目前分類:Ralink SDK (70)

瀏覽方式: 標題列表 簡短摘要
  • vtysh -d bgpd
    只針對 bgpd 溝通
  • write terminal

台南小新 發表在 痞客邦 留言(0) 人氣()


台南小新 發表在 痞客邦 留言(0) 人氣()

  • official site: https://invisible-island.net/ncurses/
  • download: https://invisible-mirror.net/archives/ncurses/
  • AR=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ar \
    CC=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-gcc \
    CXX=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-g++ \
    RANLIB=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ranlib \
    STRIP=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-strip \
    ./configure --host=arm-linux --target=arm-linux --prefix=/usr \
            --enable-static=yes --enable-shared=no
  • make 完之後,.a 檔案都放在 lib 目錄。

台南小新 發表在 痞客邦 留言(0) 人氣()

  • Jul 24 Tue 2018 16:32
  • BGP4

路由策略

  • 訪問控制列表 (ACL, access-list, ipv6 access-list)
    访问控制列表详解
  • 前綴列表 (ip prefix-list, ipv6 prefix-list)

台南小新 發表在 痞客邦 留言(0) 人氣()

  • c-ares is a C library for asynchronous DNS requests (including name resolves)
  • official site: https://c-ares.haxx.se/
  • download: https://c-ares.haxx.se/download/
  • git: https://github.com/c-ares/c-ares.git
  • AR=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ar \
    CC=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-gcc \
    CXX=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-g++ \
    RANLIB=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ranlib \
    STRIP=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-strip \
    ./configure --host=arm-linux --target=arm-linux --prefix=/usr \
            --enable-static=yes --enable-shared=no --with-random=/dev/urandom

台南小新 發表在 痞客邦 留言(0) 人氣()

Build

  • AR=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ar \
    CC=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-gcc \
    CXX=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-g++ \
    RANLIB=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ranlib \
    STRIP=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-strip \
    CFLAGS=-I/home/enos/workspace \
    LDFLAGS="-L/home/enos/workspace/readline -L/home/enos/workspace/ncurses-6.1/lib" \
    CARES_CFLAGS=-I/home/enos/workspace/c-ares-1.14.0 \
    CARES_LIBS="-L/home/enos/workspace/c-ares-1.14.0/.libs -lcares" \
    ./configure --host=arm-linux --target=arm-linux --prefix=/usr \
            --disable-doc --enable-static=yes --enable-shared=no
  • make
  • DESTDIR=/tmp/quagga make install
  • rm -rf /tmp/quagga/usr/include
  • rm -rf /tmp/quagga/usr/lib
  • /tmp/quagga/
    └── usr
        ├── bin
        │   ├── arm-linux-bgp_btoa
        │   ├── arm-linux-test_igmpv3_join
        │   └── arm-linux-vtysh
        ├── etc
        │   ├── bgpd.conf.sample
        │   ├── bgpd.conf.sample2
        │   ├── isisd.conf.sample
        │   ├── ospf6d.conf.sample
        │   ├── ospfd.conf.sample
        │   ├── pimd.conf.sample
        │   ├── ripd.conf.sample
        │   ├── ripngd.conf.sample
        │   └── zebra.conf.sample
        └── sbin
            ├── arm-linux-bgpd
            ├── arm-linux-isisd
            ├── arm-linux-nhrpd
            ├── arm-linux-ospf6d
            ├── arm-linux-ospfclient
            ├── arm-linux-ospfd
            ├── arm-linux-pimd
            ├── arm-linux-ripd
            ├── arm-linux-ripngd
            ├── arm-linux-watchquagga
            └── arm-linux-zebra
  • 把 --target=arm-linux 移除就可以把開頭的 arm-linux- 移除。

Debug

$ ./configure --host=arm-linux --target=arm-linux --prefix=/usr
.....
.....
checking for tputs in -lcurses... no
checking for tputs in -lncurses... no
checking for main in -lreadline... no
configure: error: vtysh needs libreadline but was not found and usable on your system.

