !IFQ_DRV_IS_EMPTY(&ifp->if_snd); nframes++) { + IFQ_DRV_DEQUEUE(&ifp->if_snd, m); +- +- if (m == NULL) { +- if (pos > 0) +- break; /* send out data */ +- return; +- } +- if (m->m_pkthdr.len > MCLBYTES) { +- m->m_pkthdr.len = MCLBYTES; +- } +- if (sc->sc_flags & (AXE_FLAG_772 | AXE_FLAG_178)) { +- ++ if (m == NULL) ++ break; ++ usbd_xfer_set_frame_offset(xfer, nframes * MCLBYTES, ++ nframes); ++ pos = 0; ++ pc = usbd_xfer_get_frame(xfer, nframes); ++ if (AXE_IS_178_FAMILY(sc)) { + hdr.len = htole16(m->m_pkthdr.len); + hdr.ilen = ~hdr.len; +- + usbd_copy_in(pc, pos, &hdr, sizeof(hdr)); +- + pos += sizeof(hdr); +- +- /* +- * NOTE: Some drivers force a short packet +- * by appending a dummy header with zero +- * length at then end of the USB transfer. +- * This driver uses the +- * USB_FORCE_SHORT_XFER flag instead. +- */ ++ usbd_m_copy_in(pc, pos, m, 0, m->m_pkthdr.len); ++ pos += m->m_pkthdr.len; ++ if ((pos % 512) == 0) { ++ hdr.len = 0; ++ hdr.ilen = 0xffff; ++ usbd_copy_in(pc, pos, &hdr, ++ sizeof(hdr)); ++ pos += sizeof(hdr); ++ } ++ } else { ++ usbd_m_copy_in(pc, pos, m, 0, m->m_pkthdr.len); ++ pos += m->m_pkthdr.len; + } +- usbd_m_copy_in(pc, pos, m, 0, m->m_pkthdr.len); +- pos += m->m_pkthdr.len; + + /* + * XXX +@@ -946,22 +1079,16 @@ + + m_freem(m); + +- if (sc->sc_flags & (AXE_FLAG_772 | AXE_FLAG_178)) { +- if (pos > (AXE_BULK_BUF_SIZE - MCLBYTES - sizeof(hdr))) { +- /* send out frame(s) */ +- break; +- } +- } else { +- /* send out frame */ +- break; +- } ++ /* Set frame length. */ ++ usbd_xfer_set_frame_len(xfer, nframes, pos); + } +- +- usbd_xfer_set_frame_len(xfer, 0, pos); +- usbd_transfer_submit(xfer); +- ifp->if_drv_flags |= IFF_DRV_OACTIVE; ++ if (nframes != 0) { ++ usbd_xfer_set_frames(xfer, nframes); ++ usbd_transfer_submit(xfer); ++ ifp->if_drv_flags |= IFF_DRV_OACTIVE; ++ } + return; +- ++ /* NOTREACHED */ + default: /* Error */ + DPRINTFN(11, "transfer error, %s\n", + usbd_errstr(error)); +@@ -1016,37 +1143,54 @@ + + AXE_LOCK_ASSERT(sc, MA_OWNED); + ++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) ++ return; ++ + /* Cancel pending I/O */ + axe_stop(ue); + ++ axe_reset(sc); ++ + /* Set MAC address. */ +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) ++ if (AXE_IS_178_FAMILY(sc)) + axe_cmd(sc, AXE_178_CMD_WRITE_NODEID, 0, 0, IF_LLADDR(ifp)); + else + axe_cmd(sc, AXE_172_CMD_WRITE_NODEID, 0, 0, IF_LLADDR(ifp)); + + /* Set transmitter IPG values */ +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) { ++ if (AXE_IS_178_FAMILY(sc)) + axe_cmd(sc, AXE_178_CMD_WRITE_IPG012, sc->sc_ipgs[2], + (sc->sc_ipgs[1] << 8) | (sc->sc_ipgs[0]), NULL); +- } else { ++ else { + axe_cmd(sc, AXE_172_CMD_WRITE_IPG0, 0, sc->sc_ipgs[0], NULL); + axe_cmd(sc, AXE_172_CMD_WRITE_IPG1, 0, sc->sc_ipgs[1], NULL); + axe_cmd(sc, AXE_172_CMD_WRITE_IPG2, 0, sc->sc_ipgs[2], NULL); + } + +- /* Enable receiver, set RX mode */ ++ /* AX88772B uses different maximum frame burst configuration. */ ++ if (sc->sc_flags & AXE_FLAG_772B) ++ axe_cmd(sc, AXE_772B_CMD_RXCTL_WRITE_CFG, ++ ax88772b_mfb_table[AX88772B_MFB_16K].threshold, ++ ax88772b_mfb_table[AX88772B_MFB_16K].byte_cnt, NULL); ++ ++ /* Enable receiver, set RX mode. */ + rxmode = (AXE_RXCMD_MULTICAST | AXE_RXCMD_ENABLE); +- if (sc->sc_flags & (AXE_FLAG_178 | AXE_FLAG_772)) { +-#if 0 +- rxmode |= AXE_178_RXCMD_MFB_2048; /* chip default */ +-#else +- /* +- * Default Rx buffer size is too small to get +- * maximum performance. +- */ +- rxmode |= AXE_178_RXCMD_MFB_16384; +-#endif ++ if (AXE_IS_178_FAMILY(sc)) { ++ if (sc->sc_flags & AXE_FLAG_772B) { ++ /* ++ * Select RX header format type 1. Aligning IP ++ * header on 4 byte boundary is not needed ++ * because we always copy the received frame in ++ * RX handler. ++ */ ++ rxmode |= AXE_772B_RXCMD_HDR_TYPE_1; ++ } else { ++ /* ++ * Default Rx buffer size is too small to get ++ * maximum performance. ++ */ ++ rxmode |= AXE_178_RXCMD_MFB_16384; ++ } + } else { + rxmode |= AXE_172_RXCMD_UNICAST; + } +@@ -1066,6 +1210,8 @@ + usbd_xfer_set_stall(sc->sc_xfer[AXE_BULK_DT_WR]); + + ifp->if_drv_flags |= IFF_DRV_RUNNING; ++ /* Switch to selected media. */ ++ axe_ifmedia_upd(ifp); + axe_start(ue); + } + +@@ -1107,6 +1253,4 @@ + */ + usbd_transfer_stop(sc->sc_xfer[AXE_BULK_DT_WR]); + usbd_transfer_stop(sc->sc_xfer[AXE_BULK_DT_RD]); +- +- axe_reset(sc); + } Index: /branches/releng-9.0-ileiden/nanobsd/misc/patches/cardbus_cis.c.patch =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/misc/patches/cardbus_cis.c.patch (revision 10119) @@ -0,0 +1,48 @@ +--- src/sys/dev/cardbus/cardbus_cis.c~ 2007-06-08 00:03:57.000000000 -0400 ++++ src/sys/dev/cardbus/cardbus_cis.c 2007-12-09 16:20:26.000000000 -0500 +@@ -435,10 +435,11 @@ + struct resource *res) + { + if (res != CIS_CONFIG_SPACE) { +- bus_release_resource(child, SYS_RES_MEMORY, rid, res); ++ bus_release_resource(cbdev, SYS_RES_MEMORY, rid, res); + if (rid == PCIM_CIS_ASI_ROM) + pci_write_config(child, rid, pci_read_config(child, + rid, 4) & ~PCIR_BIOS, 4); ++ PCI_DISABLE_IO(cbdev, child, SYS_RES_MEMORY); + } + } + +@@ -448,6 +449,8 @@ + { + struct resource *res; + uint32_t space; ++ uint32_t testval; ++ uint32_t size; + + space = *start & PCIM_CIS_ASI_MASK; + switch (space) { +@@ -476,10 +479,13 @@ + space); + return (NULL); + } ++ pci_write_config(child, *rid, 0xffffffff, 4); ++ testval = pci_read_config(child, *rid, 4); ++ size = CARDBUS_MAPREG_MEM_SIZE(testval); + + /* allocate the memory space to read CIS */ +- res = bus_alloc_resource(child, SYS_RES_MEMORY, rid, 0, ~0, 1, +- rman_make_alignment_flags(4096) | RF_ACTIVE); ++ res = bus_alloc_resource(cbdev, SYS_RES_MEMORY, rid, 0, ~0, size, ++ rman_make_alignment_flags(size) | RF_ACTIVE); + if (res == NULL) { + device_printf(cbdev, "Unable to allocate resource " + "to read CIS.\n"); +@@ -488,6 +494,7 @@ + if (*rid == PCIR_BIOS) + pci_write_config(child, *rid, + rman_get_start(res) | PCIM_BIOS_ENABLE, 4); ++ PCI_ENABLE_IO(cbdev, child, SYS_RES_MEMORY); + + /* Flip to the right ROM image if CIS is in ROM */ + if (space == PCIM_CIS_ASI_ROM) { Index: /branches/releng-9.0-ileiden/nanobsd/misc/patches/if_udav.c.patch =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/misc/patches/if_udav.c.patch (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/misc/patches/if_udav.c.patch (revision 10119) @@ -0,0 +1,11 @@ +--- if_udav.c 2010-02-19 19:58:45.000000000 +0100 ++++ if.udav.c.new 2010-02-19 17:54:20.000000000 +0100 +@@ -206,6 +206,8 @@ + {USB_VPI(USB_VENDOR_SHANTOU, USB_PRODUCT_SHANTOU_ST268, 0)}, + /* Corega USB-TXC */ + {USB_VPI(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB_TXC, 0)}, ++ /* DAVICOM DM9601 Generic */ ++ {USB_VPI(USB_VENDOR_DAVICOM, USB_PRODUCT_DAVICOM_DM9601, 0)}, + }; + + static void Index: /branches/releng-9.0-ileiden/nanobsd/misc/patches/usbdevs.patch =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/misc/patches/usbdevs.patch (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/misc/patches/usbdevs.patch (revision 10119) @@ -0,0 +1,30 @@ +--- usbdevs 2009-12-22 12:48:05.000000000 +0100 ++++ usbdevs.new 2009-12-22 12:53:41.000000000 +0100 +@@ -156,7 +156,7 @@ + vendor COMPAQ 0x049f Compaq + vendor HITACHI 0x04a4 Hitachi + vendor ACERP 0x04a5 Acer Peripherals +-vendor DAVICOM 0x04a6 Davicom ++/*vendor DAVICOm 0x04a6 Davicom*/ + vendor VISIONEER 0x04a7 Visioneer + vendor CANON 0x04a9 Canon + vendor NIKON 0x04b0 Nikon +@@ -540,6 +540,7 @@ + vendor FALCOM 0x0f94 Falcom Wireless Communications GmbH + vendor RIM 0x0fca Research In Motion + vendor DYNASTREAM 0x0fcf Dynastream Innovations ++vendor DAVICOM 0x0fe6 Davicom + vendor QUALCOMM 0x1004 Qualcomm + vendor DESKNOTE 0x1019 Desknote + vendor GIGABYTE 0x1044 GIGABYTE +@@ -1107,6 +1108,10 @@ + product CYPRESS USBRS232 0x5500 USB-RS232 Interface + product CYPRESS SLIM_HUB 0x6560 Slim Hub + ++/* Davicom Semiconductor products */ ++/*product DAVICOM DM9601 0x9601 DM9601 USB NIC*/ ++product DAVICOM DM9601 0x8101 DM9601 USB NIC ++ + /* Daisy Technology products */ + product DAISY DMC 0x6901 USB MultiMedia Reader + Index: /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/dhcpd.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/dhcpd.conf (revision 10119) @@ -0,0 +1,17 @@ +# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates. +ddns-update-style ad-hoc; + +default-lease-time 600; +max-lease-time 7200; +authoritative; + +option domain-name "example.com"; +option domain-name-servers 208.67.222.222; +option routers 192.168.4.1; + +subnet 192.168.4.0 netmask 255.255.255.0 { + range 192.168.4.10 192.168.4.100; + + filename "pxeboot"; + option root-path "192.168.4.1:/usr/data/base/"; +} Index: /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/exports =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/exports (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/exports (revision 10119) @@ -0,0 +1,2 @@ +/usr/data -alldirs -maproot=root -network 192.168.4.0/24 +/usr/data/base -alldirs -maproot=root -network 192.168.4.0/24 Index: /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/rc.conf =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/rc.conf (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/misc/testing-server/rc.conf (revision 10119) @@ -0,0 +1,28 @@ +hostname="richard.wleiden.net" +ifconfig_xl0="inet 172.19.137.70/27" +defaultrouter="172.19.137.66" + +sshd_enable="YES" + + + +# +# PXEboot envirionment +ifconfig_bfe0="inet 192.168.4.1/24" + +# DHCPD server, ip address, options, hints +dhcpd_enable="YES" + +# TFTP server, initial boot +inetd_enable="YES" + +# NFS server, kernel and more +nfs_server_enable="YES" +rpcbind_enable="YES" +mountd_flags="-r" + +gateway_enable="YES" +firewall_enable="YES" +firewall_type="OPEN" +natd_enable="YES" +natd_interface="xl0" Index: /branches/releng-9.0-ileiden/nanobsd/tools/config-image.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/config-image.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/config-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Push config onto persistent location inside node image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + p_err "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} /tools/wl-config -n -m startup + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/releng-9.0-ileiden/nanobsd/tools/deploy-image.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/deploy-image.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/deploy-image.sh (revision 10119) @@ -0,0 +1,28 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=$1 +SLICE=${2:-''} + +if [ -z "$1" ]; then + echo "Usage $0: []" + echo "" + echo "By default update the next available slice" + exit 128 +fi + +# Find object directory +IMG=${OBJDIR}/_.disk.image + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists + exit 1 +fi + +echo "# Going to deploy $IMG to $HOST (slice:$SLICE)" +ssh $HOST mount || exit 1 +cat $IMG | ssh $HOST /tools/update$SLICE || exit 1 + +exit 0 Index: /branches/releng-9.0-ileiden/nanobsd/tools/edit-image.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/edit-image.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/edit-image.sh (revision 10119) @@ -0,0 +1,54 @@ +#!/bin/sh +# Chroot into image to edit bits and pieces +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + p_err "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +p_info "Type exit when done" +chroot ${MNT} +p_info "Any changes are made permanent on image ${IMG}" + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/releng-9.0-ileiden/nanobsd/tools/flash-node.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/flash-node.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/flash-node.sh (revision 10119) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# Upload image to node and flash partition +# +# Rick van der Zwet + +. $(dirname $0)/package-build.inc.sh + +if [ -z "$1" ]; then + echo "Usage: $0 [ ..]" 1>&2 + exit 128 +fi + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" +IMG=${IMG:-${OBJDIR}/_.disk.image} + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +for HOST in $*; do + cat $IMG | ssh -oBatchMode=yes $HOST /tools/update-wrapper +done + Index: /branches/releng-9.0-ileiden/nanobsd/tools/image-build.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/image-build.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/image-build.sh (revision 10119) @@ -0,0 +1,81 @@ +#!/bin/sh +# Wrapper around nanobsd.sh with autodetection of already processed steps +# to provide some failsafe net + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" +NANOBSD='/usr/src/tools/tools/nanobsd/nanobsd.sh' + +. ${BASEDIR}/package-build.inc.sh + +FORCE_KERNEL=0 +FORCE_WORLD=0 +#XXX: Proper object handling +if [ "$1" = "-bk" ]; then + p_warn Forcefully building kernel + FORCE_KERNEL=1 +elif [ "$1" = "-bw" ]; then + p_warn Forcefully building world + FORCE_WORLD=1 +elif [ "$1" = "-f" ]; then + p_warn Forcefully building world and kernel + FORCE_KERNEL=1 + FORCE_WORLD=1 +fi +shift +NANOBSD_EXTRA=$* + +if [ ! -r "${NANOBSD}" ]; then + p_err ${NANOBSD} does not exists + exit 1 +fi + +if [ ! -x "${NANOBSD}" ]; then + NANOBSD="sh ${NANOBSD}" +fi + +# Find object directory +eval `grep '^NANO_NAME=' ${CFG}` +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + +if [ -d "${OBJDIR}" ]; then + NANOBSD_FLAGS="" + + # Detect succesfull buildworld + tail -10 ${OBJDIR}/_.bw | grep 'World build completed' + if [ $? -eq 0 -a ${FORCE_WORLD} -eq 0 ]; then + p_info NO building of world, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -w" + fi + + # Detect succesfull buildkernel + tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' + if [ $? -eq 0 -a ${FORCE_KERNEL} -eq 0 ]; then + p_info NO building of kernel, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -k" + fi + +else + p_warn Nothing yet, starting fresh + NANOBSD_FLAGS="" +fi + +# Provide verbose output by default +COMMAND="${NANOBSD} ${NANOBSD_FLAGS} -c ${CFG} -v ${NANOBSD_EXTRA}" +f_time ${COMMAND} +RETVAL=$? + +# Verify on build failures +tail -10 ${OBJDIR}/_.bw | grep 'World build completed' +if [ $? -eq 1 ]; then + p_err Building world FAILED, check ${OBJDIR}/_.bw +fi +tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' +if [ $? -eq 1 ]; then + p_err Building kernel FAILED, check ${OBJDIR}/_.bk +fi +if [ $RETVAL -ne 0 ]; then + p_err Errors in building NanoBSD Image +fi +p_info End time: `date` +exit ${RETVAL} Index: /branches/releng-9.0-ileiden/nanobsd/tools/make-release.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/make-release.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/make-release.sh (revision 10119) @@ -0,0 +1,51 @@ +#!/bin/sh +# Small tool to build nanobsd release, ready for distribution: + +BASEDIR="`dirname $0`/.." + +# Some cleaning at start +for PORT in ${BASEDIR}/misc/ports/*/*; do + (cd $PORT; make clean); +done + +# Version target +# Either version from command line or else subversion base +VERSION=${1-`svn info ${BASEDIR} | awk '/Revision:/ {print $2}'`} + +TMPDIR=`mktemp -d -t $(basename $0 .sh)` + +PKGDIR=wl-image-$VERSION +WRKSRC=$TMPDIR/$PKGDIR +mkdir $WRKSRC +cp -R ${BASEDIR}/tools $WRKSRC +cp -R ${BASEDIR}/cfg $WRKSRC +cp -R ${BASEDIR}/misc $WRKSRC +cp -R ${BASEDIR}/files $WRKSRC +cp -R ${BASEDIR}/README.txt $WRKSRC + +# Present real image +# XXX: Make path relative +# XXX: Find some pretty options +IMG=/usr/obj/nanobsd.wleiden/_.disk.full +IMG_DIR=`dirname ${IMG}` +IMG_PKGDIR=${IMG_DIR}/${PKGDIR} +mkdir ${IMG_PKGDIR} +ln ${IMG} ${IMG_PKGDIR}/disk_full.img + +# Make pretty tar file out of it +tar --exclude ".svn" --exclude "Makefile" \ + --exclude "config.cache" --exclude "config.log" --exclude "config.status" \ + --exclude ".depend" \ + -cjf wl-image-$VERSION.tbz \ + -C $TMPDIR \ + $PKGDIR/tools \ + $PKGDIR/cfg \ + $PKGDIR/files \ + $PKGDIR/misc \ + $PKGDIR/README.txt \ + -C $IMG_DIR \ + $PKGDIR/disk_full.img + +rm -fR $TMPDIR +rm -fR $IMG_PKGDIR + Index: /branches/releng-9.0-ileiden/nanobsd/tools/package-build.inc.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/package-build.inc.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/package-build.inc.sh (revision 10119) @@ -0,0 +1,80 @@ +# Used to store profile data +TIME_FILE=$(dirname $0)/eta-times.txt + +p_list () { +echo "$*" | sed -e 's/ /|## /g' -e 's/^/## /g' +} + +p_info () { + echo "$*" | tr '|' '\n' | sed 's/^/# /' +} + +p_warn () { + echo "$*" | tr '|' '\n' | sed 's/^/#WARN: /' +} + +p_err () { + echo "$*" | tr '|' '\n' | sed 's/^/#ERR: /' +} + +p_sleep() { + SLEEP=${1-5} + while [ "${SLEEP}" -gt 0 ]; do + printf '.' + sleep 1 + SLEEP=`expr ${SLEEP} - 1` + done + printf '\n' +} + +# Print estimation on how long it normally if going to take +f_time() { + COMMAND="$*" + ETA_TIME=` grep "${COMMAND}$" ${TIME_FILE} 2>/dev/null | awk '{print $1}'` + if [ -z "${ETA_TIME}" ]; then + ETA_TIME="NaN" + fi + + p_info Last run of "'${COMMAND}'" took ${ETA_TIME} + p_info Start time: `date` + + # Execute command + START_TIME=`date "+%s"` + $COMMAND + RETVAL=$? + STOP_TIME=`date "+%s"` + + p_info End time: `date` + # Calculate time it took + TOTAL_TIME=`expr ${STOP_TIME} - ${START_TIME}` + HUMAN_FMT=`date -ur ${TOTAL_TIME} "+%H:%M:%S"` + + # Store new time if command is succesfull + if [ "${RETVAL}" -eq 0 ]; then + grep -v "${COMMAND}$" ${TIME_FILE} > ${TIME_FILE}.tmp 2>/dev/null + echo "${HUMAN_FMT} ${COMMAND}" >> ${TIME_FILE}.tmp + mv ${TIME_FILE}.tmp ${TIME_FILE} + fi + + # Return the command it's output + return ${RETVAL} +} + +f_check_root() { + # No Root, no fun + if [ `id -u` -ne 0 ]; then + print_err Root only + exit 1 + fi +} + +# Find object directory +BASEDIR=`dirname $0` + +# Load the NanoBSD Configuration entries +NANO_CFG_FILE="${BASEDIR}/../cfg/nanobsd.wleiden" +customize_cmd() { return; } +. $NANO_CFG_FILE + +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + Index: /branches/releng-9.0-ileiden/nanobsd/tools/package-build.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/package-build.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/package-build.sh (revision 10119) @@ -0,0 +1,183 @@ +#!/bin/sh +# Install all required packages +# XXX: Welcome to port hell, if /usr/ports has been updated, you actually want +# to delete all installed packages and start over again, hence why people used +# to run this stuff in jails, etc. + +. $(dirname $0)/package-build.inc.sh + +DEBUG=${DEBUG:-0} +DEP_CHECK_ONLY=${DEP_CHECK_ONLY:-0} + +# make options, for package building +LOGDIR=`mktemp -d "/tmp/$(basename $0 .sh)-$(date +%Y%m%d-%H:%M:%S).X"` +TARGET="`cd $(dirname $0);pwd -P`/../pkg/" + +# Package target +MAKE_ARGS="$MAKE_ARGS PACKAGES=$TARGET" +MAKE_ARGS="$MAKE_ARGS BATCH=yes PACKAGE_BUILDING=yes" + +# www/py-cherrypy +MAKE_ARGS="${MAKE_ARGS} WITH_APACHE=yes" +# net-mgmt/net-snmp +MAKE_ARGS="${MAKE_ARGS} WITHOUT_PERL=yes" +# net-mgmt/nagios-plugins +MAKE_ARGS="${MAKE_ARGS} WITH_FPING=yes" +# threads is broken in the version (atleast up to 9.0 - 20120213) +# Should be fix in current version in linux, but for some reason +# Not yet in BSD. We don't need threads +MAKE_ARGS="${MAKE_ARGS} WITHOUT_THREADS=yes" + +p_info Log directory ${LOGDIR} +p_info Make options are: +p_info $(p_list ${MAKE_ARGS}) + +p_info Checking whether there are currently unmet dependencies +RETVAL=0 +PKGS=`pkg_info | awk '{print $1}'` +for PKG in ${PKGS} ; do + PKG_DEP_FAIL="" + for PKGDEP in `pkg_info -qr ${PKG} | awk '{print $2}'`; do + pkg_info -e ${PKGDEP} + if [ $? -eq 1 ]; then + PKG_DEP_FAIL="${PKG_DEP_FAIL} ${PKGDEP}" + fi + done + if [ -n "${PKG_DEP_FAIL}" ]; then + p_err Unmet dependencies found at $PKG, please fix manually: + p_err $(p_list ${PKG_DEP_FAIL}) + RETVAL=1 + fi +done +if [ $RETVAL -eq 1 ]; then + exit 1 +fi +p_info Dependecy check ok + +if [ ${DEP_CHECK_ONLY} -eq 1 ]; then + exit 0 +fi +echo "" + + +if [ -d "${TARGET}/All" ]; then + p_warn "Deleted all (old) packages at ${TARGET}" + rm -R $TARGET/* +fi +p_info Created target dir ${TARGET}/All +mkdir -p ${TARGET}/All + +PORTSDIR='/usr/ports' +WL_PORTSDIR="`cd $(dirname $0);pwd -P`/../ports/" + +# XXX: Make file dynamic +# Dirty quirk to allow comments in part below +PACKAGE_LIST=`cat <>$LOGFILE 1>> $LOGFILE + if [ $? -ne 0 ]; then + p_err building ${PACKAGE} FAILED, logging at $LOGFILE + exit 1 + fi + fi + ${MAKE} package-links + PKGNAME=`make extract-message | awk '{print $NF}'` + pkg_create -b $PKGNAME $TARGET/All/${PKGNAME}.tbz + + p_info Checking dependencies + for PKG in $PKGDEP_PKGS; do + echo "${BUILD_LIST}" | grep -q "$PKG" + if [ $? -eq 0 ]; then + # Already packaged + p_info ${PKG} Already packaged + else + echo $@ | grep -q "${PKG}" + if [ $? -eq 0 ]; then + p_info ${PKG} Already planned + else + set $@ ${PKG} + fi + fi + done + p_info Packaging $PACKAGE succesfull +done + +p_info $(echo ${BUILD_LIST} | wc -w) packages build succesfully + +if [ ${DEBUG} -eq 0 ]; then + rm -R ${LOGDIR} +else + p_info Debugging enabled ${LOGDIR} saved +fi + Index: /branches/releng-9.0-ileiden/nanobsd/tools/passwd-image.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/passwd-image.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/passwd-image.sh (revision 10119) @@ -0,0 +1,52 @@ +#!/bin/sh +# Change password if image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + p_err "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} passwd + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /branches/releng-9.0-ileiden/nanobsd/tools/prepare-nfs.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/prepare-nfs.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/prepare-nfs.sh (revision 10119) @@ -0,0 +1,114 @@ +#!/bin/sh +# Get nanobsd image ready to be booted from NFS +# NFS instructions at +# http://www.wirelessleiden.nl/projects/nodefactory/wiki/TestingViaNFS + +IMAGE_BASE="/usr/obj/nanobsd.wleiden" +IMAGE_SLICE="${IMAGE_BASE}/_.disk.image" +IMAGE_FULL="${IMAGE_BASE}/_.disk.full" +IMAGE_NFS="${IMAGE_SLICE}-nfs" +# Structure: $NFSBASE +# ./cfg = /cfg mounpoint +# ./base = / mountpoint +# ./nfs = /nfs mountpoint +NFSBASE='/usr/data' +MNT="${NFSBASE}/base" +CFG="${NFSBASE}/cfg" +NFS="${NFSBASE}/nfs" + +p_err() { + echo "[ERROR] $*" 1>&2 +} + +usage() { + ( + echo "Usage: $0 [-fn]" + echo " -f force umount, memory device whipes" + echo " -n do not delete/clean cfg partition" + echo " -u unload/eject procedure" + ) 1>&2 + exit 2 +} + +# No Root, no fun +if [ `id -u` -ne 0 ]; then + p_err "Root only" + exit 1 +fi + +# Argument parsing using getopts +OPT_FORCE=0 +OPT_CLEAN=1 +OPT_UNLOAD=0 +while getopts "hfnu" OPT; do + case "$OPT" in + f) OPT_FORCE=1;; + n) OPT_CLEAN=0;; + u) OPT_UNLOAD=1;; + h) usage;; + \?) usage;; + esac +done + + +# Eeks, we are going to be nasty, hold your horses +if [ $OPT_FORCE -eq 1 -o $OPT_UNLOAD -eq 1 ]; then + umount -f $MNT + for MD in `mdconfig -l -v | grep "${IMAGE_NFS}" | awk '{print $1}'`; do + mdconfig -d -u $MD + done +fi + +if [ $OPT_UNLOAD -eq 1 ]; then + echo "All done" + exit 1; +fi + +# If mount point is already used, bail out +if mount | grep -q "${MNT}"; then + p_err "'${MNT}' already mounted" + exit 1 +fi + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMAGE_NFS}"; then + MD=`mdconfig -l -v | grep "${IMAGE_NFS}" | cut -c -4` + p_err "'${IMAGE_NFS}' already mounted at '$MD'" + exit 1 +fi + + +# Prepare image for use with NFS +cp -v ${IMAGE_SLICE} ${IMAGE_NFS} + +MD=`mdconfig -a -t vnode -f ${IMAGE_NFS}` +mount /dev/${MD}a ${MNT} + +# Config files lives at NFS location +echo "mount -t nfs -o ro 192.168.4.1:${CFG}" > ${MNT}/conf/default/etc/remount + +# Create nfs mount location +mkdir ${MNT}/nfs + +# $MNT, $CFG, $NFS lives at nfs +( +echo "192.168.4.1:${MNT} / nfs ro 0 0" +echo "192.168.4.1:${CFG} /cfg nfs rw,noauto 0 0" +echo "192.168.4.1:${NFS} /nfs nfs rw 0 0" +) > /${MNT}/conf/base/etc/fstab + +if [ ${OPT_CLEAN} -eq 1 ]; then + echo "DELETING all files at ${CFG}, start fresh ;-)" + rm -vfR ${CFG}/* +else + echo "PRESERVING all files at ${CFG}" +fi + +echo "DELETING all files at ${NFS}, start fresh ;-)" +rm -vfR ${NFS}/* + +# Allow build images to be used directy via NFS +ln -f ${IMAGE_SLICE} ${NFS}/`basename ${IMAGE_SLICE}` +ln -f ${IMAGE_FULL} ${NFS}/`basename ${IMAGE_FULL}` + +# XXX: Proper unmounting after all has finished Index: /branches/releng-9.0-ileiden/nanobsd/tools/rsync-image.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/rsync-image.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/rsync-image.sh (revision 10119) @@ -0,0 +1,43 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=${1:-10.0.42.1} +BASEDIR=`dirname $0` +if [ -n "$2" ]; then + IMG=$2 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.image +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi + +# Make sure we are root from this point on +f_check_root + + +# Prepare image as filesystem +MNT=`mktemp -d -t $(basename $0)` +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}a ${MNT} || exit 1 + +# On error clean up nicely +trap "cd /; umount ${MNT}; rmdir ${MNT}; mdconfig -d -u ${MD}" 0 1 2 3 15 + +#XXX: Might want to do in one fly +# Set to write mode +ssh $HOST mount -uwo noatime / || exit 1 +# Sync changes +rsync -av --exclude=/dev --exclude=/etc --exclude=/var ${MNT}/ ${HOST}:/ || exit 1 +# Set to read-only mode again +ssh $HOST mount -ur / || exit 1 + +exit 0 Index: /branches/releng-9.0-ileiden/nanobsd/tools/test-inc.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/test-inc.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/test-inc.sh (revision 10119) @@ -0,0 +1,5 @@ +#!/bin/sh +. $(dirname $0)/package-build.inc.sh + +f_time sleep 5 + Index: /branches/releng-9.0-ileiden/nanobsd/tools/upload-image.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/upload-image.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/upload-image.sh (revision 10119) @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Upload image to the 'distribution' server. First try WL network, +# else use inet as last resort. Need to have shell access to distribution server. +# +# XXX: Needs Type and such as well properly +# +# Rick van der Zwet + +SERVERS="sunfire.wleiden.net sunfire.wirelessleiden.nl" +TIMESTAMP=`date "+%Y%m%d-%H%M"` +BASEDIR=`dirname $0` +SSH_USER=${SSH_USER:-$USER} +TYPE="$1" +RELEASE="$2" + +. $BASEDIR/package-build.inc.sh + +if [ -z "$RELEASE" ]; then + echo "Usage: $0 " + exit 1 +fi + +# Make sure we find the right image +if [ "$TYPE" = "full" ]; then + find_disk_full "" +elif [ "$TYPE" = "image" ]; then + find_disk_image "" +else + echo "Usage: $0 " + exit 1 +fi + +check_reachable() { + ping -c 2 -t 1 -q $1 1>/dev/null 2>/dev/null + return $? +} + +# XXX: Hack this should actually be done during building phase +echo "# Compressing image '$IMG'" +gzip -v -k -f $IMG +IMG="$IMG.gz" + +echo "# Trying to upload to server, alarm messages are normal" +# Upload the image to the defined place +for SERVER in $SERVERS; do + if check_reachable $SERVER; then + TARGET="$SSH_USER@$SERVER:/usr/local/www/images/$RELEASE/node-$TYPE-$TIMESTAMP.img.gz" + echo "# Source: $IMG" + echo "# Target: $TARGET" + echo "# To cancel, please CTRL+C within 3 seconds" + sleep 3 + scp $IMG $TARGET + exit $? + fi +done + Index: /branches/releng-9.0-ileiden/nanobsd/tools/write-image.sh =================================================================== --- /branches/releng-9.0-ileiden/nanobsd/tools/write-image.sh (revision 10119) +++ /branches/releng-9.0-ileiden/nanobsd/tools/write-image.sh (revision 10119) @@ -0,0 +1,74 @@ +#!/bin/sh +# Wrapper allowing to write image to card writer + +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + + # Find object directory + eval `grep '^NANO_NAME=' ${CFG}` + OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists +fi +IMGSIZE=`ls -l ${IMG} | awk '{print $5 / 1024 / 1024}'` + +# Make sure we are root from this point on +f_check_root + +# Find which daX device holds a active flash drive +CARD_FOUND=0 +DA_LIST=`cd /dev/; echo da[0-9]` +for DA in ${DA_LIST}; do + diskinfo ${DA} 1>/dev/null 2>/dev/null + if [ $? -eq 0 ]; then + CARD_FOUND=1 + break + fi +done + +if [ ${CARD_FOUND} -eq 0 ]; then + p_err Sorry no flash card found at active devices, list searched: + p_err $(p_list ${DA_LIST}) + exit 1 +fi + +# Detect cardreader type/version +CARDREADER=`dmesg | grep ${DA}: | awk -F'[<>]' '/Removable Direct Access/ {print $2}' | tail -1` + +#XXX: Issue last chance warning, prompting the user to bail out +p_warn Going to write ${IMG} "(${IMGSIZE}MB)" to ${DA} "(${CARDREADER})" +p_warn 5 seconds to quit using CTRL+C +p_sleep 5 + +TMPFILE=`mktemp -t dd` +p_info Writing image... "(`date`)" +# Sending INFO to dd seems to confuse it sometimes so +# make it EXPERIMENTAL for now + +if [ -n "$ENHANCED_DD" ]; then + dd if=${IMG} of=/dev/${DA} bs=64k 2>${TMPFILE} & + DD_PID=$! + sleep 0.5 + while `ps ${DD_PID} >/dev/null`; do + kill -INFO ${DD_PID} + sleep 0.1 #Micro delay allow TMPFILE to populate + SIZE_DONE=`awk '/transferred/ {print $1}' ${TMPFILE}` + SIZE_DONE=`echo "${SIZE_DONE} / 1024 / 1024" | bc -l` + PERCENT_DONE=`echo "${SIZE_DONE} / ${IMGSIZE} * 100" | bc -l` + p_info `date "+%H:%m:%S"` `printf "%.02f MB (%.01f%%)" ${SIZE_DONE} ${PERCENT_DONE}` + p_sleep 10 + : > ${TMPFILE} + done +else + dd if=${IMG} of=/dev/${DA} bs=64k +fi +rm ${TMPFILE} +p_info Image writing succesfull at /dev/$DA "(`date`)" Index: /trunk/nanobsd/README.txt =================================================================== --- /trunk/nanobsd/README.txt (revision 10119) +++ /trunk/nanobsd/README.txt (revision 10119) @@ -0,0 +1,12 @@ +Please find the build procedure and other supporting documents at + +http://www.wirelessleiden.nl/projects/nodefactory/wiki/NanoBSD + += Directory layout = +README.txt = currently reading +cfg-files = extension for auto populate /cfg slice in image +cfg/kernel.* = kernel config files, different hosts +cfg/nanobsd.* = nanobsd config files +files = extension for auto populate / slice in image +pkg = Packages to be installed +tools = Helper scripts for use after image Index: /trunk/nanobsd/cfg-files/local/captive/wlportal.tmpl =================================================================== --- /trunk/nanobsd/cfg-files/local/captive/wlportal.tmpl (revision 10119) +++ /trunk/nanobsd/cfg-files/local/captive/wlportal.tmpl (revision 10119) @@ -0,0 +1,64 @@ + + + Welkom bij Wireless Leiden captive portal + + + +

