I've wasted a lot of time in 2013. I've always find some shity execuses, like "I'm fucking busy recently" to delay my hacking journey of kernel rootkit. This was supposed to be done a couple of months ago. Thank L0rd! I found a slot during Chinese new year vacation at my hometown. I begun the adventure of rootkit hacking. I've read a bunch of great Phrack papers from the old good hacking days. It's old but it'd help.
---------------------------------------------------------------
[Weakening the Linux Kernel, Phrack Magazine Volume 8, Issue 52
January 26, 1998, article 18 of 20]
http://www.phrack.org/issues.html?issue=52&id=18&mode=txt
[Advances in Kernel Hacking, Volume 0x0b, Issue 58, Phile #0x06 of
0x0e]
http://www.phrack.org/issues.html?issue=58&id=6&mode=txt
[Handling Interrupt Descriptor Table for fun and profit, Volume 0x0b,
Issue 59, Phile #0x04 of 0x12]
http://www.phrack.org/issues.html?issue=59&id=4&mode=txt
[Kernel Rootkit Experiences, Volume 0x0b, Issue 61, Phile 0x0e of
0x0f]
http://www.phrack.org/issues.html?issue=61&id=14&mode=txt
[Mistifying the debugger, Volume 0x0c, Issue 65, Phile #0x08 of
0x0f]
http://www.phrack.org/issues.html?issue=65&id=8&mode=txt
Especially thanks to THC's paper, which was released in 1999:
[Complete Linux Loadable Kernel Modules]
https://www.thc.org/papers/LKM_HACKING.html
---------------------------------------------------------------
I wrote a simple rootkit that can only hide a specific file. Just a
few old school steps could make its feature possible:
Firstly, we need to retrieve the system call table. But it's no longer
exported since 2.6. Fortunately, there's still a few system calls are
exported. sys_close() is one of them:
--------------------------------------
root@d6-test:/home/shawn# grep sys_close /boot/System.map-3.13.0
c10e0aa1 T sys_close
c140fdc4 R __ksymtab_sys_close
c141815c r __kcrctab_sys_close
c1420e33 r __kstrtab_sys_close
--------------------------------------
I used a brute force way to locate that system call. I learned it from
memset's blog:
https://memset.wordpress.com/2011/03/18/syscall-hijacking-dynamically-obtain-syscall-table-address-kernel-2-6-x-2/
Start mem addr would be 0xc0000000, then it would try it repeatly unti
it locate sys_close()'s addr.
Then, write protection bit in cr0 has to be shut down. WP bit is the
16th bit in cr0 register.
31 30 29 28 19 18 17 16 15 6 5 4 3 2 1 0
+----------------------------------------------------------------------+
|PG|CD |NW|-----------------|AM|---|WP|--------------|NE|ET|TS|EM|MP|PE|
+----------------------------------------------------------------------+
After we done above steps, we are able to hijack the system call we
want. Here I choose to hijack getdents64(). Why? Because all I wanna
do is hide a specific file from "ls". Let's see what "ls" would
usually do:
------------------------------------------
// begin.........
execve("/bin/ls", ["ls"], [/* 16 vars */]) = 0
brk(0) = 0x8366000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7791000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=19346, ...}) = 0
.......................
.......................
.......................
// look, that's it
getdents64(3, /* 17 entries */, 32768) = 544
getdents64(3, /* 0 entries */, 32768) = 0
close(3) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7790000
.......................
// then it would display them in the standard out(1)
write(1, "a.out dirent.c dirent.c~ insi"..., 107a.out dirent.c dirent.c~ insight-lab libmnl libnftables linux-3.13 linux-3.13.tar my_tmp nftables
) = 107
.......................
------------------------------------------
The only struct from kernel we have to face is:
-------------------------------------------------------------------
struct linux_dirent {
unsigned long d_ino; /* Inode number */
unsigned long d_off; /* Offset to next linux_dirent */
unsigned short d_reclen; /* Length of this linux_dirent */
char d_name[]; /* Filename (null-terminated) */
/* length is actually (d_reclen - 2 -
offsetof(struct linux_dirent, d_name) */
/*
char pad; // Zero padding byte
char d_type; // File type (only since Linux 2.6.4;
// offset is (d_reclen - 1))
*/
}
-------------------------------------------------------------------
d_reclen is size of the current linux_dirent64, it does matters. Plz
read the fucking source code for any detail! Well, like in good old days, I drew an ascii big picture here.