增加參數 --disable-vtysh 即可,或是安裝 libreadline。

$ ./configure --host=arm-linux --target=arm-linux --prefix=/usr
.....
.....
checking for netinet6/in6_var.h... no
checking for netinet6/nd6.h... no
checking for inet_ntop in -lc... yes
checking for inet_pton in -lc... yes
checking for crypt in -lcrypt... yes
checking for res_init in -lresolv... no
checking whether system has GNU regex... checking for regexec in -lc... yes
checking for CARES... no
configure: error: Package requirements (libcares) were not met:

No package 'libcares' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables CARES_CFLAGS
and CARES_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

安裝 libcares 並加上 CARES_CFLAGS 及 CARES_LIBS 指定位置,要使用絕對路徑,不可以用相對路徑,因為有的 Makefile 是放在子目錄。

台南小新 發表在 痞客邦 留言(0) 人氣()

產生金鑰

使用 ssh-keygen 產生所需的 rsa 4096 金鑰,使用空白密碼,會產生二個檔案 id_rsa 及 id_rsa.pub。

$ ssh-keygen -t rsa -b 4096 -f /tmp/id_rsa -N ""
Generating public/private rsa key pair.
Your identification has been saved in /tmp/id_rsa.
Your public key has been saved in /tmp/id_rsa.pub.
The key fingerprint is:
8f:46:11:eb:e0:84:9e:a9:5f:4f:0b:d7:1c:50:8d:b9 enos@enos-VirtualBox
The key's randomart image is:
+--[ RSA 4096]----+
|        . .+     |
|     .   +o .    |
|    . o +  .     |
|   . = o oE      |
|    + . S .      |
|   .   . = .     |
|  .   o = +      |
|   . . * .       |
|    .   o        |
+-----------------+

id_rsa.pub

接下來要把 id_rsa.pub 放到 ssh server 上。

  • ssh root@192.168.150.1

台南小新 發表在 痞客邦 留言(0) 人氣()

config file

  • nodetach: Don't detach from the controlling terminal. Without this option, if a serial device other than the terminal on the standard input is specified, pppd will fork to become a background process.

台南小新 發表在 痞客邦 留言(0) 人氣()


台南小新 發表在 痞客邦 留言(0) 人氣()

open file "/tmp/log"
fprint "This is a log\n"
close file
  • open file: 開啟一個檔案。
  • fprint: 輸出文字到檔案。
  • close file: 關閉檔案。

台南小新 發表在 痞客邦 留言(0) 人氣()

Makefile

--- usb-modeswitch-2.5.2-org/Makefile 2017-12-31 17:34:02.000000000 +0800
+++ usb-modeswitch-2.5.2/Makefile       2018-07-10 18:42:55.974599912 +0800
@@ -1,8 +1,8 @@
 PROG        = usb_modeswitch
 VERS        = 2.5.2
 CC          ?= gcc
-CFLAGS      += -Wall
-LIBS        = `pkg-config --libs --cflags libusb-1.0`
+CFLAGS      += -Wall -I$(ROOTDIR)/lib/libusb-1.0.0/libusb
+LIBS        = -lusb -lpthread -L$(ROOTDIR)/lib/libusb-1.0.0/
 RM          = /bin/rm -f
 OBJS        = usb_modeswitch.c
 PREFIX      = $(DESTDIR)/usr
@@ -27,7 +27,7 @@
        dispatcher-script dispatcher-shared dispatcher-static \
        install-script install-shared install-static
 
-all: script
+all: $(PROG)
 
 script: $(PROG) dispatcher-script
 
@@ -103,3 +103,6 @@
        $(RM) $(MANDIR)/usb_modeswitch.1
        $(RM) -R $(DESTDIR)/var/lib/usb_modeswitch
        $(RM) $(SYSDIR)/usb_modeswitch@.service
+romfs:
+       $(ROMFSINST) /bin/$(PROG)
  • CC 要指向 cross-compiler。
  • CFLAGS 要指向 libusb.h 的位置,libusb 要 1.0.0 以上。
  • LIBS 要指向 libusb.a 的位置,而且要加上 -lpthread 才不會有問題。
  • all 拿掉 script 只留 $(PROG),也就是不要 tcl 編譯的 usb_modeswitch_dispatcher,用不到。
  • 加上 romfs,只安裝 usb_modeswitch。

usb_modeswitch.c

--- usb-modeswitch-2.5.2-org/usb_modeswitch.c 2017-12-31 18:33:30.000000000 +0800
+++ usb-modeswitch-2.5.2usb_modeswitch.c        2018-07-10 18:09:26.516974857 +0800
@@ -510,8 +510,8 @@
 