%(status_msg)s

+

Welkom bij Wireless Leiden

+For English see bottom of this page +

Internettoegang

+

U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. +

Instellen proxy in browser

+ In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.
+ Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.
+ Gedetailleerde instructies kunt u vinden op onze website. +

+N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. + +

Eerlijk gebruikmaken van Wireless Leiden

+ Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.
+ De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.
+Geef hieronder aan of u accoord gaat met deze voorwaarden: +
+ + +
+ + +
+

Welcome to Wireless Leiden

+

Internet access

+

You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.
+ For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.
+ Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.
+ Detailed instructions can be downloaded from our website. +

+

+ Please note that you can only access the internet via your webbrowser, use of other applications like Microsoft Outlook is not possible (you have to use webmail). + +

Fair Use of Wireless Leiden

+ The use of the Wireless Leiden network and the internet connection are free and no registration is required. However, you should refrain from any illegal activity and not provide harm of any kind or inconvenience to other users.
+ The Wireless Leiden Foundation does not accept any responsibility whatsoever for damage related to or originated from the use of the network. + +
+ + +
+ +
+
+ + Wireless Leiden Homepage +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ + Index: /trunk/nanobsd/cfg/extra.src.head =================================================================== --- /trunk/nanobsd/cfg/extra.src.head (revision 10119) +++ /trunk/nanobsd/cfg/extra.src.head (revision 10119) @@ -0,0 +1,4 @@ +# Used for building against HEAD aka -CURRENT +NANO_NAME=$NANO_NAME.head +NANO_SRC=/usr/src-head + Index: /trunk/nanobsd/cfg/kernel.net4801 =================================================================== --- /trunk/nanobsd/cfg/kernel.net4801 (revision 10119) +++ /trunk/nanobsd/cfg/kernel.net4801 (revision 10119) @@ -0,0 +1,127 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I586_CPU +cpu I686_CPU +ident GEODE + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options ADAPTIVE_GIANT # Giant mutex is adaptive. +options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling + +# Bus support. +device pci + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +device wlan_scan_ap # 802.11 AP mode scanning. +device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE +device wlan_xauth #802.11 external authenticator support +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +options TMPFS +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + Index: /trunk/nanobsd/cfg/kernel.wleiden =================================================================== --- /trunk/nanobsd/cfg/kernel.wleiden (revision 10119) +++ /trunk/nanobsd/cfg/kernel.wleiden (revision 10119) @@ -0,0 +1,209 @@ +# +# GENERIC -- Generic kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# The handbook is also available locally in /usr/share/doc/handbook +# if you've installed the doc distribution, otherwise always see the +# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the +# latest information. +# +# An exhaustive list of options and more detailed explanations of the +# device lines is also present in the ../../conf/NOTES and NOTES files. +# If you are in doubt as to the purpose or necessity of a line, check first +# in NOTES. +# +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.7 2008/04/10 22:09:22 rwatson Exp $ + +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident WLEIDEN + +# options CLK_USE_I8254_CALIBRATION + +options CPU_ELAN # (mandatory) The ElanSC520 cpu has a number of quirks that needs to + # be worked around, in particular the i8254 timer ticks + # at a non-standard rate of 1189161Hz. + +options CPU_SOEKRIS # (recommended) This option sets things up for the soekris board. + # Amongst other things, this makes /dev/led/error appear. + +# CPU_GEODE is for the SC1100 Geode embedded processor. This option +# is necessary because the i8254 timecounter is toast. +options CPU_GEODE # net4801 requirement + +options HZ=250 # (recommended) It is necessary to increas HZ to at least 150 in order + # to take advantage of the "ELAN" timecounter. + +options AH_SUPPORT_AR5416 + +options NO_SWAPPING # We do not have a swap space, so swapping would be pretty useless + +options SW_WATCHDOG # Watchdog option to verify various tasks and reboot if needed + + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount +options NFSCLIENT # Network Filesystem Client +#options NFSLOCKD # Network Lock Manager +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] +options KTRACE # ktrace(1) support +#options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +# options ADAPTIVE_GIANT # Giant mutex is adaptive. +# options STOP_NMI # Stop CPUS using NMI instead of IPI +options DEVICE_POLLING # Enable support for device polling +options TMPFS + +# Bus support. +device pci +device eisa + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# Add suspend/resume support for the i8254. +device pmtimer + +# Serial (COM) ports +# device sio # 8250, 16[45]50 based serial ports +device uart # Generic UART driver + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device if_bridge # Bridge support + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +#device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet +device dc # DEC/Intel21143 and clone 10/100 Ethernet + +# Wireless NIC cards +device wlan # 802.11 support. +device wlan_wep # 802.11 WEP support. +device wlan_ccmp # 802.11 CCMP support. +device wlan_tkip # 802.11 TKIP support. +device wlan_amrr # AMRR transmit rate control algorithm. +# device wlan_scan_ap # 802.11 AP mode scanning. +# device wlan_scan_sta # 802.11 STA mode scanning. +device ath # Atheros pci/cardbus NIC's. +device ath_hal # Atheros HAL (Hardware Access Layer). +device ath_rate_sample # SampleRate tx rate control for ath. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +# device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +#device gif # IPv6 and IPv4 tunneling +#device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device usb # USB Bus (required) +#device udbp # USB Double Bulk Pipe devices +#device ugen # Generic +#device uhid # “Human Interface Devices” +#device ukbd # Keyboard +#device ulpt # Printer +#device umass # Disks/Mass storage - Requires scbus and da +#device ums # Mouse +device ural # Ralink Technology RT2500USB wireless NICs +#device urio # Diamond Rio 500 MP3 player +#device uscanner # Scanners +# USB Ethernet, requires mii +device aue # ADMtek USB Ethernet +device axe # ASIX Electronics USB Ethernet +device cdce # Generic USB over Ethernet +device cue # CATC USB Ethernet +device kue # Kawasaki LSI USB Ethernet +device rue # RealTek RTL8150 USB Ethernet +device udav # Davicom DM9601 USB Ethernet + +# +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +options NETGRAPH # netgraph(4) system +options NETGRAPH_SOCKET +options NETGRAPH_MPPC_ENCRYPTION +options NETGRAPH_IFACE +options NETGRAPH_PPP +options NETGRAPH_TEE +options NETGRAPH_PPPOE +options NETGRAPH_ETHER + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + + +# Firewall fore the use of fancy stuff, like forwarding ports +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPFIREWALL_FORWARD +options IPFIREWALL_NAT +options LIBALIAS # Required for IPFIREWALL_NAT + +# Uncomment if you like to compile a debugging kernel +#options KDB +#options DDB +#options BREAK_TO_DEBUGGER +#options KDB_UNATTENDED +#makeoptions DEBUG=-g Index: /trunk/nanobsd/cfg/nanobsd.wleiden =================================================================== --- /trunk/nanobsd/cfg/nanobsd.wleiden (revision 10119) +++ /trunk/nanobsd/cfg/nanobsd.wleiden (revision 10119) @@ -0,0 +1,320 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# HACK using the CFG variable set externally as reference or the $2 set +# by nanobsd.sh to allow proper secify of KERNL/PKG location +NANO_CONF_DIR=$(cd $(dirname ${CFG:-$2}); pwd -P) + +NANO_NAME=wleiden.iris.trunk # object naam in /usr/obj/nanobsd.{obj} +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) +#NANO_DRIVE=ad1 # NanoBSD disk id, default is ad0 + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +# 200MB should is suffient of every image we might as well use all available +# space, but that increases update times +#NANO_CODESIZE=409600 # volume van de code slice, default = max beschikbaar +NANO_CODESIZE=819200 +#NANO_RAM_ETCSIZE= # volume van de /etc ramdisk, default 10240 (512bs) +#NANO_RAM_TMPVARSIZE= # volume van de /var ramdisk, default 10240 (512bs) +NANO_RAM_TMPVARSIZE=20480 + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +elif [ "`sysctl hw.model`" = "AMD Sempron(tm) Processor 3000+" ]; then + # Parralel builds on this friend fails somehow + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# LET OP, optie nodig bij het gebruik van Alix bordjes ivm tinybios & LBA +# ondersteuning. Specifieke flash-geometrie instellingen vereist. +#NANO_BOOT0CFG="-o nopacket -s 1 -m 3" + +# +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +# 46MB +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry +# Calculated value of PEAK hardware 1GB CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +NANO_MEDIASIZE=`expr 1008451584 / 512` + +#using logical values reported by Alix board + +NANO_HEADS=32 +NANO_SECTS=63 + +#values for PCEngines blanc 1 GB cards +#NANO_MEDIASIZE='expr 1014644736 / 512' +#C/H/S phys 1966/16/63, logical 983/32/63 + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + +cust_serial_ttys() ( + chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyv[1-9]/s/on /off/' -e '/ttyu0/s/off/on/' -e '/ttyu0/s/dialup/ansi/' /etc/ttys +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le ${PPLEVEL:-0} ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +customize_cmd cust_serial_ttys +#customize_cmd cust_install_lvrouted +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches + +# Extra config if existing is not suffient +if [ -n "$EXTRA_NANOBSD_CONFIG" ]; then + for FILE in $EXTRA_NANOBSD_CONFIG; do + # File relative to config directory + if [ "`echo $FILE | cut -c1`" != "/" ]; then + FILE=$NANO_CONF_DIR/$FILE + fi + pprint 1 "Loading $FILE" + . $FILE || exit 1 + done +fi Index: /trunk/nanobsd/files/FILE_LISTING.txt =================================================================== --- /trunk/nanobsd/files/FILE_LISTING.txt (revision 10119) +++ /trunk/nanobsd/files/FILE_LISTING.txt (revision 10119) @@ -0,0 +1,38 @@ +# File or directory and it's purpose in this build +./boot.config # Serial console output +./boot/loader.conf # Serial console output +./conf/default/etc/.work_around_till_fix_of_pr_134513 +./conf/default/var/.work_around_till_fix_of_pr_134513 +./etc/crontab # Extra calls for pen & ntp +./etc/namedb/named.conf # Custom named configuration +./etc/ntp.conf # Custom ntp configuration +./etc/rc.conf # Highly customized rc.conf +./etc/syslog.conf # Remote syslogging enabing +./etc/ttys-nanobsd.patch # Serial console output +./root/.ssh # Template directory for authorized_keys file +./tools/change_password # Allow persistent changing of root password +./tools/dhcpd_snmp.sh # XXX +./tools/save_sshkeys # Allow persistent saving of host ssh keys +./tools/syslogd_flags.sh # XXX +./tools/updatep1 # phk image on slice 1 update script +./tools/updatep2 # phk image on slice 2 update script +./tools/wl-config # WL node specific configuration fetch and update script +./tools/wl-version # Version debug tool, gather statistics for debugging +./usr/lib/aout/.keep_me # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir +./usr/local/bin/ssh-copy-id # XXX +./usr/local/bin/write_ntpdrift # XXX +./usr/local/etc/dhcpd-snmp.conf # dhcp-snmp cofiguration +./usr/local/etc/dhcpd.conf # Initial custom dhcpd.conf +./usr/local/etc/nrpe.cfg # XXX +./usr/local/etc/ntp.drift # XXX +./usr/local/etc/rc.d/lvrouted.sh # lvrouted startup script +./usr/local/etc/rc.d/nanobsd-motd # Allow updating motd with persistent save +./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation +./usr/local/etc/rc.d/pen # Pen startup script +./usr/local/etc/rc.d/sort-proxies # Pen optimizer script +./usr/local/etc/rc.d/wlweb # WLweb configuration webinterface startup script +./usr/local/sbin/dhcpd-snmp # dhcp-snmp 'binary' +./usr/local/sbin/lvrouted.opt # lvrouted 'binary' +./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB +./usr/local/share/snmp/snmpd.conf # Custom snmpd configuration +./usr/local/wlweb # WLweb configuration webinterface program Index: /trunk/nanobsd/files/boot.config =================================================================== --- /trunk/nanobsd/files/boot.config (revision 10119) +++ /trunk/nanobsd/files/boot.config (revision 10119) @@ -0,0 +1,1 @@ +-h Index: /trunk/nanobsd/files/boot/loader.conf =================================================================== --- /trunk/nanobsd/files/boot/loader.conf (revision 10119) +++ /trunk/nanobsd/files/boot/loader.conf (revision 10119) @@ -0,0 +1,27 @@ +# No funky Beasty, but boring default, and gone in 1 second to make it go quick :-( +beastie_disable="YES" +autoboot_delay="1" + +# Some apache hyper speed module, we properly this don't need this, but still +# saves a startup warning +accf_http_load="YES" + +# Named started nagging, claiming (to many) files if unable to reach master for +# quite some time +kern.maxfiles="5000" + +# The unlucky NET4801 does not properly support DMA (we don't need it anyways) +# http://lists.soekris.com/pipermail/soekris-tech/2008-August/014788.html +hw.ata.ata_dma="0" + +# Prefers stability over preformance disable Write Caching (man 4 ata) +hw.ata.wc="0" + +# Force output to run trough the comconsole, no exceptions +console="comconsole" + +# modules for usb-lan adapters +if_mos_load="YES" +if_aue_load="YES" +if_axe_load="YES" + Index: /trunk/nanobsd/files/etc/crontab =================================================================== --- /trunk/nanobsd/files/etc/crontab (revision 10119) +++ /trunk/nanobsd/files/etc/crontab (revision 10119) @@ -0,0 +1,29 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD: src/etc/crontab,v 1.32.32.1 2008/11/25 02:59:29 kensmith Exp $ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +HOME=/var/log +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a +# +# Write updates for ntp.drift to flash +0 12 * * * root /usr/local/bin/write_ntpdrift Index: /trunk/nanobsd/files/etc/ipfw.sh =================================================================== --- /trunk/nanobsd/files/etc/ipfw.sh (revision 10119) +++ /trunk/nanobsd/files/etc/ipfw.sh (revision 10119) @@ -0,0 +1,68 @@ +#!/bin/sh - + +# Based on /etc/rc.firewall + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback + +############ + +# By default no firewalling +${fwcmd} add 65000 pass all from any to any + +# Transproxy/WLportal/Captive portal +${fwcmd} add 10000 allow tcp from any to localhost 80 +${fwcmd} add 10001 allow tcp from any to me 80 + +############ +# Reserved: Whitelist rule numbers +# 10002 - 10009 +NR=10002 + for IP in $captive_portal_whitelist; do + ${fwcmd} add $NR allow tcp from $IP to not 172.16.0.0/12 dst-port 80 + NR=`expr $NR + 1` +done + +############ +# Reserved: WLPortal rule numbers +# 10010 - 10099 + +# Forward rules work without a base address, so needed a loop over all inet4 adresses +for INF in $captive_portal_interfaces; do + ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12 80 in via ${INF} +done Index: /trunk/nanobsd/files/etc/motd =================================================================== --- /trunk/nanobsd/files/etc/motd (revision 10119) +++ /trunk/nanobsd/files/etc/motd (revision 10119) @@ -0,0 +1,3 @@ +Stiching Wireless Leiden Node + +WWW: http://www.wirelessleiden.nl Index: /trunk/nanobsd/files/etc/newsyslog.conf =================================================================== --- /trunk/nanobsd/files/etc/newsyslog.conf (revision 10119) +++ /trunk/nanobsd/files/etc/newsyslog.conf (revision 10119) @@ -0,0 +1,45 @@ +# configuration file for newsyslog +# $FreeBSD: src/etc/newsyslog.conf,v 1.52.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +# Entries which do not specify the '/pid_file' field will cause the +# syslogd process to be signalled when that log file is rotated. This +# action is only appropriate for log files which are written to by the +# syslogd process (ie, files listed in /etc/syslog.conf). If there +# is no process which needs to be signalled when a given log file is +# rotated, then the entry for that file should include the 'N' flag. +# +# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'. +# +# Note: some sites will want to select more restrictive protections than the +# defaults. In particular, it may be desirable to switch many of the 644 +# entries to 640 or 600. For example, some sites will consider the +# contents of maillog, messages, and lpd-errs to be confidential. In the +# future, these defaults may change to more conservative ones. +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 * JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 * JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC +/var/log/sendmail.st 640 10 * 168 B +/var/log/weekly.log 640 5 1 $W6D0 JN +/var/log/wtmp 644 3 * @01T05 B +/var/log/xferlog 600 7 100 * JC +/var/log/pen_wrapper.log 644 3 100 * J +/var/log/wlportal.log 664 3 100 * J /var/run/wlportal.pid +/var/log/wlweb-access.log 644 3 100 * J +/var/log/wlweb-error.log 644 3 100 * J +/var/log/snmpd.log 644 3 100 * J /var/run/snmpd.pid + + Index: /trunk/nanobsd/files/etc/nsswitch.conf =================================================================== --- /trunk/nanobsd/files/etc/nsswitch.conf (revision 10119) +++ /trunk/nanobsd/files/etc/nsswitch.conf (revision 10119) @@ -0,0 +1,16 @@ +# +# nsswitch.conf(5) - name service switch configuration file +# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# no NIS +group: compat +# group_compat: nis +hosts: files dns +networks: files +passwd: compat +# passwd_compat: nis +shells: files +services: compat +# services_compat: nis +protocols: files +rpc: files + Index: /trunk/nanobsd/files/etc/ntp.conf =================================================================== --- /trunk/nanobsd/files/etc/ntp.conf (revision 10119) +++ /trunk/nanobsd/files/etc/ntp.conf (revision 10119) @@ -0,0 +1,41 @@ +#XXX: Might need to be dynamic + +server 172.17.8.68 # proxy1 +server 172.17.143.4 # proxy2 +server 172.20.128.98 # proxy3 +server 172.16.2.254 # proxy4 +server 172.19.168.66 # proxy5 +server 172.16.3.146 # proxy6 +server 172.17.16.66 # proxy62 +server 172.17.0.1 # proxy7 +server 172.16.4.54 # proxy9 +server 172.22.0.66 # proxy10 +server 172.23.25.66 # proxy11 +server 172.16.3.98 # proxy13 +server 172.17.169.66 # proxy97 + +# and if all failes - use our local crummy clock +server 127.127.1.0 #stratum 10 +# Optional - to provide the surroundings +# with a accurate time - unsollicted. +# +# broadcast + +# This file is generated by 'ntp-genkey -d r' +# on any of the 3 time lords; and pulled +# from Genesis. +# +# keys /etc/ntp.keys + +# Limit the number of clients concurrent +# RQs' to the levels a simple not can +# sustain. Asumming 5Mbit this translates +# to some 5000 machines. + +# Ensure that our stats and drift files +# go to writable disk (/etc mounted RO +# on the flash-rom machines). +# +driftfile /var/db/ntp.drift + + Index: /trunk/nanobsd/files/etc/rc.conf =================================================================== --- /trunk/nanobsd/files/etc/rc.conf (revision 10119) +++ /trunk/nanobsd/files/etc/rc.conf (revision 10119) @@ -0,0 +1,70 @@ +## Building options +dumpdev="NO" # No kernel dumps as we don't have a place to + # store them +gateway_enable="YES" # Act like a gateway please +ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) + +# Firewall needed for port redirection (captive portal, splash screen) +firewall_enable="YES" +firewall_script="/etc/ipfw.sh" + +# NTP server needs working config with WL network or internet on boot +# so some warnings might pop up, but no harm +ntpdate_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" + +# We need no running mail server +sendmail_enable="NONE" + +# Don't let syslog accept input from other remote hosts +syslogd_enable="YES" +syslogd_flags="-s -A -c -b 127.0.0.1" + +# Remote login without DNS checking as it might not also be functionable +# -u0 prevent sshd from making DNS requests unless the authentication mechanism +# or configuration requires it. +sshd_enable="YES" +sshd_flags="-u0" + +# Don't update the motd as it not writeable, the update_nanobsd_motd is a +# simple wrapper found at /usr/local/etc/rc.d supporting this featureg +update_motd="NO" +update_nanobsd_motd="YES" + +## Port extentions +# Serve our clients some pretty cool IP address to at least get connected +# Also some low-memory footprint dns resolver +dnsmasq_enable="YES" + +# Monitoring deamons +nrpe2_enable="YES" +snmpd_enable="YES" +snmpd_flags="-a -LF w /var/log/snmpd.log" + +# Some nodes will serve as HTTP(S) proxy server +tinyproxy_enable="NO" + +## WL ports extentions +thttpd_enable="YES" +http302_enable="YES" + +lvrouted_enable="YES" +lvrouted_flags="-u -s s00p3rs3kr3t -m 28 -z 172.16.2.254,172.17.0.1,172.23.25.66,172.17.169.66" + +# Make sure generated ssh keys are saved +nanobsd_save_sshkeys_enable="YES" + +# Do some cool stuff with pen, like checking on best connections and reload, so +# need a wrapper instead of the conventional startup script +pen_wrapper_enable="YES" + +## Initial (network) configuration +# +hostname="ChangeMe.example.org" +# XXX: Maybe something cool (zero config) as initial configuration + +## Iperf server mode +# +iperf_enable="YES" Index: /trunk/nanobsd/files/etc/ssh/ssh_config =================================================================== --- /trunk/nanobsd/files/etc/ssh/ssh_config (revision 10119) +++ /trunk/nanobsd/files/etc/ssh/ssh_config (revision 10119) @@ -0,0 +1,5 @@ +Host *.wleiden.net + ForwardAgent yes + +Host 172.16.?.? + ForwardAgent yes Index: /trunk/nanobsd/files/etc/ssh/sshd_config =================================================================== --- /trunk/nanobsd/files/etc/ssh/sshd_config (revision 10119) +++ /trunk/nanobsd/files/etc/ssh/sshd_config (revision 10119) @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.1.2.1 2009/10/25 01:10:29 kensmith Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +# Note that some of FreeBSD's defaults differ from OpenBSD's, and +# FreeBSD has a few additional options. + +#VersionAddendum FreeBSD-20090522 + +#Port 22 +#Protocol 2 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to yes to enable built-in password authentication. +#PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable PAM authentication +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'no' to disable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server Index: /trunk/nanobsd/files/etc/sysctl.conf =================================================================== --- /trunk/nanobsd/files/etc/sysctl.conf (revision 10119) +++ /trunk/nanobsd/files/etc/sysctl.conf (revision 10119) @@ -0,0 +1,4 @@ +#XXX: Might needs to be dynamic as value depends on link length +dev.ath.0.acktimeout=35 +dev.ath.1.acktimeout=35 +dev.ath.2.acktimeout=35 Index: /trunk/nanobsd/files/etc/syslog.conf =================================================================== --- /trunk/nanobsd/files/etc/syslog.conf (revision 10119) +++ /trunk/nanobsd/files/etc/syslog.conf (revision 10119) @@ -0,0 +1,32 @@ +# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +*.* @loghost.wleiden.net +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!startslip +*.* /var/log/slip.log +!ppp +*.* /var/log/ppp.log Index: /trunk/nanobsd/files/root/.history =================================================================== --- /trunk/nanobsd/files/root/.history (revision 10119) +++ /trunk/nanobsd/files/root/.history (revision 10119) @@ -0,0 +1,1 @@ +link /etc/dot_history Index: /trunk/nanobsd/files/root/.ssh =================================================================== --- /trunk/nanobsd/files/root/.ssh (revision 10119) +++ /trunk/nanobsd/files/root/.ssh (revision 10119) @@ -0,0 +1,1 @@ +link /etc/dot_ssh Index: /trunk/nanobsd/files/root/.vimrc =================================================================== --- /trunk/nanobsd/files/root/.vimrc (revision 10119) +++ /trunk/nanobsd/files/root/.vimrc (revision 10119) @@ -0,0 +1,4 @@ +syntax on +set tabstop=4 +set shiftwidth=4 +set viminfo='50,n/tmp/viminfo Index: /trunk/nanobsd/files/tools/change_password =================================================================== --- /trunk/nanobsd/files/tools/change_password (revision 10119) +++ /trunk/nanobsd/files/tools/change_password (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/change_password,v 1.3.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +passwd root + +cfgslice=`grep '/cfg' /etc/fstab | cut -d \ -f 1` + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +cp /etc/master.passwd /etc/passwd /etc/pwd.db /etc/spwd.db /etc/group /cfg +umount /cfg +trap 1 2 15 EXIT Index: /trunk/nanobsd/files/tools/dhcpd_snmp.sh =================================================================== --- /trunk/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) +++ /trunk/nanobsd/files/tools/dhcpd_snmp.sh (revision 10119) @@ -0,0 +1,15 @@ +#!/bin/sh +# Write dhcpd ranges to dhcpd-snmp.conf + +DHCPD="/usr/local/etc/dhcpd.conf" +DHSNMP="/usr/local/etc/dhcpd-snmp.conf" +INDEX="0" + +DHPOOL=`cat ${DHCPD} | grep range | awk '{print $2"-"$3}' | cut -d";" -f1` +for range in ${DHPOOL} +do + $((INDEX=INDEX+1)) + echo "`echo "pool:" $INDEX", pool"$INDEX", "$range | \ + sed 's/^.*(//'`" >> $DHSNMP +done + Index: /trunk/nanobsd/files/tools/find-nanostation =================================================================== --- /trunk/nanobsd/files/tools/find-nanostation (revision 10119) +++ /trunk/nanobsd/files/tools/find-nanostation (revision 10119) @@ -0,0 +1,16 @@ +#!/bin/sh +# Discover nanostation using CDPv1 packets +# Credits: http://sidewynder.blogspot.com/2005/07/tcpdump-filter-for-capturing-only.html + +if [ "x$1" = "x" ]; then + echo "Usage: $0 [count]" 1>&2 + echo "Find (lost) Nanostation IP using 'count' CDPv1 packet(s)" + echo "Normally CDPv1 packets get send every minute" 1>&2 + echo "Interface hints: `ifconfig -l`" 1>&2 + exit 1 +fi +IFACE=$1 +COUNT=${2-1} + + +tcpdump -nn -v -i $IFACE -s 1500 -c $COUNT 'ether[20:2] == 0x2000' Index: /trunk/nanobsd/files/tools/health-check =================================================================== --- /trunk/nanobsd/files/tools/health-check (revision 10119) +++ /trunk/nanobsd/files/tools/health-check (revision 10119) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# Health check of an node, used for getting an diagnostics output. +# +# Rick van der Zwet - + +OK=0 +FAILED=1 + +echo "XXX: This is HIGHLY ALPHA, ask Rick before using it" + + +iface_unused() { + IFACE= + ifconfig -l | tr ' ' '\n' | grep -q || return + ifconfig | grep -q 'status: no carrier' && return + return +} + +for IFACE in vr1 vr2 ue0 ue1; do + if iface_unused ; then + continue + fi + echo "Finding NanoStation on Interlink Interface ()" + /tools/find-nanostation +done + +exit 1 + +echo "Direct Internet Access Check" +fetch -d -v -o/dev/null http://ams-ix.net + +echo "Proxy Internet Access Check" +env HTTP_PROXY=172.31.255.1:3128 fetch -v -o/dev/null http://ams-ix.net Index: /trunk/nanobsd/files/tools/save_sshkeys =================================================================== --- /trunk/nanobsd/files/tools/save_sshkeys (revision 10119) +++ /trunk/nanobsd/files/tools/save_sshkeys (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/save_sshkeys,v 1.4.6.1 2008/11/25 02:59:29 kensmith Exp $ +# + +set -e + +trap "umount /cfg" 1 2 15 EXIT +mount /cfg +mkdir -p /cfg/ssh +( +cd /etc/ssh +cp ssh_host_* /cfg/ssh +) +umount /cfg +trap 1 2 15 EXIT Index: /trunk/nanobsd/files/tools/syslogd_flag.sh =================================================================== --- /trunk/nanobsd/files/tools/syslogd_flag.sh (revision 10119) +++ /trunk/nanobsd/files/tools/syslogd_flag.sh (revision 10119) @@ -0,0 +1,7 @@ +#!/bin/sh +# Set hostname for syslogd -b flag + +HOST=`cat /etc/rc.conf.local | grep hostname | cut -d'"' -f2` +sed -i "" -e /syslogd_flags=/s/localhost/${HOST}/ /etc/rc.conf + + Index: /trunk/nanobsd/files/tools/update-wrapper =================================================================== --- /trunk/nanobsd/files/tools/update-wrapper (revision 10119) +++ /trunk/nanobsd/files/tools/update-wrapper (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Update the non-active partition, input will stdin if no argument given else a +# listing netcat sesion will be opened at the given port +# Can be used in the following setups: +# 1) Systems with CPU limits (e.g. no encryption and/or compression): +# ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper 3333 & +# cat nanobsd.image | nc node.example.org 3333 +# 2) Standard setup: +# cat nanobsd.image | ssh -oBatchMode=yes root@node.example.org /tools/update-wrapper +# +# Licence: BSD http://wirelessleiden.nl/LICENSE +# +# Rick van der Zwet + +. /etc/nanobsd.conf + +ROOT=`cd $(dirname $0); pwd -P` + +# Find out which partion to use +mount | grep -q ${NANO_DRIVE}s1 && UPDATE=$ROOT/updatep2 || UPDATE=$ROOT/updatep1 + +if [ -z $1 ]; then + $UPDATE +else + nc -l $1 | $UPDATE +fi Index: /trunk/nanobsd/files/tools/updatep1 =================================================================== --- /trunk/nanobsd/files/tools/updatep1 (revision 10119) +++ /trunk/nanobsd/files/tools/updatep1 (revision 10119) @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep1,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 1 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep1 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s1 > /dev/null ; then + echo "You are running partition 1 already" + echo "you probably want to use 'updatep2' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s1 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s1 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s1a + +gpart set -a active -i 1 ${NANO_DRIVE} + Index: /trunk/nanobsd/files/tools/updatep2 =================================================================== --- /trunk/nanobsd/files/tools/updatep2 (revision 10119) +++ /trunk/nanobsd/files/tools/updatep2 (revision 10119) @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 2004-2005 Poul-Henning Kamp. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/tools/tools/nanobsd/Files/root/updatep2,v 1.2.6.1 2008/11/25 02:59:29 kensmith Exp $ +# +# Script to update partition 2 on a NanoBSD system. +# +# usage: +# ssh somewhere cat image.s1 | sh updatep2 +# + +set -e + +. /etc/nanobsd.conf + +if mount | grep ${NANO_DRIVE}s2 > /dev/null ; then + echo "You are running partition 2 already" + echo "you probably want to use 'updatep1' instead" + exit 1 +fi + +# Blow away old system. +dd if=/dev/zero of=/dev/${NANO_DRIVE}s2 bs=1m count=1 > /dev/null 2>&1 + +# Copy in new system +dd of=/dev/${NANO_DRIVE}s2 obs=64k + +# Check that it worked +fsck_ffs -n /dev/${NANO_DRIVE}s2a + +# Update the /etc/fstab +trap "umount /mnt" 1 2 15 EXIT +mount /dev/${NANO_DRIVE}s2a /mnt +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/conf/base/etc/fstab +sed -i "" "s/${NANO_DRIVE}s1/${NANO_DRIVE}s2/" /mnt/etc/fstab +umount /mnt +trap 1 2 15 EXIT + +gpart set -a active -i 2 ${NANO_DRIVE} + Index: /trunk/nanobsd/files/tools/wl-config =================================================================== --- /trunk/nanobsd/files/tools/wl-config (revision 10119) +++ /trunk/nanobsd/files/tools/wl-config (revision 10119) @@ -0,0 +1,266 @@ +#!