May the L0rd's hacking spirit guide us!!!
Showing posts with label gnu/linux. Show all posts
Showing posts with label gnu/linux. Show all posts
Thursday, February 06, 2014
Monday, April 01, 2013
Vuln assessment for PALADIN forensic tools free version
I went to the China Mac Forensic Conference last week. This was my 1st time I attended a security con about forensic. Some of security guys gave us a few free speech and it's all about forensic. In forenisc field, the only stuff I've know its Lynis which was written by Michael Boelen. They were talking about forensic stuff on Mac/iOS platforms in the morning. That made me a little boring. But what else can I blame about? This conference is called Mac-Forensic*. Fortunately, I found something very interesting at the afternoon. A company named SUMURI providing a forensic solution which based on GNU/Linux. This GNU/Linux distro is called "PALADIN". I got a free Live-DVD and booted it up in scene. Well, I was fuc* exicting because I got tens of shitloads of information about Mac/iOS in that day. Now I had something I'm familiar with: GNU/Linux. I found some potential risks for PALADIN GNU/Linux distro. I've already notified them. Hope they could spend more time on sec stuff.
OK. When PALADIN booted up, you can see the ubuntu-like( Unity?) GUI:
PALADIN provides a lot of open source forensic tools:
In the free version, the only closed-tool is "PALADIN Toolbox" which can be found in the Desktop and the binary file is located in /usr/bin/toolbox. This binary is using many free/open source libraries. The 1st potential issue is violation of free/open source licenses. Then I asked Steve Whalen "are you sure that toolbox has no violation of the free/open source licenses" in the scene. His answer is pretty sure that the toolbox won't be violated any free/open source licenses:
Then, I took a few mins to investigation on the binary. Firstly, the entry address:
And, it doesn't have any anti-debugging features( my examples) in it. If your asset is a closed-source binary. You should do anti-debug. A skilled reverse engineer is able to find the security issue by reversing the binary in very *short* time:
ASLR is turned on. "2" is very good, which means the kernel do the randomize for stack and heap separately. AFAIK, the issue is the ASLR only work with PIE.
Lucky Thirteen Attack is a big issue recently. The current openssl version is affected.
Well, this is it. I've done the investigation when a guy told me it's time to smb break. I'm very happy to see the company like SUMURI brings GNU/Linux into the forensic field.
OK. When PALADIN booted up, you can see the ubuntu-like( Unity?) GUI:
PALADIN provides a lot of open source forensic tools:
In the free version, the only closed-tool is "PALADIN Toolbox" which can be found in the Desktop and the binary file is located in /usr/bin/toolbox. This binary is using many free/open source libraries. The 1st potential issue is violation of free/open source licenses. Then I asked Steve Whalen "are you sure that toolbox has no violation of the free/open source licenses" in the scene. His answer is pretty sure that the toolbox won't be violated any free/open source licenses:
Then, I took a few mins to investigation on the binary. Firstly, the entry address:
And, it doesn't have any anti-debugging features( my examples) in it. If your asset is a closed-source binary. You should do anti-debug. A skilled reverse engineer is able to find the security issue by reversing the binary in very *short* time:
ASLR is turned on. "2" is very good, which means the kernel do the randomize for stack and heap separately. AFAIK, the issue is the ASLR only work with PIE.
Lucky Thirteen Attack is a big issue recently. The current openssl version is affected.
Well, this is it. I've done the investigation when a guy told me it's time to smb break. I'm very happy to see the company like SUMURI brings GNU/Linux into the forensic field.
Thursday, May 20, 2010
port GNU/Linux kernel 2.6.28.9 to ixp435
Copyright (c) Shawn the R0ck.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation;with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.A copy of the license is included in the section entitled "GNU Free Documentation License".
I have port (by a company Im working for) to ixp420 last month. That would not be fit in your kernel.A standard kernel 2.6.28.9 has been successful to port on kixrp435(ixp435 reference platform) dev-board recently. Im gonna share with you guys about it. There are few stuffs you need to get before you start the hack.
