[Buildroot] [PATCH 1/4] pppd: bugfixes and enhancements

[Buildroot] [PATCH 1/4] pppd: bugfixes and enhancements

[Gustavo Zacarias]

Fix exponential timeout bug for PPPoE.
Fix undefined (0.0.0.0) default gateway issue.
Add adaptive LCP echo patch and gateway metric functionality.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/pppd/pppd-2.4.5-defaultgateway.patch       |   95 ++++++++++++++++
 package/pppd/pppd-2.4.5-defaultmetric.patch        |  115 ++++++++++++++++++++
 package/pppd/pppd-2.4.5-lcp-echo-adaptive.patch    |   64 +++++++++++
 .../pppd/pppd-2.4.5-no-exponential-timeout.patch   |   28 +++++
 4 files changed, 302 insertions(+), 0 deletions(-)
 create mode 100644 package/pppd/pppd-2.4.5-defaultgateway.patch
 create mode 100644 package/pppd/pppd-2.4.5-defaultmetric.patch
 create mode 100644 package/pppd/pppd-2.4.5-lcp-echo-adaptive.patch
 create mode 100644 package/pppd/pppd-2.4.5-no-exponential-timeout.patch

diff --git a/package/pppd/pppd-2.4.5-defaultgateway.patch b/package/pppd/pppd-2.4.5-defaultgateway.patch
new file mode 100644
index 0000000..8a4f621
--- /dev/null
+++ b/package/pppd/pppd-2.4.5-defaultgateway.patch
@@ -0,0 +1,95 @@
+This patch reverses revision 1.114 of the pppd/sys-linux.c file.
+The default gateway is needed by the openswan's %defaultroute.
+
+Obtained from gentoo patchset.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nur ppp-2.4.5.orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
+--- ppp-2.4.5.orig/pppd/sys-linux.c	2010-08-08 09:44:29.000000000 +0200
++++ ppp-2.4.5/pppd/sys-linux.c	2010-08-08 09:53:02.000000000 +0200
+@@ -209,7 +209,7 @@
+ static unsigned char inbuf[512]; /* buffer for chars read from loopback */
+ 
+ static int	if_is_up;	/* Interface has been marked up */
+-static int	have_default_route;	/* Gateway for default route added */
++static u_int32_t default_route_gateway;	/* Gateway for default route added */
+ static u_int32_t proxy_arp_addr;	/* Addr for proxy arp entry added */
+ static char proxy_arp_dev[16];		/* Device for proxy arp entry */
+ static u_int32_t our_old_addr;		/* for detecting address changes */
+@@ -346,8 +346,8 @@
+ /*
+  * Delete any routes through the device.
+  */
+-    if (have_default_route)
+-	cifdefaultroute(0, 0, 0);
++    if (default_route_gateway != 0)
++	cifdefaultroute(0, 0, default_route_gateway);
+ 
+     if (has_proxy_arp)
+ 	cifproxyarp(0, proxy_arp_addr);
+@@ -1639,17 +1639,17 @@
+     struct rtentry rt;
+ 
+     if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) {
+-	if (rt.rt_flags & RTF_GATEWAY)
+-	    error("not replacing existing default route via %I",
+-		  SIN_ADDR(rt.rt_gateway));
+-	else
+-	    error("not replacing existing default route through %s",
+-		  rt.rt_dev);
++	u_int32_t old_gateway = SIN_ADDR(rt.rt_gateway);
++
++	if (old_gateway != gateway)
++	    error("not replacing existing default route to %s [%I]",
++		  rt.rt_dev, old_gateway);
+ 	return 0;
+     }
+ 
+-    memset (&rt, 0, sizeof (rt));
+-    SET_SA_FAMILY (rt.rt_dst, AF_INET);
++    memset (&rt, '\0', sizeof (rt));
++    SET_SA_FAMILY (rt.rt_dst,     AF_INET);
++    SET_SA_FAMILY (rt.rt_gateway, AF_INET);
+ 
+     rt.rt_dev = ifname;
+ 
+@@ -1658,14 +1658,16 @@
+ 	SIN_ADDR(rt.rt_genmask) = 0L;
+     }
+ 
+-    rt.rt_flags = RTF_UP;
++    SIN_ADDR(rt.rt_gateway) = gateway;
++
++    rt.rt_flags = RTF_UP | RTF_GATEWAY;
+     if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) {
+ 	if ( ! ok_error ( errno ))
+ 	    error("default route ioctl(SIOCADDRT): %m");
+ 	return 0;
+     }
+ 
+-    have_default_route = 1;
++    default_route_gateway = gateway;
+     return 1;
+ }
+ 
+@@ -1678,7 +1680,7 @@
+ {
+     struct rtentry rt;
+ 
+-    have_default_route = 0;
++    default_route_gateway = 0;
+ 
+     memset (&rt, '\0', sizeof (rt));
+     SET_SA_FAMILY (rt.rt_dst,     AF_INET);
+@@ -1691,7 +1693,9 @@
+ 	SIN_ADDR(rt.rt_genmask) = 0L;
+     }
+ 
+-    rt.rt_flags = RTF_UP;
++    SIN_ADDR(rt.rt_gateway) = gateway;
++
++    rt.rt_flags = RTF_UP | RTF_GATEWAY;
+     if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) {
+ 	if (still_ppp()) {
+ 	    if ( ! ok_error ( errno ))
diff --git a/package/pppd/pppd-2.4.5-defaultmetric.patch b/package/pppd/pppd-2.4.5-defaultmetric.patch
new file mode 100644
index 0000000..e32055e
--- /dev/null
+++ b/package/pppd/pppd-2.4.5-defaultmetric.patch
@@ -0,0 +1,115 @@
+Introduce an option to set metric for the gateway.
+Most useful for multiple PPP links.
+
+Obtained from gentoo patchset.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nru ppp-2.4.5.orig/pppd/options.c ppp-2.4.5/pppd/options.c
+--- ppp-2.4.5.orig/pppd/options.c	2010-08-08 09:44:29.000000000 +0200
++++ ppp-2.4.5/pppd/options.c	2010-08-08 10:07:50.000000000 +0200
+@@ -94,6 +94,7 @@
+ int	kdebugflag = 0;		/* Tell kernel to print debug messages */
+ int	default_device = 1;	/* Using /dev/tty or equivalent */
+ char	devnam[MAXPATHLEN];	/* Device name */
++int defaultmetric = 0;		/* Metric of the default route */
+ bool	nodetach = 0;		/* Don't detach from controlling tty */
+ bool	updetach = 0;		/* Detach once link is up */
+ int	maxconnect = 0;		/* Maximum connect time */
+@@ -289,6 +290,10 @@
+       "Number of seconds to wait for child processes at exit",
+       OPT_PRIO },
+ 
++    { "defaultmetric", o_int, &defaultmetric,
++      "The metric of the default route",
++      OPT_LIMITS, 0, 32766 },
++
+ #ifdef HAVE_MULTILINK
+     { "multilink", o_bool, &multilink,
+       "Enable multilink operation", OPT_PRIO | 1 },
+diff -Nru ppp-2.4.5.orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8
+--- ppp-2.4.5.orig/pppd/pppd.8	2010-08-08 10:06:57.000000000 +0200
++++ ppp-2.4.5/pppd/pppd.8	2010-08-08 10:07:50.000000000 +0200
+@@ -121,6 +121,9 @@
+ This entry is removed when the PPP connection is broken.  This option
+ is privileged if the \fInodefaultroute\fR option has been specified.
+ .TP
++.B defaultmetric \fIn
++The metric of the default route configured by pppd; default is 0.
++.TP
+ .B disconnect \fIscript
+ Execute the command specified by \fIscript\fR, by passing it to a
+ shell, after
+diff -Nru ppp-2.4.5.orig/pppd/pppd.h ppp-2.4.5/pppd/pppd.h
+--- ppp-2.4.5.orig/pppd/pppd.h	2010-08-08 09:58:19.000000000 +0200
++++ ppp-2.4.5/pppd/pppd.h	2010-08-08 10:07:50.000000000 +0200
+@@ -276,6 +276,7 @@
