Merge branch 'master' of git+ssh://openadk.org/git/openadk

TODO

@@ -1,5 +1,4 @@
-- fix init scripts pidof? vs. killall
-- rpm package backend
+- make rpm package backend working
 - freebsd build
 - win cygwin build
 - netbsd build
@@ -9,4 +8,3 @@
 - network scripts for pppoe
 - customise mconf help texts to better fit for OpenADK
 - publish via trac
-

mk/modules.mk

@@ -268,6 +268,45 @@ $(eval $(call KMOD_template,INET_XFRM_MODE_BEET,net-ipsec-beet,\
 ##
 ## Filtering / Firewalling
 ##
+#
+# Ethernet Bridging firewall
+#
+$(eval $(call KMOD_template,BRIDGE_NF_EBTABLES,nf-ebtables,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebtables \
+,55))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_BROUTE,nf-ebtables-broute,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_broute \
+,60))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_T_FILTER,nf-ebtables-filter,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_filter \
+,60))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_T_NAT,nf-ebtables-nat,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_nat \
+,60))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_802_3,nf-ebtables-802-3,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_802_3 \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_AMONG,nf-ebtables-among,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_among \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_ARP,nf-ebtables-arp,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_arpreply \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_IP,nf-ebtables-ip,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_ip \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_REDIRECT,nf-ebtables-redirect,\
+	$(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_redirect \
+,65))
+
 #
 # Netfilter Core
 #

package/Config.in

@@ -237,6 +237,7 @@ menu "Firewall / Routing / Bridging"
 source "package/arpd/Config.in"
 source "package/bridge-utils/Config.in"
 source "package/cutter/Config.in"
+source "package/ebtables/Config.in"
 source "package/ether-wake/Config.in"
 source "package/iproute2/Config.in"
 source "package/ipset/Config.in"

package/Makefile

@@ -83,6 +83,7 @@ package-$(ADK_PACKAGE_DSNIFF) += dsniff
 package-$(ADK_PACKAGE_E2FSPROGS) += e2fsprogs
 package-$(ADK_PACKAGE_LIBUUID) += e2fsprogs
 package-$(ADK_PACKAGE_LIBBLKID) += e2fsprogs
+package-$(ADK_PACKAGE_EBTABLES) += ebtables
 package-$(ADK_PACKAGE_ELINKS) += elinks
 package-$(ADK_PACKAGE_ESOUND) += esound
 package-$(ADK_PACKAGE_ETHER_WAKE) += ether-wake

package/axtls/files/axhttpd.init

@@ -17,7 +17,7 @@ start)
 	/usr/sbin/axhttpd >>/var/log/axhttpd.access
 	;;
 stop)
-	killall axhttpd
+	pkill axhttpd
 	;;
 restart)
 	sh $0 stop

package/base-files/extra/etc/profile

@@ -1,12 +1,12 @@
 export PATH=/bin:/sbin:/usr/bin:/usr/sbin
+export TERM=vt220
 if [[ $(id -u) = 0 ]]; then
 	export PS1='# '
 else
 	export PS1='$ '
+	export HOME=/tmp
 fi
-export HOME=/tmp
 cat /etc/banner 2>&-
-[ -x /usr/bin/less ] || alias less=more
-[ -x /usr/bin/vim ] || alias vim=vi
+[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
 [ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; }
 [ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 "$@"; }

package/base-files/extra/init

@@ -1,5 +1,5 @@
 #!/bin/sh
-echo "Pre-boot initializing"
+echo "Starting system ..."
 export PATH=/bin:/sbin:/usr/bin:/usr/sbin
 mount -nt proc proc /proc
 mount -o nosuid,nodev,noexec -t sysfs sysfs /sys
@@ -19,5 +19,4 @@ mount -o remount,rw /
 cat /etc/.rnd >/dev/urandom 2>&1
 [ -f /etc/fstab ] && mount -a
 [ -x /sbin/cfgfs ] && { cfgfs setup; mount -o remount,ro /;}
-echo "Starting system"
 exec /sbin/init

package/base-files/extra/sbin/update

@@ -7,9 +7,8 @@ if [ $who -ne 0 ]; then
 fi
 
 cd /
-
+umount -f /etc
 mount -o remount,rw /
-umount /etc
 
 check_exit() {
 	if [ $? -ne 0 ];then
@@ -19,17 +18,17 @@ check_exit() {
 }
 
 extract_from_file() {
-        tar -xzvf $1
+        cat $1 | gunzip -c | tar -xf -
 	check_exit
 }
 
 extract_from_ssh() {
-        ssh $1 "cat $2" | tar -xzvf -
+        ssh $1 "cat $2" | gunzip -c | tar -xf -
 	check_exit
 }
 
 extract_from_http() {
-        wget -O - $1 | tar -xzvf -
+        wget -O - $1 | gunzip -c | tar -xf -
 	check_exit
 }
                 
@@ -60,7 +59,6 @@ case $1 in
 esac
 
 sync
-mount --bind /etc /tmp/.cfgfs/root
+mount -o bind /etc /tmp/.cfgfs/root
 
-echo "Check with cfgfs status if you need to merge and save any changes in /etc."
-echo "You should reboot now."
+echo "Update sucessful. You should reboot now."

package/bind/files/named.init

@@ -15,7 +15,7 @@ autostop) ;;
 		fi
 		;;
 	stop)
-		killall named
+		pkill named
 		;;
 	restart)
 		sh $0 stop

package/bitlbee/files/bitlbee.init

@@ -14,7 +14,7 @@ start)
 	bitlbee -D
 	;;
 stop)
-	killall bitlbee
+	pkill bitlbee
 	;;
 restart)
 	sh $0 stop

package/bluez/files/bluez.init

@@ -13,7 +13,7 @@ start)
 	bluetoothd
 	;;
 stop)
-	killall bluetoothd
+	pkill bluetoothd
 	;;
 restart)
 	sh $0 stop

package/busybox/config/Config.in

@@ -65,7 +65,7 @@ config BUSYBOX_SHOW_USAGE
 
 config BUSYBOX_FEATURE_VERBOSE_USAGE
 	bool "Show verbose applet usage messages"
-	default n
+	default y
 	select BUSYBOX_SHOW_USAGE
 	help
 	  All BusyBox applets will show more verbose help messages when
@@ -155,7 +155,7 @@ config BUSYBOX_FEATURE_CLEAN_UP
 
 config BUSYBOX_FEATURE_PIDFILE
 	bool "Support writing pidfiles"
-	default n
+	default y
 	help
 	  This option makes some applets (e.g. crond, syslogd, inetd) write
 	  a pidfile in /var/run. Some applications rely on them.

package/busybox/config/archival/Config.in

@@ -7,19 +7,19 @@ menu "Archival Utilities"
 
 config BUSYBOX_FEATURE_SEAMLESS_LZMA
 	bool "Make tar, rpm, modprobe etc understand .lzma data"
-	default n
+	default y
 	help
 	  Make tar, rpm, modprobe etc understand .lzma data.
 
 config BUSYBOX_FEATURE_SEAMLESS_BZ2
 	bool "Make tar, rpm, modprobe etc understand .bz2 data"
-	default n
+	default y
 	help
 	  Make tar, rpm, modprobe etc understand .bz2 data.
 
 config BUSYBOX_FEATURE_SEAMLESS_GZ
 	bool "Make tar, rpm, modprobe etc understand .gz data"
-	default n
+	default y
 	help
 	  Make tar, rpm, modprobe etc understand .gz data.
 