/bin/sh +# Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd) +# Based on the 'API' of Jasper +# Rick van der Zwet +# XXX: TODO, some proper error checking for fetch + + +# Slow connection = no connection +HTTP_TIMEOUT=3 + + +check_access() { + # Direct Access - Internal IP + BASEURL="http://172.16.4.46/wleiden/config/" + # Connectivity check + fetch -o /dev/null -q $BASEURL > /dev/null && return + echo "# WARN: Fetch via internal $BASEURL failed" + + # Direct Access - External DNS + BASEURL="http://132.229.112.21/wleiden/config/" + fetch -o /dev/null -q $BASEURL > /dev/null && return + echo "# CRIT: Fetch via external $BASEURL failed" + + exit 1 +} +check_access + + +# Default config to fetch +CONFIG=`hostname -s` + +# Determine it's statup and running location and some other hints +# Skip named.conf as it not planned in current release +FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf wleiden.yaml" +file_details() { + case "$1" in + 'authorized_keys') + STARTUP_LOC="/cfg/dot_ssh/${FILE}" + RUNNING_LOC="/etc/dot_ssh/${FILE}" + FILE_HINT="" + ;; + 'dnsmasq.conf') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart" + ;; + 'named.conf') + STARTUP_LOC="/cfg/namedb/${FILE}" + RUNNING_LOC="/etc/namedb/${FILE}" + FILE_HINT="/etc/rc.d/named restart" + ;; + 'rc.conf.local') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="/etc/rc.d/netif restart" + ;; + 'resolv.conf') + STARTUP_LOC="/cfg/${FILE}" + RUNNING_LOC="/etc/${FILE}" + FILE_HINT="" + ;; + 'wleiden.yaml') + STARTUP_LOC="/cfg/local/${FILE}" + RUNNING_LOC="/etc/local/${FILE}" + FILE_HINT="" + ;; + esac +} + +usage() { + ( + echo "Usage: $0 [-bn] [-c ] [-m ]" + echo " -b = batch mode, no user input" + echo " -c = default configuration to fetch" + echo " -n = do not mount config partition" + echo " -m all = copy config files to running & config partition [default]" + echo " -m startup = copy config files to config partition" + echo " -m testing = do not copy config files" + echo " -m running = copy config files to running partition" + echo " -m hack = copy running files to config partition" + ) 1>&2 + exit 2 +} + +# Argument parsing using getopts +USE_API=1 # Whether or not to use the webinterface +OPT_MOUNT=1 +OPT_RUNNING=1 +OPT_STARTUP=1 +OPT_HACK=0 # Hack for people without configuration managment and testing +OPT_BATCH=0 + +parse_options() { + while getopts "bc:nm:" OPT; do + case "$OPT" in + b) OPT_BATCH=1;; + c) CONFIG="${OPTARG}";; + n) OPT_MOUNT=0;; + m) case "$OPTARG" in + all) true;; + live) OPT_STARTUP=0;; + startup) OPT_RUNNING=0;; + testing) OPT_RUNNING=0; OPT_STARTUP=0; OPT_MOUNT=0;; + hack) OPT_RUNNING=0; OPT_STARTUP=0; OPT_HACK=1; USE_API=0;; + *) usage;; + esac;; + h) usage;; + \?) usage;; + esac + done + # Allow to override automatic mounting, in case of external mount 'managment' + if [ "$1" = "-n" ]; then + OPT_MOUNT=0 + fi + + if [ "${OPT_RUNNING}" -eq 1 ]; then + echo "# INFO: Storing new config files in running configuration" + fi + + if [ "${OPT_STARTUP}" -eq 1 ]; then + echo "# INFO: Storing new config files in startup configuration" + fi + + if [ "${OPT_HACK}" -eq 1 ]; then + echo "# WARN: Copy running configuration to startup configuration" + echo "# WARN: Please do mind to document/mention this changes somewhere" + fi + + # New line before the real work gets started + echo "" +} + + + + +# test validity of input +config_validator() { + INPUT="$1" + `grep -q "^${INPUT}\$" ${TMPDIR}/node_list.txt` + if [ $? -eq 0 ]; then + return 0 + else + echo "WARNING: Input '${INPUT}' is not valid, some hints..." + grep -i "${INPUT}" ${TMPDIR}/node_list.txt + return 1 + fi +} + + + +select_node() { + # List of all available nodes + fetch -q -o ${TMPDIR}/node_list.txt ${BASEURL} || exit 1 + + # Provide Nodelist and feedback + cat ${TMPDIR}/node_list.txt | column + echo ' THIS script adds the config from GENESIS to this operating system' + echo ' make sure you know what you are doing, if not press control-C' + echo ' ENTER CONFIG NAME ......(and press enter)' + + if [ ${OPT_BATCH} -eq 1 ]; then + config_validator "${CONFIG}" + if [ $? -eq 1 ]; then + echo "ERROR: Please provide valid config" 1>&2 + exit 1 + fi + else + # Have the user to select the right node + INVALID_CONFIG=1 + while [ ${INVALID_CONFIG} -eq 1 ]; do + # Ask for node name, play around with prev option + echo -n "Name [${CONFIG}]: " + read INPUT + if [ -z "${INPUT}" ]; then + INPUT=${CONFIG} + else + CONFIG=${INPUT} + fi + + config_validator "${INPUT}" + if [ $? -eq 0 ]; then + INVALID_CONFIG=0 + fi + done + fi +} + + + + +# Copy file, saving some bits if no change needed +copy_file() { + SOURCE=$1 + TARGET=$2 + diff -I '^# Generated at ' ${SOURCE} ${TARGET} 2>/dev/null + if [ $? -ne 0 ]; then + mkdir -p `dirname ${TARGET}` || exit 1 + cp ${SOURCE} ${TARGET} || exit 1 + return $? + fi + return 1 +} + +# Main function +main() { + TMPDIR=`mktemp -d -t $(basename $0)` + # Clear out tempdir when done + if [ ${OPT_MOUNT} -eq 1 ]; then + trap "rm -Rf ${TMPDIR}; umount /cfg; mount -ro noatime /; exit" 0 1 2 3 15 + else + trap "rm -Rf ${TMPDIR}; exit" 0 1 2 3 15 + + fi + + # Mount if requested + if [ ${OPT_MOUNT} -eq 1 ]; then + mount -uwo noatime / + mount /cfg + fi + + # Select node from web-interface + if [ ${USE_API} -eq 1 ]; then + select_node + fi + + # Worker, place all files in required directory + for FILE in ${FILES}; do + if [ ${USE_API} -eq 1 ]; then + # Fetch needed file + FRESH_LOC=${TMPDIR}/${FILE} + fetch -q -o ${FRESH_LOC} ${BASEURL}/${CONFIG}/${FILE} || exit 1 + fi + + # Needed file details, like locations and hints + file_details ${FILE} + + echo "# INFO: Working on file: '${FILE}'" + # Copy file boot location + if [ ${OPT_STARTUP} -eq 1 ]; then + copy_file ${FRESH_LOC} ${STARTUP_LOC} + fi + + # Copy file running location + if [ ${OPT_RUNNING} -eq 1 ]; then + copy_file ${FRESH_LOC} ${RUNNING_LOC} + if [ $? -eq 0 ]; then + echo "# INFO: '${FILE}' changed" + if [ -n "${FILE_HINT}" ]; then + echo "# INFO: For instant activate: ${FILE_HINT}" + echo "" + fi + fi + fi + + # Direct copy + if [ ${OPT_HACK} -eq 1 ]; then + # No checking, just dumb try to copy mode + cp -v ${RUNNING_LOC} ${STARTUP_LOC} + fi + done + + exit 0 +} + +parse_options $* +main Index: /trunk/nanobsd/files/tools/wl-version =================================================================== --- /trunk/nanobsd/files/tools/wl-version (revision 10119) +++ /trunk/nanobsd/files/tools/wl-version (revision 10119) @@ -0,0 +1,35 @@ +#!/bin/sh +# Get bare minimal information of node, for the use of easy debugging +# Rick van der Zwet + +# Trac specific code +echo "----" +echo "{{{" + +# Introduction +echo "Generated by $USER@`hostname`" +echo "Date: `date`" + +# Kernel information +uname -a | fold + +# Mount information, for the use of checking which slize is usd +mount + +# static iinformation, on image, like build, time, who, +VERSION='/tools/wl-release.txt' +cat $VERSION + +if [ -r /VERSION ]; then + cat /VERSION + seperator +fi + +# Current ip configuration +ifconfig -a + +# XXX: Configuration specifics + +# Trac specific code +echo "}}}" +echo "----" Index: /trunk/nanobsd/files/usr/local/bin/http302 =================================================================== --- /trunk/nanobsd/files/usr/local/bin/http302 (revision 10119) +++ /trunk/nanobsd/files/usr/local/bin/http302 (revision 10119) @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Only purpose is to send somebody to the Captive Portal +# +URL=${URL:-http://172.31.255.1/wlportal} + +# Send information to client +echo -e "HTTP/1.1 302 OK\r" +echo -e "Location: $URL\r" +echo -e "\r" + Index: /trunk/nanobsd/files/usr/local/bin/mvim =================================================================== --- /trunk/nanobsd/files/usr/local/bin/mvim (revision 10119) +++ /trunk/nanobsd/files/usr/local/bin/mvim (revision 10119) @@ -0,0 +1,10 @@ +#!/bin/sh +# +# Wrapper to support file hacking on read-only file systems more easily +# +# Rick van der Zwet + + +mount -uwo noatime || exit +vim $* +mount -uro noatime / Index: /trunk/nanobsd/files/usr/local/bin/pen_wrapper =================================================================== --- /trunk/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) +++ /trunk/nanobsd/files/usr/local/bin/pen_wrapper (revision 10119) @@ -0,0 +1,121 @@ +#!/bin/sh +# Pen proxy wrapper, periodic check for best connections +# Stichting Wireless Leiden +# Rick van der Zwet + +BIND_ADDR=${1-172.31.255.1} +BIND_PORT=${2-3128} +DEBUG=0 + +#XXX: Really static list, some dynamic alternative prefered +PROXY_LIST="${3-172.17.8.68:3128 \ + 172.17.143.4:3128 \ + 172.20.128.98:3128 \ + 172.16.2.254:3128 \ + 172.19.168.66:3128 \ + 172.16.3.146:3128 \ + 172.17.16.66:3128 \ + 172.17.0.1:3128 \ + 172.16.4.54:3128 \ + 172.22.0.66:3128 \ + 172.23.25.66:3128 \ + 172.17.169.66:3128}" + + +TEST_URL="http://www.ams-ix.net/" +TEST_INTERVAL=`expr 30 \* 60` # Back-off period in seconds, re-testing period + + +# Don't touch, unless you know what you are doing +PIDFILE='/var/run/pen.pid' +PEN='/usr/local/bin/pen' +PEN_FLAGS="-b 30 -r -p ${PIDFILE} -o prio ${BIND_ADDR}:${BIND_PORT}" + +LOGFILE='/var/log/pen_wrapper.log' + +log() +{ + _datestamp=`date "+%Y-%m-%d %H:%M:%S"` + _msg="[${_datestamp}] $*" + if [ ${DEBUG} -eq 0 ]; then + echo "${_msg}" >> ${LOGFILE} + else + echo "${_msg}" + fi +} + +d_log() { + if [ ${DEBUG} -ne 0 ]; then + log $* + fi +} + +test_proxy() +{ + # Set proxy + PROXY=$1 + PORT=$2 + URL=$3 + export HTTP_PROXY="${PROXY}:${PORT}" + + # Attempted fetch + retstr=`fetch -T 3 -o /dev/null ${URL} 2>&1` + retval=$? + + # Store to list if successfull + if [ "${retval}" -eq 0 ]; then + BPS=`echo "${retstr}" | awk '/Bps/ {printf $4}'` + echo "${BPS} ${PROXY}" >> ${TMPFILE} + fi + return $retval +} + +sort_proxies() +{ + # Result holder + TMPFILE=`mktemp -t pen_wrapper` + + for _host in ${PROXY_LIST}; do + PROXY=`echo $_host | cut -d ":" -f1` + PORT=`echo $_host | cut -d ":" -f2` + _msg="Fetching '${TEST_URL}' via '${PROXY}:${PORT}' ..." + test_proxy ${PROXY} ${PORT} ${TEST_URL} && d_log ${_msg} "OK" || d_log ${_msg} "FAILED" + done + + _proxylist=`sort -nr ${TMPFILE} | awk '{print $2}' | tr '\n' ' '` + _cfg="0:0:1:1" + if [ -n "${_proxylist}" ]; then + _prio="0" + _proxy_arg="" + for _proxy in ${_proxylist}; do + _prio=`expr ${_prio} + 1` + _proxy_arg="${_proxy_arg} ${_proxy}:${PORT}:${_cfg}:${_prio}" + done + fi + # Clear out junk + rm -f ${TMPFILE} + NEW_PROXY_LIST="${_proxy_arg}" +} + + +## +# Main loop +LIVE_PROXY_LIST='' +while true; do + sort_proxies + if [ "${LIVE_PROXY_LIST}" != "${NEW_PROXY_LIST}" ]; then + log "INFO: New listing to be configured '${NEW_PROXY_LIST}'" + d_log "Live: ${LIVE_PROXY_LIST}" + d_log "New : ${NEW_PROXY_LIST}" + # Pen should only be started if alias exists + ifconfig | grep -q ${BIND_ADDR} + if [ $? -eq 0 ]; then + if [ -r ${PIDFILE} ]; then + kill `cat ${PIDFILE}` + fi + ${PEN} ${PEN_FLAGS} ${NEW_PROXY_LIST} + LIVE_PROXY_LIST="${NEW_PROXY_LIST}" + fi + fi + sleep ${TEST_INTERVAL} +done Index: /trunk/nanobsd/files/usr/local/bin/ssh-copy-id =================================================================== --- /trunk/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) +++ /trunk/nanobsd/files/usr/local/bin/ssh-copy-id (revision 10119) @@ -0,0 +1,50 @@ +#!/bin/sh + +# Shell script to install your public key on a remote machine +# Takes the remote machine name as an argument. +# Obviously, the remote machine must accept password authentication, +# or one of the other keys in your ssh-agent, for this to work. + +ID_FILE="${HOME}/.ssh/id_rsa.pub" + +if [ "-i" = "$1" ]; then + shift + # check if we have 2 parameters left, if so the first is the new ID file + if [ -n "$2" ]; then + if expr "$1" : ".*\.pub" >/dev/null; then + ID_FILE="$1" + else + ID_FILE="$1.pub" + fi + shift # and this should leave $1 as the target name + fi +else + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then + GET_ID="$GET_ID ssh-add -L" + fi +fi + +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then + GET_ID="cat ${ID_FILE}" +fi + +if [ -z "`eval $GET_ID`" ]; then + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 + exit 1 +fi + +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 + +cat <&2 + exit $EX_NOINPUT +fi + +# Compare files, ignore white spaces, modification, etc +diff -b -B -q ${SRC} ${DST}; RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # 2: DST does not yet, exists, 1: file differs + mount -uwo noatime /cfg + mkdir -p /cfg/local + cp ${SRC} ${DST} +fi + +exit $EX_OK Index: /trunk/nanobsd/files/usr/local/etc/dhcpd-snmp.conf =================================================================== --- /trunk/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/dhcpd-snmp.conf (revision 10119) @@ -0,0 +1,1 @@ +leases: /var/db/dhcpd.leases Index: /trunk/nanobsd/files/usr/local/etc/dhcpd.conf =================================================================== --- /trunk/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/dhcpd.conf (revision 10119) @@ -0,0 +1,7 @@ +ddns-update-style none; + +subnet 192.168.2.0 netmask 255.255.255.0 { + option domain-name-servers 192.168.2.1 ; + option routers 192.168.2.1 ; + range 192.168.2.50 192.168.2.99 ; +} Index: /trunk/nanobsd/files/usr/local/etc/nrpe.cfg =================================================================== --- /trunk/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/nrpe.cfg (revision 10119) @@ -0,0 +1,14 @@ +server_port=5666 +allowed_hosts=172.16.4.46 +nrpe_user=nagios +nrpe_group=nagios +command_timeout=60 + +command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 +command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 +command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 15% -c 10% -p / +command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var +command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70 +command[check_inet]=/usr/local/libexec/nagios/check_inet +command[check_inet2]=/usr/local/libexec/nagios/check_inet2 +command[check_lv]=/usr/local/libexec/nagios/check_lv Index: /trunk/nanobsd/files/usr/local/etc/ntp.drift =================================================================== --- /trunk/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/ntp.drift (revision 10119) @@ -0,0 +1,1 @@ +0.000 Index: /trunk/nanobsd/files/usr/local/etc/proxies.conf =================================================================== --- /trunk/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/proxies.conf (revision 10119) @@ -0,0 +1,12 @@ +172.17.8.68:3128 +172.17.143.4:3128 +172.20.128.98:3128 +172.16.2.254:3128 +172.19.168.66:3128 +172.16.3.146:3128 +172.17.16.66:3128 +172.17.0.1:3128 +172.16.4.54:3128 +172.22.0.66:3128 +172.23.25.66:3128 +172.17.169.66:3128 Index: /trunk/nanobsd/files/usr/local/etc/rc.d/http302 =================================================================== --- /trunk/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/rc.d/http302 (revision 10119) @@ -0,0 +1,27 @@ +#!/bin/sh +# +# PROVIDE: http301 +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# http302_enable="YES" +# +. /etc/rc.subr + +name=http302 +rcvar=`set_rcvar` + +command=/usr/local/bin/tcpserver +command_args="-R -H -l 0 172.31.255.1 8081 /usr/local/bin/http302 &" + +load_rc_config ${name} + +http301_enable=${http301_enable-"NO"} + +#### +# tcpserver does not generate a pid file + +run_rc_command "$1" + Index: /trunk/nanobsd/files/usr/local/etc/rc.d/iperf =================================================================== --- /trunk/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/rc.d/iperf (revision 10119) @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: iperf +# BEFORE: DAEMON +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable iperf in server mode: +# +# iperf_enable="YES" +# +. /etc/rc.subr + +name=iperf +rcvar=`set_rcvar` + +command=/usr/local/bin/iperf +command_args="-s -D" + +load_rc_config ${name} + +iperf_enable=${iperf_enable-"NO"} + +#### +# iperf does not generate a pid file +# iperf_pidfile=${iperf_pidfile-"/var/run/.pid"} +# pidfile="${iperf_pidfile}" + +run_rc_command "$1" + Index: /trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd =================================================================== --- /trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-motd (revision 10119) @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD: src/etc/rc.d/motd,v 1.9.10.1.4.1 2009/04/15 03:14:26 kensmith Exp $ +# + +# PROVIDE: nanobsd-motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="nanobsd_motd" +rcvar="update_nanobsd_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + echo -n 'Updating motd' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' ... /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + # XXX: Hack quick and dirty combine of /etc/rc.d/motd and /tools/savesshkeys + trap "umount /cfg" 1 2 15 EXIT + mount /cfg + cp $T /cfg/motd + chmod ${PERMS} /etc/motd + umount /cfg + trap 1 2 15 EXIT + + trap "mount -uro noatime /" 1 2 15 EXIT + mount -uwo noatime / + cp $T /etc/motd + chmod ${PERMS} /etc/motd + mount -uro noatime / + trap 1 2 15 EXIT + } + rm -f $T + + echo . +} + +load_rc_config $name +run_rc_command "$1" Index: /trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys =================================================================== --- /trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/rc.d/nanobsd-save-sshkeys (revision 10119) @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen +# REQUIRE: NETWORKING SERVERS sshd +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable nanobsd-save-sshkeys: +# +# nanobsd_save_sshkeys_enable="YES" +# + +. /etc/rc.subr + +name=nanobsd_save_sshkeys +rcvar=`set_rcvar` + +nanobsd_save_sshkeys_enable=${nanobsd_save_sshkeys_enable:-"NO"} + +start_cmd="save_sshkeys" +stop_cmd="save_sshkeys" + +save_sshkeys() { + MOUNTED_RW=0 + trap "umount /cfg" 1 2 15 EXIT + mount -ro noatime /cfg + for FILE in /etc/ssh/ssh_host_*; do + cmp -s $FILE /cfg/ssh/`basename ${FILE}` + if [ $? -ne 0 ]; then + if [ ${MOUNTED_RW} -eq 0 ]; then + mount -uwo noatime /cfg + mkdir -p /cfg/ssh + MOUNTED_RW=1 + fi + cp $FILE /cfg/ssh/`basename ${FILE}` + fi + done + + umount /cfg + trap 1 2 15 EXIT +} + + +load_rc_config $name +run_rc_command "$1" + Index: /trunk/nanobsd/files/usr/local/etc/rc.d/pen_wrapper =================================================================== --- /trunk/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/rc.d/pen_wrapper (revision 10119) @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD: ports/net/pen/files/pen.sh.in,v 1.1 2006/09/24 14:34:36 clement Exp $ +# + +# PROVIDE: pen_wrapper +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable pen: +# +# pen_wrapper_enable="YES" +# + +. /etc/rc.subr + +pen_wrapper_cmd() { + ${command_interpreter} ${command} & +} + +name=pen_wrapper +rcvar=`set_rcvar` +start_cmd=${name}_cmd + +command_interpreter="/bin/sh" +command=/usr/local/bin/pen_wrapper + +pen_wrapper_enable=${pen_wrapper_enable:-"NO"} +pen_wrapper_flags=${pen_wrapper_flags:-""} + +load_rc_config $name +run_rc_command "$1" Index: /trunk/nanobsd/files/usr/local/etc/thttpd.conf =================================================================== --- /trunk/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/thttpd.conf (revision 10119) @@ -0,0 +1,6 @@ +user=root +dir=/usr/local/www +cgipat=** +nochroot +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid Index: /trunk/nanobsd/files/usr/local/etc/tinyproxy.conf =================================================================== --- /trunk/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) +++ /trunk/nanobsd/files/usr/local/etc/tinyproxy.conf (revision 10119) @@ -0,0 +1,228 @@ +## +## tinyproxy.conf -- tinyproxy daemon configuration file +## + +# +# Name of the user the tinyproxy daemon should switch to after the port +# has been bound. +# +User nobody +Group nogroup + +# +# Port to listen on. +# +Port 3128 + +# +# If you have multiple interfaces this allows you to bind to only one. If +# this is commented out, tinyproxy will bind to all interfaces present. +# +#Listen 192.168.0.1 + +# +# The Bind directive allows you to bind the outgoing connections to a +# particular IP address. +# +#Bind 192.168.0.1 + +# +# Timeout: The number of seconds of inactivity a connection is allowed to +# have before it closed by tinyproxy. +# +Timeout 600 + +# +# ErrorFile: Defines the HTML file to send when a given HTTP error +# occurs. You will probably need to customize the location to your +# particular install. The usual locations to check are: +# /usr/local/share/tinyproxy +# /usr/local/share/tinyproxy +# /etc/tinyproxy +# +# ErrorFile 404 "/usr/local/share/tinyproxy/404.html" +# ErrorFile 400 "/usr/local/share/tinyproxy/400.html" +# ErrorFile 503 "/usr/local/share/tinyproxy/503.html" +# ErrorFile 403 "/usr/local/share/tinyproxy/403.html" +# ErrorFile 408 "/usr/local/share/tinyproxy/408.html" + +# +# DefaultErrorFile: The HTML file that gets sent if there is no +# HTML file defined with an ErrorFile keyword for the HTTP error +# that has occured. +# +DefaultErrorFile "/usr/local/share/tinyproxy/default.html" + +# +# StatFile: The HTML file that gets sent when a request is made +# for the stathost. If this file doesn't exist a basic page is +# hardcoded in tinyproxy. +# +StatFile "/usr/local/share/tinyproxy/stats.html" + +# +# Where to log the information. Either LogFile or Syslog should be set, +# but not both. +# +Logfile "/var/log/tinyproxy.log" +# Syslog On + +# +# Set the logging level. Allowed settings are: +# Critical (least verbose) +# Error +# Warning +# Notice +# Connect (to log connections without Info's noise) +# Info (most verbose) +# The LogLevel logs from the set level and above. For example, if the LogLevel +# was set to Warning, than all log messages from Warning to Critical would be +# output, but Notice and below would be suppressed. +# +LogLevel Info + +# +# PidFile: Write the PID of the main tinyproxy thread to this file so it +# can be used for signalling purposes. +# +PidFile "/var/run/tinyproxy.pid" + +# +# Include the X-Tinyproxy header, which has the client's IP address when +# connecting to the sites listed. +# +#XTinyproxy mydomain.com + +# +# Turns on upstream proxy support. +# +# The upstream rules allow you to selectively route upstream connections +# based on the host/domain of the site being accessed. +# +# For example: +# # connection to test domain goes through testproxy +# upstream testproxy:8008 ".test.domain.invalid" +# upstream testproxy:8008 ".our_testbed.example.com" +# upstream testproxy:8008 "192.168.128.0/255.255.254.0" +# +# # no upstream proxy for internal websites and unqualified hosts +# no upstream ".internal.example.com" +# no upstream "www.example.com" +# no upstream "10.0.0.0/8" +# no upstream "192.168.0.0/255.255.254.0" +# no upstream "." +# +# # connection to these boxes go through their DMZ firewalls +# upstream cust1_firewall:8008 "testbed_for_cust1" +# upstream cust2_firewall:8008 "testbed_for_cust2" +# +# # default upstream is internet firewall +# upstream firewall.internal.example.com:80 +# +# The LAST matching rule wins the route decision. As you can see, you +# can use a host, or a domain: +# name matches host exactly +# .name matches any host in domain "name" +# . matches any host with no domain (in 'empty' domain) +# IP/bits matches network/mask +# IP/mask matches network/mask +# +#Upstream some.remote.proxy:port + +# +# This is the absolute highest number of threads which will be created. In +# other words, only MaxClients number of clients can be connected at the +# same time. +# +MaxClients 100 + +# +# These settings set the upper and lower limit for the number of +# spare servers which should be available. If the number of spare servers +# falls below MinSpareServers then new ones will be created. If the number +# of servers exceeds MaxSpareServers then the extras will be killed off. +# +MinSpareServers 5 +MaxSpareServers 20 + +# +# Number of servers to start initially. +# +StartServers 10 + +# +# MaxRequestsPerChild is the number of connections a thread will handle +# before it is killed. In practise this should be set to 0, which disables +# thread reaping. If you do notice problems with memory leakage, then set +# this to something like 10000 +# +MaxRequestsPerChild 0 + +# +# The following is the authorization controls. If there are any access +# control keywords then the default action is to DENY. Otherwise, the +# default action is ALLOW. +# +# Also the order of the controls are important. The incoming connections +# are tested against the controls based on order. +# +Allow 127.0.0.1 +Allow 172.16.0.0/12 + +# +# The "Via" header is required by the HTTP RFC, but using the real host name +# is a security concern. If the following directive is enabled, the string +# supplied will be used as the host name in the Via header; otherwise, the +# server's host name will be used. +# +#ViaProxyName "tinyproxy" + +# +# The location of the filter file. +# +#Filter "/etc/tinyproxy/filter" + +# +# Filter based on URLs rather than domains. +# +#FilterURLs On + +# +# Use POSIX Extended regular expressions rather than basic. +# +#FilterExtended On + +# +# Use case sensitive regular expressions. +# +#FilterCaseSensitive On + +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow +# everything which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# +# If an Anonymous keyword is present, then anonymous proxying is enabled. +# The headers listed are allowed through, while all others are denied. If +# no Anonymous keyword is present, then all header are allowed through. +# You must include quotes around the headers. +# +#Anonymous "Host" +#Anonymous "Authorization" + +# +# This is a list of ports allowed by tinyproxy when the CONNECT method +# is used. To disable the CONNECT method altogether, set the value to 0. +# If no ConnectPort line is found, all ports are allowed (which is not +# very secure.) +# +# The following two ports are used by SSL. +# +ConnectPort 443 +ConnectPort 563 Index: /trunk/nanobsd/files/usr/local/libexec/nagios/check_inet =================================================================== --- /trunk/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) +++ /trunk/nanobsd/files/usr/local/libexec/nagios/check_inet (revision 10119) @@ -0,0 +1,40 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# HTTP proxy to use +HTTP_PROXY=http://proxy.wleiden.net:3128 + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Make variable global, so fetch can use it +export HTTP_PROXY + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '{ print $4 " " $5 }'` + +# What was the format of speed (Bps) +TYPE=`echo ${SPEEDOUT} | awk '{ print $5 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$TYPE" = "Bps" ]; then + + # Let's celebrate, it was successfull + echo "INET OK: $SPEED" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /trunk/nanobsd/files/usr/local/libexec/nagios/check_inet2 =================================================================== --- /trunk/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) +++ /trunk/nanobsd/files/usr/local/libexec/nagios/check_inet2 (revision 10119) @@ -0,0 +1,31 @@ +#!/bin/sh + +PATH=$PATH:/bin:/usr/bin +export PATH + +# Test page to query +PROXY_TEST=http://proxy-test.wirelessleiden.nl/ + +# Query the webpage +SPEEDOUT=`fetch -o /dev/null ${PROXY_TEST} 2>&1` + +# What is the Exit code of fetch? +SPEEDEXIT=$? + +# The speed by which the webpages was retrieved" +SPEED=`echo ${SPEEDOUT} | awk '/Bps/ { print $13 " " $14 }'` + +# Dit the fetcommand exit happy, and was the format as we expected +if [ ${SPEEDEXIT} -eq 0 -a "$SPEED" ]; then + + # Let's celebrate, it was successfull + printf "INET OK: $SPEED\n" + exit 0 +else + + # Oh no, time to get drunk, retrieval was unsuccessfull + echo "INET CRITICAL: $SPEEDOUT\n" + exit 2 + +fi + Index: /trunk/nanobsd/files/usr/local/libexec/nagios/check_lv =================================================================== --- /trunk/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) +++ /trunk/nanobsd/files/usr/local/libexec/nagios/check_lv (revision 10119) @@ -0,0 +1,107 @@ +#!/usr/local/bin/python + +import os +import re + +# Bsd config file +config="/etc/rc.conf.local" + +def gettrees () : + ip = [] + + # Run through all the files in /tmp + for filename in os.listdir('/tmp'): + + # Match lvrouted tree files and get ip address + # lvrouted.tree-172.16.4.9 + match = re.match(r'lvrouted.tree-(.*)$', filename) + if match: + + # append ip address to list + ip.append(match.group(1)) + + return ip + +# Get all ips in the subnet (based on ip and mask) +def iprange (ip, mask) : + + # Max number of bits in the subnetmask + max=32 + + # Make sure the mask is integer + mask=int(mask) + + # Don't do anything with certain subnet sizes + if mask > 27 and mask < 32 : + + # Make an ip list + iplist = [] + + # Split the ip + oc = ip.split(".") + + # Calculate the total subnet size + max = 2 ** ( max - mask ) + + # Make sure the last oclet of the ip is integer + oc[3] = int(oc[3]) + + # Calculate the lower end of the subnet + min = oc[3] - ( oc[3] % max ) + 1 + + # Calculate the upper end of the subnet + max = min + max - 2 + + # Run through all possible ip's + for oc3 in range(min, max): + + # Add Ip to iplist + iplist.append(str(oc[0]) + "." + str(oc[1]) + "." + str(oc[2]) + "." + str(oc3)) + + # Return the iplist to the caller + return iplist + +# Open the config file and run through it +file = open (config) +treeips = gettrees() +invalid = [] +rcips = [] + +for line in file.readlines(): + + # Get variable's out of the config file and validate it + match = re.match(r'ipv4_addrs_(.*?)="(.*?)/([\d]{1,2})(.*)"$', line) + if match: + + # Get info + iface = match.group(1) + ip = match.group(2) + mask = match.group(3) + + # Call iprange, get all ip's in the subnet + allips = iprange(ip, mask) + + # Don't iterate through empty list + if allips: + + valid=0 + + # Check if one of the ip's in the lvrouted list (one must be present) + for rangeip in allips: + if rangeip in treeips: + valid=1 + + if not valid: + invalid.append(iface) + +if invalid: + retval = "LV ERROR:" + for iface in invalid: + retval = retval + " " + iface + print retval + exit(2) +else: + print "LV OK" + exit(0) + + Index: /trunk/nanobsd/files/usr/local/sbin/dhcpd-snmp =================================================================== --- /trunk/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) +++ /trunk/nanobsd/files/usr/local/sbin/dhcpd-snmp (revision 10119) @@ -0,0 +1,452 @@ +#! /usr/bin/perl +# -------------------------------------------------------------------- +# Copyright (C) 2006 Oliver Hitz +# +# $Id: dhcpd-snmp.in,v 1.2 2006/01/25 19:26:00 oli Exp $ +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, +# MA 02111-1307, USA. +# -------------------------------------------------------------------- +# dhcpd-snmp +# +# An extension for polling the active and available lease counts of a +# running dhcpd. +# +# Please read the man page dhcpd-snmp(8) for instructions. +# -------------------------------------------------------------------- + +use Time::Local; +use strict; + +# The base OID of this extension. Has to match the OID in snmpd.conf: +my $baseoid = ".1.3.6.1.4.1.21695.1.2"; + +# Results are cached for some seconds so that an SNMP walk doesn't +# result in dhcpd.leases being parsed multiple times. +my $cache_secs = 60; + +# -------------------------------------------------------------------- + +my $mib; +my $mibtime; + +# Load configuration file +my $conf = read_configuration($ARGV[0]); + +# Switch on autoflush +$| = 1; + +# Main loop +while (my $cmd = ) { + chomp $cmd; + + if ($cmd eq "PING") { + print "PONG\n"; + } elsif ($cmd eq "get") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $mib = create_dhcp_mib(); + + if ($oid != 0 && defined($mib->{$oid})) { + print "$baseoid.$oid\n"; + print $mib->{$oid}[0]."\n"; + print $mib->{$oid}[1]."\n"; + } else { + print "NONE\n"; + } + } elsif ($cmd eq "getnext") { + my $oid_in = ; + + my $oid = get_oid($oid_in); + my $found = 0; + + my $mib = create_dhcp_mib(); + my @s = sort { oidcmp($a, $b) } keys %{ $mib }; + for (my $i = 0; $i < @s; $i++) { + if (oidcmp($oid, $s[$i]) == -1) { + print "$baseoid.".$s[$i]."\n"; + print $mib->{$s[$i]}[0]."\n"; + print $mib->{$s[$i]}[1]."\n"; + $found = 1; + last; + } + } + if (!$found) { + print "NONE\n"; + } + } else { + # Unknown command + } +} + +exit 0; + +sub get_oid +{ + + my ($oid) = @_; + chomp $oid; + + my $base = $baseoid; + $base =~ s/\./\\./g; + + if ($oid !~ /^$base(\.|$)/) { + # Requested oid doesn't match base oid + return 0; + } + + $oid =~ s/^$base\.?//; + return $oid; +} + +sub oidcmp { + my ($x, $y) = @_; + + my @a = split /\./, $x; + my @b = split /\./, $y; + + my $i = 0; + + while (1) { + + if ($i > $#a) { + if ($i > $#b) { + return 0; + } else { + return -1; + } + } elsif ($i > $#b) { + return 1; + } + + if ($a[$i] < $b[$i]) { + return -1; + } elsif ($a[$i] > $b[$i]) { + return 1; + } + + $i++; + } +} + +sub create_dhcp_mib +{ + # We cache the results for $cache_secs seconds + if (time - $mibtime < $cache_secs) { + return $mib; + } + + # Read in all leases + read_leases(); + + my %dhcp = ( + "1" => [ "integer", 0 ], # Number of pools + ); + + foreach my $i (keys %{ $conf->{"pools"} }) { + $dhcp{"1"}[1]++; + + my $pool = $conf->{"pools"}->{$i}; + + $dhcp{"2.1.".$i} = [ "integer", $i ]; + $dhcp{"2.2.".$i} = [ "string", $pool->{"name"} ]; + $dhcp{"2.3.".$i} = [ "integer", $pool->{"total"} ]; + $dhcp{"2.4.".