        /* libusb initialization */
        if ((libusbError = libusb_init(&ctx)) != LIBUSB_SUCCESS) {
-               fprintf(stderr, "Error: Failed to initialize libusb. %s (%d)\n\n",
-                               libusb_error_name(libusbError), libusbError);
+               fprintf(stderr, "Error: Failed to initialize libusb. (%d)\n\n",
+                               libusbError);
                exit(1);
        }
  • libusb-1.0.0 沒有 libusb_error_name(),只是除錯訊息,移除就好了,沒有影響。

台南小新 發表在 痞客邦 留言(0) 人氣()

  • usbutils 0.87 以下使用 libusb-0.1.12,而且沒有 usbhid-dump,usbhid-dump 使用 libusb-1.0.0。
  • git clone https://github.com/gregkh/usbutils.git
  • cd usbutils
  • sudo apt-get install libtool
  • sudo apt-get install autoconf
  • autoreconf --install --symlink
  • LIBUSB_LIBS="-L../../lib/libusb-0.1.12 -lusb" \
    LIBUSB_CFLAGS=-I../../lib/libusb-0.1.12 \
    AR=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ar \
    CC=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-gcc \
    CXX=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-g++ \
    RANLIB=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-ranlib \
    STRIP=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-strip \
    ./configure --host=arm-linux --target=arm-linux --prefix=/usr --disable-zlib
  • mount -t devtmpfs none /dev

Reference


台南小新 發表在 痞客邦 留言(0) 人氣()

  • 插上 FS020U,辨識結果為 CD-ROM,而不是 USB Modem。
    [ 5578.340760] (3)[34:khubd]usb 1-1: ep 0x81 - rounding interval to 32768 microframes, ep desc says 0 microframes
    [ 5579.377146] (3)[30:kworker/3:1]scsi 0:0:0:0: CD-ROM            USBModem Disk             2.31 PQ: 0 ANSI: 2
    # lsusb
    1c9e:9bfe (bus 1, device 2)
    1d6b:0002 (bus 1, device 1)
    1d6b:0003 (bus 2, device 1)
    1d6b:0002 (bus 3, device 1)
  • 使用 usb_modeswitch 來轉換 USB type。usb_modeswitch -v 0x1c9e -p 0x9bfe -M 55534243123456780000000080000606f50402527600000000000000000000
    # usb_modeswitch -v 0x1c9e -p 0x9bfe -M 55534243123456780000000080000606f5040252
    7600000000000000000000
    Look for default devices ...
     Found devices in default mode (1)
    Access device 002 on bus 001
    Get the current device configuration ...
    Current configuration number is 1
    Use interface number 0
     with class 8
    Use endpoints 0x01 (out) and 0x81 (in)
    Looking for active drivers ...
     OK, driver detached
    Set up interface 0
    Use endpoint 0x01 for message sending ...
    Trying to send message 1 to endpoint 0x01 ...
     OK, message successfully sent
    Read the response to message 1 (CSW) ...
     Response successfully read (13 bytes), status 0
    Reset response endpoint 0x81
    Reset message endpoint 0x01
     Device is gone, skip any further commands
    -> Run lsusb to note any changes. Bye!
    