@@ -163,7 +163,7 @@ config BUSYBOX_GUNZIP
 
 config BUSYBOX_GZIP
 	bool "gzip"
-	default n
+	default y
 	help
 	  gzip is used to compress files.
 	  It's probably the most widely used UNIX compression program.
@@ -276,7 +276,7 @@ config BUSYBOX_FEATURE_TAR_LONG_OPTIONS
 
 config BUSYBOX_FEATURE_TAR_UNAME_GNAME
 	bool "Enable use of user and group names"
-	default n
+	default p
 	depends on BUSYBOX_TAR
 	help
 	  Enables use of user and group names in tar. This affects contents

package/busybox/config/init/Config.in

@@ -21,7 +21,7 @@ config BUSYBOX_FEATURE_USE_INITTAB
 
 config BUSYBOX_FEATURE_KILL_REMOVED
 	bool "Support killing processes that have been removed from inittab"
-	default y
+	default n
 	depends on BUSYBOX_FEATURE_USE_INITTAB
 	help
 	  When respawn entries are removed from inittab and a SIGHUP is
@@ -41,7 +41,7 @@ config BUSYBOX_FEATURE_KILL_DELAY
 
 config BUSYBOX_FEATURE_INIT_SCTTY
 	bool "Run commands with leading dash with controlling tty"
-	default n
+	default y
 	depends on BUSYBOX_INIT
 	help
 	  If this option is enabled, init will try to give a controlling
@@ -56,7 +56,7 @@ config BUSYBOX_FEATURE_INIT_SCTTY
 
 config BUSYBOX_FEATURE_INIT_SYSLOG
 	bool "Enable init to write to syslog"
-	default n
+	default y
 	depends on BUSYBOX_INIT
 
 config BUSYBOX_FEATURE_EXTRA_QUIET

package/busybox/config/networking/Config.in

@@ -60,7 +60,7 @@ config BUSYBOX_ARPING
 
 config BUSYBOX_BRCTL
 	bool "brctl"
-	depends on !ADK_PACKAGE_BRCTL
+	depends on !ADK_PACKAGE_BRIDGE_UTILS
 	default n
 	help
 	  Manage ethernet bridges.

package/busybox/config/procps/Config.in

@@ -64,7 +64,7 @@ config BUSYBOX_PIDOF
 
 config BUSYBOX_FEATURE_PIDOF_SINGLE
 	bool "Enable argument for single shot (-s)"
-	default n
+	default y
 	depends on BUSYBOX_PIDOF
 	help
 	  Support argument '-s' for returning only the first pid found.

package/busybox/files/inetd.init

@@ -14,7 +14,7 @@ start)
 autostop)
 	;;
 stop)
-	killall inetd
+	pkill inetd
 	;;
 restart)
 	sh $0 stop

package/busybox/files/syslog.init

@@ -14,8 +14,8 @@ start)
 	klogd
 	;;
 stop)
-	killall klogd
-	killall syslogd
+	pkill klogd
+	pkill syslogd
 	;;
 restart)
 	sh $0 stop

package/cfinstall/src/cfinstall

@@ -35,7 +35,7 @@ chroot /mnt mount -t proc /proc /proc
 chroot /mnt mount -t sysfs /sys /sys
 cat << EOF > /mnt/boot/grub/grub.cfg
 set default=0
-set timeout=5
+set timeout=1
 serial --unit=0 --speed=$speed
 terminal_output serial 
 terminal_input serial 

package/chillispot/files/chillispot.init

@@ -13,7 +13,7 @@ start)
 	chilli
 	;;
 stop)
-	killall chilli
+	pkill chilli
 	;;
 restart)
 	sh $0 stop

package/collectd/files/collectd.init

@@ -14,7 +14,7 @@ start)
 	collectd
 	;;
 stop)
-	killall collectd
+	pkill collectd
 	;;
 restart)
 	sh $0 stop

package/cups/files/cupsd.init

@@ -16,7 +16,7 @@ start)
 	/usr/sbin/cupsd -c /etc/cups/cupsd.conf
 	;;
 stop)
-	killall cupsd
+	pkill cupsd
 	;;
 restart)
 	sh $0 stop

package/dansguardian/files/dansguardian.init

@@ -11,10 +11,14 @@ autostart)
 	exec sh $0 start
 	;;
 start)
+	if [ ! -f /var/log/dansguardian-access.log ];then
+		touch /var/log/dansguardian-access.log
+		chown proxy:proxy /var/log/dansguardian-access.log
+	fi
 	dansguardian
 	;;
 stop)
-	killall dansguardian
+	pkill dansguardian
 	;;
 restart)
 	sh $0 stop

package/dansguardian/files/dansguardian.postinst

@@ -1,6 +1,6 @@
 #!/bin/sh
 . $IPKG_INSTROOT/etc/functions.sh
 gid=$(get_next_gid)
-add_user proxy $(get_next_uid) $gid /etc/dansguardian
-add_group proxy $gid
+add_user dansguardian $(get_next_uid) $gid /etc/dansguardian
+add_group dansguardian $gid
 add_rcconf dansguardian dansguardian NO

package/dbus/files/dbus.init

@@ -14,7 +14,7 @@ start)
 	dbus-daemon --config-file=/etc/dbus-1/system.conf
 	;;
 stop)
-	killall dbus-daemon
+	pkill dbus-daemon
 	;;
 restart)
 	sh $0 stop

package/dhcp-forwarder/files/dhcp-fwd.init

@@ -13,7 +13,7 @@ start)
 	dhcp-fwd
 	;;
 stop)
-	killall dhcp-fwd
+	pkill dhcp-fwd
 	;;
 restart)
 	sh $0 stop

package/dhcp/files/dhcpd.init

@@ -14,7 +14,7 @@ start)
 	dhcpd $dhcpd_flags
 	;;
 autostop|stop)
-	killall dhcpd
+	pkill dhcpd
 	;;
 restart)
 	sh $0 stop

package/dnsmasq/files/dnsmasq.init

@@ -14,7 +14,7 @@ start)
 	/usr/sbin/dnsmasq
 	;;
 stop)
-	killall dnsmasq
+	pkill dnsmasq
 	;;
 restart)
 	sh $0 stop

package/dropbear/files/dropbear.init

@@ -30,7 +30,7 @@ start)
 	/usr/sbin/dropbear $dropbear_flags
 	;;
 stop)
-	killall dropbear
+	pkill dropbear
 	;;
 restart)
 	sh $0 stop

package/ebtables/Config.in

@@ -0,0 +1,6 @@
+config ADK_PACKAGE_EBTABLES
+	prompt "ebtables.......................... Ethernet bridging firewall tool"
+	tristate
+	default n
+	help
+	  http://ebtables.sourceforge.net/