1,Download the files that you will use
2,try to get a cross-compiler(I have been using a customized GNU toolchains by timesys).My armv5b-linux-gcc version is 3.4.1-7
3,Of course you need a kernel-2.6.28.9
4(optional), you can use the rootfs I created.
I totally agree with Ken Thompson said"This is a consequence rather than a goal. I abhor a system designed for the "user", if that word is a coded pejorative meaning "stupid and unsophisticated". That's a good reason dont be expected the doc(or is called "log") might be readable as a literature. I'm writting this for hackers but not as users. Hope can helps.
happy hacking!
May Lord's hacking spirit guide us!
decompress files:
#tar jxvf linux-2.6.28.9
#unzip BSD_ixp400AccessLibrary-3_0.zip
#unzip IPL_ixp400NpeLibrary-3_0.zip
#unzip BSD_ixp400PMU-3_0.zip
#cp -r linux-2.6.28.9/arch/arm/mach-ixp4xx/include/mach linux-2.6.28.9/include
#cp linux-2.6.28.9/arch/arm/include/asm/* linux-2.6.28.9/include/asm/
do "source ixp400_xscale_sw/buildUtils/environment.linux.sh" after you have already set the right path in: ixp400_xscale_sw/buildUtils/environment.linux.sh
Copy the Makefile and Kconfig to your kernel directory that may be:linux-2.6.28.9/driver/net
#cp ixp400_eth.c IxLinuxEDDIoctl.h linux-2.6.28/driver/net
#cp config.bak linux-2.6.28.9/
#cp semaphore.c linux-2.6.28.9/kernel
#cp semaphore.h linux-2.6.28.9/include/linux
edit ixp_osal/platforms/ixp43X/os/linux/include/IxOsalOsOem.h:
replace:
#include "asm/hardware.h"
#include "asm/arch/irqs.h"
with:
#include "mach/hardware.h"
#include "mach/irqs.h"
edit ixp_osal/common/os/linux/include/core/IxOsalOsTypes.h
replace:
#include "asm/semaphore.h"
with:
#include "linux/semaphore.h"
edit ixp_osal/common/os/linux/include/core/IxOsalOs.h
replace "consistent_sync" with "dma_cache_maint"
edit ixp400_xscale_sw/src/oslinux/IxLinuxInit.c
1,add #include "linux/fs.h"
2,comment these 3 lines:
/* if (unregister_chrdev(DEV_IXNPE_MAJOR_NUMBER, "ixNpe"))
{
printk (KERN_ERR "Failed to unregister driver for
/dev/ixNpe\n");
}*/
And,add a line above it:
unregister_chrdev(DEV_IXNPE_MAJOR_NUMBER, "ixNpe")
edit
ixp400_xscale_sw/ixp_osal/common/os/linux/src/modules/ddk/IxOsalOsDdkIrq.c
replace "SA_SHIRQ" with "IRQF_SHARED"
check your kernel config
# make $IX_KBUILD_CROSSCOMPILE menuconfig
compile kernel
# make $IX_KBUILD_CROSSCOMPILE
compile npe driver
# cd ixp400_xscale_sw
# make all
then you will get 3 files(ixp400.ko,IxNpeMicrocode.dat,ixp400_eth.ko)
that's all your ixp435 platform needs.
# insmod ixp400.ko
ixp400: module license 'unspecified' taints kernel.
# cat IxNpeMicrocode.dat > /dev/ixNpe
# insmod ixp400_eth.ko
ixp400_eth: Initializing IXP400 NPE Ethernet driver software v. 1.8
ixp400_eth: CPU clock speed (approx) = 398 MHz
ixp400_eth: Found PHY 0 at address 1
ixp400_eth: Found PHY 1 at address 2
ixp400_eth: Found PHY 2 at address 3
ixp400_eth: Found PHY 3 at address 4
ixp400_eth: Found PHY 4 at address 5
ixp400_eth: ixp1 is using NPEC and the PHY at address 1
ixp400_eth: ixp2 is using NPEA and the PHY at address 2
ixp400_eth: Use default MAC address 00:02:b3:02:02:02 for port 1
ixp400_eth: Use default MAC address 00:02:b3:03:03:03 for port 2
see,it works!
btw:I found a community the named openixp provided many FOSS solutions on ixp platform.unfortunately, it seems it was not update for a "while"
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation;with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.A copy of the license is included in the section entitled "GNU Free Documentation License".