    # [ 6085.963225] (3)[34:khubd]usb 1-1: ep 0x81 - rounding interval to 32768 microframes, ep desc says 0 microframes
    [ 6085.973910] (3)[34:khubd]usb 1-1: ep 0x1 - rounding interval to 32768 microframes, ep desc says 0 microframes
    [ 6085.984161] (3)[34:khubd]usb 1-1: ep 0x82 - rounding interval to 32768 microframes, ep desc says 0 microframes
    [ 6085.994436] (3)[34:khubd]usb 1-1: ep 0x2 - rounding interval to 32768 microframes, ep desc says 0 microframes
    [ 6086.004523] (3)[34:khubd]usb 1-1: ep 0x84 - rounding interval to 32768 microframes, ep desc says 0 microframes
    [ 6086.014920] (3)[34:khubd]usb 1-1: ep 0x3 - rounding interval to 32768 microframes, ep desc says 0 microframes
    [ 6086.064168] (3)[34:khubd]
    [ 6086.064168]
    [ 6086.064168]Unsupported Device!
    [ 6086.064168]Vendor=1c9e ProdID=9b11
    [ 6086.064168]Manufacturer=USB Modem Product=USB Modem
    [ 6086.064168]
  • 由於 linux kernel 沒有內建 FS020U 的硬體識別碼,無法順利轉換成 USB Modem,所以需要手動把硬體識別碼寫入 usb-serial。echo 1c9e 9b11 > /sys/bus/usb-serial/drivers/option1/new_id
    echo 1c9e 9b11 > /sys/bus/usb-serial/drivers/option1/new_id
    # dmesg
    [ 6760.271729] (0)[12069:echo]option 1-1:1.0: usb_probe_interface
    [ 6760.271781] (0)[12069:echo]option 1-1:1.0: usb_probe_interface - got id
    [ 6760.271861] (0)[12069:echo]option 1-1:1.0: GSM modem (1-port) converter detected
    [ 6760.274054] (3)[12069:echo]usb 1-1: GSM modem (1-port) converter now attached to ttyUSB0
    [ 6760.274184] (3)[12069:echo]option 1-1:1.1: usb_probe_interface
    [ 6760.274237] (3)[12069:echo]option 1-1:1.1: usb_probe_interface - got id
    [ 6760.274319] (3)[12069:echo]option 1-1:1.1: GSM modem (1-port) converter detected
    [ 6760.276525] (3)[12069:echo]usb 1-1: GSM modem (1-port) converter now attached to ttyUSB1
    [ 6760.276634] (3)[12069:echo]option 1-1:1.2: usb_probe_interface
    [ 6760.276680] (3)[12069:echo]option 1-1:1.2: usb_probe_interface - got id
    [ 6760.276760] (3)[12069:echo]option 1-1:1.2: GSM modem (1-port) converter detected
    [ 6760.279454] (3)[12069:echo]usb 1-1: GSM modem (1-port) converter now attached to ttyUSB2
    [ 6760.279558] (3)[12069:echo]option 1-1:1.3: usb_probe_interface
    [ 6760.279609] (3)[12069:echo]option 1-1:1.3: usb_probe_interface - got id
    [ 6760.279693] (3)[12069:echo]option 1-1:1.3: GSM modem (1-port) converter detected
    [ 6760.283329] (3)[12069:echo]usb 1-1: GSM modem (1-port) converter now attached to ttyUSB3
    [ 6760.283455] (3)[12069:echo]option 1-1:1.4: usb_probe_interface
    [ 6760.283507] (3)[12069:echo]option 1-1:1.4: usb_probe_interface - got id
    [ 6760.283593] (3)[12069:echo]option 1-1:1.4: GSM modem (1-port) converter detected
    [ 6760.286507] (3)[12069:echo]usb 1-1: GSM modem (1-port) converter now attached to ttyUSB4
  • 或是把硬體識別碼寫入 linux kernel,修改 linux/drivers/usb/serial/option.c。
    static const struct usb_device_id option_ids[] = {
    { USB_DEVICE(LONGCHEER_VENDOR_ID, 0x9b11) },

台南小新 發表在 痞客邦 留言(0) 人氣()

uClibc 0.9.33.2 的 utmp 存在一個嚴重的 bug,就是 logout 無法確實記錄,造成使用者一直是 login 狀態。

這個問題是出在 getutline() 回傳的是 utmp 的 struct utmp static_utmp,但是 pututline() 使用 getutid() 會把 static_utmp 重寫,也就是 logout() 使用 getutline() 回傳的 static_utmp,再用 pututline() 去寫記錄時,因為 getutid() 又把 static_utmp 回復,所以每次寫入都是原來的記錄,無法更新。