package/ebtables/Makefile

@@ -0,0 +1,32 @@
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include ${TOPDIR}/rules.mk
+
+PKG_NAME:=		ebtables
+PKG_VERSION:=		2.0.9
+PKG_RELEASE:=		1
+PKG_MD5SUM:=		0e0c20adf2bba6d91dbd0b74a1a38c33
+PKG_DESCR:=		ethernet bridging firewall tool
+PKG_SECTION:=		net
+PKG_URL:=		http://ebtables.sourceforge.net
+PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=ebtables/}
+
+DISTFILES:=		${PKG_NAME}-v${PKG_VERSION}-1.tar.gz
+WRKDIST=		${WRKDIR}/${PKG_NAME}-v${PKG_VERSION}-1
+
+include ${TOPDIR}/mk/package.mk
+
+$(eval $(call PKG_template,EBTABLES,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
+
+BUILD_STYLE:=		auto
+INSTALL_STYLE:=		auto
+
+post-install:
+	${INSTALL_DIR} ${IDIR_EBTABLES}/etc
+	${INSTALL_DIR} ${IDIR_EBTABLES}/usr/sbin ${IDIR_EBTABLES}/usr/lib
+	${INSTALL_DATA} ${WRKINST}/etc/ethertypes ${IDIR_EBTABLES}/etc
+	${INSTALL_BIN} ${WRKINST}/usr/sbin/ebtables ${IDIR_EBTABLES}/usr/sbin
+	${CP} ${WRKINST}/usr/lib/*.so ${IDIR_EBTABLES}/usr/lib
+
+include ${TOPDIR}/mk/pkg-bottom.mk

package/ebtables/patches/patch-Makefile

@@ -0,0 +1,95 @@
+--- ebtables-v2.0.9-1.orig/Makefile	2009-06-21 15:13:25.000000000 +0200
++++ ebtables-v2.0.9-1/Makefile	2009-11-29 15:39:30.000000000 +0100
+@@ -8,17 +8,16 @@ PROGDATE:=June\ 2009
+ 
+ # default paths
+ LIBDIR:=/usr/lib
+-MANDIR:=/usr/local/man
+-BINDIR:=/usr/local/sbin
++MANDIR:=/usr/man
++BINDIR:=/usr/sbin
+ ETCDIR:=/etc
+-INITDIR:=/etc/rc.d/init.d
++INITDIR:=/etc/init.d
+ SYSCONFIGDIR:=/etc/sysconfig
+ DESTDIR:=
+ 
+-CFLAGS:=-Wall -Wunused
++CFLAGS?=-Wall -Wunused
+ CFLAGS_SH_LIB:=-fPIC
+-CC:=gcc
+-LD:=ld
++CC?=gcc
+ 
+ ifeq ($(shell uname -m),sparc64)
+ CFLAGS+=-DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32
+@@ -85,7 +84,7 @@ ebtables-standalone.o: ebtables-standalo
+ 
+ .PHONY: libebtc
+ libebtc: $(OBJECTS2)
+-	$(LD) -shared -soname libebtc.so -o libebtc.so -lc $(OBJECTS2)
++	$(CC) -shared -o libebtc.so -lc $(OBJECTS2)
+ 
+ ebtables: $(OBJECTS) ebtables-standalone.o libebtc
+ 	$(CC) $(CFLAGS) $(CFLAGS_SH_LIB) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \
+@@ -154,28 +153,29 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/
+ .PHONY: scripts
+ scripts: ebtables-save ebtables.sysv ebtables-config
+ 	cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_
+-	install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
++	install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
+ 	cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_
+-	install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables
++	mkdir -p $(DESTDIR)$(INITDIR)
++	install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables
+ 	cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_
+-	install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config
++	#install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config
+ 	rm -f ebtables-save_ ebtables.sysv_ ebtables-config_
+ 
+ $(MANDIR)/man8/ebtables.8: ebtables.8
+ 	mkdir -p $(DESTDIR)$(@D)
+ 	sed 's/$$(VERSION)/$(PROGVERSION)/' ebtables.8 | sed 's/$$(DATE)/$(PROGDATE)/' > ebtables.8_
+-	install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@
++	install -m 0644 ebtables.8_ $(DESTDIR)$@
+ 	rm -f ebtables.8_
+ 
+ $(ETHERTYPESFILE): ethertypes
+ 	mkdir -p $(DESTDIR)$(@D)
+-	install -m 0644 -o root -g root $< $(DESTDIR)$@
++	install -m 0644 $< $(DESTDIR)$@
+ 
+ .PHONY: exec
+ exec: ebtables ebtables-restore
+ 	mkdir -p $(DESTDIR)$(BINDIR)
+-	install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
+-	install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
++	install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
++	install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
+ 
+ .PHONY: install
+ install: $(MANDIR)/man8/ebtables.8 $(ETHERTYPESFILE) exec scripts
+@@ -199,18 +199,18 @@ release:
+ 	rm -f extensions/ebt_inat.c
+ 	rm -rf $(CVSDIRS)
+ 	mkdir -p include/linux/netfilter_bridge
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/netfilter_bridge.h include/linux/
+ # To keep possible compile error complaints about undefined ETH_P_8021Q
+ # off my back
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/if_ether.h include/linux/
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/types.h include/linux/
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/netfilter_bridge/*.h \
+ 		include/linux/netfilter_bridge/
+-	install -m 0644 -o root -g root \
++	install -m 0644  \
+ 		include/ebtables.h include/linux/netfilter_bridge/
+ 	make clean
+ 	touch *

package/esound/files/esd.init

@@ -12,7 +12,7 @@ start)
 	esd -d /dev/sound/dsp -public -tcp -nobeeps
 	;;
 stop)
-	killall esd
+	pkill esd
 	;;
 restart)
 	sh $0 stop

package/ez-ipupdate/files/ez-ipupdate.init

@@ -13,7 +13,7 @@ start)
 	/usr/sbin/ez-ipupdate -c /etc/ez-ipupdate.conf -d
 	;;
 stop)
-	killall ez-ipupdate
+	pkill ez-ipupdate
 	;;
 restart)
 	sh $0 stop

package/fakeidentd/files/fakeidentd.init

@@ -13,7 +13,7 @@ start)
 	fakeidentd ${fakeidentd_flags}
 	;;
 stop)
-	killall fakeidentd
+	pkill fakeidentd
 	;;
 restart)
 	sh $0 stop

package/freeradius-server/files/radiusd.init

@@ -14,7 +14,7 @@ start)
 	radiusd
 	;;
 stop)
-	killall radiusd
+	pkill radiusd
 	;;
 restart)
 	sh $0 stop

package/frickin/files/frickin.init

@@ -13,7 +13,7 @@ start)
 	frickin ${frickin_flags}
 	;;
 stop)
-	killall frickin
+	pkill frickin
 	;;
 restart)
 	sh $0 stop

package/gkrellmd/files/gkrellmd.init

@@ -13,7 +13,7 @@ start)
 	gkrellmd -d
 	;;
 stop)
-	killall gkrellmd
+	pkill gkrellmd
 	;;
 restart)
 	sh $0 stop

package/gmediaserver/files/gmediaserver.init

@@ -13,7 +13,7 @@ autostop) ;;
 		gmediaserver $gmediaserver_flags
 		;;
 	stop)
-		killall gmediaserver
+		pkill gmediaserver
 		;;
 	restart)
 		sh $0 stop

package/grub-bin/Makefile

@@ -8,7 +8,7 @@ include ${TOPDIR}/rules.mk
 PKG_NAME:=		grub-bin
 PKG_VERSION:=		1.97.1
 PKG_RELEASE:=		1
-PKG_MD5SUM:=		99ddead9dcb689a7ec2431c1e6b3cf0d
+PKG_MD5SUM:=		24961a39e63d8ec16d765aad3a301cda
 PKG_DESCR:=		GRUB bootloader
 PKG_SECTION:=		sys
 PKG_SITES:=		http://openadk.org/distfiles/