I have port (by a company Im working for) to ixp420 last month. That would not be fit in your kernel.A standard kernel 2.6.28.9 has been successful to port on kixrp435(ixp435 reference platform) dev-board recently. Im gonna share with you guys about it. There are few stuffs you need to get before you start the hack.
1,Download the files that you will use
2,try to get a cross-compiler(I have been using a customized GNU toolchains by timesys).My armv5b-linux-gcc version is 3.4.1-7
3,Of course you need a kernel-2.6.28.9
4(optional), you can use the rootfs I created.
I totally agree with Ken Thompson said"This is a consequence rather than a goal. I abhor a system designed for the "user", if that word is a coded pejorative meaning "stupid and unsophisticated". That's a good reason dont be expected the doc(or is called "log") might be readable as a literature. I'm writting this for hackers but not as users. Hope can helps.
happy hacking!
May Lord's hacking spirit guide us!
decompress files:
#tar jxvf linux-2.6.28.9
#unzip BSD_ixp400AccessLibrary-3_0.zip
#unzip IPL_ixp400NpeLibrary-3_0.zip
#unzip BSD_ixp400PMU-3_0.zip
#cp -r linux-2.6.28.9/arch/arm/mach-ixp4xx/include/mach linux-2.6.28.9/include
#cp linux-2.6.28.9/arch/arm/include/asm/* linux-2.6.28.9/include/asm/
do "source ixp400_xscale_sw/buildUtils/environment.linux.sh" after you have already set the right path in: ixp400_xscale_sw/buildUtils/environment.linux.sh
Copy the Makefile and Kconfig to your kernel directory that may be:linux-2.6.28.9/driver/net
#cp ixp400_eth.c IxLinuxEDDIoctl.h linux-2.6.28/driver/net
#cp config.bak linux-2.6.28.9/
#cp semaphore.c linux-2.6.28.9/kernel
#cp semaphore.h linux-2.6.28.9/include/linux
edit ixp_osal/platforms/ixp43X/os/linux/include/IxOsalOsOem.h:
replace:
#include "asm/hardware.h"
#include "asm/arch/irqs.h"
with:
#include "mach/hardware.h"
#include "mach/irqs.h"
edit ixp_osal/common/os/linux/include/core/IxOsalOsTypes.h
replace:
#include "asm/semaphore.h"
with:
#include "linux/semaphore.h"
edit ixp_osal/common/os/linux/include/core/IxOsalOs.h
replace "consistent_sync" with "dma_cache_maint"
edit ixp400_xscale_sw/src/oslinux/IxLinuxInit.c
1,add #include "linux/fs.h"
2,comment these 3 lines:
/* if (unregister_chrdev(DEV_IXNPE_MAJOR_NUMBER, "ixNpe"))
{
printk (KERN_ERR "Failed to unregister driver for
/dev/ixNpe\n");
}*/
And,add a line above it:
unregister_chrdev(DEV_IXNPE_MAJOR_NUMBER, "ixNpe")
edit
ixp400_xscale_sw/ixp_osal/common/os/linux/src/modules/ddk/IxOsalOsDdkIrq.c
replace "SA_SHIRQ" with "IRQF_SHARED"
check your kernel config
# make $IX_KBUILD_CROSSCOMPILE menuconfig
compile kernel
# make $IX_KBUILD_CROSSCOMPILE
compile npe driver
# cd ixp400_xscale_sw
# make all
then you will get 3 files(ixp400.ko,IxNpeMicrocode.dat,ixp400_eth.ko)
that's all your ixp435 platform needs.
# insmod ixp400.ko
ixp400: module license 'unspecified' taints kernel.