台南小新 發表在 痞客邦 留言(0) 人氣()

install

  • git clone git://www.aleph1.co.uk/yaffs2
  • cd yaffs2
  • ./patch-ker.sh c m kernelpath

bug

mount/touch 都OK,但是只要 echo 寫入檔案就會 Segmentation fault。最後使用舊版的 source code 卻正常,在 2016-12-03 Changes to enable Linux 4.8 compilation 這個版本開始失敗。一步一步檢查才發現是在 YAFFS_NEW_XATTR 這里出了問題。改好了新版 kernel,卻使舊版本 kernel 不能用,真是慘。

--- a/source/linux-3.10.20.x/fs/yaffs2/yaffs_vfs.c
+++ b/source/linux-3.10.20.x/fs/yaffs2/yaffs_vfs.c
@@ -973,7 +973,7 @@ static int yaffs_setxattr(struct dentry *dentry, const char *name,
        return error;
 }
 
-#ifdef YAFFS_NEW_XATTR
+#if (YAFFS_NEW_XATTR > 0)
 static ssize_t yaffs_getxattr(struct dentry * dentry, struct inode *inode,
        const char *name, void *buff, size_t size)
 {
[  100.133567]Backtrace:
[  100.135904]-(0)[3697:echo][] (yaffs_getxattr+0x0/0xa0) from [] (cap_inode_need_killpriv+0x34/0x4c)
[  100.146491] r9:00000002 r8:dba1dec8 r7:de72c8b4 r6:00000000 r5:de72c7e0
r4:de725cc0
[  100.154168]-(0)[3697:echo][] (cap_inode_need_killpriv+0x0/0x4c) from [] (file_remove_suid+0x44/0xbc)
[  100.164937]-(0)[3697:echo][] (file_remove_suid+0x0/0xbc) from [] (__generic_file_aio_write+0x1d4/0x4a4)
[  100.175955] r6:da4bb3c0 r5:ffffff81 r4:0000007e
[  100.180444]-(0)[3697:echo][] (__generic_file_aio_write+0x0/0x4a4) from [] (generic_file_aio_write+0x5c/0xc0)
[  100.191902]-(0)[3697:echo][] (generic_file_aio_write+0x0/0xc0) from [] (do_sync_write+0x80/0xb4)
[  100.202326]-(0)[3697:echo][] (do_sync_write+0x0/0xb4) from [] (vfs_write+0xb4/0x134)
[  100.211709] r9:00000002 r8:00000000 r7:00000002 r6:dba1df78 r5:b6fb3280
r4:da4bb3c0
[  100.219383]-(0)[3697:echo][] (vfs_write+0x0/0x134) from [] (SyS_write+0x44/0x80)
[  100.228423] r7:b6fb3280 r6:da4bb3c0 r5:00000000 r4:00000000
[  100.233945]-(0)[3697:echo][] (SyS_write+0x0/0x80) from [] (ret_fast_syscall+0x0/0x30)
[  100.243413] r9:dba1c000 r8:c000e768 r7:00000004 r6:b6fb3280 r5:b6fb1100
r4:00000002
[  100.251087]-(0)[3697:echo]Code: e5915144 e3130002 e59b8004 1a000010 (e5956008)
[  100.261397] (0)[3697:echo]---[ end trace d3378d3f28538896 ]---
Segmentation fault

Refernce


台南小新 發表在 痞客邦 留言(0) 人氣()

  • iptables -t nat -A PREROUTING -i eth3 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.150.8:80
  • iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -o eth3 -j MASQUERADE
  • iptables -t nat -A PREROUTING -d 211.72.17.18/32 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.150.8:80
  • iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -d 192.168.150.8/32 -p tcp --dport 80 -j MASQUERADE
  • echo 1 > /sys/class/net/br0/brif/eth2.4/hairpin_mode
  • fix kernel/net/bridge/br_forward.c
    static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb)
    {
        const unsigned char *dest = eth_hdr(skb)->h_dest;
        return (((skb->dev != p->dev) || ((p->flags & BR_HAIRPIN_MODE) && (!is_multicast_ether_addr(dest)))) &&
            p->state == BR_STATE_FORWARDING);
    }