+ extern int	kdebugflag;	/* Tell kernel to print debug messages */
+ extern int	default_device;	/* Using /dev/tty or equivalent */
+ extern char	devnam[MAXPATHLEN];	/* Device name */
++extern int defaultmetric;		/* Metric of the default route */
+ extern int	crtscts;	/* Use hardware flow control */
+ extern bool	modem;		/* Use modem control lines */
+ extern int	inspeed;	/* Input/Output speed requested */
+diff -Nru ppp-2.4.5.orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
+--- ppp-2.4.5.orig/pppd/sys-linux.c	2010-08-08 09:53:56.000000000 +0200
++++ ppp-2.4.5/pppd/sys-linux.c	2010-08-08 10:07:50.000000000 +0200
+@@ -1465,7 +1465,7 @@
+ FILE *route_fd = (FILE *) 0;
+ static char route_buffer[512];
+ static int route_dev_col, route_dest_col, route_gw_col;
+-static int route_flags_col, route_mask_col;
++static int route_flags_col, route_mask_col, route_metric_col;
+ static int route_num_cols;
+ 
+ static int open_route_table (void);
+@@ -1508,6 +1508,7 @@
+     route_dest_col = 1;
+     route_gw_col = 2;
+     route_flags_col = 3;
++    route_metric_col = 6;
+     route_mask_col = 7;
+     route_num_cols = 8;
+ 
+@@ -1527,6 +1528,8 @@
+ 		route_gw_col = col;
+ 	    else if (strcasecmp(q, "flags") == 0)
+ 		route_flags_col = col;
++	    else if (strcasecmp(q, "metric") == 0)
++		route_metric_col = col;
+ 	    else if (strcasecmp(q, "mask") == 0)
+ 		route_mask_col = col;
+ 	    else
+@@ -1569,6 +1572,7 @@
+ 
+     rt->rt_flags = (short) strtoul(cols[route_flags_col], NULL, 16);
+     rt->rt_dev   = cols[route_dev_col];
++    rt->rt_metric = (short) strtoul(cols[route_metric_col], NULL, 16);
+ 
+     return 1;
+ }
+@@ -1591,6 +1595,8 @@
+ 
+ 	if (kernel_version > KVERSION(2,1,0) && SIN_ADDR(rt->rt_genmask) != 0)
+ 	    continue;
++	if (rt->rt_metric != defaultmetric) /* consider only routes with the same metric */
++	    continue;
+ 	if (SIN_ADDR(rt->rt_dst) == 0L) {
+ 	    result = 1;
+ 	    break;
+@@ -1661,6 +1667,7 @@
+     SIN_ADDR(rt.rt_gateway) = gateway;
+ 
+     rt.rt_flags = RTF_UP | RTF_GATEWAY;
++    rt.rt_metric = defaultmetric + 1; /* +1 for binary compatibility */
+     if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) {
+ 	if ( ! ok_error ( errno ))
+ 	    error("default route ioctl(SIOCADDRT): %m");
+@@ -1696,6 +1703,7 @@
+     SIN_ADDR(rt.rt_gateway) = gateway;
+ 
+     rt.rt_flags = RTF_UP | RTF_GATEWAY;
++    rt.rt_metric = defaultmetric + 1; /* +1 for binary compatibility */
+     if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) {
+ 	if (still_ppp()) {
+ 	    if ( ! ok_error ( errno ))
diff --git a/package/pppd/pppd-2.4.5-lcp-echo-adaptive.patch b/package/pppd/pppd-2.4.5-lcp-echo-adaptive.patch
new file mode 100644
index 0000000..dbd926a
--- /dev/null
+++ b/package/pppd/pppd-2.4.5-lcp-echo-adaptive.patch
@@ -0,0 +1,64 @@
+Introduce an adaptive LCP echo option to avoid unnecessary traffic.
+
+Obtained from gentoo patchset.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nru ppp-2.4.5.orig/pppd/lcp.c ppp-2.4.5/pppd/lcp.c
+--- ppp-2.4.5.orig/pppd/lcp.c	2009-11-16 23:26:07.000000000 +0100
++++ ppp-2.4.5/pppd/lcp.c	2010-11-27 10:46:26.000000000 +0100
+@@ -73,6 +73,7 @@
+  */
+ int	lcp_echo_interval = 0; 	/* Interval between LCP echo-requests */
+ int	lcp_echo_fails = 0;	/* Tolerance to unanswered echo-requests */
++bool	lcp_echo_adaptive = 0;	/* request echo only if the link was idle */
+ bool	lax_recv = 0;		/* accept control chars in asyncmap */
+ bool	noendpoint = 0;		/* don't send/accept endpoint discriminator */
+ 
+@@ -151,6 +152,8 @@
+       OPT_PRIO },
+     { "lcp-echo-interval", o_int, &lcp_echo_interval,
+       "Set time in seconds between LCP echo requests", OPT_PRIO },
++    { "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive,
++      "Suppress LCP echo requests if traffic was received", 1 },
+     { "lcp-restart", o_int, &lcp_fsm[0].timeouttime,
+       "Set time in seconds between LCP retransmissions", OPT_PRIO },
+     { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits,
+@@ -2322,6 +2325,22 @@
+     }
+ 
+     /*
++     * If adaptive echos have been enabled, only send the echo request if
++     * no traffic was received since the last one.
++     */
++    if (lcp_echo_adaptive) {
++       static unsigned int last_pkts_in = 0;
++
++       update_link_stats(f->unit);
++       link_stats_valid = 0;
++
++       if (link_stats.pkts_in != last_pkts_in) {
++           last_pkts_in = link_stats.pkts_in;
++           return;
++       }
++    }
++
++    /*
+      * Make and send the echo request frame.
+      */
+     if (f->state == OPENED) {
+diff -Nru ppp-2.4.5.orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8
+--- ppp-2.4.5.orig/pppd/pppd.8	2009-11-16 23:26:07.000000000 +0100
++++ ppp-2.4.5/pppd/pppd.8	2010-11-27 10:44:58.000000000 +0100
+@@ -549,6 +549,11 @@
+ dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to
+ 1) in demand mode if the local address changes.
+ .TP
++.B lcp\-echo\-adaptive
++If this option is used with the \fIlcp\-echo\-failure\fR option then
++pppd will send LCP echo\-request frames only if no traffic was received
++from the peer since the last echo\-request was sent.
++.TP
+ .B lcp\-echo\-failure \fIn
+ If this option is given, pppd will presume the peer to be dead
+ if \fIn\fR LCP echo\-requests are sent without receiving a valid LCP
diff --git a/package/pppd/pppd-2.4.5-no-exponential-timeout.patch b/package/pppd/pppd-2.4.5-no-exponential-timeout.patch
new file mode 100644
index 0000000..431f7bf
--- /dev/null
+++ b/package/pppd/pppd-2.4.5-no-exponential-timeout.patch
@@ -0,0 +1,28 @@
+Fix exponential timeout bug for PPPoE.
+
+Obtained from OpenWRT svn.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+--- a/pppd/plugins/rp-pppoe/discovery.c
++++ b/pppd/plugins/rp-pppoe/discovery.c
+@@ -548,7 +548,9 @@ discovery(PPPoEConnection *conn)
+ 	conn->discoveryState = STATE_SENT_PADI;
+ 	waitForPADO(conn, timeout);
+ 
++#if 0
+ 	timeout *= 2;
++#endif
+     } while (conn->discoveryState == STATE_SENT_PADI);
+ 
+     timeout = conn->discoveryTimeout;
+@@ -563,7 +565,9 @@ discovery(PPPoEConnection *conn)
+ 	sendPADR(conn);
+ 	conn->discoveryState = STATE_SENT_PADR;
+ 	waitForPADS(conn, timeout);
++#if 0
+ 	timeout *= 2;
++#endif
+     } while (conn->discoveryState == STATE_SENT_PADR);
+ 
+     /* We're done. */
-- 
1.7.3.4