$i} = [ "integer", $pool->{"active"} ]; + $dhcp{"2.5.".$i} = [ "integer", $pool->{"expired"} ]; + $dhcp{"2.6.".$i} = [ "integer", $pool->{"total"} - $pool->{"active"} ]; + } + + $mib = \%dhcp; + $mibtime = time; + return $mib; +} + +sub ip2int { + my ($ip) = @_; + + if ($ip =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { + return 256*(256*(256*$1+$2)+$3)+$4; + } else { + return -1; + } +} + +sub read_leases +{ + # Clear leases + foreach my $i (keys %{ $conf->{"pools"} }) { + $conf->{"pools"}->{$i}->{"leases"} = (); + $conf->{"pools"}->{$i}->{"active"} = 0; + $conf->{"pools"}->{$i}->{"expired"} = 0; + } + + # Read leases + if (!open(LEASES, $conf->{"leases"})) { + printf STDERR "Unable to open leases file '%s'!\n", $conf->{leases}; + return; + } + + my %l = undef; + + while (my $line = ) { + if ($line =~ /^lease (\d+\.\d+\.\d+\.\d+) \{$/) { + my $ip = ip2int($1); + undef %l; + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + my $found = 0; + + foreach my $r (@{ $pool->{"ranges"} }) { + if (($ip >= $r->{"from"}) && ($ip <= $r->{"to"})) { + %l = ( "pool" => $i, "ip" => $ip ); + $found = 1; + last; + } + } + if ($found) { + last; + } + } + } elsif (defined %l && $line =~ /^\s+ends \d (\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+);$/) { + $l{"ends"} = timegm($6, $5, $4, $3, $2-1, $1); + } elsif (defined %l && $line =~ /^\s+ends never;$/) { + $l{"ends"} = -1; + } elsif (defined %l && $line =~ /^\}$/) { + $conf->{"pools"}->{$l{"pool"}}->{"leases"}->{$l{"ip"}} = $l{"ends"}; + } + } + + close(LEASES); + + # Count active and expired leases + my $now = time(); + + foreach my $i (keys %{ $conf->{"pools"} }) { + my $pool = $conf->{"pools"}->{$i}; + + foreach my $ip (keys %{ $pool->{"leases"} }) { + my $end = $pool->{"leases"}->{$ip}; + if (($end == -1) || ($end >= $now)) { + $pool->{"active"}++; + } else { + $pool->{"expired"}++; + } + } + } +} + +sub read_configuration +{ + my ($f) = @_; + + my %conf = ( "leases" => undef, + "pools" => { } ); + + open C, "$f"; + while (my $l = ) { + $l =~ s/#.*//; + $l =~ s/^\s*//; + $l =~ s/\s*$//; + + if ($l eq "") { + next; + } + + if ($l =~ /^leases:\s*(\S+)$/) { + + $conf{"leases"} = $1; + + # Check if file is readable + if (open(LEASES, $conf{"leases"})) { + close(LEASES); + } else { + printf STDERR "Unable to open leases file '%s'!\n", $conf{"leases"}; + } + + } elsif ($l =~ /^pool:\s*(\d+)\s*,\s*("[^"]*"|[^"][^,]*)\s*,\s*(.*)$/) { + + # Read the pool definition + my %p = ( "index" => $1, + "name" => $2, + "ranges" => [ ], + "total" => 0, + "leases" => { } ); + + my @ranges = split /\s*,\s*/, $3; + + $p{"name"} =~ s/^\"//; + $p{"name"} =~ s/\"$//; + + foreach my $r (@ranges) { + if ($r !~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})-(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) { + printf STDERR "Invalid range definition '%s'.\n", $r; + next; + } + + my ($from, $to) = ($1, $2); + + my $fromip = ip2int($from); + my $toip = ip2int($to); + + if ($toip < $fromip) { + my $t = $toip; + $toip = $fromip; + $fromip = $t; + } + + $p{"total"} += $toip-$fromip+1; + + my %range = ( "from" => $fromip, + "to" => $toip ); + + push @{ $p{"ranges"} }, \%range; + } + + $conf{"pools"}{$p{"index"}} = \%p; + } else { + + printf STDERR "Invalid line '%s'.\n", $l; + + } + } + + return \%conf; +} + +__END__ + +=head1 NAME + +dhcpd-snmp + +=head1 SYNOPSIS + +dhcpd-snmp dhcpd-snmp.conf + +=head1 DESCRIPTION + +B is an extension for the Net-SNMP agent and the ISC DHCP +server. It allows you to monitor and track the address usage of your +dynamic IP address pools through SNMP. + +=head1 CONFIGURATION FILE + +The configuration file defines the location of the F +file as well as the pools of which you want to access the lease +counts. + +The file is in B format and allows only two keys: + +=over 8 + +=item B: C + +Location of the F file. This file needs to be accessible +by the script. + +=item B: C, C, C + +Defines a pool to monitor. C is a unique numeric index, +C a textual description of this pool, and C defines the ranges of IP addresses belonging to this +pool. + +=back + +Since this extension is a persistent script, changes to the +configuration file require a restart of snmpd. + +=head1 INSTALLATION + +After installing the B script and adapting the +configuration file, it is best to test it manually. This can be done +with the following dialog: + + PING + +The script should return "PONG". + + get + .1.3.6.1.4.1.21695.1.2.1 + +The script should return three lines: the OID, "integer", and the +number of configured pools. + + get + .1.3.6.1.4.1.21695.1.2.2.2.1 + +OID, "string", and the name of your first address pool. + + get + .1.3.6.1.4.1.21695.1.2.2.4.1 + +OID, "integer", and the number of active leases. + +Quit the dialog using CTRL-D. + +If everything works, insert the following line into your Net-SNMP's +B configuration file: + + pass_persist .1.3.6.1.4.1.21695.1.2 path/to/dhcpd-snmp path/to/dhcpd-snmp.conf + +Net-SNMP will need to be restarted after this change. + +You should now be able to get the statistics using F, for example: + + $ snmpwalk host community .1.3.6.1.4.1.21695.1.2 + +This should give you a list of the statistics of your DHCP server. + +=head1 MIB + +The script returns the following variables: + + .1.3.6.1.4.1.21695.1.2.1: number of configured pools + .1.3.6.1.4.1.21695.1.2.2.: pool description + .1.3.6.1.4.1.21695.1.2.3.: size of the pool (number of addresses) + .1.3.6.1.4.1.21695.1.2.4.: active leases + .1.3.6.1.4.1.21695.1.2.5.: expired leases + .1.3.6.1.4.1.21695.1.2.6.: available addresses (size - active leases) + +For a complete MIB file see the C directory in the source archive. + +=head1 SECURITY + +It is assumed that users of this script know how to properly secure +their snmpd. Please read the corresponding man pages on more +information about this. + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006 Oliver Hitz + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. + +=cut Index: /trunk/nanobsd/files/usr/local/sbin/lvrouted-test =================================================================== --- /trunk/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) +++ /trunk/nanobsd/files/usr/local/sbin/lvrouted-test (revision 10119) @@ -0,0 +1,24 @@ +#!/bin/sh +# Richard van Mansom, richardvm@wirelessleiden.nl, March 2010 + +# Minimum number of non local routes. +VALID=1 + +# 1. Show routing table +# 2. Only show routes which includes subnets +# 3. Discard anything with a semicolon (MAC addresses and IPv6 addresses) +# 4. Discard anything which include the word 'link' (local routes). +# 5. Use word count (get number of lines) +COUNT=`netstat -rn | grep -E '[0-9]/[0-9]' | grep -v ':' | grep -v 'link' | wc -l'` + +# No have a look if the number of routes has passed the minimium threshold. +if [ ${COUNT} -gt ${VALID} ]; then + + # Display me if I have passed the threshold + echo "ROUTING OK: Got non local routes" +else + + # Display me if I didn't pased the threshold + echo "ROUTING CRITICAL: I don't have any non local routes" +fi + Index: /trunk/nanobsd/files/usr/local/sbin/proxy-test.sh =================================================================== --- /trunk/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) +++ /trunk/nanobsd/files/usr/local/sbin/proxy-test.sh (revision 10119) @@ -0,0 +1,25 @@ +#!/bin/sh + +PROXY=proxy.wleiden.net:3128 +URL=http://proxy-test.wirelessleiden.nl +FILE=/tmp/proxy-test.wirelessleiden.nl + +# Set proxy to escape the network +export HTTP_PROXY=${PROXY} + +# Fetch the website (curl not installed) +fetch -o ${FILE} ${URL} 2> /dev/null +if [ -w ${FILE} ]; then + retval=`cat ${FILE}` + rm ${FILE} +fi + +# Chech if website returns the expected result +if [ "$retval" = "1" ]; then + echo "WWW OK: Got a www website" + exit 0 +else + echo "WWW CRITICAL: Unable to fetch www website" + exit 2 +fi + Index: /trunk/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt =================================================================== --- /trunk/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) +++ /trunk/nanobsd/files/usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt (revision 10119) @@ -0,0 +1,2978 @@ +-- ***************************************************************** +-- IEEE802dot11-MIB : +-- IEEE 802.11 Management Information Base file +-- +-- Nov 2002, Francis Pang +-- +-- Copyright (c) 2002 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +-- ********************************************************************** +-- * IEEE 802.11 Management Information Base +-- ********************************************************************** + +IEEE802dot11-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE,Integer32, Counter32, + Unsigned32 FROM SNMPv2-SMI + + DisplayString , MacAddress, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + + ifIndex FROM RFC1213-MIB; + +-- ********************************************************************** +-- * Tree Definition +-- ********************************************************************** + + member-body OBJECT IDENTIFIER ::= { iso 2 } + us OBJECT IDENTIFIER ::= { member-body 840 } + +-- ********************************************************************** +-- * MODULE IDENTITY +-- ********************************************************************** + +ieee802dot11 MODULE-IDENTITY + LAST-UPDATED "0208300000Z" + ORGANIZATION "IEEE 802.11" + CONTACT-INFO + "WG E-mail: stds-802-11@ieee.org + + Chair: Stuart J. Kerry + Postal: Philips Semiconductors, Inc. + 1109 McKay Drive + M/S 48 SJ + San Jose, CA 95130-1706 USA + Tel: +1 408 474 7356 + Fax: +1 408 474 7247 + E-mail: stuart.kerry@philips.com + + Editor: Bob O'Hara + Postal: Informed Technology, Inc. + 1750 Nantucket Circle, Suite 138 + Santa Clara, CA 95054 USA + Tel: +1 408 986 9596 + Fax: +1 408 727 2654 + E-mail: bob@informed-technology.com" + DESCRIPTION + "The MIB module for IEEE 802.11 entities. + iso(1).member-body(2).us(840).ieee802dot11(10036)" + ::= { us 10036 } + +-- ********************************************************************** +-- * Major sections +-- ********************************************************************** + +-- Station ManagemenT (SMT) Attributes + -- DEFINED AS "The SMT object class provides the necessary support + -- at the station to manage the processes in the station such that + -- the station may work cooperatively as a part of an IEEE 802.11 + -- network." + + dot11smt OBJECT IDENTIFIER ::= { ieee802dot11 1 } + + -- dot11smt GROUPS + -- dot11StationConfigTable ::= { dot11smt 1 } + -- dot11AuthenticationAlgorithmsTable ::= { dot11smt 2 } + -- dot11WEPDefaultKeysTable ::= { dot11smt 3 } + -- dot11WEPKeyMappingsTable ::= { dot11smt 4 } + -- dot11PrivacyTable ::= { dot11smt 5 } + -- dot11SMTnotification ::= { dot11smt 6 } + -- dot11MultiDomainCapabilityTable ::= { dot11smt 7 } + +-- MAC Attributes + -- DEFINED AS "The MAC object class provides the necessary support + -- for the access control, generation, and verification of frame + -- check sequences (FCSs), and proper delivery of valid data to + -- upper layers." + + dot11mac OBJECT IDENTIFIER ::= { ieee802dot11 2 } + + -- MAC GROUPS + -- reference IEEE Std 802.1f-1993 + -- dot11OperationTable ::= { dot11mac 1 } + -- dot11CountersTable ::= { dot11mac 2 } + -- dot11GroupAddressesTable ::= { dot11mac 3 } + +-- Resource Type ID + dot11res OBJECT IDENTIFIER ::= { ieee802dot11 3 } + dot11resAttribute OBJECT IDENTIFIER ::= { dot11res 1 } + +-- PHY Attributes + -- DEFINED AS "The PHY object class provides the necessary support + -- for required PHY operational information that may vary from PHY + -- to PHY and from STA to STA to be communicated to upper layers." + + dot11phy OBJECT IDENTIFIER ::= { ieee802dot11 4 } + + -- PHY GROUPS + -- dot11PhyOperationTable ::= { dot11phy 1 } + -- dot11PhyAntennaTable ::= { dot11phy 2 } + -- dot11PhyTxPowerTable ::= { dot11phy 3 } + -- dot11PhyFHSSTable ::= { dot11phy 4 } + -- dot11PhyDSSSTable ::= { dot11phy 5 } + -- dot11PhyIRTable ::= { dot11phy 6 } + -- dot11RegDomainsSupportedTable ::= { dot11phy 7 } + -- dot11AntennasListTable ::= { dot11phy 8 } + -- dot11SupportedDataRatesTxTable ::= { dot11phy 9 } + -- dot11SupportedDataRatesRxTable ::= { dot11phy 10 } + -- dot11PhyOFDMTable ::= { dot11phy 11 } + -- dot11PhyHRDSSSTable ::= { dot11phy 12 } + -- dot11EHCCHoppingPatternTable ::= { dot11phy 13 } + +-- ********************************************************************** +-- * Textual conventions from 802 definitions +-- ********************************************************************** + + WEPKeytype ::= OCTET STRING (SIZE (5)) + +-- ********************************************************************** +-- * MIB attribute OBJECT-TYPE definitions follow +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT Station Config Table +-- ********************************************************************** + +dot11StationConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Station Configuration attributes. In tablular form to + allow for multiple instances on an agent." + ::= { dot11smt 1 } + +dot11StationConfigEntry OBJECT-TYPE + SYNTAX Dot11StationConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11StationConfigTable. It is + possible for there to be multiple IEEE 802.11 interfaces + on one agent, each with its unique MAC address. The + relationship between an IEEE 802.11 interface and an + interface in the context of the Internet-standard MIB is + one-to-one. As such, the value of an ifIndex object + instance can be directly used to identify corresponding + instances of the objects defined herein. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11StationConfigTable 1 } + +Dot11StationConfigEntry ::= + SEQUENCE { + dot11StationID MacAddress, + dot11MediumOccupancyLimit INTEGER, + dot11CFPollable TruthValue, + dot11CFPPeriod INTEGER, + dot11CFPMaxDuration INTEGER, + dot11AuthenticationResponseTimeOut Unsigned32, + dot11PrivacyOptionImplemented TruthValue, + dot11PowerManagementMode INTEGER, + dot11DesiredSSID OCTET STRING, + dot11DesiredBSSType INTEGER, + dot11OperationalRateSet OCTET STRING, + dot11BeaconPeriod INTEGER, + dot11DTIMPeriod INTEGER, + dot11AssociationResponseTimeOut Unsigned32, + dot11DisassociateReason INTEGER, + dot11DisassociateStation MacAddress, + dot11DeauthenticateReason INTEGER, + dot11DeauthenticateStation MacAddress, + dot11AuthenticateFailStatus INTEGER, + dot11AuthenticateFailStation MacAddress, + dot11MultiDomainCapabilityImplemented TruthValue, + dot11MultiDomainCapabilityEnabled TruthValue, + dot11CountryString OCTET STRING } + +dot11StationID OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The purpose of dot11StationID is to allow a manager to + identify a station for its own purposes. This attribute + provides for that eventuality while keeping the true MAC + address independent. Its syntax is MAC address, and the + default value is the station's assigned, unique + MAC address." + ::= { dot11StationConfigEntry 1 } + +dot11MediumOccupancyLimit OBJECT-TYPE + SYNTAX INTEGER (0..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum amount of time, + in TU, that a point coordinator (PC) may control the usage + of the wireless medium (WM) without relinquishing control + for long enough to allow at least one instance of DCF access + to the medium. The default value of this attribute shall + be 100, and the maximum value shall be 1000." + ::= { dot11StationConfigEntry 2 } + +dot11CFPollable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that + the STA is able to respond to a CF-Poll with a data frame + within a SIFS time. This attribute shall be false if + the STA is not able to respond to a CF-Poll with a data + frame within a SIFS time." + ::= { dot11StationConfigEntry 3 } + +dot11CFPPeriod OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the number of DTIM intervals + between the start of CFPs. It is modified by + MLME-START.request primitive." + ::= { dot11StationConfigEntry 4 } + +dot11CFPMaxDuration OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The attribute shall describe the maximum duration of + the CFP in TU that may be generated by the PCF. It is + modified by MLME-START.request primitive." + ::= { dot11StationConfigEntry 5 } + +dot11AuthenticationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of time units (TUs) + that a responding STA should wait for the next frame in the + authentication sequence." + ::= { dot11StationConfigEntry 6 } + +dot11PrivacyOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the IEEE + 802.11 WEP option is implemented. The default value of + this attribute shall be false." + ::= { dot11StationConfigEntry 7 } + +dot11PowerManagementMode OBJECT-TYPE + SYNTAX INTEGER { active(1), powersave(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the power management + mode of the STA. When set to active, it shall + indicate that the station is not in power-save + (PS) mode. When set to powersave, it shall indicate + that the station is in power-save mode. The power + management mode is transmitted in all frames + according to the rules in 7.1.3.1.7." + ::= { dot11StationConfigEntry 8 } + +dot11DesiredSSID OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute reflects the Service Set ID (SSID) + used in the DesiredSSID parameter of the most recent + MLME_Scan.request. This value may be modified + by an external management entity and used by the + local SME to make decisions about the Scanning + process." + ::= { dot11StationConfigEntry 9 } + +dot11DesiredBSSType OBJECT-TYPE + SYNTAX INTEGER { infrastructure(1), independent(2), any(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the type of BSS the + station shall use when scanning for a BSS with + which to synchronize. This value is used to filter + Probe Response frames and Beacons. When set to + infrastructure, the station shall only synchronize + with a BSS whose Capability Information field has + the ESS subfield set to 1. When set to independent, + the station shall only synchronize with a BSS whose + Capability Information field has the IBSS subfield + set to 1. When set to any, the station may + synchronize to either type of BSS." + ::= { dot11StationConfigEntry 10 } + +dot11OperationalRateSet OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..126)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the set of data + rates at which the station may transmit data. + Each octet contains a value representing a rate. + Each rate shall be within the range from 2 to 127, + corresponding to data rates in increments of + 500 kbit/s from 1 Mbit/s to 63.5 Mbit/s, and shall + be supported (as indicated in the supported rates + table) for receiving data. This value is reported in + transmitted Beacon, Probe Request, Probe Response, + Association Request, Association Response, + Reassociation Request, and Reassociation Response + frames, and is used to determine whether a BSS + with which the station desires to synchronize is + suitable. It is also used when starting a BSS, + as specified in 10.3." + ::= { dot11StationConfigEntry 11 } + +dot11BeaconPeriod OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TUs that + a station shall use for scheduling Beacon + transmissions. This value is transmitted in Beacon + and Probe Response frames." + ::= { dot11StationConfigEntry 12 } + +dot11DTIMPeriod OBJECT-TYPE + SYNTAX INTEGER(1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of beacon + intervals that shall elapse between transmission of + Beacons frames containing a TIM element whose DTIM + Count field is 0. This value is transmitted in + the DTIM Period field of Beacon frames." + ::= { dot11StationConfigEntry 13 } + +dot11AssociationResponseTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the number of TU that a + requesting STA should wait for a response to a + transmitted association-request MMPDU." + ::= { dot11StationConfigEntry 14 } + +dot11DisassociateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Disassociation + frame. If no Disassociation frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 15 } + +dot11DisassociateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Disassociation frame. If no Disassociation + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 16 } + +dot11DeauthenticateReason OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Reason Code in a Deauthentication + frame. If no Deauthentication frame has been + transmitted, the value of this attribute shall + be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.7" + ::= { dot11StationConfigEntry 17 } + +dot11DeauthenticateStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + Deauthentication frame. If no Deauthentication + frame has been transmitted, the value of this + attribute shall be 0." + ::= { dot11StationConfigEntry 18 } + +dot11AuthenticateFailStatus OBJECT-TYPE + SYNTAX INTEGER(0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the most recently + transmitted Status Code in a failed + Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 7.3.1.9" + ::= { dot11StationConfigEntry 19 } + +dot11AuthenticateFailStation OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute holds the MAC address from the + Address 1 field of the most recently transmitted + failed Authentication frame. If no failed + Authentication frame has been transmitted, the + value of this attribute shall be 0." + ::= { dot11StationConfigEntry 20 } + +dot11MultiDomainCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of supporting + multiple regulatory domains. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 21 } + +dot11MultiDomainCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate in multiple + regulatory domains is enabled. The capability is + disabled, otherwise. The default value of this + attribute is FALSE." + ::= { dot11StationConfigEntry 22 } + +dot11CountryString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute identifies the country in which the + station is operating. The first two octets of this + string is the two character country code as described + in document ISO/IEC 3166-1. The third octet shall + be one of the following: + + 1. an ASCII space character, if the regulations under + which the station is operating encompass all + environments in the country, + + 2. an ASCII 'O' character, if the regulations under + which the station is operating are for an Outdoor + environment only, or + + 3. an ASCII 'I' character, if the regulations under + which the station is operating are for an Indoor + environment only." + ::= { dot11StationConfigEntry 23 } + +-- ********************************************************************** +-- * End of dot11StationConfig TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * AuthenticationAlgorithms TABLE +-- ********************************************************************** + +dot11AuthenticationAlgorithmsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes shall be a set of + all the authentication algorithms supported by the + stations. The following are the default values and the + associated algorithm: + Value = 1: Open System + Value = 2: Shared Key" + REFERENCE "IEEE Std 802.11-2002, 7.3.1.1" + ::= { dot11smt 2 } + +dot11AuthenticationAlgorithmsEntry OBJECT-TYPE + SYNTAX Dot11AuthenticationAlgorithmsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Authentication + Algorithms Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AuthenticationAlgorithmsIndex } + ::= { dot11AuthenticationAlgorithmsTable 1 } + +Dot11AuthenticationAlgorithmsEntry ::= + SEQUENCE { dot11AuthenticationAlgorithmsIndex Integer32, + dot11AuthenticationAlgorithm INTEGER, + dot11AuthenticationAlgorithmsEnable TruthValue } + +dot11AuthenticationAlgorithmsIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Authentication Algorithms Table." + ::= { dot11AuthenticationAlgorithmsEntry 1 } + +dot11AuthenticationAlgorithm OBJECT-TYPE + SYNTAX INTEGER { openSystem(1), sharedKey(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute shall be a set of all the authentication + algorithms supported by the STAs. The following are the + default values and the associated algorithm. + Value = 1: Open System + Value = 2: Shared Key" + ::= { dot11AuthenticationAlgorithmsEntry 2 } + +dot11AuthenticationAlgorithmsEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when true at a station, shall enable the acceptance + of the authentication algorithm described in the corresponding table + entry in authentication frames received by the station that have odd + authentication sequence numbers. The default value of this attribute + shall be 1 for the Open System table entry and 2 for all other table + entries." + ::= { dot11AuthenticationAlgorithmsEntry 3 } + +-- ********************************************************************** +-- * End of AuthenticationAlgorithms TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPDefaultKeys TABLE +-- ********************************************************************** + +dot11WEPDefaultKeysTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP default keys. This table shall + contain the four WEP default secret key values + corresponding to the four possible KeyID values. The WEP + default secret keys are logically WRITE-ONLY. Attempts to + read the entries in this table shall return unsuccessful + status and values of null or zero. The default value of + each WEP default key shall be null." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 3 } + +dot11WEPDefaultKeysEntry OBJECT-TYPE + SYNTAX Dot11WEPDefaultKeysEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Default Keys Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPDefaultKeyIndex} + ::= { dot11WEPDefaultKeysTable 1 } + +Dot11WEPDefaultKeysEntry ::= + SEQUENCE { dot11WEPDefaultKeyIndex INTEGER, + dot11WEPDefaultKeyValue WEPKeytype } + +dot11WEPDefaultKeyIndex OBJECT-TYPE + SYNTAX INTEGER (1..4) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Default Keys Table. + The value of this variable is equal to the WEPDefaultKeyID + 1" + ::= { dot11WEPDefaultKeysEntry 1 } + +dot11WEPDefaultKeyValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A WEP default secret key value." + ::= { dot11WEPDefaultKeysEntry 2 } + +-- ********************************************************************** +-- * End of WEPDefaultKeys TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * WEPKeyMappings TABLE +-- ********************************************************************** + +dot11WEPKeyMappingsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Conceptual table for WEP Key Mappings. The MIB supports + the ability to share a separate WEP key for each RA/TA + pair. The Key Mappings Table contains zero or one entry + for each MAC address and contains two fields for each + entry: WEPOn and the corresponding WEP key. The WEP key + mappings are logically WRITE-ONLY. Attempts to read the + entries in this table shall return unsuccessful status and + values of null or zero. The default value for all WEPOn + fields is false." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11smt 4 } + +dot11WEPKeyMappingsEntry OBJECT-TYPE + SYNTAX Dot11WEPKeyMappingsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the WEP Key Mappings Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11WEPKeyMappingIndex } + ::= { dot11WEPKeyMappingsTable 1 } + +Dot11WEPKeyMappingsEntry ::= + SEQUENCE { dot11WEPKeyMappingIndex Integer32, + dot11WEPKeyMappingAddress MacAddress, + dot11WEPKeyMappingWEPOn TruthValue, + dot11WEPKeyMappingValue WEPKeytype, + dot11WEPKeyMappingStatus RowStatus } + +dot11WEPKeyMappingIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the WEP Key Mappings Table." + ::= { dot11WEPKeyMappingsEntry 1 } + +dot11WEPKeyMappingAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The MAC address of the STA for which the values from this + key mapping entry are to be used." + ::= { dot11WEPKeyMappingsEntry 2 } + +dot11WEPKeyMappingWEPOn OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Boolean as to whether WEP is to be used when communicating + with the dot11WEPKeyMappingAddress STA." + ::= { dot11WEPKeyMappingsEntry 3 } + +dot11WEPKeyMappingValue OBJECT-TYPE + SYNTAX WEPKeytype + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A WEP secret key value." + ::= { dot11WEPKeyMappingsEntry 4 } + +dot11WEPKeyMappingStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the WEP key + mapping Table." + DEFVAL { active } + ::= { dot11WEPKeyMappingsEntry 5 } + +-- ********************************************************************** +-- * End of WEPKeyMappings TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PrivacyTable TABLE +-- ********************************************************************** + +dot11PrivacyTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes concerned with IEEE 802.11 + Privacy. Created as a table to allow multiple + instantiations on an agent." + ::= { dot11smt 5 } + +dot11PrivacyEntry OBJECT-TYPE + SYNTAX Dot11PrivacyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PrivacyTable Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PrivacyTable 1 } + +Dot11PrivacyEntry ::= + SEQUENCE { dot11PrivacyInvoked TruthValue, + dot11WEPDefaultKeyID INTEGER, + dot11WEPKeyMappingLength Unsigned32, + dot11ExcludeUnencrypted TruthValue, + dot11WEPICVErrorCount Counter32, + dot11WEPExcludedCount Counter32 } + +dot11PrivacyInvoked OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, it shall indicate that the IEEE + 802.11 WEP mechanism is used for transmitting frames of type + Data. The default value of this attribute shall be false." + ::= { dot11PrivacyEntry 1 } + +dot11WEPDefaultKeyID OBJECT-TYPE + SYNTAX INTEGER (0..3) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the use of the first, + second, third, or fourth element of the WEPDefaultKeys + array when set to values of zero, one, two, or three. The + default value of this attribute shall be 0." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 2 } + +dot11WEPKeyMappingLength OBJECT-TYPE + SYNTAX Unsigned32 (10..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of tuples that dot11WEPKeyMappings can hold." + REFERENCE "IEEE Std 802.11-2002, 8.3.2" + ::= { dot11PrivacyEntry 3 } + +dot11ExcludeUnencrypted OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When this attribute is true, the STA shall not indicate at + the MAC service interface received MSDUs that have the WEP + subfield of the Frame Control field equal to zero. When this + attribute is false, the STA may accept MSDUs that have the WEP + subfield of the Frame Control field equal to zero. The default + value of this attribute shall be false." + ::= { dot11PrivacyEntry 4 } + +dot11WEPICVErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to one and the value + of the ICV as received in the frame does not match the ICV value + that is calculated for the contents of the received frame." + ::= { dot11PrivacyEntry 5 } + +dot11WEPExcludedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with the + WEP subfield of the Frame Control field set to zero and the value + of dot11ExcludeUnencrypted causes that frame to be discarded." + ::= { dot11PrivacyEntry 6 } + +-- ********************************************************************** +-- * End of dot11Privacy TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SMT notification Objects +-- ********************************************************************** + +dot11SMTnotification OBJECT IDENTIFIER ::= { dot11smt 6 } + +dot11Disassociate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DisassociateReason, dot11DisassociateStation } + STATUS current + DESCRIPTION + "The disassociate notification shall be sent when the STA + sends a Disassociation frame. The value of the notification + shall include the MAC address of the MAC to which the Disassociation + frame was sent and the reason for the disassociation. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 1 } + +dot11Deauthenticate NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11DeauthenticateReason, dot11DeauthenticateStation } + STATUS current + DESCRIPTION + "The deauthenticate notification shall be sent when the STA + sends a Deauthentication frame. The value of the notification + shall include the MAC address of the MAC to which the Deauthentication + frame was sent and the reason for the deauthentication. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 2 } + +dot11AuthenticateFail NOTIFICATION-TYPE + OBJECTS { ifIndex, dot11AuthenticateFailStatus, dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The authenticate failure notification shall be sent when the STA + sends an Authentication frame with a status code other than + 'successful'. The value of the notification + shall include the MAC address of the MAC to which the Authentication + frame was sent and the reason for the authentication failure. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + ::= { dot11SMTnotification 0 3 } + + +-- ********************************************************************** +-- * End of SMT notification Objects +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11MultiDomainCapability TABLE +-- ******************************************************************** + +dot11MultiDomainCapabilityTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This (conceptual) table of attributes for + cross-domain mobility." + ::= { dot11smt 7 } + +dot11MultiDomainCapabilityEntry OBJECT-TYPE + SYNTAX Dot11MultiDomainCapabilityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Multiple Domain + Capability Table. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are + indexed by ifIndex." + INDEX { ifIndex, + dot11MultiDomainCapabilityIndex } + ::= { dot11MultiDomainCapabilityTable 1 } + +Dot11MultiDomainCapabilityEntry ::= + SEQUENCE { dot11MultiDomainCapabilityIndex Integer32, + dot11FirstChannelNumber Integer32, + dot11NumberofChannels Integer32, + dot11MaximumTransmitPowerLevel Integer32 } + +dot11MultiDomainCapabilityIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Multi Domain Capability Table." + ::= { dot11MultiDomainCapabilityEntry 1 } + +dot11FirstChannelNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the lowest + channel number in the subband for the associated domain + country string. The default value of this attribute + shall be zero." + ::= { dot11MultiDomainCapabilityEntry 2 } + +dot11NumberofChannels OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the total + number of channels allowed in the subband for the + associated domain country string. The default value of + this attribute shall be zero." + ::= { dot11MultiDomainCapabilityEntry 3 } + +dot11MaximumTransmitPowerLevel OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum transmit power, + in dBm, allowed in the subband for the associated domain + country string. The default value of this attribute shall + be zero." + ::= { dot11MultiDomainCapabilityEntry 4 } + +-- ******************************************************************** +-- * End of dot11MultiDomainCapability TABLE +-- ******************************************************************** + + +-- ********************************************************************** +-- * MAC Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11OperationTable TABLE +-- ********************************************************************** + +dot11OperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group contains MAC attributes pertaining to the operation + of the MAC. This has been implemented as a table in order + to allow for multiple instantiations on an agent." + ::= { dot11mac 1 } + +dot11OperationEntry OBJECT-TYPE + SYNTAX Dot11OperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11OperationEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11OperationTable 1 } + +Dot11OperationEntry ::= + SEQUENCE { dot11MACAddress MacAddress, + dot11RTSThreshold INTEGER, + dot11ShortRetryLimit INTEGER, + dot11LongRetryLimit INTEGER, + dot11FragmentationThreshold INTEGER, + dot11MaxTransmitMSDULifetime Unsigned32, + dot11MaxReceiveLifetime Unsigned32, + dot11ManufacturerID DisplayString, + dot11ProductID DisplayString } + +dot11MACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Unique MAC Address assigned to the STA." + ::= { dot11OperationEntry 1 } + +dot11RTSThreshold OBJECT-TYPE + SYNTAX INTEGER (0..2347) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the number of octets in an MPDU, + below which an RTS/CTS handshake shall not be performed. An + RTS/CTS handshake shall be performed at the beginning of any + frame exchange sequence where the MPDU is of type Data or + Management, the MPDU has an individual address in the Address1 + field, and the length of the MPDU is greater than + this threshold. (For additional details, refer to Table 21 in + 9.7.) Setting this attribute to be larger than the maximum + MSDU size shall have the effect of turning off the RTS/CTS + handshake for frames of Data or Management type transmitted by + this STA. Setting this attribute to zero shall have the effect + of turning on the RTS/CTS handshake for all frames of Data or + Management type transmitted by this STA. The default value of + this attribute shall be 2347." + ::= { dot11OperationEntry 2 } + +dot11ShortRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is less + than or equal to dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 7." + ::= { dot11OperationEntry 3 } + +dot11LongRetryLimit OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the maximum number of + transmission attempts of a frame, the length of which is + greater than dot11RTSThreshold, that shall be made before a + failure condition is indicated. The default value of this + attribute shall be 4." + ::= { dot11OperationEntry 4 } + +dot11FragmentationThreshold OBJECT-TYPE + SYNTAX INTEGER (256..2346) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall specify the current maximum size, in + octets, of the MPDU that may be delivered to the PHY. An MSDU + shall be broken into fragments if its size exceeds the value + of this attribute after adding MAC headers and trailers. An MSDU + or MMPDU shall be fragmented when the resulting frame has an + individual address in the Address1 field, and the length of the + frame is larger than this threshold. The default value for this + attribute shall be the lesser of 2346 or the aMPDUMaxLength of + the attached PHY and shall never exceed the lesser of 2346 or + the aMPDUMaxLength of the attached PHY. The value of this + attribute shall never be less than 256. " + ::= { dot11OperationEntry 5 } + +dot11MaxTransmitMSDULifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxTransmitMSDULifetime shall be the elapsed time in TU, + after the initial transmission of an MSDU, after which further + attempts to transmit the MSDU shall be terminated. The default + value of this attribute shall be 512." + ::= { dot11OperationEntry 6 } + +dot11MaxReceiveLifetime OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The MaxReceiveLifetime shall be the elapsed time in TU, + after the initial reception of a fragmented MMPDU or MSDU, + after which further attempts to reassemble the MMPDU or + MSDU shall be terminated. The default value shall be + 512." + ::= { dot11OperationEntry 7 } + +dot11ManufacturerID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ManufacturerID shall include, at a minimum, the name + of the manufacturer. It may include additional + information at the manufacturer's discretion. The default + value of this attribute shall be null." + ::= { dot11OperationEntry 8 } + +dot11ProductID OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ProductID shall include, at a minimum, an identifier + that is unique to the manufacturer. It may include + additional information at the manufacturer's discretion. + The default value of this attribute shall be null." + ::= { dot11OperationEntry 9 } + +-- ********************************************************************** +-- * End of dot11OperationEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11Counters TABLE +-- ********************************************************************** + +dot11CountersTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group containing attributes that are MAC counters. + Implemented as a table to allow for multiple + instantiations on an agent." + ::= { dot11mac 2 } + +dot11CountersEntry OBJECT-TYPE + SYNTAX Dot11CountersEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11CountersEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11CountersTable 1 } + +Dot11CountersEntry ::= + SEQUENCE { dot11TransmittedFragmentCount Counter32, + dot11MulticastTransmittedFrameCount Counter32, + dot11FailedCount Counter32, + dot11RetryCount Counter32, + dot11MultipleRetryCount Counter32, + dot11FrameDuplicateCount Counter32, + dot11RTSSuccessCount Counter32, + dot11RTSFailureCount Counter32, + dot11ACKFailureCount Counter32, + dot11ReceivedFragmentCount Counter32, + dot11MulticastReceivedFrameCount Counter32, + dot11FCSErrorCount Counter32, + dot11TransmittedFrameCount Counter32, + dot11WEPUndecryptableCount Counter32 } + +dot11TransmittedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for an acknowledged MPDU + with an individual address in the address 1 field or an MPDU + with a multicast address in the address 1 field of type Data + or Management." + ::= { dot11CountersEntry 1 } + +dot11MulticastTransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment only when the multicast bit + is set in the destination MAC address of a successfully + transmitted MSDU. When operating as a STA in an ESS, where + these frames are directed to the AP, this implies having + received an acknowledgment to all associated MPDUs." + ::= { dot11CountersEntry 2 } + +dot11FailedCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is not transmitted + successfully due to the number of transmit attempts exceeding + either the dot11ShortRetryLimit or dot11LongRetryLimit." + ::= { dot11CountersEntry 3 } + +dot11RetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after one or more retransmissions." + ::= { dot11CountersEntry 4 } + +dot11MultipleRetryCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an MSDU is successfully + transmitted after more than one retransmission." + ::= { dot11CountersEntry 5 } + +dot11FrameDuplicateCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received + that the Sequence Control field indicates is a + duplicate." + ::= { dot11CountersEntry 6 } + +dot11RTSSuccessCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is received in + response to an RTS." + ::= { dot11CountersEntry 7 } + +dot11RTSFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a CTS is not received in + response to an RTS." + ::= { dot11CountersEntry 8 } + +dot11ACKFailureCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an ACK is not received + when expected." + ::= { dot11CountersEntry 9 } + +dot11ReceivedFragmentCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall be incremented for each successfully + received MPDU of type Data or Management." + ::= { dot11CountersEntry 10 } + +dot11MulticastReceivedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a MSDU is received + with the multicast bit set in the destination + MAC address." + ::= { dot11CountersEntry 11 } + +dot11FCSErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when an FCS error is + detected in a received MPDU." + ::= { dot11CountersEntry 12 } + +dot11TransmittedFrameCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment for each successfully transmitted MSDU." + ::= { dot11CountersEntry 13 } + +dot11WEPUndecryptableCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This counter shall increment when a frame is received with + the WEP subfield of the Frame Control field set to one and the + WEPOn value for the key mapped to the TA's MAC address + indicates that the frame should not have been encrypted or + that frame is discarded due to the receiving STA not + implementing the privacy option." + ::= { dot11CountersEntry 14 } + +-- ********************************************************************** +-- * End of dot11CountersEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * GroupAddresses TABLE +-- ********************************************************************** + +dot11GroupAddressesTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual table containing a set of MAC addresses + identifying the multicast addresses for which this STA + will receive frames. The default value of this attribute + shall be null." + ::= { dot11mac 3 } + +dot11GroupAddressesEntry OBJECT-TYPE + SYNTAX Dot11GroupAddressesEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the Group Addresses Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11GroupAddressesIndex} + ::= { dot11GroupAddressesTable 1 } + +Dot11GroupAddressesEntry ::= + SEQUENCE { dot11GroupAddressesIndex Integer32, + dot11Address MacAddress, + dot11GroupAddressesStatus RowStatus } + +dot11GroupAddressesIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the Group Addresses Table." + ::= { dot11GroupAddressesEntry 1 } + +dot11Address OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "MAC address identifying a multicast addresses + from which this STA will receive frames." + ::= { dot11GroupAddressesEntry 2 } + +dot11GroupAddressesStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status column used for creating, modifying, and + deleting instances of the columnar objects in the Group + Addresses Table." + DEFVAL { active } + ::= { dot11GroupAddressesEntry 3 } + +-- ********************************************************************** +-- * End of GroupAddress TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * Resource Type Attribute Templates +-- ********************************************************************** + +dot11ResourceTypeIDName OBJECT-TYPE + SYNTAX DisplayString (SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the name of the Resource Type ID managed object. + The attribute is read-only and always contains the value + RTID. This attribute value shall not be used as a naming + attribute for any other managed object class." + REFERENCE "IEEE Std 802.1F-1993, A.7" + DEFVAL { "RTID" } + ::= { dot11resAttribute 1 } + +-- ********************************************************************** +-- * dot11ResourceInfo TABLE +-- ********************************************************************** + +dot11ResourceInfoTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provides a means of indicating, in data readable from a + managed object, information that identifies the source of + the implementation." + REFERENCE "IEEE Std 802.1F-1993, A.7" + ::= { dot11resAttribute 2 } + +dot11ResourceInfoEntry OBJECT-TYPE + SYNTAX Dot11ResourceInfoEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11ResourceInfo Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11ResourceInfoTable 1 } + +Dot11ResourceInfoEntry ::= + SEQUENCE { dot11manufacturerOUI OCTET STRING, + dot11manufacturerName DisplayString, + dot11manufacturerProductName DisplayString, + dot11manufacturerProductVersion DisplayString } + +dot11manufacturerOUI OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(3)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Takes the value of an organizationally unique identifier." + ::= { dot11ResourceInfoEntry 1 } + +dot11manufacturerName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer of the + resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 2 } + +dot11manufacturerProductName OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A printable string used to identify the manufacturer's product + name of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 3 } + +dot11manufacturerProductVersion OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Printable string used to identify the manufacturer's product + version of the resource. Maximum string length is 128 octets." + ::= { dot11ResourceInfoEntry 4 } + +-- ********************************************************************** +-- * End of dot11ResourceInfo TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * PHY Attribute Templates +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyOperation TABLE +-- ********************************************************************** + +dot11PhyOperationTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "PHY level attributes concerned with + operation. Implemented as a table indexed on + + ifIndex to allow for multiple instantiations on an + Agent." + ::= { dot11phy 1 } + +dot11PhyOperationEntry OBJECT-TYPE + SYNTAX Dot11PhyOperationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOperation Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOperationTable 1 } + +Dot11PhyOperationEntry ::= + SEQUENCE { dot11PHYType INTEGER, + dot11CurrentRegDomain Integer32, + dot11TempType INTEGER } + +dot11PHYType OBJECT-TYPE + SYNTAX INTEGER { fhss(1), dsss(2), irbaseband(3), ofdm(4), + hrdsss(5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an 8-bit integer value that identifies the PHY type + supported by the attached PLCP and PMD. Currently defined + values and their corresponding PHY types are: + + FHSS 2.4 GHz = 01 , DSSS 2.4 GHz = 02, IR Baseband = 03, + OFDM 5GHz = 04, HRDSSS = 05" + ::= { dot11PhyOperationEntry 1 } + +dot11CurrentRegDomain OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current regulatory domain this instance of the PMD is + supporting. This object corresponds to one of the + RegDomains listed in dot11RegDomainsSupported." + ::= { dot11PhyOperationEntry 2 } + +dot11TempType OBJECT-TYPE + SYNTAX INTEGER { tempType1(1), tempType2(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operating temperature requirements + dependent on the anticipated environmental conditions. This + attribute describes the current PHY's operating temperature + range capability. Currently defined values and their + corresponding temperature ranges are: + + Type 1 = X'01'-Commercial range of 0 to 40 degrees C, + + Type 2 = X'02'-Industrial range of -30 to 70 degrees C." + ::= { dot11PhyOperationEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOperation TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyAntenna TABLE +-- ********************************************************************** + +dot11PhyAntennaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for PhyAntenna. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an agent." + ::= { dot11phy 2} + +dot11PhyAntennaEntry OBJECT-TYPE + SYNTAX Dot11PhyAntennaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyAntenna Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyAntennaTable 1 } + +Dot11PhyAntennaEntry ::= + SEQUENCE { dot11CurrentTxAntenna Integer32, + dot11DiversitySupport INTEGER, + dot11CurrentRxAntenna Integer32 } + +dot11CurrentTxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to transmit. This value + is one of the values appearing in dot11SupportedTxAntenna. This + may be used by a management agent to control which antenna is + used for transmission. " + ::= { dot11PhyAntennaEntry 1 } + +dot11DiversitySupport OBJECT-TYPE + SYNTAX INTEGER { fixedlist(1), notsupported(2), dynamic(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This implementation's support for diversity, encoded as: + + X'01'-diversity is available and is performed over the fixed + list of antennas defined in dot11DiversitySelectionRx. + + X'02'-diversity is not supported. + + X'03'-diversity is supported and control of diversity is also + available, in which case the attribute + dot11DiversitySelectionRx can be dynamically modified by the + LME." + ::= { dot11PhyAntennaEntry 2 } + +dot11CurrentRxAntenna OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current antenna being used to receive, if the dot11 + DiversitySupport indicates that diversity is not supported. + The selected antenna shall be one of the antennae marked + for receive in the dot11AntennasListTable." + ::= { dot11PhyAntennaEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyAntenna TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyTxPower TABLE +-- ********************************************************************** + +dot11PhyTxPowerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyTxPowerTable. Implemented + as a table indexed on STA ID to allow for multiple + instances on an Agent." + ::= { dot11phy 3} + +dot11PhyTxPowerEntry OBJECT-TYPE + SYNTAX Dot11PhyTxPowerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyTxPower Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyTxPowerTable 1 } + +Dot11PhyTxPowerEntry ::= + SEQUENCE { dot11NumberSupportedPowerLevels INTEGER, + dot11TxPowerLevel1 INTEGER, + dot11TxPowerLevel2 INTEGER, + dot11TxPowerLevel3 INTEGER, + dot11TxPowerLevel4 INTEGER, + dot11TxPowerLevel5 INTEGER, + dot11TxPowerLevel6 INTEGER, + dot11TxPowerLevel7 INTEGER, + dot11TxPowerLevel8 INTEGER, + dot11CurrentTxPowerLevel INTEGER } + +dot11NumberSupportedPowerLevels OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of power levels supported by the PMD. + This attribute can have a value of 1 to 8." + ::= { dot11PhyTxPowerEntry 1 } + +dot11TxPowerLevel1 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL1 in mW. + This is also the default power level." + ::= { dot11PhyTxPowerEntry 2 } + +dot11TxPowerLevel2 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL2 in mW." + ::= { dot11PhyTxPowerEntry 3 } + +dot11TxPowerLevel3 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL3 in mW." + ::= { dot11PhyTxPowerEntry 4 } + +dot11TxPowerLevel4 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL4 in mW." + ::= { dot11PhyTxPowerEntry 5 } + +dot11TxPowerLevel5 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL5 in mW." + ::= { dot11PhyTxPowerEntry 6 } + +dot11TxPowerLevel6 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL6 in mW." + ::= { dot11PhyTxPowerEntry 7 } + +dot11TxPowerLevel7 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL7 in mW." + ::= { dot11PhyTxPowerEntry 8 } + +dot11TxPowerLevel8 OBJECT-TYPE + SYNTAX INTEGER (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transmit output power for LEVEL8 in mW." + ::= { dot11PhyTxPowerEntry 9 } + +dot11CurrentTxPowerLevel OBJECT-TYPE + SYNTAX INTEGER (1..8) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The TxPowerLevel N currently being used to transmit data. + Some PHYs also use this value to determine the receiver + sensitivity requirements for CCA." + ::= { dot11PhyTxPowerEntry 10 } + +-- ********************************************************************** +-- * End of dot11PhyTxPower TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyFHSS TABLE +-- ********************************************************************** + +dot11PhyFHSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyFHSSTable. Implemented as a + table indexed on STA ID to allow for multiple instances on + an Agent." + ::= { dot11phy 4 } + +dot11PhyFHSSEntry OBJECT-TYPE + SYNTAX Dot11PhyFHSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyFHSS Table. + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyFHSSTable 1 } + +Dot11PhyFHSSEntry ::= + SEQUENCE { dot11HopTime INTEGER, + dot11CurrentChannelNumber INTEGER, + dot11MaxDwellTime INTEGER, + dot11CurrentDwellTime INTEGER, + dot11CurrentSet INTEGER, + dot11CurrentPattern INTEGER, + dot11CurrentIndex INTEGER, + dot11EHCCPrimeRadix Integer32, + dot11EHCCNumberofChannelsFamilyIndex Integer32, + dot11EHCCCapabilityImplemented TruthValue, + dot11EHCCCapabilityEnabled TruthValue, + dot11HopAlgorithmAdopted INTEGER, + dot11RandomTableFlag TruthValue, + dot11NumberofHoppingSets Integer32, + dot11HopModulus Integer32, + dot11HopOffset Integer32 } + +dot11HopTime OBJECT-TYPE + SYNTAX INTEGER (224) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time in microseconds for the PMD to change from + channel 2 to channel 80." + ::= { dot11PhyFHSSEntry 1 } + +dot11CurrentChannelNumber OBJECT-TYPE + SYNTAX INTEGER (0..200) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current channel number of the frequency output by the RF + synthesizer." + ::= { dot11PhyFHSSEntry 2 } + +dot11MaxDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum time in TU that the transmitter + is permitted to operate on a single channel." + ::= { dot11PhyFHSSEntry 3 } + +dot11CurrentDwellTime OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current time in TU that the transmitter shall operate + on a single channel, as set by the MAC. Default is 19 TU." + ::= { dot11PhyFHSSEntry 4 } + +dot11CurrentSet OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current set of patterns the PLME + is using to determine the hopping sequence. " + ::= { dot11PhyFHSSEntry 5 } + +dot11CurrentPattern OBJECT-TYPE + SYNTAX INTEGER (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current pattern the PLME is + using to determine the hop sequence." + ::= { dot11PhyFHSSEntry 6 } + +dot11CurrentIndex OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current index value the PLME is using to determine + the CurrentChannelNumber." + ::= { dot11PhyFHSSEntry 7 } + +dot11EHCCPrimeRadix OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the prime radix (N) in the HCC and + EHCC algorithms." + ::= { dot11PhyFHSSEntry 8 } + +dot11EHCCNumberofChannelsFamilyIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute indicates the value to be + used as the maximum for the family index (a) + in the HCC and EHCC algorithms. The value of + this field shall not be less than the prime + radix minus 3 (N - 3). The valid range of + allowed values is (N - 1), (N - 2), and (N - 3)." + ::= { dot11PhyFHSSEntry 9 } + +dot11EHCCCapabilityImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + station implementation is capable of generating + the HCC or EHCC algorithms for determining Hopping + patterns. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 10 } + +dot11EHCCCapabilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, when TRUE, indicates that the + capability of the station to operate using the HCC + or EHCC algorithms for determining Hopping Patterns + is enabled. The capability is disabled, otherwise. + The default value of this attribute is FALSE." + ::= { dot11PhyFHSSEntry 11 } + +dot11HopAlgorithmAdopted OBJECT-TYPE + SYNTAX INTEGER { crnt(1), hopindex(2), hcc(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates which of the algorithms + will be used to generate the Hopping Patterns. + Valid values are: + + 1 - hopping patterns as defined in clause 14 + 2 - hop index method (with or without table) + 3 - HCC/EHCC method" + ::= { dot11PhyFHSSEntry 12 } + +dot11RandomTableFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute, indicates that a Random Table is + present when the value is True. When the value is + False it indicates that a Random Table is not + present and that the hop index method is to be + used to determine the hopping sequence. The default + value of this attribute is True." + ::= { dot11PhyFHSSEntry 13 } + +dot11NumberofHoppingSets OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Number of Sets field indicates the total + number of sets within the hopping patterns." + ::= { dot11PhyFHSSEntry 14 } + +dot11HopModulus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of allowed channels for the hopping + set. This is defined by the governing regulatory + agency for the country code of the country + in which this device is operating." + ::= { dot11PhyFHSSEntry 15 } + +dot11HopOffset OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The next position in the hopping set." + ::= { dot11PhyFHSSEntry 16 } + +-- ********************************************************************** +-- * End of dot11PhyFHSS TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyDSSSEntry. Implemented as a + table indexed on ifIndex allow for multiple instances on + an Agent." + ::= { dot11phy 5 } + +dot11PhyDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyDSSSTable 1 } + +Dot11PhyDSSSEntry ::= + SEQUENCE { dot11CurrentChannel INTEGER, + dot11CCAModeSupported INTEGER, + dot11CurrentCCAMode INTEGER, + dot11EDThreshold Integer32 } + +dot11CurrentChannel OBJECT-TYPE + SYNTAX INTEGER (1..14) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current operating frequency channel of the DSSS + PHY. Valid channel numbers are as defined in 15.4.6.2" + ::= { dot11PhyDSSSEntry 1 } + +dot11CCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11CCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04 + or the logical sum of any of these values. This + attribute shall not be used to indicate the CCA modes + supported by a higher rate extension PHY. Rather, the + dot11HRCCAModeSupported attribute shall be used to + indicate the CCA modes of the higher rate extension PHY." + ::= { dot11PhyDSSSEntry 2 } + +dot11CurrentCCAMode OBJECT-TYPE + SYNTAX INTEGER { edonly(1), csonly(2), edandcs(4), cswithtimer(8), + hrcsanded(16) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current CCA method in operation. Valid values are: + energy detect only (edonly) = 01, + carrier sense only (csonly) = 02, + carrier sense and energy detect (edandcs)= 04 + carrier sense with timer (cswithtimer)= 08 + high rate carrier sense and energy detect (hrcsanded)=16." + ::= { dot11PhyDSSSEntry 3 } + +dot11EDThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current Energy Detect Threshold being used by the DSSS PHY." + ::= { dot11PhyDSSSEntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyDSSSEntry TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyIR TABLE +-- ********************************************************************** + +dot11PhyIRTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyIRTable. Implemented as a + table indexed on ifIndex to allow for multiple instances on + an Agent." + ::= { dot11phy 6 } + +dot11PhyIREntry OBJECT-TYPE + SYNTAX Dot11PhyIREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyIR Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyIRTable 1 } + +Dot11PhyIREntry ::= + SEQUENCE { dot11CCAWatchdogTimerMax Integer32, + dot11CCAWatchdogCountMax Integer32, + dot11CCAWatchdogTimerMin Integer32, + dot11CCAWatchdogCountMin Integer32 } + +dot11CCAWatchdogTimerMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogCountMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 1 } + +dot11CCAWatchdogCountMax OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This parameter, together with CCAWatchdogTimerMax, + determines when energy detected in the channel can be + ignored." + ::= { dot11PhyIREntry 2 } + +dot11CCAWatchdogTimerMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogTimerMax can be + set." + ::= { dot11PhyIREntry 3 } + +dot11CCAWatchdogCountMin OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum value to which CCAWatchdogCount can be set." + ::= { dot11PhyIREntry 4 } + +-- ********************************************************************** +-- * End of dot11PhyIR TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11RegDomainsSupported TABLE +-- ********************************************************************** + +dot11RegDomainsSupportedTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40', Others = X'00' " + ::= { dot11phy 7} + +dot11RegDomainsSupportedEntry OBJECT-TYPE + SYNTAX Dot11RegDomainsSupportedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11RegDomainsSupportedTable. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11RegDomainsSupportedIndex } + ::= { dot11RegDomainsSupportedTable 1 } + +Dot11RegDomainsSupportedEntry ::= + SEQUENCE { dot11RegDomainsSupportedIndex Integer32, + dot11RegDomainsSupportedValue INTEGER } + +dot11RegDomainsSupportedIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances + of the columnar objects in the RegDomainsSupport Table." + ::= { dot11RegDomainsSupportedEntry 1 } + +dot11RegDomainsSupportedValue OBJECT-TYPE + SYNTAX INTEGER { fcc(16), doc(32), etsi(48), spain (49), france(50), + mkk (64) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "There are different operational requirements dependent on + the regulatory domain. This attribute list describes the + regulatory domains the PLCP and PMD support in this + implementation. Currently defined values and their + corresponding Regulatory Domains are: + + FCC (USA) = X'10', DOC (Canada) = X'20', ETSI (most of + Europe) = X'30', Spain = X'31', France = X'32', MKK + (Japan) = X'40' " + ::= { dot11RegDomainsSupportedEntry 2 } + +-- ********************************************************************** +-- * End of dot11RegDomainsSupported TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11AntennasList TABLE +-- ********************************************************************** + +dot11AntennasListTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table represents the list of antennae. An antenna can be + marked to be capable of transmitting, receiving, and/or for + participation in receive diversity. Each entry in this table + represents a single antenna with its properties. The maximum + number of antennae that can be contained in this table is 255." + ::= { dot11phy 8 } + +dot11AntennasListEntry OBJECT-TYPE + SYNTAX Dot11AntennasListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11AntennasListTable, representing the properties + of a single antenna. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11AntennaListIndex } + ::= { dot11AntennasListTable 1 } + +Dot11AntennasListEntry ::= + SEQUENCE { dot11AntennaListIndex Integer32, + dot11SupportedTxAntenna TruthValue, + dot11SupportedRxAntenna TruthValue, + dot11DiversitySelectionRx TruthValue } + +dot11AntennaListIndex OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index of an antenna which is used to identify the columnar + objects in the dot11AntennasList Table." + ::= { dot11AntennasListEntry 1 } + +dot11SupportedTxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used as a transmit antenna." + ::= { dot11AntennasListEntry 2 } + +dot11SupportedRxAntenna OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by the + dot11AntennaIndex xan be used as a receive antenna." + ::= { dot11AntennasListEntry 3 } + +dot11DiversitySelectionRx OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When true, this object indicates that the antenna represented by + dot11AntennaIndex can be used for receive diversity. This object + may only be true if the antenna can be used as a receive antenna, + as indicated by dot11SupportedRxAntenna." + ::= { dot11AntennasListEntry 4 } + +-- ********************************************************************** +-- * End of dot11AntennasList TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesTx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesTxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11phy 9 } + +dot11SupportedDataRatesTxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesTxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesTx + Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesTxIndex } + ::= { dot11SupportedDataRatesTxTable 1 } + +Dot11SupportedDataRatesTxEntry ::= + SEQUENCE { dot11SupportedDataRatesTxIndex Integer32, + dot11SupportedDataRatesTxValue Integer32 } + +dot11SupportedDataRatesTxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesTxEntry 1 } + +dot11SupportedDataRatesTxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transmit bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s subject + to limitations of each individual PHY." + ::= { dot11SupportedDataRatesTxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesTx TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * SupportedDataRatesRx TABLE +-- ********************************************************************** + +dot11SupportedDataRatesRxTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'002-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11phy 10 } + +dot11SupportedDataRatesRxEntry OBJECT-TYPE + SYNTAX Dot11SupportedDataRatesRxEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Entry (conceptual row) in the dot11SupportedDataRatesRx Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex, + dot11SupportedDataRatesRxIndex } + ::= { dot11SupportedDataRatesRxTable 1 } + +Dot11SupportedDataRatesRxEntry ::= + SEQUENCE { dot11SupportedDataRatesRxIndex Integer32, + dot11SupportedDataRatesRxValue Integer32 } + +dot11SupportedDataRatesRxIndex OBJECT-TYPE + SYNTAX Integer32 (1..8) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index object which identifies which data rate to access. + Range is 1..8." + ::= { dot11SupportedDataRatesRxEntry 1 } + +dot11SupportedDataRatesRxValue OBJECT-TYPE + SYNTAX Integer32 (2..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The receive bit rates supported by the PLCP and PMD, + represented by a count from X'02-X'7f, corresponding to data + rates in increments of 500kbit/s from 1 Mbit/s to 63.5 Mbit/s." + ::= { dot11SupportedDataRatesRxEntry 2 } + +-- ********************************************************************** +-- * End of dot11SupportedDataRatesRx TABLE +-- ********************************************************************** + +--********************************************************************** +-- * dot11PhyOFDM TABLE +--********************************************************************** + +dot11PhyOFDMTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group of attributes for dot11PhyOFDMTable. Implemented as a + table indexed on ifindex to allow for multiple instances on + an Agent." + ::= { dot11phy 11 } + +dot11PhyOFDMEntry OBJECT-TYPE + SYNTAX Dot11PhyOFDMEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyOFDM Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyOFDMTable 1 } + +Dot11PhyOFDMEntry ::= + SEQUENCE { dot11CurrentFrequency INTEGER, + dot11TIThreshold Integer32, + dot11FrequencyBandsSupported INTEGER } + +dot11CurrentFrequency OBJECT-TYPE + SYNTAX INTEGER (0..99) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of the current operating frequency channel of the OFDM PHY." + ::= { dot11PhyOFDMEntry 1 } + +dot11TIThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Threshold being used to detect a busy medium (frequency). + CCA shall report a busy medium upon detecting the RSSI above + this threshold." + ::= { dot11PhyOFDMEntry 2 } + +dot11FrequencyBandsSupported OBJECT-TYPE + SYNTAX INTEGER (1..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The capability of the OFDM PHY implementation to operate in + the three U-NII bands. Coded as an integer value of a three + bit field as follows: + bit 0 .. capable of operating in the lower (5.15-5.25 GHz) + U-NII band + bit 1 .. capable of operating in the middle (5.25-5.35 GHz) + U-NII band + bit 2 .. capable of operating in the upper (5.725-5.825 GHz) + U-NII band + For example, for an implementation capable of operating in the + lower and mid bands this attribute would take the value 3." + ::= { dot11PhyOFDMEntry 3 } + +-- ********************************************************************** +-- * End of dot11PhyOFDM TABLE +-- ********************************************************************** + +-- ********************************************************************** +-- * dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +dot11PhyHRDSSSTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry of attributes for dot11PhyHRDSSSEntry. + Implemented as a table indexed on ifIndex to allow for + multiple instances on an Agent." + ::= { dot11phy 12 } + +dot11PhyHRDSSSEntry OBJECT-TYPE + SYNTAX Dot11PhyHRDSSSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the dot11PhyHRDSSSEntry Table. + + ifIndex - Each IEEE 802.11 interface is represented by an + ifEntry. Interface tables in this MIB module are indexed + by ifIndex." + INDEX { ifIndex } + ::= { dot11PhyHRDSSSTable 1 } + +Dot11PhyHRDSSSEntry ::= + SEQUENCE { dot11ShortPreambleOptionImplemented TruthValue, + dot11PBCCOptionImplemented TruthValue, + dot11ChannelAgilityPresent TruthValue, + dot11ChannelAgilityEnabled TruthValue, + dot11HRCCAModeSupported INTEGER } + +dot11ShortPreambleOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the + short preamble option as defined in subclause 18.2.2.2 + is implemented. The default value of this attribute + shall be false." + ::= {dot11PhyHRDSSSEntry 1 } + +dot11PBCCOptionImplemented OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute, when true, shall indicate that the PBCC + modulation option as defined in subclause 18.4.6.6 is + implemented. The default value of this attribute shall + be false." + ::= {dot11PhyHRDSSSEntry 2 } + +dot11ChannelAgilityPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY is capable of + channel agility." + ::= { dot11PhyHRDSSSEntry 3 } + +dot11ChannelAgilityEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This attribute indicates that the PHY channel agility + functionality is enabled." + ::= { dot11PhyHRDSSSEntry 4 } + +dot11HRCCAModeSupported OBJECT-TYPE + SYNTAX INTEGER (1..31) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "dot11HRCCAModeSupported is a bit-significant value, + representing all of the CCA modes supported by the PHY. + Valid values are: + energy detect only (ED_ONLY) = 01, + carrier sense only (CS_ONLY) = 02, + carrier sense and energy detect (ED_and_CS)= 04, + carrier sense with timer (CS_and_Timer)= 08, + high rate carrier sense and energy detect + (HRCS_and_ED)= 16 + or the logical sum of any of these values. In + the high rate extension PHY, this attribute shall + be used in preference to the dot11CCAModeSupported + attribute." + ::= { dot11PhyHRDSSSEntry 5 } + +-- ********************************************************************** +-- * End of dot11PhyHRDSSSEntry TABLE +-- ********************************************************************** + +-- ******************************************************************** +-- * dot11 Hopping Pattern TABLE +-- ******************************************************************** + +dot11HoppingPatternTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of attributes necessary for + a frequency hopping implementation to be able to + create the hopping sequences necessary to operate + in the subband for the associated domain country string." + ::= { dot11phy 13 } + +dot11HoppingPatternEntry OBJECT-TYPE + SYNTAX Dot11HoppingPatternEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the Hopping Pattern Table + that indicates the random hopping sequence to be followed. + + IfIndex - Each IEEE 802.11 interface is represented + by an ifEntry. Interface tables in this MIB are indexed + by ifIndex." + INDEX { ifIndex, + dot11HoppingPatternIndex } + ::= { dot11HoppingPatternTable 1 } + +Dot11HoppingPatternEntry ::= + SEQUENCE { + dot11HoppingPatternIndex Integer32, + dot11RandomTableFieldNumber Integer32 } + +dot11HoppingPatternIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used to identify instances of + the columnar objects in the Hopping Pattern Table." + ::= { dot11HoppingPatternEntry 1} + +dot11RandomTableFieldNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This attribute shall indicate the value of the + starting channel number in the hopping sequence of + the subband for the associated domain country string. + The default value of this attribute shall be zero." + ::= { dot11HoppingPatternEntry 2} + +-- ********************************************************************** +-- * End of dot11 Hopping Pattern TABLE +--********************************************************************** + +-- ********************************************************************** +-- * Conformance Information +-- ********************************************************************** + +dot11Conformance OBJECT IDENTIFIER ::= { ieee802dot11 5 } +dot11Groups OBJECT IDENTIFIER ::= { dot11Conformance 1 } +dot11Compliances OBJECT IDENTIFIER ::= { dot11Conformance 2 } + +-- ********************************************************************** +-- * Compliance Statements +-- ********************************************************************** + +dot11Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities + that implement the IEEE 802.11 MIB." + MODULE -- this module + MANDATORY-GROUPS { + dot11SMTbase2, + dot11MACbase, dot11CountersGroup, + dot11SmtAuthenticationAlgorithms, + dot11ResourceTypeID, dot11PhyOperationComplianceGroup } + + GROUP dot11PhyDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of dsss. This group is + mutually exclusive with the groups dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyIRComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of irbaseband. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyFHSSComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyFHSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of fhss. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyOFDMComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyOFDMComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of ofdm. This group is + mutually exclusive with the groups dot11PhyDSSSComplianceGroup, + dot11PhyIRComplianceGroup, dot11PhyFHSSComplianceGroup + and dot11PhyHRDSSSComplianceGroup." + + GROUP dot11PhyHRDSSSComplianceGroup + DESCRIPTION + "Implementation of this group is required when object + dot11PHYType has the value of hrdsss. This group is + mutually exclusive with the groups + dot11PhyDSSSComplianceGroup, dot11PhyIRComplianceGroup, + dot11PhyFHSSComplianceGroup and dot11PhyOFDMComplianceGroup." + + -- OPTIONAL-GROUPS { dot11SMTprivacy, dot11MACStatistics, + -- dot11PhyAntennaComplianceGroup, dot11PhyTxPowerComplianceGroup, + -- dot11PhyRegDomainsSupportGroup, + -- dot11PhyAntennasListGroup, dot11PhyRateGroup } + + ::= { dot11Compliances 1 } + +-- ********************************************************************** +-- * Groups - units of conformance +-- ********************************************************************** + +dot11SMTbase OBJECT-GROUP + OBJECTS { dot11StationID, dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut } + STATUS deprecated + DESCRIPTION + "The SMT object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 1 } + +dot11SMTprivacy OBJECT-GROUP + OBJECTS { dot11PrivacyInvoked, + dot11WEPKeyMappingLength, dot11ExcludeUnencrypted, + dot11WEPICVErrorCount , dot11WEPExcludedCount , + dot11WEPDefaultKeyID, + dot11WEPDefaultKeyValue, + dot11WEPKeyMappingWEPOn, + dot11WEPKeyMappingValue , dot11WEPKeyMappingAddress, + dot11WEPKeyMappingStatus } + STATUS current + DESCRIPTION + "The SMTPrivacy package is a set of attributes that shall be + present if WEP is implemented in the STA." + ::= { dot11Groups 2 } + +dot11MACbase OBJECT-GROUP + OBJECTS { dot11MACAddress, dot11Address, + dot11GroupAddressesStatus, + dot11RTSThreshold, dot11ShortRetryLimit, + dot11LongRetryLimit, dot11FragmentationThreshold, + dot11MaxTransmitMSDULifetime, + dot11MaxReceiveLifetime, dot11ManufacturerID, + dot11ProductID } + STATUS current + DESCRIPTION + "The MAC object class provides the necessary support for the + access control, generation, and verification of frame check + sequences (FCSs), and proper delivery of valid data to upper + layers." + ::= { dot11Groups 3 } + +dot11MACStatistics OBJECT-GROUP + OBJECTS { dot11RetryCount, dot11MultipleRetryCount, + dot11RTSSuccessCount, dot11RTSFailureCount, + dot11ACKFailureCount, dot11FrameDuplicateCount } + STATUS current + DESCRIPTION + "The MACStatistics package provides extended statistical + information on the operation of the MAC. This + package is completely optional." + ::= { dot11Groups 4 } + +dot11ResourceTypeID OBJECT-GROUP + OBJECTS { dot11ResourceTypeIDName, dot11manufacturerOUI, + dot11manufacturerName, dot11manufacturerProductName, + dot11manufacturerProductVersion } + STATUS current + DESCRIPTION + "Attributes used to identify a STA, its manufacturer, + and various product names and versions." + ::= { dot11Groups 5 } + +dot11SmtAuthenticationAlgorithms OBJECT-GROUP + OBJECTS { dot11AuthenticationAlgorithm, + dot11AuthenticationAlgorithmsEnable } + STATUS current + DESCRIPTION + "Authentication Algorithm Table." + ::= { dot11Groups 6 } + +dot11PhyOperationComplianceGroup OBJECT-GROUP + OBJECTS { dot11PHYType, dot11CurrentRegDomain, dot11TempType } + STATUS current + DESCRIPTION + "PHY layer operations attributes." + ::= { dot11Groups 7 } + +dot11PhyAntennaComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentTxAntenna, dot11DiversitySupport, + dot11CurrentRxAntenna } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 8 } + +dot11PhyTxPowerComplianceGroup OBJECT-GROUP + OBJECTS { dot11NumberSupportedPowerLevels, dot11TxPowerLevel1, + dot11TxPowerLevel2, dot11TxPowerLevel3, dot11TxPowerLevel4, + dot11TxPowerLevel5, dot11TxPowerLevel6, dot11TxPowerLevel7, + dot11TxPowerLevel8, dot11CurrentTxPowerLevel } + STATUS current + DESCRIPTION + "Attributes for Control and Management of transmit power." + ::= { dot11Groups 9 } + +dot11PhyFHSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex} + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11." + ::= { dot11Groups 10 } + +dot11PhyDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold} + STATUS current + DESCRIPTION + "Attributes that configure the DSSS for IEEE 802.11." + ::= { dot11Groups 11 } + +dot11PhyIRComplianceGroup OBJECT-GROUP + OBJECTS { dot11CCAWatchdogTimerMax, dot11CCAWatchdogCountMax, + dot11CCAWatchdogTimerMin, dot11CCAWatchdogCountMin} + STATUS current + DESCRIPTION + "Attributes that configure the baseband IR for IEEE 802.11." + ::= { dot11Groups 12 } + +dot11PhyRegDomainsSupportGroup OBJECT-GROUP + OBJECTS { dot11RegDomainsSupportedValue} + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 13} + +dot11PhyAntennasListGroup OBJECT-GROUP + OBJECTS { dot11SupportedTxAntenna, + dot11SupportedRxAntenna, dot11DiversitySelectionRx } + STATUS current + DESCRIPTION + "Attributes that specify the supported Regulation Domains." + ::= { dot11Groups 14 } + +dot11PhyRateGroup OBJECT-GROUP + OBJECTS { dot11SupportedDataRatesTxValue, + dot11SupportedDataRatesRxValue } + STATUS current + DESCRIPTION + "Attributes for Data Rates for IEEE 802.11." + ::= { dot11Groups 15 } + +dot11CountersGroup OBJECT-GROUP + OBJECTS { dot11TransmittedFragmentCount, + dot11MulticastTransmittedFrameCount, + dot11FailedCount, dot11ReceivedFragmentCount, + dot11MulticastReceivedFrameCount, + dot11FCSErrorCount, + dot11WEPUndecryptableCount, + dot11TransmittedFrameCount } + STATUS current + DESCRIPTION + "Attributes from the dot11CountersGroup that are not described + in the dot11MACStatistics group. These objects are + mandatory." + ::= { dot11Groups 16 } + +dot11NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { dot11Disassociate, + dot11Deauthenticate, + dot11AuthenticateFail } + STATUS current + DESCRIPTION + "IEEE 802.11 notifications" + ::= { dot11Groups 17 } + +dot11SMTbase2 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation } + STATUS current + DESCRIPTION + "The SMTbase2 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network." + ::= { dot11Groups 18 } + +dot11PhyOFDMComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentFrequency, + dot11TIThreshold, + dot11FrequencyBandsSupported } + STATUS current + DESCRIPTION + "Attributes that configure the OFDM for IEEE 802.11." + ::= { dot11Groups 19 } + +dot11SMTbase3 OBJECT-GROUP + OBJECTS { dot11MediumOccupancyLimit, + dot11CFPollable, + dot11CFPPeriod, + dot11CFPMaxDuration, + dot11AuthenticationResponseTimeOut, + dot11PrivacyOptionImplemented, + dot11PowerManagementMode, + dot11DesiredSSID, dot11DesiredBSSType, + dot11OperationalRateSet, + dot11BeaconPeriod, dot11DTIMPeriod, + dot11AssociationResponseTimeOut, + dot11DisassociateReason, + dot11DisassociateStation, + dot11DeauthenticateReason, + dot11DeauthenticateStation, + dot11AuthenticateFailStatus, + dot11AuthenticateFailStation, + dot11MultiDomainCapabilityImplemented, + dot11MultiDomainCapabilityEnabled, + dot11CountryString } + STATUS current + DESCRIPTION + "The SMTbase3 object class provides the necessary support at the + STA to manage the processes in the STA such that the STA may + work cooperatively as a part of an IEEE 802.11 network, when the STA + is capable of multi-domain operation. This object group should be + implemented when the multi-domain capability option is implemented." + ::= { dot11Groups 20 } + +dot11MultiDomainCapabilityGroup OBJECT-GROUP + OBJECTS { dot11FirstChannelNumber, + dot11NumberofChannels, + dot11MaximumTransmitPowerLevel } + STATUS current + DESCRIPTION + "The dot11MultiDomainCapabilityGroup object class provides + the objects necessary to manage the channels usable by a STA, + when the multi-domain capability option is implemented." + ::= { dot11Groups 21 } + +dot11PhyFHSSComplianceGroup2 OBJECT-GROUP + OBJECTS { dot11HopTime, dot11CurrentChannelNumber, dot11MaxDwellTime, + dot11CurrentDwellTime, dot11CurrentSet, dot11CurrentPattern, + dot11CurrentIndex, dot11EHCCPrimeRadix, + dot11EHCCNumberofChannelsFamilyIndex, + dot11EHCCCapabilityImplemented, dot11EHCCCapabilityEnabled, + dot11HopAlgorithmAdopted, dot11RandomTableFlag, + dot11NumberofHoppingSets, dot11HopModulus, + dot11HopOffset, dot11RandomTableFieldNumber } + STATUS current + DESCRIPTION + "Attributes that configure the Frequency Hopping for IEEE + 802.11 when multi-domain capability option is implemented." + ::= { dot11Groups 22 } + +dot11PhyHRDSSSComplianceGroup OBJECT-GROUP + OBJECTS { dot11CurrentChannel, dot11CCAModeSupported, + dot11CurrentCCAMode, dot11EDThreshold, + dot11ShortPreambleOptionImplemented, + dot11PBCCOptionImplemented, dot11ChannelAgilityPresent, + dot11ChannelAgilityEnabled, dot11HRCCAModeSupported } + STATUS current + DESCRIPTION + "Attributes that configure the HRDSSS for IEEE 802.11." + ::= { dot11Groups 23 } + +-- ********************************************************************** +-- * End of 802.11 MIB +-- ********************************************************************** + +END + Index: /trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf =================================================================== --- /trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) +++ /trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf (revision 10119) @@ -0,0 +1,85 @@ +# snmpd.conf + +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec local localhost public +com2sec mynetwork 172.16.0.0/12 public +com2sec mynetwork 10.0.0.0/8 public +com2sec mynetwork 192.168.0.0/16 public + + + +# Second, map the security names into group names: + +# sec.model sec.name +group MyRWGroup v1 local +group MyRWGroup v2c local +group MyRWGroup usm local +group MyROGroup v1 mynetwork +group MyROGroup v2c mynetwork +group MyROGroup usm mynetwork + + +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 + + +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + + +# System contact information + +sysLocation Somewhere in or near Leiden +sysContact Stichting Wireless Leiden / +31 71 5139817 + + +# Process checks. + +# name max min +proc lvrouted.opt 1 1 +proc sshd 8 1 +proc syslogd 1 1 +proc ntpd 1 1 +proc snmpd 1 1 +proc dhcpd 1 1 +proc pen 1 1 +proc cron 2 1 +proc named 1 1 + + +# disk checks + +# path min +#disk / 90% +#disk /var 80% +#disk /usr 80% +#disk /tmp 60% +includeAllDisks 85% + + +# load average checks + +# 1max 5max 15max +load 12 14 14 + + +# Pass through control + +# miboid exec-command +pass .1.3.6.1.4.1.2021.50 /usr/local/nagios/bin/processor + +pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf + +extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh +extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh +extend .1.3.6.1.4.1.2021.70 users /bin/sh /usr/local/bin/users.sh Index: /trunk/nanobsd/files/usr/local/www/index.html =================================================================== --- /trunk/nanobsd/files/usr/local/www/index.html (revision 10119) +++ /trunk/nanobsd/files/usr/local/www/index.html (revision 10119) @@ -0,0 +1,8 @@ + + + + + + Wireless Leiden + + Index: /trunk/nanobsd/files/usr/local/www/wlportal/index.cgi =================================================================== --- /trunk/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) +++ /trunk/nanobsd/files/usr/local/www/wlportal/index.cgi (revision 10119) @@ -0,0 +1,378 @@ +#!/usr/bin/env python +# +# Wrap me around tcpserver or inetd, example usage for tcpserver (debug): +# tcpserver -HRl localhost 172.31.255.1 /root/wlportal.py +# +# Or put me in a CGI script in for example thttpd server: +# +# = Usage = +# This is a wrapper script which does very basic HTML parsing and altering of +# ipfw tables rules to build a basic Captive Portal, with basic sanity +# checking. The ACL is IP based (this is a poor mans solution, layer2 +# ACL would be much better), so don't take security very seriously. +# +# To get traffic by default to the portal iI requires a few special rules in +# ipfw to work properly (ajust IP details if needed): +# - Rule 10010-10099 needs to be free. +# - add 10100 fwd 172.20.145.1,8081 tcp from any to not 172.16.0.0/12 dst-port 80 in via wlan0 +# +# Enties older than 5 minutes not being used will be removed if the (hidden) +# argument action=cleanup is given as GET variable. So having this in cron (would fix it): +# */5 * * * * /usr/bin/fetch -q http://172.31.255.1/wlportal?action=cleanup +# +# The program has uses a file based persistent cache to save authenticated +# ACLs, this will NOT get synced after a reboot. +# +# State : ALPHA +# Version : $Id$ +# Author : Rick van der Zwet +# Licence : BSDLike http://wirelessleiden.nl/LICENSE + +import logging +import os +import pickle +import re +import signal +import subprocess +import sys +import time +import traceback +import urlparse + +# XXX: Make me dynamic +portalroot='172.31.255.1' +portalurl='http://www.wirelessleiden.nl' +fwcmd='/sbin/ipfw' +arpcmd='/usr/sbin/arp' +fancy_template='/etc/local/captive/include.htm' + + +logging.basicConfig(stream=open('/var/log/wlportal.log','a'),level=logging.DEBUG) + +class ItemCache: + """ + Very basic ItemCache used for caching registered entries and other foo, no + way recurrent, so use with care! + """ + + def __init__(self, authentication_timeout=60): + self.cachefile='/tmp/portal.cache' + # cache[mac_address] = (ipaddr, registered_at, last_seen) + self.cache = None + self.arp_cache = None + self.now = time.time() + self.authentication_timeout = authentication_timeout + + def delete_all(self): + self.cache = {} + self.save() + + def delete(self,ipaddr): + self.load() + for mac in self.cache.keys(): + if self.cache[mac][0] == ipaddr: + del self.cache[mac] + self.save() + + + def load(self): + """ Request cached file entries """ + if self.cache == None: + try: + self.cache = pickle.load(open(self.cachefile,'r')) + except IOError: + self.cache = {} + pass + + def load_arp_cache(self): + """ Provide with listing of MAC to IP numbers """ + if self.arp_cache == None: + output = subprocess.Popen([arpcmd,'-na'], stdout=subprocess.PIPE).communicate()[0] + self.arp_cache = {} + for line in output.strip().split('\n'): + # ? (172.20.145.30) at 00:21:e9:e2:7c:c6 on wlan0 expires in 605 seconds [ethernet] + if not 'expires' in line: + continue + t = re.split('[ ()]',line) + ip, mac = t[2],t[5] + self.arp_cache[ip] = mac + + def add(self,ipaddr): + """ Add entry to cache (on file) and return entry""" + self.load() + self.load_arp_cache() + self.cache[self.arp_cache[ipaddr]] = (ipaddr, self.now, self.now) + logging.debug("Adding Entry to Cache %s -> %s" % (ipaddr, self.arp_cache[ipaddr])) + self.save() + + def save(self): + """ Sync entries to disk """ + # XXX: Should actually check if entry has changed at all + pickle.dump(self.cache, open(self.cachefile,'w')) + + def update(): + """ Update entries with relevant ARP cache """ + self.load() + self.load_arp_cache() + # Update last_seen time for currently active entries + for ip,mac in self.arp_cache.iteritems(): + if self.cache.has_key(mac): + self.cache[mac][3] = now + + # cleanup no longer used entries, after authentication_timeout seconds. + for mac in self.cache: + if self.cache[mac][3] < self.now - self.authentication_timeout: + del self.cache[mac] + + # Sync results to disk + self.save() + return self.cache + + def get_cache(self): + self.load() + return self.cache + + def get_arp_cache(self): + self.load_arp_cache() + return self.arp_cache + + +class FirewallControl: + def __init__(self): + self.first_rule = 10010 + self.last_rule = 10099 + self.available_rule = self.first_rule + self.logger = '' + + + def load(self): + # Get all registered ips + sp = subprocess.Popen([fwcmd,'show','%i-%i' % (self.first_rule, self.last_rule)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + output = sp.communicate()[0] + self.ip_in_firewall = {} + if sp.returncode == 0: + # 10010 32 1920 allow tcp from 172.20.145.30 to not 172.16.0.0/12,192.168.1.0/24 dst-port 80 + for line in output.strip().split('\n'): + t = line.split() + rule, ip = t[0], t[6] + self.ip_in_firewall[ip] = rule + + if self.available_rule == int(rule): + self.available_rule += 1 + else: + # XXX: Some nagging about no rules beeing found perhaps? + pass + + def cleanup(self): + """ Cleanup Old Entries, mostly used for maintenance runs """ + self.load() + # Make sure cache matches the latest ARP version + itemdb = ItemCache() + cache = itemdb.get_cache() + valid_ip = itemdb.get_arp_cache() + + # Check if all ipfw allowed entries still have the same registered MAC address + # else assume different user and delete. + for ip,rule in self.ip_in_firewall.iteritems(): + delete_entry = False + + # Make sure IP is still valid + if not valid_ip.has_key(ip): + delete_entry = True + # Also MAC needs to exists in Cache + elif not cache.has_key(valid_ip[ip]): + delete_entry = True + # IP need to match up with registered one + elif not cache[valid_ip[ip]][0] == ip: + delete_entry = True + + # Delete entry if needed + if delete_entry: + output = subprocess.Popen([fwcmd,'delete',str(rule)], stdout=subprocess.PIPE).communicate()[0] + self.logger += "Deleting ipfw entry %s %s\n" % (rule, ip) + logging.debug('Deleting ipfw entry %s %s\n' % (rule, ip)) + + + def add(self,ipaddr): + """ Add Entry to Firewall, False if already exists """ + self.load() + if not self.ip_in_firewall.has_key(ipaddr): + rule = "NUMBER allow tcp from IPADDR to not 172.16.0.0/12,192.168.1.0/24 dst-port 80".split() + rule[0] = str(self.available_rule) + rule[4] = str(ipaddr) + logging.debug("Addding %s" % " ".join(rule)) + output = subprocess.Popen([fwcmd,'add'] + rule, stdout=subprocess.PIPE).communicate()[0] + itemdb = ItemCache() + itemdb.add(ipaddr) + return True + else: + return False + + + def delete(self, ipaddr): + itemdb = ItemCache() + itemdb.delete(ipaddr) + self.cleanup() + + def delete_all(self): + itemdb = ItemCache() + itemdb.delete_all() + self.cleanup() + + def get_log(self): + return self.logger + + + +# Query String Dictionaries +qs_post = None +qs = None +header = [] + +# We are are HTTP server, so act like one +if not os.environ.has_key('REQUEST_METHOD'): + class TimeoutException(Exception): + """ Helper for alarm signal handling""" + pass + + def handler(signum, frame): + """ Helper for alarm signal handling""" + raise TimeoutException + + + # Parse the HTTP/1.1 Content-Header (partially) + signal.signal(signal.SIGALRM,handler) + us = None + method = None + hostname = None + content_length = None + remote_host = None + while True: + try: + signal.alarm(1) + line = sys.stdin.readline().strip() + if not line: + break + header.append(line) + signal.alarm(0) + if line.startswith('GET '): + us = urlparse.urlsplit(line.split()[1]) + method = 'GET' + elif line.startswith('POST '): + method = 'POST' + us = urlparse.urlsplit(line.split()[1]) + elif line.startswith('Host: '): + hostname = line.split()[1] + elif line.startswith('Content-Length: '): + content_length = int(line.split()[1]) + except TimeoutException: + break + + # Capture Portal, make sure to redirect all to portal + if hostname != portalroot: + print "HTTP/1.1 302 Moved Temponary\r\n", + print "Location: http://%s/\r\n" % portalroot, + sys.exit(0) + + + # Handle potential POST + if method == 'POST' and content_length: + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + # Parse Query String + if us and us.path == "/wlportal" and us.query: + qs = urlparse.parse_qs(us.query) + + remote_host = os.environ['REMOTEHOST'] +else: + # Parse the CGI Variables if present + if os.environ['REQUEST_METHOD'] == "POST": + content_length = int(os.environ['CONTENT_LENGTH']) + body = sys.stdin.read(content_length) + qs_post = urlparse.parse_qs(body) + + if os.environ.has_key('QUERY_STRING'): + qs = urlparse.parse_qs(os.environ['QUERY_STRING']) + + remote_host = os.environ['REMOTE_ADDR'] + + + +# Helpers for HTML 'templates' +content = { + 'portalroot' : portalroot, + 'portalurl' : portalurl, + 'extra_header' : '', + 'tech_footer' : '', + 'status_msg' : '', + } + +try: + # Put authenticate use and process response + if qs_post and qs_post.has_key('action'): + if 'login' in qs_post['action']: + fw = FirewallControl() + if fw.add(remote_host): + content['extra_header'] = "Refresh: 5; url=%(portalurl)s\r" % content + content['status_msg'] = "Sucessfully Logged In!
" +\ + """ Will redirect you in 5 seconds to %(portalurl)s """ % content + else: + content['status_msg'] = "ERROR! Already Logged On" + elif 'logout' in qs_post['action']: + fw = FirewallControl() + fw.delete(remote_host) + content['status_msg'] = "Succesfully logged out!" + elif qs and qs.has_key('action'): + if 'deleteall' in qs['action']: + content['tech_footer'] += "# [INFO] Deleting all entries\n" + fw = FirewallControl() + fw.delete_all() + content['tech_footer'] += fw.get_log() + elif 'cleanup' in qs['action']: + tech_footer = "# [INFO] Update timestamp of all entries\n" + fw = FirewallControl() + fw.update() + content['tech_footer'] += fw.get_log() + elif 'cleanup' in qs['action']: + content['tech_footer'] += "# [INFO] Deleting all entries" + fw = FirewallControl() + fw.delete_all() + +except Exception,e: + content['tech_footer'] += traceback.format_exc() + content['status_msg'] = e + pass + + # Present Main Screen +print """\ +HTTP/1.1 200 OK\r +Content-Type: text/html\r +%(extra_header)s +""" % content + +try: + page = open(fancy_template,'r').read() +except IOError: + page = """ + +