package/heimdal/files/heimdal.init

@@ -15,9 +15,9 @@ start)
 	/usr/sbin/kpasswdd &
 	;;
 stop)
-	killall kdc
-	killall kadmind
-	killall kpasswdd
+	pkill kdc
+	pkill kadmind
+	pkill kpasswdd
 	;;
 restart)
 	sh $0 stop

package/htpdate/files/htpdate.init

@@ -14,7 +14,7 @@ start)
 	htpdate -l -s -t $htpdate_flags && htpdate -D $htpdate_flags
 	;;
 stop)
-	killall htpdate
+	pkill htpdate
 	;;
 restart)
 	sh $0 stop

package/iptables/Makefile

@@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk
 
 PKG_NAME:=		iptables
 PKG_VERSION:=		1.4.5
-PKG_RELEASE:=		1
+PKG_RELEASE:=		2
 PKG_MD5SUM:=		44f13990132c20299c1994cd6f425140
 PKG_DESCR:=		The netfilter firewalling software
 PKG_SECTION:=		net
@@ -24,7 +24,6 @@ include ${TOPDIR}/mk/package.mk
 #include ${LINUX_DIR}/.config
 
 $(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
-$(eval $(call PKG_template,IPTABLES_UTILS,iptables-utils,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 $(eval $(call PKG_template,IP6TABLES,ip6tables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 CONFIGURE_STYLE:=	gnu
@@ -32,21 +31,16 @@ CONFIGURE_ARGS+=	--enable-devel
 BUILD_STYLE:=		auto
 INSTALL_STYLE:=		auto
 
-SUB_INSTALL-${ADK_PACKAGE_IPTABLES_UTILS}+=		iptables-utils-install
 SUB_INSTALL-${ADK_PACKAGE_IP6TABLES}+=			ip6tables-install
 
 post-install: ${SUB_INSTALL-m} ${SUB_INSTALL-y}
-	${INSTALL_DIR} ${IDIR_IPTABLES}/usr/lib
-	${INSTALL_DIR} ${IDIR_IPTABLES}/usr/sbin
-	${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables ${IDIR_IPTABLES}/usr/sbin/
+	${INSTALL_DIR} ${IDIR_IPTABLES}/{usr/lib,etc,usr/sbin}
+	${INSTALL_DATA} ./files/firewall.conf ${IDIR_IPTABLES}/etc
+	${CP} ${WRKINST}/usr/sbin/iptables* ${IDIR_IPTABLES}/usr/sbin/
 	${CP} ${WRKINST}/usr/lib/libiptc.so* ${IDIR_IPTABLES}/usr/lib
 	${CP} ${WRKINST}/usr/lib/libip4tc.so* ${IDIR_IPTABLES}/usr/lib
 	${CP} ${WRKINST}/usr/lib/libxtables.so* ${IDIR_IPTABLES}/usr/lib
 
-iptables-utils-install:
-	${INSTALL_DIR} ${IDIR_IPTABLES_UTILS}/usr/sbin
-	${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables-{save,restore} ${IDIR_IPTABLES_UTILS}/usr/sbin/
-
 ip6tables-install:
 	${INSTALL_DIR} ${IDIR_IP6TABLES}/usr/lib
 	${INSTALL_DIR} ${IDIR_IP6TABLES}/usr/sbin

package/iptables/files/firewall.conf

@@ -0,0 +1,119 @@
+#!/bin/sh
+
+
+echo "configure /etc/firewall.conf first."
+exit 1
+
+### Interfaces
+WAN=ppp0
+LAN=br0
+WLAN=
+
+######################################################################
+### Default ruleset
+######################################################################
+
+### Create chains
+iptables -N input_rule
+iptables -N forwarding_rule
+iptables -t nat -N prerouting_rule
+iptables -t nat -N postrouting_rule
+
+### Default policy
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+
+### INPUT
+###  (connections with the router as destination)
+
+# base case
+iptables -A INPUT -m state --state INVALID -j DROP
+iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
+
+# custom rules
+iptables -A INPUT -j input_rule
+
+# allow access from anything but WAN
+iptables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT
+# allow icmp messages
+iptables -A INPUT -p icmp -j ACCEPT
+
+# reject
+iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
+iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
+
+### OUTPUT
+###  (connections with the router as source)
+
+# base case
+iptables -A OUTPUT -m state --state INVALID -j DROP
+iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+### FORWARD
+###  (connections routed through the router)
+
+# base case
+iptables -A FORWARD -m state --state INVALID -j DROP
+iptables -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# custom rules
+iptables -A FORWARD -j forwarding_rule
+iptables -t nat -A PREROUTING -j prerouting_rule
+iptables -t nat -A POSTROUTING -j postrouting_rule
+
+# allow LAN
+iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
+
+### MASQUERADING
+echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+
+######################################################################
+### Default ruleset end
+######################################################################
+
+###
+### Connections to the router
+###
+
+# ssh
+#iptables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT
+
+# IPSec
+#iptables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT
+#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT
+
+# OpenVPN
+#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT
+
+# PPTP
+#iptables -A input_rule -i $WAN -p gre -j ACCEPT
+#iptables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
+
+###
+###  VPN traffic
+###
+
+# IPSec
+#iptables -A forwarding_rule -o ipsec+ -j ACCEPT
+#iptables -A forwarding_rule -i ipsec+ -j ACCEPT
+
+# OpenVPN
+#iptables -A forwarding_rule -o tun+ -j ACCEPT
+#iptables -A forwarding_rule -i tun+ -j ACCEPT
+
+###
+### Port forwardings to LAN
+###
+
+#iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 3389 -j DNAT --to 192.168.1.10
+#iptables -A forwarding_rule -i $WAN -p tcp --dport 3389 -d 192.168.1.10 -j ACCEPT
+
+# Transparent Bridging Proxy
+#ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
+#        --ip-destination-port 80 -j redirect --redirect-target ACCEPT
+#iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \
+#        -j REDIRECT --to-port 8080
+

package/iptables/files/firewall.init

@@ -0,0 +1,35 @@
+#!/bin/sh
+#PKG iptables
+#INIT 45
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+	test x"${firewall:-NO}" = x"NO" && exit 0
+	exec sh $0 start
+	;;
+start)
+	. /etc/firewall.conf
+	;;
+stop)
+	### Clear tables
+	iptables -F
+	iptables -X
+	iptables -t nat -F
+	iptables -t nat -X
+	iptables -P INPUT ACCEPT
+	iptables -P FORWARD ACCEPT
+	iptables -P OUTPUT ACCEPT
+	iptables -t nat -P PREROUTING ACCEPT
+	iptables -t nat -P POSTROUTING ACCEPT
+	;;
+restart)
+	sh $0 stop
+	sh $0 start
+	;;
+*)
+	echo "Usage: $0 {start | stop | restart}"
+	;;
+esac
+exit $?

