Kernel for LRP/LEAF linux systems WARNINGS: The kernel configuration file lists the IPSec patch for FreeS/WAN and the IPSec masquerading module (part of the VPN-Masq patch) as in-compatible. Do NOT try to use both at the same time! If you are building on a debian slink system, you may have to compile and install the bz2 tools first, as some of the patch files are bz2 compressed, and my debian slink system didn't have bz2 available. If you want to compile the Intel drivers, you may need the latest copy of make, and you may have to edit the makefile. The Intel makefiles attempt to locate the kernel source, and use the first valid kernel source tree they find, which may not be your LRP source tree. Just set KSP := /usr/src/linux (or wherever your LRP kernel tree lives) and all will be well. Kernel versions: The "small" kernels are missing the following features of the "normal" kernels: IP: multicasting IP: advanced router IP: use FWMARK value as routing key IP: multicast routing The IPv6 protocol IPX: Full internal IPX network IPX: SPX networking LAPB Data Link Driver Bridging QoS and/or fair queueing Mouse Support (not serial mice) Reiserfs support Support for console on serial port All kernels include IDE support, although support is modularized in kernels without -IDE in their name. The -IDE kernels also include support for generic PCI chipsets, and will enable support for DMA, if available (the kernels with modular IDE support do not include PCI chipset or DMA support). To build a kernel, use the following procedure: Download a clean 2.2.19 kernel source tarball and place into /usr/src/ Download the -source.tar.gz file, which contains the patches required, and a script to apply them. This file should be available from http://leaf.sourceforge.net or wherever you obtained your disk image. Apply patches to create a LEAF kernel tree. The easiest way to do this is by running one of the following scripts: ./make-LEAF-kernel For 'small' and 'normal' kernels ./make-LEAF-RAID-kernel For 'RAID' kernels IMPORTANT - Watch for any errors when running the scripts, above. You may have to edit the script to work properly on your system. WARNING - The above scripts will remove any /usr/src/linux directory or symlink, and replace it with a symlink to the new LEAF kernel tree. If /usr/src/linux is currently your actual kernel directory (not a symlink) IT WILL BE DESTROYED unless you move it *BEFORE* you run one of the above scripts. Copy one of the *non-ipsec* configuration files to /usr/src/linux/.config If you want to run IPSec, you have to start with a non-ipsec kernel config (keep reading for more details). Run "make menuconfig" (you can use oldconfig or xconfig, as well), and exit SAVING YOUR CHANGES. Even though you didn't change anything, you have to save for the kernel to be configured properly Now you can run "make dep", followed by "make zImage" and "make modules" to compile the kernel. If you get a warning about the kernel being too large, use "make bzImage" instead of "make zImage". If you don't need IPSec support, you're done. If you are planning on running FreeS/WAN IPSec on your LEAF system, you'll need to download the FreeS/WAN V1.91 source tarball. Uncompress the FreeS/WAN tarball, go into the new directory, and run "make insert", which will add the IPSec patches to your kernel. !-WARNING-! This will only work properly if you have previously compiled the kernel! You can now use one of the IPSec configuration files to build the kernel. Remember to run make menuconfig, or othwerwise edit and save the kernel configuration. When building the kernel, use "make dep clean bzImage" to be sure you properly compile the new IPSec code. Once your kernel is compiled, you may also need to compile some of the updated network drivers: drivers/becker - Many updated network drivers See http://www.scyld.com/network/ for details drivers/netgear/fa311 - Netgear FA311 cards drivers/netgear/fa312 - Netgear FA312 cards drivers/intel/e100-1.6.13 - Intell 10/100BT cards drivers/intel/e1000-3.0.16 - Intel 1000BT cards Simply cd to the appropriate directory and run "make" NOTE: See warning regarding Intel drivers, above. NOTE: I have modified some of the make files enabling a simple 'make' to work properly. Be careful if you wish to compile directly from the supplied source tarballs, or updated versions... This kernel is stock linux 2.2.19 linus-tree except for the following: raid-2.2.19-A1 http://people.redhat.com/~mingo/raid-patches/ RAID 0.90 patch used only for the RAID enabled kernels initrd-archive-2.2.19.diff LRP patch to initialize the ramdisk with a tar.gz file linuxrc-always-2.2.19-RAID.diff linuxrc-always-2.2.19.diff execute /linuxrc even if root=/dev/ram0 patch. do_linuxrc() looks for /linuxrc.tty instead of /dev/tty1. Use the RAID version if you applied raid-2.2.19-A1 NOTE: See sites like: http://www.e-infomax.com/ipmasq/ for general IP Masquerading info and patches ip_masq_vpn-2.2.18.patch.gz http://www.impsec.org/linux/masquerade/ip_masq_vpn.html enables PPTP and IPSec masquerading ip_masq_h323-dplay-icq-mms.diff A combined patch, including the following 4 masquerading modules: ip_masq_dplay-0.3.00 http://dplay-masq.sourceforge.net/ ip_masq_h323 Version 2.2.0 - 16 October 2000 http://www.coritel.it/coritel/ip/sofia/download.htm ip_masq_icq-0.56 http://djsf.narod.ru/masq-icq/ ip_masq_mms Version 0.91 http://home.tig-grr.com/mmsmasq.tar.gz linux-2.2.19-ow4.diff http://www.openwall.com/linux/ The openwall security patch This version also includs patches for the following kernel exploits: Local DoS via deep symlinks Root compromise by ptrace(3) linux-2.2.19-3-LEAF.diff linux-2.2.19-3-LEAF-RAID.diff Updates kernel EXTRAVERSION