Reference


台南小新 發表在 痞客邦 留言(0) 人氣()

makefile

# test variables
CROSS_COMPILE?=/opt/buildroot-gcc483_arm/usr/bin/arm-linux-
ROMFSDIR?=${shell readlink -f ../../romfs}
all: makefile
        make -f Makefile
Makefile:
ifneq ("", "$(wildcard $@)")
        make -f Makefile $@
else
        AR=$(CROSS_COMPILE)ar CC=$(CROSS_COMPILE)gcc CXX=$(CROSS_COMPILE)g++ \
        LD= NM=$(CROSS_COMPILE)nm OBJCOPY=$(CROSS_COMPILE)objdump \
        RANLIB=$(CROSS_COMPILE)ranlib STRIP=$(CROSS_COMPILE)strip \
        ./configure --host=arm-linux --target=arm-linux --prefix=/usr \
                --without-shadow --disable-etc-default-login \
                --with-zlib=../../lib/zlib-1.2.3 --with-ssl-dir=../openssl-1.0.1f
endif
clean:
        make -f Makefile clean
        rm Makefile
romfs:
        $(ROMFSINST) scp /usr/bin/scp
        $(ROMFSINST) sftp /usr/bin/sftp
        $(ROMFSINST) sftp-server /usr/bin/sftp-server
        $(ROMFSINST) ssh /usr/bin/ssh
        $(ROMFSINST) ssh-add /usr/bin/ssh-add
        $(ROMFSINST) ssh-agent /usr/bin/ssh-agent
        $(ROMFSINST) sshd /usr/bin/sshd
        $(ROMFSINST) ssh-keygen /usr/bin/ssh-keygen
        $(ROMFSINST) ssh-keyscan /usr/bin/ssh-keyscan
        $(ROMFSINST) ssh-keysign /usr/bin/ssh-keysign
        $(ROMFSINST) ssh-pkcs11-helper /usr/bin/ssh-pkcs11-helper
        mkdir -p $(ROMFSDIR)/etc_ro/ssh
        $(ROMFSINST) ssh_config /etc_ro/ssh/ssh_config
        $(ROMFSINST) sshd_config /etc_ro/ssh/sshd_config
        $(ROMFSINST) ssh_host_rsa_key /etc_ro/ssh/ssh_host_rsa_key
        $(ROMFSINST) ssh_host_ecdsa_key /etc_ro/ssh/ssh_host_ecdsa_key
        $(ROMFSINST) ssh_host_ed25519_key /etc_ro/ssh/ssh_host_ed25519_key

Generate key

  • ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
  • ssh-keygen -t ecdsa -f ssh_host_ecdsa_key -N ""
  • ssh-keygen -t dsa -f ssh_host_ed25519_key -N ""

sshd_config

  • 使用原本的 sshd_config 加上下列修改的地方,其它使用預設值即可。
  • HostKey /etc_ro/ssh/ssh_host_rsa_key
  • HostKey /etc_ro/ssh/ssh_host_ecdsa_key
  • HostKey /etc_ro/ssh/ssh_host_ed25519_key
  • PermitRootLogin yes

Run

  • echo "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd
  • mkdir -p /var/empty
  • touch /var/log/lastlog
  • /sbin/sshd -E /var/log/sshd.log -f /etc_ro/ssh/sshd_config

.gitignore

Makefile
buildpkg.sh
config.h
-config.h.in
+config.log
config.status
-configure
openbsd-compat/Makefile
openbsd-compat/regress/Makefile
openssh.xml
opensshd.init
survey.sh