[Buildroot] [PATCH 2/4] ocf: new package

[Gustavo Zacarias]

Add the ocf package and kernel extension.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 linux/Config.ext.in    |    7 +++++++
 linux/linux-ext-ocf.mk |   21 +++++++++++++++++++++
 package/Config.in      |    1 +
 package/ocf/Config.in  |    9 +++++++++
 package/ocf/ocf.mk     |   30 ++++++++++++++++++++++++++++++
 5 files changed, 68 insertions(+), 0 deletions(-)
 create mode 100644 linux/linux-ext-ocf.mk
 create mode 100644 package/ocf/Config.in
 create mode 100644 package/ocf/ocf.mk

diff --git a/linux/Config.ext.in b/linux/Config.ext.in
index 8a9f87e..dd26399 100644
--- a/linux/Config.ext.in
+++ b/linux/Config.ext.in
@@ -15,6 +15,13 @@ config BR2_LINUX_KERNEL_EXT_XENOMAI_ADEOS_PATCH
 	  Download it at http://download.gna.org/adeos/patches/v2.6/$(ARCH)/
 	  and verify that your kernel version in buildroot matches.
 
+# OCF
+config BR2_LINUX_KERNEL_EXT_OCF
+	bool "Open Cryptographic Framework (OCF)"
+	select BR2_PACKAGE_OCF
+	help
+	  OCF Kernel part.
+
 # RTAI
 config BR2_LINUX_KERNEL_EXT_RTAI
        bool "RTAI Real-time patch"
diff --git a/linux/linux-ext-ocf.mk b/linux/linux-ext-ocf.mk
new file mode 100644
index 0000000..d31d77d
--- /dev/null
+++ b/linux/linux-ext-ocf.mk
@@ -0,0 +1,21 @@
+##################################################
+# Linux OCF extension
+#
+# Patch the linux kernel with OCF
+##################################################
+
+ifeq ($(BR2_LINUX_KERNEL_EXT_OCF),y)
+LINUX_DEPENDENCIES += ocf
+
+# Prepare kernel patch
+# The linux-2.6.38.patch is just the main inclusion, most of the code
+# resides in the ocf/ subdir.
+define OCF_PREPARE_KERNEL
+	support/scripts/apply-patches.sh $(LINUX_DIR) \
+		$(OCF_DIR)/patches/ linux-2.6.38-ocf.patch ; \
+	cp -rf $(OCF_DIR)/ocf $(LINUX_DIR)/crypto/ocf ;
+endef
+
+LINUX_PRE_PATCH_HOOKS += OCF_PREPARE_KERNEL
+
+endif #BR2_LINUX_EXT_OCF
diff --git a/package/Config.in b/package/Config.in
index 3cd724c..4943909 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -258,6 +258,7 @@ source "package/gnutls/Config.in"
 source "package/libgcrypt/Config.in"
 source "package/libgpg-error/Config.in"
 source "package/libnss/Config.in"
+source "package/ocf/Config.in"
 source "package/openssl/Config.in"
 endmenu
 