# cat IxNpeMicrocode.dat > /dev/ixNpe
# insmod ixp400_eth.ko
ixp400_eth: Initializing IXP400 NPE Ethernet driver software v. 1.8
ixp400_eth: CPU clock speed (approx) = 398 MHz
ixp400_eth: Found PHY 0 at address 1
ixp400_eth: Found PHY 1 at address 2
ixp400_eth: Found PHY 2 at address 3
ixp400_eth: Found PHY 3 at address 4
ixp400_eth: Found PHY 4 at address 5
ixp400_eth: ixp1 is using NPEC and the PHY at address 1
ixp400_eth: ixp2 is using NPEA and the PHY at address 2
ixp400_eth: Use default MAC address 00:02:b3:02:02:02 for port 1
ixp400_eth: Use default MAC address 00:02:b3:03:03:03 for port 2
see,it works!
btw:I found a community the named openixp provided many FOSS solutions on ixp platform.unfortunately, it seems it was not update for a "while"
Thursday, April 08, 2010
port GNU/Linux kernel-2.6.28 to ixp4xx(420)
Copyright (c) Shawn the R0ck.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation;with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.A copy of the license is included in the section entitled "GNU Free Documentation License".
I have been doing some porting on ixp4xx(420) for weeks.the boring one is that port the network adapter to kernel-2.6.28.Perhaps there's many ways could be done this job.I tried compile the ixp4xx drivers into kernel-2.6.28.And needed to change a lot in driver code which for fit in the data structures of kernel high-speed changes.in the end,you still need the intel full of shits(accessLib and something else) to provided a link library for complete the compiliation of kernel.Because of Intel as big corporation would never like to accept spirit of GPL and they made a abstraction layer is called accessLib which is followed BSD-license.Intel wants to copping out GPL license and that was the way.The wrost thing is my cross-compiler cant not gernerate these libs.dont laugh on me,I have try more than 4 verions of cross-compilers that all failed.That's why I have to pick a easy way to done this job.That way is port the shit used by snapgear...Hope this roughly document could give you help!
1.Download snapgear-4.0 and extract the files into a folder of snapgear.Download GNU/Linux kernel 2.6.28,you need to move the kernel(after extracted) into directory of snapgear and changes the named of "linux-2.6.28" to "linux-2.6.x"(bash:mv linux-2.6.28 linux-2.6.x).
2.download snapgear-modules-20090807.sh,then move it to snapgear.you will get 4 files after execution(bash: ./snapgear-modules-20090807).And follow the "sexy" README files steps to patching your snapgear distro.
3.because of you wanna get npe modules that you have to add something to linux-2.6.x/Makefile.Find where vmlinux-dirs and vmlinux-alldirs are,and looks like this after correct edited:
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
$(net-y) $(net-m) $(libs-y) $(libs-m) $(EXTRA_MODULE_DIRS)))
vmlinux-alldirs := $(sort $(vmlinux-dirs) $(patsubst %/,%,$(filter %/, \
$(init-n) $(init-) \
$(core-n) $(core-) $(drivers-n) $(drivers-) \
$(net-n) $(net-) $(libs-n) $(libs-) $(EXTRA_MODULE_DIRS))))
4.if you dont wanna get a error like "/home/snapgear/modules/ixp425/net-2.4/ixp400_eth.c: In function 'port_disable': /home/snapgear/modules/ixp425/net-2.4/ixp400_eth.c:2836: error: implicit declaration of function 'kill_proc'",you need to edit the file of ixp400_eth.c.
before edited:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,29)
#include "linux..."
#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
#endif
after edited:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
#include "linux..."
#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
#endif
5.continue to editing a right $(AWK) execution path.add vmlinux-only-dirs = $(filter-out /%,$(vmlinux-dirs)) into linux2.6.x/Makefile for a proper place and replace vmlinux-dirs with vmlinux-only-dirs.Only the second "vmlinux-dirs" need to be replaced that looks like this:
PHONY += modules
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-only-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
6.snapgear wouldnt gernerate a right path for ixp400_eth.ko.so you still need to change the linux-2.6.x/scripts/Makefile.modinst like this:
modinst_dir = $(subst $(dir $(TOPDIR))modules/,,$(if $(KBUILD_EXTMOD),$(ext-mod-dir),kernel/$(@D)))
7.edit snapgear\modules\ixp425\ixp400-2.4\ixp400_xscale_sw\src\ethMii\IxEthMii_p.h.add "#define IX_ETH_MII_IP175C_PHY_ID 0x02430d80" near by behind the "/* supported PHYs */"
And,turn to the 172th line of snapgear\modules\ixp425\ixp400-2.4\ixp400_xscale_sw\src\ethMii\IxEthMii.c.Add "|| (ixEthMiiPhyId[i] == IX_ETH_MII_IP175C_PHY_ID)" to where behind the "|| (ixEthMiiPhyId[i] == IX_ETH_MII_RTL8305SC_PHY_ID)"
I tested a version of which doesnt made the changes and snapgear pop up some error.But the network adapter is still works.I dont know what exactly effect on it.