Debug

  • /opt/buildroot-gcc483_arm/usr/bin/arm-linux-ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -L/home/enos/workspace/amr1000/source/user/openssh-7.7p1/../openssl-1.0.1f/lib -L../../lib/zlib-1.2.3 -Wl,--fatal-warnings -L/home/enos/workspace/amr1000/source/uClibc-0.9.33.2/lib -L/home/enos/workspace/amr1000/source/lib/lib -Wl,--fatal-warnings -L/home/enos/workspace/amr1000/source/uClibc-0.9.33.2/lib -L/home/enos/workspace/amr1000/source/lib/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack  -lssh -lopenbsd-compat  -lcrypto -ldl -lutil -lz  -lcrypt 
    /opt/buildroot-gcc483_arm/usr/bin/arm-linux-ld: unrecognized option '-Wl,--fatal-warnings'
    /opt/buildroot-gcc483_arm/usr/bin/arm-linux-ld: use the --help option for usage information
    make[4]: *** [ssh] Error 1
    make[4]: Leaving directory `/home/enos/workspace/amr1000/source/user/openssh-7.7p1'
    make[3]: *** [all] Error 2
    make[3]: Leaving directory `/home/enos/workspace/amr1000/source/user/openssh-7.7p1'
    make[2]: *** [openssh-7.7p1] Error 2
    make[2]: Leaving directory `/home/enos/workspace/amr1000/source/user'
    make[1]: *** [all] Error 2
    make[1]: Leaving directory `/home/enos/workspace/amr1000/source/user'
    make: *** [user_only] Error 2
    arm-linux-ld 有問題,不知問題在那裏,設定 LD=,直接使用 arm-linux-gcc 就沒問題了。
  • /opt/buildroot-gcc483_arm/usr/bin/arm-linux-gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth2.o auth-options.o session.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor.o monitor_wrap.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o sftp-server.o sftp-common.o sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o sandbox-solaris.o -L. -Lopenbsd-compat/ -L/home/enos/workspace/amr1000/source/user/openssh-7.7p1/../openssl-1.0.1f/lib -L../../lib/zlib-1.2.3 -Wl,--fatal-warnings -L/home/enos/workspace/amr1000/source/uClibc-0.9.33.2/lib -L/home/enos/workspace/amr1000/source/lib/lib -Wl,--fatal-warnings -L/home/enos/workspace/amr1000/source/uClibc-0.9.33.2/lib -L/home/enos/workspace/amr1000/source/lib/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack  -lssh -lopenbsd-compat  -lcrypto -ldl -lutil -lz  -lcrypt  
    auth.o: In function `allowed_user':
    auth.c:(.text+0xd18): undefined reference to `getspnam'
    auth-shadow.o: In function `auth_shadow_pwexpired':
    auth-shadow.c:(.text+0x138): undefined reference to `getspnam'
    openbsd-compat//libopenbsd-compat.a(xcrypt.o): In function `xcrypt':
    xcrypt.c:(.text+0x58): undefined reference to `getspnam'
    openbsd-compat//libopenbsd-compat.a(xcrypt.o): In function `shadow_pw':
    xcrypt.c:(.text+0xd8): undefined reference to `getspnam'
    collect2: error: ld returned 1 exit status
    make[4]: *** [sshd] Error 1
    make[4]: Leaving directory `/home/enos/workspace/amr1000/source/user/openssh-7.7p1'
    make[3]: *** [all] Error 2
    make[3]: Leaving directory `/home/enos/workspace/amr1000/source/user/openssh-7.7p1'
    make[2]: *** [openssh-7.7p1] Error 2
    make[2]: Leaving directory `/home/enos/workspace/amr1000/source/user'
    make[1]: *** [all] Error 2
    make[1]: Leaving directory `/home/enos/workspace/amr1000/source/user'
    make: *** [user_only] Error 2
    SDK 沒有支援 shadow password,設定 --without-shadow 就可以了。
  • # ssh manager@127.0.0.1
    manager@127.0.0.1's password:
    Permission denied, please try again.
    manager@127.0.0.1's password:
    Permission denied, please try again.
    manager@127.0.0.1's password:
    manager@127.0.0.1: Permission denied (publickey,password,keyboard-interactive).
    這是因為 root group 權限沒開,在 sshd_config 加上 PermitRootLogin yes 即可。
  • /opt/buildroot-gcc483_arm/usr/bin/arm-linux-gcc -O2 -fomit-frame-pointer -pipe  -Dlinux -D__linux__ -Dunix -DEMBED -I/home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include -I/home/enos/workspace/amr1000/source/lib/include -DCONFIG_UCLIBC_0_9_33_2 -mcpu=cortex-a7 -I/home/enos/workspace/amr1000/source  -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset   -I. -I.. -I. -I./.. -I/home/enos/workspace/amr1000/source/user/openssh-7.7p1/../openssl-1.0.1f/include -I../../lib/zlib-1.2.3  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DHAVE_CONFIG_H -c bsd-nextstep.c
    In file included from /home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include/rpc/types.h:61:0,
                     from ../includes.h:115,
                     from bsd-nextstep.c:25:
    /home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include/stdlib.h:470:1: warning: ‘rpl_malloc’ attribute directive ignored [-Wattributes]
     extern void *malloc (size_t __size) __THROW __attribute_malloc__ __wur;
     ^
    /home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include/stdlib.h:475:6: warning: ‘rpl_malloc’ attribute directive ignored [-Wattributes]
          __THROW __attribute_malloc__ __wur;
          ^
    In file included from /home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include/rpc/types.h:61:0,
                     from ../includes.h:115,
                     from bsd-nextstep.c:25:
    /home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include/stdlib.h:503:1: warning: ‘rpl_malloc’ attribute directive ignored [-Wattributes]
     extern void *valloc (size_t __size) __THROW __attribute_malloc__ __wur;
     ^
    In file included from /home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include/resolv.h:64:0,
                     from ../openbsd-compat/getrrsetbyname.h:59,
                     from ../openbsd-compat/openbsd-compat.h:44,
                     from ../includes.h:174,
                     from bsd-nextstep.c:25:
    /home/enos/workspace/amr1000/source/uClibc-0.9.33.2/app_headers/include/stdio.h:197:6: warning: ‘rpl_malloc’ attribute directive ignored [-Wattributes]
          __THROW __attribute_malloc__ __wur;
          ^
    只要在 configure 前面加上 ac_cv_func_malloc_0_nonnull=yes 即可,但是卻會產生另一個問題 xrecallocarray: out of memory,要修改 channels.c 的 channel_clear_adm_permitted_opens 及 channel_clear_permitted_opens。所以就不要理它了。