diff --git a/package/ocf/Config.in b/package/ocf/Config.in
new file mode 100644
index 0000000..2033cda
--- /dev/null
+++ b/package/ocf/Config.in
@@ -0,0 +1,9 @@
+config BR2_PACKAGE_OCF
+	bool "ocf"
+	help
+	  OCF-Linux is a Linux port of the OpenBSD/FreeBSD Cryptographic
+	  Framework (OCF). This port aims to bring full asynchronous HW/SW
+	  crypto acceleration to the Linux kernel and applications
+	  running under Linux.
+	  
+	  http://ocf-linux.sourceforge.net/
diff --git a/package/ocf/ocf.mk b/package/ocf/ocf.mk
new file mode 100644
index 0000000..1ba01cf
--- /dev/null
+++ b/package/ocf/ocf.mk
@@ -0,0 +1,30 @@
+#############################################################
+#
+# ocf
+#
+#############################################################
+
+OCF_VERSION = 20110720
+OCF_SITE = http://$(BR2_SOURCEFORGE_MIRROR).dl.sourceforge.net/sourceforge/ocf-linux
+OCF_SOURCE = ocf-linux-$(OCF_VERSION).tar.gz
+OCF_INSTALL_STAGING = YES
+
+define OCF_INSTALL_STAGING_CMDS
+	$(INSTALL) -D -m 644 $(@D)/ocf/cryptodev.h \
+		$(STAGING_DIR)/usr/include/crypto/cryptodev.h
+endef
+
+define OCF_UNINSTALL_STAGING_CMDS
+	rm -f $(STAGING_DIR)/usr/include/crypto/cryptodev.h
+endef
+
+define OCF_INSTALL_TARGET_CMDS
+	$(INSTALL) -D -m 644 $(@D)/ocf/cryptodev.h \
+		$(TARGET_DIR)/usr/include/crypto/cryptodev.h
+endef
+
+define OCF_UNINSTALL_TARGET_CMDS
+	rm -f $(TARGET_DIR)/usr/include/crypto/cryptodev.h
+endef
+
+$(eval $(call GENTARGETS))
-- 
1.7.3.4

[Buildroot] [PATCH 2/4] ocf: new package

[Thomas Petazzoni]

Le Thu, 20 Oct 2011 14:48:51 -0300,
Gustavo Zacarias <gustavo@zacarias.com.ar> a ?crit :

> +config BR2_PACKAGE_OCF
> +	bool "ocf"
> +	help
> +	  OCF-Linux is a Linux port of the OpenBSD/FreeBSD Cryptographic
> +	  Framework (OCF). This port aims to bring full asynchronous HW/SW
> +	  crypto acceleration to the Linux kernel and applications
> +	  running under Linux.
> +	  
> +	  http://ocf-linux.sourceforge.net/

Maybe mention here that there is a kernel-side part that must be
enabled for this to work, and that it can be enabled with
BR2_LINUX_KERNEL_EXT_OCF ?

> +define OCF_INSTALL_STAGING_CMDS
> +	$(INSTALL) -D -m 644 $(@D)/ocf/cryptodev.h \
> +		$(STAGING_DIR)/usr/include/crypto/cryptodev.h
> +endef
> +
> +define OCF_UNINSTALL_STAGING_CMDS
> +	rm -f $(STAGING_DIR)/usr/include/crypto/cryptodev.h
> +endef
> +
> +define OCF_INSTALL_TARGET_CMDS
> +	$(INSTALL) -D -m 644 $(@D)/ocf/cryptodev.h \
> +		$(TARGET_DIR)/usr/include/crypto/cryptodev.h
> +endef
> +
> +define OCF_UNINSTALL_TARGET_CMDS
> +	rm -f $(TARGET_DIR)/usr/include/crypto/cryptodev.h
> +endef

So basically, it's just a header that needs to be installed?

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 2/4] ocf: new package

[Gustavo Zacarias]

On 21.10.2011 03:53, Thomas Petazzoni wrote:

> Le Thu, 20 Oct 2011 14:48:51 -0300,
> Gustavo Zacarias <gustavo@zacarias.com.ar> a ?crit :
>
>> +config BR2_PACKAGE_OCF
>> +	bool "ocf"
>> +	help
>> +	  OCF-Linux is a Linux port of the OpenBSD/FreeBSD Cryptographic
>> +	  Framework (OCF). This port aims to bring full asynchronous HW/SW
>> +	  crypto acceleration to the Linux kernel and applications
>> +	  running under Linux.
>> +
>> +	  http://ocf-linux.sourceforge.net/
>
> Maybe mention here that there is a kernel-side part that must be
> enabled for this to work, and that it can be enabled with
> BR2_LINUX_KERNEL_EXT_OCF ?

Fair enough, though it won't break anything if it's enabled and you 
lack OCF support on the kernel side.
Similar to what would happen if you don't load the appropiate modules 
or lack hardware support.

> So basically, it's just a header that needs to be installed?
>
> Thomas

Yes.
For the moment we've got OpenSSL and maybe Openswan that uses OCF.
Of course anything that links to OpenSSL uses OCF when it's properly 
enabled on supporting hardware.

Regards.

[Buildroot] [PATCH 2/4] ocf: new package

[Thomas Petazzoni]

Le Fri, 21 Oct 2011 07:33:12 -0300,
Gustavo Zacarias <gustavo@zacarias.com.ar> a ?crit :

> Fair enough, though it won't break anything if it's enabled and you 
> lack OCF support on the kernel side.
> Similar to what would happen if you don't load the appropiate modules 
> or lack hardware support.

Yeah, it's not a hard dependency, just a documentation comment on how
to take advantage of it.

> > So basically, it's just a header that needs to be installed?
> >
> > Thomas
> 
> Yes.
> For the moment we've got OpenSSL and maybe Openswan that uses OCF.
> Of course anything that links to OpenSSL uses OCF when it's properly 
> enabled on supporting hardware.

Ok, thanks!