package/iptables/files/iptables.postinst

@@ -1,7 +1,4 @@
 #!/bin/sh
 . $IPKG_INSTROOT/etc/functions.sh
 
-if [ -f $IPKG_INSTROOT/etc/init.d/S45firewall ]; then
-    add_rcconf iptables firewall NO
-fi
-
+add_rcconf iptables firewall NO

package/iptables/files/l7/aim.pat

@@ -1,27 +0,0 @@
-# AIM - AOL instant messenger (OSCAR and TOC)
-# Pattern quality: good notsofast
-# Usually runs on port 5190
-#
-# This may also match ICQ traffic.
-# 
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-aim
-# See http://gridley.acns.carleton.edu/~straitm/final (and various other places)
-# The first bit matches OSCAR signon and data commands, but not sure what
-# \x03\x0b matches, but it works apparently.
-# The next three bits match various parts of the TOC signon process.
-# The third one is the magic number "*", then 0x01 for "signon", then up to four
-# bytes ("up to" because l7-filter strips out nulls) which contain a sequence
-# number (2 bytes) the data length (2 more) and 3 nulls (which don't count), 
-# then 0x01 for the version number (not sure if there ever has been another 
-# version)
-# The fourth one is a command string, followed by some stuff, then the
-# beginning of the "roasted" password
-
-# This pattern is too slow!
-
-^(\*[\x01\x02].*\x03\x0b|\*\x01.?.?.?.?\x01)|flapon|toc_signon.*0x

package/iptables/files/l7/bittorrent.pat

@@ -1,14 +0,0 @@
-# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
-# Pattern quality: great veryfast
-#
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-bittorrent
-
-# Does not attempt to match the HTTP download of the tracker
-# 0x13 is the length of "bittorrent protocol"
-# Second two bits match UDP wierdness, commented out until it's tested
-#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP])
-^\x13bittorrent protocol

package/iptables/files/l7/edonkey-dl.pat

@@ -1,8 +0,0 @@
-# eDonkey2000 - P2P filesharing (download part) - http://edonkey2000.com
-# Pattern quality: good veryfast overmatch usepacket
-
-edonkey-dl
-
-^[\xe3\xe4\xc5\xe5\xd4](....)?[\x01\x0a\x0e\x0f\x10\x18\x19\x1b\x1c\x47\x4a\x4f\x51\x53\x54\x58\x60\x81\x90\x96\x9a\x9c\xa2]
-
-

package/iptables/files/l7/edonkey.pat

@@ -1,29 +0,0 @@
-# eDonkey2000 - P2P filesharing - http://edonkey2000.com
-# Pattern quality: good veryfast overmatch
-#
-# Please post to l7-filter-developers@lists.sf.net as to whether this pattern 
-# works for you or not.  If you believe it could be improved please post your 
-# suggestions to that list as well. You may subscribe to this list at 
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# Thanks to Matt Skidmore <fox AT woozle.org>
-
-edonkey
-
-# http://gd.tuwien.ac.at/opsys/linux/sf/p/pdonkey/eDonkey-protocol-0.6
-#
-# In addition to \xe3, \xc5 and \xd4, I see a lot of \xe5
-#
-# God this is a mess.  What an irritating protocol.  
-# This will match about 1% of streams with random data in them!
-
-^[\xe3\xc5\xe5\xd4](....)?([\x01\x02\x05\x14\x15\x16\x18\x19\x1a\x1b\x1c\x20\x21\x32\x33\x34\x35\x36\x38\x40\x41\x42\x43\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x5b\x5c\x60\x81\x82\x90\x91\x93\x96\x97\x98\x99\x9a\x9b\x9c\x9e\xa0\xa1\xa2\xa3\xa4]|\x59................?[ -~]|\x96....$)
-
-# matches everything and too much 
-# ^(\xe3|\xc5|\xd4)
-
-# ipp2p essentially uses "\xe3....\x47", which doesn't seem at all right to me.
-
-# bandwidtharbitrator uses 
-# e0.*@.*6[a-z].*p$|e0.*@.*[a-z]6[a-z].*p0$|e.*@.*[0-9]6.*p$|emule|edonkey
-# no comments to explain what all the mush is, of course...

package/iptables/files/l7/fasttrack.pat

@@ -1,25 +0,0 @@
-# FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc)
-# Pattern quality: good notsofast
-#
-# Tested with Kazaa Lite Resurrection 0.0.7.6F
-#
-# This appears to match the download connections well, but not the search
-# connections (I think they are encrypted :-( ).
-#
-# Please post to l7-filter-developers@lists.sf.net as to whether it works 
-# for you or not.  If you believe it could be improved please post your 
-# suggestions to that list as well. You may subscribe to this list at 
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-fasttrack
-# while this is a valid http request, this will be caught because
-# the http pattern matches the response (and therefore the next packet)
-# Even so, it's best to put this match earlier in the chain.
-# http://cvs.berlios.de/cgi-bin/viewcvs.cgi/gift-fasttrack/giFT-FastTrack/PROTOCOL?rev=HEAD&content-type=text/vnd.viewcvs-markup
-
-# This pattern is kinda slow, but not too bad.
-^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?
-
-# This isn't much faster:
-#^get (/.download/.*|/.supernode.|/.status.|/.network.*|/.files|/.hash=[0-9a-f]*/.*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?
-

package/iptables/files/l7/ftp.pat

@@ -1,34 +0,0 @@
-# FTP - File Transfer Protocol - RFC 959
-# Pattern quality: great fast
-#
-# Usually runs on port 21.  Note that the data stream is on a dynamically
-# assigned port, which means that you will need the FTP connection 
-# tracking module in your kernel to usefully match FTP data transfers.
-# 
-# This pattern is well tested.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# Matches the first two things a server should say.  Most servers say 
-# something after 220, even though they don't have to, and it usually
-# includes the string "ftp" (l7-filter is case insensitive).
-# This includes proftpd, vsftpd, wuftpd, warftpd, pureftpd, Bulletproof 
-# FTP Server, and whatever ftp.microsoft.com uses.  Just in case, the next 
-# thing the server sends is a 331.  All the above servers also send 
-# something including "password" after this code.
-ftp
-# actually, let's just do the first for now, it's faster
-^220[\x09-\x0d -~]*ftp
-
-# This is ~10x faster if the stream starts with "220"
-#^220.*ftp
-
-# This will match more, but much slower
-#^220[\x09-\x0d -~]*ftp|331[\x09-\x0d -~]*password
-
-# This pattern is more precise, but takes longer to match. (3 packets vs. 1)
-#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a331
-
-# same as above, but slightly less precise and only takes 2 packets.
-#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a

package/iptables/files/l7/gnutella.pat

@@ -1,36 +0,0 @@
-# Gnutella - P2P filesharing
-# Pattern quality: good fast
-#
-# This should match both Gnutella and "Gnutella2" ("Mike's protocol")
-# 
-# Various clients use this protocol including Mactella, Shareaza,
-# GTK-gnutella, Gnucleus, Gnotella, LimeWire, BearShare, and iMesh.
-# 
-# This is tested with gtk-gnutella and Shareaza.
-#
-# Please report on how this pattern works for you at
-# l7-filter-developers@lists.sf.net .  If you can improve on this
-# pattern, please also post to that list. You may subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# http://www.gnutella2.com/tiki-index.php?page=UDP%20Transceiver
-# http://rfc-gnutella.sf.net/
-# http://www.gnutella2.com/tiki-index.php?page=Gnutella2%20Specification
-# http://en.wikipedia.org/wiki/Shareaza
-
-gnutella
-
-# The first part matches UDP messages - All start with "GND", then have
-# a flag byte which is either \x00, \x01 or \x02, then two sequence bytes
-# that can be anything, then a fragment number, which must start at 1.
-# The rest matches TCP first client message or first server message (in case 
-# we can't see client messages).  Some parts of this are empirical rather than 
-# document based.  Assumes version is between 0.0 and 2.9. (usually is
-# 0.4 or 0.6).  I'm guessing at many of the user-agents.
-# The last bit is emprical and probably only matches Limewire.
-^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|..................lime)
-
-# Needlessly precise, at the expense of time
-#^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /[\x09-\x0d -~]*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /[\x09-\x0d -~]*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella[\x09-\x0d -~]*content-type: application/x-gnutella|..................lime)
-
-