Reference


台南小新 發表在 痞客邦 留言(0) 人氣()


台南小新 發表在 痞客邦 留言(0) 人氣()

修改 Makefile

@@ -53,7 +53,7 @@
 # but we use a local copy if we don't find it.
 #
 #KERNELSRC=/lib/modules/`uname -r`/build/
-KERNELSRC?=./linux
+KERNELSRC=$(ROOTDIR)/$(LINUXDIR)
 OSFLAGS?= -DLINUX -I$(KERNELSRC)/include/
 #
 # Uncomment the following to use the kernel interface under Linux
@@ -112,7 +112,7 @@
 MANDIR?=$(DESTDIR)${PREFIX}/share/man
 
 
-all: $(EXEC) pfc $(CONTROL_EXEC)
+all: $(EXEC)
 
 clean:
        rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
  • 修正 KERNELSRC 目錄位置
  • 移除 pfc 及 xl2tpd-control,因為用不到,這樣就可以不用 libpcap。

台南小新 發表在 痞客邦 留言(0) 人氣()

@@ -22,7 +22,7 @@ server.modules              = (
 ##                              "mod_trigger_b4_dl",
                                 "mod_auth",
 #                               "mod_status",
-##                              "mod_setenv",
+                                "mod_setenv",
 ##                              "mod_fastcgi",
 ##                              "mod_proxy",
 ##                              "mod_simple_vhost",
@@ -368,3 +368,9 @@ ssi.extension              = ( ".shtml" )
 ## the above is same as:
 #var.a=1
 
+$HTTP["url"] != "" {
+  setenv.add-response-header = ( "Cache-Control" => "no-store, no-cache, must-revalidate, post-check=0, pre-check=0" )
+  etag.use-inode = "disable"
+  etag.use-mtime = "disable"
+  etag.use-size = "disable"
+}

台南小新 發表在 痞客邦 留言(0) 人氣()

1 234