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 3/4] openssl: split out ocf

[Gustavo Zacarias]

Ditch OCF and switch to the proper package.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/openssl/Config.in                |    1 +
 package/openssl/ocf-cryptodev-20101223.h |  480 ------------------------------
 package/openssl/openssl.mk               |   10 +-
 3 files changed, 3 insertions(+), 488 deletions(-)
 delete mode 100644 package/openssl/ocf-cryptodev-20101223.h

diff --git a/package/openssl/Config.in b/package/openssl/Config.in
index 3e09d88..0240603 100644
--- a/package/openssl/Config.in
+++ b/package/openssl/Config.in
@@ -25,6 +25,7 @@ config BR2_PACKAGE_OPENSSL_ENGINES
 config BR2_PACKAGE_OPENSSL_OCF
 	bool "openssl ocf support"
 	depends on BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OCF
 	help
 	  Enable openssl cryptodev (OCF) hardware acceleration support.
 	  This requires kernel patches from the ocf-linux project otherwise
diff --git a/package/openssl/ocf-cryptodev-20101223.h b/package/openssl/ocf-cryptodev-20101223.h
deleted file mode 100644
index cca0ec8..0000000
--- a/package/openssl/ocf-cryptodev-20101223.h
+++ /dev/null
@@ -1,480 +0,0 @@
-/*	$FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $	*/
-/*	$OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $	*/
-
-/*-
- * Linux port done by David McCullough <david_mccullough@mcafee.com>
- * Copyright (C) 2006-2010 David McCullough
- * Copyright (C) 2004-2005 Intel Corporation.
- * The license and original author are listed below.
- *
- * The author of this code is Angelos D. Keromytis (angelos at cis.upenn.edu)
- * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
- *
- * This code was written by Angelos D. Keromytis in Athens, Greece, in
- * February 2000. Network Security Technologies Inc. (NSTI) kindly
- * supported the development of this code.
- *
- * Copyright (c) 2000 Angelos D. Keromytis
- *
- * Permission to use, copy, and modify this software with or without fee
- * is hereby granted, provided that this entire notice is included in
- * all source code copies of any software which is or includes a copy or
- * modification of this software.
- *
- * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
- * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
- * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Copyright (c) 2001 Theo de Raadt
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *   notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *   notice, this list of conditions and the following disclaimer in the
- *   documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *   derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F30602-01-2-0537.
- *
- */
-
-#ifndef _CRYPTO_CRYPTO_H_
-#define _CRYPTO_CRYPTO_H_
-
-/* Some initial values */
-#define CRYPTO_DRIVERS_INITIAL	4
-#define CRYPTO_SW_SESSIONS	32
-
-/* Hash values */
-#define NULL_HASH_LEN		0
-#define MD5_HASH_LEN		16
-#define SHA1_HASH_LEN		20
-#define RIPEMD160_HASH_LEN	20
-#define SHA2_256_HASH_LEN	32
-#define SHA2_384_HASH_LEN	48
-#define SHA2_512_HASH_LEN	64
-#define MD5_KPDK_HASH_LEN	16
-#define SHA1_KPDK_HASH_LEN	20
-/* Maximum hash algorithm result length */
-#define HASH_MAX_LEN		SHA2_512_HASH_LEN /* Keep this updated */
-
-/* HMAC values */
-#define NULL_HMAC_BLOCK_LEN			1
-#define MD5_HMAC_BLOCK_LEN			64
-#define SHA1_HMAC_BLOCK_LEN			64
-#define RIPEMD160_HMAC_BLOCK_LEN	64
-#define SHA2_256_HMAC_BLOCK_LEN		64
-#define SHA2_384_HMAC_BLOCK_LEN		128
-#define SHA2_512_HMAC_BLOCK_LEN		128
-/* Maximum HMAC block length */
-#define HMAC_MAX_BLOCK_LEN		SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
-#define HMAC_IPAD_VAL			0x36
-#define HMAC_OPAD_VAL			0x5C
-
-/* Encryption algorithm block sizes */
-#define NULL_BLOCK_LEN			1
-#define DES_BLOCK_LEN			8
-#define DES3_BLOCK_LEN			8
-#define BLOWFISH_BLOCK_LEN		8
-#define SKIPJACK_BLOCK_LEN		8
-#define CAST128_BLOCK_LEN		8
-#define RIJNDAEL128_BLOCK_LEN	16
-#define AES_BLOCK_LEN			RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN		16
-#define ARC4_BLOCK_LEN			1
-#define EALG_MAX_BLOCK_LEN		AES_BLOCK_LEN /* Keep this updated */
-
-/* Encryption algorithm min and max key sizes */
-#define NULL_MIN_KEY_LEN		0
-#define NULL_MAX_KEY_LEN		0
-#define DES_MIN_KEY_LEN			8
-#define DES_MAX_KEY_LEN			8
-#define DES3_MIN_KEY_LEN		24
-#define DES3_MAX_KEY_LEN		24
-#define BLOWFISH_MIN_KEY_LEN	4
-#define BLOWFISH_MAX_KEY_LEN	56
-#define SKIPJACK_MIN_KEY_LEN	10
-#define SKIPJACK_MAX_KEY_LEN	10
-#define CAST128_MIN_KEY_LEN		5
-#define CAST128_MAX_KEY_LEN		16
-#define RIJNDAEL128_MIN_KEY_LEN	16
-#define RIJNDAEL128_MAX_KEY_LEN	32
-#define AES_MIN_KEY_LEN			RIJNDAEL128_MIN_KEY_LEN
-#define AES_MAX_KEY_LEN			RIJNDAEL128_MAX_KEY_LEN
-#define CAMELLIA_MIN_KEY_LEN	16
-#define CAMELLIA_MAX_KEY_LEN	32
-#define ARC4_MIN_KEY_LEN		1
-#define ARC4_MAX_KEY_LEN		256
-
-/* Max size of data that can be processed */
-#define CRYPTO_MAX_DATA_LEN		64*1024 - 1
-
-#define CRYPTO_ALGORITHM_MIN	1
-#define CRYPTO_DES_CBC			1
-#define CRYPTO_3DES_CBC			2
-#define CRYPTO_BLF_CBC			3
-#define CRYPTO_CAST_CBC			4
-#define CRYPTO_SKIPJACK_CBC		5
-#define CRYPTO_MD5_HMAC			6
-#define CRYPTO_SHA1_HMAC		7
-#define CRYPTO_RIPEMD160_HMAC	8
-#define CRYPTO_MD5_KPDK			9
-#define CRYPTO_SHA1_KPDK		10
-#define CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
-#define CRYPTO_AES_CBC			11 /* 128 bit blocksize -- the same as above */
-#define CRYPTO_ARC4				12
-#define CRYPTO_MD5				13
-#define CRYPTO_SHA1				14
-#define CRYPTO_NULL_HMAC		15
-#define CRYPTO_NULL_CBC			16
-#define CRYPTO_DEFLATE_COMP		17 /* Deflate compression algorithm */
-#define CRYPTO_SHA2_256_HMAC	18
-#define CRYPTO_SHA2_384_HMAC	19
-#define CRYPTO_SHA2_512_HMAC	20
-#define CRYPTO_CAMELLIA_CBC		21
-#define CRYPTO_SHA2_256			22
-#define CRYPTO_SHA2_384			23