package/iptables/files/l7/http.pat

@@ -1,28 +0,0 @@
-# HTTP - HyperText Transfer Protocol - RFC 2616
-# Pattern quality: great notsofast
-# Usually runs on port 80
-#
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# this intentionally catches the response from the server
-# rather than the request so that other protocols which use
-# http (like kazaa) can be caught based on specific http requests
-# regardless of the ordering of filters...
-# also matches posts
-
-# Sites that serve really long cookies may break this by pushing the
-# server response too far away from the beginning of the connection. To
-# fix this, increase the kernel's data buffer length.
-
-http
-# Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF (rfc 2616)
-# As specified in rfc 2616 a status code is preceeded and followed by a
-# space. 
-http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019]
-# A slightly faster version that might be good enough:
-#http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019]
-# old pattern(s):
-#(http[\x09-\x0d -~]*(200 ok|302 |304 )[\x09-\x0d -~]*(connection:|content-type:|content-length:))|^(post [\x09-\x0d -~]* http/)

package/iptables/files/l7/ident.pat

@@ -1,14 +0,0 @@
-# Ident - Identification Protocol - RFC 1413
-# Pattern quality: good veryfast
-# Usually runs on port 113
-#
-# This pattern is believed to work.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-ident
-# "number , numberCRLF" possibly without the CR and/or LF.
-# ^$ is appropriate because the first packet should never have anything
-# else in it.
-^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\x09-\x0d]*,[\x09-\x0d]*[1-9][0-9]?[0-9]?[0-9]?[0-9]?(\x0d\x0a|[\x0d\x0a])?$

package/iptables/files/l7/irc.pat

@@ -1,20 +0,0 @@
-# IRC - Internet Relay Chat - RFC 1459
-# Pattern quality: good veryfast
-#
-# Usually runs on port 6666 or 6667
-# Note that chat traffic runs on these ports, but IRC-DCC traffic (which
-# can use much more bandwidth) uses a dynamically assigned port, so you 
-# must have the IRC connection tracking module in your kernel to classify
-# this.
-#
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-irc
-# First thing that happens is that the client sends NICK and USER, in 
-# either order.  This allows MIRC color codes (\x02-\x0d instead of
-# \x09-\x0d).
-^(nick[\x09-\x0d -~]*user[\x09-\x0d -~]*:|user[\x09-\x0d -~]*:[\x02-\x0d -~]*nick[\x09-\x0d -~]*\x0d\x0a)
-

package/iptables/files/l7/jabber.pat

@@ -1,24 +0,0 @@
-# Jabber (XMPP) - an open instant messenger protocol - http://jabber.org
-# Pattern quality: good fast
-#
-# This pattern has been tested with Gaim and Gabber.  It is only tested 
-# with non-SSL mode Jabber with no proxies.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# Thanks to Jan Hudec for some improvements.
-
-# Jabber seems to take a long time to set up a connection.  I'm
-# connecting with Gabber 0.8.8 to 12jabber.org and the first 8 packets
-# is this:
-# <stream:stream to='12jabber.com' xmlns='jabber:client'
-# xmlns:stream='http://etherx.jabber.org/streams'><?xml
-# version='1.0'?><stream:stream
-# xmlns:stream='http://etherx.jabber.org/streams' id='3f73e951'
-# xmlns='jabber:client' from='12jabber.com'>
-#
-# No mention of my username or password yet, you'll note.
-
-jabber
-<stream:stream[\x09-\x0d ][ -~]*[\x09-\x0d ]xmlns=['"]jabber

package/iptables/files/l7/msnmessenger.pat

@@ -1,15 +0,0 @@
-# MSN Messenger - Microsoft Network chat client
-# Pattern quality: good veryfast
-#
-# Usually uses port 1863
-# http://www.hypothetic.org/docs/msn/index.php
-#
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-msnmessenger
-# ver: allow versions up to 99.
-# usr (in case ver didn't work):  
-^(ver [0-9]+ msnp[1-9][0-9]? [\x09-\x0d -~]* cvr|usr md5 i [ -~]*)

package/iptables/files/l7/ntp.pat

@@ -1,17 +0,0 @@
-# (S)NTP - (Simple) Network Time Protocol - RFCs 1305 and 2030
-# Pattern quality: good veryfast overmatch 
-#
-# This pattern is tested and is believed to work. If this does not work
-# for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net .  Subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# client|server
-# Requires the server's timestamp to be in the present or future (of 2005).
-# Tested with ntpdate on Linux.
-# Assumes version 2, 3 or 4.
-
-# Note that ntp packets are always 48 bytes, so you should match on that too.
-
-ntp
-^([\x13\x1b\x23\xd3\xdb\xe3]|[\x14\x1c$].......?.?.?.?.?.?.?.?.?[\xc6-\xff])

package/iptables/files/l7/pop3.pat

@@ -1,50 +0,0 @@
-# POP3 - Post Office Protocol version 3 (popular e-mail protocol) - RFC 1939
-# Pattern quality: good veryfast
-#
-# This pattern has been tested somewhat.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# this is a difficult protocol to match because of the relative lack of 
-# distinguishing information.  Read on.
-pop3
-
-# this the most conservative pattern.  It should definitely work.
-#^(\+ok|-err)
-
-# this pattern assumes that the server says _something_ after +ok or -err
-# I think this is probably the way to go.
-^(\+ok |-err )
-
-# more that 90% of servers seem to say "pop" after "+ok", but not all.
-#^(\+ok .*pop)
-
-# Here's another tack. I think this is my second favorite.
-#^(\+ok [\x09-\x0d -~]*(ready|hello|pop|starting)|-err [\x09-\x0d -~]*(invalid|unknown|unimplemented|unrecognized|command))
-
-# this matches the server saying "you have N messages that are M bytes",
-# which the client probably asks for early in the session (not tested)
-#\+ok [0-9]+ [0-9]+
-
-# some sample servers:
-# RFC example:        +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
-# mail.dreamhost.com: +OK Hello there.
-# pop.carleton.edu:   +OK POP3D(*) Server PMDFV6.2.2 at Fri, 12 Sep 2003 19:28:10 -0500 (CDT) (APOP disabled)
-# mail.earthlink.net: +OK NGPopper vEL_4_38 at earthlink.net ready <25509.1063412951@falcon>
-# *.email.umn.edu:    +OK Cubic Circle's v1.22 1998/04/11 POP3 ready <7d1e0000da67623f@aquamarine.tc.umn.edu>
-# mail.yale.edu:      +OK POP3 pantheon-po01 v2002.81 server ready
-# mail.gustavus.edu:  +OK POP3 solen v2001.78 server ready
-# mail.reed.edu:      +OK POP3 letra.reed.edu v2002.81 server ready
-# mail.bowdoin.edu:   +OK mail.bowdoin.edu POP3 service (iPlanet Messaging Server 5.2 HotFix 1.15 (built Apr 28 2003))
-# pop.colby.edu:      +OK Qpopper (version 4.0.5) at basalt starting.
-# mail.mac.com:       +OK Netscape Messaging Multiplexor ready
-
-# various error strings:
-#-ERR Invalid command.
-#-ERR invalid command
-#-ERR unimplemented
-#-ERR Invalid command, try one of: USER name, PASS string, QUIT
-#-ERR Unknown AUTHORIZATION state command
-#-ERR Unrecognized command
-#-ERR Unknown command: "sadf'".