8.you will get a compile error "/home/snapgear/modules/ixp425/net-2.4/ixp400_eth.c:2025: error: implicit declaration of function '_netif_rx_schedule_prep'" when you select the NAPI option.
The solution is edit ixp400_eth.c,before edited:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
priv_data_t *priv = netdev_priv(ndev);
if(napi_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__napi_schedule(&priv->napi);
}
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,29)
priv_data_t *priv = netdev_priv(ndev);
if(netif_rx_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__netif_rx_schedule(&priv->napi);
}
done the edit:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
priv_data_t *priv = netdev_priv(ndev);
if(napi_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__napi_schedule(&priv->napi);
}
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
priv_data_t *priv = netdev_priv(ndev);
if(netif_rx_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__netif_rx_schedule(&priv->napi);
}
finnlay,you need to type a few command lines after booting the ixp4xx-board:
# insmod ixp400.ko
# cat /etc/IxNpeMicrocode.dat > /dev/ixNpe
# insmod ixp400_eth.ko
ixp400_eth: Initializing IXP400 NPE Ethernet driver software v. 1.7SG
ixp400_eth: CPU clock speed (approx) = 266 MHz
[warning] ixNpeDlNpeMgrInit - Warning:NPEA is not present.
ixp400_eth: ixp0 is using NPEB and the PHY at address 0
ixp400_eth: ixp1 is using NPEC and the PHY at address 1
ixp400_eth: Use default MAC address 00:02:b3:01:01:01 for port 0
ixp400_eth: Use default MAC address 00:02:b3:02:02:02 for port 1
dont even think that you have done all works of port.of course no~your ixp420 needed 2 network cables plug into 2 RJ-45 interfaces which one for TX and another for RX.I dont figure it out yet.Im still hacking on it.I found out that some functions which writing datas into registers of ip175c net chip got something wrong.Now the ixp4xx can writing the data correctly but still cant send or receive the datas from network within one network adapter.
port is a muscular work,definitely:-)
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation;with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.A copy of the license is included in the section entitled "GNU Free Documentation License".
I have been doing some porting on ixp4xx(420) for weeks.the boring one is that port the network adapter to kernel-2.6.28.Perhaps there's many ways could be done this job.I tried compile the ixp4xx drivers into kernel-2.6.28.And needed to change a lot in driver code which for fit in the data structures of kernel high-speed changes.in the end,you still need the intel full of shits(accessLib and something else) to provided a link library for complete the compiliation of kernel.Because of Intel as big corporation would never like to accept spirit of GPL and they made a abstraction layer is called accessLib which is followed BSD-license.Intel wants to copping out GPL license and that was the way.The wrost thing is my cross-compiler cant not gernerate these libs.dont laugh on me,I have try more than 4 verions of cross-compilers that all failed.That's why I have to pick a easy way to done this job.That way is port the shit used by snapgear...Hope this roughly document could give you help!
1.Download snapgear-4.0 and extract the files into a folder of snapgear.Download GNU/Linux kernel 2.6.28,you need to move the kernel(after extracted) into directory of snapgear and changes the named of "linux-2.6.28" to "linux-2.6.x"(bash:mv linux-2.6.28 linux-2.6.x).
2.download snapgear-modules-20090807.sh,then move it to snapgear.you will get 4 files after execution(bash: ./snapgear-modules-20090807).And follow the "sexy" README files steps to patching your snapgear distro.