-#define CRYPTO_SHA2_512			24
-#define CRYPTO_RIPEMD160		25
-#define	CRYPTO_LZS_COMP			26
-#define CRYPTO_ALGORITHM_MAX	26 /* Keep updated - see above */
-
-/* Algorithm flags */
-#define CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
-#define CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
-#define CRYPTO_ALG_FLAG_DSA_SHA		0x04 /* Can do SHA on msg */
-
-/*
- * Crypto driver/device flags.  They can set in the crid
- * parameter when creating a session or submitting a key
- * op to affect the device/driver assigned.  If neither
- * of these are specified then the crid is assumed to hold
- * the driver id of an existing (and suitable) device that
- * must be used to satisfy the request.
- */
-#define CRYPTO_FLAG_HARDWARE	0x01000000	/* hardware accelerated */
-#define CRYPTO_FLAG_SOFTWARE	0x02000000	/* software implementation */
-
-/* NB: deprecated */
-struct session_op {
-	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
-	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
-
-	u_int32_t	keylen;		/* cipher key */
-	caddr_t		key;
-	int		mackeylen;	/* mac key */
-	caddr_t		mackey;
-
-  	u_int32_t	ses;		/* returns: session # */ 
-};
-
-struct session2_op {
-	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
-	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
-
-	u_int32_t	keylen;		/* cipher key */
-	caddr_t		key;
-	int		mackeylen;	/* mac key */
-	caddr_t		mackey;
-
-  	u_int32_t	ses;		/* returns: session # */ 
-	int		crid;		/* driver id + flags (rw) */
-	int		pad[4];		/* for future expansion */
-};
-
-struct crypt_op {
-	u_int32_t	ses;
-	u_int16_t	op;		/* i.e. COP_ENCRYPT */
-#define COP_NONE	0
-#define COP_ENCRYPT	1
-#define COP_DECRYPT	2
-	u_int16_t	flags;
-#define	COP_F_BATCH	0x0008		/* Batch op if possible */
-	u_int		len;
-	caddr_t		src, dst;	/* become iov[] inside kernel */
-	caddr_t		mac;		/* must be big enough for chosen MAC */
-	caddr_t		iv;
-};
-
-/*
- * Parameters for looking up a crypto driver/device by
- * device name or by id.  The latter are returned for
- * created sessions (crid) and completed key operations.
- */
-struct crypt_find_op {
-	int		crid;		/* driver id + flags */
-	char		name[32];	/* device/driver name */
-};
-
-/* bignum parameter, in packed bytes, ... */
-struct crparam {
-	caddr_t		crp_p;
-	u_int		crp_nbits;
-};
-
-#define CRK_MAXPARAM	8
-
-struct crypt_kop {
-	u_int		crk_op;		/* ie. CRK_MOD_EXP or other */
-	u_int		crk_status;	/* return status */
-	u_short		crk_iparams;	/* # of input parameters */
-	u_short		crk_oparams;	/* # of output parameters */
-	u_int		crk_crid;	/* NB: only used by CIOCKEY2 (rw) */
-	struct crparam	crk_param[CRK_MAXPARAM];
-};
-#define CRK_ALGORITM_MIN	0
-#define CRK_MOD_EXP		0
-#define CRK_MOD_EXP_CRT		1
-#define CRK_DSA_SIGN		2
-#define CRK_DSA_VERIFY		3
-#define CRK_DH_COMPUTE_KEY	4
-#define CRK_ALGORITHM_MAX	4 /* Keep updated - see below */
-
-#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
-
-/*
- * done against open of /dev/crypto, to get a cloned descriptor.
- * Please use F_SETFD against the cloned descriptor.
- */
-#define CRIOGET		_IOWR('c', 100, u_int32_t)
-#define CRIOASYMFEAT	CIOCASYMFEAT
-#define CRIOFINDDEV	CIOCFINDDEV
-
-/* the following are done against the cloned descriptor */
-#define CIOCGSESSION	_IOWR('c', 101, struct session_op)
-#define CIOCFSESSION	_IOW('c', 102, u_int32_t)
-#define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
-#define CIOCKEY		_IOWR('c', 104, struct crypt_kop)
-#define CIOCASYMFEAT	_IOR('c', 105, u_int32_t)
-#define CIOCGSESSION2	_IOWR('c', 106, struct session2_op)
-#define CIOCKEY2	_IOWR('c', 107, struct crypt_kop)
-#define CIOCFINDDEV	_IOWR('c', 108, struct crypt_find_op)
-
-struct cryptotstat {
-	struct timespec	acc;		/* total accumulated time */
-	struct timespec	min;		/* min time */
-	struct timespec	max;		/* max time */
-	u_int32_t	count;		/* number of observations */
-};
-
-struct cryptostats {
-	u_int32_t	cs_ops;		/* symmetric crypto ops submitted */
-	u_int32_t	cs_errs;	/* symmetric crypto ops that failed */
-	u_int32_t	cs_kops;	/* asymetric/key ops submitted */
-	u_int32_t	cs_kerrs;	/* asymetric/key ops that failed */
-	u_int32_t	cs_intrs;	/* crypto swi thread activations */
-	u_int32_t	cs_rets;	/* crypto return thread activations */
-	u_int32_t	cs_blocks;	/* symmetric op driver block */
-	u_int32_t	cs_kblocks;	/* symmetric op driver block */
-	/*
-	 * When CRYPTO_TIMING is defined at compile time and the
-	 * sysctl debug.crypto is set to 1, the crypto system will
-	 * accumulate statistics about how long it takes to process
-	 * crypto requests@various points during processing.
-	 */
-	struct cryptotstat cs_invoke;	/* crypto_dipsatch -> crypto_invoke */
-	struct cryptotstat cs_done;	/* crypto_invoke -> crypto_done */
-	struct cryptotstat cs_cb;	/* crypto_done -> callback */
-	struct cryptotstat cs_finis;	/* callback -> callback return */
-
-	u_int32_t	cs_drops;		/* crypto ops dropped due to congestion */
-};
-
-#ifdef __KERNEL__
-
-/* Standard initialization structure beginning */
-struct cryptoini {
-	int		cri_alg;	/* Algorithm to use */
-	int		cri_klen;	/* Key length, in bits */
-	int		cri_mlen;	/* Number of bytes we want from the
-					   entire hash. 0 means all. */
-	caddr_t		cri_key;	/* key to use */
-	u_int8_t	cri_iv[EALG_MAX_BLOCK_LEN];	/* IV to use */
-	struct cryptoini *cri_next;
-};
-
-/* Describe boundaries of a single crypto operation */
-struct cryptodesc {
-	int		crd_skip;	/* How many bytes to ignore from start */
-	int		crd_len;	/* How many bytes to process */
-	int		crd_inject;	/* Where to inject results, if applicable */
-	int		crd_flags;
-
-#define CRD_F_ENCRYPT		0x01	/* Set when doing encryption */
-#define CRD_F_IV_PRESENT	0x02	/* When encrypting, IV is already in
-					   place, so don't copy. */
-#define CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