package/iptables/files/l7/smtp.pat

@@ -1,39 +0,0 @@
-# SMTP - Simple Mail Transfer Protocol - RFC 2821 (See also RFC 1869)
-# Pattern quality: great fast
-# usually runs on port 25
-# 
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-smtp
-# As usual, no text is required after "220", but all known servers have some
-# there.  It (almost?) always has string "smtp" in it.  The RFC examples
-# does not, so we match those too, just in case anyone has copied them 
-# literally.
-^220[\x09-\x0d -~]* (e?smtp|simple mail)
-
-# This is ~3x faster if the stream starts with "220" 
-#^220.* (e?smtp|simple mail)
-
-# Some examples:
-# 220 mail.stalker.com ESMTP CommuniGate Pro 4.1.3
-# 220 mail.vieodata.com ESMTP Merak 6.1.0; Mon, 15 Sep 2003 13:48:11 -0400
-# 220 mail.ut.caldera.com ESMTP
-# 220 persephone.pmail.gen.nz ESMTP server ready.
-# 220 smtp1.superb.net ESMTP
-# 220 mail.kerio.com Kerio MailServer 5.6.7 ESMTP ready
-# 220-mail.deerfield.com ESMTP VisNetic.MailServer.v6.0.9.0; Mon, 15 Sep 2003 13:4
-# 220 altn.com ESMTP MDaemon 6.8.5; Mon, 15 Sep 2003 12:46:42 -0500
-# 220 X1 NT-ESMTP Server ipsmin0165atl2.interland.net (IMail 6.06 73062-3)
-# 220 mail.icewarp.com ESMTP Merak 6.1.1; Mon, 15 Sep 2003 19:43:23 +0200
-# 220-mail.email-scan.com ESMTP
-# 220 smaug.dreamhost.com ESMTP
-# 220 kona.carleton.edu -- Server ESMTP (PMDF V6.2#30648)
-# 220 letra.reed.edu ESMTP Sendmail 8.12.9/8.12.9; Mon, 15 Sep 2003 10:35:57 -0700 (PDT)
-# 220-swan.mail.pas.earthlink.net ESMTP Exim 3.33 #1 Mon, 15 Sep 2003 10:32:15 -0700
-# 
-# RFC examples:
-# 220 xyz.com Simple Mail Transfer Service Ready (RFC example)
-# 220 dbc.mtview.ca.us SMTP service ready

package/iptables/files/l7/ssl.pat

@@ -1,15 +0,0 @@
-# SSL and TLS - Secure Socket Layer / Transport Layer Security - RFC 2246
-# Pattern quality: good fast
-# Usually runs on port 443
-#
-# This is a superset validcertssl.  For it to match, it must be first.
-# 
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-ssl
-# Client Hello | Server Hello with certificate
-# This allows SSL 3.X, which includes TLS 1.0, known internally as SSL 3.1
-^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b)

package/iptables/files/l7/vnc.pat

@@ -1,23 +0,0 @@
-# VNC - Virtual Network Computing.  Also known as RFB - Remote Frame Buffer
-# Pattern quality: good fast
-# http://www.realvnc.com/documentation.html
-# 
-# This pattern has been verified with vnc v3.3.7 on WinXP and Linux
-# Please report on how this pattern works for you at
-# l7-filter-developers@lists.sf.net .  If you can improve on this pattern,
-# please also post to that list. You may subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# Thanks to Trevor Paskett <tpaskett AT cymphonix.com> for this pattern.
-
-vnc
-# Assumes single digit major and minor version numbers 
-# This message should be all alone in the first packet, so ^$ is appropriate
-^rfb 00[1-9]\.00[0-9]\x0a$
-
-# This is a more restrictive version which assumes the version numbers
-# are ones actually in existance at the time of this writing, i.e. 3.3,
-# 3.7 and 3.8 (with some clients wrongly reporting 3.5).  It should be
-# slightly faster, but probably not worth the extra maintenance. 
-# ^rfb 003\.00[3578]\x0a$
-

package/krb5/files/krb5.init

@@ -14,8 +14,8 @@ start)
 	/usr/sbin/kadmind &
 	;;
 stop)
-	killall krb5kdc
-	killall kadmind
+	pkill krb5kdc
+	pkill kadmind
 	;;
 restart)
 	sh $0 stop

package/lighttpd/files/lighttpd.init

@@ -14,7 +14,7 @@ start)
 	lighttpd $lighttpd_flags
 	;;
 stop)
-	killall lighttpd
+	pkill lighttpd
 	;;
 restart)
 	sh $0 stop

package/maradns/files/maradns.init

@@ -16,7 +16,7 @@ start)
 	maradns &
 	;;
 stop)
-	killall maradns
+	pkill maradns
 	;;
 restart)
 	sh $0 stop

package/mini_httpd/files/mini_httpd.init

@@ -14,7 +14,7 @@ start)
 	mini_httpd $mini_httpd_flags
 	;;
 stop)
-	killall mini_httpd
+	pkill mini_httpd
 	;;
 restart)
 	sh $0 stop

package/miredo/files/miredo-server.init

@@ -14,7 +14,7 @@ start)
 	miredo-server
 	;;
 stop)
-	killall miredo-server
+	pkill miredo-server
 	;;
 restart)
 	sh $0 stop

package/miredo/files/miredo.init

@@ -14,7 +14,7 @@ start)
 	miredo
 	;;
 stop)
-	killall miredo
+	pkill miredo
 	;;
 restart)
 	sh $0 stop

package/monit/files/monit.init

@@ -14,7 +14,7 @@ start)
 	monit $monit_flags
 	;;
 stop)
-	killall monit	
+	pkill monit	
 	;;
 restart)
 	sh $0 stop

package/mpd/files/mpd.conf

@@ -3,6 +3,7 @@ user				"mpd"
 music_directory			"~/music"
 playlist_directory		"~/.mpd/playlists"
 db_file				"~/.mpd/database"
+pid_file			"/var/run/mpd/mpd.pid"
 log_file			"~/.mpd/log"
 error_file			"~/.mpd/error-log"
 # An example of an ALSA output

package/mpd/files/mpd.init

@@ -17,6 +17,10 @@ start)
 		echo "mpd user must be in group audio."
 		exit 1
 	fi
+	if [ ! -d /var/run/mpd ];then
+		mkdir -p /var/run/mpd
+		chown mpd:mpd /var/run/mpd
+	fi
 	mpd
 	;;
 stop)