%(status_msg)s

+ +

Wireless Leiden - Internet Portal

+
+ + +
+ +

More options

+
+ + +
+
Technical Details:
+%(tech_footer)s
+
+ +""" + +print page % content Index: /trunk/nanobsd/files/usr/local/www/wlweb/index.cgi =================================================================== --- /trunk/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) +++ /trunk/nanobsd/files/usr/local/www/wlweb/index.cgi (revision 10119) @@ -0,0 +1,36 @@ +#!/usr/local/bin/python +# +# Wireless Leiden webinterface for (embedded) nodes +# Rick van der Zwet +# Richard van Mansom (richardvm@wirelessleiden.nl), striped the webserver + +from subprocess import * +import os + +def tailFile(file): + lines=-10 + return("Tail (%i): %s
%s
" % (lines,file,Popen(["tail", str(lines), file], stdout=PIPE).communicate()[0])); + +def catFile(file): + return("File: %s
%s
" % (file,Popen(["cat", file], stdout=PIPE).communicate()[0])); + +def allRoutes(): + return("netstat -nr
%s
" % Popen(["netstat", "-n", "-r"], stdout=PIPE).communicate()[0]); + +def processList(): + return("ps -aux
%s
" % Popen(["ps", "-a", "-u", "-x"], stdout=PIPE).communicate()[0]); + + +def main(): + return ( "Content-Type: text/html\n\n" + + "" + + "Welcome to Stichting Wireless Leiden host/node " + + Popen(["hostname"], stdout=PIPE).communicate()[0] + + "