-#define CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
-#define CRD_F_KEY_EXPLICIT	0x10	/* Key explicitly provided */
-#define CRD_F_COMP		0x0f    /* Set when doing compression */
-
-	struct cryptoini	CRD_INI; /* Initialization/context data */
-#define crd_iv		CRD_INI.cri_iv
-#define crd_key		CRD_INI.cri_key
-#define crd_alg		CRD_INI.cri_alg
-#define crd_klen	CRD_INI.cri_klen
-#define crd_mlen	CRD_INI.cri_mlen
-
-	struct cryptodesc *crd_next;
-};
-
-/* Structure describing complete operation */
-struct cryptop {
-	struct list_head crp_next;
-	wait_queue_head_t crp_waitq;
-
-	u_int64_t	crp_sid;	/* Session ID */
-	int		crp_ilen;	/* Input data total length */
-	int		crp_olen;	/* Result total length */
-
-	int		crp_etype;	/*
-					 * Error type (zero means no error).
-					 * All error codes except EAGAIN
-					 * indicate possible data corruption (as in,
-					 * the data have been touched). On all
-					 * errors, the crp_sid may have changed
-					 * (reset to a new one), so the caller
-					 * should always check and use the new
-					 * value on future requests.
-					 */
-	int		crp_flags;
-
-#define CRYPTO_F_SKBUF		0x0001	/* Input/output are skbuf chains */
-#define CRYPTO_F_IOV		0x0002	/* Input/output are uio */
-#define CRYPTO_F_REL		0x0004	/* Must return data in same place */
-#define CRYPTO_F_BATCH		0x0008	/* Batch op if possible */
-#define CRYPTO_F_CBIMM		0x0010	/* Do callback immediately */
-#define CRYPTO_F_DONE		0x0020	/* Operation completed */
-#define CRYPTO_F_CBIFSYNC	0x0040	/* Do CBIMM if op is synchronous */
-
-	caddr_t		crp_buf;	/* Data to be processed */
-	caddr_t		crp_opaque;	/* Opaque pointer, passed along */
-	struct cryptodesc *crp_desc;	/* Linked list of processing descriptors */
-
-	int (*crp_callback)(struct cryptop *); /* Callback function */
-};
-
-#define CRYPTO_BUF_CONTIG	0x0
-#define CRYPTO_BUF_IOV		0x1
-#define CRYPTO_BUF_SKBUF		0x2
-
-#define CRYPTO_OP_DECRYPT	0x0
-#define CRYPTO_OP_ENCRYPT	0x1
-
-/*
- * Hints passed to process methods.
- */
-#define CRYPTO_HINT_MORE	0x1	/* more ops coming shortly */
-
-struct cryptkop {
-	struct list_head krp_next;
-	wait_queue_head_t krp_waitq;
-
-	int		krp_flags;
-#define CRYPTO_KF_DONE		0x0001	/* Operation completed */
-#define CRYPTO_KF_CBIMM		0x0002	/* Do callback immediately */
-
-	u_int		krp_op;		/* ie. CRK_MOD_EXP or other */
-	u_int		krp_status;	/* return status */
-	u_short		krp_iparams;	/* # of input parameters */
-	u_short		krp_oparams;	/* # of output parameters */
-	u_int		krp_crid;	/* desired device, etc. */
-	u_int32_t	krp_hid;
-	struct crparam	krp_param[CRK_MAXPARAM];	/* kvm */
-	int		(*krp_callback)(struct cryptkop *);
-};
-
-#include <ocf-compat.h>
-
-/*
- * Session ids are 64 bits.  The lower 32 bits contain a "local id" which
- * is a driver-private session identifier.  The upper 32 bits contain a
- * "hardware id" used by the core crypto code to identify the driver and
- * a copy of the driver's capabilities that can be used by client code to
- * optimize operation.
- */
-#define CRYPTO_SESID2HID(_sid)	(((_sid) >> 32) & 0x00ffffff)
-#define CRYPTO_SESID2CAPS(_sid)	(((_sid) >> 32) & 0xff000000)
-#define CRYPTO_SESID2LID(_sid)	(((u_int32_t) (_sid)) & 0xffffffff)
-
-extern	int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
-extern	int crypto_freesession(u_int64_t sid);
-#define CRYPTOCAP_F_HARDWARE	CRYPTO_FLAG_HARDWARE
-#define CRYPTOCAP_F_SOFTWARE	CRYPTO_FLAG_SOFTWARE
-#define CRYPTOCAP_F_SYNC	0x04000000	/* operates synchronously */
-extern	int32_t crypto_get_driverid(device_t dev, int flags);
-extern	int crypto_find_driver(const char *);
-extern	device_t crypto_find_device_byhid(int hid);
-extern	int crypto_getcaps(int hid);
-extern	int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
-	    u_int32_t flags);
-extern	int crypto_kregister(u_int32_t, int, u_int32_t);
-extern	int crypto_unregister(u_int32_t driverid, int alg);
-extern	int crypto_unregister_all(u_int32_t driverid);
-extern	int crypto_dispatch(struct cryptop *crp);
-extern	int crypto_kdispatch(struct cryptkop *);
-#define CRYPTO_SYMQ	0x1
-#define CRYPTO_ASYMQ	0x2
-extern	int crypto_unblock(u_int32_t, int);
-extern	void crypto_done(struct cryptop *crp);
-extern	void crypto_kdone(struct cryptkop *);
-extern	int crypto_getfeat(int *);
-
-extern	void crypto_freereq(struct cryptop *crp);
-extern	struct cryptop *crypto_getreq(int num);
-
-extern  int crypto_usercrypto;      /* userland may do crypto requests */
-extern  int crypto_userasymcrypto;  /* userland may do asym crypto reqs */
-extern  int crypto_devallowsoft;    /* only use hardware crypto */
-
-/*
- * random number support,  crypto_unregister_all will unregister
- */
-extern int crypto_rregister(u_int32_t driverid,
-		int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg);
-extern int crypto_runregister_all(u_int32_t driverid);
-
-/*
- * Crypto-related utility routines used mainly by drivers.
- *
- * XXX these don't really belong here; but for now they're
- *     kept apart from the rest of the system.
- */
-struct uio;
-extern	void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
-extern	void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
-extern	struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
-
-extern	void crypto_copyback(int flags, caddr_t buf, int off, int size,
-	    caddr_t in);
-extern	void crypto_copydata(int flags, caddr_t buf, int off, int size,
-	    caddr_t out);
-extern	int crypto_apply(int flags, caddr_t buf, int off, int len,
-	    int (*f)(void *, void *, u_int), void *arg);
-
-#endif /* __KERNEL__ */
-#endif /* _CRYPTO_CRYPTO_H_ */
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 51a00dd..526a5dd 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -12,14 +12,8 @@ OPENSSL_TARGET_ARCH = generic32
 OPENSSL_CFLAGS = $(TARGET_CFLAGS)
 