package/mpd/files/mpd.postinst

@@ -2,5 +2,5 @@
 . $IPKG_INSTROOT/etc/functions.sh
 gid=$(get_next_gid)
 add_group mpd $gid
-add_user mpd $(get_next_uid) $gid /mnt
+add_user mpd $(get_next_uid) $gid /mnt/media
 add_rcconf mpd

package/mrd6/files/mrd6.init

@@ -14,7 +14,7 @@ start)
 	/usr/sbin/mrd6 -f /etc/mrd6.conf -D
 	;;
 stop)
-	killall mrd6
+	pkill mrd6
 	;;
 restart)
 	sh $0 stop

package/mt-daapd/files/mt-daapd.init

@@ -14,7 +14,7 @@ start)
 	mt-daapd
 	;;
 stop)
-	killall mt-daapd
+	pkill mt-daapd
 	;;
 restart)
 	sh $0 stop

package/net-snmp/files/snmpd.init

@@ -15,7 +15,7 @@ start)
 	snmpd $snmpd_flags
 	;;
 stop)
-	killall snmpd
+	pkill snmpd
 	;;
 restart)
 	sh $0 stop

package/netperf/files/netserver.init

@@ -14,7 +14,7 @@ start)
 	netserver
 	;;
 stop)
-	killall netserver
+	pkill netserver
 	;;
 restart)
 	sh $0 stop

package/nfs-utils/files/nfsd.init

@@ -30,12 +30,12 @@ start)
 	fi
 	;;
 stop)
-	killall nfsd
-	killall mountd
-	killall statd
+	pkill nfsd
+	pkill mountd
+	pkill statd
 	if [ ${nfs_server_version} -eq 4 ];then
-		killall idmapd
-		killall svcgssd
+		pkill idmapd
+		pkill svcgssd
 	fi
 	;;
 restart)

package/nut/files/upsd.init

@@ -16,7 +16,7 @@ start)
 	/usr/sbin/upsd || exit 2
 	;;
 stop)
-	/usr/sbin/upsd -c stop || killall upsd
+	/usr/sbin/upsd -c stop || pkill upsd
 	/usr/bin/upsdrvctl stop
 	;;
 restart)

package/opensips/files/opensips.init

@@ -14,7 +14,7 @@ start)
 	/usr/sbin/opensips
 	;;
 stop)
-	killall opensips
+	pkill opensips
 	;;
 restart)
 	sh $0 stop

package/openvpn/files/openvpn.init

@@ -16,7 +16,7 @@ start)
 	done
 	;;
 stop)
-	killall openvpn
+	pkill openvpn
 	;;
 restart)
 	sh $0 stop

package/osiris/files/osirisd.init

@@ -15,7 +15,7 @@ start)
 	osirisd
 	;;
 stop)
-	killall osirisd
+	pkill osirisd
 	;;
 restart)
 	sh $0 stop

package/p910nd/files/p910nd.init

@@ -14,7 +14,7 @@ start)
 	p910nd $p910nd_flags
 	;;
 stop)
-	killall p910nd
+	pkill p910nd
 	;;
 restart)
 	sh $0 stop

package/parprouted/files/parprouted.init

@@ -14,7 +14,7 @@ start)
 	parprouted ${parprouted_flags}
 	;;
 stop)
-	killall parprouted
+	pkill parprouted
 	;;
 restart)
 	sh $0 stop

package/php/files/php.init

@@ -16,7 +16,7 @@ start)
 	php ${php_flags} &
 	;;
 stop)
-	killall php
+	pkill php
 	;;
 restart)
 	sh $0 stop

package/pmacct/files/nfacctd.init

@@ -14,7 +14,7 @@ autostop) ;;
 		nfacctd $nfaccd_flags
 		;;
 	stop)
-		killall nfacctd
+		pkill nfacctd
 		;;
 	restart)
 		sh $0 stop

package/pmacct/files/pmacctd.init

@@ -14,7 +14,7 @@ autostop) ;;
 		pmacctd $pmacctd_flags
 		;;
 	stop)
-		killall pmacctd
+		pkill pmacctd
 		;;
 	restart)
 		sh $0 stop

package/pptpd/files/pptpd.init

@@ -14,7 +14,7 @@ start)
 	pptpd
 	;;
 stop)
-	killall pptpd
+	pkill pptpd
 	;;
 restart)
 	sh $0 stop

package/radvd/files/radvd.init

@@ -16,7 +16,7 @@ start)
 	;;
 
 stop)
-	killall radvd
+	pkill radvd
 	echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
 	;;
 

package/rarpd/files/rarpd.init

@@ -14,7 +14,7 @@ start)
 	rarpd $rarpd_flags
 	;;
 stop)
-	killall rarpd
+	pkill rarpd
 	;;
 restart)
 	sh $0 stop

package/reaim/files/reaim.init

@@ -21,7 +21,7 @@ start)
 	reaim
 	;;
 stop)
-	killall reaim
+	pkill reaim
 	;;
 restart)
 	sh $0 stop

package/rp-pppoe/files/pppoe-relay.init

@@ -14,7 +14,7 @@ start)
 	pppoe-relay $pppoe_relay_flags
 	;;
 stop)
-	killall pppoe-relay
+	pkill pppoe-relay
 	;;
 restart)
 	sh $0 stop

package/rp-pppoe/files/pppoe-server.init

@@ -14,7 +14,7 @@ start)
 	pppoe-server
 	;;
 stop)
-	killall pppoe-server
+	pkill pppoe-server
 	;;
 restart)
 	sh $0 stop

package/rrdcollect/files/rrdcollect.init

@@ -22,7 +22,7 @@ start)
 	rrdcollect
 	;;
 stop)
-	killall rrdcollect
+	pkill rrdcollect
 	;;
 restart)
 	sh $0 stop

package/samba/files/samba.init

@@ -17,8 +17,8 @@ start)
 	smbd -D
 	;;
 stop)
-	killall nmbd
-	killall smbd
+	pkill nmbd
+	pkill smbd
 	;;
 restart)
 	sh $0 stop

package/scanlogd/files/scanlogd.init

@@ -15,7 +15,7 @@ start)
 	scanlogd $scanlogd_flags
 	;;
 stop)
-	killall scanlogd
+	pkill scanlogd
 	;;
 restart)
 	sh $0 stop

package/siproxd/files/siproxd.init

@@ -14,7 +14,7 @@ autostop) ;;
 		siproxd
 		;;
 	stop)
-  		killall siproxd
+  		pkill siproxd
 		;;
 	restart)
 		sh $0 stop

package/snort-wireless/files/snort-wireless.init

@@ -15,7 +15,7 @@ start)
 	snort ${snort_wireless_flags}
 	;;
 stop)
-	killall snort
+	pkill snort
 	;;
 restart)
 	sh $0 stop

package/snort/files/snort.init

@@ -14,7 +14,7 @@ start)
 	snort $snort_flags
 	;;
 stop)
-	killall snort
+	pkill snort
 	;;
 *)
 	echo "usage: $0 {start | stop | restart}"

package/squid/Config.in

@@ -4,6 +4,7 @@ config ADK_PACKAGE_SQUID
 	tristate
 	default n
 	select ADK_PACKAGE_LIBOPENSSL
+	select ADK_PACKAGE_LIBPTHREAD
 	help
 	  Squid is a high-performance proxy caching server for web clients, 
 	  supporting FTP, gopher, and HTTP data objects. Unlike traditional