3.because of you wanna get npe modules that you have to add something to linux-2.6.x/Makefile.Find where vmlinux-dirs and vmlinux-alldirs are,and looks like this after correct edited:
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
$(net-y) $(net-m) $(libs-y) $(libs-m) $(EXTRA_MODULE_DIRS)))
vmlinux-alldirs := $(sort $(vmlinux-dirs) $(patsubst %/,%,$(filter %/, \
$(init-n) $(init-) \
$(core-n) $(core-) $(drivers-n) $(drivers-) \
$(net-n) $(net-) $(libs-n) $(libs-) $(EXTRA_MODULE_DIRS))))
4.if you dont wanna get a error like "/home/snapgear/modules/ixp425/net-2.4/ixp400_eth.c: In function 'port_disable': /home/snapgear/modules/ixp425/net-2.4/ixp400_eth.c:2836: error: implicit declaration of function 'kill_proc'",you need to edit the file of ixp400_eth.c.
before edited:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,29)
#include "linux..."
#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
#endif
after edited:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
#include "linux..."
#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
#endif
5.continue to editing a right $(AWK) execution path.add vmlinux-only-dirs = $(filter-out /%,$(vmlinux-dirs)) into linux2.6.x/Makefile for a proper place and replace vmlinux-dirs with vmlinux-only-dirs.Only the second "vmlinux-dirs" need to be replaced that looks like this:
PHONY += modules
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-only-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
6.snapgear wouldnt gernerate a right path for ixp400_eth.ko.so you still need to change the linux-2.6.x/scripts/Makefile.modinst like this:
modinst_dir = $(subst $(dir $(TOPDIR))modules/,,$(if $(KBUILD_EXTMOD),$(ext-mod-dir),kernel/$(@D)))
7.edit snapgear\modules\ixp425\ixp400-2.4\ixp400_xscale_sw\src\ethMii\IxEthMii_p.h.add "#define IX_ETH_MII_IP175C_PHY_ID 0x02430d80" near by behind the "/* supported PHYs */"
And,turn to the 172th line of snapgear\modules\ixp425\ixp400-2.4\ixp400_xscale_sw\src\ethMii\IxEthMii.c.Add "|| (ixEthMiiPhyId[i] == IX_ETH_MII_IP175C_PHY_ID)" to where behind the "|| (ixEthMiiPhyId[i] == IX_ETH_MII_RTL8305SC_PHY_ID)"
I tested a version of which doesnt made the changes and snapgear pop up some error.But the network adapter is still works.I dont know what exactly effect on it.
8.you will get a compile error "/home/snapgear/modules/ixp425/net-2.4/ixp400_eth.c:2025: error: implicit declaration of function '_netif_rx_schedule_prep'" when you select the NAPI option.
The solution is edit ixp400_eth.c,before edited:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
priv_data_t *priv = netdev_priv(ndev);
if(napi_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__napi_schedule(&priv->napi);
}
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,29)
priv_data_t *priv = netdev_priv(ndev);
if(netif_rx_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__netif_rx_schedule(&priv->napi);
}
done the edit:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
priv_data_t *priv = netdev_priv(ndev);
if(napi_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__napi_schedule(&priv->napi);
}
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
priv_data_t *priv = netdev_priv(ndev);
if(netif_rx_schedule_prep(&priv->napi))
{
ixEthAccQMgrRxNotificationDisableQueue(i);
ixQMgrNotificationDisable(i);
__netif_rx_schedule(&priv->napi);
}
finnlay,you need to type a few command lines after booting the ixp4xx-board:
# insmod ixp400.ko
# cat /etc/IxNpeMicrocode.dat > /dev/ixNpe
# insmod ixp400_eth.ko
ixp400_eth: Initializing IXP400 NPE Ethernet driver software v. 1.7SG
ixp400_eth: CPU clock speed (approx) = 266 MHz
[warning] ixNpeDlNpeMgrInit - Warning:NPEA is not present.
ixp400_eth: ixp0 is using NPEB and the PHY at address 0
ixp400_eth: ixp1 is using NPEC and the PHY at address 1
ixp400_eth: Use default MAC address 00:02:b3:01:01:01 for port 0
ixp400_eth: Use default MAC address 00:02:b3:02:02:02 for port 1
dont even think that you have done all works of port.of course no~your ixp420 needed 2 network cables plug into 2 RJ-45 interfaces which one for TX and another for RX.I dont figure it out yet.Im still hacking on it.I found out that some functions which writing datas into registers of ip175c net chip got something wrong.Now the ixp4xx can writing the data correctly but still cant send or receive the datas from network within one network adapter.
port is a muscular work,definitely:-)
Subscribe to:
Posts (Atom)