" + tailFile('/var/log/messages') + "

" + + tailFile('/var/log/debug.log') + "

" + + catFile('/var/run/dmesg.boot') + "

" + + allRoutes() + "

" + + processList() + "

" + + "$Id$" ) + +print main() Index: /trunk/nanobsd/tools/config-image.sh =================================================================== --- /trunk/nanobsd/tools/config-image.sh (revision 10119) +++ /trunk/nanobsd/tools/config-image.sh (revision 10119) @@ -0,0 +1,38 @@ +#!/bin/sh +# Push config onto persistent location inside node image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +# Find the image to config +find_disk_full $1 + +# Make sure we are root from this point on +f_check_root + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} /tools/wl-config -n -m startup + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /trunk/nanobsd/tools/edit-image.sh =================================================================== --- /trunk/nanobsd/tools/edit-image.sh (revision 10119) +++ /trunk/nanobsd/tools/edit-image.sh (revision 10119) @@ -0,0 +1,50 @@ +#!/bin/sh +# Chroot into image to edit bits and pieces +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists + exit 1 +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +p_info "Type exit when done" +chroot ${MNT} +p_info "Any changes are made permanent on image ${IMG}" + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /trunk/nanobsd/tools/image-build.sh =================================================================== --- /trunk/nanobsd/tools/image-build.sh (revision 10119) +++ /trunk/nanobsd/tools/image-build.sh (revision 10119) @@ -0,0 +1,74 @@ +#!/bin/sh +# Wrapper around nanobsd.sh with autodetection of already processed steps +# to provide some failsafe net + +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" +NANOBSD='/usr/src/tools/tools/nanobsd/nanobsd.sh' + +. ${BASEDIR}/package-build.inc.sh + +FORCE_KERNEL=0 +FORCE_WORLD=0 +#XXX: Proper object handling +if [ "$1" = "-bk" ]; then + p_warn Forcefully building kernel + FORCE_KERNEL=1 +elif [ "$1" = "-bw" ]; then + p_warn Forcefully building world + FORCE_WORLD=1 +elif [ "$1" = "-f" ]; then + p_warn Forcefully building world and kernel + FORCE_KERNEL=1 + FORCE_WORLD=1 +fi +shift +NANOBSD_EXTRA=$* + +if [ ! -r "${NANOBSD}" ]; then + p_err ${NANOBSD} does not exists + exit 1 +fi + +if [ ! -x "${NANOBSD}" ]; then + NANOBSD="sh ${NANOBSD}" +fi + +if [ -d "${OBJDIR}" ]; then + NANOBSD_FLAGS="" + + # Detect succesfull buildworld + tail -10 ${OBJDIR}/_.bw | grep 'World build completed' + if [ $? -eq 0 -a ${FORCE_WORLD} -eq 0 ]; then + p_info NO building of world, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -w" + fi + + # Detect succesfull buildkernel + tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' + if [ $? -eq 0 -a ${FORCE_KERNEL} -eq 0 ]; then + p_info NO building of kernel, use $0 -f to force + NANOBSD_FLAGS="${NANOBSD_FLAGS} -k" + fi + +else + p_warn Nothing yet, starting fresh + NANOBSD_FLAGS="" +fi + +# Provide verbose output by default +COMMAND="${NANOBSD} ${NANOBSD_FLAGS} -c ${CFG} -v ${NANOBSD_EXTRA}" +f_time ${COMMAND} +RETVAL=$? + +# Verify on build failures +tail -10 ${OBJDIR}/_.bw | grep 'World build completed' +if [ $? -eq 1 ]; then + p_err Building world FAILED, check ${OBJDIR}/_.bw +fi +tail -10 ${OBJDIR}/_.bk | grep 'Kernel build for .* completed' +if [ $? -eq 1 ]; then + p_err Building kernel FAILED, check ${OBJDIR}/_.bk +fi +p_info End time: `date` +exit ${RETVAL} Index: /trunk/nanobsd/tools/make-release.sh =================================================================== --- /trunk/nanobsd/tools/make-release.sh (revision 10119) +++ /trunk/nanobsd/tools/make-release.sh (revision 10119) @@ -0,0 +1,51 @@ +#!/bin/sh +# Small tool to build nanobsd release, ready for distribution: + +BASEDIR="`dirname $0`/.." + +# Some cleaning at start +for PORT in ${BASEDIR}/misc/ports/*/*; do + (cd $PORT; make clean); +done + +# Version target +# Either version from command line or else subversion base +VERSION=${1-`svn info ${BASEDIR} | awk '/Revision:/ {print $2}'`} + +TMPDIR=`mktemp -d -t $(basename $0 .sh)` + +PKGDIR=wl-image-$VERSION +WRKSRC=$TMPDIR/$PKGDIR +mkdir $WRKSRC +cp -R ${BASEDIR}/tools $WRKSRC +cp -R ${BASEDIR}/cfg $WRKSRC +cp -R ${BASEDIR}/misc $WRKSRC +cp -R ${BASEDIR}/files $WRKSRC +cp -R ${BASEDIR}/README.txt $WRKSRC + +# Present real image +# XXX: Make path relative +# XXX: Find some pretty options +IMG=/usr/obj/nanobsd.wleiden/_.disk.full +IMG_DIR=`dirname ${IMG}` +IMG_PKGDIR=${IMG_DIR}/${PKGDIR} +mkdir ${IMG_PKGDIR} +ln ${IMG} ${IMG_PKGDIR}/disk_full.img + +# Make pretty tar file out of it +tar --exclude ".svn" --exclude "Makefile" \ + --exclude "config.cache" --exclude "config.log" --exclude "config.status" \ + --exclude ".depend" \ + -cjf wl-image-$VERSION.tbz \ + -C $TMPDIR \ + $PKGDIR/tools \ + $PKGDIR/cfg \ + $PKGDIR/files \ + $PKGDIR/misc \ + $PKGDIR/README.txt \ + -C $IMG_DIR \ + $PKGDIR/disk_full.img + +rm -fR $TMPDIR +rm -fR $IMG_PKGDIR + Index: /trunk/nanobsd/tools/package-build.inc.sh =================================================================== --- /trunk/nanobsd/tools/package-build.inc.sh (revision 10119) +++ /trunk/nanobsd/tools/package-build.inc.sh (revision 10119) @@ -0,0 +1,109 @@ +# Used to store profile data +TIME_FILE=$(dirname $0)/eta-times.txt +BASEDIR=`dirname $0` +CFG="${BASEDIR}/../cfg/nanobsd.wleiden" + +# Used for parsing the CFG file properly. +customize_cmd () { + NANO_CUSTOMIZE="$NANO_CUSTOMIZE $*" +} +. $CFG + +# Hardcoded variables used in nanobsd.sh needed externally +OBJDIR="/usr/obj/nanobsd.${NANO_NAME}" + + + +p_list () { +echo "$*" | sed -e 's/ /|## /g' -e 's/^/## /g' +} + +p_info () { + echo "$*" | tr '|' '\n' | sed 's/^/# /' +} + +p_warn () { + echo "$*" | tr '|' '\n' | sed 's/^/#WARN: /' +} + +p_err () { + echo "$*" | tr '|' '\n' | sed 's/^/#ERR: /' +} + +p_sleep() { + SLEEP=${1-5} + while [ "${SLEEP}" -gt 0 ]; do + printf '.' + sleep 1 + SLEEP=`expr ${SLEEP} - 1` + done + printf '\n' +} + +# Print estimation on how long it normally if going to take +f_time() { + COMMAND="$*" + ETA_TIME=` grep "${COMMAND}$" ${TIME_FILE} 2>/dev/null | awk '{print $1}'` + if [ -z "${ETA_TIME}" ]; then + ETA_TIME="NaN" + fi + + p_info Last run of "'${COMMAND}'" took ${ETA_TIME} + p_info Start time: `date` + + # Execute command + START_TIME=`date "+%s"` + $COMMAND + RETVAL=$? + STOP_TIME=`date "+%s"` + + p_info End time: `date` + # Calculate time it took + TOTAL_TIME=`expr ${STOP_TIME} - ${START_TIME}` + HUMAN_FMT=`date -ur ${TOTAL_TIME} "+%H:%M:%S"` + + # Store new time if command is succesfull + if [ "${RETVAL}" -eq 0 ]; then + grep -v "${COMMAND}$" ${TIME_FILE} > ${TIME_FILE}.tmp 2>/dev/null + echo "${HUMAN_FMT} ${COMMAND}" >> ${TIME_FILE}.tmp + mv ${TIME_FILE}.tmp ${TIME_FILE} + fi + + # Return the command it's output + return ${RETVAL} +} + +f_check_root() { + # No Root, no fun + if [ `id -u` -ne 0 ]; then + print_err Root only + exit 1 + fi +} + +# Find the correct image or the predefined image +find_image() { + PREFIX=$2 + if [ -n "$1" ]; then + IMG=$1 + else + IMG=${OBJDIR}/_.disk.$PREFIX + fi + + if [ ! -r "${IMG}" ]; then + p_err "Source '$IMG' does not exists" + exit 1 + fi +} + +find_disk_image() { + find_image "$1" "image" +} + +# Find the correct full or the predefined image +find_disk_full() { + find_image "$1" "full" +} + +trap 'echo "# Canceled by User!"; exit 1' 2 + Index: /trunk/nanobsd/tools/package-build.sh =================================================================== --- /trunk/nanobsd/tools/package-build.sh (revision 10119) +++ /trunk/nanobsd/tools/package-build.sh (revision 10119) @@ -0,0 +1,182 @@ +#!/bin/sh +# Install all required packages +# XXX: Welcome to port hell, if /usr/ports has been updated, you actually want +# to delete all installed packages and start over again, hence why people used +# to run this stuff in jails, etc. + +. $(dirname $0)/package-build.inc.sh + +DEBUG=${DEBUG:-0} +DEP_CHECK_ONLY=${DEP_CHECK_ONLY:-0} + +# make options, for package building +LOGDIR=`mktemp -d "/tmp/$(basename $0 .sh)-$(date +%Y%m%d-%H:%M:%S).X"` +TARGET=`dirname $NANO_PACKAGE_DIR` +if [ ! -d "$TARGET" ]; then + p_err "'$TARGET' does not exists"; exit 1 +fi + +# Package target +MAKE_ARGS="$MAKE_ARGS PACKAGES=$TARGET" +MAKE_ARGS="$MAKE_ARGS BATCH=yes PACKAGE_BUILDING=yes" + +# www/py-cherrypy +MAKE_ARGS="${MAKE_ARGS} WITH_APACHE=yes" +# net-mgmt/net-snmp +MAKE_ARGS="${MAKE_ARGS} WITHOUT_PERL=yes" +# net-mgmt/nagios-plugins +MAKE_ARGS="${MAKE_ARGS} WITH_FPING=yes" + +p_info Log directory ${LOGDIR} +p_info Make options are: +p_info $(p_list ${MAKE_ARGS}) + +p_info Checking whether there are currently unmet dependencies +RETVAL=0 +PKGS=`pkg_info | awk '{print $1}'` +for PKG in ${PKGS} ; do + PKG_DEP_FAIL="" + for PKGDEP in `pkg_info -qr ${PKG} | awk '{print $2}'`; do + pkg_info -e ${PKGDEP} + if [ $? -eq 1 ]; then + PKG_DEP_FAIL="${PKG_DEP_FAIL} ${PKGDEP}" + fi + done + if [ -n "${PKG_DEP_FAIL}" ]; then + p_err Unmet dependencies found at $PKG, please fix manually: + p_err $(p_list ${PKG_DEP_FAIL}) + RETVAL=1 + fi +done +if [ $RETVAL -eq 1 ]; then + exit 1 +fi +p_info Dependecy check ok + +if [ ${DEP_CHECK_ONLY} -eq 1 ]; then + exit 0 +fi +echo "" + + +if [ -d "${TARGET}/All" ]; then + p_warn "Deleted all (old) packages at ${TARGET}" + rm -R $TARGET/* +fi +p_info Created target dir ${TARGET}/All +mkdir -p ${TARGET}/All + +PORTSDIR='/usr/ports' +WL_PORTSDIR="`cd $(dirname $0);pwd -P`/../ports/" + +# XXX: Make file dynamic +# Dirty quirk to allow comments in part below +PACKAGE_LIST=`cat <>$LOGFILE 1>> $LOGFILE + if [ $? -ne 0 ]; then + p_err building ${PACKAGE} FAILED, logging at $LOGFILE + exit 1 + fi + fi + ${MAKE} package-links + PKGNAME=`make extract-message | awk '{print $NF}'` + pkg_create -b $PKGNAME $TARGET/All/${PKGNAME}.tbz + + p_info Checking dependencies + for PKG in $PKGDEP_PKGS; do + echo "${BUILD_LIST}" | grep -q "$PKG" + if [ $? -eq 0 ]; then + # Already packaged + p_info ${PKG} Already packaged + else + echo $@ | grep -q "${PKG}" + if [ $? -eq 0 ]; then + p_info ${PKG} Already planned + else + set $@ ${PKG} + fi + fi + done + p_info Packaging $PACKAGE succesfull +done + +p_info $(echo ${BUILD_LIST} | wc -w) packages build succesfully + +if [ ${DEBUG} -eq 0 ]; then + rm -R ${LOGDIR} +else + p_info Debugging enabled ${LOGDIR} saved +fi + Index: /trunk/nanobsd/tools/passwd-image.sh =================================================================== --- /trunk/nanobsd/tools/passwd-image.sh (revision 10119) +++ /trunk/nanobsd/tools/passwd-image.sh (revision 10119) @@ -0,0 +1,48 @@ +#!/bin/sh +# Change password if image +# +# XXX: Error handing +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists + exit 1 +fi + +# Make sure we are root from this point on +f_check_root + + +MNT=`mktemp -d -t $(basename $0)` + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMG}"; then + MD=`mdconfig -l -v | grep "${IMG}" | cut -c -4` + print_error "'${IMG}' already mounted at '$MD'" + exit 1 +fi + + +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}s1a ${MNT} + +# Config files lives at /cfg location +mount /dev/${MD}s3 ${MNT}/cfg + +# Try to fetch and store config +chroot ${MNT} passwd + +# Clean up +umount ${MNT}/cfg +umount ${MNT} +mdconfig -d -u ${MD} +rm -d ${MNT} + + Index: /trunk/nanobsd/tools/prepare-nfs.sh =================================================================== --- /trunk/nanobsd/tools/prepare-nfs.sh (revision 10119) +++ /trunk/nanobsd/tools/prepare-nfs.sh (revision 10119) @@ -0,0 +1,114 @@ +#!/bin/sh +# Get nanobsd image ready to be booted from NFS +# NFS instructions at +# http://www.wirelessleiden.nl/projects/nodefactory/wiki/TestingViaNFS + +IMAGE_BASE="/usr/obj/nanobsd.wleiden" +IMAGE_SLICE="${IMAGE_BASE}/_.disk.image" +IMAGE_FULL="${IMAGE_BASE}/_.disk.full" +IMAGE_NFS="${IMAGE_SLICE}-nfs" +# Structure: $NFSBASE +# ./cfg = /cfg mounpoint +# ./base = / mountpoint +# ./nfs = /nfs mountpoint +NFSBASE='/usr/data' +MNT="${NFSBASE}/base" +CFG="${NFSBASE}/cfg" +NFS="${NFSBASE}/nfs" + +print_error() { + echo "[ERROR] $*" 1>&2 +} + +usage() { + ( + echo "Usage: $0 [-fn]" + echo " -f force umount, memory device whipes" + echo " -n do not delete/clean cfg partition" + echo " -u unload/eject procedure" + ) 1>&2 + exit 2 +} + +# No Root, no fun +if [ `id -u` -ne 0 ]; then + print_error "Root only" + exit 1 +fi + +# Argument parsing using getopts +OPT_FORCE=0 +OPT_CLEAN=1 +OPT_UNLOAD=0 +while getopts "hfnu" OPT; do + case "$OPT" in + f) OPT_FORCE=1;; + n) OPT_CLEAN=0;; + u) OPT_UNLOAD=1;; + h) usage;; + \?) usage;; + esac +done + + +# Eeks, we are going to be nasty, hold your horses +if [ $OPT_FORCE -eq 1 -o $OPT_UNLOAD -eq 1 ]; then + umount -f $MNT + for MD in `mdconfig -l -v | grep "${IMAGE_NFS}" | awk '{print $1}'`; do + mdconfig -d -u $MD + done +fi + +if [ $OPT_UNLOAD -eq 1 ]; then + echo "All done" + exit 1; +fi + +# If mount point is already used, bail out +if mount | grep -q "${MNT}"; then + print_error "'${MNT}' already mounted" + exit 1 +fi + +# If target nfs image is mounted somehow, bail out +if mdconfig -l -v | grep -q "${IMAGE_NFS}"; then + MD=`mdconfig -l -v | grep "${IMAGE_NFS}" | cut -c -4` + print_error "'${IMAGE_NFS}' already mounted at '$MD'" + exit 1 +fi + + +# Prepare image for use with NFS +cp -v ${IMAGE_SLICE} ${IMAGE_NFS} + +MD=`mdconfig -a -t vnode -f ${IMAGE_NFS}` +mount /dev/${MD}a ${MNT} + +# Config files lives at NFS location +echo "mount -t nfs -o ro 192.168.4.1:${CFG}" > ${MNT}/conf/default/etc/remount + +# Create nfs mount location +mkdir ${MNT}/nfs + +# $MNT, $CFG, $NFS lives at nfs +( +echo "192.168.4.1:${MNT} / nfs ro 0 0" +echo "192.168.4.1:${CFG} /cfg nfs rw,noauto 0 0" +echo "192.168.4.1:${NFS} /nfs nfs rw 0 0" +) > /${MNT}/conf/base/etc/fstab + +if [ ${OPT_CLEAN} -eq 1 ]; then + echo "DELETING all files at ${CFG}, start fresh ;-)" + rm -vfR ${CFG}/* +else + echo "PRESERVING all files at ${CFG}" +fi + +echo "DELETING all files at ${NFS}, start fresh ;-)" +rm -vfR ${NFS}/* + +# Allow build images to be used directy via NFS +ln -f ${IMAGE_SLICE} ${NFS}/`basename ${IMAGE_SLICE}` +ln -f ${IMAGE_FULL} ${NFS}/`basename ${IMAGE_FULL}` + +# XXX: Proper unmounting after all has finished Index: /trunk/nanobsd/tools/rsync-image.sh =================================================================== --- /trunk/nanobsd/tools/rsync-image.sh (revision 10119) +++ /trunk/nanobsd/tools/rsync-image.sh (revision 10119) @@ -0,0 +1,41 @@ +#!/bin/sh +# Rsync minimal changes directly to live image + +. $(dirname $0)/package-build.inc.sh + +HOST=${1:-10.0.42.1} +BASEDIR=`dirname $0` +if [ -n "$2" ]; then + IMG=$2 +else + + # Find object directory + IMG=${OBJDIR}/_.disk.image +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists + exit 1 +fi + +# Make sure we are root from this point on +f_check_root + + +# Prepare image as filesystem +MNT=`mktemp -d -t $(basename $0)` +MD=`mdconfig -a -t vnode -f ${IMG}` +mount /dev/${MD}a ${MNT} || exit 1 + +# On error clean up nicely +trap "cd /; umount ${MNT}; rmdir ${MNT}; mdconfig -d -u ${MD}" 0 1 2 3 15 + +#XXX: Might want to do in one fly +# Set to write mode +ssh $HOST mount -uwo noatime / || exit 1 +# Sync changes +rsync -av --exclude=/dev --exclude=/etc --exclude=/var ${MNT}/ ${HOST}:/ || exit 1 +# Set to read-only mode again +ssh $HOST mount -ur / || exit 1 + +exit 0 Index: /trunk/nanobsd/tools/test-inc.sh =================================================================== --- /trunk/nanobsd/tools/test-inc.sh (revision 10119) +++ /trunk/nanobsd/tools/test-inc.sh (revision 10119) @@ -0,0 +1,5 @@ +#!/bin/sh +. $(dirname $0)/package-build.inc.sh + +f_time sleep 5 + Index: /trunk/nanobsd/tools/upload-image.sh =================================================================== --- /trunk/nanobsd/tools/upload-image.sh (revision 10119) +++ /trunk/nanobsd/tools/upload-image.sh (revision 10119) @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Upload image to the 'distribution' server. First try WL network, +# else use inet as last resort. Need to have shell access to distribution server. +# +# XXX: Needs Type and such as well properly +# +# Rick van der Zwet + +SERVERS="sunfire.wleiden.net sunfire.wirelessleiden.nl" +TIMESTAMP=`date "+%Y%m%d-%H%M"` +BASEDIR=`dirname $0` +SSH_USER=${SSH_USER:-$USER} +TYPE="$1" +RELEASE="$2" + +. $BASEDIR/package-build.inc.sh + +if [ -z "$RELEASE" ]; then + echo "Usage: $0 " + exit 1 +fi + +# Make sure we find the right image +if [ "$TYPE" = "full" ]; then + find_disk_full "" +elif [ "$TYPE" = "image" ]; then + find_disk_image "" +else + echo "Usage: $0 " + exit 1 +fi + +check_reachable() { + ping -c 2 -t 1 -q $1 1>/dev/null 2>/dev/null + return $? +} + +# XXX: Hack this should actually be done during building phase +echo "# Compressing image '$IMG'" +gzip -v -k -f $IMG +IMG="$IMG.gz" + +echo "# Trying to upload to server, alarm messages are normal" +# Upload the image to the defined place +for SERVER in $SERVERS; do + if check_reachable $SERVER; then + TARGET="$SSH_USER@$SERVER:/usr/local/www/images/$RELEASE/node-$TYPE-$TIMESTAMP.img.gz" + echo "# Source: $IMG" + echo "# Target: $TARGET" + echo "# To cancel, please CTRL+C within 3 seconds" + sleep 3 + scp $IMG $TARGET + exit $? + fi +done + Index: /trunk/nanobsd/tools/write-image.sh =================================================================== --- /trunk/nanobsd/tools/write-image.sh (revision 10119) +++ /trunk/nanobsd/tools/write-image.sh (revision 10119) @@ -0,0 +1,70 @@ +#!/bin/sh +# Wrapper allowing to write image to card writer + +. $(dirname $0)/package-build.inc.sh + +BASEDIR=`dirname $0` +if [ -n "$1" ]; then + IMG=$1 +else + IMG=${OBJDIR}/_.disk.full +fi + +if [ ! -r "${IMG}" ]; then + p_err Source ${IMG} does not exists + exit 1 +fi +IMGSIZE=`ls -l ${IMG} | awk '{print $5 / 1024 / 1024}'` + +# Make sure we are root from this point on +f_check_root + +# Find which daX device holds a active flash drive +CARD_FOUND=0 +DA_LIST=`cd /dev/; echo da[0-9]` +for DA in ${DA_LIST}; do + diskinfo ${DA} 1>/dev/null 2>/dev/null + if [ $? -eq 0 ]; then + CARD_FOUND=1 + break + fi +done + +if [ ${CARD_FOUND} -eq 0 ]; then + p_err Sorry no flash card found at active devices, list searched: + p_err $(p_list ${DA_LIST}) + exit 1 +fi + +# Detect cardreader type/version +CARDREADER=`dmesg | grep ${DA}: | awk -F'[<>]' '/Removable Direct Access/ {print $2}' | tail -1` + +#XXX: Issue last chance warning, prompting the user to bail out +p_warn Going to write ${IMG} "(${IMGSIZE}MB)" to ${DA} "(${CARDREADER})" +p_warn 5 seconds to quit using CTRL+C +p_sleep 5 + +TMPFILE=`mktemp -t dd` +p_info Writing image... "(`date`)" +# Sending INFO to dd seems to confuse it sometimes so +# make it EXPERIMENTAL for now + +if [ -n "$ENHANCED_DD" ]; then + dd if=${IMG} of=/dev/${DA} bs=64k 2>${TMPFILE} & + DD_PID=$! + sleep 0.5 + while `ps ${DD_PID} >/dev/null`; do + kill -INFO ${DD_PID} + sleep 0.1 #Micro delay allow TMPFILE to populate + SIZE_DONE=`awk '/transferred/ {print $1}' ${TMPFILE}` + SIZE_DONE=`echo "${SIZE_DONE} / 1024 / 1024" | bc -l` + PERCENT_DONE=`echo "${SIZE_DONE} / ${IMGSIZE} * 100" | bc -l` + p_info `date "+%H:%m:%S"` `printf "%.02f MB (%.01f%%)" ${SIZE_DONE} ${PERCENT_DONE}` + p_sleep 10 + : > ${TMPFILE} + done +else + dd if=${IMG} of=/dev/${DA} bs=64k +fi +rm ${TMPFILE} +p_info Image writing succesfull at /dev/$DA "(`date`)"