 ifeq ($(BR2_PACKAGE_OPENSSL_OCF),y)
-OPENSSL_CFLAGS += -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
-
-define OPENSSL_INSTALL_CRYPTODEV_H
-$(INSTALL) -D package/openssl/ocf-cryptodev-20101223.h \
-	$(STAGING_DIR)/usr/include/crypto/cryptodev.h
-endef
-
-OPENSSL_POST_EXTRACT_HOOKS += OPENSSL_INSTALL_CRYPTODEV_H
+	OPENSSL_CFLAGS += -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
+	OPENSSL_DEPENDENCIES += ocf
 endif
 
 # Some architectures are optimized in OpenSSL
-- 
1.7.3.4

[Buildroot] [PATCH 4/4] openswan: new package

[Gustavo Zacarias]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/Config.in            |    1 +
 package/openswan/Config.in   |    8 ++++++++
 package/openswan/openswan.mk |   35 +++++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+), 0 deletions(-)
 create mode 100644 package/openswan/Config.in
 create mode 100644 package/openswan/openswan.mk

diff --git a/package/Config.in b/package/Config.in
index 4943909..aeec8bd 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -456,6 +456,7 @@ source "package/nuttcp/Config.in"
 source "package/olsr/Config.in"
 source "package/openntpd/Config.in"
 source "package/openssh/Config.in"
+source "package/openswan/Config.in"
 source "package/openvpn/Config.in"
 source "package/portmap/Config.in"
 source "package/pppd/Config.in"
diff --git a/package/openswan/Config.in b/package/openswan/Config.in
new file mode 100644
index 0000000..3336156
--- /dev/null
+++ b/package/openswan/Config.in
@@ -0,0 +1,8 @@
+config BR2_PACKAGE_OPENSWAN
+	bool "openswan"
+	select BR2_PACKAGE_GMP
+	select BR2_PACKAGE_IPROUTE2
+	help
+	  Openswan is an implementation of IPsec for Linux
+
+	  http://www.openswan.org
diff --git a/package/openswan/openswan.mk b/package/openswan/openswan.mk
new file mode 100644
index 0000000..dbd2557
--- /dev/null
+++ b/package/openswan/openswan.mk
@@ -0,0 +1,35 @@
+#############################################################
+#
+# openswan
+#
+#############################################################
+
+OPENSWAN_VERSION = 2.6.36
+OPENSWAN_SITE = http://www.openswan.org/download
+OPENSWAN_DEPENDENCIES = host-bison gmp iproute2
+OPENSWAN_MAKEOPT = ARCH=$(BR2_ARCH) CC="$(TARGET_CC)" \
+	USERCOMPILE="$(TARGET_CFLAGS)" INC_USRLOCAL=/usr \
+	USE_KLIPS=false USE_MAST=false USE_NM=false
+
+ifeq ($(BR2_PACKAGE_LIBCURL),y)
+	OPENSWAN_DEPENDENCIES = libcurl
+	OPENSWAN_MAKEOPT += USE_LIBCURL=true
+endif
+
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+	OPENSWAN_DEPENDENCIES += openssl
+	OPENSWAN_MAKEOPT += HAVE_OPENSSL=true
+ifeq ($(BR2_PACKAGE_OPENSSL_OCF),y)
+	OPENSWAN_MAKEOPT += HAVE_OCF=true
+endif
+endif
+
+define OPENSWAN_BUILD_CMDS
+	$(MAKE) -C $(@D) $(OPENSWAN_MAKEOPT) programs
+endef
+
+define OPENSWAN_INSTALL_TARGET_CMDS
+	$(MAKE) -C $(@D) $(OPENSWAN_MAKEOPT) DESTDIR=$(TARGET_DIR) install
+endef
+
+$(eval $(call GENTARGETS))
-- 
1.7.3.4

[Buildroot] [PATCH 1/4] pppd: bugfixes and enhancements

[Thomas Petazzoni]

Le Thu, 20 Oct 2011 14:48:50 -0300,
Gustavo Zacarias <gustavo@zacarias.com.ar> a ?crit :

> Fix exponential timeout bug for PPPoE.
> Fix undefined (0.0.0.0) default gateway issue.
> Add adaptive LCP echo patch and gateway metric functionality.
> 
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Have those patches been submitted upstream ? We really don't want to
start accumulating too many non-build related patches, such as bug
fixes or feature additions.

Thanks!

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 1/4] pppd: bugfixes and enhancements

[Gustavo Zacarias]

On 21.10.2011 03:51, Thomas Petazzoni wrote:

> Have those patches been submitted upstream ? We really don't want to
> start accumulating too many non-build related patches, such as bug
> fixes or feature additions.
>
> Thanks!
>
> Thomas

Yes.
Debian and OpenWRT have some of them too (not quite exactly the same 
but they do the same).
It's pretty likely that the default gateway patch won't be merged 
upstream from what i've read, the argument being somewhat in the lines 
of desktop security versus embedded and siding with the first. However 
it's pretty much required for openswan to work correctly or we'd have to 
do some very nasty scripts to deal with it (openswan not working out of 
the box).
Regards.